diff --git a/Kernel/System/Environment.pm b/Kernel/System/Environment.pm
index ad3d8a244..2e760536e 100644
--- a/Kernel/System/Environment.pm
+++ b/Kernel/System/Environment.pm
@@ -328,7 +328,7 @@ sub BundleModulesDeclarationGet {
             'Comment'         => 'database of adbisories used by CPAN::Audit',
             'Module'          => 'CPANSA::DB',
             'Required'        => 1,
-            'VersionRequired' => '== 20260311.002',
+            'VersionRequired' => '== 20260318.001',
         },
         {
             'Comment'         => 'needed by CPAN::Audit',
diff --git a/Kernel/cpan-lib/CPAN/Audit/DB.pm b/Kernel/cpan-lib/CPAN/Audit/DB.pm
index 9c5ab72cb..c15ec9549 100644
--- a/Kernel/cpan-lib/CPAN/Audit/DB.pm
+++ b/Kernel/cpan-lib/CPAN/Audit/DB.pm
@@ -1,5 +1,5 @@
-# created by util/generate at Wed Mar 11 13:03:16 2026
-# https://github.com/briandfoy/cpan-security-advisory.git a9f8afbc36f0047a2a60bd8a66160f7ac2facb25
+# created by util/generate at Wed Mar 18 13:36:03 2026
+# https://github.com/briandfoy/cpan-security-advisory.git 0d05b0bcff541d0e5a25d50cd664f22548fea57f
 
 =encoding utf8
 
@@ -82,10 +82,10 @@ package CPAN::Audit::DB;
 use strict;
 use warnings;
 
-our $VERSION = '20260311.002';
+our $VERSION = '20260318.001';
 
 sub db {
-	{"dists" => {"ActivePerl" => {"advisories" => [{"affected_versions" => ["==5.16.1.1601"],"cves" => ["CVE-2012-5377"],"description" => "Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\\Perl\\Site\\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2012-5377","references" => ["https://www.htbridge.com/advisory/HTB23108","http://osvdb.org/86177"],"reported" => "2012-10-11","severity" => undef},{"affected_versions" => ["==5.8.8.817"],"cves" => ["CVE-2006-2856"],"description" => "ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with \"Users\" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2006-2856","references" => ["http://secunia.com/advisories/20328","http://www.securityfocus.com/bid/18269","http://www.osvdb.org/25974","http://www.vupen.com/english/advisories/2006/2140","https://exchange.xforce.ibmcloud.com/vulnerabilities/26915"],"reported" => "2006-06-06","severity" => undef},{"affected_versions" => ["<=5.8.1"],"cves" => ["CVE-2004-2286"],"description" => "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-2286","references" => ["http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html","http://www.securityfocus.com/bid/10380","https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"],"reported" => "2004-12-31","severity" => undef},{"affected_versions" => ["<5.10"],"cves" => ["CVE-2004-2022"],"description" => "ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow.  NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-2022","references" => ["http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt","http://www.perlmonks.org/index.pl?node_id=354145","http://www.securityfocus.com/bid/10375","http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html","http://marc.info/?l=full-disclosure&m=108489112131099&w=2","http://marc.info/?l=full-disclosure&m=108482796105922&w=2","http://marc.info/?l=full-disclosure&m=108483058514596&w=2","http://marc.info/?l=bugtraq&m=108489894009025&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/16169"],"reported" => "2004-12-31","severity" => undef},{"affected_versions" => [],"cves" => ["CVE-2004-0377"],"description" => "Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-0377","references" => ["http://www.kb.cert.org/vuls/id/722414","http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html","http://public.activestate.com/cgi-bin/perlbrowse?patch=22552","http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities","http://marc.info/?l=bugtraq&m=108118694327979&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/15732"],"reported" => "2004-05-04","severity" => undef},{"affected_versions" => ["<=5.6.1.629"],"cves" => ["CVE-2001-0815"],"description" => "Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2001-0815","references" => ["http://bugs.activestate.com/show_bug.cgi?id=18062","http://www.securityfocus.com/bid/3526","http://www.osvdb.org/678","http://marc.info/?l=bugtraq&m=100583978302585&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/7539"],"reported" => "2001-12-06","severity" => undef}],"main_module" => "","versions" => []},"Alien-FreeImage" => {"advisories" => [{"affected_versions" => [">=0.001,<=0.011"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Alien-FreeImage","fixed_versions" => [],"id" => "CPANSA-Alien-FreeImage-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=1.000_1,<=1.001"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Alien-FreeImage","fixed_versions" => [],"id" => "CPANSA-Alien-FreeImage-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef}],"main_module" => "Alien::FreeImage","versions" => [{"date" => "2014-11-27T21:33:19","version" => "0.001"},{"date" => "2014-11-27T23:23:17","version" => "0.002"},{"date" => "2014-11-28T06:50:21","version" => "0.003"},{"date" => "2014-11-28T08:16:43","version" => "0.004"},{"date" => "2014-11-28T09:42:55","version" => "0.005"},{"date" => "2014-11-29T17:54:12","version" => "0.006"},{"date" => "2014-11-29T22:00:16","version" => "0.007"},{"date" => "2014-11-29T22:04:22","version" => "0.008"},{"date" => "2014-11-30T21:50:53","version" => "0.009"},{"date" => "2014-12-08T22:22:02","version" => "0.010"},{"date" => "2014-12-09T21:26:56","version" => "0.011"},{"date" => "2017-06-25T21:05:55","version" => "1.000_1"},{"date" => "2017-06-26T17:54:11","version" => "1.000_2"},{"date" => "2017-06-27T08:30:16","version" => "1.000_3"},{"date" => "2017-07-11T11:46:10","version" => "1.001"}]},"Alien-GCrypt" => {"advisories" => [{"affected_versions" => [">=1.6.2.0,<=1.6.2.1"],"cves" => ["CVE-2018-0495"],"description" => "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.\n","distribution" => "Alien-GCrypt","fixed_versions" => [],"id" => "CPANSA-Alien-GCrypt-2018-0495-libgcrypt","references" => ["https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://dev.gnupg.org/T4011","https://www.debian.org/security/2018/dsa-4231","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3689-1/","http://www.securitytracker.com/id/1041147","http://www.securitytracker.com/id/1041144","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3692-1/","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237"],"reported" => "2018-06-13","severity" => "medium"},{"affected_versions" => ["==1.6.5.0"],"cves" => ["CVE-2018-0495"],"description" => "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.\n","distribution" => "Alien-GCrypt","fixed_versions" => [],"id" => "CPANSA-Alien-GCrypt-2018-0495-libgcrypt","references" => ["https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://dev.gnupg.org/T4011","https://www.debian.org/security/2018/dsa-4231","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3689-1/","http://www.securitytracker.com/id/1041147","http://www.securitytracker.com/id/1041144","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3692-1/","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237"],"reported" => "2018-06-13","severity" => "medium"}],"main_module" => "Alien::GCrypt","versions" => [{"date" => "2014-11-19T00:20:20","version" => "1.6.2.0"},{"date" => "2014-11-21T22:25:49","version" => "1.6.2.1"},{"date" => "2016-03-11T00:00:36","version" => "1.6.5.0"}]},"Alien-OTR" => {"advisories" => [{"affected_versions" => [">=4.0.0.0,<=4.0.0.1"],"cves" => ["CVE-2016-2851"],"description" => "Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.\n","distribution" => "Alien-OTR","fixed_versions" => [],"id" => "CPANSA-Alien-OTR-2016-2851-libotr","references" => ["https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/","http://www.debian.org/security/2016/dsa-3512","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html","https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html","http://seclists.org/fulldisclosure/2016/Mar/21","http://www.securityfocus.com/bid/84285","http://www.ubuntu.com/usn/USN-2926-1","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html","https://security.gentoo.org/glsa/201701-10","https://www.exploit-db.com/exploits/39550/","http://www.securityfocus.com/archive/1/537745/100/0/threaded"],"reported" => "2016-04-07","severity" => "critical"},{"affected_versions" => ["==4.1.0.0"],"cves" => ["CVE-2016-2851"],"description" => "Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.\n","distribution" => "Alien-OTR","fixed_versions" => [],"id" => "CPANSA-Alien-OTR-2016-2851-libotr","references" => ["https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/","http://www.debian.org/security/2016/dsa-3512","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html","https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html","http://seclists.org/fulldisclosure/2016/Mar/21","http://www.securityfocus.com/bid/84285","http://www.ubuntu.com/usn/USN-2926-1","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html","https://security.gentoo.org/glsa/201701-10","https://www.exploit-db.com/exploits/39550/","http://www.securityfocus.com/archive/1/537745/100/0/threaded"],"reported" => "2016-04-07","severity" => "critical"}],"main_module" => "Alien::OTR","versions" => [{"date" => "2014-02-04T00:25:37","version" => "4.0.0.0"},{"date" => "2014-06-16T00:29:25","version" => "4.0.0.1"},{"date" => "2014-11-19T00:30:34","version" => "4.1.0.0"},{"date" => "2016-03-10T23:38:55","version" => "4.1.1.0"}]},"Alien-PCRE2" => {"advisories" => [{"affected_versions" => ["<0.016000"],"comment" => "This Alien module fetches libpcre2 sources from the network. It tries to get the latest unless you set environment variables to get a different version.\n","cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "Alien-PCRE2","fixed_versions" => [">=0.016000"],"id" => "CPANSA-Alien-PCRE2-2019-20454","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"}],"main_module" => "Alien::PCRE2","versions" => [{"date" => "2017-06-30T23:18:21","version" => "0.001000"},{"date" => "2017-07-01T02:48:02","version" => "0.002000"},{"date" => "2017-07-02T04:51:35","version" => "0.003000"},{"date" => "2017-07-02T06:53:29","version" => "0.004000"},{"date" => "2017-07-02T09:21:41","version" => "0.005000"},{"date" => "2017-07-03T01:03:23","version" => "0.006000"},{"date" => "2017-07-12T17:40:07","version" => "0.007000"},{"date" => "2017-07-13T07:43:28","version" => "0.008000"},{"date" => "2017-07-15T10:31:20","version" => "0.009000"},{"date" => "2017-07-17T04:44:54","version" => "0.010000"},{"date" => "2017-07-18T18:30:06","version" => "0.011000"},{"date" => "2017-07-19T05:07:21","version" => "0.012000"},{"date" => "2017-07-23T04:43:01","version" => "0.013000"},{"date" => "2017-11-01T02:50:14","version" => "0.014000"},{"date" => "2017-11-08T00:42:33","version" => "0.015000"},{"date" => "2022-05-08T20:22:53","version" => "0.016000"},{"date" => "2023-02-04T00:21:59","version" => "0.017000"}]},"Alien-SVN" => {"advisories" => [{"affected_versions" => [">=1.4.5.0,<=1.4.5.3"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.4.6.0,<=1.4.6.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.6.12.0,<=1.6.12.1"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.7.3.0,<=1.17.3.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.7.17.0,<=1.17.1.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => ["==1.7.19.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2018-11782"],"description" => "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2018-11782-subversion","references" => ["http://subversion.apache.org/security/CVE-2018-11782-advisory.txt"],"reported" => "2019-09-26","severity" => "medium"},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2019-0203"],"description" => "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2019-0203-subversion","references" => ["http://subversion.apache.org/security/CVE-2019-0203-advisory.txt"],"reported" => "2019-09-26","severity" => "high"},{"affected_versions" => [">=1.4.5.0,<=1.4.5.3"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => ["==1.4.6.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.6.12.0,<=1.6.12.1"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.7.17.0,<=1.7.17.1"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => ["==1.7.19.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.7.3.0,<=1.7.3.1"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef}],"main_module" => "Alien::SVN","versions" => [{"date" => "2007-09-12T10:21:02","version" => "1.4.5.0"},{"date" => "2007-09-21T01:13:48","version" => "1.4.5.1"},{"date" => "2007-09-21T11:45:13","version" => "1.4.5.2"},{"date" => "2007-12-26T09:04:20","version" => "1.4.5.3"},{"date" => "2007-12-27T05:34:26","version" => "1.4.6.0"},{"date" => "2010-08-18T07:45:18","version" => "v1.6.12.0"},{"date" => "2011-02-23T00:51:22","version" => "v1.6.12.1"},{"date" => "2012-03-02T00:57:20","version" => "v1.7.3.0"},{"date" => "2012-03-18T22:14:33","version" => "v1.7.3.1"},{"date" => "2014-06-12T04:08:38","version" => "v1.7.17.0"},{"date" => "2014-06-12T17:19:44","version" => "v1.7.17.1"},{"date" => "2015-01-12T23:26:41","version" => "v1.7.19.0"},{"date" => "2015-01-13T00:12:19","version" => "v1.8.11.0"}]},"Amon2-Auth-Site-LINE" => {"advisories" => [{"affected_versions" => ["<0.05"],"cves" => ["CVE-2024-57835"],"description" => "Amon2::Auth::Site::LINE uses the String::Random module\x{a0}to generate nonce values.\x{a0}String::Random\x{a0}defaults to Perl's built-in predictable\x{a0}random number generator,\x{a0}the rand() function, which is not cryptographically secure\n","distribution" => "Amon2-Auth-Site-LINE","fixed_versions" => [">=0.05"],"id" => "CPANSA-Amon2-Auth-Site-LINE-2024-57835","references" => ["https://metacpan.org/release/SHLOMIF/String-Random-0.32/source/lib/String/Random.pm#L377","https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L235","https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L255","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://jvndb.jvn.jp/ja/contents/2025/JVNDB-2025-003449.html"],"reported" => "2025-04-05","severity" => "moderate"}],"main_module" => "Amon2::Auth::Site::LINE","versions" => [{"date" => "2020-11-21T06:34:32","version" => "0.01"},{"date" => "2020-11-23T00:05:03","version" => "0.02"},{"date" => "2020-11-25T01:33:35","version" => "0.03"},{"date" => "2020-11-26T07:04:40","version" => "0.04"},{"date" => "2025-05-20T12:14:56","version" => "0.05"}]},"Apache-ASP" => {"advisories" => [{"affected_versions" => ["<1.95"],"cves" => [],"description" => "A bug would allow a malicious user possible writing of files in the same directory as the source.asp script.\n","distribution" => "Apache-ASP","fixed_versions" => [">=1.95"],"id" => "CPANSA-Apache-ASP-2000-01","references" => ["https://metacpan.org/release/CHAMAS/Apache-ASP-2.63/source/README"],"reported" => "2000-07-10","severity" => undef}],"main_module" => "Apache::ASP","versions" => [{"date" => "1998-06-24T02:10:51","version" => "0.01"},{"date" => "1998-07-11T01:48:14","version" => "0.02"},{"date" => "1998-09-14T11:13:32","version" => "0.03"},{"date" => "1998-10-12T07:50:56","version" => "0.04"},{"date" => "1998-10-18T21:29:19","version" => "0.05"},{"date" => "1999-02-06T06:04:50","version" => "0.08"},{"date" => "1999-04-22T08:30:57","version" => "0.09"},{"date" => "1999-06-24T20:04:52","version" => "0.11"},{"date" => "1999-07-02T07:05:05","version" => "0.12"},{"date" => "1999-07-29T10:58:20","version" => "0.14"},{"date" => "1999-08-25T02:02:31","version" => "0.15"},{"date" => "1999-09-22T20:54:01","version" => "0.16"},{"date" => "1999-11-16T04:44:48","version" => "0.17"},{"date" => "2000-02-04T02:14:14","version" => "0.18"},{"date" => "2000-07-03T13:08:54","version" => "1.91"},{"date" => "2000-07-03T22:43:45","version" => "1.93"},{"date" => "2000-07-11T01:44:02","version" => "1.95"},{"date" => "2000-07-16T07:17:39","version" => "2.00"},{"date" => "2000-07-22T23:31:36","version" => "2.01"},{"date" => "2000-08-02T00:11:15","version" => "2.03"},{"date" => "2000-11-26T19:15:48","version" => "2.07"},{"date" => "2001-01-31T04:03:17","version" => "2.09"},{"date" => "2001-05-30T01:37:39","version" => "2.11"},{"date" => "2001-06-12T00:41:33","version" => "2.15"},{"date" => "2001-06-18T02:35:48","version" => "2.17"},{"date" => "2001-07-11T05:27:22","version" => "2.19"},{"date" => "2001-08-05T23:01:50","version" => "2.21"},{"date" => "2001-10-11T07:54:39","version" => "2.23"},{"date" => "2001-10-11T23:34:01","version" => "2.25"},{"date" => "2001-11-01T01:11:12","version" => "2.27"},{"date" => "2001-11-19T21:41:12","version" => "2.29"},{"date" => "2002-01-22T09:52:49","version" => "2.31"},{"date" => "2002-04-30T09:12:20","version" => "2.33"},{"date" => "2002-05-30T19:47:22","version" => "2.35"},{"date" => "2002-07-03T21:11:15","version" => "2.37"},{"date" => "2002-09-12T08:16:20","version" => "2.39"},{"date" => "2002-09-30T06:35:47","version" => "2.41"},{"date" => "2002-10-14T04:01:36","version" => "2.45"},{"date" => "2002-11-07T02:03:41","version" => "2.47"},{"date" => "2002-11-11T07:15:21","version" => "2.49"},{"date" => "2003-02-10T21:11:34","version" => "2.51"},{"date" => "2003-04-10T16:27:14","version" => "2.53"},{"date" => "2003-08-10T07:39:57","version" => "2.55"},{"date" => "2004-01-29T08:30:48","version" => "2.57"},{"date" => "2005-05-24T05:52:39","version" => "2.59"},{"date" => "2008-05-25T23:07:57","version" => "2.61"},{"date" => "2011-10-02T19:18:10","version" => "2.62"},{"date" => "2012-02-13T23:15:04","version" => "2.62"},{"date" => "2018-03-15T05:28:37","version" => "2.63"}]},"Apache-AuthCAS" => {"advisories" => [{"affected_versions" => ["<0.5"],"cves" => ["CVE-2007-6342"],"description" => "A tainted cookie could be sent by a malicious user and it would be used in an SQL query without protection against SQL injection.\n","distribution" => "Apache-AuthCAS","fixed_versions" => [">=0.5"],"id" => "CPANSA-Apache-AuthCAS-2007-01","references" => ["https://metacpan.org/changes/distribution/Apache-AuthCAS","https://cxsecurity.com/issue/WLB-2007120031"],"reported" => "2007-12-13","severity" => "high"}],"main_module" => "Apache::AuthCAS","versions" => [{"date" => "2004-09-15T19:17:43","version" => "0.1"},{"date" => "2004-09-15T20:11:40","version" => "0.2"},{"date" => "2004-10-05T22:51:50","version" => "0.3"},{"date" => "2004-10-13T00:45:52","version" => "0.4"},{"date" => "2008-03-23T23:03:16","version" => "0.5"}]},"Apache-AuthenHook" => {"advisories" => [{"affected_versions" => [">=2.00_04"],"cves" => ["CVE-2010-3845"],"description" => "libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.\n","distribution" => "Apache-AuthenHook","fixed_versions" => [],"id" => "CPANSA-Apache-AuthenHook-2010-3845","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=62040","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712","http://seclists.org/oss-sec/2010/q4/63"],"reported" => "2017-08-08","severity" => "critical"}],"main_module" => "Apache::AuthenHook","versions" => [{"date" => "2003-06-20T19:05:21","version" => "2.00_01"},{"date" => "2004-04-06T01:20:10","version" => "2.00_03"},{"date" => "2005-04-14T12:57:55","version" => "2.00_04"}]},"Apache-MP3" => {"advisories" => [{"affected_versions" => ["<2.15"],"cves" => [],"description" => "A security bug allowed people to bypass the AllowDownload setting.\n","distribution" => "Apache-MP3","fixed_versions" => [">=2.15"],"id" => "CPANSA-Apache-MP3-2001-01","references" => ["https://metacpan.org/dist/Apache-MP3/changes"],"reported" => "2001-01-01","severity" => undef}],"main_module" => "Apache::MP3","versions" => [{"date" => "2000-03-20T13:00:07","version" => "1.00"},{"date" => "2000-05-27T04:19:21","version" => "2.00"},{"date" => "2000-05-27T04:34:42","version" => "2.01"},{"date" => "2000-05-28T16:17:59","version" => "2.02"},{"date" => "2000-08-23T13:46:23","version" => "2.04"},{"date" => "2000-08-25T14:45:54","version" => "2.05"},{"date" => "2000-08-26T03:41:07","version" => "2.06"},{"date" => "2000-08-31T20:28:28","version" => "2.08"},{"date" => "2000-09-03T18:31:17","version" => "2.10"},{"date" => "2000-09-09T22:12:04","version" => "2.11"},{"date" => "2000-11-21T22:15:07","version" => "2.12"},{"date" => "2000-12-31T04:29:03","version" => "2.14"},{"date" => "2001-01-02T03:37:33","version" => "2.15"},{"date" => "2001-05-01T02:43:47","version" => "2.16"},{"date" => "2001-06-10T22:02:46","version" => "2.18"},{"date" => "2001-07-17T01:39:59","version" => "2.19"},{"date" => "2001-09-26T01:14:42","version" => "2.20"},{"date" => "2002-01-06T20:38:33","version" => "2.22"},{"date" => "2002-05-31T01:12:04","version" => "2.26"},{"date" => "2002-08-16T04:18:25","version" => "3.00"},{"date" => "2002-08-18T17:41:46","version" => "3.01"},{"date" => "2002-10-14T03:26:03","version" => "3.03"},{"date" => "2003-02-15T00:51:19","version" => "3.04"},{"date" => "2003-10-06T14:12:34","version" => "3.05"},{"date" => "2006-04-15T01:26:38","version" => "4.00"}]},"Apache-Session" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40931"],"description" => "Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.  Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache-Session","fixed_versions" => [],"id" => "CPANSA-Apache-Session-2025-40931","references" => ["https://metacpan.org/dist/Apache-Session/source/lib/Apache/Session/Generate/MD5.pm#L27","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Apache::Session","versions" => [{"date" => "1998-05-20T21:03:28","version" => "0.10"},{"date" => "1998-06-26T23:12:16","version" => "0.12"},{"date" => "1998-07-08T11:14:44","version" => "0.13"},{"date" => "1998-07-20T07:21:32","version" => "0.14"},{"date" => "1998-09-15T21:29:50","version" => "0.16"},{"date" => "1998-09-29T05:20:47","version" => "v0.16.1"},{"date" => "1998-11-14T20:39:57","version" => "0.17"},{"date" => "1998-12-09T18:17:21","version" => "v0.17.1"},{"date" => "1999-01-28T19:45:49","version" => "v0.99.0"},{"date" => "1999-02-14T21:44:23","version" => "v0.99.3"},{"date" => "1999-02-16T05:47:59","version" => "v0.99.5"},{"date" => "1999-03-01T05:57:39","version" => "v0.99.6"},{"date" => "1999-03-03T23:57:45","version" => "v0.99.7"},{"date" => "1999-04-05T04:51:55","version" => "v0.99.8"},{"date" => "1999-08-16T02:06:04","version" => "1.00"},{"date" => "1999-09-12T04:35:00","version" => "1.03"},{"date" => "2000-05-26T16:31:41","version" => "1.50"},{"date" => "2000-05-26T22:31:44","version" => "1.51"},{"date" => "2000-07-24T03:48:07","version" => "1.52"},{"date" => "2000-09-01T22:43:07","version" => "1.53"},{"date" => "2001-10-11T18:37:18","version" => "1.54"},{"date" => "2004-02-24T19:58:32","version" => "1.6"},{"date" => "2004-09-01T18:55:04","version" => "1.70_01"},{"date" => "2005-10-06T22:17:32","version" => "1.80"},{"date" => "2006-05-23T16:03:15","version" => "1.81"},{"date" => "2007-02-12T17:53:50","version" => "1.81_01"},{"date" => "2007-02-21T13:35:35","version" => "1.82"},{"date" => "2007-03-10T11:45:09","version" => "1.82_01"},{"date" => "2007-03-11T15:30:47","version" => "1.82_02"},{"date" => "2007-03-12T22:00:28","version" => "1.82_03"},{"date" => "2007-04-27T20:08:58","version" => "1.82_04"},{"date" => "2007-05-14T09:03:50","version" => "1.82_05"},{"date" => "2007-05-25T11:28:49","version" => "1.83"},{"date" => "2007-08-03T21:02:51","version" => "1.83_01"},{"date" => "2007-10-02T12:53:28","version" => "1.84"},{"date" => "2007-11-26T22:09:17","version" => "1.84_01"},{"date" => "2007-12-21T22:28:51","version" => "1.85"},{"date" => "2008-01-24T15:00:36","version" => "1.85_01"},{"date" => "2008-02-01T12:14:19","version" => "1.86"},{"date" => "2008-06-20T09:48:31","version" => "1.86_01"},{"date" => "2008-06-27T20:54:45","version" => "1.86_02"},{"date" => "2008-08-03T11:34:12","version" => "1.86_03"},{"date" => "2008-08-08T09:28:24","version" => "1.87"},{"date" => "2008-12-20T21:04:01","version" => "1.88"},{"date" => "2010-09-21T22:56:17","version" => "1.89"},{"date" => "2013-01-27T13:38:31","version" => "1.90"},{"date" => "2014-01-06T22:44:40","version" => "1.91"},{"date" => "2014-03-08T23:03:33","version" => "1.92"},{"date" => "2014-04-12T19:35:25","version" => "1.93"},{"date" => "2020-09-18T22:00:45","version" => "1.94"}]},"Apache-Session-Browseable" => {"advisories" => [{"affected_versions" => ["<1.3.6"],"cves" => ["CVE-2020-36659"],"description" => "In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n","distribution" => "Apache-Session-Browseable","fixed_versions" => [">=1.3.6"],"id" => "CPANSA-Apache-Session-Browseable-2020-36659","references" => ["https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f","https://lists.debian.org/debian-lts-announce/2023/01/msg00025.html"],"reported" => "2023-01-27","severity" => undef}],"main_module" => "Apache::Session::Browseable","versions" => [{"date" => "2009-10-31T08:09:42","version" => "0.1"},{"date" => "2009-11-01T09:10:13","version" => "0.2"},{"date" => "2009-11-01T16:21:16","version" => "0.3"},{"date" => "2010-08-16T15:26:19","version" => "0.4"},{"date" => "2010-12-06T21:08:25","version" => "0.5"},{"date" => "2010-12-08T15:45:21","version" => "0.6"},{"date" => "2012-06-24T07:14:37","version" => "0.7"},{"date" => "2012-10-13T16:15:41","version" => "0.8"},{"date" => "2013-02-28T06:05:09","version" => "0.9"},{"date" => "2013-08-28T04:42:23","version" => "1.0"},{"date" => "2013-08-30T04:47:02","version" => "1.0"},{"date" => "2013-10-20T05:39:14","version" => "v1.0.2"},{"date" => "2015-06-12T15:56:45","version" => "1.1"},{"date" => "2016-03-09T05:31:13","version" => "1.2"},{"date" => "2016-03-10T06:30:41","version" => "v1.2.1"},{"date" => "2016-04-01T11:34:51","version" => "v1.2.2"},{"date" => "2016-06-07T13:59:19","version" => "v1.2.3"},{"date" => "2017-02-19T07:34:18","version" => "v1.2.4"},{"date" => "2017-04-04T05:18:26","version" => "v1.2.5"},{"date" => "2017-09-12T09:35:30","version" => "v1.2.5"},{"date" => "2017-10-03T05:00:07","version" => "v1.2.7"},{"date" => "2017-10-03T10:42:35","version" => "v1.2.8"},{"date" => "2019-02-08T06:29:20","version" => "v1.2.9"},{"date" => "2019-02-08T09:31:22","version" => "v1.3.0"},{"date" => "2019-05-04T10:55:48","version" => "v1.3.1"},{"date" => "2019-07-04T18:30:30","version" => "v1.3.2"},{"date" => "2019-09-19T20:44:43","version" => "v1.3.3"},{"date" => "2019-11-20T19:43:04","version" => "v1.3.4"},{"date" => "2020-01-21T10:20:26","version" => "v1.3.5"},{"date" => "2020-09-04T13:23:31","version" => "v1.3.6"},{"date" => "2020-09-04T13:39:40","version" => "v1.3.7"},{"date" => "2020-09-06T21:03:06","version" => "v1.3.8"},{"date" => "2021-08-10T04:44:06","version" => "v1.3.9"},{"date" => "2022-03-08T13:51:31","version" => "v1.3.10"},{"date" => "2022-09-26T16:41:24","version" => "v1.3.11"},{"date" => "2023-07-06T10:43:25","version" => "v1.3.12"},{"date" => "2023-07-06T11:38:32","version" => "v1.3.13"},{"date" => "2024-12-19T07:59:19","version" => "v1.3.13"},{"date" => "2025-04-10T19:24:48","version" => "v1.3.15"},{"date" => "2025-04-12T10:31:56","version" => "v1.3.16"},{"date" => "2025-06-18T12:49:41","version" => "v1.3.17"},{"date" => "2025-09-23T10:46:46","version" => "v1.3.18"}]},"Apache-Session-LDAP" => {"advisories" => [{"affected_versions" => ["<0.5"],"cves" => ["CVE-2020-36658"],"description" => "In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n","distribution" => "Apache-Session-LDAP","fixed_versions" => [">=0.5"],"id" => "CPANSA-Apache-Session-LDAP-2020-36658","references" => ["https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f","https://lists.debian.org/debian-lts-announce/2023/01/msg00024.html"],"reported" => "2023-01-27","severity" => undef}],"main_module" => "Apache::Session::LDAP","versions" => [{"date" => "2009-04-18T17:09:10","version" => "0.01"},{"date" => "2009-04-18T19:43:50","version" => "0.02"},{"date" => "2010-12-08T15:30:51","version" => "0.1"},{"date" => "2012-06-26T04:22:47","version" => "0.2"},{"date" => "2014-10-24T12:21:07","version" => "0.2"},{"date" => "2015-06-12T15:47:40","version" => "0.4"},{"date" => "2020-09-06T13:13:20","version" => "0.2"}]},"Apache-SessionX" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40932"],"description" => "Apache::SessionX versions through 2.01 for Perl create insecure session id.  Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache-SessionX","fixed_versions" => [],"id" => "CPANSA-Apache-SessionX-2005-01","references" => ["https://metacpan.org/release/GRICHTER/Apache-SessionX-2.01/source/SessionX/Generate/MD5.pm#L29","https://metacpan.org/changes/distribution/Apache-SessionX"],"reported" => "2005-11-15","severity" => undef}],"main_module" => "Apache::SessionX","versions" => [{"date" => "2001-11-20T15:36:53","version" => "2.00"},{"date" => "2003-03-02T14:18:57","version" => "2.00"},{"date" => "2005-11-15T05:21:49","version" => "2.01"}]},"Apache-Wyrd" => {"advisories" => [{"affected_versions" => ["<0.97"],"cves" => [],"description" => "User-submitted data cab be executed if it is displayed on a page, if the data contains a string that can be interpreted as a Wyrd.\n","distribution" => "Apache-Wyrd","fixed_versions" => [">=0.97"],"id" => "CPANSA-Apache-Wyrd-2008-01","references" => ["https://metacpan.org/dist/Apache-Wyrd/changes"],"reported" => "2008-04-14","severity" => undef}],"main_module" => "Apache::Wyrd","versions" => [{"date" => "2004-03-17T21:36:52","version" => "0.8"},{"date" => "2004-03-18T22:52:04","version" => "0.81"},{"date" => "2004-03-25T23:52:49","version" => "0.82"},{"date" => "2004-08-19T15:42:55","version" => "0.83"},{"date" => "2004-09-03T19:44:01","version" => "0.84"},{"date" => "2004-09-22T16:08:23","version" => "0.85"},{"date" => "2004-09-23T02:04:43","version" => "0.86"},{"date" => "2004-10-31T20:59:42","version" => "0.87"},{"date" => "2004-12-16T20:56:33","version" => "0.90"},{"date" => "2005-01-09T21:52:49","version" => "0.91"},{"date" => "2005-01-13T17:42:18","version" => "0.92"},{"date" => "2005-03-25T21:22:56","version" => "0.93"},{"date" => "2006-10-22T22:57:04","version" => "0.94"},{"date" => "2007-04-30T23:02:05","version" => "0.95"},{"date" => "2007-05-01T15:20:02","version" => "0.96"},{"date" => "2008-04-14T18:49:14","version" => "0.97"},{"date" => "2008-04-15T21:32:47","version" => "0.98"}]},"Apache2-AuthAny" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40933"],"description" => "Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely.  Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache2-AuthAny","fixed_versions" => [],"id" => "CPANSA-Apache2-AuthAny-2025-40933","references" => ["https://metacpan.org/release/KGOLDOV/Apache2-AuthAny-0.201/source/lib/Apache2/AuthAny/Cookie.pm"],"reported" => "2025-09-17","severity" => undef}],"main_module" => "Apache2::AuthAny","versions" => [{"date" => "2011-05-09T22:32:29","version" => "0.20"},{"date" => "2011-05-16T18:32:03","version" => "0.201"}]},"App-Context" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.968"],"cves" => ["CVE-2012-6141"],"description" => "The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.\n","distribution" => "App-Context","fixed_versions" => [">0.968"],"id" => "CPANSA-App-Context-2012-6141","references" => ["http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84198"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "App::Context","versions" => [{"date" => "2002-10-10T21:31:39","version" => "0.01"},{"date" => "2004-09-02T21:17:44","version" => "0.90"},{"date" => "2005-01-07T14:02:06","version" => "0.93"},{"date" => "2005-08-09T20:05:02","version" => "0.95"},{"date" => "2006-03-10T04:24:13","version" => "0.96"},{"date" => "2006-03-12T01:30:11","version" => "0.962"},{"date" => "2006-07-25T02:30:21","version" => "0.963"},{"date" => "2006-09-04T19:41:12","version" => "0.964"},{"date" => "2007-04-17T13:33:24","version" => "0.965"},{"date" => "2008-02-27T03:13:41","version" => "0.966"},{"date" => "2008-02-27T14:19:23","version" => "0.9661"},{"date" => "2009-09-11T14:31:52","version" => "0.967"},{"date" => "2010-06-09T21:33:19","version" => "0.968"}]},"App-Genpass" => {"advisories" => [{"affected_versions" => ["<0.2400"],"cves" => [],"description" => "App-genpass before v0.2400 generated passwords using build in rand()\n","distribution" => "App-Genpass","fixed_versions" => [">=0.2400"],"id" => "CPANSA-App-Genpass-2024-001","references" => ["https://metacpan.org/dist/App-Genpass/changes","https://github.com/xsawyerx/app-genpass/pull/5","https://github.com/briandfoy/cpan-security-advisory/issues/178"],"reported" => undef,"severity" => undef}],"main_module" => "App::Genpass","versions" => [{"date" => "2009-12-14T22:15:31","version" => "0.03"},{"date" => "2010-01-01T18:06:50","version" => "0.04"},{"date" => "2010-01-02T07:45:49","version" => "0.05"},{"date" => "2010-05-28T21:46:01","version" => "0.06"},{"date" => "2010-05-29T21:37:11","version" => "0.07"},{"date" => "2010-05-30T08:35:54","version" => "0.08"},{"date" => "2010-05-31T18:39:55","version" => "0.09"},{"date" => "2010-06-07T10:16:54","version" => "0.10"},{"date" => "2010-07-16T21:15:53","version" => "0.11"},{"date" => "2010-07-16T22:36:16","version" => "1.00"},{"date" => "2010-07-18T15:20:18","version" => "1.01"},{"date" => "2011-02-17T10:52:08","version" => "2.00"},{"date" => "2011-03-10T12:26:49","version" => "2.01"},{"date" => "2011-08-03T11:58:46","version" => "2.02"},{"date" => "2011-08-03T16:05:37","version" => "2.03"},{"date" => "2011-08-06T07:36:59","version" => "2.04"},{"date" => "2011-08-08T12:51:57","version" => "2.10"},{"date" => "2011-11-27T17:45:15","version" => "2.20"},{"date" => "2012-03-26T19:55:19","version" => "2.30"},{"date" => "2012-06-26T08:16:36","version" => "2.31"},{"date" => "2012-06-30T23:12:23","version" => "2.32"},{"date" => "2012-11-20T08:48:46","version" => "2.33"},{"date" => "2014-08-04T20:00:26","version" => "2.34"},{"date" => "2016-10-12T08:56:56","version" => "2.400"},{"date" => "2016-10-14T21:27:13","version" => "2.401"}]},"App-Github-Email" => {"advisories" => [{"affected_versions" => ["<0.3.3"],"cves" => ["CVE-2015-7686"],"description" => "Insecure dependency on Email::Address.\n","distribution" => "App-Github-Email","fixed_versions" => [">=0.3.3"],"id" => "CPANSA-App-Github-Email-2018-01","references" => ["https://metacpan.org/changes/distribution/App-Github-Email","https://github.com/faraco/App-Github-Email/commit/b7f052280d1c8ae97bdefc106ca3cbba4aea7213"],"reported" => "2018-01-20"}],"main_module" => "App::Github::Email","versions" => [{"date" => "2017-01-16T08:03:02","version" => "0.0.1"},{"date" => "2017-01-16T12:56:51","version" => "0.0.2"},{"date" => "2017-01-16T17:38:16","version" => "0.0.3"},{"date" => "2017-03-11T10:45:23","version" => "0.0.4"},{"date" => "2017-04-05T11:19:02","version" => "0.0.5"},{"date" => "2017-04-15T17:35:18","version" => "0.0.6"},{"date" => "2017-05-19T05:05:24","version" => "0.0.7"},{"date" => "2017-12-18T14:11:19","version" => "0.1.0"},{"date" => "2017-12-21T08:24:12","version" => "0.1.1"},{"date" => "2018-01-15T03:18:05","version" => "0.2.0"},{"date" => "2018-01-20T12:55:34","version" => "0.2.1"},{"date" => "2018-08-30T16:07:18","version" => "0.3.1"},{"date" => "2018-08-30T16:13:54","version" => "0.3.2"},{"date" => "2018-08-31T03:49:31","version" => "0.3.3"}]},"App-Netdisco" => {"advisories" => [{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=2.028008,<=2.052002"],"cves" => ["CVE-2022-24785"],"description" => "Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2022-24785-momentjs","references" => ["https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5","https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4","https://www.tenable.com/security/tns-2022-09","https://security.netapp.com/advisory/ntap-20220513-0006/"],"reported" => "2022-04-04","severity" => "high"}],"main_module" => "App::Netdisco","versions" => [{"date" => "2012-12-20T21:16:29","version" => "2.00_011"},{"date" => "2012-12-21T08:21:35","version" => "2.00_012"},{"date" => "2013-01-05T16:14:21","version" => "2.00_012"},{"date" => "2013-01-06T01:16:03","version" => "2.00_012"},{"date" => "2013-01-06T02:03:22","version" => "2.00_012"},{"date" => "2013-01-14T22:16:29","version" => "2.00_012"},{"date" => "2013-01-30T13:23:14","version" => "2.004002"},{"date" => "2013-02-09T22:37:41","version" => "2.005000_001"},{"date" => "2013-02-10T21:39:04","version" => "2.005000_001"},{"date" => "2013-03-05T23:03:41","version" => "2.005000_003"},{"date" => "2013-03-05T23:21:44","version" => "2.005000_004"},{"date" => "2013-03-07T21:52:05","version" => "2.006000"},{"date" => "2013-03-17T14:50:06","version" => "2.007000_001"},{"date" => "2013-06-03T19:54:38","version" => "2.007000_002"},{"date" => "2013-06-08T20:22:28","version" => "2.007000_003"},{"date" => "2013-06-09T10:31:46","version" => "2.007000_004"},{"date" => "2013-06-09T13:10:45","version" => "2.007000_005"},{"date" => "2013-06-09T14:45:42","version" => "2.008000"},{"date" => "2013-06-11T12:39:12","version" => "2.008001"},{"date" => "2013-06-11T21:55:59","version" => "2.008002"},{"date" => "2013-06-16T17:29:20","version" => "2.009000_001"},{"date" => "2013-06-17T07:18:07","version" => "2.010000"},{"date" => "2013-06-17T22:10:21","version" => "2.010001_001"},{"date" => "2013-06-20T12:55:28","version" => "2.010001_002"},{"date" => "2013-06-20T12:58:16","version" => "2.010001_003"},{"date" => "2013-07-23T23:02:00","version" => "2.010002"},{"date" => "2013-07-24T22:50:05","version" => "2.010004"},{"date" => "2013-07-29T07:04:27","version" => "2.011000"},{"date" => "2013-08-06T17:37:28","version" => "2.012000"},{"date" => "2013-08-06T17:42:25","version" => "2.012001"},{"date" => "2013-08-07T09:06:31","version" => "2.012002"},{"date" => "2013-08-16T16:28:13","version" => "2.012003_001"},{"date" => "2013-08-16T16:48:37","version" => "2.012004"},{"date" => "2013-08-16T16:51:08","version" => "2.012005"},{"date" => "2013-08-23T05:52:12","version" => "2.012006"},{"date" => "2013-08-23T10:29:04","version" => "2.013000"},{"date" => "2013-08-23T11:34:38","version" => "2.013001"},{"date" => "2013-08-26T21:44:14","version" => "2.014000"},{"date" => "2013-09-05T23:57:20","version" => "2.015000"},{"date" => "2013-09-10T22:33:43","version" => "2.016000"},{"date" => "2013-09-11T21:38:31","version" => "2.016001"},{"date" => "2013-09-11T22:15:54","version" => "2.016002"},{"date" => "2013-09-12T07:28:46","version" => "2.016003"},{"date" => "2013-09-23T19:49:48","version" => "2.017000"},{"date" => "2013-10-06T22:38:36","version" => "2.017001_001"},{"date" => "2013-10-07T20:55:41","version" => "2.017001_002"},{"date" => "2013-10-07T22:36:36","version" => "2.017001_003"},{"date" => "2013-10-08T10:28:21","version" => "2.018000"},{"date" => "2013-10-16T22:57:00","version" => "2.018000_001"},{"date" => "2013-10-22T12:44:58","version" => "2.018000_002"},{"date" => "2013-10-22T13:19:30","version" => "2.019000"},{"date" => "2013-10-22T14:41:32","version" => "2.019001"},{"date" => "2013-10-24T04:57:13","version" => "2.019002"},{"date" => "2013-10-27T03:07:39","version" => "2.019003"},{"date" => "2013-12-08T19:46:22","version" => "2.020000"},{"date" => "2013-12-08T21:49:04","version" => "2.020001"},{"date" => "2013-12-11T15:59:18","version" => "2.020002"},{"date" => "2013-12-29T21:34:57","version" => "2.020003_001"},{"date" => "2014-01-01T23:33:18","version" => "2.020003_002"},{"date" => "2014-01-06T20:49:38","version" => "2.020003_003"},{"date" => "2014-01-12T17:36:59","version" => "2.021000"},{"date" => "2014-01-13T00:42:23","version" => "2.021000_001"},{"date" => "2014-01-13T14:02:33","version" => "2.021000_002"},{"date" => "2014-01-13T18:50:36","version" => "2.021000_004"},{"date" => "2014-01-26T13:49:10","version" => "2.022000"},{"date" => "2014-02-10T21:24:32","version" => "2.023000"},{"date" => "2014-02-14T19:41:51","version" => "2.023001"},{"date" => "2014-02-17T13:23:06","version" => "2.023002"},{"date" => "2014-02-22T19:18:19","version" => "2.024000"},{"date" => "2014-02-25T22:36:15","version" => "2.024001"},{"date" => "2014-02-27T17:39:32","version" => "2.024002"},{"date" => "2014-02-27T17:52:08","version" => "2.024003"},{"date" => "2014-03-02T23:30:02","version" => "2.024003_001"},{"date" => "2014-03-04T22:23:50","version" => "2.024004"},{"date" => "2014-03-28T07:32:33","version" => "2.025000_001"},{"date" => "2014-04-08T18:51:46","version" => "2.025001"},{"date" => "2014-04-10T20:17:35","version" => "2.026000"},{"date" => "2014-04-17T06:01:16","version" => "2.026001_001"},{"date" => "2014-04-18T22:35:47","version" => "2.026001_002"},{"date" => "2014-04-20T22:48:43","version" => "2.026001_003"},{"date" => "2014-04-28T21:01:11","version" => "2.026001_004"},{"date" => "2014-05-03T07:27:54","version" => "2.027001"},{"date" => "2014-05-04T09:01:14","version" => "2.027002"},{"date" => "2014-05-15T07:12:35","version" => "2.027003"},{"date" => "2014-05-15T15:55:07","version" => "2.027004"},{"date" => "2014-05-21T20:21:35","version" => "2.027005_001"},{"date" => "2014-05-27T06:05:59","version" => "2.027006"},{"date" => "2014-05-27T09:45:15","version" => "2.027007"},{"date" => "2014-06-23T12:59:01","version" => "2.027008_001"},{"date" => "2014-07-02T08:20:20","version" => "2.028000"},{"date" => "2014-07-13T17:55:04","version" => "2.028001"},{"date" => "2014-07-13T20:59:54","version" => "2.028002_001"},{"date" => "2014-07-15T16:10:41","version" => "2.028003"},{"date" => "2014-07-16T07:05:29","version" => "2.028004"},{"date" => "2014-07-17T13:25:34","version" => "2.028005"},{"date" => "2014-07-21T08:09:06","version" => "2.028006"},{"date" => "2014-07-22T07:01:44","version" => "2.028008"},{"date" => "2014-07-22T21:40:24","version" => "2.028010"},{"date" => "2014-07-22T21:49:10","version" => "2.028011"},{"date" => "2014-07-22T22:21:11","version" => "2.028012"},{"date" => "2014-07-30T23:57:34","version" => "2.028013"},{"date" => "2014-08-08T06:35:55","version" => "2.029000_001"},{"date" => "2014-08-08T21:43:46","version" => "2.029000_002"},{"date" => "2014-08-10T20:21:10","version" => "2.029001"},{"date" => "2014-08-10T20:37:39","version" => "2.029002"},{"date" => "2014-08-11T15:14:59","version" => "2.029003"},{"date" => "2014-08-11T21:04:08","version" => "2.029004"},{"date" => "2014-08-13T10:48:53","version" => "2.029005"},{"date" => "2014-08-25T16:24:00","version" => "2.029006"},{"date" => "2014-09-12T13:09:36","version" => "2.029007"},{"date" => "2014-09-23T19:32:12","version" => "2.029008"},{"date" => "2014-09-27T10:37:24","version" => "2.029009"},{"date" => "2014-10-07T07:39:18","version" => "2.029010"},{"date" => "2014-10-07T17:50:07","version" => "2.029011"},{"date" => "2014-10-09T16:01:27","version" => "2.029012"},{"date" => "2014-11-14T00:16:10","version" => "2.029013_001"},{"date" => "2014-11-14T23:58:24","version" => "2.029013_002"},{"date" => "2014-11-20T08:04:38","version" => "2.029014"},{"date" => "2015-01-08T11:10:55","version" => "2.030000"},{"date" => "2015-02-04T15:28:08","version" => "2.031000"},{"date" => "2015-02-04T18:45:47","version" => "2.031001"},{"date" => "2015-02-04T19:01:00","version" => "2.031002"},{"date" => "2015-02-04T22:47:46","version" => "2.031003"},{"date" => "2015-02-05T14:19:47","version" => "2.031004"},{"date" => "2015-02-06T10:20:08","version" => "2.031005"},{"date" => "2015-02-15T15:40:46","version" => "2.031006"},{"date" => "2015-02-19T08:51:44","version" => "2.031007"},{"date" => "2015-02-22T09:43:23","version" => "2.031008"},{"date" => "2015-02-25T21:21:31","version" => "2.031009"},{"date" => "2015-02-25T22:12:31","version" => "2.031010"},{"date" => "2015-02-27T08:35:31","version" => "2.031011"},{"date" => "2015-02-28T11:59:22","version" => "2.031012"},{"date" => "2015-03-07T17:12:38","version" => "2.032000_001"},{"date" => "2015-03-24T22:46:31","version" => "2.032001"},{"date" => "2015-04-03T19:21:56","version" => "2.032002"},{"date" => "2015-05-05T19:42:05","version" => "2.032003"},{"date" => "2015-05-17T21:09:24","version" => "2.032004"},{"date" => "2015-05-18T09:25:35","version" => "2.032005"},{"date" => "2015-07-19T11:40:08","version" => "2.032006"},{"date" => "2015-07-30T16:33:06","version" => "2.032007"},{"date" => "2015-08-26T11:27:02","version" => "2.033000"},{"date" => "2015-08-27T14:50:17","version" => "2.033001"},{"date" => "2015-09-29T08:56:31","version" => "2.033002"},{"date" => "2015-10-13T21:37:21","version" => "2.033003"},{"date" => "2015-11-16T21:41:13","version" => "2.033004"},{"date" => "2016-02-02T09:11:15","version" => "2.033005"},{"date" => "2016-03-20T13:17:57","version" => "2.033005"},{"date" => "2016-10-03T15:58:17","version" => "2.034000"},{"date" => "2016-11-20T17:51:25","version" => "2.034001"},{"date" => "2017-01-06T14:35:56","version" => "2.034002"},{"date" => "2017-04-19T20:59:13","version" => "2.035000"},{"date" => "2017-04-19T21:18:39","version" => "2.035001"},{"date" => "2017-04-24T11:50:12","version" => "2.035002"},{"date" => "2017-04-24T13:44:38","version" => "2.035003"},{"date" => "2017-04-25T09:54:37","version" => "2.035004"},{"date" => "2017-04-29T08:13:48","version" => "2.035005"},{"date" => "2017-04-29T08:31:09","version" => "2.035006"},{"date" => "2017-05-17T06:44:07","version" => "2.035999_001"},{"date" => "2017-05-27T14:50:21","version" => "2.035999_002"},{"date" => "2017-05-29T16:22:27","version" => "2.035999_003"},{"date" => "2017-05-30T10:40:20","version" => "2.035999_004"},{"date" => "2017-05-30T11:05:45","version" => "2.035999_005"},{"date" => "2017-05-30T15:03:49","version" => "2.035999_006"},{"date" => "2017-05-30T20:27:22","version" => "2.035999_007"},{"date" => "2017-06-13T06:23:11","version" => "2.035999_008"},{"date" => "2017-06-18T22:37:11","version" => "2.035999_009"},{"date" => "2017-06-19T17:50:27","version" => "2.035999_010"},{"date" => "2017-06-22T07:36:42","version" => "2.036000"},{"date" => "2017-06-22T11:25:23","version" => "2.036001"},{"date" => "2017-06-26T18:58:33","version" => "2.036002"},{"date" => "2017-06-28T15:44:41","version" => "2.036003"},{"date" => "2017-07-02T08:56:33","version" => "2.036004"},{"date" => "2017-07-05T05:07:47","version" => "2.036005"},{"date" => "2017-07-09T13:28:10","version" => "2.036006"},{"date" => "2017-07-12T06:01:03","version" => "2.036007"},{"date" => "2017-07-14T12:52:34","version" => "2.036008"},{"date" => "2017-08-01T09:30:17","version" => "2.036009"},{"date" => "2017-10-08T13:22:48","version" => "2.036010"},{"date" => "2017-10-09T07:01:31","version" => "2.036011"},{"date" => "2017-10-11T17:33:31","version" => "2.036012_001"},{"date" => "2017-11-19T13:49:04","version" => "2.036012_002"},{"date" => "2017-11-28T21:49:40","version" => "2.036012_003"},{"date" => "2017-12-14T21:49:14","version" => "2.037000"},{"date" => "2017-12-14T21:57:42","version" => "2.037001"},{"date" => "2017-12-17T20:22:25","version" => "2.037002"},{"date" => "2017-12-18T17:35:24","version" => "2.037003"},{"date" => "2017-12-21T20:06:32","version" => "2.037004"},{"date" => "2017-12-22T23:46:44","version" => "2.037005"},{"date" => "2017-12-31T09:54:24","version" => "2.038000"},{"date" => "2018-01-02T13:10:42","version" => "2.038001"},{"date" => "2018-01-02T22:07:51","version" => "2.038002_001"},{"date" => "2018-01-04T20:21:13","version" => "2.038002_002"},{"date" => "2018-01-04T22:38:07","version" => "2.038002_003"},{"date" => "2018-01-04T22:53:29","version" => "2.038003"},{"date" => "2018-01-05T17:43:24","version" => "2.038004"},{"date" => "2018-01-05T20:22:23","version" => "2.038005"},{"date" => "2018-01-08T14:14:33","version" => "2.038006"},{"date" => "2018-01-09T09:57:13","version" => "2.038007"},{"date" => "2018-01-09T15:38:57","version" => "2.038008"},{"date" => "2018-01-10T01:16:32","version" => "2.038009"},{"date" => "2018-01-15T11:34:50","version" => "2.038028"},{"date" => "2018-01-23T22:56:08","version" => "2.038031"},{"date" => "2018-01-28T20:04:09","version" => "2.038032"},{"date" => "2018-01-31T15:06:37","version" => "2.038033"},{"date" => "2018-01-31T20:00:58","version" => "2.038034"},{"date" => "2018-02-02T14:54:43","version" => "2.039000"},{"date" => "2018-02-02T18:35:11","version" => "2.039001"},{"date" => "2018-02-07T23:03:50","version" => "2.039002"},{"date" => "2018-02-12T21:11:07","version" => "2.039003"},{"date" => "2018-02-15T08:29:55","version" => "2.039004"},{"date" => "2018-02-15T19:55:25","version" => "2.039005"},{"date" => "2018-02-15T20:17:31","version" => "2.039006"},{"date" => "2018-02-16T08:23:49","version" => "2.039007"},{"date" => "2018-02-22T22:06:19","version" => "2.039008"},{"date" => "2018-02-22T22:23:38","version" => "2.039009"},{"date" => "2018-02-22T22:52:04","version" => "2.039010"},{"date" => "2018-02-25T09:28:46","version" => "2.039011"},{"date" => "2018-03-02T13:12:05","version" => "2.039012"},{"date" => "2018-03-02T14:18:44","version" => "2.039013"},{"date" => "2018-03-04T09:58:06","version" => "2.039014"},{"date" => "2018-03-05T23:01:48","version" => "2.039015"},{"date" => "2018-03-19T23:12:52","version" => "2.039016"},{"date" => "2018-03-20T10:12:42","version" => "2.039017"},{"date" => "2018-03-22T21:46:51","version" => "2.039018"},{"date" => "2018-03-23T09:55:03","version" => "2.039019"},{"date" => "2018-03-26T21:59:24","version" => "2.039020"},{"date" => "2018-04-10T20:47:57","version" => "2.039021"},{"date" => "2018-04-18T21:24:35","version" => "2.039022"},{"date" => "2018-04-19T07:27:07","version" => "2.039023"},{"date" => "2018-04-22T17:54:24","version" => "2.039024"},{"date" => "2018-04-27T12:27:18","version" => "2.039025"},{"date" => "2018-04-28T12:11:41","version" => "2.039026"},{"date" => "2018-04-28T21:16:54","version" => "2.039027"},{"date" => "2018-05-05T15:29:52","version" => "2.039028"},{"date" => "2018-05-09T05:55:14","version" => "2.039029"},{"date" => "2018-05-09T06:00:13","version" => "2.039030"},{"date" => "2018-06-17T20:58:47","version" => "2.039031"},{"date" => "2018-10-19T14:38:26","version" => "2.039032"},{"date" => "2018-10-19T20:36:53","version" => "2.039033"},{"date" => "2018-12-28T17:07:03","version" => "2.040000"},{"date" => "2018-12-30T10:53:04","version" => "2.040001"},{"date" => "2018-12-30T10:59:07","version" => "2.040002"},{"date" => "2019-01-18T07:10:03","version" => "2.040003"},{"date" => "2019-03-03T14:56:07","version" => "2.040004"},{"date" => "2019-03-04T10:02:25","version" => "2.040005"},{"date" => "2019-03-04T12:04:34","version" => "2.040006"},{"date" => "2019-03-06T18:44:33","version" => "2.040007"},{"date" => "2019-03-12T19:59:49","version" => "2.041000"},{"date" => "2019-03-15T05:34:08","version" => "2.041001"},{"date" => "2019-03-17T09:37:27","version" => "2.041002"},{"date" => "2019-03-17T20:32:01","version" => "2.042000"},{"date" => "2019-03-18T21:28:43","version" => "2.042001"},{"date" => "2019-03-20T12:26:14","version" => "2.042002"},{"date" => "2019-03-21T16:19:51","version" => "2.042003"},{"date" => "2019-03-28T23:00:19","version" => "2.042004"},{"date" => "2019-04-03T13:56:55","version" => "2.042005"},{"date" => "2019-04-16T16:48:15","version" => "2.042006"},{"date" => "2019-04-28T19:57:19","version" => "2.042007"},{"date" => "2019-04-30T10:51:06","version" => "2.042008"},{"date" => "2019-05-30T06:13:10","version" => "2.042009"},{"date" => "2019-06-02T06:55:13","version" => "2.042010"},{"date" => "2019-09-03T19:27:26","version" => "2.043000"},{"date" => "2019-09-04T12:36:05","version" => "2.043001"},{"date" => "2019-09-23T13:58:04","version" => "2.044000"},{"date" => "2019-09-26T14:01:50","version" => "2.044001"},{"date" => "2019-10-01T09:43:52","version" => "2.044002"},{"date" => "2019-10-15T17:57:05","version" => "2.044003"},{"date" => "2019-10-30T19:52:42","version" => "2.044004"},{"date" => "2020-01-19T15:31:55","version" => "2.044005"},{"date" => "2020-01-22T21:20:09","version" => "2.044006"},{"date" => "2020-01-22T21:25:34","version" => "2.044007"},{"date" => "2020-01-23T18:44:49","version" => "2.044008"},{"date" => "2020-01-23T18:48:48","version" => "2.044009"},{"date" => "2020-01-25T18:09:41","version" => "2.044010"},{"date" => "2020-01-26T21:46:22","version" => "2.044011"},{"date" => "2020-02-01T13:27:10","version" => "2.044012"},{"date" => "2020-02-04T21:35:18","version" => "2.044013"},{"date" => "2020-02-09T10:03:07","version" => "2.044014"},{"date" => "2020-02-12T16:56:14","version" => "2.044015"},{"date" => "2020-04-15T20:25:36","version" => "2.045000"},{"date" => "2020-04-18T08:50:13","version" => "2.045001"},{"date" => "2020-04-19T17:03:54","version" => "2.045002"},{"date" => "2020-05-15T11:02:33","version" => "2.045003"},{"date" => "2020-05-18T11:34:20","version" => "2.045005"},{"date" => "2020-05-24T18:43:31","version" => "2.045006"},{"date" => "2020-06-05T08:11:31","version" => "2.045007"},{"date" => "2020-07-08T21:29:53","version" => "2.046000"},{"date" => "2020-07-10T21:30:48","version" => "2.046001"},{"date" => "2020-08-07T10:02:15","version" => "2.046002"},{"date" => "2020-10-17T12:15:43","version" => "2.046003"},{"date" => "2020-10-17T13:29:56","version" => "2.046004"},{"date" => "2020-10-17T13:40:12","version" => "2.046005"},{"date" => "2020-10-31T11:15:17","version" => "2.046006"},{"date" => "2020-12-23T11:58:41","version" => "2.047000"},{"date" => "2020-12-29T13:08:42","version" => "2.047001"},{"date" => "2020-12-30T20:42:02","version" => "2.047002"},{"date" => "2021-02-14T14:05:50","version" => "2.047003"},{"date" => "2021-02-15T22:13:51","version" => "2.047004"},{"date" => "2021-02-24T10:48:16","version" => "2.047005"},{"date" => "2021-07-14T11:34:50","version" => "2.047006"},{"date" => "2021-07-14T12:15:22","version" => "2.047007"},{"date" => "2021-07-21T08:54:04","version" => "2.047008"},{"date" => "2021-08-14T12:38:48","version" => "2.048000"},{"date" => "2021-08-22T13:29:25","version" => "2.049000"},{"date" => "2021-08-22T19:32:21","version" => "2.049001"},{"date" => "2021-09-03T05:26:59","version" => "2.049002"},{"date" => "2021-09-03T07:11:01","version" => "2.049003"},{"date" => "2021-09-03T20:36:58","version" => "2.049004"},{"date" => "2021-09-09T07:52:58","version" => "2.049005"},{"date" => "2021-10-03T07:55:21","version" => "2.049006"},{"date" => "2021-10-05T16:38:38","version" => "2.049007"},{"date" => "2021-10-06T15:53:00","version" => "2.049008"},{"date" => "2021-10-06T21:33:32","version" => "2.049009"},{"date" => "2021-10-11T20:34:00","version" => "2.049010"},{"date" => "2021-10-12T07:43:57","version" => "2.049011"},{"date" => "2021-10-12T12:28:03","version" => "2.050000"},{"date" => "2021-10-12T14:28:01","version" => "2.050001"},{"date" => "2021-10-19T08:13:11","version" => "2.050003"},{"date" => "2021-11-14T19:39:02","version" => "2.051001"},{"date" => "2021-11-23T16:10:12","version" => "2.051002"},{"date" => "2021-11-24T13:15:54","version" => "2.051003"},{"date" => "2021-11-25T11:53:35","version" => "2.051004"},{"date" => "2021-11-25T20:20:22","version" => "2.051005"},{"date" => "2021-11-30T05:19:10","version" => "2.052000"},{"date" => "2022-02-01T20:51:26","version" => "2.052001"},{"date" => "2022-02-28T18:14:51","version" => "2.052002"},{"date" => "2022-04-13T19:12:04","version" => "2.052003"},{"date" => "2022-04-22T08:58:41","version" => "2.052005"},{"date" => "2022-05-17T21:06:21","version" => "2.052006"},{"date" => "2022-06-03T21:24:35","version" => "2.052007"},{"date" => "2022-07-12T08:18:54","version" => "2.052008"},{"date" => "2022-07-26T21:00:56","version" => "2.052009"},{"date" => "2022-07-27T21:54:42","version" => "2.052010"},{"date" => "2022-08-01T16:54:16","version" => "2.052011"},{"date" => "2022-08-02T16:05:09","version" => "2.052012"},{"date" => "2022-08-02T20:51:15","version" => "2.053000"},{"date" => "2022-08-02T21:21:25","version" => "2.053001"},{"date" => "2022-08-03T17:05:56","version" => "2.053002"},{"date" => "2022-08-03T21:05:28","version" => "2.053003"},{"date" => "2022-08-04T22:02:30","version" => "2.053004"},{"date" => "2022-08-04T22:11:32","version" => "2.053005"},{"date" => "2022-08-07T22:32:50","version" => "2.053006"},{"date" => "2022-08-09T09:32:35","version" => "2.053007"},{"date" => "2022-08-15T12:46:43","version" => "2.054000"},{"date" => "2022-08-17T10:15:23","version" => "2.055000"},{"date" => "2022-09-02T08:05:05","version" => "2.055001"},{"date" => "2022-09-24T19:09:03","version" => "2.056000"},{"date" => "2022-09-24T19:09:14","version" => "2.057000"},{"date" => "2022-09-24T19:09:26","version" => "2.057001"},{"date" => "2022-09-24T21:42:34","version" => "2.057002"},{"date" => "2022-09-27T15:34:42","version" => "2.057004"},{"date" => "2022-09-28T14:20:19","version" => "2.057005"},{"date" => "2022-09-30T21:07:39","version" => "2.057006"},{"date" => "2022-10-04T12:22:31","version" => "2.057007"},{"date" => "2022-10-18T12:00:41","version" => "2.057008"},{"date" => "2022-11-04T10:29:49","version" => "2.058000"},{"date" => "2022-11-04T15:42:53","version" => "2.058001"},{"date" => "2022-11-04T15:54:41","version" => "2.058003"},{"date" => "2022-11-25T15:29:29","version" => "2.059000"},{"date" => "2022-11-26T20:37:56","version" => "2.059001"},{"date" => "2022-12-09T10:32:14","version" => "2.060000"},{"date" => "2022-12-11T16:58:49","version" => "2.060001"},{"date" => "2022-12-13T15:34:56","version" => "2.060002"},{"date" => "2022-12-14T16:55:04","version" => "2.060003"},{"date" => "2023-01-11T15:14:43","version" => "2.060004"},{"date" => "2023-02-21T14:22:36","version" => "2.060005"},{"date" => "2023-03-03T15:43:58","version" => "2.060007"},{"date" => "2023-03-08T17:21:35","version" => "2.060008"},{"date" => "2023-03-10T18:09:47","version" => "2.060009"},{"date" => "2023-03-10T18:12:29","version" => "2.060010"},{"date" => "2023-03-29T10:43:01","version" => "2.061000"},{"date" => "2023-04-27T15:33:52","version" => "2.061001"},{"date" => "2023-05-30T08:58:07","version" => "2.062000"},{"date" => "2023-06-05T17:02:14","version" => "2.062001"},{"date" => "2023-06-06T06:07:49","version" => "2.062002"},{"date" => "2023-06-20T09:11:03","version" => "2.062003"},{"date" => "2023-06-26T17:00:40","version" => "2.062004"},{"date" => "2023-06-26T18:35:55","version" => "2.062005"},{"date" => "2023-06-28T09:03:56","version" => "2.063000"},{"date" => "2023-06-28T16:06:44","version" => "2.063001"},{"date" => "2023-07-14T21:25:14","version" => "2.063002"},{"date" => "2023-07-15T10:11:43","version" => "2.063004"},{"date" => "2023-07-22T09:17:38","version" => "2.064000"},{"date" => "2023-07-25T12:03:07","version" => "2.064001"},{"date" => "2023-08-13T15:06:31","version" => "2.065000"},{"date" => "2023-08-13T18:47:39","version" => "2.065001"},{"date" => "2023-09-03T08:12:02","version" => "2.065002"},{"date" => "2023-09-19T18:11:32","version" => "2.066000"},{"date" => "2023-09-27T13:20:00","version" => "2.067001"},{"date" => "2023-09-27T13:27:43","version" => "2.067002"},{"date" => "2023-10-27T14:38:37","version" => "2.068000"},{"date" => "2023-11-01T21:58:28","version" => "2.068001"},{"date" => "2023-11-12T07:36:25","version" => "2.069000"},{"date" => "2023-11-14T19:10:46","version" => "2.070000"},{"date" => "2023-11-15T11:29:20","version" => "2.070001"},{"date" => "2023-11-21T16:01:49","version" => "2.070002"},{"date" => "2023-11-24T20:50:38","version" => "2.070003"},{"date" => "2023-12-07T08:00:38","version" => "2.071000"},{"date" => "2023-12-07T15:51:30","version" => "2.071001"},{"date" => "2024-01-06T14:13:03","version" => "2.071002"},{"date" => "2024-01-10T20:49:02","version" => "2.071003"},{"date" => "2024-01-14T16:49:02","version" => "2.072000"},{"date" => "2024-01-15T20:04:01","version" => "2.072001"},{"date" => "2024-01-21T11:04:41","version" => "2.072002"},{"date" => "2024-02-14T21:31:03","version" => "2.072003"},{"date" => "2024-03-13T15:45:46","version" => "2.073000"},{"date" => "2024-03-13T16:54:38","version" => "2.073001"},{"date" => "2024-03-19T09:53:20","version" => "2.074000"},{"date" => "2024-03-19T17:08:31","version" => "2.074001"},{"date" => "2024-04-08T18:12:37","version" => "2.075000"},{"date" => "2024-04-09T10:16:31","version" => "2.075001"},{"date" => "2024-04-10T10:43:31","version" => "2.075002"},{"date" => "2024-04-12T10:31:45","version" => "2.075003"},{"date" => "2024-04-22T16:27:19","version" => "2.076000"},{"date" => "2024-04-24T20:20:10","version" => "2.076001"},{"date" => "2024-04-30T16:36:08","version" => "2.076002"},{"date" => "2024-05-03T14:28:39","version" => "2.076004"},{"date" => "2024-05-20T18:19:33","version" => "2.076005"},{"date" => "2024-08-10T18:36:30","version" => "2.076006"},{"date" => "2024-08-15T09:14:32","version" => "2.077000"},{"date" => "2024-08-15T10:17:44","version" => "2.077001"},{"date" => "2024-08-15T10:52:40","version" => "2.077002"},{"date" => "2024-08-15T19:54:33","version" => "2.077003"},{"date" => "2024-08-15T21:20:21","version" => "2.077004"},{"date" => "2024-08-16T00:14:40","version" => "2.077005"},{"date" => "2024-08-18T06:35:14","version" => "2.077006"},{"date" => "2024-08-18T12:19:30","version" => "2.077007"},{"date" => "2024-08-19T06:08:24","version" => "2.077008"},{"date" => "2024-08-19T11:03:29","version" => "2.077009"},{"date" => "2024-08-23T09:20:50","version" => "2.077010"},{"date" => "2024-08-23T10:06:31","version" => "2.077011"},{"date" => "2024-08-27T08:13:19","version" => "2.078000"},{"date" => "2024-09-12T20:31:33","version" => "2.079000"},{"date" => "2024-09-13T12:33:44","version" => "2.079001"},{"date" => "2024-10-29T18:29:18","version" => "2.080000"},{"date" => "2024-10-29T22:40:05","version" => "2.080001"},{"date" => "2024-10-30T10:32:44","version" => "2.080002"},{"date" => "2024-10-30T14:56:55","version" => "2.080003"},{"date" => "2024-12-30T11:04:42","version" => "2.081000"},{"date" => "2024-12-30T22:06:11","version" => "2.081001"},{"date" => "2024-12-31T14:05:40","version" => "2.081002"},{"date" => "2024-12-31T18:13:01","version" => "2.081003"},{"date" => "2025-01-19T11:32:49","version" => "2.081004"},{"date" => "2025-01-29T09:05:34","version" => "2.082000"},{"date" => "2025-01-29T09:05:46","version" => "2.082001"},{"date" => "2025-02-02T21:01:02","version" => "2.082002"},{"date" => "2025-02-04T20:24:13","version" => "2.082003"},{"date" => "2025-02-06T12:37:52","version" => "2.083000"},{"date" => "2025-02-06T13:18:05","version" => "2.083001"},{"date" => "2025-03-05T17:35:07","version" => "2.084000"},{"date" => "2025-03-09T18:50:08","version" => "2.084001"},{"date" => "2025-04-19T14:09:15","version" => "2.084002"},{"date" => "2025-04-26T18:03:12","version" => "2.085000"},{"date" => "2025-05-02T11:38:20","version" => "2.085001"},{"date" => "2025-05-22T04:57:55","version" => "2.085002"},{"date" => "2025-05-24T17:59:36","version" => "2.085003"},{"date" => "2025-06-03T17:29:52","version" => "2.086000"},{"date" => "2025-06-04T16:09:11","version" => "2.086001"},{"date" => "2025-06-18T16:02:11","version" => "2.086002"},{"date" => "2025-06-21T21:19:20","version" => "2.086003"},{"date" => "2025-07-14T06:58:58","version" => "2.087000"},{"date" => "2025-08-20T08:48:08","version" => "2.087001"},{"date" => "2025-08-26T19:48:48","version" => "2.088000"},{"date" => "2025-08-26T20:55:03","version" => "2.088001"},{"date" => "2025-08-31T18:25:51","version" => "2.088002"},{"date" => "2025-09-02T16:27:31","version" => "2.088003"},{"date" => "2025-09-05T14:23:42","version" => "2.088004"},{"date" => "2025-09-07T21:39:05","version" => "2.089000"},{"date" => "2025-09-07T22:24:00","version" => "2.089001"},{"date" => "2025-09-12T08:53:38","version" => "2.089002"},{"date" => "2025-09-21T12:24:20","version" => "2.089003"},{"date" => "2025-09-21T17:24:33","version" => "2.089004"},{"date" => "2025-09-21T19:32:52","version" => "2.090000"},{"date" => "2025-09-25T11:53:09","version" => "2.090001"},{"date" => "2025-09-25T14:07:38","version" => "2.090002"},{"date" => "2025-09-30T18:57:58","version" => "2.091000"},{"date" => "2025-10-09T13:32:39","version" => "2.091001"},{"date" => "2025-10-19T21:09:39","version" => "2.092000"},{"date" => "2025-10-21T13:26:48","version" => "2.092001"},{"date" => "2025-10-22T15:55:40","version" => "2.092002"},{"date" => "2025-10-24T15:11:24","version" => "2.093000"},{"date" => "2025-10-24T15:34:57","version" => "2.093001"},{"date" => "2025-10-25T18:33:51","version" => "2.094000"},{"date" => "2025-10-29T13:02:15","version" => "2.094001"},{"date" => "2025-10-29T21:19:58","version" => "2.094002"},{"date" => "2025-11-03T21:28:10","version" => "2.094003"},{"date" => "2025-11-15T12:44:12","version" => "2.095000"},{"date" => "2025-11-15T17:24:25","version" => "2.095001"},{"date" => "2025-11-16T18:08:46","version" => "2.095002"},{"date" => "2025-11-18T20:13:49","version" => "2.095003"},{"date" => "2025-11-23T19:49:42","version" => "2.095004"},{"date" => "2025-11-30T16:31:48","version" => "2.095005"},{"date" => "2025-11-30T18:18:11","version" => "2.095006"},{"date" => "2025-12-07T20:39:51","version" => "2.096000"},{"date" => "2025-12-13T16:24:36","version" => "2.096001"},{"date" => "2025-12-16T12:26:36","version" => "2.097000"},{"date" => "2026-01-08T22:37:02","version" => "2.097001"},{"date" => "2026-01-09T10:32:45","version" => "2.097002"},{"date" => "2026-02-21T11:16:58","version" => "2.097003"}]},"App-cpanminus" => {"advisories" => [{"affected_versions" => ["<=1.7044"],"cves" => ["CVE-2020-16154"],"description" => "The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.\n","distribution" => "App-cpanminus","fixed_versions" => [">=1.7045"],"id" => "CPANSA-App-cpanminus-2020-01","references" => ["https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/","https://metacpan.org/pod/App::cpanminus","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","https://access.redhat.com/security/cve/cve-2020-16154","https://security-tracker.debian.org/tracker/CVE-2020-16154","https://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html","https://github.com/miyagawa/cpanminus/pull/638"],"reported" => "2020-07-30"},{"affected_versions" => [">0"],"cves" => ["CVE-2024-45321"],"description" => "The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.\n","distribution" => "App-cpanminus","fixed_versions" => [],"id" => "CPANSA-App-cpanminus-2024-45321","references" => ["https://github.com/miyagawa/cpanminus/issues/611","https://github.com/miyagawa/cpanminus/pull/674","https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html"],"reported" => "2024-08-27"}],"main_module" => "App::cpanminus","versions" => [{"date" => "2010-02-20T02:27:00","version" => "0.01"},{"date" => "2010-02-20T03:14:10","version" => "0.02"},{"date" => "2010-02-20T03:39:56","version" => "0.03"},{"date" => "2010-02-20T05:04:01","version" => "0.04"},{"date" => "2010-02-20T05:16:03","version" => "0.05"},{"date" => "2010-02-20T05:48:44","version" => "0.06"},{"date" => "2010-02-20T20:20:08","version" => "0.07"},{"date" => "2010-02-20T23:41:01","version" => "0.08"},{"date" => "2010-02-21T07:48:49","version" => "0.09"},{"date" => "2010-02-23T20:52:46","version" => "0.99_01"},{"date" => "2010-02-24T06:20:33","version" => "0.99_02"},{"date" => "2010-02-24T07:05:47","version" => "0.99_03"},{"date" => "2010-02-25T17:20:05","version" => "0.99_04"},{"date" => "2010-02-25T22:42:22","version" => "0.99_05"},{"date" => "2010-02-25T22:51:43","version" => "0.99_06"},{"date" => "2010-02-28T05:14:30","version" => "0.99_07"},{"date" => "2010-03-01T05:59:15","version" => "0.9910"},{"date" => "2010-03-02T00:29:51","version" => "0.9911"},{"date" => "2010-03-03T02:55:22","version" => "0.9912"},{"date" => "2010-03-03T03:21:59","version" => "0.9913"},{"date" => "2010-03-04T08:42:03","version" => "0.9914"},{"date" => "2010-03-04T09:58:11","version" => "0.9915"},{"date" => "2010-03-04T19:35:22","version" => "0.9916"},{"date" => "2010-03-09T13:58:32","version" => "0.9917"},{"date" => "2010-03-10T02:26:03","version" => "0.9918"},{"date" => "2010-03-10T02:41:31","version" => "0.9919"},{"date" => "2010-03-10T09:49:22","version" => "0.99_20"},{"date" => "2010-03-10T15:03:38","version" => "0.9921"},{"date" => "2010-03-11T02:01:28","version" => "0.9922"},{"date" => "2010-03-16T00:07:01","version" => "0.9923"},{"date" => "2010-03-22T05:05:33","version" => "0.99_24"},{"date" => "2010-03-23T02:54:44","version" => "0.99_25"},{"date" => "2010-03-23T03:24:34","version" => "0.99_26"},{"date" => "2010-03-23T18:24:55","version" => "0.9927"},{"date" => "2010-03-26T05:09:12","version" => "0.9928"},{"date" => "2010-03-27T04:42:41","version" => "0.9929"},{"date" => "2010-03-30T21:29:41","version" => "0.9930"},{"date" => "2010-04-05T01:18:12","version" => "0.9931"},{"date" => "2010-04-05T23:28:11","version" => "0.9932"},{"date" => "2010-04-11T07:51:27","version" => "0.99_33"},{"date" => "2010-04-11T11:55:44","version" => "0.9934"},{"date" => "2010-04-12T11:09:47","version" => "0.999_01"},{"date" => "2010-04-13T07:11:08","version" => "0.999_02"},{"date" => "2010-04-14T09:29:25","version" => "0.999_03"},{"date" => "2010-04-14T09:30:52","version" => "0.9935"},{"date" => "2010-04-19T06:23:01","version" => "0.999_04"},{"date" => "2010-04-21T11:40:46","version" => "0.999_05"},{"date" => "2010-04-21T11:53:47","version" => "0.9936"},{"date" => "2010-04-24T08:23:24","version" => "1.0000"},{"date" => "2010-04-24T08:26:40","version" => "1.0001"},{"date" => "2010-05-02T03:51:09","version" => "1.0002"},{"date" => "2010-05-04T23:16:18","version" => "1.0003"},{"date" => "2010-05-14T23:10:54","version" => "1.0004"},{"date" => "2010-07-02T23:39:32","version" => "1.0005"},{"date" => "2010-07-02T23:54:14","version" => "1.0006"},{"date" => "2010-07-30T19:55:47","version" => "1.0010"},{"date" => "2010-08-18T23:42:36","version" => "1.0011"},{"date" => "2010-08-20T19:58:19","version" => "1.0012"},{"date" => "2010-09-12T19:54:17","version" => "1.0013"},{"date" => "2010-09-21T19:43:20","version" => "1.0014"},{"date" => "2010-09-24T23:52:00","version" => "1.0015"},{"date" => "2010-11-12T07:57:33","version" => "1.1000"},{"date" => "2010-11-12T20:37:49","version" => "1.1001"},{"date" => "2010-11-17T02:28:44","version" => "1.1002"},{"date" => "2010-11-25T09:18:34","version" => "1.1003"},{"date" => "2010-11-30T18:07:12","version" => "1.1004"},{"date" => "2010-12-14T23:08:40","version" => "1.1005"},{"date" => "2010-12-16T19:32:01","version" => "1.1006"},{"date" => "2011-01-18T17:40:16","version" => "1.1007"},{"date" => "2011-01-18T20:54:34","version" => "1.19_01"},{"date" => "2011-01-18T22:11:52","version" => "1.19_02"},{"date" => "2011-01-26T22:08:11","version" => "1.1008"},{"date" => "2011-02-16T18:11:52","version" => "1.2000"},{"date" => "2011-02-16T18:55:46","version" => "1.2001"},{"date" => "2011-03-01T02:59:25","version" => "1.29_01"},{"date" => "2011-03-02T00:09:00","version" => "1.29_02"},{"date" => "2011-03-02T22:41:40","version" => "1.3000"},{"date" => "2011-03-04T02:35:03","version" => "1.3001"},{"date" => "2011-03-04T03:54:53","version" => "1.30_02"},{"date" => "2011-03-04T08:32:56","version" => "1.30_03"},{"date" => "2011-03-04T08:53:22","version" => "1.30_04"},{"date" => "2011-03-04T09:41:34","version" => "1.30_05"},{"date" => "2011-03-04T22:57:43","version" => "1.30_06"},{"date" => "2011-03-04T23:20:45","version" => "1.30_07"},{"date" => "2011-03-05T00:07:44","version" => "1.30_08"},{"date" => "2011-03-05T02:16:54","version" => "1.30_09"},{"date" => "2011-03-05T22:57:38","version" => "1.30_10"},{"date" => "2011-03-06T09:37:36","version" => "1.30_11"},{"date" => "2011-03-07T03:00:09","version" => "1.30_12"},{"date" => "2011-03-07T18:54:03","version" => "1.30_13"},{"date" => "2011-03-08T09:11:33","version" => "1.4000"},{"date" => "2011-03-08T18:11:57","version" => "1.4001"},{"date" => "2011-03-09T01:57:18","version" => "1.4002"},{"date" => "2011-03-10T02:15:19","version" => "1.4003"},{"date" => "2011-03-10T18:09:34","version" => "1.4004"},{"date" => "2011-05-11T19:49:38","version" => "1.4005"},{"date" => "2011-05-16T17:17:29","version" => "1.4006"},{"date" => "2011-05-17T17:54:45","version" => "1.4007"},{"date" => "2011-06-16T01:00:00","version" => "1.4008"},{"date" => "2011-06-26T17:59:17","version" => "1.49_01"},{"date" => "2011-10-12T09:57:03","version" => "1.49_02"},{"date" => "2011-10-13T06:40:49","version" => "1.5000"},{"date" => "2011-10-13T15:21:16","version" => "1.5001"},{"date" => "2011-10-18T00:13:36","version" => "1.5002"},{"date" => "2011-10-19T07:31:10","version" => "1.5003"},{"date" => "2011-11-08T22:29:31","version" => "1.5004"},{"date" => "2011-11-22T21:31:21","version" => "1.5005"},{"date" => "2011-11-29T19:49:42","version" => "1.5006"},{"date" => "2011-12-20T18:18:50","version" => "1.5007"},{"date" => "2012-03-18T01:23:40","version" => "1.5008"},{"date" => "2012-03-30T16:45:43","version" => "1.5009"},{"date" => "2012-03-31T11:01:47","version" => "1.5010"},{"date" => "2012-04-12T09:59:39","version" => "1.5011"},{"date" => "2012-05-11T03:50:22","version" => "1.5012"},{"date" => "2012-05-12T03:18:19","version" => "1.5013"},{"date" => "2012-06-13T01:34:12","version" => "1.5014"},{"date" => "2012-06-24T22:37:49","version" => "1.5015"},{"date" => "2012-07-17T19:02:48","version" => "1.5016"},{"date" => "2012-07-18T15:41:26","version" => "1.5017"},{"date" => "2012-09-19T05:42:19","version" => "1.5018"},{"date" => "2012-12-22T17:22:02","version" => "1.5019"},{"date" => "2013-01-29T18:32:26","version" => "1.5020"},{"date" => "2013-01-31T08:45:31","version" => "1.5021"},{"date" => "2013-01-31T18:07:46","version" => "1.59_01"},{"date" => "2013-02-01T03:12:10","version" => "1.59_02"},{"date" => "2013-02-01T18:54:58","version" => "1.59_03"},{"date" => "2013-02-03T17:07:16","version" => "1.59_04"},{"date" => "2013-02-04T19:52:48","version" => "1.59_05"},{"date" => "2013-02-05T20:40:30","version" => "1.59_06"},{"date" => "2013-02-06T19:17:51","version" => "1.59_07"},{"date" => "2013-02-06T19:32:27","version" => "1.59_08"},{"date" => "2013-02-07T09:59:04","version" => "1.59_09"},{"date" => "2013-02-08T00:29:16","version" => "1.59_10"},{"date" => "2013-02-11T22:12:12","version" => "1.59_11"},{"date" => "2013-02-14T02:15:12","version" => "1.59_12"},{"date" => "2013-02-25T20:16:34","version" => "1.59_13"},{"date" => "2013-02-26T17:57:00","version" => "1.6000"},{"date" => "2013-02-27T01:04:54","version" => "1.6001"},{"date" => "2013-02-27T20:13:45","version" => "1.6002"},{"date" => "2013-03-08T19:03:47","version" => "1.6003"},{"date" => "2013-03-08T19:32:25","version" => "1.6004"},{"date" => "2013-03-08T19:48:06","version" => "1.6005"},{"date" => "2013-03-14T06:00:27","version" => "1.6006"},{"date" => "2013-03-17T21:34:17","version" => "1.6007"},{"date" => "2013-03-19T17:03:36","version" => "1.6008"},{"date" => "2013-03-25T04:10:51","version" => "1.6100"},{"date" => "2013-03-25T20:41:37","version" => "1.6101"},{"date" => "2013-03-28T00:16:09","version" => "1.6102"},{"date" => "2013-03-30T21:36:49","version" => "1.6103"},{"date" => "2013-04-03T01:04:42","version" => "1.6104"},{"date" => "2013-04-05T05:17:38","version" => "1.6105"},{"date" => "2013-04-06T21:19:18","version" => "1.6106"},{"date" => "2013-04-07T04:19:16","version" => "1.6107"},{"date" => "2013-04-13T06:32:52","version" => "1.6108"},{"date" => "2013-04-13T11:48:43","version" => "1.6190"},{"date" => "2013-04-14T03:09:40","version" => "1.6191"},{"date" => "2013-04-14T08:17:32","version" => "1.6192"},{"date" => "2013-04-15T07:37:08","version" => "1.6193"},{"date" => "2013-04-15T07:42:51","version" => "1.6900"},{"date" => "2013-04-21T00:50:44","version" => "1.6901"},{"date" => "2013-04-21T01:06:02","version" => "1.6109"},{"date" => "2013-04-21T01:18:10","version" => "1.6902"},{"date" => "2013-04-22T01:07:09","version" => "1.6903"},{"date" => "2013-04-24T02:24:37","version" => "1.6904"},{"date" => "2013-04-24T03:05:21","version" => "1.6905"},{"date" => "2013-04-25T06:20:23","version" => "1.6906"},{"date" => "2013-04-26T18:40:08","version" => "1.6907"},{"date" => "2013-04-27T01:12:17","version" => "1.6908"},{"date" => "2013-04-29T08:49:53","version" => "1.6909"},{"date" => "2013-05-03T07:29:32","version" => "1.6910"},{"date" => "2013-05-04T20:28:02","version" => "1.6911"},{"date" => "2013-05-06T20:59:52","version" => "1.6912"},{"date" => "2013-05-10T00:05:10","version" => "1.6913"},{"date" => "2013-05-12T23:03:52","version" => "1.6914"},{"date" => "2013-05-16T02:01:33","version" => "1.6915"},{"date" => "2013-06-04T10:55:37","version" => "1.6916"},{"date" => "2013-06-05T01:07:33","version" => "1.6917"},{"date" => "2013-06-10T20:03:21","version" => "1.6918"},{"date" => "2013-06-12T15:33:22","version" => "1.6919"},{"date" => "2013-06-14T21:09:54","version" => "1.6920"},{"date" => "2013-06-18T10:19:43","version" => "1.6921"},{"date" => "2013-06-19T20:57:09","version" => "1.6922"},{"date" => "2013-07-04T05:17:11","version" => "1.6923"},{"date" => "2013-07-16T18:38:21","version" => "1.6924"},{"date" => "2013-07-20T05:08:06","version" => "1.6925"},{"date" => "2013-07-20T16:03:14","version" => "1.6926"},{"date" => "2013-07-23T07:45:33","version" => "1.6927"},{"date" => "2013-07-23T21:07:02","version" => "1.6928"},{"date" => "2013-07-24T18:46:29","version" => "1.6929"},{"date" => "2013-07-24T20:48:14","version" => "1.6930"},{"date" => "2013-07-24T21:51:33","version" => "1.6931"},{"date" => "2013-07-24T22:29:04","version" => "1.6932"},{"date" => "2013-07-25T16:58:24","version" => "1.6933"},{"date" => "2013-07-26T23:17:21","version" => "1.6934"},{"date" => "2013-07-31T18:36:57","version" => "1.6935"},{"date" => "2013-08-05T04:37:54","version" => "1.6936"},{"date" => "2013-08-06T01:55:29","version" => "1.6937"},{"date" => "2013-08-06T06:12:45","version" => "1.6938"},{"date" => "2013-08-06T09:55:55","version" => "1.6939"},{"date" => "2013-08-08T19:36:34","version" => "1.6940"},{"date" => "2013-08-20T18:32:44","version" => "1.6941"},{"date" => "2013-08-27T18:11:47","version" => "1.6942"},{"date" => "2013-09-03T23:40:37","version" => "1.6943"},{"date" => "2013-09-04T22:02:21","version" => "1.7000"},{"date" => "2013-09-08T20:12:16","version" => "1.7001"},{"date" => "2013-09-19T05:31:34","version" => "1.7100"},{"date" => "2013-09-19T11:15:59","version" => "1.7101"},{"date" => "2013-09-20T04:33:50","version" => "1.7102"},{"date" => "2014-04-27T05:46:31","version" => "1.7002"},{"date" => "2014-04-27T15:11:46","version" => "1.7003"},{"date" => "2014-04-27T16:23:35","version" => "1.7004"},{"date" => "2014-09-02T04:00:49","version" => "1.7005"},{"date" => "2014-09-02T06:27:35","version" => "1.7006"},{"date" => "2014-09-05T12:04:41","version" => "1.7005"},{"date" => "2014-09-05T22:45:37","version" => "1.7006"},{"date" => "2014-09-09T16:26:54","version" => "1.7007"},{"date" => "2014-09-10T08:19:24","version" => "1.7008"},{"date" => "2014-09-10T08:44:00","version" => "1.7009"},{"date" => "2014-09-17T09:28:23","version" => "1.7010"},{"date" => "2014-09-22T06:08:51","version" => "1.7011"},{"date" => "2014-09-27T02:29:33","version" => "1.7012"},{"date" => "2014-10-07T06:52:45","version" => "1.7013"},{"date" => "2014-10-08T03:54:02","version" => "1.7014"},{"date" => "2014-11-14T21:14:40","version" => "1.7015"},{"date" => "2014-11-16T19:47:26","version" => "1.7016"},{"date" => "2014-11-25T22:01:56","version" => "1.7017"},{"date" => "2014-11-25T22:08:49","version" => "1.7018"},{"date" => "2014-12-04T20:52:24","version" => "1.7019"},{"date" => "2014-12-09T01:54:37","version" => "1.7020"},{"date" => "2014-12-12T05:43:01","version" => "1.7021"},{"date" => "2014-12-13T00:42:15","version" => "1.7022"},{"date" => "2015-01-04T23:00:30","version" => "1.7023"},{"date" => "2015-01-12T21:32:45","version" => "1.7024"},{"date" => "2015-02-07T06:59:17","version" => "1.7025"},{"date" => "2015-02-14T01:12:18","version" => "1.7026"},{"date" => "2015-02-14T20:15:20","version" => "1.7027"},{"date" => "2015-04-17T17:24:16","version" => "1.7028"},{"date" => "2015-04-18T22:16:17","version" => "1.7029"},{"date" => "2015-04-19T12:15:59","version" => "1.7030"},{"date" => "2015-04-22T21:14:17","version" => "1.7031"},{"date" => "2015-04-30T01:52:49","version" => "1.7032"},{"date" => "2015-05-02T00:18:54","version" => "1.7033"},{"date" => "2015-05-07T21:21:07","version" => "1.7034"},{"date" => "2015-06-05T17:51:53","version" => "1.7035"},{"date" => "2015-06-06T05:08:20","version" => "1.7036"},{"date" => "2015-06-18T21:38:47","version" => "1.7037"},{"date" => "2015-06-23T01:05:25","version" => "1.7038"},{"date" => "2015-06-29T01:06:18","version" => "1.7039"},{"date" => "2016-01-07T19:29:19","version" => "1.7040"},{"date" => "2016-05-08T18:29:30","version" => "1.7041"},{"date" => "2016-05-24T07:49:34","version" => "1.7042"},{"date" => "2017-04-03T03:57:15","version" => "1.7043"},{"date" => "2018-04-19T11:54:56","version" => "1.7044"},{"date" => "2018-04-20T12:17:48","version" => "1.7900"},{"date" => "2018-04-20T12:20:35","version" => "1.7901"},{"date" => "2018-04-20T12:43:24","version" => "1.7902"},{"date" => "2018-04-20T14:54:30","version" => "1.7903"},{"date" => "2018-04-20T21:22:56","version" => "1.7904"},{"date" => "2018-04-21T09:40:47","version" => "1.7905"},{"date" => "2018-04-21T10:57:20","version" => "1.9015"},{"date" => "2018-04-21T11:17:58","version" => "1.9016"},{"date" => "2018-04-21T17:31:13","version" => "1.9017"},{"date" => "2018-04-22T13:54:32","version" => "1.9018"},{"date" => "2018-04-25T09:27:31","version" => "1.7906"},{"date" => "2018-04-26T11:36:59","version" => "1.7907"},{"date" => "2022-01-27T03:05:02","version" => "1.7045"},{"date" => "2022-04-27T06:01:26","version" => "1.7046"},{"date" => "2023-07-30T06:01:02","version" => "1.7047"},{"date" => "2024-10-29T18:49:03","version" => "1.7048"}]},"App-japerl" => {"advisories" => [{"affected_versions" => ["<0.09"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "App-japerl","fixed_versions" => [">=0.09"],"id" => "CPANSA-App-japerl-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "App::japerl","versions" => [{"date" => "2018-09-07T15:19:24","version" => "0.10"},{"date" => "2018-09-08T15:07:20","version" => "0.11"},{"date" => "2019-07-14T03:35:18","version" => "0.12"},{"date" => "2021-02-18T14:03:58","version" => "0.13"},{"date" => "2021-09-18T18:20:37","version" => "0.14"},{"date" => "2023-03-25T01:04:11","version" => "0.15"}]},"App-perlall" => {"advisories" => [{"affected_versions" => ["<0.33"],"cves" => ["CVE-2013-1667"],"description" => "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.\n","distribution" => "App-perlall","fixed_versions" => [">=0.33"],"id" => "CPANSA-App-perlall-2013-1667","references" => ["http://www.securityfocus.com/bid/58311","http://perl5.git.perl.org/perl.git/commitdiff/d59e31f","http://perl5.git.perl.org/perl.git/commitdiff/9d83adc","http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html","http://www.debian.org/security/2013/dsa-2641","http://secunia.com/advisories/52499","http://secunia.com/advisories/52472","https://bugzilla.redhat.com/show_bug.cgi?id=912276","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296","http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5","http://osvdb.org/90892","http://www.ubuntu.com/usn/USN-1770-1","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html","http://marc.info/?l=bugtraq&m=137891988921058&w=2","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/82598","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"],"reported" => "2013-03-14","severity" => undef}],"main_module" => "App::perlall","versions" => [{"date" => "2011-12-23T21:52:22","version" => "0.01"},{"date" => "2011-12-24T00:56:03","version" => "0.02"},{"date" => "2012-01-06T17:07:08","version" => "0.03"},{"date" => "2012-01-09T22:05:35","version" => "0.04"},{"date" => "2012-01-31T21:18:20","version" => "0.05"},{"date" => "2012-02-06T23:12:27","version" => "0.06"},{"date" => "2012-02-07T20:52:55","version" => "0.07"},{"date" => "2012-02-23T10:35:50","version" => "0.08"},{"date" => "2012-03-22T18:24:53","version" => "0.09"},{"date" => "2012-05-03T13:44:26","version" => "0.10"},{"date" => "2012-05-05T02:22:56","version" => "0.11"},{"date" => "2012-05-05T14:18:09","version" => "0.12"},{"date" => "2012-05-29T15:34:02","version" => "0.13"},{"date" => "2012-06-07T16:07:09","version" => "0.14"},{"date" => "2012-07-18T17:55:03","version" => "0.15"},{"date" => "2012-07-18T18:05:33","version" => "0.15_01"},{"date" => "2012-07-19T19:07:14","version" => "0.16"},{"date" => "2012-08-06T15:11:54","version" => "0.17"},{"date" => "2012-11-06T22:12:59","version" => "0.18"},{"date" => "2012-11-08T15:37:31","version" => "0.19"},{"date" => "2012-11-08T15:50:30","version" => "0.20"},{"date" => "2012-11-08T18:53:37","version" => "0.21"},{"date" => "2012-11-09T22:04:21","version" => "0.22"},{"date" => "2012-11-11T19:50:41","version" => "0.23"},{"date" => "2012-11-13T20:46:09","version" => "0.25"},{"date" => "2012-11-13T22:45:49","version" => "0.26"},{"date" => "2012-11-15T16:26:40","version" => "0.27"},{"date" => "2012-12-13T20:09:18","version" => "0.28"},{"date" => "2012-12-20T22:29:59","version" => "0.29"},{"date" => "2013-01-09T20:22:21","version" => "0.30"},{"date" => "2013-02-04T19:58:18","version" => "0.31"},{"date" => "2013-02-23T21:35:31","version" => "0.32"},{"date" => "2013-03-05T01:04:28","version" => "0.33"},{"date" => "2013-03-05T15:34:37","version" => "0.34"},{"date" => "2013-03-22T22:34:57","version" => "0.35"},{"date" => "2013-07-11T19:58:07","version" => "0.36"},{"date" => "2013-07-13T19:53:25","version" => "0.37"},{"date" => "2013-10-23T15:58:48","version" => "0.39"},{"date" => "2013-11-18T16:12:38","version" => "0.40"},{"date" => "2013-12-03T17:08:11","version" => "0.41"},{"date" => "2013-12-06T18:40:51","version" => "0.42"},{"date" => "2013-12-09T18:31:19","version" => "0.43"},{"date" => "2014-01-11T23:39:19","version" => "0.44"},{"date" => "2014-07-25T13:36:23","version" => "0.45"},{"date" => "2014-08-10T01:42:03","version" => "0.46"},{"date" => "2015-07-08T07:43:56","version" => "0.47"},{"date" => "2015-10-06T09:33:35","version" => "0.48"},{"date" => "2015-11-27T15:53:11","version" => "0.49"},{"date" => "2016-06-12T12:48:37","version" => "0.50"},{"date" => "2019-12-10T20:02:45","version" => "0.51"}]},"App-revealup" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.19"],"cves" => ["CVE-2020-8127"],"description" => "Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2020-8127-revealjs","references" => ["https://hackerone.com/reports/691977"],"reported" => "2020-02-28","severity" => "medium"},{"affected_versions" => [">=0.20,<=0.21"],"cves" => ["CVE-2020-8127"],"description" => "Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2020-8127-revealjs","references" => ["https://hackerone.com/reports/691977"],"reported" => "2020-02-28","severity" => "medium"},{"affected_versions" => ["==0.22"],"cves" => ["CVE-2022-0776"],"description" => "Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2022-0776-revealjs","references" => ["https://github.com/hakimel/reveal.js/commit/32cdd3b1872ba8e2267c9e87ae216cb55f40f4d2","https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001","https://github.com/yusukebe/App-revealup/issues/12#issuecomment-1169417411","https://github.com/yusukebe/App-revealup/commit/c8fea67994b1aa6d734066bff9ada4e834b09cb7"],"reported" => "2022-03-01","severity" => "medium"}],"main_module" => "App::revealup","versions" => [{"date" => "2014-05-25T10:34:08","version" => "0.01"},{"date" => "2014-05-25T11:39:22","version" => "0.02"},{"date" => "2014-06-06T08:03:43","version" => "0.03"},{"date" => "2014-06-06T22:08:16","version" => "0.04"},{"date" => "2014-06-11T05:44:23","version" => "0.05"},{"date" => "2014-06-11T06:22:41","version" => "0.06"},{"date" => "2014-06-11T11:27:29","version" => "0.07"},{"date" => "2014-06-16T01:22:48","version" => "0.08"},{"date" => "2014-06-17T02:53:12","version" => "0.09"},{"date" => "2014-07-05T21:47:41","version" => "0.10"},{"date" => "2014-07-05T21:54:30","version" => "0.11"},{"date" => "2014-09-03T20:57:24","version" => "0.12"},{"date" => "2014-09-16T03:40:03","version" => "0.13"},{"date" => "2014-11-07T16:32:52","version" => "0.14"},{"date" => "2014-11-24T06:40:45","version" => "0.15"},{"date" => "2014-12-19T06:25:32","version" => "0.16"},{"date" => "2014-12-19T20:12:33","version" => "0.17"},{"date" => "2014-12-21T22:32:08","version" => "0.18"},{"date" => "2014-12-21T22:43:49","version" => "0.19"},{"date" => "2015-07-07T15:34:28","version" => "0.20"},{"date" => "2015-08-28T12:57:12","version" => "0.21"},{"date" => "2020-02-06T12:53:05","version" => "0.22"},{"date" => "2022-06-29T00:31:20","version" => "0.23"}]},"Archive-Tar" => {"advisories" => [{"affected_versions" => ["<2.28"],"cves" => ["CVE-2018-12015"],"description" => "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.\n","distribution" => "Archive-Tar","fixed_versions" => [">=2.28"],"id" => "CPANSA-Archive-Tar-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-12015","https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5"],"reported" => "2018-06-12","severity" => "medium"},{"affected_versions" => ["<=1.36"],"cves" => ["CVE-2007-4829"],"description" => "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.\n","distribution" => "Archive-Tar","fixed_versions" => [">1.36"],"id" => "CPANSA-Archive-Tar-2007-4829","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=29517","https://bugzilla.redhat.com/show_bug.cgi?id=295021","http://rt.cpan.org/Public/Bug/Display.html?id=30380","https://issues.rpath.com/browse/RPL-1716","http://www.securityfocus.com/bid/26355","http://secunia.com/advisories/27539","http://osvdb.org/40410","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-2","http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml","http://secunia.com/advisories/33116","http://www.vupen.com/english/advisories/2007/3755","https://exchange.xforce.ibmcloud.com/vulnerabilities/38285","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"],"reported" => "2007-11-02","severity" => undef},{"affected_versions" => ["<2.10"],"cves" => ["CVE-2016-1238"],"description" => "'(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.'\n","distribution" => "Archive-Tar","fixed_versions" => [">=2.10"],"id" => "CPANSA-Archive-Tar-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Archive::Tar","versions" => [{"date" => "1998-02-02T06:13:59","version" => "0.071"},{"date" => "1998-04-10T17:07:35","version" => "0.072"},{"date" => "1998-07-30T00:56:03","version" => "0.08"},{"date" => "1999-01-10T02:22:23","version" => "0.20"},{"date" => "1999-02-02T19:01:41","version" => "0.21"},{"date" => "2000-04-28T00:37:46","version" => "0.22"},{"date" => "2003-01-21T23:07:30","version" => "0.23"},{"date" => "2003-03-18T17:08:50","version" => "0.99_01"},{"date" => "2003-03-26T14:57:35","version" => "0.99_02"},{"date" => "2003-04-28T16:01:24","version" => "0.99_03"},{"date" => "2003-04-28T16:57:58","version" => "0.99_04"},{"date" => "2003-04-30T12:52:19","version" => "0.99_05"},{"date" => "2003-05-05T12:06:35","version" => "0.99_06"},{"date" => "2003-05-31T09:27:33","version" => "1.00"},{"date" => "2003-06-08T10:46:56","version" => "1.01"},{"date" => "2003-06-12T09:47:58","version" => "1.02"},{"date" => "2003-06-26T12:52:19","version" => "1.03"},{"date" => "2003-07-27T17:07:50","version" => "1.04"},{"date" => "2003-08-25T13:38:44","version" => "1.05"},{"date" => "2003-10-15T14:35:12","version" => "1.06"},{"date" => "2003-10-17T11:42:14","version" => "1.07"},{"date" => "2004-01-05T12:59:23","version" => "1.08"},{"date" => "2004-05-22T12:32:02","version" => "1.09"},{"date" => "2004-06-11T19:24:06","version" => "1.10"},{"date" => "2004-11-09T16:12:40","version" => "1.20"},{"date" => "2004-11-10T16:04:13","version" => "1.21"},{"date" => "2004-11-21T10:09:52","version" => "1.22"},{"date" => "2004-12-03T15:53:06","version" => "1.23"},{"date" => "2005-05-03T13:11:19","version" => "1.24"},{"date" => "2005-08-20T10:14:40","version" => "1.25"},{"date" => "2005-08-22T09:29:53","version" => "1.26"},{"date" => "2006-01-19T13:31:53","version" => "1.28"},{"date" => "2006-03-03T13:56:20","version" => "1.29"},{"date" => "2006-08-02T15:00:41","version" => "1.30"},{"date" => "2007-05-18T12:18:49","version" => "1.31"},{"date" => "2007-05-25T09:32:48","version" => "1.32"},{"date" => "2007-08-15T14:20:33","version" => "1.34"},{"date" => "2007-09-16T09:13:21","version" => "1.36"},{"date" => "2007-11-11T11:59:00","version" => "1.37_01"},{"date" => "2007-12-24T11:02:07","version" => "1.38"},{"date" => "2008-08-22T16:33:49","version" => "1.39_01"},{"date" => "2008-08-25T03:56:58","version" => "1.39_02"},{"date" => "2008-08-25T22:07:56","version" => "1.39_03"},{"date" => "2008-09-08T12:14:37","version" => "1.39_04"},{"date" => "2008-10-13T13:42:10","version" => "1.40"},{"date" => "2008-12-13T17:10:15","version" => "1.42"},{"date" => "2009-01-19T17:08:08","version" => "1.44"},{"date" => "2009-03-05T16:10:06","version" => "1.46"},{"date" => "2009-04-20T17:07:30","version" => "1.48"},{"date" => "2009-06-12T12:01:54","version" => "1.50"},{"date" => "2009-06-13T11:29:50","version" => "1.52"},{"date" => "2009-09-10T12:13:03","version" => "1.54"},{"date" => "2010-02-03T14:40:15","version" => "1.56"},{"date" => "2010-02-17T21:47:16","version" => "1.58"},{"date" => "2010-04-23T14:12:31","version" => "1.60"},{"date" => "2010-06-28T21:02:59","version" => "1.62"},{"date" => "2010-07-09T11:04:45","version" => "1.64"},{"date" => "2010-07-26T08:44:00","version" => "1.66"},{"date" => "2010-08-17T16:06:19","version" => "1.68"},{"date" => "2010-11-15T22:02:53","version" => "1.70"},{"date" => "2010-11-18T19:22:01","version" => "1.72"},{"date" => "2010-12-18T21:19:51","version" => "1.74"},{"date" => "2011-01-07T22:27:40","version" => "1.76"},{"date" => "2011-09-08T22:13:33","version" => "1.78"},{"date" => "2011-10-13T10:25:39","version" => "1.80"},{"date" => "2011-11-21T12:14:43","version" => "1.82"},{"date" => "2012-03-03T00:00:05","version" => "1.84"},{"date" => "2012-05-24T11:38:09","version" => "1.86"},{"date" => "2012-06-01T11:06:25","version" => "1.88"},{"date" => "2012-09-05T18:19:00","version" => "1.90"},{"date" => "2013-06-18T15:13:27","version" => "1.92"},{"date" => "2013-10-22T14:28:22","version" => "0.93_01"},{"date" => "2013-10-22T14:36:08","version" => "1.93_02"},{"date" => "2013-10-24T18:02:48","version" => "1.94"},{"date" => "2013-10-24T19:10:34","version" => "1.96"},{"date" => "2014-06-14T17:12:02","version" => "1.98"},{"date" => "2014-06-15T14:59:24","version" => "2.00"},{"date" => "2014-09-14T18:03:23","version" => "2.02"},{"date" => "2014-12-14T20:13:33","version" => "2.04"},{"date" => "2016-04-24T14:05:11","version" => "2.06"},{"date" => "2016-05-12T08:57:35","version" => "2.08"},{"date" => "2016-07-27T12:40:29","version" => "2.10"},{"date" => "2016-10-16T11:27:58","version" => "2.12"},{"date" => "2016-10-20T12:38:57","version" => "2.14"},{"date" => "2016-11-01T19:19:36","version" => "2.16"},{"date" => "2016-11-07T13:36:15","version" => "2.18"},{"date" => "2016-12-15T10:54:40","version" => "2.20"},{"date" => "2016-12-16T09:46:28","version" => "2.22"},{"date" => "2016-12-16T15:27:38","version" => "2.24"},{"date" => "2017-05-12T12:46:05","version" => "2.26"},{"date" => "2018-06-08T10:57:04","version" => "2.28"},{"date" => "2018-06-19T11:55:28","version" => "2.30"},{"date" => "2018-09-13T07:17:10","version" => "2.32"},{"date" => "2020-02-01T16:41:47","version" => "2.34"},{"date" => "2020-02-02T13:34:34","version" => "2.36"},{"date" => "2020-06-25T07:51:56","version" => "2.38"},{"date" => "2021-07-27T09:51:54","version" => "2.40"},{"date" => "2023-03-25T12:10:20","version" => "3.00"},{"date" => "2023-04-12T23:09:11","version" => "3.02"},{"date" => "2025-02-25T20:25:09","version" => "3.04"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "1.26_01"},{"date" => "2006-08-15T00:00:00","dual_lived" => 1,"perl_release" => "5.009004","version" => "1.30_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.04_01"},{"date" => "2018-11-29T00:00:00","dual_lived" => 1,"perl_release" => "5.026003","version" => "2.24_01"},{"date" => "2023-12-30T00:00:00","dual_lived" => 1,"perl_release" => "5.039006","version" => "3.02_001"}]},"Archive-Unzip-Burst" => {"advisories" => [{"affected_versions" => [">=0.01"],"comment" => "0.09 is the latest version, so all versions are affected","cves" => ["CVE-2022-4976"],"description" => "Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities.  The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2022-4976","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=143547"],"reported" => "2025-06-12","severity" => undef},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8141"],"description" => "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8141-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174856","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8140"],"description" => "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8140-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174851","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8139"],"description" => "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8139-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174844"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8141"],"description" => "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8141-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174856","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8140"],"description" => "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8140-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174851","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8139"],"description" => "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8139-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174844"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Archive::Unzip::Burst","versions" => [{"date" => "2007-07-29T11:01:34","version" => "0.01"},{"date" => "2007-08-30T13:06:24","version" => "0.02"},{"date" => "2007-09-05T15:27:53","version" => "0.02_01"},{"date" => "2008-05-16T12:03:35","version" => "0.02_02"},{"date" => "2015-01-15T02:22:44","version" => "0.03"},{"date" => "2016-05-01T14:28:01","version" => "0.04"},{"date" => "2016-05-02T04:28:22","version" => "0.05"},{"date" => "2016-05-07T01:31:26","version" => "0.06"},{"date" => "2016-05-08T17:38:43","version" => "0.07"},{"date" => "2016-05-08T17:42:49","version" => "0.08"},{"date" => "2018-03-16T20:38:14","version" => "0.09"},{"date" => "2025-05-19T13:29:32","version" => "0.03"}]},"Archive-Zip" => {"advisories" => [{"affected_versions" => ["<1.61"],"cves" => ["CVE-2018-10860"],"description" => "perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.\n","distribution" => "Archive-Zip","fixed_versions" => [],"id" => "CPANSA-Archive-Zip-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-10860","https://github.com/redhotpenguin/perl-Archive-Zip/pull/33"],"reported" => "2018-06-28","severity" => "medium"},{"affected_versions" => ["<1.14"],"cves" => ["CVE-2004-1096"],"description" => "Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.\n","distribution" => "Archive-Zip","fixed_versions" => [],"id" => "CPANSA-Archive-Zip-2004-1096","references" => ["http://www.securityfocus.com/bid/11448","http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml","http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true","http://www.kb.cert.org/vuls/id/492545","http://secunia.com/advisories/13038/","http://www.mandriva.com/security/advisories?name=MDKSA-2004:118","https://exchange.xforce.ibmcloud.com/vulnerabilities/17761"],"reported" => "2005-01-10","severity" => undef}],"main_module" => "Archive::Zip","versions" => [{"date" => "2000-03-22T00:10:21","version" => "0.06"},{"date" => "2000-03-29T17:03:46","version" => "0.07"},{"date" => "2000-06-16T16:48:41","version" => "0.09"},{"date" => "2000-08-08T20:56:31","version" => "0.10"},{"date" => "2001-01-17T08:06:58","version" => "0.11"},{"date" => "2002-04-22T15:32:49","version" => "1.00"},{"date" => "2002-05-11T02:45:20","version" => "1.01"},{"date" => "2002-08-24T00:19:19","version" => "1.02"},{"date" => "2002-09-03T04:40:33","version" => "1.03"},{"date" => "2002-09-11T15:17:37","version" => "1.04"},{"date" => "2002-09-11T19:35:26","version" => "1.05"},{"date" => "2003-07-17T18:18:14","version" => "1.06"},{"date" => "2003-10-20T13:59:00","version" => "1.07"},{"date" => "2003-10-21T17:04:03","version" => "1.08"},{"date" => "2003-11-27T18:02:03","version" => "1.09"},{"date" => "2004-03-25T14:39:05","version" => "1.10"},{"date" => "2004-07-05T23:25:19","version" => "1_11"},{"date" => "2004-07-08T17:31:27","version" => "1.11"},{"date" => "2004-07-08T19:14:46","version" => "1.12"},{"date" => "2004-07-27T22:50:39","version" => "1.12_02"},{"date" => "2004-07-29T15:15:49","version" => "1.12_03"},{"date" => "2004-08-23T15:39:23","version" => "1.13"},{"date" => "2004-10-21T15:28:12","version" => "1.14"},{"date" => "2005-03-10T04:34:04","version" => "1.15_01"},{"date" => "2005-03-12T15:29:48","version" => "1.15_02"},{"date" => "2005-06-22T18:29:34","version" => "1.15"},{"date" => "2005-07-04T17:55:17","version" => "1.16"},{"date" => "2006-04-30T03:53:15","version" => "1.17_01"},{"date" => "2006-05-07T02:49:30","version" => "1.17_02"},{"date" => "2006-09-15T15:56:10","version" => "1.17_03"},{"date" => "2006-10-24T15:06:32","version" => "1.17_05"},{"date" => "2006-10-25T12:24:52","version" => "1.18"},{"date" => "2007-06-05T01:50:42","version" => "1.20"},{"date" => "2007-11-01T02:59:20","version" => "1.21"},{"date" => "2007-11-02T01:52:47","version" => "1.22"},{"date" => "2007-11-07T13:04:41","version" => "1.23"},{"date" => "2008-08-23T23:35:50","version" => "1.24"},{"date" => "2008-10-10T05:28:17","version" => "1.25"},{"date" => "2008-10-12T14:13:05","version" => "1.26"},{"date" => "2008-12-16T13:23:21","version" => "1.27_01"},{"date" => "2009-06-16T10:09:03","version" => "1.28"},{"date" => "2009-06-29T13:27:17","version" => "1.29"},{"date" => "2009-06-30T14:13:29","version" => "1.30"},{"date" => "2010-03-05T05:11:20","version" => "1.31_01"},{"date" => "2011-03-08T15:52:02","version" => "1.31_02"},{"date" => "2011-08-23T03:42:14","version" => "1.31_03"},{"date" => "2012-01-23T06:28:16","version" => "1.31_04"},{"date" => "2013-11-09T00:05:06","version" => "1.32"},{"date" => "2013-11-10T03:50:45","version" => "1.33"},{"date" => "2013-12-02T22:16:54","version" => "1.34"},{"date" => "2013-12-30T19:16:52","version" => "1.35"},{"date" => "2013-12-30T22:12:14","version" => "1.36"},{"date" => "2014-01-13T18:32:19","version" => "1.37"},{"date" => "2014-09-02T23:23:11","version" => "1.38"},{"date" => "2014-10-22T04:17:15","version" => "1.39"},{"date" => "2015-01-05T05:58:46","version" => "1.40"},{"date" => "2015-01-10T02:47:42","version" => "1.41"},{"date" => "2015-01-12T00:46:36","version" => "1.42"},{"date" => "2015-01-15T06:37:32","version" => "1.43"},{"date" => "2015-01-24T06:12:21","version" => "1.44"},{"date" => "2015-01-27T07:51:17","version" => "1.45"},{"date" => "2015-03-25T05:19:23","version" => "1.46"},{"date" => "2015-06-17T18:26:02","version" => "1.47"},{"date" => "2015-06-18T21:13:37","version" => "1.48"},{"date" => "2015-07-31T19:01:40","version" => "1.49"},{"date" => "2015-08-26T00:11:35","version" => "1.50"},{"date" => "2015-09-22T06:03:54","version" => "1.51"},{"date" => "2015-09-23T17:43:44","version" => "1.53"},{"date" => "2015-12-04T19:36:41","version" => "1.55"},{"date" => "2015-12-17T18:29:06","version" => "1.56"},{"date" => "2016-04-01T18:06:36","version" => "1.57"},{"date" => "2016-08-02T17:50:20","version" => "1.58"},{"date" => "2016-08-11T20:09:16","version" => "1.59"},{"date" => "2017-12-19T18:44:16","version" => "1.60"},{"date" => "2018-08-19T03:35:10","version" => "1.61"},{"date" => "2018-08-20T03:29:01","version" => "1.62"},{"date" => "2018-08-22T15:42:15","version" => "1.63"},{"date" => "2018-09-12T15:50:29","version" => "1.64"},{"date" => "2019-09-08T05:20:03","version" => "1.65"},{"date" => "2019-09-17T04:37:32","version" => "1.66"},{"date" => "2019-10-07T04:30:05","version" => "1.67"},{"date" => "2020-03-12T17:59:46","version" => "1.68"}]},"Authen-DigestMD5" => {"advisories" => [{"affected_versions" => [">=0.01"],"comment" => "The report incorrectly reports 0.02, although this problem is present in 0.04, which is the latest version","cves" => ["CVE-2025-40919"],"description" => "Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.  The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  According to RFC 2831, \"The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.\"","distribution" => "Authen-DigestMD5","fixed_versions" => [],"id" => "CPANSA-Authen-DigestMD5-2025-40919","references" => ["https://datatracker.ietf.org/doc/html/rfc2831","https://metacpan.org/release/SALVA/Authen-DigestMD5-0.01/source/DigestMD5.pm#L126"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Authen::DigestMD5","versions" => [{"date" => "2003-10-29T00:00:32","version" => "0.01"},{"date" => "2003-10-29T17:18:03","version" => "0.02"},{"date" => "2003-11-08T21:21:26","version" => "0.03"},{"date" => "2003-11-08T22:58:09","version" => "0.04"}]},"Authen-SASL" => {"advisories" => [{"affected_versions" => [">=2.04,<=2.1900"],"cves" => ["CVE-2025-40918"],"description" => "Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.  The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation  depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.\n","distribution" => "Authen-SASL","fixed_versions" => [">=2.1900"],"id" => "CPANSA-Authen-SASL-2025-40918","references" => ["https://datatracker.ietf.org/doc/html/rfc2831","https://github.com/gbarr/perl-authen-sasl/pull/22","https://metacpan.org/dist/Authen-SASL/source/lib/Authen/SASL/Perl/DIGEST_MD5.pm#L263","https://security.metacpan.org/patches/A/Authen-SASL/2.1800/CVE-2025-40918-r1.patch"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Authen::SASL","versions" => [{"date" => "2002-01-31T17:03:51","version" => "2.00"},{"date" => "2002-03-31T14:44:21","version" => "2.01"},{"date" => "2002-05-28T14:24:59","version" => "2.02"},{"date" => "2003-01-21T19:16:46","version" => "2.03"},{"date" => "2003-05-19T21:44:39","version" => "2.04"},{"date" => "2003-10-17T21:16:45","version" => "2.05"},{"date" => "2003-11-01T21:26:08","version" => "2.06"},{"date" => "2004-04-10T08:18:07","version" => "2.07"},{"date" => "2004-05-25T10:31:46","version" => "2.08"},{"date" => "2005-04-26T13:37:18","version" => "2.09"},{"date" => "2006-03-25T23:40:21","version" => "2.10"},{"date" => "2008-04-21T15:43:42","version" => "2.11"},{"date" => "2008-07-01T02:59:22","version" => "2.12"},{"date" => "2009-09-24T22:36:34","version" => "2.13"},{"date" => "2010-03-11T15:12:30","version" => "2.14"},{"date" => "2010-03-29T19:28:04","version" => "2.1401"},{"date" => "2010-06-02T18:58:54","version" => "2.15"},{"date" => "2012-09-04T16:12:29","version" => "2.16"},{"date" => "2023-08-09T22:53:31","version" => "2.1700"},{"date" => "2023-08-10T10:19:40","version" => "2.1700"},{"date" => "2025-04-25T16:10:56","version" => "2.1800"},{"date" => "2025-08-05T13:23:40","version" => "2.1900"},{"date" => "2026-01-28T22:01:16","version" => "2.2000"}]},"BSON-XS" => {"advisories" => [{"affected_versions" => ["<=0.8.4"],"cves" => ["CVE-2025-40906","CVE-2017-14227","CVE-2018-16790","CVE-2023-0437","CVE-2024-6381","CVE-2024-6383","CVE-2025-0755"],"description" => "BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.\nThose include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755.\nBSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.\n","distribution" => "BSON-XS","fixed_versions" => [],"id" => "CPANSA-BSON-XS-2025-40906","references" => ["https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html","https://www.mongodb.com/community/forums/t/mongodb-perl-driver-end-of-life/7890"],"reported" => "2025-05-16","severity" => "critical"},{"affected_versions" => [">=0.2.0,<=0.8.4"],"cves" => ["CVE-2023-0437"],"description" => "When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.\n","distribution" => "BSON-XS","fixed_versions" => [],"id" => "CPANSA-BSON-XS-2023-0437-libbson","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2023-0437","https://jira.mongodb.org/browse/CDRIVER-4747","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/7GUVOAFZFSYTNBF6R7H4XJM5DHWBRQ6P"],"reported" => "2024-01-12","severity" => "moderate"}],"main_module" => "BSON::XS","versions" => [{"date" => "2016-10-25T01:44:04","version" => "v0.2.0"},{"date" => "2016-10-27T14:29:08","version" => "v0.2.1"},{"date" => "2016-10-27T21:57:22","version" => "v0.2.2"},{"date" => "2018-05-17T20:38:16","version" => "v0.4.0"},{"date" => "2018-05-25T17:23:21","version" => "v0.4.1"},{"date" => "2018-06-13T14:02:45","version" => "v0.4.2"},{"date" => "2018-07-10T13:54:25","version" => "v0.4.3"},{"date" => "2018-09-13T03:31:32","version" => "v0.4.4"},{"date" => "2018-10-12T01:39:57","version" => "v0.4.5"},{"date" => "2018-10-12T15:51:36","version" => "v0.4.6"},{"date" => "2018-11-29T22:12:13","version" => "v0.6.0"},{"date" => "2019-07-12T18:08:23","version" => "v0.8.0"},{"date" => "2019-08-13T12:22:17","version" => "v0.8.1"},{"date" => "2019-12-05T18:59:17","version" => "v0.8.2"},{"date" => "2020-04-13T14:58:34","version" => "v0.8.3"},{"date" => "2020-08-13T14:54:04","version" => "v0.8.4"}]},"Batch-Batchrun" => {"advisories" => [{"affected_versions" => [">=1.03"],"cves" => ["CVE-2011-4117"],"description" => "The Batch::Batchrun module 1.03 for Perl does not properly handle temporary files.\n","distribution" => "Batch-Batchrun","fixed_versions" => [],"id" => "CPANSA-Batch-Batchrun-2011-4117","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://rt.cpan.org/Public/Bug/Display.html?id=69594"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Batch::Batchrun","versions" => [{"date" => "1999-08-21T20:25:47","version" => "1.03"}]},"Boost-Graph" => {"advisories" => [{"affected_versions" => [">=1.1,<=1.4"],"cves" => ["CVE-2008-0171"],"description" => "regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.\n","distribution" => "Boost-Graph","fixed_versions" => [],"id" => "CPANSA-Boost-Graph-2008-0171-boost","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=205955","http://svn.boost.org/trac/boost/changeset/42674","http://svn.boost.org/trac/boost/changeset/42745","https://issues.rpath.com/browse/RPL-2143","http://www.ubuntu.com/usn/usn-570-1","http://www.securityfocus.com/bid/27325","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html","http://secunia.com/advisories/28545","http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032","http://secunia.com/advisories/28705","http://secunia.com/advisories/28511","http://secunia.com/advisories/28527","http://wiki.rpath.com/Advisories:rPSA-2008-0063","http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml","http://secunia.com/advisories/28943","http://secunia.com/advisories/28860","http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html","http://secunia.com/advisories/29323","http://www.vupen.com/english/advisories/2008/0249","http://secunia.com/advisories/48099","http://www.securityfocus.com/archive/1/488102/100/0/threaded"],"reported" => "2008-01-17","severity" => undef},{"affected_versions" => [">=1.1,<=1.4"],"cves" => ["CVE-2008-0172"],"description" => "The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.\n","distribution" => "Boost-Graph","fixed_versions" => [],"id" => "CPANSA-Boost-Graph-2008-0172-boost","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=205955","http://svn.boost.org/trac/boost/changeset/42674","http://svn.boost.org/trac/boost/changeset/42745","https://issues.rpath.com/browse/RPL-2143","http://www.ubuntu.com/usn/usn-570-1","http://www.securityfocus.com/bid/27325","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html","http://secunia.com/advisories/28545","http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032","http://secunia.com/advisories/28705","http://secunia.com/advisories/28511","http://secunia.com/advisories/28527","http://wiki.rpath.com/Advisories:rPSA-2008-0063","http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml","http://secunia.com/advisories/28943","http://secunia.com/advisories/28860","http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html","http://secunia.com/advisories/29323","http://www.vupen.com/english/advisories/2008/0249","http://secunia.com/advisories/48099","http://www.securityfocus.com/archive/1/488102/100/0/threaded"],"reported" => "2008-01-17","severity" => undef}],"main_module" => "Boost::Graph","versions" => [{"date" => "2006-05-15T23:21:14","version" => "1.1"},{"date" => "2006-06-19T20:32:45","version" => "1.2"},{"date" => "2006-11-13T18:58:01","version" => "1.2"},{"date" => "2007-07-11T18:07:27","version" => "1.4"},{"date" => "2013-11-05T09:24:41","version" => "1.4_001"}]},"CBOR-XS" => {"advisories" => [{"affected_versions" => ["<1.7"],"cves" => [],"description" => "An out-of bound sharedref or stringref index could cause an out of bounds access - might be exploitable. A decoding error during indefinite array or hash decoding could cause an endless loop.\n","distribution" => "CBOR-XS","fixed_versions" => [">=1.7"],"id" => "CPANSA-CBOR-XS-2017-01","references" => ["https://metacpan.org/dist/CBOR-XS/changes"],"reported" => "2017-07-27","severity" => undef}],"main_module" => "CBOR::XS","versions" => [{"date" => "2013-10-25T23:10:42","version" => "0.01"},{"date" => "2013-10-26T11:09:56","version" => "0.02"},{"date" => "2013-10-26T23:04:01","version" => "0.03"},{"date" => "2013-10-27T22:48:22","version" => "0.04"},{"date" => "2013-10-28T21:28:30","version" => "0.05"},{"date" => "2013-10-29T15:57:13","version" => "0.06"},{"date" => "2013-10-29T22:05:30","version" => "0.07"},{"date" => "2013-10-30T10:11:46","version" => "0.08"},{"date" => "2013-11-22T16:19:26","version" => "0.09"},{"date" => "2013-11-28T16:09:19","version" => "1.0"},{"date" => "2013-11-30T18:42:59","version" => "1.1"},{"date" => "2013-12-01T17:11:47","version" => "1.11"},{"date" => "2013-12-03T10:25:03","version" => "1.12"},{"date" => "2013-12-10T21:07:58","version" => "1.2"},{"date" => "2014-01-05T14:25:36","version" => "1.25"},{"date" => "2014-10-25T06:37:38","version" => "1.26"},{"date" => "2015-04-27T20:22:15","version" => "1.3"},{"date" => "2016-02-08T04:38:25","version" => "1.4"},{"date" => "2016-02-25T14:23:47","version" => "1.41"},{"date" => "2016-04-27T09:40:38","version" => "1.5"},{"date" => "2016-12-07T14:14:49","version" => "1.6"},{"date" => "2017-06-27T02:03:48","version" => "1.7"},{"date" => "2018-11-15T19:53:50","version" => "1.71"},{"date" => "2020-11-29T21:36:13","version" => "1.8"},{"date" => "2020-11-30T18:31:32","version" => "1.81"},{"date" => "2020-12-01T01:50:49","version" => "1.82"},{"date" => "2020-12-08T08:30:59","version" => "1.83"},{"date" => "2021-10-21T01:16:11","version" => "1.84"},{"date" => "2021-10-23T03:00:48","version" => "1.85"},{"date" => "2021-11-04T16:50:24","version" => "1.86"},{"date" => "2023-09-10T20:45:43","version" => "1.87"}]},"CGI" => {"advisories" => [{"affected_versions" => ["<3.63"],"cves" => ["CVE-2012-5526"],"description" => "CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.\n","distribution" => "CGI","fixed_versions" => [">=3.63"],"id" => "CPANSA-CGI-2012-5526","references" => ["http://www.securityfocus.com/bid/56562","http://www.openwall.com/lists/oss-security/2012/11/15/6","https://github.com/markstos/CGI.pm/pull/23","http://www.securitytracker.com/id?1027780","http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://www.debian.org/security/2012/dsa-2586","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://secunia.com/advisories/55314","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/80098"],"reported" => "2012-11-21","severity" => undef},{"affected_versions" => ["<3.56"],"cves" => ["CVE-2011-2766"],"description" => "Usage of deprecated FCGI.pm API.\n","distribution" => "CGI","fixed_versions" => [">=3.56"],"id" => "CPANSA-CGI-2011-2766","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=68380","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766"],"reported" => "2011-11-08"},{"affected_versions" => ["<3.50"],"cves" => [],"description" => "Non-random MIME boundary.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-02","reported" => "2010-11-08"},{"affected_versions" => ["<3.49"],"cves" => [],"description" => "Newlines in headers.\n","distribution" => "CGI","fixed_versions" => [">=3.49"],"id" => "CPANSA-CGI-2010-01","reported" => "2010-02-05"},{"affected_versions" => ["<3.50"],"cves" => ["CVE-2010-4411"],"description" => "Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors.  NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-4411","references" => ["http://openwall.com/lists/oss-security/2010/12/01/3","http://www.mandriva.com/security/advisories?name=MDVSA-2011:008","http://www.vupen.com/english/advisories/2011/0106","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.vupen.com/english/advisories/2011/0271","http://www.vupen.com/english/advisories/2011/0212","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://secunia.com/advisories/43068","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"],"reported" => "2010-12-06","severity" => undef},{"affected_versions" => ["<3.50"],"cves" => ["CVE-2010-2761"],"description" => "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-2761","references" => ["https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380","http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes","http://openwall.com/lists/oss-security/2010/12/01/1","http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html","http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm","http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1","http://openwall.com/lists/oss-security/2010/12/01/2","http://openwall.com/lists/oss-security/2010/12/01/3","https://bugzilla.mozilla.org/show_bug.cgi?id=600464","http://osvdb.org/69588","http://osvdb.org/69589","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:237","http://www.vupen.com/english/advisories/2011/0076","http://www.mandriva.com/security/advisories?name=MDVSA-2010:250","http://secunia.com/advisories/42877","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html","http://secunia.com/advisories/43147","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html","http://www.vupen.com/english/advisories/2011/0249","http://www.vupen.com/english/advisories/2011/0271","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://www.vupen.com/english/advisories/2011/0212","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://secunia.com/advisories/43068","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2010-12-06","severity" => undef}],"main_module" => "CGI","versions" => [{"date" => "1995-11-25T09:21:00","version" => "2.10"},{"date" => "1995-12-28T09:08:00","version" => "2.13"},{"date" => "1996-05-22T22:30:00","version" => "2.20"},{"date" => "1996-05-31T05:31:00","version" => "2.21"},{"date" => "1996-08-07T09:24:00","version" => "2.22"},{"date" => "1996-08-14T08:17:00","version" => "2.23"},{"date" => "1996-08-21T09:09:00","version" => "2.24"},{"date" => "1996-09-10T14:23:00","version" => "2.25"},{"date" => "1996-10-22T11:17:00","version" => "2.26"},{"date" => "1996-10-24T18:21:00","version" => "2.27"},{"date" => "1996-12-02T11:48:00","version" => "2.28"},{"date" => "1996-12-09T13:39:00","version" => "2.29"},{"date" => "1997-01-02T16:40:00","version" => "2.30"},{"date" => "1997-02-15T15:36:00","version" => "2.31"},{"date" => "1997-03-25T08:58:00","version" => "2.32"},{"date" => "1997-04-04T20:45:00","version" => "2.33"},{"date" => "1997-04-10T15:41:00","version" => "2.34"},{"date" => "1997-04-20T18:29:00","version" => "2.35"},{"date" => "1997-05-09T09:33:00","version" => "2.36"},{"date" => "1997-08-29T04:42:00","version" => "2.37"},{"date" => "1997-09-15T17:51:00","version" => "2.37"},{"date" => "1997-10-01T04:15:00","version" => "2.37"},{"date" => "1997-10-12T07:10:00","version" => "2.37"},{"date" => "1997-11-23T11:37:00","version" => "2.37"},{"date" => "1997-12-20T09:57:00","version" => "2.37"},{"date" => "1998-01-16T12:22:00","version" => "2.37"},{"date" => "1998-01-19T11:34:00","version" => "2.37"},{"date" => "1998-01-26T11:00:00","version" => "2.37"},{"date" => "1998-01-29T19:48:00","version" => "2.37"},{"date" => "1998-02-02T13:37:00","version" => "2.37"},{"date" => "1998-02-05T08:25:00","version" => "2.37"},{"date" => "1998-02-09T13:58:00","version" => "2.37"},{"date" => "1998-02-16T16:21:00","version" => "2.37"},{"date" => "1998-02-23T08:33:00","version" => "2.37"},{"date" => "1998-02-24T16:52:00","version" => "2.37"},{"date" => "1998-03-13T15:33:00","version" => "2.37"},{"date" => "1998-03-22T21:12:00","version" => "2.38"},{"date" => "1998-03-24T22:37:08","version" => "2.39"},{"date" => "1998-05-20T09:17:00","version" => "2.40"},{"date" => "1998-05-28T15:03:00","version" => "2.41"},{"date" => "1998-06-09T09:00:00","version" => "2.42"},{"date" => "1998-10-14T19:06:31","version" => "2.43"},{"date" => "1998-11-24T19:41:41","version" => "2.44"},{"date" => "1998-11-26T11:07:27","version" => "2.45"},{"date" => "1998-12-06T10:22:46","version" => "2.46"},{"date" => "1999-02-18T03:50:16","version" => "2.47"},{"date" => "1999-02-19T14:10:25","version" => "2.48"},{"date" => "1999-02-23T22:00:33","version" => "2.49"},{"date" => "1999-06-08T15:13:15","version" => "2.52"},{"date" => "1999-06-09T14:56:06","version" => "2.53"},{"date" => "1999-08-09T14:18:33","version" => "2.54"},{"date" => "1999-08-31T17:11:00","version" => "2.55"},{"date" => "1999-09-13T21:11:51","version" => "2.56"},{"date" => "2000-03-23T23:00:12","version" => "2.58"},{"date" => "2000-03-24T12:31:52","version" => "2.59"},{"date" => "2000-03-27T22:11:34","version" => "2.60"},{"date" => "2000-03-28T02:50:18","version" => "2.61"},{"date" => "2000-03-28T21:38:03","version" => "2.62"},{"date" => "2000-04-10T15:19:54","version" => "2.63"},{"date" => "2000-04-11T15:25:13","version" => "2.64"},{"date" => "2000-04-11T15:55:40","version" => "2.65"},{"date" => "2000-04-12T20:16:46","version" => "2.66"},{"date" => "2000-05-16T01:38:08","version" => "2.67"},{"date" => "2000-05-18T17:55:55","version" => "2.68"},{"date" => "2000-07-28T03:06:11","version" => "2.69"},{"date" => "2000-08-04T19:37:27","version" => "2.70"},{"date" => "2000-08-13T16:09:25","version" => "2.71"},{"date" => "2000-08-20T17:35:50","version" => "2.72"},{"date" => "2000-08-24T13:33:37","version" => "3."},{"date" => "2000-09-13T02:55:51","version" => "2.73"},{"date" => "2000-09-13T16:35:14","version" => "2.74"},{"date" => "2001-02-02T15:43:07","version" => "2.75"},{"date" => "2001-02-02T15:50:53","version" => "2.751"},{"date" => "2001-02-04T23:49:27","version" => "2.752"},{"date" => "2001-03-12T17:00:13","version" => "2.753"},{"date" => "2001-06-15T15:33:28","version" => "3.02"},{"date" => "2001-06-29T14:47:39","version" => "3.02_"},{"date" => "2001-07-05T16:13:55","version" => "3.03_01"},{"date" => "2001-07-26T21:29:22","version" => "2.76"},{"date" => "2001-08-07T12:33:22","version" => "2.77"},{"date" => "2001-09-26T02:26:36","version" => "2.78"},{"date" => "2001-12-09T21:39:11","version" => "2.79"},{"date" => "2002-01-12T02:47:17","version" => "2.80"},{"date" => "2002-04-10T19:39:49","version" => "2.81"},{"date" => "2002-09-11T12:27:48","version" => "2.84"},{"date" => "2002-09-11T14:01:02","version" => "2.85"},{"date" => "2002-09-12T03:58:40","version" => "2.86"},{"date" => "2002-10-07T02:00:58","version" => "2.87"},{"date" => "2002-10-14T13:58:09","version" => "2.88"},{"date" => "2002-10-16T17:50:26","version" => "2.89"},{"date" => "2002-11-22T23:03:39","version" => 0},{"date" => "2003-02-10T20:11:57","version" => "2.90"},{"date" => "2003-02-11T14:15:15","version" => "2.91"},{"date" => "2003-04-28T00:44:10","version" => "2.92"},{"date" => "2003-04-28T13:37:43","version" => "2.93"},{"date" => "2003-06-09T12:15:29","version" => "2.94"},{"date" => "2003-06-13T02:35:42","version" => "2.95"},{"date" => "2003-06-16T18:42:38","version" => "2.96"},{"date" => "2003-06-17T23:32:52","version" => "2.97"},{"date" => "2003-07-16T17:06:29","version" => "2.98"},{"date" => "2003-08-01T14:43:54","version" => "2.99"},{"date" => "2003-08-18T17:51:48","version" => "3.00"},{"date" => "2003-12-10T17:05:47","version" => "3.01"},{"date" => "2004-01-13T16:34:47","version" => "3.03"},{"date" => "2004-01-19T12:44:30","version" => "3.04"},{"date" => "2004-04-12T20:39:57","version" => "3.05"},{"date" => "2005-03-09T21:06:46","version" => "3.06"},{"date" => "2005-03-14T16:34:03","version" => "3.07"},{"date" => "2005-04-20T15:31:11","version" => "3.08"},{"date" => "2005-05-05T20:16:55","version" => "3.09"},{"date" => "2005-05-13T21:48:46","version" => "3.10"},{"date" => "2005-08-03T21:17:14","version" => "3.11"},{"date" => "2005-12-04T16:46:53","version" => "3.12"},{"date" => "2005-12-05T13:54:26","version" => "3.13"},{"date" => "2005-12-06T22:14:19","version" => "3.14"},{"date" => "2005-12-07T20:16:49","version" => "3.15"},{"date" => "2006-02-08T18:50:56","version" => "3.16"},{"date" => "2006-02-24T19:04:58","version" => "3.17"},{"date" => "2006-04-17T13:56:06","version" => "3.19"},{"date" => "2006-04-23T14:27:55","version" => "3.20"},{"date" => "2006-08-21T19:12:36","version" => "3.21"},{"date" => "2006-08-23T15:24:41","version" => "3.22"},{"date" => "2006-08-24T11:53:26","version" => "3.23"},{"date" => "2006-09-28T17:09:45","version" => "3.25"},{"date" => "2007-02-27T15:42:54","version" => "3.27"},{"date" => "2007-03-29T15:38:01","version" => "3.28"},{"date" => "2007-04-16T17:00:18","version" => "3.29"},{"date" => "2007-11-30T19:06:19","version" => "3.31"},{"date" => "2007-12-27T18:41:32","version" => "3.32"},{"date" => "2008-01-03T15:03:17","version" => "3.33"},{"date" => "2008-03-18T16:04:41","version" => "3.34"},{"date" => "2008-03-27T14:26:48","version" => "3.35"},{"date" => "2008-04-23T13:09:44","version" => "3.37"},{"date" => "2008-06-25T14:58:32","version" => "3.38"},{"date" => "2008-07-29T15:01:52","version" => "3.39"},{"date" => "2008-08-06T18:21:51","version" => "3.40"},{"date" => "2008-08-26T13:56:27","version" => "3.41"},{"date" => "2008-09-08T14:15:41","version" => "3.42"},{"date" => "2009-04-06T18:35:19","version" => "3.43"},{"date" => "2009-07-30T16:34:17","version" => "3.44"},{"date" => "2009-08-14T13:37:12","version" => "3.45"},{"date" => "2009-09-09T15:39:42","version" => "3.46"},{"date" => "2009-09-09T20:03:01","version" => "3.47"},{"date" => "2009-09-25T15:07:03","version" => "3.48"},{"date" => "2010-02-05T16:24:53","version" => "3.49"},{"date" => "2010-11-08T21:53:26","version" => "3.50"},{"date" => "2011-01-05T18:28:41","version" => "3.51"},{"date" => "2011-01-25T04:30:05","version" => "3.52"},{"date" => "2011-04-25T23:01:21","version" => "3.53"},{"date" => "2011-04-28T14:36:41","version" => "3.54"},{"date" => "2011-06-03T15:39:16","version" => "3.55"},{"date" => "2011-11-09T02:00:20","version" => "3.56"},{"date" => "2011-11-09T15:59:18","version" => "3.57"},{"date" => "2011-11-12T03:36:07","version" => "3.58"},{"date" => "2011-12-30T13:35:35","version" => "3.59"},{"date" => "2012-08-16T03:21:13","version" => "3.60"},{"date" => "2012-11-03T02:10:42","version" => "3.61"},{"date" => "2012-11-10T01:40:50","version" => "3.62"},{"date" => "2012-11-14T23:45:29","version" => "3.63"},{"date" => "2013-11-24T01:22:00","version" => "3.64"},{"date" => "2014-02-12T03:13:58","version" => "3.65"},{"date" => "2014-05-15T12:59:58","version" => "3.65_01"},{"date" => "2014-05-16T11:43:33","version" => "3.65_02"},{"date" => "2014-05-20T12:31:46","version" => "3.65_03"},{"date" => "2014-05-22T19:58:14","version" => "4.00"},{"date" => "2014-05-27T13:13:51","version" => "4.01"},{"date" => "2014-06-09T13:55:49","version" => "4.02"},{"date" => "2014-07-02T14:53:06","version" => "4.03"},{"date" => "2014-07-28T18:30:34","version" => "4.03_01"},{"date" => "2014-07-30T14:26:40","version" => "4.03_02"},{"date" => "2014-08-13T11:40:14","version" => "4.03_03"},{"date" => "2014-09-04T14:42:14","version" => "4.04"},{"date" => "2014-09-20T16:08:55","version" => "4.04_01"},{"date" => "2014-09-28T19:57:05","version" => "4.04_02"},{"date" => "2014-09-29T09:50:07","version" => "4.04_03"},{"date" => "2014-10-06T12:01:14","version" => "4.04_04"},{"date" => "2014-10-06T12:24:10","version" => "4.04_05"},{"date" => "2014-10-08T07:42:49","version" => "4.05"},{"date" => "2014-10-10T11:35:49","version" => "4.06"},{"date" => "2014-10-12T16:29:35","version" => "4.07"},{"date" => "2014-10-18T11:00:38","version" => "4.08"},{"date" => "2014-10-21T07:33:36","version" => "4.09"},{"date" => "2014-11-25T21:06:50","version" => "4.09_01"},{"date" => "2014-11-27T12:53:51","version" => "4.10"},{"date" => "2014-11-30T12:12:26","version" => "4.10_01"},{"date" => "2014-12-03T07:25:15","version" => "4.11"},{"date" => "2014-12-18T08:35:52","version" => "4.12"},{"date" => "2014-12-18T09:21:52","version" => "4.13"},{"date" => "2015-02-12T14:19:13","version" => "4.13_01"},{"date" => "2015-02-13T08:01:29","version" => "4.13_02"},{"date" => "2015-03-01T13:28:25","version" => "4.13_03"},{"date" => "2015-03-08T16:09:21","version" => "4.13_04"},{"date" => "2015-03-25T17:55:15","version" => "4.13_05"},{"date" => "2015-04-01T06:51:57","version" => "4.14"},{"date" => "2015-04-17T14:27:39","version" => "4.14_01"},{"date" => "2015-04-20T07:15:45","version" => "4.15"},{"date" => "2015-05-29T14:48:42","version" => "4.20"},{"date" => "2015-06-22T07:50:02","version" => "4.21"},{"date" => "2015-10-16T09:46:31","version" => "4.22"},{"date" => "2015-12-20T18:33:35","version" => "4.24"},{"date" => "2015-12-21T09:29:19","version" => "4.25"},{"date" => "2016-02-04T16:37:12","version" => "4.26"},{"date" => "2016-03-02T08:03:46","version" => "4.27"},{"date" => "2016-03-14T07:21:48","version" => "4.28"},{"date" => "2016-05-22T12:23:19","version" => "4.28_01"},{"date" => "2016-05-22T12:54:23","version" => "4.28_02"},{"date" => "2016-05-23T08:25:25","version" => "4.28_03"},{"date" => "2016-06-09T12:01:20","version" => "4.29"},{"date" => "2016-06-09T12:11:54","version" => "4.30"},{"date" => "2016-06-14T07:14:00","version" => "4.31"},{"date" => "2016-07-19T07:05:46","version" => "4.32"},{"date" => "2016-09-16T09:47:49","version" => "4.33"},{"date" => "2016-10-13T11:58:55","version" => "4.34"},{"date" => "2016-10-13T13:56:21","version" => "4.35"},{"date" => "2017-03-29T08:56:26","version" => "4.35_01"},{"date" => "2017-04-06T14:42:12","version" => "4.36"},{"date" => "2017-11-01T10:17:40","version" => "4.37"},{"date" => "2017-12-01T08:41:02","version" => "4.38"},{"date" => "2018-08-13T15:57:52","version" => "4.39"},{"date" => "2018-08-15T08:39:39","version" => "4.40"},{"date" => "2019-03-26T15:58:49","version" => "4.41"},{"date" => "2019-03-26T16:33:27","version" => "4.42"},{"date" => "2019-05-01T14:28:45","version" => "4.43"},{"date" => "2019-06-03T09:00:55","version" => "4.44"},{"date" => "2020-01-13T07:03:55","version" => "4.45"},{"date" => "2020-02-03T14:49:22","version" => "4.46"},{"date" => "2020-05-01T13:01:44","version" => "4.47"},{"date" => "2020-06-02T08:22:41","version" => "4.48"},{"date" => "2020-06-08T09:46:25","version" => "4.49"},{"date" => "2020-06-22T07:35:25","version" => "4.50"},{"date" => "2020-10-05T06:14:39","version" => "4.51"},{"date" => "2021-05-04T08:02:27","version" => "4.52"},{"date" => "2021-06-03T06:45:55","version" => "4.53"},{"date" => "2022-02-03T07:52:34","version" => "4.54"},{"date" => "2023-01-03T07:45:53","version" => "4.55"},{"date" => "2023-03-03T08:51:51","version" => "4.56"},{"date" => "2023-05-02T13:16:01","version" => "4.57"},{"date" => "2023-10-02T07:08:45","version" => "4.58"},{"date" => "2023-10-02T07:14:30","version" => "4.59"},{"date" => "2023-11-01T07:57:12","version" => "4.60"},{"date" => "2024-01-08T15:17:04","version" => "4.61"},{"date" => "2024-03-01T13:46:49","version" => "4.62"},{"date" => "2024-03-06T15:20:30","version" => "4.63"},{"date" => "2024-03-18T12:10:48","version" => "4.64"},{"date" => "2024-06-04T15:15:17","version" => "4.65"},{"date" => "2024-06-19T08:59:52","version" => "4.66"},{"date" => "2025-01-08T15:27:45","version" => "4.67"},{"date" => "2025-04-01T09:38:18","version" => "4.68"},{"date" => "2025-06-11T06:21:57","version" => "4.69"},{"date" => "2025-07-07T11:59:39","version" => "4.70"},{"date" => "2025-10-01T08:09:27","version" => "4.71"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "3.15_01"}]},"CGI-Application" => {"advisories" => [{"affected_versions" => ["<4.50_51"],"cves" => ["CVE-2013-7329"],"description" => "The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.\n","distribution" => "CGI-Application","fixed_versions" => [],"id" => "CPANSA-CGI-Application-2013-7329","references" => ["https://github.com/markstos/CGI--Application/pull/15","http://openwall.com/lists/oss-security/2014/02/19/11","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129436.html","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129444.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739505","http://www.securityfocus.com/bid/65687","https://rt.cpan.org/Public/Bug/Display.html?id=84403","https://bugzilla.redhat.com/show_bug.cgi?id=1067180","https://exchange.xforce.ibmcloud.com/vulnerabilities/91735"],"reported" => "2014-10-06","severity" => undef}],"main_module" => "CGI::Application","versions" => [{"date" => "2000-07-11T04:23:51","version" => "1.0"},{"date" => "2000-07-12T15:21:41","version" => "1.1"},{"date" => "2000-07-18T21:11:44","version" => "1.2"},{"date" => "2001-05-21T12:03:59","version" => "1.3"},{"date" => "2001-05-28T18:29:06","version" => "1.31"},{"date" => "2001-06-25T03:17:50","version" => "2.0"},{"date" => "2001-08-11T22:18:28","version" => "2.1"},{"date" => "2002-05-06T03:21:57","version" => "2.2"},{"date" => "2002-05-06T11:57:30","version" => "2.3"},{"date" => "2002-05-27T01:01:18","version" => "2.4"},{"date" => "2002-07-18T11:59:16","version" => "2.5"},{"date" => "2002-10-07T13:03:27","version" => "2.6"},{"date" => "2003-02-01T13:52:45","version" => "3.0"},{"date" => "2003-06-02T13:01:50","version" => "3.1"},{"date" => "2004-02-04T03:23:56","version" => "3.2"},{"date" => "2004-02-04T15:53:56","version" => "3.2"},{"date" => "2004-02-14T01:47:53","version" => "3.22"},{"date" => "2004-09-26T19:22:20","version" => "3.30"},{"date" => "2004-09-26T19:35:26","version" => "3.31"},{"date" => "2005-03-19T14:42:14","version" => "4.0_2"},{"date" => "2005-06-07T03:25:55","version" => "4.0_4"},{"date" => "2005-06-11T04:00:57","version" => "4.0"},{"date" => "2005-06-13T19:15:12","version" => "4.01_01"},{"date" => "2005-06-14T14:37:30","version" => "4.01"},{"date" => "2005-07-24T19:08:18","version" => "4.02_1"},{"date" => "2005-07-31T03:11:25","version" => "4.02"},{"date" => "2005-08-04T23:45:52","version" => "4.03"},{"date" => "2005-09-01T02:54:00","version" => "4.04_01"},{"date" => "2005-09-09T01:12:21","version" => "4.04_02"},{"date" => "2005-10-12T02:12:18","version" => "4.04"},{"date" => "2006-03-02T01:58:41","version" => "4.05"},{"date" => "2006-04-13T02:34:40","version" => "4.06"},{"date" => "2006-07-02T05:05:34","version" => "4.07_01"},{"date" => "2007-10-31T23:34:31","version" => "4.07_02"},{"date" => "2008-06-16T20:09:18","version" => "4.07_03"},{"date" => "2008-06-18T03:30:33","version" => "4.10"},{"date" => "2008-08-10T15:36:00","version" => "4.11"},{"date" => "2008-09-27T04:18:05","version" => "4.11"},{"date" => "2008-11-02T00:43:18","version" => "4.11"},{"date" => "2009-01-03T16:13:59","version" => "4.21"},{"date" => "2009-07-30T01:35:48","version" => "4.30"},{"date" => "2009-07-30T01:42:34","version" => "4.31"},{"date" => "2010-02-14T00:33:00","version" => "4.32_1"},{"date" => "2011-06-16T17:07:16","version" => "4.50"},{"date" => "2015-01-23T12:19:21","version" => "4.50_50"},{"date" => "2015-07-18T12:57:01","version" => "4.50_51"},{"date" => "2018-02-28T13:57:05","version" => "4.60"},{"date" => "2018-03-01T13:29:17","version" => "4.60_1"},{"date" => "2018-03-02T09:20:24","version" => "4.61"}]},"CGI-Application-Dispatch" => {"advisories" => [{"affected_versions" => ["<1.02"],"cves" => [],"description" => "Untainted module names.\n","distribution" => "CGI-Application-Dispatch","fixed_versions" => [">=1.02"],"id" => "CPANSA-CGI-Application-Dispatch-2005-001","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Dispatch"],"reported" => "2005-01-20"}],"main_module" => "CGI::Application::Dispatch","versions" => [{"date" => "2004-09-13T01:35:58","version" => "0.01"},{"date" => "2004-10-19T18:26:01","version" => "0.02"},{"date" => "2004-10-29T16:53:40","version" => "0.03"},{"date" => "2005-01-06T15:34:49","version" => "1.00"},{"date" => "2005-01-08T12:42:00","version" => "1.01"},{"date" => "2005-01-20T14:43:28","version" => "1.02"},{"date" => "2005-03-04T16:28:16","version" => "1.03"},{"date" => "2005-07-12T21:44:54","version" => "1.04"},{"date" => "2006-01-12T15:56:53","version" => "2.00_02"},{"date" => "2006-02-06T15:50:52","version" => "2.00_03"},{"date" => "2006-02-14T15:41:25","version" => "2.00_04"},{"date" => "2006-04-12T14:18:22","version" => "2.00_05"},{"date" => "2006-06-27T04:29:04","version" => "2.00_06"},{"date" => "2006-07-03T15:52:12","version" => "2.00"},{"date" => "2006-08-14T14:14:10","version" => "2.01"},{"date" => "2006-08-17T14:57:55","version" => "2.02"},{"date" => "2006-09-30T02:13:40","version" => "2.03"},{"date" => "2007-01-03T18:12:57","version" => "2.10_01"},{"date" => "2007-01-11T18:55:41","version" => "2.10_02"},{"date" => "2007-01-15T14:08:30","version" => "2.10"},{"date" => "2007-12-28T20:23:49","version" => "2.11"},{"date" => "2007-12-31T20:43:51","version" => "2.12_01"},{"date" => "2008-01-03T14:39:57","version" => "2.12"},{"date" => "2008-03-08T18:33:34","version" => "2.13_01"},{"date" => "2008-03-11T16:41:27","version" => "2.13_02"},{"date" => "2008-09-17T00:44:02","version" => "2.13"},{"date" => "2008-11-03T01:33:21","version" => "2.14"},{"date" => "2008-12-04T16:00:05","version" => "2.15"},{"date" => "2009-03-24T02:03:51","version" => "2.16"},{"date" => "2009-12-30T19:06:27","version" => "2.17"},{"date" => "2011-01-05T03:42:59","version" => "2.18"},{"date" => "2011-06-16T17:42:14","version" => "3.00"},{"date" => "2011-06-24T02:53:20","version" => "3.01"},{"date" => "2011-06-24T22:33:01","version" => "3.02"},{"date" => "2011-06-26T03:52:14","version" => "3.03"},{"date" => "2011-06-29T13:45:53","version" => "3.04"},{"date" => "2011-09-07T22:21:15","version" => "3.05"},{"date" => "2011-09-09T15:29:58","version" => "3.06"},{"date" => "2011-09-09T17:32:11","version" => "3.07"},{"date" => "2012-09-03T04:04:19","version" => "3.10"},{"date" => "2012-09-14T01:02:58","version" => "3.11"},{"date" => "2012-09-14T01:19:52","version" => "3.12"}]},"CGI-Application-Plugin-AutoRunmode" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "Non-word characters are allowed in runmode name.\n","distribution" => "CGI-Application-Plugin-AutoRunmode","fixed_versions" => [">=0.04"],"id" => "CPANSA-CGI-Application-Plugin-AutoRunmode-2005-01","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Plugin-AutoRunmode"],"reported" => "2005-03-04"}],"main_module" => "CGI::Application::Plugin::AutoRunmode","versions" => [{"date" => "2005-03-04T06:59:51","version" => "0.04"},{"date" => "2005-03-10T07:22:55","version" => "0.05"},{"date" => "2005-06-15T10:20:17","version" => "0.06"},{"date" => "2005-06-18T02:09:08","version" => "0.07"},{"date" => "2005-07-17T00:49:10","version" => "0.08"},{"date" => "2005-09-22T12:31:22","version" => "0.09"},{"date" => "2005-10-16T00:17:47","version" => "0.10"},{"date" => "2005-10-18T13:23:50","version" => "0.11"},{"date" => "2005-11-03T01:10:37","version" => "0.12"},{"date" => "2006-04-08T07:18:44","version" => "0.13"},{"date" => "2006-05-21T05:04:48","version" => "0.14"},{"date" => "2006-12-17T07:46:24","version" => "0.15"},{"date" => "2009-02-14T09:16:39","version" => "0.16"},{"date" => "2010-05-21T04:24:45","version" => "0.17"},{"date" => "2011-02-18T09:23:15","version" => "0.18"}]},"CGI-Application-Plugin-CAPTCHA" => {"advisories" => [{"affected_versions" => ["<0.02"],"cves" => [],"description" => "A malicious programmer creating an application to use the service can just have his application send along a cookie that he has created himself, and with that supply an appropriate verification string for his cookie. To avoid that you need to include som kind of hidden server-side password in the string being encrypted, and also include it when you verify.\n","distribution" => "CGI-Application-Plugin-CAPTCHA","fixed_versions" => [">=0.02"],"id" => "CPANSA-CGI-Application-Plugin-CAPTCHA-2024-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=30759","https://metacpan.org/release/CROMEDOME/CGI-Application-Plugin-CAPTCHA-0.02/changes","https://github.com/cromedome/cgi-application-plugin-captcha/commit/9acb5b6561a9983787ad85f55b01c69a895014e6"],"reported" => undef,"severity" => undef}],"main_module" => "CGI::Application::Plugin::CAPTCHA","versions" => [{"date" => "2005-08-28T18:31:21","version" => "0.01"},{"date" => "2011-01-05T05:07:55","version" => "0.02"},{"date" => "2011-01-05T05:10:54","version" => "0.03"},{"date" => "2011-01-06T14:08:56","version" => "0.04"}]},"CGI-Application-Plugin-RunmodeDeclare" => {"advisories" => [{"affected_versions" => ["<0.03"],"cves" => [],"description" => "Wrong order of arguments.\n","distribution" => "CGI-Application-Plugin-RunmodeDeclare","fixed_versions" => [">=0.03"],"id" => "CPANSA-CGI-Application-Plugin-RunmodeDeclare-2008-01","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Plugin-RunmodeDeclare"],"reported" => "2008-10-20"}],"main_module" => "CGI::Application::Plugin::RunmodeDeclare","versions" => [{"date" => "2008-09-26T19:59:14","version" => "0.01"},{"date" => "2008-09-26T21:37:11","version" => "0.02"},{"date" => "2008-10-19T23:22:06","version" => "0.03"},{"date" => "2008-10-23T14:18:23","version" => "0.03_01"},{"date" => "2008-10-24T13:32:43","version" => "0.03_02"},{"date" => "2008-10-24T16:20:27","version" => "0.03_03"},{"date" => "2008-10-25T10:54:25","version" => "0.04"},{"date" => "2008-10-25T11:46:28","version" => "0.05"},{"date" => "2008-10-25T16:39:34","version" => "0.06"},{"date" => "2009-01-10T02:32:39","version" => "0.07"},{"date" => "2009-05-17T22:29:18","version" => "0.08"},{"date" => "2010-01-07T13:24:09","version" => "0.09"},{"date" => "2012-02-10T00:53:54","version" => "0.10"}]},"CGI-Auth-Basic" => {"advisories" => [{"affected_versions" => ["<1.11"],"cves" => [],"description" => "TBD\n","distribution" => "CGI-Auth-Basic","fixed_versions" => [">=1.11"],"id" => "CPANSA-CGI-Auth-Basic-2007-01","references" => ["https://metacpan.org/changes/distribution/CGI-Auth-Basic"],"reported" => "2007-12-30"}],"main_module" => "CGI::Auth::Basic","versions" => [{"date" => "2004-02-21T14:58:09","version" => "1.0"},{"date" => "2004-08-31T13:29:28","version" => "1.01"},{"date" => "2004-11-07T03:34:32","version" => "1.02"},{"date" => "2006-06-18T01:12:15","version" => "1.10"},{"date" => "2007-12-30T20:53:33","version" => "1.11"},{"date" => "2009-04-18T04:22:51","version" => "1.20"},{"date" => "2009-04-23T17:00:50","version" => "1.21"},{"date" => "2009-04-24T15:07:48","version" => "1.21"},{"date" => "2012-08-27T01:50:53","version" => "1.22"},{"date" => "2015-01-21T00:26:01","version" => "1.23"},{"date" => "2018-12-23T21:03:03","version" => "1.24"}]},"CGI-Session" => {"advisories" => [{"affected_versions" => ["<4.10"],"cves" => ["CVE-2006-1279"],"description" => "CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite.\n","distribution" => "CGI-Session","fixed_versions" => [],"id" => "CPANSA-CGI-Session-2006-1279","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555","http://secunia.com/advisories/19211","http://www.securityfocus.com/bid/17177","http://www.osvdb.org/23865","http://www.vupen.com/english/advisories/2006/0946","https://exchange.xforce.ibmcloud.com/vulnerabilities/25285"],"reported" => "2006-03-19","severity" => undef},{"affected_versions" => ["<4.12"],"cves" => [],"description" => "possible SQL injection attack\n","distribution" => "CGI-Session","fixed_versions" => [">=4.12"],"id" => "CPANSA-CGI-Session-2006-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=18578"],"reported" => "2006-04-06","severity" => undef}],"main_module" => "CGI::Session","versions" => [{"date" => "2001-10-30T08:59:10","version" => "0.01"},{"date" => "2002-05-10T12:04:15","version" => "2.0"},{"date" => "2002-05-10T17:38:46","version" => "2.1"},{"date" => "2002-05-14T18:21:39","version" => "2.2"},{"date" => "2002-05-17T18:02:23","version" => "2.4"},{"date" => "2002-05-27T09:52:46","version" => "2.7"},{"date" => "2002-06-06T08:08:21","version" => "2.9"},{"date" => "2002-06-06T08:36:26","version" => "2.91"},{"date" => "2002-06-18T18:15:57","version" => "2.92"},{"date" => "2002-08-26T08:23:54","version" => "2.94"},{"date" => "2002-11-27T07:20:47","version" => "3.1"},{"date" => "2002-11-27T12:27:59","version" => "3.2"},{"date" => "2002-11-28T03:19:31","version" => "v3.2.2.1"},{"date" => "2002-11-28T03:26:41","version" => "3.3"},{"date" => "2002-11-28T03:44:39","version" => "3.4"},{"date" => "2002-11-28T06:55:29","version" => "3.5"},{"date" => "2002-11-28T17:12:32","version" => "3.6"},{"date" => "2002-11-29T21:29:53","version" => "3.7"},{"date" => "2002-12-03T16:26:55","version" => "3.8"},{"date" => "2002-12-04T07:37:02","version" => "3.9"},{"date" => "2002-12-09T09:02:18","version" => "3.10"},{"date" => "2002-12-09T20:09:24","version" => "3.11"},{"date" => "2003-03-09T11:26:21","version" => "3.91"},{"date" => "2003-03-10T02:42:16","version" => "3.92"},{"date" => "2003-03-14T13:21:20","version" => "3.93"},{"date" => "2003-05-02T20:12:40","version" => "3.94"},{"date" => "2003-07-26T13:51:31","version" => "3.95"},{"date" => "2005-02-09T08:35:23","version" => "4.00_01"},{"date" => "2005-02-09T09:54:17","version" => "4.00_02"},{"date" => "2005-02-11T08:23:00","version" => "4.00_03"},{"date" => "2005-02-17T03:24:21","version" => "4.00_04"},{"date" => "2005-02-22T17:56:43","version" => "4.00_05"},{"date" => "2005-02-24T18:46:45","version" => "4.00_06"},{"date" => "2005-03-13T19:18:37","version" => "4.00_07"},{"date" => "2005-03-15T16:48:17","version" => "4.00_08"},{"date" => "2005-07-22T02:00:21","version" => "4.00_09"},{"date" => "2005-09-01T05:57:49","version" => "4.00"},{"date" => "2005-09-01T16:25:46","version" => "4.01"},{"date" => "2005-09-02T15:51:20","version" => "4.02"},{"date" => "2005-09-24T02:12:22","version" => "4.02_01"},{"date" => "2005-10-05T23:22:54","version" => "4.03"},{"date" => "2006-03-02T03:00:28","version" => "4.04"},{"date" => "2006-03-04T00:08:26","version" => "4.05"},{"date" => "2006-03-09T03:13:06","version" => "4.06"},{"date" => "2006-03-09T12:09:28","version" => "4.07"},{"date" => "2006-03-16T02:38:25","version" => "4.08"},{"date" => "2006-03-17T04:08:57","version" => "4.09"},{"date" => "2006-03-28T07:00:52","version" => "4.10"},{"date" => "2006-04-03T19:33:30","version" => "4.11"},{"date" => "2006-04-07T14:34:06","version" => "4.12"},{"date" => "2006-04-12T17:05:18","version" => "4.13"},{"date" => "2006-06-11T11:36:57","version" => "4.14"},{"date" => "2006-11-24T14:10:38","version" => "4.20_1"},{"date" => "2006-12-05T02:08:37","version" => "4.20"},{"date" => "2008-03-22T02:42:57","version" => "4.29_1"},{"date" => "2008-03-28T01:45:56","version" => "4.29_2"},{"date" => "2008-04-26T01:31:34","version" => "4.30"},{"date" => "2008-06-16T14:44:06","version" => "4.31"},{"date" => "2008-06-17T21:35:03","version" => "4.32"},{"date" => "2008-07-08T01:27:59","version" => "4.33"},{"date" => "2008-07-13T02:39:59","version" => "4.34"},{"date" => "2008-07-16T00:36:46","version" => "4.35"},{"date" => "2008-09-13T15:45:06","version" => "4.36"},{"date" => "2008-10-23T02:57:30","version" => "4.37"},{"date" => "2008-11-01T03:47:46","version" => "4.38"},{"date" => "2008-12-16T01:22:42","version" => "4.39"},{"date" => "2009-01-03T01:18:15","version" => "4.40"},{"date" => "2009-03-21T02:01:09","version" => "4.41"},{"date" => "2009-08-26T13:38:39","version" => "4.42"},{"date" => "2010-12-12T00:32:27","version" => "4.43"},{"date" => "2011-06-06T20:48:07","version" => "4.44"},{"date" => "2011-07-02T01:33:33","version" => "4.45"},{"date" => "2011-07-08T14:34:42","version" => "4.46"},{"date" => "2011-07-08T19:31:44","version" => "4.47"},{"date" => "2011-07-11T13:02:37","version" => "4.48"},{"date" => "2021-02-08T07:00:20","version" => "4.49"}]},"CGI-Simple" => {"advisories" => [{"affected_versions" => ["<1.113"],"cves" => ["CVE-2010-4410"],"description" => "Newlines in headers, which could lead to header injection attacks.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-02","references" => ["https://metacpan.org/changes/distribution/CGI-Simple"],"reported" => "2010-12-27"},{"affected_versions" => ["<1.113"],"cves" => [],"description" => "Non-random multipart boundary.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-01","references" => ["https://metacpan.org/changes/distribution/CGI-Simple"],"reported" => "2010-12-27"},{"affected_versions" => ["<=1.112"],"cves" => ["CVE-2010-2761"],"description" => "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-2761","references" => ["https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380","http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes","http://openwall.com/lists/oss-security/2010/12/01/1","http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html","http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm","http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1","http://openwall.com/lists/oss-security/2010/12/01/2","http://openwall.com/lists/oss-security/2010/12/01/3","https://bugzilla.mozilla.org/show_bug.cgi?id=600464","http://osvdb.org/69588","http://osvdb.org/69589","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:237","http://www.vupen.com/english/advisories/2011/0076","http://www.mandriva.com/security/advisories?name=MDVSA-2010:250","http://secunia.com/advisories/42877","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html","http://secunia.com/advisories/43147","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html","http://www.vupen.com/english/advisories/2011/0249","http://www.vupen.com/english/advisories/2011/0271","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://www.vupen.com/english/advisories/2011/0212","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://secunia.com/advisories/43068","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2010-12-06","severity" => undef},{"affected_versions" => ["<=1.282"],"cves" => ["CVE-2025-40927"],"description" => "CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting\x{a0}flaw in CGI::Simple\x{a0}that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions.  Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters.    As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks.  The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete.  Impact  By injecting %0A\x{a0}(newline) into a query string parameter, an attacker can:    *  Break the current HTTP header   *  Inject a new header or entire body   *  Deliver a script payload that is reflected in the server\x{2019}s response That can lead to the following attacks:    *  reflected XSS   *  open redirect   *  cache poisoning   *  header manipulation","distribution" => "CGI-Simple","fixed_versions" => [">=1.282"],"id" => "CPANSA-CGI-Simple-2025-40927","references" => ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2320","https://datatracker.ietf.org/doc/html/rfc7230#section-3","https://metacpan.org/release/MANWAR/CGI-Simple-1.281/diff/MANWAR/CGI-Simple-1.282/lib/CGI/Simple.pm","https://metacpan.org/release/MANWAR/CGI-Simple-1.281/source/lib/CGI/Simple.pm#L1031-1035","https://owasp.org/www-community/attacks/HTTP_Response_Splitting","https://rt.perl.org/Public/Bug/Display.html?id=21951"],"reported" => "2025-08-29","severity" => undef}],"main_module" => "CGI::Simple","versions" => [{"date" => "2007-01-09T22:31:27","version" => "0.078"},{"date" => "2007-02-23T16:22:19","version" => "0.079"},{"date" => "2007-03-30T20:15:35","version" => "0.080"},{"date" => "2007-05-20T19:19:40","version" => "0.081"},{"date" => "2007-05-22T18:43:01","version" => "0.082"},{"date" => "2007-05-22T18:54:06","version" => "0.83"},{"date" => "2007-05-24T03:15:01","version" => "1.0"},{"date" => "2007-07-13T18:58:16","version" => "1.1"},{"date" => "2007-07-31T01:57:01","version" => "1.1.1"},{"date" => "2007-07-31T02:04:25","version" => "1.1.2"},{"date" => "2007-07-31T02:10:47","version" => "1.103"},{"date" => "2008-05-13T15:46:18","version" => "1.104"},{"date" => "2008-05-16T14:37:31","version" => "1.105"},{"date" => "2008-09-14T13:29:51","version" => "1.106"},{"date" => "2009-03-07T21:24:59","version" => "1.107"},{"date" => "2009-03-13T14:06:24","version" => "1.108"},{"date" => "2009-04-16T17:54:13","version" => "1.109"},{"date" => "2009-05-24T21:25:22","version" => "1.110"},{"date" => "2009-05-28T18:02:08","version" => "1.111"},{"date" => "2009-05-31T10:43:56","version" => "1.112"},{"date" => "2010-12-27T13:11:56","version" => "1.113"},{"date" => "2014-10-19T12:53:24","version" => "1.115"},{"date" => "2018-03-01T15:09:42","version" => "1.13"},{"date" => "2018-03-03T10:42:06","version" => "1.14"},{"date" => "2018-03-04T03:42:20","version" => "1.15"},{"date" => "2018-07-25T15:17:39","version" => "1.16"},{"date" => "2018-10-02T09:48:08","version" => "1.17"},{"date" => "2018-10-03T14:21:12","version" => "1.18"},{"date" => "2018-10-04T12:05:58","version" => "1.19"},{"date" => "2018-10-05T11:30:05","version" => "1.20"},{"date" => "2018-10-06T07:21:31","version" => "1.21"},{"date" => "2019-09-07T04:28:17","version" => "1.22"},{"date" => "2020-02-06T06:12:09","version" => "1.23"},{"date" => "2020-02-07T11:11:56","version" => "1.24"},{"date" => "2020-02-10T13:00:54","version" => "1.25"},{"date" => "2022-01-02T18:00:56","version" => "1.26"},{"date" => "2022-01-06T16:00:18","version" => "1.27"},{"date" => "2022-01-11T15:16:20","version" => "1.280"},{"date" => "2024-01-31T14:19:02","version" => "1.281"},{"date" => "2025-08-28T19:12:51","version" => "1.282"}]},"CGI-apacheSSI" => {"advisories" => [{"affected_versions" => ["<0.95"],"cves" => [],"description" => "Security and parsing problems with \"include\" calls.\n","distribution" => "CGI-apacheSSI","fixed_versions" => [">=0.95"],"id" => "CPANSA-CGI-apacheSSI-2016-01","references" => ["https://metacpan.org/changes/distribution/CGI-apacheSSI"],"reported" => "2016-01-31"}],"main_module" => "CGI::apacheSSI","versions" => [{"date" => "2014-08-20T22:55:20","version" => "0.93"},{"date" => "2016-01-30T12:57:47","version" => "0.94"},{"date" => "2016-01-31T22:48:55","version" => "0.95"},{"date" => "2016-02-01T00:36:49","version" => "0.96"}]},"CPAN" => {"advisories" => [{"affected_versions" => ["<2.35"],"cves" => ["CVE-2023-31484"],"description" => "The verify_SSL flag is missing from HTTP::Tiny, and allows a network attacker to MITM the connection if it is used by the CPAN client\n","distribution" => "CPAN","fixed_versions" => [">=2.35"],"id" => "CPANSA-CPAN-2023-31484","previous_id" => ["CPANSA-CPAN-2023-01"],"references" => ["https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0","https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://github.com/andk/cpanpm/pull/175","https://www.openwall.com/lists/oss-security/2023/04/18/14"],"reported" => "2023-02-28"},{"affected_versions" => ["<1.93"],"cves" => [],"description" => "Archive::Tar preserves permissions in the tarball; extracted file permissions will be set from users umask instead.\n","distribution" => "CPAN","fixed_versions" => [">=1.93"],"id" => "CPANSA-CPAN-2009-01","references" => ["https://github.com/andk/cpanpm/commit/079fa2e7ee77d626eab8bb06d0465c6a05f6c8b6","https://rt.cpan.org/Ticket/Display.html?id=46384"],"reported" => "2009-09-23"},{"affected_versions" => ["<2.28"],"cves" => ["CVE-2020-16156"],"description" => "CPAN 2.28 allows Signature Verification Bypass.","distribution" => "CPAN","fixed_versions" => [">=2.29"],"id" => "CPANSA-CPAN-2020-16156","references" => ["https://metacpan.org/pod/distribution/CPAN/scripts/cpan","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/"],"reported" => "2021-12-13","severity" => "high"}],"main_module" => "CPAN","versions" => [{"date" => "1996-09-10T17:13:59","version" => "0.17"},{"date" => "1996-09-10T20:51:00","version" => "0.20"},{"date" => "1996-09-12T05:53:35","version" => "0.26"},{"date" => "1996-09-12T14:01:39","version" => "0.27"},{"date" => "1996-09-16T20:18:59","version" => "0.28"},{"date" => "1996-09-17T17:14:51","version" => "0.29"},{"date" => "1996-09-19T05:24:17","version" => "0.30"},{"date" => "1996-09-20T10:40:01","version" => "0.31"},{"date" => "1996-09-22T19:30:33","version" => "0.35"},{"date" => "1996-09-23T12:55:23","version" => "0.36"},{"date" => "1996-09-23T14:05:44","version" => "0.37"},{"date" => "1996-09-27T12:52:07","version" => "0.39"},{"date" => "1996-09-28T20:51:31","version" => "0.40"},{"date" => "1996-10-01T21:14:27","version" => "0.41"},{"date" => "1996-11-17T07:56:02","version" => "0.42"},{"date" => "1996-11-17T14:51:59","version" => "0.43"},{"date" => "1996-11-30T17:04:28","version" => "0.44"},{"date" => "1996-12-01T12:19:19","version" => "0.45"},{"date" => "1996-12-01T18:24:17","version" => "0.46"},{"date" => "1996-12-10T00:58:25","version" => "1.00"},{"date" => "1996-12-10T10:17:15","version" => "1.01"},{"date" => "1996-12-11T01:31:55","version" => "1.02"},{"date" => "1996-12-21T03:10:23","version" => "1.03"},{"date" => "1996-12-21T20:08:49","version" => "1.04"},{"date" => "1996-12-22T13:04:58","version" => "1.05"},{"date" => "1996-12-22T14:16:08","version" => "1.06"},{"date" => "1996-12-23T04:05:01","version" => "1.07"},{"date" => "1996-12-23T13:18:01","version" => "1.08"},{"date" => "1996-12-24T00:46:19","version" => "1.09"},{"date" => "1997-01-17T02:29:49","version" => "1.09_01"},{"date" => "1997-01-21T01:06:40","version" => "1.10"},{"date" => "1997-01-22T18:50:00","version" => "1.11"},{"date" => "1997-01-23T00:07:58","version" => "1.12"},{"date" => "1997-01-24T01:07:44","version" => "1.14"},{"date" => "1997-01-24T12:32:12","version" => "1.15"},{"date" => "1997-02-02T13:51:48","version" => "1.16_01"},{"date" => "1997-02-02T21:05:12","version" => "1.17"},{"date" => "1997-02-03T00:38:36","version" => "1.18"},{"date" => "1997-02-03T09:13:48","version" => "1.19"},{"date" => "1997-02-05T09:38:00","version" => "1.20"},{"date" => "1997-02-11T06:32:42","version" => "1.21"},{"date" => "1997-03-13T23:14:59","version" => "1.22_01"},{"date" => "1997-03-31T12:03:55","version" => "1.23"},{"date" => "1997-03-31T22:47:11","version" => "1.24"},{"date" => "1997-06-30T18:13:23","version" => "1.25"},{"date" => "1997-07-28T13:58:09","version" => "1.27"},{"date" => "1997-08-04T06:09:33","version" => "1.28"},{"date" => "1997-08-11T23:33:58","version" => "1.29"},{"date" => "1997-08-29T14:34:37","version" => "1.30"},{"date" => "1997-09-21T08:53:03","version" => "1.31"},{"date" => "1997-09-23T18:45:50","version" => "1.3101"},{"date" => "1998-01-02T18:22:35","version" => "1.32"},{"date" => "1998-01-10T18:24:23","version" => "1.33"},{"date" => "1998-02-03T18:06:41","version" => "1.35"},{"date" => "1998-02-08T08:55:55","version" => "1.36"},{"date" => "1998-06-12T06:51:25","version" => "1.37"},{"date" => "1998-06-14T20:18:08","version" => "1.38"},{"date" => "1998-07-24T20:13:41","version" => "1.40"},{"date" => "1998-12-01T02:20:32","version" => "1.41"},{"date" => "1998-12-01T07:58:35","version" => "1.42"},{"date" => "1998-12-01T22:16:27","version" => "1.43"},{"date" => "1998-12-03T17:07:54","version" => "1.43"},{"date" => "1999-01-09T18:38:33","version" => "1.44"},{"date" => "1999-01-10T19:38:27","version" => "1.44_51"},{"date" => "1999-01-13T12:15:42","version" => "1.44_52"},{"date" => "1999-01-15T09:26:40","version" => "1.44_53"},{"date" => "1999-01-15T09:27:45","version" => "1.44_54"},{"date" => "1999-01-23T14:56:16","version" => "1.45"},{"date" => "1999-01-25T01:43:42","version" => "1.46"},{"date" => "1999-01-25T13:11:23","version" => "1.47"},{"date" => "1999-03-06T19:34:54","version" => "1.48"},{"date" => "1999-05-22T16:45:00","version" => "1.49"},{"date" => "1999-05-23T14:32:20","version" => "1.50"},{"date" => "1999-10-23T03:06:39","version" => "1.50_01"},{"date" => "1999-12-29T22:30:22","version" => "1.51"},{"date" => "2000-01-08T15:32:55","version" => "1.52"},{"date" => "2000-03-23T23:39:41","version" => "1.53"},{"date" => "2000-03-25T22:51:15","version" => "1.54"},{"date" => "2000-07-30T11:15:04","version" => "1.55"},{"date" => "2000-08-01T20:47:09","version" => "1.56"},{"date" => "2000-08-16T12:54:07","version" => "1.57"},{"date" => "2000-08-21T19:44:18","version" => "1.57_51"},{"date" => "2000-08-27T22:09:36","version" => "1.57_53"},{"date" => "2000-08-30T16:54:50","version" => "1.57_54"},{"date" => "2000-08-31T08:11:01","version" => "1.57_55"},{"date" => "2000-08-31T22:16:21","version" => "1.57_56"},{"date" => "2000-09-01T12:18:43","version" => "1.57_57"},{"date" => "2000-09-03T22:19:20","version" => "1.57_58"},{"date" => "2000-09-05T09:44:05","version" => "1.57_59"},{"date" => "2000-09-05T19:55:34","version" => "1.57_60"},{"date" => "2000-09-06T10:54:07","version" => "1.57_61"},{"date" => "2000-09-08T02:19:06","version" => "1.57_62"},{"date" => "2000-09-10T08:54:37","version" => "1.57_65"},{"date" => "2000-09-12T08:46:40","version" => "1.57_66"},{"date" => "2000-09-17T10:24:31","version" => "1.57_67"},{"date" => "2000-10-08T14:25:04","version" => "1.57_68"},{"date" => "2000-10-18T14:53:45","version" => "1.58"},{"date" => "2000-10-21T14:21:06","version" => "1.58_51"},{"date" => "2000-10-25T07:05:38","version" => "1.58_52"},{"date" => "2000-10-26T11:03:29","version" => "1.58_53"},{"date" => "2000-10-26T15:34:21","version" => "1.58_54"},{"date" => "2000-10-27T07:59:03","version" => "1.58_55"},{"date" => "2000-11-04T09:36:53","version" => "1.58_56"},{"date" => "2000-11-06T19:30:27","version" => "1.58_57"},{"date" => "2000-11-08T08:10:51","version" => "1.58_90"},{"date" => "2000-11-13T10:26:38","version" => "1.58_91"},{"date" => "2000-11-14T18:24:18","version" => "1.58_92"},{"date" => "2000-11-15T07:19:56","version" => "1.58_93"},{"date" => "2000-12-01T06:05:58","version" => "1.59"},{"date" => "2000-12-01T08:19:58","version" => "1.59_51"},{"date" => "2000-12-26T13:54:06","version" => "1.59_52"},{"date" => "2001-01-02T16:37:24","version" => "1.59_53"},{"date" => "2001-02-09T21:44:55","version" => "1.59_54"},{"date" => "2002-04-19T13:29:54","version" => "1.60"},{"date" => "2002-04-20T02:18:41","version" => "1.60"},{"date" => "2002-04-21T11:31:25","version" => "1.60"},{"date" => "2002-05-07T10:38:54","version" => "1.61"},{"date" => "2002-07-28T10:51:47","version" => "1.62"},{"date" => "2002-08-30T08:58:10","version" => "1.63"},{"date" => "2003-02-06T10:04:06","version" => "1.64"},{"date" => "2003-02-08T17:10:13","version" => "1.65"},{"date" => "2003-03-04T19:38:21","version" => "1.70"},{"date" => "2003-04-11T04:33:18","version" => "1.70_52"},{"date" => "2003-04-13T12:43:40","version" => "1.70_53"},{"date" => "2003-05-15T21:04:52","version" => "1.70_54"},{"date" => "2003-07-04T09:48:08","version" => "1.71"},{"date" => "2003-07-27T20:35:05","version" => "1.72"},{"date" => "2003-07-28T08:21:47","version" => "1.73"},{"date" => "2003-07-28T22:58:08","version" => "1.74"},{"date" => "2003-07-29T15:14:13","version" => "1.75"},{"date" => "2003-07-31T15:14:02","version" => "1.76"},{"date" => "2003-09-21T21:25:41","version" => "1.76_01"},{"date" => "2005-09-19T06:37:38","version" => "1.76_51"},{"date" => "2005-09-22T07:02:02","version" => "1.76_52"},{"date" => "2005-09-22T07:09:48","version" => "1.76_53"},{"date" => "2005-10-01T08:23:38","version" => "1.76_54"},{"date" => "2005-10-19T06:10:58","version" => "1.76_55"},{"date" => "2005-10-21T04:59:36","version" => "1.76_56"},{"date" => "2005-10-27T07:08:29","version" => "1.76_57"},{"date" => "2005-11-02T04:03:28","version" => "1.76_58"},{"date" => "2005-11-03T06:37:52","version" => "1.76_59"},{"date" => "2005-11-03T07:38:40","version" => "1.76_60"},{"date" => "2005-11-06T10:36:53","version" => "1.76_61"},{"date" => "2005-11-07T04:22:19","version" => "1.76_62"},{"date" => "2005-11-07T04:47:05","version" => "1.76_63"},{"date" => "2005-11-07T21:58:06","version" => "1.76_64"},{"date" => "2005-11-07T22:18:44","version" => "1.76_65"},{"date" => "2005-12-03T10:12:08","version" => "1.80"},{"date" => "2005-12-18T11:29:26","version" => "1.80_51"},{"date" => "2005-12-21T12:13:15","version" => "1.80_53"},{"date" => "2005-12-22T08:42:59","version" => "1.80_54"},{"date" => "2005-12-24T07:25:34","version" => "1.80_55"},{"date" => "2005-12-24T09:59:47","version" => "1.80_56"},{"date" => "2005-12-31T11:58:10","version" => "1.80_57"},{"date" => "2006-01-01T09:01:43","version" => "1.80_58"},{"date" => "2006-01-02T23:15:15","version" => "1.81"},{"date" => "2006-01-04T07:47:25","version" => "1.82"},{"date" => "2006-01-05T08:03:36","version" => "1.83"},{"date" => "2006-01-08T13:35:16","version" => "1.83_51"},{"date" => "2006-01-10T05:00:26","version" => "1.83_52"},{"date" => "2006-01-12T07:54:36","version" => "1.83_53"},{"date" => "2006-01-13T08:20:42","version" => "1.83_54"},{"date" => "2006-01-14T11:34:47","version" => "1.83_55"},{"date" => "2006-01-18T06:03:44","version" => "1.83_56"},{"date" => "2006-01-19T08:00:02","version" => "1.83_57"},{"date" => "2006-01-22T12:05:01","version" => "1.83_58"},{"date" => "2006-01-25T13:10:20","version" => "1.83_59"},{"date" => "2006-01-30T10:35:47","version" => "1.83_60"},{"date" => "2006-01-30T23:18:09","version" => "1.83_61"},{"date" => "2006-01-31T10:28:57","version" => "1.83_62"},{"date" => "2006-02-01T07:49:36","version" => "1.83_63"},{"date" => "2006-02-02T09:17:39","version" => "1.83_64"},{"date" => "2006-02-04T11:20:05","version" => "1.83_65"},{"date" => "2006-02-04T17:05:00","version" => "1.83_66"},{"date" => "2006-02-06T00:46:27","version" => "1.83_67"},{"date" => "2006-02-08T07:43:36","version" => "1.83_68"},{"date" => "2006-02-14T08:17:55","version" => "1.83_69"},{"date" => "2006-02-15T07:01:02","version" => "1.84"},{"date" => "2006-02-19T17:05:36","version" => "1.85"},{"date" => "2006-02-20T08:36:51","version" => "1.86"},{"date" => "2006-02-21T06:05:05","version" => "1.86_51"},{"date" => "2006-02-22T22:29:54","version" => "1.86_52"},{"date" => "2006-02-24T08:24:09","version" => "1.86_53"},{"date" => "2006-02-27T07:01:10","version" => "1.87"},{"date" => "2006-03-06T08:02:28","version" => "1.87_51"},{"date" => "2006-07-21T22:33:11","version" => "1.87_52"},{"date" => "2006-07-22T18:55:13","version" => "1.87_53"},{"date" => "2006-07-23T21:37:11","version" => "1.87_54"},{"date" => "2006-07-29T19:36:50","version" => "1.87_55"},{"date" => "2006-08-24T05:57:41","version" => "1.87_56"},{"date" => "2006-08-26T17:05:56","version" => "1.87_57"},{"date" => "2006-08-31T06:50:49","version" => "1.87_58"},{"date" => "2006-09-03T21:05:29","version" => "1.87_59"},{"date" => "2006-09-10T11:57:33","version" => "1.87_61"},{"date" => "2006-09-11T21:24:18","version" => "1.87_62"},{"date" => "2006-09-13T05:44:15","version" => "1.87_63"},{"date" => "2006-09-16T11:02:25","version" => "1.87_64"},{"date" => "2006-09-19T03:44:51","version" => "1.87_65"},{"date" => "2006-09-21T20:30:41","version" => "1.88"},{"date" => "2006-09-22T20:40:40","version" => "1.8801"},{"date" => "2006-09-30T10:41:20","version" => "1.88_51"},{"date" => "2006-10-03T09:51:49","version" => "1.88_52"},{"date" => "2006-10-09T19:31:56","version" => "1.88_53"},{"date" => "2006-10-14T09:37:15","version" => "1.88_54"},{"date" => "2006-10-16T06:59:27","version" => "1.88_55"},{"date" => "2006-10-22T10:34:16","version" => "1.88_56"},{"date" => "2006-10-23T07:17:30","version" => "1.8802"},{"date" => "2006-10-24T07:18:16","version" => "1.88_57"},{"date" => "2006-10-28T15:00:07","version" => "1.88_58"},{"date" => "2006-11-05T21:24:52","version" => "1.88_59"},{"date" => "2006-11-10T08:39:55","version" => "1.88_61"},{"date" => "2006-11-13T07:44:27","version" => "1.88_62"},{"date" => "2006-11-29T08:11:50","version" => "1.88_63"},{"date" => "2006-12-04T07:53:37","version" => "1.88_64"},{"date" => "2006-12-11T21:36:04","version" => "1.88_65"},{"date" => "2006-12-19T08:21:17","version" => "1.88_66"},{"date" => "2006-12-31T17:18:53","version" => "1.88_67"},{"date" => "2007-01-07T21:22:12","version" => "1.88_68"},{"date" => "2007-01-08T03:42:56","version" => "1.88_69"},{"date" => "2007-01-27T16:57:49","version" => "1.88_71"},{"date" => "2007-01-31T07:11:33","version" => "1.88_72"},{"date" => "2007-02-13T05:24:13","version" => "1.88_73"},{"date" => "2007-02-15T07:12:17","version" => "1.88_74"},{"date" => "2007-02-18T16:52:49","version" => "1.88_75"},{"date" => "2007-02-19T06:20:20","version" => "1.88_76"},{"date" => "2007-02-19T21:26:47","version" => "1.88_77"},{"date" => "2007-03-05T23:26:57","version" => "1.88_78"},{"date" => "2007-03-16T01:54:55","version" => "1.88_79"},{"date" => "2007-04-07T07:41:18","version" => "1.90"},{"date" => "2007-04-19T07:03:03","version" => "1.91"},{"date" => "2007-04-23T00:09:11","version" => "1.9101"},{"date" => "2007-05-08T20:35:04","version" => "1.9102"},{"date" => "2007-07-07T16:15:40","version" => "1.91_51"},{"date" => "2007-07-14T18:45:58","version" => "1.91_52"},{"date" => "2007-08-09T06:49:38","version" => "1.91_53"},{"date" => "2007-09-14T21:18:33","version" => "1.91_54"},{"date" => "2007-09-15T07:14:26","version" => "1.91_55"},{"date" => "2007-09-23T11:15:08","version" => "1.92"},{"date" => "2007-09-27T07:11:10","version" => "1.9201"},{"date" => "2007-09-28T06:58:04","version" => "1.9202"},{"date" => "2007-09-28T07:13:26","version" => "1.9203"},{"date" => "2007-11-04T23:04:18","version" => "1.92_51"},{"date" => "2007-11-05T23:30:06","version" => "1.9204"},{"date" => "2007-11-11T11:27:20","version" => "1.92_52"},{"date" => "2007-11-11T18:49:37","version" => "1.9205"},{"date" => "2007-12-09T23:27:18","version" => "1.92_53"},{"date" => "2007-12-27T04:57:34","version" => "1.92_54"},{"date" => "2007-12-30T15:24:13","version" => "1.92_55"},{"date" => "2008-02-04T21:56:28","version" => "1.92_56"},{"date" => "2008-02-27T05:13:49","version" => "1.92_57"},{"date" => "2008-03-12T07:56:18","version" => "1.92_58"},{"date" => "2008-03-16T18:57:04","version" => "1.92_59"},{"date" => "2008-03-26T07:53:08","version" => "1.92_60"},{"date" => "2008-04-25T04:47:52","version" => "1.92_61"},{"date" => "2008-05-23T04:07:04","version" => "1.92_62"},{"date" => "2008-06-19T06:42:18","version" => "1.92_63"},{"date" => "2008-09-03T05:27:35","version" => "1.92_64"},{"date" => "2008-09-14T09:54:03","version" => "1.92_65"},{"date" => "2008-09-29T23:15:10","version" => "1.92_66"},{"date" => "2008-10-12T16:07:51","version" => "1.93"},{"date" => "2008-10-13T19:37:43","version" => "1.9301"},{"date" => "2009-01-11T22:07:01","version" => "1.93_02"},{"date" => "2009-02-01T12:38:23","version" => "1.93_03"},{"date" => "2009-02-01T21:06:21","version" => "1.93_51"},{"date" => "2009-02-28T15:58:39","version" => "1.9304"},{"date" => "2009-04-13T19:24:43","version" => "1.93_52"},{"date" => "2009-05-04T06:11:28","version" => "1.93_53"},{"date" => "2009-05-07T20:13:16","version" => "1.93_54"},{"date" => "2009-05-24T05:37:28","version" => "1.94"},{"date" => "2009-06-14T19:53:52","version" => "1.94_01"},{"date" => "2009-06-27T02:55:22","version" => "1.9402"},{"date" => "2009-09-14T02:47:24","version" => "1.94_51"},{"date" => "2009-10-15T19:33:19","version" => "1.94_52"},{"date" => "2009-12-18T07:00:09","version" => "1.94_53"},{"date" => "2010-01-14T08:01:42","version" => "1.94_54"},{"date" => "2010-02-03T03:43:49","version" => "1.94_55"},{"date" => "2010-02-17T13:39:33","version" => "1.94_56"},{"date" => "2010-05-24T19:33:41","version" => "1.94_57"},{"date" => "2010-06-24T06:34:13","version" => "1.94_58"},{"date" => "2010-09-26T20:23:30","version" => "1.94_59"},{"date" => "2010-09-28T20:44:58","version" => "1.94_60"},{"date" => "2010-10-03T17:29:37","version" => "1.94_61"},{"date" => "2010-10-26T06:43:51","version" => "1.94_62"},{"date" => "2011-01-16T17:58:10","version" => "1.94_63"},{"date" => "2011-01-21T04:58:35","version" => "1.94_64"},{"date" => "2011-02-14T12:10:12","version" => "1.94_65"},{"date" => "2011-03-12T11:30:03","version" => "1.9600"},{"date" => "2011-06-27T06:56:01","version" => "1.97_51"},{"date" => "2011-08-07T09:40:33","version" => "1.9800"},{"date" => "2012-10-16T21:42:49","version" => "1.99_51"},{"date" => "2013-02-06T07:41:54","version" => "2.00-TRIAL"},{"date" => "2013-04-12T16:57:44","version" => "2.00"},{"date" => "2013-06-22T20:27:32","version" => "2.01-TRIAL"},{"date" => "2013-06-23T07:33:40","version" => "2.02-TRIAL"},{"date" => "2013-09-15T09:42:33","version" => "2.03-TRIAL"},{"date" => "2014-03-18T22:33:22","version" => "2.04-TRIAL"},{"date" => "2014-03-31T20:55:24","version" => "2.05-TRIAL"},{"date" => "2014-04-04T02:07:20","version" => "2.05-TRIAL2"},{"date" => "2014-04-18T13:35:51","version" => "2.05"},{"date" => "2014-08-06T19:32:53","version" => "2.06-TRIAL"},{"date" => "2015-01-04T18:54:54","version" => "2.06-TRIAL"},{"date" => "2015-01-05T06:31:55","version" => "2.08-TRIAL"},{"date" => "2015-02-02T04:41:02","version" => "2.09-TRIAL"},{"date" => "2015-02-22T15:57:42","version" => "2.10-TRIAL"},{"date" => "2015-03-13T07:45:04","version" => "2.10"},{"date" => "2015-12-31T11:00:08","version" => "2.12-TRIAL"},{"date" => "2016-05-16T09:56:01","version" => "2.13-TRIAL"},{"date" => "2016-06-04T14:41:28","version" => "2.14-TRIAL"},{"date" => "2016-06-25T04:32:45","version" => "2.14"},{"date" => "2016-07-17T12:10:30","version" => "2.15-TRIAL"},{"date" => "2017-01-16T16:20:27","version" => "2.16-TRIAL"},{"date" => "2017-01-16T21:27:06","version" => "2.16-TRIAL2"},{"date" => "2017-02-14T16:22:20","version" => "2.16"},{"date" => "2017-02-15T09:37:10","version" => "2.17-TRIAL"},{"date" => "2017-02-16T09:48:46","version" => "2.17-TRIAL2"},{"date" => "2017-03-30T21:38:23","version" => "2.18-TRIAL"},{"date" => "2017-11-04T23:27:47","version" => "2.19-TRIAL"},{"date" => "2017-11-26T22:10:39","version" => "2.20-TRIAL"},{"date" => "2018-09-22T20:46:35","version" => "2.21-TRIAL"},{"date" => "2018-12-16T10:35:04","version" => "2.22-TRIAL"},{"date" => "2018-12-23T09:11:29","version" => "2.22"},{"date" => "2019-02-10T20:28:53","version" => "2.23-TRIAL"},{"date" => "2019-02-14T21:21:03","version" => "2.24-TRIAL"},{"date" => "2019-02-16T05:56:23","version" => "2.25-TRIAL"},{"date" => "2019-03-03T06:27:10","version" => "2.25"},{"date" => "2019-03-19T00:04:34","version" => "2.26"},{"date" => "2019-05-31T21:11:50","version" => "2.27-TRIAL"},{"date" => "2019-06-09T05:48:20","version" => "2.27-TRIAL2"},{"date" => "2019-07-03T20:15:40","version" => "2.27"},{"date" => "2020-04-03T02:52:43","version" => "2.28-TRIAL"},{"date" => "2020-06-13T04:57:39","version" => "2.28"},{"date" => "2021-11-23T16:58:45","version" => "2.29"},{"date" => "2021-12-12T09:16:03","version" => "2.30-TRIAL"},{"date" => "2021-12-14T20:52:30","version" => "2.31-TRIAL"},{"date" => "2021-12-26T21:35:55","version" => "2.32-TRIAL"},{"date" => "2022-01-21T04:09:07","version" => "2.33-TRIAL"},{"date" => "2022-03-27T17:53:47","version" => "2.33"},{"date" => "2022-04-03T19:19:13","version" => "2.34-TRIAL"},{"date" => "2022-04-17T17:40:25","version" => "2.34"},{"date" => "2023-04-15T14:44:27","version" => "2.35-TRIAL"},{"date" => "2023-04-27T13:05:07","version" => "2.35"},{"date" => "2023-05-10T07:08:30","version" => "2.36-TRIAL"},{"date" => "2023-05-14T19:36:11","version" => "2.36"},{"date" => "2024-08-18T17:03:50","version" => "2.37-TRIAL"},{"date" => "2024-08-30T17:18:31","version" => "2.37"},{"date" => "2024-10-03T10:21:39","version" => "2.38-TRIAL"},{"date" => "2024-10-13T11:32:53","version" => "2.38-TRIAL2"},{"date" => "2024-11-17T19:52:34","version" => "2.38"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.2401"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "1.3901"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.59_56"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.76_02"},{"date" => "2009-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011003","version" => "1.94_5301"},{"date" => "2011-09-26T00:00:00","dual_lived" => 1,"perl_release" => "5.014002","version" => "1.9600_01"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.03"},{"date" => "2014-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019010","version" => "2.04"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "2.11"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.11_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "2.14_01"},{"date" => "2017-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025010","version" => "2.17"},{"date" => "2017-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025012","version" => "2.18"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "2.20"},{"date" => "2018-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029004","version" => "2.21"}]},"CPAN-Checksums" => {"advisories" => [{"affected_versions" => ["<=2.12"],"cves" => ["CVE-2020-16155"],"description" => "The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.\n","distribution" => "CPAN-Checksums","fixed_versions" => [">=2.13"],"id" => "CPANSA-CPAN-Checksums-2020-16155","references" => ["https://metacpan.org/pod/CPAN::Checksums","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/"],"reported" => "2021-12-13","severity" => "medium"}],"main_module" => "CPAN::Checksums","versions" => [{"date" => "2000-12-10T09:31:19","version" => "1.003"},{"date" => "2000-12-11T08:49:05","version" => "1.004"},{"date" => "2000-12-11T10:20:16","version" => "1.006"},{"date" => "2000-12-11T13:38:18","version" => "1.007"},{"date" => "2000-12-13T11:24:09","version" => "1.008"},{"date" => "2002-03-31T20:27:49","version" => "1.009"},{"date" => "2002-10-06T17:22:35","version" => "1.0"},{"date" => "2002-10-07T08:56:12","version" => "1.011"},{"date" => "2003-02-02T10:26:00","version" => "1.014"},{"date" => "2003-02-03T15:44:57","version" => "1.015"},{"date" => "2003-02-03T19:21:46","version" => "1.016"},{"date" => "2005-01-24T07:59:41","version" => "1.018"},{"date" => "2005-10-31T07:27:02","version" => "1.032"},{"date" => "2005-11-11T07:16:04","version" => "1.039"},{"date" => "2006-05-01T13:34:41","version" => "1.048"},{"date" => "2006-05-09T03:30:39","version" => "1.050"},{"date" => "2007-08-05T12:10:58","version" => "1.061"},{"date" => "2007-10-09T03:09:45","version" => "1.064"},{"date" => "2008-05-17T05:26:24","version" => "2.00"},{"date" => "2008-09-03T19:33:28","version" => "2.01"},{"date" => "2008-10-31T06:54:59","version" => "2.02"},{"date" => "2009-09-20T01:50:36","version" => "2.03"},{"date" => "2009-09-28T04:10:09","version" => "2.04"},{"date" => "2010-01-23T05:39:17","version" => "2.05"},{"date" => "2010-10-24T12:13:44","version" => "2.06"},{"date" => "2010-11-20T22:18:39","version" => "2.07"},{"date" => "2011-08-30T06:32:02","version" => "2.08"},{"date" => "2014-04-04T04:06:11","version" => "2.09"},{"date" => "2015-04-11T05:48:38","version" => "2.10"},{"date" => "2016-04-09T05:42:27","version" => "2.11"},{"date" => "2016-06-14T02:42:03","version" => "2.12"},{"date" => "2021-11-23T16:57:18","version" => "2.13"},{"date" => "2021-12-04T10:00:42","version" => "2.14"}]},"Capture-Tiny" => {"advisories" => [{"affected_versions" => ["<0.24"],"cves" => ["CVE-2014-1875"],"description" => "The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.\n","distribution" => "Capture-Tiny","fixed_versions" => [">=0.24"],"id" => "CPANSA-Capture-Tiny-2014-1875","references" => ["http://osvdb.org/102963","https://bugzilla.redhat.com/show_bug.cgi?id=1062424","http://www.securityfocus.com/bid/65475","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737835","https://github.com/dagolden/Capture-Tiny/issues/16","http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128882.html","https://github.com/dagolden/Capture-Tiny/commit/635c9eabd52ab8042b0c841823bd6e692de87924","http://cpansearch.perl.org/src/DAGOLDEN/Capture-Tiny-0.24/Changes","http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128823.html","http://seclists.org/oss-sec/2014/q1/272","http://seclists.org/oss-sec/2014/q1/267","http://secunia.com/advisories/56823","https://exchange.xforce.ibmcloud.com/vulnerabilities/91464"],"reported" => "2014-10-06","severity" => undef}],"main_module" => "Capture::Tiny","versions" => [{"date" => "2009-02-14T04:25:26","version" => "0.01"},{"date" => "2009-02-17T22:26:18","version" => "0.02"},{"date" => "2009-02-20T18:09:46","version" => "0.03"},{"date" => "2009-02-25T14:29:32","version" => "0.04"},{"date" => "2009-03-03T11:58:12","version" => "0.05"},{"date" => "2009-04-21T11:07:47","version" => "0.05_51"},{"date" => "2009-05-07T10:57:33","version" => "0.06"},{"date" => "2010-01-24T05:21:56","version" => "0.07"},{"date" => "2010-06-20T23:17:16","version" => "0.08"},{"date" => "2011-01-28T04:53:00","version" => "0.09"},{"date" => "2011-02-07T12:02:15","version" => "0.10"},{"date" => "2011-05-20T03:35:28","version" => "0.11"},{"date" => "2011-12-01T22:00:04","version" => "0.12"},{"date" => "2011-12-02T18:40:05","version" => "0.13"},{"date" => "2011-12-22T15:16:31","version" => "0.14"},{"date" => "2011-12-23T16:12:30","version" => "0.15"},{"date" => "2012-02-13T02:06:15","version" => "0.16"},{"date" => "2012-02-22T13:09:42","version" => "0.17"},{"date" => "2012-03-07T23:25:31","version" => "0.17_51"},{"date" => "2012-03-09T16:46:53","version" => "0.17_52"},{"date" => "2012-05-04T20:33:43","version" => "0.18"},{"date" => "2012-08-07T00:28:08","version" => "0.19"},{"date" => "2012-09-19T17:22:24","version" => "0.20"},{"date" => "2012-11-15T00:13:08","version" => "0.21"},{"date" => "2013-03-27T19:52:10","version" => "0.22"},{"date" => "2013-10-20T15:28:15","version" => "0.23"},{"date" => "2014-02-06T22:18:06","version" => "0.24"},{"date" => "2014-08-16T14:09:48","version" => "0.25"},{"date" => "2014-11-04T11:57:19","version" => "0.26"},{"date" => "2014-11-05T04:12:33","version" => "0.27"},{"date" => "2015-02-11T11:41:44","version" => "0.28"},{"date" => "2015-04-19T16:44:50","version" => "0.29"},{"date" => "2015-05-16T00:45:01","version" => "0.30"},{"date" => "2016-02-14T14:39:55","version" => "0.31"},{"date" => "2016-02-18T15:14:06","version" => "0.32"},{"date" => "2016-02-19T04:29:41","version" => "0.34"},{"date" => "2016-02-29T02:38:12","version" => "0.36"},{"date" => "2016-05-02T11:09:27","version" => "0.37"},{"date" => "2016-05-02T14:24:23","version" => "0.39"},{"date" => "2016-05-23T15:45:16","version" => "0.40"},{"date" => "2016-05-23T16:01:05","version" => "0.41"},{"date" => "2016-05-31T16:41:30","version" => "0.42"},{"date" => "2016-08-05T18:02:43","version" => "0.44"},{"date" => "2017-02-23T18:32:44","version" => "0.45"},{"date" => "2017-02-25T19:26:54","version" => "0.46"},{"date" => "2017-07-26T14:36:03","version" => "0.47"},{"date" => "2018-04-22T07:09:08","version" => "0.48"},{"date" => "2024-12-16T13:11:27","version" => "0.49"},{"date" => "2024-12-19T13:16:05","version" => "0.50"}]},"Catalyst-Action-REST" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "YAML and YAML::HTML parsers are a potential security hole, as they may allow arbitrary Perl objects to be instantiated.\n","distribution" => "Catalyst-Action-REST","fixed_versions" => [">=1.12"],"id" => "CPANSA-Catalyst-Action-REST-2013-01","references" => ["https://metacpan.org/dist/Catalyst-Action-REST/changes"],"reported" => "2013-09-03","severity" => undef}],"main_module" => "Catalyst::Action::REST","versions" => [{"date" => "2006-11-20T03:15:08","version" => "0.1"},{"date" => "2006-12-01T01:42:22","version" => "0.2"},{"date" => "2006-12-04T00:22:45","version" => "0.30"},{"date" => "2006-12-06T08:48:49","version" => "0.31"},{"date" => "2007-03-10T00:44:35","version" => "0.40"},{"date" => "2007-05-24T21:09:40","version" => "0.41"},{"date" => "2007-07-07T19:33:22","version" => "0.50"},{"date" => "2008-01-04T01:33:04","version" => "0.60"},{"date" => "2008-06-30T19:30:56","version" => "0.61"},{"date" => "2008-07-02T15:25:10","version" => "0.62"},{"date" => "2008-08-07T17:14:34","version" => "0.63"},{"date" => "2008-08-14T16:09:53","version" => "0.64"},{"date" => "2008-08-20T17:45:46","version" => "0.65"},{"date" => "2008-08-22T18:24:57","version" => "0.66"},{"date" => "2009-03-25T16:38:07","version" => "0.67_01"},{"date" => "2009-03-26T05:04:33","version" => "0.67"},{"date" => "2009-03-26T05:37:53","version" => "0.68"},{"date" => "2009-03-26T21:19:43","version" => "0.69"},{"date" => "2009-03-28T06:23:19","version" => "0.70"},{"date" => "2009-03-28T16:19:10","version" => "0.71"},{"date" => "2009-06-25T18:56:47","version" => "0.72"},{"date" => "2009-06-28T00:22:51","version" => "0.73"},{"date" => "2009-07-22T23:12:44","version" => "0.74"},{"date" => "2009-08-17T13:11:15","version" => "0.75"},{"date" => "2009-08-21T20:42:44","version" => "0.76"},{"date" => "2009-08-27T01:26:49","version" => "0.77"},{"date" => "2009-09-28T14:05:11","version" => "0.78"},{"date" => "2009-12-11T01:11:49","version" => "0.79"},{"date" => "2009-12-19T14:59:13","version" => "0.80"},{"date" => "2010-01-14T20:56:56","version" => "0.81"},{"date" => "2010-02-04T22:35:05","version" => "0.82"},{"date" => "2010-02-08T22:24:29","version" => "0.83"},{"date" => "2010-05-06T08:34:09","version" => "0.84"},{"date" => "2010-05-13T08:15:30","version" => "0.85"},{"date" => "2010-09-01T22:17:14","version" => "0.86"},{"date" => "2010-11-03T19:48:23","version" => "0.87"},{"date" => "2011-01-11T23:12:42","version" => "0.88"},{"date" => "2011-01-24T21:59:02","version" => "0.89"},{"date" => "2011-02-25T13:58:06","version" => "0.90"},{"date" => "2011-08-04T12:46:05","version" => "0.91"},{"date" => "2011-10-01T10:11:59","version" => "0.91"},{"date" => "2011-10-12T18:35:31","version" => "0.93"},{"date" => "2011-12-09T08:51:25","version" => "0.94"},{"date" => "2012-01-04T19:54:14","version" => "0.95"},{"date" => "2012-01-30T11:32:44","version" => "0.96"},{"date" => "2012-02-21T10:06:13","version" => "0.97"},{"date" => "2012-02-21T11:44:32","version" => "0.98"},{"date" => "2012-02-28T09:14:17","version" => "0.99"},{"date" => "2012-04-13T08:37:31","version" => "1.00"},{"date" => "2012-05-29T20:02:44","version" => "1.01"},{"date" => "2012-06-05T21:45:05","version" => "1.02"},{"date" => "2012-06-27T23:52:31","version" => "1.03"},{"date" => "2012-06-30T09:32:24","version" => "1.04"},{"date" => "2012-07-02T19:16:30","version" => "1.05"},{"date" => "2012-12-11T22:13:48","version" => "1.06"},{"date" => "2013-04-11T19:25:51","version" => "1.07"},{"date" => "2013-04-16T07:36:02","version" => "1.08"},{"date" => "2013-04-19T12:43:57","version" => "1.09"},{"date" => "2013-04-22T13:43:09","version" => "1.10"},{"date" => "2013-06-16T14:28:48","version" => "1.11"},{"date" => "2013-09-11T17:50:54","version" => "1.12"},{"date" => "2013-11-08T15:49:54","version" => "1.13"},{"date" => "2013-12-27T21:33:09","version" => "1.14"},{"date" => "2014-05-07T14:04:03","version" => "1.15"},{"date" => "2014-09-12T18:22:35","version" => "1.16"},{"date" => "2014-10-24T00:59:39","version" => "1.17"},{"date" => "2015-01-20T18:22:02","version" => "1.18"},{"date" => "2015-02-06T15:40:56","version" => "1.19"},{"date" => "2015-10-29T20:34:02","version" => "1.20"},{"date" => "2017-12-05T15:16:47","version" => "1.21"}]},"Catalyst-Authentication-Credential-HTTP" => {"advisories" => [{"affected_versions" => ["<=1.018"],"cves" => ["CVE-2025-40920"],"description" => "Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.   *  Data::UUID does not use a strong cryptographic source for generating UUIDs.   *  Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.   *  The nonces should be generated from a strong cryptographic source, as per RFC 7616.\n","distribution" => "Catalyst-Authentication-Credential-HTTP","fixed_versions" => [">=1.019"],"id" => "CPANSA-Catalyst-Authentication-Credential-HTTP-2025-40920","references" => ["https://datatracker.ietf.org/doc/html/rfc7616#section-5.12","https://datatracker.ietf.org/doc/html/rfc9562#name-security-considerations","https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1","https://metacpan.org/release/ETHER/Catalyst-Authentication-Credential-HTTP-1.018/source/lib/Catalyst/Authentication/Credential/HTTP.pm#L391","https://security.metacpan.org/patches/C/Catalyst-Authentication-Credential-HTTP/1.018/CVE-2025-40920-r1.patch"],"reported" => "2025-08-11","severity" => undef}],"main_module" => "Catalyst::Authentication::Credential::HTTP","versions" => [{"date" => "2008-09-01T13:41:15","version" => "1.000"},{"date" => "2008-09-02T18:15:58","version" => "1.001"},{"date" => "2008-09-03T00:16:26","version" => "1.002"},{"date" => "2008-09-11T14:35:17","version" => "1.003"},{"date" => "2008-09-11T18:06:53","version" => "0.12"},{"date" => "2008-09-12T18:21:26","version" => "1.004"},{"date" => "2008-09-25T22:13:58","version" => "1.005"},{"date" => "2008-10-06T18:56:06","version" => "1.006"},{"date" => "2008-11-19T09:41:15","version" => "1.007"},{"date" => "2008-12-10T23:58:04","version" => "1.008"},{"date" => "2009-01-04T21:37:39","version" => "1.009"},{"date" => "2009-05-14T08:34:09","version" => "1.010"},{"date" => "2009-06-27T04:00:10","version" => "1.011"},{"date" => "2010-03-07T21:07:20","version" => "1.012"},{"date" => "2010-12-14T22:03:35","version" => "1.013"},{"date" => "2012-02-05T18:51:03","version" => "1.014"},{"date" => "2012-06-27T18:43:56","version" => "1.015"},{"date" => "2013-07-27T20:38:37","version" => "1.016"},{"date" => "2017-06-27T23:22:26","version" => "1.017"},{"date" => "2017-06-28T00:29:58","version" => "1.018"},{"date" => "2025-08-20T17:38:38","version" => "1.019"}]},"Catalyst-Authentication-Store-LDAP" => {"advisories" => [{"affected_versions" => ["<1.013"],"cves" => [],"description" => "Incorrect password check binds to the unauthenticated user.\n","distribution" => "Catalyst-Authentication-Store-LDAP","fixed_versions" => [">=1.013"],"id" => "CPANSA-Catalyst-Authentication-Store-LDAP-2012-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=81908"],"reported" => "2012-12-11","severity" => "high"}],"main_module" => "Catalyst::Authentication::Store::LDAP","versions" => [{"date" => "2008-02-05T18:18:24","version" => "0.1000"},{"date" => "2008-04-10T02:06:58","version" => "0.1001"},{"date" => "2008-07-09T20:45:43","version" => "0.1002"},{"date" => "2008-09-10T13:21:33","version" => "0.1003"},{"date" => "2008-10-22T01:57:27","version" => "0.1003"},{"date" => "2009-05-01T02:34:18","version" => "0.1005"},{"date" => "2009-12-11T18:54:26","version" => "1.006"},{"date" => "2010-03-19T10:07:13","version" => "1.007"},{"date" => "2010-04-03T03:04:13","version" => "1.008"},{"date" => "2010-05-15T07:14:41","version" => "1.009"},{"date" => "2010-07-06T21:39:55","version" => "1.010"},{"date" => "2010-07-07T20:41:22","version" => "1.011"},{"date" => "2010-10-05T08:11:56","version" => "1.012"},{"date" => "2013-01-09T14:58:46","version" => "1.013"},{"date" => "2013-04-26T19:51:28","version" => "1.014"},{"date" => "2015-02-20T18:07:31","version" => "1.015"},{"date" => "2016-02-11T17:50:52","version" => "1.016"},{"date" => "2021-05-26T09:59:28","version" => "1.017"}]},"Catalyst-Controller-Combine" => {"advisories" => [{"affected_versions" => ["<0.12"],"cves" => [],"description" => "Allows to use url-encoded path-parts to crawl along the file system and read files outside the intended directory.\n","distribution" => "Catalyst-Controller-Combine","fixed_versions" => [">=0.12"],"id" => "CPANSA-Catalyst-Controller-Combine-2010-01","references" => ["https://metacpan.org/changes/distribution/Catalyst-Controller-Combine"],"reported" => "2010-05-21"}],"main_module" => "Catalyst::Controller::Combine","versions" => [{"date" => "2009-07-11T17:58:25","version" => "0.06"},{"date" => "2009-07-13T06:49:00","version" => "0.07"},{"date" => "2009-10-24T12:48:21","version" => "0.08"},{"date" => "2010-03-13T19:31:13","version" => "0.09"},{"date" => "2010-03-27T18:44:05","version" => "0.10"},{"date" => "2010-06-21T20:47:02","version" => "0.12"},{"date" => "2011-07-28T19:53:12","version" => "0.13"},{"date" => "2012-02-20T20:59:00","version" => "0.14"},{"date" => "2012-05-04T10:43:12","version" => "0.15"}]},"Catalyst-Plugin-Session" => {"advisories" => [{"affected_versions" => ["<0.44"],"cves" => ["CVE-2025-40924"],"description" => "Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.  The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Catalyst-Plugin-Session","fixed_versions" => [">=0.44"],"id" => "CPANSA-Catalyst-Plugin-Session-2025-40924","references" => ["https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/c0e2b4ab1e42ebce1008286db8c571b6ee98c22c.patch","https://github.com/perl-catalyst/Catalyst-Plugin-Session/pull/5","https://metacpan.org/release/HAARG/Catalyst-Plugin-Session-0.43/source/lib/Catalyst/Plugin/Session.pm#L632"],"reported" => "2025-07-17","severity" => undef}],"main_module" => "Catalyst::Plugin::Session","versions" => [{"date" => "2005-11-14T20:45:06","version" => "0.01"},{"date" => "2005-11-23T12:29:16","version" => "0.02"},{"date" => "2005-12-26T08:24:04","version" => "0.03"},{"date" => "2005-12-28T11:51:50","version" => "0.04"},{"date" => "2006-01-01T10:45:07","version" => "0.05"},{"date" => "2006-07-29T16:35:24","version" => "0.06"},{"date" => "2006-07-31T11:24:16","version" => "0.07"},{"date" => "2006-07-31T12:11:58","version" => "0.08"},{"date" => "2006-07-31T18:24:07","version" => "0.09"},{"date" => "2006-08-01T08:08:13","version" => "0.10"},{"date" => "2006-08-10T15:03:04","version" => "0.11"},{"date" => "2006-08-26T17:55:09","version" => "0.12"},{"date" => "2006-10-12T19:54:32","version" => "0.13"},{"date" => "2007-01-31T11:24:20","version" => "0.14"},{"date" => "2007-06-24T15:17:44","version" => "0.15"},{"date" => "2007-07-03T14:40:50","version" => "0.16"},{"date" => "2007-07-16T10:20:50","version" => "0.17"},{"date" => "2007-08-15T18:06:22","version" => "0.18"},{"date" => "2007-10-08T18:18:10","version" => "0.19"},{"date" => "2009-01-09T02:13:40","version" => "0.19_01"},{"date" => "2009-02-05T14:50:15","version" => "0.20"},{"date" => "2009-04-30T20:54:07","version" => "0.21"},{"date" => "2009-05-13T21:00:18","version" => "0.22"},{"date" => "2009-06-16T19:43:53","version" => "0.23"},{"date" => "2009-06-23T08:20:00","version" => "0.24"},{"date" => "2009-07-08T21:54:31","version" => "0.25"},{"date" => "2009-08-19T21:23:25","version" => "0.26"},{"date" => "2009-10-06T08:45:28","version" => "0.26_01"},{"date" => "2009-10-08T21:38:42","version" => "0.27"},{"date" => "2009-10-29T09:59:18","version" => "0.28"},{"date" => "2009-11-04T23:43:22","version" => "0.29"},{"date" => "2010-06-24T12:54:05","version" => "0.30"},{"date" => "2010-10-08T14:39:33","version" => "0.31"},{"date" => "2011-06-08T12:05:42","version" => "0.32"},{"date" => "2012-03-26T10:03:59","version" => "0.33"},{"date" => "2012-04-02T14:51:39","version" => "0.34"},{"date" => "2012-04-24T08:24:54","version" => "0.35"},{"date" => "2012-10-19T22:40:25","version" => "0.36"},{"date" => "2013-02-25T14:04:31","version" => "0.37"},{"date" => "2013-09-18T14:03:08","version" => "0.38"},{"date" => "2013-10-16T15:09:02","version" => "0.39"},{"date" => "2015-01-27T01:20:24","version" => "0.40"},{"date" => "2018-12-06T02:31:20","version" => "0.41"},{"date" => "2022-05-31T00:20:53","version" => "0.42"},{"date" => "2022-06-03T14:15:38","version" => "0.43"},{"date" => "2025-07-16T14:18:57","version" => "0.44"}]},"Catalyst-Plugin-Static" => {"advisories" => [{"affected_versions" => ["<0.10"],"cves" => [],"description" => "Serving files outside of \$config->{root} directory.\n","distribution" => "Catalyst-Plugin-Static","fixed_versions" => [">=0.10"],"id" => "CPANSA-Catalyst-Plugin-Static-2005-01","reported" => "2005-11-14"}],"main_module" => "Catalyst::Plugin::Static","versions" => [{"date" => "2005-01-29T00:00:20","version" => "0.01"},{"date" => "2005-02-19T20:28:50","version" => "0.02"},{"date" => "2005-03-17T01:01:03","version" => "0.03"},{"date" => "2005-03-17T19:10:36","version" => "0.04"},{"date" => "2005-03-21T13:34:27","version" => "0.05"},{"date" => "2005-03-23T06:48:05","version" => "0.05"},{"date" => "2005-04-15T16:58:18","version" => "0.06"},{"date" => "2005-04-17T14:50:45","version" => "0.07"},{"date" => "2005-09-06T13:42:42","version" => "0.08"},{"date" => "2005-11-14T08:38:35","version" => "0.09"},{"date" => "2005-11-14T10:26:31","version" => "0.10"},{"date" => "2009-10-18T18:13:00","version" => "0.11"}]},"Catalyst-Plugin-Static-Simple" => {"advisories" => [{"affected_versions" => ["<0.34"],"cves" => ["CVE-2017-16248"],"description" => "The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.\n","distribution" => "Catalyst-Plugin-Static-Simple","fixed_versions" => [">=0.34"],"id" => "CPANSA-Catalyst-Plugin-Static-Simple-2017-01","references" => ["https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","https://metacpan.org/pod/CPAN::Checksums"],"reported" => "2017-10-31"}],"main_module" => "Catalyst::Plugin::Static::Simple","versions" => [{"date" => "2005-08-12T01:37:04","version" => "0.01"},{"date" => "2005-08-16T22:09:54","version" => "0.02"},{"date" => "2005-08-22T03:44:24","version" => "0.03"},{"date" => "2005-08-22T15:59:08","version" => "0.04"},{"date" => "2005-08-26T15:58:06","version" => "0.05"},{"date" => "2005-09-05T19:36:58","version" => "0.06"},{"date" => "2005-09-06T01:07:28","version" => "0.07"},{"date" => "2005-09-07T22:52:21","version" => "0.08"},{"date" => "2005-10-07T17:40:16","version" => "0.09"},{"date" => "2005-10-19T21:19:04","version" => "0.10"},{"date" => "2005-11-14T00:28:01","version" => "0.11"},{"date" => "2005-12-15T14:56:40","version" => "0.13"},{"date" => "2006-03-24T16:18:59","version" => "0.14"},{"date" => "2006-07-05T16:35:54","version" => "0.14"},{"date" => "2006-12-09T03:25:57","version" => "0.15"},{"date" => "2007-04-30T18:48:25","version" => "0.16"},{"date" => "2007-05-11T14:52:16","version" => "0.17"},{"date" => "2007-07-01T04:12:31","version" => "0.18"},{"date" => "2007-07-02T20:54:05","version" => "0.19"},{"date" => "2007-09-24T13:50:15","version" => "0.20"},{"date" => "2009-03-29T18:47:56","version" => "0.21"},{"date" => "2009-08-21T16:21:17","version" => "0.22"},{"date" => "2009-10-06T16:51:19","version" => "0.23"},{"date" => "2009-10-18T18:12:48","version" => "0.24"},{"date" => "2009-10-22T20:49:26","version" => "0.25"},{"date" => "2009-12-06T12:32:46","version" => "0.26"},{"date" => "2010-01-03T14:56:26","version" => "0.27"},{"date" => "2010-01-04T13:18:25","version" => "0.28"},{"date" => "2010-02-01T18:48:45","version" => "0.29"},{"date" => "2012-05-04T17:17:29","version" => "0.30"},{"date" => "2013-09-09T14:32:43","version" => "0.31"},{"date" => "2014-06-05T12:44:48","version" => "0.32"},{"date" => "2014-10-29T16:02:17","version" => "0.33"},{"date" => "2017-08-02T17:00:14","version" => "0.34"},{"date" => "2018-03-14T12:13:30","version" => "0.35"},{"date" => "2018-03-15T11:41:17","version" => "0.36"},{"date" => "2021-05-05T14:30:07","version" => "0.37"}]},"Catalyst-Runtime" => {"advisories" => [{"affected_versions" => ["<5.90020"],"cves" => [],"description" => "Passing a special host to the redirect page link makes it vulnerable to XSS attack.\n","distribution" => "Catalyst-Runtime","fixed_versions" => [">=5.90020"],"id" => "CPANSA-Catalyst-Runtime-2013-01","references" => ["http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/Catalyst-Runtime.git;a=commitdiff;h=7af54927870a7c6f89323ac1876d49f92e7841f5"],"reported" => "2013-01-23"},{"affected_versions" => ["<5.58"],"cves" => [],"description" => "Path traversal in Static::Simple plugin.\n","distribution" => "Catalyst-Runtime","fixed_versions" => [">=5.58"],"id" => "CPANSA-Catalyst-Runtime-2005-01","reported" => "2005-11-24"}],"main_module" => "Catalyst::Runtime","versions" => [{"date" => "2006-06-25T19:20:53","version" => "5.70_01"},{"date" => "2006-06-27T18:10:20","version" => "5.70_02"},{"date" => "2006-06-28T21:50:30","version" => "5.70_03"},{"date" => "2006-07-07T22:47:30","version" => "5.7000"},{"date" => "2006-07-20T06:00:58","version" => "5.7001"},{"date" => "2006-09-19T07:36:29","version" => "5.7002"},{"date" => "2006-09-23T17:43:12","version" => "5.7003"},{"date" => "2006-11-06T23:28:40","version" => "5.7004"},{"date" => "2006-11-07T19:43:56","version" => "5.7005"},{"date" => "2006-11-15T08:27:59","version" => "5.7006"},{"date" => "2007-03-14T11:13:37","version" => "5.7007"},{"date" => "2007-08-13T06:36:11","version" => "5.7008"},{"date" => "2007-08-21T22:23:53","version" => "5.7009"},{"date" => "2007-08-22T05:51:41","version" => "5.7010"},{"date" => "2007-10-18T18:11:24","version" => "5.7011"},{"date" => "2007-12-17T08:19:28","version" => "5.7012"},{"date" => "2008-05-17T12:41:13","version" => "5.7013"},{"date" => "2008-05-25T21:16:45","version" => "5.7013"},{"date" => "2008-06-25T20:43:41","version" => "5.7099_01"},{"date" => "2008-07-18T11:41:25","version" => "5.7099_02"},{"date" => "2008-07-20T08:15:02","version" => "5.7099_02"},{"date" => "2008-10-13T20:55:41","version" => "5.7099_02"},{"date" => "2008-10-14T06:06:06","version" => "5.7099_02"},{"date" => "2008-10-15T21:44:15","version" => "5.7015"},{"date" => "2008-10-17T12:42:53","version" => "5.8000_03"},{"date" => "2008-12-05T15:11:14","version" => "5.8000_04"},{"date" => "2009-01-12T15:46:59","version" => "5.7099_04"},{"date" => "2009-01-19T17:36:04","version" => "5.71000"},{"date" => "2009-01-29T08:56:09","version" => "5.8000_05"},{"date" => "2009-02-04T20:08:22","version" => "5.8000_06"},{"date" => "2009-03-27T09:21:12","version" => "5.71001"},{"date" => "2009-04-13T19:03:36","version" => "5.8000_07"},{"date" => "2009-04-18T20:26:00","version" => "5.80001"},{"date" => "2009-04-21T23:45:45","version" => "5.80002"},{"date" => "2009-04-29T14:39:21","version" => "5.80003"},{"date" => "2009-05-18T15:16:38","version" => "5.80004"},{"date" => "2009-06-06T12:49:15","version" => "5.80005"},{"date" => "2009-06-29T22:11:48","version" => "5.80006"},{"date" => "2009-06-30T22:11:36","version" => "5.80007"},{"date" => "2009-08-21T16:14:33","version" => "5.80008"},{"date" => "2009-08-21T20:29:33","version" => "5.80009"},{"date" => "2009-08-21T21:42:08","version" => "5.80010"},{"date" => "2009-08-23T11:57:26","version" => "5.80011"},{"date" => "2009-09-09T18:01:32","version" => "5.80012"},{"date" => "2009-09-17T09:35:20","version" => "5.80013"},{"date" => "2009-11-21T02:32:20","version" => "5.80014"},{"date" => "2009-11-22T20:24:47","version" => "5.80014_01"},{"date" => "2009-12-01T01:14:00","version" => "5.80014_02"},{"date" => "2009-12-02T15:42:50","version" => "5.80015"},{"date" => "2009-12-11T23:37:44","version" => "5.80016"},{"date" => "2010-01-10T02:01:50","version" => "5.80017"},{"date" => "2010-01-12T21:39:47","version" => "5.80018"},{"date" => "2010-01-29T00:18:07","version" => "5.80019"},{"date" => "2010-02-04T06:19:31","version" => "5.80020"},{"date" => "2010-03-03T23:16:29","version" => "5.80021"},{"date" => "2010-03-28T19:25:48","version" => "5.80022"},{"date" => "2010-05-07T22:07:08","version" => "5.80023"},{"date" => "2010-05-15T09:57:52","version" => "5.80024"},{"date" => "2010-07-29T00:59:16","version" => "5.80025"},{"date" => "2010-09-01T15:10:42","version" => "5.80026"},{"date" => "2010-09-02T11:33:03","version" => "5.80027"},{"date" => "2010-09-28T20:14:11","version" => "5.80028"},{"date" => "2010-10-03T16:24:08","version" => "5.80029"},{"date" => "2011-01-04T12:56:30","version" => "5.80030"},{"date" => "2011-01-24T10:50:27","version" => "5.89000"},{"date" => "2011-01-31T08:25:21","version" => "5.80031"},{"date" => "2011-02-23T08:28:58","version" => "5.80032"},{"date" => "2011-03-01T14:56:37","version" => "5.89001"},{"date" => "2011-03-02T10:37:42","version" => "5.89002"},{"date" => "2011-07-24T15:58:37","version" => "5.80033"},{"date" => "2011-07-28T20:05:01","version" => "5.89003"},{"date" => "2011-08-15T21:35:34","version" => "5.9000"},{"date" => "2011-08-15T21:59:58","version" => "5.90001"},{"date" => "2011-08-22T20:55:10","version" => "5.90002"},{"date" => "2011-10-05T07:48:57","version" => "5.90003"},{"date" => "2011-10-11T15:19:05","version" => "5.90004"},{"date" => "2011-10-22T21:01:24","version" => "5.90005"},{"date" => "2011-10-25T17:54:34","version" => "5.90006"},{"date" => "2011-11-22T20:40:44","version" => "5.90007"},{"date" => "2012-02-06T21:08:28","version" => "5.90008"},{"date" => "2012-02-16T09:29:44","version" => "5.90009"},{"date" => "2012-02-18T00:49:30","version" => "5.90010"},{"date" => "2012-03-08T21:53:00","version" => "5.90011"},{"date" => "2012-05-19T07:13:21","version" => "5.90012"},{"date" => "2012-06-08T00:37:40","version" => "5.90013"},{"date" => "2012-06-21T20:41:41","version" => "5.90013"},{"date" => "2012-06-26T14:34:56","version" => "5.90014"},{"date" => "2012-06-30T18:00:53","version" => "5.90015"},{"date" => "2012-08-17T01:39:42","version" => "5.90016"},{"date" => "2012-10-19T21:51:54","version" => "5.90017"},{"date" => "2012-10-24T01:01:44","version" => "5.90018"},{"date" => "2012-12-04T22:04:19","version" => "5.90019"},{"date" => "2013-02-22T14:05:39","version" => "5.90020"},{"date" => "2013-04-12T17:09:27","version" => "5.90030"},{"date" => "2013-06-12T21:26:14","version" => "5.90040"},{"date" => "2013-06-15T02:10:17","version" => "5.90041"},{"date" => "2013-06-16T01:57:47","version" => "5.90042"},{"date" => "2013-07-26T19:13:01","version" => "5.90049_001"},{"date" => "2013-08-21T02:39:45","version" => "5.90049_002"},{"date" => "2013-09-20T19:03:54","version" => "5.90049_003"},{"date" => "2013-10-18T22:19:33","version" => "5.90049_004"},{"date" => "2013-10-31T20:48:42","version" => "5.90049_005"},{"date" => "2013-11-05T03:25:31","version" => "5.90049_006"},{"date" => "2013-11-05T22:35:22","version" => "5.90050"},{"date" => "2013-11-07T17:14:35","version" => "5.90051"},{"date" => "2013-12-18T20:03:22","version" => "5.90052"},{"date" => "2013-12-19T14:33:08","version" => "5.90059_001"},{"date" => "2013-12-22T16:18:16","version" => "5.90053"},{"date" => "2013-12-22T16:34:11","version" => "5.90059_002"},{"date" => "2013-12-27T02:27:08","version" => "5.90059_003"},{"date" => "2014-01-27T17:20:51","version" => "5.90059_004"},{"date" => "2014-01-28T19:36:58","version" => "5.90059_005"},{"date" => "2014-02-06T20:41:25","version" => "5.90059_006"},{"date" => "2014-02-08T03:11:11","version" => "5.90060"},{"date" => "2014-03-10T14:46:10","version" => "5.90061"},{"date" => "2014-04-14T18:53:26","version" => "5.90062"},{"date" => "2014-05-02T00:15:16","version" => "5.90063"},{"date" => "2014-05-05T14:55:25","version" => "5.90064"},{"date" => "2014-05-27T18:08:08","version" => "5.90069_001"},{"date" => "2014-06-05T12:44:59","version" => "5.90065"},{"date" => "2014-06-10T00:22:42","version" => "5.90069_002"},{"date" => "2014-08-06T15:09:29","version" => "5.90069_003"},{"date" => "2014-08-07T15:59:15","version" => "5.90069_004"},{"date" => "2014-08-07T21:49:59","version" => "5.90070"},{"date" => "2014-08-10T13:15:52","version" => "5.90071"},{"date" => "2014-09-15T16:30:58","version" => "5.90072"},{"date" => "2014-09-23T17:24:54","version" => "5.90073"},{"date" => "2014-10-01T21:45:12","version" => "5.90074"},{"date" => "2014-10-07T00:07:51","version" => "5.90075"},{"date" => "2014-11-14T00:20:16","version" => "5.90076"},{"date" => "2014-11-19T00:28:27","version" => "5.90077"},{"date" => "2014-12-02T21:50:30","version" => "5.90079_001"},{"date" => "2014-12-02T23:22:07","version" => "5.90079_002"},{"date" => "2014-12-03T19:45:16","version" => "5.90079_003"},{"date" => "2014-12-26T23:05:46","version" => "5.90079_004"},{"date" => "2014-12-31T16:26:20","version" => "5.90078"},{"date" => "2014-12-31T21:04:56","version" => "5.90079_005"},{"date" => "2015-01-02T15:11:55","version" => "5.90079_006"},{"date" => "2015-01-02T18:11:38","version" => "5.90079"},{"date" => "2015-01-07T20:01:40","version" => "5.90079_007"},{"date" => "2015-01-07T23:26:17","version" => "5.90079_008"},{"date" => "2015-01-09T17:04:47","version" => "5.90080"},{"date" => "2015-01-10T22:39:56","version" => "5.90081"},{"date" => "2015-01-10T23:33:56","version" => "5.90082"},{"date" => "2015-02-17T02:29:50","version" => "5.90083"},{"date" => "2015-02-23T22:24:50","version" => "5.90084"},{"date" => "2015-03-25T18:58:11","version" => "5.90085"},{"date" => "2015-03-26T21:30:15","version" => "5.90089_001"},{"date" => "2015-04-17T21:32:30","version" => "5.90089_002"},{"date" => "2015-04-27T20:20:40","version" => "5.90089_003"},{"date" => "2015-04-28T18:24:12","version" => "5.90089_004"},{"date" => "2015-04-29T14:04:24","version" => "5.90090"},{"date" => "2015-05-08T20:36:59","version" => "5.90091"},{"date" => "2015-05-19T16:48:30","version" => "5.90092"},{"date" => "2015-05-29T17:06:23","version" => "5.90093"},{"date" => "2015-07-24T20:17:46","version" => "5.90094"},{"date" => "2015-07-27T14:32:30","version" => "5.90095"},{"date" => "2015-07-27T15:44:59","version" => "5.90096"},{"date" => "2015-07-28T20:33:41","version" => "5.90097"},{"date" => "2015-08-24T16:30:12","version" => "5.90100"},{"date" => "2015-09-04T22:57:40","version" => "5.90101"},{"date" => "2015-10-29T19:39:24","version" => "5.90102"},{"date" => "2015-11-12T10:19:42","version" => "5.90103"},{"date" => "2016-04-04T17:18:38","version" => "5.90104"},{"date" => "2016-06-08T20:06:53","version" => "5.90105"},{"date" => "2016-07-06T01:21:42","version" => "5.90106"},{"date" => "2016-07-20T19:12:32","version" => "5.90110"},{"date" => "2016-07-20T20:07:16","version" => "5.90111"},{"date" => "2016-07-25T21:03:05","version" => "5.90112"},{"date" => "2016-12-15T21:35:30","version" => "5.90113"},{"date" => "2016-12-19T16:54:08","version" => "5.90114"},{"date" => "2017-05-01T16:42:46","version" => "5.90115"},{"date" => "2018-01-19T20:55:15","version" => "5.90116"},{"date" => "2018-01-21T23:47:21","version" => "5.90117"},{"date" => "2018-05-01T09:59:20","version" => "5.90118"},{"date" => "2018-09-24T00:25:48","version" => "5.90119"},{"date" => "2018-10-19T06:13:58","version" => "5.90120"},{"date" => "2018-10-22T20:39:48","version" => "5.90_121"},{"date" => "2018-11-03T14:52:06","version" => "5.90122"},{"date" => "2018-11-27T15:39:35","version" => "5.90123"},{"date" => "2019-01-18T22:36:07","version" => "5.90124"},{"date" => "2020-01-19T01:11:05","version" => "5.90125"},{"date" => "2020-01-20T01:40:16","version" => "5.90126"},{"date" => "2020-07-27T01:25:21","version" => "5.90_127"},{"date" => "2020-09-11T12:38:26","version" => "5.90128"},{"date" => "2022-07-23T13:13:34","version" => "5.90129"},{"date" => "2022-11-09T15:37:01","version" => "5.90130"},{"date" => "2023-07-20T23:09:29","version" => "5.90131"},{"date" => "2024-11-08T19:56:41","version" => "5.90132"}]},"Clipboard" => {"advisories" => [{"affected_versions" => ["<0.16"],"cves" => ["CVE-2014-5509"],"description" => "clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit\$\$.\n","distribution" => "Clipboard","fixed_versions" => [">=0.16"],"id" => "CPANSA-Clipboard-2014-5509","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=98435","https://bugzilla.redhat.com/show_bug.cgi?id=1135624","http://www.securityfocus.com/bid/69473","http://www.openwall.com/lists/oss-security/2014/08/30/2"],"reported" => "2018-01-08","severity" => "medium"}],"main_module" => "Clipboard","versions" => [{"date" => "2005-05-01T17:19:57","version" => "0.01"},{"date" => "2005-05-02T06:17:33","version" => "0.02"},{"date" => "2005-05-04T06:17:44","version" => "0.03"},{"date" => "2005-05-08T05:54:44","version" => "0.04"},{"date" => "2005-06-01T17:00:34","version" => "0.06"},{"date" => "2005-06-02T05:06:37","version" => "0.07"},{"date" => "2005-06-22T17:05:15","version" => "0.08"},{"date" => "2005-11-19T06:12:48","version" => "0.09"},{"date" => "2010-10-07T01:39:10","version" => "0.10"},{"date" => "2010-10-07T04:49:39","version" => "0.11"},{"date" => "2010-10-11T06:13:22","version" => "0.12"},{"date" => "2010-10-13T04:46:50","version" => "0.13"},{"date" => "2019-01-30T10:47:45","version" => "0.14"},{"date" => "2019-01-30T11:00:22","version" => "0.15"},{"date" => "2019-01-30T11:22:23","version" => "0.16"},{"date" => "2019-01-30T14:00:52","version" => "0.17"},{"date" => "2019-01-30T20:12:11","version" => "0.18"},{"date" => "2019-01-31T11:00:20","version" => "0.19"},{"date" => "2019-04-17T20:55:35","version" => "0.20"},{"date" => "2019-12-02T06:04:27","version" => "0.21"},{"date" => "2020-01-28T18:10:34","version" => "0.22"},{"date" => "2020-03-06T15:43:11","version" => "0.23"},{"date" => "2020-03-07T08:25:07","version" => "0.24"},{"date" => "2020-05-14T06:33:28","version" => "0.25"},{"date" => "2020-05-16T07:56:58","version" => "0.26"},{"date" => "2021-02-13T18:13:34","version" => "0.27"},{"date" => "2021-02-23T07:47:20","version" => "0.28"},{"date" => "2024-04-07T03:11:57","version" => "0.29"},{"date" => "2024-06-16T12:03:21","version" => "0.30"},{"date" => "2025-01-21T17:04:47","version" => "0.31"},{"date" => "2025-02-10T08:24:16","version" => "0.32"}]},"Cmd-Dwarf" => {"advisories" => [{"affected_versions" => ["<1.20"],"cves" => [],"description" => "JSON highjacking possibility.\n","distribution" => "Cmd-Dwarf","fixed_versions" => [">=1.20"],"id" => "CPANSA-Cmd-Dwarf-2014-01","references" => ["https://github.com/seagirl/dwarf/commit/14cf7a1d55db635a07f4838e16f3d9a28e63f529","https://metacpan.org/changes/distribution/Cmd-Dwarf"],"reported" => "2014-12-03"}],"main_module" => "Cmd::Dwarf","versions" => [{"date" => "2015-07-30T06:48:35","version" => "1.27"},{"date" => "2015-08-26T13:27:51","version" => "1.28"},{"date" => "2015-08-28T08:58:33","version" => "1.29"},{"date" => "2015-09-17T08:17:32","version" => "1.30"},{"date" => "2016-01-20T06:39:15","version" => "1.31"},{"date" => "2016-10-25T05:56:33","version" => "1.41"},{"date" => "2017-03-29T04:42:05","version" => "1.42"},{"date" => "2017-06-21T07:06:05","version" => "1.50"},{"date" => "2017-10-05T08:08:01","version" => "1.60"},{"date" => "2018-03-17T07:35:19","version" => "1.70"},{"date" => "2018-08-18T11:43:10","version" => "1.80"},{"date" => "2019-04-05T05:22:33","version" => "1.81"},{"date" => "2019-04-05T05:36:46","version" => "1.82"},{"date" => "2019-04-05T09:06:55","version" => "1.83"}]},"Compress-LZ4" => {"advisories" => [{"affected_versions" => ["<0.20"],"cves" => [],"description" => "Outdated LZ4 source code with security issue on 32bit systems.\n","distribution" => "Compress-LZ4","fixed_versions" => [">=0.20"],"id" => "CPANSA-Compress-LZ4-2014-01","references" => ["https://metacpan.org/changes/distribution/Compress-LZ4","https://github.com/gray/compress-lz4/commit/fc503812b4cbba16429658e1dfe20ad8bbfd77a0"],"reported" => "2014-07-07"}],"main_module" => "Compress::LZ4","versions" => [{"date" => "2012-02-11T16:33:26","version" => "0.01"},{"date" => "2012-02-20T21:26:48","version" => "0.02"},{"date" => "2012-03-02T04:47:50","version" => "0.03"},{"date" => "2012-03-18T07:09:30","version" => "0.04"},{"date" => "2012-03-18T19:45:25","version" => "0.05"},{"date" => "2012-03-22T09:23:45","version" => "0.06"},{"date" => "2012-03-22T16:12:43","version" => "0.07"},{"date" => "2012-03-23T16:29:14","version" => "0.08"},{"date" => "2012-03-23T17:27:12","version" => "0.09"},{"date" => "2012-03-26T11:28:24","version" => "0.10"},{"date" => "2012-04-03T21:36:24","version" => "0.11"},{"date" => "2012-04-04T12:55:22","version" => "0.12"},{"date" => "2012-06-01T18:55:41","version" => "0.13"},{"date" => "2012-08-10T00:21:56","version" => "0.14"},{"date" => "2012-08-11T16:37:53","version" => "0.15"},{"date" => "2012-09-08T18:18:41","version" => "0.16"},{"date" => "2013-03-19T00:39:07","version" => "0.17"},{"date" => "2013-11-19T00:56:57","version" => "0.18"},{"date" => "2014-02-08T00:35:09","version" => "0.19"},{"date" => "2014-07-07T21:08:49","version" => "0.20"},{"date" => "2015-05-12T19:01:36","version" => "0.21"},{"date" => "2015-05-20T06:16:53","version" => "0.22"},{"date" => "2016-07-25T20:45:05","version" => "0.23"},{"date" => "2017-03-23T04:34:45","version" => "0.24"},{"date" => "2017-04-06T16:38:31","version" => "0.25"}]},"Compress-Raw-Bzip2" => {"advisories" => [{"affected_versions" => ["<2.031"],"cves" => ["CVE-2010-0405"],"description" => "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.\n","distribution" => "Compress-Raw-Bzip2","fixed_versions" => [">=2.031"],"id" => "CPANSA-Compress-Raw-Bzip2-2010-0405","references" => ["https://metacpan.org/changes/distribution/Compress-Raw-Bzip2"],"reported" => "2010-01-27"},{"affected_versions" => ["<2.018"],"cves" => ["CVE-2009-1884"],"description" => "Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.\n","distribution" => "Compress-Raw-Bzip2","fixed_versions" => [">=2.018"],"id" => "CPANSA-Compress-Raw-Bzip2-2009-1884","references" => ["http://security.gentoo.org/glsa/glsa-200908-07.xml","https://bugs.gentoo.org/show_bug.cgi?id=281955","https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html","https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html","http://www.securityfocus.com/bid/36082","http://secunia.com/advisories/36386","https://bugzilla.redhat.com/show_bug.cgi?id=518278","http://secunia.com/advisories/36415","https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"],"reported" => "2009-08-19","severity" => undef}],"main_module" => "Compress::Raw::Bzip2","versions" => [{"date" => "2006-03-13T16:14:00","version" => "2.000_10"},{"date" => "2006-04-15T21:23:09","version" => "2.000_11"},{"date" => "2006-05-17T12:43:30","version" => "2.000_12"},{"date" => "2006-06-20T12:43:47","version" => "2.000_13"},{"date" => "2006-10-26T14:15:45","version" => "2.000_14"},{"date" => "2006-11-01T10:35:27","version" => "2.001"},{"date" => "2006-12-29T20:40:23","version" => "2.002"},{"date" => "2007-01-02T13:03:45","version" => "2.003"},{"date" => "2007-03-03T15:50:04","version" => "2.004"},{"date" => "2007-07-01T00:06:51","version" => "2.005"},{"date" => "2007-09-01T19:44:48","version" => "2.006"},{"date" => "2007-11-10T11:59:25","version" => "2.008"},{"date" => "2008-04-20T14:41:25","version" => "2.009"},{"date" => "2008-05-05T17:18:15","version" => "2.010"},{"date" => "2008-05-17T11:16:17","version" => "2.011"},{"date" => "2008-07-15T22:23:56","version" => "2.012"},{"date" => "2008-09-02T20:20:05","version" => "2.014"},{"date" => "2008-09-03T20:47:15","version" => "2.015"},{"date" => "2009-04-04T09:47:36","version" => "2.017"},{"date" => "2009-05-03T16:26:57","version" => "2.018"},{"date" => "2009-05-04T09:42:06","version" => "2.019"},{"date" => "2009-06-03T17:48:18","version" => "2.020"},{"date" => "2009-08-30T20:25:24","version" => "2.021"},{"date" => "2009-11-09T23:25:19","version" => "2.023"},{"date" => "2010-01-09T17:56:12","version" => "2.024"},{"date" => "2010-03-28T12:56:33","version" => "2.025"},{"date" => "2010-04-07T19:49:29","version" => "2.026"},{"date" => "2010-04-24T19:15:32","version" => "2.027"},{"date" => "2010-07-24T14:29:17","version" => "2.030"},{"date" => "2010-09-21T19:44:52","version" => "2.031"},{"date" => "2011-01-06T11:26:00","version" => "2.032"},{"date" => "2011-01-11T14:02:05","version" => "2.033"},{"date" => "2011-05-02T21:50:15","version" => "2.034"},{"date" => "2011-05-07T08:30:09","version" => "2.035"},{"date" => "2011-06-18T21:45:13","version" => "2.036"},{"date" => "2011-06-22T07:17:56","version" => "2.037"},{"date" => "2011-10-28T14:27:59","version" => "2.039"},{"date" => "2011-10-28T22:18:59","version" => "2.040"},{"date" => "2011-11-17T23:44:58","version" => "2.042"},{"date" => "2011-11-20T21:31:34","version" => "2.043"},{"date" => "2011-12-03T22:48:47","version" => "2.044"},{"date" => "2011-12-04T19:19:58","version" => "2.045"},{"date" => "2012-01-28T23:26:44","version" => "2.047"},{"date" => "2012-01-29T16:58:55","version" => "2.048"},{"date" => "2012-02-18T15:56:34","version" => "2.049"},{"date" => "2012-04-29T12:40:06","version" => "2.052"},{"date" => "2012-08-05T20:35:37","version" => "2.055"},{"date" => "2012-11-10T19:08:29","version" => "2.057"},{"date" => "2012-11-12T22:14:16","version" => "2.058"},{"date" => "2012-11-25T13:38:19","version" => "2.059"},{"date" => "2013-01-07T20:02:08","version" => "2.060"},{"date" => "2013-05-27T09:54:30","version" => "2.061"},{"date" => "2013-08-12T19:06:20","version" => "2.062"},{"date" => "2013-11-02T17:14:54","version" => "2.063"},{"date" => "2014-02-01T23:19:50","version" => "2.064"},{"date" => "2014-09-21T12:40:58","version" => "2.066"},{"date" => "2014-12-08T15:12:21","version" => "2.067"},{"date" => "2014-12-23T17:44:34","version" => "2.068"},{"date" => "2015-09-27T14:33:57","version" => "2.069"},{"date" => "2016-12-28T23:07:42","version" => "2.070"},{"date" => "2017-02-12T20:39:20","version" => "2.072"},{"date" => "2017-02-19T20:35:17","version" => "2.073"},{"date" => "2017-02-19T22:11:17","version" => "2.074"},{"date" => "2018-04-03T18:20:04","version" => "2.080"},{"date" => "2018-04-08T15:01:21","version" => "2.081"},{"date" => "2018-12-30T22:38:05","version" => "2.083"},{"date" => "2019-01-06T08:56:52","version" => "2.084"},{"date" => "2019-03-31T19:13:22","version" => "2.086"},{"date" => "2019-08-10T18:11:44","version" => "2.087"},{"date" => "2019-11-03T08:56:50","version" => "2.088"},{"date" => "2019-11-03T19:53:42","version" => "2.089"},{"date" => "2019-11-09T18:35:48","version" => "2.090"},{"date" => "2019-11-23T19:34:12","version" => "2.091"},{"date" => "2019-12-04T22:08:25","version" => "2.092"},{"date" => "2019-12-07T16:05:12","version" => "2.093"},{"date" => "2020-07-13T10:53:44","version" => "2.094"},{"date" => "2020-07-20T19:13:40","version" => "2.095"},{"date" => "2020-07-31T20:50:12","version" => "2.096"},{"date" => "2021-01-07T13:00:00","version" => "2.100"},{"date" => "2021-02-20T14:08:53","version" => "2.101"},{"date" => "2022-04-03T19:48:28","version" => "2.103"},{"date" => "2022-06-25T09:02:32","version" => "2.201"},{"date" => "2023-02-08T19:23:39","version" => "2.204"},{"date" => "2023-07-16T15:36:44","version" => "2.205"},{"date" => "2023-07-25T15:36:59","version" => "2.206"},{"date" => "2024-02-18T22:19:11","version" => "2.207"},{"date" => "2024-02-19T09:28:45","version" => "2.208"},{"date" => "2024-02-20T13:23:07","version" => "2.209"},{"date" => "2024-02-26T09:33:37","version" => "2.210"},{"date" => "2024-04-06T13:40:27","version" => "2.211"},{"date" => "2024-04-27T12:52:31","version" => "2.212"},{"date" => "2024-08-28T15:29:28","version" => "2.213"},{"date" => "2025-10-24T16:23:16","version" => "2.214"},{"date" => "2026-01-31T23:47:12","version" => "2.217"},{"date" => "2026-03-08T13:51:32","version" => "2.218"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.05201"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038000","version" => "2.204_001"}]},"Compress-Raw-Zlib" => {"advisories" => [{"affected_versions" => ["<2.017"],"cves" => ["CVE-2009-1391"],"description" => "Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [">=2.017"],"id" => "CPANSA-Compress-Raw-Zlib-2009-1391","references" => ["http://article.gmane.org/gmane.mail.virus.amavis.user/33635","http://article.gmane.org/gmane.mail.virus.amavis.user/33638","http://www.securityfocus.com/bid/35307","http://secunia.com/advisories/35422","https://bugzilla.redhat.com/show_bug.cgi?id=504386","http://www.vupen.com/english/advisories/2009/1571","http://thread.gmane.org/gmane.mail.virus.amavis.user/33635","http://osvdb.org/55041","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35876","http://secunia.com/advisories/35685","https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html","http://secunia.com/advisories/35689","http://www.mandriva.com/security/advisories?name=MDVSA-2009:157","http://security.gentoo.org/glsa/glsa-200908-07.xml","https://bugs.gentoo.org/show_bug.cgi?id=273141","https://exchange.xforce.ibmcloud.com/vulnerabilities/51062","https://usn.ubuntu.com/794-1/"],"reported" => "2009-06-16","severity" => undef},{"affected_versions" => ["<=2.219"],"cves" => ["CVE-2026-3381"],"description" => "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.  Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.","distribution" => "Compress-Raw-Zlib","fixed_versions" => [">=2.220"],"id" => "CPANSA-Compress-Raw-Zlib-2026-3381","references" => ["https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/","https://github.com/madler/zlib","https://github.com/madler/zlib/releases/tag/v1.3.2","https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes","https://www.cve.org/CVERecord?id=CVE-2026-27171","https://www.zlib.net/"],"reported" => "2026-03-05","severity" => undef},{"affected_versions" => [">=2.025,<=2.048"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.049,<=2.052"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.053,<=2.060"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.061,<=2.074"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.075,<=2.101"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Compress::Raw::Zlib","versions" => [{"date" => "2006-03-03T23:06:38","version" => "2.000_09"},{"date" => "2006-03-13T16:14:20","version" => "2.000_10"},{"date" => "2006-04-15T21:23:24","version" => "2.000_11"},{"date" => "2006-05-17T12:43:41","version" => "2.000_12"},{"date" => "2006-06-20T12:45:30","version" => "2.000_13"},{"date" => "2006-10-26T14:15:34","version" => "2.000_09"},{"date" => "2006-11-01T10:35:38","version" => "2.001"},{"date" => "2006-12-29T20:40:35","version" => "2.002"},{"date" => "2007-01-02T13:03:57","version" => "2.003"},{"date" => "2007-03-03T15:50:15","version" => "2.004"},{"date" => "2007-07-01T00:07:02","version" => "2.005"},{"date" => "2007-09-01T19:44:59","version" => "2.006"},{"date" => "2007-11-10T11:59:36","version" => "2.008"},{"date" => "2008-04-20T14:42:52","version" => "2.009"},{"date" => "2008-05-05T17:18:27","version" => "2.010"},{"date" => "2008-05-17T11:16:28","version" => "2.011"},{"date" => "2008-07-15T22:24:07","version" => "2.012"},{"date" => "2008-09-02T20:20:16","version" => "2.014"},{"date" => "2008-09-03T20:47:27","version" => "2.015"},{"date" => "2009-04-04T09:49:03","version" => "2.017"},{"date" => "2009-05-03T16:27:08","version" => "2.018"},{"date" => "2009-05-04T09:42:17","version" => "2.019"},{"date" => "2009-06-03T17:48:30","version" => "2.020"},{"date" => "2009-08-30T20:25:35","version" => "2.021"},{"date" => "2009-11-09T23:26:59","version" => "2.023"},{"date" => "2010-01-09T17:56:35","version" => "2.024"},{"date" => "2010-03-28T12:57:08","version" => "2.025"},{"date" => "2010-04-07T19:51:09","version" => "2.026"},{"date" => "2010-04-24T19:15:54","version" => "2.027"},{"date" => "2010-07-24T14:31:01","version" => "2.030"},{"date" => "2011-01-06T11:23:45","version" => "2.032"},{"date" => "2011-01-11T14:03:45","version" => "2.033"},{"date" => "2011-05-02T22:05:37","version" => "2.034"},{"date" => "2011-05-07T08:31:57","version" => "2.035"},{"date" => "2011-06-18T21:45:36","version" => "2.036"},{"date" => "2011-06-22T07:18:22","version" => "2.037"},{"date" => "2011-10-28T14:28:35","version" => "2.039"},{"date" => "2011-10-28T22:20:38","version" => "2.040"},{"date" => "2011-11-17T23:45:21","version" => "2.042"},{"date" => "2011-11-20T21:33:33","version" => "2.043"},{"date" => "2011-12-03T22:49:10","version" => "2.044"},{"date" => "2011-12-04T19:21:36","version" => "2.045"},{"date" => "2012-01-28T23:28:28","version" => "2.047"},{"date" => "2012-01-29T17:00:33","version" => "2.048"},{"date" => "2012-02-18T15:58:12","version" => "2.049"},{"date" => "2012-02-21T19:35:18","version" => "2.050"},{"date" => "2012-02-22T20:43:23","version" => "2.051"},{"date" => "2012-04-29T12:41:57","version" => "2.052"},{"date" => "2012-05-06T08:40:06","version" => "2.053"},{"date" => "2012-05-08T19:22:47","version" => "2.054"},{"date" => "2012-08-05T20:36:06","version" => "2.055"},{"date" => "2012-08-10T22:20:09","version" => "2.056"},{"date" => "2012-11-10T19:08:56","version" => "2.057"},{"date" => "2012-11-12T22:14:42","version" => "2.058"},{"date" => "2012-11-25T13:38:42","version" => "2.059"},{"date" => "2013-01-07T20:02:22","version" => "2.060"},{"date" => "2013-05-27T09:54:54","version" => "2.061"},{"date" => "2013-08-12T19:08:05","version" => "2.062"},{"date" => "2013-11-02T17:15:17","version" => "2.063"},{"date" => "2014-02-01T23:21:28","version" => "2.064"},{"date" => "2014-02-03T20:23:00","version" => "2.065"},{"date" => "2014-09-21T12:42:35","version" => "2.066"},{"date" => "2014-12-08T15:14:00","version" => "2.067"},{"date" => "2014-12-23T17:44:57","version" => "2.068"},{"date" => "2015-09-26T18:41:58","version" => "2.069"},{"date" => "2016-12-28T23:09:21","version" => "2.070"},{"date" => "2016-12-30T22:58:08","version" => "2.071"},{"date" => "2017-02-12T20:41:25","version" => "2.072"},{"date" => "2017-02-19T20:37:20","version" => "2.073"},{"date" => "2017-02-19T22:11:41","version" => "2.074"},{"date" => "2017-11-14T15:43:26","version" => "2.075"},{"date" => "2017-11-21T22:29:23","version" => "2.076"},{"date" => "2018-04-03T18:22:06","version" => "2.080"},{"date" => "2018-04-08T15:02:55","version" => "2.081"},{"date" => "2018-12-30T22:40:08","version" => "2.083"},{"date" => "2019-01-06T08:57:15","version" => "2.084"},{"date" => "2019-03-31T19:11:54","version" => "2.086"},{"date" => "2019-08-10T18:12:03","version" => "2.087"},{"date" => "2019-11-03T08:55:23","version" => "2.088"},{"date" => "2019-11-03T19:54:04","version" => "2.089"},{"date" => "2019-11-09T15:58:48","version" => "2.090"},{"date" => "2019-11-23T19:34:34","version" => "2.091"},{"date" => "2019-12-04T22:08:37","version" => "2.092"},{"date" => "2019-12-07T16:05:34","version" => "2.093"},{"date" => "2020-07-13T10:54:06","version" => "2.094"},{"date" => "2020-07-21T06:57:01","version" => "2.095"},{"date" => "2020-07-31T20:48:45","version" => "2.096"},{"date" => "2021-01-07T13:00:23","version" => "2.100"},{"date" => "2021-02-20T14:10:43","version" => "2.101"},{"date" => "2022-04-03T19:48:50","version" => "2.103"},{"date" => "2022-05-13T06:30:30","version" => "2.104"},{"date" => "2022-05-14T14:24:32","version" => "2.105"},{"date" => "2022-06-21T21:19:21","version" => "2.200"},{"date" => "2022-06-25T09:04:10","version" => "2.201"},{"date" => "2022-06-27T08:18:10","version" => "2.202"},{"date" => "2023-02-08T19:26:25","version" => "2.204"},{"date" => "2023-07-16T15:32:41","version" => "2.205"},{"date" => "2023-07-25T15:35:40","version" => "2.206"},{"date" => "2024-02-18T22:16:24","version" => "2.207"},{"date" => "2024-02-19T09:27:19","version" => "2.208"},{"date" => "2024-02-26T16:11:33","version" => "2.209"},{"date" => "2024-04-06T13:41:58","version" => "2.211"},{"date" => "2024-04-27T12:55:28","version" => "2.212"},{"date" => "2024-08-28T15:27:59","version" => "2.213"},{"date" => "2025-10-24T16:23:27","version" => "2.214"},{"date" => "2026-01-31T22:31:04","version" => "2.217"},{"date" => "2026-02-03T10:45:59","version" => "2.218"},{"date" => "2026-02-23T15:24:28","version" => "2.219"},{"date" => "2026-02-27T10:04:09","version" => "2.220"},{"date" => "2026-02-27T13:17:42","version" => "2.221"},{"date" => "2026-03-08T12:34:59","version" => "2.222"},{"date" => "2010-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013003","version" => "2.027_01"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.05401"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "2.068_01"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038000","version" => "2.204_001"}]},"Concierge-Sessions" => {"advisories" => [{"affected_versions" => [">=0.8.1,<0.8.5"],"cves" => ["CVE-2026-2439"],"description" => "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,    *  There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.   *  The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.   *  UUIDs are identifiers whose mere possession grants access, as per RFC 9562.   *  The output of the built-in rand() function is predictable and unsuitable for security applications.","distribution" => "Concierge-Sessions","fixed_versions" => [">=0.8.5"],"id" => "CPANSA-Concierge-Sessions-2026-2439","references" => ["https://github.com/bwva/Concierge-Sessions/commit/20bb28e92e8fba307c4ff8264701c215be65e73b","https://metacpan.org/release/BVA/Concierge-Sessions-v0.8.4/diff/BVA/Concierge-Sessions-v0.8.5#lib/Concierge/Sessions/Base.pm","https://perldoc.perl.org/5.42.0/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://www.rfc-editor.org/rfc/rfc9562.html#name-security-considerations"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Concierge::Sessions","versions" => [{"date" => "2026-02-11T23:31:48","version" => "v0.8.1"},{"date" => "2026-02-12T04:02:53","version" => "v0.8.2"},{"date" => "2026-02-12T08:43:53","version" => "v0.8.3"},{"date" => "2026-02-12T09:47:28","version" => "v0.8.4"},{"date" => "2026-02-12T16:49:19","version" => "v0.8.5"},{"date" => "2026-02-13T04:18:00","version" => "v0.8.6"},{"date" => "2026-02-13T15:38:42","version" => "v0.8.7"},{"date" => "2026-02-13T17:47:48","version" => "v0.8.8"},{"date" => "2026-02-13T22:10:44","version" => "v0.8.9"},{"date" => "2026-02-13T22:32:58","version" => "v0.9.0"},{"date" => "2026-02-15T04:14:21","version" => "v0.10.0"},{"date" => "2026-02-15T18:14:32","version" => "v0.11.0"}]},"Config-IniFiles" => {"advisories" => [{"affected_versions" => ["<2.71"],"cves" => ["CVE-2012-2451"],"description" => "The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.  NOTE: some of these details are obtained from third party information.  NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.\n","distribution" => "Config-IniFiles","fixed_versions" => [],"id" => "CPANSA-Config-IniFiles-2012-2451","references" => ["http://www.openwall.com/lists/oss-security/2012/05/02/6","http://www.osvdb.org/81671","http://secunia.com/advisories/48990","https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59","https://bugzilla.redhat.com/show_bug.cgi?id=818386","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html","http://www.securityfocus.com/bid/53361","http://www.ubuntu.com/usn/USN-1543-1","https://exchange.xforce.ibmcloud.com/vulnerabilities/75328"],"reported" => "2012-06-27","severity" => undef}],"main_module" => "Config::IniFiles","versions" => [{"date" => "2000-06-20T02:07:11","version" => "0.05"},{"date" => "2000-06-26T02:38:13","version" => "0.06"},{"date" => "2000-07-31T01:32:53","version" => "0.08"},{"date" => "2000-07-31T01:51:15","version" => "0.09"},{"date" => "2000-09-17T03:29:50","version" => "0.11"},{"date" => "2000-09-20T01:06:10","version" => "1.6"},{"date" => "2000-10-17T02:01:37","version" => "1.8"},{"date" => "2000-11-25T03:36:14","version" => "1.11"},{"date" => "2000-11-28T14:09:00","version" => "1.12"},{"date" => "2000-11-28T14:09:15","version" => "1.13"},{"date" => "2000-12-13T17:45:25","version" => "2.10"},{"date" => "2000-12-18T17:56:28","version" => "2.13"},{"date" => "2001-01-08T18:27:24","version" => "2.14"},{"date" => "2001-03-24T21:54:18","version" => "2.17"},{"date" => "2001-03-30T04:48:27","version" => "2.18"},{"date" => "2001-04-05T01:06:51","version" => "2.19"},{"date" => "2001-08-28T11:05:35","version" => "2.21"},{"date" => "2001-12-06T17:15:03","version" => "2.22"},{"date" => "2001-12-07T16:24:14","version" => "2.23"},{"date" => "2001-12-07T17:27:08","version" => "2.24"},{"date" => "2001-12-12T20:50:06","version" => "2.25"},{"date" => "2001-12-19T22:26:32","version" => "2.26"},{"date" => "2001-12-20T16:11:24","version" => "2.27"},{"date" => "2002-08-15T21:41:35","version" => "2.29"},{"date" => "2002-10-15T18:59:21","version" => "2.30"},{"date" => "2002-12-18T01:58:55","version" => "2.36"},{"date" => "2003-01-31T23:06:08","version" => "2.37"},{"date" => "2003-05-14T01:38:13","version" => "2.38"},{"date" => "2005-04-29T20:33:23","version" => "2.39"},{"date" => "2008-12-04T17:02:19","version" => "2.43"},{"date" => "2008-12-25T09:47:08","version" => "2.44"},{"date" => "2008-12-27T15:25:59","version" => "2.45"},{"date" => "2009-01-17T14:40:26","version" => "2.46"},{"date" => "2009-01-21T09:41:11","version" => "2.47"},{"date" => "2009-04-07T12:26:44","version" => "2.48"},{"date" => "2009-05-02T14:27:53","version" => "2.49"},{"date" => "2009-05-31T11:58:04","version" => "2.50"},{"date" => "2009-06-08T09:41:11","version" => "2.51"},{"date" => "2009-06-28T13:21:57","version" => "2.52"},{"date" => "2009-11-13T09:58:28","version" => "2.53"},{"date" => "2009-11-18T11:15:13","version" => "2.54"},{"date" => "2009-12-22T15:48:07","version" => "2.55"},{"date" => "2009-12-31T04:57:40","version" => "2.56"},{"date" => "2010-03-01T13:51:57","version" => "2.57"},{"date" => "2010-05-17T07:45:33","version" => "2.58"},{"date" => "2010-11-12T11:33:52","version" => "2.59"},{"date" => "2010-11-13T07:22:50","version" => "2.60"},{"date" => "2010-11-14T08:57:26","version" => "2.61"},{"date" => "2010-11-19T13:37:37","version" => "2.62"},{"date" => "2010-11-19T14:54:12","version" => "2.63"},{"date" => "2010-11-20T09:55:05","version" => "2.64"},{"date" => "2010-11-25T18:48:52","version" => "2.65"},{"date" => "2011-01-29T16:40:18","version" => "2.66"},{"date" => "2011-06-21T11:59:37","version" => "2.67"},{"date" => "2011-06-21T19:18:33","version" => "2.68"},{"date" => "2012-04-05T09:10:11","version" => "2.69"},{"date" => "2012-04-06T09:52:14","version" => "2.70"},{"date" => "2012-05-02T08:05:15","version" => "2.71"},{"date" => "2012-05-05T16:56:55","version" => "2.72"},{"date" => "2012-05-14T07:49:33","version" => "2.73"},{"date" => "2012-05-23T21:47:46","version" => "2.74"},{"date" => "2012-05-25T12:29:48","version" => "2.75"},{"date" => "2012-06-15T14:47:10","version" => "2.76"},{"date" => "2012-06-21T16:39:23","version" => "2.77"},{"date" => "2012-10-21T11:18:39","version" => "2.78"},{"date" => "2013-05-06T07:10:33","version" => "2.79"},{"date" => "2013-05-14T19:25:07","version" => "2.80"},{"date" => "2013-05-16T10:36:17","version" => "2.81"},{"date" => "2013-05-21T15:35:10","version" => "2.82"},{"date" => "2014-01-27T09:01:28","version" => "2.83"},{"date" => "2015-04-13T18:40:30","version" => "2.84"},{"date" => "2015-04-13T19:08:57","version" => "2.85"},{"date" => "2015-04-14T07:55:59","version" => "2.86"},{"date" => "2015-06-16T09:06:37","version" => "2.87"},{"date" => "2015-07-10T08:38:11","version" => "2.88"},{"date" => "2016-05-03T09:14:13","version" => "2.89"},{"date" => "2016-06-02T13:09:19","version" => "2.90"},{"date" => "2016-06-03T03:11:38","version" => "2.91"},{"date" => "2016-06-17T09:34:08","version" => "2.92"},{"date" => "2016-07-24T08:34:00","version" => "2.93"},{"date" => "2016-11-29T17:31:38","version" => "2.94"},{"date" => "2018-03-16T11:14:39","version" => "2.95"},{"date" => "2018-04-07T08:45:56","version" => "2.96"},{"date" => "2018-04-21T09:13:56","version" => "2.97"},{"date" => "2018-04-21T11:50:34","version" => "2.98"},{"date" => "2018-09-13T07:11:41","version" => "3.000000"},{"date" => "2019-01-16T09:54:40","version" => "3.000001"},{"date" => "2019-03-14T13:34:40","version" => "3.000002"},{"date" => "2020-03-24T15:45:08","version" => "3.000003"}]},"Config-Model" => {"advisories" => [{"affected_versions" => ["<2.102"],"cves" => ["CVE-2017-0373"],"description" => "The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous \"use lib\" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-03","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/9bd64d9ec6c0939166a2216a37d58dd19a725951"],"reported" => "2017-05-10"},{"affected_versions" => ["<2.102"],"cves" => ["CVE-2017-0374"],"description" => "Loads models from a local directory, making it possible to substitute the model.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-02","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/4d37c75b0c4f9633b67999f8260b08027a6bc524"],"reported" => "2017-05-10"},{"affected_versions" => ["<2.102"],"cves" => [],"description" => "YAML or YAML::XS can be loaded automatically making it possible to run arbitrary code loading a specially crafted YAML file.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-01","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/01d212348bfbadf31bd74aadd26b1e391ff2fd92"],"reported" => "2017-05-10"}],"main_module" => "Config::Model","versions" => [{"date" => "2006-04-21T12:27:44","version" => "0.505"},{"date" => "2006-05-19T13:32:14","version" => "0.506"},{"date" => "2006-06-15T12:10:38","version" => "0.507"},{"date" => "2006-07-20T12:28:36","version" => "0.601"},{"date" => "2006-09-07T12:06:17","version" => "0.602"},{"date" => "2006-10-19T11:24:40","version" => "0.603"},{"date" => "2006-12-06T12:58:35","version" => "0.604"},{"date" => "2007-01-08T13:16:42","version" => "0.605"},{"date" => "2007-01-11T12:42:09","version" => "0.606"},{"date" => "2007-01-12T13:06:38","version" => "0.607"},{"date" => "2007-02-23T13:00:34","version" => "0.608"},{"date" => "2007-05-14T11:41:18","version" => "0.609"},{"date" => "2007-06-06T12:28:06","version" => "0.610"},{"date" => "2007-07-03T15:35:21","version" => "0.611"},{"date" => "2007-07-27T11:38:57","version" => "0.612"},{"date" => "2007-10-01T15:52:56","version" => "0.613"},{"date" => "2007-10-23T16:10:29","version" => "0.614"},{"date" => "2007-11-15T12:36:18","version" => "0.615"},{"date" => "2007-12-04T12:41:22","version" => "0.616"},{"date" => "2008-01-28T11:55:50","version" => "0.617"},{"date" => "2008-02-14T12:56:25","version" => "0.618"},{"date" => "2008-02-29T12:08:41","version" => "0.619"},{"date" => "2008-03-18T17:40:57","version" => "0.620"},{"date" => "2008-03-20T07:49:00","version" => "0.6201"},{"date" => "2008-04-04T11:38:49","version" => "0.621"},{"date" => "2008-04-25T16:23:31","version" => "0.622"},{"date" => "2008-05-19T11:47:46","version" => "0.623"},{"date" => "2008-07-25T11:35:07","version" => "0.624"},{"date" => "2008-07-30T12:02:43","version" => "0.625"},{"date" => "2008-09-22T12:20:00","version" => "0.626"},{"date" => "2008-09-23T11:05:58","version" => "0.627"},{"date" => "2008-09-29T12:35:05","version" => "0.628"},{"date" => "2008-10-13T15:09:27","version" => "0.629"},{"date" => "2008-10-21T11:59:27","version" => "0.630"},{"date" => "2008-11-10T14:37:44","version" => "0.631"},{"date" => "2008-12-16T13:32:26","version" => "0.632"},{"date" => "2008-12-23T15:36:48","version" => "0.633"},{"date" => "2009-03-05T13:06:32","version" => "0.634"},{"date" => "2009-04-20T12:21:46","version" => "0.635"},{"date" => "2009-05-30T16:19:54","version" => "0.636"},{"date" => "2009-06-23T12:07:41","version" => "0.637"},{"date" => "2009-06-30T11:31:35","version" => "0.638"},{"date" => "2009-09-08T11:35:25","version" => "0.639"},{"date" => "2009-09-09T16:10:41","version" => "0.640"},{"date" => "2010-01-20T17:30:14","version" => "0.641"},{"date" => "2010-01-21T17:17:34","version" => "0.642"},{"date" => "2010-02-25T13:04:52","version" => "0.643"},{"date" => "2010-03-12T15:24:45","version" => "0.644"},{"date" => "2010-03-28T14:53:46","version" => "1.001"},{"date" => "2010-04-22T12:22:00","version" => "1.202"},{"date" => "2010-06-03T11:09:45","version" => "1.203"},{"date" => "2010-06-03T11:20:09","version" => "1.204"},{"date" => "2010-06-07T16:04:03","version" => "1.205"},{"date" => "2010-08-13T10:53:09","version" => "1.206"},{"date" => "2010-09-14T16:14:40","version" => "1.207"},{"date" => "2010-09-16T11:46:11","version" => "1.208"},{"date" => "2010-09-20T12:29:12","version" => "1.209"},{"date" => "2010-09-30T16:34:27","version" => "1.210"},{"date" => "2010-10-08T10:46:45","version" => "1.211"},{"date" => "2010-10-15T11:08:52","version" => "1.212"},{"date" => "2010-10-19T12:29:03","version" => "1.213"},{"date" => "2010-10-19T15:17:01","version" => "1.214"},{"date" => "2010-10-19T15:28:56","version" => "1.215"},{"date" => "2010-10-26T12:16:51","version" => "1.216"},{"date" => "2010-10-30T12:44:11","version" => "1.217"},{"date" => "2010-11-05T11:53:14","version" => "1.218"},{"date" => "2010-11-09T13:20:51","version" => "1.219"},{"date" => "2010-11-10T08:41:22","version" => "1.220"},{"date" => "2010-11-21T17:40:10","version" => "1.221"},{"date" => "2010-11-22T14:01:55","version" => "1.222"},{"date" => "2010-11-28T17:34:03","version" => "1.223"},{"date" => "2010-12-06T13:18:53","version" => "1.224"},{"date" => "2010-12-07T08:01:43","version" => "1.225"},{"date" => "2010-12-08T18:48:08","version" => "1.226"},{"date" => "2011-01-07T18:12:45","version" => "1.227"},{"date" => "2011-01-09T12:27:15","version" => "1.228"},{"date" => "2011-01-10T19:57:53","version" => "1.229"},{"date" => "2011-01-20T16:47:27","version" => "1.230"},{"date" => "2011-01-30T11:30:23","version" => "1.231"},{"date" => "2011-01-30T13:51:34","version" => "1.232"},{"date" => "2011-02-11T12:25:32","version" => "1.233"},{"date" => "2011-02-21T17:11:22","version" => "1.234"},{"date" => "2011-03-01T13:06:28","version" => "1.235"},{"date" => "2011-04-01T14:09:03","version" => "1.236"},{"date" => "2011-04-04T12:57:04","version" => "1.237"},{"date" => "2011-04-05T14:45:45","version" => "1.238"},{"date" => "2011-04-05T17:40:17","version" => "1.240"},{"date" => "2011-04-07T18:09:49","version" => "1.241"},{"date" => "2011-04-25T15:28:14","version" => "1.242"},{"date" => "2011-05-02T12:33:33","version" => "1.243"},{"date" => "2011-05-16T15:52:46","version" => "1.244"},{"date" => "2011-06-17T12:10:22","version" => "1.245"},{"date" => "2011-06-20T12:32:24","version" => "1.246"},{"date" => "2011-06-27T14:14:52","version" => "1.247"},{"date" => "2011-07-05T15:48:52","version" => "1.248"},{"date" => "2011-07-12T09:54:39","version" => "1.249"},{"date" => "2011-07-22T12:40:47","version" => "1.250"},{"date" => "2011-08-30T12:16:32","version" => "1.251"},{"date" => "2011-09-01T16:06:19","version" => "1.252"},{"date" => "2011-09-02T16:03:35","version" => "1.253"},{"date" => "2011-09-04T15:21:52","version" => "1.254"},{"date" => "2011-09-15T15:23:39","version" => "1.255"},{"date" => "2011-09-16T12:28:51","version" => "1.256"},{"date" => "2011-09-23T10:52:00","version" => "1.257"},{"date" => "2011-10-14T14:45:06","version" => "1.258"},{"date" => "2011-10-16T10:17:53","version" => "1.259"},{"date" => "2011-10-28T13:28:02","version" => "1.260"},{"date" => "2011-11-18T17:02:26","version" => "1.261"},{"date" => "2011-11-19T11:55:30","version" => "1.262"},{"date" => "2011-11-29T15:43:38","version" => "1.263"},{"date" => "2011-11-30T07:50:25","version" => "1.264"},{"date" => "2011-12-06T18:26:54","version" => "1.265"},{"date" => "2012-02-06T11:55:29","version" => "2.001"},{"date" => "2012-02-08T09:49:49","version" => "2.002"},{"date" => "2012-02-08T13:14:22","version" => "2.003"},{"date" => "2012-02-09T11:28:18","version" => "2.004"},{"date" => "2012-02-23T18:25:32","version" => "2.005"},{"date" => "2012-02-25T11:30:41","version" => "2.006"},{"date" => "2012-02-26T16:34:50","version" => "2.007"},{"date" => "2012-03-01T12:40:23","version" => "2.008"},{"date" => "2012-03-13T13:11:49","version" => "2.009"},{"date" => "2012-03-13T13:15:03","version" => "2.010"},{"date" => "2012-03-19T21:41:44","version" => "2.011"},{"date" => "2012-04-05T11:41:54","version" => "2.012"},{"date" => "2012-04-06T12:10:46","version" => "2.013"},{"date" => "2012-05-04T13:57:13","version" => "2.014"},{"date" => "2012-05-14T10:06:13","version" => "2.015"},{"date" => "2012-05-20T08:38:36","version" => "2.016"},{"date" => "2012-05-21T10:56:35","version" => "2.017"},{"date" => "2012-05-29T13:53:06","version" => "2.018"},{"date" => "2012-06-05T12:34:15","version" => "2.019"},{"date" => "2012-06-18T08:34:26","version" => "2.020"},{"date" => "2012-06-27T14:44:55","version" => "2.021_01"},{"date" => "2012-06-28T15:30:52","version" => "2.021"},{"date" => "2012-07-03T14:47:31","version" => "2.022"},{"date" => "2012-07-04T13:50:37","version" => "2.023"},{"date" => "2012-09-04T11:30:02","version" => "2.024"},{"date" => "2012-09-10T10:52:02","version" => "2.025"},{"date" => "2012-09-20T17:12:09","version" => "2.026_1"},{"date" => "2012-09-21T10:38:47","version" => "2.026_2"},{"date" => "2012-09-27T11:53:42","version" => "2.026"},{"date" => "2012-10-30T12:48:16","version" => "2.027"},{"date" => "2012-11-27T12:44:55","version" => "2.028"},{"date" => "2012-11-28T13:31:04","version" => "2.029"},{"date" => "2013-02-27T18:37:05","version" => "2.030_01"},{"date" => "2013-03-23T09:47:53","version" => "2.030"},{"date" => "2013-04-03T17:22:28","version" => "2.031"},{"date" => "2013-04-15T11:28:33","version" => "2.032"},{"date" => "2013-04-15T19:27:14","version" => "2.033"},{"date" => "2013-04-17T19:29:52","version" => "2.034"},{"date" => "2013-04-27T15:05:09","version" => "2.035"},{"date" => "2013-05-25T17:53:04","version" => "2.036"},{"date" => "2013-06-15T17:46:45","version" => "2.037"},{"date" => "2013-07-03T19:30:32","version" => "2.038"},{"date" => "2013-07-18T18:12:07","version" => "2.039"},{"date" => "2013-07-20T09:46:11","version" => "2.040"},{"date" => "2013-08-14T17:58:40","version" => "2.041"},{"date" => "2013-09-15T17:41:45","version" => "2.042"},{"date" => "2013-09-20T17:35:06","version" => "2.043"},{"date" => "2013-10-13T16:02:40","version" => "2.044"},{"date" => "2013-10-18T17:48:15","version" => "2.045"},{"date" => "2013-12-15T13:07:37","version" => "2.046"},{"date" => "2014-01-25T15:54:37","version" => "2.047"},{"date" => "2014-02-23T18:02:19","version" => "2.048"},{"date" => "2014-02-26T19:45:44","version" => "2.049"},{"date" => "2014-02-27T18:12:32","version" => "2.050"},{"date" => "2014-03-06T18:23:11","version" => "2.051"},{"date" => "2014-03-23T16:20:43","version" => "2.052"},{"date" => "2014-03-25T19:11:57","version" => "2.053"},{"date" => "2014-04-01T17:51:50","version" => "2.054"},{"date" => "2014-05-02T11:33:28","version" => "2.055"},{"date" => "2014-05-18T19:34:53","version" => "2.056"},{"date" => "2014-06-12T19:32:47","version" => "2.057"},{"date" => "2014-06-19T19:43:18","version" => "2.058"},{"date" => "2014-06-29T15:08:02","version" => "2.059"},{"date" => "2014-08-19T12:43:59","version" => "2.060"},{"date" => "2014-09-23T19:21:04","version" => "2.061"},{"date" => "2014-11-23T19:45:05","version" => "2.062"},{"date" => "2014-11-28T17:55:21","version" => "2.063"},{"date" => "2014-12-04T18:47:05","version" => "2.064"},{"date" => "2015-01-06T20:16:15","version" => "2.065"},{"date" => "2015-02-15T16:13:00","version" => "2.066"},{"date" => "2015-03-01T18:38:28","version" => "2.067"},{"date" => "2015-03-29T13:39:56","version" => "2.068"},{"date" => "2015-04-25T19:29:15","version" => "2.069"},{"date" => "2015-05-03T14:00:52","version" => "2.070"},{"date" => "2015-05-23T11:15:16","version" => "2.071"},{"date" => "2015-07-18T19:31:43","version" => "2.072"},{"date" => "2015-07-19T07:35:51","version" => "2.073"},{"date" => "2015-09-30T18:56:39","version" => "2.074"},{"date" => "2015-11-22T20:11:19","version" => "2.075"},{"date" => "2016-01-14T18:13:20","version" => "2.076"},{"date" => "2016-01-20T19:55:36","version" => "2.077"},{"date" => "2016-01-24T18:48:46","version" => "2.078"},{"date" => "2016-02-12T20:44:28","version" => "2.079"},{"date" => "2016-02-27T17:59:55","version" => "2.080"},{"date" => "2016-02-29T19:01:45","version" => "2.081"},{"date" => "2016-03-29T18:22:30","version" => "2.082"},{"date" => "2016-04-20T18:32:29","version" => "2.083"},{"date" => "2016-05-26T17:35:53","version" => "2.084"},{"date" => "2016-05-29T17:13:14","version" => "2.085"},{"date" => "2016-06-04T19:28:08","version" => "2.086"},{"date" => "2016-06-29T17:35:35","version" => "2.087"},{"date" => "2016-07-09T18:06:03","version" => "2.088"},{"date" => "2016-09-04T13:17:52","version" => "2.089"},{"date" => "2016-09-10T16:07:07","version" => "2.090"},{"date" => "2016-09-13T17:05:56","version" => "2.091"},{"date" => "2016-09-23T17:46:04","version" => "2.092"},{"date" => "2016-11-08T18:33:39","version" => "2.093"},{"date" => "2016-11-09T18:23:05","version" => "2.094"},{"date" => "2016-12-06T18:01:00","version" => "2.095"},{"date" => "2016-12-11T20:28:14","version" => "2.096"},{"date" => "2016-12-22T17:35:34","version" => "2.097"},{"date" => "2017-02-26T18:58:23","version" => "2.098"},{"date" => "2017-03-05T17:09:37","version" => "2.099"},{"date" => "2017-03-18T12:06:34","version" => "2.100"},{"date" => "2017-04-28T17:40:56","version" => "2.101"},{"date" => "2017-05-14T19:10:40","version" => "2.102"},{"date" => "2017-05-25T08:15:17","version" => "2.103"},{"date" => "2017-06-03T13:23:33","version" => "2.104"},{"date" => "2017-06-09T17:26:55","version" => "2.105"},{"date" => "2017-07-16T14:07:23","version" => "2.106"},{"date" => "2017-08-30T19:12:10","version" => "2.107"},{"date" => "2017-08-31T17:23:43","version" => "2.108"},{"date" => "2017-09-18T17:52:57","version" => "2.109"},{"date" => "2017-09-21T19:12:32","version" => "2.110"},{"date" => "2017-09-22T18:41:04","version" => "2.111"},{"date" => "2017-10-01T09:12:45","version" => "2.112"},{"date" => "2017-10-12T19:07:46","version" => "2.113"},{"date" => "2017-11-11T16:35:03","version" => "2.114"},{"date" => "2017-12-14T18:03:18","version" => "2.115"},{"date" => "2017-12-16T09:52:09","version" => "2.116"},{"date" => "2018-02-03T18:09:35","version" => "2.117"},{"date" => "2018-03-26T18:33:19","version" => "2.118"},{"date" => "2018-04-02T16:55:50","version" => "2.119"},{"date" => "2018-04-08T07:56:03","version" => "2.120"},{"date" => "2018-04-15T17:08:18","version" => "2.121"},{"date" => "2018-04-17T17:20:14","version" => "2.122"},{"date" => "2018-05-01T17:18:09","version" => "2.123"},{"date" => "2018-06-09T17:16:59","version" => "2.124"},{"date" => "2018-06-24T12:47:24","version" => "2.125"},{"date" => "2018-08-20T13:10:09","version" => "2.126"},{"date" => "2018-09-30T16:44:13","version" => "2.127"},{"date" => "2018-11-21T19:33:41","version" => "2.128"},{"date" => "2018-12-05T18:44:58","version" => "2.129"},{"date" => "2018-12-07T19:02:10","version" => "2.130"},{"date" => "2018-12-16T18:32:58","version" => "2.131"},{"date" => "2018-12-22T17:50:27","version" => "2.132"},{"date" => "2019-01-13T20:17:07","version" => "2.133"},{"date" => "2019-05-05T10:51:38","version" => "2.134"},{"date" => "2019-06-05T17:21:24","version" => "2.135"},{"date" => "2019-07-29T15:44:09","version" => "2.136"},{"date" => "2019-12-01T17:32:00","version" => "2.137"},{"date" => "2019-12-27T14:43:21","version" => "2.138"},{"date" => "2020-07-18T14:38:14","version" => "2.139"},{"date" => "2020-07-31T08:24:37","version" => "2.140"},{"date" => "2021-01-17T18:04:01","version" => "2.141"},{"date" => "2021-04-07T17:08:47","version" => "2.142"},{"date" => "2021-10-31T17:28:44","version" => "2.143"},{"date" => "2021-11-04T17:26:40","version" => "2.144"},{"date" => "2021-11-06T18:23:25","version" => "2.145"},{"date" => "2021-11-28T18:13:47","version" => "2.146"},{"date" => "2021-11-29T18:42:25","version" => "2.147"},{"date" => "2022-01-09T15:02:17","version" => "2.148"},{"date" => "2022-01-13T16:42:50","version" => "2.149"},{"date" => "2022-05-08T15:10:12","version" => "2.150"},{"date" => "2022-07-26T14:32:41","version" => "2.151"},{"date" => "2022-07-28T08:07:07","version" => "2.152"},{"date" => "2023-07-14T14:05:14","version" => "2.153"},{"date" => "2023-07-14T17:35:53","version" => "2.153"},{"date" => "2024-06-15T14:47:56","version" => "2.154"},{"date" => "2024-11-24T15:11:43","version" => "2.155"},{"date" => "2026-02-02T15:05:59","version" => "2.156"},{"date" => "2026-03-03T18:24:07","version" => "2.157"},{"date" => "2026-03-04T18:23:59","version" => "2.158"},{"date" => "2026-03-08T15:55:43","version" => "2.159"}]},"Convert-ASN1" => {"advisories" => [{"affected_versions" => ["<0.27"],"cves" => ["CVE-2013-7488"],"description" => "perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.\n","distribution" => "Convert-ASN1","fixed_versions" => [],"id" => "CPANSA-Convert-ASN1-2013-7488","references" => ["https://github.com/gbarr/perl-Convert-ASN1/issues/14","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ONNQSW4SSKMG5RUEFZJZA5T5R2WXEGQF/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/6V3PJEQOT47ZO77263XPGS3Y3AJROI4X/"],"reported" => "2020-04-07","severity" => "high"}],"main_module" => "Convert::ASN1","versions" => [{"date" => "2000-04-03T21:52:45","version" => "0.04"},{"date" => "2000-05-12T10:14:51","version" => "0.05"},{"date" => "2000-05-22T11:08:54","version" => "0.06"},{"date" => "2000-05-30T14:31:54","version" => "0.07"},{"date" => "2001-02-05T22:44:53","version" => "0.08"},{"date" => "2001-04-19T23:07:25","version" => "0.09"},{"date" => "2001-04-20T06:40:05","version" => "0.10"},{"date" => "2001-06-11T13:37:41","version" => "0.11"},{"date" => "2001-07-31T17:11:59","version" => "0.12"},{"date" => "2001-08-26T07:23:52","version" => "0.13"},{"date" => "2001-09-10T18:07:31","version" => "0.14"},{"date" => "2002-01-22T11:33:25","version" => "0.15"},{"date" => "2002-08-20T00:05:24","version" => "0.16"},{"date" => "2003-05-12T17:52:00","version" => "0.17"},{"date" => "2003-10-08T14:31:56","version" => "0.18"},{"date" => "2005-04-19T00:51:07","version" => "0.19"},{"date" => "2006-02-22T01:29:15","version" => "0.20"},{"date" => "2007-02-03T02:50:32","version" => "0.21"},{"date" => "2008-09-15T19:39:08","version" => "0.22"},{"date" => "2012-05-03T21:33:29","version" => "0.23"},{"date" => "2012-06-04T22:12:03","version" => "0.24"},{"date" => "2012-06-09T00:32:31","version" => "0.25"},{"date" => "2012-06-09T18:31:05","version" => "0.26"},{"date" => "2014-06-25T18:49:11","version" => "0.27"},{"date" => "2021-05-23T21:05:04","version" => "0.28"},{"date" => "2021-05-24T21:29:37","version" => "0.29"},{"date" => "2021-05-30T00:58:54","version" => "0.30"},{"date" => "2021-06-03T01:30:40","version" => "0.31"},{"date" => "2021-09-21T21:46:25","version" => "0.32"},{"date" => "2021-09-22T22:51:23","version" => "0.33"},{"date" => "2023-08-07T22:47:22","version" => "0.34"}]},"Convert-UUlib" => {"advisories" => [{"affected_versions" => ["<1.051"],"cves" => ["CVE-2005-1349"],"description" => "Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.\n","distribution" => "Convert-UUlib","fixed_versions" => [],"id" => "CPANSA-Convert-UUlib-2005-1349","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200504-26.xml","http://secunia.com/advisories/15130","http://www.securityfocus.com/bid/13401","http://www.mandriva.com/security/advisories?name=MDKSA-2006:022","https://exchange.xforce.ibmcloud.com/vulnerabilities/20275"],"reported" => "2005-05-02","severity" => undef}],"main_module" => "Convert::UUlib","versions" => [{"date" => "1999-05-08T20:44:28","version" => "0.03"},{"date" => "1999-05-25T19:26:16","version" => "0.05"},{"date" => "1999-07-29T21:35:05","version" => "0.06"},{"date" => "2000-07-16T20:52:56","version" => "0.11"},{"date" => "2001-05-04T21:14:40","version" => "0.111"},{"date" => "2001-06-14T16:49:29","version" => "0.2"},{"date" => "2001-09-16T01:45:11","version" => "0.201"},{"date" => "2002-03-31T22:10:15","version" => "0.21"},{"date" => "2002-03-31T22:52:00","version" => "0.21"},{"date" => "2002-04-05T22:18:55","version" => "0.211"},{"date" => "2002-04-06T02:39:32","version" => "0.212"},{"date" => "2002-07-27T19:20:26","version" => "0.213"},{"date" => "2002-10-13T18:14:28","version" => "0.3"},{"date" => "2002-10-15T23:26:09","version" => "0.31"},{"date" => "2003-11-24T16:10:49","version" => "1.0"},{"date" => "2004-03-16T20:05:14","version" => "1.01"},{"date" => "2004-04-18T14:51:27","version" => "1.02"},{"date" => "2004-04-18T20:16:15","version" => "1.03"},{"date" => "2004-12-28T14:12:40","version" => "1.04"},{"date" => "2005-03-03T17:52:16","version" => "1.051"},{"date" => "2005-12-05T23:58:50","version" => "1.06"},{"date" => "2006-12-10T16:45:11","version" => "1.07"},{"date" => "2006-12-16T22:31:30","version" => "1.08"},{"date" => "2007-05-25T17:40:35","version" => "1.09"},{"date" => "2008-06-13T13:27:38","version" => "1.10"},{"date" => "2008-06-13T13:34:18","version" => "1.11"},{"date" => "2008-10-13T12:13:26","version" => "1.12"},{"date" => "2009-08-28T23:26:34","version" => "1.3"},{"date" => "2009-09-16T07:05:05","version" => "1.31"},{"date" => "2009-09-16T18:10:46","version" => "1.32"},{"date" => "2009-10-28T08:05:40","version" => "1.33"},{"date" => "2010-12-14T21:21:33","version" => "1.34"},{"date" => "2011-05-29T15:23:57","version" => "1.4"},{"date" => "2015-07-11T01:57:19","version" => "1.5"},{"date" => "2019-10-24T15:19:15","version" => "1.6"},{"date" => "2020-02-17T22:21:21","version" => "1.62"},{"date" => "2020-02-29T21:09:26","version" => "1.7"},{"date" => "2020-03-16T23:54:43","version" => "1.71"},{"date" => "2020-12-17T01:25:02","version" => "1.8"}]},"Cpanel-JSON-XS" => {"advisories" => [{"affected_versions" => ["<3.0225"],"cves" => [],"description" => "Overflow during processing of ill-formed UTF-8 strings.\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=3.0225"],"id" => "CPANSA-Cpanel-JSON-XS-2016-02","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/commit/f71768984ba7f50b0476c17a4f3b3f2ca88a6951","https://github.com/dankogai/p5-encode/issues/64"],"reported" => "2016-11-23"},{"affected_versions" => ["<3.0218"],"cves" => [],"description" => "Possible overflows in av and hv length types.\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=3.0218"],"id" => "CPANSA-Cpanel-JSON-XS-2016-01","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/commit/6554531b39fac236321d8601d35eaaa75ae45e20"],"reported" => undef},{"affected_versions" => ["<4.033"],"cves" => ["CVE-2022-48623"],"description" => "Wrong error messages/sometimes crashes or endless loops with invalid JSON in relaxed mode\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=4.033"],"id" => "CPANSA-Cpanel-JSON-XS-2023-01","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/issues/208","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.33/changes","https://nvd.nist.gov/vuln/detail/CVE-2022-48623","https://github.com/rurban/Cpanel-JSON-XS/commit/41f32396eee9395a40f9ed80145c37622560de9b","https://github.com/advisories/GHSA-44qr-8pf6-6q33"],"reported" => "2023-02-21"},{"affected_versions" => ["<4.40"],"cves" => ["CVE-2025-40929"],"description" => "Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=4.40"],"id" => "CPANSA-Cpanel-JSON-XS-2025-40929","references" => ["https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "Cpanel::JSON::XS","versions" => [{"date" => "2013-03-01T00:52:41","version" => "2.33_03"},{"date" => "2013-03-01T22:07:06","version" => "2.33_04"},{"date" => "2013-03-27T16:53:34","version" => "2.3305"},{"date" => "2013-03-27T17:17:51","version" => "2.3306"},{"date" => "2013-03-27T22:58:47","version" => "2.3307"},{"date" => "2013-03-28T14:28:56","version" => "2.3308"},{"date" => "2013-03-28T15:12:42","version" => "2.3309"},{"date" => "2013-03-28T17:33:21","version" => "2.3310"},{"date" => "2013-06-26T16:24:40","version" => "2.3313"},{"date" => "2013-09-09T05:54:40","version" => "2.3314"},{"date" => "2013-10-02T20:06:47","version" => "2.3401"},{"date" => "2013-11-02T14:42:20","version" => "2.3402"},{"date" => "2013-11-02T15:17:41","version" => "2.3403"},{"date" => "2014-01-30T15:58:58","version" => "2.3404"},{"date" => "2014-04-15T21:17:11","version" => "3.0101"},{"date" => "2014-04-17T18:37:34","version" => "3.0102"},{"date" => "2014-04-21T17:49:09","version" => "3.0103"},{"date" => "2014-04-26T16:04:39","version" => "3.0104"},{"date" => "2014-11-06T10:38:31","version" => "3.0105"},{"date" => "2014-11-11T21:57:49","version" => "3.0106"},{"date" => "2014-11-28T12:16:29","version" => "3.0107"},{"date" => "2014-12-11T17:02:07","version" => "3.0108"},{"date" => "2014-12-12T10:24:33","version" => "3.0109"},{"date" => "2014-12-12T22:35:37","version" => "3.0110"},{"date" => "2014-12-13T18:40:06","version" => "3.0111"},{"date" => "2014-12-14T16:34:01","version" => "3.0112"},{"date" => "2014-12-15T12:23:32","version" => "3.0113"},{"date" => "2015-01-04T14:06:03","version" => "3.0114"},{"date" => "2015-01-31T21:42:51","version" => "3.0115"},{"date" => "2015-11-26T08:58:33","version" => "3.0201"},{"date" => "2015-11-26T13:16:40","version" => "3.0202"},{"date" => "2015-11-26T13:42:02","version" => "3.0203"},{"date" => "2015-11-26T22:30:26","version" => "3.0204"},{"date" => "2015-11-29T14:09:00","version" => "3.0205"},{"date" => "2015-11-30T16:16:48","version" => "3.0206"},{"date" => "2015-12-02T16:34:35","version" => "3.0207"},{"date" => "2015-12-02T22:46:58","version" => "3.0208"},{"date" => "2015-12-03T09:45:04","version" => "3.0209"},{"date" => "2015-12-03T11:59:24","version" => "3.0210"},{"date" => "2016-01-10T17:38:25","version" => "3.0211"},{"date" => "2016-02-27T13:30:04","version" => "3.0212"},{"date" => "2016-03-02T10:28:37","version" => "3.0213"},{"date" => "2016-04-12T08:40:05","version" => "3.0213_01"},{"date" => "2016-04-13T10:40:03","version" => "3.0213_02"},{"date" => "2016-06-02T16:18:51","version" => "3.0214"},{"date" => "2016-06-06T13:28:49","version" => "3.0215"},{"date" => "2016-06-12T12:14:20","version" => "3.0216"},{"date" => "2016-06-18T09:59:27","version" => "3.0217"},{"date" => "2016-10-04T10:11:33","version" => "3.0217_01"},{"date" => "2016-10-04T14:47:29","version" => "3.0217_02"},{"date" => "2016-10-06T08:46:17","version" => "3.0217_03"},{"date" => "2016-10-07T12:11:03","version" => "3.0217_04"},{"date" => "2016-10-07T17:22:48","version" => "3.0217_05"},{"date" => "2016-10-08T08:01:50","version" => "3.0217_06"},{"date" => "2016-10-13T12:47:31","version" => "3.0218"},{"date" => "2016-10-26T11:45:35","version" => "3.0219"},{"date" => "2016-10-28T08:34:28","version" => "3.0220"},{"date" => "2016-10-30T12:27:36","version" => "3.0221"},{"date" => "2016-10-30T15:04:32","version" => "3.0222"},{"date" => "2016-11-16T11:47:38","version" => "3.0223"},{"date" => "2016-11-20T11:31:34","version" => "3.0224"},{"date" => "2016-11-23T18:43:00","version" => "3.0225"},{"date" => "2017-02-11T13:24:48","version" => "3.0226"},{"date" => "2017-02-13T10:57:06","version" => "3.0227"},{"date" => "2017-03-07T23:57:39","version" => "3.0228"},{"date" => "2017-03-10T14:08:07","version" => "3.0229"},{"date" => "2017-03-12T09:52:13","version" => "3.0230"},{"date" => "2017-03-29T09:51:51","version" => "3.0231"},{"date" => "2017-05-01T05:35:12","version" => "3.0232"},{"date" => "2017-05-01T14:54:56","version" => "3.0233"},{"date" => "2017-07-27T15:43:41","version" => "3.0234"},{"date" => "2017-07-27T16:21:47","version" => "3.0235"},{"date" => "2017-07-27T20:15:25","version" => "3.0236"},{"date" => "2017-07-28T11:15:05","version" => "3.0237"},{"date" => "2017-08-25T20:53:56","version" => "3.0238"},{"date" => "2017-08-28T20:48:37","version" => "3.0239"},{"date" => "2018-01-30T11:52:27","version" => "3.99_01"},{"date" => "2018-01-31T12:58:24","version" => "3.99_02"},{"date" => "2018-01-31T17:18:58","version" => "3.99_03"},{"date" => "2018-02-02T01:57:54","version" => "4.00"},{"date" => "2018-02-03T11:50:36","version" => "4.01"},{"date" => "2018-02-27T16:08:55","version" => "4.02"},{"date" => "2018-06-21T11:16:14","version" => "4.03"},{"date" => "2018-06-22T17:37:07","version" => "4.04"},{"date" => "2018-08-19T16:55:22","version" => "4.05"},{"date" => "2018-08-23T07:50:22","version" => "4.06"},{"date" => "2018-11-02T09:51:34","version" => "4.07"},{"date" => "2018-11-28T14:26:40","version" => "4.08"},{"date" => "2019-02-15T10:09:53","version" => "4.09"},{"date" => "2019-03-18T07:50:15","version" => "4.10"},{"date" => "2019-03-26T16:46:53","version" => "4.11"},{"date" => "2019-06-11T08:04:04","version" => "4.12"},{"date" => "2019-10-14T14:14:37","version" => "4.13"},{"date" => "2019-10-15T15:16:21","version" => "4.14"},{"date" => "2019-10-22T07:01:03","version" => "4.15"},{"date" => "2019-11-04T15:51:01","version" => "4.16"},{"date" => "2019-11-05T13:48:29","version" => "4.17"},{"date" => "2019-12-13T15:54:58","version" => "4.18"},{"date" => "2020-02-06T15:07:47","version" => "4.19"},{"date" => "2020-08-12T12:18:46","version" => "4.20"},{"date" => "2020-08-13T06:56:18","version" => "4.21"},{"date" => "2020-09-04T19:26:28","version" => "4.22"},{"date" => "2020-09-05T10:21:25","version" => "4.23"},{"date" => "2020-10-02T09:05:37","version" => "4.24"},{"date" => "2020-10-28T07:04:49","version" => "4.25"},{"date" => "2021-04-12T06:34:32","version" => "4.26"},{"date" => "2021-10-14T19:19:01","version" => "4.27"},{"date" => "2022-05-05T14:46:07","version" => "4.28"},{"date" => "2022-05-27T15:32:51","version" => "4.29"},{"date" => "2022-06-16T19:19:38","version" => "4.30"},{"date" => "2022-08-10T14:25:08","version" => "4.31"},{"date" => "2022-08-13T07:13:40","version" => "4.32"},{"date" => "2023-02-21T16:34:10","version" => "4.33"},{"date" => "2023-02-21T18:39:09","version" => "4.34"},{"date" => "2023-02-22T15:40:53","version" => "4.35"},{"date" => "2023-03-02T15:11:52","version" => "4.36"},{"date" => "2023-07-04T10:35:53","version" => "4.37"},{"date" => "2024-05-28T07:42:37","version" => "4.38"},{"date" => "2024-12-12T21:17:16","version" => "4.39"},{"date" => "2025-09-08T14:02:35","version" => "4.40"}]},"Crypt-CBC" => {"advisories" => [{"affected_versions" => ["<3.04"],"cves" => [],"description" => "Fixed bug involving manually-specified IV not being used in some circumstances.\n","distribution" => "Crypt-CBC","fixed_versions" => [">=3.04"],"id" => "CPANSA-Crypt-CBC-2021-0001","references" => ["https://metacpan.org/changes/distribution/Crypt-CBC","https://github.com/briandfoy/cpan-security-advisory/issues/165"],"reported" => "2021-05-17","severity" => undef},{"affected_versions" => ["<2.17"],"cves" => ["CVE-2006-0898"],"description" => "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.\n","distribution" => "Crypt-CBC","fixed_versions" => [">=2.17"],"id" => "CPANSA-Crypt-CBC-2006-0898","references" => ["https://metacpan.org/changes/distribution/Crypt-CBC","http://www.securityfocus.com/bid/16802","http://secunia.com/advisories/18755","http://www.debian.org/security/2006/dsa-996","http://secunia.com/advisories/19187","http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml","http://secunia.com/advisories/19303","http://www.novell.com/linux/security/advisories/2006_38_security.html","http://secunia.com/advisories/20899","http://securityreason.com/securityalert/488","http://www.redhat.com/support/errata/RHSA-2008-0261.html","http://secunia.com/advisories/31493","http://rhn.redhat.com/errata/RHSA-2008-0630.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/24954","http://www.securityfocus.com/archive/1/425966/100/0/threaded"],"reported" => "2006-02-25","severity" => undef},{"affected_versions" => [">=1.21,<3.07"],"cves" => ["CVE-2025-2814"],"description" => "Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  This issue affects operating systems where \"/dev/urandom'\" is unavailable.\x{a0} In that case, Crypt::CBC will fallback to use the insecure rand() function.","distribution" => "Crypt-CBC","fixed_versions" => [">=3.07"],"id" => "CPANSA-Crypt-CBC-2025-2814","references" => ["https://metacpan.org/dist/Crypt-CBC/source/lib/Crypt/CBC.pm#L777","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://github.com/lstein/Lib-Crypt-CBC/issues/9"],"reported" => "2025-04-13","severity" => undef}],"main_module" => "Crypt::CBC","versions" => [{"date" => "1998-06-19T19:48:52","version" => "1.00"},{"date" => "1998-09-22T18:30:35","version" => "1.10"},{"date" => "1998-12-20T23:36:49","version" => "1.20"},{"date" => "2000-01-27T00:27:56","version" => "1.22"},{"date" => "2000-02-22T15:20:56","version" => "1.23"},{"date" => "2000-06-07T18:55:59","version" => "1.24"},{"date" => "2000-06-08T15:59:07","version" => "1.25"},{"date" => "2001-12-10T17:16:25","version" => "2.01"},{"date" => "2002-01-24T05:30:16","version" => "2.02"},{"date" => "2002-06-02T18:40:15","version" => "2.03"},{"date" => "2002-06-12T02:20:51","version" => "2.04"},{"date" => "2002-06-22T13:02:09","version" => "2.05"},{"date" => "2002-08-08T18:47:49","version" => "2.07"},{"date" => "2002-09-11T12:17:23","version" => "2.08"},{"date" => "2004-05-27T15:20:52","version" => "2.09"},{"date" => "2004-05-29T17:29:19","version" => "2.10"},{"date" => "2004-06-03T16:22:32","version" => "2.11"},{"date" => "2004-06-17T15:55:19","version" => "2.11"},{"date" => "2005-05-05T20:11:50","version" => "2.14"},{"date" => "2005-08-01T14:02:45","version" => "2.15"},{"date" => "2006-02-16T14:08:57","version" => "2.17"},{"date" => "2006-06-06T23:22:02","version" => "2.18"},{"date" => "2006-08-12T19:52:11","version" => "2.19"},{"date" => "2006-10-16T23:40:13","version" => "2.21"},{"date" => "2006-10-29T21:55:34","version" => "2.22"},{"date" => "2007-09-28T15:25:53","version" => "2.24"},{"date" => "2008-03-28T14:17:29","version" => "2.27"},{"date" => "2008-03-31T14:56:52","version" => "2.28"},{"date" => "2008-04-22T14:27:07","version" => "2.29"},{"date" => "2008-09-30T15:17:58","version" => "2.30"},{"date" => "2012-10-30T11:08:06","version" => "2.31"},{"date" => "2012-12-14T19:30:14","version" => "2.32"},{"date" => "2013-07-30T20:03:53","version" => "2.33"},{"date" => "2021-02-07T15:30:51","version" => "3.00"},{"date" => "2021-02-08T21:38:16","version" => "3.01"},{"date" => "2021-04-11T22:16:48","version" => "3.02"},{"date" => "2021-04-19T02:59:12","version" => "3.03"},{"date" => "2021-05-17T15:03:53","version" => "3.04"},{"date" => "2025-07-21T00:57:11","version" => "3.05"},{"date" => "2025-07-26T16:23:53","version" => "3.06"},{"date" => "2025-07-27T14:50:49","version" => "3.07"}]},"Crypt-DSA" => {"advisories" => [{"affected_versions" => ["<1.18"],"cves" => ["CVE-2011-3599"],"description" => "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.\n","distribution" => "Crypt-DSA","fixed_versions" => [],"id" => "CPANSA-Crypt-DSA-2011-3599","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=71421","https://bugzilla.redhat.com/show_bug.cgi?id=743567","http://www.openwall.com/lists/oss-security/2011/10/05/9","http://www.openwall.com/lists/oss-security/2011/10/05/5","http://secunia.com/advisories/46275","http://www.securityfocus.com/bid/49928","http://osvdb.org/76025"],"reported" => "2011-10-10","severity" => undef}],"main_module" => "Crypt::DSA","versions" => [{"date" => "2001-03-24T01:21:08","version" => "0.02"},{"date" => "2001-04-07T07:44:41","version" => "0.03"},{"date" => "2001-04-23T00:09:38","version" => "0.10"},{"date" => "2001-05-02T23:26:09","version" => "0.11"},{"date" => "2001-05-04T06:12:08","version" => "0.12"},{"date" => "2005-05-26T16:19:59","version" => "0.13"},{"date" => "2006-05-08T18:43:01","version" => "0.14"},{"date" => "2009-08-19T11:11:31","version" => "0.15_01"},{"date" => "2009-09-11T12:47:36","version" => "1.16"},{"date" => "2011-06-17T01:49:57","version" => "1.17"},{"date" => "2024-12-04T04:25:53","version" => "1.18"},{"date" => "2024-12-04T13:54:34","version" => "1.18"},{"date" => "2024-12-04T14:50:02","version" => "1.19"}]},"Crypt-JWT" => {"advisories" => [{"affected_versions" => ["<0.023"],"cves" => ["CVE-2019-1010263"],"description" => "Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c.\n","distribution" => "Crypt-JWT","fixed_versions" => [">=0.023"],"id" => "CPANSA-Crypt-JWT-2019-01","references" => ["https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c","https://www.openwall.com/lists/oss-security/2018/09/07/1"],"reported" => "2019-03-20","severity" => "high"},{"affected_versions" => ["<0.022"],"cves" => ["CVE-2019-1010161"],"description" => "perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.\n","distribution" => "Crypt-JWT","fixed_versions" => [">=0.022"],"id" => "CPANSA-Crypt-JWT-2019-01","references" => ["https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483"],"reported" => "2019-03-20","severity" => "high"}],"main_module" => "Crypt::JWT","versions" => [{"date" => "2015-07-02T22:24:01","version" => "0.004"},{"date" => "2015-07-02T22:54:29","version" => "0.005"},{"date" => "2015-07-07T19:43:45","version" => "0.010"},{"date" => "2015-10-22T07:08:48","version" => "0.011"},{"date" => "2016-05-02T17:33:01","version" => "0.012"},{"date" => "2016-05-03T07:10:15","version" => "0.013"},{"date" => "2016-05-04T05:48:13","version" => "0.014"},{"date" => "2016-05-12T05:38:49","version" => "0.015"},{"date" => "2016-05-12T08:03:49","version" => "0.016"},{"date" => "2016-06-03T10:17:48","version" => "0.017"},{"date" => "2016-08-31T19:49:41","version" => "0.018"},{"date" => "2018-01-26T16:07:54","version" => "0.019"},{"date" => "2018-02-02T15:02:28","version" => "0.020"},{"date" => "2018-03-15T11:59:25","version" => "0.021"},{"date" => "2018-06-24T20:29:50","version" => "0.022"},{"date" => "2018-09-01T16:09:10","version" => "0.023"},{"date" => "2019-03-26T11:11:25","version" => "0.024"},{"date" => "2019-09-29T15:23:58","version" => "0.025"},{"date" => "2020-02-02T08:44:56","version" => "0.026"},{"date" => "2020-06-04T22:35:39","version" => "0.027"},{"date" => "2020-06-14T18:17:45","version" => "0.028"},{"date" => "2020-06-22T13:13:53","version" => "0.029"},{"date" => "2021-01-08T14:22:56","version" => "0.030"},{"date" => "2021-01-10T14:18:25","version" => "0.031"},{"date" => "2021-03-18T21:02:33","version" => "0.032"},{"date" => "2021-05-01T17:18:31","version" => "0.033"},{"date" => "2021-11-28T22:08:38","version" => "0.034"},{"date" => "2023-10-03T10:20:23","version" => "0.035"},{"date" => "2025-01-26T10:17:48","version" => "0.036"},{"date" => "2025-04-27T15:02:48","version" => "0.037"}]},"Crypt-NaCl-Sodium" => {"advisories" => [{"affected_versions" => ["<2.002"],"cves" => ["CVE-2026-2588"],"description" => "Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems.  Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions.  On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 64-bits.","distribution" => "Crypt-NaCl-Sodium","fixed_versions" => [">=2.002"],"id" => "CPANSA-Crypt-NaCl-Sodium-2026-2588","references" => ["https://github.com/cpan-authors/crypt-nacl-sodium/commit/557388bdb4da416a56663cda0154b80cd524395c.patch","https://github.com/cpan-authors/crypt-nacl-sodium/commit/8cf7f66ba922443e131c9deae1ee00fafe4f62e4.patch","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.001/source/Sodium.xs#L2119"],"reported" => "2026-02-23","severity" => undef},{"affected_versions" => ["<2.003"],"cves" => ["CVE-2026-30909"],"description" => "Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows.  bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer.  Encountering this issue is unlikely as the message length would need to be very large.  For bin2hex() the bin_len would have to be > SIZE_MAX / 2 For encrypt() the msg_len would need to be > SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be > SIZE_MAX - 16U For seal() the enc_len would need to be > SIZE_MAX - 64U","distribution" => "Crypt-NaCl-Sodium","fixed_versions" => [">=2.003"],"id" => "CPANSA-Crypt-NaCl-Sodium-2026-30909","references" => ["https://github.com/cpan-authors/crypt-nacl-sodium/pull/24.patch","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L2116","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L2310","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L3304","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L942","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.003/source/Changes","http://www.openwall.com/lists/oss-security/2026/03/08/1"],"reported" => "2026-03-08","severity" => undef}],"main_module" => "Crypt::NaCl::Sodium","versions" => [{"date" => "2015-05-11T23:46:38","version" => "0.01"},{"date" => "2015-05-12T00:36:27","version" => "0.02"},{"date" => "2015-05-12T21:28:08","version" => "0.03"},{"date" => "2015-05-17T23:32:58","version" => "0.04"},{"date" => "2015-05-19T21:42:19","version" => "0.05"},{"date" => "2015-05-20T21:42:03","version" => "0.06"},{"date" => "2015-07-13T21:38:48","version" => "0.07"},{"date" => "2015-07-16T23:17:55","version" => "0.08"},{"date" => "2015-11-22T23:01:21","version" => "1.0.6.0"},{"date" => "2015-11-25T23:52:50","version" => "1.0.6.1"},{"date" => "2015-12-24T02:46:57","version" => "1.0.7.0"},{"date" => "2015-12-27T21:47:41","version" => "1.0.8.0"},{"date" => "2026-02-11T00:21:19","version" => "2.000"},{"date" => "2026-02-12T23:20:54","version" => "2.001"},{"date" => "2026-02-22T23:28:45","version" => "2.002"},{"date" => "2026-03-08T01:06:53","version" => "2.003"}]},"Crypt-OpenSSL-DSA" => {"advisories" => [{"affected_versions" => ["<0.14"],"cves" => ["CVE-2009-0129"],"description" => "Missing error check in do_verify, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.\n","distribution" => "Crypt-OpenSSL-DSA","fixed_versions" => [">=0.14"],"id" => "CPANSA-Crypt-OpenSSL-DSA-2009-01","references" => ["https://metacpan.org/changes/distribution/Crypt-OpenSSL-DSA","https://www.openwall.com/lists/oss-security/2009/01/12/4","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519"],"reported" => "2009-01-15"}],"main_module" => "Crypt::OpenSSL::DSA","versions" => [{"date" => "2001-09-19T04:45:14","version" => "0.01"},{"date" => "2001-09-24T17:32:49","version" => "0.02"},{"date" => "2002-02-07T05:57:36","version" => "0.03"},{"date" => "2002-09-24T04:52:06","version" => "0.04"},{"date" => "2002-09-26T00:21:17","version" => "0.10"},{"date" => "2003-01-06T19:08:08","version" => "0.11"},{"date" => "2005-05-23T01:44:36","version" => "0.12"},{"date" => "2005-10-15T21:37:10","version" => "0.13"},{"date" => "2012-10-16T22:55:16","version" => "0.14"},{"date" => "2015-02-03T21:57:37","version" => "0.15"},{"date" => "2016-10-27T11:25:18","version" => "0.16"},{"date" => "2016-10-27T18:54:42","version" => "0.17"},{"date" => "2016-11-17T10:33:35","version" => "0.18"},{"date" => "2017-01-13T08:24:56","version" => "0.19"},{"date" => "2021-03-20T12:31:50","version" => "0.20"}]},"Crypt-OpenSSL-RSA" => {"advisories" => [{"affected_versions" => ["<0.35"],"cves" => ["CVE-2024-2467"],"description" => "A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.\n","distribution" => "Crypt-OpenSSL-RSA","fixed_versions" => [">=0.35"],"id" => "CPANSA-Crypt-OpenSSL-RSA-2024-2467","references" => ["https://access.redhat.com/security/cve/CVE-2024-2467","https://bugzilla.redhat.com/show_bug.cgi?id=2269567","https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42","https://people.redhat.com/~hkario/marvin/"],"reported" => "2024-04-25","severity" => undef}],"main_module" => "Crypt::OpenSSL::RSA","versions" => [{"date" => "2001-04-02T04:24:26","version" => "0.08"},{"date" => "2001-04-02T16:43:12","version" => "0.09"},{"date" => "2001-04-10T20:56:43","version" => "0.10"},{"date" => "2001-04-11T02:58:01","version" => "0.11"},{"date" => "2001-09-07T03:14:26","version" => "0.12"},{"date" => "2002-03-22T04:46:17","version" => "0.13"},{"date" => "2002-05-19T16:54:53","version" => "0.14"},{"date" => "2002-06-07T13:25:40","version" => "0.15"},{"date" => "2002-06-12T02:15:47","version" => "0.16"},{"date" => "2003-01-07T04:08:58","version" => "0.17"},{"date" => "2003-02-24T02:27:12","version" => "0.18"},{"date" => "2003-04-27T22:48:40","version" => "0.19"},{"date" => "2004-02-15T20:43:41","version" => "0.20"},{"date" => "2004-02-16T02:19:45","version" => "0.21"},{"date" => "2005-06-06T10:51:24","version" => "0.22"},{"date" => "2005-11-15T04:34:15","version" => "0.22"},{"date" => "2006-04-13T04:38:04","version" => "0.23"},{"date" => "2006-11-13T15:34:59","version" => "0.24"},{"date" => "2007-05-20T19:06:56","version" => "0.25"},{"date" => "2009-11-22T20:40:31","version" => "0.26"},{"date" => "2011-06-29T18:49:35","version" => "0.26_01"},{"date" => "2011-07-03T20:14:52","version" => "0.27"},{"date" => "2011-08-24T23:04:56","version" => "0.28"},{"date" => "2017-11-27T03:36:04","version" => "0.28"},{"date" => "2018-04-14T05:01:11","version" => "0.29_01"},{"date" => "2018-04-15T18:55:41","version" => "0.29_02"},{"date" => "2018-04-16T20:47:56","version" => "0.29_03"},{"date" => "2018-05-01T16:37:12","version" => "0.30"},{"date" => "2018-09-24T17:36:24","version" => "0.31"},{"date" => "2021-09-08T15:50:47","version" => "0.32"},{"date" => "2022-07-08T11:25:11","version" => "0.33"},{"date" => "2025-05-03T12:48:15","version" => "0.34_01"},{"date" => "2025-05-04T13:50:42","version" => "0.34_02"},{"date" => "2025-05-04T14:18:26","version" => "0.34_03"},{"date" => "2025-05-05T13:44:07","version" => "0.34"},{"date" => "2025-05-07T16:52:11","version" => "0.35"},{"date" => "2025-10-29T21:22:55","version" => "0.36"},{"date" => "2025-10-29T21:41:15","version" => "0.37"}]},"Crypt-Passwd-XS" => {"advisories" => [{"affected_versions" => ["<0.601"],"cves" => ["CVE-2012-2143"],"description" => "The crypt_des (aka DES-based crypt) function does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.\n","distribution" => "Crypt-Passwd-XS","fixed_versions" => [">=0.601"],"id" => "CPANSA-Crypt-Passwd-XS-2012-01","references" => ["https://metacpan.org/changes/distribution/Crypt-Passwd-XS"],"reported" => "2012-05-07"}],"main_module" => "Crypt::Passwd::XS","versions" => [{"date" => "2010-11-14T21:18:18","version" => "0.4"},{"date" => "2010-11-17T02:03:54","version" => "0.501"},{"date" => "2010-11-17T23:25:17","version" => "0.503"},{"date" => "2010-11-20T00:37:33","version" => "0.504"},{"date" => "2010-11-24T00:59:34","version" => "0.505"},{"date" => "2011-03-09T16:18:01","version" => "0.506"},{"date" => "2011-03-09T21:40:38","version" => "0.507"},{"date" => "2011-07-26T16:37:20","version" => "0.600"},{"date" => "2012-12-06T19:57:57","version" => "0.601"}]},"Crypt-Perl" => {"advisories" => [{"affected_versions" => ["<0.33"],"cves" => ["CVE-2020-17478"],"description" => "ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.\n","distribution" => "Crypt-Perl","fixed_versions" => [">=0.33"],"id" => "CPANSA-Crypt-Perl-2020-01","references" => ["https://github.com/FGasper/p5-Crypt-Perl/compare/0.32...0.33"],"reported" => "2020-08-10","severity" => "high"},{"affected_versions" => ["<0.32"],"cves" => ["CVE-2020-13895"],"description" => "Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.\n","distribution" => "Crypt-Perl","fixed_versions" => [">=0.32"],"id" => "CPANSA-Crypt-Perl-2020-02","references" => ["https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2","https://github.com/FGasper/p5-Crypt-Perl/issues/14"],"reported" => "2020-06-07","severity" => "high"}],"main_module" => "Crypt::Perl","versions" => [{"date" => "2016-12-14T06:20:54","version" => "0.01"},{"date" => "2016-12-17T05:33:45","version" => "0.02"},{"date" => "2016-12-19T14:55:23","version" => "0.021"},{"date" => "2016-12-19T22:19:39","version" => "0.022"},{"date" => "2016-12-20T08:45:47","version" => "0.03"},{"date" => "2016-12-20T18:44:49","version" => "0.031"},{"date" => "2016-12-21T05:18:09","version" => "0.032"},{"date" => "2016-12-23T05:59:32","version" => "0.033"},{"date" => "2016-12-29T16:03:59","version" => "0.1"},{"date" => "2016-12-31T06:23:01","version" => "0.11"},{"date" => "2017-01-02T21:24:31","version" => "0.12"},{"date" => "2017-01-03T14:55:13","version" => "0.13"},{"date" => "2017-01-03T16:30:45","version" => "0.14"},{"date" => "2017-01-04T00:12:29","version" => "0.15"},{"date" => "2017-02-02T09:09:40","version" => "0.15_1"},{"date" => "2017-02-03T03:31:34","version" => "0.16_rc1"},{"date" => "2017-02-03T03:38:07","version" => "0.15_2"},{"date" => "2017-02-03T07:21:32","version" => "0.15_3"},{"date" => "2017-02-07T04:16:06","version" => "0.16"},{"date" => "2017-02-08T07:56:45","version" => "0.16_1"},{"date" => "2017-02-08T09:25:41","version" => "0.17"},{"date" => "2017-02-09T04:07:34","version" => "0.17_1"},{"date" => "2018-06-18T01:48:20","version" => "0.18-TRIAL1"},{"date" => "2018-06-18T02:52:52","version" => "0.18-TRIAL2"},{"date" => "2018-06-18T12:03:17","version" => "0.18-TRIAL3"},{"date" => "2018-06-18T15:07:20","version" => "0.18-TRIAL4"},{"date" => "2018-06-18T20:34:04","version" => "0.18-TRIAL5"},{"date" => "2018-06-18T21:06:07","version" => "0.18-TRIAL6"},{"date" => "2018-06-18T21:47:43","version" => "0.18-TRIAL7"},{"date" => "2018-06-18T22:42:19","version" => "0.18"},{"date" => "2018-06-19T04:25:06","version" => "0.19"},{"date" => "2018-06-19T06:14:32","version" => "0.20-TRIAL1"},{"date" => "2018-06-19T14:23:57","version" => "0.20-TRIAL2"},{"date" => "2018-06-19T15:50:08","version" => "0.20"},{"date" => "2018-06-19T15:56:15","version" => "0.21"},{"date" => "2018-06-21T03:33:59","version" => "0.22-TRIAL1"},{"date" => "2018-06-21T13:31:18","version" => "0.22-TRIAL2"},{"date" => "2018-06-22T14:43:21","version" => "0.22"},{"date" => "2018-06-23T00:40:40","version" => "0.23-TRIAL1"},{"date" => "2018-06-25T14:35:15","version" => "0.23"},{"date" => "2018-07-23T03:11:37","version" => "0.24_TRIAL1"},{"date" => "2018-07-23T03:13:05","version" => "0.24_TRIAL2"},{"date" => "2018-07-23T03:16:58","version" => "0.24-TRIAL3"},{"date" => "2018-07-23T12:12:48","version" => "0.24-TRIAL4"},{"date" => "2018-07-24T22:03:18","version" => "0.24"},{"date" => "2018-07-25T01:54:45","version" => "0.25"},{"date" => "2018-07-28T19:52:07","version" => "0.26-TRIAL1"},{"date" => "2018-07-28T22:07:05","version" => "0.26"},{"date" => "2018-07-28T22:26:02","version" => "0.27-TRIAL1"},{"date" => "2018-07-29T02:05:05","version" => "0.27"},{"date" => "2018-08-25T00:24:23","version" => "0.28"},{"date" => "2018-08-25T02:38:45","version" => "0.29"},{"date" => "2018-12-22T02:29:37","version" => "0.30-TRIAL1"},{"date" => "2018-12-22T15:18:25","version" => "0.30-TRIAL2"},{"date" => "2018-12-24T03:14:46","version" => "0.30-TRIAL3"},{"date" => "2019-09-12T03:13:59","version" => "0.30"},{"date" => "2020-02-11T00:54:58","version" => "0.31_01"},{"date" => "2020-02-11T02:50:09","version" => "0.31_02"},{"date" => "2020-02-12T01:19:36","version" => "0.31"},{"date" => "2020-06-04T12:31:25","version" => "0.32_01"},{"date" => "2020-06-04T12:56:11","version" => "0.32_02"},{"date" => "2020-06-05T02:53:59","version" => "0.32"},{"date" => "2020-08-10T15:39:12","version" => "0.33"},{"date" => "2020-09-24T07:31:56","version" => "0.34_02"},{"date" => "2020-09-24T07:37:16","version" => "0.34_03"},{"date" => "2020-09-25T01:38:34","version" => "0.34_04"},{"date" => "2020-09-26T03:44:57","version" => "0.34_05"},{"date" => "2020-09-26T12:38:56","version" => "0.34_06"},{"date" => "2020-09-26T18:03:25","version" => "0.34_07"},{"date" => "2020-09-27T13:00:26","version" => "0.34_08"},{"date" => "2020-09-27T23:51:08","version" => "0.34_09"},{"date" => "2020-09-28T07:22:06","version" => "0.34"},{"date" => "2021-11-17T15:13:58","version" => "0.35_02"},{"date" => "2021-11-18T03:39:19","version" => "0.35"},{"date" => "2021-11-18T03:44:32","version" => "0.36"},{"date" => "2021-11-20T13:20:35","version" => "0.37_01"},{"date" => "2021-11-21T03:44:48","version" => "0.37_02"},{"date" => "2021-11-22T04:28:59","version" => "0.37_03"},{"date" => "2021-11-29T02:09:35","version" => "0.37_04"},{"date" => "2021-11-30T02:16:10","version" => "0.37_05"},{"date" => "2021-11-30T16:09:14","version" => "0.37_06"},{"date" => "2021-12-01T01:39:08","version" => "0.37_07"},{"date" => "2021-12-02T21:42:02","version" => "0.37_08"},{"date" => "2021-12-06T15:38:41","version" => "0.37_09"},{"date" => "2021-12-08T01:12:53","version" => "0.37_10"},{"date" => "2021-12-09T13:42:15","version" => "0.37_11"},{"date" => "2021-12-14T02:08:33","version" => "0.37_12"},{"date" => "2021-12-15T05:19:53","version" => "0.37_13"},{"date" => "2021-12-17T19:36:38","version" => "0.37"},{"date" => "2022-10-17T15:04:13","version" => "0.38"}]},"Crypt-Primes" => {"advisories" => [{"affected_versions" => ["<0.52"],"cves" => [],"description" => "bin/largeprimes uses a custom shebang, which allows it to load modules from several locations: '..', '../lib', 'lib'. This could lead to load modules from an unpredictable location depending from where the script is run and what user is running it.\n","distribution" => "Crypt-Primes","fixed_versions" => [">=0.52"],"id" => "CPANSA-Crypt-Primes-2024-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=128058","https://github.com/atoomic/Crypt-Primes/pull/2","https://github.com/perl-Crypt-OpenPGP/Crypt-Primes/blob/main/Changes"],"reported" => undef,"severity" => undef}],"main_module" => "Crypt::Primes","versions" => [{"date" => "2000-11-09T23:33:04","version" => "0.38"},{"date" => "2001-03-05T09:29:12","version" => "0.46"},{"date" => "2001-06-11T09:15:28","version" => "0.49"},{"date" => "2003-01-16T20:11:04","version" => "0.50"},{"date" => "2025-01-25T02:41:34","version" => "0.51"},{"date" => "2025-01-25T13:14:32","version" => "0.52"}]},"Crypt-Random" => {"advisories" => [{"affected_versions" => [">0"],"cves" => [],"description" => "The makerandom program that comes with Crypt::Random adds module search paths in its shebang line, potentially leading to issues with unexpected modules being loaded\n","distribution" => "Crypt-Random","fixed_versions" => [],"id" => "CPANSA-Crypt-Random-2024-001","references" => ["https://metacpan.org/dist/Crypt-Random/changes","https://rt.cpan.org/Ticket/Display.html?id=128062","https://github.com/atoomic/Crypt-Random/pull/1"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.05,<=1.55"],"cves" => ["CVE-2025-1828"],"description" => "Crypt::Random Perl package 1.05 through 1.55 may use rand() function,\x{a0}which is not\x{a0}cryptographically strong,\x{a0}for cryptographic functions.  If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available\x{a0}Crypt::Random will default to use the insecure\x{a0}Crypt::Random::rand provider.  In particular, Windows versions of perl will encounter this issue by default.","distribution" => "Crypt-Random","fixed_versions" => [">1.55"],"id" => "CPANSA-Crypt-Random-2025-1828","references" => ["https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05","https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1","https://perldoc.perl.org/functions/rand"],"reported" => "2025-03-11","severity" => undef}],"main_module" => "Crypt::Random","versions" => [{"date" => "1999-04-09T19:08:40","version" => "0.17"},{"date" => "1999-10-13T23:27:57","version" => "0.18"},{"date" => "2000-09-18T22:56:56","version" => "0.23"},{"date" => "2001-02-14T08:55:34","version" => "0.32"},{"date" => "2001-03-05T09:27:27","version" => "0.33"},{"date" => "2001-04-17T22:01:25","version" => "0.34"},{"date" => "2001-06-22T22:11:42","version" => "1.07"},{"date" => "2001-06-23T02:22:55","version" => "1.08"},{"date" => "2001-07-09T19:07:34","version" => "1.10"},{"date" => "2001-07-12T16:02:21","version" => "1.11"},{"date" => "2003-01-08T13:41:34","version" => "1.12"},{"date" => "2003-03-11T18:44:11","version" => "1.13"},{"date" => "2004-05-21T21:18:13","version" => "1.20"},{"date" => "2004-05-24T23:04:52","version" => "1.21"},{"date" => "2004-06-01T22:58:47","version" => "1.22"},{"date" => "2004-06-02T18:52:24","version" => "1.23"},{"date" => "2005-03-07T23:05:09","version" => "1.24"},{"date" => "2005-03-07T23:18:08","version" => "1.25"},{"date" => "2018-12-22T16:21:07","version" => "1.51"},{"date" => "2018-12-22T19:30:28","version" => "1.52"},{"date" => "2021-06-03T18:19:46","version" => "1.53"},{"date" => "2021-06-03T18:31:44","version" => "1.54"},{"date" => "2025-01-30T05:20:08","version" => "1.55"},{"date" => "2025-02-05T01:49:00","version" => "1.56"},{"date" => "2025-02-10T23:28:24","version" => "1.57"}]},"Crypt-Random-Source" => {"advisories" => [{"affected_versions" => ["<=0.12"],"cves" => ["CVE-2018-25107"],"description" => "In versions prior to 0.13, rand could be used as a result of calling get_weak, or get, if no random device was available. This implies that not explicitly asking for get_strong on a non POSIX operating system (e.g. Win32 without the Win32 backend) could have resulted in non cryptographically random data.\n","distribution" => "Crypt-Random-Source","fixed_versions" => [">=0.13"],"id" => "CPANSA-Crypt-Random-Source-2024-001","references" => ["https://metacpan.org/dist/Crypt-Random-Source/changes","https://nvd.nist.gov/vuln/detail/CVE-2018-25107","https://github.com/karenetheridge/Crypt-Random-Source/pull/3","https://metacpan.org/release/ETHER/Crypt-Random-Source-0.13/changes"],"reported" => undef,"severity" => undef}],"main_module" => "Crypt::Random::Source","versions" => [{"date" => "2008-06-17T00:15:09","version" => "0.01_01"},{"date" => "2008-06-17T01:51:37","version" => "0.01"},{"date" => "2008-06-17T01:53:15","version" => "0.02"},{"date" => "2008-06-17T06:01:16","version" => "0.03"},{"date" => "2009-11-25T17:09:48","version" => "0.04"},{"date" => "2009-11-25T17:11:14","version" => "0.05"},{"date" => "2010-12-23T03:04:46","version" => "0.06"},{"date" => "2011-01-05T08:42:20","version" => "0.07"},{"date" => "2014-08-05T00:05:07","version" => "0.08"},{"date" => "2014-08-30T17:12:48","version" => "0.09"},{"date" => "2014-08-31T18:06:40","version" => "0.10"},{"date" => "2015-10-24T04:00:11","version" => "0.11"},{"date" => "2016-03-11T03:43:41","version" => "0.12"},{"date" => "2018-04-08T01:09:20","version" => "0.13"},{"date" => "2018-04-10T02:58:59","version" => "0.14"}]},"Crypt-RandomEncryption" => {"advisories" => [{"affected_versions" => [">=0.01"],"cves" => ["CVE-2024-58040"],"description" => "Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.","distribution" => "Crypt-RandomEncryption","fixed_versions" => [],"id" => "CPANSA-Crypt-RandomEncryption-2024-58040","references" => ["https://metacpan.org/release/QWER/Crypt-RandomEncryption-0.01/source/lib/Crypt/RandomEncryption.pm#L33","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-09-30","severity" => undef}],"main_module" => "Crypt::RandomEncryption","versions" => [{"date" => "2013-05-16T18:07:28","version" => "0.01"}]},"Crypt-Salt" => {"advisories" => [{"affected_versions" => ["<=0.01"],"cves" => ["CVE-2025-1805"],"description" => "Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.","distribution" => "Crypt-Salt","fixed_versions" => [],"id" => "CPANSA-Crypt-Salt-2025-1805","references" => ["https://metacpan.org/release/HACHI/Crypt-Salt-0.01/source/lib/Crypt/Salt.pm#L76","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-02","severity" => undef}],"main_module" => "Crypt::Salt","versions" => [{"date" => "2003-11-12T06:13:44","version" => "0.01"}]},"Crypt-Sodium-XS" => {"advisories" => [{"affected_versions" => ["<0.000042"],"cves" => ["CVE-2025-15444"],"description" => "Crypt::Sodium::XS module versions prior to\x{a0}0.000042,\x{a0}for Perl, include a vulnerable version of libsodium  libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\x{a0} https://www.cve.org/CVERecord?id=CVE-2025-69277 .  The libsodium vulnerability states:  In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.  0.000042 includes a version of\x{a0}libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.","distribution" => "Crypt-Sodium-XS","embedded_vulnerability" => {"distributed_version" => "<-1.0.20","name" => "libsodium"},"fixed_versions" => [">=0.000042"],"id" => "CPANSA-Crypt-Sodium-XS-2025-15444","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://metacpan.org/dist/Crypt-Sodium-XS/changes"],"reported" => "2026-01-06","severity" => undef},{"affected_versions" => ["<0.001001"],"cves" => ["CVE-2026-30910"],"description" => "Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.  Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow.  Encountering this issue is unlikely as the message length would need to be very large.  For bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U","distribution" => "Crypt-Sodium-XS","fixed_versions" => [">=0.001001"],"id" => "CPANSA-Crypt-Sodium-XS-2026-30910","references" => ["https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes","http://www.openwall.com/lists/oss-security/2026/03/08/2"],"reported" => "2026-03-08","severity" => undef},{"affected_versions" => [">=0.000018,<=0.000027"],"cves" => ["CVE-2025-69277"],"description" => "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.\n","distribution" => "Crypt-Sodium-XS","fixed_versions" => [],"id" => "CPANSA-Crypt-Sodium-XS-2025-69277-libsodium","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7","https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf","https://github.com/pyca/pynacl/issues/920","https://ianix.com/pub/ed25519-deployment.html","https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html","https://news.ycombinator.com/item?id=46435614"],"reported" => "2025-12-31","severity" => "medium"},{"affected_versions" => [">=0.000028,<=0.000041"],"cves" => ["CVE-2025-69277"],"description" => "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.\n","distribution" => "Crypt-Sodium-XS","fixed_versions" => [],"id" => "CPANSA-Crypt-Sodium-XS-2025-69277-libsodium","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7","https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf","https://github.com/pyca/pynacl/issues/920","https://ianix.com/pub/ed25519-deployment.html","https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html","https://news.ycombinator.com/item?id=46435614"],"reported" => "2025-12-31","severity" => "medium"}],"main_module" => "Crypt::Sodium::XS","versions" => [{"date" => "2025-07-06T21:01:50","version" => "0.000018"},{"date" => "2025-07-07T16:16:33","version" => "0.000019"},{"date" => "2025-07-08T01:32:47","version" => "0.000020"},{"date" => "2025-07-08T02:22:03","version" => "0.000021"},{"date" => "2025-07-08T06:45:10","version" => "0.000022"},{"date" => "2025-07-08T22:14:02","version" => "0.000024"},{"date" => "2025-07-09T20:24:46","version" => "0.000025"},{"date" => "2025-07-09T21:42:18","version" => "0.000026"},{"date" => "2025-07-12T16:33:41","version" => "0.000027"},{"date" => "2025-07-15T19:55:23","version" => "0.000028"},{"date" => "2025-07-17T00:10:50","version" => "0.000029"},{"date" => "2025-07-19T21:47:23","version" => "0.000030"},{"date" => "2025-07-21T15:02:40","version" => "0.000031"},{"date" => "2025-07-23T23:48:57","version" => "0.000032"},{"date" => "2025-07-24T20:46:46","version" => "0.000033"},{"date" => "2025-08-01T19:01:56","version" => "0.000034"},{"date" => "2025-08-02T00:09:58","version" => "0.000035"},{"date" => "2025-08-03T14:55:38","version" => "0.000036"},{"date" => "2025-08-05T21:41:13","version" => "0.000037"},{"date" => "2025-08-09T18:31:17","version" => "0.000038"},{"date" => "2025-08-21T06:03:08","version" => "0.000039"},{"date" => "2025-12-04T06:38:40","version" => "0.000040"},{"date" => "2025-12-05T05:32:25","version" => "0.000041"},{"date" => "2026-01-04T09:58:53","version" => "0.000042"},{"date" => "2026-01-21T04:10:41","version" => "0.001000"},{"date" => "2026-03-07T22:47:08","version" => "0.001001"}]},"Crypt-SysRandom-XS" => {"advisories" => [{"affected_versions" => ["<0.010"],"cves" => ["CVE-2026-2597"],"description" => "Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes().  The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to chosen random function (e.g. getrandom) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service).  In common usage, the length argument is typically hardcoded by the caller, which reduces the likelihood of attacker-controlled exploitation. Applications that pass untrusted input to this parameter may be affected.","distribution" => "Crypt-SysRandom-XS","fixed_versions" => [">=0.010"],"id" => "CPANSA-Crypt-SysRandom-XS-2026-2597","references" => ["https://metacpan.org/dist/Crypt-SysRandom-XS/changes","https://metacpan.org/release/LEONT/Crypt-SysRandom-XS-0.011/source/lib/Crypt/SysRandom/XS.xs#L51-52"],"reported" => "2026-02-27","severity" => undef}],"main_module" => "Crypt::SysRandom::XS","versions" => [{"date" => "2025-02-04T01:59:42","version" => "0.006"},{"date" => "2025-02-05T19:46:04","version" => "0.007"},{"date" => "2025-02-20T12:52:45","version" => "0.008"},{"date" => "2025-04-11T16:46:48","version" => "0.009"},{"date" => "2026-02-16T20:43:40","version" => "0.010"},{"date" => "2026-02-16T23:58:52","version" => "0.011"}]},"Crypt-URandom" => {"advisories" => [{"affected_versions" => [">=0.41,<0.55"],"cves" => ["CVE-2026-2474"],"description" => "Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom().  The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to getrandom(data, length, GRND_NONBLOCK) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service).  In common usage, the length argument is typically hardcoded by the caller, which reduces the likelihood of attacker-controlled exploitation. Applications that pass untrusted input to this parameter may be affected.","distribution" => "Crypt-URandom","fixed_versions" => [">=0.55"],"id" => "CPANSA-Crypt-URandom-2026-2474","references" => ["https://metacpan.org/release/DDICK/Crypt-URandom-0.54/source/URandom.xs#L35-79","https://metacpan.org/release/DDICK/Crypt-URandom-0.55/source/Changes"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Crypt::URandom","versions" => [{"date" => "2011-04-19T21:19:07","version" => "0.0.27"},{"date" => "2011-09-03T08:32:28","version" => "0.28"},{"date" => "2013-02-14T08:52:19","version" => "0.29"},{"date" => "2013-02-26T10:34:54","version" => "0.30"},{"date" => "2013-03-01T07:59:28","version" => "0.31"},{"date" => "2013-03-09T04:25:55","version" => "0.32"},{"date" => "2013-03-09T04:32:35","version" => "0.33"},{"date" => "2013-03-10T09:20:53","version" => "0.34"},{"date" => "2015-05-13T20:12:12","version" => "0.35"},{"date" => "2015-06-01T11:45:38","version" => "0.36"},{"date" => "2023-05-10T11:55:21","version" => "0.37"},{"date" => "2023-05-10T19:57:07","version" => "0.38"},{"date" => "2023-05-21T09:05:01","version" => "0.39"},{"date" => "2024-02-24T09:03:35","version" => "0.40"},{"date" => "2024-12-29T23:34:13","version" => "0.41_01"},{"date" => "2024-12-30T00:00:05","version" => "0.41_02"},{"date" => "2025-01-01T22:58:00","version" => "0.41"},{"date" => "2025-01-02T23:56:10","version" => "0.42"},{"date" => "2025-01-03T09:04:23","version" => "0.43"},{"date" => "2025-01-03T20:47:27","version" => "0.44"},{"date" => "2025-01-03T22:28:26","version" => "0.45"},{"date" => "2025-01-04T08:47:50","version" => "0.46"},{"date" => "2025-01-06T10:45:06","version" => "0.47"},{"date" => "2025-01-06T21:08:58","version" => "0.48"},{"date" => "2025-01-07T21:28:34","version" => "0.49"},{"date" => "2025-01-08T21:56:14","version" => "0.50"},{"date" => "2025-01-19T07:28:53","version" => "0.51_01"},{"date" => "2025-01-19T07:57:30","version" => "0.51_02"},{"date" => "2025-01-22T11:25:07","version" => "0.51"},{"date" => "2025-01-22T19:39:34","version" => "0.52"},{"date" => "2025-02-08T09:07:55","version" => "0.53"},{"date" => "2025-03-15T09:46:36","version" => "0.54"},{"date" => "2026-02-16T20:08:04","version" => "0.55"}]},"CryptX" => {"advisories" => [{"affected_versions" => ["<0.062"],"cves" => ["CVE-2018-25099"],"description" => "A user can pass anything as the tag into gcm_decrypt_verify() and it will return decrypted plaintext.\n","distribution" => "CryptX","fixed_versions" => [">=0.062"],"id" => "CPANSA-CryptX-2018-01","references" => ["https://github.com/DCIT/perl-CryptX/issues/47","https://github.com/libtom/libtomcrypt/pull/451"],"reported" => "2018-10-26","severity" => undef},{"affected_versions" => ["<0.065"],"cves" => ["CVE-2025-40912","CVE-2019-17362"],"description" => "CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.  CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.","distribution" => "CryptX","embedded_vulnerability" => {"distributed_version" => undef,"name" => "libtomcrypt"},"fixed_versions" => [">=0.065"],"id" => "CPANSA-CryptX-2025-40912","references" => ["https://github.com/libtom/libtomcrypt/issues/507"],"reported" => "2025-06-11","severity" => undef},{"affected_versions" => ["<0.087"],"cves" => ["CVE-2025-40914","CVE-2023-36328"],"description" => "Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.  CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.","distribution" => "CryptX","embedded_vulnerability" => {"distributed_version" => undef,"name" => "libtommath"},"fixed_versions" => [">=0.087"],"id" => "CPANSA-CryptX-2025-40914","references" => ["https://github.com/advisories/GHSA-j3xv-6967-cv88","https://github.com/libtom/libtommath/pull/546","https://metacpan.org/release/MIK/CryptX-0.086/source/src/ltm/bn_mp_grow.c","https://www.cve.org/CVERecord?id=CVE-2023-36328"],"reported" => "2025-06-11","severity" => undef}],"main_module" => "CryptX","versions" => [{"date" => "2013-04-11T15:10:25","version" => "0.002"},{"date" => "2013-04-16T07:29:07","version" => "0.003"},{"date" => "2013-04-16T07:37:29","version" => "0.004"},{"date" => "2013-04-18T12:09:09","version" => "0.005"},{"date" => "2013-04-19T09:05:57","version" => "0.006"},{"date" => "2013-04-23T10:03:54","version" => "0.007"},{"date" => "2013-05-02T08:52:42","version" => "0.008"},{"date" => "2013-05-19T20:25:17","version" => "0.009"},{"date" => "2013-06-14T22:37:18","version" => "0.011"},{"date" => "2013-06-17T20:00:17","version" => "0.012"},{"date" => "2013-08-28T07:12:15","version" => "0.013"},{"date" => "2013-09-11T14:31:01","version" => "0.013_1"},{"date" => "2013-09-11T21:11:18","version" => "0.014"},{"date" => "2013-09-12T08:21:21","version" => "0.014_1"},{"date" => "2013-09-12T09:12:21","version" => "0.014_2"},{"date" => "2013-09-12T09:32:06","version" => "0.015"},{"date" => "2013-09-15T19:36:52","version" => "0.016"},{"date" => "2013-09-22T19:20:20","version" => "0.016_1"},{"date" => "2013-09-23T14:24:27","version" => "0.016_2"},{"date" => "2013-09-24T05:00:07","version" => "0.016_3"},{"date" => "2013-09-24T08:54:42","version" => "0.017"},{"date" => "2013-10-18T13:21:35","version" => "0.018"},{"date" => "2013-10-20T21:13:35","version" => "0.019"},{"date" => "2014-01-14T21:30:37","version" => "0.019_1"},{"date" => "2014-01-15T21:59:30","version" => "0.019_2"},{"date" => "2014-01-16T21:26:19","version" => "0.019_3"},{"date" => "2014-01-17T09:42:29","version" => "0.019_4"},{"date" => "2014-01-18T08:29:06","version" => "0.020"},{"date" => "2014-01-23T15:47:50","version" => "0.021"},{"date" => "2015-04-17T01:18:47","version" => "0.021_1"},{"date" => "2015-04-17T10:12:01","version" => "0.021_3"},{"date" => "2015-05-06T07:55:21","version" => "0.021_4"},{"date" => "2015-05-11T21:56:39","version" => "0.021_5"},{"date" => "2015-05-12T05:52:15","version" => "0.021_6"},{"date" => "2015-05-12T07:10:42","version" => "0.021_7"},{"date" => "2015-05-14T09:27:41","version" => "0.021_8"},{"date" => "2015-05-15T11:08:26","version" => "0.021_9"},{"date" => "2015-05-22T16:57:26","version" => "0.022"},{"date" => "2015-06-10T20:37:54","version" => "0.023"},{"date" => "2015-06-26T06:13:25","version" => "0.023_1"},{"date" => "2015-06-26T09:18:06","version" => "0.023_2"},{"date" => "2015-06-29T20:09:16","version" => "0.024"},{"date" => "2015-07-08T07:56:50","version" => "0.025"},{"date" => "2015-10-22T15:14:53","version" => "0.025_01"},{"date" => "2015-11-28T18:58:17","version" => "0.026"},{"date" => "2015-12-29T21:20:15","version" => "0.026_01"},{"date" => "2015-12-29T21:20:27","version" => "0.026_02"},{"date" => "2016-01-02T14:38:13","version" => "0.026_05"},{"date" => "2016-01-02T15:57:58","version" => "0.026_06"},{"date" => "2016-01-03T14:36:53","version" => "0.026_08"},{"date" => "2016-01-10T09:47:31","version" => "0.026_15"},{"date" => "2016-01-10T09:47:43","version" => "0.026_16"},{"date" => "2016-01-10T11:52:21","version" => "0.026_18"},{"date" => "2016-01-10T11:53:48","version" => "0.026_19"},{"date" => "2016-01-10T17:03:45","version" => "0.026_23"},{"date" => "2016-01-10T17:03:56","version" => "0.026_24"},{"date" => "2016-01-10T19:02:14","version" => "0.026_28"},{"date" => "2016-01-10T20:49:06","version" => "0.026_29"},{"date" => "2016-01-12T22:25:58","version" => "0.026_30"},{"date" => "2016-01-12T22:37:33","version" => "0.026_31"},{"date" => "2016-01-13T23:53:06","version" => "0.026_32"},{"date" => "2016-01-14T19:29:18","version" => "0.026_33"},{"date" => "2016-01-14T19:30:45","version" => "0.026_34"},{"date" => "2016-01-14T21:16:15","version" => "0.026_35"},{"date" => "2016-01-14T21:19:01","version" => "0.026_36"},{"date" => "2016-01-22T23:01:16","version" => "0.026_39"},{"date" => "2016-01-24T22:12:32","version" => "0.026_40"},{"date" => "2016-01-24T22:36:42","version" => "0.026_41"},{"date" => "2016-01-25T20:44:46","version" => "0.027"},{"date" => "2016-01-25T21:42:58","version" => "0.027_01"},{"date" => "2016-01-26T10:06:26","version" => "0.027_05"},{"date" => "2016-03-15T09:51:01","version" => "0.027_06"},{"date" => "2016-03-23T19:44:54","version" => "0.028"},{"date" => "2016-03-28T14:31:13","version" => "0.028_01"},{"date" => "2016-03-28T19:32:58","version" => "0.028_02"},{"date" => "2016-03-31T12:07:46","version" => "0.028_03"},{"date" => "2016-04-13T09:30:27","version" => "0.029"},{"date" => "2016-04-13T09:46:59","version" => "0.030"},{"date" => "2016-05-01T16:53:05","version" => "0.031"},{"date" => "2016-05-04T17:45:30","version" => "0.032"},{"date" => "2016-05-09T20:20:49","version" => "0.033"},{"date" => "2016-05-10T22:31:32","version" => "0.034"},{"date" => "2016-06-03T10:17:59","version" => "0.035"},{"date" => "2016-06-07T19:22:05","version" => "0.036"},{"date" => "2016-06-16T17:04:27","version" => "0.037"},{"date" => "2016-07-06T18:27:46","version" => "0.038"},{"date" => "2016-08-03T05:53:42","version" => "0.039"},{"date" => "2016-09-12T08:42:39","version" => "0.040"},{"date" => "2016-10-12T09:32:48","version" => "0.041"},{"date" => "2016-10-19T10:25:05","version" => "0.041_001"},{"date" => "2016-11-02T09:00:59","version" => "0.041_002"},{"date" => "2016-11-02T09:19:09","version" => "0.041_003"},{"date" => "2016-11-12T15:21:01","version" => "0.042"},{"date" => "2016-11-27T21:19:27","version" => "0.043"},{"date" => "2016-11-28T07:45:32","version" => "0.044"},{"date" => "2017-02-21T21:54:33","version" => "0.044_001"},{"date" => "2017-02-23T15:58:42","version" => "0.044_003"},{"date" => "2017-02-23T20:35:46","version" => "0.044_004"},{"date" => "2017-02-23T20:44:50","version" => "0.044_005"},{"date" => "2017-02-28T12:22:27","version" => "0.044_006"},{"date" => "2017-02-28T13:58:51","version" => "0.044_007"},{"date" => "2017-03-01T09:26:34","version" => "0.044_008"},{"date" => "2017-03-01T09:49:29","version" => "0.044_009"},{"date" => "2017-03-01T10:02:35","version" => "0.044_010"},{"date" => "2017-03-31T09:28:10","version" => "0.045"},{"date" => "2017-04-04T09:08:33","version" => "0.046"},{"date" => "2017-04-05T20:09:35","version" => "0.047"},{"date" => "2017-04-07T18:22:15","version" => "0.047_001"},{"date" => "2017-04-07T21:40:24","version" => "0.047_002"},{"date" => "2017-04-10T08:16:03","version" => "0.047_003"},{"date" => "2017-04-24T15:23:29","version" => "0.047_004"},{"date" => "2017-04-26T15:36:02","version" => "0.047_005"},{"date" => "2017-05-01T19:11:50","version" => "0.047_006"},{"date" => "2017-05-31T20:22:56","version" => "0.048"},{"date" => "2017-07-09T19:38:38","version" => "0.048_001"},{"date" => "2017-07-14T17:43:25","version" => "0.048_002"},{"date" => "2017-07-18T05:56:42","version" => "0.049"},{"date" => "2017-07-18T20:37:45","version" => "0.050"},{"date" => "2017-08-08T08:14:05","version" => "0.051"},{"date" => "2017-09-15T12:32:56","version" => "0.053"},{"date" => "2017-09-19T07:51:19","version" => "0.053_001"},{"date" => "2017-09-19T18:46:56","version" => "0.053_002"},{"date" => "2017-09-20T09:56:04","version" => "0.053_003"},{"date" => "2017-10-10T21:04:53","version" => "0.053_004"},{"date" => "2017-10-12T07:27:42","version" => "0.054"},{"date" => "2017-10-23T13:18:12","version" => "0.054_001"},{"date" => "2017-10-23T17:44:49","version" => "0.054_002"},{"date" => "2017-10-25T07:43:53","version" => "0.054_003"},{"date" => "2017-10-30T17:53:14","version" => "0.054_004"},{"date" => "2017-10-31T18:27:22","version" => "0.054_005"},{"date" => "2017-11-20T18:51:03","version" => "0.054_006"},{"date" => "2017-11-24T08:15:31","version" => "0.054_007"},{"date" => "2017-11-24T14:21:46","version" => "0.054_008"},{"date" => "2017-11-24T16:33:40","version" => "0.054_009"},{"date" => "2017-11-28T10:19:52","version" => "0.055"},{"date" => "2017-12-18T19:05:35","version" => "0.055_001"},{"date" => "2017-12-22T13:22:16","version" => "0.056"},{"date" => "2018-01-26T16:05:07","version" => "0.056_001"},{"date" => "2018-01-29T06:18:08","version" => "0.056_002"},{"date" => "2018-01-29T10:02:58","version" => "0.056_003"},{"date" => "2018-01-29T23:05:27","version" => "0.056_004"},{"date" => "2018-01-30T10:23:40","version" => "0.056_005"},{"date" => "2018-01-30T14:11:33","version" => "0.056_006"},{"date" => "2018-01-30T16:08:38","version" => "0.056_007"},{"date" => "2018-01-30T16:29:41","version" => "0.056_008"},{"date" => "2018-01-30T16:43:48","version" => "0.056_009"},{"date" => "2018-01-31T08:56:12","version" => "0.057"},{"date" => "2018-02-27T17:13:52","version" => "0.058"},{"date" => "2018-03-08T09:30:22","version" => "0.058_001"},{"date" => "2018-03-18T16:27:43","version" => "0.058_002"},{"date" => "2018-03-25T15:45:36","version" => "0.059"},{"date" => "2018-04-27T17:14:03","version" => "0.059_001"},{"date" => "2018-04-28T20:59:58","version" => "0.059_002"},{"date" => "2018-04-29T18:12:50","version" => "0.059_003"},{"date" => "2018-05-01T09:32:27","version" => "0.060"},{"date" => "2018-05-27T19:05:34","version" => "0.060_001"},{"date" => "2018-05-28T07:18:37","version" => "0.060_002"},{"date" => "2018-06-06T15:49:28","version" => "0.060_003"},{"date" => "2018-06-07T05:25:50","version" => "0.061"},{"date" => "2018-10-24T20:35:24","version" => "0.061_001"},{"date" => "2018-10-26T17:10:16","version" => "0.061_002"},{"date" => "2018-10-29T10:46:25","version" => "0.061_003"},{"date" => "2018-10-30T06:27:48","version" => "0.062"},{"date" => "2018-11-22T10:43:01","version" => "0.062_001"},{"date" => "2018-11-28T10:48:28","version" => "0.063"},{"date" => "2019-06-06T09:36:14","version" => "0.063_001"},{"date" => "2019-06-06T17:35:59","version" => "0.063_002"},{"date" => "2019-06-10T17:24:53","version" => "0.063_003"},{"date" => "2019-06-12T13:33:28","version" => "0.063_004"},{"date" => "2019-06-12T23:12:09","version" => "0.063_005"},{"date" => "2019-06-14T07:01:03","version" => "0.064"},{"date" => "2019-10-19T18:49:19","version" => "0.065"},{"date" => "2019-10-20T16:30:22","version" => "0.066"},{"date" => "2020-01-26T20:23:46","version" => "0.066_001"},{"date" => "2020-01-30T10:21:29","version" => "0.066_002"},{"date" => "2020-02-01T13:24:27","version" => "0.067"},{"date" => "2020-03-08T19:21:55","version" => "0.067_001"},{"date" => "2020-03-10T13:04:08","version" => "0.068"},{"date" => "2020-08-02T08:51:06","version" => "0.068_001"},{"date" => "2020-08-25T07:12:43","version" => "0.069"},{"date" => "2021-02-12T14:44:41","version" => "0.070"},{"date" => "2021-03-30T09:39:33","version" => "0.071"},{"date" => "2021-04-29T08:23:01","version" => "0.072"},{"date" => "2021-07-12T16:40:01","version" => "0.072_001"},{"date" => "2021-07-13T07:03:12","version" => "0.072_002"},{"date" => "2021-07-13T20:54:22","version" => "0.072_003"},{"date" => "2021-07-18T12:16:09","version" => "0.073"},{"date" => "2021-10-04T18:34:39","version" => "0.073_001"},{"date" => "2021-10-10T18:41:04","version" => "0.073_002"},{"date" => "2021-10-13T18:32:43","version" => "0.073_003"},{"date" => "2021-11-06T09:26:22","version" => "0.074"},{"date" => "2021-12-25T09:39:17","version" => "0.075"},{"date" => "2022-01-01T00:36:25","version" => "0.075_001"},{"date" => "2022-01-01T13:19:24","version" => "0.075_002"},{"date" => "2022-01-01T19:48:49","version" => "0.075_003"},{"date" => "2022-01-07T20:55:06","version" => "0.076"},{"date" => "2022-06-09T18:18:34","version" => "0.076_001"},{"date" => "2022-08-20T15:42:12","version" => "0.076_002"},{"date" => "2022-08-20T18:14:10","version" => "0.076_003"},{"date" => "2022-08-21T07:46:06","version" => "0.077"},{"date" => "2023-04-28T12:31:25","version" => "0.078"},{"date" => "2023-07-25T18:36:58","version" => "0.078_001"},{"date" => "2023-10-01T12:20:32","version" => "0.079"},{"date" => "2023-10-01T17:35:55","version" => "0.079_002"},{"date" => "2023-10-01T17:36:06","version" => "0.079_003"},{"date" => "2023-10-02T07:47:50","version" => "0.079_004"},{"date" => "2023-10-02T11:22:48","version" => "0.079_005"},{"date" => "2023-10-02T15:06:17","version" => "0.079_006"},{"date" => "2023-10-03T10:16:25","version" => "0.079_007"},{"date" => "2023-10-04T11:07:16","version" => "0.080"},{"date" => "2023-10-07T11:45:30","version" => "0.080_001"},{"date" => "2024-08-17T10:06:21","version" => "0.080_003"},{"date" => "2024-08-17T17:16:06","version" => "0.080_004"},{"date" => "2024-08-17T20:28:14","version" => "0.080_005"},{"date" => "2024-08-30T18:43:56","version" => "0.080_006"},{"date" => "2024-09-01T08:32:21","version" => "0.080_007"},{"date" => "2024-09-01T09:26:40","version" => "0.080_008"},{"date" => "2024-09-01T11:23:19","version" => "0.080_009"},{"date" => "2024-09-02T14:51:29","version" => "0.080_010"},{"date" => "2024-09-03T11:32:03","version" => "0.080_011"},{"date" => "2024-09-03T18:01:58","version" => "0.080_012"},{"date" => "2024-09-08T16:12:50","version" => "0.081"},{"date" => "2024-10-03T11:12:24","version" => "0.081_001"},{"date" => "2024-10-07T13:31:29","version" => "0.082"},{"date" => "2024-10-14T11:36:41","version" => "0.082_001"},{"date" => "2024-10-15T09:31:49","version" => "0.083"},{"date" => "2024-10-15T15:09:00","version" => "0.083_001"},{"date" => "2024-10-16T11:23:26","version" => "0.084"},{"date" => "2025-01-25T22:45:03","version" => "0.084_001"},{"date" => "2025-02-08T10:02:22","version" => "0.085"},{"date" => "2025-02-20T21:06:09","version" => "0.085_001"},{"date" => "2025-04-27T15:46:56","version" => "0.085_002"},{"date" => "2025-04-27T17:37:48","version" => "0.085_003"},{"date" => "2025-05-02T21:40:16","version" => "0.086"},{"date" => "2025-06-08T22:06:49","version" => "0.086_001"},{"date" => "2025-06-09T18:09:54","version" => "0.086_002"},{"date" => "2025-06-09T21:44:43","version" => "0.086_003"},{"date" => "2025-06-10T05:57:40","version" => "0.086_004"},{"date" => "2025-06-11T10:52:53","version" => "0.086_005"},{"date" => "2025-06-11T13:52:26","version" => "0.087"},{"date" => "2025-10-05T16:50:53","version" => "0.087_001"}]},"DBD-MariaDB" => {"advisories" => [{"affected_versions" => ["<1.00"],"cves" => ["CVE-2018-2767"],"description" => "SSL problems of MySQL and MariaDB clients.\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2018-01","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"},{"affected_versions" => ["<1.00"],"cves" => ["CVE-2017-10788"],"description" => "Use-after-free after calling mysql_stmt_close().\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2017-02","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"},{"affected_versions" => ["<1.00"],"cves" => ["CVE-2017-3302"],"description" => "Leaking dangling pointers.\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2017-01","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"}],"main_module" => "DBD::MariaDB","versions" => [{"date" => "2018-06-26T14:23:29","version" => "0.90_01"},{"date" => "2018-07-12T13:36:05","version" => "1.00"},{"date" => "2018-12-05T12:21:26","version" => "1.10"},{"date" => "2019-01-02T15:38:57","version" => "1.11"},{"date" => "2019-02-22T16:31:33","version" => "1.20"},{"date" => "2019-02-27T11:08:40","version" => "1.21"},{"date" => "2022-04-21T23:16:33","version" => "1.22"},{"date" => "2023-09-10T14:27:09","version" => "1.23"},{"date" => "2025-05-04T19:33:22","version" => "1.24"}]},"DBD-Pg" => {"advisories" => [{"affected_versions" => ["<2.19.0"],"cves" => ["CVE-2012-1151"],"description" => "Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.\n","distribution" => "DBD-Pg","fixed_versions" => [],"id" => "CPANSA-DBD-Pg-2012-1151","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536","https://rt.cpan.org/Public/Bug/Display.html?id=75642","http://secunia.com/advisories/48319","https://bugzilla.redhat.com/show_bug.cgi?id=801733","http://www.openwall.com/lists/oss-security/2012/03/10/4","http://secunia.com/advisories/48307","http://www.debian.org/security/2012/dsa-2431","http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes","http://www.openwall.com/lists/oss-security/2012/03/09/6","http://rhn.redhat.com/errata/RHSA-2012-1116.html","http://secunia.com/advisories/48824","http://security.gentoo.org/glsa/glsa-201204-08.xml","http://www.mandriva.com/security/advisories?name=MDVSA-2012:112","https://exchange.xforce.ibmcloud.com/vulnerabilities/73855","https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"],"reported" => "2012-09-09","severity" => undef},{"affected_versions" => ["==1.49"],"cves" => ["CVE-2009-0663"],"description" => "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.\n","distribution" => "DBD-Pg","fixed_versions" => [],"id" => "CPANSA-DBD-Pg-2009-0663","references" => ["http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz","https://launchpad.net/bugs/cve/2009-0663","http://www.debian.org/security/2009/dsa-1780","http://secunia.com/advisories/34909","http://www.securityfocus.com/bid/34755","http://www.redhat.com/support/errata/RHSA-2009-0479.html","http://secunia.com/advisories/35058","http://www.redhat.com/support/errata/RHSA-2009-1067.html","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35685","https://exchange.xforce.ibmcloud.com/vulnerabilities/50467","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"],"reported" => "2009-04-30","severity" => undef},{"affected_versions" => ["<2.0.0"],"cves" => ["CVE-2009-1341"],"description" => "Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.\n","distribution" => "DBD-Pg","fixed_versions" => [">=2.0.0"],"id" => "CPANSA-DBD-Pg-2009-1341","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=21392","https://launchpad.net/bugs/cve/2009-1341","http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz","http://www.debian.org/security/2009/dsa-1780","http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes","http://secunia.com/advisories/34909","http://www.securityfocus.com/bid/34757","http://www.redhat.com/support/errata/RHSA-2009-0479.html","http://secunia.com/advisories/35058","http://www.redhat.com/support/errata/RHSA-2009-1067.html","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35685","https://exchange.xforce.ibmcloud.com/vulnerabilities/50387","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680"],"reported" => "2009-04-30","severity" => undef}],"main_module" => "DBD::Pg","versions" => [{"date" => "1997-03-13T21:11:59","version" => "0.1"},{"date" => "1997-04-28T20:48:18","version" => "0.3"},{"date" => "1997-08-10T20:45:01","version" => "0.5"},{"date" => "1997-08-16T06:48:54","version" => "0.51"},{"date" => "1997-08-17T09:14:26","version" => "0.52"},{"date" => "1997-08-23T20:41:48","version" => "0.61"},{"date" => "1997-08-26T21:39:36","version" => "0.62"},{"date" => "1997-10-05T18:41:32","version" => "0.63"},{"date" => "1998-02-02T21:05:57","version" => "0.64"},{"date" => "1998-02-15T09:59:55","version" => "0.65"},{"date" => "1998-02-19T21:13:44","version" => "0.66"},{"date" => "1998-02-21T16:49:34","version" => "0.67"},{"date" => "1998-03-03T21:22:18","version" => "0.68"},{"date" => "1998-03-06T22:15:44","version" => "0.69"},{"date" => "1998-04-20T20:14:28","version" => "0.72"},{"date" => "1998-06-03T15:15:54","version" => "0.73"},{"date" => "1998-11-05T21:41:28","version" => "0.89"},{"date" => "1999-01-16T06:10:32","version" => "0.90"},{"date" => "1999-02-14T20:41:05","version" => "0.91"},{"date" => "1999-06-16T19:06:21","version" => "0.92"},{"date" => "1999-09-29T21:25:02","version" => "0.93"},{"date" => "2000-07-07T10:45:34","version" => "0.94"},{"date" => "2000-07-10T18:07:30","version" => "0.95"},{"date" => "2001-04-09T17:58:20","version" => "0.96"},{"date" => "2001-04-20T21:11:46","version" => "0.97"},{"date" => "2001-04-25T14:13:22","version" => "0.98"},{"date" => "2001-05-24T17:36:05","version" => "0.99"},{"date" => "2001-05-27T14:14:13","version" => "1.00"},{"date" => "2001-06-27T18:03:08","version" => "1.01"},{"date" => "2002-03-06T23:05:52","version" => "1.10"},{"date" => "2002-03-07T01:34:18","version" => "1.11"},{"date" => "2002-04-10T02:03:57","version" => "1.12"},{"date" => "2002-04-27T20:50:11","version" => "1.13"},{"date" => "2002-11-27T17:57:11","version" => "1.20"},{"date" => "2003-01-13T06:46:43","version" => "1.21"},{"date" => "2003-03-27T04:46:08","version" => "1.22"},{"date" => "2003-09-10T02:12:07","version" => "1.31_5"},{"date" => "2003-10-29T21:33:29","version" => "1.31_7"},{"date" => "2003-11-10T03:52:37","version" => "1.31_8"},{"date" => "2003-11-14T22:17:30","version" => "1.31_9"},{"date" => "2003-11-18T18:34:28","version" => "1.31"},{"date" => "2004-02-13T18:57:25","version" => "1.32_1"},{"date" => "2004-02-19T02:40:51","version" => "1.32_2"},{"date" => "2004-02-25T19:23:08","version" => "1.32"},{"date" => "2005-02-06T21:18:12","version" => "1.39_02"},{"date" => "2005-02-22T06:07:17","version" => "1.40"},{"date" => "2005-03-31T12:35:04","version" => "1.40_1"},{"date" => "2005-03-31T23:34:15","version" => "1.40_2"},{"date" => "2005-04-01T23:56:01","version" => "1.40_03"},{"date" => "2005-04-05T02:47:47","version" => "1.40_04"},{"date" => "2005-04-06T22:53:50","version" => "1.41"},{"date" => "2005-05-07T18:48:36","version" => "1.41_1"},{"date" => "2005-05-19T03:23:24","version" => "1.41_2"},{"date" => "2005-05-21T14:56:23","version" => "1.42"},{"date" => "2005-06-22T00:42:23","version" => "1.42_1"},{"date" => "2005-06-23T12:09:13","version" => "1.43"},{"date" => "2005-09-13T01:39:06","version" => "1.43_1"},{"date" => "2006-02-13T03:50:51","version" => "1.43_2"},{"date" => "2006-02-22T03:00:40","version" => "1.44"},{"date" => "2006-02-26T19:15:10","version" => "1.45"},{"date" => "2006-03-17T17:17:03","version" => "1.46"},{"date" => "2006-03-19T21:19:12","version" => "1.47"},{"date" => "2006-04-05T15:39:30","version" => "1.48"},{"date" => "2006-05-05T16:40:59","version" => "1.49"},{"date" => "2008-01-17T14:34:38","version" => "2.0.0"},{"date" => "2008-01-17T22:47:38","version" => "2.0.0_2"},{"date" => "2008-01-18T04:21:25","version" => "2.0.0_3"},{"date" => "2008-01-18T16:25:19","version" => "2.0.0_4"},{"date" => "2008-01-19T19:05:27","version" => "2.0.0_5"},{"date" => "2008-01-23T19:19:45","version" => "2.0.0_6"},{"date" => "2008-01-26T17:48:03","version" => "2.0.0_7"},{"date" => "2008-01-28T17:08:31","version" => "2.0.0_8"},{"date" => "2008-01-28T21:21:19","version" => "2.0.0_9"},{"date" => "2008-02-10T19:34:31","version" => "2.0.0"},{"date" => "2008-02-17T04:58:29","version" => "2.0.0_1"},{"date" => "2008-02-17T13:10:04","version" => "2.0.0_2"},{"date" => "2008-02-17T18:17:25","version" => "2.0.1_1"},{"date" => "2008-02-18T02:28:30","version" => "2.0.1_2"},{"date" => "2008-02-18T23:52:09","version" => "2.0.1_3"},{"date" => "2008-02-19T02:09:09","version" => "2.1.0"},{"date" => "2008-02-19T04:45:29","version" => "2.1.1"},{"date" => "2008-02-19T15:36:06","version" => "2.1.1_1"},{"date" => "2008-02-20T02:56:37","version" => "2.1.2"},{"date" => "2008-02-21T00:31:43","version" => "2.1.3"},{"date" => "2008-02-26T01:59:20","version" => "2.1.3_1"},{"date" => "2008-02-26T13:50:47","version" => "2.1.3_2"},{"date" => "2008-02-28T04:08:34","version" => "2.2.0"},{"date" => "2008-03-02T03:01:12","version" => "2.2.1"},{"date" => "2008-03-03T17:14:01","version" => "2.2.2"},{"date" => "2008-03-19T14:50:06","version" => "2.3.0"},{"date" => "2008-03-21T16:41:42","version" => "2.4.0"},{"date" => "2008-03-23T16:55:36","version" => "2.5.0"},{"date" => "2008-04-07T19:16:57","version" => "2.5.1"},{"date" => "2008-04-14T15:57:23","version" => "2.5.2_1"},{"date" => "2008-04-16T18:16:11","version" => "2.6.0"},{"date" => "2008-04-22T18:06:55","version" => "2.6.1"},{"date" => "2008-04-28T21:15:56","version" => "2.6.1_1"},{"date" => "2008-04-30T23:18:14","version" => "2.6.2"},{"date" => "2008-05-01T16:03:12","version" => "2.6.3"},{"date" => "2008-05-02T17:09:20","version" => "2.6.4"},{"date" => "2008-05-07T14:10:57","version" => "2.6.5"},{"date" => "2008-05-07T20:41:03","version" => "2.6.6"},{"date" => "2008-05-10T22:37:02","version" => "2.7.0"},{"date" => "2008-05-11T20:58:52","version" => "2.7.1"},{"date" => "2008-05-14T13:19:24","version" => "2.7.2"},{"date" => "2008-06-02T01:33:26","version" => "2.8.0"},{"date" => "2008-06-12T04:06:28","version" => "2.8.1"},{"date" => "2008-06-30T02:21:03","version" => "2.8.2"},{"date" => "2008-07-07T02:09:01","version" => "2.8.3"},{"date" => "2008-07-10T18:18:54","version" => "2.8.4"},{"date" => "2008-07-13T14:41:49","version" => "2.8.5"},{"date" => "2008-07-21T15:23:39","version" => "2.8.6"},{"date" => "2008-07-24T05:27:41","version" => "2.8.7"},{"date" => "2008-08-03T19:48:22","version" => "2.9.0"},{"date" => "2008-08-18T03:49:13","version" => "2.9.1"},{"date" => "2008-08-18T14:00:03","version" => "2.9.2"},{"date" => "2008-08-27T02:46:34","version" => "2.10.0"},{"date" => "2008-08-31T16:29:33","version" => "2.10.1"},{"date" => "2008-09-01T01:40:52","version" => "2.10.2"},{"date" => "2008-09-01T01:48:43","version" => "2.10.3"},{"date" => "2008-09-16T15:35:48","version" => "2.10.4"},{"date" => "2008-09-16T15:43:37","version" => "2.10.5"},{"date" => "2008-09-19T13:38:32","version" => "2.10.6"},{"date" => "2008-09-23T03:13:47","version" => "2.10.7"},{"date" => "2008-10-13T11:50:18","version" => "2.11.0"},{"date" => "2008-10-14T04:21:14","version" => "2.11.1"},{"date" => "2008-10-16T00:55:38","version" => "2.11.2"},{"date" => "2008-11-03T13:51:55","version" => "2.11.3"},{"date" => "2008-11-12T22:11:37","version" => "2.11.4"},{"date" => "2008-11-24T23:56:25","version" => "2.11.5"},{"date" => "2008-11-30T23:05:28","version" => "2.11.6"},{"date" => "2008-12-13T17:02:24","version" => "2.11.7"},{"date" => "2008-12-28T19:24:29","version" => "2.11.8"},{"date" => "2009-03-24T02:23:04","version" => "2.11.8_1"},{"date" => "2009-03-26T18:53:00","version" => "2.11.8_2"},{"date" => "2009-03-28T14:56:16","version" => "2.12.0"},{"date" => "2009-04-14T02:14:44","version" => "2.13.0"},{"date" => "2009-04-23T16:30:10","version" => "2.13.1"},{"date" => "2009-07-13T19:43:16","version" => "2.13.1_1"},{"date" => "2009-07-14T14:34:31","version" => "2.13.1_2"},{"date" => "2009-07-15T21:12:47","version" => "2.13.1_3"},{"date" => "2009-07-17T01:15:13","version" => "2.13.1_4"},{"date" => "2009-07-20T23:54:06","version" => "2.13.1_5"},{"date" => "2009-07-21T16:03:25","version" => "2.13.1_6"},{"date" => "2009-07-21T21:43:56","version" => "2.13.1_7"},{"date" => "2009-07-27T22:45:52","version" => "2.14.0"},{"date" => "2009-07-28T17:05:35","version" => "2.14.1"},{"date" => "2009-08-04T04:08:56","version" => "2.14.1_1"},{"date" => "2009-08-04T18:18:51","version" => "2.15.0"},{"date" => "2009-08-07T15:05:27","version" => "2.15.1"},{"date" => "2009-12-17T15:41:55","version" => "2.8.8"},{"date" => "2009-12-17T17:14:41","version" => "2.16.0"},{"date" => "2010-01-20T21:13:23","version" => "2.16.1"},{"date" => "2010-04-06T18:56:34","version" => "2.17.0"},{"date" => "2010-04-08T15:32:24","version" => "2.17.1"},{"date" => "2010-11-21T05:14:52","version" => "2.17.2"},{"date" => "2011-03-27T03:53:00","version" => "2.17.2_1"},{"date" => "2011-03-29T00:36:37","version" => "2.18.0"},{"date" => "2011-05-09T16:40:13","version" => "2.18.1"},{"date" => "2011-06-19T18:46:40","version" => "2.99.9_1"},{"date" => "2011-06-20T20:47:06","version" => "2.99.9_2"},{"date" => "2012-03-09T22:51:54","version" => "2.19.0"},{"date" => "2012-03-11T03:28:47","version" => "2.19.1"},{"date" => "2012-03-12T20:58:56","version" => "2.19.2"},{"date" => "2012-08-21T17:18:39","version" => "2.19.3"},{"date" => "2013-11-16T03:47:03","version" => "2.20.1_1"},{"date" => "2013-11-21T03:22:26","version" => "2.20.1_2"},{"date" => "2013-11-26T19:03:57","version" => "2.20.1_3"},{"date" => "2013-11-27T19:35:07","version" => "2.20.1_4"},{"date" => "2014-01-11T20:31:09","version" => "2.20.1_6"},{"date" => "2014-02-04T01:38:37","version" => "3.0.0"},{"date" => "2014-04-05T11:08:15","version" => "3.1.0"},{"date" => "2014-04-06T13:17:49","version" => "3.1.1"},{"date" => "2014-05-15T17:20:49","version" => "3.2.0"},{"date" => "2014-05-20T16:38:44","version" => "3.2.1"},{"date" => "2014-05-31T18:50:07","version" => "3.3.0"},{"date" => "2014-08-16T19:09:15","version" => "3.4.0"},{"date" => "2014-08-20T20:38:19","version" => "3.4.1"},{"date" => "2014-09-25T21:16:23","version" => "3.4.2"},{"date" => "2015-01-06T20:41:04","version" => "3.5.0"},{"date" => "2015-02-07T13:09:54","version" => "3.5.0_1"},{"date" => "2015-02-16T19:17:14","version" => "3.5.0_2"},{"date" => "2015-02-17T21:20:22","version" => "3.5.1"},{"date" => "2015-09-29T15:46:33","version" => "3.5.2"},{"date" => "2015-10-01T14:06:04","version" => "3.5.3"},{"date" => "2017-04-05T10:23:22","version" => "3.5.9_1"},{"date" => "2017-04-17T13:34:12","version" => "3.6.0"},{"date" => "2017-05-22T16:49:32","version" => "3.6.1"},{"date" => "2017-05-23T14:25:49","version" => "3.6.2"},{"date" => "2017-09-22T16:30:49","version" => "3.6.9_1"},{"date" => "2017-09-23T02:10:34","version" => "3.6.9_2"},{"date" => "2017-09-24T19:30:09","version" => "3.7.0"},{"date" => "2018-02-11T19:23:39","version" => "3.7.1"},{"date" => "2018-02-12T13:39:58","version" => "v3.7.3"},{"date" => "2018-02-13T04:10:10","version" => "3.7.4"},{"date" => "2019-04-26T02:20:41","version" => "3.8.0"},{"date" => "2019-07-06T19:44:25","version" => "3.8.1"},{"date" => "2019-07-25T15:48:44","version" => "3.8.9_1"},{"date" => "2019-08-13T21:10:51","version" => "3.9.0"},{"date" => "2019-08-15T19:46:43","version" => "3.9.1"},{"date" => "2019-09-03T15:18:09","version" => "3.10.0"},{"date" => "2020-01-14T03:27:38","version" => "3.10.1"},{"date" => "2020-01-17T22:34:46","version" => "3.10.2"},{"date" => "2020-01-20T21:01:45","version" => "3.10.3"},{"date" => "2020-02-03T17:19:38","version" => "3.10.4"},{"date" => "2020-03-23T17:47:23","version" => "3.10.5"},{"date" => "2020-04-23T16:46:52","version" => "3.11.0"},{"date" => "2020-04-28T15:12:38","version" => "3.11.1"},{"date" => "2020-05-07T18:35:28","version" => "3.12.0"},{"date" => "2020-06-03T13:39:22","version" => "3.12.1"},{"date" => "2020-06-04T15:30:54","version" => "3.12.2"},{"date" => "2020-06-05T17:59:13","version" => "3.12.3"},{"date" => "2020-06-08T20:38:00","version" => "3.12.3_1"},{"date" => "2020-06-15T21:25:55","version" => "3.12.3_2"},{"date" => "2020-06-17T15:53:25","version" => "3.13.0"},{"date" => "2020-07-20T00:24:23","version" => "3.14.0"},{"date" => "2020-08-12T16:17:33","version" => "3.14.1"},{"date" => "2020-08-13T13:36:09","version" => "3.14.2"},{"date" => "2021-05-21T21:20:28","version" => "3.15.0"},{"date" => "2022-02-14T15:39:15","version" => "3.15.1"},{"date" => "2022-08-08T18:03:02","version" => "3.16.0"},{"date" => "2023-03-06T00:06:35","version" => "3.16.1"},{"date" => "2023-04-04T19:49:11","version" => "3.16.2"},{"date" => "2023-04-04T20:43:26","version" => "3.16.3"},{"date" => "2023-08-24T00:42:24","version" => "3.17.0"},{"date" => "2023-12-06T23:47:13","version" => "3.18.0"}]},"DBD-SQLite" => {"advisories" => [{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-15358"],"description" => "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-15358","references" => ["https://www.sqlite.org/src/info/10fa79d00f8091e5","https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2","https://www.sqlite.org/src/tktview?name=8f157e8010","https://security.netapp.com/advisory/ntap-20200709-0001/","https://security.gentoo.org/glsa/202007-26","https://usn.ubuntu.com/4438-1/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211847","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpujan2021.html","https://support.apple.com/kb/HT212147","http://seclists.org/fulldisclosure/2021/Feb/14","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-06-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13632"],"description" => "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13632","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/a4dd148928ea65bd","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13631"],"description" => "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13631","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/eca0ba2cf4c0fdf7","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c\@%3Cissues.guacamole.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13630"],"description" => "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13630","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/0d69f76f0865f962","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "high"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13435","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13434","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-11656","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-11655","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-9327"],"description" => "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-9327","references" => ["https://www.sqlite.org/cgi/src/info/4374860b29383380","https://www.sqlite.org/cgi/src/info/abc473fb8fb99900","https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e","https://security.netapp.com/advisory/ntap-20200313-0002/","https://security.gentoo.org/glsa/202003-16","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-02-21","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-20218"],"description" => "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-20218","references" => ["https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://security.gentoo.org/glsa/202007-26","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html"],"reported" => "2020-01-02","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19959"],"description" => "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19959","references" => ["https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec","https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1","https://security.netapp.com/advisory/ntap-20200204-0001/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"reported" => "2020-01-03","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19926","CVE-2019-19880"],"description" => "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19926","references" => ["https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4298-2/","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-23","severity" => "high"},{"affected_versions" => [">=1.19_01,<1.63_03"],"cves" => ["CVE-2019-8457"],"description" => "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.63_04"],"id" => "CPANSA-DBD-SQLite-2019-8457","references" => ["https://www.sqlite.org/src/info/90acdbfce9c08858","https://www.sqlite.org/releaselog/3_28_0.html","https://usn.ubuntu.com/4004-1/","https://usn.ubuntu.com/4004-2/","https://security.netapp.com/advisory/ntap-20190606-0002/","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2019-05-30","severity" => "critical"},{"affected_versions" => [">=1.61_03,<1.63_03"],"cves" => ["CVE-2019-5018"],"description" => "An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.63_04"],"id" => "CPANSA-DBD-SQLite-2019-5018","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777","http://www.securityfocus.com/bid/108294","http://packetstormsecurity.com/files/152809/Sqlite3-Window-Function-Remote-Code-Execution.html","https://security.netapp.com/advisory/ntap-20190521-0001/","https://security.gentoo.org/glsa/201908-09","https://usn.ubuntu.com/4205-1/"],"reported" => "2019-05-10","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19925"],"description" => "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19925","references" => ["https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19924"],"description" => "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19924","references" => ["https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3","https://security.netapp.com/advisory/ntap-20200114-0003/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "medium"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19923"],"description" => "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19923","references" => ["https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19880"],"description" => "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19880","references" => ["https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54","https://security.netapp.com/advisory/ntap-20200114-0001/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-18","severity" => "high"},{"affected_versions" => ["<=1.65_02"],"cves" => ["CVE-2019-19646"],"description" => "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19646","references" => ["https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd","https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3","https://www.sqlite.org/","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "critical"},{"affected_versions" => ["<=1.65_02"],"cves" => ["CVE-2019-19645"],"description" => "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19645","references" => ["https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4394-1/","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "medium"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19603"],"description" => "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19603","references" => ["https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13","https://www.sqlite.org/","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4394-1/","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c\@%3Cissues.guacamole.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19317"],"description" => "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19317","references" => ["https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8","https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-05","severity" => "critical"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19244"],"description" => "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19244","references" => ["https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-25","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19242","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["<1.61_01"],"cves" => ["CVE-2018-20506"],"description" => "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.61_01"],"id" => "CPANSA-DBD-SQLite-2018-20506","references" => ["https://support.apple.com/kb/HT209451","https://support.apple.com/kb/HT209450","https://support.apple.com/kb/HT209448","https://support.apple.com/kb/HT209447","https://support.apple.com/kb/HT209446","https://support.apple.com/kb/HT209443","https://sqlite.org/src/info/940f2adc8541a838","https://seclists.org/bugtraq/2019/Jan/39","https://seclists.org/bugtraq/2019/Jan/33","https://seclists.org/bugtraq/2019/Jan/32","https://seclists.org/bugtraq/2019/Jan/31","https://seclists.org/bugtraq/2019/Jan/29","https://seclists.org/bugtraq/2019/Jan/28","http://www.securityfocus.com/bid/106698","http://seclists.org/fulldisclosure/2019/Jan/69","http://seclists.org/fulldisclosure/2019/Jan/68","http://seclists.org/fulldisclosure/2019/Jan/67","http://seclists.org/fulldisclosure/2019/Jan/66","http://seclists.org/fulldisclosure/2019/Jan/64","http://seclists.org/fulldisclosure/2019/Jan/62","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html","https://security.netapp.com/advisory/ntap-20190502-0004/","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2019-04-03","severity" => "high"},{"affected_versions" => ["==1.59_02"],"cves" => ["CVE-2018-20505"],"description" => "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.59_03"],"id" => "CPANSA-DBD-SQLite-2018-20505","references" => ["https://support.apple.com/kb/HT209451","https://support.apple.com/kb/HT209450","https://support.apple.com/kb/HT209448","https://support.apple.com/kb/HT209447","https://support.apple.com/kb/HT209446","https://support.apple.com/kb/HT209443","https://sqlite.org/src/info/1a84668dcfdebaf12415d","https://seclists.org/bugtraq/2019/Jan/39","https://seclists.org/bugtraq/2019/Jan/33","https://seclists.org/bugtraq/2019/Jan/32","https://seclists.org/bugtraq/2019/Jan/31","https://seclists.org/bugtraq/2019/Jan/29","https://seclists.org/bugtraq/2019/Jan/28","http://www.securityfocus.com/bid/106698","http://seclists.org/fulldisclosure/2019/Jan/69","http://seclists.org/fulldisclosure/2019/Jan/68","http://seclists.org/fulldisclosure/2019/Jan/67","http://seclists.org/fulldisclosure/2019/Jan/66","http://seclists.org/fulldisclosure/2019/Jan/64","http://seclists.org/fulldisclosure/2019/Jan/62","https://security.netapp.com/advisory/ntap-20190502-0004/","https://usn.ubuntu.com/4019-1/"],"reported" => "2019-04-03","severity" => "high"},{"affected_versions" => ["<1.61_01"],"cves" => ["CVE-2018-20346"],"description" => "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.61_01"],"id" => "CPANSA-DBD-SQLite-2018-20346","references" => ["https://www.sqlite.org/releaselog/3_25_3.html","https://www.mail-archive.com/sqlite-users\@mailinglists.sqlite.org/msg113218.html","https://crbug.com/900910","https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://bugzilla.redhat.com/show_bug.cgi?id=1659677","https://bugzilla.redhat.com/show_bug.cgi?id=1659379","https://blade.tencent.com/magellan/index_en.html","https://access.redhat.com/articles/3758321","https://worthdoingbadly.com/sqlitebug/","https://sqlite.org/src/info/d44318f59044162e","https://sqlite.org/src/info/940f2adc8541a838","https://news.ycombinator.com/item?id=18685296","https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html","https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html","https://www.synology.com/security/advisory/Synology_SA_18_61","http://www.securityfocus.com/bid/106323","https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html","https://security.gentoo.org/glsa/201904-21","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://support.apple.com/HT209448","https://support.apple.com/HT209447","https://support.apple.com/HT209446","https://support.apple.com/HT209451","https://support.apple.com/HT209443","https://support.apple.com/HT209450","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2018-12-21","severity" => "high"},{"affected_versions" => ["<1.59_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.59_01"],"id" => "CPANSA-DBD-SQLite-2018-8740","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["==1.55_06","<=1.55_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.55_07"],"id" => "CPANSA-DBD-SQLite-2017-10989","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["<=1.55_01"],"cves" => ["CVE-2016-6153"],"description" => "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.55_01"],"id" => "CPANSA-DBD-SQLite-2016-6153","references" => ["http://www.openwall.com/lists/oss-security/2016/07/01/1","http://www.securityfocus.com/bid/91546","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/","https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt","https://www.sqlite.org/releaselog/3_13_0.html","http://www.sqlite.org/cgi/src/info/67985761aa93fb61","http://www.openwall.com/lists/oss-security/2016/07/01/2","http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html","https://www.tenable.com/security/tns-2016-20","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://github.com/briandfoy/cpan-security-advisory/issues/187","https://rt.cpan.org/Public/Bug/Display.html?id=118395"],"reported" => "2016-09-26","severity" => "medium"},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3416"],"description" => "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3416","references" => ["http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://rhn.redhat.com/errata/RHSA-2015-1634.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3415"],"description" => "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3415","references" => ["https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3414"],"description" => "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3414","references" => ["https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["==1.47_01"],"cves" => ["CVE-2013-7443"],"description" => "Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2013-7443","references" => ["https://www.sqlite.org/src/info/520070ec7fbaac73eda0e0123596b7bb3e9a6897","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1448758","https://www.sqlite.org/src/info/ac5852d6403c9c9628ca0aa7be135c702f000698","http://ubuntu.com/usn/usn-2698-1","http://www.openwall.com/lists/oss-security/2015/07/14/5","http://www.openwall.com/lists/oss-security/2015/07/15/4","http://www.securityfocus.com/bid/76089"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.00,<=1.02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.03,<=1.04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.05"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.07"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.08"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.09"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.10,<=1.11"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.12"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.13"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.14"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.19_01,<=1.22_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.22_05,<=1.26_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.26_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.26_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.26_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.26_05,<=1.26_06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.26_07,<=1.27"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.28_01,<=1.28_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.29,<=1.30_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.30_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.30_04,<=1.31"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.32_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.32_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.32_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.32_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.33"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.34_01,<=1.34_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.36_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.36_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.36_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.36_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.37"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.38_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.38_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.38_03,<=1.40"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.41_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.41_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.41_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.41_04,<=1.41_05"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.41_06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.41_07,<=1.43_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.43_03,<=1.43_07"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.43_08,<=1.44"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.45_01,<=1.45_05"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.45_06,<=1.46"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.47_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.47_02,<1.47_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.47_05,<=1.48"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.49_01,<=1.49_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.49_03,<=1.49_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.49_05"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.49_06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.49_07,<=1.50"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.51_01,<=1.51_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.51_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.51_05"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.51_06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.51_07,<=1.54"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.55_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.55_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.55_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.55_04,<=1.55_05"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.55_04,<=1.55_05"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.55_06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.55_07,<=1.58"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.55_07,<=1.58"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.59_01"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.59_01"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.59_02,<=1.60"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.59_02,<=1.60"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.61_01,<=1.61_02"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.61_01,<=1.61_02"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.61_03,<=1.63_01"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.61_03,<=1.63_01"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.63_02,<=1.63_03"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.63_02,<=1.63_03"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.63_04"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.63_04"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.63_05,<=1.64"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.63_05,<=1.64"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.65_01"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.65_01"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.65_02"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.65_02"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.65_03,<=1.66"],"cves" => ["CVE-2020-15358"],"description" => "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-15358-sqlite","references" => ["https://www.sqlite.org/src/info/10fa79d00f8091e5","https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2","https://www.sqlite.org/src/tktview?name=8f157e8010","https://security.netapp.com/advisory/ntap-20200709-0001/","https://security.gentoo.org/glsa/202007-26","https://usn.ubuntu.com/4438-1/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211847","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpujan2021.html","https://support.apple.com/kb/HT212147","http://seclists.org/fulldisclosure/2021/Feb/14","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-06-27","severity" => "medium"},{"affected_versions" => ["=1.67_01"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.67_01"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.67_01"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"}],"main_module" => "DBD::SQLite","versions" => [{"date" => "2002-02-19T18:56:55","version" => "0.05"},{"date" => "2002-02-22T07:29:26","version" => "0.06"},{"date" => "2002-02-23T11:19:51","version" => "0.07"},{"date" => "2002-02-25T12:59:46","version" => "0.08"},{"date" => "2002-02-27T19:46:01","version" => "0.09"},{"date" => "2002-02-28T11:11:10","version" => "0.10"},{"date" => "2002-03-13T12:16:23","version" => "0.11"},{"date" => "2002-03-21T16:49:25","version" => "0.12"},{"date" => "2002-03-26T22:39:39","version" => "0.13"},{"date" => "2002-03-28T15:59:02","version" => "0.14"},{"date" => "2002-04-02T10:48:10","version" => "0.15"},{"date" => "2002-06-17T23:50:53","version" => "0.16"},{"date" => "2002-06-26T13:59:05","version" => "0.17"},{"date" => "2002-07-12T13:46:37","version" => "0.18"},{"date" => "2002-08-13T22:19:45","version" => "0.19"},{"date" => "2002-10-17T16:25:57","version" => "0.20"},{"date" => "2002-10-18T07:08:42","version" => "0.21"},{"date" => "2002-12-18T18:02:11","version" => "0.22"},{"date" => "2002-12-29T16:25:29","version" => "0.23"},{"date" => "2003-01-29T16:47:23","version" => "0.24"},{"date" => "2003-03-06T22:24:48","version" => "0.25"},{"date" => "2003-07-31T15:16:06","version" => "0.26"},{"date" => "2003-08-18T20:17:31","version" => "0.27"},{"date" => "2003-08-25T13:42:07","version" => "0.28"},{"date" => "2003-12-05T15:42:05","version" => "0.29"},{"date" => "2004-02-08T18:45:02","version" => "0.30"},{"date" => "2004-02-14T19:18:16","version" => "0.31"},{"date" => "2004-07-21T21:19:33","version" => "1.00"},{"date" => "2004-08-01T04:49:09","version" => "1.01"},{"date" => "2004-08-02T18:35:42","version" => "1.02"},{"date" => "2004-08-09T15:43:59","version" => "1.03"},{"date" => "2004-08-23T15:14:21","version" => "1.04"},{"date" => "2004-09-10T15:46:34","version" => "1.05"},{"date" => "2004-09-21T17:26:28","version" => "1.06"},{"date" => "2004-10-12T09:07:33","version" => "1.07"},{"date" => "2005-02-26T13:47:33","version" => "1.08"},{"date" => "2005-06-20T15:42:32","version" => "1.09"},{"date" => "2005-12-01T20:56:30","version" => "1.10"},{"date" => "2005-12-02T19:13:29","version" => "1.11"},{"date" => "2006-04-10T02:24:08","version" => "1.12"},{"date" => "2006-09-08T05:02:06","version" => "1.13"},{"date" => "2007-09-19T19:25:09","version" => "1.14"},{"date" => "2009-03-27T11:11:41","version" => "1.19_01"},{"date" => "2009-03-28T16:46:41","version" => "1.19_02"},{"date" => "2009-03-30T21:58:59","version" => "1.19_03"},{"date" => "2009-03-31T20:31:37","version" => "1.19_04"},{"date" => "2009-04-02T04:24:12","version" => "1.19_05"},{"date" => "2009-04-03T19:21:54","version" => "1.19_06"},{"date" => "2009-04-04T00:49:42","version" => "1.19_07"},{"date" => "2009-04-04T04:29:03","version" => "1.19_08"},{"date" => "2009-04-05T03:16:37","version" => "1.19_09"},{"date" => "2009-04-05T19:43:04","version" => "1.19_10"},{"date" => "2009-04-07T14:00:36","version" => "1.20"},{"date" => "2009-04-08T01:24:11","version" => "1.21"},{"date" => "2009-04-08T02:05:13","version" => "1.22_01"},{"date" => "2009-04-08T11:49:36","version" => "1.22_02"},{"date" => "2009-04-09T09:40:39","version" => "1.22_03"},{"date" => "2009-04-11T01:58:53","version" => "1.22_04"},{"date" => "2009-04-14T15:52:05","version" => "1.22_05"},{"date" => "2009-04-15T14:59:20","version" => "1.22_06"},{"date" => "2009-04-16T05:40:28","version" => "1.22_07"},{"date" => "2009-04-17T09:08:15","version" => "1.22_08"},{"date" => "2009-04-19T09:53:00","version" => "1.23"},{"date" => "2009-04-22T02:14:33","version" => "1.24_01"},{"date" => "2009-04-23T00:50:02","version" => "1.24_02"},{"date" => "2009-04-23T10:20:49","version" => "1.25"},{"date" => "2009-05-05T06:04:00","version" => "1.26_01"},{"date" => "2009-06-19T06:56:29","version" => "1.26_02"},{"date" => "2009-08-12T06:01:13","version" => "1.26_03"},{"date" => "2009-10-06T06:23:40","version" => "1.26_04"},{"date" => "2009-10-15T04:05:19","version" => "1.26_05"},{"date" => "2009-10-28T11:16:12","version" => "1.26_06"},{"date" => "2009-11-16T01:47:37","version" => "1.26_07"},{"date" => "2009-11-23T11:15:09","version" => "1.27"},{"date" => "2009-12-23T11:44:07","version" => "1.28_01"},{"date" => "2010-01-03T05:56:21","version" => "1.28_02"},{"date" => "2010-01-08T09:14:18","version" => "1.29"},{"date" => "2010-03-10T15:55:37","version" => "1.30_01"},{"date" => "2010-03-30T11:45:57","version" => "1.30_02"},{"date" => "2010-05-31T03:13:24","version" => "1.30_03"},{"date" => "2010-08-25T09:25:41","version" => "1.30_04"},{"date" => "2010-08-27T15:31:59","version" => "1.30_05"},{"date" => "2010-09-09T01:49:17","version" => "1.30_06"},{"date" => "2010-09-15T07:30:11","version" => "1.31"},{"date" => "2010-12-10T05:14:51","version" => "1.32_01"},{"date" => "2011-03-07T06:57:51","version" => "1.32_02"},{"date" => "2011-05-12T05:05:38","version" => "1.32_03"},{"date" => "2011-05-20T02:39:29","version" => "1.32_04"},{"date" => "2011-05-30T07:39:31","version" => "1.33"},{"date" => "2011-09-21T16:26:23","version" => "1.34_01"},{"date" => "2011-10-21T06:13:45","version" => "1.34_02"},{"date" => "2011-11-01T03:51:19","version" => "1.34_03"},{"date" => "2011-11-29T00:16:47","version" => "1.35"},{"date" => "2012-01-19T06:15:08","version" => "1.36_01"},{"date" => "2012-02-23T04:11:05","version" => "1.36_02"},{"date" => "2012-05-07T22:56:21","version" => "1.36_03"},{"date" => "2012-05-19T09:46:14","version" => "1.36_04"},{"date" => "2012-06-09T14:43:03","version" => "1.37"},{"date" => "2012-09-24T10:18:25","version" => "1.38_01"},{"date" => "2013-04-09T05:03:21","version" => "1.38_02"},{"date" => "2013-05-21T05:14:23","version" => "1.38_03"},{"date" => "2013-05-29T07:11:57","version" => "1.38_04"},{"date" => "2013-05-31T04:39:53","version" => "1.38_05"},{"date" => "2013-06-09T15:10:40","version" => "1.39"},{"date" => "2013-07-28T05:31:53","version" => "1.40"},{"date" => "2013-08-27T06:41:37","version" => "1.41_01"},{"date" => "2013-08-29T18:53:29","version" => "1.41_02"},{"date" => "2013-09-04T17:57:50","version" => "1.41_03"},{"date" => "2014-01-12T01:19:09","version" => "1.41_04"},{"date" => "2014-01-22T03:53:26","version" => "1.41_05"},{"date" => "2014-02-12T02:53:38","version" => "1.41_06"},{"date" => "2014-03-13T13:44:52","version" => "1.41_07"},{"date" => "2014-03-19T15:29:13","version" => "1.42"},{"date" => "2014-03-25T18:50:08","version" => "1.43_01"},{"date" => "2014-03-25T19:58:13","version" => "1.43_02"},{"date" => "2014-06-12T05:01:15","version" => "1.43_03"},{"date" => "2014-07-21T01:13:47","version" => "1.43_04"},{"date" => "2014-07-21T05:45:41","version" => "1.43_05"},{"date" => "2014-07-22T00:31:31","version" => "1.43_06"},{"date" => "2014-07-29T17:03:09","version" => "1.43_07"},{"date" => "2014-08-21T09:01:11","version" => "1.43_08"},{"date" => "2014-10-20T07:50:46","version" => "1.43_09"},{"date" => "2014-10-22T14:15:00","version" => "1.44"},{"date" => "2014-10-22T15:33:37","version" => "1.45_01"},{"date" => "2014-10-23T08:21:27","version" => "1.45_02"},{"date" => "2014-10-24T17:57:53","version" => "1.45_03"},{"date" => "2014-10-28T08:28:00","version" => "1.45_04"},{"date" => "2014-11-25T04:07:43","version" => "1.45_05"},{"date" => "2014-11-26T08:52:49","version" => "1.45_06"},{"date" => "2014-12-10T06:23:03","version" => "1.46"},{"date" => "2015-02-17T07:00:46","version" => "1.47_01"},{"date" => "2015-04-16T13:30:38","version" => "1.47_02"},{"date" => "2015-04-16T14:45:00","version" => "1.47_03"},{"date" => "2015-05-01T17:37:17","version" => "1.47_04"},{"date" => "2015-05-08T13:49:32","version" => "1.47_05"},{"date" => "2015-06-11T16:10:44","version" => "1.48"},{"date" => "2015-08-04T11:18:05","version" => "1.49_01"},{"date" => "2015-10-10T03:43:45","version" => "1.49_02"},{"date" => "2015-11-05T05:52:27","version" => "1.49_03"},{"date" => "2015-11-24T12:59:11","version" => "1.49_04"},{"date" => "2016-01-11T13:32:43","version" => "1.49_05"},{"date" => "2016-01-15T03:40:44","version" => "1.49_06"},{"date" => "2016-01-21T01:11:59","version" => "1.49_07"},{"date" => "2016-01-30T00:55:58","version" => "1.49_08"},{"date" => "2016-02-10T15:04:42","version" => "1.50"},{"date" => "2016-02-20T01:03:50","version" => "1.51_01"},{"date" => "2016-02-20T01:49:29","version" => "1.51_02"},{"date" => "2016-02-20T11:06:51","version" => "1.51_03"},{"date" => "2016-03-07T04:33:35","version" => "1.51_04"},{"date" => "2016-06-23T01:22:57","version" => "1.51_05"},{"date" => "2016-10-15T00:21:14","version" => "1.51_06"},{"date" => "2016-10-16T05:16:29","version" => "1.51_07"},{"date" => "2016-11-15T13:02:35","version" => "1.52"},{"date" => "2016-11-26T01:34:30","version" => "1.53_01"},{"date" => "2016-12-24T02:36:45","version" => "1.54"},{"date" => "2017-01-03T15:42:47","version" => "1.55_01"},{"date" => "2017-01-07T16:49:21","version" => "1.55_02"},{"date" => "2017-02-14T01:31:43","version" => "1.55_03"},{"date" => "2017-11-21T17:07:32","version" => "1.55_04"},{"date" => "2017-12-15T18:52:29","version" => "1.55_05"},{"date" => "2018-01-27T07:33:51","version" => "1.55_06"},{"date" => "2018-01-27T07:42:58","version" => "1.55_07"},{"date" => "2018-02-28T09:01:25","version" => "1.56"},{"date" => "2018-03-21T06:45:29","version" => "1.57_01"},{"date" => "2018-03-28T11:56:19","version" => "1.58"},{"date" => "2018-09-16T19:25:50","version" => "1.59_01"},{"date" => "2018-09-30T06:09:34","version" => "1.59_02"},{"date" => "2018-11-03T12:14:20","version" => "1.59_03"},{"date" => "2018-12-01T02:42:29","version" => "1.60"},{"date" => "2018-12-01T08:01:30","version" => "1.61_01"},{"date" => "2018-12-01T09:10:18","version" => "1.61_02"},{"date" => "2018-12-19T13:03:22","version" => "1.61_03"},{"date" => "2018-12-22T06:37:21","version" => "1.61_04"},{"date" => "2018-12-28T17:59:27","version" => "1.62"},{"date" => "2019-01-25T22:31:45","version" => "1.63_01"},{"date" => "2019-02-13T19:09:44","version" => "1.63_02"},{"date" => "2019-02-14T16:56:40","version" => "1.63_03"},{"date" => "2019-05-24T16:39:18","version" => "1.63_04"},{"date" => "2019-07-11T17:50:51","version" => "1.63_05"},{"date" => "2019-08-12T09:02:59","version" => "1.64"},{"date" => "2020-01-18T01:56:18","version" => "1.65_01"},{"date" => "2020-02-08T13:02:59","version" => "1.65_02"},{"date" => "2020-07-26T16:42:08","version" => "1.65_03"},{"date" => "2020-08-30T02:14:15","version" => "1.66"},{"date" => "2020-11-24T12:57:56","version" => "1.67_01"},{"date" => "2020-12-05T17:06:24","version" => "1.67_02"},{"date" => "2021-03-30T21:37:13","version" => "1.67_03"},{"date" => "2021-05-30T22:56:01","version" => "1.67_04"},{"date" => "2021-06-12T23:39:11","version" => "1.67_05"},{"date" => "2021-06-14T03:49:54","version" => "1.67_06"},{"date" => "2021-06-19T00:57:41","version" => "1.67_07"},{"date" => "2021-07-22T05:30:17","version" => "1.68"},{"date" => "2021-07-29T21:09:19","version" => "1.69_01"},{"date" => "2021-07-30T14:21:39","version" => "1.69_02"},{"date" => "2021-08-01T10:20:33","version" => "1.70"},{"date" => "2021-12-01T17:03:29","version" => "1.71_01"},{"date" => "2022-01-06T20:51:05","version" => "1.71_02"},{"date" => "2022-02-23T10:49:28","version" => "1.71_03"},{"date" => "2022-02-26T00:59:40","version" => "1.71_04"},{"date" => "2022-02-26T02:49:09","version" => "1.71_05"},{"date" => "2022-03-12T02:54:15","version" => "1.71_06"},{"date" => "2022-10-25T18:36:30","version" => "1.71_07"},{"date" => "2022-11-03T16:28:17","version" => "1.72"},{"date" => "2023-07-09T01:04:52","version" => "1.73_01"},{"date" => "2023-09-19T17:26:03","version" => "1.74"},{"date" => "2024-09-17T14:05:40","version" => "1.75_01"},{"date" => "2024-10-19T04:47:07","version" => "1.76"},{"date" => "2025-11-24T04:21:58","version" => "1.77_01"},{"date" => "2025-11-24T08:08:46","version" => "1.77_02"},{"date" => "2025-12-27T02:02:17","version" => "1.77_03"},{"date" => "2026-01-02T01:23:08","version" => "1.78"}]},"DBD-mysql" => {"advisories" => [{"affected_versions" => ["<4.044"],"cves" => ["CVE-2017-10788"],"description" => "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.044"],"id" => "CPANSA-DBD-mysql-2017-02","references" => ["https://github.com/perl5-dbi/DBD-mysql/issues/120","http://www.securityfocus.com/bid/99374","http://seclists.org/oss-sec/2017/q2/443"],"reported" => "2017-04-13"},{"affected_versions" => ["<4.044"],"cves" => ["CVE-2017-10789"],"description" => "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.044"],"id" => "CPANSA-DBD-mysql-2017-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/pull/114"],"reported" => "2017-03-23"},{"affected_versions" => [">=2.9003,<4.039"],"cves" => ["CVE-2016-1249"],"description" => "Out-of-bounds read.\n","distribution" => "DBD-mysql","fixed_versions" => ["<2.9003,>=4.039"],"id" => "CPANSA-DBD-mysql-2016-03","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"],"reported" => "2016-11-16"},{"affected_versions" => ["<4.037"],"cves" => ["CVE-2016-1246"],"description" => "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.037"],"id" => "CPANSA-DBD-mysql-2016-02","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2","http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"],"reported" => "2016-10-02"},{"affected_versions" => ["<4.034"],"cves" => ["CVE-2015-8949"],"description" => "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.034"],"id" => "CPANSA-DBD-mysql-2016-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"],"reported" => "2016-08-19"},{"affected_versions" => ["<4.041"],"cves" => ["CVE-2016-1251"],"description" => "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.041"],"id" => "CPANSA-DBD-mysql-2015-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"],"reported" => "2015-12-27"},{"affected_versions" => ["<4.028"],"cves" => ["CVE-2014-9906"],"description" => "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.028"],"id" => "CPANSA-DBD-mysql-2014-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc","https://rt.cpan.org/Public/Bug/Display.html?id=97625"],"reported" => "2014-07-30"}],"main_module" => "DBD::mysql","versions" => [{"date" => "2000-04-15T20:17:36","version" => "v1.2212."},{"date" => "2001-05-06T21:47:46","version" => "2.0900"},{"date" => "2001-05-25T21:24:45","version" => "2.0901"},{"date" => "2001-07-09T21:10:17","version" => "2.0902"},{"date" => "2001-10-28T22:53:19","version" => "2.0903"},{"date" => "2001-10-31T04:01:07","version" => "2.1000"},{"date" => "2001-11-04T17:55:04","version" => "2.1001"},{"date" => "2001-11-04T18:22:30","version" => "2.1002"},{"date" => "2001-11-05T20:14:34","version" => "2.1003"},{"date" => "2001-11-13T01:24:26","version" => "2.1004"},{"date" => "2001-12-13T09:07:53","version" => "2.1005"},{"date" => "2001-12-27T18:10:04","version" => "2.1007"},{"date" => "2001-12-27T18:10:21","version" => "2.1006"},{"date" => "2001-12-28T17:06:05","version" => "2.1008"},{"date" => "2002-01-01T20:02:26","version" => "2.1009"},{"date" => "2002-01-07T21:33:21","version" => "2.1010"},{"date" => "2002-02-12T11:09:53","version" => "2.1011"},{"date" => "2002-04-12T07:21:06","version" => "2.1012"},{"date" => "2002-04-15T07:49:36","version" => "2.1013"},{"date" => "2002-04-17T21:24:26","version" => "2.1014"},{"date" => "2002-04-29T20:53:41","version" => "2.1015"},{"date" => "2002-05-01T20:07:05","version" => "2.1016"},{"date" => "2002-05-02T20:59:04","version" => "2.1017"},{"date" => "2002-08-13T17:52:25","version" => "2.1018"},{"date" => "2002-09-16T18:42:20","version" => "2.1019"},{"date" => "2002-09-23T20:42:50","version" => "2.1020"},{"date" => "2002-12-17T20:46:14","version" => "2.1021"},{"date" => "2003-01-03T02:46:24","version" => "2.1022"},{"date" => "2003-01-19T21:19:03","version" => "2.1023"},{"date" => "2003-01-20T12:08:27","version" => "2.1024"},{"date" => "2003-02-07T21:09:44","version" => "2.1025"},{"date" => "2003-03-03T20:46:27","version" => "2.1026"},{"date" => "2003-05-31T18:08:15","version" => "2.1027"},{"date" => "2003-06-25T16:12:36","version" => "2.1028"},{"date" => "2003-06-27T04:32:05","version" => "2.9002"},{"date" => "2003-09-12T17:04:42","version" => "2.9003_1"},{"date" => "2003-10-27T03:39:04","version" => "2.9003"},{"date" => "2004-07-01T03:24:14","version" => "2.9004_2"},{"date" => "2004-07-14T03:07:34","version" => "2.9004"},{"date" => "2004-10-20T17:27:25","version" => "2.9005_1"},{"date" => "2004-10-28T00:39:25","version" => "2.9005_3"},{"date" => "2005-03-29T02:43:14","version" => "2.9005"},{"date" => "2005-04-04T04:27:00","version" => "2.9006"},{"date" => "2005-04-27T00:13:49","version" => "2.9015_3"},{"date" => "2005-04-27T00:14:06","version" => "2.9007"},{"date" => "2005-06-06T01:39:20","version" => "2.9008"},{"date" => "2005-07-01T01:48:20","version" => "3.0000"},{"date" => "2005-07-03T21:56:11","version" => "3.0000_0"},{"date" => "2005-07-04T15:53:40","version" => "3.0001_0"},{"date" => "2005-07-04T16:16:00","version" => "3.0001_1"},{"date" => "2005-07-07T01:14:17","version" => "3.0001"},{"date" => "2005-07-07T01:22:39","version" => "3.0001_2"},{"date" => "2005-07-08T05:37:13","version" => "3.0001_3"},{"date" => "2005-07-11T16:49:47","version" => "3.0002"},{"date" => "2005-08-04T02:50:35","version" => "3.0002_1"},{"date" => "2005-09-26T23:22:57","version" => "3.0002_2"},{"date" => "2005-09-28T18:58:55","version" => "3.0002_3"},{"date" => "2005-11-06T21:47:29","version" => "3.0002_4"},{"date" => "2006-02-01T23:20:01","version" => "3.0002_5"},{"date" => "2006-05-04T17:49:06","version" => "3.0003"},{"date" => "2006-05-04T17:49:23","version" => "3.0003_1"},{"date" => "2006-05-21T17:28:22","version" => "3.0004"},{"date" => "2006-05-21T17:28:33","version" => "3.0004_1"},{"date" => "2006-06-10T01:21:49","version" => "3.0005_1"},{"date" => "2006-06-10T01:22:01","version" => "3.0005"},{"date" => "2006-06-11T17:05:25","version" => "3.0006"},{"date" => "2006-06-11T17:05:36","version" => "3.0006_1"},{"date" => "2006-09-08T23:12:02","version" => "3.0007"},{"date" => "2006-09-08T23:13:45","version" => "3.0007_1"},{"date" => "2006-10-07T12:59:23","version" => "3.0007_2"},{"date" => "2006-10-16T13:42:13","version" => "3.0008"},{"date" => "2006-10-16T13:42:24","version" => "3.0008_1"},{"date" => "2006-12-24T14:11:04","version" => "4.00"},{"date" => "2007-01-08T01:11:12","version" => "4.001"},{"date" => "2007-03-02T03:32:59","version" => "4.002"},{"date" => "2007-03-02T14:13:37","version" => "4.003"},{"date" => "2007-03-22T22:31:22","version" => "4.004"},{"date" => "2007-06-08T15:33:34","version" => "4.005"},{"date" => "2007-12-26T22:50:48","version" => "4.006"},{"date" => "2008-05-11T15:56:07","version" => "4.007"},{"date" => "2008-08-15T14:06:50","version" => "4.008"},{"date" => "2008-10-22T01:05:54","version" => "4.009"},{"date" => "2008-10-24T14:00:41","version" => "4.010"},{"date" => "2009-04-14T02:40:31","version" => "4.011"},{"date" => "2009-06-19T02:08:06","version" => "4.012"},{"date" => "2009-09-16T18:37:29","version" => "4.013"},{"date" => "2010-04-15T03:17:58","version" => "4.014"},{"date" => "2010-07-09T19:48:58","version" => "4.015"},{"date" => "2010-07-10T16:50:49","version" => "4.016"},{"date" => "2010-08-12T05:50:17","version" => "4.017"},{"date" => "2010-10-26T16:59:27","version" => "4.018"},{"date" => "2011-05-09T01:28:25","version" => "4.019"},{"date" => "2011-08-20T18:45:49","version" => "4.020"},{"date" => "2012-04-28T14:18:16","version" => "4.021"},{"date" => "2012-08-30T02:00:19","version" => "4.022"},{"date" => "2013-04-12T21:48:10","version" => "4.023"},{"date" => "2013-09-17T16:04:11","version" => "4.024"},{"date" => "2013-11-04T18:29:18","version" => "4.025"},{"date" => "2014-01-16T01:33:03","version" => "4.026"},{"date" => "2014-03-19T14:25:36","version" => "4.027"},{"date" => "2014-08-01T19:59:28","version" => "4.028"},{"date" => "2014-12-09T02:39:44","version" => "4.029"},{"date" => "2015-01-28T03:53:42","version" => "4.030_01"},{"date" => "2015-03-02T20:44:31","version" => "4.030_02"},{"date" => "2015-03-06T20:12:05","version" => "4.031"},{"date" => "2015-04-16T22:28:43","version" => "4.032_01"},{"date" => "2015-07-21T12:15:24","version" => "4.032"},{"date" => "2015-10-25T19:59:17","version" => "4.032_03"},{"date" => "2015-10-27T03:37:29","version" => "4.033"},{"date" => "2015-12-15T07:16:36","version" => "4.033_01"},{"date" => "2015-12-18T07:00:41","version" => "4.033_02"},{"date" => "2016-07-04T19:32:50","version" => "4.033_03"},{"date" => "2016-07-06T06:32:05","version" => "4.034"},{"date" => "2016-07-09T05:50:13","version" => "4.035"},{"date" => "2016-08-01T06:29:25","version" => "4.035_01"},{"date" => "2016-08-11T08:11:18","version" => "4.035_02"},{"date" => "2016-08-19T15:52:10","version" => "4.035_03"},{"date" => "2016-08-23T05:59:26","version" => "4.036"},{"date" => "2016-10-03T07:00:29","version" => "4.037"},{"date" => "2016-10-14T20:56:49","version" => "4.037_01"},{"date" => "2016-10-19T19:37:55","version" => "4.037_02"},{"date" => "2016-10-20T02:33:04","version" => "4.038"},{"date" => "2016-10-30T08:45:31","version" => "4.038_01"},{"date" => "2016-11-16T03:57:57","version" => "4.039"},{"date" => "2016-11-19T19:56:51","version" => "4.040"},{"date" => "2016-11-28T20:40:41","version" => "4.041"},{"date" => "2016-12-13T06:59:09","version" => "4.041_01"},{"date" => "2017-02-28T20:57:20","version" => "4.041_02"},{"date" => "2017-03-08T20:32:52","version" => "4.042"},{"date" => "2017-06-29T21:12:09","version" => "4.043"},{"date" => "2018-01-23T01:53:30","version" => "4.044"},{"date" => "2018-02-07T21:43:00","version" => "4.044"},{"date" => "2018-02-08T20:30:55","version" => "4.045"},{"date" => "2018-02-08T20:48:11","version" => "4.046"},{"date" => "2018-03-09T20:27:44","version" => "4.046_01"},{"date" => "2018-09-09T03:02:20","version" => "4.047"},{"date" => "2018-09-15T12:46:51","version" => "4.048"},{"date" => "2018-11-17T18:58:09","version" => "4.049"},{"date" => "2019-01-09T09:07:15","version" => "4.050"},{"date" => "2019-10-07T10:06:13","version" => "4.018_01"},{"date" => "2023-10-04T07:10:45","version" => "4.051"},{"date" => "2023-10-04T07:20:03","version" => "5.001"},{"date" => "2023-10-24T09:02:42","version" => "5.002"},{"date" => "2023-12-01T07:13:15","version" => "4.052"},{"date" => "2023-12-01T07:14:42","version" => "5.003"},{"date" => "2024-03-19T08:16:14","version" => "5.004"},{"date" => "2024-05-01T09:04:33","version" => "5.005"},{"date" => "2024-06-04T19:59:44","version" => "5.006"},{"date" => "2024-07-01T06:02:18","version" => "5.007"},{"date" => "2024-07-30T07:47:38","version" => "5.008"},{"date" => "2024-09-19T08:35:24","version" => "5.009"},{"date" => "2024-11-11T06:43:01","version" => "5.010"},{"date" => "2025-01-06T06:52:30","version" => "4.053"},{"date" => "2025-01-06T06:55:27","version" => "5.011"},{"date" => "2025-04-11T16:18:15","version" => "5.012"},{"date" => "2025-08-03T08:51:10","version" => "4.054"},{"date" => "2025-08-03T08:51:21","version" => "5.013"},{"date" => "2026-02-23T07:39:11","version" => "4.055"}]},"DBD-mysqlPP" => {"advisories" => [{"affected_versions" => ["<0.93"],"cves" => [],"description" => "SQL injection.\n","distribution" => "DBD-mysqlPP","fixed_versions" => [">=0.03"],"id" => "CPANSA-DBD-mysqlPP-2011-01","references" => ["https://metacpan.org/changes/distribution/DBD-mysqlPP","https://jvn.jp/en/jp/JVN51216285/index.html"],"reported" => "2011-10-14","severity" => "high"}],"main_module" => "DBD::mysqlPP","versions" => [{"date" => "2002-04-04T07:20:36","version" => "0.02"},{"date" => "2002-04-15T10:26:39","version" => "0.03"},{"date" => "2003-01-24T11:14:14","version" => "0.04"},{"date" => "2011-10-21T23:07:07","version" => "0.05"},{"date" => "2011-10-26T22:17:22","version" => "0.06"},{"date" => "2011-11-17T22:24:50","version" => "0.07"}]},"DBI" => {"advisories" => [{"affected_versions" => ["<1.643"],"cves" => ["CVE-2020-14393"],"description" => "A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-01","references" => ["https://metacpan.org/changes/distribution/DBI","https://bugzilla.redhat.com/show_bug.cgi?id=1877409"],"reported" => "2020-09-16","severity" => "high"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2020-14392"],"description" => "An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-03","references" => ["https://metacpan.org/changes/distribution/DBI","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://bugzilla.redhat.com/show_bug.cgi?id=1877402","https://bugzilla.redhat.com/show_bug.cgi?id=1877402","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html","https://usn.ubuntu.com/4503-1/"],"reported" => "2020-06-17","severity" => "high"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2019-20919"],"description" => "An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-02","references" => ["https://metacpan.org/changes/distribution/DBI","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20919","https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff","https://bugzilla.redhat.com/show_bug.cgi?id=1877405","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","https://lists.opensuse.org/archives/list/security-announce\@lists.opensuse.org/message/US6VXPKVAYHOKNFSAFLM3FWNYZSJKQHS/","https://lists.opensuse.org/archives/list/security-announce\@lists.opensuse.org/message/KJN7E27GD6QQ2CRGEJ3TNW2DJFXA2AKN/","https://ubuntu.com/security/notices/USN-4534-1"],"reported" => "2020-09-17","severity" => "high"},{"affected_versions" => ["<1.632"],"cves" => [],"description" => "DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.\n","distribution" => "DBI","fixed_versions" => [">=1.632"],"id" => "CPANSA-DBI-2014-01","references" => ["https://metacpan.org/changes/distribution/DBI","https://rt.cpan.org/Public/Bug/Display.html?id=99508"],"reported" => "2014-10-15","severity" => "high"},{"affected_versions" => ["<1.47"],"cves" => ["CVE-2005-0077"],"description" => "Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.\n","distribution" => "DBI","fixed_versions" => [">=1.47"],"id" => "CPANSA-DBI-2005-01","references" => ["https://metacpan.org/changes/distribution/DBI"],"reported" => "2005-05-02"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2014-10402"],"description" => "An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.\n","distribution" => "DBI","fixed_versions" => [">=1.644"],"id" => "CPANSA-DBI-2014-10402","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590","https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes"],"reported" => "2020-09-16","severity" => "medium"},{"affected_versions" => ["<1.632"],"cves" => ["CVE-2014-10401"],"description" => "An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.\n","distribution" => "DBI","fixed_versions" => [">=1.644"],"id" => "CPANSA-DBI-2014-10401","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=99508","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014","https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a","https://usn.ubuntu.com/4509-1/","https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes"],"reported" => "2020-09-11","severity" => "medium"},{"affected_versions" => ["<1.628"],"cves" => ["CVE-2013-7491"],"description" => "An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.\n","distribution" => "DBI","fixed_versions" => [">=1.628"],"id" => "CPANSA-DBI-2013-7491","references" => ["https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.628-22nd-July-2013","https://rt.cpan.org/Public/Bug/Display.html?id=85562"],"reported" => "2020-09-11","severity" => "medium"},{"affected_versions" => ["<1.632"],"cves" => ["CVE-2013-7490"],"description" => "An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.\n","distribution" => "DBI","fixed_versions" => [">=1.632"],"id" => "CPANSA-DBI-2013-7490","references" => ["https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014","https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941","https://usn.ubuntu.com/4509-1/"],"reported" => "2020-09-11","severity" => "medium"}],"main_module" => "DBI","versions" => [{"date" => "1995-10-27T08:14:00","version" => "0.64"},{"date" => "1996-02-15T22:07:00","version" => "0.67"},{"date" => "1996-04-22T10:22:00","version" => "0.68"},{"date" => "1996-05-07T19:46:00","version" => "0.69"},{"date" => "1996-06-16T21:08:00","version" => "0.70"},{"date" => "1996-07-10T00:49:00","version" => "0.71"},{"date" => "1996-09-23T16:33:00","version" => "0.72"},{"date" => "1996-10-15T00:58:00","version" => "0.73"},{"date" => "1997-01-14T16:59:00","version" => "0.74"},{"date" => "1997-01-27T21:59:00","version" => "0.75"},{"date" => "1997-02-03T18:54:00","version" => "0.76"},{"date" => "1997-02-21T14:27:00","version" => "0.77"},{"date" => "1997-03-28T14:36:00","version" => "0.78"},{"date" => "1997-04-07T18:28:00","version" => "0.79"},{"date" => "1997-05-07T11:45:00","version" => "0.80"},{"date" => "1997-05-07T14:05:00","version" => "0.81"},{"date" => "1997-05-23T15:56:00","version" => "0.82"},{"date" => "1997-06-11T21:40:00","version" => "0.83"},{"date" => "1997-06-20T15:36:00","version" => "0.84"},{"date" => "1997-06-25T10:25:00","version" => "0.85"},{"date" => "1997-07-16T16:38:00","version" => "0.001"},{"date" => "1997-07-18T11:27:00","version" => "0.87"},{"date" => "1997-07-22T21:27:00","version" => "0.88"},{"date" => "1997-07-25T13:46:55","version" => "0.89"},{"date" => "1997-09-05T19:38:52","version" => "0.90"},{"date" => "1997-12-10T17:15:14","version" => "0.91"},{"date" => "1998-02-05T20:45:45","version" => "0.92"},{"date" => "1998-02-13T15:21:52","version" => "0.93"},{"date" => "1998-08-10T03:23:46","version" => "0.94"},{"date" => "1998-08-11T13:21:19","version" => "0.95"},{"date" => "1998-08-14T20:38:42","version" => "1.00"},{"date" => "1998-09-02T14:59:47","version" => "1.01"},{"date" => "1998-09-04T12:29:52","version" => "1.02"},{"date" => "1999-01-18T21:52:15","version" => "1.06"},{"date" => "1999-05-13T01:49:11","version" => "1.08"},{"date" => "1999-06-02T13:44:40","version" => "1.08"},{"date" => "1999-06-09T20:57:59","version" => "1.09"},{"date" => "1999-06-13T23:52:03","version" => "1.10"},{"date" => "1999-06-17T13:22:36","version" => "1.11"},{"date" => "1999-06-29T23:07:41","version" => "1.12"},{"date" => "1999-07-12T03:28:41","version" => "1.13"},{"date" => "2000-06-11T02:39:59","version" => "1.03_80"},{"date" => "2000-06-14T20:30:57","version" => "1.14"},{"date" => "2001-03-30T15:03:31","version" => "1.15"},{"date" => "2001-05-29T23:25:57","version" => "1.16"},{"date" => "2001-06-04T17:12:30","version" => "1.17"},{"date" => "2001-06-04T19:00:37","version" => "1.18"},{"date" => "2001-07-20T22:29:24","version" => "1.19"},{"date" => "2001-08-24T23:32:10","version" => "1.20"},{"date" => "2002-01-10T15:25:45","version" => "1.201"},{"date" => "2002-02-07T03:30:16","version" => "1.21"},{"date" => "2002-03-13T14:18:00","version" => "1.21"},{"date" => "2002-05-22T13:42:15","version" => "1.22"},{"date" => "2002-05-25T17:38:03","version" => "1.23"},{"date" => "2002-06-05T03:32:38","version" => "1.24"},{"date" => "2002-06-05T22:42:04","version" => "1.25"},{"date" => "2002-06-13T12:30:47","version" => "1.26"},{"date" => "2002-06-13T15:19:06","version" => "1.27"},{"date" => "2002-06-14T13:13:53","version" => "1.28"},{"date" => "2002-06-26T09:34:24","version" => "1.28"},{"date" => "2002-07-15T11:24:40","version" => "1.29"},{"date" => "2002-07-18T14:27:25","version" => "1.30"},{"date" => "2002-11-30T00:49:54","version" => "1.31"},{"date" => "2002-12-01T23:01:26","version" => "1.32"},{"date" => "2002-12-20T16:23:29","version" => "1.32"},{"date" => "2003-02-26T18:01:24","version" => "1.32_90"},{"date" => "2003-02-27T00:25:32","version" => "1.33"},{"date" => "2003-02-28T17:53:35","version" => "1.34"},{"date" => "2003-03-07T22:02:20","version" => "1.35"},{"date" => "2003-05-14T11:13:39","version" => "1.36"},{"date" => "2003-05-15T18:02:26","version" => "1.37"},{"date" => "2003-08-25T20:36:26","version" => "1.38"},{"date" => "2003-11-27T23:46:40","version" => "1.39"},{"date" => "2004-01-08T14:04:59","version" => "1.39"},{"date" => "2004-02-23T14:54:21","version" => "1.41"},{"date" => "2004-03-12T16:40:08","version" => "1.41"},{"date" => "2004-07-05T10:02:05","version" => "1.43"},{"date" => "2004-10-05T21:27:23","version" => "1.44"},{"date" => "2004-10-06T13:49:20","version" => "1.45"},{"date" => "2004-11-16T12:38:32","version" => "1.46"},{"date" => "2005-02-02T11:28:46","version" => "1.47"},{"date" => "2005-03-14T17:03:33","version" => "1.48"},{"date" => "2005-11-29T19:59:40","version" => "1.49"},{"date" => "2005-12-14T16:55:16","version" => "1.50"},{"date" => "2006-04-19T15:56:38","version" => "1.45"},{"date" => "2006-06-06T12:08:36","version" => "1.51"},{"date" => "2006-08-08T21:13:32","version" => "1.52"},{"date" => "2006-11-02T00:38:01","version" => "1.53"},{"date" => "2007-02-23T17:15:23","version" => "1.54"},{"date" => "2007-05-04T14:56:38","version" => "1.55"},{"date" => "2007-05-10T14:04:04","version" => "1.56"},{"date" => "2007-05-13T22:00:58","version" => "1.56"},{"date" => "2007-06-13T16:45:34","version" => "1.57"},{"date" => "2007-06-15T17:06:42","version" => "1.57"},{"date" => "2007-06-18T15:15:31","version" => "1.57"},{"date" => "2007-06-25T22:11:47","version" => "1.58"},{"date" => "2007-08-22T17:02:10","version" => "1.59"},{"date" => "2007-08-23T12:22:26","version" => "1.59"},{"date" => "2007-08-23T13:59:53","version" => "1.59"},{"date" => "2007-08-24T09:19:29","version" => "1.59"},{"date" => "2007-10-16T13:12:55","version" => "1.601"},{"date" => "2007-10-21T22:12:52","version" => "1.601"},{"date" => "2008-02-09T22:06:13","version" => "1.602"},{"date" => "2008-03-22T00:11:03","version" => "1.603"},{"date" => "2008-03-24T14:11:41","version" => "1.604"},{"date" => "2008-06-16T19:19:43","version" => "1.605"},{"date" => "2008-07-22T21:01:09","version" => "1.606"},{"date" => "2008-07-22T21:50:54","version" => "1.607"},{"date" => "2009-05-02T22:58:48","version" => "1.608"},{"date" => "2009-05-05T12:05:19","version" => "1.608"},{"date" => "2009-06-05T22:57:34","version" => "1.609"},{"date" => "2009-06-08T10:29:18","version" => "1.609"},{"date" => "2010-03-02T21:26:39","version" => "1.611"},{"date" => "2010-04-22T11:06:31","version" => "1.611"},{"date" => "2010-04-27T15:13:32","version" => "1.611"},{"date" => "2010-04-29T19:54:44","version" => "1.611"},{"date" => "2010-05-28T10:29:17","version" => "1.612"},{"date" => "2010-06-15T22:47:23","version" => "1.612"},{"date" => "2010-06-16T19:18:05","version" => "1.612"},{"date" => "2010-07-02T14:26:03","version" => "1.612"},{"date" => "2010-07-15T15:00:53","version" => "1.612"},{"date" => "2010-07-16T19:36:42","version" => "1.612"},{"date" => "2010-07-22T17:34:16","version" => "1.613"},{"date" => "2010-07-25T15:50:15","version" => "1.613"},{"date" => "2010-07-30T14:17:33","version" => "1.614"},{"date" => "2010-08-16T16:34:58","version" => "1.614"},{"date" => "2010-08-30T20:11:00","version" => "1.614"},{"date" => "2010-08-30T20:26:37","version" => "1.614"},{"date" => "2010-08-30T20:56:09","version" => "1.614"},{"date" => "2010-09-02T15:44:21","version" => "1.614"},{"date" => "2010-09-09T10:24:11","version" => "1.614"},{"date" => "2010-09-16T16:23:50","version" => "1.614"},{"date" => "2010-09-17T09:48:02","version" => "1.614"},{"date" => "2010-09-21T10:14:29","version" => "1.615"},{"date" => "2010-09-22T12:28:20","version" => "1.615"},{"date" => "2010-12-18T21:51:52","version" => "1.616"},{"date" => "2010-12-21T23:26:46","version" => "1.616"},{"date" => "2010-12-29T14:39:48","version" => "1.616"},{"date" => "2010-12-30T10:26:51","version" => "1.616"},{"date" => "2012-01-02T17:12:53","version" => "1.617"},{"date" => "2012-01-28T09:34:18","version" => "1.617"},{"date" => "2012-01-30T10:06:49","version" => "1.617"},{"date" => "2012-02-07T22:54:02","version" => "1.618"},{"date" => "2012-02-13T18:24:33","version" => "1.618"},{"date" => "2012-02-23T11:05:45","version" => "1.618"},{"date" => "2012-02-25T14:24:39","version" => "1.618"},{"date" => "2012-04-18T11:57:55","version" => "1.619"},{"date" => "2012-04-20T20:21:54","version" => "1.619"},{"date" => "2012-04-23T22:09:14","version" => "1.619"},{"date" => "2012-04-25T12:46:54","version" => "1.620"},{"date" => "2012-05-21T13:06:09","version" => "1.621"},{"date" => "2012-05-22T22:17:06","version" => "1.621"},{"date" => "2012-06-06T16:51:00","version" => "1.622"},{"date" => "2012-07-13T15:24:35","version" => "1.623"},{"date" => "2012-10-30T13:01:14","version" => "1.623"},{"date" => "2012-11-19T23:27:04","version" => "1.623"},{"date" => "2012-12-13T16:26:23","version" => "1.623"},{"date" => "2012-12-21T17:22:01","version" => "1.623"},{"date" => "2013-01-02T10:09:42","version" => "1.623"},{"date" => "2013-03-22T20:41:50","version" => "1.624"},{"date" => "2013-03-28T21:59:38","version" => "1.625"},{"date" => "2013-05-15T11:28:03","version" => "1.626"},{"date" => "2013-05-16T20:30:50","version" => "1.627"},{"date" => "2013-06-24T21:56:27","version" => "1.628"},{"date" => "2013-06-24T22:12:23","version" => "1.628"},{"date" => "2013-06-30T19:08:08","version" => "1.628"},{"date" => "2013-07-02T11:27:23","version" => "1.628"},{"date" => "2013-07-22T13:22:40","version" => "1.628"},{"date" => "2013-10-11T12:28:12","version" => "1.629"},{"date" => "2013-10-13T16:02:52","version" => "1.629"},{"date" => "2013-10-15T12:24:53","version" => "1.629"},{"date" => "2013-10-22T11:58:53","version" => "1.629_50"},{"date" => "2013-10-28T12:51:39","version" => "1.630"},{"date" => "2014-01-13T13:51:01","version" => "1.631"},{"date" => "2014-01-16T11:34:34","version" => "1.631"},{"date" => "2014-01-20T11:12:44","version" => "1.631"},{"date" => "2014-10-23T14:08:22","version" => "1.631"},{"date" => "2014-11-05T11:15:07","version" => "1.632"},{"date" => "2015-01-08T14:31:52","version" => "1.632"},{"date" => "2015-01-11T13:26:05","version" => "1.633"},{"date" => "2015-07-18T13:16:07","version" => "1.633"},{"date" => "2015-07-19T14:34:22","version" => "1.633_91"},{"date" => "2015-07-22T15:27:59","version" => "1.633_92"},{"date" => "2015-08-02T16:52:48","version" => "1.633_93"},{"date" => "2015-08-03T14:52:56","version" => "1.634"},{"date" => "2016-04-23T15:28:02","version" => "1.634"},{"date" => "2016-04-24T11:57:03","version" => "1.635"},{"date" => "2016-04-24T22:20:56","version" => "1.636"},{"date" => "2017-08-14T10:10:55","version" => "1.637"},{"date" => "2017-08-16T09:02:40","version" => "1.637"},{"date" => "2017-12-28T14:40:44","version" => "1.639"},{"date" => "2018-01-28T20:50:53","version" => "1.640"},{"date" => "2018-03-19T18:06:08","version" => "1.641"},{"date" => "2018-10-28T15:08:54","version" => "1.641_90"},{"date" => "2018-10-29T10:43:41","version" => "1.642"},{"date" => "2020-01-26T20:48:52","version" => "1.642_90"},{"date" => "2020-01-31T19:02:41","version" => "1.643"},{"date" => "2024-08-20T11:29:56","version" => "1.643_01"},{"date" => "2024-08-22T07:09:52","version" => "1.643_02"},{"date" => "2024-08-23T17:54:09","version" => "1.644"},{"date" => "2024-09-03T09:25:33","version" => "1.645"},{"date" => "2025-01-11T12:59:58","version" => "1.646"},{"date" => "2025-01-20T08:14:47","version" => "1.647"}]},"DBIx-Class-EncodedColumn" => {"advisories" => [{"affected_versions" => ["<0.11"],"cves" => ["CVE-2025-27551"],"description" => "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.  This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm.  This issue affects DBIx::Class::EncodedColumn until 0.00032.","distribution" => "DBIx-Class-EncodedColumn","fixed_versions" => [">=0.11"],"id" => "CPANSA-DBIx-Class-EncodedColumn-2025-27551","references" => ["https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-03-26","severity" => undef},{"affected_versions" => ["<0.11"],"cves" => ["CVE-2025-27552"],"description" => "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.  This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.  This issue affects DBIx::Class::EncodedColumn until 0.00032.","distribution" => "DBIx-Class-EncodedColumn","fixed_versions" => [">=0.11"],"id" => "CPANSA-DBIx-Class-EncodedColumn-2025-27552","references" => ["https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-03-26","severity" => undef}],"main_module" => "DBIx::Class::EncodedColumn","versions" => [{"date" => "2008-01-29T23:47:22","version" => "0.00001_01"},{"date" => "2008-01-31T23:21:56","version" => "0.00001_02"},{"date" => "2008-02-01T00:17:42","version" => "0.00001_03"},{"date" => "2008-02-01T18:52:21","version" => "0.00001"},{"date" => "2008-07-28T22:45:39","version" => "0.00002"},{"date" => "2009-09-01T15:45:04","version" => "0.00003"},{"date" => "2009-09-03T18:11:37","version" => "0.00004"},{"date" => "2009-10-11T15:06:19","version" => "0.00005"},{"date" => "2010-01-16T00:39:59","version" => "0.00006"},{"date" => "2010-04-30T00:12:56","version" => "0.00007"},{"date" => "2010-04-30T17:51:03","version" => "0.00008"},{"date" => "2010-05-17T20:20:11","version" => "0.00009_1"},{"date" => "2010-05-18T14:56:30","version" => "0.00009"},{"date" => "2010-08-27T18:36:04","version" => "0.00010"},{"date" => "2011-04-11T20:21:16","version" => "0.00011"},{"date" => "2013-04-29T14:32:51","version" => "0.00012"},{"date" => "2014-02-27T13:50:24","version" => "0.00013"},{"date" => "2016-05-31T13:31:04","version" => "0.00014"},{"date" => "2016-06-01T14:04:39","version" => "0.00015"},{"date" => "2019-06-12T12:59:07","version" => "0.00016"},{"date" => "2019-09-03T21:54:20","version" => "0.00017"},{"date" => "2019-09-16T18:10:46","version" => "0.00018"},{"date" => "2019-09-19T18:13:13","version" => "0.00019"},{"date" => "2019-09-25T12:34:33","version" => "0.00020"},{"date" => "2025-03-25T14:30:45","version" => "0.00030"},{"date" => "2025-03-25T17:55:22","version" => "0.00031"},{"date" => "2025-03-25T18:05:54","version" => "0.00032"},{"date" => "2025-03-26T11:34:06","version" => "0.1.0"},{"date" => "2025-03-26T11:40:46","version" => "0.11"}]},"DBIx-Custom" => {"advisories" => [{"affected_versions" => ["<0.1641"],"cves" => [],"description" => "SQL injection when passing special column names.\n","distribution" => "DBIx-Custom","fixed_versions" => [">=0.1641"],"id" => "CPANSA-DBIx-Custom-2011-01","references" => ["https://metacpan.org/changes/distribution/DBIx-Custom","https://github.com/yuki-kimoto/DBIx-Custom/commit/5b00b9f9a966e7abecabd91710c8fa893784d919"],"reported" => "2011-01-27","severity" => "high"}],"main_module" => "DBIx::Custom","versions" => [{"date" => "2009-11-08T04:18:19","version" => "0.0101"},{"date" => "2009-11-09T10:46:44","version" => "0.0201"},{"date" => "2009-11-12T14:12:47","version" => "0.0301"},{"date" => "2009-11-15T11:43:40","version" => "0.0401"},{"date" => "2009-11-16T11:10:52","version" => "0.0501"},{"date" => "2009-11-17T12:37:33","version" => "0.0502"},{"date" => "2009-11-19T12:05:50","version" => "0.0601"},{"date" => "2009-11-19T13:37:39","version" => "0.0602"},{"date" => "2009-11-20T12:08:31","version" => "0.0603"},{"date" => "2009-11-23T13:39:53","version" => "0.0604"},{"date" => "2009-11-23T14:45:46","version" => "0.0605"},{"date" => "2009-11-25T13:57:52","version" => "0.0701"},{"date" => "2009-12-01T07:30:25","version" => "0.0702"},{"date" => "2009-12-02T13:59:36","version" => "0.0801"},{"date" => "2009-12-09T14:27:53","version" => "0.0901"},{"date" => "2009-12-22T13:40:07","version" => "0.0902"},{"date" => "2010-01-18T12:42:57","version" => "0.0903"},{"date" => "2010-01-21T14:29:12","version" => "0.0904"},{"date" => "2010-01-22T12:51:23","version" => "0.0905"},{"date" => "2010-01-24T09:49:30","version" => "0.0906"},{"date" => "2010-01-30T00:15:17","version" => "0.1001"},{"date" => "2010-01-30T03:51:04","version" => "0.1101"},{"date" => "2010-05-01T13:02:19","version" => "0.1301"},{"date" => "2010-05-01T23:29:22","version" => "0.1401"},{"date" => "2010-05-02T06:04:57","version" => "0.1402"},{"date" => "2010-05-26T15:13:04","version" => "0.1501"},{"date" => "2010-05-27T14:00:04","version" => "0.1502"},{"date" => "2010-05-28T13:28:16","version" => "0.1503"},{"date" => "2010-06-25T12:11:33","version" => "0.1602"},{"date" => "2010-07-14T13:55:33","version" => "0.1603"},{"date" => "2010-08-03T14:43:14","version" => "0.1604"},{"date" => "2010-08-05T15:17:49","version" => "0.1605"},{"date" => "2010-08-05T15:24:36","version" => "0.1606"},{"date" => "2010-08-06T14:57:35","version" => "0.1607"},{"date" => "2010-08-07T05:49:19","version" => "0.1608"},{"date" => "2010-08-08T04:45:12","version" => "0.1609"},{"date" => "2010-08-08T12:44:43","version" => "0.1610"},{"date" => "2010-08-09T12:08:31","version" => "0.1611"},{"date" => "2010-08-10T11:19:41","version" => "0.1612"},{"date" => "2010-08-10T12:35:17","version" => "0.1613"},{"date" => "2010-08-12T15:01:01","version" => "0.1614"},{"date" => "2010-08-15T04:00:44","version" => "0.1615"},{"date" => "2010-08-24T10:18:06","version" => "0.1616"},{"date" => "2010-09-07T12:12:04","version" => "0.1617"},{"date" => "2010-10-17T05:44:56","version" => "0.1618"},{"date" => "2010-10-20T15:01:35","version" => "0.1619"},{"date" => "2010-10-21T14:38:05","version" => "0.1620"},{"date" => "2010-11-10T06:54:46","version" => "0.1621"},{"date" => "2010-12-20T14:58:38","version" => "0.1622"},{"date" => "2010-12-21T16:10:25","version" => "0.1623"},{"date" => "2010-12-22T08:41:09","version" => "0.1624"},{"date" => "2011-01-01T16:08:48","version" => "0.1625"},{"date" => "2011-01-02T04:21:11","version" => "0.1626"},{"date" => "2011-01-04T15:18:21","version" => "0.1627"},{"date" => "2011-01-12T07:29:29","version" => "0.1628"},{"date" => "2011-01-12T15:35:11","version" => "0.1629"},{"date" => "2011-01-13T15:41:25","version" => "0.1630"},{"date" => "2011-01-17T15:53:44","version" => "0.1631"},{"date" => "2011-01-18T14:43:16","version" => "0.1632"},{"date" => "2011-01-18T15:22:37","version" => "0.1633"},{"date" => "2011-01-19T14:52:48","version" => "0.1634"},{"date" => "2011-01-21T14:04:02","version" => "0.1635"},{"date" => "2011-01-22T13:02:55","version" => "0.1636"},{"date" => "2011-01-24T12:58:40","version" => "0.1637"},{"date" => "2011-01-25T12:32:26","version" => "0.1638"},{"date" => "2011-01-26T09:23:22","version" => "0.1639"},{"date" => "2011-01-26T13:59:10","version" => "0.1640"},{"date" => "2011-01-27T05:19:14","version" => "0.1641"},{"date" => "2011-01-28T12:18:42","version" => "0.1642"},{"date" => "2011-02-09T08:54:11","version" => "0.1643"},{"date" => "2011-02-11T14:07:25","version" => "0.1644"},{"date" => "2011-02-14T15:24:30","version" => "0.1645"},{"date" => "2011-02-18T17:48:52","version" => "0.1646"},{"date" => "2011-02-19T00:30:41","version" => "0.1647"},{"date" => "2011-02-21T16:13:29","version" => "0.1648"},{"date" => "2011-02-22T14:53:08","version" => "0.1649"},{"date" => "2011-02-24T05:45:44","version" => "0.1650"},{"date" => "2011-02-24T14:35:20","version" => "0.1651"},{"date" => "2011-02-25T14:39:56","version" => "0.1652"},{"date" => "2011-02-28T13:18:03","version" => "0.1653"},{"date" => "2011-03-06T14:32:11","version" => "0.1654"},{"date" => "2011-03-08T14:59:08","version" => "0.1655"},{"date" => "2011-03-09T13:44:35","version" => "0.1656"},{"date" => "2011-03-10T15:44:50","version" => "0.1657"},{"date" => "2011-03-11T16:23:11","version" => "0.1658"},{"date" => "2011-03-12T08:20:07","version" => "0.1659"},{"date" => "2011-03-14T11:16:27","version" => "0.1660"},{"date" => "2011-03-15T16:32:52","version" => "0.1661"},{"date" => "2011-03-19T14:40:50","version" => "0.1662"},{"date" => "2011-03-21T03:53:25","version" => "0.1663"},{"date" => "2011-03-24T14:45:52","version" => "0.1664"},{"date" => "2011-03-25T14:25:43","version" => "0.1665"},{"date" => "2011-03-29T17:26:27","version" => "0.1666"},{"date" => "2011-03-30T08:03:39","version" => "0.1667"},{"date" => "2011-03-30T15:04:03","version" => "0.1668"},{"date" => "2011-03-30T15:25:45","version" => "0.1669"},{"date" => "2011-04-01T15:29:33","version" => "0.1670"},{"date" => "2011-04-02T16:31:44","version" => "0.1671"},{"date" => "2011-04-04T13:37:34","version" => "0.1672"},{"date" => "2011-04-05T11:45:54","version" => "0.1673"},{"date" => "2011-04-05T11:59:11","version" => "0.1674"},{"date" => "2011-04-11T13:47:34","version" => "0.1675"},{"date" => "2011-04-11T14:55:38","version" => "0.1676"},{"date" => "2011-04-12T15:17:24","version" => "0.1677"},{"date" => "2011-04-18T13:36:31","version" => "0.1678"},{"date" => "2011-04-19T11:07:27","version" => "0.1679"},{"date" => "2011-04-25T14:05:23","version" => "0.1680"},{"date" => "2011-04-26T14:07:02","version" => "0.1681"},{"date" => "2011-05-23T14:40:41","version" => "0.1682"},{"date" => "2011-06-06T11:52:44","version" => "0.1683"},{"date" => "2011-06-07T13:07:20","version" => "0.1684"},{"date" => "2011-06-08T10:32:35","version" => "0.1685"},{"date" => "2011-06-08T12:24:07","version" => "0.1686"},{"date" => "2011-06-09T13:59:44","version" => "0.1687"},{"date" => "2011-06-10T13:26:20","version" => "0.1688"},{"date" => "2011-06-12T03:22:26","version" => "0.1689"},{"date" => "2011-06-12T12:01:43","version" => "0.1690"},{"date" => "2011-06-13T13:31:21","version" => "0.1691"},{"date" => "2011-06-14T13:27:31","version" => "0.1692"},{"date" => "2011-06-15T08:51:43","version" => "0.1693"},{"date" => "2011-06-17T14:38:23","version" => "0.1694"},{"date" => "2011-06-20T13:08:47","version" => "0.1695"},{"date" => "2011-06-21T13:12:38","version" => "0.1696"},{"date" => "2011-06-24T13:42:00","version" => "0.1697"},{"date" => "2011-06-27T13:23:13","version" => "0.1698"},{"date" => "2011-06-28T14:39:21","version" => "0.1699"},{"date" => "2011-07-01T11:04:37","version" => "0.1700"},{"date" => "2011-07-11T13:19:20","version" => "0.1701"},{"date" => "2011-07-26T14:09:43","version" => "0.1702"},{"date" => "2011-07-28T04:59:20","version" => "0.1703"},{"date" => "2011-07-29T13:45:24","version" => "0.1704"},{"date" => "2011-07-29T14:35:38","version" => "0.1705"},{"date" => "2011-07-30T04:25:21","version" => "0.1706"},{"date" => "2011-07-30T05:16:05","version" => "0.1707"},{"date" => "2011-07-30T14:32:34","version" => "0.1708"},{"date" => "2011-08-01T12:48:52","version" => "0.1709"},{"date" => "2011-08-02T13:30:15","version" => "0.1710"},{"date" => "2011-08-09T14:11:24","version" => "0.1711"},{"date" => "2011-08-10T16:16:52","version" => "0.1712"},{"date" => "2011-08-12T13:45:58","version" => "0.1713"},{"date" => "2011-08-13T13:38:02","version" => "0.1714"},{"date" => "2011-08-14T03:47:28","version" => "0.1715"},{"date" => "2011-08-15T14:00:28","version" => "0.1716"},{"date" => "2011-08-16T04:03:16","version" => "0.1717"},{"date" => "2011-08-20T09:40:46","version" => "0.1718"},{"date" => "2011-08-22T13:43:21","version" => "0.1720"},{"date" => "2011-08-26T14:11:53","version" => "0.1721"},{"date" => "2011-09-02T15:12:10","version" => "0.1722"},{"date" => "2011-09-12T12:24:14","version" => "0.1723"},{"date" => "2011-09-16T15:15:54","version" => "0.1724"},{"date" => "2011-09-27T11:48:33","version" => "0.1725"},{"date" => "2011-09-30T11:21:45","version" => "0.1726"},{"date" => "2011-10-03T10:43:32","version" => "0.1727"},{"date" => "2011-10-05T04:10:35","version" => "0.1728"},{"date" => "2011-10-05T08:12:55","version" => "0.1729"},{"date" => "2011-10-10T11:35:23","version" => "0.1730"},{"date" => "2011-10-11T14:30:46","version" => "0.1731"},{"date" => "2011-10-20T11:56:08","version" => "0.1732"},{"date" => "2011-10-21T22:47:50","version" => "0.1733"},{"date" => "2011-10-22T22:02:37","version" => "0.1734"},{"date" => "2011-10-23T00:11:48","version" => "0.1735"},{"date" => "2011-10-23T13:08:15","version" => "0.1736"},{"date" => "2011-10-24T14:07:44","version" => "0.1737"},{"date" => "2011-10-25T14:31:15","version" => "0.1738"},{"date" => "2011-10-26T01:14:58","version" => "0.1739"},{"date" => "2011-10-27T12:59:00","version" => "0.1740"},{"date" => "2011-10-28T11:49:57","version" => "0.1741"},{"date" => "2011-10-31T15:37:07","version" => "0.1742"},{"date" => "2011-11-01T12:02:38","version" => "0.1743"},{"date" => "2011-11-03T13:38:04","version" => "0.1744"},{"date" => "2011-11-04T14:16:11","version" => "0.1745"},{"date" => "2011-11-07T12:19:53","version" => "0.1746"},{"date" => "2011-11-11T11:59:27","version" => "0.1747"},{"date" => "2011-11-16T00:36:45","version" => "0.20_01"},{"date" => "2011-11-16T08:50:11","version" => "0.2100"},{"date" => "2011-11-21T11:05:36","version" => "0.2101"},{"date" => "2011-11-25T14:34:26","version" => "0.2102"},{"date" => "2011-11-28T10:38:56","version" => "0.2103"},{"date" => "2011-11-29T13:48:49","version" => "0.2104"},{"date" => "2012-01-14T13:39:10","version" => "0.2105"},{"date" => "2012-01-20T15:16:34","version" => "0.2106"},{"date" => "2012-01-25T08:56:44","version" => "0.2107"},{"date" => "2012-01-29T14:30:53","version" => "0.2108"},{"date" => "2012-02-07T13:31:49","version" => "0.2109"},{"date" => "2012-02-10T14:51:17","version" => "0.2110"},{"date" => "2012-02-11T14:45:41","version" => "0.2111"},{"date" => "2012-02-28T14:33:03","version" => "0.22"},{"date" => "2012-03-01T00:07:11","version" => "0.23"},{"date" => "2012-03-02T14:57:03","version" => "0.24"},{"date" => "2012-03-19T11:58:43","version" => "0.25"},{"date" => "2012-07-11T08:20:53","version" => "0.26"},{"date" => "2012-09-17T13:15:26","version" => "0.27"},{"date" => "2013-03-04T11:25:17","version" => "0.28"},{"date" => "2014-02-03T09:21:29","version" => "0.29"},{"date" => "2014-02-04T00:17:32","version" => "0.30"},{"date" => "2015-01-13T01:36:24","version" => "0.31"},{"date" => "2015-01-13T05:24:10","version" => "0.32"},{"date" => "2015-01-13T07:52:20","version" => "0.33"},{"date" => "2015-01-15T02:04:26","version" => "0.34"},{"date" => "2015-05-23T05:44:25","version" => "0.35"},{"date" => "2015-05-25T02:52:16","version" => "0.36"},{"date" => "2016-05-21T07:00:46","version" => "0.37"},{"date" => "2017-03-16T07:48:58","version" => "0.38"},{"date" => "2017-03-29T02:29:03","version" => "0.39"},{"date" => "2017-03-30T01:41:11","version" => "0.40"},{"date" => "2017-11-06T15:17:26","version" => "0.41"},{"date" => "2019-10-15T04:14:26","version" => "0.41_99"},{"date" => "2019-10-19T08:52:17","version" => "0.42"},{"date" => "2020-04-01T05:39:43","version" => "0.43"},{"date" => "2020-08-03T00:46:29","version" => "0.44"},{"date" => "2021-12-16T00:31:02","version" => "0.45"}]},"Dancer" => {"advisories" => [{"affected_versions" => ["<1.3114"],"cves" => ["CVE-2012-5572"],"description" => "CRLF injection vulnerability in the cookie method allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name.\n","distribution" => "Dancer","fixed_versions" => [">=1.3114"],"id" => "CPANSA-Dancer-2014-01","references" => ["https://metacpan.org/changes/distribution/Dancer","https://github.com/PerlDancer/Dancer/commit/46ef9124f3149f697455061499ac7cee40930349"],"reported" => "2014-05-30"},{"affected_versions" => ["<1.3051"],"cves" => ["CVE-2011-1589"],"description" => "Directory traversal vulnerability (Mojolicious report, but Dancer was vulnerable as well).\n","distribution" => "Dancer","fixed_versions" => [">=1.3051"],"id" => "CPANSA-Dancer-2011-01","references" => ["https://metacpan.org/changes/distribution/Dancer","https://github.com/PerlDancer/Dancer/commit/91d0bf6a36705b0971b18f7d38fa2f3df8c7b994"],"reported" => "2011-04-05"}],"main_module" => "Dancer","versions" => [{"date" => "2009-07-27T13:18:07","version" => "20090727.1315"},{"date" => "2009-07-27T14:14:13","version" => "0_0.99"},{"date" => "2009-08-01T13:48:20","version" => "0.9901"},{"date" => "2009-08-04T10:01:54","version" => "0.9902"},{"date" => "2009-08-07T12:29:03","version" => "0.9003"},{"date" => "2009-09-19T15:30:19","version" => "0.9904"},{"date" => "2009-09-23T21:33:51","version" => "0.9905"},{"date" => "2009-11-20T11:14:20","version" => "1.000"},{"date" => "2010-01-06T13:53:28","version" => "1.100"},{"date" => "2010-01-11T09:46:45","version" => "1.110"},{"date" => "2010-01-15T16:03:35","version" => "1.120"},{"date" => "2010-01-15T17:53:08","version" => "1.121"},{"date" => "2010-01-20T07:48:38","version" => "1.122"},{"date" => "2010-01-29T17:29:24","version" => "1.130"},{"date" => "2010-02-09T07:55:18","version" => "1.140"},{"date" => "2010-02-17T15:09:48","version" => "1.150"},{"date" => "2010-03-07T17:50:01","version" => "1.160"},{"date" => "2010-03-24T11:19:00","version" => "1.170"},{"date" => "2010-03-24T13:44:04","version" => "1.171"},{"date" => "2010-03-28T15:09:59","version" => "1.172"},{"date" => "2010-04-01T14:13:30","version" => "1.173"},{"date" => "2010-04-04T11:03:53","version" => "1.173_01"},{"date" => "2010-04-08T13:49:39","version" => "1.174"},{"date" => "2010-04-11T10:49:39","version" => "1.175"},{"date" => "2010-04-19T08:43:22","version" => "1.175_01"},{"date" => "2010-04-22T20:29:56","version" => "1.176"},{"date" => "2010-05-05T12:21:26","version" => "1.178_01"},{"date" => "2010-05-16T10:28:47","version" => "1.1800"},{"date" => "2010-05-19T14:17:57","version" => "1.1801"},{"date" => "2010-05-19T17:32:52","version" => "1.1802"},{"date" => "2010-05-23T20:45:17","version" => "1.1803"},{"date" => "2010-06-18T11:59:20","version" => "1.1804"},{"date" => "2010-06-22T06:41:58","version" => "1.1805"},{"date" => "2010-07-07T06:15:55","version" => "1.1806_01"},{"date" => "2010-08-14T16:37:45","version" => "1.1806_02"},{"date" => "2010-08-23T17:47:12","version" => "1.1807"},{"date" => "2010-08-24T06:23:38","version" => "1.1808"},{"date" => "2010-08-25T05:41:15","version" => "1.1809"},{"date" => "2010-09-01T06:19:20","version" => "1.1810"},{"date" => "2010-09-03T09:23:14","version" => "1.1811"},{"date" => "2010-09-21T12:19:35","version" => "1.1812"},{"date" => "2010-09-24T14:25:44","version" => "1.1901"},{"date" => "2010-10-14T09:25:03","version" => "1.1999_01"},{"date" => "2010-10-28T15:41:17","version" => "1.1999_02"},{"date" => "2010-11-02T14:14:32","version" => "1.1902"},{"date" => "2010-11-02T14:25:04","version" => "1.1902"},{"date" => "2010-11-03T17:07:29","version" => "1.1903"},{"date" => "2010-11-04T11:16:17","version" => "1.1904"},{"date" => "2010-11-11T07:43:21","version" => "1.1999_03"},{"date" => "2010-11-14T08:08:56","version" => "1.1999_04"},{"date" => "2010-11-18T15:54:33","version" => "1.200"},{"date" => "2010-11-18T16:52:47","version" => "1.2000"},{"date" => "2010-11-29T22:05:38","version" => "1.2000_01"},{"date" => "2010-11-30T10:00:23","version" => "1.2000_02"},{"date" => "2010-11-30T19:59:09","version" => "1.2001"},{"date" => "2010-12-02T12:18:12","version" => "1.2001_01"},{"date" => "2010-12-03T20:28:56","version" => "1.2002"},{"date" => "2010-12-07T18:05:50","version" => "1.2002_01"},{"date" => "2010-12-08T21:38:17","version" => "1.2002_02"},{"date" => "2010-12-10T18:28:16","version" => "1.2003"},{"date" => "2010-12-22T17:57:55","version" => "1.3000_01"},{"date" => "2011-01-03T15:17:14","version" => "1.3000_02"},{"date" => "2011-01-27T10:00:22","version" => "1.2004"},{"date" => "2011-01-27T10:09:31","version" => "1.3001"},{"date" => "2011-02-02T15:42:28","version" => "1.3002"},{"date" => "2011-02-05T17:07:15","version" => "1.2005"},{"date" => "2011-02-06T13:12:28","version" => "1.3003"},{"date" => "2011-02-10T20:48:48","version" => "1.3010"},{"date" => "2011-02-12T12:50:18","version" => "1.3010_01"},{"date" => "2011-02-14T15:58:10","version" => "1.3011"},{"date" => "2011-03-01T19:00:52","version" => "1.3012"},{"date" => "2011-03-03T08:41:00","version" => "1.3013"},{"date" => "2011-03-04T12:56:36","version" => "1.3014"},{"date" => "2011-03-10T14:16:24","version" => "1.3014_01"},{"date" => "2011-03-13T13:17:43","version" => "1.3019_01"},{"date" => "2011-03-14T07:44:57","version" => "1.3019_02"},{"date" => "2011-03-21T13:44:17","version" => "1.3020"},{"date" => "2011-04-01T15:22:58","version" => "1.3029_01"},{"date" => "2011-04-08T20:07:26","version" => "1.3029_02"},{"date" => "2011-04-10T08:18:44","version" => "1.3029_03"},{"date" => "2011-04-13T08:26:50","version" => "1.3030"},{"date" => "2011-04-27T14:58:57","version" => "1.3039_01"},{"date" => "2011-05-01T14:55:49","version" => "1.3040"},{"date" => "2011-05-14T15:03:00","version" => "1.3049_01"},{"date" => "2011-05-20T10:57:10","version" => "1.3050"},{"date" => "2011-05-27T12:57:27","version" => "1.3051"},{"date" => "2011-05-27T13:07:51","version" => "1.3059_01"},{"date" => "2011-05-29T14:06:24","version" => "1.3059_02"},{"date" => "2011-06-11T14:02:50","version" => "1.3059_03"},{"date" => "2011-06-12T17:31:55","version" => "1.3059_04"},{"date" => "2011-06-15T10:35:07","version" => "1.3060"},{"date" => "2011-07-07T13:19:45","version" => "1.3069_01"},{"date" => "2011-07-10T16:14:53","version" => "1.3069_02"},{"date" => "2011-07-14T13:47:19","version" => "1.3070"},{"date" => "2011-07-26T16:21:51","version" => "1.3071"},{"date" => "2011-08-17T15:27:53","version" => "1.3079_01"},{"date" => "2011-08-23T09:55:46","version" => "1.3072"},{"date" => "2011-08-28T14:13:40","version" => "1.3079_02"},{"date" => "2011-09-10T15:10:29","version" => "1.3079_03"},{"date" => "2011-10-02T16:07:02","version" => "1.3079_04"},{"date" => "2011-10-18T14:43:22","version" => "1.3079_05"},{"date" => "2011-10-25T21:16:42","version" => "1.3080"},{"date" => "2011-11-27T06:51:43","version" => "1.3089_01"},{"date" => "2011-12-13T14:41:24","version" => "1.3090"},{"date" => "2011-12-17T11:09:48","version" => "1.3091"},{"date" => "2012-01-27T14:38:05","version" => "1.3092"},{"date" => "2012-02-29T14:34:55","version" => "1.3093"},{"date" => "2012-03-31T09:57:40","version" => "1.3094"},{"date" => "2012-04-01T19:22:56","version" => "1.3095"},{"date" => "2012-06-22T20:18:54","version" => "1.3095_01"},{"date" => "2012-07-03T07:27:28","version" => "1.3095_02"},{"date" => "2012-07-05T23:09:20","version" => "1.3096"},{"date" => "2012-07-08T18:36:14","version" => "1.3097"},{"date" => "2012-07-28T14:40:15","version" => "1.3098"},{"date" => "2012-08-11T13:54:49","version" => "1.3099"},{"date" => "2012-08-25T19:42:47","version" => "1.3100"},{"date" => "2012-10-06T13:24:53","version" => "1.3110"},{"date" => "2012-12-24T13:17:58","version" => "1.9999_01"},{"date" => "2012-12-24T13:48:35","version" => "1.9999_02"},{"date" => "2013-01-22T21:38:11","version" => "2.0000_01"},{"date" => "2013-02-22T15:33:14","version" => "2.000001"},{"date" => "2013-02-24T22:51:59","version" => "1.3111"},{"date" => "2013-03-30T16:33:05","version" => "1.3111_01"},{"date" => "2013-04-01T22:31:08","version" => "1.3111_02"},{"date" => "2013-04-11T01:04:37","version" => "1.3112"},{"date" => "2013-05-09T00:36:16","version" => "1.3113"},{"date" => "2013-06-02T16:49:58","version" => "1.3114"},{"date" => "2013-06-09T23:54:16","version" => "1.3115"},{"date" => "2013-07-04T01:35:27","version" => "1.3116"},{"date" => "2013-07-31T22:40:52","version" => "1.3117"},{"date" => "2013-09-01T16:45:13","version" => "1.3118"},{"date" => "2013-10-26T19:42:59","version" => "1.3119"},{"date" => "2013-12-24T16:23:20","version" => "1.3120"},{"date" => "2014-02-02T22:26:53","version" => "1.3121"},{"date" => "2014-04-10T23:16:40","version" => "1.3122"},{"date" => "2014-04-12T15:47:53","version" => "1.3123"},{"date" => "2014-05-10T16:15:17","version" => "1.3124"},{"date" => "2014-07-12T17:19:08","version" => "1.3125"},{"date" => "2014-07-15T02:01:21","version" => "1.3126"},{"date" => "2014-09-09T00:49:19","version" => "1.3127"},{"date" => "2014-09-09T11:47:21","version" => "1.3128"},{"date" => "2014-09-10T00:50:37","version" => "1.3129"},{"date" => "2014-09-16T01:21:25","version" => "1.3130"},{"date" => "2014-10-11T18:59:22","version" => "1.3131_0"},{"date" => "2014-10-13T23:25:36","version" => "1.3131_1"},{"date" => "2014-10-20T23:14:23","version" => "1.3132"},{"date" => "2014-11-26T22:20:35","version" => "1.3133"},{"date" => "2015-02-23T01:33:08","version" => "1.3134"},{"date" => "2015-04-23T01:54:25","version" => "1.3135"},{"date" => "2015-05-24T15:48:19","version" => "1.3136"},{"date" => "2015-06-05T20:05:21","version" => "1.3137"},{"date" => "2015-06-12T20:55:50","version" => "1.3138"},{"date" => "2015-06-25T20:13:45","version" => "1.3139"},{"date" => "2015-07-03T13:56:32","version" => "1.3140"},{"date" => "2015-09-07T15:15:26","version" => "1.3141"},{"date" => "2015-09-15T00:52:23","version" => "1.3142"},{"date" => "2015-10-26T21:15:31","version" => "1.3143"},{"date" => "2015-11-04T12:36:07","version" => "1.3144"},{"date" => "2015-11-06T22:12:42","version" => "1.3200"},{"date" => "2015-11-07T19:27:25","version" => "1.3201"},{"date" => "2015-11-07T21:52:17","version" => "1.3202"},{"date" => "2016-02-15T21:33:45","version" => "1.3300"},{"date" => "2016-02-16T22:42:44","version" => "1.3301"},{"date" => "2018-05-20T19:52:07","version" => "1.3203"},{"date" => "2018-05-23T13:43:34","version" => "1.3204"},{"date" => "2018-06-13T22:02:36","version" => "1.3205"},{"date" => "2018-06-15T22:11:45","version" => "1.3400"},{"date" => "2018-10-01T11:53:31","version" => "1.3401"},{"date" => "2018-10-10T10:44:29","version" => "1.3402"},{"date" => "2018-10-11T22:45:37","version" => "1.3403"},{"date" => "2018-10-12T20:33:54","version" => "1.3500"},{"date" => "2019-03-14T19:27:25","version" => "1.3501"},{"date" => "2019-03-19T14:49:14","version" => "1.3510"},{"date" => "2019-03-29T11:18:31","version" => "1.3511"},{"date" => "2019-03-31T19:16:29","version" => "1.3512"},{"date" => "2020-01-29T21:03:12","version" => "1.3513"},{"date" => "2020-06-29T16:44:22","version" => "1.3514"},{"date" => "2020-10-02T20:51:17","version" => "1.3514_02"},{"date" => "2020-10-06T21:24:49","version" => "1.3514_03"},{"date" => "2022-06-29T22:00:04","version" => "1.3514_04"},{"date" => "2023-01-02T10:57:26","version" => "1.3520"},{"date" => "2023-02-05T23:40:49","version" => "1.3521"},{"date" => "2023-02-08T20:58:09","version" => "1.3521"},{"date" => "2026-01-26T22:30:00","version" => "1.3522"}]},"Dancer2" => {"advisories" => [{"affected_versions" => ["<0.206000"],"cves" => [],"description" => "There is a potential RCE with regards to Storable. We have added session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE.\n","distribution" => "Dancer2","fixed_versions" => [">=0.206000"],"id" => "CPANSA-Dancer2-2018-01","references" => ["https://metacpan.org/changes/distribution/Dancer2","http://lists.preshweb.co.uk/pipermail/dancer-users/2018-April/005952.html","https://github.com/PerlDancer/Dancer2/commit/3580f5d0874a9abf5483528f73bda9a7fd9ec7f1"],"reported" => "2018-01-30","severity" => "critical"}],"main_module" => "Dancer2","versions" => [{"date" => "2013-02-22T15:39:46","version" => "0.01"},{"date" => "2013-02-24T11:04:25","version" => "0.02"},{"date" => "2013-03-07T17:30:37","version" => "0.03"},{"date" => "2013-04-22T19:58:02","version" => "0.04"},{"date" => "2013-07-20T16:53:37","version" => "0.05"},{"date" => "2013-07-30T14:29:42","version" => "0.06"},{"date" => "2013-08-03T22:17:54","version" => "0.07"},{"date" => "2013-08-18T12:24:31","version" => "0.08"},{"date" => "2013-09-01T21:19:26","version" => "0.09"},{"date" => "2013-09-28T13:29:35","version" => "0.10"},{"date" => "2013-12-15T13:21:28","version" => "0.11"},{"date" => "2014-04-07T21:05:16","version" => "0.12"},{"date" => "2014-04-13T17:20:22","version" => "0.13"},{"date" => "2014-04-28T21:16:57","version" => "0.140000"},{"date" => "2014-05-01T08:50:43","version" => "0.140001"},{"date" => "2014-06-07T20:35:57","version" => "0.140900_01"},{"date" => "2014-06-08T20:29:28","version" => "0.141000"},{"date" => "2014-06-24T19:18:07","version" => "0.142000"},{"date" => "2014-07-05T19:43:17","version" => "0.143000"},{"date" => "2014-07-23T19:34:51","version" => "0.149000_01"},{"date" => "2014-08-10T11:53:37","version" => "0.149000_02"},{"date" => "2014-08-16T23:38:39","version" => "0.150000"},{"date" => "2014-10-08T19:51:49","version" => "0.151000"},{"date" => "2014-10-14T02:33:06","version" => "0.152000"},{"date" => "2014-10-23T21:48:36","version" => "0.153000"},{"date" => "2014-10-29T21:41:13","version" => "0.153001"},{"date" => "2014-10-30T08:29:15","version" => "0.153002"},{"date" => "2014-11-17T14:41:14","version" => "0.154000"},{"date" => "2014-11-28T00:21:55","version" => "0.155000"},{"date" => "2014-11-28T16:44:27","version" => "0.155001"},{"date" => "2014-12-02T22:02:03","version" => "0.155002"},{"date" => "2014-12-03T21:35:35","version" => "0.155003"},{"date" => "2014-12-04T10:57:08","version" => "0.155004"},{"date" => "2014-12-07T17:07:21","version" => "0.156000"},{"date" => "2014-12-08T22:08:30","version" => "0.156001"},{"date" => "2014-12-14T17:25:53","version" => "0.157000"},{"date" => "2014-12-21T19:42:24","version" => "0.157001"},{"date" => "2015-01-01T17:11:48","version" => "0.158000"},{"date" => "2015-02-24T03:54:24","version" => "0.159000"},{"date" => "2015-02-25T14:33:59","version" => "0.159001"},{"date" => "2015-03-03T18:25:28","version" => "0.159002"},{"date" => "2015-03-23T14:00:19","version" => "0.159003"},{"date" => "2015-04-26T22:15:22","version" => "0.160000"},{"date" => "2015-05-14T18:46:02","version" => "0.160001"},{"date" => "2015-06-04T11:07:02","version" => "0.160002"},{"date" => "2015-06-06T09:11:43","version" => "0.160003"},{"date" => "2015-07-08T13:04:02","version" => "0.161000"},{"date" => "2015-08-28T13:32:02","version" => "0.161000_01"},{"date" => "2015-09-06T11:13:10","version" => "0.162000"},{"date" => "2015-10-13T15:08:16","version" => "0.162000_01"},{"date" => "2015-10-15T11:00:10","version" => "0.163000"},{"date" => "2015-12-16T22:44:32","version" => "0.164000"},{"date" => "2015-12-17T08:23:24","version" => "0.165000"},{"date" => "2016-01-12T18:04:57","version" => "0.166000"},{"date" => "2016-01-22T06:57:11","version" => "0.166001"},{"date" => "2016-04-19T19:52:27","version" => "0.166001_01"},{"date" => "2016-04-29T14:45:41","version" => "0.166001_02"},{"date" => "2016-05-27T11:25:55","version" => "0.166001_03"},{"date" => "2016-05-27T12:57:04","version" => "0.166001_04"},{"date" => "2016-05-31T13:29:37","version" => "0.200000"},{"date" => "2016-06-16T14:00:23","version" => "0.200001"},{"date" => "2016-06-22T14:41:29","version" => "0.200002"},{"date" => "2016-07-05T19:36:46","version" => "0.200003"},{"date" => "2016-07-11T15:21:33","version" => "0.200003"},{"date" => "2016-07-22T04:41:26","version" => "0.200004"},{"date" => "2016-07-22T13:28:45","version" => "0.201000"},{"date" => "2016-08-13T18:53:07","version" => "0.202000"},{"date" => "2016-08-25T03:12:19","version" => "0.203000"},{"date" => "2016-09-04T02:01:29","version" => "0.203001"},{"date" => "2016-10-11T01:59:49","version" => "0.204000"},{"date" => "2016-10-17T13:32:25","version" => "0.204001"},{"date" => "2016-12-21T21:47:24","version" => "0.204002"},{"date" => "2017-01-25T21:23:22","version" => "0.204003"},{"date" => "2017-01-26T17:31:30","version" => "0.204004"},{"date" => "2017-03-10T21:40:43","version" => "0.205000"},{"date" => "2017-07-11T13:04:56","version" => "0.205001"},{"date" => "2017-10-17T21:10:03","version" => "0.205002"},{"date" => "2018-04-09T00:54:25","version" => "0.206000_01"},{"date" => "2018-04-10T01:50:18","version" => "0.206000_02"},{"date" => "2018-04-20T02:12:22","version" => "0.206000"},{"date" => "2018-11-14T22:26:15","version" => "0.207000"},{"date" => "2019-06-19T14:23:06","version" => "0.208000"},{"date" => "2019-08-05T01:12:14","version" => "0.208001"},{"date" => "2019-12-14T21:13:32","version" => "0.208002"},{"date" => "2019-12-24T05:57:09","version" => "0.300000"},{"date" => "2020-04-06T16:18:33","version" => "0.300001"},{"date" => "2020-04-07T15:49:22","version" => "0.300002"},{"date" => "2020-04-09T14:42:55","version" => "0.300003"},{"date" => "2020-05-27T00:54:55","version" => "0.300004"},{"date" => "2021-01-26T20:59:33","version" => "0.300005"},{"date" => "2021-03-15T23:12:49","version" => "0.301000"},{"date" => "2021-03-17T12:56:09","version" => "0.301001"},{"date" => "2021-04-18T19:33:05","version" => "0.301002"},{"date" => "2021-06-03T13:29:26","version" => "0.301003"},{"date" => "2021-06-06T17:32:08","version" => "0.301004"},{"date" => "2022-03-14T02:18:12","version" => "0.400000"},{"date" => "2023-02-05T23:42:54","version" => "0.400001"},{"date" => "2023-10-09T14:11:25","version" => "1.0.0"},{"date" => "2023-12-12T01:29:05","version" => "1.1.0"},{"date" => "2024-07-18T23:49:14","version" => "1.1.1"},{"date" => "2024-11-25T13:36:09","version" => "1.1.2"},{"date" => "2025-09-15T21:50:07","version" => "2.0.0"},{"date" => "2025-10-22T22:14:58","version" => "2.0.1"}]},"Data-Dumper" => {"advisories" => [{"affected_versions" => ["<2.154"],"cves" => ["CVE-2014-4330"],"description" => "Infinite recursion.\n","distribution" => "Data-Dumper","fixed_versions" => [">=2.154"],"id" => "CPANSA-Data-Dumper-2014-01","references" => ["https://metacpan.org/changes/distribution/Data-Dumper"],"reported" => "2014-09-30"}],"main_module" => "Data::Dumper","versions" => [{"date" => "1995-11-19T22:29:08","version" => "1.21"},{"date" => "1995-11-23T05:45:27","version" => "1.22"},{"date" => "1995-12-04T03:12:16","version" => "1.23"},{"date" => "1996-04-09T15:54:26","version" => "2.00"},{"date" => "1996-04-10T04:25:17","version" => "2.01"},{"date" => "1996-04-13T07:14:35","version" => "2.02"},{"date" => "1996-08-26T14:36:59","version" => "2.03"},{"date" => "1996-08-28T20:11:49","version" => "2.04"},{"date" => "1996-12-02T13:42:49","version" => "2.05"},{"date" => "1996-12-02T23:07:56","version" => "2.06"},{"date" => "1996-12-07T17:28:27","version" => "2.07"},{"date" => "1997-12-07T21:27:09","version" => "2.08"},{"date" => "1998-01-15T20:36:46","version" => "2.081"},{"date" => "1998-03-06T21:08:49","version" => "2.081"},{"date" => "1998-07-17T05:23:08","version" => "2.09"},{"date" => "1998-07-21T12:08:19","version" => "2.09"},{"date" => "1998-10-31T12:10:30","version" => "2.10"},{"date" => "1999-05-01T02:01:03","version" => "2.101"},{"date" => "1999-06-02T01:30:55","version" => "2.101"},{"date" => "2003-07-20T16:59:48","version" => "2.12_01"},{"date" => "2003-07-31T19:12:44","version" => "2.12_02"},{"date" => "2003-08-25T11:49:41","version" => "2.121"},{"date" => "2009-06-06T14:45:36","version" => "2.121_20"},{"date" => "2009-06-09T15:49:12","version" => "2.122"},{"date" => "2009-06-11T08:07:01","version" => "2.123"},{"date" => "2009-06-13T15:22:32","version" => "2.124"},{"date" => "2009-08-08T10:33:01","version" => "2.125"},{"date" => "2010-04-15T19:55:01","version" => "2.126"},{"date" => "2010-09-06T14:28:10","version" => "2.126_01"},{"date" => "2010-09-10T07:08:41","version" => "2.127"},{"date" => "2010-09-10T07:11:52","version" => "2.128"},{"date" => "2011-05-20T15:53:12","version" => "2.130_03"},{"date" => "2011-05-27T14:19:03","version" => "2.131"},{"date" => "2011-12-19T08:23:05","version" => "2.135_01"},{"date" => "2011-12-29T17:09:49","version" => "2.135_02"},{"date" => "2012-08-07T06:59:51","version" => "2.135_07"},{"date" => "2012-10-04T07:35:07","version" => "2.136"},{"date" => "2012-12-12T06:30:48","version" => "2.139"},{"date" => "2013-02-26T06:57:29","version" => "2.143"},{"date" => "2013-03-15T09:46:49","version" => "2.145"},{"date" => "2014-03-07T09:28:44","version" => "2.151"},{"date" => "2014-09-18T15:47:37","version" => "2.154"},{"date" => "2016-07-03T19:17:57","version" => "2.160"},{"date" => "2016-07-11T20:13:06","version" => "2.161"},{"date" => "2017-07-31T15:31:28","version" => "2.167_01"},{"date" => "2017-08-04T08:05:22","version" => "2.167_02"},{"date" => "2018-09-19T14:41:58","version" => "2.172"},{"date" => "2018-11-10T10:10:30","version" => "2.173"},{"date" => "2021-05-14T12:47:34","version" => "2.179_50"},{"date" => "2021-05-17T05:53:02","version" => "2.180"},{"date" => "2021-05-22T09:51:29","version" => "2.180_50"},{"date" => "2021-05-23T14:14:12","version" => "2.180_51"},{"date" => "2021-05-24T08:03:55","version" => "2.180_52"},{"date" => "2021-05-25T05:20:34","version" => "2.180_53"},{"date" => "2021-05-26T06:46:41","version" => "2.181"},{"date" => "2021-06-29T10:42:11","version" => "2.181_50"},{"date" => "2021-06-30T09:36:34","version" => "2.182"},{"date" => "2021-07-01T07:05:45","version" => "2.182_50"},{"date" => "2021-07-03T13:07:49","version" => "2.182_51"},{"date" => "2021-07-05T07:07:44","version" => "2.183"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "2.102"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.12"},{"date" => "2004-11-27T00:00:00","dual_lived" => 1,"perl_release" => "5.008006","version" => "2.121_02"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "2.121_04"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "2.121_08"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.121_17"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "2.121_13"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.01","version" => "2.121_14"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "2.129"},{"date" => "2010-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013007","version" => "2.130_01"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "2.130_02"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "2.132"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "2.134"},{"date" => "2012-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015007","version" => "2.135_03"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "2.135_05"},{"date" => "2012-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015009","version" => "2.135_06"},{"date" => "2012-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017006","version" => "2.137"},{"date" => "2013-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017008","version" => "2.141"},{"date" => "2013-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017009","version" => "2.142"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.146"},{"date" => "2013-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.019002","version" => "2.147"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "2.148"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.149"},{"date" => "2013-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019007","version" => "2.150"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "2.151_01"},{"date" => "2014-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021001","version" => "2.152"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "2.155"},{"date" => "2015-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021008","version" => "2.156"},{"date" => "2015-02-21T00:00:00","dual_lived" => 1,"perl_release" => "5.021009","version" => "2.157"},{"date" => "2015-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02101","version" => "2.158"},{"date" => "2015-12-21T00:00:00","dual_lived" => 1,"perl_release" => "5.023006","version" => "2.159"},{"date" => "2016-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025006","version" => "2.162"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "2.165"},{"date" => "2016-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025008","version" => "2.166"},{"date" => "2017-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025009","version" => "2.167"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "2.169"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "2.170"},{"date" => "2018-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029002","version" => "2.171"},{"date" => "2019-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029010","version" => "2.174"},{"date" => "2021-01-23T00:00:00","dual_lived" => 1,"perl_release" => "5.032001","version" => "2.174_01"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "2.175"},{"date" => "2020-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033003","version" => "2.176"},{"date" => "2021-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033008","version" => "2.177"},{"date" => "2021-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033009","version" => "2.178"},{"date" => "2021-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.034","version" => "2.179"},{"date" => "2022-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035008","version" => "2.184"},{"date" => "2022-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037001","version" => "2.185"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "2.186"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "2.187"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.03701","version" => "2.188"},{"date" => "2023-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039003","version" => "2.189"},{"date" => "2024-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.041001","version" => "2.190"},{"date" => "2025-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041008","version" => "2.191"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "2.192"}]},"Data-Entropy" => {"advisories" => [{"affected_versions" => ["<=0.007"],"cves" => ["CVE-2025-1860"],"description" => "Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not\x{a0}cryptographically secure,\x{a0}for cryptographic functions.","distribution" => "Data-Entropy","fixed_versions" => [">0.007"],"id" => "CPANSA-Data-Entropy-2025-1860","references" => ["https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80","https://perldoc.perl.org/functions/rand","https://lists.debian.org/debian-lts-announce/2025/03/msg00026.html"],"reported" => "2025-03-28","severity" => undef}],"main_module" => "Data::Entropy","versions" => [{"date" => "2006-07-19T01:09:30","version" => "0.000"},{"date" => "2006-08-03T20:27:12","version" => "0.001"},{"date" => "2006-08-05T09:15:08","version" => "0.002"},{"date" => "2007-01-21T00:51:31","version" => "0.003"},{"date" => "2007-09-03T21:25:09","version" => "0.004"},{"date" => "2009-03-03T20:31:03","version" => "0.005"},{"date" => "2009-11-21T14:01:52","version" => "0.006"},{"date" => "2011-04-27T20:03:17","version" => "0.007"},{"date" => "2025-03-27T19:11:37","version" => "0.008"}]},"Data-FormValidator" => {"advisories" => [{"affected_versions" => ["<=4.66"],"cves" => ["CVE-2011-2201"],"description" => "The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.\n","distribution" => "Data-FormValidator","fixed_versions" => [">4.66"],"id" => "CPANSA-Data-FormValidator-2011-2201","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511","http://www.openwall.com/lists/oss-security/2011/06/13/13","https://bugzilla.redhat.com/show_bug.cgi?id=712694","http://www.openwall.com/lists/oss-security/2011/06/12/3","http://www.securityfocus.com/bid/48167","https://rt.cpan.org/Public/Bug/Display.html?id=61792","http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html","http://www.openwall.com/lists/oss-security/2011/06/13/5"],"reported" => "2011-09-14","severity" => undef}],"main_module" => "Data::FormValidator","versions" => [{"date" => "2001-06-19T21:43:01","version" => "1.3"},{"date" => "2001-06-22T16:36:08","version" => "1.4"},{"date" => "2001-06-25T17:02:43","version" => "1.4"},{"date" => "2001-06-28T15:13:01","version" => "1.5"},{"date" => "2001-07-18T14:23:17","version" => "v1.5.1"},{"date" => "2001-09-23T22:42:22","version" => "1.6"},{"date" => "2001-11-03T18:16:00","version" => "1.7"},{"date" => "2002-02-14T22:45:46","version" => "1.8"},{"date" => "2002-02-18T02:20:12","version" => "1.9"},{"date" => "2002-04-21T13:42:36","version" => "1.10"},{"date" => "2002-06-29T21:04:14","version" => "1.11"},{"date" => "2002-10-07T02:06:39","version" => "1.91"},{"date" => "2002-12-23T23:36:37","version" => "1.92"},{"date" => "2003-03-08T13:10:33","version" => "1.93"},{"date" => "2003-03-23T03:01:57","version" => "2.00"},{"date" => "2003-04-02T15:18:15","version" => "2.01"},{"date" => "2003-04-09T15:54:50","version" => "2.02"},{"date" => "2003-04-10T16:12:40","version" => "2.03"},{"date" => "2003-04-12T02:58:35","version" => "2.04"},{"date" => "2003-04-20T22:23:44","version" => "2.10"},{"date" => "2003-04-24T02:51:03","version" => "2.10"},{"date" => "2003-05-11T21:29:55","version" => "3.00"},{"date" => "2003-05-16T04:06:05","version" => "3.01"},{"date" => "2003-05-26T23:18:18","version" => "3.1"},{"date" => "2003-05-27T19:41:01","version" => "3.11"},{"date" => "2003-06-23T01:27:03","version" => "3.12"},{"date" => "2003-11-02T21:19:10","version" => "3.13"},{"date" => "2003-11-03T17:59:41","version" => "3.14"},{"date" => "2003-11-30T20:36:41","version" => "3.15"},{"date" => "2004-01-04T01:37:01","version" => "3.49_1"},{"date" => "2004-01-12T22:04:27","version" => "3.50"},{"date" => "2004-02-27T04:19:47","version" => "3.51"},{"date" => "2004-03-21T17:42:11","version" => "3.52"},{"date" => "2004-03-23T02:33:53","version" => "3.53"},{"date" => "2004-03-24T14:55:49","version" => "3.54"},{"date" => "2004-04-17T02:30:02","version" => "3.56"},{"date" => "2004-04-22T02:26:41","version" => "3.57"},{"date" => "2004-05-05T21:55:00","version" => "3.58"},{"date" => "2004-07-02T17:48:51","version" => "3.59"},{"date" => "2004-09-28T02:25:35","version" => "3.61"},{"date" => "2004-10-09T04:00:51","version" => "3.62"},{"date" => "2004-11-17T22:27:13","version" => "3.63"},{"date" => "2005-05-20T01:25:45","version" => "4.00_01"},{"date" => "2005-07-03T19:37:11","version" => "4.00_02"},{"date" => "2005-07-20T02:07:36","version" => "3.70"},{"date" => "2005-07-31T17:36:02","version" => "3.71"},{"date" => "2005-08-14T16:09:26","version" => "4.00"},{"date" => "2005-08-20T18:20:14","version" => "4.01"},{"date" => "2005-09-01T02:31:29","version" => "4.02"},{"date" => "2005-12-23T01:00:49","version" => "4.10"},{"date" => "2006-01-03T23:49:53","version" => "4.11"},{"date" => "2006-01-06T02:14:25","version" => "4.12"},{"date" => "2006-02-10T02:48:33","version" => "4.13"},{"date" => "2006-02-17T18:48:14","version" => "4.14"},{"date" => "2006-06-13T01:12:23","version" => "4.20"},{"date" => "2006-07-01T15:42:37","version" => "4.21_01"},{"date" => "2006-07-11T01:45:51","version" => "4.30"},{"date" => "2006-08-21T23:43:58","version" => "4.40"},{"date" => "2006-10-03T18:16:57","version" => "4.49_1"},{"date" => "2006-12-05T02:41:19","version" => "4.50"},{"date" => "2007-07-14T03:36:00","version" => "4.51"},{"date" => "2007-10-19T19:41:46","version" => "4.52"},{"date" => "2007-10-20T20:02:19","version" => "4.50"},{"date" => "2007-10-21T13:30:20","version" => "4.54"},{"date" => "2007-10-21T15:50:42","version" => "4.55"},{"date" => "2007-10-31T16:49:55","version" => "4.56"},{"date" => "2007-11-02T02:55:19","version" => "4.57"},{"date" => "2008-06-16T18:28:54","version" => "4.60"},{"date" => "2008-06-16T18:46:47","version" => "4.61"},{"date" => "2009-01-03T17:14:18","version" => "4.62"},{"date" => "2009-01-03T17:49:48","version" => "4.63"},{"date" => "2009-12-31T03:22:00","version" => "4.65"},{"date" => "2010-02-24T14:33:48","version" => "4.66"},{"date" => "2011-11-12T02:18:45","version" => "4.67"},{"date" => "2011-11-12T03:11:55","version" => "4.70"},{"date" => "2012-10-02T20:40:09","version" => "4.71"},{"date" => "2012-11-01T15:14:05","version" => "4.80"},{"date" => "2013-07-19T12:31:06","version" => "4.81"},{"date" => "2017-02-23T15:15:37","version" => "4.82"},{"date" => "2017-02-23T16:39:53","version" => "4.83"},{"date" => "2017-02-25T15:12:25","version" => "4.84"},{"date" => "2017-02-25T20:34:08","version" => "4.85"},{"date" => "2017-03-26T19:39:49","version" => "4.86"},{"date" => "2017-08-28T12:41:42","version" => "4.88"}]},"Data-UUID" => {"advisories" => [{"affected_versions" => [">1.219,<1.227"],"cves" => ["CVE-2013-4184"],"description" => "Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks\n","distribution" => "Data-UUID","fixed_versions" => [">=1.227"],"id" => "CPANSA-Data-UUID-2013-4184","references" => ["https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4184","http://www.openwall.com/lists/oss-security/2013/07/31/4","http://www.securityfocus.com/bid/61534","https://exchange.xforce.ibmcloud.com/vulnerabilities/86103","https://security-tracker.debian.org/tracker/CVE-2013-4184","https://access.redhat.com/security/cve/cve-2013-4184","https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4184"],"reported" => "2019-12-10","severity" => "medium"}],"main_module" => "Data::UUID","versions" => [{"date" => "2001-10-30T17:35:43","version" => "0.01"},{"date" => "2001-10-31T17:16:07","version" => "0.02"},{"date" => "2001-11-05T17:56:17","version" => "0.03"},{"date" => "2001-12-12T21:23:28","version" => "0.04"},{"date" => "2002-02-13T19:57:54","version" => "0.05"},{"date" => "2002-03-11T15:42:56","version" => "0.06"},{"date" => "2002-06-12T21:38:06","version" => "0.07"},{"date" => "2002-11-29T17:19:21","version" => "0.08"},{"date" => "2003-02-26T21:56:46","version" => "0.09"},{"date" => "2003-07-17T21:55:38","version" => "0.10"},{"date" => "2003-08-27T20:17:10","version" => "0.11"},{"date" => "2006-02-24T00:44:57","version" => "0.12_01"},{"date" => "2006-02-25T20:45:33","version" => "0.13"},{"date" => "2006-03-18T13:42:09","version" => "0.14"},{"date" => "2006-09-06T02:19:07","version" => "0.141"},{"date" => "2006-09-06T02:46:59","version" => "0.142"},{"date" => "2006-09-18T02:16:47","version" => "0.143"},{"date" => "2006-09-19T22:29:33","version" => "0.145"},{"date" => "2006-11-15T01:22:33","version" => "0.146"},{"date" => "2006-11-16T14:16:50","version" => "0.147_01"},{"date" => "2006-11-16T15:25:08","version" => "0.148"},{"date" => "2007-03-08T16:05:15","version" => "1.148"},{"date" => "2008-11-01T16:36:57","version" => "1.149"},{"date" => "2008-11-02T03:21:27","version" => "1.200_01"},{"date" => "2008-11-11T21:40:52","version" => "1.200_02"},{"date" => "2009-04-18T18:12:28","version" => "1.201"},{"date" => "2009-06-15T22:47:18","version" => "1.202"},{"date" => "2009-11-03T21:49:20","version" => "1.203"},{"date" => "2010-05-07T01:57:28","version" => "1.210"},{"date" => "2010-05-07T12:00:52","version" => "1.211"},{"date" => "2010-05-07T22:59:24","version" => "1.212"},{"date" => "2010-05-09T19:29:59","version" => "1.213"},{"date" => "2010-05-15T01:06:55","version" => "1.214"},{"date" => "2010-05-25T02:47:15","version" => "1.215"},{"date" => "2010-09-04T18:14:56","version" => "1.216"},{"date" => "2010-09-14T01:48:04","version" => "1.217"},{"date" => "2012-08-01T03:25:46","version" => "1.218"},{"date" => "2013-07-07T03:00:13","version" => "1.219"},{"date" => "2014-12-16T00:07:05","version" => "1.220"},{"date" => "2015-08-10T12:37:32","version" => "1.221"},{"date" => "2018-04-29T22:11:17","version" => "1.222"},{"date" => "2019-02-25T22:28:34","version" => "1.223"},{"date" => "2019-03-02T14:20:33","version" => "1.224"},{"date" => "2020-04-12T18:42:29","version" => "1.225"},{"date" => "2020-04-12T18:43:57","version" => "1.226"},{"date" => "2024-03-18T19:39:28","version" => "1.227"}]},"Data-Validate-IP" => {"advisories" => [{"affected_versions" => ["<=0.29"],"cves" => ["CVE-2021-29662"],"description" => "The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Data-Validate-IP","fixed_versions" => [">0.29"],"id" => "CPANSA-Data-Validate-IP-2021-01","references" => ["https://security.netapp.com/advisory/ntap-20210604-0002/","https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/houseabsolute/Data-Validate-IP","https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e","https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md","https://sick.codes/sick-2021-018/"],"reported" => "2021-03-31"}],"main_module" => "Data::Validate::IP","versions" => [{"date" => "2005-03-04T16:46:50","version" => "0.02"},{"date" => "2005-03-04T20:06:14","version" => "0.03"},{"date" => "2005-04-28T15:11:20","version" => "0.04"},{"date" => "2007-03-06T19:45:16","version" => "0.05"},{"date" => "2007-05-16T16:08:59","version" => "0.06"},{"date" => "2007-05-18T02:42:07","version" => "0.07"},{"date" => "2007-12-06T18:48:53","version" => "0.08"},{"date" => "2009-06-04T17:52:28","version" => "0.10"},{"date" => "2010-03-01T19:40:48","version" => "0.11"},{"date" => "2010-12-29T21:23:08","version" => "0.12"},{"date" => "2011-01-06T14:25:53","version" => "0.13"},{"date" => "2011-01-06T14:45:14","version" => "0.14"},{"date" => "2013-02-05T00:19:11","version" => "0.15"},{"date" => "2013-02-06T15:18:38","version" => "0.16"},{"date" => "2013-02-19T15:58:21","version" => "0.17"},{"date" => "2013-02-20T00:31:32","version" => "0.18"},{"date" => "2013-03-13T15:48:07","version" => "0.19"},{"date" => "2013-07-13T19:21:15","version" => "0.20"},{"date" => "2013-12-05T21:16:41","version" => "0.21"},{"date" => "2013-12-05T22:47:38","version" => "0.22"},{"date" => "2014-03-09T16:00:20","version" => "0.23"},{"date" => "2014-08-28T16:00:00","version" => "0.24"},{"date" => "2016-02-02T16:17:46","version" => "0.25"},{"date" => "2016-05-31T17:31:50","version" => "0.26"},{"date" => "2016-11-17T18:05:57","version" => "0.27"},{"date" => "2021-03-29T17:01:17","version" => "0.28"},{"date" => "2021-03-29T17:07:58","version" => "0.29"},{"date" => "2021-03-29T21:50:39","version" => "0.30"},{"date" => "2022-11-28T18:19:55","version" => "0.31"}]},"Devel-PPPort" => {"advisories" => [{"affected_versions" => ["<3.41"],"cves" => [],"description" => "Function croak() takes first parameter printf-like format. Arbitrary string from the variable \$\@ can cause perl crash when contains one or more '%'.\n","distribution" => "Devel-PPPort","fixed_versions" => [">=3.41"],"id" => "CPANSA-Devel-PPPort-2017-01","references" => ["https://metacpan.org/dist/Devel-PPPort/changes","https://github.com/Dual-Life/Devel-PPPort/pull/47"],"reported" => "2017-02-14","severity" => undef}],"main_module" => "Devel::PPPort","versions" => [{"date" => "1999-03-01T05:05:50","version" => "1.0004"},{"date" => "1999-03-08T02:57:01","version" => "1.0005"},{"date" => "1999-03-24T16:17:40","version" => "1.0006"},{"date" => "1999-03-29T16:29:09","version" => "1.0007"},{"date" => "2004-08-07T14:09:53","version" => "2.99_01"},{"date" => "2004-08-08T17:24:46","version" => "2.99_02"},{"date" => "2004-08-09T20:40:45","version" => "2.99_03"},{"date" => "2004-08-10T21:37:23","version" => "2.99_04"},{"date" => "2004-08-10T21:52:34","version" => "2.99_05"},{"date" => "2004-08-11T21:14:33","version" => "2.99_06"},{"date" => "2004-08-13T11:05:16","version" => "2.99_07"},{"date" => "2004-08-16T09:37:21","version" => "3.00"},{"date" => "2004-08-17T21:45:21","version" => "3.00_01"},{"date" => "2004-08-19T11:23:25","version" => "3.00_02"},{"date" => "2004-08-20T13:31:59","version" => "3.00_03"},{"date" => "2004-08-23T05:52:31","version" => "3.01"},{"date" => "2004-09-08T19:25:27","version" => "3.02"},{"date" => "2004-09-08T20:39:17","version" => "3.03"},{"date" => "2004-12-29T14:03:53","version" => "3.04"},{"date" => "2005-01-31T18:29:11","version" => "3.05"},{"date" => "2005-02-02T21:53:39","version" => "3.06"},{"date" => "2005-06-25T16:59:34","version" => "3.06_01"},{"date" => "2005-10-18T19:59:34","version" => "3.06_02"},{"date" => "2005-10-18T21:43:58","version" => "3.06_03"},{"date" => "2005-10-30T11:10:01","version" => "3.06_04"},{"date" => "2006-01-16T18:10:31","version" => "3.07"},{"date" => "2006-01-19T18:40:04","version" => "3.08"},{"date" => "2006-05-20T11:11:00","version" => "3.08_01"},{"date" => "2006-05-22T11:17:01","version" => "3.08_02"},{"date" => "2006-05-25T15:33:51","version" => "3.08_03"},{"date" => "2006-05-29T17:44:18","version" => "3.08_04"},{"date" => "2006-06-23T19:00:30","version" => "3.08_05"},{"date" => "2006-06-25T08:09:51","version" => "3.08_06"},{"date" => "2006-07-03T21:36:39","version" => "3.08_07"},{"date" => "2006-07-08T16:22:49","version" => "3.09"},{"date" => "2006-07-21T17:25:17","version" => "3.09_01"},{"date" => "2006-07-25T18:45:27","version" => "3.09_02"},{"date" => "2006-08-14T19:31:33","version" => "3.10"},{"date" => "2006-12-02T16:26:47","version" => "3.10_01"},{"date" => "2006-12-02T17:23:57","version" => "3.10_02"},{"date" => "2007-02-14T13:10:03","version" => "3.11"},{"date" => "2007-03-23T17:09:16","version" => "3.11_01"},{"date" => "2007-08-12T23:08:25","version" => "3.11_02"},{"date" => "2007-08-14T19:14:20","version" => "3.11_03"},{"date" => "2007-08-20T16:31:23","version" => "3.11_04"},{"date" => "2007-08-20T17:29:16","version" => "3.11_05"},{"date" => "2007-09-11T21:41:31","version" => "3.11_06"},{"date" => "2007-09-22T08:00:55","version" => "3.12"},{"date" => "2007-10-04T10:33:11","version" => "3.13"},{"date" => "2008-01-04T14:09:17","version" => "3.13_01"},{"date" => "2008-04-13T13:11:47","version" => "3.13_02"},{"date" => "2008-05-13T19:07:49","version" => "3.13_03"},{"date" => "2008-06-01T12:08:17","version" => "3.14"},{"date" => "2008-07-11T20:42:44","version" => "3.14_01"},{"date" => "2008-10-12T19:49:45","version" => "3.14_02"},{"date" => "2008-10-21T21:20:59","version" => "3.14_03"},{"date" => "2008-10-30T18:55:01","version" => "3.14_04"},{"date" => "2008-10-31T07:20:25","version" => "3.14_05"},{"date" => "2009-01-18T13:49:22","version" => "3.15"},{"date" => "2009-01-23T17:33:31","version" => "3.16"},{"date" => "2009-03-15T15:45:38","version" => "3.17"},{"date" => "2009-06-12T11:05:52","version" => "3.18"},{"date" => "2009-06-12T11:25:31","version" => "3.18_01"},{"date" => "2009-06-14T09:59:59","version" => "3.19"},{"date" => "2010-02-20T18:48:07","version" => "3.19_01"},{"date" => "2010-03-07T12:51:00","version" => "3.19_02"},{"date" => "2011-04-13T07:49:49","version" => "3.19_03"},{"date" => "2011-09-10T19:32:27","version" => "3.20"},{"date" => "2013-08-17T13:27:59","version" => "3.21"},{"date" => "2014-03-20T02:17:15","version" => "3.22"},{"date" => "2014-04-13T00:04:17","version" => "3.23"},{"date" => "2014-05-09T00:15:50","version" => "3.24"},{"date" => "2014-12-02T13:08:04","version" => "3.25"},{"date" => "2015-01-08T02:42:03","version" => "3.26"},{"date" => "2015-01-13T15:02:40","version" => "3.27"},{"date" => "2015-01-16T12:33:46","version" => "3.28"},{"date" => "2015-03-05T13:22:18","version" => "3.29"},{"date" => "2015-03-05T20:29:10","version" => "3.30"},{"date" => "2015-03-12T14:27:15","version" => "3.31"},{"date" => "2015-09-30T16:31:45","version" => "3.32"},{"date" => "2016-05-06T11:01:12","version" => "3.32_01"},{"date" => "2016-05-24T13:59:25","version" => "3.32_02"},{"date" => "2016-06-03T13:47:32","version" => "3.33"},{"date" => "2016-06-12T23:09:20","version" => "3.34"},{"date" => "2016-06-17T18:22:04","version" => "3.35"},{"date" => "2017-05-14T08:53:44","version" => "3.36"},{"date" => "2018-04-21T12:18:05","version" => "3.41"},{"date" => "2018-04-21T14:45:37","version" => "3.42"},{"date" => "2018-09-19T14:47:44","version" => "3.43"},{"date" => "2018-10-12T17:16:24","version" => "3.43_04"},{"date" => "2019-02-20T23:05:14","version" => "3.44"},{"date" => "2019-03-19T20:55:38","version" => "3.45"},{"date" => "2019-04-26T19:50:59","version" => "3.46"},{"date" => "2019-04-28T05:30:49","version" => "3.47"},{"date" => "2019-04-28T21:43:34","version" => "3.48"},{"date" => "2019-04-28T21:57:51","version" => "3.48"},{"date" => "2019-04-29T17:48:49","version" => "3.49"},{"date" => "2019-04-30T19:05:34","version" => "3.50"},{"date" => "2019-04-30T23:09:43","version" => "3.51"},{"date" => "2019-05-14T17:18:17","version" => "3.52"},{"date" => "2019-06-09T16:13:03","version" => "3.52_04"},{"date" => "2019-06-11T07:57:30","version" => "3.53_04"},{"date" => "2019-09-28T00:25:55","version" => "3.53"},{"date" => "2019-09-28T00:35:17","version" => "3.54"},{"date" => "2019-11-07T21:15:22","version" => "3.55"},{"date" => "2019-11-25T17:04:32","version" => "3.56"},{"date" => "2020-01-31T20:46:51","version" => "3.57"},{"date" => "2020-02-10T22:15:17","version" => "3.57_01"},{"date" => "2020-03-04T21:32:50","version" => "3.57_02"},{"date" => "2020-03-09T20:42:29","version" => "3.58"},{"date" => "2020-08-06T22:31:34","version" => "3.58_01"},{"date" => "2020-08-10T16:51:52","version" => "3.59"},{"date" => "2020-08-11T19:44:32","version" => "3.60"},{"date" => "2020-09-30T23:22:16","version" => "3.60_01"},{"date" => "2020-10-07T14:59:47","version" => "3.60_02"},{"date" => "2020-10-12T23:25:45","version" => "3.61"},{"date" => "2020-10-16T20:01:45","version" => "3.62"},{"date" => "2021-07-07T00:08:28","version" => "3.63"},{"date" => "2022-02-01T18:16:40","version" => "3.64"},{"date" => "2022-03-02T22:12:02","version" => "3.65"},{"date" => "2022-03-02T22:41:01","version" => "3.66"},{"date" => "2022-03-08T19:25:43","version" => "3.67"},{"date" => "2022-03-18T22:08:30","version" => "3.68"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.0002"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "2.007"},{"date" => "2003-11-05T00:00:00","dual_lived" => 1,"perl_release" => "5.008002","version" => "2.009"},{"date" => "2004-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008003","version" => "2.011"},{"date" => "2003-10-27T00:00:00","dual_lived" => 1,"perl_release" => "5.009","version" => "2.008"},{"date" => "2004-03-16T00:00:00","dual_lived" => 1,"perl_release" => "5.009001","version" => "2.011_01"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "3.37"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "3.38"},{"date" => "2018-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027009","version" => "3.39"},{"date" => "2018-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027011","version" => "3.40"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.69"},{"date" => "2023-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037009","version" => "3.70"},{"date" => "2023-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037011","version" => "3.71"},{"date" => "2023-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039003","version" => "3.72"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.73"}]},"Devel-StackTrace" => {"advisories" => [{"affected_versions" => ["<1.19"],"cves" => ["CVE-2008-3502"],"description" => "Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.\n","distribution" => "Devel-StackTrace","fixed_versions" => [">=1.19"],"id" => "CPANSA-Devel-StackTrace-2008-3502","references" => ["http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html","http://www.securityfocus.com/bid/29925","http://secunia.com/advisories/30830","https://exchange.xforce.ibmcloud.com/vulnerabilities/43337"],"reported" => "2008-08-06","severity" => undef}],"main_module" => "Devel::StackTrace","versions" => [{"date" => "2000-06-27T19:21:12","version" => "0.7"},{"date" => "2000-07-04T16:34:23","version" => "0.75"},{"date" => "2000-09-03T02:55:27","version" => "0.8"},{"date" => "2000-09-03T04:10:13","version" => "0.85"},{"date" => "2001-11-24T06:37:34","version" => "0.9"},{"date" => "2002-08-23T09:12:26","version" => "1.00"},{"date" => "2002-09-18T16:19:28","version" => "1.01"},{"date" => "2002-09-19T22:12:09","version" => "1.02"},{"date" => "2003-01-22T20:33:08","version" => "1.03"},{"date" => "2003-09-25T19:15:23","version" => "1.04"},{"date" => "2004-02-17T20:35:35","version" => "1.05"},{"date" => "2004-02-22T00:14:28","version" => "1.06"},{"date" => "2004-02-22T00:30:48","version" => "1.07"},{"date" => "2004-02-23T15:25:26","version" => "1.08"},{"date" => "2004-02-26T22:30:00","version" => "1.09"},{"date" => "2004-03-10T21:25:04","version" => "1.10"},{"date" => "2004-04-12T05:11:33","version" => "1.11"},{"date" => "2005-09-30T05:47:47","version" => "1.12"},{"date" => "2006-04-01T04:51:47","version" => "1.13"},{"date" => "2007-03-16T15:29:38","version" => "1.14"},{"date" => "2007-04-28T20:07:57","version" => "1.15"},{"date" => "2008-02-02T06:09:06","version" => "1.16"},{"date" => "2008-03-30T17:20:19","version" => "1.17"},{"date" => "2008-03-31T14:16:23","version" => "1.18"},{"date" => "2008-06-13T18:07:37","version" => "1.19"},{"date" => "2008-06-13T23:46:42","version" => "1.1901"},{"date" => "2008-07-16T13:20:57","version" => "1.1902"},{"date" => "2008-10-26T01:44:25","version" => "1.20"},{"date" => "2009-07-02T04:50:03","version" => "1.21"},{"date" => "2009-07-15T19:51:37","version" => "1.22"},{"date" => "2010-08-28T01:47:36","version" => "1.23"},{"date" => "2010-09-03T14:18:22","version" => "1.24"},{"date" => "2010-09-06T14:54:15","version" => "1.25"},{"date" => "2010-10-15T15:25:58","version" => "1.26"},{"date" => "2011-01-16T18:57:01","version" => "1.27"},{"date" => "2012-11-16T16:59:05","version" => "1.28"},{"date" => "2012-11-16T17:47:00","version" => "1.29"},{"date" => "2012-11-20T05:07:49","version" => "1.30"},{"date" => "2014-01-16T22:37:16","version" => "1.31"},{"date" => "2014-05-05T08:01:10","version" => "1.32"},{"date" => "2014-06-26T20:43:33","version" => "1.33"},{"date" => "2014-06-26T21:50:12","version" => "1.34"},{"date" => "2014-11-01T18:06:29","version" => "2.00"},{"date" => "2016-03-02T17:23:15","version" => "2.01"},{"date" => "2016-12-07T19:51:47","version" => "2.02"},{"date" => "2017-11-18T17:10:57","version" => "2.03"},{"date" => "2019-05-24T18:54:07","version" => "2.04"},{"date" => "2024-01-08T04:48:56","version" => "2.05"}]},"Dezi" => {"advisories" => [{"affected_versions" => ["<0.002002"],"cves" => [],"description" => "Bypassing authentication on the /index URL app with non-idempotent requests to /search URL.\n","distribution" => "Dezi","fixed_versions" => [">=0.002002"],"id" => "CPANSA-Dezi-2012-01","references" => ["https://metacpan.org/changes/distribution/Dezi","https://github.com/karpet/Dezi/commit/f1ad292b4dd988d1a38202c804bb7a2a3bcca3c8"],"reported" => "2012-09-13"}],"main_module" => "Dezi","versions" => [{"date" => "2011-06-22T04:53:57","version" => "0.001000"},{"date" => "2011-08-03T02:42:22","version" => "0.001001"},{"date" => "2011-09-30T03:35:08","version" => "0.001002"},{"date" => "2011-10-23T02:12:02","version" => "0.001003"},{"date" => "2012-03-17T02:40:15","version" => "0.001004"},{"date" => "2012-07-11T03:20:40","version" => "0.001005"},{"date" => "2012-08-18T02:43:23","version" => "0.001006"},{"date" => "2012-08-22T03:58:33","version" => "0.001007"},{"date" => "2012-09-04T02:05:34","version" => "0.001008"},{"date" => "2012-09-12T03:51:13","version" => "0.002000"},{"date" => "2012-09-13T01:50:59","version" => "0.002001"},{"date" => "2012-09-13T14:10:02","version" => "0.002002"},{"date" => "2012-10-16T00:57:46","version" => "0.002003"},{"date" => "2012-10-18T03:15:21","version" => "0.002004"},{"date" => "2012-12-19T05:25:13","version" => "0.002005"},{"date" => "2013-02-03T02:49:07","version" => "0.002006"},{"date" => "2013-02-05T15:02:54","version" => "0.002007"},{"date" => "2013-02-09T05:37:41","version" => "0.002008"},{"date" => "2013-02-13T02:30:33","version" => "0.002009"},{"date" => "2013-02-13T04:31:49","version" => "0.002010"},{"date" => "2013-11-13T17:08:03","version" => "0.002011"},{"date" => "2014-02-27T18:08:30","version" => "0.002012"},{"date" => "2014-06-05T06:59:12","version" => "0.002998_01"},{"date" => "2014-06-08T04:59:17","version" => "0.003000"},{"date" => "2014-07-30T20:40:24","version" => "0.004000"},{"date" => "2014-09-02T02:45:00","version" => "0.004001"},{"date" => "2015-04-30T22:01:11","version" => "0.004002"},{"date" => "2018-05-16T02:24:24","version" => "0.004003"}]},"Digest" => {"advisories" => [{"affected_versions" => ["<1.17"],"cves" => ["CVE-2011-3597"],"description" => "Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.\n","distribution" => "Digest","fixed_versions" => [">=0.17"],"id" => "CPANSA-Digest-2011-3597","references" => ["http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://www.redhat.com/support/errata/RHSA-2011-1424.html","https://bugzilla.redhat.com/show_bug.cgi?id=743010","http://www.securityfocus.com/bid/49911","http://secunia.com/advisories/46279","http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes","http://www.mandriva.com/security/advisories?name=MDVSA-2012:009","http://www.mandriva.com/security/advisories?name=MDVSA-2012:008","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446"],"reported" => "2012-01-13","reviewed_by" => [{"date" => "2022-07-05","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => ["<1.19"],"cves" => ["CVE-2016-1238"],"description" => "Includes . in \@INC which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Digest","fixed_versions" => [">=1.19"],"id" => "CPANSA-Digest-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Digest","versions" => [{"date" => "2001-03-14T06:33:08","version" => "1.00"},{"date" => "2003-01-05T01:23:53","version" => "1.01"},{"date" => "2003-01-19T04:35:36","version" => "1.02"},{"date" => "2003-11-28T12:29:42","version" => "1.03"},{"date" => "2003-11-29T12:08:20","version" => "1.04"},{"date" => "2003-12-01T07:58:06","version" => "1.05"},{"date" => "2004-04-01T10:55:24","version" => "1.06"},{"date" => "2004-04-25T14:39:53","version" => "1.07"},{"date" => "2004-04-29T07:56:42","version" => "1.08"},{"date" => "2004-11-05T12:20:28","version" => "1.09"},{"date" => "2004-11-08T09:41:14","version" => "1.10"},{"date" => "2005-09-11T11:14:33","version" => "1.11"},{"date" => "2005-09-29T10:20:20","version" => "1.12"},{"date" => "2005-10-18T11:59:24","version" => "1.13"},{"date" => "2005-11-26T10:10:21","version" => "1.14"},{"date" => "2006-03-20T15:18:01","version" => "1.15"},{"date" => "2009-06-09T18:58:26","version" => "1.16"},{"date" => "2011-10-02T10:14:32","version" => "1.17"},{"date" => "2020-10-13T19:16:47","version" => "1.18"},{"date" => "2020-10-13T20:02:35","version" => "1.19"},{"date" => "2021-08-24T13:51:51","version" => "1.20"},{"date" => "2012-10-12T00:00:00","dual_lived" => 1,"perl_release" => "5.014003","version" => "1.16_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "1.17_01"}]},"Digest-MD5" => {"advisories" => [{"affected_versions" => ["<2.25"],"cves" => ["CVE-2002-0703"],"description" => "An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.\n","distribution" => "Digest-MD5","fixed_versions" => [],"id" => "CPANSA-Digest-MD5-2002-0703","references" => ["http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php","http://www.iss.net/security_center/static/9051.php","http://www.securityfocus.com/bid/4716","http://rhn.redhat.com/errata/RHSA-2002-081.html"],"reported" => "2002-07-26","severity" => undef}],"main_module" => "Digest::MD5","versions" => [{"date" => "1998-10-23T12:30:56","version" => "1.99_53"},{"date" => "1998-10-24T13:58:24","version" => "1.99_54"},{"date" => "1998-10-24T22:44:03","version" => "1.99_55"},{"date" => "1998-10-24T23:07:15","version" => "1.99_56"},{"date" => "1998-10-27T21:09:37","version" => "1.99_57"},{"date" => "1998-10-28T14:11:30","version" => "1.99_58"},{"date" => "1998-10-28T20:57:10","version" => "1.99_59"},{"date" => "1998-10-30T17:23:27","version" => "1.99_60"},{"date" => "1998-11-04T22:27:42","version" => "2.00"},{"date" => "1998-12-30T04:01:06","version" => "2.01"},{"date" => "1999-01-31T16:44:38","version" => "2.02"},{"date" => "1999-02-01T20:25:06","version" => "2.02"},{"date" => "1999-02-27T21:39:24","version" => "2.03"},{"date" => "1999-03-05T21:17:35","version" => "2.04"},{"date" => "1999-03-15T10:58:32","version" => "2.05"},{"date" => "1999-03-19T05:05:36","version" => "2.05"},{"date" => "1999-03-26T13:51:38","version" => "2.06"},{"date" => "1999-04-26T09:45:43","version" => "2.07"},{"date" => "1999-06-02T13:44:41","version" => "2.07"},{"date" => "1999-07-28T10:55:54","version" => "2.08"},{"date" => "1999-08-05T23:29:15","version" => "2.09"},{"date" => "1999-09-02T12:45:17","version" => "2.09"},{"date" => "2000-08-18T08:49:59","version" => "2.10"},{"date" => "2000-08-19T17:39:04","version" => "2.11"},{"date" => "2000-09-18T15:10:45","version" => "2.12"},{"date" => "2001-01-19T06:08:47","version" => "2.12"},{"date" => "2001-03-14T05:56:41","version" => "2.13"},{"date" => "2001-03-17T04:35:32","version" => "2.13"},{"date" => "2001-06-24T07:37:20","version" => "2.13"},{"date" => "2001-07-18T13:40:13","version" => "2.14"},{"date" => "2001-08-27T17:53:29","version" => "2.15"},{"date" => "2001-08-29T06:32:30","version" => "2.15"},{"date" => "2001-09-07T05:52:46","version" => "2.16"},{"date" => "2002-04-25T17:24:14","version" => "2.17"},{"date" => "2002-05-01T23:34:50","version" => "2.18"},{"date" => "2002-05-02T03:21:40","version" => "2.19"},{"date" => "2002-05-06T05:20:38","version" => "2.20"},{"date" => "2002-12-28T05:33:19","version" => "2.21"},{"date" => "2003-01-05T01:04:07","version" => "2.22"},{"date" => "2003-01-19T04:55:24","version" => "2.23"},{"date" => "2003-03-09T15:26:49","version" => "2.24"},{"date" => "2003-07-05T05:33:54","version" => "2.25"},{"date" => "2003-07-22T06:15:03","version" => "2.26"},{"date" => "2003-08-05T06:12:31","version" => "2.27"},{"date" => "2003-10-06T13:16:20","version" => "2.28"},{"date" => "2003-10-06T17:37:30","version" => "2.29"},{"date" => "2003-10-09T09:40:47","version" => "2.30"},{"date" => "2003-11-28T13:10:59","version" => "2.31"},{"date" => "2003-12-05T10:15:43","version" => "2.32"},{"date" => "2003-12-07T10:31:15","version" => "2.33"},{"date" => "2005-11-26T10:05:19","version" => "2.34"},{"date" => "2005-11-26T11:15:35","version" => "2.35"},{"date" => "2005-11-30T13:55:38","version" => "2.36"},{"date" => "2008-11-12T09:36:42","version" => "2.37"},{"date" => "2008-11-14T13:50:45","version" => "2.38"},{"date" => "2009-06-09T20:21:55","version" => "2.39"},{"date" => "2010-07-03T14:01:25","version" => "2.40"},{"date" => "2010-09-25T22:12:42","version" => "2.50"},{"date" => "2010-09-30T19:46:29","version" => "2.51"},{"date" => "2012-06-07T22:37:00","version" => "2.52"},{"date" => "2013-07-02T17:56:06","version" => "2.53"},{"date" => "2015-01-12T21:19:42","version" => "2.54"},{"date" => "2016-03-09T21:17:10","version" => "2.55"},{"date" => "2020-10-05T17:19:37","version" => "2.56"},{"date" => "2020-10-05T17:42:48","version" => "2.57"},{"date" => "2020-10-05T21:53:32","version" => "2.58"},{"date" => "2023-12-30T21:01:56","version" => "2.59"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "2.36_01"},{"date" => "2019-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031005","version" => "2.55_01"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038000","version" => "2.58_01"}]},"Digest-SHA" => {"advisories" => [{"affected_versions" => ["<5.96"],"cves" => ["CVE-2016-1238"],"description" => "Digest::SHA before 5.96 with perls earlier than v5.26 included the current working directory in the module search path, which could lead to the inadvernant loading of unexpected versions of a module. The current directory was removed from the default module search path in perls from v5.26 and later.\n","distribution" => "Digest-SHA","fixed_versions" => [">=5.96"],"id" => "CPANSA-Digest-SHA-2016-1238","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=116513","https://github.com/advisories/GHSA-hm5v-6984-hfqp","https://metacpan.org/release/MSHELOR/Digest-SHA-5.96/diff/MSHELOR/Digest-SHA-5.95","https://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","https://lists.debian.org/debian-security-announce/2016/msg00206.html","https://security.gentoo.org/glsa/201701-75"],"reported" => undef,"severity" => "high"}],"main_module" => "Digest::SHA","versions" => [{"date" => "2003-10-11T09:45:19","version" => "0.9"},{"date" => "2003-10-20T09:50:18","version" => "1.0"},{"date" => "2003-10-25T11:31:51","version" => "1.01"},{"date" => "2003-11-01T21:22:08","version" => "2.0"},{"date" => "2003-11-09T11:06:19","version" => "2.1"},{"date" => "2003-11-16T11:08:06","version" => "2.2"},{"date" => "2003-11-19T11:54:09","version" => "2.3"},{"date" => "2003-11-23T00:52:20","version" => "2.4"},{"date" => "2003-11-26T12:32:09","version" => "3.0"},{"date" => "2003-11-30T07:47:28","version" => "v4.0.0"},{"date" => "2003-11-30T16:19:28","version" => "3.1-alpha1"},{"date" => "2003-12-01T13:27:50","version" => "4.0.2"},{"date" => "2003-12-03T11:20:55","version" => "v4.0.3"},{"date" => "2003-12-04T07:54:40","version" => "v4.0.4"},{"date" => "2003-12-06T09:23:46","version" => "v4.0.5"},{"date" => "2003-12-11T11:30:14","version" => "v4.0.6"},{"date" => "2003-12-13T09:30:39","version" => "v4.0.7"},{"date" => "2003-12-19T07:30:18","version" => "v4.0.8"},{"date" => "2003-12-24T10:37:28","version" => "v4.0.9"},{"date" => "2003-12-25T08:13:32","version" => "v4.1.0"},{"date" => "2003-12-28T00:09:30","version" => "v4.2.0"},{"date" => "2004-01-24T08:43:05","version" => "v4.2.1"},{"date" => "2004-02-01T08:52:29","version" => "v4.2.2"},{"date" => "2004-02-07T10:45:32","version" => "v4.3.0"},{"date" => "2004-03-04T10:41:51","version" => "v4.3.1"},{"date" => "2004-04-28T11:30:19","version" => "4.3.2"},{"date" => "2004-05-05T07:56:21","version" => "4.3.3"},{"date" => "2004-05-14T12:08:55","version" => "5.00"},{"date" => "2004-05-21T20:20:18","version" => "5.01"},{"date" => "2004-07-29T10:13:58","version" => "5.02"},{"date" => "2004-07-31T07:34:46","version" => "5.03"},{"date" => "2004-08-06T09:44:08","version" => "5.10"},{"date" => "2004-08-15T12:25:38","version" => "5.20"},{"date" => "2004-08-23T12:35:36","version" => "5.21"},{"date" => "2004-09-08T08:01:56","version" => "5.22"},{"date" => "2004-09-10T06:51:39","version" => "5.23"},{"date" => "2004-09-12T11:33:41","version" => "5.24"},{"date" => "2004-09-13T02:27:16","version" => "5.25"},{"date" => "2004-10-10T09:13:00","version" => "5.26"},{"date" => "2004-10-24T11:25:48","version" => "5.27"},{"date" => "2004-11-17T09:23:50","version" => "5.28"},{"date" => "2005-08-15T09:20:59","version" => "5.29"},{"date" => "2005-08-21T00:35:30","version" => "5.30"},{"date" => "2005-09-05T08:36:39","version" => "5.31"},{"date" => "2005-12-02T10:13:07","version" => "5.32"},{"date" => "2006-02-03T02:22:56","version" => "5.34"},{"date" => "2006-05-08T01:10:50","version" => "5.35"},{"date" => "2006-05-08T11:19:00","version" => "5.36"},{"date" => "2006-05-15T11:31:17","version" => "5.37"},{"date" => "2006-05-25T10:10:52","version" => "5.38"},{"date" => "2006-05-28T10:49:11","version" => "5.39"},{"date" => "2006-06-02T21:45:07","version" => "5.40"},{"date" => "2006-06-03T09:31:44","version" => "5.41"},{"date" => "2006-07-24T11:22:26","version" => "5.42"},{"date" => "2006-08-05T10:13:57","version" => "5.43"},{"date" => "2006-10-14T07:59:30","version" => "5.44"},{"date" => "2007-06-26T10:20:05","version" => "5.45"},{"date" => "2008-04-09T12:40:29","version" => "5.46"},{"date" => "2008-04-30T11:17:26","version" => "5.47"},{"date" => "2010-01-05T02:07:18","version" => "5.48"},{"date" => "2010-12-12T14:44:43","version" => "5.49"},{"date" => "2010-12-14T13:46:10","version" => "5.50"},{"date" => "2011-03-03T13:19:38","version" => "5.60"},{"date" => "2011-03-09T12:56:01","version" => "5.61"},{"date" => "2011-05-14T11:11:34","version" => "5.62"},{"date" => "2011-11-08T13:27:54","version" => "5.63"},{"date" => "2011-12-14T10:18:37","version" => "5.70"},{"date" => "2012-02-29T11:11:59","version" => "5.71"},{"date" => "2012-09-25T01:14:59","version" => "5.72"},{"date" => "2012-10-31T11:42:32","version" => "5.73"},{"date" => "2012-11-24T11:40:47","version" => "5.74"},{"date" => "2012-12-10T21:21:06","version" => "5.80"},{"date" => "2013-01-14T14:32:22","version" => "5.81"},{"date" => "2013-01-24T12:06:14","version" => "5.82"},{"date" => "2013-03-04T16:22:03","version" => "5.83"},{"date" => "2013-03-10T00:42:51","version" => "5.84"},{"date" => "2013-06-26T11:11:56","version" => "5.85"},{"date" => "2014-01-30T15:40:50","version" => "5.86"},{"date" => "2014-02-18T01:26:20","version" => "5.87"},{"date" => "2014-03-17T16:05:33","version" => "5.88"},{"date" => "2014-04-19T13:09:10","version" => "5.89"},{"date" => "2014-05-07T15:54:15","version" => "5.90"},{"date" => "2014-05-16T17:36:12","version" => "5.91"},{"date" => "2014-06-01T07:25:04","version" => "5.92"},{"date" => "2014-10-26T13:15:37","version" => "5.93"},{"date" => "2015-01-10T09:49:55","version" => "5.94"},{"date" => "2015-01-10T20:24:40","version" => "5.95"},{"date" => "2016-07-28T11:11:53","version" => "5.96"},{"date" => "2017-09-06T09:38:45","version" => "5.97"},{"date" => "2017-10-04T08:38:13","version" => "5.98"},{"date" => "2017-12-09T06:04:13","version" => "6.00"},{"date" => "2017-12-25T07:41:55","version" => "6.01"},{"date" => "2018-04-20T23:47:19","version" => "6.02"},{"date" => "2022-08-08T18:56:41","version" => "6.03"},{"date" => "2023-02-25T19:06:34","version" => "6.04"},{"date" => "2013-08-12T00:00:00","dual_lived" => 1,"perl_release" => "5.018001","version" => "5.84_01"},{"date" => "2014-10-01T00:00:00","dual_lived" => 1,"perl_release" => "5.018003","version" => "5.84_02"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "5.95_01"}]},"Dpkg" => {"advisories" => [{"affected_versions" => ["<1.21.8"],"cves" => ["CVE-2022-1664"],"description" => "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.\n","distribution" => "Dpkg","fixed_versions" => [">=1.21.8"],"id" => "CPANSA-Dpkg-2022-1664","references" => ["https://lists.debian.org/debian-security-announce/2022/msg00115.html","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b","https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"],"reported" => "2022-05-26","severity" => "critical"},{"affected_versions" => ["<1.18.24"],"cves" => ["CVE-2017-8283"],"description" => "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.24"],"id" => "CPANSA-Dpkg-2017-8283","references" => ["http://www.openwall.com/lists/oss-security/2017/04/20/2","http://www.securityfocus.com/bid/98064"],"reported" => "2017-04-26","severity" => "critical"},{"affected_versions" => ["<1.18.11"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.11"],"id" => "CPANSA-Dpkg-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => ["<1.18.4"],"cves" => ["CVE-2015-0860"],"description" => "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.4"],"id" => "CPANSA-Dpkg-2015-0860","references" => ["http://www.ubuntu.com/usn/USN-2820-1","http://www.debian.org/security/2015/dsa-3407","https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324","https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d","https://security.gentoo.org/glsa/201612-07"],"reported" => "2015-12-03","severity" => undef},{"affected_versions" => ["<1.18.0"],"cves" => ["CVE-2015-0840"],"description" => "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.0"],"id" => "CPANSA-Dpkg-2015-0840","references" => ["http://www.ubuntu.com/usn/USN-2566-1","http://www.debian.org/security/2015/dsa-3217","http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"],"reported" => "2015-04-13","severity" => undef},{"affected_versions" => ["<1.17.22"],"cves" => ["CVE-2014-8625"],"description" => "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.22"],"id" => "CPANSA-Dpkg-2014-8625","references" => ["http://seclists.org/oss-sec/2014/q4/539","https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135","http://seclists.org/oss-sec/2014/q4/622","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485","http://seclists.org/oss-sec/2014/q4/551","http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"],"reported" => "2015-01-20","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3127"],"description" => "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3127","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306","http://www.securityfocus.com/bid/67181","http://seclists.org/oss-sec/2014/q2/227","http://seclists.org/oss-sec/2014/q2/191","http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"],"reported" => "2014-05-14","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3864"],"description" => "Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3864","references" => ["http://openwall.com/lists/oss-security/2014/05/25/2","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498","http://www.securityfocus.com/bid/67725","http://www.ubuntu.com/usn/USN-2242-1","http://www.debian.org/security/2014/dsa-2953"],"reported" => "2014-05-30","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3865"],"description" => "Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3865","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749183","http://openwall.com/lists/oss-security/2014/05/25/2","http://www.securityfocus.com/bid/67727","http://www.ubuntu.com/usn/USN-2242-1","http://www.debian.org/security/2014/dsa-2953"],"reported" => "2014-05-30","severity" => undef},{"affected_versions" => ["<1.17.9"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.9"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.17.9"],"cves" => ["CVE-2014-3127"],"description" => "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.9"],"id" => "CPANSA-Dpkg-2014-3127","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306","http://www.securityfocus.com/bid/67181","http://seclists.org/oss-sec/2014/q2/227","http://seclists.org/oss-sec/2014/q2/191","http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"],"reported" => "2014-05-14","severity" => undef},{"affected_versions" => ["<1.17.8"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.8"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.15.8.8"],"cves" => ["CVE-2010-1679"],"description" => "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.8.8"],"id" => "CPANSA-Dpkg-2010-1679","references" => ["http://www.vupen.com/english/advisories/2011/0044","http://secunia.com/advisories/42831","http://secunia.com/advisories/42826","http://www.ubuntu.com/usn/USN-1038-1","http://www.debian.org/security/2011/dsa-2142","http://www.vupen.com/english/advisories/2011/0040","http://osvdb.org/70368","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html","http://secunia.com/advisories/43054","http://www.securityfocus.com/bid/45703","http://www.vupen.com/english/advisories/2011/0196","https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"],"reported" => "2011-01-11","severity" => undef},{"affected_versions" => ["<1.15.6"],"cves" => ["CVE-2010-0396"],"description" => "Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.6"],"id" => "CPANSA-Dpkg-2010-0396","references" => ["http://www.debian.org/security/2010/dsa-2011","http://www.vupen.com/english/advisories/2010/0582","http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz","https://exchange.xforce.ibmcloud.com/vulnerabilities/56887"],"reported" => "2010-03-15","severity" => undef},{"affected_versions" => ["==1.9.21"],"cves" => ["CVE-2004-2768"],"description" => "dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.\n","distribution" => "Dpkg","fixed_versions" => [">=1.9.22"],"id" => "CPANSA-Dpkg-2004-2768","references" => ["http://www.hackinglinuxexposed.com/articles/20031214.html","http://lists.jammed.com/ISN/2003/12/0056.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692","https://bugzilla.redhat.com/show_bug.cgi?id=598775","https://exchange.xforce.ibmcloud.com/vulnerabilities/59428"],"reported" => "2010-06-08","severity" => undef},{"affected_versions" => ["<1.15.10"],"cves" => ["CVE-2011-0402"],"description" => "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.10"],"id" => "CPANSA-Dpkg-2011-0402","references" => ["http://www.ubuntu.com/usn/USN-1038-1","http://secunia.com/advisories/42831","http://www.debian.org/security/2011/dsa-2142","http://secunia.com/advisories/42826","http://www.vupen.com/english/advisories/2011/0040","http://www.vupen.com/english/advisories/2011/0044","http://osvdb.org/70367","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html","http://www.vupen.com/english/advisories/2011/0196","http://www.securityfocus.com/bid/45703","http://secunia.com/advisories/43054","https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"],"reported" => "2011-01-11","severity" => undef}],"main_module" => "Dpkg","versions" => [{"date" => "2018-09-26T18:53:52","version" => "v1.19.1"},{"date" => "2018-10-08T10:54:58","version" => "v1.19.2"},{"date" => "2019-01-22T18:41:25","version" => "v1.19.3"},{"date" => "2019-02-23T17:40:31","version" => "v1.19.5"},{"date" => "2019-03-25T14:54:21","version" => "v1.19.6"},{"date" => "2019-06-03T21:51:58","version" => "v1.19.7"},{"date" => "2020-03-08T03:05:24","version" => "v1.20.0"},{"date" => "2020-06-27T01:26:33","version" => "v1.20.1"},{"date" => "2020-06-27T23:35:03","version" => "v1.20.2"},{"date" => "2020-06-29T11:02:10","version" => "v1.20.3"},{"date" => "2020-07-07T06:22:23","version" => "v1.20.4"},{"date" => "2020-07-08T03:55:55","version" => "v1.20.5"},{"date" => "2021-01-08T04:23:50","version" => "v1.20.6"},{"date" => "2021-01-09T00:19:44","version" => "v1.20.7"},{"date" => "2021-04-13T21:44:34","version" => "v1.20.8"},{"date" => "2021-04-13T23:33:15","version" => "v1.20.9"},{"date" => "2021-12-05T18:08:48","version" => "v1.21.0"},{"date" => "2021-12-06T20:23:10","version" => "v1.21.1"},{"date" => "2022-03-13T20:07:04","version" => "v1.21.2"},{"date" => "2022-03-24T20:19:38","version" => "v1.21.3"},{"date" => "2022-03-26T12:56:21","version" => "v1.21.4"},{"date" => "2022-03-29T01:07:10","version" => "v1.21.5"},{"date" => "2022-05-25T15:21:07","version" => "v1.21.8"},{"date" => "2022-07-01T09:48:45","version" => "v1.21.9"},{"date" => "2022-12-01T12:08:26","version" => "v1.21.10"},{"date" => "2022-12-02T23:34:17","version" => "v1.21.11"},{"date" => "2022-12-19T01:27:49","version" => "v1.21.13"},{"date" => "2023-01-01T23:04:24","version" => "v1.21.14"},{"date" => "2023-01-25T22:18:51","version" => "v1.21.19"},{"date" => "2023-05-16T22:34:01","version" => "v1.21.22"},{"date" => "2023-08-30T10:44:22","version" => "v1.22.0"},{"date" => "2023-10-30T03:47:45","version" => "v1.22.1"},{"date" => "2023-12-18T03:09:08","version" => "v1.22.2"},{"date" => "2024-01-24T12:39:35","version" => "v1.22.4"},{"date" => "2024-02-27T03:56:46","version" => "v1.22.5"},{"date" => "2024-03-10T21:52:57","version" => "v1.22.6"},{"date" => "2024-07-16T23:58:08","version" => "v1.22.7"},{"date" => "2024-07-21T18:44:31","version" => "v1.22.8"},{"date" => "2024-08-01T11:07:53","version" => "v1.22.11"},{"date" => "2025-01-02T03:22:30","version" => "v1.22.12"},{"date" => "2025-01-03T11:09:37","version" => "v1.22.13"},{"date" => "2025-03-07T02:57:57","version" => "v1.22.16"},{"date" => "2025-03-09T18:23:59","version" => "v1.22.18"},{"date" => "2025-05-18T22:53:57","version" => "v1.22.19"},{"date" => "2025-06-04T23:18:14","version" => "v1.22.20"},{"date" => "2025-07-02T00:09:01","version" => "v1.22.21"},{"date" => "2025-12-16T22:55:42","version" => "v1.23.0"},{"date" => "2025-12-17T12:41:12","version" => "v1.23.1"},{"date" => "2026-01-18T17:58:28","version" => "v1.23.4"}]},"EV-Hiredis" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.04"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "EV-Hiredis","fixed_versions" => [],"id" => "CPANSA-EV-Hiredis-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"}],"main_module" => "EV::Hiredis","versions" => [{"date" => "2013-01-09T10:22:05","version" => "0.01"},{"date" => "2013-03-13T06:16:24","version" => "0.02"},{"date" => "2014-09-18T09:39:46","version" => "0.03"},{"date" => "2017-04-23T10:09:14","version" => "0.04"},{"date" => "2022-09-11T04:29:22","version" => "0.05"},{"date" => "2023-04-25T22:39:52","version" => "0.06"},{"date" => "2023-05-03T14:14:01","version" => "0.07"}]},"EasyTCP" => {"advisories" => [{"affected_versions" => ["<0.15"],"cves" => ["CVE-2002-20002"],"description" => "The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.\n","distribution" => "EasyTCP","fixed_versions" => [">=0.15"],"id" => "CPANSA-EasyTCP-2002-20002","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/184","https://metacpan.org/release/MNAGUIB/EasyTCP-0.15/view/EasyTCP.pm","https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"],"reported" => "2025-01-02","severity" => "moderate"},{"affected_versions" => [">=0.15"],"cves" => ["CVE-2024-56830"],"description" => "The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.\n","distribution" => "EasyTCP","fixed_versions" => [],"id" => "CPANSA-EasyTCP-2024-56830","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/184","https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"],"reported" => "2025-01-02","severity" => "moderate"}],"main_module" => "Net::EasyTCP","versions" => [{"date" => "2002-01-03T20:21:16","version" => "0.01"},{"date" => "2002-01-10T23:58:29","version" => "0.02"},{"date" => "2002-01-12T22:23:25","version" => "0.03"},{"date" => "2002-01-14T20:13:58","version" => "0.04"},{"date" => "2002-01-16T16:30:59","version" => "0.05"},{"date" => "2002-01-18T04:48:03","version" => "0.06"},{"date" => "2002-01-21T20:26:09","version" => "0.07"},{"date" => "2002-01-22T21:08:52","version" => "0.08"},{"date" => "2002-01-31T16:33:35","version" => "0.09"},{"date" => "2002-02-01T02:09:00","version" => "0.10"},{"date" => "2002-02-05T20:35:47","version" => "0.11"},{"date" => "2002-02-22T19:51:44","version" => "0.12"},{"date" => "2002-03-22T20:47:32","version" => "0.13"},{"date" => "2002-09-07T05:21:49","version" => "0.14"},{"date" => "2002-09-25T03:02:37","version" => "0.15"},{"date" => "2002-09-30T20:20:38","version" => "0.16"},{"date" => "2002-11-11T19:38:16","version" => "0.17"},{"date" => "2003-02-26T22:15:03","version" => "0.18"},{"date" => "2003-03-02T05:47:04","version" => "0.19"},{"date" => "2003-05-14T19:40:01","version" => "0.20"},{"date" => "2003-05-14T20:22:30","version" => "0.21"},{"date" => "2003-05-15T13:10:31","version" => "0.22"},{"date" => "2003-05-24T13:19:56","version" => "0.23"},{"date" => "2003-07-15T01:11:20","version" => "0.24"},{"date" => "2003-08-07T12:19:25","version" => "0.25"},{"date" => "2004-04-06T02:50:22","version" => "0.26"}]},"Elive" => {"advisories" => [{"affected_versions" => ["<1.20"],"cves" => [],"description" => "Elive::DAO->set() did not die on tainted data.\n","distribution" => "Elive","fixed_versions" => [">=1.20"],"id" => "CPANSA-Elive-2011-01","references" => ["https://metacpan.org/dist/Elive/changes"],"reported" => "2011-10-15","severity" => undef}],"main_module" => "Elive","versions" => [{"date" => "2009-03-17T06:37:43","version" => "0.01"},{"date" => "2009-04-13T23:51:59","version" => "0.02"},{"date" => "2009-04-14T20:26:27","version" => "0.03"},{"date" => "2009-04-15T22:30:08","version" => "0.04"},{"date" => "2009-04-17T07:27:23","version" => "0.05"},{"date" => "2009-04-17T22:04:55","version" => "0.06"},{"date" => "2009-04-22T00:14:13","version" => "0.07"},{"date" => "2009-04-22T03:10:13","version" => "0.08"},{"date" => "2009-04-24T22:26:35","version" => "0.09"},{"date" => "2009-04-28T07:30:45","version" => "0.10"},{"date" => "2009-04-29T21:49:12","version" => "0.11"},{"date" => "2009-05-01T23:15:47","version" => "0.12"},{"date" => "2009-05-04T22:19:09","version" => "0.13"},{"date" => "2009-05-05T20:09:18","version" => "0.14"},{"date" => "2009-05-08T22:04:14","version" => "0.15"},{"date" => "2009-05-11T20:38:56","version" => "0.16"},{"date" => "2009-05-13T21:31:52","version" => "0.17"},{"date" => "2009-05-15T03:47:36","version" => "0.18"},{"date" => "2009-05-18T21:43:03","version" => "0.19"},{"date" => "2009-05-24T00:13:36","version" => "0.20"},{"date" => "2009-05-24T20:48:19","version" => "0.21"},{"date" => "2009-05-27T22:05:37","version" => "0.22"},{"date" => "2009-05-29T05:09:57","version" => "0.23"},{"date" => "2009-06-03T04:48:43","version" => "0.24"},{"date" => "2009-06-03T22:18:02","version" => "0.25"},{"date" => "2009-06-12T22:36:31","version" => "0.26"},{"date" => "2009-06-19T21:34:40","version" => "0.27"},{"date" => "2009-06-22T03:47:43","version" => "0.28"},{"date" => "2009-06-24T04:14:37","version" => "0.29"},{"date" => "2009-06-26T23:24:47","version" => "0.30"},{"date" => "2009-07-03T06:18:23","version" => "0.31"},{"date" => "2009-07-17T22:56:55","version" => "0.32"},{"date" => "2009-07-22T03:22:18","version" => "0.33"},{"date" => "2009-07-28T06:46:45","version" => "0.34"},{"date" => "2009-08-02T22:36:31","version" => "0.35"},{"date" => "2009-08-03T22:44:25","version" => "0.36"},{"date" => "2009-08-05T21:02:32","version" => "0.37"},{"date" => "2009-08-21T08:29:37","version" => "0.38"},{"date" => "2009-08-31T02:24:45","version" => "0.39"},{"date" => "2009-09-10T01:20:54","version" => "0.40"},{"date" => "2009-09-11T21:34:13","version" => "0.41"},{"date" => "2009-10-08T00:53:22","version" => "0.42"},{"date" => "2009-10-20T23:09:46","version" => "0.43"},{"date" => "2009-10-22T00:05:22","version" => "0.44"},{"date" => "2009-10-26T04:15:36","version" => "0.45"},{"date" => "2009-10-28T08:27:27","version" => "0.46"},{"date" => "2009-10-28T21:26:06","version" => "0.47"},{"date" => "2009-10-29T00:00:43","version" => "0.48"},{"date" => "2009-11-02T21:37:24","version" => "0.48_01"},{"date" => "2009-11-06T20:36:30","version" => "0.49"},{"date" => "2009-11-09T21:34:02","version" => "0.50"},{"date" => "2009-11-16T00:26:26","version" => "0.51"},{"date" => "2009-11-30T20:38:39","version" => "0.52"},{"date" => "2009-12-14T23:14:43","version" => "0.53"},{"date" => "2009-12-18T00:24:06","version" => "0.53_1"},{"date" => "2009-12-18T22:36:34","version" => "0.54"},{"date" => "2009-12-20T20:02:22","version" => "0.55"},{"date" => "2010-01-04T06:35:00","version" => "0.56"},{"date" => "2010-01-04T21:18:52","version" => "0.57"},{"date" => "2010-01-14T00:08:40","version" => "0.58"},{"date" => "2010-01-21T22:46:27","version" => "0.59"},{"date" => "2010-01-24T21:24:09","version" => "0.60"},{"date" => "2010-01-26T22:38:54","version" => "0.61"},{"date" => "2010-02-15T23:06:41","version" => "0.62"},{"date" => "2010-03-06T22:34:53","version" => "0.63"},{"date" => "2010-03-11T22:45:28","version" => "0.64"},{"date" => "2010-05-17T00:40:50","version" => "0.65"},{"date" => "2010-05-21T23:54:39","version" => "0.66"},{"date" => "2010-05-27T22:12:29","version" => "0.67"},{"date" => "2010-06-02T07:33:50","version" => "0.68"},{"date" => "2010-06-11T00:12:21","version" => "0.69"},{"date" => "2010-06-22T05:13:22","version" => "0.70"},{"date" => "2010-06-22T22:20:27","version" => "0.71"},{"date" => "2010-08-13T01:10:30","version" => "0.72"},{"date" => "2010-09-03T03:48:51","version" => "0.73"},{"date" => "2010-10-14T20:54:08","version" => "0.74_2"},{"date" => "2010-10-18T01:49:41","version" => "0.74"},{"date" => "2010-10-27T23:52:59","version" => "0.75"},{"date" => "2010-11-09T23:46:08","version" => "0.76"},{"date" => "2010-12-08T21:27:13","version" => "0.77"},{"date" => "2010-12-08T23:17:00","version" => "0.78"},{"date" => "2011-01-20T02:01:43","version" => "0.79"},{"date" => "2011-01-27T19:56:34","version" => "0.80"},{"date" => "2011-02-03T03:17:09","version" => "0.81"},{"date" => "2011-02-10T00:02:08","version" => "0.82"},{"date" => "2011-03-10T05:19:08","version" => "0.83"},{"date" => "2011-03-11T01:11:39","version" => "0.84"},{"date" => "2011-03-14T00:55:18","version" => "0.85"},{"date" => "2011-03-14T21:15:08","version" => "0.86"},{"date" => "2011-04-11T00:59:22","version" => "0.87"},{"date" => "2011-04-11T19:19:42","version" => "0.87.1"},{"date" => "2011-04-15T02:12:50","version" => "0.87.2"},{"date" => "2011-04-27T02:43:51","version" => "0.88"},{"date" => "2011-05-20T00:15:55","version" => "0.89"},{"date" => "2011-06-08T23:34:06","version" => "0.90"},{"date" => "2011-06-14T23:35:27","version" => "0.91"},{"date" => "2011-06-28T07:09:46","version" => "0.95"},{"date" => "2011-06-29T21:42:38","version" => "0.96"},{"date" => "2011-07-05T06:35:18","version" => "0.97"},{"date" => "2011-07-08T00:35:18","version" => "0.98"},{"date" => "2011-07-14T03:25:12","version" => "0.99"},{"date" => "2011-07-19T00:14:00","version" => "1.00"},{"date" => "2011-07-20T01:14:39","version" => "1.01"},{"date" => "2011-07-21T05:49:47","version" => "1.02"},{"date" => "2011-07-23T23:23:35","version" => "1.03"},{"date" => "2011-07-29T00:14:06","version" => "1.04"},{"date" => "2011-08-01T02:20:53","version" => "1.05"},{"date" => "2011-08-05T21:36:24","version" => "1.06"},{"date" => "2011-08-07T01:43:31","version" => "1.07"},{"date" => "2011-08-09T00:51:44","version" => "1.08"},{"date" => "2011-08-10T05:13:13","version" => "1.09"},{"date" => "2011-08-10T21:06:42","version" => "1.10"},{"date" => "2011-08-11T22:27:24","version" => "1.11"},{"date" => "2011-08-15T00:58:40","version" => "1.12"},{"date" => "2011-08-19T00:21:11","version" => "1.13"},{"date" => "2011-08-20T22:44:01","version" => "1.14"},{"date" => "2011-08-23T21:43:48","version" => "1.15"},{"date" => "2011-08-26T22:25:28","version" => "1.16"},{"date" => "2011-09-08T22:32:49","version" => "1.17"},{"date" => "2011-09-16T00:00:34","version" => "1.18"},{"date" => "2011-09-28T07:09:24","version" => "1.19"},{"date" => "2011-11-15T01:28:33","version" => "1.20"},{"date" => "2011-12-03T01:49:03","version" => "1.21"},{"date" => "2012-01-05T04:04:10","version" => "1.22"},{"date" => "2012-01-25T20:01:01","version" => "1.23"},{"date" => "2012-02-28T01:03:16","version" => "1.24"},{"date" => "2012-04-18T04:53:06","version" => "1.25"},{"date" => "2012-05-04T04:11:34","version" => "1.26"},{"date" => "2012-07-13T21:59:27","version" => "1.27"},{"date" => "2012-10-12T02:45:37","version" => "1.28"},{"date" => "2012-10-26T21:16:49","version" => "1.29"},{"date" => "2013-01-04T01:33:50","version" => "1.30"},{"date" => "2013-03-28T02:39:54","version" => "1.31"},{"date" => "2014-02-28T16:40:50","version" => "1.32"},{"date" => "2015-01-21T21:14:50","version" => "1.33"},{"date" => "2015-04-03T22:38:32","version" => "1.34"},{"date" => "2015-06-29T02:59:33","version" => "1.35"},{"date" => "2015-12-03T20:48:05","version" => "1.36"},{"date" => "2015-12-04T02:58:35","version" => "1.37"}]},"Email-Address" => {"advisories" => [{"affected_versions" => ["<1.905"],"cves" => ["CVE-2014-0477"],"description" => "Inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.\n","distribution" => "Email-Address","fixed_versions" => [">=1.905"],"id" => "CPANSA-Email-Address-2014-01","references" => ["https://metacpan.org/changes/distribution/Email-Address"],"reported" => "2014-07-03"},{"affected_versions" => ["<1.909"],"cves" => ["CVE-2018-12558"],"description" => "The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters (\"\\f\").\n","distribution" => "Email-Address","fixed_versions" => [">=1.909"],"id" => "CPANSA-Email-Address-2014-01","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873","http://www.openwall.com/lists/oss-security/2018/06/19/3","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00012.html"],"reported" => "2018-06-19"},{"affected_versions" => ["<1.904"],"cves" => ["CVE-2014-4720"],"description" => "Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to \"backtracking into the phrase,\" a different vulnerability than CVE-2014-0477.\n","distribution" => "Email-Address","fixed_versions" => [">=1.904"],"id" => "CPANSA-Email-Address-2014-4720","references" => ["https://github.com/rjbs/Email-Address/blob/master/Changes","http://seclists.org/oss-sec/2014/q2/563"],"reported" => "2014-07-06","severity" => undef}],"main_module" => "Email::Address","versions" => [{"date" => "2004-05-27T03:19:56","version" => "1.1"},{"date" => "2004-06-02T16:35:30","version" => "1.2"},{"date" => "2004-08-16T21:39:58","version" => "1.3"},{"date" => "2004-10-05T18:10:42","version" => "1.5"},{"date" => "2004-10-05T18:20:42","version" => "1.6"},{"date" => "2004-10-13T10:21:17","version" => "1.7"},{"date" => "2004-10-22T16:37:27","version" => "1.80"},{"date" => "2006-07-11T15:04:28","version" => "1.85"},{"date" => "2006-07-22T00:42:17","version" => "1.86"},{"date" => "2006-08-10T16:48:44","version" => "1.870"},{"date" => "2006-10-12T19:35:04","version" => "1.861"},{"date" => "2006-10-12T22:16:28","version" => "1.871"},{"date" => "2006-11-11T16:01:38","version" => "1.880"},{"date" => "2006-11-19T21:19:02","version" => "1.881"},{"date" => "2006-11-22T01:26:44","version" => "1.882"},{"date" => "2006-11-25T13:53:46","version" => "1.883"},{"date" => "2006-12-05T03:41:39","version" => "1.884"},{"date" => "2007-03-01T01:08:16","version" => "1.885"},{"date" => "2007-03-01T20:18:53","version" => "1.886"},{"date" => "2007-04-01T19:15:49","version" => "1.887"},{"date" => "2007-06-23T01:27:24","version" => "1.888"},{"date" => "2007-12-19T22:14:37","version" => "1.889"},{"date" => "2010-08-22T19:03:33","version" => "1.890"},{"date" => "2010-08-31T00:56:53","version" => "1.891"},{"date" => "2010-09-03T23:45:13","version" => "1.892"},{"date" => "2012-01-03T03:55:12","version" => "1.893"},{"date" => "2012-01-14T16:17:56","version" => "1.894"},{"date" => "2012-01-15T18:41:33","version" => "1.895"},{"date" => "2012-08-01T03:07:33","version" => "1.896"},{"date" => "2012-12-17T15:16:33","version" => "1.897"},{"date" => "2013-02-07T21:41:48","version" => "1.898"},{"date" => "2013-08-02T14:54:13","version" => "1.899"},{"date" => "2013-08-08T18:46:07","version" => "1.900"},{"date" => "2014-01-29T03:43:28","version" => "1.901"},{"date" => "2014-04-17T15:19:31","version" => "1.902"},{"date" => "2014-04-18T01:07:10","version" => "1.903"},{"date" => "2014-06-14T04:22:22","version" => "1.904"},{"date" => "2014-06-18T02:55:59","version" => "1.905"},{"date" => "2015-02-03T21:49:39","version" => "1.906"},{"date" => "2015-02-03T22:48:46","version" => "1.907"},{"date" => "2015-09-20T02:55:12","version" => "1.908"},{"date" => "2018-03-05T03:26:56","version" => "1.909"},{"date" => "2018-12-18T02:29:23","version" => "1.910"},{"date" => "2018-12-22T16:31:37","version" => "1.911"},{"date" => "2018-12-31T19:51:36","version" => "1.912"},{"date" => "2023-01-10T00:42:33","version" => "1.913"}]},"Email-MIME" => {"advisories" => [{"affected_versions" => ["<1.954"],"cves" => ["CVE-2024-4140"],"description" => "An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.\n","distribution" => "Email-MIME","fixed_versions" => [">=1.954"],"id" => "CPANSA-Email-MIME-2024-4140","references" => ["https://bugs.debian.org/960062","https://github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2","https://github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8","https://github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531","https://github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2d","https://github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1","https://github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63","https://github.com/rjbs/Email-MIME/issues/66","https://github.com/rjbs/Email-MIME/pull/80","https://www.cve.org/CVERecord?id=CVE-2024-4140"],"reported" => "2024-05-02","severity" => undef}],"main_module" => "Email::MIME","versions" => [{"date" => "2004-01-23T12:04:54","version" => "1.0_01"},{"date" => "2004-03-24T16:01:33","version" => "1.1"},{"date" => "2004-04-02T08:52:35","version" => "1.2"},{"date" => "2004-04-05T16:27:42","version" => "1.3"},{"date" => "2004-07-01T17:38:00","version" => "1.4"},{"date" => "2004-07-01T17:40:06","version" => "1.5"},{"date" => "2004-07-04T20:17:06","version" => "1.6"},{"date" => "2004-07-05T21:56:19","version" => "1.7"},{"date" => "2004-08-25T09:58:28","version" => "1.8"},{"date" => "2004-10-30T00:19:03","version" => "1.81"},{"date" => "2004-11-18T01:02:46","version" => "1.82"},{"date" => "2006-07-13T12:09:00","version" => "1.85"},{"date" => "2006-08-22T12:15:01","version" => "1.851"},{"date" => "2006-09-06T03:22:24","version" => "1.852"},{"date" => "2006-10-12T19:23:59","version" => "1.853"},{"date" => "2006-10-15T12:57:06","version" => "1.854"},{"date" => "2006-10-19T19:26:56","version" => "1.855"},{"date" => "2006-11-28T01:54:55","version" => "1.856"},{"date" => "2006-11-28T02:45:42","version" => "1.857"},{"date" => "2007-02-10T03:53:13","version" => "1.858"},{"date" => "2007-03-21T02:13:51","version" => "1.859"},{"date" => "2007-07-14T02:17:11","version" => "1.860"},{"date" => "2007-11-06T02:03:23","version" => "1.861"},{"date" => "2008-09-08T22:24:06","version" => "1.861_01"},{"date" => "2009-01-24T03:09:24","version" => "1.862"},{"date" => "2009-01-30T13:35:20","version" => "1.863"},{"date" => "2009-11-03T20:49:02","version" => "1.900"},{"date" => "2009-11-05T19:29:16","version" => "1.901"},{"date" => "2009-11-11T20:53:15","version" => "1.902"},{"date" => "2009-12-23T14:14:45","version" => "1.903"},{"date" => "2010-09-04T22:05:49","version" => "1.904"},{"date" => "2010-09-06T13:25:51","version" => "1.905"},{"date" => "2010-10-08T01:06:33","version" => "1.906"},{"date" => "2011-02-02T22:52:42","version" => "1.907"},{"date" => "2011-06-02T03:16:50","version" => "1.908"},{"date" => "2011-09-08T19:27:38","version" => "1.909"},{"date" => "2011-09-12T16:45:52","version" => "1.910"},{"date" => "2012-07-22T23:12:42","version" => "1.911"},{"date" => "2013-04-08T19:42:09","version" => "1.912_01"},{"date" => "2013-06-17T15:24:37","version" => "1.920"},{"date" => "2013-07-02T02:51:36","version" => "1.921"},{"date" => "2013-07-10T12:45:29","version" => "1.922"},{"date" => "2013-08-09T02:00:30","version" => "1.923"},{"date" => "2013-08-11T03:25:40","version" => "1.924"},{"date" => "2013-11-08T12:02:21","version" => "1.925"},{"date" => "2014-01-29T04:29:29","version" => "1.926"},{"date" => "2014-12-04T15:22:49","version" => "1.927"},{"date" => "2014-12-16T02:49:06","version" => "1.928"},{"date" => "2015-02-17T14:32:33","version" => "1.929"},{"date" => "2015-03-26T03:00:09","version" => "1.930"},{"date" => "2015-07-12T21:32:56","version" => "1.931"},{"date" => "2015-07-25T02:25:32","version" => "1.932"},{"date" => "2015-07-25T13:33:07","version" => "1.933"},{"date" => "2015-08-02T00:35:40","version" => "1.934"},{"date" => "2015-08-31T20:49:57","version" => "1.935"},{"date" => "2015-09-11T02:48:33","version" => "1.936"},{"date" => "2016-01-28T18:33:58","version" => "1.937"},{"date" => "2017-01-02T01:04:29","version" => "1.938"},{"date" => "2017-01-14T19:59:46","version" => "1.939"},{"date" => "2017-01-29T15:34:49","version" => "1.940"},{"date" => "2017-03-05T00:18:30","version" => "1.941"},{"date" => "2017-03-05T13:16:39","version" => "1.942"},{"date" => "2017-06-09T23:01:41","version" => "1.943"},{"date" => "2017-07-25T16:40:42","version" => "1.944"},{"date" => "2017-07-25T18:18:48","version" => "1.945"},{"date" => "2017-08-31T13:31:14","version" => "1.946"},{"date" => "2020-05-09T18:30:39","version" => "1.947"},{"date" => "2020-05-09T19:06:22","version" => "1.948"},{"date" => "2020-05-24T14:27:02","version" => "1.949"},{"date" => "2020-11-03T00:22:52","version" => "1.950"},{"date" => "2021-12-14T14:43:29","version" => "1.951"},{"date" => "2021-12-14T14:58:13","version" => "1.952"},{"date" => "2023-01-09T00:03:49","version" => "1.953"},{"date" => "2024-05-02T21:13:55","version" => "1.954"}]},"Encode" => {"advisories" => [{"affected_versions" => ["<2.85"],"cves" => ["CVE-2016-1238"],"description" => "Loading optional modules from . (current directory).\n","distribution" => "Encode","fixed_versions" => [">=2.85"],"id" => "CPANSA-Encode-2016-01","references" => ["https://metacpan.org/changes/distribution/Encode","https://github.com/dankogai/p5-encode/pull/58/commits/12be15d64ce089154c4367dc1842cd0dc0993ec6"],"reported" => "2016-07-27","severity" => "high"},{"affected_versions" => [">=3.05","<=3.11"],"cves" => ["CVE-2021-36770"],"description" => "Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates \@INC in a scalar context, and thus \@INC has only an integer value.\n","distribution" => "Encode","fixed_versions" => [">3.11"],"id" => "CPANSA-Encode-2021-01","references" => ["https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9","https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74","https://metacpan.org/dist/Encode/changes","https://news.cpanel.com/unscheduled-tsr-10-august-2021/","https://security.netapp.com/advisory/ntap-20210909-0003/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/","https://security-tracker.debian.org/tracker/CVE-2021-36770"],"reported" => "2021-07-17"},{"affected_versions" => ["<2.44"],"cves" => ["CVE-2011-2939"],"description" => "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.\n","distribution" => "Encode","fixed_versions" => [">=2.44"],"id" => "CPANSA-Encode-2011-2939","references" => ["http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5","https://bugzilla.redhat.com/show_bug.cgi?id=731246","http://www.openwall.com/lists/oss-security/2011/08/19/17","http://www.redhat.com/support/errata/RHSA-2011-1424.html","http://www.openwall.com/lists/oss-security/2011/08/18/8","http://secunia.com/advisories/46989","http://www.mandriva.com/security/advisories?name=MDVSA-2012:008","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://www.securityfocus.com/bid/49858","http://secunia.com/advisories/46172","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://secunia.com/advisories/55314","http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)"],"reported" => "2012-01-13","severity" => undef,"x-commit" => "Encode CVE-2011-2939 GitHub #13"}],"main_module" => "Encode","versions" => [{"date" => "2002-03-20T08:30:40","version" => "0.93"},{"date" => "2002-03-20T20:15:52","version" => "0.94"},{"date" => "2002-03-21T16:07:21","version" => "0.95"},{"date" => "2002-03-22T22:33:15","version" => "0.96"},{"date" => "2002-03-23T20:36:05","version" => "0.97"},{"date" => "2002-03-24T16:07:09","version" => "0.98"},{"date" => "2002-03-25T19:45:16","version" => "0.99"},{"date" => "2002-03-28T23:39:49","version" => "1.00"},{"date" => "2002-03-29T21:43:17","version" => "1.01"},{"date" => "2002-03-31T21:40:25","version" => "1.10"},{"date" => "2002-03-31T22:27:07","version" => "1.11"},{"date" => "2002-04-04T20:02:40","version" => "1.20"},{"date" => "2002-04-07T15:36:48","version" => "1.26"},{"date" => "2002-04-07T18:49:41","version" => "1.27"},{"date" => "2002-04-07T19:05:34","version" => "1.28"},{"date" => "2002-04-08T02:49:31","version" => "1.30"},{"date" => "2002-04-08T18:51:14","version" => "1.31"},{"date" => "2002-04-09T20:26:37","version" => "1.32"},{"date" => "2002-04-10T22:44:19","version" => "1.33"},{"date" => "2002-04-14T22:49:10","version" => "1.40"},{"date" => "2002-04-16T23:47:16","version" => "1.41"},{"date" => "2002-04-19T06:18:26","version" => "1.50"},{"date" => "2002-04-20T10:08:39","version" => "1.51"},{"date" => "2002-04-20T23:55:45","version" => "1.52"},{"date" => "2002-04-22T09:56:04","version" => "1.56"},{"date" => "2002-04-22T20:37:12","version" => "1.57"},{"date" => "2002-04-23T00:22:06","version" => "1.58"},{"date" => "2002-04-24T20:23:42","version" => "1.60"},{"date" => "2002-04-26T03:19:40","version" => "1.61"},{"date" => "2002-04-27T11:43:39","version" => "1.62"},{"date" => "2002-04-27T19:52:51","version" => "1.63"},{"date" => "2002-04-29T07:20:38","version" => "1.64"},{"date" => "2002-04-30T16:40:07","version" => "1.65"},{"date" => "2002-05-01T05:51:35","version" => "1.66"},{"date" => "2002-05-02T07:43:35","version" => "1.67"},{"date" => "2002-05-03T12:29:47","version" => "1.68"},{"date" => "2002-05-04T16:50:40","version" => "1.69"},{"date" => "2002-05-06T10:36:39","version" => "1.70"},{"date" => "2002-05-07T16:30:42","version" => "1.71"},{"date" => "2002-05-20T16:04:48","version" => "1.72"},{"date" => "2002-05-28T18:41:36","version" => "1.74"},{"date" => "2002-06-01T18:17:49","version" => "1.75"},{"date" => "2002-08-25T15:18:49","version" => "1.76"},{"date" => "2002-10-06T03:59:19","version" => "1.77"},{"date" => "2002-10-20T15:55:16","version" => "1.78"},{"date" => "2002-10-21T06:11:36","version" => "1.79"},{"date" => "2002-10-21T20:42:56","version" => "1.80"},{"date" => "2002-11-08T18:42:11","version" => "1.81"},{"date" => "2002-11-14T23:17:11","version" => "1.82"},{"date" => "2002-11-18T18:06:47","version" => "1.83"},{"date" => "2003-01-10T12:09:05","version" => "1.84"},{"date" => "2003-01-21T22:23:28","version" => "1.85"},{"date" => "2003-01-22T03:36:42","version" => "1.86"},{"date" => "2003-02-06T02:01:00","version" => "1.87"},{"date" => "2003-02-20T14:46:12","version" => "1.88"},{"date" => "2003-02-28T01:45:53","version" => "1.89"},{"date" => "2003-03-09T17:54:26","version" => "1.90"},{"date" => "2003-03-09T20:12:08","version" => "1.91"},{"date" => "2003-03-31T03:51:31","version" => "1.92"},{"date" => "2003-04-24T17:50:54","version" => "1.93"},{"date" => "2003-05-10T18:31:48","version" => "1.94"},{"date" => "2003-05-21T09:22:43","version" => "1.95"},{"date" => "2003-06-18T09:41:21","version" => "1.96"},{"date" => "2003-07-08T22:01:28","version" => "1.97"},{"date" => "2003-08-25T11:47:32","version" => "1.98"},{"date" => "2003-12-29T02:52:28","version" => "1.99"},{"date" => "2004-05-16T21:05:06","version" => "2.00"},{"date" => "2004-05-25T16:31:35","version" => "2.01"},{"date" => "2004-08-31T11:01:51","version" => "2.02"},{"date" => "2004-10-06T06:50:47","version" => "2.03"},{"date" => "2004-10-16T21:26:58","version" => "2.04"},{"date" => "2004-10-19T05:03:32","version" => "2.05"},{"date" => "2004-10-22T06:29:14","version" => "2.06"},{"date" => "2004-10-22T19:43:19","version" => "2.07"},{"date" => "2004-10-24T13:04:29","version" => "2.08"},{"date" => "2004-12-03T19:21:42","version" => "2.09"},{"date" => "2005-05-16T18:54:53","version" => "2.10"},{"date" => "2005-08-05T11:26:06","version" => "2.11"},{"date" => "2005-09-08T14:23:38","version" => "2.12"},{"date" => "2006-01-15T15:12:01","version" => "2.13"},{"date" => "2006-01-15T15:57:41","version" => "2.14"},{"date" => "2006-04-06T16:01:30","version" => "2.15"},{"date" => "2006-05-03T18:38:44","version" => "2.16"},{"date" => "2006-05-09T17:14:04","version" => "2.17"},{"date" => "2006-06-03T20:34:08","version" => "2.18"},{"date" => "2007-04-06T13:05:52","version" => "2.19"},{"date" => "2007-04-22T15:17:34","version" => "2.20"},{"date" => "2007-05-12T06:50:09","version" => "2.21"},{"date" => "2007-05-29T07:43:07","version" => "2.22"},{"date" => "2007-05-29T18:21:25","version" => "2.23"},{"date" => "2008-03-12T10:12:18","version" => "2.24"},{"date" => "2008-05-07T21:06:08","version" => "2.25"},{"date" => "2008-07-01T21:03:33","version" => "2.26"},{"date" => "2009-01-21T23:01:50","version" => "2.27"},{"date" => "2009-02-01T13:16:44","version" => "2.29"},{"date" => "2009-02-15T17:48:01","version" => "2.30"},{"date" => "2009-02-16T06:25:32","version" => "2.31"},{"date" => "2009-03-07T07:45:00","version" => "2.32"},{"date" => "2009-03-25T08:01:10","version" => "2.33"},{"date" => "2009-07-08T13:53:25","version" => "2.34"},{"date" => "2009-07-13T02:32:45","version" => "2.35"},{"date" => "2009-09-06T09:20:21","version" => "2.36"},{"date" => "2009-09-06T14:37:23","version" => "2.37"},{"date" => "2009-11-16T14:34:43","version" => "2.38"},{"date" => "2009-11-26T09:31:02","version" => "2.39"},{"date" => "2010-09-18T18:47:17","version" => "2.40"},{"date" => "2010-12-23T11:12:33","version" => "2.41"},{"date" => "2010-12-31T22:52:35","version" => "2.42"},{"date" => "2011-05-21T23:21:24","version" => "2.43"},{"date" => "2011-08-09T08:01:30","version" => "2.44"},{"date" => "2012-08-05T23:15:11","version" => "2.45"},{"date" => "2012-08-12T05:52:45","version" => "2.46"},{"date" => "2012-08-15T05:40:21","version" => "2.47"},{"date" => "2013-02-18T02:43:35","version" => "2.48"},{"date" => "2013-03-05T03:19:15","version" => "2.49"},{"date" => "2013-04-26T18:36:59","version" => "2.50"},{"date" => "2013-04-29T22:21:31","version" => "2.51"},{"date" => "2013-08-14T02:33:46","version" => "2.52"},{"date" => "2013-08-29T15:27:02","version" => "2.53"},{"date" => "2013-08-29T16:50:08","version" => "2.54"},{"date" => "2013-09-14T07:58:54","version" => "2.55"},{"date" => "2013-12-22T04:12:07","version" => "2.56"},{"date" => "2014-01-03T04:55:36","version" => "2.57"},{"date" => "2014-03-28T02:41:54","version" => "2.58"},{"date" => "2014-04-06T17:41:19","version" => "2.59"},{"date" => "2014-04-29T16:34:10","version" => "2.60"},{"date" => "2014-05-31T09:55:56","version" => "2.61"},{"date" => "2014-05-31T12:20:28","version" => "2.62"},{"date" => "2014-10-19T07:13:44","version" => "2.63"},{"date" => "2014-10-29T15:42:04","version" => "2.64"},{"date" => "2014-11-27T14:12:57","version" => "2.65"},{"date" => "2014-12-02T23:37:28","version" => "2.66"},{"date" => "2014-12-04T20:28:33","version" => "2.67"},{"date" => "2015-01-22T10:29:46","version" => "2.68"},{"date" => "2015-02-05T10:43:34","version" => "2.69"},{"date" => "2015-02-05T10:56:52","version" => "2.70"},{"date" => "2015-03-12T00:14:19","version" => "2.71"},{"date" => "2015-03-14T02:51:25","version" => "2.72"},{"date" => "2015-04-15T23:27:13","version" => "2.73"},{"date" => "2015-06-25T00:59:20","version" => "2.74"},{"date" => "2015-06-30T10:10:03","version" => "2.75"},{"date" => "2015-07-31T02:26:51","version" => "2.76"},{"date" => "2015-09-15T14:03:35","version" => "2.77"},{"date" => "2015-09-24T02:29:52","version" => "2.78"},{"date" => "2016-01-22T07:08:25","version" => "2.79"},{"date" => "2016-01-25T15:04:42","version" => "2.80"},{"date" => "2016-02-06T19:34:58","version" => "2.81"},{"date" => "2016-02-06T20:21:37","version" => "2.82"},{"date" => "2016-03-24T08:00:30","version" => "2.83"},{"date" => "2016-04-11T07:24:26","version" => "2.84"},{"date" => "2016-08-04T03:37:23","version" => "2.85"},{"date" => "2016-08-10T18:25:39","version" => "2.86"},{"date" => "2016-10-28T05:15:33","version" => "2.87"},{"date" => "2016-11-29T23:38:19","version" => "2.88"},{"date" => "2017-04-21T05:24:59","version" => "2.89"},{"date" => "2017-06-10T17:46:11","version" => "2.90"},{"date" => "2017-06-22T08:18:22","version" => "2.91"},{"date" => "2017-07-18T07:23:39","version" => "2.92"},{"date" => "2017-10-06T22:33:35","version" => "2.93"},{"date" => "2018-01-09T06:04:38","version" => "2.94"},{"date" => "2018-02-08T00:41:02","version" => "2.95"},{"date" => "2018-02-11T05:41:37","version" => "2.96"},{"date" => "2018-02-21T12:30:05","version" => "2.97"},{"date" => "2018-04-22T09:14:59","version" => "2.98"},{"date" => "2019-01-21T03:28:35","version" => "2.99"},{"date" => "2019-01-31T04:42:29","version" => "2.100"},{"date" => "2019-01-31T05:05:06","version" => "3.00"},{"date" => "2019-03-13T00:45:28","version" => "3.01"},{"date" => "2019-12-25T09:47:36","version" => "3.02"},{"date" => "2020-03-02T04:45:26","version" => "3.03"},{"date" => "2020-03-10T22:40:35","version" => "3.04"},{"date" => "2020-03-18T05:03:23","version" => "3.05"},{"date" => "2020-05-02T02:40:38","version" => "3.06"},{"date" => "2020-07-25T13:08:13","version" => "3.07"},{"date" => "2020-12-02T09:20:23","version" => "3.08"},{"date" => "2021-05-14T11:03:11","version" => "3.09"},{"date" => "2021-05-18T07:51:48","version" => "3.10"},{"date" => "2021-07-23T02:41:38","version" => "3.11"},{"date" => "2021-08-09T14:30:33","version" => "3.12"},{"date" => "2021-10-06T00:57:50","version" => "3.13"},{"date" => "2021-10-08T00:35:29","version" => "3.14"},{"date" => "2021-10-08T15:45:44","version" => "3.15"},{"date" => "2021-10-13T08:39:09","version" => "3.16"},{"date" => "2022-04-07T03:18:23","version" => "3.17"},{"date" => "2022-06-25T02:14:35","version" => "3.18"},{"date" => "2022-08-04T04:51:01","version" => "3.19"},{"date" => "2023-11-10T01:26:15","version" => "3.20"},{"date" => "2024-02-25T23:19:43","version" => "3.21"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "0.40"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.9801"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "1.99_01"},{"date" => "2006-08-15T00:00:00","dual_lived" => 1,"perl_release" => "5.009004","version" => "2.18_01"},{"date" => "2012-11-10T00:00:00","dual_lived" => 1,"perl_release" => "5.012005","version" => "2.39_01"},{"date" => "2011-09-26T00:00:00","dual_lived" => 1,"perl_release" => "5.014002","version" => "2.42_01"},{"date" => "2013-03-10T00:00:00","dual_lived" => 1,"perl_release" => "5.014004","version" => "2.42_02"},{"date" => "2013-03-11T00:00:00","dual_lived" => 1,"perl_release" => "5.016003","version" => "2.44_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.72_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "2.80_01"},{"date" => "2022-03-13T00:00:00","dual_lived" => 1,"perl_release" => "5.034001","version" => "3.08_01"}]},"ExtUtils-MakeMaker" => {"advisories" => [{"affected_versions" => ["<7.22"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "ExtUtils-MakeMaker","fixed_versions" => [">=7.22"],"id" => "CPANSA-ExtUtils-MakeMaker-2016-01","references" => ["https://metacpan.org/changes/distribution/ExtUtils-MakeMaker","https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/commit/3e9df17d11c40f2561c23ec79693c8c390e0ae88"],"reported" => "2016-08-07","severity" => "high"}],"main_module" => "ExtUtils::MakeMaker","versions" => [{"date" => "2001-07-06T08:23:56","version" => "5.47_01"},{"date" => "2002-01-16T20:19:18","version" => "5.48_01"},{"date" => "2002-01-18T04:56:33","version" => "5.48_03"},{"date" => "2002-01-22T00:33:31","version" => "5.48_04"},{"date" => "2002-02-04T08:46:04","version" => "5.49_01"},{"date" => "2002-03-05T04:53:40","version" => "5.50_01"},{"date" => "2002-03-25T07:53:14","version" => "5.51_01"},{"date" => "2002-03-26T05:56:07","version" => "5.52_01"},{"date" => "2002-03-31T03:55:52","version" => "5.54_01"},{"date" => "2002-04-05T05:01:52","version" => "5.55_01"},{"date" => "2002-04-06T08:29:20","version" => "5.55_02"},{"date" => "2002-04-07T03:04:18","version" => "5.55_03"},{"date" => "2002-04-11T05:32:04","version" => "5.90_01"},{"date" => "2002-04-24T04:21:44","version" => "5.91_01"},{"date" => "2002-04-30T03:43:53","version" => "5.92_01"},{"date" => "2002-05-06T06:02:08","version" => "5.93_01"},{"date" => "2002-05-17T19:04:41","version" => "5.94_01"},{"date" => "2002-05-17T21:24:13","version" => "5.94_02"},{"date" => "2002-05-18T18:43:02","version" => "5.95_01"},{"date" => "2002-05-23T21:01:02","version" => "5.96_01"},{"date" => "2002-05-26T01:25:25","version" => "6.00"},{"date" => "2002-05-30T19:02:20","version" => "6.01"},{"date" => "2002-06-16T05:41:28","version" => "6.02"},{"date" => "2002-06-19T21:24:32","version" => "6.03"},{"date" => "2002-08-27T01:42:36","version" => "6.04"},{"date" => "2002-08-27T23:24:30","version" => "6.05"},{"date" => "2002-12-19T08:42:01","version" => "6.06_01"},{"date" => "2002-12-24T04:54:53","version" => "6.06_02"},{"date" => "2003-03-30T03:49:59","version" => "6.06_03"},{"date" => "2003-03-31T04:37:55","version" => "6.06_04"},{"date" => "2003-03-31T10:50:00","version" => "6.06_05"},{"date" => "2003-04-07T02:46:10","version" => "6.10_01"},{"date" => "2003-04-07T08:33:23","version" => "6.10_02"},{"date" => "2003-04-11T07:27:36","version" => "6.10_03"},{"date" => "2003-05-23T09:05:27","version" => "6.10_04"},{"date" => "2003-06-07T01:32:29","version" => "6.10_05"},{"date" => "2003-06-07T08:00:14","version" => "6.10_06"},{"date" => "2003-07-05T23:40:34","version" => "6.10_07"},{"date" => "2003-07-22T01:23:46","version" => "6.10_08"},{"date" => "2003-07-28T04:00:19","version" => "6.11"},{"date" => "2003-07-30T05:28:47","version" => "6.12"},{"date" => "2003-07-31T23:51:40","version" => "6.13"},{"date" => "2003-08-03T23:27:51","version" => "6.14"},{"date" => "2003-08-03T23:46:11","version" => "6.15"},{"date" => "2003-08-18T08:43:08","version" => "6.16"},{"date" => "2003-09-15T22:23:01","version" => "6.17"},{"date" => "2003-11-04T04:12:53","version" => "6.18"},{"date" => "2003-11-04T07:03:30","version" => "6.19"},{"date" => "2003-11-06T10:37:47","version" => "6.20"},{"date" => "2003-11-11T08:26:17","version" => "6.21"},{"date" => "2004-04-03T21:33:45","version" => "6.21_03"},{"date" => "2004-11-24T04:06:20","version" => "6.22"},{"date" => "2004-11-26T21:15:45","version" => "6.23"},{"date" => "2004-11-30T20:42:14","version" => "6.24"},{"date" => "2004-12-09T06:00:53","version" => "6.24_01"},{"date" => "2004-12-15T12:05:50","version" => "6.25"},{"date" => "2004-12-18T02:34:56","version" => "6.25_01"},{"date" => "2004-12-20T08:36:56","version" => "6.25_02"},{"date" => "2004-12-21T04:17:27","version" => "6.25_03"},{"date" => "2004-12-21T05:58:10","version" => "6.25_04"},{"date" => "2004-12-22T13:05:53","version" => "6.25_05"},{"date" => "2004-12-26T22:26:26","version" => "6.25_06"},{"date" => "2004-12-31T08:53:31","version" => "6.25_07"},{"date" => "2005-02-08T14:21:17","version" => "6.25_08"},{"date" => "2005-03-12T18:29:26","version" => "6.25_09"},{"date" => "2005-03-14T00:17:26","version" => "6.25_10"},{"date" => "2005-03-15T10:05:07","version" => "6.25_11"},{"date" => "2005-03-19T00:19:47","version" => "6.25_12"},{"date" => "2005-03-22T22:50:34","version" => "6.26"},{"date" => "2005-03-29T05:48:40","version" => "6.26_01"},{"date" => "2005-04-04T23:55:46","version" => "6.27"},{"date" => "2005-04-12T23:23:53","version" => "6.28"},{"date" => "2005-05-19T21:22:00","version" => "6.29"},{"date" => "2005-05-20T23:14:45","version" => "6.30"},{"date" => "2005-08-17T06:59:11","version" => "6.30_01"},{"date" => "2006-09-01T19:07:28","version" => "6.30_02"},{"date" => "2006-09-01T21:06:57","version" => "6.30_03"},{"date" => "2006-09-11T20:20:27","version" => "6.30_04"},{"date" => "2006-10-10T01:04:44","version" => "6.31"},{"date" => "2007-02-21T16:02:09","version" => "6.32"},{"date" => "2007-06-29T22:18:15","version" => "6.33"},{"date" => "2007-06-30T16:10:15","version" => "6.34"},{"date" => "2007-07-02T03:56:25","version" => "6.35"},{"date" => "2007-07-03T08:10:57","version" => "6.36"},{"date" => "2007-11-26T01:10:14","version" => "6.37_01"},{"date" => "2007-11-26T07:35:50","version" => "6.37_02"},{"date" => "2007-11-26T22:18:55","version" => "6.37_03"},{"date" => "2007-11-29T00:04:35","version" => "6.38"},{"date" => "2007-12-06T11:08:15","version" => "6.40"},{"date" => "2007-12-08T01:02:26","version" => "6.42"},{"date" => "2008-01-02T00:09:23","version" => "6.43_01"},{"date" => "2008-02-29T00:08:42","version" => "6.44"},{"date" => "2008-09-06T10:22:44","version" => "6.45_01"},{"date" => "2008-09-07T21:18:05","version" => "6.45_02"},{"date" => "2008-09-27T21:37:54","version" => "6.46"},{"date" => "2008-10-14T16:41:49","version" => "6.47_01"},{"date" => "2008-10-16T23:18:52","version" => "6.47_02"},{"date" => "2008-10-20T18:20:40","version" => "6.48"},{"date" => "2009-02-20T01:11:08","version" => "6.49_01"},{"date" => "2009-03-22T19:30:00","version" => "6.50"},{"date" => "2009-04-10T21:33:29","version" => "6.51_01"},{"date" => "2009-04-14T04:22:58","version" => "6.51_02"},{"date" => "2009-05-24T05:41:35","version" => "6.51_03"},{"date" => "2009-05-24T21:07:28","version" => "6.51_04"},{"date" => "2009-05-30T18:41:35","version" => "6.52"},{"date" => "2009-06-08T02:05:24","version" => "6.53_01"},{"date" => "2009-06-08T02:28:24","version" => "6.53_02"},{"date" => "2009-07-02T21:55:25","version" => "6.53_03"},{"date" => "2009-07-07T23:53:09","version" => "6.54"},{"date" => "2009-07-14T23:02:39","version" => "6.55_01"},{"date" => "2009-08-05T07:40:59","version" => "6.55_02"},{"date" => "2009-12-05T07:09:23","version" => "6.55_03"},{"date" => "2009-12-17T22:06:47","version" => "6.56"},{"date" => "2010-08-24T08:38:36","version" => "6.57_01"},{"date" => "2010-09-07T23:43:49","version" => "6.57_02"},{"date" => "2010-09-08T22:33:36","version" => "6.57_03"},{"date" => "2010-09-09T23:52:37","version" => "6.57_04"},{"date" => "2010-09-11T20:25:23","version" => "6.57_05"},{"date" => "2010-10-06T10:53:43","version" => "6.57_06"},{"date" => "2011-03-25T03:41:39","version" => "6.57_07"},{"date" => "2011-03-27T11:00:41","version" => "6.57_08"},{"date" => "2011-03-28T00:15:59","version" => "6.57_09"},{"date" => "2011-04-04T05:33:46","version" => "6.57_10"},{"date" => "2011-05-20T00:34:23","version" => "6.57_11"},{"date" => "2011-07-06T21:22:27","version" => "6.58"},{"date" => "2011-08-03T20:25:34","version" => "6.58_01"},{"date" => "2011-08-05T13:07:58","version" => "6.59"},{"date" => "2011-09-25T05:23:43","version" => "6.61_01"},{"date" => "2011-10-23T23:48:06","version" => "6.62"},{"date" => "2011-10-24T00:40:49","version" => "6.63_01"},{"date" => "2011-11-02T00:07:43","version" => "6.63_02"},{"date" => "2012-11-02T03:58:40","version" => "6.63_03"},{"date" => "2012-11-22T21:25:35","version" => "6.63_04"},{"date" => "2012-12-17T02:35:20","version" => "6.64"},{"date" => "2013-03-18T23:21:28","version" => "6.65_01"},{"date" => "2013-04-14T09:59:15","version" => "6.65_02"},{"date" => "2013-04-15T12:50:31","version" => "6.65_03"},{"date" => "2013-04-19T17:52:08","version" => "6.66"},{"date" => "2013-04-25T20:08:31","version" => "6.67_01"},{"date" => "2013-06-02T17:31:16","version" => "6.67_02"},{"date" => "2013-06-05T21:09:00","version" => "6.67_03"},{"date" => "2013-06-10T19:25:22","version" => "6.67_04"},{"date" => "2013-06-13T20:55:25","version" => "6.67_05"},{"date" => "2013-06-14T22:35:24","version" => "6.68"},{"date" => "2013-06-20T12:00:00","version" => "6.69_01"},{"date" => "2013-07-02T12:16:23","version" => "6.69_02"},{"date" => "2013-07-09T21:47:07","version" => "6.69_03"},{"date" => "2013-07-10T10:50:08","version" => "6.69_04"},{"date" => "2013-07-11T21:20:53","version" => "6.69_05"},{"date" => "2013-07-12T13:51:50","version" => "6.69_06"},{"date" => "2013-07-16T14:34:32","version" => "6.69_07"},{"date" => "2013-07-16T23:40:44","version" => "6.69_08"},{"date" => "2013-07-21T08:26:44","version" => "6.69_09"},{"date" => "2013-07-23T21:42:47","version" => "6.70"},{"date" => "2013-07-24T08:33:58","version" => "6.71_01"},{"date" => "2013-07-24T17:42:20","version" => "6.72"},{"date" => "2013-07-24T22:53:41","version" => "6.73_01"},{"date" => "2013-07-26T12:34:19","version" => "6.73_02"},{"date" => "2013-07-30T21:12:02","version" => "6.73_03"},{"date" => "2013-08-01T21:41:12","version" => "6.73_04"},{"date" => "2013-08-05T16:45:38","version" => "6.73_05"},{"date" => "2013-08-05T23:52:18","version" => "6.73_06"},{"date" => "2013-08-07T15:09:12","version" => "6.73_07"},{"date" => "2013-08-09T18:52:24","version" => "6.73_08"},{"date" => "2013-08-09T19:00:18","version" => "6.73_09"},{"date" => "2013-08-16T15:43:35","version" => "6.73_10"},{"date" => "2013-08-17T21:57:55","version" => "6.73_11"},{"date" => "2013-08-23T09:52:43","version" => "6.73_12"},{"date" => "2013-08-27T11:45:55","version" => "6.74"},{"date" => "2013-08-29T14:09:22","version" => "6.75_01"},{"date" => "2013-09-01T20:52:29","version" => "6.75_02"},{"date" => "2013-09-02T23:26:56","version" => "6.75_03"},{"date" => "2013-09-05T11:10:20","version" => "6.75_04"},{"date" => "2013-09-06T12:40:59","version" => "6.76"},{"date" => "2013-09-10T14:22:45","version" => "6.77_01"},{"date" => "2013-09-12T20:23:49","version" => "6.77_02"},{"date" => "2013-09-16T11:23:59","version" => "6.77_03"},{"date" => "2013-09-18T18:25:33","version" => "6.77_04"},{"date" => "2013-09-19T13:12:32","version" => "6.77_05"},{"date" => "2013-09-19T14:43:24","version" => "6.77_06"},{"date" => "2013-09-21T08:48:44","version" => "6.77_07"},{"date" => "2013-09-22T17:46:50","version" => "6.77_08"},{"date" => "2013-09-23T12:47:39","version" => "6.78"},{"date" => "2013-10-01T14:01:33","version" => "6.79_01"},{"date" => "2013-10-11T12:01:23","version" => "6.79_02"},{"date" => "2013-10-11T13:00:29","version" => "6.79_03"},{"date" => "2013-10-11T17:59:30","version" => "6.79_04"},{"date" => "2013-10-15T15:08:06","version" => "6.80"},{"date" => "2013-10-16T08:04:29","version" => "6.81_01"},{"date" => "2013-10-17T11:24:19","version" => "6.81_02"},{"date" => "2013-10-24T19:54:34","version" => "6.81_03"},{"date" => "2013-11-01T19:56:13","version" => "6.81_04"},{"date" => "2013-11-02T21:44:06","version" => "6.81_05"},{"date" => "2013-11-04T19:24:38","version" => "6.82"},{"date" => "2013-11-05T11:45:54","version" => "6.83_01"},{"date" => "2013-11-12T11:15:21","version" => "6.83_02"},{"date" => "2013-11-15T09:49:39","version" => "6.83_03"},{"date" => "2013-11-17T11:44:01","version" => "6.83_04"},{"date" => "2013-11-25T22:52:46","version" => "6.83_05"},{"date" => "2013-11-29T21:55:40","version" => "6.83_06"},{"date" => "2013-11-30T15:27:01","version" => "6.84"},{"date" => "2013-12-16T13:18:35","version" => "6.85_01"},{"date" => "2013-12-17T10:17:50","version" => "6.85_02"},{"date" => "2013-12-23T14:59:36","version" => "6.85_03"},{"date" => "2013-12-23T15:02:38","version" => "6.85_04"},{"date" => "2013-12-29T11:28:14","version" => "6.85_05"},{"date" => "2013-12-30T23:18:09","version" => "6.85_06"},{"date" => "2014-01-01T19:00:36","version" => "6.85_07"},{"date" => "2014-01-04T12:21:05","version" => "6.86"},{"date" => "2014-01-12T10:34:38","version" => "6.87_01"},{"date" => "2014-01-18T13:30:15","version" => "6.87_02"},{"date" => "2014-01-19T17:53:19","version" => "6.87_03"},{"date" => "2014-01-26T19:33:34","version" => "6.87_04"},{"date" => "2014-01-28T14:00:44","version" => "6.87_05"},{"date" => "2014-01-31T20:59:13","version" => "6.88"},{"date" => "2014-02-17T16:23:55","version" => "6.89_01"},{"date" => "2014-02-20T20:49:24","version" => "6.90"},{"date" => "2014-03-06T13:52:24","version" => "6.91_01"},{"date" => "2014-03-13T16:34:37","version" => "6.92"},{"date" => "2014-03-24T16:57:01","version" => "6.93_01"},{"date" => "2014-03-25T20:38:21","version" => "6.94"},{"date" => "2014-04-02T20:52:53","version" => "6.95_01"},{"date" => "2014-04-07T14:29:26","version" => "6.95_02"},{"date" => "2014-04-11T21:09:21","version" => "6.96"},{"date" => "2014-04-24T13:29:12","version" => "6.97_01"},{"date" => "2014-04-28T10:55:44","version" => "6.97_02"},{"date" => "2014-04-29T20:41:00","version" => "6.98"},{"date" => "2014-06-03T21:19:42","version" => "6.99_01"},{"date" => "2014-06-05T11:18:25","version" => "6.99_02"},{"date" => "2014-07-04T10:15:23","version" => "6.99_03"},{"date" => "2014-07-12T11:54:35","version" => "6.99_04"},{"date" => "2014-07-22T11:42:12","version" => "6.99_05"},{"date" => "2014-07-28T14:07:14","version" => "6.99_06"},{"date" => "2014-07-30T16:44:02","version" => "6.99_07"},{"date" => "2014-08-18T13:19:18","version" => "6.99_08"},{"date" => "2014-08-28T10:13:30","version" => "6.99_09"},{"date" => "2014-09-04T14:04:55","version" => "6.99_10"},{"date" => "2014-09-08T13:39:46","version" => "6.99_11"},{"date" => "2014-09-11T14:32:19","version" => "6.99_12"},{"date" => "2014-09-15T19:11:34","version" => "6.99_13"},{"date" => "2014-09-19T14:06:14","version" => "6.99_14"},{"date" => "2014-09-21T12:23:58","version" => "6.99_15"},{"date" => "2014-10-02T18:50:08","version" => "6.99_16"},{"date" => "2014-10-12T18:41:24","version" => "6.99_17"},{"date" => "2014-10-20T09:14:39","version" => "6.99_18"},{"date" => "2014-10-22T19:48:56","version" => "7.00"},{"date" => "2014-10-25T12:49:55","version" => "7.01_01"},{"date" => "2014-10-25T16:49:40","version" => "7.01_02"},{"date" => "2014-10-30T19:48:04","version" => "7.01_03"},{"date" => "2014-10-31T10:13:56","version" => "7.01_04"},{"date" => "2014-11-03T12:53:43","version" => "7.01_05"},{"date" => "2014-11-03T20:55:23","version" => "7.01_06"},{"date" => "2014-11-04T19:40:07","version" => "7.01_07"},{"date" => "2014-11-04T20:29:00","version" => "7.01_08"},{"date" => "2014-11-06T21:59:55","version" => "7.01_09"},{"date" => "2014-11-08T10:39:16","version" => "7.02"},{"date" => "2014-11-18T21:47:11","version" => "7.03_01"},{"date" => "2014-11-24T13:26:46","version" => "7.03_02"},{"date" => "2014-11-25T16:43:06","version" => "7.03_03"},{"date" => "2014-11-27T14:42:51","version" => "7.03_04"},{"date" => "2014-11-28T18:32:48","version" => "7.03_05"},{"date" => "2014-12-01T15:37:46","version" => "7.03_06"},{"date" => "2014-12-02T12:56:02","version" => "7.04"},{"date" => "2014-12-06T16:58:07","version" => "7.05_01"},{"date" => "2014-12-15T20:13:08","version" => "7.05_02"},{"date" => "2014-12-24T12:12:00","version" => "7.05_03"},{"date" => "2014-12-24T14:49:46","version" => "7.05_04"},{"date" => "2014-12-31T23:21:05","version" => "7.05_05"},{"date" => "2015-01-08T19:09:29","version" => "7.05_06"},{"date" => "2015-01-09T16:23:43","version" => "7.05_07"},{"date" => "2015-01-20T10:13:21","version" => "7.05_08"},{"date" => "2015-01-23T10:51:30","version" => "7.05_09"},{"date" => "2015-01-26T15:19:01","version" => "7.05_10"},{"date" => "2015-01-31T16:40:19","version" => "7.05_11"},{"date" => "2015-02-07T15:19:11","version" => "7.05_12"},{"date" => "2015-02-18T22:49:29","version" => "7.05_13"},{"date" => "2015-02-20T17:32:55","version" => "7.05_14"},{"date" => "2015-03-05T19:44:02","version" => "7.05_15"},{"date" => "2015-03-09T11:35:12","version" => "7.05_16"},{"date" => "2015-03-24T12:27:52","version" => "7.05_17"},{"date" => "2015-03-27T12:20:03","version" => "7.05_18"},{"date" => "2015-03-27T16:59:34","version" => "7.05_19"},{"date" => "2015-04-04T15:53:36","version" => "7.05_20"},{"date" => "2015-06-13T14:19:26","version" => "7.05_21"},{"date" => "2015-06-14T13:44:56","version" => "7.05_22"},{"date" => "2015-06-24T19:51:24","version" => "7.05_23"},{"date" => "2015-07-01T18:30:38","version" => "7.05_24"},{"date" => "2015-07-07T17:18:36","version" => "7.05_25"},{"date" => "2015-08-04T19:41:25","version" => "7.05_26"},{"date" => "2015-08-05T09:35:40","version" => "7.05_27"},{"date" => "2015-08-19T18:10:20","version" => "7.05_28"},{"date" => "2015-08-24T15:26:22","version" => "7.05_29"},{"date" => "2015-08-31T18:06:48","version" => "7.06"},{"date" => "2015-09-02T11:55:33","version" => "7.07_01"},{"date" => "2015-09-08T19:59:05","version" => "7.08"},{"date" => "2015-09-10T18:55:41","version" => "7.10"},{"date" => "2015-11-12T12:35:03","version" => "7.11_01"},{"date" => "2015-11-21T20:23:22","version" => "7.11_02"},{"date" => "2015-11-25T15:40:06","version" => "7.11_03"},{"date" => "2016-02-15T11:40:55","version" => "7.11_04"},{"date" => "2016-03-19T10:07:11","version" => "7.11_05"},{"date" => "2016-03-29T18:44:47","version" => "7.11_06"},{"date" => "2016-04-19T11:41:10","version" => "7.12"},{"date" => "2016-04-23T16:35:56","version" => "7.13_01"},{"date" => "2016-04-24T13:20:40","version" => "7.14"},{"date" => "2016-04-27T18:27:25","version" => "7.15_01"},{"date" => "2016-04-28T12:15:28","version" => "7.15_02"},{"date" => "2016-05-01T13:29:10","version" => "7.15_03"},{"date" => "2016-05-07T10:28:49","version" => "7.16"},{"date" => "2016-05-09T19:14:54","version" => "7.17_01"},{"date" => "2016-05-09T23:07:33","version" => "7.17_02"},{"date" => "2016-05-11T18:22:21","version" => "7.17_03"},{"date" => "2016-05-23T15:39:08","version" => "7.18"},{"date" => "2016-06-02T14:01:28","version" => "7.19_01"},{"date" => "2016-06-13T09:11:52","version" => "7.19_02"},{"date" => "2016-06-13T13:44:33","version" => "7.19_03"},{"date" => "2016-06-14T11:35:43","version" => "7.19_04"},{"date" => "2016-06-20T14:40:57","version" => "7.19_05"},{"date" => "2016-06-27T12:04:29","version" => "7.19_06"},{"date" => "2016-07-03T14:30:23","version" => "7.19_07"},{"date" => "2016-07-28T12:26:56","version" => "7.19_08"},{"date" => "2016-08-05T08:57:09","version" => "7.20"},{"date" => "2016-08-07T09:54:04","version" => "7.21_01"},{"date" => "2016-08-08T08:42:10","version" => "7.22"},{"date" => "2016-08-19T09:24:06","version" => "7.23_01"},{"date" => "2016-08-20T12:35:27","version" => "7.24"},{"date" => "2017-02-03T15:21:22","version" => "7.25_01"},{"date" => "2017-05-11T11:19:49","version" => "7.25_02"},{"date" => "2017-05-11T17:09:16","version" => "7.25_03"},{"date" => "2017-05-12T12:25:54","version" => "7.25_04"},{"date" => "2017-05-15T09:41:49","version" => "7.25_05"},{"date" => "2017-05-23T19:31:28","version" => "7.25_06"},{"date" => "2017-05-27T20:21:06","version" => "7.26"},{"date" => "2017-05-28T10:50:55","version" => "7.27_01"},{"date" => "2017-05-30T08:56:32","version" => "7.27_02"},{"date" => "2017-05-30T21:26:23","version" => "7.28"},{"date" => "2017-05-31T08:32:44","version" => "7.29_01"},{"date" => "2017-06-11T11:17:55","version" => "7.29_02"},{"date" => "2017-06-12T12:31:08","version" => "7.30"},{"date" => "2017-06-14T15:10:23","version" => "7.31_01"},{"date" => "2017-06-26T13:14:10","version" => "7.31_02"},{"date" => "2017-07-10T09:02:35","version" => "7.31_03"},{"date" => "2017-10-05T12:19:00","version" => "7.31_04"},{"date" => "2017-11-25T09:37:04","version" => "7.31_05"},{"date" => "2018-01-16T13:28:46","version" => "7.31_06"},{"date" => "2018-01-16T16:24:23","version" => "7.31_07"},{"date" => "2018-02-12T12:32:45","version" => "7.31_08"},{"date" => "2018-02-16T20:25:44","version" => "7.32"},{"date" => "2018-02-20T10:44:19","version" => "7.33_01"},{"date" => "2018-02-24T14:05:00","version" => "7.33_02"},{"date" => "2018-02-24T20:21:42","version" => "7.33_03"},{"date" => "2018-03-19T10:51:54","version" => "7.34"},{"date" => "2018-04-19T12:46:01","version" => "7.35_01"},{"date" => "2018-04-24T11:01:35","version" => "7.35_02"},{"date" => "2018-04-27T13:59:23","version" => "7.35_03"},{"date" => "2018-07-09T09:50:43","version" => "7.35_04"},{"date" => "2018-07-10T09:18:31","version" => "7.35_05"},{"date" => "2018-07-19T19:49:08","version" => "7.35_06"},{"date" => "2018-11-23T11:59:44","version" => "7.35_07"},{"date" => "2018-12-06T10:56:33","version" => "7.35_08"},{"date" => "2019-02-18T10:27:00","version" => "7.35_09"},{"date" => "2019-02-20T10:06:48","version" => "7.35_10"},{"date" => "2019-04-25T11:10:29","version" => "7.35_11"},{"date" => "2019-04-27T22:17:58","version" => "7.35_12"},{"date" => "2019-04-28T11:23:25","version" => "7.35_13"},{"date" => "2019-04-28T13:15:57","version" => "7.35_14"},{"date" => "2019-04-28T15:48:41","version" => "7.36"},{"date" => "2019-06-07T10:55:49","version" => "7.37_01"},{"date" => "2019-06-27T10:35:57","version" => "7.37_02"},{"date" => "2019-08-03T12:27:47","version" => "7.37_03"},{"date" => "2019-08-22T14:34:47","version" => "7.37_04"},{"date" => "2019-09-11T09:16:48","version" => "7.38"},{"date" => "2019-09-16T06:54:51","version" => "7.39_01"},{"date" => "2019-11-07T10:03:13","version" => "7.39_02"},{"date" => "2019-11-17T20:12:14","version" => "7.39_03"},{"date" => "2019-11-18T15:20:20","version" => "7.39_04"},{"date" => "2019-11-21T12:10:17","version" => "7.39_05"},{"date" => "2019-12-16T20:02:27","version" => "7.40"},{"date" => "2019-12-16T21:53:56","version" => "7.41_01"},{"date" => "2019-12-17T22:30:33","version" => "7.42"},{"date" => "2020-01-05T13:00:40","version" => "7.43_01"},{"date" => "2020-01-14T16:54:08","version" => "7.44"},{"date" => "2020-05-28T16:58:08","version" => "7.45_01"},{"date" => "2020-06-23T10:14:10","version" => "7.46"},{"date" => "2020-06-26T10:13:17","version" => "7.47_01"},{"date" => "2020-07-07T07:38:50","version" => "7.47_02"},{"date" => "2020-07-08T21:54:35","version" => "7.47_03"},{"date" => "2020-07-28T19:00:26","version" => "7.47_04"},{"date" => "2020-07-31T09:57:33","version" => "7.47_05"},{"date" => "2020-08-01T13:53:05","version" => "7.47_06"},{"date" => "2020-08-03T21:39:02","version" => "7.47_07"},{"date" => "2020-08-31T09:02:22","version" => "7.47_08"},{"date" => "2020-09-14T13:50:45","version" => "7.47_09"},{"date" => "2020-09-15T18:45:02","version" => "7.47_10"},{"date" => "2020-09-20T09:20:24","version" => "7.47_11"},{"date" => "2020-09-30T15:40:12","version" => "7.47_12"},{"date" => "2020-10-04T10:56:39","version" => "7.48"},{"date" => "2020-10-06T17:29:16","version" => "7.49_01"},{"date" => "2020-10-08T12:03:50","version" => "7.49_02"},{"date" => "2020-10-09T20:46:22","version" => "7.49_03"},{"date" => "2020-10-13T18:34:34","version" => "7.49_04"},{"date" => "2020-10-21T18:14:52","version" => "7.50"},{"date" => "2020-11-04T00:05:13","version" => "7.51_01"},{"date" => "2020-11-04T19:51:52","version" => "7.52"},{"date" => "2020-11-10T03:50:49","version" => "7.53_01"},{"date" => "2020-11-12T19:50:41","version" => "7.54"},{"date" => "2020-11-18T18:25:16","version" => "7.55_01"},{"date" => "2020-11-19T20:00:09","version" => "7.56"},{"date" => "2020-12-18T13:45:54","version" => "7.57_01"},{"date" => "2020-12-18T23:07:45","version" => "7.57_02"},{"date" => "2020-12-21T18:31:44","version" => "7.58"},{"date" => "2021-02-02T10:13:35","version" => "7.59_01"},{"date" => "2021-02-17T11:05:23","version" => "7.60"},{"date" => "2021-03-21T15:00:35","version" => "7.61_01"},{"date" => "2021-04-13T18:13:28","version" => "7.62"},{"date" => "2021-05-25T18:00:03","version" => "7.63_01"},{"date" => "2021-06-03T19:05:10","version" => "7.63_02"},{"date" => "2021-06-22T13:53:51","version" => "7.63_03"},{"date" => "2021-06-30T14:30:46","version" => "7.63_04"},{"date" => "2021-08-14T08:19:32","version" => "7.63_05"},{"date" => "2021-11-03T01:44:47","version" => "7.63_06"},{"date" => "2021-11-27T11:51:29","version" => "7.63_07"},{"date" => "2021-11-27T17:31:21","version" => "7.63_08"},{"date" => "2021-12-08T22:35:25","version" => "7.63_09"},{"date" => "2021-12-13T16:54:00","version" => "7.63_10"},{"date" => "2021-12-14T17:00:18","version" => "7.63_11"},{"date" => "2021-12-17T19:24:34","version" => "7.64"},{"date" => "2022-05-30T10:07:14","version" => "7.65_01"},{"date" => "2022-07-22T13:01:08","version" => "7.65_02"},{"date" => "2022-12-24T00:32:29","version" => "7.65_03"},{"date" => "2022-12-25T09:06:33","version" => "7.66"},{"date" => "2023-03-01T13:47:08","version" => "7.67_01"},{"date" => "2023-03-06T11:17:11","version" => "7.67_02"},{"date" => "2023-03-14T21:41:23","version" => "7.68"},{"date" => "2023-03-25T11:45:00","version" => "7.69_01"},{"date" => "2023-03-26T13:29:08","version" => "7.70"},{"date" => "2024-06-24T19:34:30","version" => "7.71_01"},{"date" => "2024-11-22T19:08:50","version" => "7.71_02"},{"date" => "2025-02-19T01:40:18","version" => "7.71_03"},{"date" => "2025-02-24T15:29:06","version" => "7.71_04"},{"date" => "2025-02-28T18:43:37","version" => "7.71_05"},{"date" => "2025-03-03T16:59:13","version" => "7.71_06"},{"date" => "2025-03-05T21:46:33","version" => "7.71_07"},{"date" => "2025-03-08T23:59:14","version" => "7.71_08"},{"date" => "2025-03-14T11:11:41","version" => "7.72"},{"date" => "2025-03-30T10:57:25","version" => "7.73_01"},{"date" => "2025-04-09T12:39:45","version" => "7.74"},{"date" => "2025-05-23T14:13:25","version" => "7.75_01"},{"date" => "2025-05-23T19:17:36","version" => "7.76"},{"date" => "2025-07-28T18:05:55","version" => "7.77_01"},{"date" => "2025-08-20T11:28:18","version" => "7.77_02"},{"date" => "2026-03-02T17:45:14","version" => "7.77_03"},{"date" => "2026-03-03T20:35:04","version" => "7.78"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "5.21"},{"date" => "1996-10-10T00:00:00","dual_lived" => 1,"perl_release" => "5.00307","version" => "5.38"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "5.4002"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "5.42"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "5.4301"},{"date" => "1999-03-28T00:00:00","dual_lived" => 1,"perl_release" => "5.00503","version" => "5.4302"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006000","version" => "5.45"},{"date" => "2004-03-16T00:00:00","dual_lived" => 1,"perl_release" => "5.009001","version" => "6.21_02"},{"date" => "2010-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013000","version" => "6.5601"},{"date" => "2015-06-01T00:00:00","dual_lived" => 1,"perl_release" => "5.022000","version" => "7.04_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "7.04_02"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "7.10_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "7.10_02"}]},"ExtUtils-ParseXS" => {"advisories" => [{"affected_versions" => ["<3.35"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.","distribution" => "ExtUtils-ParseXS","fixed_versions" => [">=3.35"],"id" => "CPANSA-ExtUtils-ParseXS-2016-1238","references" => ["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "ExtUtils::ParseXS","versions" => [{"date" => "2002-12-09T00:53:36","version" => "1.98_01"},{"date" => "2003-02-05T18:22:19","version" => "1.99"},{"date" => "2003-02-23T22:45:04","version" => "2.00"},{"date" => "2003-03-20T15:25:07","version" => "2.01"},{"date" => "2003-03-31T00:25:32","version" => "2.02"},{"date" => "2003-08-16T22:57:00","version" => "2.03"},{"date" => "2003-09-04T18:14:59","version" => "2.04"},{"date" => "2003-09-29T15:35:39","version" => "2.05"},{"date" => "2003-12-26T15:05:42","version" => "2.06"},{"date" => "2004-01-25T23:04:13","version" => "2.07"},{"date" => "2004-02-21T03:46:57","version" => "2.08"},{"date" => "2005-03-27T17:18:20","version" => "2.09"},{"date" => "2005-05-31T02:37:25","version" => "2.10"},{"date" => "2005-06-14T04:04:10","version" => "2.11"},{"date" => "2005-08-25T01:07:16","version" => "2.12"},{"date" => "2005-10-04T03:02:19","version" => "2.13"},{"date" => "2005-10-09T01:52:46","version" => "2.14"},{"date" => "2005-10-10T15:09:54","version" => "2.15"},{"date" => "2006-09-16T03:35:22","version" => "2.16"},{"date" => "2006-11-20T23:08:18","version" => "2.17"},{"date" => "2007-01-30T02:58:43","version" => "2.18"},{"date" => "2008-02-17T20:29:31","version" => "2.19"},{"date" => "2008-08-07T03:20:09","version" => "2.19_02"},{"date" => "2009-06-28T03:01:41","version" => "2.19_03"},{"date" => "2009-06-29T15:51:33","version" => "2.19_04"},{"date" => "2009-07-01T17:49:20","version" => "2.20"},{"date" => "2009-07-08T16:47:56","version" => "2.20_01"},{"date" => "2009-07-18T21:23:28","version" => "2.2002"},{"date" => "2009-07-24T03:16:46","version" => "2.20_03"},{"date" => "2009-08-10T15:44:42","version" => "2.20_04"},{"date" => "2009-08-23T01:50:17","version" => "2.20_05"},{"date" => "2009-09-15T02:36:48","version" => "2.200401"},{"date" => "2009-10-02T05:28:52","version" => "2.200402"},{"date" => "2009-10-02T06:06:00","version" => "2.200403"},{"date" => "2009-10-03T03:49:34","version" => "2.20_06"},{"date" => "2009-10-03T15:28:29","version" => "2.20_07"},{"date" => "2009-10-05T15:25:07","version" => "2.21"},{"date" => "2009-12-19T12:43:55","version" => "2.21_01"},{"date" => "2009-12-19T15:58:28","version" => "2.21_02"},{"date" => "2010-01-11T20:03:31","version" => "2.22"},{"date" => "2010-01-25T21:14:41","version" => "2.2201"},{"date" => "2010-01-27T20:07:51","version" => "2.2202"},{"date" => "2010-02-11T19:04:49","version" => "2.2203"},{"date" => "2010-03-10T19:27:43","version" => "2.2204"},{"date" => "2010-03-10T23:17:47","version" => "2.2205"},{"date" => "2010-07-04T19:53:47","version" => "2.2206"},{"date" => "2011-07-12T20:42:45","version" => "3.00_01"},{"date" => "2011-07-14T13:21:26","version" => "3.00_02"},{"date" => "2011-07-23T15:09:23","version" => "3.00_03"},{"date" => "2011-07-27T20:24:26","version" => "3.00_04"},{"date" => "2011-07-27T20:57:56","version" => "3.00_05"},{"date" => "2011-08-04T16:06:39","version" => "3.01"},{"date" => "2011-08-04T18:09:18","version" => "3.02"},{"date" => "2011-08-11T06:25:52","version" => "3.03"},{"date" => "2011-08-21T11:40:28","version" => "3.03_02"},{"date" => "2011-08-24T17:51:31","version" => "3.03_03"},{"date" => "2011-08-25T06:33:30","version" => "3.04"},{"date" => "2011-08-28T15:57:42","version" => "3.04_01"},{"date" => "2011-09-03T13:31:37","version" => "3.04_02"},{"date" => "2011-09-04T16:55:05","version" => "3.04_03"},{"date" => "2011-09-12T06:28:10","version" => "3.04_04"},{"date" => "2011-10-05T06:18:44","version" => "3.05"},{"date" => "2011-12-07T07:35:08","version" => "3.06"},{"date" => "2011-12-07T13:15:12","version" => "3.07"},{"date" => "2011-12-19T17:10:40","version" => "3.08"},{"date" => "2011-12-28T18:05:57","version" => "3.09"},{"date" => "2011-12-29T17:00:16","version" => "3.11"},{"date" => "2012-01-28T12:07:45","version" => "3.13_01"},{"date" => "2012-02-01T17:51:52","version" => "3.14"},{"date" => "2012-02-02T07:15:27","version" => "3.15"},{"date" => "2012-11-19T06:42:48","version" => "3.18"},{"date" => "2013-04-11T18:19:45","version" => "3.18_01"},{"date" => "2013-04-15T05:41:18","version" => "3.18_02"},{"date" => "2013-04-19T16:47:41","version" => "3.18_03"},{"date" => "2013-06-20T15:51:15","version" => "3.18_04"},{"date" => "2013-08-09T17:14:04","version" => "3.21"},{"date" => "2013-08-29T17:31:29","version" => "3.22"},{"date" => "2014-03-07T09:35:16","version" => "3.24"},{"date" => "2015-08-10T08:49:21","version" => "3.29_01"},{"date" => "2015-08-31T08:44:00","version" => "3.30"},{"date" => "2017-07-31T15:52:17","version" => "3.35"},{"date" => "2017-12-18T12:31:00","version" => "3.36_03"},{"date" => "2021-04-17T17:48:59","version" => "3.43_02"},{"date" => "2022-01-06T23:02:34","version" => "3.44"},{"date" => "2023-09-02T13:28:52","version" => "3.51"},{"date" => "2025-05-02T15:03:49","version" => "3.52"},{"date" => "2025-05-02T15:06:38","version" => "3.53"},{"date" => "2025-05-02T15:17:11","version" => "3.54"},{"date" => "2025-05-02T15:38:05","version" => "3.55"},{"date" => "2025-05-02T15:40:54","version" => "3.56"},{"date" => "2025-05-02T15:45:00","version" => "3.57"},{"date" => "2025-07-20T19:24:38","version" => "3.58"},{"date" => "2025-09-05T13:37:50","version" => "3.59"},{"date" => "2025-09-26T22:20:43","version" => "3.60"},{"date" => "2026-01-09T17:11:34","version" => "3.61"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "2.15_02"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.01","version" => "2.18_02"},{"date" => "2010-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013004","version" => "2.2207"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "2.2208"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "2.2209"},{"date" => "2011-05-14T00:00:00","dual_lived" => 1,"perl_release" => "5.014000","version" => "2.2210"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "3.03_01"},{"date" => "2012-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015007","version" => "3.12"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "3.16"},{"date" => "2012-05-26T00:00:00","dual_lived" => 1,"perl_release" => "5.017","version" => "3.17"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "3.19"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "3.23"},{"date" => "2014-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021001","version" => "3.25"},{"date" => "2014-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021006","version" => "3.26"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "3.27"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "3.28"},{"date" => "2015-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023002","version" => "3.29"},{"date" => "2016-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023007","version" => "3.31"},{"date" => "2016-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025002","version" => "3.32"},{"date" => "2016-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025003","version" => "3.33"},{"date" => "2017-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025011","version" => "3.34"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "3.36"},{"date" => "2018-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027009","version" => "3.38"},{"date" => "2018-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02701","version" => "3.39"},{"date" => "2018-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.029006","version" => "3.40"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "3.41"},{"date" => "2020-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033005","version" => "3.42"},{"date" => "2021-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033009","version" => "3.43"},{"date" => "2022-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035010","version" => "3.45"},{"date" => "2022-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037004","version" => "3.46"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.48"},{"date" => "2022-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037007","version" => "3.49"},{"date" => "2023-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037011","version" => "3.50"}]},"FCGI" => {"advisories" => [{"affected_versions" => ["<0.74"],"cves" => ["CVE-2011-2766"],"description" => "Leaking information across requests when using the deprecated and undocumented old FCGI interface.\n","distribution" => "FCGI","fixed_versions" => [">=0.74"],"id" => "CPANSA-FCGI-2011-01","references" => ["https://metacpan.org/changes/distribution/FCGI","https://github.com/perl-catalyst/FCGI/commit/297693dc8362d25bb25e473899c72508a0f71d2e"],"reported" => "2011-09-24"},{"affected_versions" => [">=0.44"],"cves" => ["CVE-2025-40907"],"description" => "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.  The included FastCGI library is affected by  CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.","distribution" => "FCGI","fixed_versions" => [],"id" => "CPANSA-FCGI-2025-40907","references" => ["http://www.openwall.com/lists/oss-security/2025/04/23/4","https://github.com/FastCGI-Archives/fcgi2/issues/67","https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5","https://github.com/perl-catalyst/FCGI/issues/14","https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch","https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library"],"reported" => "2025-05-16","severity" => undef}],"main_module" => "FCGI","versions" => [{"date" => "1996-09-25T17:48:57","version" => "0.25"},{"date" => "1996-10-15T21:51:06","version" => "0.26"},{"date" => "1997-02-20T08:55:44","version" => "0.27"},{"date" => "1997-02-25T07:14:13","version" => "0.28"},{"date" => "1997-06-10T18:16:17","version" => "0.29"},{"date" => "1997-06-24T17:17:05","version" => "0.30"},{"date" => "1997-07-24T11:05:43","version" => "0.31"},{"date" => "1998-06-17T10:24:17","version" => "0.34"},{"date" => "1998-06-22T15:38:51","version" => "0.35"},{"date" => "1998-06-24T19:42:57","version" => "0.36"},{"date" => "1998-06-27T16:08:39","version" => "0.37"},{"date" => "1998-07-15T15:24:00","version" => "0.40"},{"date" => "1998-07-29T16:05:51","version" => "0.41"},{"date" => "1998-08-28T15:30:49","version" => "0.42"},{"date" => "1998-12-22T22:34:14","version" => "0.43"},{"date" => "1998-12-23T11:28:39","version" => "0.44"},{"date" => "1999-03-08T17:04:02","version" => "0.45"},{"date" => "1999-07-30T08:26:31","version" => "0.46"},{"date" => "1999-07-31T21:58:01","version" => "0.47"},{"date" => "1999-08-27T13:41:54","version" => "0.48"},{"date" => "2000-04-09T18:58:32","version" => "0.49"},{"date" => "2000-04-10T07:04:43","version" => "0.50"},{"date" => "2000-04-12T12:27:09","version" => "0.51"},{"date" => "2000-04-12T14:10:02","version" => "0.52"},{"date" => "2000-07-10T10:01:51","version" => "0.53"},{"date" => "2000-10-08T19:52:29","version" => "0.54"},{"date" => "2000-10-18T21:22:46","version" => "0.55"},{"date" => "2000-11-03T15:44:28","version" => "0.56"},{"date" => "2000-11-12T15:15:01","version" => "0.57"},{"date" => "2000-11-14T23:20:24","version" => "0.58"},{"date" => "2000-12-31T22:05:44","version" => "0.59"},{"date" => "2001-06-08T15:19:08","version" => "0.60"},{"date" => "2001-09-20T12:34:13","version" => "0.61"},{"date" => "2001-09-21T16:19:42","version" => "0.62"},{"date" => "2001-09-24T20:43:48","version" => "0.63"},{"date" => "2001-09-25T08:26:24","version" => "0.64"},{"date" => "2002-02-19T14:16:27","version" => "0.65"},{"date" => "2002-09-05T16:23:07","version" => "0.66"},{"date" => "2002-12-23T10:21:36","version" => "0.67"},{"date" => "2009-12-20T21:05:48","version" => "0.67_01"},{"date" => "2010-01-06T10:07:05","version" => "0.68"},{"date" => "2010-01-10T01:35:11","version" => "0.68_01"},{"date" => "2010-01-13T19:25:40","version" => "0.68_02"},{"date" => "2010-02-15T23:08:12","version" => "0.69"},{"date" => "2010-03-22T14:35:03","version" => "0.70"},{"date" => "2010-04-01T00:55:33","version" => "0.71"},{"date" => "2010-08-24T21:32:56","version" => "0.71_01"},{"date" => "2011-04-28T08:50:09","version" => "0.71_02"},{"date" => "2011-04-28T09:05:42","version" => "0.71_03"},{"date" => "2011-05-19T09:06:02","version" => "0.72"},{"date" => "2011-05-28T01:35:17","version" => "0.73"},{"date" => "2011-09-24T08:31:47","version" => "0.74"},{"date" => "2014-07-17T00:19:02","version" => "0.75"},{"date" => "2014-08-05T01:29:06","version" => "0.76"},{"date" => "2014-08-05T15:53:28","version" => "0.77"},{"date" => "2016-03-07T00:08:23","version" => "0.78"},{"date" => "2019-12-14T18:29:19","version" => "0.79"},{"date" => "2021-07-25T04:54:49","version" => "0.80"},{"date" => "2021-07-30T23:19:01","version" => "0.81"},{"date" => "2021-07-31T03:26:34","version" => "0.82"}]},"Fake-Encode" => {"advisories" => [{"affected_versions" => ["<0.08"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "Fake-Encode","fixed_versions" => [">=0.08"],"id" => "CPANSA-Fake-Encode-2017-01","references" => ["https://metacpan.org/changes/distribution/Fake-Encode"],"reported" => "2017-01-23"}],"main_module" => "Fake::Encode","versions" => [{"date" => "2016-05-31T14:11:49","version" => "0.01"},{"date" => "2017-01-23T12:34:23","version" => "0.02"},{"date" => "2017-01-25T15:52:13","version" => "0.03"},{"date" => "2017-01-26T15:17:01","version" => "0.04"},{"date" => "2017-03-06T16:01:40","version" => "0.05"},{"date" => "2017-09-08T17:54:14","version" => "0.06"},{"date" => "2017-09-09T15:27:50","version" => "0.07"},{"date" => "2018-02-03T14:50:49","version" => "0.08"},{"date" => "2018-02-19T12:21:04","version" => "0.09"},{"date" => "2019-07-11T16:26:06","version" => "0.10"},{"date" => "2023-03-25T02:26:13","version" => "0.11"}]},"Fake-Our" => {"advisories" => [{"affected_versions" => ["<0.06"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "Fake-Our","fixed_versions" => [">=0.06"],"id" => "CPANSA-Fake-Our-2017-01","references" => ["https://metacpan.org/changes/distribution/Fake-Our"],"reported" => "2017-01-23"}],"main_module" => "Fake::Our","versions" => [{"date" => "2014-02-09T05:36:09","version" => "0.01"},{"date" => "2014-08-06T17:33:15","version" => "0.02"},{"date" => "2014-08-09T02:35:25","version" => "0.03"},{"date" => "2014-08-10T15:33:58","version" => "0.04"},{"date" => "2015-06-21T04:09:47","version" => "0.05"},{"date" => "2017-01-23T12:34:34","version" => "0.06"},{"date" => "2017-01-26T15:21:45","version" => "0.07"},{"date" => "2017-01-27T15:18:56","version" => "0.08"},{"date" => "2017-01-28T15:07:50","version" => "0.09"},{"date" => "2017-03-06T16:01:51","version" => "0.10"},{"date" => "2018-02-03T11:05:49","version" => "0.11"},{"date" => "2018-02-16T17:54:00","version" => "0.12"},{"date" => "2018-02-17T01:35:58","version" => "0.13"},{"date" => "2018-02-18T15:32:17","version" => "0.14"},{"date" => "2019-07-11T16:27:42","version" => "0.15"},{"date" => "2019-07-14T00:51:24","version" => "0.16"},{"date" => "2023-03-25T02:32:44","version" => "0.17"}]},"File-DataClass" => {"advisories" => [{"affected_versions" => ["<0.72.1"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "File-DataClass","fixed_versions" => [">=0.72.1"],"id" => "CPANSA-File-DataClass-2017-01","references" => ["https://metacpan.org/changes/distribution/File-DataClass"],"reported" => "2017-04-01"}],"main_module" => "File::DataClass","versions" => [{"date" => "2010-09-29T16:37:04","version" => "0.1.228"},{"date" => "2010-10-06T14:20:31","version" => "0.2.234"},{"date" => "2011-01-26T18:14:50","version" => "0.3.238"},{"date" => "2011-02-27T23:09:38","version" => "0.3.239"},{"date" => "2011-04-12T19:44:59","version" => "0.3.259"},{"date" => "2011-05-15T17:45:09","version" => "0.4.268"},{"date" => "2011-05-30T01:47:40","version" => "0.5.271"},{"date" => "2011-07-11T13:39:10","version" => "0.6.286"},{"date" => "2011-11-30T00:05:18","version" => "0.7.321"},{"date" => "2011-12-02T04:40:20","version" => "0.7.325"},{"date" => "2011-12-02T22:39:25","version" => "0.7.326"},{"date" => "2011-12-03T18:43:58","version" => "0.7.328"},{"date" => "2012-02-22T18:28:29","version" => "0.7.330"},{"date" => "2012-02-23T11:00:24","version" => "0.7.331"},{"date" => "2012-02-24T10:52:18","version" => "0.7.332"},{"date" => "2012-03-12T17:34:58","version" => "0.7.335"},{"date" => "2012-03-20T18:24:26","version" => "0.7.336"},{"date" => "2012-03-21T22:43:50","version" => "0.7.338"},{"date" => "2012-03-22T13:48:59","version" => "0.7.339"},{"date" => "2012-03-24T00:37:31","version" => "0.7.343"},{"date" => "2012-03-28T23:58:41","version" => "0.8.351"},{"date" => "2012-03-29T22:05:21","version" => "0.8.355"},{"date" => "2012-04-03T00:26:12","version" => "0.8.357"},{"date" => "2012-04-04T15:19:03","version" => "0.8.360"},{"date" => "2012-04-17T18:57:01","version" => "0.9.368"},{"date" => "2012-05-19T21:05:56","version" => "0.10.380"},{"date" => "2012-07-10T00:34:23","version" => "0.11.401"},{"date" => "2012-09-02T13:43:37","version" => "0.12.406"},{"date" => "2012-09-06T14:02:06","version" => "0.12.409"},{"date" => "2012-11-07T07:49:39","version" => "0.13.416"},{"date" => "2012-11-13T20:16:27","version" => "0.13.418"},{"date" => "2012-12-12T23:25:16","version" => "0.13.420"},{"date" => "2012-12-14T17:58:08","version" => "0.13.421"},{"date" => "2012-12-19T22:23:08","version" => "0.13.422"},{"date" => "2012-12-21T20:48:41","version" => "0.13.424"},{"date" => "2012-12-30T03:05:28","version" => "0.13.427"},{"date" => "2013-01-07T00:52:48","version" => "0.14.429"},{"date" => "2013-04-01T01:14:44","version" => "0.15.431"},{"date" => "2013-04-02T14:21:13","version" => "0.15.434"},{"date" => "2013-04-14T16:15:55","version" => "v0.16.438"},{"date" => "2013-04-15T20:42:56","version" => "v0.16.442"},{"date" => "2013-04-24T03:47:54","version" => "v0.16.445"},{"date" => "2013-04-29T17:12:37","version" => "v0.17.450"},{"date" => "2013-04-30T22:15:36","version" => "v0.18.6"},{"date" => "2013-05-02T14:14:57","version" => "v0.19.1"},{"date" => "2013-05-07T23:33:06","version" => "v0.20.6"},{"date" => "2013-05-10T14:58:03","version" => "v0.20.7"},{"date" => "2013-05-14T13:32:28","version" => "v0.20.8"},{"date" => "2013-05-15T20:03:34","version" => "v0.20.9"},{"date" => "2013-05-16T00:11:50","version" => "v0.20.10"},{"date" => "2013-05-17T16:07:41","version" => "v0.20.12"},{"date" => "2013-06-08T13:26:40","version" => "v0.20.13"},{"date" => "2013-07-28T17:41:14","version" => "v0.22.1"},{"date" => "2013-07-29T11:39:49","version" => "v0.22.2"},{"date" => "2013-07-29T11:46:28","version" => "v0.22.3"},{"date" => "2013-07-29T18:37:14","version" => "v0.22.4"},{"date" => "2013-07-30T10:19:23","version" => "v0.22.5"},{"date" => "2013-07-30T16:25:59","version" => "v0.22.7"},{"date" => "2013-07-31T09:54:30","version" => "v0.22.8"},{"date" => "2013-08-02T19:06:49","version" => "v0.22.9"},{"date" => "2013-08-06T17:19:31","version" => "v0.23.1"},{"date" => "2013-08-07T13:14:13","version" => "v0.23.2"},{"date" => "2013-08-13T18:01:24","version" => "0.24.1"},{"date" => "2013-08-16T22:49:23","version" => "0.24.3"},{"date" => "2013-09-03T13:11:17","version" => "0.25.1"},{"date" => "2013-09-26T16:04:18","version" => "0.26.1"},{"date" => "2013-11-22T09:42:00","version" => "0.27.1"},{"date" => "2014-01-01T15:02:23","version" => "0.28.1"},{"date" => "2014-01-01T17:03:18","version" => "0.29.1"},{"date" => "2014-01-02T02:33:28","version" => "0.30.1"},{"date" => "2014-01-13T18:41:29","version" => "0.31.1"},{"date" => "2014-01-24T20:56:21","version" => "0.33.1"},{"date" => "2014-04-04T10:52:59","version" => "0.34.1"},{"date" => "2014-05-01T14:40:32","version" => "0.35.1"},{"date" => "2014-05-13T10:03:54","version" => "0.36.1"},{"date" => "2014-05-13T21:08:07","version" => "0.37.1"},{"date" => "2014-05-15T00:11:43","version" => "0.38.1"},{"date" => "2014-05-16T08:19:01","version" => "0.39.1"},{"date" => "2014-05-22T09:37:34","version" => "0.40.1"},{"date" => "2014-05-22T14:10:49","version" => "0.40.2"},{"date" => "2014-05-28T10:28:42","version" => "0.41.1"},{"date" => "2014-07-03T23:27:53","version" => "0.42.1"},{"date" => "2014-07-04T09:25:10","version" => "0.42.2"},{"date" => "2014-07-04T12:19:02","version" => "0.43.1"},{"date" => "2014-07-16T12:39:03","version" => "0.44.1"},{"date" => "2014-08-18T23:00:05","version" => "0.45.1"},{"date" => "2014-08-26T12:43:14","version" => "0.45.5"},{"date" => "2014-08-26T16:41:35","version" => "0.46.1"},{"date" => "2014-08-27T16:17:50","version" => "0.47.1"},{"date" => "2014-09-03T22:25:51","version" => "0.48.1"},{"date" => "2014-10-02T17:39:13","version" => "0.48.3"},{"date" => "2014-10-02T19:59:28","version" => "0.49.1"},{"date" => "2014-11-07T18:51:52","version" => "0.50.1"},{"date" => "2014-11-08T21:45:45","version" => "0.50.2"},{"date" => "2014-11-09T13:19:50","version" => "0.50.3"},{"date" => "2014-11-09T15:52:41","version" => "0.51.1"},{"date" => "2014-11-10T12:44:49","version" => "0.52.1"},{"date" => "2014-12-19T11:49:49","version" => "0.53.1"},{"date" => "2014-12-19T22:54:41","version" => "0.54.1"},{"date" => "2015-02-05T00:04:33","version" => "0.55.1"},{"date" => "2015-03-19T14:59:03","version" => "0.56.1"},{"date" => "2015-04-04T20:00:58","version" => "0.57.1"},{"date" => "2015-04-04T20:16:31","version" => "0.58.1"},{"date" => "2015-04-05T17:58:31","version" => "0.59.1"},{"date" => "2015-04-08T23:10:28","version" => "0.60.1"},{"date" => "2015-05-11T12:15:05","version" => "0.61.1"},{"date" => "2015-05-24T11:52:28","version" => "0.62.1"},{"date" => "2015-06-21T21:42:17","version" => "0.63.1"},{"date" => "2015-08-29T08:58:54","version" => "0.66.1"},{"date" => "2016-02-01T00:18:43","version" => "0.67.1"},{"date" => "2016-02-01T14:33:11","version" => "0.68.1"},{"date" => "2016-07-05T00:36:52","version" => "0.69.1"},{"date" => "2016-07-29T15:24:24","version" => "0.70.1"},{"date" => "2016-07-29T18:59:13","version" => "0.71.1"},{"date" => "2017-04-02T08:23:47","version" => "0.72.1"},{"date" => "2017-06-02T00:03:17","version" => "0.73.1"}]},"File-Find-Rule" => {"advisories" => [{"affected_versions" => ["<=0.34"],"cves" => ["CVE-2011-10007"],"description" => "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.  A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.  Example:  \$ mkdir /tmp/poc; echo > \"/tmp/poc/|id\" \$ perl -MFile::Find::Rule \\ \x{a0} \x{a0} -E 'File::Find::Rule->grep(\"foo\")->in(\"/tmp/poc\")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)","distribution" => "File-Find-Rule","fixed_versions" => [">=0.35"],"id" => "CPANSA-File-Find-Rule-2011-10007","references" => ["https://github.com/richardc/perl-file-find-rule/commit/df58128bcee4c1da78c34d7f3fe1357e575ad56f.patch","https://github.com/richardc/perl-file-find-rule/pull/4","https://metacpan.org/release/RCLAMP/File-Find-Rule-0.34/source/lib/File/Find/Rule.pm#L423","https://rt.cpan.org/Public/Bug/Display.html?id=64504","http://www.openwall.com/lists/oss-security/2025/06/05/4","http://www.openwall.com/lists/oss-security/2025/06/06/1","http://www.openwall.com/lists/oss-security/2025/06/06/3","https://lists.debian.org/debian-lts-announce/2025/06/msg00006.html","https://github.com/richardc/perl-file-find-rule/pull/4"],"reported" => "2025-06-05","severity" => undef}],"main_module" => "File::Find::Rule","versions" => [{"date" => "2002-07-26T13:03:10","version" => "0.01"},{"date" => "2002-08-14T22:28:12","version" => "0.02"},{"date" => "2002-08-24T17:34:12","version" => "0.03"},{"date" => "2002-09-10T08:54:04","version" => "0.04"},{"date" => "2002-10-21T16:37:18","version" => "0.05"},{"date" => "2002-10-22T07:30:31","version" => "0.06"},{"date" => "2002-10-25T15:54:13","version" => "0.07"},{"date" => "2002-12-04T13:55:56","version" => "0.08"},{"date" => "2003-01-21T10:56:48","version" => "0.09"},{"date" => "2003-03-10T02:07:24","version" => "0.10"},{"date" => "2003-06-22T21:04:15","version" => "0.20_01"},{"date" => "2003-06-25T11:36:22","version" => "0.20_02"},{"date" => "2003-07-29T19:24:32","version" => "0.11"},{"date" => "2003-08-04T09:27:12","version" => "0.20_03"},{"date" => "2003-09-08T17:44:26","version" => "0.20"},{"date" => "2003-09-15T12:16:58","version" => "0.21"},{"date" => "2003-10-03T19:33:19","version" => "0.22"},{"date" => "2003-10-03T22:57:25","version" => "0.23"},{"date" => "2003-10-04T11:20:43","version" => "0.24_01"},{"date" => "2003-10-06T14:22:20","version" => "0.24"},{"date" => "2003-10-22T17:11:46","version" => "0.25"},{"date" => "2003-11-10T22:10:06","version" => "0.26"},{"date" => "2004-02-25T10:55:36","version" => "0.27"},{"date" => "2004-05-18T20:37:58","version" => "0.28"},{"date" => "2006-05-16T14:28:43","version" => "0.29"},{"date" => "2006-06-01T15:39:35","version" => "0.30"},{"date" => "2009-11-27T22:58:10","version" => "0.31"},{"date" => "2009-11-28T00:47:34","version" => "0.32"},{"date" => "2011-09-19T11:56:02","version" => "0.33"},{"date" => "2015-12-03T14:31:54","version" => "0.34"},{"date" => "2025-06-05T15:35:41","version" => "0.35"}]},"File-KeePass" => {"advisories" => [{"affected_versions" => [">0"],"cves" => [],"description" => "The module is making use of the perl rand function for key and iv generation (for Crypt::Rijndael).\n","distribution" => "File-KeePass","fixed_versions" => [],"id" => "CPANSA-File-KeePass-2016-01","references" => ["https://rt.cpan.org/Ticket/Display.html?id=117836"],"reported" => "2016-09-14","severity" => undef}],"main_module" => "File::KeePass","versions" => [{"date" => "2010-06-29T14:52:50","version" => "0.01"},{"date" => "2010-12-04T04:33:41","version" => "0.02"},{"date" => "2010-12-07T06:06:57","version" => "0.03"},{"date" => "2012-09-13T04:48:56","version" => "2.00"},{"date" => "2012-09-13T14:17:11","version" => "2.01"},{"date" => "2012-09-13T15:22:40","version" => "2.02"},{"date" => "2012-09-15T22:25:43","version" => "2.03"}]},"File-Path" => {"advisories" => [{"affected_versions" => ["<2.13"],"cves" => ["CVE-2017-6512"],"description" => "Race condition in the rmtree and remove_tree functions allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.\n","distribution" => "File-Path","fixed_versions" => [">=2.13"],"id" => "CPANSA-File-Path-2017-01","references" => ["https://metacpan.org/changes/distribution/File-Path","https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2"],"reported" => "2017-05-02"},{"affected_versions" => ["<=1.08"],"cves" => ["CVE-2008-5303"],"description" => "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2008-5303","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905","http://www.openwall.com/lists/oss-security/2008/11/28/2","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36","http://www.gossamer-threads.com/lists/perl/porters/233695#233695","http://www.debian.org/security/2008/dsa-1678","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://secunia.com/advisories/32980","http://support.apple.com/kb/HT4077","http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://secunia.com/advisories/40052","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/47044","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-12-01","severity" => undef},{"affected_versions" => ["==1.08","==2.07"],"cves" => ["CVE-2008-5302"],"description" => "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448.  It is different from CVE-2008-5303 due to affected versions.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2008-5302","references" => ["http://www.gossamer-threads.com/lists/perl/porters/233695#233695","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905","http://www.openwall.com/lists/oss-security/2008/11/28/2","http://www.debian.org/security/2008/dsa-1678","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-1","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","http://secunia.com/advisories/32980","http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","http://support.apple.com/kb/HT4077","http://secunia.com/advisories/40052","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/47043","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-12-01","severity" => undef},{"affected_versions" => [">=2.04,<2.07"],"cves" => ["CVE-2008-2827"],"description" => "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.\n","distribution" => "File-Path","fixed_versions" => [">=2.07"],"id" => "CPANSA-File-Path-2008-2827","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319","http://rt.cpan.org/Public/Bug/Display.html?id=36982","http://www.securityfocus.com/bid/29902","http://secunia.com/advisories/30790","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","http://www.mandriva.com/security/advisories?name=MDVSA-2008:165","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html","http://secunia.com/advisories/30837","http://secunia.com/advisories/31687","http://www.securitytracker.com/id?1020373","https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"],"reported" => "2008-06-23","severity" => undef},{"affected_versions" => ["<1.07"],"cves" => ["CVE-2005-0448"],"description" => "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2005-0448","references" => ["http://www.debian.org/security/2005/dsa-696","http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml","http://www.redhat.com/support/errata/RHSA-2005-881.html","http://secunia.com/advisories/18075","http://www.securityfocus.com/bid/12767","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://secunia.com/advisories/14531","http://secunia.com/advisories/18517","http://fedoranews.org/updates/FEDORA--.shtml","http://www.redhat.com/support/errata/RHSA-2005-674.html","http://secunia.com/advisories/17079","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://www.mandriva.com/security/advisories?name=MDKSA-2005:079","http://www.securityfocus.com/advisories/8704","http://secunia.com/advisories/55314","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475","https://usn.ubuntu.com/94-1/"],"reported" => "2005-05-02","severity" => undef},{"affected_versions" => [">=1.06,<=1.404"],"cves" => ["CVE-2004-0452"],"description" => "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2004-0452","references" => ["http://www.debian.org/security/2004/dsa-620","http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://www.securityfocus.com/bid/12072","http://secunia.com/advisories/12991","http://secunia.com/advisories/18517","http://fedoranews.org/updates/FEDORA--.shtml","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://secunia.com/advisories/55314","http://marc.info/?l=bugtraq&m=110547693019788&w=2","https://www.ubuntu.com/usn/usn-44-1/","https://exchange.xforce.ibmcloud.com/vulnerabilities/18650","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"],"reported" => "2004-12-21","severity" => undef}],"main_module" => "File::Path","versions" => [{"date" => "2007-05-17T13:46:15","version" => "1.99_01"},{"date" => "2007-05-27T09:29:48","version" => "1.99_02"},{"date" => "2007-06-27T19:23:09","version" => "2.00_05"},{"date" => "2007-07-04T21:37:13","version" => "2.00_06"},{"date" => "2007-07-09T19:37:02","version" => "2.00_07"},{"date" => "2007-08-01T00:10:43","version" => "2.00_08"},{"date" => "2007-08-20T18:15:55","version" => "2.00_09"},{"date" => "2007-09-04T17:20:45","version" => "2.00_10"},{"date" => "2007-09-08T12:53:07","version" => "2.00_11"},{"date" => "2007-09-29T10:29:32","version" => "2.01"},{"date" => "2007-10-24T10:36:09","version" => "2.02"},{"date" => "2007-11-04T18:36:19","version" => "2.03"},{"date" => "2007-11-24T09:53:23","version" => "2.04"},{"date" => "2008-05-07T08:25:05","version" => "2.05"},{"date" => "2008-05-08T09:36:50","version" => "2.06"},{"date" => "2008-05-10T21:02:47","version" => "2.06_01"},{"date" => "2008-05-12T10:07:46","version" => "2.06_02"},{"date" => "2008-05-12T21:43:43","version" => "2.06_03"},{"date" => "2008-05-13T14:40:30","version" => "2.06_04"},{"date" => "2008-10-01T20:41:37","version" => "2.06_05"},{"date" => "2008-10-05T21:59:58","version" => "2.06_06"},{"date" => "2008-10-29T17:55:36","version" => "2.06_07"},{"date" => "2008-11-05T00:12:29","version" => "2.06_08"},{"date" => "2008-11-09T13:11:17","version" => "2.07"},{"date" => "2009-06-21T13:23:32","version" => "2.07_03"},{"date" => "2009-10-04T10:31:05","version" => "2.08"},{"date" => "2013-01-16T21:36:05","version" => "2.09"},{"date" => "2015-06-24T17:03:22","version" => "2.10_001"},{"date" => "2015-06-26T17:28:20","version" => "2.10_002"},{"date" => "2015-07-08T16:59:11","version" => "2.10_003"},{"date" => "2015-07-10T11:34:44","version" => "2.10_004"},{"date" => "2015-07-17T15:03:07","version" => "2.10_005"},{"date" => "2015-07-18T02:28:14","version" => "2.11"},{"date" => "2015-07-24T23:01:36","version" => "2.11_001"},{"date" => "2015-07-25T09:56:18","version" => "2.11_002"},{"date" => "2015-08-03T18:07:05","version" => "2.11_003"},{"date" => "2015-10-01T19:34:07","version" => "2.11_004"},{"date" => "2015-10-09T12:11:52","version" => "2.12"},{"date" => "2016-09-18T13:35:39","version" => "2.12_001"},{"date" => "2017-03-12T22:09:35","version" => "2.12_002"},{"date" => "2017-04-07T13:59:30","version" => "2.12_003"},{"date" => "2017-04-18T18:37:56","version" => "2.12_004"},{"date" => "2017-04-21T12:03:20","version" => "2.12_005"},{"date" => "2017-04-21T21:58:56","version" => "2.12_006"},{"date" => "2017-04-22T20:09:24","version" => "2.12_007"},{"date" => "2017-05-07T17:48:35","version" => "2.12_008"},{"date" => "2017-05-31T23:44:51","version" => "2.13"},{"date" => "2017-06-07T21:34:52","version" => "2.14"},{"date" => "2017-07-30T02:40:36","version" => "2.15"},{"date" => "2018-08-31T13:04:13","version" => "2.16"},{"date" => "2020-07-18T18:29:28","version" => "2.17"},{"date" => "2020-11-04T12:38:02","version" => "2.18_001"},{"date" => "2020-11-05T01:30:15","version" => "2.18"},{"date" => "1995-03-14T00:00:00","dual_lived" => 1,"perl_release" => "5.001","version" => undef},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "1.01"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.04"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "1.0402"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "1.0401"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006000","version" => "1.0403"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "1.0404"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.05"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.06"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "1.07"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.08"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.07_02"},{"date" => "2009-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011003","version" => "2.08_01"},{"date" => "2016-05-09T00:00:00","dual_lived" => 1,"perl_release" => "5.024000","version" => "2.12_01"}]},"File-Slurp" => {"advisories" => [{"affected_versions" => ["<9999.26"],"cves" => [],"description" => "Use of sysread treats any :encoding(...) as effectively :utf8.\n","distribution" => "File-Slurp","fixed_versions" => [">=9999.26"],"id" => "CPANSA-File-Slurp-2013-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=83126","https://rt.perl.org/Ticket/Display.html?id=121870"],"reported" => "2013-02-04"}],"main_module" => "File::Slurp","versions" => [{"date" => "1996-04-22T21:18:00","version" => "96.042202"},{"date" => "1998-07-19T16:25:00","version" => "98.071901"},{"date" => "2001-11-04T03:17:00","version" => "2001.1103"},{"date" => "2002-03-08T05:22:00","version" => "2002.0305"},{"date" => "2002-11-01T03:14:00","version" => "2002.1031"},{"date" => "2003-09-04T16:28:00","version" => "2004.0904"},{"date" => "2003-11-24T07:45:57","version" => "0.01"},{"date" => "2003-11-24T08:02:47","version" => "9999.01"},{"date" => "2003-12-17T09:20:57","version" => "9999.02"},{"date" => "2003-12-22T06:54:57","version" => "9999.03"},{"date" => "2004-02-23T19:27:53","version" => "9999.04"},{"date" => "2004-09-21T05:23:58","version" => "9999.06"},{"date" => "2005-01-30T10:01:07","version" => "9999.07"},{"date" => "2005-04-16T05:06:09","version" => "9999.08"},{"date" => "2005-04-29T06:09:11","version" => "9999.09"},{"date" => "2006-01-19T18:29:42","version" => "9999.10"},{"date" => "2006-01-20T06:45:13","version" => "9999.11"},{"date" => "2006-03-07T07:13:42","version" => "9999.12"},{"date" => "2008-01-24T04:57:12","version" => "9999.13"},{"date" => "2011-03-22T22:41:08","version" => "9999.14"},{"date" => "2011-03-24T22:52:42","version" => "9999.15"},{"date" => "2011-04-24T04:26:18","version" => "9999.16"},{"date" => "2011-05-13T06:23:08","version" => "9999.17"},{"date" => "2011-05-13T07:03:44","version" => "9999.18"},{"date" => "2011-06-07T08:08:06","version" => "9999.19"},{"date" => "2018-09-28T01:57:50","version" => "9999.20_01"},{"date" => "2018-10-05T01:23:09","version" => "9999.20_02"},{"date" => "2018-10-08T21:16:27","version" => "9999.21"},{"date" => "2018-10-16T03:15:39","version" => "9999.22"},{"date" => "2018-10-20T20:06:53","version" => "9999.23"},{"date" => "2018-10-30T02:45:09","version" => "9999.24"},{"date" => "2018-11-16T16:11:34","version" => "9999.25"},{"date" => "2019-02-13T16:35:40","version" => "9999.26"},{"date" => "2019-04-05T13:28:05","version" => "9999.27"},{"date" => "2019-09-13T00:36:22","version" => "9999.28"},{"date" => "2019-11-27T20:40:47","version" => "9999.29"},{"date" => "2020-03-09T14:31:40","version" => "9999.30"},{"date" => "2020-06-28T22:33:21","version" => "9999.31"},{"date" => "2020-07-01T00:34:08","version" => "9999.32"}]},"File-Temp" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2011-4116"],"description" => "_is_safe in the File::Temp module for Perl does not properly handle symlinks.\n","distribution" => "File-Temp","fixed_versions" => [],"id" => "CPANSA-File-Temp-2011-4116","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","https://rt.cpan.org/Public/Bug/Display.html?id=69106","https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://seclists.org/oss-sec/2011/q4/238"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "File::Temp","versions" => [{"date" => "2000-03-14T20:15:55","version" => "0.05"},{"date" => "2000-04-28T04:48:55","version" => "0.07"},{"date" => "2000-05-16T01:10:28","version" => "0.08"},{"date" => "2000-07-26T20:30:30","version" => "0.09"},{"date" => "2000-12-12T21:04:53","version" => "0.11"},{"date" => "2001-02-23T00:37:44","version" => "0.12"},{"date" => "2003-08-16T04:06:11","version" => "0.13"},{"date" => "2003-08-17T04:42:50","version" => "0.14"},{"date" => "2005-02-22T05:40:33","version" => "0.15"},{"date" => "2005-02-22T21:42:47","version" => "0.16"},{"date" => "2006-08-18T22:40:10","version" => "0.17"},{"date" => "2007-01-22T00:18:40","version" => "0.18"},{"date" => "2007-11-20T08:28:08","version" => "0.19"},{"date" => "2007-12-21T00:46:29","version" => "0.20"},{"date" => "2008-11-14T01:30:09","version" => "0.21"},{"date" => "2009-06-29T07:41:24","version" => "0.22"},{"date" => "2013-02-07T17:03:45","version" => "0.22_90"},{"date" => "2013-03-14T21:57:42","version" => "0.23"},{"date" => "2013-04-11T15:31:13","version" => "0.2301"},{"date" => "2013-09-26T13:48:13","version" => "0.2302"},{"date" => "2013-10-09T13:59:01","version" => "0.2303"},{"date" => "2013-10-10T13:17:32","version" => "0.2304"},{"date" => "2018-04-19T12:01:34","version" => "0.2305"},{"date" => "2018-06-24T19:34:31","version" => "0.2306"},{"date" => "2018-06-24T19:41:28","version" => "0.2307"},{"date" => "2018-07-11T21:07:49","version" => "0.2308"},{"date" => "2019-01-06T20:32:53","version" => "0.2309"},{"date" => "2020-09-26T17:39:38","version" => "0.2310"},{"date" => "2020-10-03T04:04:55","version" => "0.2311"},{"date" => "2025-09-01T18:57:33","version" => "0.2312"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "0.16_01"}]},"Filesys-SmbClientParser" => {"advisories" => [{"affected_versions" => ["<=2.7"],"cves" => ["CVE-2008-3285"],"description" => "The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.\n","distribution" => "Filesys-SmbClientParser","fixed_versions" => [],"id" => "CPANSA-Filesys-SmbClientParser-2008-3285","references" => ["http://www.securityfocus.com/bid/30290","http://secunia.com/advisories/31175","http://securityreason.com/securityalert/4027","https://exchange.xforce.ibmcloud.com/vulnerabilities/43910","http://www.securityfocus.com/archive/1/494536/100/0/threaded"],"reported" => "2008-07-24","severity" => undef}],"main_module" => "Filesys::SmbClientParser","versions" => [{"date" => "2000-11-19T21:10:38","version" => "0.01"},{"date" => "2000-11-20T19:41:09","version" => "0.2"},{"date" => "2001-01-12T00:31:50","version" => "0.3"},{"date" => "2001-04-15T22:37:14","version" => "1.2"},{"date" => "2001-04-19T17:38:19","version" => "1.3"},{"date" => "2001-05-30T08:04:44","version" => "1.4"},{"date" => "2002-01-25T12:18:47","version" => "2.0"},{"date" => "2002-04-19T21:56:09","version" => "2.1"},{"date" => "2002-08-09T11:24:20","version" => "2.2"},{"date" => "2002-08-13T14:55:48","version" => "2.3"},{"date" => "2002-11-08T23:57:07","version" => "2.4"},{"date" => "2002-11-12T18:59:33","version" => "2.5"},{"date" => "2004-01-28T23:06:58","version" => "2.6"},{"date" => "2004-04-14T21:56:02","version" => "2.7"}]},"GBrowse" => {"advisories" => [{"affected_versions" => ["<2.56"],"cves" => [],"description" => "An attacker is able to delete other users' accounts.  No httponly cookie flag.  Cross-site scripting vulnerability in generation of citation text.\n","distribution" => "GBrowse","fixed_versions" => [">=2.56"],"id" => "CPANSA-GBrowse-2017-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2017-01-15"},{"affected_versions" => ["<1.62"],"cves" => [],"description" => "Cross-site scripting.\n","distribution" => "GBrowse","fixed_versions" => [">=1.62"],"id" => "CPANSA-GBrowse-2004-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2004-04-05"},{"affected_versions" => ["<1.54"],"cves" => [],"description" => "Path traversal.\n","distribution" => "GBrowse","fixed_versions" => [">=1.54"],"id" => "CPANSA-GBrowse-2003-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2003-08-23"}],"main_module" => "CGI::Toggle","versions" => [{"date" => "2008-12-29T15:38:27","version" => "1.981"},{"date" => "2008-12-29T17:21:12","version" => "1.982"},{"date" => "2009-01-06T07:42:56","version" => "1.983"},{"date" => "2009-01-06T09:17:54","version" => "1.984"},{"date" => "2009-01-10T12:37:42","version" => "1.985"},{"date" => "2009-01-12T16:58:20","version" => "1.986"},{"date" => "2009-01-22T19:49:50","version" => "1.987"},{"date" => "2009-01-30T00:12:57","version" => "1.988"},{"date" => "2009-03-10T19:24:17","version" => "1.989"},{"date" => "2009-04-03T19:29:22","version" => "1.99"},{"date" => "2009-05-04T05:30:31","version" => "1.991"},{"date" => "2009-05-05T23:40:00","version" => "1.992"},{"date" => "2009-05-07T14:11:11","version" => "1.993"},{"date" => "2009-05-30T22:07:17","version" => "1.994"},{"date" => "2009-06-08T21:27:08","version" => "1.995"},{"date" => "2009-07-06T14:12:57","version" => "1.996"},{"date" => "2009-07-30T16:40:54","version" => "1.997"},{"date" => "2009-08-19T19:19:44","version" => "1.9971"},{"date" => "2009-12-09T21:39:37","version" => "1.998"},{"date" => "2009-12-15T15:59:37","version" => "1.9982"},{"date" => "2009-12-18T19:25:25","version" => "1.9983"},{"date" => "2009-12-22T21:20:40","version" => "1.9984"},{"date" => "2009-12-23T21:56:31","version" => "1.999"},{"date" => "2010-01-28T02:58:41","version" => "2.00"},{"date" => "2010-02-09T18:13:33","version" => "2.01"},{"date" => "2010-03-10T05:56:50","version" => "2.02"},{"date" => "2010-03-25T16:06:21","version" => "2.03"},{"date" => "2010-04-18T21:44:27","version" => "2.04"},{"date" => "2010-05-13T03:30:32","version" => "2.05"},{"date" => "2010-05-13T21:17:05","version" => "2.06"},{"date" => "2010-05-17T14:49:41","version" => "2.07"},{"date" => "2010-05-21T02:52:47","version" => "2.08"},{"date" => "2010-06-10T20:17:32","version" => "2.09"},{"date" => "2010-06-15T14:20:30","version" => "2.10"},{"date" => "2010-06-30T19:15:37","version" => "2.11"},{"date" => "2010-06-30T19:30:03","version" => "2.12"},{"date" => "2010-07-05T20:17:39","version" => "2.13"},{"date" => "2010-08-27T15:06:04","version" => "2.14"},{"date" => "2010-09-13T22:17:44","version" => "2.15"},{"date" => "2010-11-01T16:24:01","version" => "2.16"},{"date" => "2010-11-18T17:08:57","version" => "2.17"},{"date" => "2011-01-18T22:35:59","version" => "2.20"},{"date" => "2011-01-22T17:17:34","version" => "2.21"},{"date" => "2011-01-26T14:31:35","version" => "2.22"},{"date" => "2011-01-30T20:03:25","version" => "2.23"},{"date" => "2011-01-31T17:19:08","version" => "2.24"},{"date" => "2011-02-02T18:53:40","version" => "2.25"},{"date" => "2011-02-04T18:51:54","version" => "2.26"},{"date" => "2011-04-10T21:07:42","version" => "2.27"},{"date" => "2011-04-10T21:32:05","version" => "2.28"},{"date" => "2011-05-02T16:12:11","version" => "2.29"},{"date" => "2011-05-03T12:17:18","version" => "2.30"},{"date" => "2011-05-03T15:50:21","version" => "2.31"},{"date" => "2011-05-04T18:47:51","version" => "2.32"},{"date" => "2011-05-07T03:27:32","version" => "2.33"},{"date" => "2011-06-01T15:19:47","version" => "2.34"},{"date" => "2011-06-03T13:41:28","version" => "2.35"},{"date" => "2011-06-04T14:58:14","version" => "2.36"},{"date" => "2011-06-06T21:24:59","version" => "2.37"},{"date" => "2011-06-09T16:00:48","version" => "2.38"},{"date" => "2011-06-29T17:45:00","version" => "2.39"},{"date" => "2011-09-30T16:56:29","version" => "2.40"},{"date" => "2011-10-07T13:31:48","version" => "2.41"},{"date" => "2011-10-12T19:33:22","version" => "2.42"},{"date" => "2011-10-24T16:43:23","version" => "2.43"},{"date" => "2011-12-08T23:09:26","version" => "2.44"},{"date" => "2012-01-03T21:35:41","version" => "2.45"},{"date" => "2012-02-10T17:28:20","version" => "2.46"},{"date" => "2012-02-16T12:40:04","version" => "2.47"},{"date" => "2012-02-24T21:06:10","version" => "2.48"},{"date" => "2012-04-17T23:48:26","version" => "2.49"},{"date" => "2012-09-04T16:22:21","version" => "2.50"},{"date" => "2012-09-18T03:01:31","version" => "2.51"},{"date" => "2012-09-26T02:54:36","version" => "2.52"},{"date" => "2012-12-10T11:23:34","version" => "2.53"},{"date" => "2012-12-11T15:49:03","version" => "2.54"},{"date" => "2013-07-10T14:51:25","version" => "2.55"},{"date" => "2017-01-15T21:29:11","version" => "2.56"}]},"GD" => {"advisories" => [{"affected_versions" => ["<2.72"],"cves" => ["CVE-2019-6977"],"description" => "gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.\n","distribution" => "GD","fixed_versions" => [">=2.72"],"id" => "CPANSA-GD-2019-6977","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2019-6977","https://bugs.php.net/bug.php?id=77270","http://php.net/ChangeLog-7.php","http://php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/106731","https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html","https://www.debian.org/security/2019/dsa-4384","https://usn.ubuntu.com/3900-1/","https://security.netapp.com/advisory/ntap-20190315-0003/","https://security.gentoo.org/glsa/201903-18","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html","http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html","https://www.exploit-db.com/exploits/46677/","https://access.redhat.com/errata/RHSA-2019:2519","https://access.redhat.com/errata/RHSA-2019:3299","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"],"reported" => "2019-01-27","severity" => "high"}],"main_module" => "GD","versions" => [{"date" => "1996-05-17T08:12:00","version" => "1.00"},{"date" => "1996-07-17T10:16:00","version" => "1.01"},{"date" => "1996-09-07T16:53:00","version" => "1.10"},{"date" => "1996-09-09T10:37:00","version" => "1.11"},{"date" => "1996-09-10T12:04:00","version" => "1.12"},{"date" => "1996-09-11T07:27:00","version" => "1.13"},{"date" => "1996-09-12T16:11:00","version" => "1.14"},{"date" => "1997-11-19T21:13:00","version" => "1.15"},{"date" => "1997-12-19T14:26:00","version" => "1.16"},{"date" => "1998-01-16T13:34:00","version" => "1.17"},{"date" => "1998-01-26T08:44:00","version" => "1.18"},{"date" => "1998-03-08T16:43:26","version" => "1.18"},{"date" => "1999-01-31T17:52:34","version" => "1.18"},{"date" => "1999-04-26T20:35:55","version" => "1.19"},{"date" => "1999-06-02T13:44:43","version" => "1.19"},{"date" => "1999-08-31T03:38:46","version" => "1.20"},{"date" => "1999-08-31T14:55:24","version" => "1.21"},{"date" => "1999-09-30T21:46:47","version" => "1.22"},{"date" => "1999-11-11T14:26:14","version" => "1.23"},{"date" => "2000-02-15T19:54:37","version" => "1.24"},{"date" => "2000-02-22T15:20:41","version" => "1.25"},{"date" => "2000-03-18T23:21:50","version" => "1.26"},{"date" => "2000-03-22T19:41:56","version" => "1.27"},{"date" => "2000-06-23T12:15:51","version" => "1.28"},{"date" => "2000-06-23T18:26:31","version" => "1.29"},{"date" => "2000-07-07T02:42:47","version" => "1.30"},{"date" => "2000-11-10T16:00:09","version" => "1.32"},{"date" => "2001-04-05T04:42:53","version" => "1.33"},{"date" => "2001-09-26T05:19:41","version" => "1.31"},{"date" => "2001-12-06T22:57:11","version" => "1.35"},{"date" => "2001-12-17T19:13:23","version" => "1.36"},{"date" => "2001-12-19T21:34:33","version" => "1.37"},{"date" => "2002-01-04T15:33:18","version" => "1.38"},{"date" => "2002-06-12T02:09:05","version" => "1.39"},{"date" => "2002-06-19T12:11:07","version" => "1.40"},{"date" => "2002-07-22T07:33:14","version" => "1.41"},{"date" => "2002-08-09T16:31:00","version" => "2.00"},{"date" => "2002-08-09T16:39:49","version" => "2.01"},{"date" => "2002-10-14T13:07:59","version" => "2.02"},{"date" => "2002-11-01T15:46:28","version" => "2.04"},{"date" => "2002-11-05T00:55:52","version" => "2.041"},{"date" => "2002-11-25T01:35:10","version" => "2.05"},{"date" => "2003-01-08T16:49:15","version" => "2.06"},{"date" => "2003-04-24T05:06:33","version" => "2.07"},{"date" => "2003-10-06T23:04:15","version" => "2.10"},{"date" => "2003-10-07T22:33:21","version" => "2.11"},{"date" => "2004-02-06T14:33:56","version" => "2.12"},{"date" => "2004-07-22T20:32:01","version" => "2.15"},{"date" => "2004-07-27T00:47:05","version" => "2.16"},{"date" => "2004-11-10T19:15:39","version" => "2.17"},{"date" => "2004-11-12T15:19:40","version" => "2.18"},{"date" => "2004-11-16T13:36:22","version" => "2.19"},{"date" => "2005-02-09T18:50:44","version" => "2.21"},{"date" => "2005-03-07T18:09:39","version" => "2.22"},{"date" => "2005-03-09T21:04:40","version" => "2.23"},{"date" => "2005-07-15T18:47:39","version" => "2.25"},{"date" => "2005-08-04T13:34:01","version" => "2.26"},{"date" => "2005-08-06T14:52:27","version" => "2.27"},{"date" => "2005-08-08T17:28:37","version" => "2.28"},{"date" => "2005-10-19T05:44:52","version" => "2.29"},{"date" => "2005-10-19T07:51:48","version" => "2.30"},{"date" => "2006-02-20T19:48:20","version" => "2.31"},{"date" => "2006-03-08T20:19:06","version" => "2.32"},{"date" => "2006-06-01T20:02:57","version" => "2.34"},{"date" => "2006-08-23T15:31:17","version" => "2.35"},{"date" => "2008-04-21T14:15:26","version" => "2.39"},{"date" => "2008-08-07T18:48:46","version" => "2.40"},{"date" => "2008-08-07T19:17:19","version" => "2.41"},{"date" => "2009-06-10T14:44:33","version" => "2.43"},{"date" => "2009-07-10T18:12:58","version" => "2.44"},{"date" => "2010-04-30T18:52:21","version" => "2.45"},{"date" => "2011-05-01T17:47:22","version" => "2.46"},{"date" => "2013-02-26T10:54:32","version" => "2.48"},{"date" => "2013-02-26T11:04:16","version" => "2.49"},{"date" => "2013-07-02T20:48:59","version" => "2.50"},{"date" => "2014-02-04T16:53:54","version" => "2.51"},{"date" => "2014-02-19T04:29:23","version" => "2.52"},{"date" => "2014-04-01T14:26:31","version" => "2.53"},{"date" => "2014-10-27T02:29:14","version" => "2.55"},{"date" => "2014-10-28T01:35:39","version" => "2.56"},{"date" => "2017-04-19T14:45:56","version" => "2.56_01"},{"date" => "2017-04-19T14:56:35","version" => "2.56_02"},{"date" => "2017-04-19T15:19:33","version" => "2.56_03"},{"date" => "2017-04-21T06:22:54","version" => "2.57"},{"date" => "2017-04-21T08:38:24","version" => "2.58"},{"date" => "2017-04-21T10:35:21","version" => "2.59"},{"date" => "2017-04-21T22:11:18","version" => "2.60"},{"date" => "2017-04-22T15:52:15","version" => "2.61"},{"date" => "2017-04-22T22:27:02","version" => "2.62"},{"date" => "2017-04-23T08:23:06","version" => "2.63"},{"date" => "2017-04-23T09:03:18","version" => "2.64"},{"date" => "2017-04-23T10:36:23","version" => "2.65"},{"date" => "2017-04-23T13:08:08","version" => "2.66"},{"date" => "2017-11-15T08:33:16","version" => "2.67"},{"date" => "2018-02-18T19:56:41","version" => "2.68"},{"date" => "2018-08-26T15:40:02","version" => "2.69"},{"date" => "2019-01-10T12:57:08","version" => "2.70"},{"date" => "2019-02-12T11:53:42","version" => "2.71"},{"date" => "2020-07-18T06:02:50","version" => "2.72"},{"date" => "2020-09-24T13:01:57","version" => "2.73"},{"date" => "2022-01-23T15:34:48","version" => "2.74"},{"date" => "2022-01-25T16:54:22","version" => "2.75"},{"date" => "2022-02-01T14:50:45","version" => "2.76"},{"date" => "2023-05-29T07:10:47","version" => "2.77"},{"date" => "2023-07-04T09:13:52","version" => "2.78"},{"date" => "2024-04-29T19:57:07","version" => "2.79"},{"date" => "2024-05-03T11:16:48","version" => "2.80"},{"date" => "2024-05-03T17:02:57","version" => "2.81"},{"date" => "2024-05-27T10:31:38","version" => "2.82"},{"date" => "2024-06-23T15:46:01","version" => "2.83"},{"date" => "2026-01-04T19:40:59","version" => "2.84"}]},"GPIB" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2006-1565"],"description" => "Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.\n","distribution" => "GPIB","fixed_versions" => [],"id" => "CPANSA-GPIB-2006-1565","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359239","http://www.securityfocus.com/bid/17288","https://exchange.xforce.ibmcloud.com/vulnerabilities/25681"],"reported" => "2006-03-31","severity" => undef}],"main_module" => "GPIB","versions" => [{"date" => "2002-01-02T03:13:38","version" => "0_30"}]},"Galileo" => {"advisories" => [{"affected_versions" => ["<0.043"],"cves" => ["CVE-2019-7410"],"description" => "There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via \$page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).\n","distribution" => "Galileo","fixed_versions" => [">=0.043"],"id" => "CPANSA-Galileo-2019-7410","references" => ["https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMS_v0.042.txt","https://metacpan.org/changes/distribution/Galileo","https://github.com/jberger/Galileo/pull/55/files","https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_Vulnerability_in_Galileo_CMS_v0.042.txt"],"reported" => "2020-08-14","severity" => "medium"}],"main_module" => "Galileo","versions" => [{"date" => "2012-07-30T17:03:42","version" => "0.001"},{"date" => "2012-07-30T17:38:19","version" => "0.002"},{"date" => "2012-07-30T20:36:06","version" => "0.003"},{"date" => "2012-07-31T15:41:59","version" => "0.004"},{"date" => "2012-08-06T21:26:17","version" => "0.005"},{"date" => "2012-08-09T20:39:14","version" => "0.006"},{"date" => "2012-09-10T17:57:20","version" => "0.007"},{"date" => "2012-10-27T17:40:15","version" => "0.008"},{"date" => "2012-10-28T18:03:00","version" => "0.009"},{"date" => "2012-10-28T18:10:15","version" => "0.01"},{"date" => "2012-10-31T22:10:19","version" => "0.011"},{"date" => "2013-01-15T15:10:42","version" => "0.012"},{"date" => "2013-01-15T21:07:00","version" => "0.013"},{"date" => "2013-01-16T21:37:32","version" => "0.014"},{"date" => "2013-01-19T03:59:45","version" => "0.015"},{"date" => "2013-01-26T21:28:59","version" => "0.016"},{"date" => "2013-02-05T03:32:32","version" => "0.017"},{"date" => "2013-02-06T02:47:47","version" => "0.018"},{"date" => "2013-02-06T03:09:27","version" => "0.019"},{"date" => "2013-02-11T23:33:00","version" => "0.020"},{"date" => "2013-02-17T01:24:51","version" => "0.021"},{"date" => "2013-02-17T02:44:14","version" => "0.022"},{"date" => "2013-03-04T18:25:01","version" => "0.023"},{"date" => "2013-03-12T15:24:22","version" => "0.024"},{"date" => "2013-03-12T18:48:22","version" => "0.025"},{"date" => "2013-03-15T15:18:18","version" => "0.026"},{"date" => "2013-04-03T20:04:15","version" => "0.027"},{"date" => "2013-05-14T15:59:46","version" => "0.028"},{"date" => "2013-06-29T03:30:18","version" => "0.029"},{"date" => "2013-08-27T03:43:39","version" => "0.030"},{"date" => "2013-11-28T18:36:10","version" => "0.031"},{"date" => "2014-04-06T16:17:22","version" => "0.032"},{"date" => "2014-05-10T19:38:50","version" => "0.033"},{"date" => "2014-05-31T13:06:42","version" => "0.034"},{"date" => "2014-08-16T22:10:46","version" => "0.035"},{"date" => "2014-08-31T15:31:15","version" => "0.036"},{"date" => "2014-10-14T04:03:53","version" => "0.037"},{"date" => "2015-01-25T18:08:54","version" => "0.038"},{"date" => "2015-09-28T18:25:31","version" => "0.039"},{"date" => "2016-01-07T16:33:46","version" => "0.040"},{"date" => "2016-08-13T18:15:17","version" => "0.041"},{"date" => "2017-03-16T03:14:04","version" => "0.042"},{"date" => "2020-08-06T16:26:58","version" => "0.043"}]},"Git-Raw" => {"advisories" => [{"affected_versions" => [">=0.08,<=0.24"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.08,<=0.24"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.08,<=0.24"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.25,<=0.28"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.25,<=0.28"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.25,<=0.28"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.29,<=0.40"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.29,<=0.40"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.29,<=0.40"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.41,<=0.50"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.41,<=0.50"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.41,<=0.50"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.51,<=0.53"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.51,<=0.53"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.51,<=0.53"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.54,<=0.58"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.54,<=0.58"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.54,<=0.58"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.59,<=0.60"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.59,<=0.60"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.59,<=0.60"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => ["==0.75"],"cves" => ["CVE-2018-10888"],"description" => "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-10888-libgit2","references" => ["https://github.com/libgit2/libgit2/releases/tag/v0.27.3","https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3","https://bugzilla.redhat.com/show_bug.cgi?id=1598024","https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"],"reported" => "2018-07-10","severity" => "medium"},{"affected_versions" => ["==0.75"],"cves" => ["CVE-2018-10887"],"description" => "A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-10887-libgit2","references" => ["https://github.com/libgit2/libgit2/releases/tag/v0.27.3","https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22","https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a","https://bugzilla.redhat.com/show_bug.cgi?id=1598021","https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"],"reported" => "2018-07-10","severity" => "high"},{"affected_versions" => [">=0.76,<=0.82"],"cves" => ["CVE-2018-10888"],"description" => "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-10888-libgit2","references" => ["https://github.com/libgit2/libgit2/releases/tag/v0.27.3","https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3","https://bugzilla.redhat.com/show_bug.cgi?id=1598024","https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"],"reported" => "2018-07-10","severity" => "medium"},{"affected_versions" => [">=0.76,<=0.82"],"cves" => ["CVE-2018-10887"],"description" => "A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-10887-libgit2","references" => ["https://github.com/libgit2/libgit2/releases/tag/v0.27.3","https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22","https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a","https://bugzilla.redhat.com/show_bug.cgi?id=1598021","https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"],"reported" => "2018-07-10","severity" => "high"},{"affected_versions" => [">=0.83,<=0.84"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.85,<=0.87"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => ["==0.88"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => ["==0.89"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.08,<=0.40"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=0.41,<=0.75"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=0.76,<=0.88"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Git::Raw","versions" => [{"date" => "2012-08-05T11:44:00","version" => "0.01"},{"date" => "2012-08-05T20:19:35","version" => "0.02"},{"date" => "2012-08-06T16:46:15","version" => "0.03"},{"date" => "2012-08-08T21:43:23","version" => "0.04"},{"date" => "2012-08-09T15:57:26","version" => "0.05"},{"date" => "2012-08-17T14:13:37","version" => "0.06"},{"date" => "2012-08-20T19:03:21","version" => "0.07"},{"date" => "2012-08-21T15:15:44","version" => "0.08"},{"date" => "2012-08-22T17:57:45","version" => "0.09"},{"date" => "2012-08-22T18:54:02","version" => "0.10"},{"date" => "2012-08-23T09:42:11","version" => "0.11"},{"date" => "2012-09-22T17:26:43","version" => "0.12"},{"date" => "2012-10-02T16:28:54","version" => "0.13"},{"date" => "2012-10-19T10:29:16","version" => "0.14"},{"date" => "2012-10-30T21:41:51","version" => "0.15"},{"date" => "2012-11-30T11:44:22","version" => "0.16"},{"date" => "2012-12-04T12:50:53","version" => "0.17"},{"date" => "2012-12-14T17:41:07","version" => "0.18"},{"date" => "2013-01-03T18:26:04","version" => "0.19"},{"date" => "2013-01-26T12:47:33","version" => "0.20"},{"date" => "2013-02-20T16:43:28","version" => "0.21"},{"date" => "2013-02-23T14:21:03","version" => "0.22"},{"date" => "2013-03-25T13:12:14","version" => "0.23"},{"date" => "2013-03-31T11:09:03","version" => "0.24"},{"date" => "2013-10-09T13:20:24","version" => "0.25"},{"date" => "2013-10-09T14:13:40","version" => "0.26"},{"date" => "2013-10-23T10:37:15","version" => "0.27"},{"date" => "2013-11-18T14:02:54","version" => "0.28"},{"date" => "2013-11-24T19:20:25","version" => "0.29"},{"date" => "2014-01-26T13:41:14","version" => "0.30"},{"date" => "2014-02-08T18:10:43","version" => "0.31"},{"date" => "2014-03-16T14:06:42","version" => "0.32"},{"date" => "2014-04-14T10:32:15","version" => "0.33"},{"date" => "2014-04-27T10:41:00","version" => "0.34"},{"date" => "2014-04-28T16:45:42","version" => "0.35"},{"date" => "2014-05-02T14:01:36","version" => "0.36"},{"date" => "2014-06-08T15:27:13","version" => "0.37"},{"date" => "2014-06-11T18:05:33","version" => "0.38"},{"date" => "2014-06-12T16:08:55","version" => "0.39"},{"date" => "2014-06-25T19:08:19","version" => "0.40"},{"date" => "2014-08-03T16:09:58","version" => "0.41"},{"date" => "2014-08-09T13:22:08","version" => "0.42"},{"date" => "2014-08-14T13:21:12","version" => "0.43"},{"date" => "2014-08-18T08:35:38","version" => "0.44"},{"date" => "2014-09-18T21:31:44","version" => "0.45"},{"date" => "2014-09-19T10:44:04","version" => "0.46"},{"date" => "2014-09-30T11:08:31","version" => "0.47"},{"date" => "2014-10-13T21:10:25","version" => "0.48"},{"date" => "2014-10-24T10:06:17","version" => "0.49"},{"date" => "2014-11-15T18:12:53","version" => "0.50"},{"date" => "2015-02-09T07:56:23","version" => "0.51"},{"date" => "2015-03-19T11:47:40","version" => "0.52"},{"date" => "2015-04-14T18:26:22","version" => "0.53"},{"date" => "2015-11-12T19:30:27","version" => "0.54"},{"date" => "2015-11-14T09:21:11","version" => "0.55"},{"date" => "2015-11-17T11:54:04","version" => "0.56"},{"date" => "2015-11-21T13:30:25","version" => "0.57"},{"date" => "2015-11-23T05:52:12","version" => "0.58"},{"date" => "2016-05-23T04:45:30","version" => "0.59"},{"date" => "2016-06-09T17:50:00","version" => "0.60"},{"date" => "2016-12-05T17:51:20","version" => "0.61"},{"date" => "2016-12-06T16:59:22","version" => "0.62"},{"date" => "2016-12-08T18:31:51","version" => "0.63"},{"date" => "2016-12-16T12:56:55","version" => "0.64"},{"date" => "2016-12-21T16:02:45","version" => "0.65"},{"date" => "2016-12-28T16:06:29","version" => "0.66"},{"date" => "2016-12-28T17:03:40","version" => "0.67"},{"date" => "2016-12-30T08:07:24","version" => "0.68"},{"date" => "2016-12-30T08:11:44","version" => "0.69"},{"date" => "2016-12-30T19:19:00","version" => "0.70"},{"date" => "2017-01-09T06:53:53","version" => "0.71"},{"date" => "2017-01-10T05:12:24","version" => "0.72"},{"date" => "2017-03-22T16:43:32","version" => "0.73"},{"date" => "2017-03-24T09:07:21","version" => "0.74"},{"date" => "2018-01-25T18:54:11","version" => "0.75"},{"date" => "2018-03-08T16:00:17","version" => "0.76"},{"date" => "2018-03-09T04:57:30","version" => "0.77"},{"date" => "2018-03-09T13:30:01","version" => "0.78"},{"date" => "2018-03-23T18:40:02","version" => "0.79"},{"date" => "2018-06-17T08:47:43","version" => "0.80"},{"date" => "2018-06-27T17:23:13","version" => "0.81"},{"date" => "2018-12-12T15:18:03","version" => "0.82"},{"date" => "2019-05-20T13:42:02","version" => "0.83"},{"date" => "2019-08-19T20:36:03","version" => "0.84"},{"date" => "2020-04-19T11:32:47","version" => "0.85"},{"date" => "2020-04-25T11:27:33","version" => "0.86"},{"date" => "2020-08-30T12:19:25","version" => "0.87"},{"date" => "2021-08-08T12:37:22","version" => "0.88"},{"date" => "2022-10-23T16:31:07","version" => "0.89"},{"date" => "2022-10-27T08:52:11","version" => "0.90"}]},"Git-XS" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.08,<=0.17"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.17"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.17,<=0.88"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.88"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Git::XS","versions" => [{"date" => "2011-12-27T05:42:38","version" => "0.01"},{"date" => "2011-12-27T23:09:56","version" => "0.02"}]},"GitLab-API-v4" => {"advisories" => [{"affected_versions" => [">=0.26"],"cves" => ["CVE-2023-31485"],"description" => "GitLab::API::v4 is missing the verify_SSL=>1 flag in HTTP::Tiny, allowing a network attacker to MITM connections to the GitLab server.\n","distribution" => "GitLab-API-v4","fixed_versions" => [],"id" => "CPANSA-GitLab-API-v4-2023-31485","references" => ["https://github.com/bluefeet/GitLab-API-v4/pull/57","https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://www.openwall.com/lists/oss-security/2023/04/18/14","https://github.com/chansen/p5-http-tiny/pull/151"],"reported" => "2023-02-28"}],"main_module" => "GitLab::API::v4","versions" => [{"date" => "2017-12-11T18:40:52","version" => "0.01"},{"date" => "2017-12-16T00:11:18","version" => "0.02"},{"date" => "2018-01-12T21:26:23","version" => "0.03"},{"date" => "2018-02-03T23:15:40","version" => "0.04"},{"date" => "2018-03-06T18:26:52","version" => "0.05"},{"date" => "2018-04-09T20:06:01","version" => "0.06"},{"date" => "2018-05-10T21:33:05","version" => "0.07"},{"date" => "2018-05-14T17:33:39","version" => "0.08"},{"date" => "2018-05-29T04:48:13","version" => "0.09"},{"date" => "2018-06-06T06:47:41","version" => "0.10"},{"date" => "2018-09-02T05:24:51","version" => "0.11"},{"date" => "2018-09-12T01:04:05","version" => "0.12"},{"date" => "2018-11-08T13:44:56","version" => "0.13"},{"date" => "2018-12-04T20:39:42","version" => "0.14"},{"date" => "2019-01-09T18:13:46","version" => "0.15"},{"date" => "2019-02-18T06:21:38","version" => "0.16"},{"date" => "2019-02-20T22:49:13","version" => "0.17"},{"date" => "2019-04-01T04:36:27","version" => "0.18"},{"date" => "2019-05-17T20:41:31","version" => "0.19"},{"date" => "2019-07-23T21:42:57","version" => "0.20"},{"date" => "2019-08-24T18:56:25","version" => "0.21"},{"date" => "2019-09-13T15:03:00","version" => "0.22"},{"date" => "2019-10-18T19:55:54","version" => "0.23"},{"date" => "2020-02-12T22:10:58","version" => "0.24"},{"date" => "2020-02-12T22:21:40","version" => "0.25"},{"date" => "2021-01-30T07:11:26","version" => "0.26"},{"date" => "2023-06-07T20:51:14","version" => "0.27"}]},"Graphics-ColorNames" => {"advisories" => [{"affected_versions" => [">=2.0_01,<=3.1.2"],"cves" => ["CVE-2024-55918"],"description" => "A specially-named file may lead to HTML injection attacks.\n","distribution" => "Graphics-ColorNames","fixed_versions" => [">3.1.2"],"id" => "CPANSA-Graphics-ColorNames-2010-02","references" => ["https://metacpan.org/changes/distribution/Graphics-ColorNames","https://rt.cpan.org/Public/Bug/Display.html?id=54500"],"reported" => "2010-02-11"}],"main_module" => "Graphics::ColorNames","versions" => [{"date" => "2001-02-20T03:47:48","version" => "0.10"},{"date" => "2001-04-12T02:32:22","version" => "0.20"},{"date" => "2001-04-13T04:37:27","version" => "0.21"},{"date" => "2001-04-15T14:26:41","version" => "0.22"},{"date" => "2001-04-18T03:13:51","version" => "0.23"},{"date" => "2001-04-28T16:09:48","version" => "0.24"},{"date" => "2001-10-05T02:42:20","version" => "0.30"},{"date" => "2002-10-24T01:17:51","version" => "0.31"},{"date" => "2002-12-05T03:07:24","version" => "0.32"},{"date" => "2004-07-22T00:41:35","version" => "0.3901"},{"date" => "2004-07-22T20:01:47","version" => "0.39_02"},{"date" => "2004-07-23T01:52:58","version" => "0.39_03"},{"date" => "2004-07-26T06:36:47","version" => "0.39_04"},{"date" => "2004-08-01T01:21:33","version" => "1.00"},{"date" => "2004-08-18T20:32:07","version" => "1.01"},{"date" => "2004-08-24T15:53:20","version" => "1.02"},{"date" => "2004-08-26T21:51:46","version" => "1.03"},{"date" => "2004-09-03T06:56:23","version" => "1.04"},{"date" => "2004-09-03T07:00:16","version" => "1.05"},{"date" => "2005-03-29T23:06:41","version" => "1.06"},{"date" => "2005-04-04T15:17:24","version" => "2.0_01"},{"date" => "2005-04-07T16:08:52","version" => "2.0_02"},{"date" => "2005-04-08T16:48:24","version" => "2.0_03"},{"date" => "2006-10-24T13:58:29","version" => "2.0_04"},{"date" => "2007-12-16T15:33:27","version" => "2.01"},{"date" => "2007-12-16T16:04:00","version" => "2.02"},{"date" => "2007-12-17T12:49:37","version" => "2.03"},{"date" => "2007-12-17T20:01:53","version" => "2.04"},{"date" => "2007-12-20T16:01:35","version" => "2.10_01"},{"date" => "2008-01-04T15:55:53","version" => "2.10_02"},{"date" => "2008-01-05T13:14:32","version" => "2.10_03"},{"date" => "2008-01-06T21:52:18","version" => "2.10_04"},{"date" => "2008-01-08T16:20:38","version" => "2.10_05"},{"date" => "2008-01-10T21:43:53","version" => "2.11"},{"date" => "2018-09-27T23:02:17","version" => "v3.0.0"},{"date" => "2018-09-28T12:40:06","version" => "v3.0.1"},{"date" => "2018-09-28T16:56:39","version" => "v3.0.2"},{"date" => "2018-09-30T12:37:45","version" => "v3.1.0"},{"date" => "2018-10-01T16:51:16","version" => "v3.1.1"},{"date" => "2018-10-01T22:15:39","version" => "v3.1.2"},{"date" => "2018-10-03T23:36:26","version" => "v3.2.0"},{"date" => "2018-10-06T10:00:38","version" => "v3.2.1"},{"date" => "2018-10-23T20:30:22","version" => "v3.3.0"},{"date" => "2018-10-24T15:03:58","version" => "v3.3.1"},{"date" => "2018-10-27T16:33:30","version" => "v3.3.2"},{"date" => "2018-10-27T18:31:44","version" => "v3.3.3"},{"date" => "2018-11-11T15:13:51","version" => "v3.3.4"},{"date" => "2018-11-18T19:13:42","version" => "v3.4.0"},{"date" => "2019-06-06T20:30:43","version" => "v3.5.0"}]},"HTML-EP" => {"advisories" => [{"affected_versions" => [">=0.2011"],"cves" => ["CVE-2012-6142"],"description" => "HTML::EP::Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "HTML-EP","fixed_versions" => [],"id" => "CPANSA-HTML-EP-2012-6142","references" => ["http://www.securityfocus.com/bid/59833","http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84199"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "HTML::EP","versions" => [{"date" => "1998-06-24T20:39:44","version" => "0.1000"},{"date" => "1998-06-26T12:21:47","version" => "0.1002"},{"date" => "1998-07-17T21:28:11","version" => "0.1005"},{"date" => "1998-07-18T16:05:32","version" => "0.1006"},{"date" => "1998-07-24T20:40:11","version" => "0.1100"},{"date" => "1998-09-12T20:26:57","version" => "0.1106"},{"date" => "1998-09-14T00:09:23","version" => "0.1107"},{"date" => "1998-09-18T01:41:54","version" => "0.1108"},{"date" => "1998-10-06T09:42:57","version" => "0.1109"},{"date" => "1998-10-13T16:57:33","version" => "0.1111"},{"date" => "1998-10-15T19:02:15","version" => "0.1112"},{"date" => "1998-10-21T21:58:15","version" => "0.1113"},{"date" => "1998-11-06T20:01:59","version" => "0.1116"},{"date" => "1998-11-29T18:25:07","version" => "0.1117"},{"date" => "1998-12-03T17:11:04","version" => "0.1118"},{"date" => "1999-01-26T02:07:08","version" => "0.1123"},{"date" => "1999-02-01T00:08:19","version" => "0.1124"},{"date" => "1999-02-07T20:07:50","version" => "0.1125"},{"date" => "1999-02-13T12:36:36","version" => "0.1126"},{"date" => "1999-02-23T18:47:31","version" => "0.1127"},{"date" => "1999-02-26T18:27:47","version" => "0.1128"},{"date" => "1999-05-04T22:59:11","version" => "0.1130"},{"date" => "1999-08-26T15:05:04","version" => "0.11321"},{"date" => "1999-08-27T11:29:51","version" => "0.1133"},{"date" => "1999-08-31T11:04:44","version" => "0.1134"},{"date" => "1999-09-21T10:22:21","version" => "0.1135"},{"date" => "1999-09-26T13:27:28","version" => "0.20_00"},{"date" => "1999-09-27T10:28:51","version" => "0.20_01"},{"date" => "1999-11-05T11:38:40","version" => "0.2003"},{"date" => "1999-11-08T15:38:12","version" => "0.2004"},{"date" => "1999-11-08T18:18:11","version" => "0.2005"},{"date" => "1999-11-17T12:28:55","version" => "0.2006"},{"date" => "1999-11-17T17:23:52","version" => "0.2007"},{"date" => "1999-11-25T10:15:38","version" => "0.2008"},{"date" => "1999-12-07T20:43:46","version" => "0.2009"},{"date" => "1999-12-15T22:41:39","version" => "0.2010"},{"date" => "2001-01-05T13:26:37","version" => "0.2011"},{"date" => "2001-01-05T13:27:07","version" => 0}]},"HTML-Parser" => {"advisories" => [{"affected_versions" => ["<3.63"],"cves" => ["CVE-2009-3627"],"description" => "The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.\n","distribution" => "HTML-Parser","fixed_versions" => [">=3.63"],"id" => "CPANSA-HTML-Parser-2009-3627","references" => ["https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225","http://www.openwall.com/lists/oss-security/2009/10/23/9","http://secunia.com/advisories/37155","http://www.securityfocus.com/bid/36807","https://bugzilla.redhat.com/show_bug.cgi?id=530604","http://www.vupen.com/english/advisories/2009/3022","http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c","https://exchange.xforce.ibmcloud.com/vulnerabilities/53941"],"reported" => "2009-10-29","severity" => undef}],"main_module" => "HTML::Parser","versions" => [{"date" => "1998-03-31T22:25:05","version" => "2.14"},{"date" => "1998-04-02T11:40:38","version" => "2.16"},{"date" => "1998-04-28T08:35:12","version" => "2.17"},{"date" => "1998-06-22T19:45:24","version" => "2.18"},{"date" => "1998-07-06T23:12:33","version" => "2.19"},{"date" => "1998-07-08T13:05:04","version" => "2.20"},{"date" => "1998-11-13T21:48:08","version" => "2.21"},{"date" => "1999-06-09T10:34:35","version" => "2.23"},{"date" => "1999-11-03T07:10:32","version" => "2.24"},{"date" => "1999-11-05T09:46:11","version" => "2.25"},{"date" => "1999-12-14T23:01:49","version" => "3.00"},{"date" => "1999-12-19T07:07:38","version" => "3.01"},{"date" => "1999-12-21T09:55:56","version" => "3.02"},{"date" => "2000-01-15T16:25:39","version" => "3.04"},{"date" => "2000-01-22T16:14:25","version" => "3.05"},{"date" => "2000-03-06T14:00:15","version" => "3.06"},{"date" => "2000-03-20T12:47:48","version" => "3.07"},{"date" => "2000-05-23T10:59:19","version" => "3.08"},{"date" => "2000-06-28T08:49:09","version" => "3.09"},{"date" => "2000-06-29T07:52:47","version" => "3.10"},{"date" => "2000-08-22T10:04:28","version" => "3.11"},{"date" => "2000-09-14T18:22:47","version" => "3.12"},{"date" => "2000-09-17T01:55:45","version" => "3.13"},{"date" => "2000-12-04T06:05:39","version" => "3.14"},{"date" => "2000-12-26T09:04:53","version" => "3.15"},{"date" => "2001-02-23T07:21:20","version" => "3.16"},{"date" => "2001-02-24T06:32:38","version" => "3.17"},{"date" => "2001-02-25T04:51:50","version" => "3.18"},{"date" => "2001-03-10T04:32:27","version" => "3.19"},{"date" => "2001-03-13T19:44:52","version" => "3.19_90"},{"date" => "2001-03-16T02:29:32","version" => "3.19"},{"date" => "2001-03-19T19:26:50","version" => "3.19_91"},{"date" => "2001-03-26T15:37:39","version" => "3.19_92"},{"date" => "2001-03-27T19:44:20","version" => "3.19_93"},{"date" => "2001-03-30T08:24:11","version" => "3.19_94"},{"date" => "2001-04-03T00:18:14","version" => "3.20"},{"date" => "2001-04-10T22:34:03","version" => "3.21"},{"date" => "2001-04-18T05:31:23","version" => "3.22"},{"date" => "2001-05-02T04:18:51","version" => "3.23"},{"date" => "2001-05-05T06:18:21","version" => "3.23"},{"date" => "2001-05-09T07:23:34","version" => "3.24"},{"date" => "2001-05-11T17:26:39","version" => "3.25"},{"date" => "2001-06-12T08:35:06","version" => "3.25"},{"date" => "2002-03-17T20:11:55","version" => "3.26"},{"date" => "2003-01-18T13:08:01","version" => "3.27"},{"date" => "2003-04-17T03:56:32","version" => "3.28"},{"date" => "2003-08-15T06:11:17","version" => "3.29"},{"date" => "2003-08-18T05:48:21","version" => "3.30"},{"date" => "2003-08-19T14:56:07","version" => "3.31"},{"date" => "2003-10-10T14:31:48","version" => "3.32"},{"date" => "2003-10-14T10:53:29","version" => "3.33"},{"date" => "2003-10-27T21:23:09","version" => "3.34"},{"date" => "2003-12-12T14:27:23","version" => "3.35"},{"date" => "2004-04-01T12:21:44","version" => "3.36"},{"date" => "2004-11-10T18:56:54","version" => "3.37"},{"date" => "2004-11-11T10:19:56","version" => "3.38"},{"date" => "2004-11-17T14:33:49","version" => "3.39_90"},{"date" => "2004-11-23T11:46:30","version" => "3.39_91"},{"date" => "2004-11-23T22:25:21","version" => "3.39_92"},{"date" => "2004-11-29T11:14:34","version" => "3.40"},{"date" => "2004-11-30T09:30:56","version" => "3.41"},{"date" => "2004-12-04T11:54:54","version" => "3.42"},{"date" => "2004-12-06T09:19:28","version" => "3.43"},{"date" => "2004-12-28T14:07:28","version" => "3.44"},{"date" => "2005-01-06T09:09:45","version" => "3.45"},{"date" => "2005-10-24T12:34:04","version" => "3.46"},{"date" => "2005-11-22T21:50:09","version" => "3.47"},{"date" => "2005-12-02T17:41:00","version" => "3.48"},{"date" => "2006-02-08T10:58:39","version" => "3.49"},{"date" => "2006-02-14T18:32:51","version" => "3.50"},{"date" => "2006-03-22T09:26:15","version" => "3.51"},{"date" => "2006-04-26T08:43:13","version" => "3.52"},{"date" => "2006-04-27T11:55:34","version" => "3.53"},{"date" => "2006-04-28T08:21:04","version" => "3.54"},{"date" => "2006-07-10T09:16:22","version" => "3.55"},{"date" => "2007-01-12T11:00:07","version" => "3.56"},{"date" => "2008-11-16T21:45:07","version" => "3.57"},{"date" => "2008-11-17T11:35:37","version" => "3.58"},{"date" => "2008-11-24T09:15:09","version" => "3.59"},{"date" => "2009-02-09T11:26:08","version" => "3.60"},{"date" => "2009-06-20T09:34:17","version" => "3.61"},{"date" => "2009-08-13T21:01:27","version" => "3.62"},{"date" => "2009-10-22T20:11:52","version" => "3.63"},{"date" => "2009-10-25T12:24:11","version" => "3.64"},{"date" => "2010-04-04T20:44:00","version" => "3.65"},{"date" => "2010-07-09T13:27:13","version" => "3.66"},{"date" => "2010-08-17T17:15:19","version" => "3.67"},{"date" => "2010-09-01T21:28:52","version" => "3.68"},{"date" => "2011-10-15T15:35:01","version" => "3.69"},{"date" => "2013-03-28T22:21:30","version" => "3.70"},{"date" => "2013-05-08T22:23:29","version" => "3.71"},{"date" => "2016-01-19T17:44:02","version" => "3.72"},{"date" => "2020-08-25T17:40:17","version" => "3.73"},{"date" => "2020-08-30T18:40:48","version" => "3.74"},{"date" => "2020-08-30T19:58:22","version" => "3.75"},{"date" => "2021-03-04T18:06:59","version" => "3.76"},{"date" => "2022-03-14T22:12:49","version" => "3.77"},{"date" => "2022-03-28T15:23:23","version" => "3.78"},{"date" => "2022-10-12T15:41:58","version" => "3.79"},{"date" => "2022-11-01T14:19:26","version" => "3.80"},{"date" => "2023-01-31T03:13:18","version" => "3.81"},{"date" => "2024-03-13T20:11:51","version" => "3.82"},{"date" => "2024-07-30T16:42:50","version" => "3.83"}]},"HTML-Perlinfo" => {"advisories" => [{"affected_versions" => ["<1.52"],"cves" => [],"description" => "Possibility of denial-of-service attack.\n","distribution" => "HTML-Perlinfo","fixed_versions" => [">=1.52"],"id" => "CPANSA-HTML-Perlinfo-2008-01","references" => ["https://metacpan.org/changes/release/ACCARDO/HTML-Perlinfo-1.52"],"reported" => "2008-07-04"}],"main_module" => "HTML::Perlinfo","versions" => [{"date" => "2005-08-18T21:39:08","version" => "1.00"},{"date" => "2005-09-19T20:41:07","version" => "1.05"},{"date" => "2006-01-14T05:25:20","version" => "1.25"},{"date" => "2006-08-13T03:42:36","version" => "1.40"},{"date" => "2006-08-13T09:29:45","version" => "1.41"},{"date" => "2006-08-15T01:04:34","version" => "1.42"},{"date" => "2006-08-25T07:51:28","version" => "1.43"},{"date" => "2006-09-10T23:20:13","version" => "1.44"},{"date" => "2006-09-24T02:22:48","version" => "1.45"},{"date" => "2006-09-27T20:08:12","version" => "1.46"},{"date" => "2006-10-02T19:30:30","version" => "1.47"},{"date" => "2008-03-16T03:15:04","version" => "1.48"},{"date" => "2008-04-26T04:17:07","version" => "1.49"},{"date" => "2008-04-30T20:44:40","version" => "1.50"},{"date" => "2008-06-08T21:07:29","version" => "1.51"},{"date" => "2008-07-03T23:57:26","version" => "1.52"},{"date" => "2008-07-21T22:24:22","version" => "1.53"},{"date" => "2008-07-27T23:52:36","version" => "1.54"},{"date" => "2009-04-08T01:09:54","version" => "1.55"},{"date" => "2009-04-08T19:06:59","version" => "1.56"},{"date" => "2009-04-16T15:57:34","version" => "1.57"},{"date" => "2009-04-17T02:41:48","version" => "1.58"},{"date" => "2009-04-22T03:29:45","version" => "1.59"},{"date" => "2009-05-02T20:48:38","version" => "1.60"},{"date" => "2009-05-02T22:21:42","version" => "1.60"},{"date" => "2009-05-03T23:02:35","version" => "1.61"},{"date" => "2011-06-13T19:28:39","version" => "1.62"},{"date" => "2014-08-19T21:37:30","version" => "1.63"},{"date" => "2014-08-19T22:29:15","version" => "1.64"},{"date" => "2015-06-06T23:25:41","version" => "1.65"},{"date" => "2015-06-08T18:20:03","version" => "1.66"},{"date" => "2015-06-08T20:22:33","version" => "1.67"},{"date" => "2015-06-12T02:03:18","version" => "1.68"},{"date" => "2016-11-29T19:21:00","version" => "1.69"},{"date" => "2019-06-24T15:33:44","version" => "1.70"},{"date" => "2019-06-25T02:15:30","version" => "1.71"},{"date" => "2019-07-02T19:22:14","version" => "1.72"},{"date" => "2019-07-02T20:41:23","version" => "1.73"}]},"HTML-Scrubber" => {"advisories" => [{"affected_versions" => ["<0.15"],"cves" => ["CVE-2015-5667"],"description" => "Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.\n","distribution" => "HTML-Scrubber","fixed_versions" => [">=0.15"],"id" => "CPANSA-HTML-Scrubber-2015-5667","references" => ["http://jvn.jp/en/jp/JVN53973084/index.html","http://jvndb.jvn.jp/jvndb/JVNDB-2015-000171","https://metacpan.org/release/HTML-Scrubber","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172997.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172983.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172934.html"],"reported" => "2015-10-31","severity" => undef}],"main_module" => "HTML::Scrubber","versions" => [{"date" => "2003-04-18T14:10:19","version" => "0.02"},{"date" => "2003-07-21T14:57:02","version" => "0.03"},{"date" => "2003-10-30T02:31:36","version" => "0.04"},{"date" => "2003-10-31T07:27:00","version" => "0.05"},{"date" => "2003-11-02T11:10:49","version" => "0.06"},{"date" => "2004-03-18T14:35:12","version" => "0.07"},{"date" => "2004-04-01T22:12:20","version" => "0.08"},{"date" => "2011-04-01T15:36:18","version" => "0.09"},{"date" => "2013-09-27T14:06:41","version" => "0.10"},{"date" => "2013-10-11T14:13:11","version" => "0.11"},{"date" => "2015-03-14T18:25:35","version" => "0.12"},{"date" => "2015-03-19T16:31:12","version" => "0.13"},{"date" => "2015-04-02T16:20:48","version" => "0.14"},{"date" => "2015-10-10T14:02:08","version" => "0.15"},{"date" => "2017-06-25T19:31:24","version" => "0.16"},{"date" => "2017-06-27T13:04:46","version" => "0.17"},{"date" => "2019-09-22T11:11:50","version" => "0.18"},{"date" => "2019-09-24T12:28:19","version" => "0.19"}]},"HTML-StripScripts" => {"advisories" => [{"affected_versions" => ["<=1.06"],"cves" => ["CVE-2023-24038"],"description" => "The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.\n","distribution" => "HTML-StripScripts","fixed_versions" => [],"id" => "CPANSA-HTML-StripScripts-2023-24038","references" => ["https://github.com/clintongormley/perl-html-stripscripts/issues/3","https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html","https://www.debian.org/security/2023/dsa-5339"],"reported" => "2023-01-21","severity" => "high"}],"main_module" => "HTML::StripScripts","versions" => [{"date" => "2003-03-30T10:08:51","version" => "0.01"},{"date" => "2003-07-25T18:13:42","version" => "0.02"},{"date" => "2004-04-27T16:45:34","version" => "0.03"},{"date" => "2007-05-28T11:57:07","version" => "0.90"},{"date" => "2007-05-28T12:31:03","version" => "0.99"},{"date" => "2007-05-29T13:15:46","version" => "0.991"},{"date" => "2007-06-05T12:44:56","version" => "1.00"},{"date" => "2007-10-22T14:30:52","version" => "1.01"},{"date" => "2007-10-22T15:47:44","version" => "1.02"},{"date" => "2007-10-22T17:21:36","version" => "1.03"},{"date" => "2007-11-16T17:53:46","version" => "1.04"},{"date" => "2009-11-05T10:25:59","version" => "1.05"},{"date" => "2016-05-12T09:44:35","version" => "1.06"}]},"HTML-Template-Pro" => {"advisories" => [{"affected_versions" => ["<0.9507"],"cves" => ["CVE-2011-4616"],"description" => "Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.\n","distribution" => "HTML-Template-Pro","fixed_versions" => [">=0.9507"],"id" => "CPANSA-HTML-Template-Pro-2011-4616","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587","http://openwall.com/lists/oss-security/2011/12/19/1","http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507","http://secunia.com/advisories/47184","http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes","http://www.securityfocus.com/bid/51117","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html"],"reported" => "2012-01-06","severity" => undef}],"main_module" => "HTML::Template::Pro","versions" => [{"date" => "2005-06-09T11:07:59","version" => "0.38"},{"date" => "2005-06-22T09:55:37","version" => "0.39"},{"date" => "2005-07-07T09:11:59","version" => "0.40"},{"date" => "2005-07-26T16:58:29","version" => "0.41"},{"date" => "2005-08-04T15:58:27","version" => "0.42"},{"date" => "2005-08-04T17:36:21","version" => "0.43"},{"date" => "2005-08-12T16:32:44","version" => "0.44"},{"date" => "2005-08-19T19:10:08","version" => "0.45"},{"date" => "2005-08-26T18:24:23","version" => "0.46"},{"date" => "2005-08-31T17:43:09","version" => "0.48"},{"date" => "2005-09-08T17:43:14","version" => "0.50"},{"date" => "2005-09-30T15:59:34","version" => "0.52"},{"date" => "2005-10-06T17:14:51","version" => "0.53"},{"date" => "2005-10-17T13:37:05","version" => "0.54"},{"date" => "2005-10-26T12:18:18","version" => "0.55"},{"date" => "2005-11-03T16:46:06","version" => "0.56"},{"date" => "2005-11-13T16:12:39","version" => "0.57"},{"date" => "2005-12-02T08:10:18","version" => "0.58"},{"date" => "2006-01-22T20:07:54","version" => "0.59"},{"date" => "2006-02-02T16:32:55","version" => "0.60"},{"date" => "2006-02-06T20:45:02","version" => "0.61"},{"date" => "2006-02-22T20:05:55","version" => "0.62"},{"date" => "2006-04-18T20:24:51","version" => "0.64"},{"date" => "2007-06-01T14:46:48","version" => "0.65"},{"date" => "2007-10-04T11:08:55","version" => "0.66"},{"date" => "2007-12-02T23:20:56","version" => "0.67"},{"date" => "2008-01-08T18:01:32","version" => "0.68"},{"date" => "2008-01-08T20:03:26","version" => "0.68"},{"date" => "2008-03-01T19:46:47","version" => "0.69"},{"date" => "2008-06-09T09:06:12","version" => "0.70"},{"date" => "2008-09-05T19:36:06","version" => "0.71"},{"date" => "2008-12-19T08:16:12","version" => "0.72"},{"date" => "2009-04-02T20:36:25","version" => "0.73"},{"date" => "2009-04-10T20:41:07","version" => "0.74"},{"date" => "2009-07-05T16:40:09","version" => "0.75"},{"date" => "2009-07-13T08:33:36","version" => "0.76"},{"date" => "2009-07-23T17:37:10","version" => "0.80"},{"date" => "2009-07-28T15:58:37","version" => "0.81"},{"date" => "2009-08-04T15:46:34","version" => "0.82"},{"date" => "2009-08-05T20:27:52","version" => "0.83"},{"date" => "2009-08-08T18:13:20","version" => "0.84"},{"date" => "2009-08-09T16:45:02","version" => "0.85"},{"date" => "2009-08-24T08:00:34","version" => "0.86"},{"date" => "2009-08-29T19:22:41","version" => "0.87"},{"date" => "2009-09-11T16:53:57","version" => "0.90"},{"date" => "2009-09-24T15:48:49","version" => "0.91"},{"date" => "2009-09-29T20:14:35","version" => "0.92"},{"date" => "2009-11-23T20:25:34","version" => "0.93"},{"date" => "2010-03-26T19:12:55","version" => "0.94"},{"date" => "2010-05-21T19:34:29","version" => "0.95"},{"date" => "2010-06-16T19:00:45","version" => "0.9501"},{"date" => "2010-06-24T18:50:34","version" => "0.9502"},{"date" => "2010-08-29T12:45:12","version" => "0.9503"},{"date" => "2010-09-29T07:16:03","version" => "0.9504"},{"date" => "2011-07-01T10:40:21","version" => "0.9505"},{"date" => "2011-10-04T20:31:16","version" => "0.9506"},{"date" => "2011-12-09T07:59:17","version" => "0.9507"},{"date" => "2011-12-26T21:57:41","version" => "0.9508"},{"date" => "2012-02-28T19:59:05","version" => "0.9509"},{"date" => "2013-05-13T08:40:09","version" => "0.9510"},{"date" => "2021-11-30T23:21:23","version" => "0.9520"},{"date" => "2021-12-02T07:27:12","version" => "0.9521"},{"date" => "2021-12-06T17:53:48","version" => "0.9522"},{"date" => "2021-12-15T09:50:03","version" => "0.9523"},{"date" => "2022-01-16T20:42:34","version" => "0.9524"}]},"HTTP-Body" => {"advisories" => [{"affected_versions" => [">=1.08,<1.23"],"cves" => ["CVE-2013-4407"],"description" => "HTTP::Body::Multipart in the HTTP-Body 1.08, 1.22, and earlier module for Perl uses the part of the uploaded file's name after the first \".\" character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.\n","distribution" => "HTTP-Body","fixed_versions" => [">=1.23"],"id" => "CPANSA-HTTP-Body-2013-4407","references" => ["https://www.openwall.com/lists/oss-security/2024/04/07/1","https://security-tracker.debian.org/tracker/CVE-2013-4407","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634"],"reported" => "2013-09-02","severity" => "moderate"}],"main_module" => "HTTP::Body","versions" => [{"date" => "2005-10-06T23:31:10","version" => "0.01"},{"date" => "2005-10-07T19:39:00","version" => "0.2"},{"date" => "2005-10-28T00:04:21","version" => "0.03"},{"date" => "2005-11-09T06:02:28","version" => "0.4"},{"date" => "2005-11-17T04:03:44","version" => "0.5"},{"date" => "2006-01-06T11:55:08","version" => "0.6"},{"date" => "2007-03-23T17:02:39","version" => "0.7"},{"date" => "2007-03-24T01:48:23","version" => "0.8"},{"date" => "2007-03-27T17:55:21","version" => "0.9"},{"date" => "2008-02-23T16:03:17","version" => "1.00"},{"date" => "2008-02-23T16:16:09","version" => "1.01"},{"date" => "2008-02-27T22:08:06","version" => "1.02"},{"date" => "2008-04-07T14:20:46","version" => "1.03"},{"date" => "2008-06-23T19:41:56","version" => "1.04"},{"date" => "2008-12-01T22:14:51","version" => "1.05"},{"date" => "2010-01-09T18:23:07","version" => "1.06"},{"date" => "2010-01-24T19:42:49","version" => "1.07"},{"date" => "2010-08-19T19:02:08","version" => "1.08"},{"date" => "2010-08-19T23:11:46","version" => "1.09"},{"date" => "2010-10-08T14:52:40","version" => "1.10"},{"date" => "2010-10-26T14:38:59","version" => "1.11"},{"date" => "2011-03-20T00:58:03","version" => "1.12"},{"date" => "2011-11-04T18:44:06","version" => "1.14"},{"date" => "2011-12-05T03:02:21","version" => "1.15"},{"date" => "2012-10-03T15:19:24","version" => "1.16"},{"date" => "2012-10-03T22:04:49","version" => "1.17"},{"date" => "2013-12-06T15:06:26","version" => "1.18"},{"date" => "2013-12-06T15:07:56","version" => "1.19"},{"date" => "2015-01-28T15:21:00","version" => "1.20"},{"date" => "2015-01-29T03:50:10","version" => "1.21"},{"date" => "2015-01-29T03:53:01","version" => "1.22"},{"date" => "2024-03-30T03:28:24","version" => "1.23"}]},"HTTP-Daemon" => {"advisories" => [{"affected_versions" => ["<6.15"],"cves" => ["CVE-2022-31081"],"description" => "HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my \$rqst = \$conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my \$cl = \$rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected.\n","distribution" => "HTTP-Daemon","fixed_versions" => [">=6.15"],"id" => "CPANSA-HTTP-Daemon-2022-31081","references" => ["https://github.com/libwww-perl/HTTP-Daemon/commit/e84475de51d6fd7b29354a997413472a99db70b2","https://github.com/libwww-perl/HTTP-Daemon/commit/8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0","https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn","https://datatracker.ietf.org/doc/html/rfc7230#section-9.5","https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf","http://metacpan.org/release/HTTP-Daemon/","https://cwe.mitre.org/data/definitions/444.html","https://github.com/libwww-perl/HTTP-Daemon/issues/56","https://github.com/NixOS/nixpkgs/pull/181632"],"reported" => "2022-06-27","severity" => "medium"}],"main_module" => "HTTP::Daemon","versions" => [{"date" => "2011-02-27T22:49:28","version" => "6.00"},{"date" => "2012-02-18T12:26:43","version" => "6.01"},{"date" => "2019-04-01T16:05:05","version" => "6.02"},{"date" => "2019-04-01T20:58:35","version" => "6.03"},{"date" => "2019-04-02T13:12:12","version" => "6.04"},{"date" => "2019-07-26T20:42:43","version" => "6.05"},{"date" => "2019-08-29T14:24:33","version" => "6.06"},{"date" => "2020-05-19T19:20:38","version" => "6.07"},{"date" => "2020-05-22T15:27:22","version" => "6.08"},{"date" => "2020-05-25T16:53:41","version" => "6.09"},{"date" => "2020-05-26T16:22:18","version" => "6.10"},{"date" => "2020-06-03T14:48:37","version" => "6.11"},{"date" => "2020-06-04T16:03:28","version" => "6.12"},{"date" => "2022-02-09T20:41:36","version" => "6.13"},{"date" => "2022-03-03T20:49:07","version" => "6.14"},{"date" => "2023-02-22T22:03:32","version" => "6.15"},{"date" => "2023-02-24T03:09:01","version" => "6.16"}]},"HTTP-Session2" => {"advisories" => [{"affected_versions" => ["<1.10"],"cves" => ["CVE-2018-25160"],"description" => "HTTP::Session2 1.09 does not validate session id, this causes RCE depending on the session store you use.\n","distribution" => "HTTP-Session2","fixed_versions" => [">=1.10"],"id" => "CPANSA-HTTP-Session2-2018-01","references" => ["https://metacpan.org/changes/distribution/HTTP-Session2","https://github.com/tokuhirom/HTTP-Session2/commit/813838f6d08034b6a265a70e53b59b941b5d3e6d"],"reported" => "2018-01-26","severity" => "critical"},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2026-3255"],"description" => "HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function.  The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand() function is unsuitable for cryptographic usage.  HTTP::Session2 after version 1.02 will attempt to use the /dev/urandom device to generate a session id, but if the device is unavailable (for example, under Windows), then it will revert to the insecure method described above.","distribution" => "HTTP-Session2","fixed_versions" => [">=1.12"],"id" => "CPANSA-HTTP-Session2-2026-3255","references" => ["https://github.com/tokuhirom/HTTP-Session2/commit/9cfde4d7e0965172aef5dcfa3b03bb48df93e636.patch","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.01/source/lib/HTTP/Session2/ServerStore.pm#L68","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.11/source/lib/HTTP/Session2/Random.pm#L35","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.12/changes","http://www.openwall.com/lists/oss-security/2026/02/27/12"],"reported" => "2026-02-27","severity" => undef}],"main_module" => "HTTP::Session2","versions" => [{"date" => "2013-10-28T03:20:09","version" => "0.01"},{"date" => "2013-10-30T00:17:21","version" => "0.02"},{"date" => "2013-10-31T01:21:27","version" => "0.03"},{"date" => "2013-11-01T01:10:52","version" => "0.04"},{"date" => "2014-03-18T18:53:09","version" => "0.05"},{"date" => "2014-07-28T04:10:11","version" => "1.00"},{"date" => "2014-07-28T11:44:05","version" => "1.01"},{"date" => "2014-07-31T21:17:23","version" => "1.02"},{"date" => "2014-08-01T11:04:00","version" => "1.03"},{"date" => "2014-08-01T11:10:56","version" => "1.04"},{"date" => "2014-08-01T11:20:46","version" => "1.05"},{"date" => "2014-08-01T14:04:04","version" => "1.06"},{"date" => "2014-08-01T14:08:11","version" => "1.07"},{"date" => "2014-08-03T07:23:00","version" => "1.08"},{"date" => "2014-09-01T02:26:38","version" => "1.09"},{"date" => "2018-01-26T05:02:08","version" => "1.10"},{"date" => "2026-02-25T16:30:30","version" => "1.11"},{"date" => "2026-02-26T14:47:32","version" => "1.12"}]},"HTTP-Tiny" => {"advisories" => [{"affected_versions" => ["<0.083"],"cves" => ["CVE-2023-31486"],"description" => "HTTP::Tiny v0.082, a Perl core module since v5.13.9 and available standalone on CPAN, does not verify TLS certs by default. Users must opt-in with the verify_SSL=>1 flag to verify certs when using HTTPS.\n\nResulting in a CWE-1188: Insecure Default Initialization of Resource weakness.\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.083"],"id" => "CPANSA-HTTP-Tiny-2023-31486","references" => ["https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://github.com/chansen/p5-http-tiny/issues/152","https://github.com/chansen/p5-http-tiny/pull/151","https://hackeriet.github.io/cpan-http-tiny-overview/","https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/","https://github.com/NixOS/nixpkgs/pull/187480","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089","https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92.patch","https://github.com/chansen/p5-http-tiny/issues/134","https://github.com/chansen/p5-http-tiny/issues/68"],"reported" => "2023-02-14"},{"affected_versions" => ["<0.059"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.059"],"id" => "CPANSA-HTTP-Tiny-2016-1238","references" => ["https://metacpan.org/changes/distribution/HTTP-Tiny","https://github.com/chansen/p5-http-tiny/commit/b239c95ea7a256cfee9b8848f1bd4d1df6e66444"],"reported" => "2016-07-29"},{"affected_versions" => ["<0.039"],"cves" => [],"description" => "Temporary file creating during mirror()  not opened exclusively.\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.039"],"id" => "CPANSA-HTTP-Tiny-2013-01","references" => ["https://metacpan.org/dist/HTTP-Tiny/changes"],"reported" => "2013-11-27"}],"main_module" => "HTTP::Tiny","versions" => [{"date" => "2010-12-11T12:59:31","version" => "0.001"},{"date" => "2010-12-14T02:59:37","version" => "0.002"},{"date" => "2010-12-15T17:30:49","version" => "0.003"},{"date" => "2010-12-16T03:53:33","version" => "0.004"},{"date" => "2011-01-08T11:32:21","version" => "0.005"},{"date" => "2011-01-10T12:27:39","version" => "0.006"},{"date" => "2011-01-12T09:56:28","version" => "0.007"},{"date" => "2011-01-14T11:34:51","version" => "0.008"},{"date" => "2011-01-17T21:29:27","version" => "0.009"},{"date" => "2011-02-04T07:45:53","version" => "0.010"},{"date" => "2011-03-20T00:49:53","version" => "0.011"},{"date" => "2011-03-31T19:49:33","version" => "0.012"},{"date" => "2011-07-18T03:15:12","version" => "0.013"},{"date" => "2011-10-20T17:55:01","version" => "0.014"},{"date" => "2011-10-26T20:42:15","version" => "0.015"},{"date" => "2011-10-27T03:06:06","version" => "0.016"},{"date" => "2012-02-23T02:58:42","version" => "0.017"},{"date" => "2012-04-18T13:41:15","version" => "0.018"},{"date" => "2012-05-14T11:15:52","version" => "0.019"},{"date" => "2012-05-14T19:25:57","version" => "0.020"},{"date" => "2012-05-16T02:39:55","version" => "0.021"},{"date" => "2012-06-02T03:32:21","version" => "0.022"},{"date" => "2012-09-19T16:06:37","version" => "0.023"},{"date" => "2012-10-10T00:45:59","version" => "0.024"},{"date" => "2012-12-26T17:11:23","version" => "0.025"},{"date" => "2013-03-05T03:54:12","version" => "0.026"},{"date" => "2013-03-05T17:04:07","version" => "0.027"},{"date" => "2013-03-05T19:13:42","version" => "0.028"},{"date" => "2013-04-17T17:51:23","version" => "0.029"},{"date" => "2013-06-13T15:47:33","version" => "0.030"},{"date" => "2013-06-17T03:18:45","version" => "0.031"},{"date" => "2013-06-20T15:42:26","version" => "0.032"},{"date" => "2013-06-21T10:27:45","version" => "0.033"},{"date" => "2013-06-26T23:03:50","version" => "0.034"},{"date" => "2013-09-10T16:30:04","version" => "0.035"},{"date" => "2013-09-25T16:11:04","version" => "0.036"},{"date" => "2013-10-28T17:50:02","version" => "0.037"},{"date" => "2013-11-18T17:57:17","version" => "0.038"},{"date" => "2013-11-28T00:49:36","version" => "0.039"},{"date" => "2014-02-17T18:05:10","version" => "0.040"},{"date" => "2014-02-17T18:09:12","version" => "0.041"},{"date" => "2014-02-18T16:24:50","version" => "0.042"},{"date" => "2014-02-21T01:42:05","version" => "0.043"},{"date" => "2014-07-17T03:47:41","version" => "0.044"},{"date" => "2014-07-20T23:24:33","version" => "0.045"},{"date" => "2014-07-21T14:33:53","version" => "0.046"},{"date" => "2014-07-29T18:13:01","version" => "0.047"},{"date" => "2014-08-21T17:20:45","version" => "0.048"},{"date" => "2014-09-02T15:21:17","version" => "0.049"},{"date" => "2014-09-23T19:32:00","version" => "0.050"},{"date" => "2014-11-18T03:59:56","version" => "0.051"},{"date" => "2014-12-11T20:25:19","version" => "0.052"},{"date" => "2014-12-12T04:43:37","version" => "0.053"},{"date" => "2015-01-27T12:18:58","version" => "0.054"},{"date" => "2015-05-07T22:15:24","version" => "0.055"},{"date" => "2015-05-19T10:01:27","version" => "0.056"},{"date" => "2016-04-18T14:19:09","version" => "0.057"},{"date" => "2016-05-03T17:49:33","version" => "0.058"},{"date" => "2016-07-29T20:12:12","version" => "0.059"},{"date" => "2016-08-05T16:12:02","version" => "0.061"},{"date" => "2016-08-08T16:20:33","version" => "0.063"},{"date" => "2016-08-17T01:43:01","version" => "0.064"},{"date" => "2016-09-10T02:43:48","version" => "0.065"},{"date" => "2016-09-14T15:45:04","version" => "0.067"},{"date" => "2016-09-23T20:15:05","version" => "0.068"},{"date" => "2016-10-05T15:37:11","version" => "0.069"},{"date" => "2016-10-10T03:25:33","version" => "0.070"},{"date" => "2018-07-24T15:35:02","version" => "0.073"},{"date" => "2018-07-30T19:37:29","version" => "0.074"},{"date" => "2018-08-01T11:10:11","version" => "0.075"},{"date" => "2018-08-06T01:09:54","version" => "0.076"},{"date" => "2021-07-22T17:08:36","version" => "0.077"},{"date" => "2021-08-02T13:26:31","version" => "0.078"},{"date" => "2021-11-04T16:34:59","version" => "0.079"},{"date" => "2021-11-05T12:17:42","version" => "0.080"},{"date" => "2022-07-17T13:02:38","version" => "0.081"},{"date" => "2022-07-25T13:47:22","version" => "0.082"},{"date" => "2023-06-11T11:06:38","version" => "0.083"},{"date" => "2023-06-14T10:35:44","version" => "0.084"},{"date" => "2023-06-22T14:07:29","version" => "0.086"},{"date" => "2023-07-11T12:54:02","version" => "0.088"},{"date" => "2024-10-21T07:38:21","version" => "0.089"},{"date" => "2024-11-12T10:52:55","version" => "0.090"},{"date" => "2025-12-13T05:27:26","version" => "0.091"},{"date" => "2025-12-27T19:51:28","version" => "0.092"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.054_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "0.056_001"}]},"HarfBuzz-Shaper" => {"advisories" => [{"affected_versions" => ["<0.032"],"cves" => ["CVE-2026-0943"],"description" => "HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.\x{a0}  Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.","distribution" => "HarfBuzz-Shaper","embedded_vulnerability" => {"distributed_version" => "8.4.0","name" => "harfbuzz"},"fixed_versions" => [">=0.032"],"id" => "CPANSA-HarfBuzz-Shaper-2026-0943","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=2429296","https://metacpan.org/release/JV/HarfBuzz-Shaper-0.032/changes","https://www.cve.org/CVERecord?id=CVE-2026-22693"],"reported" => "2026-01-19","severity" => undef},{"affected_versions" => [">0.017.1,<0.018.1"],"cves" => ["CVE-2026-22693"],"description" => "HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.","distribution" => "HarfBuzz-Shaper","fixed_versions" => [],"id" => "CPANSA-HarfBuzz-Shaper-2026-22693-harfbuzz","references" => ["https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae","https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww","http://www.openwall.com/lists/oss-security/2026/01/11/1","http://www.openwall.com/lists/oss-security/2026/01/12/1"],"reported" => "2026-01-10","severity" => undef}],"main_module" => "HarfBuzz::Shaper","versions" => [{"date" => "2020-01-25T20:50:26","version" => "0.01"},{"date" => "2020-01-25T21:11:12","version" => "0.011"},{"date" => "2020-01-26T11:27:35","version" => "0.012"},{"date" => "2020-01-26T18:54:44","version" => "0.013"},{"date" => "2020-01-26T20:44:49","version" => "0.014"},{"date" => "2020-01-26T21:23:20","version" => "0.015"},{"date" => "2020-01-27T11:11:25","version" => "0.016"},{"date" => "2020-01-29T20:06:05","version" => "0.017"},{"date" => "2020-01-29T22:48:07","version" => "v0.017.1"},{"date" => "2020-01-30T08:56:56","version" => "0.018"},{"date" => "2020-01-30T23:01:26","version" => "v0.018.1"},{"date" => "2020-01-31T08:41:35","version" => "v0.018.2"},{"date" => "2020-01-31T14:42:22","version" => "v0.018.3"},{"date" => "2020-02-02T09:24:58","version" => "v0.018.4"},{"date" => "2020-02-06T15:32:38","version" => "0.019"},{"date" => "2020-02-07T08:52:42","version" => "0.020"},{"date" => "2020-02-08T21:13:09","version" => "0.021"},{"date" => "2020-06-05T11:33:14","version" => "0.022"},{"date" => "2020-07-11T20:50:43","version" => "0.023"},{"date" => "2021-04-12T09:07:33","version" => "0.024"},{"date" => "2021-12-24T07:18:44","version" => "0.025"},{"date" => "2022-01-07T19:55:32","version" => "0.026"},{"date" => "2024-05-07T12:06:56","version" => "0.027"},{"date" => "2025-01-29T09:03:21","version" => "0.028"},{"date" => "2025-01-30T05:18:06","version" => "0.029"},{"date" => "2025-01-31T14:13:59","version" => "0.030"},{"date" => "2025-01-31T19:34:57","version" => "0.031"},{"date" => "2026-01-14T23:19:07","version" => "0.032"},{"date" => "2026-01-19T21:24:52","version" => "0.033"}]},"IO-Compress" => {"advisories" => [{"affected_versions" => ["<2.070"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "IO-Compress","fixed_versions" => [">=2.070"],"id" => "CPANSA-IO-Compress-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "IO::Compress","versions" => [{"date" => "2009-04-04T09:49:11","version" => "2.017"},{"date" => "2009-05-03T16:27:20","version" => "2.018"},{"date" => "2009-05-04T09:43:44","version" => "2.019"},{"date" => "2009-06-03T17:48:41","version" => "2.020"},{"date" => "2009-08-30T20:27:02","version" => "2.021"},{"date" => "2009-10-09T21:56:08","version" => "2.022"},{"date" => "2009-11-09T23:43:07","version" => "2.023"},{"date" => "2010-01-09T17:56:46","version" => "2.024"},{"date" => "2010-03-28T12:57:23","version" => "2.025"},{"date" => "2010-04-07T19:51:37","version" => "2.026"},{"date" => "2010-04-24T19:16:06","version" => "2.027"},{"date" => "2010-07-24T14:46:19","version" => "2.030"},{"date" => "2011-01-06T11:24:01","version" => "2.032"},{"date" => "2011-01-11T14:03:58","version" => "2.033"},{"date" => "2011-05-02T21:50:29","version" => "2.034"},{"date" => "2011-05-07T08:32:12","version" => "2.035"},{"date" => "2011-06-18T21:45:50","version" => "2.036"},{"date" => "2011-06-22T07:19:49","version" => "2.037"},{"date" => "2011-10-28T14:28:46","version" => "2.039"},{"date" => "2011-10-28T22:20:49","version" => "2.040"},{"date" => "2011-11-17T23:45:33","version" => "2.042"},{"date" => "2011-11-20T21:34:13","version" => "2.043"},{"date" => "2011-12-03T22:49:21","version" => "2.044"},{"date" => "2011-12-04T19:21:48","version" => "2.045"},{"date" => "2011-12-18T22:38:32","version" => "2.046"},{"date" => "2012-01-28T23:28:39","version" => "2.047"},{"date" => "2012-01-29T17:00:45","version" => "2.048"},{"date" => "2012-02-18T15:58:24","version" => "2.049"},{"date" => "2012-04-29T12:42:10","version" => "2.052"},{"date" => "2012-08-05T20:37:36","version" => "2.055"},{"date" => "2012-11-10T19:09:13","version" => "2.057"},{"date" => "2012-11-12T22:15:00","version" => "2.058"},{"date" => "2012-12-15T13:41:23","version" => "2.059"},{"date" => "2013-01-07T20:02:34","version" => "2.060"},{"date" => "2013-05-27T09:55:05","version" => "2.061"},{"date" => "2013-08-12T19:08:16","version" => "2.062"},{"date" => "2013-11-02T17:15:29","version" => "2.063"},{"date" => "2014-02-01T23:21:32","version" => "2.064"},{"date" => "2014-09-21T12:42:45","version" => "2.066"},{"date" => "2014-12-08T15:14:06","version" => "2.067"},{"date" => "2014-12-23T17:46:25","version" => "2.068"},{"date" => "2015-09-26T18:42:09","version" => "2.069"},{"date" => "2016-12-28T23:09:27","version" => "2.070"},{"date" => "2017-02-12T20:41:37","version" => "2.072"},{"date" => "2017-02-19T20:37:27","version" => "2.073"},{"date" => "2017-02-19T22:11:53","version" => "2.074"},{"date" => "2018-04-03T18:22:13","version" => "2.080"},{"date" => "2018-04-08T15:03:07","version" => "2.081"},{"date" => "2018-12-30T22:40:20","version" => "2.083"},{"date" => "2019-01-06T08:57:26","version" => "2.084"},{"date" => "2019-03-31T19:16:41","version" => "2.086"},{"date" => "2019-08-10T18:12:14","version" => "2.087"},{"date" => "2019-11-03T09:29:00","version" => "2.088"},{"date" => "2019-11-03T19:54:15","version" => "2.089"},{"date" => "2019-11-09T16:00:26","version" => "2.090"},{"date" => "2019-11-23T19:44:59","version" => "2.091"},{"date" => "2019-12-04T22:10:26","version" => "2.092"},{"date" => "2019-12-07T16:05:46","version" => "2.093"},{"date" => "2020-07-14T15:32:09","version" => "2.094"},{"date" => "2020-07-20T19:25:09","version" => "2.095"},{"date" => "2020-07-31T20:53:32","version" => "2.096"},{"date" => "2021-01-07T13:57:52","version" => "2.100"},{"date" => "2021-02-20T14:25:27","version" => "2.101"},{"date" => "2021-02-28T08:57:41","version" => "2.102"},{"date" => "2022-04-03T19:50:28","version" => "2.103"},{"date" => "2022-04-09T15:43:24","version" => "2.104"},{"date" => "2022-04-09T21:36:46","version" => "2.105"},{"date" => "2022-04-12T16:10:04","version" => "2.106"},{"date" => "2022-06-25T09:04:18","version" => "2.201"},{"date" => "2023-02-08T21:49:30","version" => "2.204"},{"date" => "2023-07-16T19:41:51","version" => "2.205"},{"date" => "2023-07-25T15:56:21","version" => "2.206"},{"date" => "2024-02-18T22:20:49","version" => "2.207"},{"date" => "2024-03-31T15:17:06","version" => "2.208"},{"date" => "2024-04-06T13:44:44","version" => "2.211"},{"date" => "2024-04-27T12:55:39","version" => "2.212"},{"date" => "2024-08-28T15:36:27","version" => "2.213"},{"date" => "2025-10-24T16:29:27","version" => "2.214"},{"date" => "2026-01-30T17:09:53","version" => "2.215"},{"date" => "2026-01-30T22:29:53","version" => "2.216"},{"date" => "2026-02-01T11:12:56","version" => "2.217"},{"date" => "2026-03-08T15:13:32","version" => "2.218"},{"date" => "2026-03-09T13:58:06","version" => "2.219"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => undef}]},"IO-Compress-Brotli" => {"advisories" => [{"affected_versions" => [">=0.002,<=0.002001"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => [">=0.002_002,<=0.003"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => [">=0.003_001,<=0.004"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => ["==0.004001"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => ["==0.004_002"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"}],"main_module" => "IO::Compress::Brotli","versions" => [{"date" => "2015-12-31T19:03:44","version" => "0.001"},{"date" => "2016-01-01T09:33:21","version" => "0.001001"},{"date" => "2016-08-27T23:37:42","version" => "0.002"},{"date" => "2016-09-08T22:12:55","version" => "0.002001"},{"date" => "2017-09-09T17:15:27","version" => "0.002_002"},{"date" => "2017-09-16T20:41:00","version" => "0.003"},{"date" => "2017-09-23T19:24:01","version" => "0.003_001"},{"date" => "2017-10-14T17:57:14","version" => "0.003_002"},{"date" => "2017-10-28T19:51:35","version" => "0.004"},{"date" => "2018-05-19T19:01:07","version" => "0.004001"},{"date" => "2019-06-11T13:08:10","version" => "0.004_002"},{"date" => "2023-10-22T02:32:43","version" => "0.005"},{"date" => "2023-10-25T01:07:09","version" => "0.006"},{"date" => "2023-10-26T23:39:09","version" => "0.007"},{"date" => "2023-10-27T20:59:46","version" => "0.008"},{"date" => "2023-10-28T01:38:26","version" => "0.009"},{"date" => "2023-10-28T13:52:29","version" => "0.010"},{"date" => "2023-10-29T00:01:12","version" => "0.011"},{"date" => "2023-10-29T12:50:49","version" => "0.012"},{"date" => "2023-10-29T16:08:16","version" => "0.013"},{"date" => "2023-10-29T22:30:42","version" => "0.014"},{"date" => "2023-10-30T20:23:25","version" => "0.015"},{"date" => "2023-10-31T01:19:01","version" => "0.016"},{"date" => "2023-10-31T19:55:10","version" => "0.017"},{"date" => "2023-10-31T23:58:30","version" => "0.018"},{"date" => "2024-11-30T18:35:29","version" => "0.019"},{"date" => "2025-11-18T03:02:17","version" => "0.020"}]},"IO-Socket-SSL" => {"advisories" => [{"affected_versions" => ["<=1.35"],"cves" => ["CVE-2010-4334"],"description" => "The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.\n","distribution" => "IO-Socket-SSL","fixed_versions" => [">1.35"],"id" => "CPANSA-IO-Socket-SSL-2010-4334","references" => ["http://osvdb.org/69626","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058","http://www.securityfocus.com/bid/45189","http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes","http://secunia.com/advisories/42508","http://secunia.com/advisories/42757","http://www.openwall.com/lists/oss-security/2010/12/09/8","http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052594.html","http://www.openwall.com/lists/oss-security/2010/12/24/1","http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052601.html","http://www.mandriva.com/security/advisories?name=MDVSA-2011:092"],"reported" => "2011-01-14","severity" => undef},{"affected_versions" => [">=1.14","<=1.25"],"cves" => ["CVE-2009-3024"],"description" => "The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.\n","distribution" => "IO-Socket-SSL","fixed_versions" => [">=1.26"],"id" => "CPANSA-IO-Socket-SSL-2009-3024","references" => ["http://www.openwall.com/lists/oss-security/2009/08/31/4","http://www.openwall.com/lists/oss-security/2009/08/28/1","http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.30/Changes","http://www.openwall.com/lists/oss-security/2009/08/29/1","http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html","http://www.vupen.com/english/advisories/2011/0118","http://www.gentoo.org/security/en/glsa/glsa-201101-06.xml","http://secunia.com/advisories/42893"],"reported" => "2009-08-31","severity" => undef}],"main_module" => "IO::Socket::SSL","versions" => [{"date" => "1999-06-18T14:54:49","version" => "0.70"},{"date" => "1999-07-21T19:45:05","version" => "0.72"},{"date" => "1999-07-29T17:28:04","version" => "0.73"},{"date" => "2000-07-04T11:46:51","version" => "0.74"},{"date" => "2000-08-08T06:59:10","version" => "0.75"},{"date" => "2000-11-17T14:26:45","version" => "0.76"},{"date" => "2001-01-15T13:57:06","version" => "0.77"},{"date" => "2001-04-24T07:00:38","version" => "0.78"},{"date" => "2001-06-04T08:01:01","version" => "0.79"},{"date" => "2001-08-19T08:28:53","version" => "0.80"},{"date" => "2002-04-10T12:43:43","version" => "0.81"},{"date" => "2002-08-13T21:42:55","version" => "0.90"},{"date" => "2002-08-19T15:28:09","version" => "0.901"},{"date" => "2002-09-01T01:13:14","version" => "0.91"},{"date" => "2002-10-22T06:15:30","version" => "0.92"},{"date" => "2003-06-24T19:24:37","version" => "0.93"},{"date" => "2003-06-26T19:41:04","version" => "0.94"},{"date" => "2003-08-25T22:47:30","version" => "0.95"},{"date" => "2004-04-30T17:43:07","version" => "0.96"},{"date" => "2005-07-17T09:20:02","version" => "0.97"},{"date" => "2006-06-12T14:37:33","version" => "0.98"},{"date" => "2006-06-12T14:48:30","version" => "0.98"},{"date" => "2006-07-17T15:05:06","version" => "0.99"},{"date" => "2006-07-18T13:33:27","version" => "0.99"},{"date" => "2006-07-20T05:59:15","version" => "0.99"},{"date" => "2006-07-20T08:35:45","version" => "0.99"},{"date" => "2006-07-24T14:27:43","version" => "0.99"},{"date" => "2006-08-02T07:30:04","version" => "0.99"},{"date" => "2006-08-02T07:37:59","version" => "0.99"},{"date" => "2006-08-02T20:43:25","version" => "0.99"},{"date" => "2006-08-11T10:01:10","version" => "0.99"},{"date" => "2006-08-15T20:22:28","version" => "0.99"},{"date" => "2006-09-12T14:16:38","version" => "0.99"},{"date" => "2006-09-13T11:10:06","version" => "0.99"},{"date" => "2006-12-01T09:57:52","version" => "0.99"},{"date" => "2007-03-06T18:12:09","version" => "0.99"},{"date" => "2007-03-28T19:06:21","version" => "0.99"},{"date" => "2007-04-16T19:35:58","version" => "0.99"},{"date" => "2007-04-30T07:45:00","version" => "0.99"},{"date" => "2007-06-03T19:46:51","version" => "0.99"},{"date" => "2007-06-06T13:59:06","version" => "0.99"},{"date" => "2007-08-10T09:07:39","version" => "0.99"},{"date" => "2007-09-13T19:40:43","version" => "0.99"},{"date" => "2007-10-09T21:18:11","version" => "0.99"},{"date" => "2007-10-10T18:49:29","version" => "0.99"},{"date" => "2007-10-26T06:29:26","version" => "0.99"},{"date" => "2008-01-11T17:59:06","version" => "0.99"},{"date" => "2008-01-28T06:44:08","version" => "0.99"},{"date" => "2008-02-22T09:07:12","version" => "0.99"},{"date" => "2008-02-24T09:42:37","version" => "0.99"},{"date" => "2008-02-25T21:18:02","version" => "0.99"},{"date" => "2008-03-10T08:46:06","version" => "0.99"},{"date" => "2008-07-16T09:27:07","version" => "0.99"},{"date" => "2008-08-28T20:03:28","version" => "0.99"},{"date" => "2008-09-19T06:34:13","version" => "0.99"},{"date" => "2008-09-19T16:54:30","version" => "0.99"},{"date" => "2008-09-24T07:52:48","version" => "0.99"},{"date" => "2008-09-25T09:24:39","version" => "0.99"},{"date" => "2008-10-13T09:06:13","version" => "0.99"},{"date" => "2008-11-17T17:21:39","version" => "0.99"},{"date" => "2008-12-31T14:47:59","version" => "0.99"},{"date" => "2009-01-15T20:52:54","version" => "0.99"},{"date" => "2009-01-22T20:59:47","version" => "0.99"},{"date" => "2009-01-24T06:34:00","version" => "0.99"},{"date" => "2009-02-23T09:59:39","version" => "1.23"},{"date" => "2009-04-01T08:02:14","version" => "1.24"},{"date" => "2009-07-02T18:15:35","version" => "1.25"},{"date" => "2009-07-03T07:36:23","version" => "1.26"},{"date" => "2009-07-24T06:37:32","version" => "1.27"},{"date" => "2009-08-19T10:46:35","version" => "1.28"},{"date" => "2009-08-19T10:54:30","version" => "1.29"},{"date" => "2009-08-19T14:41:37","version" => "1.30"},{"date" => "2009-09-01T07:44:10","version" => "1.30_2"},{"date" => "2009-09-02T05:57:30","version" => "1.30_3"},{"date" => "2009-09-25T19:10:53","version" => "1.31"},{"date" => "2010-02-22T09:39:43","version" => "1.32"},{"date" => "2010-03-17T12:53:27","version" => "1.33"},{"date" => "2010-11-01T08:55:36","version" => "1.34"},{"date" => "2010-12-06T08:16:23","version" => "1.35"},{"date" => "2010-12-08T19:28:31","version" => "1.36"},{"date" => "2010-12-09T08:38:47","version" => "1.37"},{"date" => "2011-01-18T08:45:03","version" => "1.38"},{"date" => "2011-03-03T11:39:29","version" => "1.39"},{"date" => "2011-05-02T10:32:52","version" => "1.40"},{"date" => "2011-05-10T05:14:22","version" => "1.41"},{"date" => "2011-05-10T14:15:57","version" => "1.42"},{"date" => "2011-05-11T08:23:15","version" => "1.43"},{"date" => "2011-05-12T19:35:25","version" => "1.43_1"},{"date" => "2011-05-27T11:46:14","version" => "1.44"},{"date" => "2011-10-13T08:42:32","version" => "1.45"},{"date" => "2011-10-18T06:30:07","version" => "1.46"},{"date" => "2011-10-21T07:09:03","version" => "1.47"},{"date" => "2011-10-26T16:35:42","version" => "1.48"},{"date" => "2011-10-28T08:26:49","version" => "1.49"},{"date" => "2011-12-06T21:14:17","version" => "1.50"},{"date" => "2011-12-06T21:25:05","version" => "1.51"},{"date" => "2011-12-07T08:12:01","version" => "1.52"},{"date" => "2011-12-11T21:45:13","version" => "1.53"},{"date" => "2012-01-11T08:15:23","version" => "1.54"},{"date" => "2012-02-20T06:49:04","version" => "1.55"},{"date" => "2012-02-22T15:49:39","version" => "1.56"},{"date" => "2012-02-26T21:57:54","version" => "1.57"},{"date" => "2012-02-26T22:09:30","version" => "1.58"},{"date" => "2012-03-08T10:44:05","version" => "1.59"},{"date" => "2012-03-20T18:59:41","version" => "1.60"},{"date" => "2012-03-27T14:34:36","version" => "1.61"},{"date" => "2012-03-28T05:53:19","version" => "1.62"},{"date" => "2012-04-06T20:33:58","version" => "1.63"},{"date" => "2012-04-06T21:04:54","version" => "1.64"},{"date" => "2012-04-16T16:51:54","version" => "1.65"},{"date" => "2012-04-16T18:52:52","version" => "1.66"},{"date" => "2012-05-07T09:39:11","version" => "1.67"},{"date" => "2012-05-07T13:01:38","version" => "1.68"},{"date" => "2012-05-08T08:24:35","version" => "1.69"},{"date" => "2012-05-08T09:18:24","version" => "1.70"},{"date" => "2012-05-09T08:41:48","version" => "1.71"},{"date" => "2012-05-10T11:10:15","version" => "1.72"},{"date" => "2012-05-11T19:29:42","version" => "1.73"},{"date" => "2012-05-13T15:19:26","version" => "1.74"},{"date" => "2012-06-07T17:42:47","version" => "1.74_1"},{"date" => "2012-06-07T21:59:28","version" => "1.74_2"},{"date" => "2012-06-15T12:42:21","version" => "1.75"},{"date" => "2012-06-18T06:20:09","version" => "1.76"},{"date" => "2012-10-05T05:36:56","version" => "1.77"},{"date" => "2012-11-25T14:08:27","version" => "1.78"},{"date" => "2012-11-25T15:50:09","version" => "1.79"},{"date" => "2012-11-30T07:47:23","version" => "1.80"},{"date" => "2012-12-06T09:14:04","version" => "1.81"},{"date" => "2013-01-28T07:41:50","version" => "1.82"},{"date" => "2013-02-03T19:04:27","version" => "1.83"},{"date" => "2013-02-14T08:05:20","version" => "1.831"},{"date" => "2013-02-15T20:48:12","version" => "1.84"},{"date" => "2013-04-14T08:59:30","version" => "1.85"},{"date" => "2013-04-17T11:31:18","version" => "1.86"},{"date" => "2013-04-24T18:16:01","version" => "1.87"},{"date" => "2013-05-02T05:59:47","version" => "1.88"},{"date" => "2013-05-14T13:36:49","version" => "1.89"},{"date" => "2013-05-29T18:58:35","version" => "1.90"},{"date" => "2013-05-30T09:36:07","version" => "1.91"},{"date" => "2013-05-30T19:20:11","version" => "1.92"},{"date" => "2013-05-31T06:14:58","version" => "1.93"},{"date" => "2013-06-01T12:46:14","version" => "1.94"},{"date" => "2013-07-03T08:44:53","version" => "1.950"},{"date" => "2013-07-03T10:02:42","version" => "1.951"},{"date" => "2013-07-11T20:14:18","version" => "1.952"},{"date" => "2013-07-22T06:34:31","version" => "1.953"},{"date" => "2013-09-15T13:05:33","version" => "1.954"},{"date" => "2013-10-11T16:54:45","version" => "1.955"},{"date" => "2013-11-10T18:00:08","version" => "1.956"},{"date" => "2013-11-11T08:42:30","version" => "1.957"},{"date" => "2013-11-11T18:28:16","version" => "1.958"},{"date" => "2013-11-12T15:39:42","version" => "1.959"},{"date" => "2013-11-13T00:10:43","version" => "1.960"},{"date" => "2013-11-26T14:47:11","version" => "1.961"},{"date" => "2013-11-27T21:19:25","version" => "1.962"},{"date" => "2014-01-13T13:05:48","version" => "1.963"},{"date" => "2014-01-15T11:36:49","version" => "1.964"},{"date" => "2014-01-16T19:11:32","version" => "1.965"},{"date" => "2014-01-21T16:53:39","version" => "1.966"},{"date" => "2014-02-06T22:06:14","version" => "1.967"},{"date" => "2014-03-13T06:38:27","version" => "1.968"},{"date" => "2014-03-16T16:41:39","version" => "1.969"},{"date" => "2014-03-19T05:04:51","version" => "1.970"},{"date" => "2014-03-22T19:54:06","version" => "1.971"},{"date" => "2014-03-23T06:48:23","version" => "1.972"},{"date" => "2014-03-26T07:10:22","version" => "1.973"},{"date" => "2014-04-02T06:53:53","version" => "1.974"},{"date" => "2014-04-02T10:14:38","version" => "1.975"},{"date" => "2014-04-04T04:36:04","version" => "1.976"},{"date" => "2014-04-04T13:25:28","version" => "1.977"},{"date" => "2014-04-04T14:21:32","version" => "1.978"},{"date" => "2014-04-06T06:24:29","version" => "1.979"},{"date" => "2014-04-08T01:25:10","version" => "1.980"},{"date" => "2014-04-08T11:09:59","version" => "1.981"},{"date" => "2014-04-24T20:14:47","version" => "1.982"},{"date" => "2014-04-27T12:02:16","version" => "1.982_1"},{"date" => "2014-05-04T08:03:37","version" => "1.983"},{"date" => "2014-05-10T13:11:17","version" => "1.984"},{"date" => "2014-05-15T06:30:28","version" => "1.985"},{"date" => "2014-05-16T17:41:46","version" => "1.986"},{"date" => "2014-05-17T15:03:37","version" => "1.987"},{"date" => "2014-05-17T22:15:10","version" => "1.988"},{"date" => "2014-05-24T08:16:00","version" => "1.989"},{"date" => "2014-05-26T05:46:04","version" => "1.989_1"},{"date" => "2014-05-27T11:00:11","version" => "1.990"},{"date" => "2014-05-27T19:43:31","version" => "1.991"},{"date" => "2014-06-01T21:47:49","version" => "1.992"},{"date" => "2014-06-13T20:45:52","version" => "1.993"},{"date" => "2014-06-22T09:53:11","version" => "1.994"},{"date" => "2014-07-11T21:50:48","version" => "1.995"},{"date" => "2014-07-12T11:49:12","version" => "1.996"},{"date" => "2014-07-12T17:24:04","version" => "1.997"},{"date" => "2014-09-07T14:59:47","version" => "1.998"},{"date" => "2014-10-09T19:56:19","version" => "1.999"},{"date" => "2014-10-16T05:05:11","version" => "2.000"},{"date" => "2014-10-21T09:46:39","version" => "2.001"},{"date" => "2014-10-21T21:00:54","version" => "2.002"},{"date" => "2014-11-14T20:12:08","version" => "2.003"},{"date" => "2014-11-15T10:05:06","version" => "2.004"},{"date" => "2014-11-15T10:14:17","version" => "2.004_1"},{"date" => "2014-11-15T16:29:13","version" => "2.005"},{"date" => "2014-11-15T16:34:37","version" => "2.005_1"},{"date" => "2014-11-22T20:51:08","version" => "2.006"},{"date" => "2014-11-26T22:00:05","version" => "2.007"},{"date" => "2014-12-16T06:36:16","version" => "2.008"},{"date" => "2015-01-12T10:48:21","version" => "2.009"},{"date" => "2015-01-14T20:13:41","version" => "2.010"},{"date" => "2015-02-01T16:00:22","version" => "2.011"},{"date" => "2015-02-02T07:46:57","version" => "2.012"},{"date" => "2015-05-01T15:39:14","version" => "2.013"},{"date" => "2015-05-05T06:31:37","version" => "2.014"},{"date" => "2015-05-13T20:43:55","version" => "2.015"},{"date" => "2015-05-26T21:15:38","version" => "2.015_001"},{"date" => "2015-05-27T05:39:14","version" => "2.015_002"},{"date" => "2015-05-27T17:24:09","version" => "2.015_003"},{"date" => "2015-05-28T07:07:25","version" => "2.015_004"},{"date" => "2015-05-29T06:01:37","version" => "2.015_005"},{"date" => "2015-06-02T19:35:20","version" => "2.015_006"},{"date" => "2015-06-02T20:41:45","version" => "2.016"},{"date" => "2015-06-04T14:38:29","version" => "2.016_001"},{"date" => "2015-06-14T17:05:06","version" => "2.016_002"},{"date" => "2015-08-24T15:45:30","version" => "2.017"},{"date" => "2015-08-27T11:31:55","version" => "2.018"},{"date" => "2015-09-01T05:32:47","version" => "2.019"},{"date" => "2015-09-20T10:33:59","version" => "2.020"},{"date" => "2015-12-02T19:55:29","version" => "2.021"},{"date" => "2015-12-10T07:12:46","version" => "2.022"},{"date" => "2016-01-30T11:12:14","version" => "2.023"},{"date" => "2016-02-06T19:38:18","version" => "2.024"},{"date" => "2016-04-04T07:23:02","version" => "2.025"},{"date" => "2016-04-20T06:11:37","version" => "2.026"},{"date" => "2016-04-20T14:22:50","version" => "2.027"},{"date" => "2016-06-27T14:22:02","version" => "2.028"},{"date" => "2016-06-27T15:53:16","version" => "2.029"},{"date" => "2016-07-08T08:53:04","version" => "2.030"},{"date" => "2016-07-08T11:40:31","version" => "2.031"},{"date" => "2016-07-12T13:12:57","version" => "2.032"},{"date" => "2016-07-15T09:00:38","version" => "2.033"},{"date" => "2016-08-08T08:19:05","version" => "2.034"},{"date" => "2016-08-11T14:25:18","version" => "2.035"},{"date" => "2016-08-11T19:03:38","version" => "2.036"},{"date" => "2016-08-22T17:39:32","version" => "2.037"},{"date" => "2016-09-17T09:36:29","version" => "2.038"},{"date" => "2016-11-20T21:01:59","version" => "2.039"},{"date" => "2016-12-17T15:18:35","version" => "2.040"},{"date" => "2017-01-04T05:17:55","version" => "2.041"},{"date" => "2017-01-05T18:32:13","version" => "2.042"},{"date" => "2017-01-06T13:27:56","version" => "2.043"},{"date" => "2017-01-26T10:46:57","version" => "2.044"},{"date" => "2017-02-13T15:26:59","version" => "2.045"},{"date" => "2017-02-15T18:41:05","version" => "2.046"},{"date" => "2017-02-16T19:01:01","version" => "2.047"},{"date" => "2017-04-16T18:33:09","version" => "2.048"},{"date" => "2017-06-12T05:15:34","version" => "2.049"},{"date" => "2017-08-18T06:07:18","version" => "2.050"},{"date" => "2017-09-05T09:28:25","version" => "2.051"},{"date" => "2017-10-22T08:48:29","version" => "2.052"},{"date" => "2018-01-21T19:41:38","version" => "2.053"},{"date" => "2018-01-22T05:11:45","version" => "2.054"},{"date" => "2018-02-15T13:45:54","version" => "2.055"},{"date" => "2018-02-19T06:35:28","version" => "2.056"},{"date" => "2018-07-18T19:16:28","version" => "2.057"},{"date" => "2018-07-19T07:54:24","version" => "2.058"},{"date" => "2018-08-15T16:13:05","version" => "2.059"},{"date" => "2018-09-16T19:15:07","version" => "2.060"},{"date" => "2019-02-23T02:08:16","version" => "2.061"},{"date" => "2019-02-24T00:14:55","version" => "2.062"},{"date" => "2019-03-01T14:48:40","version" => "2.063"},{"date" => "2019-03-04T12:28:12","version" => "2.064"},{"date" => "2019-03-05T18:50:40","version" => "2.065"},{"date" => "2019-03-06T06:55:56","version" => "2.066"},{"date" => "2020-02-14T17:49:51","version" => "2.067"},{"date" => "2020-03-31T06:15:39","version" => "2.068"},{"date" => "2021-01-22T16:55:49","version" => "2.069"},{"date" => "2021-02-26T08:03:24","version" => "2.070"},{"date" => "2021-05-23T08:12:02","version" => "2.071"},{"date" => "2021-08-16T13:06:40","version" => "2.072"},{"date" => "2021-12-22T19:30:42","version" => "2.073"},{"date" => "2022-01-07T15:09:53","version" => "2.074"},{"date" => "2022-09-02T18:18:33","version" => "2.075"},{"date" => "2022-11-14T13:41:15","version" => "2.076"},{"date" => "2022-11-21T11:44:16","version" => "2.077"},{"date" => "2022-12-11T20:10:13","version" => "2.078"},{"date" => "2023-01-16T06:28:01","version" => "2.079"},{"date" => "2023-01-18T16:28:53","version" => "2.080"},{"date" => "2023-01-25T10:49:10","version" => "2.081"},{"date" => "2023-05-17T20:41:22","version" => "2.082"},{"date" => "2023-05-18T09:15:20","version" => "2.083"},{"date" => "2023-11-06T21:02:36","version" => "2.084"},{"date" => "2024-01-22T19:07:08","version" => "2.085"},{"date" => "2024-07-03T12:14:36","version" => "2.086"},{"date" => "2024-07-08T05:33:53","version" => "2.087"},{"date" => "2024-07-14T05:05:54","version" => "2.088"},{"date" => "2024-08-29T14:46:00","version" => "2.089"},{"date" => "2025-06-03T04:11:54","version" => "2.090"},{"date" => "2025-06-11T17:38:14","version" => "2.091"},{"date" => "2025-06-16T13:32:00","version" => "2.092"},{"date" => "2025-06-17T06:49:47","version" => "2.093"},{"date" => "2025-06-18T19:37:41","version" => "2.094"},{"date" => "2025-07-10T16:57:04","version" => "2.095"},{"date" => "2026-01-04T17:47:18","version" => "2.096"},{"date" => "2026-01-06T17:52:56","version" => "2.097"},{"date" => "2026-01-06T19:20:57","version" => "2.098"}]},"IPC-Cmd" => {"advisories" => [{"affected_versions" => ["<0.96"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "IPC-Cmd","fixed_versions" => [">=0.96"],"id" => "CPANSA-IPC-Cmd-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "IPC::Cmd","versions" => [{"date" => "2003-05-10T16:57:39","version" => "0.02"},{"date" => "2003-05-11T08:50:33","version" => "0.03"},{"date" => "2003-09-25T10:34:58","version" => "0.04"},{"date" => "2004-06-18T11:43:01","version" => "0.20"},{"date" => "2004-08-16T10:26:03","version" => "0.22"},{"date" => "2004-12-03T15:53:45","version" => "0.23"},{"date" => "2004-12-09T09:56:18","version" => "0.24"},{"date" => "2006-09-06T15:57:50","version" => "0.25"},{"date" => "2006-10-05T14:42:36","version" => "0.29_01"},{"date" => "2006-10-11T11:11:24","version" => "0.30"},{"date" => "2006-10-13T11:18:04","version" => "0.32"},{"date" => "2006-10-20T13:16:49","version" => "0.34"},{"date" => "2006-11-24T14:01:10","version" => "0.36"},{"date" => "2007-10-11T15:17:44","version" => "0.38"},{"date" => "2007-10-17T09:29:57","version" => "0.40"},{"date" => "2008-05-18T15:50:12","version" => "0.41_01"},{"date" => "2008-06-29T15:41:17","version" => "0.41_02"},{"date" => "2008-07-13T13:08:43","version" => "0.41_03"},{"date" => "2008-07-14T13:57:54","version" => "0.41_04"},{"date" => "2008-09-22T13:12:26","version" => "0.41_05"},{"date" => "2008-09-24T15:46:32","version" => "0.41_06"},{"date" => "2008-10-05T16:24:49","version" => "0.41_07"},{"date" => "2008-10-10T09:47:07","version" => "0.42"},{"date" => "2009-05-04T08:15:08","version" => "0.44"},{"date" => "2009-06-12T11:38:40","version" => "0.46"},{"date" => "2009-09-07T14:15:59","version" => "0.48"},{"date" => "2009-09-07T15:21:24","version" => "0.50"},{"date" => "2009-11-08T23:24:39","version" => "0.51_01"},{"date" => "2009-11-13T16:17:59","version" => "0.52"},{"date" => "2009-11-15T22:04:56","version" => "0.54"},{"date" => "2010-02-03T14:21:25","version" => "0.56"},{"date" => "2010-04-29T20:06:40","version" => "0.58"},{"date" => "2010-07-05T08:10:45","version" => "0.60"},{"date" => "2010-10-19T14:53:57","version" => "0.62"},{"date" => "2010-10-19T18:09:00","version" => "0.64"},{"date" => "2010-11-23T12:11:55","version" => "0.66"},{"date" => "2011-01-07T22:28:30","version" => "0.68"},{"date" => "2011-01-31T20:40:13","version" => "0.70"},{"date" => "2011-05-10T13:07:15","version" => "0.71_01"},{"date" => "2011-05-26T12:01:30","version" => "0.71_02"},{"date" => "2011-05-26T12:46:44","version" => "0.71_03"},{"date" => "2011-06-22T11:34:08","version" => "0.72"},{"date" => "2012-01-30T10:35:24","version" => "0.74"},{"date" => "2012-01-30T11:34:12","version" => "0.76"},{"date" => "2012-04-30T18:52:04","version" => "0.78"},{"date" => "2013-03-02T22:15:43","version" => "0.80"},{"date" => "2013-06-29T21:17:06","version" => "0.82"},{"date" => "2013-08-06T09:28:59","version" => "0.84"},{"date" => "2013-09-05T19:34:47","version" => "0.85_01"},{"date" => "2013-10-10T13:09:11","version" => "0.85_02"},{"date" => "2013-11-04T14:18:01","version" => "0.86"},{"date" => "2013-11-15T14:47:57","version" => "0.88"},{"date" => "2013-11-18T15:12:15","version" => "0.90"},{"date" => "2014-01-22T20:01:22","version" => "0.92"},{"date" => "2016-02-12T19:01:25","version" => "0.94"},{"date" => "2016-07-28T10:19:44","version" => "0.96"},{"date" => "2017-05-12T16:05:02","version" => "0.98"},{"date" => "2018-02-14T16:21:01","version" => "1.00"},{"date" => "2018-05-03T08:53:01","version" => "1.02"},{"date" => "2019-07-13T09:17:39","version" => "1.04"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "0.36_01"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.01","version" => "0.40_1"},{"date" => "2013-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019005","version" => "0.84_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.92_01"}]},"IPC-Run" => {"advisories" => [{"affected_versions" => ["<0.90","==0.90_01","==0.90_02"],"cves" => [],"description" => "INADDR_ANY can be your external ip, IPC::Run should only listen on localhost.\n","distribution" => "IPC-Run","fixed_versions" => [">=0.90"],"id" => "CPANSA-IPC-Run-2009-01","references" => ["https://metacpan.org/dist/IPC-Run/changes","https://rt.cpan.org/Public/Bug/Display.html?id=49693"],"reported" => "2009-09-14"}],"main_module" => "IPC::Run","versions" => [{"date" => "2000-05-22T05:10:41","version" => "0.1"},{"date" => "2000-06-01T06:12:25","version" => "0.2"},{"date" => "2000-06-02T16:53:04","version" => "0.21"},{"date" => "2000-06-03T12:34:23","version" => "0.3"},{"date" => "2000-06-06T18:48:56","version" => "0.32"},{"date" => "2000-06-08T10:24:28","version" => "0.33"},{"date" => "2000-06-08T10:41:19","version" => "0.34"},{"date" => "2000-06-15T19:06:43","version" => "0.4"},{"date" => "2000-08-17T14:33:30","version" => "0.42"},{"date" => "2000-10-02T21:20:49","version" => "0.44"},{"date" => "2001-11-11T04:21:36","version" => "0.5"},{"date" => "2001-11-12T07:19:27","version" => "0.51"},{"date" => "2001-12-01T06:05:11","version" => "0.54"},{"date" => "2001-12-01T21:54:11","version" => "0.55"},{"date" => "2001-12-02T13:48:12","version" => "0.56"},{"date" => "2001-12-06T20:33:30","version" => "0.6"},{"date" => "2001-12-07T09:31:12","version" => "0.61"},{"date" => "2002-01-01T20:42:40","version" => "0.62"},{"date" => "2002-02-27T17:14:16","version" => "0.63"},{"date" => "2002-03-14T17:14:53","version" => "0.64"},{"date" => "2002-03-27T11:42:32","version" => "0.66"},{"date" => "2002-04-26T15:04:45","version" => "0.7"},{"date" => "2002-05-06T13:23:28","version" => "0.71"},{"date" => "2002-05-09T15:58:13","version" => "0.72"},{"date" => "2002-05-22T13:20:13","version" => "0.73"},{"date" => "2002-05-23T13:48:23","version" => "0.74"},{"date" => "2003-01-28T17:59:36","version" => "0.75"},{"date" => "2003-09-26T19:35:48","version" => "0.77"},{"date" => "2004-03-09T06:22:24","version" => "0.78"},{"date" => "2005-01-19T23:50:56","version" => "0.79"},{"date" => "2006-03-10T15:30:59","version" => "0.80_91"},{"date" => "2006-05-10T20:00:28","version" => "0.80"},{"date" => "2008-10-15T09:59:57","version" => "0.81_01"},{"date" => "2008-12-18T12:01:25","version" => "0.82"},{"date" => "2009-07-09T16:38:18","version" => "0.83"},{"date" => "2009-07-13T00:59:41","version" => "0.84"},{"date" => "2010-03-23T05:12:54","version" => "0.85"},{"date" => "2010-03-24T20:11:05","version" => "0.86"},{"date" => "2010-03-29T18:03:50","version" => "0.87"},{"date" => "2010-03-30T18:14:22","version" => "0.88"},{"date" => "2010-04-01T04:48:26","version" => "0.89"},{"date" => "2011-06-03T04:41:40","version" => "0.90_01"},{"date" => "2011-06-29T04:15:08","version" => "0.90_02"},{"date" => "2011-07-01T04:18:30","version" => "0.90_03"},{"date" => "2011-07-03T20:10:42","version" => "0.90"},{"date" => "2012-01-25T05:16:00","version" => "0.91_01"},{"date" => "2012-02-15T04:50:23","version" => "0.91"},{"date" => "2012-08-22T15:00:56","version" => "0.92_01"},{"date" => "2012-08-30T15:26:42","version" => "0.92"},{"date" => "2014-12-11T05:59:50","version" => "0.93"},{"date" => "2014-12-11T07:48:28","version" => "0.93_01"},{"date" => "2014-12-14T07:23:31","version" => "0.94"},{"date" => "2016-04-13T03:11:26","version" => "0.94_01"},{"date" => "2016-04-14T05:15:22","version" => "0.94_02"},{"date" => "2017-04-25T01:29:03","version" => "0.95"},{"date" => "2017-05-12T13:48:34","version" => "0.96"},{"date" => "2018-03-26T21:45:38","version" => "0.97"},{"date" => "2018-03-29T18:52:43","version" => "0.98"},{"date" => "2018-03-30T22:49:37","version" => "0.99"},{"date" => "2018-05-23T17:24:25","version" => "20180523.0"},{"date" => "2020-05-05T20:57:23","version" => "20200505.0"},{"date" => "2022-08-07T12:50:57","version" => "20220807.0"},{"date" => "2023-10-03T01:09:01","version" => "20231003.0"},{"date" => "2025-07-15T17:03:00","version" => "20250715.0_01"},{"date" => "2025-08-10T01:54:10","version" => "20250809.0"}]},"IPTables-Parse" => {"advisories" => [{"affected_versions" => ["<1.6"],"cves" => ["CVE-2015-8326"],"description" => "The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.\n","distribution" => "IPTables-Parse","fixed_versions" => [],"id" => "CPANSA-IPTables-Parse-2015-8326","references" => ["https://metacpan.org/source/MRASH/IPTables-Parse-1.6/Changes","https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87","https://bugzilla.redhat.com/show_bug.cgi?id=1267962","http://www.openwall.com/lists/oss-security/2015/11/24/10"],"reported" => "2017-06-07","severity" => "medium"}],"main_module" => "IPTables::Parse","versions" => [{"date" => "2008-10-26T23:15:50","version" => "0.7"},{"date" => "2012-02-27T02:20:58","version" => "0.8"},{"date" => "2012-02-27T02:22:29","version" => "0.9"},{"date" => "2012-02-29T02:51:44","version" => "1.0"},{"date" => "2012-03-03T03:56:08","version" => "1.1"},{"date" => "2015-02-25T02:08:58","version" => "1.1"},{"date" => "2015-03-01T20:15:52","version" => "1.3.1"},{"date" => "2015-03-01T20:50:07","version" => "1.4"},{"date" => "2015-09-09T13:53:26","version" => "1.5"},{"date" => "2015-11-07T21:08:49","version" => "1.6"},{"date" => "2015-11-30T01:16:22","version" => "1.6.1"}]},"Image-ExifTool" => {"advisories" => [{"affected_versions" => ["<=12.37"],"cves" => ["CVE-2022-23935"],"description" => "lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a \$file =~ /\\|\$/ check, leading to command injection.\n","distribution" => "Image-ExifTool","fixed_versions" => [">12.38"],"id" => "CPANSA-Image-ExifTool-2022-23935","references" => ["https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582","https://gist.github.com/ert-plus/1414276e4cb5d56dd431c2f0429e4429"],"reported" => "2022-01-25","severity" => "critical"},{"affected_versions" => [">=7.44,<=12.23"],"cves" => ["CVE-2021-22204"],"description" => "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image\n","distribution" => "Image-ExifTool","fixed_versions" => [">12.23"],"id" => "CPANSA-Image-ExifTool-2021-22204","references" => ["http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html","http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html","http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html","http://www.openwall.com/lists/oss-security/2021/05/09/1","http://www.openwall.com/lists/oss-security/2021/05/10/5","https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800","https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json","https://hackerone.com/reports/1154542","https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/","https://www.debian.org/security/2021/dsa-4910"],"reported" => "2021-04-23","severity" => undef},{"affected_versions" => ["==8.32"],"cves" => ["CVE-2018-20211"],"description" => "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\\\par-%username%\\\\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).\n","distribution" => "Image-ExifTool","fixed_versions" => [">8"],"id" => "CPANSA-Image-ExifTool-2018-20211","references" => ["http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html","http://seclists.org/fulldisclosure/2018/Dec/44"],"reported" => "2019-01-02","severity" => undef}],"main_module" => "Image::ExifTool","versions" => [{"date" => "2004-10-04T15:37:06","version" => "3.60"},{"date" => "2004-11-02T12:46:54","version" => "3.72"},{"date" => "2004-11-05T12:41:52","version" => "3.74"},{"date" => "2004-11-11T18:24:18","version" => "3.82"},{"date" => "2004-11-24T18:42:42","version" => "3.93"},{"date" => "2004-11-25T16:34:47","version" => "3.94"},{"date" => "2005-01-24T13:15:55","version" => "4.36"},{"date" => "2005-02-07T15:56:43","version" => "4.53"},{"date" => "2005-02-18T00:42:59","version" => "4.64"},{"date" => "2005-03-01T19:23:29","version" => "4.73"},{"date" => "2005-03-15T12:09:56","version" => "4.87"},{"date" => "2005-04-02T19:46:41","version" => "4.93"},{"date" => "2005-04-20T12:41:30","version" => "5.05"},{"date" => "2005-05-16T15:54:07","version" => "5.18"},{"date" => "2005-06-03T19:21:17","version" => "5.25"},{"date" => "2005-06-15T17:21:33","version" => "5.32"},{"date" => "2005-07-19T18:16:02","version" => "5.46"},{"date" => "2005-08-24T14:58:18","version" => "5.55"},{"date" => "2005-10-13T13:15:01","version" => "5.67"},{"date" => "2005-11-18T13:04:29","version" => "5.77"},{"date" => "2005-12-22T16:42:56","version" => "5.87"},{"date" => "2006-02-19T20:26:14","version" => "6.00"},{"date" => "2006-05-12T12:10:32","version" => "6.17"},{"date" => "2006-07-24T13:18:05","version" => "6.29"},{"date" => "2006-09-06T20:26:16","version" => "6.36"},{"date" => "2006-09-21T15:39:52","version" => "6.42"},{"date" => "2006-11-20T13:52:55","version" => "6.57"},{"date" => "2006-12-20T13:07:23","version" => "6.66"},{"date" => "2007-02-14T13:28:50","version" => "6.75"},{"date" => "2007-02-16T13:21:27","version" => "6.76"},{"date" => "2007-05-10T18:53:15","version" => "6.90"},{"date" => "2007-10-24T11:39:52","version" => "7.00"},{"date" => "2008-02-05T17:21:39","version" => "7.15"},{"date" => "2008-03-12T12:24:57","version" => "7.21"},{"date" => "2008-04-18T13:09:00","version" => "7.25"},{"date" => "2008-05-31T11:39:35","version" => "7.30"},{"date" => "2008-10-26T19:00:34","version" => "7.50"},{"date" => "2008-10-27T13:48:39","version" => "7.51"},{"date" => "2009-01-06T13:48:18","version" => "7.60"},{"date" => "2009-02-09T14:25:12","version" => "7.67"},{"date" => "2009-07-02T15:42:38","version" => "7.82"},{"date" => "2009-08-18T01:30:53","version" => "7.88"},{"date" => "2009-08-18T12:03:19","version" => "7.89"},{"date" => "2009-11-20T19:06:24","version" => "8.00"},{"date" => "2010-02-08T20:49:00","version" => "8.10"},{"date" => "2010-03-18T14:09:58","version" => "8.15"},{"date" => "2010-07-13T12:35:33","version" => "8.25"},{"date" => "2010-11-21T21:29:00","version" => "8.40"},{"date" => "2011-03-01T12:43:02","version" => "8.50"},{"date" => "2011-06-27T11:52:50","version" => "8.60"},{"date" => "2011-09-24T10:53:29","version" => "8.65"},{"date" => "2012-01-08T13:48:19","version" => "8.75"},{"date" => "2012-01-27T14:19:10","version" => "8.77"},{"date" => "2012-03-25T12:07:06","version" => "8.85"},{"date" => "2012-04-28T12:06:48","version" => "8.90"},{"date" => "2012-08-25T12:28:04","version" => "9.01"},{"date" => "2012-11-03T16:37:48","version" => "9.04"},{"date" => "2013-01-02T21:07:34","version" => "9.11"},{"date" => "2013-01-03T01:49:33","version" => "9.12"},{"date" => "2013-01-10T15:05:11","version" => "9.13"},{"date" => "2013-04-06T11:38:39","version" => "9.25"},{"date" => "2013-04-15T11:20:13","version" => "9.27"},{"date" => "2014-01-11T22:58:56","version" => "9.46"},{"date" => "2014-02-22T14:40:30","version" => "9.53"},{"date" => "2014-05-11T13:34:36","version" => "9.60"},{"date" => "2014-09-03T12:19:55","version" => "9.70"},{"date" => "2014-11-15T15:14:24","version" => "9.76"},{"date" => "2015-03-14T11:33:58","version" => "9.90"},{"date" => "2015-08-18T13:30:08","version" => "10.00"},{"date" => "2016-01-22T15:51:06","version" => "10.10"},{"date" => "2016-04-20T13:25:01","version" => "10.15"},{"date" => "2016-06-13T14:05:58","version" => "10.20"},{"date" => "2016-11-24T16:55:55","version" => "10.36"},{"date" => "2017-01-13T16:02:53","version" => "10.39"},{"date" => "2017-01-14T17:30:45","version" => "10.40"},{"date" => "2017-04-20T12:54:29","version" => "10.50"},{"date" => "2017-06-05T14:41:23","version" => "10.55"},{"date" => "2018-02-22T13:27:40","version" => "10.80"},{"date" => "2018-06-07T11:44:16","version" => "11.00"},{"date" => "2018-06-11T12:18:41","version" => "11.01"},{"date" => "2018-09-28T01:34:43","version" => "11.11"},{"date" => "2019-03-06T15:14:28","version" => "11.30"},{"date" => "2019-06-11T15:29:41","version" => "11.50"},{"date" => "2019-10-10T13:04:36","version" => "11.70"},{"date" => "2020-01-28T15:40:58","version" => "11.85"},{"date" => "2020-06-11T20:36:48","version" => "12.00"},{"date" => "2021-01-18T14:03:50","version" => "12.15"},{"date" => "2021-01-21T17:51:28","version" => "12.16"},{"date" => "2021-05-21T00:37:46","version" => "12.26"},{"date" => "2021-08-12T13:13:43","version" => "12.30"},{"date" => "2022-06-07T11:39:06","version" => "12.42"},{"date" => "2022-06-07T20:05:13","version" => "12.42"},{"date" => "2022-11-09T11:41:50","version" => "12.50"},{"date" => "2023-04-05T15:01:59","version" => "12.60"},{"date" => "2023-11-19T16:15:22","version" => "12.70"},{"date" => "2024-01-31T01:08:08","version" => "12.75"},{"date" => "2024-01-31T15:31:14","version" => "12.76"},{"date" => "2024-10-29T17:10:24","version" => "13.00"},{"date" => "2024-12-20T16:49:20","version" => "13.10"},{"date" => "2025-03-11T12:01:50","version" => "13.25"},{"date" => "2025-05-25T18:10:41","version" => "13.30"},{"date" => "2025-09-06T12:17:12","version" => "13.35"},{"date" => "2025-09-09T18:09:15","version" => "13.36"},{"date" => "2025-12-15T20:40:08","version" => "13.44"},{"date" => "2026-02-07T18:48:19","version" => "13.50"}]},"Image-Info" => {"advisories" => [{"affected_versions" => ["<1.39"],"cves" => ["CVE-2016-9181"],"description" => "perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.\n","distribution" => "Image-Info","fixed_versions" => [">=1.39"],"id" => "CPANSA-Image-Info-2016-01","references" => ["http://www.securityfocus.com/bid/94220","http://www.openwall.com/lists/oss-security/2016/11/04/2"],"reported" => "2016-11-04"}],"main_module" => "Image::Info","versions" => [{"date" => "1999-12-19T07:09:24","version" => "0.01"},{"date" => "1999-12-22T00:03:22","version" => "0.02"},{"date" => "1999-12-25T22:43:22","version" => "0.03"},{"date" => "2000-01-07T18:20:42","version" => "0.04"},{"date" => "2000-08-24T09:09:25","version" => "0.05"},{"date" => "2000-10-18T19:55:02","version" => "1.00"},{"date" => "2000-10-31T17:32:56","version" => "1.01"},{"date" => "2000-11-10T18:21:41","version" => "1.02"},{"date" => "2000-11-13T19:44:44","version" => "1.03"},{"date" => "2000-11-30T20:25:46","version" => "1.04"},{"date" => "2001-03-24T20:20:31","version" => "0.06"},{"date" => "2001-03-24T20:40:20","version" => "1.05"},{"date" => "2001-03-26T19:28:11","version" => "1.06"},{"date" => "2001-04-11T00:53:39","version" => "1.07"},{"date" => "2001-08-24T18:29:39","version" => "1.08"},{"date" => "2001-12-14T23:07:08","version" => "1.09"},{"date" => "2002-05-29T00:04:22","version" => "1.10"},{"date" => "2002-07-04T17:37:20","version" => "1.11"},{"date" => "2002-12-31T00:09:32","version" => "1.12"},{"date" => "2003-10-06T17:27:43","version" => "1.13"},{"date" => "2003-10-06T21:50:56","version" => "1.14"},{"date" => "2003-10-06T22:10:09","version" => "1.15"},{"date" => "2004-01-07T12:47:37","version" => "1.16"},{"date" => "2006-01-28T12:41:59","version" => "1.17"},{"date" => "2006-03-03T15:31:07","version" => "1.18"},{"date" => "2006-03-05T09:19:05","version" => "1.18"},{"date" => "2006-03-13T20:52:28","version" => "1.18"},{"date" => "2006-05-01T14:33:54","version" => "1.18"},{"date" => "2006-07-16T12:43:58","version" => "1.18"},{"date" => "2006-09-30T12:35:03","version" => "1.23"},{"date" => "2007-02-25T12:39:30","version" => "1.24"},{"date" => "2007-05-14T19:11:49","version" => "1.25"},{"date" => "2007-09-09T11:23:15","version" => "1.26"},{"date" => "2007-12-15T13:50:50","version" => "1.27"},{"date" => "2008-03-30T19:16:37","version" => "1.28"},{"date" => "2009-07-08T20:39:39","version" => "1.28_50"},{"date" => "2009-07-09T22:26:22","version" => "1.28_51"},{"date" => "2009-07-17T18:24:54","version" => "1.28_52"},{"date" => "2009-07-31T21:09:25","version" => "1.29"},{"date" => "2009-08-14T20:25:31","version" => "1.29_50"},{"date" => "2009-09-14T19:04:17","version" => "1.29_51"},{"date" => "2009-09-16T19:23:40","version" => "1.29_51"},{"date" => "2009-10-23T20:45:13","version" => "1.29_51"},{"date" => "2009-10-31T09:21:38","version" => "1.29_51"},{"date" => "2009-11-14T16:30:54","version" => "1.30_50"},{"date" => "2009-11-22T22:10:25","version" => "1.30_51"},{"date" => "2010-02-09T20:08:40","version" => "1.30_52"},{"date" => "2010-02-09T20:43:56","version" => "1.30_53"},{"date" => "2010-09-25T15:42:44","version" => "1.31"},{"date" => "2011-12-28T21:32:21","version" => "1.31_50"},{"date" => "2011-12-28T21:53:50","version" => "1.31_51"},{"date" => "2012-02-21T21:03:11","version" => "1.32"},{"date" => "2012-10-23T19:59:15","version" => "1.32_50"},{"date" => "2012-10-24T20:24:17","version" => "1.32_51"},{"date" => "2012-10-25T21:49:45","version" => "1.32_52"},{"date" => "2012-11-03T19:12:43","version" => "1.33"},{"date" => "2013-01-27T13:49:04","version" => "1.33_50"},{"date" => "2013-01-28T11:15:59","version" => "1.33_51"},{"date" => "2013-01-29T16:18:27","version" => "1.34"},{"date" => "2013-04-03T20:29:08","version" => "1.34_50"},{"date" => "2013-04-10T19:22:43","version" => "1.35"},{"date" => "2013-05-06T10:32:44","version" => "1.35_50"},{"date" => "2013-06-28T08:29:45","version" => "1.35_51"},{"date" => "2013-07-05T08:23:26","version" => "1.36"},{"date" => "2014-12-19T23:10:31","version" => "1.36_51"},{"date" => "2014-12-29T22:23:42","version" => "1.36_52"},{"date" => "2014-12-31T08:44:32","version" => "1.37"},{"date" => "2015-04-20T05:00:55","version" => "1.38"},{"date" => "2016-10-01T15:35:13","version" => "1.38_50"},{"date" => "2016-10-01T17:43:27","version" => "1.38_51"},{"date" => "2016-10-08T09:00:58","version" => "1.39"},{"date" => "2017-03-19T20:16:19","version" => "1.39_50"},{"date" => "2017-03-21T19:05:30","version" => "1.40"},{"date" => "2017-06-30T17:22:28","version" => "1.40_50"},{"date" => "2017-07-12T16:34:02","version" => "1.41"},{"date" => "2019-10-16T19:12:33","version" => "1.41_50"},{"date" => "2019-10-19T06:46:49","version" => "1.42"},{"date" => "2022-07-17T15:58:54","version" => "1.42_50"},{"date" => "2022-10-03T17:54:30","version" => "1.43"},{"date" => "2023-07-25T18:26:43","version" => "1.43_50"},{"date" => "2023-08-03T17:14:43","version" => "1.44"},{"date" => "2024-11-20T08:40:18","version" => "1.44_50"},{"date" => "2024-11-23T10:43:42","version" => "1.44_51"},{"date" => "2024-11-24T09:58:13","version" => "1.45"}]},"Image-PNG-Simple" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.07"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "Image-PNG-Simple","fixed_versions" => [],"id" => "CPANSA-Image-PNG-Simple-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"}],"main_module" => "Image::PNG::Simple","versions" => [{"date" => "2015-07-30T11:31:38","version" => "0.01"},{"date" => "2015-08-01T00:08:18","version" => "0.02"},{"date" => "2015-08-03T05:20:49","version" => "0.03"},{"date" => "2015-08-04T02:01:32","version" => "0.04"},{"date" => "2015-08-04T12:30:46","version" => "0.05"},{"date" => "2015-08-05T02:29:57","version" => "0.06"},{"date" => "2015-08-06T02:51:43","version" => "0.07"}]},"Imager" => {"advisories" => [{"affected_versions" => ["<1.006"],"cves" => ["CVE-2016-1238"],"description" => "Imager would search the default current directory entry in \@INC when searching for file format support modules.\n","distribution" => "Imager","fixed_versions" => [">=1.006"],"id" => "CPANSA-Imager-2016-1238","references" => ["https://metacpan.org/dist/Imager/changes","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => "high"},{"affected_versions" => [">=0.42,<=0.63"],"cves" => ["CVE-2008-1928"],"description" => "Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels.\n","distribution" => "Imager","fixed_versions" => [">=0.64"],"id" => "CPANSA-Imager-2008-1928","references" => ["https://metacpan.org/dist/Imager/changes","http://rt.cpan.org/Public/Bug/Display.html?id=35324","http://imager.perl.org/i/release064/Imager_0_64","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00569.html","http://www.securityfocus.com/bid/28980","http://secunia.com/advisories/30030","http://secunia.com/advisories/30011","http://www.vupen.com/english/advisories/2008/1387/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41986"],"reported" => "2008-04-24","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => [">=0.21,<=0.56"],"cves" => ["CVE-2007-2459"],"description" => "Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.\n","distribution" => "Imager","fixed_versions" => [">=0.57"],"id" => "CPANSA-Imager-2007-2459","references" => ["http://imager.perl.org/a/65.html","http://rt.cpan.org/Public/Bug/Display.html?id=26811","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421582","http://www.debian.org/security/2008/dsa-1498","http://www.securityfocus.com/bid/23711","http://secunia.com/advisories/25038","http://secunia.com/advisories/28868","http://osvdb.org/39846","http://www.vupen.com/english/advisories/2007/1587","http://osvdb.org/35470","https://exchange.xforce.ibmcloud.com/vulnerabilities/34010"],"reported" => "2007-05-02","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => ["<0.98"],"cves" => [],"description" => "When drawing on an image with an alpha channel where the source minimum is greater than zero, Imager would read from beyond the end of a malloc() allocated buffer.  In rare circumstances this could lead to some of the source image not being written to the target image, or possibly to a segmentation fault.\n","distribution" => "Imager","fixed_versions" => [">=0.98"],"id" => "CPANSA-Imager-2014-01","references" => ["https://metacpan.org/dist/Imager/changes"],"reported" => "2014-01-03","severity" => undef},{"affected_versions" => ["<=1.024"],"cves" => ["CVE-2024-53901"],"description" => "\"invalid next size\" backtrace on use of trim on certain images\n","distribution" => "Imager","fixed_versions" => [">1.024"],"id" => "CPANSA-Imager-2024-001","references" => ["https://metacpan.org/dist/Imager/changes","https://github.com/tonycoz/imager/issues/534"],"reported" => "2024-11-17","severity" => "moderate"},{"affected_versions" => ["<0.50"],"cves" => ["CVE-2006-0053"],"description" => "Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.\n","distribution" => "Imager","fixed_versions" => [">=0.50"],"id" => "CPANSA-Imager-2006-0053","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661","http://rt.cpan.org/Public/Bug/Display.html?id=18397","http://secunia.com/advisories/19575","http://secunia.com/advisories/19577","http://www.debian.org/security/2006/dsa-1028","http://www.securityfocus.com/bid/17415","http://www.vupen.com/english/advisories/2006/1294","https://exchange.xforce.ibmcloud.com/vulnerabilities/25717","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661","http://rt.cpan.org/Public/Bug/Display.html?id=18397","http://secunia.com/advisories/19575","http://secunia.com/advisories/19577","http://www.debian.org/security/2006/dsa-1028","http://www.securityfocus.com/bid/17415","http://www.vupen.com/english/advisories/2006/1294","https://exchange.xforce.ibmcloud.com/vulnerabilities/25717"],"reported" => "2006-04-10","severity" => undef}],"main_module" => "Imager","versions" => [{"date" => "1999-07-19T14:26:37","version" => "0.21"},{"date" => "2000-01-03T20:14:03","version" => "0.27"},{"date" => "2000-01-04T11:16:56","version" => "0.28"},{"date" => "2000-01-05T10:48:05","version" => "0.29"},{"date" => "2000-01-16T12:52:22","version" => "0.31"},{"date" => "2000-03-04T13:28:32","version" => "0.32"},{"date" => "2001-01-29T00:50:14","version" => "0.35"},{"date" => "2001-01-29T15:06:27","version" => "0.36"},{"date" => "2001-01-31T05:02:15","version" => "0.37"},{"date" => "2001-05-21T16:21:08","version" => "0.38"},{"date" => "2001-11-02T21:39:20","version" => "0.39"},{"date" => "2002-04-11T15:09:57","version" => "0.40"},{"date" => "2002-04-12T12:07:29","version" => "0.41"},{"date" => "2004-01-04T12:47:37","version" => "0.42"},{"date" => "2004-02-17T07:53:52","version" => "0.43"},{"date" => "2004-12-07T23:58:16","version" => "0.43_03"},{"date" => "2004-12-15T13:02:40","version" => "0.44"},{"date" => "2005-05-24T07:08:15","version" => "0.44_01"},{"date" => "2005-05-30T04:41:43","version" => "0.45"},{"date" => "2005-12-12T04:07:30","version" => "0.45_02"},{"date" => "2005-12-20T00:13:31","version" => "0.46"},{"date" => "2005-12-30T06:05:50","version" => "0.47"},{"date" => "2006-02-21T06:09:30","version" => "0.47_01"},{"date" => "2006-03-03T05:06:46","version" => "0.48"},{"date" => "2006-03-07T01:04:03","version" => "0.49"},{"date" => "2006-03-28T04:31:56","version" => "0.49_01"},{"date" => "2006-03-29T00:31:03","version" => "0.50"},{"date" => "2006-04-23T14:29:42","version" => "0.51"},{"date" => "2006-06-28T13:38:48","version" => "0.51_01"},{"date" => "2006-07-04T14:03:23","version" => "0.51_02"},{"date" => "2006-07-19T00:58:22","version" => "0.51_03"},{"date" => "2006-07-25T05:09:08","version" => "0.52"},{"date" => "2006-07-27T01:01:57","version" => "0.53"},{"date" => "2006-09-14T07:58:27","version" => "0.54"},{"date" => "2006-12-16T22:31:19","version" => "0.55"},{"date" => "2007-04-01T12:30:34","version" => "0.56"},{"date" => "2007-04-30T08:49:39","version" => "0.57"},{"date" => "2007-05-11T11:00:18","version" => "0.57_01"},{"date" => "2007-05-16T12:49:23","version" => "0.58"},{"date" => "2007-06-14T07:33:05","version" => "0.59"},{"date" => "2007-08-30T07:51:36","version" => "0.60"},{"date" => "2007-11-05T07:53:45","version" => "0.61"},{"date" => "2007-11-28T10:06:27","version" => "0.61_02"},{"date" => "2007-12-10T08:31:12","version" => "0.62"},{"date" => "2008-04-07T08:49:14","version" => "0.63"},{"date" => "2008-04-23T04:10:18","version" => "0.64"},{"date" => "2008-05-20T06:34:48","version" => "0.65"},{"date" => "2008-12-12T11:57:40","version" => "0.67"},{"date" => "2009-09-02T07:05:11","version" => "0.67_01"},{"date" => "2009-09-07T05:14:24","version" => "0.68"},{"date" => "2009-09-08T09:23:38","version" => "0.69"},{"date" => "2009-09-21T03:36:15","version" => "0.70"},{"date" => "2009-11-16T04:15:54","version" => "0.71"},{"date" => "2009-11-30T07:17:33","version" => "0.71_01"},{"date" => "2009-12-01T09:06:53","version" => "0.71_02"},{"date" => "2009-12-04T14:21:49","version" => "0.71_03"},{"date" => "2009-12-10T00:44:51","version" => "0.72"},{"date" => "2010-03-15T07:24:59","version" => "0.73"},{"date" => "2010-05-06T14:29:21","version" => "0.74"},{"date" => "2010-06-20T10:47:23","version" => "0.75"},{"date" => "2010-08-06T10:49:44","version" => "0.75_01"},{"date" => "2010-08-07T01:48:37","version" => "0.75_02"},{"date" => "2010-08-09T12:49:36","version" => "0.75_03"},{"date" => "2010-08-11T09:33:24","version" => "0.77"},{"date" => "2010-09-13T10:48:57","version" => "0.77_01"},{"date" => "2010-09-27T04:59:03","version" => "0.77_02"},{"date" => "2010-10-04T09:00:26","version" => "0.78"},{"date" => "2010-12-11T01:09:12","version" => "0.79"},{"date" => "2011-01-17T07:43:35","version" => "0.80"},{"date" => "2011-02-14T08:22:57","version" => "0.81"},{"date" => "2011-03-14T12:18:07","version" => "0.82"},{"date" => "2011-05-17T11:15:02","version" => "0.82_01"},{"date" => "2011-05-20T14:07:44","version" => "0.83"},{"date" => "2011-06-20T12:54:05","version" => "0.84"},{"date" => "2011-08-08T12:39:58","version" => "0.84_01"},{"date" => "2011-08-22T09:28:25","version" => "0.84_02"},{"date" => "2011-08-29T09:19:04","version" => "0.85"},{"date" => "2011-10-10T07:22:51","version" => "0.85_01"},{"date" => "2011-10-24T10:14:57","version" => "0.85_02"},{"date" => "2011-10-31T10:37:15","version" => "0.86"},{"date" => "2012-01-03T05:27:14","version" => "0.87"},{"date" => "2012-02-22T05:13:09","version" => "0.88"},{"date" => "2012-03-18T01:45:35","version" => "0.89"},{"date" => "2012-04-30T09:09:02","version" => "0.90"},{"date" => "2012-06-04T12:27:17","version" => "0.91"},{"date" => "2012-08-14T09:53:38","version" => "0.92"},{"date" => "2012-08-18T01:41:22","version" => "0.92_01"},{"date" => "2012-10-15T10:15:07","version" => "0.93"},{"date" => "2012-11-12T10:44:54","version" => "0.93_01"},{"date" => "2012-11-25T00:13:16","version" => "0.93_02"},{"date" => "2012-12-14T22:59:55","version" => "0.94"},{"date" => "2013-03-02T08:34:07","version" => "0.94_01"},{"date" => "2013-04-05T06:19:32","version" => "0.94_02"},{"date" => "2013-04-19T12:13:27","version" => "0.95"},{"date" => "2013-05-19T04:27:19","version" => "0.96"},{"date" => "2013-07-01T13:21:32","version" => "0.96_01"},{"date" => "2013-07-09T13:46:48","version" => "0.96_02"},{"date" => "2013-07-15T09:52:06","version" => "0.97"},{"date" => "2014-01-02T22:22:03","version" => "0.98"},{"date" => "2014-06-25T11:36:29","version" => "0.99"},{"date" => "2014-06-29T05:06:45","version" => "0.99_01"},{"date" => "2014-07-21T09:16:17","version" => "0.99_02"},{"date" => "2014-07-29T09:13:55","version" => "1.000"},{"date" => "2015-01-02T03:34:59","version" => "1.001"},{"date" => "2015-04-03T01:31:26","version" => "1.002"},{"date" => "2015-05-12T08:11:18","version" => "1.003"},{"date" => "2015-11-08T09:45:59","version" => "1.004"},{"date" => "2016-03-16T08:35:26","version" => "1.004_001"},{"date" => "2016-03-20T01:27:53","version" => "1.004_002"},{"date" => "2016-03-23T09:34:13","version" => "1.004_003"},{"date" => "2016-04-15T05:58:07","version" => "1.004_004"},{"date" => "2016-04-16T00:01:33","version" => "1.005"},{"date" => "2017-08-26T04:27:06","version" => "1.006"},{"date" => "2018-11-24T01:47:34","version" => "1.007"},{"date" => "2018-12-31T10:04:02","version" => "1.008"},{"date" => "2019-01-11T09:10:13","version" => "1.009"},{"date" => "2019-02-13T08:14:07","version" => "1.010"},{"date" => "2019-03-07T03:20:03","version" => "1.011"},{"date" => "2020-06-14T03:26:02","version" => "1.012"},{"date" => "2022-04-27T05:18:23","version" => "1.013"},{"date" => "2022-04-28T07:22:51","version" => "1.014"},{"date" => "2022-05-07T04:35:16","version" => "1.015"},{"date" => "2022-06-12T05:27:23","version" => "1.016"},{"date" => "2022-06-14T09:55:03","version" => "1.017"},{"date" => "2022-06-19T12:04:12","version" => "1.018"},{"date" => "2022-07-09T03:41:29","version" => "1.019"},{"date" => "2023-11-12T06:55:05","version" => "1.020"},{"date" => "2023-12-01T06:53:47","version" => "1.021"},{"date" => "2023-12-02T23:32:54","version" => "1.022"},{"date" => "2024-01-19T03:18:43","version" => "1.023"},{"date" => "2024-04-06T02:24:09","version" => "1.024"},{"date" => "2024-04-14T12:28:26","version" => "1.024_001"},{"date" => "2024-04-20T07:15:38","version" => "1.024_002"},{"date" => "2024-04-22T12:51:23","version" => "1.024_003"},{"date" => "2024-04-24T08:35:58","version" => "1.024_004"},{"date" => "2024-04-27T01:24:42","version" => "1.024_005"},{"date" => "2024-06-11T11:35:22","version" => "1.024_006"},{"date" => "2024-06-12T09:58:08","version" => "1.024_007"},{"date" => "2024-06-13T10:45:14","version" => "1.024_008"},{"date" => "2024-11-16T05:30:21","version" => "1.025"},{"date" => "2025-02-08T05:03:18","version" => "1.026"},{"date" => "2025-03-02T10:22:16","version" => "1.027"},{"date" => "2025-06-08T08:16:50","version" => "1.027_001"},{"date" => "2025-06-16T09:35:19","version" => "1.028"},{"date" => "2025-10-06T07:54:07","version" => "1.029"}]},"JS-jQuery" => {"advisories" => [{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "JS::jQuery","versions" => [{"date" => "2008-03-11T01:54:48","version" => "1.2.3.001"},{"date" => "2008-08-28T06:54:56","version" => "1.2.6.001"}]},"JSON-SIMD" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40930"],"description" => "JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact.","distribution" => "JSON-SIMD","fixed_versions" => [],"id" => "CPANSA-JSON-SIMD-2025-40930","references" => ["https://github.com/pjuhasz/JSON-SIMD/commit/9a87de7331c9fa5198cae404a83b17649cf7b918.patch","https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.06/source/SIMD.xs#L248","https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.07/changes"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "JSON::SIMD","versions" => [{"date" => "2023-04-17T17:13:41","version" => "1.00"},{"date" => "2023-04-17T17:37:46","version" => "1.01"},{"date" => "2023-04-17T18:04:21","version" => "1.02"},{"date" => "2023-04-18T18:56:08","version" => "1.03"},{"date" => "2023-04-20T18:02:37","version" => "1.04"},{"date" => "2023-04-22T20:28:17","version" => "1.05"},{"date" => "2023-04-27T16:22:59","version" => "1.06"},{"date" => "2025-09-08T14:44:06","version" => "1.07"}]},"JSON-XS" => {"advisories" => [{"affected_versions" => ["<4.04"],"cves" => ["CVE-2025-40928"],"description" => "JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact","distribution" => "JSON-XS","fixed_versions" => [">=4.04"],"id" => "CPANSA-JSON-XS-2025-40928","references" => ["https://metacpan.org/release/MLEHMANN/JSON-XS-4.03/source/XS.xs#L256","https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "JSON::XS","versions" => [{"date" => "2007-03-22T21:14:45","version" => "0.1"},{"date" => "2007-03-22T23:25:44","version" => "0.2"},{"date" => "2007-03-23T18:34:15","version" => "0.3"},{"date" => "2007-03-24T01:15:56","version" => "0.31"},{"date" => "2007-03-24T19:43:37","version" => "0.5"},{"date" => "2007-03-25T00:48:00","version" => "0.7"},{"date" => "2007-03-25T22:12:20","version" => "0.8"},{"date" => "2007-03-29T02:46:46","version" => "1.0"},{"date" => "2007-03-31T14:24:01","version" => "1.01"},{"date" => "2007-04-04T00:02:20","version" => "1.1"},{"date" => "2007-04-09T05:11:06","version" => "1.11"},{"date" => "2007-05-09T16:36:29","version" => "1.2"},{"date" => "2007-05-09T16:41:26","version" => "1.21"},{"date" => "2007-05-23T22:07:54","version" => "1.22"},{"date" => "2007-06-06T18:17:55","version" => "1.23"},{"date" => "2007-06-11T03:45:26","version" => "1.24"},{"date" => "2007-06-23T23:50:26","version" => "1.3"},{"date" => "2007-07-02T08:08:00","version" => "1.4"},{"date" => "2007-07-10T16:23:43","version" => "1.41"},{"date" => "2007-07-23T22:58:05","version" => "1.42"},{"date" => "2007-07-26T11:33:40","version" => "1.43"},{"date" => "2007-08-21T23:03:31","version" => "1.44"},{"date" => "2007-08-28T02:07:48","version" => "1.5"},{"date" => "2007-10-13T01:58:29","version" => "1.51"},{"date" => "2007-10-15T01:23:45","version" => "1.52"},{"date" => "2007-11-13T22:59:42","version" => "1.53"},{"date" => "2007-12-04T10:37:49","version" => "2.0"},{"date" => "2007-12-05T11:00:12","version" => "2.01"},{"date" => "2008-03-19T22:31:09","version" => "2.1"},{"date" => "2008-04-16T18:38:21","version" => "2.2"},{"date" => "2008-06-03T06:44:13","version" => "2.21"},{"date" => "2008-07-15T11:30:13","version" => "2.22"},{"date" => "2008-07-19T04:22:25","version" => "2.222"},{"date" => "2008-07-20T17:55:32","version" => "2.2222"},{"date" => "2008-09-29T03:09:52","version" => "2.23"},{"date" => "2008-11-20T04:00:26","version" => "2.231"},{"date" => "2009-02-19T01:13:45","version" => "2.2311"},{"date" => "2009-02-22T10:13:47","version" => "2.232"},{"date" => "2009-05-30T06:27:00","version" => "2.24"},{"date" => "2009-08-08T10:06:47","version" => "2.25"},{"date" => "2009-10-10T01:49:08","version" => "2.26"},{"date" => "2010-01-07T06:36:46","version" => "2.27"},{"date" => "2010-03-11T19:31:59","version" => "2.28"},{"date" => "2010-03-17T01:45:55","version" => "2.29"},{"date" => "2010-08-17T23:27:33","version" => "2.3"},{"date" => "2011-07-27T15:54:57","version" => "2.31"},{"date" => "2011-08-11T17:07:26","version" => "2.32"},{"date" => "2012-08-01T19:04:47","version" => "2.33"},{"date" => "2013-05-23T09:33:09","version" => "2.34"},{"date" => "2013-10-29T06:25:52","version" => "3.0"},{"date" => "2013-10-29T15:57:01","version" => "3.01"},{"date" => "2016-02-26T21:47:56","version" => "3.02"},{"date" => "2016-11-16T19:22:12","version" => "3.03"},{"date" => "2017-08-17T03:49:01","version" => "3.04"},{"date" => "2018-11-15T23:08:35","version" => "4.0_00"},{"date" => "2018-11-19T10:28:12","version" => "4.0"},{"date" => "2019-02-24T04:08:23","version" => "4.01"},{"date" => "2019-03-06T07:32:09","version" => "4.02"},{"date" => "2020-10-27T18:06:42","version" => "4.03"},{"date" => "2025-09-08T16:00:30","version" => "4.04"}]},"JavaScript-Duktape" => {"advisories" => [{"affected_versions" => [">=2.1.0,<=2.1.1"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.1.2,<=2.1.4"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.1.5,<=2.2.1"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.3.0,<=2.4.2"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => ["==2.5.0"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"}],"main_module" => "JavaScript::Duktape","versions" => [{"date" => "2015-05-06T22:56:32","version" => "v0.0.1_1"},{"date" => "2015-05-18T00:23:07","version" => "v0.0.1_2"},{"date" => "2015-05-20T21:48:48","version" => "v0.0.2_1"},{"date" => "2015-06-13T19:03:59","version" => "v0.0.3"},{"date" => "2015-07-03T17:56:13","version" => "v0.0.4"},{"date" => "2015-07-16T19:16:14","version" => "v0.0.5"},{"date" => "2015-10-24T00:09:54","version" => "v0.1.1"},{"date" => "2015-11-02T17:01:15","version" => "v0.2.0"},{"date" => "2015-11-03T16:48:04","version" => "v0.2.1"},{"date" => "2015-11-09T10:12:50","version" => "v0.3.0"},{"date" => "2016-04-01T20:02:28","version" => "v1.0.0"},{"date" => "2016-04-07T17:41:05","version" => "v1.0.1"},{"date" => "2016-05-03T17:13:29","version" => "v1.0.2"},{"date" => "2017-02-24T00:39:47","version" => "v2.1.0"},{"date" => "2017-03-10T12:24:35","version" => "v2.1.1"},{"date" => "2017-03-23T03:16:11","version" => "v2.1.2"},{"date" => "2017-03-25T17:49:27","version" => "v2.1.3"},{"date" => "2017-05-20T14:17:44","version" => "v2.1.4"},{"date" => "2017-05-27T15:04:29","version" => "v2.1.5"},{"date" => "2017-06-02T20:31:52","version" => "v2.2.0"},{"date" => "2017-06-21T22:08:07","version" => "v2.2.1"},{"date" => "2017-12-16T15:41:31","version" => "v2.3.0"},{"date" => "2017-12-16T19:24:58","version" => "v2.4.0"},{"date" => "2017-12-16T20:38:04","version" => "v2.4.1"},{"date" => "2017-12-17T20:04:05","version" => "v2.4.2"},{"date" => "2018-09-04T11:14:29","version" => "v2.5.0"}]},"JavaScript-Duktape-XS" => {"advisories" => [{"affected_versions" => [">=0.000030,<=0.000078"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape-XS","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-XS-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"}],"main_module" => "JavaScript::Duktape::XS","versions" => [{"date" => "2018-03-22T19:58:59","version" => "0.000030"},{"date" => "2018-03-23T11:49:50","version" => "0.000031"},{"date" => "2018-03-26T11:02:50","version" => "0.000032"},{"date" => "2018-03-29T14:31:21","version" => "0.000034"},{"date" => "2018-03-30T07:15:32","version" => "0.000035"},{"date" => "2018-04-04T09:33:24","version" => "0.000036"},{"date" => "2018-04-10T12:34:39","version" => "0.000037"},{"date" => "2018-04-10T15:15:12","version" => "0.000038"},{"date" => "2018-04-12T10:11:24","version" => "0.000039"},{"date" => "2018-04-12T11:44:15","version" => "0.000040"},{"date" => "2018-04-12T12:11:45","version" => "0.000041"},{"date" => "2018-04-13T08:53:34","version" => "0.000042"},{"date" => "2018-04-16T10:13:44","version" => "0.000043"},{"date" => "2018-04-17T07:52:14","version" => "0.000044"},{"date" => "2018-04-18T15:14:31","version" => "0.000045"},{"date" => "2018-04-19T06:55:16","version" => "0.000046"},{"date" => "2018-04-19T13:05:20","version" => "0.000047"},{"date" => "2018-04-19T15:00:21","version" => "0.000048"},{"date" => "2018-04-23T10:31:54","version" => "0.000049"},{"date" => "2018-04-23T15:11:03","version" => "0.000050"},{"date" => "2018-04-25T08:52:03","version" => "0.000051"},{"date" => "2018-05-13T22:52:47","version" => "0.000052"},{"date" => "2018-05-30T08:29:51","version" => "0.000060"},{"date" => "2018-05-30T14:48:38","version" => "0.000061"},{"date" => "2018-06-07T17:38:20","version" => "0.000062"},{"date" => "2018-06-08T07:14:07","version" => "0.000063"},{"date" => "2018-06-08T13:01:42","version" => "0.000064"},{"date" => "2018-06-08T15:37:05","version" => "0.000065"},{"date" => "2018-06-26T08:28:00","version" => "0.000066"},{"date" => "2018-06-26T10:34:38","version" => "0.000067"},{"date" => "2018-07-11T14:18:40","version" => "0.000068"},{"date" => "2018-07-27T11:54:29","version" => "0.000069"},{"date" => "2018-07-30T07:57:07","version" => "0.000070"},{"date" => "2018-08-28T14:01:07","version" => "0.000071"},{"date" => "2018-09-10T12:53:10","version" => "0.000073"},{"date" => "2018-09-11T08:44:24","version" => "0.000074"},{"date" => "2019-01-31T15:24:38","version" => "0.000075"},{"date" => "2019-04-08T08:53:49","version" => "0.000076"},{"date" => "2019-06-28T06:54:32","version" => "0.000077"},{"date" => "2019-08-14T11:05:18","version" => "0.000078"},{"date" => "2021-09-02T10:21:33","version" => "0.000079"},{"date" => "2025-02-19T09:44:22","version" => "0.000081"}]},"Jifty" => {"advisories" => [{"affected_versions" => ["<1.10518"],"cves" => [],"description" => "The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations.  This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.\n","distribution" => "Jifty","fixed_versions" => [">=1.10518"],"id" => "CPANSA-Jifty-2011-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2011-03-17"},{"affected_versions" => ["<0.90409"],"cves" => [],"description" => "The REST plugin would let you call any method on the model.\n","distribution" => "Jifty","fixed_versions" => [">=0.90409"],"id" => "CPANSA-Jifty-2009-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2009-04-09"},{"affected_versions" => ["<0.70408"],"cves" => [],"description" => "Allowed all actions on GET.\n","distribution" => "Jifty","fixed_versions" => [">=0.80408"],"id" => "CPANSA-Jifty-2008-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2009-04-08"},{"affected_versions" => ["<0.60706"],"cves" => [],"description" => "Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the \"standalone\" webserver in production, the attacker could gain read only access to local files.\n","distribution" => "Jifty","fixed_versions" => [">=0.60706"],"id" => "CPANSA-Jifty-2006-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2006-07-06"}],"main_module" => "Jifty","versions" => [{"date" => "2005-12-25T08:19:39","version" => "0.51225"},{"date" => "2005-12-28T17:23:39","version" => "0.51228"},{"date" => "2006-02-14T04:15:03","version" => "0.60213"},{"date" => "2006-02-22T04:57:24","version" => "0.60213"},{"date" => "2006-03-21T23:10:58","version" => "0.60213"},{"date" => "2006-05-05T18:56:21","version" => "0.60321"},{"date" => "2006-05-08T14:38:03","version" => "0.60507"},{"date" => "2006-06-15T14:01:15","version" => "0.60714"},{"date" => "2006-06-16T12:16:03","version" => "0.60616"},{"date" => "2006-07-07T04:32:27","version" => "0.60706"},{"date" => "2006-07-07T05:54:06","version" => "0.60707"},{"date" => "2006-07-23T00:27:10","version" => "0.60722"},{"date" => "2006-09-13T00:25:58","version" => "0.60912"},{"date" => "2006-11-24T03:39:06","version" => "0.61123_01"},{"date" => "2007-01-17T04:52:58","version" => "0.70116"},{"date" => "2007-01-17T20:49:04","version" => "0.70117"},{"date" => "2007-04-17T18:45:55","version" => "0.70415"},{"date" => "2007-04-23T01:08:41","version" => "0.70422"},{"date" => "2007-08-24T04:20:59","version" => "0.70824"},{"date" => "2007-11-29T22:13:17","version" => "0.71129"},{"date" => "2008-04-08T21:15:29","version" => "0.80408"},{"date" => "2009-04-09T23:10:34","version" => "0.90409"},{"date" => "2009-05-20T01:14:48","version" => "0.90519"},{"date" => "2009-06-30T17:41:18","version" => "0.90519"},{"date" => "2009-07-01T19:08:14","version" => "0.90519"},{"date" => "2009-11-18T00:08:35","version" => "0.90701"},{"date" => "2010-12-09T23:08:09","version" => "1.01209"},{"date" => "2011-02-14T22:10:50","version" => "1.10214"},{"date" => "2011-02-28T16:22:26","version" => "1.10228"},{"date" => "2011-05-18T18:12:42","version" => "1.10518"},{"date" => "2015-04-30T20:48:27","version" => "1.50430"}]},"Jifty-DBI" => {"advisories" => [{"affected_versions" => ["<0.68"],"cves" => [],"description" => "SQL injection in column names, operators, order and group by.\n","distribution" => "Jifty-DBI","fixed_versions" => [">=0.68"],"id" => "CPANSA-Jifty-DBI-2011-01","references" => ["https://metacpan.org/dist/Jifty-DBI/changes","https://metacpan.org/dist/Jifty/changes"],"reported" => "2011-04-04"}],"main_module" => "Jifty::DBI","versions" => [{"date" => "2005-11-08T21:32:52","version" => "0.02"},{"date" => "2005-11-26T07:21:20","version" => "0.05_01"},{"date" => "2005-12-23T20:48:59","version" => "0.06"},{"date" => "2005-12-24T04:29:10","version" => "0.06"},{"date" => "2005-12-25T19:37:31","version" => "0.08"},{"date" => "2005-12-29T13:31:40","version" => "0.09"},{"date" => "2006-01-08T10:05:05","version" => "0.10"},{"date" => "2006-01-15T17:22:14","version" => "0.11"},{"date" => "2006-03-05T01:55:32","version" => "0.15"},{"date" => "2006-03-05T02:07:03","version" => "0.15"},{"date" => "2006-03-31T13:22:16","version" => "0.18"},{"date" => "2006-04-02T10:05:36","version" => "0.19"},{"date" => "2006-04-21T16:27:47","version" => "0.20"},{"date" => "2006-05-03T18:26:47","version" => "0.20"},{"date" => "2006-06-15T12:17:00","version" => "0.21"},{"date" => "2006-09-12T22:56:59","version" => "0.25"},{"date" => "2006-11-13T16:15:30","version" => "0.25"},{"date" => "2006-11-24T03:15:46","version" => "0.25"},{"date" => "2007-01-17T20:34:50","version" => "0.25"},{"date" => "2007-01-26T11:55:26","version" => "0.31"},{"date" => "2007-01-26T12:22:07","version" => "0.39_99"},{"date" => "2007-01-26T12:56:35","version" => "0.32"},{"date" => "2007-01-26T13:34:03","version" => "0.39_999"},{"date" => "2007-01-28T13:30:21","version" => "0.32"},{"date" => "2007-04-15T15:26:52","version" => "0.39_9999"},{"date" => "2007-04-16T20:21:33","version" => "0.41"},{"date" => "2007-08-24T04:20:36","version" => "0.43"},{"date" => "2007-10-26T16:48:22","version" => "0.43"},{"date" => "2007-11-07T17:27:17","version" => "0.46"},{"date" => "2007-11-16T21:28:33","version" => "0.46"},{"date" => "2007-11-29T21:38:34","version" => "0.46"},{"date" => "2008-04-08T03:05:48","version" => "0.49"},{"date" => "2009-03-25T19:32:29","version" => "0.53"},{"date" => "2009-05-19T12:33:45","version" => "0.53"},{"date" => "2009-07-14T07:29:33","version" => "0.53"},{"date" => "2009-11-19T01:16:21","version" => "0.59"},{"date" => "2010-01-04T18:04:58","version" => "0.60"},{"date" => "2010-12-08T20:15:10","version" => "0.63"},{"date" => "2010-12-08T20:24:47","version" => "0.64"},{"date" => "2011-02-14T21:27:51","version" => "0.66"},{"date" => "2011-02-28T16:00:37","version" => "0.67"},{"date" => "2011-04-14T16:20:25","version" => "0.68"},{"date" => "2011-05-17T19:54:33","version" => "0.69"},{"date" => "2011-06-15T20:46:39","version" => "0.70"},{"date" => "2011-06-17T20:39:50","version" => "0.71"},{"date" => "2011-10-17T16:45:06","version" => "0.72"},{"date" => "2012-01-25T21:39:16","version" => "0.73"},{"date" => "2012-01-25T21:45:14","version" => "0.74"},{"date" => "2013-01-29T20:18:33","version" => "0.75"},{"date" => "2013-06-17T22:14:37","version" => "0.76"},{"date" => "2013-12-01T18:11:35","version" => "0.77"},{"date" => "2015-04-30T19:16:36","version" => "0.78"}]},"Kelp" => {"advisories" => [{"affected_versions" => ["<0.9001"],"cves" => [],"description" => "X-Real-IP, X-Forwarded-Host and X-Remote-User headers were trusted and used in Kelp::Request\n","distribution" => "Kelp","fixed_versions" => [">=0.9001"],"id" => "CPANSA-Kelp-2014-01","references" => ["https://metacpan.org/dist/Kelp/changes","https://github.com/sgnix/kelp/commit/9f8f5a5215bdc1685a671c1157132a65727aadff"],"reported" => "2014-05-30","reviewed_by" => [{"date" => "2022-06-28","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]}],"main_module" => "Kelp","versions" => [{"date" => "2013-04-12T17:16:52","version" => "0.1"},{"date" => "2013-04-12T17:39:48","version" => "0.11"},{"date" => "2013-04-14T01:05:22","version" => "0.2"},{"date" => "2013-04-16T21:52:38","version" => "0.21"},{"date" => "2013-04-17T04:59:31","version" => "0.215"},{"date" => "2013-04-17T13:16:42","version" => "0.216"},{"date" => "2013-04-17T19:13:12","version" => "0.217"},{"date" => "2013-04-20T01:47:43","version" => "0.218"},{"date" => "2013-04-20T20:27:42","version" => "0.2181"},{"date" => "2013-05-02T16:45:58","version" => "0.2182"},{"date" => "2013-05-06T03:44:19","version" => "0.219"},{"date" => "2013-05-14T20:01:26","version" => "0.2191"},{"date" => "2013-05-25T21:37:51","version" => "0.3001"},{"date" => "2013-06-14T05:59:18","version" => "0.3101"},{"date" => "2013-06-16T15:38:29","version" => "0.3102"},{"date" => "2013-07-03T02:34:18","version" => "0.4001"},{"date" => "2013-07-05T17:36:59","version" => "0.4011"},{"date" => "2013-07-05T22:46:46","version" => "0.4012"},{"date" => "2013-08-15T03:19:01","version" => "0.4501"},{"date" => "2013-11-11T18:10:07","version" => "0.455"},{"date" => "2013-11-20T05:15:34","version" => "0.456"},{"date" => "2014-03-02T17:34:04","version" => "0.457"},{"date" => "2014-03-27T16:29:16","version" => "0.4601"},{"date" => "2014-03-31T22:46:22","version" => "0.4602"},{"date" => "2014-05-31T00:52:57","version" => "0.9001"},{"date" => "2014-07-13T00:41:29","version" => "0.9012"},{"date" => "2014-08-08T17:57:48","version" => "0.9015"},{"date" => "2014-12-15T07:02:58","version" => "0.9021"},{"date" => "2015-04-03T00:32:47","version" => "0.9051"},{"date" => "2015-08-11T06:50:14","version" => "0.9071"},{"date" => "2016-11-09T00:00:02","version" => "0.9081"},{"date" => "2017-12-28T21:08:47","version" => "1.01"},{"date" => "2018-01-08T16:43:42","version" => "1.02"},{"date" => "2021-01-12T14:26:40","version" => "1.03"},{"date" => "2021-01-14T15:00:50","version" => "1.03_1"},{"date" => "2021-01-16T16:53:41","version" => "1.03_2"},{"date" => "2021-01-18T21:15:56","version" => "1.04"},{"date" => "2021-01-21T12:12:36","version" => "1.04_01"},{"date" => "2021-01-21T17:15:38","version" => "1.05"},{"date" => "2022-05-09T21:07:41","version" => "1.06"},{"date" => "2024-06-02T18:49:17","version" => "1.07"},{"date" => "2024-06-05T19:57:13","version" => "1.10_01"},{"date" => "2024-06-08T19:49:17","version" => "2.00_01"},{"date" => "2024-06-09T13:06:47","version" => "2.00_02"},{"date" => "2024-06-09T15:41:33","version" => "2.00_03"},{"date" => "2024-06-09T20:00:29","version" => "2.00_04"},{"date" => "2024-06-10T07:25:19","version" => "2.00_05"},{"date" => "2024-06-10T15:39:47","version" => "2.00"},{"date" => "2024-06-15T11:55:22","version" => "2.01_01"},{"date" => "2024-06-18T16:33:19","version" => "2.01_02"},{"date" => "2024-06-19T19:26:30","version" => "2.01_03"},{"date" => "2024-06-20T06:26:12","version" => "2.01_04"},{"date" => "2024-06-20T20:43:31","version" => "2.01_05"},{"date" => "2024-06-23T19:25:33","version" => "2.10_01"},{"date" => "2024-06-24T05:14:31","version" => "2.10"},{"date" => "2024-06-25T04:15:52","version" => "2.11"},{"date" => "2024-06-26T06:15:21","version" => "2.12"},{"date" => "2024-07-01T06:06:23","version" => "2.13"},{"date" => "2024-07-02T05:28:06","version" => "2.14"},{"date" => "2024-07-03T19:52:27","version" => "2.15"},{"date" => "2024-07-05T19:03:36","version" => "2.16"},{"date" => "2024-07-06T04:18:40","version" => "2.17"},{"date" => "2024-10-08T04:22:01","version" => "2.18"},{"date" => "2024-10-10T20:15:05","version" => "2.19"},{"date" => "2025-03-30T20:44:00","version" => "2.20"},{"date" => "2025-04-02T21:37:22","version" => "2.21"},{"date" => "2025-06-12T19:29:46","version" => "2.22"}]},"Kossy" => {"advisories" => [{"affected_versions" => ["<0.60"],"cves" => ["CVE-2021-47157"],"description" => "Flaw in defense from JSON hijacking.\n","distribution" => "Kossy","fixed_versions" => [">=0.60"],"id" => "CPANSA-Kossy-2021-01","references" => ["https://github.com/kazeburo/Kossy/pull/16","https://metacpan.org/dist/Kossy/changes"],"reported" => "2021-08-29","severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Kossy","versions" => [{"date" => "2011-11-29T08:45:37","version" => "0.05"},{"date" => "2012-01-05T01:58:20","version" => "0.06"},{"date" => "2012-02-17T03:11:05","version" => "0.07"},{"date" => "2012-04-24T10:06:21","version" => "0.08"},{"date" => "2012-05-17T08:52:24","version" => "0.09"},{"date" => "2012-06-19T02:16:23","version" => "0.10"},{"date" => "2012-07-24T12:51:12","version" => "0.11"},{"date" => "2012-08-24T09:24:50","version" => "0.12"},{"date" => "2012-12-05T02:26:49","version" => "0.13"},{"date" => "2013-03-14T13:28:06","version" => "0.14"},{"date" => "2013-04-04T15:38:05","version" => "0.14"},{"date" => "2013-07-16T04:32:43","version" => "0.16"},{"date" => "2013-07-16T04:40:39","version" => "0.17"},{"date" => "2013-08-08T07:08:09","version" => "0.18"},{"date" => "2013-08-30T07:04:23","version" => "0.19"},{"date" => "2013-10-09T06:49:21","version" => "0.20"},{"date" => "2013-10-10T06:42:16","version" => "0.21"},{"date" => "2013-10-15T02:46:09","version" => "0.22"},{"date" => "2013-10-21T05:21:48","version" => "0.23"},{"date" => "2013-10-31T04:44:36","version" => "0.24"},{"date" => "2013-11-06T02:29:36","version" => "0.25"},{"date" => "2013-11-12T02:17:30","version" => "0.26"},{"date" => "2013-11-12T05:48:05","version" => "0.27"},{"date" => "2013-11-28T01:33:03","version" => "0.28"},{"date" => "2014-02-12T04:48:29","version" => "0.30"},{"date" => "2014-02-12T04:56:17","version" => "0.31"},{"date" => "2014-02-19T06:55:53","version" => "0.32"},{"date" => "2014-02-19T16:20:13","version" => "0.33"},{"date" => "2014-02-19T17:19:43","version" => "0.34"},{"date" => "2014-05-28T15:13:06","version" => "0.34"},{"date" => "2014-05-28T15:51:34","version" => "0.34"},{"date" => "2014-05-28T16:50:27","version" => "0.37"},{"date" => "2014-05-29T06:37:53","version" => "0.38"},{"date" => "2014-10-20T05:47:47","version" => "0.39"},{"date" => "2016-07-19T15:04:31","version" => "0.40"},{"date" => "2021-08-26T13:50:58","version" => "0.50"},{"date" => "2021-09-16T12:04:39","version" => "0.60"},{"date" => "2023-11-06T14:27:18","version" => "0.61"},{"date" => "2023-11-09T08:57:59","version" => "0.62"},{"date" => "2023-11-13T02:24:42","version" => "0.63"}]},"LWP-Protocol-Net-Curl" => {"advisories" => [{"affected_versions" => ["<0.009"],"cves" => [],"description" => "Misconfiguration with libcurl v7.28.1 causes a HTTPS validation issues.\n","distribution" => "LWP-Protocol-Net-Curl","fixed_versions" => [">=0.009"],"id" => "CPANSA-LWP-Protocol-Net-Curl-2012-01","references" => ["https://metacpan.org/changes/distribution/LWP-Protocol-Net-Curl","https://github.com/creaktive/LWP-Protocol-Net-Curl/commit/dc8b183c6520a2b6bcde685de635675ee4a7e019"],"reported" => "2012-11-28"}],"main_module" => "LWP::Protocol::Net::Curl","versions" => [{"date" => "2012-10-24T18:49:20","version" => "0.001"},{"date" => "2012-10-26T20:05:13","version" => "0.002"},{"date" => "2012-10-29T18:55:46","version" => "0.003"},{"date" => "2012-10-31T13:01:46","version" => "0.004"},{"date" => "2012-11-01T15:17:14","version" => "0.005"},{"date" => "2012-11-12T12:23:09","version" => "0.006"},{"date" => "2012-11-13T14:33:10","version" => "0.007"},{"date" => "2012-11-25T22:38:58","version" => "0.008"},{"date" => "2012-11-28T19:03:10","version" => "0.009"},{"date" => "2012-12-07T00:13:55","version" => "0.010"},{"date" => "2012-12-18T12:05:00","version" => "0.011"},{"date" => "2013-02-08T11:00:04","version" => "0.012"},{"date" => "2013-02-11T01:56:30","version" => "0.013"},{"date" => "2013-02-16T12:51:03","version" => "0.014"},{"date" => "2013-05-13T21:41:47","version" => "0.015"},{"date" => "2013-05-18T22:12:03","version" => "0.016"},{"date" => "2013-07-13T12:22:34","version" => "0.017"},{"date" => "2013-08-17T11:34:49","version" => "0.018"},{"date" => "2013-10-11T12:33:53","version" => "0.019"},{"date" => "2013-10-13T09:02:17","version" => "0.020"},{"date" => "2014-01-21T17:46:37","version" => "0.021"},{"date" => "2014-07-09T15:04:06","version" => "0.022"},{"date" => "2014-12-23T17:06:56","version" => "0.023"},{"date" => "2019-07-12T12:27:08","version" => "0.024"},{"date" => "2019-07-15T11:29:17","version" => "0.025"},{"date" => "2019-10-08T12:01:54","version" => "0.026"},{"date" => "2025-01-21T10:57:04","version" => "0.027"}]},"LWP-Protocol-https" => {"advisories" => [{"affected_versions" => [">=6.04,<=6.06"],"cves" => ["CVE-2014-3230"],"description" => "The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.\n","distribution" => "LWP-Protocol-https","fixed_versions" => [">6.06"],"id" => "CPANSA-LWP-Protocol-https-2014-3230","references" => ["http://www.openwall.com/lists/oss-security/2014/05/04/1","http://www.openwall.com/lists/oss-security/2014/05/02/8","http://www.openwall.com/lists/oss-security/2014/05/06/8","https://github.com/libwww-perl/lwp-protocol-https/pull/14","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579"],"reported" => "2020-01-28","severity" => "medium"}],"main_module" => "LWP::Protocol::https","versions" => [{"date" => "2011-03-27T11:59:53","version" => "6.02"},{"date" => "2012-02-18T23:01:32","version" => "6.03"},{"date" => "2013-04-29T21:26:33","version" => "6.04"},{"date" => "2014-04-18T17:03:15","version" => "6.06"},{"date" => "2017-02-20T02:46:43","version" => "6.07"},{"date" => "2020-03-23T20:20:33","version" => "6.08"},{"date" => "2020-07-16T13:33:20","version" => "6.09"},{"date" => "2020-12-17T15:44:24","version" => "6.10"},{"date" => "2023-07-09T15:11:15","version" => "6.11"},{"date" => "2024-01-22T17:51:48","version" => "6.12"},{"date" => "2024-02-06T01:01:15","version" => "6.13"},{"date" => "2024-03-11T01:09:49","version" => "6.14"},{"date" => "2026-02-23T20:37:13","version" => "6.15"}]},"Lemonldap-NG-Common" => {"advisories" => [{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.94"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.94"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.95"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.95"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.12"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Common","versions" => [{"date" => "2008-12-25T08:24:58","version" => "0.9"},{"date" => "2008-12-28T09:07:37","version" => "0.91"},{"date" => "2009-02-08T07:12:51","version" => "0.92"},{"date" => "2009-06-29T10:14:12","version" => "0.93"},{"date" => "2009-06-29T11:55:37","version" => "0.94"},{"date" => "2009-10-11T08:25:47","version" => "0.95"},{"date" => "2010-10-13T21:00:29","version" => "0.99"},{"date" => "2010-10-22T05:34:36","version" => "0.99.1"},{"date" => "2010-10-22T05:44:23","version" => "0.991"},{"date" => "2010-10-24T06:31:39","version" => "0.992"},{"date" => "2010-11-26T13:38:09","version" => "1.0.0"},{"date" => "2011-02-28T13:40:38","version" => "1.0.2"},{"date" => "2011-03-07T11:16:29","version" => "1.0.3"},{"date" => "2011-03-23T14:52:32","version" => "1.0.4"},{"date" => "2011-04-15T14:51:05","version" => "1.0.5"},{"date" => "2011-05-30T08:40:05","version" => "1.0.6"},{"date" => "2011-07-08T09:33:02","version" => "1.1.0"},{"date" => "2011-07-29T13:41:39","version" => "1.1.1"},{"date" => "2011-10-07T12:56:16","version" => "1.1.2"},{"date" => "2012-06-18T10:11:39","version" => "1.2.0"},{"date" => "2012-07-06T09:18:20","version" => "1.2.1"},{"date" => "2012-09-17T14:02:30","version" => "1.2.2"},{"date" => "2013-01-25T21:51:20","version" => "1.2.2_01"},{"date" => "2013-02-08T17:09:50","version" => "1.2.3"},{"date" => "2013-04-23T13:19:31","version" => "1.2.4"},{"date" => "2013-08-26T10:37:20","version" => "1.2.5"},{"date" => "2013-11-02T16:29:19","version" => "v1.3.0"},{"date" => "2013-11-10T18:00:20","version" => "v1.3.0_01"},{"date" => "2013-11-11T13:59:28","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:16","version" => "1.3.2"},{"date" => "2014-03-07T13:54:49","version" => "1.3.3"},{"date" => "2014-06-30T12:52:26","version" => "v1.4.0"},{"date" => "2014-07-25T09:53:47","version" => "v1.4.1"},{"date" => "2014-11-05T15:13:39","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:12","version" => "v1.4.3"},{"date" => "2015-04-15T10:04:56","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:36","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:30","version" => "v1.4.6"},{"date" => "2016-03-02T09:49:50","version" => "v1.9.0"},{"date" => "2016-03-22T14:24:49","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:14","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:35","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:02","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:17","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:03","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:00","version" => "v1.9.4"},{"date" => "2016-07-13T09:07:43","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:20","version" => "v1.9.5"},{"date" => "2016-10-10T13:33:58","version" => "v1.4.11"},{"date" => "2016-10-16T12:22:51","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:20","version" => "v1.9.7"},{"date" => "2017-02-28T21:02:38","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:54:49","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:35","version" => "v1.9.99_02"},{"date" => "2017-03-07T05:58:47","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:13","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:20:56","version" => "v1.9.9"},{"date" => "2017-05-19T18:53:04","version" => "v1.9.10"},{"date" => "2017-09-01T10:30:44","version" => "v1.9.11"},{"date" => "2017-09-12T08:39:52","version" => "v1.9.12"},{"date" => "2017-09-29T13:58:45","version" => "v1.9.13"},{"date" => "2017-11-24T19:57:28","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:02","version" => "v1.9.15"},{"date" => "2018-03-16T10:33:38","version" => "v1.9.16"},{"date" => "2018-06-16T09:26:52","version" => "v1.9.17"},{"date" => "2018-10-05T09:39:50","version" => "v1.9.18"},{"date" => "2019-02-12T17:13:05","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:36","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:02","version" => "v2.0.4"},{"date" => "2019-06-29T21:29:43","version" => "v2.0.5"},{"date" => "2019-12-21T21:46:05","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:02","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:18","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:02","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:35","version" => "v2.0.11"},{"date" => "2021-07-22T17:37:52","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:22","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:37","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:02","version" => "v2.0.15"},{"date" => "2022-09-16T08:34:33","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:28:06","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:19","version" => "v2.16.2"},{"date" => "2023-08-30T16:22:52","version" => "v2.17.0"},{"date" => "2023-12-20T21:10:29","version" => "v2.18.0"},{"date" => "2023-12-22T23:40:41","version" => "v2.18.1"},{"date" => "2024-02-06T17:42:02","version" => "v2.18.2"},{"date" => "2024-04-30T15:22:47","version" => "v2.19.0"},{"date" => "2024-07-15T14:44:53","version" => "v2.19.1"},{"date" => "2024-09-04T07:29:59","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:27","version" => "v2.20.0"},{"date" => "2024-11-08T16:33:39","version" => "v2.20.1"},{"date" => "2025-01-22T17:42:14","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:01","version" => "v2.21.0"},{"date" => "2025-06-11T11:14:59","version" => "v2.21.1"},{"date" => "2025-07-11T15:39:59","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:23","version" => "v2.21.3"},{"date" => "2025-10-17T15:26:48","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:08","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:05","version" => "v2.22.2"}]},"Lemonldap-NG-Handler" => {"advisories" => [{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.76"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.76"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.88"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.88"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.92"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.92"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Handler","versions" => [{"date" => "2005-06-29T18:42:29","version" => "0.01"},{"date" => "2005-07-02T08:47:30","version" => "0.02"},{"date" => "2005-07-27T19:22:32","version" => "0.03"},{"date" => "2005-07-29T14:35:49","version" => "0.04"},{"date" => "2005-07-29T15:36:42","version" => "0.05"},{"date" => "2006-07-13T17:53:49","version" => "0.06"},{"date" => "2006-09-27T16:47:33","version" => "0.07"},{"date" => "2006-09-30T21:30:18","version" => "0.1"},{"date" => "2006-10-07T13:24:25","version" => "0.11"},{"date" => "2006-10-14T13:17:22","version" => "0.3"},{"date" => "2006-10-17T13:58:42","version" => "0.5"},{"date" => "2006-11-02T14:33:27","version" => "0.6"},{"date" => "2006-11-02T15:58:18","version" => "0.61"},{"date" => "2006-11-03T07:14:00","version" => "0.62"},{"date" => "2006-12-05T06:47:36","version" => "0.621"},{"date" => "2006-12-07T21:02:24","version" => "0.63"},{"date" => "2006-12-19T18:22:50","version" => "0.7"},{"date" => "2006-12-31T13:03:21","version" => "0.71"},{"date" => "2007-01-05T20:38:29","version" => "0.73"},{"date" => "2007-02-10T11:16:17","version" => "0.74"},{"date" => "2007-02-28T22:28:56","version" => "0.75"},{"date" => "2007-03-09T20:16:44","version" => "0.76"},{"date" => "2007-03-29T19:52:16","version" => "0.77"},{"date" => "2007-04-14T13:14:29","version" => "0.8"},{"date" => "2007-04-15T12:47:16","version" => "0.81"},{"date" => "2007-06-20T19:44:05","version" => "0.82"},{"date" => "2007-07-22T20:34:59","version" => "0.83"},{"date" => "2007-07-31T05:11:23","version" => "0.84"},{"date" => "2008-02-28T07:11:26","version" => "0.85"},{"date" => "2008-04-11T14:53:16","version" => "0.86"},{"date" => "2008-06-06T05:49:44","version" => "0.87"},{"date" => "2008-06-06T12:59:07","version" => "0.88"},{"date" => "2008-08-25T19:52:13","version" => "0.89"},{"date" => "2008-12-25T08:26:27","version" => "0.9"},{"date" => "2009-06-29T10:14:23","version" => "0.91"},{"date" => "2009-10-11T08:25:58","version" => "0.92"},{"date" => "2010-10-13T21:00:41","version" => "0.99"},{"date" => "2010-10-22T05:34:48","version" => "0.99.1"},{"date" => "2010-10-22T05:44:36","version" => "0.991"},{"date" => "2010-10-24T06:31:51","version" => "0.992"},{"date" => "2010-11-26T13:38:22","version" => "1.0.0"},{"date" => "2011-02-28T13:42:05","version" => "1.0.2"},{"date" => "2011-03-07T11:16:41","version" => "1.0.3"},{"date" => "2011-03-23T14:52:45","version" => "1.0.4"},{"date" => "2011-04-15T14:51:16","version" => "1.0.5"},{"date" => "2011-05-30T08:40:17","version" => "1.0.6"},{"date" => "2011-07-08T09:33:13","version" => "1.1.0"},{"date" => "2011-07-29T13:43:07","version" => "1.1.1"},{"date" => "2011-10-07T12:56:28","version" => "1.1.2"},{"date" => "2012-06-18T10:13:06","version" => "1.2.0"},{"date" => "2012-07-06T09:18:32","version" => "1.2.1"},{"date" => "2012-09-17T14:02:42","version" => "1.2.2"},{"date" => "2013-01-25T21:51:32","version" => "1.2.2_01"},{"date" => "2013-02-08T17:10:02","version" => "1.2.3"},{"date" => "2013-04-23T13:19:34","version" => "1.2.4"},{"date" => "2013-08-26T10:37:32","version" => "1.2.5"},{"date" => "2013-11-02T16:29:31","version" => "v1.3.0"},{"date" => "2013-11-11T14:00:55","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:27","version" => "1.3.2"},{"date" => "2014-03-07T13:55:01","version" => "1.3.3"},{"date" => "2014-06-30T12:52:38","version" => "v1.4.0"},{"date" => "2014-07-25T09:53:58","version" => "v1.4.1"},{"date" => "2014-11-05T15:13:51","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:24","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:08","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:47","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:41","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:01","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:00","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:26","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:47","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:13","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:29","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:15","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:11","version" => "v1.9.4"},{"date" => "2016-07-13T09:07:55","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:31","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:10","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:02","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:32","version" => "v1.9.7"},{"date" => "2017-02-28T21:10:55","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:01","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:46","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:15","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:25","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:08","version" => "v1.9.9"},{"date" => "2017-05-19T18:50:09","version" => "v1.9.10"},{"date" => "2017-09-01T10:30:55","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:03","version" => "v1.9.12"},{"date" => "2017-09-29T13:58:57","version" => "v1.9.13"},{"date" => "2017-11-24T19:57:39","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:13","version" => "v1.9.15"},{"date" => "2018-03-16T10:33:50","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:04","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:02","version" => "v1.9.18"},{"date" => "2018-11-30T10:48:13","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:16","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:47","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:13","version" => "v2.0.4"},{"date" => "2019-06-29T21:29:54","version" => "v2.0.5"},{"date" => "2019-09-24T13:00:38","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:16","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:13","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:30","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:13","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:46","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:04","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:33","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:48","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:13","version" => "v2.0.15"},{"date" => "2022-09-16T08:34:44","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:28:17","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:30","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:18","version" => "v2.17.0"},{"date" => "2023-12-20T21:10:42","version" => "v2.18.0"},{"date" => "2023-12-22T23:40:52","version" => "v2.18.1"},{"date" => "2024-02-06T17:42:13","version" => "v2.18.2"},{"date" => "2024-04-30T15:22:58","version" => "v2.19.0"},{"date" => "2024-07-15T14:45:04","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:10","version" => "v2.19.2"},{"date" => "2024-10-08T15:56:54","version" => "v2.20.0"},{"date" => "2024-11-08T16:33:50","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:18","version" => "v2.20.2"},{"date" => "2025-01-22T17:42:25","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:12","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:10","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:10","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:34","version" => "v2.21.3"},{"date" => "2025-10-17T15:26:59","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:19","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:16","version" => "v2.22.2"}]},"Lemonldap-NG-Manager" => {"advisories" => [{"affected_versions" => ["0.03"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.03"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.511"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.511"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.72"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.72"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.87"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.87"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Manager","versions" => [{"date" => "2006-12-10T21:39:02","version" => "0.01"},{"date" => "2006-12-11T07:00:16","version" => "0.02"},{"date" => "2006-12-16T11:32:53","version" => "0.03"},{"date" => "2006-12-19T18:25:24","version" => "0.04"},{"date" => "2006-12-31T13:03:44","version" => "0.1"},{"date" => "2007-01-05T20:38:40","version" => "0.3"},{"date" => "2007-01-13T19:49:19","version" => "0.4"},{"date" => "2007-02-04T14:12:51","version" => "0.43"},{"date" => "2007-02-28T22:29:07","version" => "0.44"},{"date" => "2007-03-04T18:22:09","version" => "0.5"},{"date" => "2007-03-09T20:18:20","version" => "0.51"},{"date" => "2007-03-11T20:25:29","version" => "0.511"},{"date" => "2007-03-29T19:52:20","version" => "0.61"},{"date" => "2007-04-15T11:33:06","version" => "0.63"},{"date" => "2007-05-05T20:35:41","version" => "0.64"},{"date" => "2007-05-06T14:43:00","version" => "0.65"},{"date" => "2007-06-13T13:52:42","version" => "0.7"},{"date" => "2007-06-20T19:43:54","version" => "0.72"},{"date" => "2007-07-03T05:51:25","version" => "0.8"},{"date" => "2007-07-22T20:35:02","version" => "0.82"},{"date" => "2008-02-28T07:11:37","version" => "0.83"},{"date" => "2008-04-11T14:53:27","version" => "0.84"},{"date" => "2008-06-06T05:49:55","version" => "0.85"},{"date" => "2008-08-25T19:53:40","version" => "0.86"},{"date" => "2008-12-25T08:26:37","version" => "0.87"},{"date" => "2009-06-29T10:14:34","version" => "0.89"},{"date" => "2009-06-29T11:57:03","version" => "0.9"},{"date" => "2009-06-29T16:52:14","version" => "0.90"},{"date" => "2009-10-11T08:26:09","version" => "0.91"},{"date" => "2010-10-13T21:00:54","version" => "0.99"},{"date" => "2010-10-22T05:36:18","version" => "0.99.1"},{"date" => "2010-10-22T05:44:52","version" => "0.991"},{"date" => "2010-10-24T06:32:02","version" => "0.992"},{"date" => "2010-11-26T13:38:43","version" => "1.0.0"},{"date" => "2011-02-28T13:42:13","version" => "1.0.2"},{"date" => "2011-03-07T11:16:52","version" => "v1.0.3"},{"date" => "2011-03-23T14:52:57","version" => "1.0.4"},{"date" => "2011-04-15T14:51:27","version" => "1.0.5"},{"date" => "2011-05-30T08:40:28","version" => "1.0.6"},{"date" => "2011-07-08T09:33:24","version" => "1.1.0"},{"date" => "2011-07-29T13:43:25","version" => "1.1.1"},{"date" => "2011-10-07T12:56:39","version" => "1.1.2"},{"date" => "2012-06-18T10:13:16","version" => "1.2.0"},{"date" => "2012-07-06T09:18:43","version" => "1.2.1"},{"date" => "2012-09-17T14:02:56","version" => "1.2.2"},{"date" => "2013-01-25T21:51:43","version" => "1.2.2_01"},{"date" => "2013-02-08T17:11:29","version" => "1.2.3"},{"date" => "2013-04-23T13:19:45","version" => "1.2.4"},{"date" => "2013-08-26T10:38:59","version" => "1.2.5"},{"date" => "2013-11-02T16:29:43","version" => "v1.3.0"},{"date" => "2013-11-11T14:01:06","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:39","version" => "1.3.2"},{"date" => "2014-03-07T13:55:12","version" => "1.3.3"},{"date" => "2014-06-30T12:54:05","version" => "v1.4.0"},{"date" => "2014-07-25T09:55:25","version" => "v1.4.1"},{"date" => "2014-11-05T15:14:02","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:36","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:19","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:59","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:52","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:13","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:12","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:37","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:58","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:25","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:41","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:26","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:23","version" => "v1.9.4"},{"date" => "2016-07-13T09:08:06","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:43","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:21","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:14","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:43","version" => "v1.9.7"},{"date" => "2017-02-28T21:11:07","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:22","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:58","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:17","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:36","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:20","version" => "v1.9.9"},{"date" => "2017-05-19T18:50:21","version" => "v1.9.10"},{"date" => "2017-09-01T10:31:07","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:15","version" => "v1.9.12"},{"date" => "2017-09-29T14:00:24","version" => "v1.9.13"},{"date" => "2017-11-24T19:59:07","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:25","version" => "v1.9.15"},{"date" => "2018-03-16T10:34:01","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:16","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:14","version" => "v1.9.18"},{"date" => "2018-11-30T10:49:40","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:28","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:59","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:24","version" => "v2.0.4"},{"date" => "2019-06-29T21:31:21","version" => "v2.0.5"},{"date" => "2019-09-24T13:00:49","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:27","version" => "v2.0.7"},{"date" => "2020-05-05T16:12:34","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:41","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:24","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:57","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:15","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:44","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:59","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:24","version" => "v2.0.15"},{"date" => "2022-09-16T08:36:11","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:29:43","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:41","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:29","version" => "v2.17.0"},{"date" => "2023-12-20T21:12:09","version" => "v2.18.0"},{"date" => "2023-12-22T23:41:03","version" => "v2.18.1"},{"date" => "2024-02-06T17:49:02","version" => "v2.18.2"},{"date" => "2024-04-30T15:23:09","version" => "v2.19.0"},{"date" => "2024-07-15T14:45:15","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:22","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:38","version" => "v2.20.0"},{"date" => "2024-11-08T16:34:01","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:29","version" => "v2.20.2"},{"date" => "2025-01-22T17:40:23","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:23","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:21","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:21","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:45","version" => "v2.21.3"},{"date" => "2025-10-17T15:27:10","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:30","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:27","version" => "v2.22.2"}]},"Lemonldap-NG-Portal" => {"advisories" => [{"affected_versions" => ["<0.87"],"cves" => [],"description" => "When running on Apache with thread support setMacros and setGroups were not launched with the good datas.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [">=0.87"],"id" => "CPANSA-Lemonldap-NG-Portal-2009-01","references" => ["https://metacpan.org/changes/distribution/Lemonldap-NG-Portal"],"reported" => "2009-02-08"},{"affected_versions" => ["0.42"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.42"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.64"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.64"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.73"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.73"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.74"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.74"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.89"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.89"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Portal","versions" => [{"date" => "2005-06-29T18:44:50","version" => "0.01"},{"date" => "2005-07-02T08:49:37","version" => "0.02"},{"date" => "2006-10-07T13:24:36","version" => "0.1"},{"date" => "2006-10-14T13:26:07","version" => "0.11"},{"date" => "2006-10-14T14:11:06","version" => "0.111"},{"date" => "2006-10-17T13:58:53","version" => "0.2"},{"date" => "2006-11-02T15:23:31","version" => "0.4"},{"date" => "2006-11-03T07:25:06","version" => "0.41"},{"date" => "2006-12-07T21:02:36","version" => "0.42"},{"date" => "2006-12-19T18:26:07","version" => "0.5"},{"date" => "2006-12-31T13:03:32","version" => "0.51"},{"date" => "2007-01-13T19:47:36","version" => "0.6"},{"date" => "2007-02-28T22:29:18","version" => "0.62"},{"date" => "2007-03-04T18:23:52","version" => "0.63"},{"date" => "2007-03-09T20:18:23","version" => "0.64"},{"date" => "2007-03-29T19:52:31","version" => "0.7"},{"date" => "2007-04-01T20:26:10","version" => "0.71"},{"date" => "2007-04-14T20:46:13","version" => "0.72"},{"date" => "2007-04-20T06:51:13","version" => "0.73"},{"date" => "2007-06-13T13:54:26","version" => "0.74"},{"date" => "2007-07-22T20:35:13","version" => "0.76"},{"date" => "2007-07-31T05:11:34","version" => "0.77"},{"date" => "2007-10-15T06:03:56","version" => "0.8"},{"date" => "2008-02-28T07:13:04","version" => "0.81"},{"date" => "2008-04-11T14:53:38","version" => "0.82"},{"date" => "2008-06-06T05:50:06","version" => "0.83"},{"date" => "2008-06-06T12:46:10","version" => "0.84"},{"date" => "2008-08-25T19:53:48","version" => "0.85"},{"date" => "2008-12-25T08:26:49","version" => "0.86"},{"date" => "2009-02-08T07:13:05","version" => "0.87"},{"date" => "2009-06-29T10:14:46","version" => "0.88"},{"date" => "2009-07-05T11:40:59","version" => "0.89"},{"date" => "2009-10-11T08:26:21","version" => "0.90"},{"date" => "2010-10-13T21:02:21","version" => "0.99"},{"date" => "2010-10-22T05:36:29","version" => "0.99.1"},{"date" => "2010-10-22T05:45:04","version" => "0.991"},{"date" => "2010-10-24T06:33:29","version" => "0.992"},{"date" => "2010-11-26T13:38:59","version" => "1.0.0"},{"date" => "2011-02-28T13:42:23","version" => "1.0.2"},{"date" => "2011-03-07T11:17:03","version" => "v1.0.3"},{"date" => "2011-03-23T14:54:26","version" => "1.0.4"},{"date" => "2011-04-15T14:51:44","version" => "1.0.5"},{"date" => "2011-05-30T08:40:46","version" => "1.0.6"},{"date" => "2011-07-08T09:33:35","version" => "1.1.0"},{"date" => "2011-07-29T13:43:35","version" => "1.1.1"},{"date" => "2011-10-07T12:58:06","version" => "1.1.2"},{"date" => "2012-06-18T10:13:31","version" => "1.2.0"},{"date" => "2012-07-06T09:18:54","version" => "1.2.1"},{"date" => "2012-09-17T14:04:26","version" => "1.2.2"},{"date" => "2013-01-25T21:51:54","version" => "1.2.2_01"},{"date" => "2013-02-08T17:11:38","version" => "1.2.3"},{"date" => "2013-04-23T13:19:57","version" => "1.2.4"},{"date" => "2013-08-26T10:39:11","version" => "1.2.5"},{"date" => "2013-11-02T16:31:10","version" => "v1.3.0"},{"date" => "2013-11-10T18:00:31","version" => "v1.3.0_01"},{"date" => "2013-11-11T14:01:21","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:50","version" => "1.3.2"},{"date" => "2014-03-07T13:55:23","version" => "1.3.3"},{"date" => "2014-06-30T12:54:16","version" => "v1.4.0"},{"date" => "2014-07-25T09:55:37","version" => "v1.4.1"},{"date" => "2014-11-05T15:15:30","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:47","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:31","version" => "v1.4.4"},{"date" => "2015-05-22T16:54:10","version" => "v1.4.5"},{"date" => "2015-10-09T09:21:04","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:24","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:24","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:49","version" => "v1.9.1"},{"date" => "2016-04-27T15:23:10","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:36","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:52","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:38","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:34","version" => "v1.9.4"},{"date" => "2016-07-13T09:08:18","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:54","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:33","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:25","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:55","version" => "v1.9.7"},{"date" => "2017-02-28T21:11:18","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:34","version" => "v1.9.8"},{"date" => "2017-03-07T05:48:09","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:28","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:48","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:31","version" => "v1.9.9"},{"date" => "2017-05-19T18:48:42","version" => "v1.9.10"},{"date" => "2017-09-01T10:32:34","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:27","version" => "v1.9.12"},{"date" => "2017-09-29T14:00:36","version" => "v1.9.13"},{"date" => "2017-11-24T19:59:18","version" => "v1.9.14"},{"date" => "2018-01-23T12:50:53","version" => "v1.9.15"},{"date" => "2018-03-16T10:34:13","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:27","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:26","version" => "v1.9.18"},{"date" => "2018-11-30T10:49:52","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:39","version" => "v2.0.2"},{"date" => "2019-04-11T12:23:10","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:36","version" => "v2.0.4"},{"date" => "2019-06-29T21:31:33","version" => "v2.0.5"},{"date" => "2019-09-24T13:01:00","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:38","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:25","version" => "v2.0.8"},{"date" => "2020-09-07T06:21:08","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:36","version" => "v2.0.10"},{"date" => "2021-01-31T14:52:09","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:26","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:56","version" => "v2.0.13"},{"date" => "2022-02-22T18:13:11","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:35","version" => "v2.0.15"},{"date" => "2022-09-16T08:36:23","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:29:55","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:52","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:40","version" => "v2.17.0"},{"date" => "2023-12-20T21:12:20","version" => "v2.18.0"},{"date" => "2023-12-22T23:41:14","version" => "v2.18.1"},{"date" => "2024-02-06T17:49:13","version" => "v2.18.2"},{"date" => "2024-04-30T15:23:21","version" => "v2.19.0"},{"date" => "2024-07-15T14:48:13","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:33","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:50","version" => "v2.20.0"},{"date" => "2024-11-08T16:34:12","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:40","version" => "v2.20.2"},{"date" => "2025-01-22T17:40:34","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:34","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:32","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:33","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:56","version" => "v2.21.3"},{"date" => "2025-10-17T15:27:21","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:41","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:38","version" => "v2.22.2"}]},"Linux-Statm-Tiny" => {"advisories" => [{"affected_versions" => ["<0.0701"],"cves" => ["CVE-2025-3051"],"description" => "Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be\x{a0}loaded instead of the intended file, potentially leading to arbitrary\x{a0}code execution.  Linux::Statm::Tiny uses Mite to produce the affected code section due to\x{a0}CVE-2025-30672","distribution" => "Linux-Statm-Tiny","fixed_versions" => [">=0.0701"],"id" => "CPANSA-Linux-Statm-Tiny-2025-3051","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0700/source/lib/Linux/Statm/Tiny/Mite.pm#L82","https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0701/changes"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Linux::Statm::Tiny","versions" => [{"date" => "2015-01-05T12:19:47","version" => "0.0100"},{"date" => "2015-01-05T15:39:13","version" => "0.0200"},{"date" => "2015-01-05T18:23:59","version" => "0.0201"},{"date" => "2015-01-12T11:30:31","version" => "0.0300"},{"date" => "2015-03-27T13:57:06","version" => "0.0400"},{"date" => "2015-04-09T08:05:00","version" => "0.0500"},{"date" => "2015-05-05T16:02:45","version" => "0.0501"},{"date" => "2015-05-05T16:22:04","version" => "0.0502"},{"date" => "2015-05-06T13:21:39","version" => "0.0503"},{"date" => "2015-05-25T13:38:11","version" => "0.0504"},{"date" => "2015-06-23T17:07:45","version" => "0.0505"},{"date" => "2018-10-27T22:38:48","version" => "0.0600"},{"date" => "2019-02-17T18:30:34","version" => "0.0601"},{"date" => "2022-04-04T15:34:50","version" => "0.0602"},{"date" => "2022-04-04T15:41:28","version" => "0.0603"},{"date" => "2022-07-26T16:29:04","version" => "0.0700"},{"date" => "2025-03-31T13:52:42","version" => "0.0701"}]},"Locale-Maketext" => {"advisories" => [{"affected_versions" => ["<1.25"],"cves" => ["CVE-2012-6329"],"description" => "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.\n","distribution" => "Locale-Maketext","fixed_versions" => [],"id" => "CPANSA-Locale-Maketext-2012-6329","references" => ["http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8","http://sourceforge.net/mailarchive/message.php?msg_id=30219695","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224","http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329","http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod","http://openwall.com/lists/oss-security/2012/12/11/4","http://code.activestate.com/lists/perl5-porters/187763/","http://code.activestate.com/lists/perl5-porters/187746/","https://bugzilla.redhat.com/show_bug.cgi?id=884354","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032","http://www.ubuntu.com/usn/USN-2099-1","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/56950","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2013-01-04","severity" => undef},{"affected_versions" => ["<1.28"],"cves" => ["CVE-2016-1238"],"description" => "Does not remove . from \@INC, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Locale-Maketext","fixed_versions" => [">=1.28"],"id" => "CPANSA-Locale-Maketext-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Locale::Maketext","versions" => [{"date" => "1999-03-16T05:22:44","version" => "0.17"},{"date" => "2000-05-14T08:26:33","version" => "0.18"},{"date" => "2001-05-25T14:21:01","version" => "1.01"},{"date" => "2001-06-20T08:28:48","version" => "1.02"},{"date" => "2001-06-22T05:27:18","version" => "1.03"},{"date" => "2003-04-02T20:20:43","version" => "1.04"},{"date" => "2003-04-19T06:11:36","version" => "1.05"},{"date" => "2003-06-22T07:51:14","version" => "1.06"},{"date" => "2004-01-12T04:18:16","version" => "1.07"},{"date" => "2004-01-20T00:14:54","version" => "1.08"},{"date" => "2004-03-31T06:47:07","version" => "1.09"},{"date" => "2005-11-11T03:42:57","version" => "1.10"},{"date" => "2007-05-08T05:03:08","version" => "1.11_01"},{"date" => "2007-11-18T05:22:03","version" => "1.12"},{"date" => "2008-05-28T15:01:40","version" => "1.13"},{"date" => "2009-06-23T18:13:14","version" => "1.13_80"},{"date" => "2009-06-24T00:22:21","version" => "1.13_81"},{"date" => "2009-06-24T02:33:08","version" => "1.13_82"},{"date" => "2010-09-28T22:59:25","version" => "1.15_01"},{"date" => "2010-10-07T14:12:19","version" => "1.15_02"},{"date" => "2010-10-11T18:07:07","version" => "1.16"},{"date" => "2010-10-20T15:54:47","version" => "1.16_01"},{"date" => "2010-10-20T18:42:13","version" => "1.17"},{"date" => "2011-05-25T15:44:55","version" => "1.18_01"},{"date" => "2011-05-31T19:29:50","version" => "1.19"},{"date" => "2011-12-15T04:02:22","version" => "1.19_01"},{"date" => "2011-12-23T15:18:14","version" => "1.21"},{"date" => "2012-01-15T05:02:24","version" => "1.22"},{"date" => "2012-12-04T21:29:08","version" => "1.23"},{"date" => "2014-04-14T03:15:07","version" => "1.25_01"},{"date" => "2014-04-15T20:10:23","version" => "1.25"},{"date" => "2014-12-04T20:57:02","version" => "1.26"},{"date" => "2016-06-22T23:30:00","version" => "1.27"},{"date" => "2016-07-25T17:57:25","version" => "1.28"},{"date" => "2020-01-20T05:04:23","version" => "1.29"},{"date" => "2022-04-01T19:18:30","version" => "1.30"},{"date" => "2022-04-14T21:18:43","version" => "1.31"},{"date" => "2022-08-22T19:20:51","version" => "1.32"},{"date" => "2023-12-30T21:23:51","version" => "1.33"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "1.10_01"},{"date" => "2009-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011002","version" => "1.14"},{"date" => "2010-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013003","version" => "1.15"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "1.18"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "1.20"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "1.24"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "1.26_01"}]},"Log-Any" => {"advisories" => [{"affected_versions" => [">=1.712,<=1.715"],"cves" => [],"description" => "The WithStackTrace proxy may expose sensitive information\n","distribution" => "Log-Any","fixed_versions" => ["1.716"],"id" => "CPANSA-Log-Any-2023-001","references" => ["https://metacpan.org/dist/Log-Any/changes","https://github.com/preaction/Log-Any/pull/97"],"reported" => undef,"severity" => undef}],"main_module" => "Log::Any","versions" => [{"date" => "2009-07-11T14:11:33","version" => "0.01"},{"date" => "2009-07-14T23:34:51","version" => "0.02"},{"date" => "2009-07-18T03:41:02","version" => "0.03"},{"date" => "2009-09-04T00:32:59","version" => "0.03"},{"date" => "2009-10-27T22:26:20","version" => "0.05"},{"date" => "2009-10-31T23:24:23","version" => "0.06"},{"date" => "2009-12-07T17:57:19","version" => "0.07"},{"date" => "2009-12-16T01:31:06","version" => "0.08"},{"date" => "2010-01-05T21:20:31","version" => "0.09"},{"date" => "2010-01-05T21:27:46","version" => "0.10"},{"date" => "2010-02-12T13:08:17","version" => "0.11"},{"date" => "2011-03-23T21:55:43","version" => "0.12"},{"date" => "2011-08-02T13:27:07","version" => "0.13"},{"date" => "2011-08-31T22:51:22","version" => "0.14"},{"date" => "2013-04-10T17:16:43","version" => "0.15"},{"date" => "2014-12-12T22:09:51","version" => "0.90"},{"date" => "2014-12-15T03:15:09","version" => "0.91"},{"date" => "2014-12-15T12:13:47","version" => "0.92"},{"date" => "2014-12-26T03:04:57","version" => "1.00"},{"date" => "2014-12-27T03:26:31","version" => "1.01"},{"date" => "2014-12-28T12:07:41","version" => "1.02"},{"date" => "2015-01-02T03:43:07","version" => "1.03"},{"date" => "2015-03-26T10:09:30","version" => "1.031"},{"date" => "2015-03-26T21:24:48","version" => "1.032"},{"date" => "2016-02-03T15:34:02","version" => "1.033"},{"date" => "2016-02-04T19:48:49","version" => "1.035"},{"date" => "2016-02-06T01:27:07","version" => "1.037"},{"date" => "2016-02-10T21:18:02","version" => "1.038"},{"date" => "2016-02-24T22:48:34","version" => "1.040"},{"date" => "2016-08-18T05:02:37","version" => "1.041"},{"date" => "2016-08-27T04:38:20","version" => "1.042"},{"date" => "2016-11-04T02:48:06","version" => "1.043"},{"date" => "2016-11-06T21:53:19","version" => "1.044"},{"date" => "2016-11-12T03:54:03","version" => "1.045"},{"date" => "2017-01-12T03:44:21","version" => "1.046"},{"date" => "2017-03-23T01:25:09","version" => "1.047"},{"date" => "2017-03-27T20:17:22","version" => "1.048"},{"date" => "2017-03-28T21:03:30","version" => "1.049"},{"date" => "2017-08-04T03:30:12","version" => "1.050"},{"date" => "2017-08-07T01:43:24","version" => "1.051"},{"date" => "2017-09-28T22:00:06","version" => "1.700"},{"date" => "2017-10-02T19:38:09","version" => "1.701"},{"date" => "2017-11-28T21:20:01","version" => "1.702"},{"date" => "2017-11-29T16:57:31","version" => "1.703"},{"date" => "2017-12-18T00:14:35","version" => "1.704"},{"date" => "2018-01-17T19:50:35","version" => "1.705"},{"date" => "2018-07-07T01:21:05","version" => "1.706"},{"date" => "2018-08-02T03:56:11","version" => "1.707"},{"date" => "2020-01-13T03:58:06","version" => "1.708"},{"date" => "2021-02-17T21:17:28","version" => "1.709"},{"date" => "2021-08-02T15:11:51","version" => "1.710"},{"date" => "2022-11-22T17:29:07","version" => "1.711"},{"date" => "2022-12-09T17:06:31","version" => "1.712"},{"date" => "2022-12-12T18:45:32","version" => "1.713"},{"date" => "2023-03-20T16:49:03","version" => "1.714"},{"date" => "2023-05-04T18:09:55","version" => "1.715"},{"date" => "2023-06-26T19:15:29","version" => "1.716"},{"date" => "2023-08-17T15:53:05","version" => "1.717"},{"date" => "2025-06-01T15:00:19","version" => "1.718"}]},"MARC-File-XML" => {"advisories" => [{"affected_versions" => ["<1.0.2"],"cves" => ["CVE-2014-1626"],"description" => "XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.\n","distribution" => "MARC-File-XML","fixed_versions" => [],"id" => "CPANSA-MARC-File-XML-2014-1626","references" => ["http://www.securityfocus.com/bid/65057","http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html","http://secunia.com/advisories/55404","http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html","https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes","http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html","http://osvdb.org/102367","https://exchange.xforce.ibmcloud.com/vulnerabilities/90620"],"reported" => "2014-01-26","severity" => undef}],"main_module" => "MARC::File::XML","versions" => [{"date" => "2017-05-24T01:18:18","version" => "v1.0.5"}]},"MDK-Common" => {"advisories" => [{"affected_versions" => ["==1.1.11","==1.1.24",">=1.2.9,<=1.2.14"],"cves" => ["CVE-2009-0912"],"description" => "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors.'\n","distribution" => "MDK-Common","fixed_versions" => [],"id" => "CPANSA-MDK-Common-2009-0912","references" => ["http://www.securityfocus.com/bid/34089","http://www.vupen.com/english/advisories/2009/0688","http://www.mandriva.com/security/advisories?name=MDVSA-2009:072","https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"],"reported" => "2009-03-16","severity" => undef}],"main_module" => "MDK::Common","versions" => [{"date" => "2012-09-14T16:23:25","version" => "1.2.29"},{"date" => "2014-05-06T17:14:10","version" => "v1.2.30"},{"date" => "2017-10-27T22:31:26","version" => "v1.2.32"},{"date" => "2017-10-27T23:18:48","version" => "v1.2.33"},{"date" => "2017-10-28T01:09:39","version" => "v1.2.34"},{"date" => "2017-10-28T03:37:17","version" => "v1.2.34.1"},{"date" => "2017-10-28T04:28:13","version" => "v1.2.34.2"}]},"MHonArc" => {"advisories" => [{"affected_versions" => ["<2.6.17"],"cves" => ["CVE-2010-4524"],"description" => "Improper escaping of certain HTML sequences (XSS).\n","distribution" => "MHonArc","fixed_versions" => [">=2.6.17"],"id" => "CPANSA-MHonArc-2011-01","references" => ["https://metacpan.org/changes/distribution/MHonArc"],"reported" => "2011-01-09"},{"affected_versions" => ["<2.6.17"],"cves" => ["CVE-2010-1677"],"description" => "DoS when processing html messages with deep tag nesting.\n","distribution" => "MHonArc","fixed_versions" => [">=2.6.17"],"id" => "CPANSA-MHonArc-2011-02","references" => ["https://metacpan.org/changes/distribution/MHonArc"],"reported" => "2011-01-09"}],"main_module" => "MHonArc::UTF8","versions" => [{"date" => "1997-12-11T20:44:41","version" => "2.1"},{"date" => "1998-03-04T01:06:00","version" => "v2.2.0"},{"date" => "1998-10-11T02:56:10","version" => "v2.3.0"},{"date" => "1998-10-25T19:27:37","version" => "v2.3.1"},{"date" => "1998-11-01T20:02:48","version" => "v2.3.2"},{"date" => "1998-11-08T21:59:21","version" => "v2.3.3"},{"date" => "1999-06-26T07:57:53","version" => "v2.4.0"},{"date" => "1999-07-26T19:30:51","version" => "v2.4.1"},{"date" => "1999-08-12T07:16:14","version" => "v2.4.2"},{"date" => "1999-08-16T06:25:39","version" => "v2.4.3"},{"date" => "1999-10-01T19:43:07","version" => "v2.4.4"},{"date" => "2000-02-15T03:44:03","version" => "v2.4.5"},{"date" => "2000-04-24T08:35:56","version" => "v2.4.6"},{"date" => "2000-10-29T04:18:32","version" => "v2.4.7"},{"date" => "2000-10-30T06:29:47","version" => "v2.4.7"},{"date" => "2001-04-14T21:48:01","version" => "v2.4.8"},{"date" => "2001-06-11T03:09:13","version" => "v2.4.9"},{"date" => "2001-08-26T19:46:53","version" => "v2.5.0"},{"date" => "2001-09-07T15:24:19","version" => "v2.5.0"},{"date" => "2001-10-17T16:03:13","version" => "v2.5.0"},{"date" => "2001-11-14T05:09:59","version" => "v2.5.1"},{"date" => "2001-11-25T06:46:19","version" => "v2.5.2"},{"date" => "2002-04-18T07:23:29","version" => "v2.5.3"},{"date" => "2002-05-03T05:06:16","version" => "v2.5.4"},{"date" => "2002-05-28T05:43:00","version" => "v2.5.5"},{"date" => "2002-06-18T18:07:38","version" => "v2.5.6"},{"date" => "2002-06-21T22:59:36","version" => "v2.5.7"},{"date" => "2002-06-29T03:22:26","version" => "v2.5.8"},{"date" => "2002-07-20T02:39:53","version" => "v2.5.9"},{"date" => "2002-07-29T00:10:32","version" => "v2.5.10"},{"date" => "2002-08-04T04:25:22","version" => "v2.5.11"},{"date" => "2002-09-04T04:32:14","version" => "v2.5.12"},{"date" => "2002-10-21T17:13:35","version" => "v2.5.13"},{"date" => "2002-12-22T01:07:40","version" => "v2.5.14"},{"date" => "2003-02-10T05:23:02","version" => "v2.6.0"},{"date" => "2003-02-23T00:39:05","version" => "v2.6.1"},{"date" => "2003-03-12T01:55:48","version" => "v2.6.2"},{"date" => "2003-04-06T02:11:59","version" => "v2.6.3"},{"date" => "2003-06-22T21:54:52","version" => "v2.6.4"},{"date" => "2003-07-20T04:51:56","version" => "v2.6.5"},{"date" => "2003-07-21T17:20:07","version" => "v2.6.6"},{"date" => "2003-08-07T23:49:43","version" => "v2.6.7"},{"date" => "2003-08-13T04:47:02","version" => "v2.6.8"},{"date" => "2004-05-17T06:24:46","version" => "v2.6.9"},{"date" => "2004-05-17T06:25:16","version" => "v2.6.10"},{"date" => "2005-05-20T17:15:40","version" => "v2.6.11"},{"date" => "2005-06-09T02:30:11","version" => "v2.6.12"},{"date" => "2005-07-06T05:15:55","version" => "v2.6.13"},{"date" => "2005-07-23T07:15:49","version" => "2.6.14"},{"date" => "2005-07-27T03:46:13","version" => "2.6.15"},{"date" => "2006-06-10T03:21:01","version" => "2.6.16"},{"date" => "2011-01-09T10:04:06","version" => "2.6.17"},{"date" => "2011-01-09T16:35:39","version" => "2.6.18"},{"date" => "2014-04-22T03:33:53","version" => "2.6.19"},{"date" => "2020-09-14T09:22:58","version" => "v2.6.20"},{"date" => "2020-09-14T11:54:14","version" => "v2.6.21"},{"date" => "2020-09-21T07:06:18","version" => "v2.6.22"},{"date" => "2020-11-12T12:54:55","version" => "v2.6.23"},{"date" => "2020-11-16T14:24:54","version" => "v2.6.24"}]},"MIME-tools" => {"advisories" => [{"affected_versions" => ["<4.109"],"cves" => [],"description" => "There was a potential security hole when outputting entities with recommended filenames.\n","distribution" => "MIME-tools","fixed_versions" => [">=4.109"],"id" => "CPANSA-MIME-tools-1998-01","references" => ["https://metacpan.org/dist/MIME-tools/changes"],"reported" => "1998-01-10","severity" => undef}],"main_module" => "MIME::Body","versions" => [{"date" => "1996-10-18T13:57:11","version" => "2.01"},{"date" => "1996-10-23T19:20:59","version" => "2.02"},{"date" => "1996-10-28T18:27:36","version" => "2.03"},{"date" => "1996-11-03T00:35:36","version" => "2.04"},{"date" => "1997-01-13T10:17:14","version" => "2.13"},{"date" => "1997-01-14T07:05:37","version" => "2.14"},{"date" => "1997-01-21T03:40:48","version" => "3.203"},{"date" => "1997-01-22T11:24:13","version" => "3.204"},{"date" => "1998-01-14T15:44:55","version" => "4.111"},{"date" => "1998-01-18T04:23:37","version" => "4.112"},{"date" => "1998-01-20T08:21:18","version" => "4.113"},{"date" => "1998-02-14T21:45:26","version" => "4.116"},{"date" => "1998-05-05T14:32:36","version" => "4.119"},{"date" => "1998-06-04T13:30:01","version" => "4.121"},{"date" => "1999-02-10T05:39:03","version" => "4.122"},{"date" => "1999-05-14T13:29:15","version" => "4.124"},{"date" => "2000-05-24T14:44:21","version" => "5.115"},{"date" => "2000-05-26T04:46:25","version" => "5.116"},{"date" => "2000-06-06T16:14:02","version" => "5.205"},{"date" => "2000-06-08T07:36:13","version" => "5.206"},{"date" => "2000-06-09T03:44:00","version" => "5.207"},{"date" => "2000-06-10T08:12:36","version" => "5.209"},{"date" => "2000-06-20T13:24:34","version" => "5.210"},{"date" => "2000-06-24T06:57:34","version" => "5.211"},{"date" => "2000-07-07T14:46:11","version" => "5.304"},{"date" => "2000-07-20T06:47:41","version" => "5.306"},{"date" => "2000-08-15T14:22:44","version" => "5.310"},{"date" => "2000-08-16T05:28:11","version" => "5.311"},{"date" => "2000-09-05T04:17:48","version" => "5.313"},{"date" => "2000-09-06T04:59:03","version" => "5.314"},{"date" => "2000-09-21T06:14:25","version" => "5.316"},{"date" => "2000-11-05T15:24:04","version" => "5.404"},{"date" => "2000-11-06T00:34:39","version" => "5.405"},{"date" => "2000-11-10T05:27:35","version" => "5.408"},{"date" => "2000-11-20T18:04:43","version" => "5.409"},{"date" => "2000-11-23T05:31:08","version" => "5.410"},{"date" => "2001-06-05T15:21:25","version" => "5.411"},{"date" => "2001-11-16T17:32:32","version" => "5.411"},{"date" => "2003-06-09T16:42:00","version" => "6.200_01"},{"date" => "2003-07-22T20:49:42","version" => "6.200_02"},{"date" => "2004-09-14T14:20:07","version" => "5.412"},{"date" => "2004-09-15T14:11:08","version" => "5.413"},{"date" => "2004-10-06T19:46:54","version" => "5.414"},{"date" => "2004-10-27T12:51:54","version" => "5.415"},{"date" => "2005-01-03T15:45:29","version" => "5.416"},{"date" => "2005-01-20T21:24:25","version" => "5.417"},{"date" => "2005-09-29T19:40:53","version" => "5.418"},{"date" => "2005-12-22T21:52:16","version" => "5.419"},{"date" => "2006-03-17T21:20:12","version" => "5.420"},{"date" => "2007-06-18T20:04:22","version" => "5.420_01"},{"date" => "2007-08-31T18:03:20","version" => "5.420_02"},{"date" => "2007-09-20T21:33:01","version" => "5.421"},{"date" => "2007-09-25T22:31:20","version" => "5.422"},{"date" => "2007-09-27T15:50:17","version" => "5.423"},{"date" => "2007-11-07T15:36:31","version" => "5.424"},{"date" => "2007-11-17T16:20:42","version" => "5.425"},{"date" => "2008-03-18T13:45:38","version" => "5.426"},{"date" => "2008-06-30T18:41:00","version" => "5.426"},{"date" => "2010-04-22T15:31:33","version" => "5.428"},{"date" => "2010-04-30T13:47:59","version" => "5.500"},{"date" => "2011-01-07T15:59:19","version" => "5.500"},{"date" => "2011-02-17T18:37:12","version" => "5.501"},{"date" => "2011-03-08T14:03:11","version" => "5.502"},{"date" => "2012-06-08T13:44:12","version" => "5.503"},{"date" => "2013-01-30T21:01:40","version" => "5.504"},{"date" => "2013-11-14T15:27:15","version" => "5.505"},{"date" => "2015-04-22T17:32:26","version" => "5.506"},{"date" => "2015-09-30T13:21:56","version" => "5.507"},{"date" => "2016-08-29T14:52:28","version" => "5.508"},{"date" => "2017-04-05T18:13:30","version" => "5.508"},{"date" => "2022-07-06T14:20:39","version" => "5.503"},{"date" => "2024-01-02T15:38:07","version" => "5.503"},{"date" => "2024-01-08T18:22:18","version" => "5.503"},{"date" => "2024-01-25T16:28:54","version" => "5.503"},{"date" => "2024-02-06T20:49:02","version" => "5.503"},{"date" => "2024-04-24T15:36:43","version" => "5.515"},{"date" => "2026-02-10T17:09:42","version" => "5.516"},{"date" => "2026-02-11T02:54:45","version" => "5.517"}]},"MT" => {"advisories" => [{"affected_versions" => [">=4.20,<=4.38"],"cves" => ["CVE-2013-0209"],"description" => "lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2013-0209","references" => ["http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt","http://www.movabletype.org/2013/01/movable_type_438_patch.html","http://openwall.com/lists/oss-security/2013/01/22/3","http://www.sec-1.com/blog/?p=402"],"reported" => "2013-01-23","severity" => undef},{"affected_versions" => [">=7,<=7.9.4",">=6,<=6.8.6",">=4,<=5"],"cves" => ["CVE-2022-38078"],"description" => "Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.\n","distribution" => "MT","fixed_versions" => [">=7.9.5",">=6.8.7,<7"],"id" => "CPANSA-MT-2022-38078","references" => ["https://movabletype.org/news/2022/08/mt-795-687-released.html","https://jvn.jp/en/jp/JVN57728859/index.html"],"reported" => "2022-08-24","severity" => "critical"},{"affected_versions" => [">=7,<=7.8.1",">=6,<=6.8.2","<6"],"cves" => ["CVE-2021-20837"],"description" => "Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20837","references" => ["https://jvn.jp/en/jp/JVN41119755/index.html","https://movabletype.org/news/2021/10/mt-782-683-released.html","http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html","http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"],"reported" => "2021-10-26","severity" => "critical"},{"affected_versions" => [">=7,<7.8.0"],"cves" => ["CVE-2021-20814"],"description" => "Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20814","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0"],"cves" => ["CVE-2021-20813"],"description" => "Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20813","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20815"],"description" => "Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20815","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20811"],"description" => "Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20811","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20810"],"description" => "Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20810","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20809"],"description" => "Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20809","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20808"],"description" => "Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20808","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => ["<=1.37"],"cves" => ["CVE-2020-5669"],"description" => "Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5669","references" => ["https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html","https://jvn.jp/en/jp/JVN94245475/index.html"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5577"],"description" => "Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5577","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "high"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5576"],"description" => "Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5576","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "high"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5575"],"description" => "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5575","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "medium"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5574"],"description" => "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5574","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "medium"},{"affected_versions" => [">=7,<7.1.4",">=6,<=6.5.2"],"cves" => ["CVE-2020-5528"],"description" => "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5528","references" => ["https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html","http://jvn.jp/en/jp/JVN94435544/index.html"],"reported" => "2020-02-06","severity" => "medium"},{"affected_versions" => [">=7,<7.1.3",">=6.5.0,<=6.5.1",">=6,<=6.3.9"],"cves" => ["CVE-2019-6025"],"description" => "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2019-6025","references" => ["https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html","http://jvn.jp/en/jp/JVN65280626/index.html"],"reported" => "2019-12-26","severity" => "medium"},{"affected_versions" => ["==6.3.1"],"cves" => ["CVE-2018-0672"],"description" => "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2018-0672","references" => ["http://jvn.jp/en/jp/JVN89550319/index.html"],"reported" => "2018-09-04","severity" => "medium"},{"affected_versions" => [">=6.0.0,<6.1.3",">=6.2.0,<6.2.6","<5.2.13"],"cves" => ["CVE-2016-5742"],"description" => "SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2016-5742","references" => ["https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html","http://www.openwall.com/lists/oss-security/2016/06/22/6","http://www.openwall.com/lists/oss-security/2016/06/22/5","http://www.openwall.com/lists/oss-security/2016/06/22/3","http://www.securitytracker.com/id/1036160"],"reported" => "2017-01-23","severity" => "critical"},{"affected_versions" => ["<5.2.12",">=6.0.0,<=6.0.7"],"cves" => ["CVE-2015-1592"],"description" => "Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2015-1592","references" => ["https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html","http://www.securityfocus.com/bid/72606","http://www.openwall.com/lists/oss-security/2015/02/12/17","http://www.openwall.com/lists/oss-security/2015/02/12/2","https://www.debian.org/security/2015/dsa-3183","http://www.securitytracker.com/id/1031777","https://exchange.xforce.ibmcloud.com/vulnerabilities/100912"],"reported" => "2015-02-19","severity" => undef},{"affected_versions" => ["<5.18",">=5.2.0,<5.2.11",">=6,<6.0.6"],"cves" => ["CVE-2014-9057"],"description" => "SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2014-9057","references" => ["https://movabletype.org/news/2014/12/6.0.6.html","https://movabletype.org/documentation/appendices/release-notes/6.0.6.html","http://secunia.com/advisories/61227","https://www.debian.org/security/2015/dsa-3183"],"reported" => "2014-12-16","severity" => undef},{"affected_versions" => ["<5.2.6"],"cves" => ["CVE-2013-2184"],"description" => "Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2013-2184","references" => ["https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html","http://www.debian.org/security/2015/dsa-3183","http://seclists.org/oss-sec/2013/q2/568","http://seclists.org/oss-sec/2013/q2/560"],"reported" => "2015-03-27","severity" => undef},{"affected_versions" => ["==5.13"],"cves" => ["CVE-2012-1503"],"description" => "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-1503","references" => ["http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html","http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html","http://www.exploit-db.com/exploits/22151","http://osvdb.org/show/osvdb/86729","http://www.securityfocus.com/bid/56160","https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"],"reported" => "2014-08-29","severity" => undef},{"affected_versions" => ["<4.38",">=5,<5.07",">=5.10,<5.13"],"cves" => ["CVE-2012-0320"],"description" => "Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-0320","references" => ["http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html","http://www.movabletype.org/documentation/appendices/release-notes/513.html","http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018","http://jvn.jp/en/jp/JVN20083397/index.html","http://www.securitytracker.com/id?1026738","http://www.securityfocus.com/bid/52138","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-03-03","severity" => undef},{"affected_versions" => ["<4.38",">=5,<5.07",">=5.10,<5.13"],"cves" => ["CVE-2012-0317"],"description" => "Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-0317","references" => ["http://jvn.jp/en/jp/JVN70683217/index.html","http://www.movabletype.org/documentation/appendices/release-notes/513.html","http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html","http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015","http://www.securitytracker.com/id?1026738","http://www.securityfocus.com/bid/52138","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-03-03","severity" => undef},{"affected_versions" => [">=4,<4.36",">=5,<5.05"],"cves" => ["CVE-2011-5085"],"description" => "Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2011-5085","references" => ["http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-04-02","severity" => undef},{"affected_versions" => [">=4,<4.36",">=5,<5.05"],"cves" => ["CVE-2011-5084"],"description" => "Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2011-5084","references" => ["http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-04-02","severity" => undef},{"affected_versions" => [">=5.0,<=5.01"],"cves" => ["CVE-2010-1985"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2010-1985","references" => ["http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html","http://www.movabletype.com/blog/2010/05/movable-type-502.html","http://www.vupen.com/english/advisories/2010/1136","http://secunia.com/advisories/39741","http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html","http://jvn.jp/en/jp/JVN92854093/index.html"],"reported" => "2010-05-19","severity" => undef},{"affected_versions" => ["<4.261"],"cves" => ["CVE-2009-2492"],"description" => "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-2492","references" => ["http://jvn.jp/en/jp/JVN86472161/index.html","http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html","http://www.vupen.com/english/advisories/2009/1668","http://secunia.com/advisories/35534","http://www.securityfocus.com/bid/35885"],"reported" => "2009-07-17","severity" => undef},{"affected_versions" => ["<4.261"],"cves" => ["CVE-2009-2481"],"description" => "mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-2481","references" => ["http://jvn.jp/en/jp/JVN08369659/index.html","http://www.vupen.com/english/advisories/2009/1668","http://www.securityfocus.com/bid/35471","http://secunia.com/advisories/35534","http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/51330"],"reported" => "2009-07-16","severity" => undef},{"affected_versions" => ["<4.24"],"cves" => ["CVE-2009-0752"],"description" => "Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-0752","references" => ["http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html"],"reported" => "2009-03-03","severity" => undef},{"affected_versions" => ["<4.23"],"cves" => ["CVE-2008-5846"],"description" => "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\"\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5846","references" => ["http://www.movabletype.org/mt_423_change_log.html","http://www.securityfocus.com/bid/33133","https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"],"reported" => "2009-01-05","severity" => undef},{"affected_versions" => ["<4.23"],"cves" => ["CVE-2008-5845"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5845","references" => ["http://www.movabletype.org/mt_423_change_log.html","http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html","http://jvn.jp/en/jp/JVN45658190/index.html"],"reported" => "2009-01-05","severity" => undef},{"affected_versions" => [">=3,<=3.38",">=4,<4.23"],"cves" => ["CVE-2008-5808"],"description" => "Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to \"application management.\"\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5808","references" => ["http://secunia.com/advisories/32935","http://www.securityfocus.com/bid/32604","http://jvn.jp/en/jp/JVN02216739/index.html","http://www.movabletype.jp/blog/_movable_type_423.html","http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/47019"],"reported" => "2009-01-02","severity" => undef},{"affected_versions" => [">=7,<=7.7.1"],"cves" => ["CVE-2021-20812"],"description" => "Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20812","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => ["<=7"],"cves" => ["CVE-2022-43660"],"description" => "Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2022-43660","references" => ["https://movabletype.org/news/2022/11/mt-796-688-released.html","https://jvn.jp/en/jp/JVN37014768/index.html"],"reported" => "2022-12-07","severity" => undef}],"main_module" => "","versions" => []},"Mail-Audit" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2005-4536"],"description" => "Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.\n","distribution" => "Mail-Audit","fixed_versions" => [],"id" => "CPANSA-Mail-Audit-2005-4536","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029","http://www.debian.org/security/2006/dsa-960","http://secunia.com/advisories/18652","http://secunia.com/advisories/18656","http://www.securityfocus.com/bid/16434","http://www.vupen.com/english/advisories/2006/0378","https://exchange.xforce.ibmcloud.com/vulnerabilities/24380"],"reported" => "2005-12-31","severity" => undef}],"main_module" => "Mail::Audit","versions" => [{"date" => "2000-03-25T11:22:17","version" => "1.0"},{"date" => "2000-06-17T08:03:59","version" => "1.1"},{"date" => "2000-06-17T10:56:28","version" => "1.2"},{"date" => "2000-06-17T11:13:20","version" => "1.3"},{"date" => "2001-01-04T20:17:04","version" => "1.4"},{"date" => "2001-01-07T14:23:39","version" => "1.5"},{"date" => "2001-01-13T22:45:20","version" => "1.6"},{"date" => "2001-01-27T11:31:56","version" => "1.7"},{"date" => "2001-02-12T16:34:27","version" => "1.8"},{"date" => "2001-03-21T21:35:00","version" => "1.9"},{"date" => "2001-04-23T15:45:51","version" => "1.10"},{"date" => "2001-05-16T23:20:35","version" => "1.11"},{"date" => "2001-12-10T21:02:24","version" => "2.0"},{"date" => "2002-03-04T19:59:38","version" => "2.1"},{"date" => "2006-05-27T01:36:59","version" => "2.200_01"},{"date" => "2006-05-31T01:58:52","version" => "2.200_02"},{"date" => "2006-06-02T02:17:31","version" => "2.200_03"},{"date" => "2006-06-04T20:18:18","version" => "2.200_04"},{"date" => "2006-06-05T03:39:12","version" => "2.200_05"},{"date" => "2006-07-16T21:50:04","version" => "2.201"},{"date" => "2006-07-21T12:18:37","version" => "2.202"},{"date" => "2006-07-22T00:53:55","version" => "2.203"},{"date" => "2006-09-19T11:26:30","version" => "2.210"},{"date" => "2006-09-19T11:38:19","version" => "2.211"},{"date" => "2006-10-31T15:24:49","version" => "2.212"},{"date" => "2007-02-15T17:05:02","version" => "2.213"},{"date" => "2007-02-15T19:32:24","version" => "2.214"},{"date" => "2007-02-19T21:14:15","version" => "2.215"},{"date" => "2007-02-27T01:52:17","version" => "2.216"},{"date" => "2007-03-05T17:16:08","version" => "2.217"},{"date" => "2007-03-06T16:24:21","version" => "2.218"},{"date" => "2007-06-14T22:28:51","version" => "2.219"},{"date" => "2007-07-14T19:04:32","version" => "2.220"},{"date" => "2007-09-17T13:26:24","version" => "2.221"},{"date" => "2007-11-02T03:23:46","version" => "2.222"},{"date" => "2008-04-17T20:32:32","version" => "2.223"},{"date" => "2009-09-18T17:22:37","version" => "2.224"},{"date" => "2009-11-23T19:27:24","version" => "2.225"},{"date" => "2011-11-11T16:37:46","version" => "2.226"},{"date" => "2011-11-14T19:21:44","version" => "2.227"},{"date" => "2013-09-29T01:21:47","version" => "2.228"}]},"MailTools" => {"advisories" => [{"affected_versions" => ["<1.51"],"cves" => ["CVE-2002-1271"],"description" => "The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.\n","distribution" => "MailTools","fixed_versions" => [">=1.51"],"id" => "CPANSA-Mail-Mailer-2002-1271","references" => ["http://www.iss.net/security_center/static/10548.php","http://www.debian.org/security/2003/dsa-386","http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php","http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html","http://www.securityfocus.com/bid/6104","http://marc.info/?l=bugtraq&m=103659723101369&w=2","http://marc.info/?l=bugtraq&m=103679569705086&w=2"],"reported" => "2002-11-12","severity" => undef}],"main_module" => "MailTools","versions" => [{"date" => "1995-10-21T04:25:33","version" => "1.03"},{"date" => "1995-11-21T11:54:38","version" => "1.04"},{"date" => "1996-08-13T09:42:17","version" => "1.06"},{"date" => "1997-01-02T10:39:44","version" => "1.07"},{"date" => "1997-01-07T13:38:49","version" => "1.08"},{"date" => "1997-02-24T09:04:31","version" => "1.09"},{"date" => "1997-11-13T02:23:35","version" => "1.10"},{"date" => "1997-11-16T16:16:12","version" => "1.1001"},{"date" => "1997-11-18T01:49:48","version" => "1.1002"},{"date" => "1997-11-26T02:32:07","version" => "1.1003"},{"date" => "1998-01-03T03:56:45","version" => "1.11"},{"date" => "1998-09-26T14:47:35","version" => "1.12"},{"date" => "1999-03-31T17:45:02","version" => "1.13"},{"date" => "2000-03-29T12:35:40","version" => "1.14"},{"date" => "2000-04-14T10:53:46","version" => "1.1401"},{"date" => "2000-09-04T14:01:06","version" => "1.15"},{"date" => "2001-08-08T09:13:27","version" => "1.16"},{"date" => "2001-08-24T18:19:52","version" => "1.40"},{"date" => "2001-11-14T10:36:58","version" => "1.41"},{"date" => "2001-12-10T18:28:08","version" => "1.42"},{"date" => "2002-02-08T09:41:37","version" => "1.43"},{"date" => "2002-03-23T09:36:15","version" => "1.44"},{"date" => "2002-05-23T08:17:57","version" => "1.45"},{"date" => "2002-05-29T13:09:54","version" => "1.46"},{"date" => "2002-07-05T10:03:43","version" => "1.47"},{"date" => "2002-08-07T21:07:03","version" => "1.48"},{"date" => "2002-08-28T06:38:30","version" => "1.49"},{"date" => "2002-09-03T22:35:45","version" => "1.50"},{"date" => "2002-10-29T13:24:48","version" => "1.51"},{"date" => "2002-11-29T12:50:47","version" => "1.52"},{"date" => "2002-12-09T16:47:38","version" => "1.53"},{"date" => "2003-01-06T07:02:35","version" => "1.54"},{"date" => "2003-01-06T07:07:36","version" => "1.55"},{"date" => "2003-01-06T16:16:54","version" => "1.56"},{"date" => "2003-01-14T08:49:45","version" => "1.57"},{"date" => "2003-01-14T13:45:20","version" => "1.58"},{"date" => "2003-08-13T06:16:07","version" => "1.59"},{"date" => "2003-09-24T07:21:11","version" => "1.60"},{"date" => "2004-03-10T09:55:12","version" => "1.61"},{"date" => "2004-03-24T12:32:28","version" => "1.62"},{"date" => "2004-08-16T15:30:07","version" => "1.63"},{"date" => "2004-08-17T20:26:08","version" => "1.64"},{"date" => "2004-11-24T15:05:58","version" => "1.65"},{"date" => "2005-01-20T09:18:51","version" => "1.66"},{"date" => "2005-03-31T10:07:53","version" => "1.67"},{"date" => "2006-01-05T09:33:09","version" => "1.68"},{"date" => "2006-01-05T10:19:56","version" => "1.70"},{"date" => "2006-01-05T10:22:10","version" => "1.71"},{"date" => "2006-01-17T08:11:53","version" => "1.72"},{"date" => "2006-01-21T08:58:00","version" => "1.73"},{"date" => "2006-02-28T07:44:59","version" => "1.74"},{"date" => "2007-04-10T07:27:15","version" => "1.76"},{"date" => "2007-05-11T12:17:49","version" => "1.77"},{"date" => "2007-06-20T12:42:21","version" => "2.00_01"},{"date" => "2007-07-21T10:31:51","version" => "2.00_02"},{"date" => "2007-09-25T10:30:00","version" => "2.00_03"},{"date" => "2007-11-28T09:50:07","version" => "2.01"},{"date" => "2007-11-30T09:00:20","version" => "2.02"},{"date" => "2008-04-14T09:14:48","version" => "2.03"},{"date" => "2008-07-29T09:46:50","version" => "2.04"},{"date" => "2009-12-18T22:01:23","version" => "2.05"},{"date" => "2010-01-26T09:04:49","version" => "2.06"},{"date" => "2010-10-01T10:39:38","version" => "2.07"},{"date" => "2011-06-01T11:56:43","version" => "2.08"},{"date" => "2012-02-25T13:51:23","version" => "2.09"},{"date" => "2012-08-28T08:28:08","version" => "2.10"},{"date" => "2012-08-29T07:13:34","version" => "2.11"},{"date" => "2012-12-21T11:27:10","version" => "2.12"},{"date" => "2014-01-05T18:36:21","version" => "2.13"},{"date" => "2014-11-21T16:15:46","version" => "2.14"},{"date" => "2016-04-18T12:11:57","version" => "2.15"},{"date" => "2016-04-18T16:00:17","version" => "2.16"},{"date" => "2016-05-11T15:27:31","version" => "2.17"},{"date" => "2016-05-18T21:54:30","version" => "2.18"},{"date" => "2017-08-22T11:37:34","version" => "2.19"},{"date" => "2018-01-23T12:52:56","version" => "2.20"},{"date" => "2019-05-21T14:28:18","version" => "2.21"},{"date" => "2024-11-18T10:23:29","version" => "2.22"}]},"MarpaX-ESLIF" => {"advisories" => [{"affected_versions" => [">=4.0.0,<6.0.23"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"},{"affected_versions" => [">=2.0.10,<4.0.0"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"},{"affected_versions" => [">=1.053,<2.0.10"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"}],"main_module" => "MarpaX::ESLIF","versions" => [{"date" => "2017-03-26T10:57:12","version" => "1.0.43"},{"date" => "2017-03-28T18:31:33","version" => "1.0.47"},{"date" => "2017-03-29T04:21:35","version" => "1.0.48"},{"date" => "2017-03-29T18:37:45","version" => "1.0.49"},{"date" => "2017-04-02T10:33:46","version" => "1.0.50"},{"date" => "2017-04-03T19:05:28","version" => "1.0.51"},{"date" => "2017-04-13T17:35:13","version" => "1.0.52"},{"date" => "2017-04-14T07:43:59","version" => "1.0.53"},{"date" => "2017-04-29T19:13:38","version" => "2.0.1"},{"date" => "2017-05-05T23:23:22","version" => "2.0.3"},{"date" => "2017-05-07T07:40:42","version" => "2.0.4"},{"date" => "2017-05-10T05:42:35","version" => "2.0.5"},{"date" => "2017-05-10T18:16:00","version" => "2.0.6"},{"date" => "2017-05-10T19:36:06","version" => "2.0.7"},{"date" => "2017-05-10T19:56:35","version" => "2.0.8"},{"date" => "2017-05-11T19:06:11","version" => "2.0.9"},{"date" => "2017-05-12T18:52:12","version" => "2.0.10"},{"date" => "2017-05-13T22:39:09","version" => "2.0.11"},{"date" => "2017-05-31T17:51:29","version" => "2.0.12"},{"date" => "2017-05-31T19:34:51","version" => "2.0.13"},{"date" => "2017-06-27T05:59:02","version" => "2.0.14"},{"date" => "2017-08-14T05:56:46","version" => "2.0.15"},{"date" => "2017-08-14T19:28:19","version" => "2.0.16"},{"date" => "2017-10-20T19:44:53","version" => "2.0.17"},{"date" => "2017-10-25T03:57:11","version" => "2.0.18"},{"date" => "2017-10-25T04:49:24","version" => "2.0.19"},{"date" => "2017-10-28T05:10:19","version" => "2.0.20"},{"date" => "2017-10-29T19:48:03","version" => "2.0.21"},{"date" => "2017-10-30T03:49:16","version" => "2.0.22"},{"date" => "2017-11-04T07:23:55","version" => "2.0.23"},{"date" => "2017-12-27T15:06:03","version" => "2.0.30"},{"date" => "2017-12-31T19:08:47","version" => "2.0.31"},{"date" => "2018-01-19T04:10:03","version" => "2.0.32"},{"date" => "2018-01-25T16:13:07","version" => "2.0.33"},{"date" => "2018-01-30T06:38:42","version" => "2.0.34"},{"date" => "2018-02-21T07:14:12","version" => "2.0.36"},{"date" => "2018-02-25T11:50:02","version" => "2.0.37"},{"date" => "2018-02-25T11:59:32","version" => "2.0.38"},{"date" => "2018-03-12T18:34:09","version" => "2.0.39"},{"date" => "2018-03-13T18:06:17","version" => "2.0.40"},{"date" => "2018-03-15T04:09:56","version" => "2.0.41"},{"date" => "2018-03-21T06:39:42","version" => "2.0.42"},{"date" => "2018-04-04T05:39:12","version" => "2.0.43"},{"date" => "2019-04-07T10:41:47","version" => "3.0.1"},{"date" => "2019-04-07T14:13:23","version" => "3.0.2"},{"date" => "2019-04-07T17:44:04","version" => "3.0.3"},{"date" => "2019-04-10T05:00:51","version" => "3.0.4"},{"date" => "2019-04-11T04:06:12","version" => "3.0.5"},{"date" => "2019-04-11T17:28:27","version" => "3.0.6"},{"date" => "2019-04-13T14:07:12","version" => "3.0.7"},{"date" => "2019-04-14T11:09:19","version" => "3.0.8"},{"date" => "2019-04-18T05:23:29","version" => "3.0.9"},{"date" => "2019-05-12T05:55:11","version" => "3.0.10"},{"date" => "2019-06-09T13:40:40","version" => "3.0.11"},{"date" => "2019-06-13T19:54:54","version" => "3.0.12"},{"date" => "2019-07-21T04:54:47","version" => "3.0.13"},{"date" => "2019-07-22T04:57:08","version" => "3.0.14"},{"date" => "2019-08-03T04:52:02","version" => "3.0.15"},{"date" => "2019-08-04T08:28:03","version" => "3.0.16"},{"date" => "2019-08-08T04:53:38","version" => "3.0.17"},{"date" => "2019-08-28T05:42:34","version" => "3.0.18"},{"date" => "2019-10-13T08:57:33","version" => "3.0.19"},{"date" => "2019-11-17T17:16:55","version" => "3.0.27"},{"date" => "2019-11-17T18:55:54","version" => "3.0.28"},{"date" => "2019-11-21T05:15:21","version" => "3.0.29"},{"date" => "2020-02-22T09:35:43","version" => "3.0.30"},{"date" => "2020-03-02T06:30:41","version" => "3.0.31"},{"date" => "2020-03-03T05:55:13","version" => "3.0.32"},{"date" => "2020-08-14T04:24:47","version" => "4.0.1"},{"date" => "2021-02-09T17:59:43","version" => "5.0.2"},{"date" => "2021-02-10T04:34:01","version" => "5.0.3"},{"date" => "2021-02-10T19:53:29","version" => "5.0.4"},{"date" => "2021-02-11T07:57:27","version" => "5.0.5"},{"date" => "2021-02-13T13:28:54","version" => "5.0.6"},{"date" => "2021-02-14T15:08:27","version" => "5.0.7"},{"date" => "2021-12-05T11:06:06","version" => "6.0.1"},{"date" => "2021-12-12T15:19:09","version" => "6.0.2"},{"date" => "2021-12-13T01:55:29","version" => "6.0.3"},{"date" => "2021-12-13T03:36:47","version" => "6.0.4"},{"date" => "2021-12-15T07:27:24","version" => "6.0.5"},{"date" => "2021-12-22T06:41:38","version" => "6.0.6"},{"date" => "2021-12-23T05:42:39","version" => "6.0.7"},{"date" => "2021-12-24T06:34:17","version" => "6.0.8"},{"date" => "2022-01-01T08:41:06","version" => "6.0.9"},{"date" => "2022-01-02T06:02:38","version" => "6.0.10"},{"date" => "2022-01-10T05:16:06","version" => "6.0.11"},{"date" => "2022-01-17T08:02:35","version" => "6.0.12"},{"date" => "2022-01-18T06:17:30","version" => "6.0.13"},{"date" => "2022-02-25T08:38:59","version" => "6.0.14"},{"date" => "2022-03-06T13:53:19","version" => "6.0.15"},{"date" => "2022-03-29T05:40:00","version" => "6.0.16"},{"date" => "2022-05-01T08:08:14","version" => "6.0.17"},{"date" => "2022-05-02T05:46:40","version" => "6.0.18"},{"date" => "2022-05-04T04:41:47","version" => "6.0.19"},{"date" => "2022-05-10T04:49:43","version" => "6.0.20"},{"date" => "2022-05-15T06:21:08","version" => "6.0.21"},{"date" => "2022-05-20T06:08:02","version" => "6.0.22"},{"date" => "2022-06-15T07:10:22","version" => "6.0.23"},{"date" => "2022-06-16T04:18:25","version" => "6.0.24"},{"date" => "2022-08-05T07:14:05","version" => "6.0.25"},{"date" => "2022-09-15T05:20:07","version" => "6.0.26"},{"date" => "2022-09-25T09:36:30","version" => "6.0.27"},{"date" => "2023-01-08T19:11:51","version" => "6.0.28"},{"date" => "2023-01-14T16:31:10","version" => "6.0.29"},{"date" => "2023-02-14T06:31:07","version" => "6.0.30"},{"date" => "2023-02-14T07:31:33","version" => "6.0.31"},{"date" => "2024-02-20T07:12:44","version" => "6.0.33"},{"date" => "2024-02-22T02:15:03","version" => "6.0.33.1"},{"date" => "2024-02-22T07:23:31","version" => "6.0.33.2"},{"date" => "2024-02-23T00:35:01","version" => "6.0.33.3"},{"date" => "2024-03-01T06:11:32","version" => "6.0.33.4"},{"date" => "2024-04-16T04:53:42","version" => "6.0.35.1"}]},"Maypole" => {"advisories" => [{"affected_versions" => [">=2.10"],"cves" => ["CVE-2025-15578"],"description" => "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.","distribution" => "Maypole","fixed_versions" => [],"id" => "CPANSA-Maypole-2025-15578","references" => ["https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Maypole","versions" => [{"date" => "2004-02-11T17:41:55","version" => "1.0"},{"date" => "2004-02-25T10:32:37","version" => "1.1"},{"date" => "2004-03-25T12:42:17","version" => "1.2"},{"date" => "2004-03-26T19:19:58","version" => "1.3"},{"date" => "2004-04-16T17:18:54","version" => "1.4"},{"date" => "2004-06-21T13:43:06","version" => "1.5"},{"date" => "2004-07-16T22:54:54","version" => "1.6"},{"date" => "2004-07-17T19:17:16","version" => "1.7"},{"date" => "2004-10-18T08:10:24","version" => "1.99_01"},{"date" => "2004-10-23T19:10:22","version" => "2.0"},{"date" => "2004-10-24T13:04:49","version" => "2.01"},{"date" => "2004-10-25T12:10:08","version" => "2.02"},{"date" => "2004-10-26T14:17:44","version" => "2.03"},{"date" => "2004-10-28T13:53:40","version" => "2.04"},{"date" => "2004-12-24T04:01:58","version" => "2.05"},{"date" => "2004-12-29T01:41:17","version" => "2.06"},{"date" => "2005-01-24T20:48:15","version" => "2.08"},{"date" => "2005-01-25T23:04:10","version" => "2.09"},{"date" => "2005-07-05T18:37:34","version" => "2.10_pre1"},{"date" => "2005-07-08T19:16:47","version" => "2.10_pre2"},{"date" => "2005-07-08T19:23:54","version" => "2.10_pre2a"},{"date" => "2005-07-12T20:29:09","version" => "2.10_pre3"},{"date" => "2005-07-19T18:29:26","version" => "2.10"},{"date" => "2006-04-14T09:53:11","version" => "2.11_pre1"},{"date" => "2006-04-25T13:31:05","version" => "2.11_pre2"},{"date" => "2006-05-03T15:10:36","version" => "2.11_pre3"},{"date" => "2006-07-17T10:20:10","version" => "2.11_pre4"},{"date" => "2006-07-20T12:14:28","version" => "2.11_pre5"},{"date" => "2006-07-31T19:06:36","version" => "2.11"},{"date" => "2007-06-02T15:03:39","version" => "2.111"},{"date" => "2007-06-22T11:40:46","version" => "2.12"},{"date" => "2007-08-29T13:00:02","version" => "2.121"},{"date" => "2008-04-18T10:27:38","version" => "2.13"}]},"Mite" => {"advisories" => [{"affected_versions" => ["<0.013000"],"cves" => ["CVE-2025-30672"],"description" => "Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the \@INC path similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be  loaded instead of the intended file, potentially leading to arbitrary  code execution.  This affects the Mite distribution itself, and other distributions that contain code generated by Mite.","distribution" => "Mite","fixed_versions" => [">=0.013000"],"id" => "CPANSA-Mite-2025-30672","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/release/TOBYINK/Mite-0.013000/changes","https://perldoc.perl.org/perlrun#PERL_USE_UNSAFE_INC","https://wiki.gentoo.org/wiki/Project:Perl/Dot-In-INC-Removal"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Mite","versions" => [{"date" => "2014-07-29T21:10:24","version" => "v0.0.1"},{"date" => "2022-06-21T17:04:26","version" => "v0.0.2"},{"date" => "2022-06-21T20:35:06","version" => "v0.0.3"},{"date" => "2022-06-22T01:18:18","version" => "v0.0.4"},{"date" => "2022-06-22T12:41:26","version" => "v0.0.5"},{"date" => "2022-06-23T13:34:32","version" => "v0.0.6"},{"date" => "2022-06-23T19:39:49","version" => "v0.0.7"},{"date" => "2022-06-24T12:23:18","version" => "v0.0.8"},{"date" => "2022-06-28T12:54:37","version" => "v0.0.9"},{"date" => "2022-06-28T16:33:12","version" => "0.001000"},{"date" => "2022-06-28T23:23:27","version" => "0.001001"},{"date" => "2022-06-29T00:14:33","version" => "0.001002"},{"date" => "2022-06-29T00:23:14","version" => "0.001003"},{"date" => "2022-06-29T09:48:18","version" => "0.001004"},{"date" => "2022-06-29T10:47:18","version" => "0.001005"},{"date" => "2022-06-29T13:26:40","version" => "0.001006"},{"date" => "2022-06-29T15:01:20","version" => "0.001007"},{"date" => "2022-06-29T17:18:46","version" => "0.001008"},{"date" => "2022-06-29T17:24:52","version" => "0.001009"},{"date" => "2022-06-29T22:02:50","version" => "0.001010"},{"date" => "2022-06-29T23:15:21","version" => "0.001011"},{"date" => "2022-06-30T13:09:55","version" => "0.001012"},{"date" => "2022-06-30T20:52:53","version" => "0.001013"},{"date" => "2022-07-01T16:08:26","version" => "0.002000"},{"date" => "2022-07-01T17:12:53","version" => "0.002001"},{"date" => "2022-07-01T20:55:40","version" => "0.002002"},{"date" => "2022-07-02T19:31:17","version" => "0.002003"},{"date" => "2022-07-02T23:37:00","version" => "0.002004"},{"date" => "2022-07-03T08:50:07","version" => "0.003000"},{"date" => "2022-07-03T11:21:56","version" => "0.003001"},{"date" => "2022-07-04T20:27:47","version" => "0.004000"},{"date" => "2022-07-05T18:08:58","version" => "0.005000"},{"date" => "2022-07-06T13:32:59","version" => "0.005001"},{"date" => "2022-07-07T08:21:36","version" => "0.005002"},{"date" => "2022-07-08T12:14:54","version" => "0.005003"},{"date" => "2022-07-08T21:28:24","version" => "0.005004"},{"date" => "2022-07-09T16:14:35","version" => "0.006000"},{"date" => "2022-07-09T18:08:05","version" => "0.006001"},{"date" => "2022-07-10T10:32:50","version" => "0.006002"},{"date" => "2022-07-10T10:36:37","version" => "0.006003"},{"date" => "2022-07-10T11:56:49","version" => "0.006004"},{"date" => "2022-07-10T16:37:45","version" => "0.006005"},{"date" => "2022-07-10T19:55:04","version" => "0.006006"},{"date" => "2022-07-11T08:10:46","version" => "0.006007"},{"date" => "2022-07-11T13:14:24","version" => "0.006008"},{"date" => "2022-07-11T20:17:03","version" => "0.006009"},{"date" => "2022-07-12T12:19:49","version" => "0.006010"},{"date" => "2022-07-12T13:45:58","version" => "0.006011"},{"date" => "2022-07-13T12:26:42","version" => "0.006012"},{"date" => "2022-07-14T20:44:28","version" => "0.006013"},{"date" => "2022-07-16T23:12:32","version" => "0.007000"},{"date" => "2022-07-17T08:15:25","version" => "0.007001"},{"date" => "2022-07-17T08:57:45","version" => "0.007002"},{"date" => "2022-07-17T11:24:15","version" => "0.007003"},{"date" => "2022-07-20T09:23:13","version" => "0.007004"},{"date" => "2022-07-21T13:07:18","version" => "0.007005"},{"date" => "2022-07-21T20:44:59","version" => "0.007006"},{"date" => "2022-08-01T16:50:24","version" => "0.008000"},{"date" => "2022-08-03T14:18:10","version" => "0.008001"},{"date" => "2022-08-03T16:55:42","version" => "0.008002"},{"date" => "2022-08-04T23:53:31","version" => "0.008003"},{"date" => "2022-08-07T16:16:40","version" => "0.009000"},{"date" => "2022-08-08T12:49:01","version" => "0.009001"},{"date" => "2022-08-08T16:16:56","version" => "0.009002"},{"date" => "2022-08-08T18:19:51","version" => "0.009003"},{"date" => "2022-08-09T18:41:15","version" => "0.010000"},{"date" => "2022-08-09T21:40:29","version" => "0.010001"},{"date" => "2022-08-12T10:21:24","version" => "0.010002"},{"date" => "2022-08-12T15:46:11","version" => "0.010003"},{"date" => "2022-08-13T08:14:34","version" => "0.010004"},{"date" => "2022-08-13T13:06:05","version" => "0.010005"},{"date" => "2022-08-14T13:54:50","version" => "0.010006"},{"date" => "2022-08-14T14:03:09","version" => "0.010007"},{"date" => "2022-08-15T14:16:11","version" => "0.010008"},{"date" => "2022-11-09T15:20:39","version" => "0.011000"},{"date" => "2022-12-12T20:44:49","version" => "0.012000"},{"date" => "2025-03-31T10:59:29","version" => "0.013000"}]},"Module-Load-Conditional" => {"advisories" => [{"affected_versions" => ["<0.66"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Module-Load-Conditional","fixed_versions" => [">=0.66"],"id" => "CPANSA-Module-Load-Conditional-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Module::Load::Conditional","versions" => [{"date" => "2003-05-10T16:59:45","version" => "0.02"},{"date" => "2003-05-31T12:30:25","version" => "0.03"},{"date" => "2003-10-05T15:11:11","version" => "0.04"},{"date" => "2004-05-22T14:34:33","version" => "0.05"},{"date" => "2004-12-03T15:53:27","version" => "0.06"},{"date" => "2005-01-13T18:59:45","version" => "0.07"},{"date" => "2005-01-14T17:32:34","version" => "0.08"},{"date" => "2006-08-01T20:05:30","version" => "0.10"},{"date" => "2006-08-13T13:08:40","version" => "0.12"},{"date" => "2007-01-03T17:38:46","version" => "0.14"},{"date" => "2007-01-25T21:40:29","version" => "0.16"},{"date" => "2007-09-15T14:20:27","version" => "0.18"},{"date" => "2007-10-03T15:27:25","version" => "0.20"},{"date" => "2007-10-15T08:19:21","version" => "0.22"},{"date" => "2008-01-02T15:57:46","version" => "0.24"},{"date" => "2008-02-29T16:01:59","version" => "0.26"},{"date" => "2008-12-17T12:56:57","version" => "0.28"},{"date" => "2009-01-19T15:56:22","version" => "0.30"},{"date" => "2009-10-23T09:16:58","version" => "0.31_01"},{"date" => "2009-10-23T20:58:24","version" => "0.32"},{"date" => "2009-10-29T09:27:23","version" => "0.34"},{"date" => "2010-02-09T14:20:49","version" => "0.36"},{"date" => "2010-04-23T15:03:33","version" => "0.38"},{"date" => "2011-01-07T22:28:54","version" => "0.40"},{"date" => "2011-02-09T15:29:28","version" => "0.42"},{"date" => "2011-02-09T21:54:40","version" => "0.44"},{"date" => "2011-09-07T23:02:16","version" => "0.46"},{"date" => "2012-03-15T13:58:36","version" => "0.48"},{"date" => "2012-04-27T21:29:11","version" => "0.50"},{"date" => "2012-07-29T09:13:49","version" => "0.52"},{"date" => "2012-08-12T08:13:47","version" => "0.54"},{"date" => "2013-08-29T20:32:38","version" => "0.56"},{"date" => "2013-09-01T10:25:33","version" => "0.58"},{"date" => "2014-01-16T12:31:47","version" => "0.60"},{"date" => "2014-01-24T15:55:28","version" => "0.62"},{"date" => "2015-01-17T13:36:11","version" => "0.64"},{"date" => "2016-07-27T07:37:34","version" => "0.66"},{"date" => "2016-07-29T07:05:40","version" => "0.68"},{"date" => "2019-11-10T14:37:30","version" => "0.70"},{"date" => "2020-06-25T07:23:00","version" => "0.72"},{"date" => "2020-08-21T08:09:10","version" => "0.74"}]},"Module-Metadata" => {"advisories" => [{"affected_versions" => ["<1.000015"],"cves" => ["CVE-2013-1437"],"description" => "Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the \$Version value.\n","distribution" => "Module-Metadata","fixed_versions" => [">=1.000015"],"id" => "CPANSA-Module-Metadata-2013-1437","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html","https://metacpan.org/changes/distribution/Module-Metadata","http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html"],"reported" => "2020-01-28","reviewed_by" => [{"date" => "2022-07-11","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => "critical"}],"main_module" => "Module::Metadata","versions" => [{"date" => "2010-07-06T21:16:54","version" => "1.000000"},{"date" => "2010-07-08T23:56:47","version" => "1.000001"},{"date" => "2010-12-10T17:07:09","version" => "1.000002"},{"date" => "2011-01-07T02:35:06","version" => "1.000003"},{"date" => "2011-02-03T07:55:40","version" => "1.000004"},{"date" => "2011-08-03T01:41:05","version" => "1.000005"},{"date" => "2011-08-29T19:48:33","version" => "1.000006"},{"date" => "2011-09-07T16:01:55","version" => "1.000007"},{"date" => "2012-02-08T03:31:54","version" => "1.000008"},{"date" => "2012-02-08T17:34:49","version" => "1.000009"},{"date" => "2012-07-29T19:21:55","version" => "1.000010"},{"date" => "2012-08-16T00:07:05","version" => "1.000010_001"},{"date" => "2012-08-16T00:15:02","version" => "1.000010_002"},{"date" => "2012-08-16T04:54:55","version" => "1.000010_003"},{"date" => "2012-08-16T19:57:31","version" => "1.000011"},{"date" => "2013-05-05T04:59:03","version" => "1.000012"},{"date" => "2013-05-08T23:00:33","version" => "1.000013"},{"date" => "2013-05-09T09:02:22","version" => "1.000014"},{"date" => "2013-08-21T15:46:56","version" => "1.000015"},{"date" => "2013-08-22T05:59:11","version" => "1.000016"},{"date" => "2013-09-11T01:06:02","version" => "1.000017"},{"date" => "2013-09-11T16:28:24","version" => "1.000018"},{"date" => "2013-10-06T16:50:13","version" => "1.000019"},{"date" => "2014-04-27T20:57:08","version" => "1.000020"},{"date" => "2014-04-29T18:29:51","version" => "1.000021"},{"date" => "2014-04-29T22:06:21","version" => "1.000022"},{"date" => "2014-06-02T02:39:20","version" => "1.000023"},{"date" => "2014-06-03T01:54:30","version" => "1.000024"},{"date" => "2015-01-04T18:57:40","version" => "1.000025"},{"date" => "2015-01-17T19:23:52","version" => "1.000026"},{"date" => "2015-04-11T00:23:53","version" => "1.000027"},{"date" => "2015-09-11T04:25:25","version" => "1.000028"},{"date" => "2015-09-11T16:26:57","version" => "1.000029"},{"date" => "2015-11-20T03:05:34","version" => "1.000030"},{"date" => "2015-11-24T03:59:40","version" => "1.000031"},{"date" => "2016-04-23T22:38:13","version" => "1.000032"},{"date" => "2016-07-24T23:34:48","version" => "1.000033"},{"date" => "2018-07-19T20:31:14","version" => "1.000034"},{"date" => "2019-04-18T02:44:48","version" => "1.000035"},{"date" => "2019-04-18T18:27:14","version" => "1.000036"},{"date" => "2019-09-07T18:34:09","version" => "1.000037"},{"date" => "2023-04-28T11:27:07","version" => "1.000038"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "1.000005_01"}]},"Module-Provision" => {"advisories" => [{"affected_versions" => ["<0.42.1"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Module-Provision","fixed_versions" => [">=0.42.1"],"id" => "CPANSA-Module-Provision-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Module::Provision","versions" => [{"date" => "2013-04-14T19:20:34","version" => "v0.3.43"},{"date" => "2013-04-15T12:46:30","version" => "v0.3.44"},{"date" => "2013-04-15T17:33:39","version" => "v0.3.45"},{"date" => "2013-04-21T16:14:43","version" => "v0.4.47"},{"date" => "2013-04-22T15:09:36","version" => "v0.4.51"},{"date" => "2013-04-24T04:13:42","version" => "v0.6.59"},{"date" => "2013-04-24T23:34:41","version" => "v0.7.4"},{"date" => "2013-04-27T01:18:07","version" => "v0.7.6"},{"date" => "2013-04-27T11:36:59","version" => "v0.7.7"},{"date" => "2013-04-30T22:32:47","version" => "v0.8.3"},{"date" => "2013-05-02T18:45:43","version" => "v0.9.5"},{"date" => "2013-05-04T00:14:46","version" => "v0.10.1"},{"date" => "2013-05-04T20:22:41","version" => "v0.11.1"},{"date" => "2013-05-06T15:08:18","version" => "v0.12.1"},{"date" => "2013-05-08T15:51:41","version" => "v0.12.3"},{"date" => "2013-05-09T23:42:20","version" => "v0.12.5"},{"date" => "2013-05-10T19:29:24","version" => "v0.12.6"},{"date" => "2013-05-11T02:15:00","version" => "v0.13.1"},{"date" => "2013-05-11T13:59:50","version" => "v0.14.2"},{"date" => "2013-05-12T18:03:55","version" => "v0.15.3"},{"date" => "2013-05-14T12:49:37","version" => "v0.15.5"},{"date" => "2013-05-15T17:55:40","version" => "v0.15.6"},{"date" => "2013-05-15T20:59:19","version" => "v0.15.7"},{"date" => "2013-05-16T23:02:48","version" => "v0.15.8"},{"date" => "2013-05-19T12:59:15","version" => "v0.15.9"},{"date" => "2013-06-08T17:12:50","version" => "v0.16.1"},{"date" => "2013-07-28T18:42:27","version" => "v0.17.16"},{"date" => "2013-07-29T16:10:28","version" => "v0.17.17"},{"date" => "2013-07-29T23:51:34","version" => "v0.17.18"},{"date" => "2013-07-30T13:06:37","version" => "v0.17.19"},{"date" => "2013-08-07T17:56:55","version" => "v0.18.0"},{"date" => "2013-08-07T17:58:22","version" => "v0.18.1"},{"date" => "2013-08-08T13:39:44","version" => "v0.18.2"},{"date" => "2013-08-10T08:51:08","version" => "v0.18.3"},{"date" => "2013-08-10T21:18:54","version" => "v0.18.4"},{"date" => "2013-08-17T15:47:30","version" => "0.20.1"},{"date" => "2013-08-21T12:36:06","version" => "0.21.1"},{"date" => "2013-08-21T12:56:35","version" => "0.22.1"},{"date" => "2013-09-14T09:38:12","version" => "0.23.1"},{"date" => "2013-09-16T20:23:50","version" => "0.24.1"},{"date" => "2013-11-23T13:38:55","version" => "0.25.1"},{"date" => "2013-11-25T21:30:21","version" => "0.26.1"},{"date" => "2013-12-11T17:25:32","version" => "0.27.1"},{"date" => "2013-12-12T14:23:50","version" => "0.28.1"},{"date" => "2013-12-12T21:54:50","version" => "0.29.1"},{"date" => "2014-01-24T21:05:50","version" => "0.31.2"},{"date" => "2014-05-01T14:42:10","version" => "0.32.1"},{"date" => "2014-05-15T20:55:59","version" => "0.33.1"},{"date" => "2014-05-19T11:47:05","version" => "0.34.1"},{"date" => "2014-10-28T13:51:21","version" => "0.36.1"},{"date" => "2015-02-11T17:52:30","version" => "0.38.1"},{"date" => "2015-02-11T19:03:04","version" => "0.39.1"},{"date" => "2015-06-08T21:47:29","version" => "0.40.1"},{"date" => "2016-04-04T12:15:12","version" => "0.41.1"},{"date" => "2017-05-08T19:30:17","version" => "0.42.1"}]},"Module-ScanDeps" => {"advisories" => [{"affected_versions" => ["<1.36"],"cves" => ["CVE-2024-10224"],"description" => "Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a \"pesky pipe\" (such as passing \"commands|\" as a filename) or by passing arbitrary strings to eval().\n","distribution" => "Module-ScanDeps","fixed_versions" => [">=1.36"],"id" => "CPANSA-Module-ScanDeps-2024-10224","references" => ["https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529","https://www.cve.org/CVERecord?id=CVE-2024-10224","https://www.qualys.com/2024/11/19/needrestart/needrestart.txt","https://lists.debian.org/debian-lts-announce/2024/11/msg00015.html","https://ubuntu.com/security/CVE-2024-10224"],"reported" => "2024-11-19","severity" => undef}],"main_module" => "Module::ScanDeps","versions" => [{"date" => "2002-11-02T02:07:07","version" => "0.01"},{"date" => "2002-11-02T15:56:27","version" => "0.02"},{"date" => "2002-11-03T19:51:24","version" => "0.03"},{"date" => "2002-11-04T12:01:46","version" => "0.10"},{"date" => "2003-01-18T19:35:58","version" => "0.12"},{"date" => "2003-01-18T21:08:58","version" => "0.13"},{"date" => "2003-01-19T15:48:47","version" => "0.14"},{"date" => "2003-02-25T03:23:37","version" => "0.17"},{"date" => "2003-03-20T11:59:13","version" => "0.18"},{"date" => "2003-03-22T13:20:27","version" => "0.19"},{"date" => "2003-07-30T14:59:45","version" => "0.20"},{"date" => "2003-07-30T15:18:11","version" => "0.21"},{"date" => "2003-08-07T18:41:51","version" => "0.22"},{"date" => "2003-08-08T10:19:27","version" => "0.23"},{"date" => "2003-08-10T05:43:06","version" => "0.24"},{"date" => "2003-08-10T15:46:55","version" => "0.25"},{"date" => "2003-08-16T04:48:20","version" => "0.27"},{"date" => "2003-08-17T19:03:59","version" => "0.28"},{"date" => "2003-09-17T09:18:20","version" => "0.29"},{"date" => "2003-09-20T20:36:32","version" => "0.30"},{"date" => "2003-10-17T22:37:35","version" => "0.31"},{"date" => "2003-10-26T10:53:58","version" => "0.32"},{"date" => "2003-12-21T01:21:51","version" => "0.33"},{"date" => "2003-12-30T02:36:30","version" => "0.34"},{"date" => "2003-12-31T12:02:59","version" => "0.35"},{"date" => "2003-12-31T15:33:07","version" => "0.37"},{"date" => "2004-01-08T11:38:10","version" => "0.38"},{"date" => "2004-01-25T16:28:12","version" => "0.39"},{"date" => "2004-02-23T21:14:41","version" => "0.40"},{"date" => "2004-04-18T16:05:29","version" => "0.41"},{"date" => "2004-04-30T20:02:44","version" => "0.42"},{"date" => "2004-06-02T18:05:32","version" => "0.43"},{"date" => "2004-06-08T19:06:29","version" => "0.44"},{"date" => "2004-06-30T08:03:18","version" => "0.45"},{"date" => "2004-07-02T10:35:16","version" => "0.46"},{"date" => "2004-08-30T22:13:57","version" => "0.47"},{"date" => "2004-09-06T20:56:31","version" => "0.48"},{"date" => "2004-09-26T17:45:11","version" => "0.49"},{"date" => "2004-10-03T17:31:23","version" => "0.50"},{"date" => "2005-01-07T20:57:46","version" => "0.51"},{"date" => "2005-12-12T12:05:41","version" => "0.52"},{"date" => "2006-01-09T18:07:40","version" => "0.53"},{"date" => "2006-01-11T03:19:40","version" => "0.54"},{"date" => "2006-02-17T16:39:23","version" => "0.55"},{"date" => "2006-02-20T15:38:03","version" => "0.56"},{"date" => "2006-03-03T19:30:56","version" => "0.57"},{"date" => "2006-04-16T14:54:53","version" => "0.58"},{"date" => "2006-05-03T09:13:49","version" => "0.59"},{"date" => "2006-05-23T15:29:09","version" => "0.60"},{"date" => "2006-06-30T19:12:26","version" => "0.61"},{"date" => "2006-07-16T09:25:37","version" => "0.62"},{"date" => "2006-08-27T17:26:32","version" => "0.63"},{"date" => "2006-09-23T07:46:41","version" => "0.64"},{"date" => "2006-09-24T07:59:07","version" => "0.64"},{"date" => "2006-09-24T09:03:21","version" => "0.66"},{"date" => "2006-10-24T16:12:59","version" => "0.67"},{"date" => "2006-10-25T19:08:27","version" => "0.68"},{"date" => "2006-11-07T18:16:07","version" => "0.69"},{"date" => "2006-11-21T11:00:52","version" => "0.70"},{"date" => "2007-01-04T19:28:34","version" => "0.71"},{"date" => "2007-02-03T10:40:10","version" => "0.72"},{"date" => "2007-03-25T18:35:04","version" => "0.73"},{"date" => "2007-04-14T09:17:51","version" => "0.73_01"},{"date" => "2007-04-30T18:45:05","version" => "0.74"},{"date" => "2007-06-24T17:25:22","version" => "0.75"},{"date" => "2007-07-21T15:40:54","version" => "0.76"},{"date" => "2007-09-20T17:42:07","version" => "0.77"},{"date" => "2007-11-17T04:18:23","version" => "0.78"},{"date" => "2007-11-30T21:08:01","version" => "0.80"},{"date" => "2007-12-07T13:24:35","version" => "0.81"},{"date" => "2008-01-28T16:33:27","version" => "0.82"},{"date" => "2008-03-22T23:35:16","version" => "0.83"},{"date" => "2008-05-13T14:39:03","version" => "0.84"},{"date" => "2008-10-23T13:17:33","version" => "0.86"},{"date" => "2008-10-28T13:10:35","version" => "0.87"},{"date" => "2008-11-02T16:06:00","version" => "0.83"},{"date" => "2008-11-03T21:38:03","version" => "0.83"},{"date" => "2009-05-09T09:09:37","version" => "0.90"},{"date" => "2009-06-22T20:07:07","version" => "0.91"},{"date" => "2009-07-19T08:55:54","version" => "0.92"},{"date" => "2009-07-19T09:51:33","version" => "0.93"},{"date" => "2009-08-10T18:32:02","version" => "0.94"},{"date" => "2009-09-16T09:14:53","version" => "0.95"},{"date" => "2009-11-13T10:36:02","version" => "0.96"},{"date" => "2010-04-10T15:20:47","version" => "0.97"},{"date" => "2010-07-26T19:24:02","version" => "0.98"},{"date" => "2011-02-19T16:00:01","version" => "1.00"},{"date" => "2011-03-26T12:51:17","version" => "1.01"},{"date" => "2011-04-03T19:59:22","version" => "1.02"},{"date" => "2011-07-18T21:29:19","version" => "1.03"},{"date" => "2011-07-21T09:09:46","version" => "1.04"},{"date" => "2011-11-02T18:31:39","version" => "1.05"},{"date" => "2011-11-28T15:50:49","version" => "1.06"},{"date" => "2011-11-29T18:02:00","version" => "1.07"},{"date" => "2012-02-21T16:07:41","version" => "1.08"},{"date" => "2012-09-09T11:14:11","version" => "1.09"},{"date" => "2012-10-20T14:15:34","version" => "1.10"},{"date" => "2013-09-28T10:27:58","version" => "1.11"},{"date" => "2013-12-01T14:49:13","version" => "1.12"},{"date" => "2013-12-21T12:07:54","version" => "1.13"},{"date" => "2014-08-03T11:34:45","version" => "1.14"},{"date" => "2014-08-23T15:39:26","version" => "1.15"},{"date" => "2014-09-28T16:17:32","version" => "1.16"},{"date" => "2014-10-31T11:13:34","version" => "1.17"},{"date" => "2015-01-19T21:56:34","version" => "1.18"},{"date" => "2015-05-27T08:53:42","version" => "1.19"},{"date" => "2015-10-04T13:18:36","version" => "1.20"},{"date" => "2016-04-05T10:11:15","version" => "1.21"},{"date" => "2016-09-17T20:57:48","version" => "1.22"},{"date" => "2016-11-16T19:46:41","version" => "1.23"},{"date" => "2017-06-28T17:13:27","version" => "1.24"},{"date" => "2018-08-17T22:21:56","version" => "1.25"},{"date" => "2018-12-12T17:38:39","version" => "1.26"},{"date" => "2018-12-13T17:16:52","version" => "1.26_001"},{"date" => "2019-01-15T20:08:40","version" => "1.27"},{"date" => "2020-08-06T08:02:24","version" => "1.28"},{"date" => "2020-08-16T12:35:20","version" => "1.29"},{"date" => "2021-01-13T15:02:27","version" => "1.30"},{"date" => "2021-04-21T14:17:01","version" => "1.31"},{"date" => "2023-06-14T09:30:00","version" => "1.31_001"},{"date" => "2023-06-15T11:55:12","version" => "1.31_002"},{"date" => "2023-06-16T09:04:27","version" => "1.31_003"},{"date" => "2023-06-18T10:34:43","version" => "1.31_004"},{"date" => "2023-07-05T15:58:09","version" => "1.32"},{"date" => "2023-08-04T15:50:23","version" => "1.33"},{"date" => "2023-09-24T15:21:05","version" => "1.34"},{"date" => "2023-11-05T12:46:38","version" => "1.35"},{"date" => "2024-11-19T16:12:58","version" => "1.37"}]},"Module-Signature" => {"advisories" => [{"affected_versions" => ["<0.72"],"cves" => ["CVE-2013-2145"],"description" => "The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a \"special unknown cipher\" that references an untrusted module in Digest/.\n","distribution" => "Module-Signature","fixed_versions" => [">=0.72"],"id" => "CPANSA-Module-Signature-2013-01","references" => ["https://metacpan.org/changes/distribution/Module-Signature"],"reported" => "2013-08-19"}],"main_module" => "Module::Signature","versions" => [{"date" => "2002-08-13T14:04:00","version" => "0.02"},{"date" => "2002-08-13T15:48:18","version" => "0.03"},{"date" => "2002-08-14T08:03:45","version" => "0.04"},{"date" => "2002-08-14T09:28:41","version" => "0.05"},{"date" => "2002-10-10T15:22:33","version" => "0.06"},{"date" => "2002-10-11T04:16:01","version" => "0.07"},{"date" => "2002-10-11T19:32:19","version" => "0.08"},{"date" => "2002-10-12T10:33:29","version" => "0.09"},{"date" => "2002-10-12T11:10:21","version" => "0.10"},{"date" => "2002-10-12T19:23:48","version" => "0.11"},{"date" => "2002-10-12T22:55:54","version" => "0.12"},{"date" => "2002-10-13T05:22:45","version" => "0.13"},{"date" => "2002-10-17T06:14:07","version" => "0.14"},{"date" => "2002-10-17T22:01:57","version" => "0.15"},{"date" => "2002-10-28T23:37:00","version" => "0.16"},{"date" => "2002-10-30T07:05:06","version" => "0.17"},{"date" => "2002-11-04T15:08:41","version" => "0.18"},{"date" => "2002-11-04T15:13:45","version" => "0.19"},{"date" => "2002-11-04T15:24:41","version" => "0.20"},{"date" => "2002-11-22T10:28:48","version" => "0.21"},{"date" => "2003-05-15T18:44:28","version" => "0.23"},{"date" => "2003-07-08T02:49:57","version" => "0.24"},{"date" => "2003-07-16T06:31:58","version" => "0.25"},{"date" => "2003-07-17T14:03:19","version" => "0.26"},{"date" => "2003-07-28T14:31:54","version" => "0.27"},{"date" => "2003-07-29T15:30:55","version" => "0.28"},{"date" => "2003-08-08T02:54:01","version" => "0.29"},{"date" => "2003-08-10T13:35:38","version" => "0.30"},{"date" => "2003-08-10T17:17:19","version" => "0.31"},{"date" => "2003-08-11T09:15:13","version" => "0.32"},{"date" => "2003-08-12T04:11:59","version" => "0.33"},{"date" => "2003-08-18T15:32:45","version" => "0.34"},{"date" => "2003-08-27T07:08:31","version" => "0.35"},{"date" => "2003-10-28T04:22:56","version" => "0.36"},{"date" => "2003-11-06T10:55:07","version" => "0.37"},{"date" => "2004-01-01T10:14:15","version" => "0.38"},{"date" => "2004-06-17T15:17:14","version" => "0.39"},{"date" => "2004-07-01T12:18:17","version" => "0.40"},{"date" => "2004-07-04T08:19:11","version" => "0.41"},{"date" => "2004-11-20T06:19:22","version" => "0.42"},{"date" => "2004-12-16T06:45:55","version" => "0.43"},{"date" => "2004-12-16T07:17:30","version" => "0.44"},{"date" => "2005-08-09T04:23:46","version" => "0.45"},{"date" => "2005-08-21T08:16:22","version" => "0.50"},{"date" => "2006-01-01T18:41:57","version" => "0.51"},{"date" => "2006-01-18T16:32:37","version" => "0.52"},{"date" => "2006-01-31T05:02:24","version" => "0.53"},{"date" => "2006-05-11T17:12:46","version" => "0.54"},{"date" => "2006-07-30T01:15:07","version" => "0.55"},{"date" => "2009-11-16T14:59:35","version" => "0.60"},{"date" => "2009-11-18T16:58:07","version" => "0.61"},{"date" => "2010-03-23T21:21:37","version" => "0.62"},{"date" => "2010-03-28T02:49:21","version" => "0.62"},{"date" => "2010-05-08T22:55:43","version" => "0.62"},{"date" => "2010-09-03T19:55:36","version" => "0.65"},{"date" => "2010-09-06T20:58:24","version" => "0.66"},{"date" => "2011-04-17T15:09:22","version" => "0.67"},{"date" => "2011-05-13T09:55:20","version" => "0.68"},{"date" => "2012-11-02T15:20:28","version" => "0.69"},{"date" => "2012-11-28T17:49:21","version" => "0.70"},{"date" => "2013-06-04T10:29:18","version" => "0.71"},{"date" => "2013-06-05T15:21:34","version" => "0.72"},{"date" => "2013-06-05T20:57:10","version" => "0.73"},{"date" => "2015-04-06T18:39:32","version" => "0.74"},{"date" => "2015-04-06T20:58:34","version" => "0.75"},{"date" => "2015-04-08T10:13:11","version" => "0.76"},{"date" => "2015-04-08T11:47:26","version" => "0.77"},{"date" => "2015-04-09T09:00:30","version" => "0.78"},{"date" => "2015-05-18T15:18:02","version" => "0.79"},{"date" => "2016-06-07T06:36:30","version" => "0.80"},{"date" => "2016-09-05T06:41:06","version" => "0.81"},{"date" => "2018-08-26T15:19:13","version" => "0.81"},{"date" => "2018-08-29T08:35:25","version" => "0.83"},{"date" => "2020-06-25T13:01:10","version" => "0.84"},{"date" => "2020-06-25T13:10:23","version" => "0.86"},{"date" => "2020-07-04T07:16:32","version" => "0.87"},{"date" => "2021-12-18T03:39:32","version" => "0.87"},{"date" => "2024-09-14T13:57:16","version" => "0.89"},{"date" => "2024-09-15T22:11:10","version" => "0.89"},{"date" => "2025-06-12T01:04:46","version" => "0.90"},{"date" => "2025-06-12T20:20:16","version" => "0.90"},{"date" => "2025-06-24T15:20:35","version" => "0.91"},{"date" => "2025-06-25T17:30:52","version" => "0.92"},{"date" => "2025-06-27T19:39:37","version" => "0.93"}]},"Mojo-DOM-Role-Analyzer" => {"advisories" => [{"affected_versions" => ["<=0.015"],"cves" => ["CVE-2024-38526"],"description" => "pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.\n","distribution" => "Mojo-DOM-Role-Analyzer","embedded_vulnerability" => {"distributed_version" => undef,"name" => "polyfill.io"},"fixed_versions" => [],"id" => "CPANSA-Mojo-DOM-Role-Analyzer-2024-38526","references" => ["https://github.com/mitmproxy/pdoc/pull/703","https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62","https://sansec.io/research/polyfill-supply-chain-attack","https://github.com/briandfoy/cpan-security-advisory/issues/155","https://github.com/sdondley/Mojo-DOM-Role-Analyzer/issues/10","https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/"],"reported" => "2024-06-26","severity" => undef}],"main_module" => "Mojo::DOM::Role::Analyzer","versions" => [{"date" => "2020-08-04T22:48:59","version" => "0.007"},{"date" => "2020-08-05T13:43:47","version" => "0.008"},{"date" => "2020-08-06T02:47:29","version" => "0.009"},{"date" => "2020-08-08T13:39:18","version" => "0.010"},{"date" => "2020-08-09T13:43:20","version" => "0.011"},{"date" => "2020-08-09T23:37:24","version" => "0.012"},{"date" => "2020-08-12T03:21:57","version" => "0.013"},{"date" => "2020-08-13T21:09:19","version" => "0.014"},{"date" => "2020-08-16T15:39:17","version" => "0.015"}]},"MojoMojo" => {"advisories" => [{"affected_versions" => ["<0.999033"],"cves" => [],"description" => "Anonymous users can delete attachments.\n","distribution" => "MojoMojo","fixed_versions" => [">=0.999033"],"id" => "CPANSA-MojoMojo-2009-01","references" => ["https://metacpan.org/changes/distribution/MojoMojo","https://github.com/mojomojo/mojomojo/commit/a9b9fd4f4f037627d30f3cbaa10abe42a3439637"],"reported" => "2009-08-14"}],"main_module" => "MojoMojo","versions" => [{"date" => "2007-08-29T14:32:52","version" => "0.05"},{"date" => "2007-09-12T21:46:24","version" => "0.05"},{"date" => "2007-09-13T11:28:37","version" => "0.05"},{"date" => "2007-09-18T07:33:43","version" => "0.999004"},{"date" => "2007-09-18T08:02:02","version" => "0.999005"},{"date" => "2007-09-19T20:59:39","version" => "0.999006"},{"date" => "2007-09-23T23:30:59","version" => "0.999007"},{"date" => "2007-11-12T22:25:35","version" => "0.999008"},{"date" => "2008-01-20T23:15:07","version" => "0.999010"},{"date" => "2008-01-23T23:00:05","version" => "0.999011"},{"date" => "2008-02-05T23:20:47","version" => "0.999012"},{"date" => "2008-03-05T00:34:49","version" => "0.999013"},{"date" => "2008-05-02T18:11:49","version" => "0.999014"},{"date" => "2008-05-03T16:10:08","version" => "0.999015"},{"date" => "2008-06-29T13:03:39","version" => "0.999016"},{"date" => "2008-07-09T14:26:56","version" => "0.999017"},{"date" => "2008-07-16T19:26:46","version" => "0.999018"},{"date" => "2008-07-19T21:33:36","version" => "0.999018"},{"date" => "2008-07-29T16:25:08","version" => "0.999018"},{"date" => "2008-11-01T01:04:37","version" => "0.999021"},{"date" => "2008-11-15T09:09:37","version" => "0.999022"},{"date" => "2008-11-23T16:45:05","version" => "0.999023"},{"date" => "2008-12-31T17:53:50","version" => "0.999024"},{"date" => "2009-01-04T22:51:40","version" => "0.999025"},{"date" => "2009-01-07T23:28:15","version" => "0.999026"},{"date" => "2009-01-30T23:29:25","version" => "0.999027"},{"date" => "2009-04-23T10:06:20","version" => "0.999028"},{"date" => "2009-05-09T23:21:10","version" => "0.999029"},{"date" => "2009-07-18T19:39:14","version" => "0.999030"},{"date" => "2009-07-26T19:39:37","version" => "0.999031"},{"date" => "2009-08-02T21:28:51","version" => "0.999032"},{"date" => "2009-08-14T12:50:18","version" => "0.999033"},{"date" => "2009-09-04T18:27:34","version" => "0.999040"},{"date" => "2009-10-26T16:07:25","version" => "0.999041"},{"date" => "2009-12-02T08:22:24","version" => "0.999042"},{"date" => "2010-05-11T22:58:19","version" => "1.00"},{"date" => "2010-05-27T07:44:39","version" => "1.01"},{"date" => "2010-08-30T21:24:41","version" => "1.02"},{"date" => "2011-01-13T12:48:10","version" => "1.03"},{"date" => "2011-03-12T23:37:45","version" => "1.04"},{"date" => "2011-09-14T10:09:05","version" => "1.05"},{"date" => "2012-08-07T10:39:42","version" => "1.06"},{"date" => "2012-11-12T23:30:00","version" => "1.07"},{"date" => "2013-01-06T07:46:41","version" => "1.08"},{"date" => "2013-01-25T16:06:42","version" => "1.09"},{"date" => "2013-05-12T22:59:03","version" => "1.10"},{"date" => "2014-12-25T17:13:24","version" => "1.11"},{"date" => "2017-05-13T13:47:52","version" => "1.12"}]},"Mojolicious" => {"advisories" => [{"affected_versions" => ["<9.31"],"cves" => [],"description" => "Mojo::DOM did not correctly parse <script> tags.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.31"],"id" => "CPANSA-Mojolicious-2022-03","references" => ["https://github.com/mojolicious/mojo/commit/6f195d85db6756022d3599f7d2634975688c9550","https://github.com/mojolicious/mojo/issues/2014","https://github.com/mojolicious/mojo/issues/2015"],"reported" => "2022-12-10","severity" => undef},{"affected_versions" => ["<9.19"],"cves" => [],"description" => "Small sessions could be used as part of a brute-force attack to decode the session secret.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.91"],"id" => "CPANSA-Mojolicious-2021-02","references" => ["https://github.com/mojolicious/mojo/pull/1791"],"reported" => "2021-06-01","severity" => undef},{"affected_versions" => ["<9.11"],"cves" => ["CVE-2021-47208"],"description" => "A bug in format detection can potentially be exploited for a DoS attack.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.11"],"id" => "CPANSA-Mojolicious-2021-01","references" => ["https://github.com/mojolicious/mojo/issues/1736","https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c"],"reported" => "2021-03-16","severity" => undef},{"affected_versions" => [">1.74,<8.65"],"cves" => ["CVE-2020-36829"],"description" => "Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.\n","distribution" => "Mojolicious","fixed_versions" => [">=8.65"],"id" => "CPANSA-Mojolicious-2020-01","references" => ["https://github.com/mojolicious/mojo/pull/1601"],"reported" => "2020-11-10","reviewed_by" => [{"date" => "2022-06-22","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => [">7.83,<7.92"],"cves" => [],"description" => "This release reverts the addition of stream classes (added in 7.83), which have unfortunately resulted in many Mojolicious applications becoming unstable. While there are no known exploits yet, we've chosen to err on the side of cautiousness and will classify this as a security issue.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.92"],"id" => "CPANSA-Mojolicious-2018-04","references" => ["https://github.com/mojolicious/mojo/commit/61f6cbf22c7bf8eb4787bd1014d91ee2416c73e7"],"reported" => "2018-08-09","severity" => "critical"},{"affected_versions" => ["<7.80"],"cves" => [],"description" => "Mojo::UserAgent was not checking peer SSL certificates by default.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.80"],"id" => "CPANSA-Mojolicious-2018-03","references" => ["https://github.com/mojolicious/mojo/pull/1226","https://github.com/mojolicious/mojo/commit/d3cbbad890673612fdbdea63fdd522b516f6104c"],"reported" => "2018-05-19","severity" => "high"},{"affected_versions" => ["<7.78"],"cves" => [],"description" => "GET requests with embedded backslashes can be used to access local files on Windows hosts\n","distribution" => "Mojolicious","fixed_versions" => [">=7.78"],"id" => "CPANSA-Mojolicious-2018-02","references" => ["https://github.com/mojolicious/mojo/pull/1217","https://github.com/mojolicious/mojo/commit/23ebe051d9378f0f122e3c908845fc0c2cae0106"],"reported" => "2018-05-11","severity" => "critical"},{"affected_versions" => ["<7.66"],"cves" => ["CVE-2018-25100"],"description" => "Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.66"],"id" => "CPANSA-Mojolicious-2018-01","references" => ["https://github.com/mojolicious/mojo/pull/1192","https://github.com/mojolicious/mojo/issues/1185","https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149"],"reported" => "2018-02-13","severity" => "minor"},{"affected_versions" => ["<5.76"],"cves" => [],"description" => "Directory traversal on Windows\n","distribution" => "Mojolicious","fixed_versions" => [">=5.76"],"id" => "CPANSA-Mojolicious-2015-01","references" => ["https://github.com/mojolicious/mojo/issues/738","https://github.com/mojolicious/mojo/commit/9ffa38fca73a9ddee91cbc70e0696268d500edde"],"reported" => "2015-02-02","severity" => "critical"},{"affected_versions" => ["<5.48"],"cves" => [],"description" => "Context sensitivity of method param could lead to parameter injection attacks.\n","distribution" => "Mojolicious","fixed_versions" => [">=5.48"],"id" => "CPANSA-Mojolicious-2014-01","references" => ["https://github.com/mojolicious/mojo/commit/a815d4797145f872ef6e9f1270841eda1d410afb"],"reported" => "2014-10-07","severity" => "high"},{"affected_versions" => ["<1.16"],"cves" => ["CVE-2011-1589"],"description" => "Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.16"],"id" => "CPANSA-Mojolicious-2011-02","references" => ["https://github.com/mojolicious/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818","https://www.cvedetails.com/cve/CVE-2011-1589/"],"reported" => "2011-04-05","severity" => "critical"},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2011-1841"],"description" => "Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.12"],"id" => "CPANSA-Mojolicious-2011-01","references" => ["https://exchange.xforce.ibmcloud.com/vulnerabilities/67257","https://www.debian.org/security/2011/dsa-2239","https://github.com/mojolicious/mojo/commit/f6801ef7be8c78092e38f870b19fae3da0899d60"],"reported" => "2011-03-10","severity" => "high"},{"affected_versions" => ["<0.999927"],"cves" => ["CVE-2010-4803"],"description" => "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=0.999927"],"id" => "CPANSA-Mojolicious-2010-4803","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952","http://www.debian.org/security/2011/dsa-2239"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<0.999928"],"cves" => ["CVE-2010-4802"],"description" => "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=0.999928"],"id" => "CPANSA-Mojolicious-2010-4802","references" => ["https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952","https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44","http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://www.debian.org/security/2011/dsa-2239"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2011-1841"],"description" => "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.12"],"id" => "CPANSA-Mojolicious-2011-1841","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html","http://www.debian.org/security/2011/dsa-2239","http://www.securityfocus.com/bid/47713","https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<0.991250"],"cves" => ["CVE-2009-5074"],"description" => "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">0.991250"],"id" => "CPANSA-Mojolicious-2009-5074","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => [">=0.999922"],"cves" => ["CVE-2024-58134"],"description" => "Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.  These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.","distribution" => "Mojolicious","fixed_versions" => [],"id" => "CPANSA-Mojolicious-2024-58134","references" => ["https://github.com/hashcat/hashcat/pull/4090","https://github.com/mojolicious/mojo/pull/1791","https://github.com/mojolicious/mojo/pull/2200","https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802","https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51","https://www.synacktiv.com/publications/baking-mojolicious-cookies","https://www.cve.org/CVERecord?id=CVE-2024-58134"],"reported" => "2025-05-03","severity" => undef},{"affected_versions" => [">=7.28"],"comment" => "Mojolicious will use CryptX if it is installed, but it falls back to the default behavior otherwise","cves" => ["CVE-2024-58135"],"description" => "Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets.  When creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.","distribution" => "Mojolicious","fixed_versions" => [],"id" => "CPANSA-Mojolicious-2024-58135","references" => ["https://github.com/hashcat/hashcat/pull/4090","https://github.com/mojolicious/mojo/pull/2200","https://metacpan.org/release/SRI/Mojolicious-7.28/source/lib/Mojolicious/Command/generate/app.pm#L220","https://metacpan.org/release/SRI/Mojolicious-9.38/source/lib/Mojolicious/Command/Author/generate/app.pm#L202","https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojo/Util.pm#L181","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-05-03","severity" => undef}],"main_module" => "Mojolicious","versions" => [{"date" => "2010-02-11T02:04:14","version" => "0.999920"},{"date" => "2010-02-11T02:55:03","version" => "0.999921"},{"date" => "2010-02-26T18:50:34","version" => "0.999922"},{"date" => "2010-03-08T20:03:52","version" => "0.999923"},{"date" => "2010-03-20T22:56:55","version" => "0.999924"},{"date" => "2010-06-07T22:33:12","version" => "0.999925"},{"date" => "2010-06-11T10:33:01","version" => "0.999926"},{"date" => "2010-08-15T13:48:19","version" => "0.999927"},{"date" => "2010-08-17T17:41:47","version" => "0.999928"},{"date" => "2010-08-17T17:54:45","version" => "0.999929"},{"date" => "2010-10-19T13:57:49","version" => "0.999930"},{"date" => "2010-10-26T04:44:54","version" => "0.999931"},{"date" => "2010-10-30T00:54:42","version" => "0.999932"},{"date" => "2010-10-30T19:46:09","version" => "0.999933"},{"date" => "2010-11-01T00:33:14","version" => "0.999934"},{"date" => "2010-11-03T20:34:11","version" => "0.999935"},{"date" => "2010-11-04T23:48:46","version" => "0.999936"},{"date" => "2010-11-09T20:13:52","version" => "0.999937"},{"date" => "2010-11-09T21:24:17","version" => "0.999938"},{"date" => "2010-11-15T17:56:49","version" => "0.999939"},{"date" => "2010-11-15T23:18:40","version" => "0.999940"},{"date" => "2010-11-19T14:22:51","version" => "0.999941"},{"date" => "2010-12-01T18:57:50","version" => "0.999950"},{"date" => "2010-12-26T14:55:33","version" => "1.0"},{"date" => "2011-01-06T12:00:46","version" => "1.01"},{"date" => "2011-02-14T03:22:27","version" => "1.1"},{"date" => "2011-02-18T17:07:03","version" => "1.11"},{"date" => "2011-03-10T10:05:32","version" => "1.12"},{"date" => "2011-03-14T11:58:23","version" => "1.13"},{"date" => "2011-03-17T13:24:28","version" => "1.14"},{"date" => "2011-03-18T18:31:34","version" => "1.15"},{"date" => "2011-04-15T09:07:17","version" => "1.16"},{"date" => "2011-04-18T21:49:07","version" => "1.17"},{"date" => "2011-04-19T21:03:20","version" => "1.18"},{"date" => "2011-04-19T22:17:44","version" => "1.19"},{"date" => "2011-04-20T10:39:46","version" => "1.20"},{"date" => "2011-04-20T15:29:17","version" => "1.21"},{"date" => "2011-05-02T07:00:00","version" => "1.22"},{"date" => "2011-05-08T17:00:10","version" => "1.31"},{"date" => "2011-05-11T13:29:59","version" => "1.32"},{"date" => "2011-05-20T12:32:57","version" => "1.33"},{"date" => "2011-05-22T13:20:40","version" => "1.34"},{"date" => "2011-06-02T09:03:36","version" => "1.4"},{"date" => "2011-06-03T10:12:43","version" => "1.41"},{"date" => "2011-06-09T14:12:56","version" => "1.42"},{"date" => "2011-06-13T14:05:24","version" => "1.43"},{"date" => "2011-06-18T18:14:22","version" => "1.44"},{"date" => "2011-06-20T00:25:16","version" => "1.45"},{"date" => "2011-06-21T04:56:47","version" => "1.46"},{"date" => "2011-06-22T13:03:42","version" => "1.47"},{"date" => "2011-06-24T12:01:47","version" => "1.48"},{"date" => "2011-06-30T15:18:18","version" => "1.49"},{"date" => "2011-07-01T10:26:00","version" => "1.50"},{"date" => "2011-07-01T13:59:47","version" => "1.51"},{"date" => "2011-07-01T17:48:50","version" => "1.52"},{"date" => "2011-07-02T11:48:49","version" => "1.53"},{"date" => "2011-07-03T18:04:37","version" => "1.54"},{"date" => "2011-07-04T21:23:51","version" => "1.55"},{"date" => "2011-07-05T20:49:36","version" => "1.56"},{"date" => "2011-07-07T02:00:07","version" => "1.57"},{"date" => "2011-07-07T19:52:59","version" => "1.58"},{"date" => "2011-07-08T04:58:56","version" => "1.59"},{"date" => "2011-07-08T20:44:55","version" => "1.60"},{"date" => "2011-07-09T19:36:58","version" => "1.61"},{"date" => "2011-07-10T00:40:32","version" => "1.62"},{"date" => "2011-07-10T03:19:49","version" => "1.63"},{"date" => "2011-07-10T05:51:47","version" => "1.64"},{"date" => "2011-07-25T18:13:25","version" => "1.65"},{"date" => "2011-07-26T23:14:38","version" => "1.66"},{"date" => "2011-07-27T13:57:06","version" => "1.67"},{"date" => "2011-07-29T18:39:20","version" => "1.68"},{"date" => "2011-08-03T14:32:24","version" => "1.69"},{"date" => "2011-08-04T15:34:41","version" => "1.70"},{"date" => "2011-08-05T04:01:50","version" => "1.71"},{"date" => "2011-08-05T20:07:50","version" => "1.72"},{"date" => "2011-08-09T10:07:19","version" => "1.73"},{"date" => "2011-08-09T12:09:49","version" => "1.74"},{"date" => "2011-08-12T13:14:07","version" => "1.75"},{"date" => "2011-08-12T14:54:00","version" => "1.76"},{"date" => "2011-08-14T20:48:58","version" => "1.77"},{"date" => "2011-08-16T13:22:48","version" => "1.78"},{"date" => "2011-08-17T17:43:58","version" => "1.79"},{"date" => "2011-08-17T19:08:11","version" => "1.80"},{"date" => "2011-08-19T02:48:39","version" => "1.81"},{"date" => "2011-08-19T04:55:49","version" => "1.82"},{"date" => "2011-08-19T05:21:15","version" => "1.83"},{"date" => "2011-08-19T18:08:30","version" => "1.84"},{"date" => "2011-08-20T00:19:42","version" => "1.85"},{"date" => "2011-08-21T18:59:13","version" => "1.86"},{"date" => "2011-08-23T00:49:19","version" => "1.87"},{"date" => "2011-08-23T19:20:37","version" => "1.88"},{"date" => "2011-08-23T21:15:42","version" => "1.89"},{"date" => "2011-08-24T19:01:47","version" => "1.90"},{"date" => "2011-08-25T05:54:05","version" => "1.91"},{"date" => "2011-08-26T00:47:54","version" => "1.92"},{"date" => "2011-08-27T09:11:59","version" => "1.93"},{"date" => "2011-08-27T10:52:14","version" => "1.94"},{"date" => "2011-09-01T20:50:35","version" => "1.95"},{"date" => "2011-09-01T22:42:14","version" => "1.96"},{"date" => "2011-09-03T10:32:15","version" => "1.97"},{"date" => "2011-09-14T18:21:20","version" => "1.98"},{"date" => "2011-09-29T08:27:22","version" => "1.99"},{"date" => "2011-10-17T16:25:55","version" => "2.0"},{"date" => "2011-10-19T12:49:44","version" => "2.01"},{"date" => "2011-10-19T23:41:41","version" => "2.02"},{"date" => "2011-10-20T12:24:36","version" => "2.03"},{"date" => "2011-10-21T15:37:59","version" => "2.04"},{"date" => "2011-10-22T16:36:22","version" => "2.05"},{"date" => "2011-10-22T21:44:31","version" => "2.06"},{"date" => "2011-10-23T00:39:23","version" => "2.07"},{"date" => "2011-10-23T01:30:44","version" => "2.08"},{"date" => "2011-10-23T02:13:30","version" => "2.09"},{"date" => "2011-10-25T02:22:41","version" => "2.10"},{"date" => "2011-10-25T18:47:46","version" => "2.11"},{"date" => "2011-10-27T01:54:39","version" => "2.12"},{"date" => "2011-10-27T19:15:21","version" => "2.13"},{"date" => "2011-10-28T20:28:23","version" => "2.14"},{"date" => "2011-10-29T04:29:30","version" => "2.15"},{"date" => "2011-10-29T20:52:07","version" => "2.16"},{"date" => "2011-10-30T00:55:35","version" => "2.17"},{"date" => "2011-10-30T18:03:30","version" => "2.18"},{"date" => "2011-10-31T09:07:02","version" => "2.19"},{"date" => "2011-11-01T00:40:20","version" => "2.20"},{"date" => "2011-11-02T01:29:01","version" => "2.21"},{"date" => "2011-11-03T15:21:43","version" => "2.22"},{"date" => "2011-11-04T18:45:33","version" => "2.23"},{"date" => "2011-11-05T16:16:00","version" => "2.24"},{"date" => "2011-11-08T21:13:48","version" => "2.25"},{"date" => "2011-11-10T16:53:32","version" => "2.26"},{"date" => "2011-11-16T20:59:52","version" => "2.27"},{"date" => "2011-11-17T23:44:36","version" => "2.28"},{"date" => "2011-11-19T20:10:28","version" => "2.29"},{"date" => "2011-11-20T00:19:04","version" => "2.30"},{"date" => "2011-11-20T22:25:03","version" => "2.31"},{"date" => "2011-11-24T10:31:31","version" => "2.32"},{"date" => "2011-11-28T12:32:13","version" => "2.33"},{"date" => "2011-11-28T14:02:31","version" => "2.34"},{"date" => "2011-12-01T14:19:35","version" => "2.35"},{"date" => "2011-12-05T10:52:35","version" => "2.36"},{"date" => "2011-12-10T18:18:16","version" => "2.37"},{"date" => "2011-12-17T12:03:38","version" => "2.38"},{"date" => "2011-12-22T12:31:43","version" => "2.39"},{"date" => "2011-12-24T13:04:21","version" => "2.40"},{"date" => "2011-12-28T16:09:18","version" => "2.41"},{"date" => "2012-01-02T17:15:52","version" => "2.42"},{"date" => "2012-01-08T03:43:27","version" => "2.43"},{"date" => "2012-01-17T23:21:12","version" => "2.44"},{"date" => "2012-01-18T15:23:03","version" => "2.45"},{"date" => "2012-01-25T18:20:48","version" => "2.46"},{"date" => "2012-02-06T16:28:27","version" => "2.47"},{"date" => "2012-02-09T07:04:28","version" => "2.48"},{"date" => "2012-02-13T19:45:00","version" => "2.49"},{"date" => "2012-02-18T01:18:38","version" => "2.50"},{"date" => "2012-02-19T12:32:58","version" => "2.51"},{"date" => "2012-02-24T15:01:33","version" => "2.52"},{"date" => "2012-02-25T05:53:29","version" => "2.53"},{"date" => "2012-02-27T15:31:19","version" => "2.54"},{"date" => "2012-02-27T19:26:41","version" => "2.55"},{"date" => "2012-03-01T21:07:06","version" => "2.56"},{"date" => "2012-03-03T22:01:50","version" => "2.57"},{"date" => "2012-03-09T18:38:46","version" => "2.58"},{"date" => "2012-03-09T19:02:23","version" => "2.59"},{"date" => "2012-03-13T16:50:25","version" => "2.60"},{"date" => "2012-03-14T00:41:48","version" => "2.61"},{"date" => "2012-03-17T09:05:12","version" => "2.62"},{"date" => "2012-03-20T18:39:51","version" => "2.63"},{"date" => "2012-03-21T01:23:59","version" => "2.64"},{"date" => "2012-03-22T22:06:10","version" => "2.65"},{"date" => "2012-03-23T16:16:55","version" => "2.66"},{"date" => "2012-03-24T14:29:35","version" => "2.67"},{"date" => "2012-03-24T14:59:52","version" => "2.68"},{"date" => "2012-03-27T12:53:44","version" => "2.69"},{"date" => "2012-03-30T21:24:44","version" => "2.70"},{"date" => "2012-04-03T01:46:31","version" => "2.71"},{"date" => "2012-04-03T13:16:07","version" => "2.72"},{"date" => "2012-04-03T17:10:05","version" => "2.73"},{"date" => "2012-04-03T22:33:05","version" => "2.74"},{"date" => "2012-04-05T01:57:10","version" => "2.75"},{"date" => "2012-04-05T03:52:05","version" => "2.76"},{"date" => "2012-04-09T12:36:15","version" => "2.77"},{"date" => "2012-04-09T18:54:51","version" => "2.78"},{"date" => "2012-04-10T10:58:23","version" => "2.79"},{"date" => "2012-04-10T14:25:57","version" => "2.80"},{"date" => "2012-04-15T18:49:31","version" => "2.81"},{"date" => "2012-04-16T21:09:32","version" => "2.82"},{"date" => "2012-04-18T18:51:37","version" => "2.83"},{"date" => "2012-04-18T21:29:14","version" => "2.84"},{"date" => "2012-04-19T15:37:54","version" => "2.85"},{"date" => "2012-04-23T12:21:14","version" => "2.86"},{"date" => "2012-04-23T14:19:09","version" => "2.87"},{"date" => "2012-04-24T02:15:58","version" => "2.88"},{"date" => "2012-04-24T20:08:49","version" => "2.89"},{"date" => "2012-04-25T11:35:38","version" => "2.90"},{"date" => "2012-04-26T19:20:37","version" => "2.91"},{"date" => "2012-04-30T16:50:01","version" => "2.92"},{"date" => "2012-05-05T22:00:26","version" => "2.93"},{"date" => "2012-05-10T03:49:57","version" => "2.94"},{"date" => "2012-05-10T20:08:54","version" => "2.95"},{"date" => "2012-05-21T08:26:37","version" => "2.96"},{"date" => "2012-05-28T12:11:13","version" => "2.97"},{"date" => "2012-05-30T18:21:26","version" => "2.98"},{"date" => "2012-06-26T06:45:51","version" => "3.0"},{"date" => "2012-07-01T10:00:07","version" => "3.01"},{"date" => "2012-07-03T19:21:54","version" => "3.02"},{"date" => "2012-07-06T21:17:36","version" => "3.03"},{"date" => "2012-07-07T11:29:24","version" => "3.04"},{"date" => "2012-07-07T21:49:48","version" => "3.05"},{"date" => "2012-07-11T17:27:01","version" => "3.06"},{"date" => "2012-07-13T00:25:44","version" => "3.07"},{"date" => "2012-07-13T21:53:56","version" => "3.08"},{"date" => "2012-07-16T19:46:15","version" => "3.09"},{"date" => "2012-07-16T20:00:50","version" => "3.10"},{"date" => "2012-07-19T01:44:35","version" => "3.11"},{"date" => "2012-07-20T12:30:03","version" => "3.12"},{"date" => "2012-07-24T17:03:04","version" => "3.13"},{"date" => "2012-07-27T11:05:47","version" => "3.14"},{"date" => "2012-07-28T11:32:31","version" => "3.15"},{"date" => "2012-07-31T18:55:11","version" => "3.16"},{"date" => "2012-08-01T00:38:50","version" => "3.17"},{"date" => "2012-08-01T19:15:21","version" => "3.18"},{"date" => "2012-08-02T15:40:34","version" => "3.19"},{"date" => "2012-08-03T23:32:38","version" => "3.20"},{"date" => "2012-08-05T22:32:21","version" => "3.21"},{"date" => "2012-08-06T19:53:03","version" => "3.22"},{"date" => "2012-08-07T03:37:26","version" => "3.23"},{"date" => "2012-08-07T20:56:45","version" => "3.24"},{"date" => "2012-08-08T00:31:31","version" => "3.25"},{"date" => "2012-08-08T04:04:18","version" => "3.26"},{"date" => "2012-08-08T21:18:27","version" => "3.27"},{"date" => "2012-08-10T12:18:38","version" => "3.28"},{"date" => "2012-08-13T13:42:56","version" => "3.29"},{"date" => "2012-08-13T16:14:35","version" => "3.30"},{"date" => "2012-08-15T09:37:25","version" => "3.31"},{"date" => "2012-08-20T12:37:26","version" => "3.32"},{"date" => "2012-08-23T18:34:00","version" => "3.33"},{"date" => "2012-08-24T01:17:41","version" => "3.34"},{"date" => "2012-08-27T22:52:31","version" => "3.35"},{"date" => "2012-08-30T00:59:43","version" => "3.36"},{"date" => "2012-09-04T20:50:40","version" => "3.37"},{"date" => "2012-09-07T00:05:53","version" => "3.38"},{"date" => "2012-09-10T11:58:00","version" => "3.39"},{"date" => "2012-09-11T18:03:47","version" => "3.40"},{"date" => "2012-09-13T18:22:49","version" => "3.41"},{"date" => "2012-09-16T17:29:48","version" => "3.42"},{"date" => "2012-09-22T19:40:59","version" => "3.43"},{"date" => "2012-09-29T11:20:17","version" => "3.44"},{"date" => "2012-10-09T20:39:26","version" => "3.45"},{"date" => "2012-10-10T20:55:33","version" => "3.46"},{"date" => "2012-10-12T23:10:49","version" => "3.47"},{"date" => "2012-10-16T22:51:05","version" => "3.48"},{"date" => "2012-10-19T16:34:25","version" => "3.49"},{"date" => "2012-10-20T01:34:34","version" => "3.50"},{"date" => "2012-10-23T20:23:54","version" => "3.51"},{"date" => "2012-10-26T14:41:25","version" => "3.52"},{"date" => "2012-10-31T02:41:01","version" => "3.53"},{"date" => "2012-11-01T04:36:00","version" => "3.54"},{"date" => "2012-11-08T11:20:15","version" => "3.55"},{"date" => "2012-11-09T20:09:37","version" => "3.56"},{"date" => "2012-11-12T19:47:57","version" => "3.57"},{"date" => "2012-11-19T16:05:13","version" => "3.58"},{"date" => "2012-11-20T19:53:03","version" => "3.59"},{"date" => "2012-11-22T05:12:27","version" => "3.60"},{"date" => "2012-11-25T04:19:47","version" => "3.61"},{"date" => "2012-11-26T00:57:00","version" => "3.62"},{"date" => "2012-11-28T10:17:51","version" => "3.63"},{"date" => "2012-12-01T16:39:26","version" => "3.64"},{"date" => "2012-12-08T22:47:54","version" => "3.65"},{"date" => "2012-12-14T01:03:29","version" => "3.66"},{"date" => "2012-12-14T23:48:00","version" => "3.67"},{"date" => "2012-12-16T00:55:55","version" => "3.68"},{"date" => "2012-12-20T22:47:53","version" => "3.69"},{"date" => "2012-12-23T22:18:59","version" => "3.70"},{"date" => "2013-01-02T11:57:12","version" => "3.71"},{"date" => "2013-01-04T22:16:16","version" => "3.72"},{"date" => "2013-01-06T22:46:48","version" => "3.73"},{"date" => "2013-01-07T18:47:06","version" => "3.74"},{"date" => "2013-01-08T16:15:03","version" => "3.75"},{"date" => "2013-01-10T00:00:19","version" => "3.76"},{"date" => "2013-01-12T00:36:11","version" => "3.77"},{"date" => "2013-01-12T23:47:49","version" => "3.78"},{"date" => "2013-01-13T00:50:13","version" => "3.79"},{"date" => "2013-01-15T05:02:52","version" => "3.80"},{"date" => "2013-01-17T21:32:48","version" => "3.81"},{"date" => "2013-01-18T15:50:23","version" => "3.82"},{"date" => "2013-01-27T15:28:40","version" => "3.83"},{"date" => "2013-01-30T00:32:12","version" => "3.84"},{"date" => "2013-02-13T00:56:23","version" => "3.85"},{"date" => "2013-02-22T02:01:13","version" => "3.86"},{"date" => "2013-02-23T19:36:00","version" => "3.87"},{"date" => "2013-03-03T21:53:52","version" => "3.88"},{"date" => "2013-03-04T16:12:24","version" => "3.89"},{"date" => "2013-03-14T20:08:14","version" => "3.90"},{"date" => "2013-03-17T22:59:42","version" => "3.91"},{"date" => "2013-04-03T19:48:34","version" => "3.92"},{"date" => "2013-04-05T21:46:38","version" => "3.93"},{"date" => "2013-04-08T21:48:55","version" => "3.94"},{"date" => "2013-04-12T03:49:59","version" => "3.95"},{"date" => "2013-04-22T21:34:16","version" => "3.96"},{"date" => "2013-04-25T21:49:41","version" => "3.97"},{"date" => "2013-05-15T20:02:05","version" => "4.0"},{"date" => "2013-05-19T17:24:38","version" => "4.01"},{"date" => "2013-05-20T16:55:00","version" => "4.02"},{"date" => "2013-05-21T05:24:56","version" => "4.03"},{"date" => "2013-05-23T21:25:32","version" => "4.04"},{"date" => "2013-05-24T02:59:59","version" => "4.05"},{"date" => "2013-05-24T14:23:41","version" => "4.06"},{"date" => "2013-05-25T18:07:30","version" => "4.07"},{"date" => "2013-05-30T21:45:51","version" => "4.08"},{"date" => "2013-05-31T02:24:29","version" => "4.09"},{"date" => "2013-06-01T02:09:07","version" => "4.10"},{"date" => "2013-06-03T04:34:37","version" => "4.11"},{"date" => "2013-06-07T01:51:09","version" => "4.12"},{"date" => "2013-06-09T00:25:21","version" => "4.13"},{"date" => "2013-06-10T00:23:12","version" => "4.14"},{"date" => "2013-06-18T08:02:11","version" => "4.15"},{"date" => "2013-06-19T01:27:29","version" => "4.16"},{"date" => "2013-07-04T16:14:27","version" => "4.17"},{"date" => "2013-07-08T09:17:43","version" => "4.18"},{"date" => "2013-07-21T21:47:46","version" => "4.19"},{"date" => "2013-07-28T12:53:38","version" => "4.20"},{"date" => "2013-07-28T20:17:31","version" => "4.21"},{"date" => "2013-07-29T19:13:38","version" => "4.22"},{"date" => "2013-07-31T20:35:17","version" => "4.23"},{"date" => "2013-08-08T21:10:52","version" => "4.24"},{"date" => "2013-08-17T20:16:56","version" => "4.25"},{"date" => "2013-08-18T15:06:51","version" => "4.26"},{"date" => "2013-08-26T15:29:36","version" => "4.27"},{"date" => "2013-08-29T16:11:59","version" => "4.28"},{"date" => "2013-08-31T02:01:44","version" => "4.29"},{"date" => "2013-09-01T21:48:28","version" => "4.30"},{"date" => "2013-09-04T20:09:26","version" => "4.31"},{"date" => "2013-09-06T21:19:59","version" => "4.32"},{"date" => "2013-09-07T20:38:03","version" => "4.33"},{"date" => "2013-09-08T20:58:54","version" => "4.34"},{"date" => "2013-09-10T21:40:13","version" => "4.35"},{"date" => "2013-09-12T21:31:22","version" => "4.36"},{"date" => "2013-09-13T01:32:54","version" => "4.37"},{"date" => "2013-09-16T22:01:40","version" => "4.38"},{"date" => "2013-09-17T04:53:49","version" => "4.39"},{"date" => "2013-09-21T01:15:17","version" => "4.40"},{"date" => "2013-09-21T17:25:38","version" => "4.41"},{"date" => "2013-09-30T07:46:05","version" => "4.42"},{"date" => "2013-10-02T19:16:26","version" => "4.43"},{"date" => "2013-10-04T21:18:14","version" => "4.44"},{"date" => "2013-10-06T15:46:08","version" => "4.45"},{"date" => "2013-10-12T17:11:54","version" => "4.46"},{"date" => "2013-10-14T23:51:30","version" => "4.47"},{"date" => "2013-10-16T05:28:45","version" => "4.48"},{"date" => "2013-10-17T16:53:59","version" => "4.49"},{"date" => "2013-10-23T01:18:55","version" => "4.50"},{"date" => "2013-10-28T17:20:46","version" => "4.51"},{"date" => "2013-10-29T06:27:25","version" => "4.52"},{"date" => "2013-10-30T00:21:27","version" => "4.53"},{"date" => "2013-11-07T00:45:35","version" => "4.54"},{"date" => "2013-11-07T02:38:24","version" => "4.55"},{"date" => "2013-11-10T02:56:56","version" => "4.56"},{"date" => "2013-11-11T20:30:04","version" => "4.57"},{"date" => "2013-11-19T20:46:01","version" => "4.58"},{"date" => "2013-12-04T21:35:49","version" => "4.59"},{"date" => "2013-12-11T16:33:35","version" => "4.60"},{"date" => "2013-12-16T16:59:25","version" => "4.61"},{"date" => "2013-12-17T20:35:36","version" => "4.62"},{"date" => "2013-12-19T22:59:01","version" => "4.63"},{"date" => "2014-01-01T16:20:28","version" => "4.64"},{"date" => "2014-01-02T22:36:45","version" => "4.65"},{"date" => "2014-01-04T21:48:06","version" => "4.66"},{"date" => "2014-01-11T17:20:18","version" => "4.67"},{"date" => "2014-01-21T22:24:03","version" => "4.68"},{"date" => "2014-01-24T04:06:26","version" => "4.69"},{"date" => "2014-01-26T22:08:54","version" => "4.70"},{"date" => "2014-01-28T03:10:15","version" => "4.71"},{"date" => "2014-01-29T21:29:25","version" => "4.72"},{"date" => "2014-02-01T05:20:38","version" => "4.73"},{"date" => "2014-02-02T04:30:05","version" => "4.74"},{"date" => "2014-02-02T06:54:56","version" => "4.75"},{"date" => "2014-02-04T22:41:32","version" => "4.76"},{"date" => "2014-02-06T23:19:13","version" => "4.77"},{"date" => "2014-02-08T23:02:08","version" => "4.78"},{"date" => "2014-02-11T02:49:44","version" => "4.79"},{"date" => "2014-02-13T04:30:43","version" => "4.80"},{"date" => "2014-02-15T03:27:30","version" => "4.81"},{"date" => "2014-02-19T04:11:47","version" => "4.82"},{"date" => "2014-02-19T06:20:46","version" => "4.83"},{"date" => "2014-02-22T22:59:02","version" => "4.84"},{"date" => "2014-02-26T22:48:41","version" => "4.85"},{"date" => "2014-03-03T05:45:32","version" => "4.86"},{"date" => "2014-03-04T07:14:15","version" => "4.87"},{"date" => "2014-03-09T22:42:42","version" => "4.88"},{"date" => "2014-03-13T21:30:57","version" => "4.89"},{"date" => "2014-03-16T21:22:35","version" => "4.90"},{"date" => "2014-03-29T00:05:17","version" => "4.91"},{"date" => "2014-04-08T20:41:54","version" => "4.92"},{"date" => "2014-04-13T02:17:03","version" => "4.93"},{"date" => "2014-04-19T23:39:22","version" => "4.94"},{"date" => "2014-04-27T03:27:43","version" => "4.95"},{"date" => "2014-04-27T20:04:36","version" => "4.96"},{"date" => "2014-04-29T22:12:52","version" => "4.97"},{"date" => "2014-05-09T01:57:34","version" => "4.98"},{"date" => "2014-05-12T00:46:43","version" => "4.99"},{"date" => "2014-05-29T20:15:51","version" => "5.0"},{"date" => "2014-05-30T14:51:14","version" => "5.01"},{"date" => "2014-05-31T21:51:34","version" => "5.02"},{"date" => "2014-06-02T22:07:46","version" => "5.03"},{"date" => "2014-06-03T21:11:50","version" => "5.04"},{"date" => "2014-06-08T21:50:53","version" => "5.05"},{"date" => "2014-06-12T02:08:01","version" => "5.06"},{"date" => "2014-06-13T19:28:04","version" => "5.07"},{"date" => "2014-06-16T23:44:48","version" => "5.08"},{"date" => "2014-06-24T15:02:21","version" => "5.09"},{"date" => "2014-06-28T23:25:12","version" => "5.10"},{"date" => "2014-07-03T04:01:24","version" => "5.11"},{"date" => "2014-07-03T23:06:55","version" => "5.12"},{"date" => "2014-07-13T00:44:29","version" => "5.13"},{"date" => "2014-07-14T22:01:49","version" => "5.14"},{"date" => "2014-07-17T17:58:05","version" => "5.15"},{"date" => "2014-07-21T16:01:56","version" => "5.16"},{"date" => "2014-07-24T12:40:41","version" => "5.17"},{"date" => "2014-07-25T20:25:29","version" => "5.18"},{"date" => "2014-07-26T21:03:13","version" => "5.19"},{"date" => "2014-07-26T23:36:18","version" => "5.20"},{"date" => "2014-07-27T18:48:25","version" => "5.21"},{"date" => "2014-07-30T16:42:35","version" => "5.22"},{"date" => "2014-07-31T21:32:03","version" => "5.23"},{"date" => "2014-08-02T21:56:32","version" => "5.24"},{"date" => "2014-08-07T01:29:20","version" => "5.25"},{"date" => "2014-08-09T21:26:37","version" => "5.26"},{"date" => "2014-08-11T14:26:47","version" => "5.27"},{"date" => "2014-08-13T00:32:33","version" => "5.28"},{"date" => "2014-08-16T12:40:15","version" => "5.29"},{"date" => "2014-08-17T21:49:15","version" => "5.30"},{"date" => "2014-08-19T17:40:27","version" => "5.31"},{"date" => "2014-08-21T18:19:53","version" => "5.32"},{"date" => "2014-08-23T22:25:32","version" => "5.33"},{"date" => "2014-08-29T21:53:02","version" => "5.34"},{"date" => "2014-08-30T21:57:50","version" => "5.35"},{"date" => "2014-09-02T00:20:21","version" => "5.36"},{"date" => "2014-09-03T20:55:45","version" => "5.37"},{"date" => "2014-09-05T21:57:34","version" => "5.38"},{"date" => "2014-09-07T03:18:45","version" => "5.39"},{"date" => "2014-09-12T01:06:33","version" => "5.40"},{"date" => "2014-09-13T21:24:03","version" => "5.41"},{"date" => "2014-09-17T21:54:39","version" => "5.42"},{"date" => "2014-09-22T00:14:24","version" => "5.43"},{"date" => "2014-09-23T00:49:52","version" => "5.44"},{"date" => "2014-09-27T03:21:55","version" => "5.46"},{"date" => "2014-09-27T03:24:38","version" => "5.45"},{"date" => "2014-09-28T03:31:15","version" => "5.47"},{"date" => "2014-10-07T23:08:14","version" => "5.48"},{"date" => "2014-10-10T21:12:14","version" => "5.49"},{"date" => "2014-10-15T22:00:04","version" => "5.50"},{"date" => "2014-10-17T21:48:17","version" => "5.51"},{"date" => "2014-10-18T20:49:34","version" => "5.52"},{"date" => "2014-10-20T23:34:37","version" => "5.53"},{"date" => "2014-10-23T22:51:06","version" => "5.54"},{"date" => "2014-10-29T00:58:34","version" => "5.55"},{"date" => "2014-10-30T00:23:25","version" => "5.56"},{"date" => "2014-11-02T22:52:07","version" => "5.57"},{"date" => "2014-11-07T00:04:47","version" => "5.58"},{"date" => "2014-11-08T00:26:41","version" => "5.59"},{"date" => "2014-11-12T01:31:36","version" => "5.60"},{"date" => "2014-11-15T00:46:43","version" => "5.61"},{"date" => "2014-11-18T18:24:54","version" => "5.62"},{"date" => "2014-11-22T03:52:56","version" => "5.63"},{"date" => "2014-11-23T02:12:00","version" => "5.64"},{"date" => "2014-11-25T03:23:01","version" => "5.65"},{"date" => "2014-11-27T03:13:19","version" => "5.66"},{"date" => "2014-11-27T06:19:49","version" => "5.67"},{"date" => "2014-12-03T04:36:04","version" => "5.68"},{"date" => "2014-12-13T02:19:36","version" => "5.69"},{"date" => "2014-12-18T00:12:31","version" => "5.70"},{"date" => "2015-01-01T22:44:58","version" => "5.71"},{"date" => "2015-01-11T20:02:04","version" => "5.72"},{"date" => "2015-01-23T16:29:22","version" => "5.73"},{"date" => "2015-01-24T13:32:51","version" => "5.74"},{"date" => "2015-01-27T04:08:19","version" => "5.75"},{"date" => "2015-02-02T19:36:16","version" => "5.76"},{"date" => "2015-02-03T02:37:04","version" => "5.77"},{"date" => "2015-02-13T00:21:48","version" => "5.78"},{"date" => "2015-02-13T05:32:50","version" => "5.79"},{"date" => "2015-02-18T05:24:00","version" => "5.80"},{"date" => "2015-02-21T03:30:18","version" => "5.81"},{"date" => "2015-02-23T03:05:04","version" => "5.82"},{"date" => "2015-02-26T22:17:01","version" => "6.0"},{"date" => "2015-03-03T16:12:16","version" => "6.01"},{"date" => "2015-03-10T02:53:22","version" => "6.02"},{"date" => "2015-03-16T04:43:10","version" => "6.03"},{"date" => "2015-03-23T04:42:27","version" => "6.04"},{"date" => "2015-03-25T05:08:15","version" => "6.05"},{"date" => "2015-04-07T00:55:21","version" => "6.06"},{"date" => "2015-04-07T17:38:01","version" => "6.07"},{"date" => "2015-04-09T22:03:46","version" => "6.08"},{"date" => "2015-04-26T05:10:45","version" => "6.09"},{"date" => "2015-04-27T02:01:03","version" => "6.10"},{"date" => "2015-05-16T22:14:01","version" => "6.11"},{"date" => "2015-06-18T21:48:20","version" => "6.12"},{"date" => "2015-08-20T06:09:39","version" => "6.16"},{"date" => "2015-08-22T19:38:51","version" => "6.17"},{"date" => "2015-09-02T17:26:36","version" => "6.18"},{"date" => "2015-09-12T23:37:29","version" => "6.19"},{"date" => "2015-09-16T22:50:30","version" => "6.20"},{"date" => "2015-09-23T01:05:04","version" => "6.21"},{"date" => "2015-09-27T01:03:32","version" => "6.22"},{"date" => "2015-10-07T18:17:26","version" => "6.23"},{"date" => "2015-10-13T22:54:46","version" => "6.24"},{"date" => "2015-10-22T02:49:47","version" => "6.25"},{"date" => "2015-10-29T00:29:07","version" => "6.26"},{"date" => "2015-10-30T00:07:08","version" => "6.27"},{"date" => "2015-11-02T15:17:16","version" => "6.28"},{"date" => "2015-11-12T02:59:43","version" => "6.30"},{"date" => "2015-11-14T19:38:51","version" => "6.31"},{"date" => "2015-11-18T18:16:15","version" => "6.32"},{"date" => "2015-11-22T16:47:00","version" => "6.33"},{"date" => "2016-01-13T20:08:22","version" => "6.40"},{"date" => "2016-01-24T22:01:52","version" => "6.42"},{"date" => "2016-02-01T16:15:40","version" => "6.43"},{"date" => "2016-02-05T22:42:51","version" => "6.44"},{"date" => "2016-02-09T23:29:35","version" => "6.45"},{"date" => "2016-02-14T00:51:10","version" => "6.46"},{"date" => "2016-02-19T23:09:15","version" => "6.47"},{"date" => "2016-02-24T17:07:45","version" => "6.48"},{"date" => "2016-02-26T22:47:33","version" => "6.49"},{"date" => "2016-02-27T00:12:03","version" => "6.50"},{"date" => "2016-02-29T23:03:44","version" => "6.51"},{"date" => "2016-03-02T22:24:28","version" => "6.52"},{"date" => "2016-03-04T00:58:55","version" => "6.53"},{"date" => "2016-03-07T15:09:42","version" => "6.54"},{"date" => "2016-03-08T20:42:43","version" => "6.55"},{"date" => "2016-03-16T02:42:45","version" => "6.56"},{"date" => "2016-03-23T04:23:41","version" => "6.57"},{"date" => "2016-04-10T17:11:22","version" => "6.58"},{"date" => "2016-04-22T18:45:19","version" => "6.59"},{"date" => "2016-04-26T13:16:04","version" => "6.60"},{"date" => "2016-05-02T17:31:34","version" => "6.61"},{"date" => "2016-05-14T21:05:47","version" => "6.62"},{"date" => "2016-06-03T21:10:48","version" => "6.63"},{"date" => "2016-06-09T16:41:51","version" => "6.64"},{"date" => "2016-06-14T16:15:21","version" => "6.65"},{"date" => "2016-06-16T22:35:28","version" => "6.66"},{"date" => "2016-07-19T06:21:07","version" => "7.0"},{"date" => "2016-08-01T18:46:35","version" => "7.01"},{"date" => "2016-08-17T16:34:19","version" => "7.02"},{"date" => "2016-08-17T16:40:11","version" => "7.03"},{"date" => "2016-08-29T13:59:45","version" => "7.04"},{"date" => "2016-08-29T16:44:18","version" => "7.05"},{"date" => "2016-09-17T21:05:37","version" => "7.06"},{"date" => "2016-09-20T12:30:54","version" => "7.07"},{"date" => "2016-09-23T17:19:00","version" => "7.08"},{"date" => "2016-10-23T09:46:35","version" => "7.09"},{"date" => "2016-11-01T19:02:03","version" => "7.10"},{"date" => "2016-11-30T09:23:48","version" => "7.11"},{"date" => "2016-12-20T08:41:05","version" => "7.12"},{"date" => "2016-12-29T19:40:25","version" => "7.13"},{"date" => "2017-01-04T22:58:20","version" => "7.14"},{"date" => "2017-01-10T11:42:59","version" => "7.15"},{"date" => "2017-01-10T23:52:50","version" => "7.16"},{"date" => "2017-01-11T08:35:01","version" => "7.17"},{"date" => "2017-01-11T22:05:10","version" => "7.18"},{"date" => "2017-01-15T16:05:23","version" => "7.19"},{"date" => "2017-01-18T09:38:55","version" => "7.20"},{"date" => "2017-01-22T14:29:35","version" => "7.21"},{"date" => "2017-01-25T23:09:32","version" => "7.22"},{"date" => "2017-01-29T21:43:19","version" => "7.23"},{"date" => "2017-02-05T21:09:47","version" => "7.24"},{"date" => "2017-02-09T22:51:35","version" => "7.25"},{"date" => "2017-02-15T23:08:52","version" => "7.26"},{"date" => "2017-02-27T17:02:21","version" => "7.27"},{"date" => "2017-03-07T21:36:36","version" => "7.28"},{"date" => "2017-03-14T23:27:54","version" => "7.29"},{"date" => "2017-04-06T12:04:02","version" => "7.30"},{"date" => "2017-04-24T07:50:54","version" => "7.31"},{"date" => "2017-05-30T17:08:40","version" => "7.32"},{"date" => "2017-06-05T22:14:35","version" => "7.33"},{"date" => "2017-07-02T22:04:01","version" => "7.34"},{"date" => "2017-07-05T07:50:23","version" => "7.35"},{"date" => "2017-07-10T07:48:45","version" => "7.36"},{"date" => "2017-07-24T07:55:46","version" => "7.37"},{"date" => "2017-08-01T21:56:47","version" => "7.38"},{"date" => "2017-08-03T08:50:10","version" => "7.39"},{"date" => "2017-08-14T08:32:54","version" => "7.40"},{"date" => "2017-08-16T08:19:30","version" => "7.41"},{"date" => "2017-08-17T11:15:42","version" => "7.42"},{"date" => "2017-08-18T08:26:45","version" => "7.43"},{"date" => "2017-09-03T16:04:13","version" => "7.44"},{"date" => "2017-09-07T08:41:40","version" => "7.45"},{"date" => "2017-09-12T12:27:00","version" => "7.46"},{"date" => "2017-10-12T08:26:53","version" => "7.47"},{"date" => "2017-10-21T13:33:01","version" => "7.48"},{"date" => "2017-10-30T13:18:49","version" => "7.49"},{"date" => "2017-10-30T18:18:13","version" => "7.50"},{"date" => "2017-10-31T19:14:43","version" => "7.51"},{"date" => "2017-11-02T22:29:23","version" => "7.52"},{"date" => "2017-11-04T15:24:07","version" => "7.53"},{"date" => "2017-11-04T22:50:30","version" => "7.54"},{"date" => "2017-11-07T10:58:56","version" => "7.55"},{"date" => "2017-11-16T13:33:27","version" => "7.56"},{"date" => "2017-11-18T16:10:38","version" => "7.57"},{"date" => "2017-12-03T22:14:41","version" => "7.58"},{"date" => "2017-12-17T17:58:55","version" => "7.59"},{"date" => "2018-01-03T14:00:44","version" => "7.60"},{"date" => "2018-01-15T15:35:28","version" => "7.61"},{"date" => "2018-02-03T19:53:39","version" => "7.62"},{"date" => "2018-02-06T20:52:51","version" => "7.63"},{"date" => "2018-02-07T10:17:57","version" => "7.64"},{"date" => "2018-02-11T21:55:33","version" => "7.65"},{"date" => "2018-02-14T08:55:35","version" => "7.66"},{"date" => "2018-02-19T23:11:52","version" => "7.67"},{"date" => "2018-02-23T18:44:15","version" => "7.68"},{"date" => "2018-02-24T21:58:41","version" => "7.69"},{"date" => "2018-02-28T23:47:08","version" => "7.70"},{"date" => "2018-03-16T16:41:58","version" => "7.71"},{"date" => "2018-04-02T21:01:43","version" => "7.72"},{"date" => "2018-04-06T14:10:03","version" => "7.73"},{"date" => "2018-04-07T22:15:16","version" => "7.74"},{"date" => "2018-04-10T16:04:41","version" => "7.75"},{"date" => "2018-04-24T16:55:32","version" => "7.76"},{"date" => "2018-05-01T17:18:20","version" => "7.77"},{"date" => "2018-05-11T16:36:16","version" => "7.78"},{"date" => "2018-05-14T22:13:04","version" => "7.79"},{"date" => "2018-05-20T22:46:20","version" => "7.80"},{"date" => "2018-05-21T22:39:30","version" => "7.81"},{"date" => "2018-05-27T21:59:59","version" => "7.82"},{"date" => "2018-06-03T21:10:42","version" => "7.83"},{"date" => "2018-06-06T14:04:49","version" => "7.84"},{"date" => "2018-06-19T15:57:43","version" => "7.85"},{"date" => "2018-07-03T11:30:46","version" => "7.86"},{"date" => "2018-07-04T10:20:11","version" => "7.87"},{"date" => "2018-07-13T11:00:52","version" => "7.88"},{"date" => "2018-08-07T09:38:35","version" => "7.89"},{"date" => "2018-08-08T22:19:36","version" => "7.90"},{"date" => "2018-08-09T08:39:58","version" => "7.91"},{"date" => "2018-08-09T16:52:45","version" => "7.92"},{"date" => "2018-08-12T14:23:08","version" => "7.93"},{"date" => "2018-08-31T12:53:17","version" => "7.94"},{"date" => "2018-09-14T22:17:06","version" => "8.0"},{"date" => "2018-09-25T16:14:07","version" => "8.01"},{"date" => "2018-10-01T21:34:50","version" => "8.02"},{"date" => "2018-10-16T22:41:46","version" => "8.03"},{"date" => "2018-10-21T20:23:27","version" => "8.04"},{"date" => "2018-11-01T17:15:20","version" => "8.05"},{"date" => "2018-11-08T23:31:57","version" => "8.06"},{"date" => "2018-11-18T22:09:07","version" => "8.07"},{"date" => "2018-12-01T18:26:15","version" => "8.08"},{"date" => "2018-12-04T20:59:01","version" => "8.09"},{"date" => "2018-12-20T10:28:28","version" => "8.10"},{"date" => "2019-01-02T18:04:35","version" => "8.11"},{"date" => "2019-02-01T16:34:38","version" => "8.12"},{"date" => "2019-03-21T22:06:21","version" => "8.13"},{"date" => "2019-04-18T19:11:08","version" => "8.14"},{"date" => "2019-04-26T17:54:06","version" => "8.15"},{"date" => "2019-05-19T19:50:45","version" => "8.16"},{"date" => "2019-05-23T20:50:59","version" => "8.17"},{"date" => "2019-06-28T21:29:47","version" => "8.18"},{"date" => "2019-07-08T10:26:46","version" => "8.19"},{"date" => "2019-07-09T21:02:16","version" => "8.20"},{"date" => "2019-07-14T17:08:55","version" => "8.21"},{"date" => "2019-07-17T10:46:26","version" => "8.22"},{"date" => "2019-08-12T22:52:14","version" => "8.23"},{"date" => "2019-09-11T22:33:49","version" => "8.24"},{"date" => "2019-09-29T13:16:15","version" => "8.25"},{"date" => "2019-11-03T15:48:59","version" => "8.26"},{"date" => "2019-12-04T19:48:08","version" => "8.27"},{"date" => "2019-12-26T16:09:10","version" => "8.28"},{"date" => "2019-12-28T16:58:30","version" => "8.29"},{"date" => "2020-01-09T20:35:42","version" => "8.30"},{"date" => "2020-01-14T20:19:13","version" => "8.31"},{"date" => "2020-01-19T14:35:03","version" => "8.32"},{"date" => "2020-02-11T20:25:08","version" => "8.33"},{"date" => "2020-03-16T17:27:27","version" => "8.34"},{"date" => "2020-03-21T15:12:26","version" => "8.35"},{"date" => "2020-04-02T09:05:58","version" => "8.36"},{"date" => "2020-04-19T19:47:37","version" => "8.37"},{"date" => "2020-04-21T19:54:01","version" => "8.38"},{"date" => "2020-04-22T12:49:38","version" => "8.39"},{"date" => "2020-04-23T09:24:25","version" => "8.40"},{"date" => "2020-05-01T13:34:44","version" => "8.41"},{"date" => "2020-05-04T17:15:38","version" => "8.42"},{"date" => "2020-05-21T12:51:12","version" => "8.43"},{"date" => "2020-05-25T19:06:44","version" => "8.50"},{"date" => "2020-05-31T12:29:16","version" => "8.51"},{"date" => "2020-06-03T20:01:13","version" => "8.52"},{"date" => "2020-06-10T18:02:24","version" => "8.53"},{"date" => "2020-06-14T17:42:03","version" => "8.54"},{"date" => "2020-06-18T09:42:34","version" => "8.55"},{"date" => "2020-06-26T20:08:07","version" => "8.56"},{"date" => "2020-07-17T09:08:51","version" => "8.57"},{"date" => "2020-08-10T18:14:24","version" => "8.58"},{"date" => "2020-09-13T16:04:24","version" => "8.59"},{"date" => "2020-09-27T15:50:48","version" => "8.60"},{"date" => "2020-10-02T11:01:53","version" => "8.61"},{"date" => "2020-10-12T09:57:55","version" => "8.62"},{"date" => "2020-10-13T08:18:36","version" => "8.63"},{"date" => "2020-11-06T18:38:59","version" => "8.64"},{"date" => "2020-11-11T19:55:44","version" => "8.65"},{"date" => "2020-11-30T10:42:18","version" => "8.66"},{"date" => "2020-12-05T16:45:53","version" => "8.67"},{"date" => "2020-12-27T23:38:05","version" => "8.68"},{"date" => "2020-12-28T14:38:20","version" => "8.69"},{"date" => "2020-12-30T14:43:19","version" => "8.70"},{"date" => "2021-01-17T17:06:28","version" => "8.71"},{"date" => "2021-01-27T15:33:24","version" => "8.72"},{"date" => "2021-02-06T16:08:52","version" => "8.73"},{"date" => "2021-02-14T18:44:04","version" => "9.0"},{"date" => "2021-02-16T21:32:29","version" => "9.01"},{"date" => "2021-03-01T19:16:02","version" => "9.02"},{"date" => "2021-03-07T18:49:12","version" => "9.03"},{"date" => "2021-03-11T21:04:03","version" => "9.07"},{"date" => "2021-03-12T16:47:37","version" => "9.08"},{"date" => "2021-03-14T18:32:57","version" => "9.09"},{"date" => "2021-03-15T13:26:22","version" => "9.10"},{"date" => "2021-03-20T16:41:03","version" => "9.11"},{"date" => "2021-03-20T21:25:26","version" => "9.12"},{"date" => "2021-03-22T11:33:00","version" => "9.13"},{"date" => "2021-03-23T22:54:21","version" => "9.14"},{"date" => "2021-04-06T09:10:10","version" => "9.15"},{"date" => "2021-04-09T11:31:09","version" => "9.16"},{"date" => "2021-04-13T10:11:02","version" => "9.17"},{"date" => "2021-05-23T14:06:27","version" => "9.18"},{"date" => "2021-06-02T09:14:48","version" => "9.19"},{"date" => "2021-08-09T17:26:54","version" => "9.20"},{"date" => "2021-08-13T19:14:43","version" => "9.21"},{"date" => "2021-10-21T11:53:53","version" => "9.22"},{"date" => "2022-03-25T11:37:40","version" => "9.23"},{"date" => "2022-04-18T18:28:00","version" => "9.24"},{"date" => "2022-04-28T15:21:32","version" => "9.25"},{"date" => "2022-05-23T15:17:22","version" => "9.26"},{"date" => "2022-09-12T11:10:27","version" => "9.27"},{"date" => "2022-10-14T18:55:13","version" => "9.28"},{"date" => "2022-11-11T10:15:54","version" => "9.29"},{"date" => "2022-11-23T11:52:17","version" => "9.30"},{"date" => "2022-12-21T00:36:31","version" => "9.31"},{"date" => "2023-05-08T22:09:51","version" => "9.32"},{"date" => "2023-06-14T19:25:48","version" => "9.33"},{"date" => "2023-09-11T18:34:53","version" => "9.34"},{"date" => "2023-10-27T17:11:42","version" => "9.35"},{"date" => "2024-03-08T22:16:38","version" => "9.36"},{"date" => "2024-05-13T17:48:56","version" => "9.37"},{"date" => "2024-08-17T14:52:48","version" => "9.38"},{"date" => "2024-11-23T14:16:18","version" => "9.39"},{"date" => "2025-05-12T13:09:01","version" => "9.40"},{"date" => "2025-07-03T12:27:43","version" => "9.41"},{"date" => "2025-10-01T14:47:16","version" => "9.42"}]},"Mojolicious-Plugin-CSRF" => {"advisories" => [{"affected_versions" => ["==1.03"],"cves" => ["CVE-2025-40915"],"description" => "Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.  That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.","distribution" => "Mojolicious-Plugin-CSRF","fixed_versions" => [">=1.03"],"id" => "CPANSA-Mojolicious-Plugin-CSRF-2025-40915","references" => ["https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03"],"reported" => "2025-06-11","severity" => undef}],"main_module" => "Mojolicious::Plugin::CSRF","versions" => [{"date" => "2025-05-18T15:33:39","version" => "1.01"},{"date" => "2025-05-18T17:46:33","version" => "1.02"},{"date" => "2025-06-11T01:38:00","version" => "1.03"},{"date" => "2025-06-11T13:31:36","version" => "1.04"},{"date" => "2025-06-13T17:50:34","version" => "1.05"}]},"Mojolicious-Plugin-CaptchaPNG" => {"advisories" => [{"affected_versions" => ["<1.06"],"cves" => ["CVE-2025-40916"],"description" => "Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.  That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.","distribution" => "Mojolicious-Plugin-CaptchaPNG","fixed_versions" => [">=1.06"],"id" => "CPANSA-Mojolicious-Plugin-CaptchaPNG-2025-40916","references" => ["https://metacpan.org/pod/perlfunc#rand","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.04/diff/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.05/lib/Mojolicious/Plugin/CaptchaPNG.pm","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.06/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-06-16","severity" => undef}],"main_module" => "Mojolicious::Plugin::CaptchaPNG","versions" => [{"date" => "2025-02-05T00:29:06","version" => "1.02"},{"date" => "2025-02-05T18:58:16","version" => "1.03"},{"date" => "2025-05-18T17:49:30","version" => "1.04"},{"date" => "2025-06-11T01:40:57","version" => "1.05"},{"date" => "2025-06-11T14:08:11","version" => "1.06"},{"date" => "2025-06-13T17:50:45","version" => "1.07"},{"date" => "2025-06-17T16:49:35","version" => "1.08"}]},"Mojolicious-Plugin-LazyImage" => {"advisories" => [{"affected_versions" => ["<=0.01"],"cves" => ["CVE-2024-38526"],"description" => "pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.\n","distribution" => "Mojolicious-Plugin-LazyImage","embedded_vulnerability" => {"distributed_version" => undef,"name" => "polyfill.io"},"fixed_versions" => [],"id" => "CPANSA-Mojolicious-Plugin-LazyImage-2024-38526","references" => ["https://github.com/mitmproxy/pdoc/pull/703","https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62","https://sansec.io/research/polyfill-supply-chain-attack","https://github.com/briandfoy/cpan-security-advisory/issues/155","https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/"],"reported" => "2024-06-26","severity" => undef}],"main_module" => "Mojolicious::Plugin::LazyImage","versions" => [{"date" => "2017-12-28T10:40:31","version" => "0.01"}]},"Mojolicious-Plugin-OAuth2" => {"advisories" => [{"affected_versions" => ["<1.3"],"cves" => [],"description" => "Param injection in case of several parameters of the same name are present.\n","distribution" => "Mojolicious-Plugin-OAuth2","fixed_versions" => [">=1.3"],"id" => "CPANSA-Mojolicious-Plugin-OAuth2-2014-01","references" => ["https://metacpan.org/changes/distribution/Mojolicious-Plugin-OAuth2","https://github.com/marcusramberg/Mojolicious-Plugin-OAuth2/commit/68315d329059b427e13d486c0e10733f728709aa"],"reported" => "2014-10-07"}],"main_module" => "Mojolicious::Plugin::OAuth2","versions" => [{"date" => "2011-01-08T11:03:42","version" => "0.01"},{"date" => "2011-01-09T18:00:14","version" => "0.02"},{"date" => "2011-04-03T16:00:38","version" => "0.1"},{"date" => "2011-08-01T16:56:18","version" => "0.2"},{"date" => "2011-09-04T19:42:29","version" => "0.3"},{"date" => "2011-09-07T16:59:50","version" => "0.4"},{"date" => "2011-10-19T11:55:32","version" => "0.5"},{"date" => "2012-03-09T21:15:39","version" => "0.6"},{"date" => "2012-05-30T11:49:29","version" => "0.7"},{"date" => "2012-08-23T20:18:41","version" => "0.8"},{"date" => "2013-05-20T05:55:18","version" => "0.9"},{"date" => "2013-11-06T13:24:52","version" => "1.0"},{"date" => "2014-03-13T08:18:10","version" => "1.1"},{"date" => "2014-09-06T13:49:59","version" => "1.2"},{"date" => "2014-10-07T05:49:16","version" => "1.3"},{"date" => "2015-03-01T20:09:19","version" => "1.4"},{"date" => "2015-03-02T07:32:59","version" => "1.5"},{"date" => "2015-03-18T16:40:18","version" => "1.51"},{"date" => "2015-04-06T20:46:39","version" => "1.52"},{"date" => "2015-09-08T07:27:41","version" => "1.53"},{"date" => "2018-08-30T10:48:55","version" => "1.54"},{"date" => "2018-09-08T18:30:54","version" => "1.55"},{"date" => "2018-09-23T22:04:16","version" => "1.56"},{"date" => "2018-09-24T08:55:14","version" => "1.57"},{"date" => "2019-07-03T12:24:11","version" => "1.58"},{"date" => "2021-02-16T23:34:41","version" => "1.59"},{"date" => "2021-10-27T10:37:42","version" => "2.00"},{"date" => "2021-10-28T09:30:06","version" => "2.01"},{"date" => "2022-02-08T09:50:33","version" => "2.02"}]},"Moxy" => {"advisories" => [{"affected_versions" => ["<0.25"],"cves" => [],"description" => "Allowed file schema\n","distribution" => "Moxy","fixed_versions" => [">=0.25"],"id" => "CPANSA-Moxy-2008-01","references" => ["https://metacpan.org/dist/Moxy/changes"],"reported" => "2008-04-09","severity" => undef}],"main_module" => "Moxy","versions" => [{"date" => "2008-01-01T18:30:22","version" => "0.04"},{"date" => "2008-01-02T13:16:19","version" => "0.05"},{"date" => "2008-01-19T02:45:48","version" => "0.06"},{"date" => "2008-01-19T04:46:15","version" => "0.07"},{"date" => "2008-01-19T13:40:32","version" => "0.08"},{"date" => "2008-01-20T07:59:32","version" => "0.20"},{"date" => "2008-01-25T07:34:00","version" => "0.22"},{"date" => "2008-01-26T10:16:38","version" => "0.23"},{"date" => "2008-01-27T06:18:24","version" => "0.24"},{"date" => "2008-04-09T15:15:08","version" => "0.25"},{"date" => "2008-04-20T05:07:40","version" => "0.30"},{"date" => "2008-04-20T11:43:55","version" => "0.31"},{"date" => "2008-04-21T02:33:59","version" => "0.32"},{"date" => "2008-05-13T04:32:15","version" => "0.32"},{"date" => "2008-05-14T04:12:27","version" => "0.32"},{"date" => "2008-06-14T07:29:30","version" => "0.32"},{"date" => "2008-08-14T16:20:15","version" => "0.32"},{"date" => "2008-08-22T09:54:45","version" => "0.32"},{"date" => "2008-10-02T10:14:27","version" => "0.32"},{"date" => "2008-11-07T01:24:33","version" => "0.32"},{"date" => "2008-11-07T01:43:45","version" => "0.32"},{"date" => "2008-11-08T01:14:56","version" => "0.32"},{"date" => "2008-11-19T02:50:08","version" => "0.32"},{"date" => "2009-02-10T11:05:56","version" => "0.32"},{"date" => "2009-02-20T09:48:43","version" => "0.51"},{"date" => "2009-03-24T11:22:16","version" => "0.52"},{"date" => "2009-03-31T06:33:35","version" => "0.53"},{"date" => "2009-04-07T10:51:35","version" => "0.54"},{"date" => "2009-04-08T06:23:07","version" => "0.55"},{"date" => "2009-04-08T08:36:37","version" => "0.56"},{"date" => "2011-01-26T08:17:33","version" => "0.60"},{"date" => "2011-05-18T04:36:44","version" => "0.57"},{"date" => "2011-05-18T04:46:01","version" => "0.60"},{"date" => "2011-05-24T01:35:05","version" => "0.60"},{"date" => "2011-05-27T01:48:35","version" => "0.63"},{"date" => "2012-11-06T05:23:15","version" => "0.70"}]},"Mozilla-CA" => {"advisories" => [{"affected_versions" => ["<20110914"],"cves" => [],"description" => "Google Chrome user alibo encountered an active \"man in the middle\" (MITM) attack on secure SSL connections to Google servers. The fraudulent certificate was mis-issued by DigiNotar, a Dutch Certificate Authority. DigiNotar has reported evidence that other fraudulent certificates were issued and in active use but the full extent of the compromise is not known.\n","distribution" => "Mozilla-CA","fixed_versions" => [">=20110914"],"id" => "CPANSA-Mozilla-CA-2011-34","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=70967","https://www.mozilla.org/en-US/security/advisories/mfsa2011-35/","https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/"],"reported" => undef,"severity" => undef},{"affected_versions" => ["<20240730"],"cves" => ["CVE-2024-39689"],"description" => "ECM GlobalTrust 2000 root certificates have been distrusted\n","distribution" => "Mozilla-CA","fixed_versions" => [">=20240730"],"id" => "CPANSA-Mozilla-CA-2024-39689","references" => ["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI","https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ","https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc","https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"],"reported" => "2024-06-11","severity" => "low"}],"main_module" => "Mozilla::CA","versions" => [{"date" => "2011-01-22T12:13:20","version" => 20110122},{"date" => "2011-01-26T19:10:48","version" => 20110126},{"date" => "2011-02-11T22:42:06","version" => 20110209},{"date" => "2011-03-01T23:13:54","version" => 20110301},{"date" => "2011-04-09T21:15:42","version" => 20110409},{"date" => "2011-09-04T03:48:06","version" => 20110904},{"date" => "2011-09-15T08:01:35","version" => 20110914},{"date" => "2011-10-25T06:46:10","version" => 20111025},{"date" => "2012-01-18T06:52:33","version" => 20120118},{"date" => "2012-03-09T01:57:07","version" => 20120309},{"date" => "2012-08-22T00:27:51","version" => 20120822},{"date" => "2012-08-22T06:39:33","version" => 20120823},{"date" => "2013-01-14T18:34:17","version" => 20130114},{"date" => "2014-12-22T00:25:09","version" => 20141217},{"date" => "2015-08-26T05:56:57","version" => 20150826},{"date" => "2016-01-04T01:19:28","version" => 20160104},{"date" => "2018-03-01T11:34:46","version" => 20180117},{"date" => "2020-05-20T04:53:47","version" => 20200520},{"date" => "2021-10-01T21:38:43","version" => 20211001},{"date" => "2022-11-14T10:45:12","version" => 20221114},{"date" => "2023-08-01T15:43:22","version" => 20230801},{"date" => "2023-08-07T12:10:03","version" => 20230807},{"date" => "2023-08-21T18:15:27","version" => 20230821},{"date" => "2023-12-13T20:18:41","version" => 20231213},{"date" => "2024-03-13T15:19:08","version" => 20240313},{"date" => "2024-07-30T16:10:02","version" => 20240730},{"date" => "2024-09-24T02:19:55","version" => 20240924},{"date" => "2025-02-02T15:34:15","version" => 20250202},{"date" => "2025-06-02T17:39:28","version" => 20250602}]},"MySQL-Admin" => {"advisories" => [{"affected_versions" => ["<0.34"],"cves" => [],"description" => "Unspecified security issues.\n","distribution" => "MySQL-Admin","fixed_versions" => [">=0.34"],"id" => "CPANSA-MySQL-Admin-1-1","references" => ["https://metacpan.org/dist/MySQL-Admin/changes"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.14,<=1.18"],"cves" => ["X-CVE-2014-0001"],"description" => "Affected versions of the package are vulnerable to Cross-site Scripting (XSS) via the editor box.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-X-CVE-2014-0001-bootstrap-markdown-editor","references" => ["https://security.snyk.io/vuln/npm:bootstrap-markdown:20140826","https://cwe.mitre.org/data/definitions/79.html"],"reported" => "2014-08-25","severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-20921"],"description" => "bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-20921-bootstrap-select","references" => ["https://github.com/advisories/GHSA-9r7h-6639-v5mw","https://github.com/snapappointments/bootstrap-select/issues/2199","https://www.npmjs.com/advisories/1522","https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457"],"reported" => "2020-09-30","severity" => "medium"},{"affected_versions" => [">=1.14,<=1.18"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "MySQL::Admin","versions" => [{"date" => "2009-04-05T07:27:17","version" => "0.41"},{"date" => "2009-04-25T12:13:07","version" => "0.42"},{"date" => "2009-05-02T16:39:11","version" => "0.43"},{"date" => "2009-05-06T16:32:16","version" => "0.44"},{"date" => "2009-09-20T10:34:08","version" => "0.47"},{"date" => "2009-09-20T17:52:11","version" => "0.48"},{"date" => "2009-09-20T19:27:03","version" => "0.5"},{"date" => "2009-09-23T13:03:36","version" => "0.51"},{"date" => "2009-09-26T10:35:54","version" => "0.52"},{"date" => "2009-09-28T06:12:57","version" => "0.54"},{"date" => "2009-09-29T10:34:19","version" => "0.55"},{"date" => "2009-09-30T16:13:36","version" => "0.56"},{"date" => "2009-10-03T07:37:25","version" => "0.57"},{"date" => "2009-10-04T06:02:37","version" => "0.58"},{"date" => "2009-10-04T09:07:10","version" => "0.59"},{"date" => "2009-10-05T15:31:56","version" => "0.6"},{"date" => "2009-10-13T13:03:13","version" => "0.61"},{"date" => "2009-10-13T13:28:16","version" => "0.62"},{"date" => "2015-03-22T15:18:03","version" => "0.65"},{"date" => "2015-03-24T07:27:33","version" => "0.66"},{"date" => "2015-03-26T19:31:05","version" => "0.67"},{"date" => "2015-03-30T18:13:38","version" => "0.68"},{"date" => "2015-04-01T20:54:59","version" => "0.69"},{"date" => "2015-04-02T18:13:25","version" => "0.7"},{"date" => "2015-04-02T20:01:04","version" => "0.71"},{"date" => "2015-04-06T19:38:13","version" => "0.72"},{"date" => "2015-04-07T17:24:44","version" => "0.73"},{"date" => "2015-04-09T20:30:39","version" => "0.74"},{"date" => "2015-04-12T19:12:02","version" => "0.75"},{"date" => "2015-04-18T10:10:22","version" => "0.76"},{"date" => "2015-04-23T19:09:21","version" => "0.77"},{"date" => "2015-06-19T21:18:27","version" => "0.79"},{"date" => "2015-06-20T15:56:45","version" => "0.8"},{"date" => "2015-06-21T11:51:26","version" => "0.81"},{"date" => "2015-07-09T20:24:39","version" => "0.84"},{"date" => "2015-07-10T12:25:42","version" => "0.85"},{"date" => "2015-07-11T17:51:30","version" => "0.86"},{"date" => "2015-07-26T19:47:51","version" => "0.87"},{"date" => "2015-10-10T14:46:47","version" => "0.89"},{"date" => "2015-10-31T17:56:24","version" => "0.9"},{"date" => "2015-11-01T11:42:27","version" => "0.91"},{"date" => "2015-11-01T13:05:50","version" => "0.92"},{"date" => "2015-12-27T20:50:17","version" => "0.93"},{"date" => "2016-01-25T20:30:24","version" => "0.94"},{"date" => "2016-01-26T09:59:39","version" => "0.95"},{"date" => "2016-01-26T13:59:30","version" => "0.96"},{"date" => "2016-01-28T09:10:44","version" => "0.97"},{"date" => "2016-02-03T21:51:55","version" => "0.98"},{"date" => "2016-02-06T07:24:22","version" => "0.99"},{"date" => "2016-02-06T10:01:55","version" => 1},{"date" => "2016-02-06T17:43:58","version" => "1.01"},{"date" => "2016-02-14T18:20:01","version" => "1.02"},{"date" => "2016-02-23T12:55:34","version" => "1.03"},{"date" => "2016-02-24T14:56:54","version" => "1.04"},{"date" => "2016-05-15T18:28:42","version" => "1.05"},{"date" => "2016-06-25T20:34:51","version" => "1.06"},{"date" => "2016-06-26T11:54:44","version" => "1.07"},{"date" => "2016-10-26T20:01:37","version" => "1.08"},{"date" => "2016-10-26T20:17:36","version" => "1.09"},{"date" => "2017-01-25T20:32:12","version" => "1.1"},{"date" => "2017-01-26T20:40:27","version" => "1.11"},{"date" => "2017-01-29T19:25:00","version" => "1.12"},{"date" => "2018-06-03T15:06:18","version" => "1.13"},{"date" => "2018-06-10T16:38:09","version" => "1.14"},{"date" => "2018-07-01T19:20:11","version" => "1.15"},{"date" => "2018-07-24T05:59:11","version" => "1.16"},{"date" => "2019-04-22T13:37:27","version" => "1.17"},{"date" => "2019-05-26T14:49:11","version" => "1.18"}]},"Net-CIDR" => {"advisories" => [{"affected_versions" => ["<0.25"],"cves" => ["CVE-2021-4456"],"description" => "addr2cidr may output dotted decimal IP address with leading zeros, that some older tools may interpret as octal values.","distribution" => "Net-CIDR","fixed_versions" => [">=0.25"],"id" => "CPANSA-Net-CIDR-2021-4456","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/svarshavchik/Net-CIDR/pull/4","https://github.com/briandfoy/cpan-security-advisory/issues/199","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28918","https://github.com/advisories/GHSA-pch5-whg9-qr2r","https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/"],"reported" => undef,"severity" => undef}],"main_module" => "Net::CIDR","versions" => [{"date" => "2001-07-10T02:31:15","version" => "0.02"},{"date" => "2001-10-25T03:21:00","version" => "0.03"},{"date" => "2001-11-27T18:09:02","version" => "0.04"},{"date" => "2003-05-01T15:22:27","version" => "0.07"},{"date" => "2003-08-14T05:53:06","version" => "0.08"},{"date" => "2003-11-19T00:25:14","version" => "0.09"},{"date" => "2004-07-19T23:49:07","version" => "0.10"},{"date" => "2005-08-10T01:21:28","version" => "0.11"},{"date" => "2009-01-19T18:52:31","version" => "0.13"},{"date" => "2010-06-27T13:49:06","version" => "0.14"},{"date" => "2012-02-16T13:12:52","version" => "0.15"},{"date" => "2012-10-01T03:17:27","version" => "0.16"},{"date" => "2012-10-21T13:44:40","version" => "0.17"},{"date" => "2015-02-04T02:03:45","version" => "0.18"},{"date" => "2018-06-12T02:13:49","version" => "0.19"},{"date" => "2019-04-17T01:46:50","version" => "0.20"},{"date" => "2021-03-31T01:43:37","version" => "0.21"},{"date" => "2025-03-09T12:42:15","version" => "0.22"},{"date" => "2025-03-10T12:02:04","version" => "0.23"},{"date" => "2025-05-20T11:56:28","version" => "0.24"},{"date" => "2025-05-20T14:24:29","version" => "v0.24.1"},{"date" => "2025-05-24T02:12:05","version" => "0.25"},{"date" => "2025-06-21T02:56:12","version" => "0.26"},{"date" => "2025-08-13T00:00:19","version" => "0.27"}]},"Net-CIDR-Lite" => {"advisories" => [{"affected_versions" => ["<0.22"],"cves" => ["CVE-2021-47154"],"description" => "The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-CIDR-Lite","fixed_versions" => [">=0.22"],"id" => "CPANSA-Net-CIDR-Lite-2021-47154","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc","https://metacpan.org/dist/Net-CIDR-Lite/changes","https://metacpan.org/pod/Net::CIDR::Lite"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::CIDR::Lite","versions" => [{"date" => "2001-10-23T22:54:21","version" => "0.02"},{"date" => "2001-10-24T00:14:02","version" => "0.03"},{"date" => "2001-10-24T00:55:11","version" => "0.04"},{"date" => "2001-10-25T17:20:05","version" => "0.05"},{"date" => "2001-10-31T01:40:19","version" => "0.06"},{"date" => "2001-10-31T23:51:49","version" => "0.07"},{"date" => "2001-11-26T23:12:47","version" => "0.08"},{"date" => "2001-11-27T05:47:30","version" => "0.09"},{"date" => "2001-11-27T18:25:47","version" => "0.10"},{"date" => "2002-04-16T05:44:00","version" => "0.11"},{"date" => "2002-07-15T07:07:02","version" => "0.12"},{"date" => "2002-07-15T09:46:34","version" => "0.13"},{"date" => "2002-07-15T16:31:01","version" => "0.14"},{"date" => "2003-04-16T20:20:04","version" => "0.15"},{"date" => "2005-05-18T19:01:44","version" => "0.16"},{"date" => "2005-05-18T19:43:12","version" => "0.17"},{"date" => "2005-05-21T08:14:32","version" => "0.18"},{"date" => "2006-01-30T19:34:31","version" => "0.19"},{"date" => "2006-02-14T00:58:01","version" => "0.20"},{"date" => "2010-03-26T00:38:30","version" => "0.21"},{"date" => "2021-04-04T21:03:12","version" => "0.22"}]},"Net-CIDR-Set" => {"advisories" => [{"affected_versions" => [">=0.10,<=0.13"],"cves" => ["CVE-2025-40911"],"description" => "Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.  Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.  Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.","distribution" => "Net-CIDR-Set","fixed_versions" => [">=0.14"],"id" => "CPANSA-Net-CIDR-Set-2025-40911","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab003a8a.patch","https://metacpan.org/release/RRWO/Net-CIDR-Set-0.14/changes"],"reported" => "2025-05-27","severity" => undef}],"main_module" => "Net::CIDR::Set","versions" => [{"date" => "2009-01-29T15:06:24","version" => "0.10"},{"date" => "2009-01-29T23:03:08","version" => "0.11"},{"date" => "2014-02-24T13:52:37","version" => "0.13"},{"date" => "2025-05-27T15:18:39","version" => "0.14"},{"date" => "2025-05-27T15:38:17","version" => "0.15"},{"date" => "2025-06-03T12:56:20","version" => "0.16"},{"date" => "2025-08-03T10:40:58","version" => "0.17"},{"date" => "2025-08-03T10:46:20","version" => "0.18"},{"date" => "2025-08-05T12:12:04","version" => "0.19"}]},"Net-DNS" => {"advisories" => [{"affected_versions" => ["<0.63"],"cves" => ["CVE-2007-6341"],"description" => "Allows remote attackers to cause a denial of service (program \"croak\") via a crafted DNS response.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.63"],"id" => "CPANSA-Net-DNS-2008-01","references" => ["https://metacpan.org/changes/distribution/Net-DNS"],"reported" => "2008-02-08"},{"affected_versions" => ["<0.60"],"cves" => ["CVE-2007-3409"],"description" => "Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.60"],"id" => "CPANSA-Net-DNS-2007-3409","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=27285","http://www.net-dns.org/docs/Changes.html","http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:146","http://www.redhat.com/support/errata/RHSA-2007-0674.html","ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc","http://www.novell.com/linux/security/advisories/2007_17_sr.html","http://www.trustix.org/errata/2007/0023/","http://www.ubuntu.com/usn/usn-483-1","http://www.securityfocus.com/bid/24669","http://www.securitytracker.com/id?1018376","http://secunia.com/advisories/25829","http://secunia.com/advisories/26014","http://secunia.com/advisories/26055","http://secunia.com/advisories/26012","http://secunia.com/advisories/26075","http://secunia.com/advisories/26211","http://secunia.com/advisories/26231","http://secunia.com/advisories/26417","http://secunia.com/advisories/26543","http://www.debian.org/security/2008/dsa-1515","http://secunia.com/advisories/29354","http://osvdb.org/37054","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10595","http://www.securityfocus.com/archive/1/473871/100/0/threaded"],"reported" => "2007-06-26","severity" => undef},{"affected_versions" => ["<0.60"],"cves" => ["CVE-2007-3377"],"description" => "Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.60"],"id" => "CPANSA-Net-DNS-2007-3377","references" => ["http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html","http://rt.cpan.org/Public/Bug/Display.html?id=23961","https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458","http://www.net-dns.org/docs/Changes.html","http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm","http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:146","http://www.redhat.com/support/errata/RHSA-2007-0674.html","http://www.redhat.com/support/errata/RHSA-2007-0675.html","ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc","http://www.novell.com/linux/security/advisories/2007_17_sr.html","http://www.trustix.org/errata/2007/0023/","http://www.ubuntu.com/usn/usn-483-1","http://www.securityfocus.com/bid/24669","http://www.securitytracker.com/id?1018377","http://secunia.com/advisories/25829","http://secunia.com/advisories/26014","http://secunia.com/advisories/26055","http://secunia.com/advisories/26012","http://secunia.com/advisories/26075","http://secunia.com/advisories/26211","http://secunia.com/advisories/26231","http://secunia.com/advisories/26417","http://secunia.com/advisories/26508","http://secunia.com/advisories/26543","http://www.debian.org/security/2008/dsa-1515","http://secunia.com/advisories/29354","http://osvdb.org/37053","https://exchange.xforce.ibmcloud.com/vulnerabilities/35112","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9904","http://www.securityfocus.com/archive/1/473871/100/0/threaded"],"reported" => "2007-06-25","severity" => undef}],"main_module" => "Net::DNS","versions" => [{"date" => "1997-02-04T10:03:21","version" => "0.02"},{"date" => "1997-02-05T05:54:07","version" => "0.02"},{"date" => "1997-02-10T16:24:12","version" => "0.03"},{"date" => "1997-02-13T23:50:40","version" => "0.04"},{"date" => "1997-03-28T06:22:18","version" => "0.05"},{"date" => "1997-04-03T06:54:12","version" => "0.06"},{"date" => "1997-04-19T18:07:46","version" => "0.07"},{"date" => "1997-05-13T15:27:34","version" => "0.08"},{"date" => "1997-05-29T22:16:14","version" => "0.09"},{"date" => "1997-06-13T04:35:29","version" => "0.10"},{"date" => "1997-07-06T18:10:05","version" => "0.11"},{"date" => "1997-10-02T05:53:19","version" => "0.12"},{"date" => "2002-02-01T21:32:42","version" => "0.14"},{"date" => "2002-04-11T23:04:19","version" => "0.19"},{"date" => "2002-05-15T00:39:48","version" => "0.20"},{"date" => "2002-06-03T21:44:48","version" => "0.21"},{"date" => "2002-06-06T21:48:08","version" => "0.22"},{"date" => "2002-06-11T22:49:07","version" => "0.23"},{"date" => "2002-07-06T20:17:50","version" => "0.24"},{"date" => "2002-08-01T10:37:46","version" => "0.25"},{"date" => "2002-08-05T20:11:20","version" => "0.26"},{"date" => "2002-08-15T15:55:56","version" => "0.27"},{"date" => "2002-08-21T00:18:55","version" => "0.28"},{"date" => "2002-10-02T06:09:09","version" => "0.29"},{"date" => "2002-11-07T13:19:03","version" => "0.30"},{"date" => "2002-11-18T04:32:09","version" => "0.31"},{"date" => "2003-01-05T21:37:55","version" => "0.32"},{"date" => "2003-01-08T18:31:53","version" => "0.33"},{"date" => "2003-03-06T19:19:53","version" => "0.34"},{"date" => "2003-05-22T02:33:15","version" => "0.34_02"},{"date" => "2003-05-23T01:24:00","version" => "0.34_03"},{"date" => "2003-05-26T07:13:38","version" => "0.35"},{"date" => "2003-05-28T22:24:43","version" => "0.36"},{"date" => "2003-05-28T22:41:56","version" => "0.37"},{"date" => "2003-06-05T23:55:14","version" => "0.38"},{"date" => "2003-06-23T00:19:28","version" => "0.38_01"},{"date" => "2003-07-29T09:34:12","version" => "0.38_02"},{"date" => "2003-08-07T22:35:45","version" => "0.39"},{"date" => "2003-08-12T04:10:01","version" => "0.39_01"},{"date" => "2003-08-28T15:17:51","version" => "0.39_02"},{"date" => "2003-09-01T22:18:39","version" => "0.40"},{"date" => "2003-09-26T22:54:49","version" => "0.40_01"},{"date" => "2003-10-03T15:57:27","version" => "0.41"},{"date" => "2003-10-26T05:42:29","version" => "0.42"},{"date" => "2003-12-01T04:39:24","version" => "0.42_01"},{"date" => "2003-12-11T08:53:09","version" => "0.42_02"},{"date" => "2003-12-12T00:28:17","version" => "0.43"},{"date" => "2003-12-13T01:55:07","version" => "0.44"},{"date" => "2004-01-03T06:49:06","version" => "0.44_01"},{"date" => "2004-01-04T04:51:25","version" => "0.44_02"},{"date" => "2004-01-08T05:56:11","version" => "0.45"},{"date" => "2004-02-10T00:53:47","version" => "0.45_01"},{"date" => "2004-02-21T12:53:34","version" => "0.46"},{"date" => "2004-04-01T07:39:00","version" => "0.47"},{"date" => "2004-05-06T19:18:31","version" => "0.47_01"},{"date" => "2004-08-13T01:11:57","version" => "0.48"},{"date" => "2005-03-07T14:31:55","version" => "0.48_01"},{"date" => "2005-03-14T20:47:20","version" => "0.48_02"},{"date" => "2005-03-22T15:54:51","version" => "0.48_03"},{"date" => "2005-03-29T13:12:16","version" => "0.49"},{"date" => "2005-05-24T08:07:55","version" => "0.49_01"},{"date" => "2005-05-28T07:07:52","version" => "0.49_02"},{"date" => "2005-06-01T20:51:43","version" => "0.49_03"},{"date" => "2005-06-08T14:15:32","version" => "0.50"},{"date" => "2005-06-10T11:00:29","version" => "0.51"},{"date" => "2005-06-14T11:42:54","version" => "0.49_01"},{"date" => "2005-06-22T14:32:45","version" => "0.49_01"},{"date" => "2005-07-01T21:50:47","version" => "0.52"},{"date" => "2005-07-22T12:23:21","version" => "0.53"},{"date" => "2005-07-31T14:40:15","version" => "0.53_01"},{"date" => "2005-10-18T14:39:03","version" => "0.53_02"},{"date" => "2005-12-07T13:15:30","version" => "0.54"},{"date" => "2005-12-14T10:29:42","version" => "0.55"},{"date" => "2006-02-20T15:34:25","version" => "0.56"},{"date" => "2006-02-24T16:21:14","version" => "0.57"},{"date" => "2006-07-04T11:42:41","version" => "0.58"},{"date" => "2006-09-18T19:31:10","version" => "0.59"},{"date" => "2007-06-22T07:31:18","version" => "0.60"},{"date" => "2007-08-01T12:26:55","version" => "0.61"},{"date" => "2007-12-28T19:32:25","version" => "0.62"},{"date" => "2008-02-08T15:49:50","version" => "0.63"},{"date" => "2008-12-30T18:11:35","version" => "0.64"},{"date" => "2009-01-26T18:19:23","version" => "0.65"},{"date" => "2009-12-30T13:58:25","version" => "0.66"},{"date" => "2011-10-25T12:14:24","version" => "0.66_01"},{"date" => "2011-10-27T14:23:38","version" => "0.66_02"},{"date" => "2011-10-28T14:31:06","version" => "0.66_03"},{"date" => "2011-10-28T15:00:15","version" => "0.66_04"},{"date" => "2011-10-31T14:36:02","version" => "0.66_06"},{"date" => "2011-10-31T19:34:01","version" => "0.66_07"},{"date" => "2011-11-02T21:52:59","version" => "0.66_08"},{"date" => "2011-11-07T09:07:56","version" => "0.67"},{"date" => "2012-01-23T13:41:03","version" => "0.67_01"},{"date" => "2012-01-26T10:44:13","version" => "0.67_03"},{"date" => "2012-01-27T08:47:28","version" => "0.67_04"},{"date" => "2012-01-31T21:54:27","version" => "0.68"},{"date" => "2012-01-31T22:11:31","version" => "0.68"},{"date" => "2012-10-29T15:35:55","version" => "0.68_01"},{"date" => "2012-10-31T10:25:57","version" => "0.68_02"},{"date" => "2012-10-31T20:33:53","version" => "0.68_03"},{"date" => "2012-11-12T07:15:13","version" => "0.68_04"},{"date" => "2012-11-12T10:22:31","version" => "0.68_05"},{"date" => "2012-11-19T12:57:25","version" => "0.68_06"},{"date" => "2012-11-21T23:12:34","version" => "0.68_07"},{"date" => "2012-11-23T22:12:01","version" => "0.68_08"},{"date" => "2012-12-04T07:18:08","version" => "0.68_09"},{"date" => "2012-12-05T12:07:43","version" => "0.69"},{"date" => "2012-12-05T14:05:12","version" => "0.69_1"},{"date" => "2012-12-06T11:10:17","version" => "0.70"},{"date" => "2012-12-12T16:04:03","version" => "0.70_1"},{"date" => "2012-12-15T11:18:56","version" => "0.71"},{"date" => "2012-12-24T21:14:23","version" => "0.71_01"},{"date" => "2012-12-28T15:03:57","version" => "0.72"},{"date" => "2013-11-13T15:18:55","version" => "0.72_01"},{"date" => "2013-11-14T16:13:33","version" => "0.72_02"},{"date" => "2013-11-18T10:49:23","version" => "0.72_03"},{"date" => "2013-11-19T21:52:50","version" => "0.72_04"},{"date" => "2013-11-29T13:35:08","version" => "0.73"},{"date" => "2013-12-24T15:21:50","version" => "0.73_1"},{"date" => "2014-01-02T20:32:27","version" => "0.73_2"},{"date" => "2014-01-05T20:31:16","version" => "0.73_3"},{"date" => "2014-01-12T10:25:24","version" => "0.73_4"},{"date" => "2014-01-13T15:59:49","version" => "0.73_5"},{"date" => "2014-01-16T10:23:47","version" => "0.74"},{"date" => "2014-03-03T21:33:39","version" => "0.74_1"},{"date" => "2014-03-10T08:36:19","version" => "0.74_2"},{"date" => "2014-04-03T21:00:45","version" => "0.74_3"},{"date" => "2014-04-30T14:05:59","version" => "0.74_4"},{"date" => "2014-05-05T06:05:46","version" => "0.74_5"},{"date" => "2014-05-06T09:22:01","version" => "0.74_6"},{"date" => "2014-05-08T09:54:21","version" => "0.75"},{"date" => "2014-05-22T20:56:00","version" => "0.75_1"},{"date" => "2014-05-23T22:26:56","version" => "0.76"},{"date" => "2014-05-29T11:26:07","version" => "0.76_1"},{"date" => "2014-06-05T16:04:39","version" => "0.76_2"},{"date" => "2014-06-13T08:31:32","version" => "0.76_3"},{"date" => "2014-06-13T21:57:13","version" => "0.77"},{"date" => "2014-07-02T09:53:03","version" => "0.77_1"},{"date" => "2014-07-09T07:09:44","version" => "0.77_2"},{"date" => "2014-07-10T14:13:33","version" => "0.78"},{"date" => "2014-07-30T21:41:25","version" => "0.78_1"},{"date" => "2014-08-12T22:13:54","version" => "0.78_2"},{"date" => "2014-08-15T14:40:22","version" => "0.78_3"},{"date" => "2014-08-19T13:24:46","version" => "0.78_5"},{"date" => "2014-08-22T22:29:13","version" => "0.79"},{"date" => "2014-09-11T11:42:35","version" => "0.79_1"},{"date" => "2014-09-15T14:51:32","version" => "0.79_2"},{"date" => "2014-09-22T11:51:22","version" => "0.80"},{"date" => "2014-10-20T08:19:15","version" => "0.80_1"},{"date" => "2014-10-24T08:21:15","version" => "0.80_2"},{"date" => "2014-10-29T13:44:16","version" => "0.81"},{"date" => "2015-01-05T10:22:06","version" => "0.81_01"},{"date" => "2015-01-20T14:12:38","version" => "0.82"},{"date" => "2015-02-11T14:26:36","version" => "0.82_01"},{"date" => "2015-02-18T11:05:47","version" => "0.82_02"},{"date" => "2015-02-26T15:48:06","version" => "0.83"},{"date" => "2015-05-27T10:04:50","version" => "1.00_01"},{"date" => "2015-06-11T17:23:10","version" => "1.00_02"},{"date" => "2015-06-15T10:02:08","version" => "1.00_03"},{"date" => "2015-06-23T13:57:29","version" => "1.00_04"},{"date" => "2015-06-26T09:37:11","version" => "1.00_05"},{"date" => "2015-06-29T17:15:06","version" => "1.00_06"},{"date" => "2015-07-01T13:51:22","version" => "1.00_07"},{"date" => "2015-07-02T08:17:44","version" => "1.00_08"},{"date" => "2015-07-06T17:28:32","version" => "1.01"},{"date" => "2015-08-26T20:44:25","version" => "1.01_01"},{"date" => "2015-09-03T06:21:58","version" => "1.01_02"},{"date" => "2015-09-04T20:39:37","version" => "1.01_03"},{"date" => "2015-09-08T08:26:06","version" => "1.01_04"},{"date" => "2015-09-11T11:49:24","version" => "1.01_05"},{"date" => "2015-09-15T18:51:53","version" => "1.01_06"},{"date" => "2015-09-16T10:25:09","version" => "1.02"},{"date" => "2015-09-22T13:39:43","version" => "1.02_01"},{"date" => "2015-10-05T08:30:03","version" => "1.02_02"},{"date" => "2015-10-06T20:39:36","version" => "1.02_03"},{"date" => "2015-10-08T21:24:29","version" => "1.02_04"},{"date" => "2015-10-13T07:30:39","version" => "1.02_05"},{"date" => "2015-10-14T12:44:57","version" => "1.02_06"},{"date" => "2015-10-20T09:59:26","version" => "1.02_07"},{"date" => "2015-10-23T08:32:04","version" => "1.02_08"},{"date" => "2015-10-27T16:07:21","version" => "1.02_09"},{"date" => "2015-11-02T06:00:09","version" => "1.02_10"},{"date" => "2015-11-08T13:49:33","version" => "1.03"},{"date" => "2015-12-01T21:21:55","version" => "1.03_01"},{"date" => "2015-12-02T14:27:42","version" => "1.03_02"},{"date" => "2015-12-02T20:49:07","version" => "1.03_03"},{"date" => "2015-12-08T20:41:10","version" => "1.04"},{"date" => "2016-02-01T16:26:27","version" => "1.04_01"},{"date" => "2016-02-02T08:03:42","version" => "1.04_02"},{"date" => "2016-02-05T12:19:57","version" => "1.04_03"},{"date" => "2016-02-29T12:32:53","version" => "1.04_04"},{"date" => "2016-03-07T21:11:01","version" => "1.05"},{"date" => "2016-03-21T13:15:38","version" => "1.05_01"},{"date" => "2016-03-24T18:45:15","version" => "1.05_02"},{"date" => "2016-04-04T21:53:54","version" => "1.05_03"},{"date" => "2016-04-15T10:11:03","version" => "1.05_04"},{"date" => "2016-04-17T12:05:46","version" => "1.05_05"},{"date" => "2016-05-11T08:58:51","version" => "1.05_06"},{"date" => "2016-05-22T07:54:41","version" => "1.05_07"},{"date" => "2016-05-27T19:12:44","version" => "1.06"},{"date" => "2016-06-22T08:54:06","version" => "1.06_01"},{"date" => "2016-08-24T11:36:13","version" => "1.06_02"},{"date" => "2016-08-25T15:01:31","version" => "1.06_03"},{"date" => "2016-09-17T08:19:30","version" => "1.06_04"},{"date" => "2016-11-12T03:24:33","version" => "1.06_05"},{"date" => "2016-12-23T14:48:42","version" => "1.06_06"},{"date" => "2016-12-29T17:16:20","version" => "1.07"},{"date" => "2017-01-18T21:51:05","version" => "1.07_01"},{"date" => "2017-01-27T10:44:03","version" => "1.07_02"},{"date" => "2017-02-09T10:28:55","version" => "1.07_03"},{"date" => "2017-02-13T10:08:41","version" => "1.07_04"},{"date" => "2017-02-20T11:12:45","version" => "1.08"},{"date" => "2017-03-06T09:33:06","version" => "1.08_02"},{"date" => "2017-03-13T10:02:22","version" => "1.08_03"},{"date" => "2017-03-22T09:48:52","version" => "1.08_04"},{"date" => "2017-03-24T07:00:36","version" => "1.09"},{"date" => "2017-04-19T13:10:57","version" => "1.09_01"},{"date" => "2017-05-05T22:21:10","version" => "1.10"},{"date" => "2017-05-31T09:07:40","version" => "1.10_01"},{"date" => "2017-06-03T20:26:47","version" => "1.10_02"},{"date" => "2017-06-12T12:03:07","version" => "1.10_03"},{"date" => "2017-06-26T12:52:57","version" => "1.11"},{"date" => "2017-07-07T21:50:10","version" => "1.11_01"},{"date" => "2017-07-28T16:17:01","version" => "1.11_02"},{"date" => "2017-08-15T10:33:15","version" => "1.11_03"},{"date" => "2017-08-17T12:48:08","version" => "1.11_04"},{"date" => "2017-08-18T13:15:31","version" => "1.12"},{"date" => "2017-09-12T09:28:26","version" => "1.12_01"},{"date" => "2017-10-06T09:07:45","version" => "1.12_02"},{"date" => "2017-10-10T14:42:38","version" => "1.12_03"},{"date" => "2017-10-18T09:49:20","version" => "1.13"},{"date" => "2017-11-30T11:11:55","version" => "1.13_01"},{"date" => "2017-12-07T10:17:12","version" => "1.13_02"},{"date" => "2017-12-15T12:34:59","version" => "1.14"},{"date" => "2018-01-31T10:11:39","version" => "1.14_01"},{"date" => "2018-02-01T14:14:07","version" => "1.14_02"},{"date" => "2018-02-09T11:42:14","version" => "1.15"},{"date" => "2018-06-11T09:20:56","version" => "1.15_01"},{"date" => "2018-06-14T10:46:39","version" => "1.15_02"},{"date" => "2018-07-03T09:05:15","version" => "1.15_03"},{"date" => "2018-07-06T10:03:02","version" => "1.15_04"},{"date" => "2018-07-16T04:56:07","version" => "1.16"},{"date" => "2018-07-20T16:22:38","version" => "1.16_01"},{"date" => "2018-07-24T15:35:14","version" => "1.16_02"},{"date" => "2018-07-25T07:10:24","version" => "1.17"},{"date" => "2018-09-11T10:24:34","version" => "1.17_01"},{"date" => "2018-09-11T15:32:52","version" => "1.17_02"},{"date" => "2018-09-12T06:15:44","version" => "1.17_03"},{"date" => "2018-09-21T14:49:48","version" => "1.18"},{"date" => "2018-11-08T06:39:55","version" => "1.18_01"},{"date" => "2018-11-15T06:02:14","version" => "1.19"},{"date" => "2018-12-31T12:23:28","version" => "1.19_01"},{"date" => "2019-01-28T09:48:25","version" => "1.19_02"},{"date" => "2019-03-22T08:40:39","version" => "1.19_03"},{"date" => "2019-03-22T14:13:56","version" => "1.20"},{"date" => "2019-07-21T09:20:43","version" => "1.20_01"},{"date" => "2019-07-23T14:51:08","version" => "1.20_02"},{"date" => "2019-08-21T13:49:42","version" => "1.20_03"},{"date" => "2019-08-30T08:37:40","version" => "1.21"},{"date" => "2020-02-02T21:54:31","version" => "1.21_01"},{"date" => "2020-02-13T13:56:48","version" => "1.22"},{"date" => "2020-03-17T09:09:32","version" => "1.22_01"},{"date" => "2020-03-18T14:55:27","version" => "1.23"},{"date" => "2020-05-13T09:04:51","version" => "1.23_01"},{"date" => "2020-05-27T12:47:25","version" => "1.24"},{"date" => "2020-06-19T10:52:05","version" => "1.24_01"},{"date" => "2020-06-23T13:07:04","version" => "1.24_02"},{"date" => "2020-06-26T15:40:24","version" => "1.25"},{"date" => "2020-07-28T12:55:42","version" => "1.25_01"},{"date" => "2020-07-31T08:43:21","version" => "1.25_02"},{"date" => "2020-08-06T15:55:03","version" => "1.26"},{"date" => "2020-08-31T13:51:53","version" => "1.26_01"},{"date" => "2020-09-07T08:02:00","version" => "1.26_02"},{"date" => "2020-09-11T18:53:08","version" => "1.27"},{"date" => "2020-10-08T22:00:15","version" => "1.27_01"},{"date" => "2020-10-16T10:20:24","version" => "1.27_02"},{"date" => "2020-10-19T08:09:59","version" => "1.27_03"},{"date" => "2020-10-23T16:53:49","version" => "1.28"},{"date" => "2020-11-16T16:33:26","version" => "1.28_01"},{"date" => "2020-11-18T13:40:46","version" => "1.29"},{"date" => "2020-12-24T15:37:27","version" => "1.29_01"},{"date" => "2021-03-22T08:38:47","version" => "1.29_02"},{"date" => "2021-03-28T09:38:33","version" => "1.29_03"},{"date" => "2021-03-30T10:06:50","version" => "1.30"},{"date" => "2021-05-02T12:43:26","version" => "1.31"},{"date" => "2021-07-09T09:57:13","version" => "1.31_01"},{"date" => "2021-07-16T14:24:25","version" => "1.32"},{"date" => "2021-08-11T10:07:26","version" => "1.32_01"},{"date" => "2021-12-08T10:42:13","version" => "1.32_02"},{"date" => "2021-12-16T12:22:39","version" => "1.33"},{"date" => "2022-05-21T10:05:03","version" => "1.33_01"},{"date" => "2022-05-30T13:39:34","version" => "1.34"},{"date" => "2022-09-23T13:43:05","version" => "1.34_01"},{"date" => "2022-10-04T13:44:45","version" => "1.34_02"},{"date" => "2022-10-04T20:02:07","version" => "1.35"},{"date" => "2022-12-20T14:45:20","version" => "1.35_01"},{"date" => "2022-12-21T11:28:18","version" => "1.35_02"},{"date" => "2022-12-28T13:12:39","version" => "1.35_03"},{"date" => "2022-12-30T15:53:37","version" => "1.36"},{"date" => "2023-01-30T14:07:07","version" => "1.36_01"},{"date" => "2023-02-20T15:36:17","version" => "1.36_02"},{"date" => "2023-03-06T12:19:36","version" => "1.36_03"},{"date" => "2023-03-13T18:06:16","version" => "1.37"},{"date" => "2023-03-30T19:26:05","version" => "1.37_01"},{"date" => "2023-04-17T12:34:49","version" => "1.37_02"},{"date" => "2023-04-20T12:38:12","version" => "1.37_03"},{"date" => "2023-04-25T20:37:19","version" => "1.37_04"},{"date" => "2023-05-09T10:50:45","version" => "1.38"},{"date" => "2023-05-31T14:12:28","version" => "1.38_01"},{"date" => "2023-06-01T11:46:37","version" => "1.39"},{"date" => "2023-08-23T14:53:17","version" => "1.39_01"},{"date" => "2023-08-25T12:50:35","version" => "1.39_02"},{"date" => "2023-08-30T18:16:07","version" => "1.40"},{"date" => "2023-11-22T08:42:22","version" => "1.40_01"},{"date" => "2023-11-27T13:28:04","version" => "1.41"},{"date" => "2023-12-24T15:48:59","version" => "1.42"},{"date" => "2024-01-04T11:21:08","version" => "1.42_01"},{"date" => "2024-01-08T09:38:46","version" => "1.42_02"},{"date" => "2024-01-10T15:04:01","version" => "1.42_03"},{"date" => "2024-01-17T09:07:40","version" => "1.42_04"},{"date" => "2024-01-25T11:08:34","version" => "1.42_05"},{"date" => "2024-01-26T14:54:33","version" => "1.43"},{"date" => "2024-02-14T09:22:32","version" => "1.43_01"},{"date" => "2024-02-15T13:03:57","version" => "1.44"},{"date" => "2024-04-21T08:24:10","version" => "1.44_01"},{"date" => "2024-05-02T11:03:24","version" => "1.45"},{"date" => "2024-07-26T03:56:44","version" => "1.45_01"},{"date" => "2024-08-12T09:53:41","version" => "1.45_02"},{"date" => "2024-08-19T15:12:15","version" => "1.46"},{"date" => "2024-09-18T20:46:06","version" => "1.47"},{"date" => "2024-11-07T14:13:26","version" => "1.47_01"},{"date" => "2024-11-08T13:27:46","version" => "1.48"},{"date" => "2024-12-16T13:43:49","version" => "1.48_01"},{"date" => "2024-12-18T14:24:48","version" => "1.48_02"},{"date" => "2024-12-27T13:12:51","version" => "1.49"},{"date" => "2025-01-02T16:36:47","version" => "1.49_01"},{"date" => "2025-01-29T09:05:23","version" => "1.49_02"},{"date" => "2025-02-08T16:50:50","version" => "1.49_03"},{"date" => "2025-02-10T13:49:02","version" => "1.49_04"},{"date" => "2025-02-11T15:56:15","version" => "1.49_05"},{"date" => "2025-02-21T08:48:19","version" => "1.50"},{"date" => "2025-07-01T12:01:39","version" => "1.50_01"},{"date" => "2025-07-04T13:49:27","version" => "1.51"},{"date" => "2025-07-18T11:52:46","version" => "1.51_01"},{"date" => "2025-07-19T11:26:47","version" => "1.51_02"},{"date" => "2025-07-22T16:56:24","version" => "1.51_03"},{"date" => "2025-07-28T13:57:39","version" => "1.51_04"},{"date" => "2025-07-29T18:11:00","version" => "1.52"},{"date" => "2025-08-14T12:01:11","version" => "1.52_01"},{"date" => "2025-08-19T09:53:44","version" => "1.52_02"},{"date" => "2025-08-26T09:53:47","version" => "1.52_03"},{"date" => "2025-08-29T12:22:39","version" => "1.53"},{"date" => "2026-01-16T13:17:34","version" => "1.54"}]},"Net-Dropbear" => {"advisories" => [{"affected_versions" => ["<0"],"comment" => "From the author: \"I have reviewed Dropbear's usage of libtomcrypt, and the function in question for CVE-2019-17362, der_decode_utf8_string, is not used in Dropbear. None of the DER parsing from libtomcrypt is used in Dropbear at all, I have confirmed that the flag to include it is not set, and confirmed that the resultant Dropbear.so that is built by Net::Dropbear does not include any of the der_* symbols.\"\n","cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","embedded_vulnerability" => {"affected_versions" => "<0","distributed_version" => "1.8.2","name" => "libtomcrypt"},"fixed_versions" => [">0"],"id" => "CPANSA-Net-Dropbear-2019-17362","references" => ["https://github.com/atrodo/Net-Dropbear/issues/6","https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">0"],"comment" => "embedded library is libtommath","cves" => ["CVE-2025-40913","CVE-2023-36328"],"description" => "Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow.  Net::Dropbear\x{a0}embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2025-40913","references" => ["https://github.com/advisories/GHSA-j3xv-6967-cv88","https://github.com/libtom/libtommath/pull/546","https://metacpan.org/release/ATRODO/Net-Dropbear-0.16/source/dropbear/libtommath/bn_mp_grow.c","https://www.cve.org/CVERecord?id=CVE-2023-36328"],"reported" => "2025-07-16","severity" => undef},{"affected_versions" => [">=0.01,<=0.07"],"cves" => ["CVE-2020-36254"],"description" => "scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2020-36254-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff"],"reported" => "2021-02-25","severity" => "high"},{"affected_versions" => [">=0.08,<=0.10"],"cves" => ["CVE-2020-36254"],"description" => "scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2020-36254-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff"],"reported" => "2021-02-25","severity" => "high"},{"affected_versions" => [">=0.11,<=0.13"],"cves" => ["CVE-2020-36254"],"description" => "scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2020-36254-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff"],"reported" => "2021-02-25","severity" => "high"},{"affected_versions" => [">=0.14"],"cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-17362-libtomcrypt","references" => ["https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">=0.11,<=0.13"],"cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-17362-libtomcrypt","references" => ["https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">=0.01,<=0.10"],"cves" => ["CVE-2016-6129"],"description" => "The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2016-6129-libtomcrypt","references" => ["https://www.op-tee.org/advisories/","https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0","https://bugzilla.redhat.com/show_bug.cgi?id=1370955"],"reported" => "2017-02-13","severity" => "high"}],"main_module" => "Net::Dropbear","versions" => [{"date" => "2015-11-03T18:31:23","version" => "0.01"},{"date" => "2015-11-04T04:17:39","version" => "0.02"},{"date" => "2015-11-05T06:49:56","version" => "0.03"},{"date" => "2015-11-07T03:40:31","version" => "0.04"},{"date" => "2015-11-29T00:37:40","version" => "0.06"},{"date" => "2016-01-02T05:57:50","version" => "0.07"},{"date" => "2016-08-04T05:36:45","version" => "0.08"},{"date" => "2016-08-08T05:56:46","version" => "0.09"},{"date" => "2016-08-10T05:05:32","version" => "0.10"},{"date" => "2020-03-17T04:05:13","version" => "0.11"},{"date" => "2020-03-20T02:33:34","version" => "0.12"},{"date" => "2020-03-21T14:51:53","version" => "0.13"},{"date" => "2021-05-28T04:07:12","version" => "0.14"},{"date" => "2022-07-01T04:48:35","version" => "0.15"},{"date" => "2022-07-08T03:18:20","version" => "0.16"}]},"Net-Dropbox-API" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-58036"],"description" => "Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Net-Dropbox-API","fixed_versions" => [],"id" => "CPANSA-Net-Dropbox-API-2024-58036","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L11","https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L385","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Net::Dropbox::API","versions" => [{"date" => "2010-05-12T02:24:44","version" => "0.02"},{"date" => "2010-05-12T03:47:17","version" => "0.3"},{"date" => "2010-05-12T05:20:22","version" => "0.4"},{"date" => "2010-05-13T01:28:14","version" => "0.5"},{"date" => "2010-05-13T01:45:47","version" => "0.6"},{"date" => "2010-09-29T22:44:37","version" => "0.7"},{"date" => "2010-10-17T21:34:59","version" => "0.9"},{"date" => "2011-02-06T21:28:22","version" => "0.10"},{"date" => "2011-02-20T20:23:48","version" => "1.0"},{"date" => "2011-02-23T03:51:46","version" => "1.1"},{"date" => "2011-03-23T19:59:39","version" => "1.2"},{"date" => "2011-04-08T04:53:20","version" => "1.3"},{"date" => "2011-04-12T19:45:12","version" => "1.4"},{"date" => "2011-05-09T07:49:55","version" => "1.5"},{"date" => "2011-05-16T05:45:53","version" => "1.6"},{"date" => "2011-06-16T01:18:02","version" => "1.6.1"},{"date" => "2011-06-28T00:24:02","version" => "1.7"},{"date" => "2012-03-22T23:54:58","version" => "1.8"},{"date" => "2012-10-23T07:31:36","version" => "1.9"}]},"Net-IP-LPM" => {"advisories" => [{"affected_versions" => [">=1.10"],"cves" => ["CVE-2025-40910"],"description" => "Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.  Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.","distribution" => "Net-IP-LPM","fixed_versions" => [],"id" => "CPANSA-Net-IP-LPM-2025-40910","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/TPODER/Net-IP-LPM-1.10/diff/TPODER/Net-IP-LPM-1.09/lib/Net/IP/LPM.pm","https://security.metacpan.org/patches/N/Net-IP-LPM/1.10/CVE-2025-40910-r1.patch"],"reported" => "2025-06-27","severity" => undef}],"main_module" => "Net::IP::LPM","versions" => [{"date" => "2013-01-05T14:28:16","version" => "0.01_01"},{"date" => "2013-01-07T14:50:26","version" => "0.01_02"},{"date" => "2013-01-09T06:10:47","version" => "0.01_03"},{"date" => "2013-01-12T11:32:07","version" => "0.02"},{"date" => "2013-03-08T12:21:31","version" => "0.02_01"},{"date" => "2013-03-16T21:27:03","version" => "0.03"},{"date" => "2013-08-17T04:37:38","version" => "1.01_01"},{"date" => "2013-08-18T06:59:49","version" => "1.01_02"},{"date" => "2013-08-18T14:53:57","version" => "1.01_04"},{"date" => "2013-08-20T06:13:43","version" => "1.02"},{"date" => "2013-08-20T18:42:21","version" => "1.03"},{"date" => "2013-08-26T07:46:02","version" => "1.04"},{"date" => "2013-10-02T16:49:57","version" => "1.05"},{"date" => "2014-11-16T13:18:40","version" => "1.06"},{"date" => "2014-11-20T07:37:55","version" => "1.07"},{"date" => "2014-12-01T21:14:24","version" => "1.09"},{"date" => "2015-08-03T08:40:34","version" => "1.10"}]},"Net-IPAddress-Util" => {"advisories" => [{"affected_versions" => ["<5.000"],"cves" => ["CVE-2021-47156"],"description" => "The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-IPAddress-Util","fixed_versions" => [">=5.000"],"id" => "CPANSA-Net-IPAddress-Util-2021-47156","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/Net-IPAddress-Util","https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::IPAddress::Util","versions" => [{"date" => "2010-03-21T17:13:19","version" => "0.01"},{"date" => "2010-03-21T21:58:11","version" => "0.02"},{"date" => "2010-03-21T23:54:15","version" => "0.03"},{"date" => "2010-03-22T00:50:40","version" => "0.04"},{"date" => "2010-03-23T11:38:32","version" => "0.05"},{"date" => "2010-03-24T10:42:02","version" => "0.06"},{"date" => "2010-03-25T10:58:12","version" => "0.07"},{"date" => "2010-03-26T11:06:58","version" => "0.08"},{"date" => "2010-03-27T15:38:27","version" => "0.09"},{"date" => "2010-04-29T01:26:36","version" => "0.10"},{"date" => "2011-03-26T22:10:10","version" => "0.11"},{"date" => "2011-03-27T00:22:54","version" => "0.12"},{"date" => "2012-05-30T10:03:21","version" => "1.000"},{"date" => "2012-05-31T10:48:35","version" => "1.001"},{"date" => "2012-06-09T08:44:51","version" => "1.002"},{"date" => "2013-10-29T14:27:36","version" => "2.000"},{"date" => "2013-10-29T14:31:44","version" => "2.000_TRIAL"},{"date" => "2013-10-30T03:01:39","version" => "2.001_TRIAL"},{"date" => "2013-10-30T03:32:06","version" => "2.002_TRIAL"},{"date" => "2013-10-30T11:47:01","version" => "2.003_TRIAL"},{"date" => "2013-10-30T15:53:55","version" => "2.004_TRIAL"},{"date" => "2013-11-01T02:53:47","version" => "1.500"},{"date" => "2013-11-02T02:04:49","version" => "3.000"},{"date" => "2014-04-29T10:09:11","version" => "3.001"},{"date" => "2014-06-10T06:38:16","version" => "3.002"},{"date" => "2014-06-14T21:40:33","version" => "3.003"},{"date" => "2014-09-24T11:29:12","version" => "3.010"},{"date" => "2014-09-24T13:12:04","version" => "3.011"},{"date" => "2014-09-26T05:01:04","version" => "3.012"},{"date" => "2014-09-27T15:52:03","version" => "3.013"},{"date" => "2014-09-27T15:59:49","version" => "3.014"},{"date" => "2014-09-30T03:35:57","version" => "3.015"},{"date" => "2014-09-30T03:47:35","version" => "3.016"},{"date" => "2014-09-30T05:30:38","version" => "3.017"},{"date" => "2014-09-30T06:56:39","version" => "3.018"},{"date" => "2015-01-11T03:59:42","version" => "3.019"},{"date" => "2015-01-11T23:29:32","version" => "3.020"},{"date" => "2015-02-18T06:04:51","version" => "3.021"},{"date" => "2015-03-21T16:22:56","version" => "3.022"},{"date" => "2016-03-30T16:54:57","version" => "3.024"},{"date" => "2016-03-30T23:56:29","version" => "3.025"},{"date" => "2016-04-07T19:36:23","version" => "3.026"},{"date" => "2016-04-13T13:40:55","version" => "3.027"},{"date" => "2017-08-17T16:40:13","version" => "3.028"},{"date" => "2017-08-17T21:11:21","version" => "3.029"},{"date" => "2017-08-18T18:07:20","version" => "3.030"},{"date" => "2017-08-18T19:01:22","version" => "3.031"},{"date" => "2017-08-31T16:41:45","version" => "3.032"},{"date" => "2017-08-31T19:39:56","version" => "3.033"},{"date" => "2017-09-20T19:26:27","version" => "3.034"},{"date" => "2017-09-21T10:14:03","version" => "4.000"},{"date" => "2017-09-22T13:04:11","version" => "4.001"},{"date" => "2017-10-04T18:28:54","version" => "4.002"},{"date" => "2017-10-05T18:08:46","version" => "4.003"},{"date" => "2017-10-05T18:44:53","version" => "4.004"},{"date" => "2021-04-05T18:40:34","version" => "5.000"},{"date" => "2021-04-11T04:34:22","version" => "5.001"}]},"Net-IPv4Addr" => {"advisories" => [{"affected_versions" => [">=0.10"],"cves" => ["CVE-2021-47155"],"description" => "The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-IPv4Addr","fixed_versions" => [],"id" => "CPANSA-Net-IPV4Addr-2021-47155","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/Net-IPAddress-Util","https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::IPv4Addr","versions" => [{"date" => "1999-10-20T01:18:13","version" => "0.07"},{"date" => "1999-12-17T23:08:34","version" => "0.08"},{"date" => "1999-12-17T23:10:21","version" => "0.8"},{"date" => "2000-05-03T20:24:59","version" => "0.09"},{"date" => "2000-08-07T19:39:33","version" => "0.10"}]},"Net-NSCA-Client" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-57854"],"description" => "Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.  Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.  Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.","distribution" => "Net-NSCA-Client","fixed_versions" => [">=0.009002"],"id" => "CPANSA-Net-NSCA-Client-2024-57854","references" => ["https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119","https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Net::NSCA::Client","versions" => [{"date" => "2009-10-02T00:42:02","version" => "0.001"},{"date" => "2009-10-08T21:34:38","version" => "0.002"},{"date" => "2009-10-31T20:52:06","version" => "0.003"},{"date" => "2009-11-01T00:48:01","version" => "0.004"},{"date" => "2009-11-01T06:39:10","version" => "0.005"},{"date" => "2009-11-03T16:07:59","version" => "0.006"},{"date" => "2010-08-25T02:20:41","version" => "0.007"},{"date" => "2010-08-31T02:16:17","version" => "0.008"},{"date" => "2011-05-03T16:19:48","version" => "0.009"},{"date" => "2011-05-06T02:00:18","version" => "0.009001"},{"date" => "2011-10-24T04:44:41","version" => "0.009002"}]},"Net-Netmask" => {"advisories" => [{"affected_versions" => ["<2.0000"],"cves" => ["CVE-2021-29424"],"description" => "The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-Netmask","fixed_versions" => [">=2.0000"],"id" => "CPANSA-Net-Netmask-2021-01","references" => ["https://security.netapp.com/advisory/ntap-20210604-0007/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/","https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/changes/distribution/Net-Netmask#L11-22"],"reported" => "2021-03-29"}],"main_module" => "Net::Netmask","versions" => [{"date" => "1998-06-08T05:38:00","version" => "1.0"},{"date" => "1998-06-08T22:46:00","version" => "1.2"},{"date" => "1998-06-25T17:03:00","version" => "1.3"},{"date" => "1998-11-29T20:50:00","version" => "1.4"},{"date" => "1999-03-28T03:32:00","version" => "1.6"},{"date" => "1999-09-15T17:44:00","version" => "1.7"},{"date" => "1999-09-21T00:53:00","version" => "1.8"},{"date" => "2001-05-16T09:18:57","version" => "1.9"},{"date" => "2001-09-30T06:14:00","version" => "1.9001"},{"date" => "2001-11-12T18:20:00","version" => "1.9002"},{"date" => "2003-05-27T15:36:25","version" => "1.9003"},{"date" => "2003-05-29T03:36:30","version" => "1.9004"},{"date" => "2003-11-29T22:49:00","version" => "1.9005"},{"date" => "2003-12-05T22:02:00","version" => "1.9006"},{"date" => "2004-01-02T23:56:00","version" => "1.9007"},{"date" => "2004-04-06T20:15:00","version" => "1.9008"},{"date" => "2004-04-12T21:05:00","version" => "1.9009"},{"date" => "2004-05-31T19:48:00","version" => "1.9011"},{"date" => "2005-05-19T15:45:00","version" => "1.9012"},{"date" => "2006-09-06T19:27:00","version" => "1.9013"},{"date" => "2006-10-14T01:20:00","version" => "1.9014"},{"date" => "2006-11-30T21:06:00","version" => "1.9015"},{"date" => "2011-03-23T04:41:06","version" => "1.9016"},{"date" => "2013-09-21T01:56:56","version" => "1.9017"},{"date" => "2013-09-27T01:25:15","version" => "1.9018"},{"date" => "2013-10-02T00:42:56","version" => "1.9019"},{"date" => "2014-07-18T00:15:30","version" => "1.9021"},{"date" => "2015-05-05T03:36:33","version" => "1.9022"},{"date" => "2018-06-04T04:39:04","version" => "1.9100"},{"date" => "2018-06-05T01:21:39","version" => "1.9101"},{"date" => "2018-06-18T16:35:20","version" => "1.9102"},{"date" => "2018-06-18T21:31:04","version" => "1.9103"},{"date" => "2018-07-27T04:52:04","version" => "1.9104"},{"date" => "2018-07-27T23:03:36","version" => "1.9104"},{"date" => "2021-03-29T17:24:43","version" => "2.0000"},{"date" => "2021-03-29T19:31:52","version" => "2.0001"},{"date" => "2022-08-31T18:09:46","version" => "2.0002"},{"date" => "2025-05-17T15:27:37","version" => "2.0003"}]},"Net-OAuth" => {"advisories" => [{"affected_versions" => ["<0.29"],"cves" => ["CVE-2025-22376"],"description" => "In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.\n","distribution" => "Net-OAuth","fixed_versions" => [">=0.29"],"id" => "CPANSA-Net-OAuth-2025-22376","references" => ["https://metacpan.org/release/KGRENNAN/Net-OAuth-0.28/source/lib/Net/OAuth/Client.pm#L260","https://metacpan.org/release/RRWO/Net-OAuth-0.29/changes"],"reported" => "2025-01-03","severity" => "high"}],"main_module" => "Net::OAuth","versions" => [{"date" => "2007-09-30T14:22:46","version" => "0.01"},{"date" => "2007-10-02T07:37:48","version" => "0.02"},{"date" => "2007-10-15T01:37:47","version" => "0.03"},{"date" => "2007-10-19T16:49:05","version" => "0.04"},{"date" => "2007-11-19T03:34:37","version" => "0.05"},{"date" => "2008-03-08T00:52:34","version" => "0.06"},{"date" => "2008-06-01T16:10:24","version" => "0.07"},{"date" => "2008-06-02T17:46:32","version" => "0.08"},{"date" => "2008-06-03T03:48:14","version" => "0.09"},{"date" => "2008-06-04T16:32:57","version" => "0.1"},{"date" => "2008-06-04T16:52:05","version" => "0.11"},{"date" => "2008-07-04T23:04:35","version" => "0.12"},{"date" => "2008-11-13T22:55:38","version" => "0.13"},{"date" => "2008-12-13T17:32:02","version" => "0.14"},{"date" => "2009-06-05T01:27:05","version" => "0.15"},{"date" => "2009-06-15T18:40:40","version" => "0.16"},{"date" => "2009-06-25T17:05:32","version" => "0.17"},{"date" => "2009-06-25T17:21:13","version" => "0.18"},{"date" => "2009-06-26T17:37:04","version" => "0.19"},{"date" => "2009-11-13T19:04:23","version" => "0.20"},{"date" => "2010-03-10T23:07:13","version" => "0.21"},{"date" => "2010-03-11T00:25:24","version" => "0.22"},{"date" => "2010-03-18T17:53:01","version" => "0.23"},{"date" => "2010-03-21T03:44:38","version" => "0.24"},{"date" => "2010-03-21T03:53:29","version" => "0.25"},{"date" => "2010-06-16T20:08:26","version" => "0.26"},{"date" => "2010-06-16T20:47:49","version" => "0.27"},{"date" => "2012-01-06T06:08:03","version" => "0.28"},{"date" => "2025-01-03T09:18:44","version" => "0.29"},{"date" => "2025-01-03T09:48:29","version" => "0.30"},{"date" => "2025-04-03T16:00:58","version" => "0.31"}]},"Net-OpenID-Consumer" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "A potential timing attack when checking signatures.\n","distribution" => "Net-OpenID-Consumer","fixed_versions" => [">=1.12"],"id" => "CPANSA-Net-OpenID-Consumer-2010-01","references" => ["https://metacpan.org/changes/distribution/Net-OpenID-Consumer","https://github.com/wrog/Net-OpenID-Consumer/commit/4e82c7e4b6ad4bc40571c5cfcaa58f9365b147a5","http://lists.openid.net/pipermail/openid-security/2010-July/001156.html"],"reported" => "2010-11-06"},{"affected_versions" => ["<0.06"],"cves" => [],"description" => "Incorrect comparison of system openssl status when doing DSA checks.\n","distribution" => "Net-OpenID-Consumer","fixed_versions" => [">=0.06"],"id" => "CPANSA-Net-OpenID-Consumer-2015-05","references" => ["https://metacpan.org/changes/distribution/Net-OpenID-Consumer"],"reported" => "2015-05-26"}],"main_module" => "Net::OpenID::Consumer","versions" => [{"date" => "2005-05-23T03:02:59","version" => "0.02"},{"date" => "2005-05-23T08:05:35","version" => "0.03"},{"date" => "2005-05-25T05:08:25","version" => "0.04"},{"date" => "2005-05-25T06:14:44","version" => "0.05"},{"date" => "2005-05-26T06:18:39","version" => "0.06"},{"date" => "2005-05-26T06:56:30","version" => "0.07"},{"date" => "2005-05-26T07:18:01","version" => "0.08"},{"date" => "2005-06-23T23:50:47","version" => "0.09"},{"date" => "2005-06-27T04:43:01","version" => "0.10"},{"date" => "2005-06-27T21:59:47","version" => "0.11"},{"date" => "2005-07-13T17:57:27","version" => "0.12"},{"date" => "2007-04-16T17:58:45","version" => "0.13"},{"date" => "2007-08-03T22:07:20","version" => "0.14"},{"date" => "2008-10-13T02:30:05","version" => "1.01"},{"date" => "2008-10-14T04:39:07","version" => "1.02"},{"date" => "2008-11-30T02:02:17","version" => "1.03"},{"date" => "2010-02-18T15:32:06","version" => "1.04"},{"date" => "2010-02-18T16:01:19","version" => "1.05"},{"date" => "2010-03-16T17:38:56","version" => "1.06"},{"date" => "2010-11-06T02:24:29","version" => "1.030099_001"},{"date" => "2010-11-07T11:21:33","version" => "1.030099_002"},{"date" => "2010-11-08T22:35:52","version" => "1.030099_003"},{"date" => "2010-12-17T21:57:03","version" => "1.030099_004"},{"date" => "2011-01-01T01:55:09","version" => "1.030099_005"},{"date" => "2011-10-23T01:35:49","version" => "1.030099_006"},{"date" => "2011-10-25T23:10:00","version" => "1.100099_001"},{"date" => "2011-11-02T10:38:05","version" => "1.100099_002"},{"date" => "2011-11-04T23:01:32","version" => "1.11"},{"date" => "2011-11-07T17:16:08","version" => "1.12"},{"date" => "2011-11-15T03:28:36","version" => "1.13"},{"date" => "2013-04-01T13:17:57","version" => "1.14"},{"date" => "2013-09-06T23:47:04","version" => "1.15"},{"date" => "2014-09-15T21:38:12","version" => "1.16"},{"date" => "2016-01-15T11:45:55","version" => "1.17"},{"date" => "2016-02-08T01:40:13","version" => "1.18"}]},"Net-Ping-External" => {"advisories" => [{"affected_versions" => ["<=0.15"],"cves" => ["CVE-2008-7319"],"description" => "The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.\n","distribution" => "Net-Ping-External","fixed_versions" => [],"id" => "CPANSA-Net-Ping-External-2008-7319","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=33230","https://bugs.debian.org/881097","http://www.openwall.com/lists/oss-security/2017/11/07/4","http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch"],"reported" => "2017-11-07","severity" => "critical"}],"main_module" => "Net::Ping::External","versions" => [{"date" => "2001-03-15T21:53:04","version" => "0.01"},{"date" => "2001-03-22T00:15:08","version" => "0.02"},{"date" => "2001-03-23T08:35:49","version" => "0.03"},{"date" => "2001-04-20T17:33:31","version" => "0.04"},{"date" => "2001-04-20T18:43:34","version" => "0.05"},{"date" => "2001-04-26T02:59:41","version" => "0.06"},{"date" => "2001-09-28T02:20:34","version" => "0.07"},{"date" => "2001-09-30T21:39:47","version" => "0.08"},{"date" => "2001-11-10T06:10:33","version" => "0.09"},{"date" => "2001-11-10T16:19:21","version" => "0.10"},{"date" => "2003-02-11T22:41:33","version" => "0.11"},{"date" => "2006-09-07T10:52:21","version" => "0.12_01"},{"date" => "2007-01-31T22:09:41","version" => "0.12_02"},{"date" => "2007-02-08T16:06:46","version" => "0.12"},{"date" => "2008-12-18T20:27:07","version" => "0.13"},{"date" => "2013-10-29T17:05:01","version" => "0.14"},{"date" => "2014-04-12T21:37:12","version" => "0.15"}]},"Net-SNMP" => {"advisories" => [{"affected_versions" => [">=5.1.4,<6.0.0"],"cves" => ["CVE-2008-2292"],"description" => "Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).\n","distribution" => "Net-SNMP","fixed_versions" => [">=6.0.0"],"id" => "CPANSA-Net-SNMP-2008-2292","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694","http://www.securityfocus.com/bid/29212","http://secunia.com/advisories/30187","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html","http://www.vmware.com/security/advisories/VMSA-2008-0013.html","http://secunia.com/advisories/31334","http://secunia.com/advisories/30647","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html","http://secunia.com/advisories/31155","http://secunia.com/advisories/31351","http://security.gentoo.org/glsa/glsa-200808-02.xml","http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1","http://www.mandriva.com/security/advisories?name=MDVSA-2008:118","http://secunia.com/advisories/31467","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html","http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm","http://secunia.com/advisories/31568","http://www.debian.org/security/2008/dsa-1663","http://secunia.com/advisories/30615","http://www.redhat.com/support/errata/RHSA-2008-0529.html","http://secunia.com/advisories/32664","http://www.ubuntu.com/usn/usn-685-1","http://secunia.com/advisories/33003","http://www.vupen.com/english/advisories/2008/2361","http://www.vupen.com/english/advisories/2008/2141/references","http://www.vupen.com/english/advisories/2008/1528/references","http://www.securitytracker.com/id?1020527","https://exchange.xforce.ibmcloud.com/vulnerabilities/42430","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261"],"reported" => "2008-05-18","severity" => undef},{"affected_versions" => ["<=5.2.1.2"],"cves" => ["CVE-2005-2811"],"description" => "Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.\n","distribution" => "Net-SNMP","fixed_versions" => [],"id" => "CPANSA-Net-SNMP-2005-2811","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml"],"reported" => "2005-09-07","severity" => undef},{"affected_versions" => ["<=5.7.3"],"cves" => ["CVE-2014-2285"],"description" => "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.\n","distribution" => "Net-SNMP","fixed_versions" => [],"id" => "CPANSA-Net-SNMP-2014-2285","references" => ["http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html","http://comments.gmane.org/gmane.comp.security.oss.general/12284","https://bugzilla.redhat.com/show_bug.cgi?id=1072778","http://sourceforge.net/p/net-snmp/patches/1275/","http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html","https://bugzilla.redhat.com/show_bug.cgi?id=1072044","http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html","http://secunia.com/advisories/59974","http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml","https://rhn.redhat.com/errata/RHSA-2014-0322.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2014-04-27","severity" => undef}],"main_module" => "Net::SNMP","versions" => [{"date" => "1998-10-14T13:13:11","version" => "1.10"},{"date" => "1998-11-06T14:25:38","version" => "1.20"},{"date" => "1999-03-17T13:51:17","version" => "1.30"},{"date" => "1999-04-26T13:39:02","version" => "1.40"},{"date" => "1999-05-06T16:25:03","version" => "2.00"},{"date" => "1999-08-12T15:23:21","version" => "2.99"},{"date" => "1999-09-09T13:30:41","version" => "3.00"},{"date" => "2000-01-01T18:12:05","version" => "3.01"},{"date" => "2000-05-06T04:35:25","version" => "3.50"},{"date" => "2000-09-09T15:00:00","version" => "3.60"},{"date" => "2001-09-09T13:33:46","version" => "3.65"},{"date" => "2001-11-09T14:14:48","version" => "v4.0.0"},{"date" => "2002-01-01T14:16:29","version" => "v4.0.1"},{"date" => "2002-05-06T12:51:31","version" => "v4.0.2"},{"date" => "2002-09-09T12:55:22","version" => "v4.0.3"},{"date" => "2003-05-06T11:06:55","version" => "v4.1.0"},{"date" => "2003-09-09T12:50:16","version" => "v4.1.1"},{"date" => "2003-09-11T19:19:45","version" => "v4.1.2"},{"date" => "2004-07-20T13:49:08","version" => "v5.0.0"},{"date" => "2004-09-09T17:06:35","version" => "v5.0.1"},{"date" => "2005-07-20T13:58:05","version" => "v5.1.0"},{"date" => "2005-10-20T14:25:07","version" => "v5.2.0"},{"date" => "2009-09-09T15:17:46","version" => "v6.0.0"},{"date" => "2010-09-10T00:15:52","version" => "v6.0.1"}]},"Net-SSLeay" => {"advisories" => [{"affected_versions" => ["<1.25"],"cves" => ["CVE-2005-0106"],"description" => "SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.\n","distribution" => "Net-SSLeay","fixed_versions" => [">=1.25"],"id" => "CPANSA-Net-SSLeay-2005-0106","references" => ["http://secunia.com/advisories/18639","http://www.securityfocus.com/bid/13471","http://www.mandriva.com/security/advisories?name=MDKSA-2006:023","https://usn.ubuntu.com/113-1/"],"reported" => "2005-05-03","severity" => undef}],"main_module" => "Net::SSLeay","versions" => [{"date" => "2007-07-03T14:02:04","version" => "1.31_01"},{"date" => "2007-07-14T20:12:31","version" => "1.31_02"},{"date" => "2007-09-03T21:16:05","version" => "1.32"},{"date" => "2008-02-14T13:43:47","version" => "1.33_01"},{"date" => "2008-07-24T01:16:26","version" => "1.34"},{"date" => "2008-07-24T22:14:14","version" => "1.35"},{"date" => "2010-01-30T21:16:14","version" => "1.36"},{"date" => "2011-09-15T22:28:53","version" => "1.37"},{"date" => "2011-09-16T11:48:42","version" => "1.38"},{"date" => "2011-09-21T06:57:15","version" => "1.39"},{"date" => "2011-09-23T02:41:56","version" => "1.40"},{"date" => "2011-09-24T22:11:30","version" => "1.41"},{"date" => "2011-10-03T06:27:18","version" => "1.42"},{"date" => "2012-02-23T22:42:58","version" => "1.42"},{"date" => "2012-02-24T21:44:59","version" => "1.42"},{"date" => "2012-02-24T22:54:26","version" => "1.42"},{"date" => "2012-04-02T21:16:31","version" => "1.46"},{"date" => "2012-04-04T00:54:15","version" => "1.47"},{"date" => "2012-04-25T07:03:14","version" => "1.48"},{"date" => "2012-09-24T22:12:48","version" => "1.49"},{"date" => "2012-12-12T21:00:17","version" => "1.49"},{"date" => "2012-12-14T05:38:34","version" => "1.49"},{"date" => "2013-01-08T23:13:16","version" => "1.51"},{"date" => "2013-03-22T07:31:43","version" => "1.51"},{"date" => "2013-03-22T22:14:08","version" => "1.53"},{"date" => "2013-06-07T22:33:01","version" => "1.53"},{"date" => "2014-01-07T22:12:16","version" => "1.56"},{"date" => "2014-01-11T21:39:27","version" => "1.56"},{"date" => "2014-01-14T23:29:28","version" => "1.58"},{"date" => "2014-05-09T22:10:47","version" => "1.59"},{"date" => "2014-05-10T21:41:25","version" => "1.60"},{"date" => "2014-05-12T10:07:16","version" => "1.61"},{"date" => "2014-05-18T21:22:05","version" => "1.61"},{"date" => "2014-05-19T10:44:07","version" => "1.63"},{"date" => "2014-06-11T02:56:20","version" => "1.64"},{"date" => "2014-07-14T10:26:12","version" => "1.65"},{"date" => "2014-08-21T01:09:39","version" => "1.66"},{"date" => "2015-01-16T22:22:07","version" => "1.67"},{"date" => "2015-01-24T00:27:20","version" => "1.68"},{"date" => "2015-06-03T21:47:53","version" => "1.68"},{"date" => "2015-06-25T23:10:05","version" => "1.70"},{"date" => "2015-09-18T03:19:23","version" => "1.71"},{"date" => "2015-09-21T21:54:16","version" => "1.72"},{"date" => "2016-04-11T00:17:37","version" => "1.73"},{"date" => "2016-04-11T21:48:54","version" => "1.74"},{"date" => "2016-07-31T01:22:50","version" => "1.75"},{"date" => "2016-07-31T02:53:16","version" => "1.76"},{"date" => "2016-07-31T20:27:29","version" => "1.77"},{"date" => "2016-08-13T08:42:51","version" => "1.78"},{"date" => "2017-01-03T07:57:10","version" => "1.79"},{"date" => "2017-01-04T21:41:24","version" => "1.80"},{"date" => "2017-03-27T21:02:27","version" => "1.81"},{"date" => "2017-10-31T04:50:54","version" => "1.82"},{"date" => "2018-01-16T04:44:04","version" => "1.83"},{"date" => "2018-01-17T03:12:01","version" => "1.84"},{"date" => "2018-03-13T22:28:12","version" => "1.85"},{"date" => "2018-07-04T20:41:16","version" => "1.86_01"},{"date" => "2018-07-06T12:18:38","version" => "1.86_02"},{"date" => "2018-07-19T19:42:35","version" => "1.86_03"},{"date" => "2018-07-30T17:01:10","version" => "1.86_04"},{"date" => "2018-08-23T08:31:09","version" => "1.86_05"},{"date" => "2018-09-29T15:52:57","version" => "1.86_06"},{"date" => "2018-12-13T09:56:46","version" => "1.86_07"},{"date" => "2019-03-12T14:20:11","version" => "1.86_08"},{"date" => "2019-03-12T21:00:55","version" => "1.86_09"},{"date" => "2019-05-05T01:38:23","version" => "1.86_10"},{"date" => "2019-05-08T16:24:16","version" => "1.86_11"},{"date" => "2019-05-10T20:36:42","version" => "1.88"},{"date" => "2020-03-22T13:48:11","version" => "1.89_01"},{"date" => "2020-08-06T23:48:51","version" => "1.89_02"},{"date" => "2020-12-12T16:47:00","version" => "1.89_03"},{"date" => "2021-01-13T19:01:50","version" => "1.89_04"},{"date" => "2021-01-21T00:51:03","version" => "1.89_05"},{"date" => "2021-01-21T19:08:38","version" => "1.90"},{"date" => "2021-10-24T18:14:27","version" => "1.91_01"},{"date" => "2021-12-29T22:30:53","version" => "1.91_02"},{"date" => "2022-01-10T19:21:16","version" => "1.91_03"},{"date" => "2022-01-12T22:47:57","version" => "1.92"},{"date" => "2022-03-20T18:24:35","version" => "1.93_01"},{"date" => "2023-02-23T01:08:20","version" => "1.93_02"},{"date" => "2024-01-02T14:34:40","version" => "1.93_03"},{"date" => "2024-01-05T00:45:35","version" => "1.93_04"},{"date" => "2024-01-06T18:39:23","version" => "1.93_05"},{"date" => "2024-01-08T01:22:27","version" => "1.94"},{"date" => "2026-02-05T17:57:53","version" => "1.95_01"}]},"Net-Server" => {"advisories" => [{"affected_versions" => ["<=0.87"],"cves" => ["CVE-2005-1127"],"description" => "Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.\n","distribution" => "Net-Server","fixed_versions" => [">0.87"],"id" => "CPANSA-Net-Server-2005-1127","references" => ["http://lists.ee.ethz.ch/postgrey/msg00627.html","http://lists.ee.ethz.ch/postgrey/msg00630.html","http://lists.ee.ethz.ch/postgrey/msg00647.html","http://www.osvdb.org/15517","http://secunia.com/advisories/14958","http://www.debian.org/security/2006/dsa-1121","http://www.debian.org/security/2006/dsa-1122","http://secunia.com/advisories/21164","http://secunia.com/advisories/21152","http://secunia.com/advisories/21149","http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml","http://www.securityfocus.com/bid/13193","http://secunia.com/advisories/21452","http://www.mandriva.com/security/advisories?name=MDKSA-2006:131","http://marc.info/?l=full-disclosure&m=111354538331167&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/20108"],"reported" => "2005-05-02","severity" => undef}],"main_module" => "Net::Server","versions" => [{"date" => "2001-03-05T14:48:26","version" => "0.46"},{"date" => "2001-03-08T14:37:30","version" => "0.47"},{"date" => "2001-03-13T16:35:32","version" => "0.52"},{"date" => "2001-03-20T06:55:22","version" => "0.55"},{"date" => "2001-04-09T16:54:28","version" => "0.58"},{"date" => "2001-05-10T15:05:54","version" => "0.63"},{"date" => "2001-07-05T15:19:21","version" => "0.65"},{"date" => "2001-08-23T17:45:28","version" => "0.75"},{"date" => "2001-08-27T16:15:20","version" => "0.77"},{"date" => "2001-10-24T16:30:10","version" => "0.79"},{"date" => "2001-11-14T17:30:01","version" => "0.80"},{"date" => "2001-11-19T20:57:43","version" => "0.81"},{"date" => "2002-02-05T21:55:06","version" => "0.82"},{"date" => "2002-06-20T20:21:27","version" => "0.84"},{"date" => "2003-03-07T15:29:18","version" => "0.85"},{"date" => "2003-11-06T20:11:03","version" => "0.86"},{"date" => "2004-02-15T06:20:34","version" => "0.87"},{"date" => "2005-05-05T01:51:14","version" => "0.88"},{"date" => "2005-06-21T21:24:27","version" => "0.88"},{"date" => "2005-11-23T08:40:11","version" => "0.89"},{"date" => "2005-12-05T21:19:07","version" => "0.90"},{"date" => "2006-03-08T22:27:33","version" => "0.91"},{"date" => "2006-03-22T17:26:29","version" => "0.92"},{"date" => "2006-03-24T20:03:25","version" => "0.93"},{"date" => "2006-07-12T02:54:02","version" => "0.94"},{"date" => "2007-02-03T08:23:04","version" => "0.95"},{"date" => "2007-03-26T15:01:13","version" => "0.96"},{"date" => "2007-07-25T16:29:47","version" => "0.97"},{"date" => "2010-07-13T19:27:21","version" => "0.99"},{"date" => "2011-07-22T12:36:35","version" => "0.99.6.1"},{"date" => "2012-05-30T15:41:07","version" => "2.000"},{"date" => "2012-05-30T21:48:13","version" => "2.001"},{"date" => "2012-05-31T21:43:35","version" => "2.002"},{"date" => "2012-06-06T19:31:21","version" => "2.003"},{"date" => "2012-06-08T17:22:50","version" => "2.004"},{"date" => "2012-06-12T19:40:55","version" => "2.005"},{"date" => "2012-06-20T22:51:22","version" => "2.006"},{"date" => "2013-01-10T07:47:04","version" => "2.007"},{"date" => "2014-05-12T18:22:26","version" => "2.008"},{"date" => "2017-08-10T21:13:01","version" => "2.009"},{"date" => "2021-03-22T15:23:31","version" => "2.010"},{"date" => "2022-12-02T00:35:10","version" => "2.011"},{"date" => "2022-12-02T04:19:54","version" => "2.012"},{"date" => "2022-12-03T01:57:05","version" => "2.013"},{"date" => "2023-03-14T17:16:00","version" => "2.014"},{"date" => "2026-01-22T06:48:54","version" => "2.015"},{"date" => "2026-01-28T01:58:44","version" => "2.016"},{"date" => "2026-02-09T07:04:13","version" => "2.017"},{"date" => "2026-02-18T03:45:06","version" => "2.018"}]},"Net-Server-Coro" => {"advisories" => [{"affected_versions" => ["<1.0"],"cves" => ["CVE-2011-0411"],"description" => "Remaining contents of the read buffer could allow plaintext injection attacks wherein attackers could cause nominally SSL-only commands to be executed by appending them to the end of a STARTTLS.\n","distribution" => "Net-Server-Coro","fixed_versions" => [">=1.0"],"id" => "CPANSA-Net-Server-Coro-2011-0411","references" => ["https://www.itsecdb.com/oval/definition/oval/org.opensuse.security/def/20110411/CVE-2011-0411.html","https://metacpan.org/dist/Net-Server-Coro/changes"],"reported" => "2011-03-16","severity" => undef}],"main_module" => "Net::Server::Coro","versions" => [{"date" => "2008-03-10T20:46:24","version" => "0.2"},{"date" => "2008-10-22T17:26:30","version" => "0.3"},{"date" => "2008-10-22T17:41:55","version" => "0.4"},{"date" => "2009-10-16T03:46:28","version" => "0.5"},{"date" => "2009-10-16T14:56:53","version" => "0.6"},{"date" => "2009-12-16T03:28:15","version" => "0.7"},{"date" => "2010-01-30T16:11:57","version" => "0.8"},{"date" => "2010-11-15T04:56:09","version" => "0.9"},{"date" => "2011-09-05T05:33:01","version" => "1.0"},{"date" => "2011-09-05T05:37:09","version" => "1.1"},{"date" => "2011-10-29T06:29:11","version" => "1.2"},{"date" => "2012-11-12T08:14:39","version" => "1.3"}]},"Net-Xero" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-56370"],"description" => "Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Net::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Net-Xero","fixed_versions" => [],"id" => "CPANSA-Net-Xero-2024-56370","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L58","https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L9","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Net::Xero","versions" => [{"date" => "2015-06-03T14:39:37","version" => "0.14"},{"date" => "2015-06-05T11:37:55","version" => "0.40"},{"date" => "2015-06-05T11:49:29","version" => "0.41"},{"date" => "2015-06-05T12:59:28","version" => "0.42"},{"date" => "2015-06-05T14:09:46","version" => "0.43"},{"date" => "2017-01-12T17:10:29","version" => "0.44"}]},"Nginx-Engine" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.06"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Engine","fixed_versions" => [],"id" => "CPANSA-Nginx-Engine-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=0.07,<=0.12"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Engine","fixed_versions" => [],"id" => "CPANSA-Nginx-Engine-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef}],"main_module" => "Nginx::Engine","versions" => [{"date" => "2010-12-29T03:17:47","version" => "0.01"},{"date" => "2010-12-29T23:10:29","version" => "0.02"},{"date" => "2011-01-01T23:25:22","version" => "0.03"},{"date" => "2011-01-07T17:59:46","version" => "0.04"},{"date" => "2011-01-11T01:02:07","version" => "0.05"},{"date" => "2011-03-13T21:15:24","version" => "0.06"},{"date" => "2011-06-29T23:21:28","version" => "0.07"},{"date" => "2011-06-30T18:47:28","version" => "0.08"},{"date" => "2011-07-03T02:02:40","version" => "0.09"},{"date" => "2011-07-24T01:46:43","version" => "0.10"},{"date" => "2011-08-16T17:05:53","version" => "0.11"},{"date" => "2011-11-23T00:09:16","version" => "0.12"}]},"Nginx-Perl" => {"advisories" => [{"affected_versions" => ["==1.1.9.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.11.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.13.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.14.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.15.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.16.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.17.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=1.1.18.1,<=1.1.18.2"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=1.1.19.2,<=1.1.19.3"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.2.0.4,==1.2.0.5"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.2.1.5"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.2.2.5"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=1.2.6.5,<=1.2.6.6"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=1.2.9.6,<=1.2.9.7"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=1.8.1.8,<=1.8.1.10"],"cves" => ["CVE-2016-0747"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0747-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","https://bugzilla.redhat.com/show_bug.cgi?id=1302589","http://www.ubuntu.com/usn/USN-2892-1","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "medium"}],"main_module" => "Nginx::Perl","versions" => [{"date" => "2011-12-22T01:23:05","version" => "1.1.9.1"},{"date" => "2011-12-22T01:59:52","version" => "1.1.11.1"},{"date" => "2012-01-22T03:51:35","version" => "v1.1.13.1"},{"date" => "2012-02-13T18:35:00","version" => "v1.1.14.1"},{"date" => "2012-02-15T22:56:02","version" => "v1.1.15.1"},{"date" => "2012-02-29T17:37:37","version" => "v1.1.16.1"},{"date" => "2012-03-15T15:04:38","version" => "v1.1.17.1"},{"date" => "2012-03-28T14:43:19","version" => "v1.1.18.1"},{"date" => "2012-04-12T13:30:24","version" => "v1.1.18.2"},{"date" => "2012-04-12T13:46:15","version" => "v1.1.19.2"},{"date" => "2012-04-13T01:53:10","version" => "v1.1.19.3"},{"date" => "2012-04-23T14:20:36","version" => "v1.2.0.4"},{"date" => "2012-05-10T23:38:18","version" => "v1.2.0.5"},{"date" => "2012-06-05T14:59:28","version" => "v1.2.1.5"},{"date" => "2012-07-07T14:27:33","version" => "v1.2.2.5"},{"date" => "2013-01-31T00:57:38","version" => "v1.2.2.5"},{"date" => "2013-01-31T06:18:23","version" => "v1.2.6.6"},{"date" => "2013-11-20T01:20:39","version" => "v1.2.6.6"},{"date" => "2013-11-20T02:04:33","version" => "v1.2.9.7"},{"date" => "2016-02-26T21:46:29","version" => "v1.8.1.8"},{"date" => "2016-04-13T19:54:21","version" => "v1.8.1.9"},{"date" => "2016-04-14T00:55:02","version" => "v1.8.1.10"}]},"Otogiri" => {"advisories" => [{"affected_versions" => ["<0.13"],"cves" => [],"description" => "A dependant module SQL::Maker without strict mode is vulnerable to SQL injection.\n","distribution" => "Otogiri","fixed_versions" => [">=0.13"],"id" => "CPANSA-Otogiri-2014-01","references" => ["https://github.com/ytnobody/Otogiri/commit/fac1592b3d153a6871ff1aed8016a6888cff9095","https://metacpan.org/changes/distribution/Otogiri"],"reported" => "2014-07-03"}],"main_module" => "Otogiri","versions" => [{"date" => "2013-10-30T06:45:51","version" => "0.01"},{"date" => "2013-11-08T08:36:50","version" => "0.02"},{"date" => "2013-11-09T05:00:47","version" => "0.03"},{"date" => "2013-12-27T00:15:23","version" => "0.04"},{"date" => "2013-12-28T15:54:15","version" => "0.05"},{"date" => "2014-01-14T09:13:18","version" => "0.06"},{"date" => "2014-02-25T06:25:50","version" => "0.07"},{"date" => "2014-03-18T04:14:12","version" => "0.08"},{"date" => "2014-03-18T05:07:37","version" => "0.09"},{"date" => "2014-05-13T12:58:21","version" => "0.10"},{"date" => "2014-05-30T10:11:18","version" => "0.11"},{"date" => "2014-06-05T08:30:13","version" => "0.12"},{"date" => "2014-07-03T12:40:28","version" => "0.13"},{"date" => "2014-12-18T08:37:33","version" => "0.14"},{"date" => "2015-01-11T04:56:15","version" => "0.15"},{"date" => "2015-11-13T07:18:18","version" => "0.16"},{"date" => "2016-02-02T05:58:26","version" => "0.17"},{"date" => "2017-05-19T01:37:05","version" => "0.18"},{"date" => "2020-01-17T11:12:52","version" => "0.19"},{"date" => "2023-10-15T02:01:31","version" => "0.20"},{"date" => "2023-10-15T02:02:58","version" => "0.21"},{"date" => "2023-12-10T00:23:20","version" => "0.22"},{"date" => "2024-06-08T13:42:18","version" => "0.23"},{"date" => "2025-09-29T08:35:44","version" => "0.24"}]},"PAR" => {"advisories" => [{"affected_versions" => ["<1.003"],"cves" => ["CVE-2011-4114"],"description" => "PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).\n","distribution" => "PAR","fixed_versions" => [">=1.003"],"id" => "CPANSA-PAR-2011-01","references" => ["https://metacpan.org/changes/distribution/PAR","https://rt.cpan.org/Public/Bug/Display.html?id=69560"],"reported" => "2011-07-18"},{"affected_versions" => ["<1.003"],"cves" => ["CVE-2011-5060"],"description" => "The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.\n","distribution" => "PAR","fixed_versions" => [">=1.003"],"id" => "CPANSA-PAR-2011-5060","references" => ["http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog","https://bugzilla.redhat.com/show_bug.cgi?id=753955","https://rt.cpan.org/Public/Bug/Display.html?id=69560","https://exchange.xforce.ibmcloud.com/vulnerabilities/72435"],"reported" => "2012-01-13","severity" => undef}],"main_module" => "PAR","versions" => [{"date" => "2002-10-18T20:38:24","version" => "0.01"},{"date" => "2002-10-18T21:07:35","version" => "0.02"},{"date" => "2002-10-18T22:18:06","version" => "0.03"},{"date" => "2002-10-19T02:46:52","version" => "0.04"},{"date" => "2002-10-19T14:33:26","version" => "0.05"},{"date" => "2002-10-19T15:31:54","version" => "0.06"},{"date" => "2002-10-19T17:38:40","version" => "0.10"},{"date" => "2002-10-19T22:30:34","version" => "0.11"},{"date" => "2002-10-20T13:00:43","version" => "0.12"},{"date" => "2002-10-21T17:29:03","version" => "0.13"},{"date" => "2002-10-27T10:38:32","version" => "0.14"},{"date" => "2002-10-27T17:52:07","version" => "0.15"},{"date" => "2002-11-02T02:20:38","version" => "0.20"},{"date" => "2002-11-02T21:26:48","version" => "0.21"},{"date" => "2002-11-03T13:05:06","version" => "0.22"},{"date" => "2002-11-05T14:36:58","version" => "0.30"},{"date" => "2002-11-05T22:23:36","version" => "0.40"},{"date" => "2002-11-06T12:25:00","version" => "0.41"},{"date" => "2002-11-07T00:48:34","version" => "0.42"},{"date" => "2002-11-07T14:41:31","version" => "0.43"},{"date" => "2002-11-08T15:01:18","version" => "0.44"},{"date" => "2002-11-08T21:01:12","version" => "0.45"},{"date" => "2002-11-09T23:02:45","version" => "0.46"},{"date" => "2002-11-10T06:56:37","version" => "0.47"},{"date" => "2002-11-13T11:32:10","version" => "0.48"},{"date" => "2002-11-23T14:45:40","version" => "0.49"},{"date" => "2002-12-03T01:00:23","version" => "0.50"},{"date" => "2002-12-11T14:30:53","version" => "0.51"},{"date" => "2002-12-17T04:06:52","version" => "0.60"},{"date" => "2002-12-17T11:49:44","version" => "0.61"},{"date" => "2003-01-09T11:16:42","version" => "0.62"},{"date" => "2003-02-06T00:38:33","version" => "0.63"},{"date" => "2003-03-01T15:54:25","version" => "0.64"},{"date" => "2003-03-09T14:31:52","version" => "0.65"},{"date" => "2003-03-19T15:54:32","version" => "0.66"},{"date" => "2003-03-31T19:58:56","version" => "0.66"},{"date" => "2003-05-16T17:35:22","version" => "0.67_89"},{"date" => "2003-05-25T19:09:58","version" => "0.68"},{"date" => "2003-05-31T13:12:53","version" => "0.69"},{"date" => "2003-07-08T15:39:11","version" => "0.69"},{"date" => "2003-07-16T08:20:09","version" => "0.69_91"},{"date" => "2003-07-27T14:13:18","version" => "0.69_93"},{"date" => "2003-07-29T08:21:31","version" => "0.70"},{"date" => "2003-07-30T13:57:01","version" => "0.71"},{"date" => "2003-08-02T13:11:15","version" => "0.72"},{"date" => "2003-08-06T09:16:17","version" => "0.73"},{"date" => "2003-08-25T13:39:35","version" => "0.74"},{"date" => "2003-09-21T10:58:00","version" => "0.75"},{"date" => "2003-10-23T04:45:55","version" => "0.75_99"},{"date" => "2003-10-28T12:21:23","version" => "0.76"},{"date" => "2003-12-11T23:00:26","version" => "0.76_98"},{"date" => "2003-12-28T02:31:29","version" => "0.76_99"},{"date" => "2003-12-31T15:33:24","version" => "0.77"},{"date" => "2004-01-03T17:36:11","version" => "0.77_98"},{"date" => "2004-01-04T20:30:15","version" => "0.77_99"},{"date" => "2004-01-06T21:26:43","version" => "0.78"},{"date" => "2004-01-08T11:35:51","version" => "0.79"},{"date" => "2004-02-15T23:25:34","version" => "0.79_97"},{"date" => "2004-02-27T15:58:33","version" => "0.79_98"},{"date" => "2004-02-27T23:54:39","version" => "0.79_98"},{"date" => "2004-03-03T14:49:47","version" => "0.79_99"},{"date" => "2004-03-16T17:04:25","version" => "0.80"},{"date" => "2004-03-28T14:43:14","version" => "0.80_99"},{"date" => "2004-05-22T19:13:38","version" => "0.81"},{"date" => "2004-05-24T14:59:45","version" => "0.82"},{"date" => "2004-05-29T16:02:03","version" => "0.83"},{"date" => "2004-07-02T10:59:55","version" => "0.85"},{"date" => "2004-08-30T22:49:15","version" => "0.85_01"},{"date" => "2004-12-11T03:49:09","version" => "0.86"},{"date" => "2005-01-30T19:04:55","version" => "0.87"},{"date" => "2005-06-07T09:13:43","version" => "0.88"},{"date" => "2005-06-10T15:49:20","version" => "0.89"},{"date" => "2005-11-25T23:01:00","version" => "0.90"},{"date" => "2006-02-15T09:33:05","version" => "0.91"},{"date" => "2006-03-04T20:16:36","version" => "0.91"},{"date" => "2006-05-19T13:37:12","version" => "0.93"},{"date" => "2006-06-02T10:25:51","version" => "0.93"},{"date" => "2006-06-20T20:44:56","version" => "0.93"},{"date" => "2006-07-22T19:59:13","version" => "0.942"},{"date" => "2006-08-05T11:28:06","version" => "0.950"},{"date" => "2006-08-11T15:51:56","version" => "0.950"},{"date" => "2006-08-12T12:35:34","version" => "0.950"},{"date" => "2006-08-22T14:14:35","version" => "0.952"},{"date" => "2006-09-26T20:18:06","version" => "0.954"},{"date" => "2006-10-03T12:35:05","version" => "0.955"},{"date" => "2006-10-03T12:58:55","version" => "0.956"},{"date" => "2006-10-24T16:42:26","version" => "0.957"},{"date" => "2006-11-11T14:33:23","version" => "0.958"},{"date" => "2006-11-12T11:48:37","version" => "0.959"},{"date" => "2006-11-21T12:02:35","version" => "0.960"},{"date" => "2006-12-01T14:19:55","version" => "0.969_01"},{"date" => "2006-12-03T17:25:33","version" => "0.970"},{"date" => "2007-01-10T17:58:01","version" => "0.970_01"},{"date" => "2007-01-12T11:02:02","version" => "0.971"},{"date" => "2007-01-16T15:23:38","version" => "0.972"},{"date" => "2007-02-03T11:40:25","version" => "0.973"},{"date" => "2007-07-29T11:17:27","version" => "0.976"},{"date" => "2007-12-20T21:17:26","version" => "0.977"},{"date" => "2008-05-13T12:44:22","version" => "0.979"},{"date" => "2008-05-22T11:41:38","version" => "0.980"},{"date" => "2008-08-09T22:17:14","version" => "0.980"},{"date" => "2008-08-10T21:39:41","version" => "0.980"},{"date" => "2008-09-12T15:02:23","version" => "0.983"},{"date" => "2009-01-25T22:31:20","version" => "0.984"},{"date" => "2009-02-02T01:40:36","version" => "0.985_01"},{"date" => "2009-02-19T16:04:27","version" => "0.986"},{"date" => "2009-02-20T14:30:08","version" => "0.987_01"},{"date" => "2009-03-02T14:47:14","version" => "0.988"},{"date" => "2009-03-02T14:56:44","version" => "0.989_01"},{"date" => "2009-03-10T15:11:05","version" => "0.991"},{"date" => "2009-04-05T11:32:48","version" => "0.992"},{"date" => "2009-07-19T16:37:30","version" => "0.993"},{"date" => "2009-07-23T13:08:07","version" => "0.994"},{"date" => "2010-04-10T14:05:52","version" => "1.000"},{"date" => "2010-07-25T09:32:33","version" => "1.001"},{"date" => "2010-07-25T10:07:06","version" => "1.002"},{"date" => "2011-11-28T16:53:29","version" => "1.003"},{"date" => "2011-11-30T22:31:25","version" => "1.004"},{"date" => "2011-12-02T13:53:02","version" => "1.005"},{"date" => "2012-10-14T22:45:17","version" => "1.006"},{"date" => "2012-10-22T21:50:20","version" => "1.007"},{"date" => "2015-01-24T14:11:44","version" => "1.008"},{"date" => "2015-04-22T15:26:50","version" => "1.009"},{"date" => "2015-07-13T10:56:21","version" => "1.010"},{"date" => "2016-09-18T11:33:22","version" => "1.011"},{"date" => "2016-11-25T16:06:43","version" => "1.012"},{"date" => "2016-11-27T16:51:00","version" => "1.013"},{"date" => "2016-12-18T16:36:08","version" => "1.014"},{"date" => "2017-04-13T15:29:12","version" => "1.015"},{"date" => "2019-05-20T18:13:46","version" => "1.016"},{"date" => "2021-01-13T14:51:49","version" => "1.017"},{"date" => "2022-09-28T20:53:07","version" => "1.018"},{"date" => "2023-11-01T13:25:01","version" => "1.019"},{"date" => "2024-03-04T10:49:29","version" => "1.020"},{"date" => "2025-07-31T12:02:34","version" => "1.021"}]},"PAR-Packer" => {"advisories" => [{"affected_versions" => ["<1.011"],"cves" => ["CVE-2011-4114"],"description" => "PAR packed files are extracted to unsafe and predictable temporary directories.\n","distribution" => "PAR-Packer","fixed_versions" => [">=1.011"],"id" => "CPANSA-PAR-Packer-2011-01","references" => ["https://metacpan.org/changes/distribution/PAR-Packer","https://rt.cpan.org/Public/Bug/Display.html?id=69560"],"reported" => "2011-07-18"}],"main_module" => "PAR::Packer","versions" => [{"date" => "2006-12-01T14:20:06","version" => "0.969_01"},{"date" => "2006-12-03T17:36:32","version" => "0.970"},{"date" => "2007-02-03T12:27:07","version" => "0.973"},{"date" => "2007-05-07T18:21:52","version" => "0.975"},{"date" => "2007-07-29T11:50:15","version" => "0.976"},{"date" => "2007-12-20T21:39:30","version" => "0.977"},{"date" => "2008-02-29T18:37:56","version" => "0.978"},{"date" => "2008-05-13T15:45:56","version" => "0.979"},{"date" => "2008-05-14T10:27:09","version" => "0.980"},{"date" => "2008-07-29T15:44:11","version" => "0.982"},{"date" => "2009-03-10T15:55:06","version" => "0.980"},{"date" => "2009-03-21T11:20:02","version" => "0.991"},{"date" => "2009-07-19T16:47:51","version" => "0.992_01"},{"date" => "2009-07-23T13:18:32","version" => "0.992_02"},{"date" => "2009-07-24T18:30:24","version" => "0.992_03"},{"date" => "2009-09-11T07:38:47","version" => "0.992_04"},{"date" => "2009-11-13T09:01:15","version" => "0.992_05"},{"date" => "2009-11-20T13:59:38","version" => "0.992_06"},{"date" => "2009-11-22T13:08:12","version" => "1.000"},{"date" => "2009-11-24T11:16:58","version" => "1.001"},{"date" => "2009-12-17T20:55:25","version" => "1.002"},{"date" => "2010-04-10T17:57:57","version" => "1.003"},{"date" => "2010-04-20T12:10:24","version" => "1.004"},{"date" => "2010-06-05T15:54:54","version" => "1.005"},{"date" => "2010-06-26T11:23:34","version" => "1.006"},{"date" => "2010-09-09T16:42:00","version" => "1.007"},{"date" => "2010-11-21T17:11:43","version" => "1.008"},{"date" => "2011-03-26T13:36:55","version" => "1.009"},{"date" => "2011-07-13T14:10:05","version" => "1.010"},{"date" => "2011-12-01T21:08:37","version" => "1.011"},{"date" => "2011-12-02T17:53:42","version" => "1.012"},{"date" => "2012-02-22T09:58:04","version" => "1.013"},{"date" => "2012-12-21T15:55:13","version" => "1.014"},{"date" => "2013-10-09T12:06:04","version" => "1.015"},{"date" => "2013-11-30T19:03:48","version" => "1.016"},{"date" => "2013-12-03T23:53:51","version" => "1.017"},{"date" => "2014-05-18T16:52:34","version" => "1.018"},{"date" => "2014-07-07T14:25:15","version" => "1.019"},{"date" => "2014-08-24T13:27:57","version" => "1.020"},{"date" => "2014-09-14T13:49:37","version" => "1.021"},{"date" => "2014-09-19T10:07:30","version" => "1.022"},{"date" => "2014-11-02T14:32:42","version" => "1.023"},{"date" => "2014-11-07T09:04:07","version" => "1.024"},{"date" => "2015-01-24T16:52:17","version" => "1.025"},{"date" => "2015-07-19T13:14:40","version" => "1.026"},{"date" => "2015-11-18T16:58:33","version" => "1.027"},{"date" => "2015-11-19T09:05:09","version" => "1.027"},{"date" => "2016-01-12T16:24:46","version" => "1.029"},{"date" => "2016-02-02T14:54:21","version" => "1.029_01"},{"date" => "2016-02-11T14:08:57","version" => "1.029_02"},{"date" => "2016-02-25T08:41:55","version" => "1.029_03"},{"date" => "2016-02-29T08:36:46","version" => "1.029_04"},{"date" => "2016-03-29T08:29:59","version" => "1.030"},{"date" => "2016-04-10T17:15:52","version" => "1.031"},{"date" => "2016-04-29T17:01:57","version" => "1.031_01"},{"date" => "2016-05-07T09:59:28","version" => "1.032"},{"date" => "2016-05-19T09:50:49","version" => "1.033"},{"date" => "2016-07-17T12:38:31","version" => "1.034"},{"date" => "2016-07-23T12:04:14","version" => "1.035"},{"date" => "2016-12-04T17:13:20","version" => "1.035_001"},{"date" => "2016-12-19T19:35:16","version" => "1.035_002"},{"date" => "2016-12-30T11:06:25","version" => "1.036"},{"date" => "2017-03-22T19:29:19","version" => "1.036_001"},{"date" => "2017-05-14T11:54:43","version" => "1.036_002"},{"date" => "2017-05-28T11:33:53","version" => "1.037"},{"date" => "2017-09-27T19:40:44","version" => "1.038"},{"date" => "2017-09-28T05:13:05","version" => "1.039"},{"date" => "2017-10-10T17:00:14","version" => "1.039_001"},{"date" => "2017-10-13T12:05:52","version" => "1.039_002"},{"date" => "2017-10-16T20:46:49","version" => "1.039_003"},{"date" => "2017-10-17T17:07:49","version" => "1.039_004"},{"date" => "2017-10-21T16:09:18","version" => "1.040"},{"date" => "2017-11-08T17:07:11","version" => "1.041"},{"date" => "2018-04-02T21:46:01","version" => "1.042"},{"date" => "2018-04-03T11:26:08","version" => "1.043"},{"date" => "2018-06-06T22:03:32","version" => "1.044"},{"date" => "2018-06-12T19:04:22","version" => "1.045"},{"date" => "2018-08-17T22:20:28","version" => "1.046"},{"date" => "2018-08-19T09:17:57","version" => "1.047"},{"date" => "2019-03-04T09:42:35","version" => "1.047_001"},{"date" => "2019-03-04T15:33:14","version" => "1.047_002"},{"date" => "2019-03-06T17:39:18","version" => "1.047_003"},{"date" => "2019-04-29T11:53:04","version" => "1.048"},{"date" => "2019-05-31T11:58:05","version" => "1.049"},{"date" => "2020-03-08T15:56:09","version" => "1.049_001"},{"date" => "2020-03-08T22:53:16","version" => "1.049_002"},{"date" => "2020-03-08T22:58:32","version" => "1.049_003"},{"date" => "2020-03-10T13:51:31","version" => "1.049_004"},{"date" => "2020-03-18T08:14:29","version" => "1.050"},{"date" => "2020-11-29T22:25:00","version" => "1.051"},{"date" => "2021-01-13T15:44:24","version" => "1.052"},{"date" => "2022-01-25T15:25:10","version" => "1.053"},{"date" => "2022-01-27T11:05:32","version" => "1.054"},{"date" => "2022-07-03T16:27:19","version" => "1.055"},{"date" => "2022-08-31T07:56:09","version" => "1.055_01"},{"date" => "2022-09-05T10:12:07","version" => "1.056"},{"date" => "2022-11-25T09:12:00","version" => "1.056_01"},{"date" => "2022-11-27T15:25:29","version" => "1.056_02"},{"date" => "2022-11-29T11:33:29","version" => "1.057"},{"date" => "2023-05-24T11:53:27","version" => "1.057_001"},{"date" => "2023-06-07T14:56:47","version" => "1.057_002"},{"date" => "2023-06-12T09:14:24","version" => "1.058"},{"date" => "2023-07-20T14:13:30","version" => "1.059"},{"date" => "2023-12-15T14:05:16","version" => "1.061"},{"date" => "2024-03-05T14:01:26","version" => "1.062"},{"date" => "2024-03-10T13:46:23","version" => "1.062_001"},{"date" => "2024-03-11T13:08:45","version" => "1.062_002"},{"date" => "2024-03-15T12:57:23","version" => "1.063"},{"date" => "2024-06-24T09:05:18","version" => "1.063_001"},{"date" => "2025-07-08T11:36:24","version" => "1.064"}]},"PApp" => {"advisories" => [{"affected_versions" => ["<0.11"],"cves" => [],"description" => "Testing for nonexistant access rights always returned true.\n","distribution" => "PApp","fixed_versions" => [">=0.11"],"id" => "CPANSA-PApp-2001-01","references" => ["https://metacpan.org/dist/PApp/changes"],"reported" => "2001-10-27","severity" => undef}],"main_module" => "PApp","versions" => [{"date" => "2000-04-11T19:29:07","version" => "0.02"},{"date" => "2000-04-14T01:33:03","version" => "0.03"},{"date" => "2000-05-11T01:27:39","version" => "0.04"},{"date" => "2000-05-27T20:43:50","version" => "0.05"},{"date" => "2000-06-07T19:56:36","version" => "0.06"},{"date" => "2000-06-09T20:15:48","version" => "0.07"},{"date" => "2000-06-18T21:57:46","version" => "0.08"},{"date" => "2001-02-25T17:23:00","version" => "0.12"},{"date" => "2001-11-30T10:35:30","version" => "0.121"},{"date" => "2001-12-03T18:35:13","version" => "0.122"},{"date" => "2002-04-16T17:20:02","version" => "0.142"},{"date" => "2002-09-27T09:55:48","version" => "0.143"},{"date" => "2002-11-15T19:09:27","version" => "0.2"},{"date" => "2003-11-01T21:22:27","version" => "0.22"},{"date" => "2004-04-24T07:18:03","version" => "0.95"},{"date" => "2004-11-23T17:16:58","version" => 1},{"date" => "2005-09-04T14:32:15","version" => "1.1"},{"date" => "2007-01-06T19:32:19","version" => "1.2"},{"date" => "2008-01-20T12:37:14","version" => "1.4"},{"date" => "2008-01-28T20:07:08","version" => "1.41"},{"date" => "2008-11-26T07:18:45","version" => "1.42"},{"date" => "2008-12-09T17:23:32","version" => "1.43"},{"date" => "2010-01-30T03:08:38","version" => "1.44"},{"date" => "2010-11-21T07:30:21","version" => "1.45"},{"date" => "2013-03-19T12:24:55","version" => "2.0"},{"date" => "2016-02-11T07:21:31","version" => "2.1"},{"date" => "2020-02-17T11:04:59","version" => "2.2"},{"date" => "2023-08-02T22:30:09","version" => "2.3"},{"date" => "2026-01-13T22:30:41","version" => "2.4"}]},"PGObject-Util-DBAdmin" => {"advisories" => [{"affected_versions" => ["<1.6.0"],"cves" => ["CVE-2018-9246"],"description" => "The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.\n","distribution" => "PGObject-Util-DBAdmin","fixed_versions" => [">=1.6.0"],"id" => "CPANSA-PGObject-Util-DBAdmin-2018-01","references" => ["https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"],"reported" => "2018-06-18"}],"main_module" => "PGObject::Util::DBAdmin","versions" => [{"date" => "2014-09-11T11:20:13","version" => "0.01"},{"date" => "2014-09-12T02:45:35","version" => "0.02"},{"date" => "2014-09-13T02:03:16","version" => "0.03"},{"date" => "2014-09-13T14:37:42","version" => "0.04"},{"date" => "2014-09-14T07:48:28","version" => "0.05"},{"date" => "2014-09-17T08:27:06","version" => "0.06"},{"date" => "2015-07-16T14:55:28","version" => "0.07"},{"date" => "2016-02-11T18:01:16","version" => "0.08"},{"date" => "2016-07-18T11:03:07","version" => "0.09"},{"date" => "2016-12-16T21:20:09","version" => "v0.09.0"},{"date" => "2016-12-16T21:36:46","version" => "v0.10.0"},{"date" => "2016-12-16T21:43:21","version" => "v0.100.0"},{"date" => "2018-03-31T14:06:25","version" => "v0.120.0"},{"date" => "2018-05-06T09:28:39","version" => "v0.130.0"},{"date" => "2018-06-05T19:29:29","version" => "v0.130.1"},{"date" => "2019-07-07T08:06:48","version" => "v0.131.0"},{"date" => "2019-07-08T20:46:34","version" => "v1.0.0"},{"date" => "2019-07-09T18:04:14","version" => "v1.0.1"},{"date" => "2019-09-20T06:49:02","version" => "v1.0.2"},{"date" => "2019-09-29T18:24:55","version" => "v1.0.3"},{"date" => "2020-09-21T21:20:33","version" => "v1.1.0"},{"date" => "2020-10-21T20:17:28","version" => "v1.2.0"},{"date" => "2020-10-21T22:24:41","version" => "v1.2.1"},{"date" => "2020-10-23T18:46:24","version" => "v1.2.2"},{"date" => "2020-10-24T07:08:10","version" => "v1.2.3"},{"date" => "2020-10-24T19:58:09","version" => "v1.3.0"},{"date" => "2020-10-25T12:15:26","version" => "v1.4.0"},{"date" => "2021-09-24T12:47:40","version" => "v1.5.0"},{"date" => "2021-11-07T12:22:17","version" => "v1.6.0"},{"date" => "2021-11-07T14:17:22","version" => "v1.6.1"},{"date" => "2024-09-13T19:24:01","version" => "v1.6.2"}]},"POE-Component-IRC" => {"advisories" => [{"affected_versions" => ["<6.32"],"cves" => ["CVE-2010-3438"],"description" => "libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as \\\"some text\\\\rQUIT\\\" to the 'privmsg' handler, which would cause the client to disconnect from the server.\n","distribution" => "POE-Component-IRC","fixed_versions" => [">=6.32"],"id" => "CPANSA-Poe-Component-IRC-2010-3438","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438","https://security-tracker.debian.org/tracker/CVE-2010-3438"],"reported" => "2019-11-12","severity" => "critical"}],"main_module" => "POE::Component::IRC","versions" => [{"date" => "2001-01-14T01:08:55","version" => "1.0"},{"date" => "2001-02-21T23:20:30","version" => "1.0"},{"date" => "2001-03-02T11:10:34","version" => "1.1"},{"date" => "2001-05-24T09:39:58","version" => "1.2"},{"date" => "2001-07-01T00:29:06","version" => "1.3"},{"date" => "2001-07-03T00:23:58","version" => "1.4"},{"date" => "2001-07-05T22:29:01","version" => "1.5"},{"date" => "2001-07-07T02:07:09","version" => "1.6"},{"date" => "2001-07-21T08:09:18","version" => "1.7"},{"date" => "2001-12-11T00:06:53","version" => "1.8"},{"date" => "2001-12-13T07:07:40","version" => "1.9"},{"date" => "2002-02-22T23:26:52","version" => "2.0"},{"date" => "2002-03-05T01:19:43","version" => "2.1"},{"date" => "2002-05-24T20:54:40","version" => "2.2"},{"date" => "2002-09-06T15:29:09","version" => "2.3"},{"date" => "2002-10-10T21:24:56","version" => "2.4"},{"date" => "2002-10-27T19:02:42","version" => "2.5"},{"date" => "2002-12-12T04:30:15","version" => "2.6"},{"date" => "2003-02-02T23:23:52","version" => "2.7"},{"date" => "2003-06-07T23:25:07","version" => "2.8"},{"date" => "2003-07-19T20:38:58","version" => "2.9"},{"date" => "2004-12-31T13:57:37","version" => "3.0"},{"date" => "2005-01-21T12:36:21","version" => "3.1"},{"date" => "2005-02-02T11:58:41","version" => "3.2"},{"date" => "2005-02-02T14:17:25","version" => "3.3"},{"date" => "2005-02-18T15:40:19","version" => "3.4"},{"date" => "2005-02-23T13:35:13","version" => "3.4"},{"date" => "2005-03-01T18:10:05","version" => "3.4"},{"date" => "2005-03-04T17:53:49","version" => "3.4"},{"date" => "2005-03-14T10:31:33","version" => "3.4"},{"date" => "2005-03-21T09:24:00","version" => "3.4"},{"date" => "2005-04-05T09:50:19","version" => "4.0"},{"date" => "2005-04-11T10:31:43","version" => "4.1"},{"date" => "2005-04-14T19:46:49","version" => "4.2"},{"date" => "2005-04-20T08:35:06","version" => "4.3"},{"date" => "2005-04-28T14:23:29","version" => "4.4"},{"date" => "2005-05-22T15:26:46","version" => "4.5"},{"date" => "2005-06-01T14:33:57","version" => "4.6"},{"date" => "2005-06-02T09:53:57","version" => "4.61"},{"date" => "2005-06-02T15:47:47","version" => "4.62"},{"date" => "2005-06-16T21:03:43","version" => "4.63"},{"date" => "2005-07-05T15:28:06","version" => "4.64"},{"date" => "2005-07-13T16:52:52","version" => "4.65"},{"date" => "2005-07-28T17:16:01","version" => "4.66"},{"date" => "2005-08-25T13:31:53","version" => "4.67"},{"date" => "2005-09-02T12:35:28","version" => "4.68"},{"date" => "2005-09-05T11:27:29","version" => "4.69"},{"date" => "2005-09-16T15:59:06","version" => "4.70"},{"date" => "2005-10-13T18:10:10","version" => "4.71"},{"date" => "2005-10-25T18:07:42","version" => "4.72"},{"date" => "2005-10-26T06:43:59","version" => "4.73"},{"date" => "2005-10-26T08:21:25","version" => "4.74"},{"date" => "2005-12-04T17:50:30","version" => "4.75"},{"date" => "2005-12-23T15:22:40","version" => "4.76"},{"date" => "2005-12-26T17:08:35","version" => "4.77"},{"date" => "2006-01-10T22:07:46","version" => "4.78"},{"date" => "2006-01-15T17:09:57","version" => "4.79"},{"date" => "2006-03-16T16:53:54","version" => "4.80"},{"date" => "2006-03-31T16:02:38","version" => "4.81"},{"date" => "2006-04-11T18:38:36","version" => "4.82"},{"date" => "2006-04-11T19:50:58","version" => "4.83"},{"date" => "2006-04-12T13:40:40","version" => "4.84"},{"date" => "2006-04-13T11:43:55","version" => "4.85"},{"date" => "2006-04-27T20:45:17","version" => "4.86"},{"date" => "2006-05-06T16:13:30","version" => "4.87"},{"date" => "2006-05-21T17:09:49","version" => "4.88"},{"date" => "2006-05-22T08:21:25","version" => "4.89"},{"date" => "2006-05-22T12:56:03","version" => "4.90"},{"date" => "2006-06-01T20:15:32","version" => "4.91"},{"date" => "2006-06-11T17:15:17","version" => "4.92"},{"date" => "2006-06-13T18:29:21","version" => "4.93"},{"date" => "2006-07-02T09:10:52","version" => "4.94"},{"date" => "2006-07-05T10:47:35","version" => "4.95"},{"date" => "2006-07-16T13:37:50","version" => "4.96"},{"date" => "2006-07-24T11:55:01","version" => "4.97"},{"date" => "2006-08-18T11:39:13","version" => "4.98"},{"date" => "2006-08-29T16:57:17","version" => "4.99"},{"date" => "2006-09-01T01:32:30","version" => "5.00"},{"date" => "2006-09-07T17:03:08","version" => "5.01"},{"date" => "2006-09-08T15:45:55","version" => "5.02"},{"date" => "2006-09-16T13:33:43","version" => "5.03"},{"date" => "2006-09-25T12:40:35","version" => "5.04"},{"date" => "2006-10-06T14:02:37","version" => "5.05"},{"date" => "2006-10-12T12:29:17","version" => "5.06"},{"date" => "2006-10-17T10:57:25","version" => "5.07"},{"date" => "2006-10-23T12:43:37","version" => "5.08"},{"date" => "2006-10-24T14:15:06","version" => "5.09"},{"date" => "2006-10-24T17:18:06","version" => "5.10"},{"date" => "2006-10-25T15:51:16","version" => "5.11"},{"date" => "2006-11-16T14:01:15","version" => "5.12"},{"date" => "2006-11-19T14:34:09","version" => "5.13"},{"date" => "2006-11-29T11:10:54","version" => "5.14"},{"date" => "2006-12-05T19:42:12","version" => "5.15"},{"date" => "2006-12-06T12:27:38","version" => "5.16"},{"date" => "2006-12-12T23:09:26","version" => "5.17"},{"date" => "2006-12-29T11:08:52","version" => "5.18"},{"date" => "2007-01-31T12:06:39","version" => "5.19"},{"date" => "2007-01-31T17:37:46","version" => "5.20"},{"date" => "2007-02-01T12:39:18","version" => "5.21"},{"date" => "2007-02-02T12:55:07","version" => "5.22"},{"date" => "2007-04-12T15:28:46","version" => "5.23"},{"date" => "2007-04-16T12:51:48","version" => "5.24"},{"date" => "2007-04-29T12:19:32","version" => "5.25"},{"date" => "2007-04-29T14:33:13","version" => "5.26"},{"date" => "2007-05-01T13:21:57","version" => "5.27"},{"date" => "2007-05-01T14:14:27","version" => "5.28"},{"date" => "2007-05-03T12:51:34","version" => "5.29"},{"date" => "2007-05-08T18:38:59","version" => "5.30"},{"date" => "2007-05-18T09:26:43","version" => "5.31_01"},{"date" => "2007-05-31T15:25:34","version" => "5.31_02"},{"date" => "2007-06-01T10:02:23","version" => "5.31_03"},{"date" => "2007-06-05T08:46:20","version" => "5.31_04"},{"date" => "2007-06-11T09:30:57","version" => "5.31_05"},{"date" => "2007-06-12T11:28:18","version" => "5.32"},{"date" => "2007-07-10T17:11:05","version" => "5.33_01"},{"date" => "2007-07-25T10:01:32","version" => "5.34"},{"date" => "2007-11-01T14:32:47","version" => "5.36"},{"date" => "2007-12-05T21:26:00","version" => "5.37_01"},{"date" => "2007-12-06T08:53:09","version" => "5.37_02"},{"date" => "2007-12-06T17:35:01","version" => "5.38"},{"date" => "2007-12-26T11:03:08","version" => "5.40"},{"date" => "2007-12-31T12:44:42","version" => "5.42"},{"date" => "2008-01-01T14:10:56","version" => "5.44"},{"date" => "2008-01-03T15:21:36","version" => "5.46"},{"date" => "2008-01-10T20:32:12","version" => "5.48"},{"date" => "2008-01-13T10:30:41","version" => "5.50"},{"date" => "2008-01-14T08:06:32","version" => "5.52"},{"date" => "2008-01-27T09:43:44","version" => "5.54"},{"date" => "2008-01-31T13:13:54","version" => "5.56"},{"date" => "2008-02-04T08:13:31","version" => "5.58"},{"date" => "2008-02-06T13:54:09","version" => "5.60"},{"date" => "2008-02-07T16:42:54","version" => "5.62"},{"date" => "2008-02-16T08:35:10","version" => "5.64"},{"date" => "2008-02-18T22:11:13","version" => "5.66"},{"date" => "2008-02-20T20:00:00","version" => "5.68"},{"date" => "2008-03-03T10:51:33","version" => "5.70"},{"date" => "2008-03-21T10:56:45","version" => "5.72"},{"date" => "2008-04-02T15:23:28","version" => "5.74"},{"date" => "2008-04-24T15:13:29","version" => "5.76"},{"date" => "2008-05-30T07:16:00","version" => "5.78"},{"date" => "2008-06-12T15:42:21","version" => "5.80"},{"date" => "2008-06-14T08:49:07","version" => "5.82"},{"date" => "2008-06-26T19:16:22","version" => "5.84"},{"date" => "2008-07-22T09:11:40","version" => "5.86"},{"date" => "2008-08-28T15:06:57","version" => "5.88"},{"date" => "2009-01-22T11:04:20","version" => "5.90"},{"date" => "2009-01-27T13:08:53","version" => "5.92"},{"date" => "2009-01-27T21:56:50","version" => "5.94"},{"date" => "2009-01-28T12:02:40","version" => "5.96"},{"date" => "2009-03-02T23:16:08","version" => "5.98"},{"date" => "2009-03-04T23:31:34","version" => "6.00"},{"date" => "2009-03-06T11:07:07","version" => "6.02"},{"date" => "2009-03-07T23:41:08","version" => "6.04"},{"date" => "2009-04-11T09:24:16","version" => "6.05_01"},{"date" => "2009-04-30T12:12:52","version" => "6.06"},{"date" => "2009-05-29T11:58:02","version" => "6.08"},{"date" => "2009-07-09T20:20:10","version" => "6.09_01"},{"date" => "2009-07-10T09:17:48","version" => "6.09_02"},{"date" => "2009-07-10T14:24:17","version" => "6.09_03"},{"date" => "2009-07-12T20:52:44","version" => "6.09_04"},{"date" => "2009-07-16T14:20:12","version" => "6.09_05"},{"date" => "2009-07-17T10:23:41","version" => "6.09_06"},{"date" => "2009-07-21T06:26:37","version" => "6.09_07"},{"date" => "2009-07-27T12:19:55","version" => "6.09_08"},{"date" => "2009-07-29T11:16:27","version" => "6.09_09"},{"date" => "2009-07-30T13:40:56","version" => "6.09_10"},{"date" => "2009-08-07T12:59:58","version" => "6.09_11"},{"date" => "2009-08-14T20:49:04","version" => "6.10"},{"date" => "2009-08-19T09:21:27","version" => "6.11_01"},{"date" => "2009-09-10T09:00:17","version" => "6.12"},{"date" => "2009-09-24T15:13:45","version" => "6.14"},{"date" => "2009-10-11T09:02:32","version" => "6.16"},{"date" => "2009-12-11T19:28:22","version" => "6.18"},{"date" => "2010-01-15T18:42:20","version" => "6.20"},{"date" => "2010-01-20T01:54:34","version" => "6.22"},{"date" => "2010-02-12T02:47:46","version" => "6.24"},{"date" => "2010-03-14T07:34:45","version" => "6.26"},{"date" => "2010-03-14T10:57:17","version" => "6.28"},{"date" => "2010-05-10T14:40:23","version" => "6.30"},{"date" => "2010-05-11T13:45:23","version" => "6.32"},{"date" => "2010-06-21T20:28:42","version" => "6.33"},{"date" => "2010-06-25T18:17:14","version" => "6.34"},{"date" => "2010-06-27T09:33:18","version" => "6.35"},{"date" => "2010-07-26T03:54:08","version" => "6.36"},{"date" => "2010-08-17T23:08:39","version" => "6.37"},{"date" => "2010-09-03T18:33:58","version" => "6.38"},{"date" => "2010-09-04T02:16:21","version" => "6.39"},{"date" => "2010-09-09T06:56:17","version" => "6.40"},{"date" => "2010-09-23T21:34:09","version" => "6.41"},{"date" => "2010-09-25T09:40:47","version" => "6.42"},{"date" => "2010-09-25T21:30:54","version" => "6.43"},{"date" => "2010-09-25T23:35:19","version" => "6.44"},{"date" => "2010-09-26T03:42:36","version" => "6.45"},{"date" => "2010-09-29T04:59:09","version" => "6.46"},{"date" => "2010-10-03T15:29:13","version" => "6.47"},{"date" => "2010-10-03T19:50:31","version" => "6.48"},{"date" => "2010-10-16T19:05:02","version" => "6.49"},{"date" => "2010-11-03T02:06:04","version" => "6.50"},{"date" => "2010-11-05T11:29:30","version" => "6.51"},{"date" => "2010-11-05T17:26:55","version" => "6.52"},{"date" => "2011-03-10T15:39:11","version" => "6.53"},{"date" => "2011-03-10T18:21:18","version" => "6.54"},{"date" => "2011-04-01T18:38:19","version" => "6.55"},{"date" => "2011-04-01T20:05:44","version" => "6.56"},{"date" => "2011-04-02T03:41:42","version" => "6.57"},{"date" => "2011-04-04T17:52:07","version" => "6.58"},{"date" => "2011-04-04T20:23:21","version" => "6.59"},{"date" => "2011-04-15T06:13:37","version" => "6.60"},{"date" => "2011-04-19T17:04:11","version" => "6.61"},{"date" => "2011-05-03T11:00:14","version" => "6.62"},{"date" => "2011-05-15T05:08:04","version" => "6.63"},{"date" => "2011-05-15T10:00:34","version" => "6.64"},{"date" => "2011-05-19T01:55:49","version" => "6.65"},{"date" => "2011-05-19T22:33:07","version" => "6.66"},{"date" => "2011-05-22T16:45:17","version" => "6.67"},{"date" => "2011-05-22T17:02:27","version" => "6.68"},{"date" => "2011-07-29T01:54:20","version" => "6.69"},{"date" => "2011-08-02T03:40:17","version" => "6.70"},{"date" => "2011-09-18T16:08:38","version" => "6.71"},{"date" => "2011-10-07T15:42:11","version" => "6.72"},{"date" => "2011-10-08T04:41:24","version" => "6.73"},{"date" => "2011-10-09T20:16:25","version" => "6.74"},{"date" => "2011-11-13T14:26:23","version" => "6.75"},{"date" => "2011-11-29T03:25:52","version" => "6.76"},{"date" => "2011-12-02T03:56:47","version" => "6.77"},{"date" => "2011-12-07T20:30:42","version" => "6.78"},{"date" => "2012-09-19T13:26:08","version" => "6.79"},{"date" => "2012-09-20T08:55:35","version" => "6.80"},{"date" => "2012-11-23T15:56:03","version" => "6.81"},{"date" => "2013-03-09T22:17:24","version" => "6.82"},{"date" => "2013-05-27T09:43:25","version" => "6.83"},{"date" => "2014-06-17T09:47:20","version" => "6.84"},{"date" => "2014-06-19T09:22:12","version" => "6.85"},{"date" => "2014-06-20T10:14:59","version" => "6.86"},{"date" => "2014-06-21T14:09:46","version" => "6.87"},{"date" => "2014-06-28T12:16:18","version" => "6.88"},{"date" => "2017-09-05T18:14:17","version" => "6.89"},{"date" => "2017-09-05T18:19:13","version" => "6.90"},{"date" => "2021-06-05T12:55:31","version" => "6.91"},{"date" => "2021-06-08T13:32:11","version" => "6.92"},{"date" => "2021-06-15T18:29:10","version" => "6.93"},{"date" => "2025-07-07T00:26:11","version" => "6.94"},{"date" => "2025-07-07T01:32:11","version" => "6.95"}]},"POSIX-2008" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "POSIX::2008's implementation of readlink() and readlinkat(). The underlying syscalls do not add any null terminator byte at the end of the output buffer, but _readlink50c() in 2008.XS also fails to add a null terminator before returning the result string to perl. This results in arbitrary memory contents being visible in the result returned to perl code by readlink() and readlinkat(). At the very least, this causes failures in any downstream code that attempts to access whatever filename (plus the erroneous garbage) was linked to.\n","distribution" => "POSIX-2008","fixed_versions" => [">=0.04"],"id" => "CPANSA-POSIX-2008-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=96644"],"reported" => undef,"severity" => undef},{"affected_versions" => ["<0.24"],"cves" => ["CVE-2024-55564"],"description" => "Fixed potential env buffer overflow in _execve50c()\n","distribution" => "POSIX-2008","fixed_versions" => [">=0.24"],"id" => "CPANSA-POSIX-2008-002","references" => ["https://metacpan.org/release/CGPAN/POSIX-2008-0.24/source/Changes"],"reported" => undef,"severity" => undef}],"main_module" => "POSIX::2008","versions" => [{"date" => "2013-09-13T17:14:53","version" => "0.01"},{"date" => "2013-09-14T16:20:56","version" => "0.02"},{"date" => "2013-09-16T09:32:15","version" => "0.03"},{"date" => "2015-05-25T13:51:17","version" => "0.04"},{"date" => "2017-08-25T20:52:28","version" => "0.05"},{"date" => "2017-08-26T17:21:09","version" => "0.06"},{"date" => "2017-08-27T14:55:54","version" => "0.07"},{"date" => "2017-08-31T18:14:24","version" => "0.08"},{"date" => "2017-09-01T10:14:04","version" => "0.09"},{"date" => "2017-09-02T09:15:21","version" => "0.10"},{"date" => "2017-09-02T13:11:19","version" => "0.11"},{"date" => "2017-09-03T20:02:26","version" => "0.12"},{"date" => "2017-09-08T11:50:51","version" => "0.13"},{"date" => "2017-09-09T18:04:53","version" => "0.14"},{"date" => "2017-09-10T12:50:52","version" => "0.15"},{"date" => "2017-09-15T14:59:53","version" => "0.16"},{"date" => "2023-06-01T13:51:43","version" => "0.18"},{"date" => "2023-07-07T13:52:59","version" => "0.19"},{"date" => "2023-07-08T12:09:34","version" => "0.20_01"},{"date" => "2023-07-09T08:25:58","version" => "0.20_02"},{"date" => "2023-07-11T15:26:35","version" => "0.20_03"},{"date" => "2023-07-12T17:47:09","version" => "0.20_04"},{"date" => "2023-07-13T17:26:29","version" => "0.20_05"},{"date" => "2023-07-14T15:57:30","version" => "0.20"},{"date" => "2023-11-16T19:54:40","version" => "0.21"},{"date" => "2024-01-26T16:30:56","version" => "0.22"},{"date" => "2024-01-27T15:34:00","version" => "0.23"},{"date" => "2024-06-14T12:10:38","version" => "0.24"},{"date" => "2025-07-12T16:48:06","version" => "0.25"},{"date" => "2025-07-25T10:05:43","version" => "0.26"}]},"Parallel-ForkManager" => {"advisories" => [{"affected_versions" => ["<1.0.0"],"cves" => ["CVE-2011-4115"],"description" => "Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.\n","distribution" => "Parallel-ForkManager","fixed_versions" => [">1.0.0"],"id" => "CPANSA-Parallel-ForkManager-2011-4115","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://rt.cpan.org/Public/Bug/Display.html?id=68298"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Parallel::ForkManager","versions" => [{"date" => "2000-10-19T21:52:22","version" => "0.5"},{"date" => "2000-11-30T11:03:55","version" => "0.6"},{"date" => "2001-04-04T11:28:22","version" => "0.7"},{"date" => "2001-05-14T14:34:23","version" => "v0.7.2"},{"date" => "2001-10-24T00:32:21","version" => "v0.7.3"},{"date" => "2002-07-04T21:16:46","version" => "v0.7.4"},{"date" => "2002-12-25T23:14:12","version" => "v0.7.5"},{"date" => "2010-08-15T10:53:20","version" => "0.7.6"},{"date" => "2010-09-27T22:27:36","version" => "0.7.7"},{"date" => "2010-10-25T16:44:43","version" => "0.7.8"},{"date" => "2010-11-01T18:06:12","version" => "0.7.9"},{"date" => "2012-12-23T10:29:10","version" => "v1.0.0"},{"date" => "2012-12-23T19:35:57","version" => "1.01"},{"date" => "2012-12-24T11:30:23","version" => "1.02"},{"date" => "2013-03-06T09:31:14","version" => "1.03"},{"date" => "2013-09-03T06:57:39","version" => "1.04"},{"date" => "2013-09-18T08:58:10","version" => "1.05"},{"date" => "2013-12-24T20:42:36","version" => "1.06"},{"date" => "2014-11-10T07:11:25","version" => "1.07"},{"date" => "2015-01-07T15:27:26","version" => "1.08"},{"date" => "2015-01-08T14:47:12","version" => "1.09"},{"date" => "2015-01-15T15:22:56","version" => "1.10"},{"date" => "2015-01-22T19:09:25","version" => "1.10_1"},{"date" => "2015-01-26T19:32:34","version" => "1.10_2"},{"date" => "2015-01-30T16:16:43","version" => "1.11"},{"date" => "2015-02-23T23:22:38","version" => "1.12"},{"date" => "2015-05-11T22:32:07","version" => "1.13"},{"date" => "2015-05-17T21:19:58","version" => "1.14"},{"date" => "2015-07-08T21:41:39","version" => "1.15"},{"date" => "2015-10-08T22:51:51","version" => "1.16"},{"date" => "2015-11-28T14:50:06","version" => "1.17"},{"date" => "2016-03-29T23:27:09","version" => "1.18"},{"date" => "2016-06-28T23:04:26","version" => "1.19"},{"date" => "2018-07-19T00:48:24","version" => "1.20"},{"date" => "2018-08-23T01:28:34","version" => "2.00"},{"date" => "2018-08-23T23:59:37","version" => "2.01"},{"date" => "2018-10-08T23:21:03","version" => "2.02"},{"date" => "2024-08-24T18:13:26","version" => "2.03"},{"date" => "2025-08-30T16:12:19","version" => "2.04"}]},"PathTools" => {"advisories" => [{"affected_versions" => ["<3.65"],"cves" => ["CVE-2016-1238"],"description" => "Does not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "PathTools","fixed_versions" => [">=3.65"],"id" => "CPANSA-PathTools-2016-02","references" => ["https://metacpan.org/changes/distribution/PathTools"],"reported" => "2016-02-08"},{"affected_versions" => ["<3.62"],"cves" => ["CVE-2015-8607"],"description" => "Does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.\n","distribution" => "PathTools","fixed_versions" => [">=3.62"],"id" => "CPANSA-PathTools-2016-01","references" => ["https://metacpan.org/changes/distribution/PathTools"],"reported" => "2016-01-11"}],"main_module" => "Cwd","versions" => [{"date" => "2004-09-03T03:40:00","version" => "3.00"},{"date" => "2004-09-07T03:39:26","version" => "3.01"},{"date" => "2004-11-19T04:26:35","version" => "3.01_01"},{"date" => "2004-11-29T04:20:10","version" => "3.01_02"},{"date" => "2004-11-30T02:34:46","version" => "3.01_03"},{"date" => "2005-01-10T01:33:05","version" => "3.02"},{"date" => "2005-01-22T03:59:59","version" => "3.03"},{"date" => "2005-02-07T00:28:43","version" => "3.04"},{"date" => "2005-02-28T13:27:37","version" => "3.05"},{"date" => "2005-04-14T02:06:10","version" => "3.06"},{"date" => "2005-05-06T12:50:38","version" => "3.07"},{"date" => "2005-05-28T15:13:27","version" => "3.08"},{"date" => "2005-06-15T23:45:19","version" => "3.09"},{"date" => "2005-08-26T03:29:11","version" => "3.10"},{"date" => "2005-08-28T01:16:38","version" => "3.11"},{"date" => "2005-10-04T03:14:00","version" => "3.12"},{"date" => "2005-11-16T05:58:53","version" => "3.13"},{"date" => "2005-11-18T00:15:37","version" => "3.14"},{"date" => "2005-12-10T04:51:57","version" => "3.14_01"},{"date" => "2005-12-14T05:11:27","version" => "3.14_02"},{"date" => "2005-12-27T20:32:26","version" => "3.15"},{"date" => "2006-01-31T02:52:07","version" => "3.16"},{"date" => "2006-03-03T22:55:18","version" => "3.17"},{"date" => "2006-04-28T03:04:00","version" => "3.18"},{"date" => "2006-07-12T03:43:15","version" => "3.19"},{"date" => "2006-10-05T02:18:51","version" => "3.21"},{"date" => "2006-10-10T02:53:23","version" => "3.22"},{"date" => "2006-10-11T17:13:59","version" => "3.23"},{"date" => "2006-11-20T04:53:56","version" => "3.24"},{"date" => "2007-05-22T02:08:53","version" => "3.25"},{"date" => "2007-10-14T02:15:40","version" => "3.25_01"},{"date" => "2007-12-25T02:34:28","version" => "3.2501"},{"date" => "2008-01-14T12:02:28","version" => "3.26"},{"date" => "2008-01-15T23:27:33","version" => "3.26_01"},{"date" => "2008-01-17T02:21:47","version" => "3.27"},{"date" => "2008-02-12T03:46:01","version" => "3.2701"},{"date" => "2008-07-26T02:19:45","version" => "3.28_01"},{"date" => "2008-10-27T19:27:37","version" => "3.28_02"},{"date" => "2008-10-27T21:16:35","version" => "3.28_03"},{"date" => "2008-10-29T20:11:52","version" => "3.29"},{"date" => "2009-05-07T18:27:46","version" => "3.29_01"},{"date" => "2009-05-10T08:59:46","version" => "3.30"},{"date" => "2009-09-21T12:46:15","version" => "3.30_01"},{"date" => "2009-09-29T06:22:30","version" => "3.30_02"},{"date" => "2009-11-01T14:22:36","version" => "3.31"},{"date" => "2010-07-23T08:10:31","version" => "3.31_02"},{"date" => "2010-09-17T13:24:05","version" => "3.31_03"},{"date" => "2010-09-19T15:53:14","version" => "3.32"},{"date" => "2010-09-20T07:54:00","version" => "3.33"},{"date" => "2011-12-20T07:42:29","version" => "3.39_01"},{"date" => "2013-01-16T06:35:08","version" => "3.40"},{"date" => "2014-05-01T18:34:31","version" => "3.46_01"},{"date" => "2014-05-23T17:00:38","version" => "3.47"},{"date" => "2015-07-11T22:18:08","version" => "3.56_01"},{"date" => "2015-07-16T15:33:27","version" => "3.56_02"},{"date" => "2015-11-09T22:09:25","version" => "3.58_01"},{"date" => "2015-11-13T23:46:00","version" => "3.59"},{"date" => "2015-11-19T02:32:50","version" => "3.60"},{"date" => "2016-01-11T13:49:31","version" => "3.62"},{"date" => "2018-02-18T20:27:27","version" => "3.73"},{"date" => "2018-02-19T08:41:14","version" => "3.74"},{"date" => "2018-08-29T19:53:19","version" => "3.75"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "2.00"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "2.01"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006000","version" => "2.02"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "2.04"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.06"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "2.08"},{"date" => "2004-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008003","version" => "2.12"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "2.17"},{"date" => "2004-07-19T00:00:00","dual_lived" => 1,"perl_release" => "5.008005","version" => "2.19"},{"date" => "2009-10-02T00:00:00","dual_lived" => 1,"perl_release" => "5.011000","version" => "3.3002"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "3.34"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "3.35"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "3.36"},{"date" => "2011-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013010","version" => "3.37"},{"date" => "2011-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015006","version" => "3.38"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "3.39_02"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "3.39_03"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "3.41"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "3.44"},{"date" => "2013-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019005","version" => "3.45"},{"date" => "2014-09-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020001","version" => "3.48"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "3.48_01"},{"date" => "2014-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021002","version" => "3.49"},{"date" => "2014-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021004","version" => "3.50"},{"date" => "2014-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021005","version" => "3.51"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "3.54"},{"date" => "2015-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02101","version" => "3.55"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "3.56"},{"date" => "2015-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023002","version" => "3.57"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "3.58"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "3.63"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "3.63_01"},{"date" => "2016-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025002","version" => "3.64"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "3.65"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "3.66"},{"date" => "2017-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025011","version" => "3.67"},{"date" => "2017-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027002","version" => "3.68"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "3.70"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "3.71"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "3.72"},{"date" => "2018-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029005","version" => "3.76"},{"date" => "2019-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029007","version" => "3.77"},{"date" => "2019-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029010","version" => "3.78"},{"date" => "2020-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033004","version" => "3.79"},{"date" => "2020-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033005","version" => "3.80"},{"date" => "2021-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035001","version" => "3.81"},{"date" => "2021-07-23T00:00:00","dual_lived" => 1,"perl_release" => "5.035002","version" => "3.82"},{"date" => "2021-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035007","version" => "3.83"},{"date" => "2022-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035010","version" => "3.84"},{"date" => "2022-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037001","version" => "3.85"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "3.86"},{"date" => "2022-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037007","version" => "3.88"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.03701","version" => "3.89"},{"date" => "2023-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039002","version" => "3.90"},{"date" => "2025-01-18T00:00:00","dual_lived" => 1,"perl_release" => "5.040001","version" => "3.91"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.92"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "3.94"}]},"Perl-Tidy" => {"advisories" => [{"affected_versions" => ["<20170521"],"cves" => ["CVE-2016-10374"],"description" => "perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.","distribution" => "Perl-Tidy","fixed_versions" => [">=20170521"],"id" => "CPANSA-Perl-Tidy-2016-10374","references" => ["https://bugs.debian.org/862667"],"reported" => "2017-05-17","severity" => undef},{"affected_versions" => ["<20140328"],"comment" => "This issue is actually about a temporary file with a a particular, known name (perltidy.TMP), and that expression of the problem was fixed. This does not mean that all similar problems are solved.","cves" => ["CVE-2014-2277"],"description" => "The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.","distribution" => "Perl-Tidy","fixed_versions" => [">=20140328"],"id" => "CPANSA-Perl-Tidy-2014-2277","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130464.html","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html","http://www.openwall.com/lists/oss-security/2014/03/09/1","http://www.securityfocus.com/bid/66139","https://bugzilla.redhat.com/show_bug.cgi?id=1074720","https://exchange.xforce.ibmcloud.com/vulnerabilities/92104","https://github.com/perltidy/perltidy/issues/193"],"reported" => "2017-10-17","severity" => undef}],"main_module" => "Perl::Tidy","versions" => [{"date" => "2002-12-12T04:04:58","version" => 20021130},{"date" => "2003-07-29T01:16:45","version" => 20030726},{"date" => "2003-10-22T19:58:39","version" => 20031021},{"date" => "2006-06-14T19:23:10","version" => 20060614},{"date" => "2006-07-21T13:54:28","version" => 20060719},{"date" => "2007-04-24T16:01:04","version" => 20070424},{"date" => "2007-05-04T17:15:58","version" => 20070504},{"date" => "2007-05-08T20:58:34","version" => 20070508},{"date" => "2007-08-01T17:28:17","version" => 20070801},{"date" => "2007-12-06T18:43:33","version" => 20071205},{"date" => "2009-06-17T12:24:15","version" => 20090616},{"date" => "2010-12-17T01:14:33","version" => 20101217},{"date" => "2012-06-19T22:24:36","version" => 20120619},{"date" => "2012-07-01T21:48:51","version" => 20120701},{"date" => "2012-07-14T14:05:46","version" => 20120714},{"date" => "2012-12-09T14:22:00","version" => 20121207},{"date" => "2013-07-16T23:57:29","version" => 20130717},{"date" => "2013-08-05T23:43:11","version" => 20130805},{"date" => "2013-08-06T00:53:04","version" => 20130806},{"date" => "2013-09-22T14:50:31","version" => 20130922},{"date" => "2014-03-28T12:47:26","version" => 20140328},{"date" => "2014-07-11T12:19:22","version" => 20140711},{"date" => "2015-08-15T01:10:08","version" => 20150815},{"date" => "2016-02-27T16:37:50","version" => 20160301},{"date" => "2016-03-01T16:02:00","version" => 20160302},{"date" => "2017-05-21T15:50:20","version" => 20170521},{"date" => "2017-12-14T14:28:53","version" => 20171214},{"date" => "2017-12-31T15:46:44","version" => 20180101},{"date" => "2018-02-18T19:39:25","version" => 20180219},{"date" => "2018-02-20T11:53:21","version" => 20180220},{"date" => "2018-11-17T01:59:23","version" => 20181117},{"date" => "2018-11-18T04:52:04","version" => 20181118},{"date" => "2018-11-18T05:56:29","version" => 20181119},{"date" => "2018-11-19T15:37:08","version" => 20181120},{"date" => "2019-05-31T14:47:55","version" => 20190601},{"date" => "2019-09-14T23:41:55","version" => 20190915},{"date" => "2019-12-03T14:34:15","version" => 20191203},{"date" => "2020-01-09T23:28:34","version" => 20200110},{"date" => "2020-06-19T13:05:06","version" => 20200619},{"date" => "2020-08-22T13:34:22","version" => 20200822},{"date" => "2020-09-06T21:51:31","version" => 20200907},{"date" => "2020-09-28T23:43:58","version" => 20201001},{"date" => "2020-12-02T23:45:54","version" => 20201202},{"date" => "2020-12-06T22:05:36","version" => 20201207},{"date" => "2021-01-10T15:32:47","version" => 20210111},{"date" => "2021-04-01T13:13:11","version" => 20210402},{"date" => "2021-06-24T14:09:49","version" => 20210625},{"date" => "2021-07-17T13:21:01","version" => 20210717},{"date" => "2021-10-29T12:52:01","version" => 20211029},{"date" => "2022-02-15T14:21:53","version" => 20220215},{"date" => "2022-02-15T16:27:06","version" => 20220216},{"date" => "2022-02-15T16:54:52","version" => 20220217},{"date" => "2022-06-13T12:51:44","version" => 20220613},{"date" => "2022-11-10T13:56:33","version" => 20221111},{"date" => "2022-11-11T13:33:22","version" => 20221112},{"date" => "2023-03-08T15:07:20","version" => 20230309},{"date" => "2023-07-01T13:11:20","version" => 20230701},{"date" => "2023-09-08T13:48:48","version" => 20230909},{"date" => "2023-09-12T21:49:07","version" => 20230912},{"date" => "2024-02-01T13:55:33","version" => 20240202},{"date" => "2024-05-10T13:16:10","version" => 20240511},{"date" => "2024-09-03T13:06:06","version" => 20240903},{"date" => "2025-01-05T01:48:16","version" => 20250105},{"date" => "2025-02-13T14:45:10","version" => 20250214},{"date" => "2025-03-11T23:43:02","version" => 20250311},{"date" => "2025-06-15T13:30:07","version" => 20250616},{"date" => "2025-07-11T13:09:54","version" => 20250711},{"date" => "2025-09-12T13:54:29","version" => 20250912},{"date" => "2026-01-08T14:58:18","version" => 20260109},{"date" => "2026-02-03T14:43:25","version" => 20260204}]},"Perl-Version" => {"advisories" => [{"affected_versions" => ["<1.013"],"cves" => [],"description" => "Insecure dependency File::Slurp is used.\n","distribution" => "Perl-Version","fixed_versions" => [">=1.013"],"id" => "CPANSA-Perl-Version-2014-01","references" => ["https://metacpan.org/changes/distribution/Perl-Version","https://rt.cpan.org/Public/Bug/Display.html?id=92974"],"reported" => "2014-02-12"}],"main_module" => "Perl::Version","versions" => [{"date" => "2007-02-07T19:41:42","version" => "v0.0.1"},{"date" => "2007-02-23T18:03:11","version" => "v0.0.3"},{"date" => "2007-02-24T18:03:42","version" => "v0.0.4"},{"date" => "2007-02-25T12:41:13","version" => "v0.0.5"},{"date" => "2007-02-27T12:46:07","version" => "v0.0.6"},{"date" => "2007-02-28T01:27:59","version" => "v0.0.7"},{"date" => "2007-06-20T16:09:31","version" => "0.0.8"},{"date" => "2007-09-03T14:28:35","version" => "v1.000"},{"date" => "2007-09-07T15:42:58","version" => "v1.001"},{"date" => "2007-09-07T15:58:18","version" => "v1.002"},{"date" => "2007-11-08T12:14:27","version" => "1.003"},{"date" => "2007-11-08T12:24:59","version" => "1.004"},{"date" => "2008-04-03T14:56:16","version" => "1.005"},{"date" => "2008-04-07T19:14:56","version" => "1.006"},{"date" => "2008-04-07T19:27:24","version" => "1.007"},{"date" => "2009-03-07T16:40:03","version" => "1.008"},{"date" => "2009-03-09T16:22:08","version" => "1.009"},{"date" => "2010-09-19T15:37:48","version" => "1.010"},{"date" => "2011-02-21T21:32:17","version" => "1.011"},{"date" => "2014-02-12T20:58:43","version" => "1.013"},{"date" => "2014-02-14T16:08:42","version" => "1.013_01"},{"date" => "2014-02-18T16:42:57","version" => "1.013_02"},{"date" => "2015-11-21T06:05:48","version" => "1.013_03"},{"date" => "2024-01-04T15:11:21","version" => "1.015"},{"date" => "2024-01-05T13:57:01","version" => "1.016"},{"date" => "2024-03-09T01:38:25","version" => "1.017"},{"date" => "2025-01-27T13:08:16","version" => "1.018"},{"date" => "2026-02-24T23:29:53","version" => "1.019"}]},"Perl6-Pugs" => {"advisories" => [{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-1659"],"description" => "Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched \"\\Q\\E\" sequences with orphan \"\\E\" codes.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-1659-libpcre","references" => ["http://www.pcre.org/changelog.txt","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.mandriva.com/security/advisories?name=MDKSA-2007:212","http://www.redhat.com/support/errata/RHSA-2007-0967.html","http://www.redhat.com/support/errata/RHSA-2007-1068.html","http://www.novell.com/linux/security/advisories/2007_62_pcre.html","http://www.novell.com/linux/security/advisories/2007_25_sr.html","http://www.securityfocus.com/bid/26346","http://securitytracker.com/id?1018895","http://secunia.com/advisories/27598","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27547","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27773","http://secunia.com/advisories/27697","http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm","http://docs.info.apple.com/article.html?artnum=307179","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28041","http://secunia.com/advisories/27965","http://secunia.com/advisories/28136","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://www.mandriva.com/security/advisories?name=MDVSA-2008:030","http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html","http://secunia.com/advisories/28658","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://docs.info.apple.com/article.html?artnum=307562","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://secunia.com/advisories/30106","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2008/0924/references","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2007/3790","http://www.debian.org/security/2007/dsa-1399","http://www.debian.org/security/2008/dsa-1570","https://exchange.xforce.ibmcloud.com/vulnerabilities/38272","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-1661"],"description" => "Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the \"\\X?\\d\" and \"\\P{L}?\\d\" patterns.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-1661-libpcre","references" => ["http://www.pcre.org/changelog.txt","http://www.debian.org/security/2007/dsa-1399","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.novell.com/linux/security/advisories/2007_62_pcre.html","http://www.securityfocus.com/bid/26346","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27773","http://secunia.com/advisories/27697","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28136","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://secunia.com/advisories/30106","http://www.debian.org/security/2008/dsa-1570","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2007/3790","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2008/0924/references","http://docs.info.apple.com/article.html?artnum=307562","http://docs.info.apple.com/article.html?artnum=307179","https://exchange.xforce.ibmcloud.com/vulnerabilities/38274","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-1662"],"description" => "Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-1662-libpcre","references" => ["http://www.pcre.org/changelog.txt","http://www.debian.org/security/2007/dsa-1399","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.securityfocus.com/bid/26346","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27697","http://docs.info.apple.com/article.html?artnum=307179","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28136","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://docs.info.apple.com/article.html?artnum=307562","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://secunia.com/advisories/30106","http://www.debian.org/security/2008/dsa-1570","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2007/3790","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2008/0924/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/38275","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-4766"],"description" => "Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-4766-libpcre","references" => ["http://www.pcre.org/changelog.txt","http://www.debian.org/security/2007/dsa-1399","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.novell.com/linux/security/advisories/2007_62_pcre.html","http://www.securityfocus.com/bid/26346","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27773","http://secunia.com/advisories/27697","http://docs.info.apple.com/article.html?artnum=307179","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28136","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://docs.info.apple.com/article.html?artnum=307562","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://www.debian.org/security/2008/dsa-1570","http://secunia.com/advisories/30106","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2007/3790","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2008/0924/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/38276","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-4767"],"description" => "Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \\p sequence, (2) a \\P sequence, or (3) a \\P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-4767-libpcre","references" => ["http://www.pcre.org/changelog.txt","http://www.debian.org/security/2007/dsa-1399","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.novell.com/linux/security/advisories/2007_62_pcre.html","http://www.securityfocus.com/bid/26346","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27773","http://secunia.com/advisories/27697","http://docs.info.apple.com/article.html?artnum=307179","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28136","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://docs.info.apple.com/article.html?artnum=307562","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://secunia.com/advisories/30106","http://www.debian.org/security/2008/dsa-1570","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2007/3790","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2008/0924/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/38277","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-4768"],"description" => "Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-4768-libpcre","references" => ["http://www.debian.org/security/2007/dsa-1399","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.securityfocus.com/bid/26346","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27697","http://www.adobe.com/support/security/bulletins/apsb07-20.html","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.redhat.com/support/errata/RHSA-2007-1126.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://www.us-cert.gov/cas/techalerts/TA07-355A.html","http://securitytracker.com/id?1019116","http://secunia.com/advisories/28136","http://secunia.com/advisories/28157","http://secunia.com/advisories/28161","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml","http://secunia.com/advisories/28570","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html","http://secunia.com/advisories/28213","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://www.adobe.com/support/security/bulletins/apsb08-13.html","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1","http://secunia.com/advisories/30507","http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1","http://secunia.com/advisories/30840","http://secunia.com/advisories/30106","http://www.debian.org/security/2008/dsa-1570","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2007/4258","http://www.vupen.com/english/advisories/2008/1966/references","http://www.vupen.com/english/advisories/2008/0924/references","http://www.vupen.com/english/advisories/2008/1724/references","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2007/3790","http://docs.info.apple.com/article.html?artnum=307562","http://docs.info.apple.com/article.html?artnum=307179","https://exchange.xforce.ibmcloud.com/vulnerabilities/38278","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef}],"main_module" => "Perl6::Pugs","versions" => [{"date" => "2005-02-06T19:03:38","version" => "6.0.0"},{"date" => "2005-02-07T00:46:57","version" => "6.0.1"},{"date" => "2005-02-09T04:59:47","version" => "6.0.2"},{"date" => "2005-02-11T19:27:50","version" => "6.0.2"},{"date" => "2005-02-12T04:11:20","version" => "6.0.4"},{"date" => "2005-02-14T18:13:02","version" => "6.0.5"},{"date" => "2005-02-17T18:36:41","version" => "6.0.6"},{"date" => "2005-02-17T18:44:09","version" => "6.0.7"},{"date" => "2005-02-20T19:24:21","version" => "6.0.7"},{"date" => "2005-02-28T04:51:23","version" => "6.0.9"},{"date" => "2005-03-05T03:38:25","version" => "6.0.9"},{"date" => "2005-03-13T20:41:30","version" => "6.0.11"},{"date" => "2005-03-20T17:55:40","version" => "6.0.9"},{"date" => "2005-03-27T07:10:11","version" => "6.0.13"},{"date" => "2005-04-04T04:21:37","version" => "6.0.14"},{"date" => "2005-04-12T19:51:15","version" => "6.2.0"},{"date" => "2005-04-23T22:56:30","version" => "6.2.1"},{"date" => "2005-05-01T16:29:36","version" => "6.2.2"},{"date" => "2005-05-12T17:15:04","version" => "6.2.3"},{"date" => "2005-05-23T21:17:12","version" => "6.2.4"},{"date" => "2005-05-23T21:39:42","version" => "6.2.5"},{"date" => "2005-06-02T03:17:03","version" => "6.2.6"},{"date" => "2005-06-13T12:34:18","version" => "6.2.7"},{"date" => "2005-07-13T16:16:05","version" => "6.2.8"},{"date" => "2005-08-03T19:19:38","version" => "6.2.9"},{"date" => "2005-10-10T01:32:18","version" => "6.2.10"},{"date" => "2006-02-01T21:12:47","version" => "6.2.11"},{"date" => "2006-06-26T20:22:01","version" => "6.2.11"},{"date" => "2006-10-17T12:51:53","version" => "6.2.13"}]},"PerlSpeak" => {"advisories" => [{"affected_versions" => ["<=2.01"],"cves" => ["CVE-2020-10674"],"description" => "PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.","distribution" => "PerlSpeak","fixed_versions" => [">2.01"],"id" => "CPANSA-PerlSpeak-2011-10007","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-10674","https://metacpan.org/source/JKAMPHAUS/PerlSpeak-2.01/Changes","https://rt.cpan.org/Public/Bug/Display.html?id=132173","https://github.com/gitpan/PerlSpeak"],"reported" => "2025-06-05","severity" => undef}],"main_module" => "PerlSpeak","versions" => [{"date" => "2007-01-08T06:32:14","version" => "0.01"},{"date" => "2007-01-09T06:00:00","version" => "0.03"},{"date" => "2007-01-20T19:51:59","version" => "0.50"},{"date" => "2007-01-24T19:12:12","version" => "0.50"},{"date" => "2007-06-18T04:41:45","version" => "1.0"},{"date" => "2007-11-02T15:03:33","version" => "1.50"},{"date" => "2008-01-03T02:33:29","version" => "2.01"}]},"Perlbal" => {"advisories" => [{"affected_versions" => ["<1.70"],"cves" => ["CVE-2008-1652"],"description" => "Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter.  NOTE: some of these details are obtained from third party information.\n","distribution" => "Perlbal","fixed_versions" => [],"id" => "CPANSA-Perlbal-2008-1652","references" => ["http://search.cpan.org/src/BRADFITZ/Perlbal-1.70/CHANGES","http://secunia.com/advisories/29565","http://www.vupen.com/english/advisories/2008/1045/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41540"],"reported" => "2008-04-02","severity" => undef}],"main_module" => "Perlbal","versions" => [{"date" => "2005-07-26T20:21:09","version" => "1.3"},{"date" => "2005-08-17T06:04:13","version" => "1.35"},{"date" => "2005-08-19T17:27:29","version" => "1.36"},{"date" => "2005-10-19T16:57:48","version" => "1.38"},{"date" => "2006-02-06T19:25:44","version" => "1.41"},{"date" => "2006-08-04T04:56:17","version" => "1.42"},{"date" => "2006-08-09T18:09:23","version" => "1.43"},{"date" => "2006-08-10T21:49:57","version" => "1.44"},{"date" => "2006-08-10T23:04:14","version" => "1.45"},{"date" => "2006-08-10T23:55:32","version" => "1.46"},{"date" => "2006-08-15T23:17:40","version" => "1.47"},{"date" => "2006-09-08T20:42:55","version" => "1.50"},{"date" => "2006-10-04T18:55:28","version" => "1.51"},{"date" => "2006-11-13T18:01:56","version" => "1.52"},{"date" => "2006-12-05T09:32:56","version" => "1.53"},{"date" => "2007-02-05T20:00:01","version" => "1.54"},{"date" => "2007-03-21T07:32:33","version" => "1.55"},{"date" => "2007-04-16T21:02:13","version" => "1.56"},{"date" => "2007-04-26T20:37:24","version" => "1.57"},{"date" => "2007-05-11T18:20:57","version" => "1.58"},{"date" => "2007-05-22T17:31:31","version" => "1.59"},{"date" => "2007-10-24T04:09:35","version" => "1.60"},{"date" => "2008-03-09T04:28:27","version" => "1.70"},{"date" => "2008-09-14T00:41:35","version" => "1.71"},{"date" => "2008-09-22T01:40:20","version" => "1.72"},{"date" => "2009-10-05T20:51:59","version" => "1.73"},{"date" => "2010-03-20T07:59:03","version" => "1.74"},{"date" => "2010-04-02T22:32:03","version" => "1.75"},{"date" => "2010-06-18T01:52:54","version" => "1.76"},{"date" => "2011-01-16T05:20:16","version" => "1.77"},{"date" => "2011-01-23T05:33:07","version" => "1.78"},{"date" => "2011-06-15T23:59:19","version" => "1.79"},{"date" => "2012-02-27T07:02:28","version" => "1.80"}]},"Perldoc-Server" => {"advisories" => [{"affected_versions" => [">=0.09,<=0.10"],"cves" => ["CVE-2021-23432"],"description" => "This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()\n","distribution" => "Perldoc-Server","fixed_versions" => [],"id" => "CPANSA-Perldoc-Server-2021-23432-mootools","references" => ["https://snyk.io/vuln/SNYK-JS-MOOTOOLS-1325536"],"reported" => "2021-08-24","severity" => "critical"}],"main_module" => "Perldoc::Server","versions" => [{"date" => "2009-03-30T15:26:20","version" => "0.01"},{"date" => "2009-04-01T08:44:34","version" => "0.02"},{"date" => "2009-04-02T11:01:42","version" => "0.03"},{"date" => "2009-04-04T14:26:15","version" => "0.04"},{"date" => "2009-04-05T12:36:37","version" => "0.05"},{"date" => "2009-09-16T12:05:55","version" => "0.07"},{"date" => "2010-04-24T13:51:16","version" => "0.08"},{"date" => "2010-04-28T20:46:28","version" => "0.09"},{"date" => "2011-11-15T17:52:36","version" => "0.10"}]},"Pinto" => {"advisories" => [{"affected_versions" => ["<0.09995"],"cves" => [],"description" => "Pinto server allowed directory traveral.\n","distribution" => "Pinto","fixed_versions" => [">=0.09995"],"id" => "CPANSA-Pinto-2014-01","references" => ["https://metacpan.org/dist/Pinto/changes","https://github.com/thaljef/Pinto/commit/195d46eb4488a7dec6c39d6eb1c48dc872ab2b3b"],"reported" => "2014-08-19","reviewed_by" => [{"date" => "2022-06-28","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]}],"main_module" => "Pinto","versions" => [{"date" => "2011-07-26T21:17:47","version" => "0.001"},{"date" => "2011-07-27T00:22:00","version" => "0.002"},{"date" => "2011-08-04T06:00:27","version" => "0.003"},{"date" => "2011-08-04T07:24:59","version" => "0.004"},{"date" => "2011-08-04T07:46:03","version" => "0.005"},{"date" => "2011-08-04T07:54:24","version" => "0.006"},{"date" => "2011-08-04T15:07:03","version" => "0.007"},{"date" => "2011-08-09T21:49:02","version" => "0.008"},{"date" => "2011-08-13T00:51:56","version" => "0.009"},{"date" => "2011-08-14T20:32:00","version" => "0.010"},{"date" => "2011-08-15T04:14:45","version" => "0.011"},{"date" => "2011-08-17T16:12:20","version" => "0.012"},{"date" => "2011-08-17T23:14:14","version" => "0.014"},{"date" => "2011-08-18T08:57:36","version" => "0.015"},{"date" => "2011-08-18T09:03:09","version" => "0.016"},{"date" => "2011-08-24T07:53:18","version" => "0.017"},{"date" => "2011-08-24T08:48:57","version" => "0.018"},{"date" => "2011-08-24T11:16:38","version" => "0.019"},{"date" => "2011-08-29T03:46:11","version" => "0.020"},{"date" => "2011-08-30T08:20:49","version" => "0.021"},{"date" => "2011-08-31T08:35:52","version" => "0.022"},{"date" => "2011-08-31T21:22:32","version" => "0.023"},{"date" => "2011-09-01T22:29:05","version" => "0.024"},{"date" => "2011-12-02T11:21:54","version" => "0.025_001"},{"date" => "2011-12-02T12:42:45","version" => "0.025_002"},{"date" => "2011-12-03T12:16:42","version" => "0.025_003"},{"date" => "2011-12-07T15:26:36","version" => "0.025_004"},{"date" => "2011-12-07T20:09:02","version" => "0.026"},{"date" => "2011-12-08T23:27:07","version" => "0.027"},{"date" => "2011-12-12T09:32:39","version" => "0.028"},{"date" => "2011-12-15T08:31:43","version" => "0.029"},{"date" => "2012-01-27T06:05:38","version" => "0.030"},{"date" => "2012-02-28T13:23:36","version" => "0.031"},{"date" => "2012-03-01T18:43:41","version" => "0.032"},{"date" => "2012-03-15T14:00:07","version" => "0.033"},{"date" => "2012-04-05T02:08:20","version" => "0.035"},{"date" => "2012-04-09T07:18:50","version" => "0.036"},{"date" => "2012-04-11T03:02:41","version" => "0.037"},{"date" => "2012-04-17T01:21:11","version" => "0.038"},{"date" => "2012-05-01T20:52:05","version" => "0.040_001"},{"date" => "2012-05-04T23:28:00","version" => "0.040_002"},{"date" => "2012-05-05T04:42:35","version" => "0.040_003"},{"date" => "2012-05-15T18:18:01","version" => "0.041"},{"date" => "2012-05-18T04:59:37","version" => "0.042"},{"date" => "2012-06-19T17:58:05","version" => "0.043"},{"date" => "2012-07-15T08:45:52","version" => "0.044"},{"date" => "2012-07-24T06:18:49","version" => "0.045"},{"date" => "2012-08-13T22:50:28","version" => "0.046"},{"date" => "2012-08-14T00:27:03","version" => "0.047"},{"date" => "2012-08-15T16:28:03","version" => "0.048"},{"date" => "2012-08-15T21:30:01","version" => "0.050"},{"date" => "2012-08-16T01:31:42","version" => "0.051"},{"date" => "2012-09-18T23:20:20","version" => "0.052"},{"date" => "2012-09-20T04:03:53","version" => "0.053"},{"date" => "2012-09-20T05:07:44","version" => "0.054"},{"date" => "2012-09-20T20:40:05","version" => "0.055"},{"date" => "2012-09-27T20:45:51","version" => "0.056"},{"date" => "2012-10-07T21:25:33","version" => "0.057"},{"date" => "2012-10-12T06:19:44","version" => "0.058"},{"date" => "2012-10-20T08:01:03","version" => "0.059"},{"date" => "2012-10-23T21:41:47","version" => "0.060"},{"date" => "2012-10-31T00:23:58","version" => "0.061"},{"date" => "2012-11-08T18:57:09","version" => "0.062"},{"date" => "2012-11-12T20:03:29","version" => "0.063"},{"date" => "2012-11-12T21:58:57","version" => "0.064"},{"date" => "2012-11-14T18:00:34","version" => "0.065"},{"date" => "2013-03-15T23:28:13","version" => "0.065_01"},{"date" => "2013-03-16T06:44:49","version" => "0.065_02"},{"date" => "2013-03-19T22:58:08","version" => "0.065_03"},{"date" => "2013-03-20T23:12:44","version" => "0.065_04"},{"date" => "2013-03-20T23:28:07","version" => "0.065_05"},{"date" => "2013-03-23T07:33:37","version" => "0.065_06"},{"date" => "2013-03-26T23:29:22","version" => "0.066"},{"date" => "2013-03-30T07:51:45","version" => "0.067"},{"date" => "2013-04-05T05:47:08","version" => "0.068"},{"date" => "2013-04-21T16:55:30","version" => "0.079_01"},{"date" => "2013-04-23T07:53:34","version" => "0.079_04"},{"date" => "2013-04-26T17:50:55","version" => "0.080"},{"date" => "2013-04-26T21:00:35","version" => "0.081"},{"date" => "2013-04-29T17:02:33","version" => "0.082"},{"date" => "2013-05-13T21:45:43","version" => "0.083"},{"date" => "2013-05-15T00:34:13","version" => "0.084"},{"date" => "2013-06-16T08:05:08","version" => "0.084_01"},{"date" => "2013-06-17T04:08:49","version" => "0.084_02"},{"date" => "2013-06-17T20:09:55","version" => "0.085"},{"date" => "2013-06-18T10:08:10","version" => "0.086"},{"date" => "2013-06-20T01:50:39","version" => "0.087"},{"date" => "2013-07-09T08:19:39","version" => "0.087_01"},{"date" => "2013-07-21T08:38:23","version" => "0.087_03"},{"date" => "2013-07-27T03:21:44","version" => "0.087_04"},{"date" => "2013-07-30T07:00:31","version" => "0.087_05"},{"date" => "2013-08-15T18:00:31","version" => "0.088"},{"date" => "2013-08-19T20:34:32","version" => "0.089"},{"date" => "2013-08-23T22:02:45","version" => "0.090"},{"date" => "2013-10-25T19:22:19","version" => "0.091"},{"date" => "2013-11-20T19:18:40","version" => "0.092"},{"date" => "2013-12-22T00:41:08","version" => "0.093"},{"date" => "2013-12-22T09:07:09","version" => "0.094"},{"date" => "2013-12-23T07:49:14","version" => "0.095"},{"date" => "2014-01-07T18:57:51","version" => "0.096"},{"date" => "2014-01-08T07:10:26","version" => "0.097"},{"date" => "2014-01-17T20:57:05","version" => "0.097_01"},{"date" => "2014-01-23T08:46:47","version" => "0.097_02"},{"date" => "2014-01-23T22:17:10","version" => "0.097_03"},{"date" => "2014-01-25T23:24:17","version" => "0.097_04"},{"date" => "2014-01-28T01:01:18","version" => "0.098"},{"date" => "2014-01-28T10:07:29","version" => "0.098_01"},{"date" => "2014-01-28T20:44:00","version" => "0.099"},{"date" => "2014-02-01T01:30:41","version" => "0.0991"},{"date" => "2014-02-10T10:11:30","version" => "0.0992"},{"date" => "2014-02-23T22:14:22","version" => "0.0993"},{"date" => "2014-03-02T00:14:38","version" => "0.0994"},{"date" => "2014-03-05T09:16:04","version" => "0.0994_01"},{"date" => "2014-03-16T06:18:21","version" => "0.0994_02"},{"date" => "2014-03-16T07:56:27","version" => "0.0994_03"},{"date" => "2014-03-18T04:44:49","version" => "0.0994_04"},{"date" => "2014-03-19T04:24:14","version" => "0.0995"},{"date" => "2014-03-23T04:23:21","version" => "0.0996"},{"date" => "2014-03-24T04:02:32","version" => "0.0997"},{"date" => "2014-03-31T22:44:44","version" => "0.0998"},{"date" => "2014-04-04T06:05:12","version" => "0.0999"},{"date" => "2014-04-05T12:41:39","version" => "0.09991"},{"date" => "2014-04-23T22:27:50","version" => "0.09992"},{"date" => "2014-04-28T17:43:44","version" => "0.09992_01"},{"date" => "2014-04-29T21:34:32","version" => "0.09992_02"},{"date" => "2014-05-03T01:04:46","version" => "0.09993"},{"date" => "2014-08-20T01:44:36","version" => "0.09995"},{"date" => "2014-11-04T19:15:26","version" => "0.09996"},{"date" => "2015-03-24T08:26:01","version" => "0.09997"},{"date" => "2015-06-10T15:22:03","version" => "0.09998"},{"date" => "2015-06-14T05:30:55","version" => "0.09999"},{"date" => "2015-08-12T08:48:47","version" => "0.11"},{"date" => "2016-07-17T05:04:20","version" => "0.11_01"},{"date" => "2016-07-26T04:18:25","version" => "0.12"},{"date" => "2017-08-06T05:59:13","version" => "0.13"},{"date" => "2017-08-06T07:31:17","version" => "0.14"}]},"PlRPC" => {"advisories" => [{"affected_versions" => ["<=0.2020"],"cves" => ["CVE-2013-7284"],"description" => "The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "PlRPC","fixed_versions" => [],"id" => "CPANSA-PlRPC-2013-7284","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1051108","http://seclists.org/oss-sec/2014/q1/56","http://seclists.org/oss-sec/2014/q1/62","https://bugzilla.redhat.com/show_bug.cgi?id=1030572","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789","https://rt.cpan.org/Public/Bug/Display.html?id=90474"],"reported" => "2014-04-29","severity" => undef}],"main_module" => "Bundle::PlRPC","versions" => [{"date" => "1998-10-28T23:03:06","version" => "0.2001"},{"date" => "1999-01-15T09:26:43","version" => "0.2003"},{"date" => "1999-04-09T21:18:22","version" => "0.2010"},{"date" => "1999-06-21T09:10:10","version" => "0.2004"},{"date" => "1999-06-21T09:26:45","version" => "0.2011"},{"date" => "1999-06-26T16:21:38","version" => "0.2012"},{"date" => "2001-01-23T08:17:41","version" => "0.2013"},{"date" => "2001-01-23T15:57:05","version" => "0.2014"},{"date" => "2001-03-26T13:10:50","version" => "0.2015"},{"date" => "2001-10-01T02:45:21","version" => "0.2016"},{"date" => "2003-06-09T08:55:18","version" => "0.2017"},{"date" => "2004-07-27T07:47:32","version" => "0.2018"},{"date" => "2007-05-22T20:56:36","version" => "0.2018"},{"date" => "2007-06-17T20:00:21","version" => "0.2018"},{"date" => "2012-01-27T16:55:27","version" => "0.2021_01"}]},"Plack" => {"advisories" => [{"affected_versions" => ["<1.0034"],"cves" => [],"description" => "Fixed a possible directory traversal with Plack::App::File on Win32.\n","distribution" => "Plack","fixed_versions" => [">=1.0034"],"id" => "CPANSA-Plack-2015-0202","references" => [],"reported" => "2015-02-02"},{"affected_versions" => ["<1.0031"],"cves" => [],"description" => "Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files\n","distribution" => "Plack","fixed_versions" => [">=1.0031"],"id" => "CPANSA-Plack-2014-0801","references" => ["https://github.com/plack/Plack/pull/446"],"reported" => "2014-08-01"},{"affected_versions" => ["<1.0016"],"cves" => [],"description" => "Fixed directory traversal bug in Plack::App::File on win32 environments\n","distribution" => "Plack","fixed_versions" => [">=1.0016"],"id" => "CPANSA-Plack-2013-0131","references" => [],"reported" => "2013-01-31"}],"main_module" => "Plack","versions" => [{"date" => "2009-10-13T07:21:14","version" => "0.9000"},{"date" => "2009-10-13T07:59:20","version" => "0.9001"},{"date" => "2009-10-14T18:28:32","version" => "0.9002"},{"date" => "2009-10-19T02:19:08","version" => "0.9003"},{"date" => "2009-10-21T05:59:54","version" => "0.9004"},{"date" => "2009-10-22T03:55:53","version" => "0.9005"},{"date" => "2009-10-23T08:22:57","version" => "0.9006"},{"date" => "2009-10-25T00:49:12","version" => "0.9007"},{"date" => "2009-10-27T21:20:52","version" => "0.9008"},{"date" => "2009-11-08T04:51:25","version" => "0.9009"},{"date" => "2009-11-12T07:23:02","version" => "0.9010"},{"date" => "2009-11-12T11:57:16","version" => "0.9011"},{"date" => "2009-11-17T21:48:12","version" => "0.9012"},{"date" => "2009-11-19T02:29:16","version" => "0.9013"},{"date" => "2009-11-21T05:54:55","version" => "0.9014"},{"date" => "2009-11-26T08:39:53","version" => "0.9015"},{"date" => "2009-11-29T07:41:55","version" => "0.9016"},{"date" => "2009-11-29T08:40:10","version" => "0.9017"},{"date" => "2009-12-03T08:52:20","version" => "0.9018"},{"date" => "2009-12-06T06:01:48","version" => "0.9019"},{"date" => "2009-12-07T10:39:46","version" => "0.9020"},{"date" => "2009-12-08T22:32:02","version" => "0.9021"},{"date" => "2009-12-13T19:03:10","version" => "0.9022"},{"date" => "2009-12-17T21:22:18","version" => "0.9023"},{"date" => "2009-12-19T20:28:45","version" => "0.9024"},{"date" => "2009-12-26T01:16:08","version" => "0.9025"},{"date" => "2010-01-01T01:38:39","version" => "0.9026"},{"date" => "2010-01-04T00:36:24","version" => "0.9027"},{"date" => "2010-01-06T02:44:35","version" => "0.9028"},{"date" => "2010-01-08T03:13:27","version" => "0.9029"},{"date" => "2010-01-09T21:17:38","version" => "0.9030"},{"date" => "2010-01-11T19:34:54","version" => "0.9031"},{"date" => "2010-01-29T22:44:12","version" => "0.99_01"},{"date" => "2010-01-31T06:15:25","version" => "0.99_02"},{"date" => "2010-02-04T00:15:09","version" => "0.99_03"},{"date" => "2010-02-06T07:17:08","version" => "0.99_04"},{"date" => "2010-02-10T20:55:18","version" => "0.99_05"},{"date" => "2010-02-23T03:10:40","version" => "0.9910"},{"date" => "2010-02-23T09:58:27","version" => "0.9911"},{"date" => "2010-02-25T09:32:19","version" => "0.9912"},{"date" => "2010-02-26T03:16:42","version" => "0.9913"},{"date" => "2010-03-04T00:07:15","version" => "0.9914"},{"date" => "2010-03-08T09:35:55","version" => "0.9915"},{"date" => "2010-03-12T03:56:59","version" => "0.9916"},{"date" => "2010-03-17T22:41:16","version" => "0.9917"},{"date" => "2010-03-18T05:42:29","version" => "0.9918"},{"date" => "2010-03-18T05:56:03","version" => "0.9919"},{"date" => "2010-03-19T07:05:16","version" => "0.9920"},{"date" => "2010-03-25T22:10:09","version" => "0.99_21"},{"date" => "2010-03-26T02:51:33","version" => "0.99_22"},{"date" => "2010-03-27T08:06:00","version" => "0.99_23"},{"date" => "2010-03-27T20:36:26","version" => "0.99_24"},{"date" => "2010-03-28T02:06:23","version" => "0.9925"},{"date" => "2010-03-28T21:49:52","version" => "0.9926"},{"date" => "2010-03-29T19:51:35","version" => "0.9927"},{"date" => "2010-03-30T00:07:33","version" => "0.9928"},{"date" => "2010-03-31T07:37:38","version" => "0.9929"},{"date" => "2010-04-14T03:22:29","version" => "0.9930"},{"date" => "2010-04-17T06:54:58","version" => "0.9931"},{"date" => "2010-04-19T06:29:10","version" => "0.9932"},{"date" => "2010-04-27T21:35:45","version" => "0.9933"},{"date" => "2010-05-04T22:51:24","version" => "0.9934"},{"date" => "2010-05-05T22:21:08","version" => "0.9935"},{"date" => "2010-05-14T23:01:23","version" => "0.9936"},{"date" => "2010-05-15T06:14:20","version" => "0.9937"},{"date" => "2010-05-24T00:16:59","version" => "0.9938"},{"date" => "2010-07-03T01:04:03","version" => "0.9938"},{"date" => "2010-07-03T06:43:20","version" => "0.9940"},{"date" => "2010-07-09T01:22:49","version" => "0.9941"},{"date" => "2010-07-24T06:46:17","version" => "0.9942"},{"date" => "2010-07-30T20:26:59","version" => "0.9943"},{"date" => "2010-08-09T06:40:55","version" => "0.9944"},{"date" => "2010-08-19T23:32:19","version" => "0.9945"},{"date" => "2010-08-29T05:49:19","version" => "0.9946"},{"date" => "2010-09-09T09:27:05","version" => "0.9947"},{"date" => "2010-09-09T23:04:59","version" => "0.9948"},{"date" => "2010-09-14T19:01:11","version" => "0.9949"},{"date" => "2010-09-30T21:14:53","version" => "0.9950"},{"date" => "2010-10-25T21:19:36","version" => "0.9951"},{"date" => "2010-12-02T22:06:47","version" => "0.9952"},{"date" => "2010-12-03T22:52:23","version" => "0.9953"},{"date" => "2010-12-10T01:48:11","version" => "0.9954"},{"date" => "2010-12-10T02:03:59","version" => "0.9955"},{"date" => "2010-12-10T03:39:26","version" => "0.9956"},{"date" => "2010-12-16T19:33:28","version" => "0.9957"},{"date" => "2010-12-20T23:23:17","version" => "0.9958"},{"date" => "2010-12-21T19:58:23","version" => "0.9959"},{"date" => "2010-12-25T19:18:11","version" => "0.9960"},{"date" => "2011-01-08T05:54:56","version" => "0.9961"},{"date" => "2011-01-09T05:21:23","version" => "0.9962"},{"date" => "2011-01-11T00:51:33","version" => "0.9963"},{"date" => "2011-01-25T00:50:49","version" => "0.9964"},{"date" => "2011-01-25T07:13:52","version" => "0.9965"},{"date" => "2011-01-25T20:03:38","version" => "0.9966"},{"date" => "2011-01-25T22:27:44","version" => "0.9967"},{"date" => "2011-02-10T03:09:10","version" => "0.9968"},{"date" => "2011-02-19T05:56:47","version" => "0.9969"},{"date" => "2011-02-22T16:44:11","version" => "0.9970"},{"date" => "2011-02-23T22:07:39","version" => "0.9971"},{"date" => "2011-02-24T19:57:46","version" => "0.9972"},{"date" => "2011-02-26T17:48:50","version" => "0.9973"},{"date" => "2011-03-04T04:56:59","version" => "0.9974"},{"date" => "2011-03-24T18:38:08","version" => "0.99_75"},{"date" => "2011-04-09T01:29:10","version" => "0.9976"},{"date" => "2011-05-01T19:24:37","version" => "0.9977"},{"date" => "2011-05-04T18:31:01","version" => "0.9978"},{"date" => "2011-05-17T16:59:59","version" => "0.9979"},{"date" => "2011-06-07T03:29:28","version" => "0.9980"},{"date" => "2011-07-19T00:35:19","version" => "0.9981"},{"date" => "2011-07-19T20:14:06","version" => "0.9982"},{"date" => "2011-09-27T17:23:29","version" => "0.9983"},{"date" => "2011-10-03T16:57:23","version" => "0.9984"},{"date" => "2011-10-31T20:17:46","version" => "0.9985"},{"date" => "2012-03-12T18:29:44","version" => "0.9986"},{"date" => "2012-05-10T05:13:38","version" => "0.9987"},{"date" => "2012-05-11T10:27:33","version" => "0.9988"},{"date" => "2012-06-21T20:49:15","version" => "0.9989"},{"date" => "2012-07-18T18:17:16","version" => "0.9990"},{"date" => "2012-07-20T00:30:44","version" => "0.9991"},{"date" => "2012-07-20T02:12:14","version" => "1.0000"},{"date" => "2012-07-26T23:28:35","version" => "1.0001"},{"date" => "2012-08-14T00:09:45","version" => "1.0002"},{"date" => "2012-08-29T20:49:18","version" => "1.0003"},{"date" => "2012-09-20T02:21:25","version" => "1.0004"},{"date" => "2012-10-09T20:37:58","version" => "1.0005"},{"date" => "2012-10-18T23:10:01","version" => "1.0006"},{"date" => "2012-10-21T06:23:22","version" => "1.0007"},{"date" => "2012-10-23T01:54:12","version" => "1.0008"},{"date" => "2012-10-23T07:59:59","version" => "1.0009"},{"date" => "2012-11-02T20:33:36","version" => "1.0010"},{"date" => "2012-11-11T19:09:23","version" => "1.0011"},{"date" => "2012-11-14T20:02:29","version" => "1.0012"},{"date" => "2012-11-15T03:49:43","version" => "1.0013"},{"date" => "2012-12-03T18:30:20","version" => "1.0014"},{"date" => "2013-01-10T23:23:32","version" => "1.0015"},{"date" => "2013-01-31T21:28:36","version" => "1.0016"},{"date" => "2013-02-08T03:43:51","version" => "1.0017"},{"date" => "2013-03-08T18:47:51","version" => "1.0018"},{"date" => "2013-04-02T01:39:27","version" => "1.0019"},{"date" => "2013-04-02T02:39:03","version" => "1.0020"},{"date" => "2013-04-02T18:21:32","version" => "1.0021"},{"date" => "2013-04-02T19:38:30","version" => "1.0022"},{"date" => "2013-04-08T18:14:06","version" => "1.0023"},{"date" => "2013-05-01T17:07:27","version" => "1.0024"},{"date" => "2013-06-12T20:10:31","version" => "1.0025"},{"date" => "2013-06-13T06:01:17","version" => "1.0026"},{"date" => "2013-06-14T04:31:09","version" => "1.0027"},{"date" => "2013-06-15T08:44:43","version" => "1.0028"},{"date" => "2013-08-22T21:06:25","version" => "1.0029"},{"date" => "2013-11-23T07:55:52","version" => "1.0030"},{"date" => "2014-08-01T20:20:15","version" => "1.0031"},{"date" => "2014-10-04T18:14:01","version" => "1.0032"},{"date" => "2014-10-23T20:32:28","version" => "1.0033"},{"date" => "2015-02-02T20:44:19","version" => "1.0034"},{"date" => "2015-04-16T08:09:20","version" => "1.0035"},{"date" => "2015-06-03T19:03:39","version" => "1.0036"},{"date" => "2015-06-19T17:02:08","version" => "1.0037"},{"date" => "2015-11-25T20:37:51","version" => "1.0038"},{"date" => "2015-12-06T11:29:40","version" => "1.0039"},{"date" => "2016-04-01T16:58:21","version" => "1.0040"},{"date" => "2016-09-25T21:25:47","version" => "1.0041"},{"date" => "2016-09-29T05:38:42","version" => "1.0042"},{"date" => "2017-02-22T03:02:05","version" => "1.0043"},{"date" => "2017-04-27T17:48:20","version" => "1.0044"},{"date" => "2017-12-31T20:42:50","version" => "1.0045"},{"date" => "2018-02-10T07:52:31","version" => "1.0046"},{"date" => "2018-02-10T09:25:30","version" => "1.0047"},{"date" => "2020-11-30T00:21:36","version" => "1.0048"},{"date" => "2022-09-01T17:44:48","version" => "1.0049"},{"date" => "2022-09-05T15:48:11","version" => "1.0050"},{"date" => "2024-01-05T23:11:02","version" => "1.0051"},{"date" => "2024-09-30T20:39:33","version" => "1.0052"},{"date" => "2024-12-12T21:11:55","version" => "1.0053"}]},"Plack-Debugger" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Plack::Debugger","versions" => [{"date" => "2014-11-10T19:22:12","version" => "0.01"},{"date" => "2014-11-15T15:51:48","version" => "0.02"},{"date" => "2014-12-28T23:11:51","version" => "0.03"}]},"Plack-Middleware-Bootstrap" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Plack-Middleware-Bootstrap","fixed_versions" => [],"id" => "CPANSA-Plack-Middleware-Bootstrap-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "Plack::Middleware::Bootstrap","versions" => [{"date" => "2014-12-15T08:26:06","version" => "0.01"},{"date" => "2014-12-15T08:49:36","version" => "0.02"},{"date" => "2014-12-15T08:59:55","version" => "0.03"},{"date" => "2014-12-16T01:57:09","version" => "0.04"},{"date" => "2014-12-17T00:20:15","version" => "0.05"},{"date" => "2015-01-13T01:19:47","version" => "0.06"},{"date" => "2015-10-06T07:12:15","version" => "0.07"},{"date" => "2016-06-09T08:34:17","version" => "0.08"}]},"Plack-Middleware-Session" => {"advisories" => [{"affected_versions" => ["<=0.21"],"cves" => [],"description" => "Plack::Middleware::Session::Cookie 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server, when the middleware is enabled without a secret.\n","distribution" => "Plack-Middleware-Session","fixed_versions" => [">0.21"],"id" => "CPANSA-Plack-Middleware-Session-2014-01","references" => ["https://gist.github.com/miyagawa/2b8764af908a0dacd43d","https://metacpan.org/changes/distribution/Plack-Middleware-Session"],"reported" => "2014-08-11","severity" => "critical"},{"affected_versions" => ["<0.35"],"cves" => ["CVE-2025-40923"],"description" => "Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Plack-Middleware-Session","fixed_versions" => [">=0.35"],"id" => "CPANSA-Plack-Middleware-Session-2025-40923","references" => ["https://github.com/plack/Plack-Middleware-Session/commit/1fbfbb355e34e7f4b3906f66cf958cedadd2b9be.patch","https://github.com/plack/Plack-Middleware-Session/pull/52","https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.34/source/lib/Plack/Session/State.pm#L22","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Plack::Middleware::Session","versions" => [{"date" => "2009-12-15T18:59:13","version" => "0.01"},{"date" => "2009-12-19T19:27:38","version" => "0.02"},{"date" => "2010-01-07T22:12:43","version" => "0.03"},{"date" => "2010-01-30T21:46:53","version" => "0.09_01"},{"date" => "2010-01-31T07:17:07","version" => "0.09_02"},{"date" => "2010-02-03T04:46:20","version" => "0.09_03"},{"date" => "2010-02-23T03:16:31","version" => "0.10"},{"date" => "2010-02-27T10:47:17","version" => "0.11"},{"date" => "2010-07-07T22:55:18","version" => "0.12"},{"date" => "2010-12-22T17:00:14","version" => "0.13"},{"date" => "2011-03-29T20:50:06","version" => "0.14"},{"date" => "2012-09-04T21:16:35","version" => "0.15"},{"date" => "2013-02-10T19:43:11","version" => "0.16"},{"date" => "2013-02-11T23:45:49","version" => "0.17"},{"date" => "2013-02-12T10:57:14","version" => "0.17"},{"date" => "2013-06-24T23:09:39","version" => "0.20"},{"date" => "2013-10-12T18:42:26","version" => "0.21"},{"date" => "2014-08-11T17:18:03","version" => "0.22"},{"date" => "2014-08-11T17:23:40","version" => "0.23"},{"date" => "2014-09-05T11:48:57","version" => "0.24"},{"date" => "2014-09-29T03:07:54","version" => "0.25"},{"date" => "2015-02-03T08:17:55","version" => "0.26"},{"date" => "2015-02-14T00:52:35","version" => "0.27"},{"date" => "2015-02-16T16:30:31","version" => "0.28"},{"date" => "2015-02-17T23:57:32","version" => "0.29"},{"date" => "2015-03-02T18:25:56","version" => "0.30"},{"date" => "2019-02-26T19:01:59","version" => "0.31"},{"date" => "2019-02-26T21:36:43","version" => "0.32"},{"date" => "2019-03-09T23:19:27","version" => "0.33"},{"date" => "2024-09-23T16:54:44","version" => "0.34"},{"date" => "2025-07-07T22:51:18","version" => "0.35"},{"date" => "2025-07-23T19:02:02","version" => "0.36"}]},"Plack-Middleware-Session-Simple" => {"advisories" => [{"affected_versions" => ["<0.05"],"cves" => ["CVE-2025-40926"],"description" => "Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.  Plack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923.","distribution" => "Plack-Middleware-Session-Simple","fixed_versions" => [">=0.05"],"id" => "CPANSA-Plack-Middleware-Session-Simple-2025-40926","references" => ["https://github.com/kazeburo/Plack-Middleware-Session-Simple/commit/760bb358b8f53e52cf415888a4ac858fd99bb24e.patch","https://github.com/kazeburo/Plack-Middleware-Session-Simple/pull/4","https://metacpan.org/release/KAZEBURO/Plack-Middleware-Session-Simple-0.04/source/lib/Plack/Middleware/Session/Simple.pm#L43","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://www.cve.org/CVERecord?id=CVE-2025-40923"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Plack::Middleware::Session::Simple","versions" => [{"date" => "2013-10-25T05:18:35","version" => "0.01"},{"date" => "2013-10-27T14:44:57","version" => "0.02"},{"date" => "2014-10-20T14:22:04","version" => "0.03"},{"date" => "2018-03-03T04:50:44","version" => "0.04"},{"date" => "2026-03-08T14:44:02","version" => "0.05"}]},"Plack-Middleware-StaticShared" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "Vulnerability of directory traversal.\n","distribution" => "Plack-Middleware-StaticShared","fixed_versions" => [">=0.04"],"id" => "CPANSA-Plack-Middleware-StaticShared-2012-01","references" => ["https://metacpan.org/dist/Plack-Middleware-StaticShared/changes"],"reported" => "2012-04-26","severity" => undef}],"main_module" => "Plack::Middleware::StaticShared","versions" => [{"date" => "2010-12-03T11:42:11","version" => "0.01"},{"date" => "2011-08-03T00:32:41","version" => "0.02"},{"date" => "2011-08-10T14:36:03","version" => "0.03"},{"date" => "2012-04-26T03:37:11","version" => "0.04"},{"date" => "2013-01-24T10:40:54","version" => "0.05"},{"date" => "2016-06-09T03:53:36","version" => "0.06"}]},"Plack-Middleware-Statsd" => {"advisories" => [{"affected_versions" => ["<0.8.0"],"cves" => [],"description" => "Stats for request methods are only counted for ASCII words, anything else is counted as 'other'. Stats for content types are only counted for well-formed types.","distribution" => "Plack-Middleware-Statsd","fixed_versions" => [">=0.8.0"],"id" => "CPANSA-Plack-Middleware-Statsd-2025-001","references" => ["https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-m5mc-hhfv-6rjf","https://github.com/briandfoy/cpan-security-advisory/issues/198","https://metacpan.org/dist/Plack-Middleware-Statsd/changes"],"reported" => "2025-05-13","severity" => undef}],"main_module" => "Plack::Middleware::Statsd","versions" => [{"date" => "2018-01-31T18:15:11","version" => "v0.1.0"},{"date" => "2018-02-01T14:21:59","version" => "v0.1.1"},{"date" => "2018-02-01T17:21:50","version" => "v0.2.0"},{"date" => "2018-02-05T14:17:24","version" => "v0.2.1"},{"date" => "2018-02-06T11:11:05","version" => "v0.3.0"},{"date" => "2018-02-10T23:24:24","version" => "v0.3.1"},{"date" => "2018-02-10T23:37:02","version" => "v0.3.2"},{"date" => "2018-02-13T15:25:33","version" => "v0.3.3"},{"date" => "2018-03-01T15:40:24","version" => "v0.3.4"},{"date" => "2018-05-31T20:20:12","version" => "v0.3.5"},{"date" => "2018-10-16T21:39:35","version" => "v0.3.6"},{"date" => "2018-10-19T15:07:45","version" => "v0.3.7"},{"date" => "2018-11-30T01:31:20","version" => "v0.3.8"},{"date" => "2018-11-30T16:00:44","version" => "v0.3.9"},{"date" => "2019-12-18T23:46:32","version" => "v0.3.10"},{"date" => "2020-03-21T00:25:26","version" => "v0.4.0"},{"date" => "2020-03-21T17:16:50","version" => "v0.4.1"},{"date" => "2020-03-21T18:28:58","version" => "v0.4.2"},{"date" => "2020-03-23T09:00:09","version" => "v0.4.3"},{"date" => "2020-04-30T13:05:15","version" => "v0.4.4"},{"date" => "2020-05-11T17:29:43","version" => "v0.4.5"},{"date" => "2021-04-21T15:52:11","version" => "v0.4.6"},{"date" => "2021-04-27T15:48:15","version" => "v0.4.7"},{"date" => "2021-06-15T16:04:11","version" => "v0.5.0"},{"date" => "2021-07-03T13:09:16","version" => "v0.5.1"},{"date" => "2022-07-26T15:50:57","version" => "v0.6.0"},{"date" => "2022-09-02T15:06:07","version" => "v0.6.1"},{"date" => "2022-12-11T16:07:55","version" => "v0.6.2"},{"date" => "2023-06-15T18:46:16","version" => "v0.6.3"},{"date" => "2024-07-13T11:52:52","version" => "v0.7.0"},{"date" => "2024-07-20T11:53:49","version" => "v0.7.1"},{"date" => "2025-05-13T12:08:27","version" => "v0.8.0"},{"date" => "2025-08-07T12:10:59","version" => "v0.8.1"},{"date" => "2025-08-16T11:12:13","version" => "v0.8.2"}]},"Plack-Middleware-XSRFBlock" => {"advisories" => [{"affected_versions" => ["<0.0.19"],"cves" => ["CVE-2023-52431"],"description" => "When not using signed cookies, it was possible to bypass XSRFBlock by POSTing an empty form value and an empty cookie\n","distribution" => "Plack-Middleware-XSRFBlock","fixed_versions" => [">=0.0.19"],"id" => "CPANSA-Plack-Middleware-XSRFBlock-20230714-01","references" => ["https://metacpan.org/dist/Plack-Middleware-XSRFBlock/changes","https://metacpan.org/release/DAKKAR/Plack-Middleware-XSRFBlock-0.0.19/source/Changes","https://nvd.nist.gov/vuln/detail/CVE-2023-52431"],"reported" => "2023-07-14","severity" => undef}],"main_module" => "Plack::Middleware::XSRFBlock","versions" => [{"date" => "2013-06-20T11:01:27","version" => "0.0.0_01"},{"date" => "2013-06-21T14:07:31","version" => "0.0.0_02"},{"date" => "2013-06-21T14:48:20","version" => "0.0.0_03"},{"date" => "2013-06-21T15:04:00","version" => "0.0.0_04"},{"date" => "2013-06-23T23:30:14","version" => "0.0.0_05"},{"date" => "2013-10-21T15:36:45","version" => "0.0.1"},{"date" => "2014-03-28T11:34:07","version" => "0.0.2"},{"date" => "2014-06-24T15:02:09","version" => "0.0.3"},{"date" => "2014-07-09T12:44:23","version" => "0.0.4"},{"date" => "2014-07-22T15:29:19","version" => "0.0.5"},{"date" => "2014-08-05T20:48:41","version" => "0.0.6"},{"date" => "2014-08-28T16:51:49","version" => "0.0.7"},{"date" => "2014-09-18T08:03:26","version" => "0.0.8"},{"date" => "2014-10-13T10:16:45","version" => "0.0.9"},{"date" => "2015-07-18T22:04:22","version" => "0.0.10"},{"date" => "2015-09-07T16:45:50","version" => "0.0.11"},{"date" => "2017-07-13T10:36:46","version" => "0.0.12"},{"date" => "2018-07-23T11:02:29","version" => "0.0.13"},{"date" => "2018-07-23T16:19:18","version" => "0.0.14"},{"date" => "2018-07-24T12:45:15","version" => "0.0.15"},{"date" => "2018-07-25T13:24:47","version" => "0.0.16"},{"date" => "2022-10-17T09:58:14","version" => "0.0.17"},{"date" => "2023-07-13T09:16:48","version" => "0.0.18"},{"date" => "2023-07-14T09:17:25","version" => "0.0.19"}]},"Pod-Perldoc" => {"advisories" => [{"affected_versions" => ["<3.26"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Pod-Perldoc","fixed_versions" => [">=3.26"],"id" => "CPANSA-Pod-Perldoc-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Pod::Perldoc","versions" => [{"date" => "2002-11-11T10:33:54","version" => "3.04"},{"date" => "2002-11-12T05:04:50","version" => "3.05"},{"date" => "2002-11-22T10:04:59","version" => "3.06"},{"date" => "2002-12-02T05:24:12","version" => "3.07"},{"date" => "2003-01-19T03:50:24","version" => "3.08"},{"date" => "2003-07-24T14:38:18","version" => "3.09"},{"date" => "2003-09-11T07:02:58","version" => "3.10"},{"date" => "2003-10-12T23:01:05","version" => "3.11"},{"date" => "2003-10-22T01:02:23","version" => "3.12"},{"date" => "2004-04-10T02:26:31","version" => "3.13"},{"date" => "2004-11-30T22:34:04","version" => "3.14"},{"date" => "2007-08-23T12:55:53","version" => "3.14_01"},{"date" => "2007-08-23T18:18:55","version" => "3.14_02"},{"date" => "2007-09-04T13:39:37","version" => "3.14_03"},{"date" => "2008-04-16T14:37:04","version" => "3.14_04"},{"date" => "2008-04-22T18:26:25","version" => "3.14_05"},{"date" => "2008-05-03T00:43:47","version" => "3.14_06"},{"date" => "2008-05-08T14:33:08","version" => "3.14_07"},{"date" => "2008-11-01T15:01:44","version" => "3.15"},{"date" => "2009-09-30T17:29:52","version" => "3.15_01"},{"date" => "2011-11-13T23:32:29","version" => "3.15_08"},{"date" => "2011-11-14T19:38:57","version" => "3.15_09"},{"date" => "2011-11-20T01:58:40","version" => "3.15_10"},{"date" => "2011-11-29T19:10:49","version" => "3.15_11"},{"date" => "2011-12-09T13:03:26","version" => "3.15_12"},{"date" => "2011-12-14T10:17:10","version" => "3.15_13"},{"date" => "2011-12-18T16:08:00","version" => "3.15_14"},{"date" => "2012-01-06T16:47:58","version" => "3.15_15"},{"date" => "2012-03-17T05:02:18","version" => "3.16"},{"date" => "2012-03-18T03:01:03","version" => "3.17"},{"date" => "2013-01-28T04:11:09","version" => "3.18"},{"date" => "2013-01-28T04:33:05","version" => "3.19"},{"date" => "2013-01-29T02:56:49","version" => "3.19_01"},{"date" => "2013-04-27T05:51:04","version" => "3.20"},{"date" => "2013-11-19T17:18:23","version" => "3.21_01"},{"date" => "2014-01-06T02:28:01","version" => "3.21"},{"date" => "2014-01-31T05:43:36","version" => "3.22_01"},{"date" => "2014-02-05T05:17:44","version" => "3.22_02"},{"date" => "2014-02-23T19:09:39","version" => "3.23"},{"date" => "2014-08-16T16:52:05","version" => "3.23_01"},{"date" => "2014-08-19T03:49:18","version" => "3.24"},{"date" => "2014-09-10T03:32:34","version" => "3.24_01"},{"date" => "2015-01-21T03:18:32","version" => "3.24_02"},{"date" => "2015-02-12T03:13:45","version" => "3.25"},{"date" => "2016-01-12T14:43:09","version" => "3.25_02"},{"date" => "2016-07-28T04:44:07","version" => "3.26"},{"date" => "2016-07-30T16:09:06","version" => "3.26_01"},{"date" => "2016-08-02T16:35:03","version" => "3.26_02"},{"date" => "2016-08-03T20:48:54","version" => "3.27"},{"date" => "2016-10-16T02:46:57","version" => "3.27_01"},{"date" => "2017-03-01T22:00:04","version" => "3.27_02"},{"date" => "2017-03-16T01:14:07","version" => "3.28"},{"date" => "2023-12-06T07:21:16","version" => "3.28_01"},{"date" => "2025-02-16T02:15:19","version" => "3.29"},{"date" => "2010-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011005","version" => "3.15_02"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "3.15_03"},{"date" => "2011-06-16T00:00:00","dual_lived" => 1,"perl_release" => "5.014001","version" => "3.15_04"},{"date" => "2011-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015","version" => "3.15_05"},{"date" => "2011-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015001","version" => "3.15_06"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "3.15_07"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "3.25_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "3.25_03"},{"date" => "2017-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027005","version" => "3.2801"}]},"Prima-codecs-win32" => {"advisories" => [{"affected_versions" => [">=1.00,<=1.01"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "Prima-codecs-win32","fixed_versions" => [],"id" => "CPANSA-Prima-codecs-win32-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"}],"main_module" => "Prima::codecs::win32","versions" => [{"date" => "2008-04-19T17:18:34","version" => "1.00"},{"date" => "2008-04-28T19:10:04","version" => "1.01"}]},"Prima-codecs-win64" => {"advisories" => [{"affected_versions" => [">=1.01,<=1.02"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "Prima-codecs-win64","fixed_versions" => [],"id" => "CPANSA-Prima-codecs-win64-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"}],"main_module" => "Prima::codecs::win64","versions" => [{"date" => "2011-03-26T20:49:34","version" => "1.01"},{"date" => "2012-02-07T19:35:40","version" => "1.02"}]},"Proc-Daemon" => {"advisories" => [{"affected_versions" => ["<0.14"],"cves" => ["CVE-2013-7135"],"description" => "The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.\n","distribution" => "Proc-Daemon","fixed_versions" => [],"id" => "CPANSA-Proc-Daemon-2013-7135","references" => ["http://www.openwall.com/lists/oss-security/2014/01/07/7","http://www.openwall.com/lists/oss-security/2013/12/16/5","http://www.openwall.com/lists/oss-security/2013/12/18/2","https://rt.cpan.org/Public/Bug/Display.html?id=91450","http://www.mandriva.com/security/advisories?name=MDVSA-2014:021"],"reported" => "2014-01-28","severity" => undef}],"main_module" => "Proc::Daemon","versions" => [{"date" => "1998-01-27T18:42:37","version" => "0.01"},{"date" => "1999-04-17T19:55:07","version" => "0.02"},{"date" => "2003-06-19T22:58:30","version" => "0.03"},{"date" => "2010-10-23T23:11:32","version" => "0.04"},{"date" => "2010-10-28T20:25:50","version" => "0.05"},{"date" => "2011-01-17T22:14:07","version" => "0.06"},{"date" => "2011-02-17T19:34:32","version" => "0.07"},{"date" => "2011-03-13T17:38:15","version" => "0.08"},{"date" => "2011-03-15T07:05:00","version" => "0.09"},{"date" => "2011-04-01T19:26:32","version" => "0.10"},{"date" => "2011-05-23T14:48:37","version" => "0.11"},{"date" => "2011-05-24T17:12:19","version" => "0.12"},{"date" => "2011-06-01T11:39:51","version" => "0.13"},{"date" => "2011-06-03T09:06:45","version" => "0.14"},{"date" => "2015-01-22T00:22:38","version" => "0.15"},{"date" => "2015-01-23T00:10:30","version" => "0.16"},{"date" => "2015-01-23T23:23:49","version" => "0.17"},{"date" => "2015-01-27T01:03:25","version" => "0.18"},{"date" => "2015-03-22T09:37:55","version" => "0.19"},{"date" => "2015-06-24T04:34:03","version" => "0.20"},{"date" => "2015-08-07T01:52:52","version" => "0.21"},{"date" => "2015-10-29T00:30:34","version" => "0.22"},{"date" => "2016-01-01T18:51:05","version" => "0.23"}]},"Proc-ProcessTable" => {"advisories" => [{"affected_versions" => [">=0.45,<0.47"],"cves" => ["CVE-2011-4363"],"description" => "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.\n","distribution" => "Proc-ProcessTable","fixed_versions" => [">=0.47"],"id" => "CPANSA-Proc-ProcessTable-2011-4363","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500","http://www.osvdb.org/77428","http://www.openwall.com/lists/oss-security/2011/11/30/2","http://www.securityfocus.com/bid/50868","https://rt.cpan.org/Public/Bug/Display.html?id=72862","http://www.openwall.com/lists/oss-security/2011/11/30/3","http://secunia.com/advisories/47015","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"],"reported" => "2012-10-07","severity" => undef}],"main_module" => "Proc::ProcessTable","versions" => [{"date" => "1998-07-23T12:59:39","version" => "0.01"},{"date" => "1998-07-24T12:50:40","version" => "0.02"},{"date" => "1998-07-26T13:18:26","version" => "0.03"},{"date" => "1998-08-15T21:22:20","version" => "0.04"},{"date" => "1998-12-09T23:53:30","version" => "0.05"},{"date" => "1998-12-10T04:51:19","version" => "0.06"},{"date" => "1999-02-05T03:21:51","version" => "0.08"},{"date" => "1999-02-20T04:27:53","version" => "0.09"},{"date" => "1999-02-20T16:36:14","version" => "0.10"},{"date" => "1999-03-07T00:16:52","version" => "0.11"},{"date" => "1999-03-21T16:07:46","version" => "0.12"},{"date" => "1999-05-14T02:10:41","version" => "0.13"},{"date" => "1999-05-16T01:22:45","version" => "0.14"},{"date" => "1999-06-02T02:39:22","version" => "0.15"},{"date" => "1999-08-10T03:45:58","version" => "0.16"},{"date" => "1999-08-19T15:45:19","version" => "0.17"},{"date" => "1999-08-19T17:44:22","version" => "0.18"},{"date" => "1999-09-09T02:45:48","version" => "0.20"},{"date" => "1999-09-10T16:51:02","version" => "0.21"},{"date" => "1999-10-05T12:34:33","version" => "0.22"},{"date" => "1999-11-01T13:55:15","version" => "0.23"},{"date" => "2000-01-20T20:57:35","version" => "0.24"},{"date" => "2000-02-03T16:28:46","version" => "0.25"},{"date" => "2000-02-11T21:56:23","version" => "0.26"},{"date" => "2000-06-29T12:38:46","version" => "0.27"},{"date" => "2000-08-14T09:25:19","version" => "0.28"},{"date" => "2001-01-09T12:47:49","version" => "0.29"},{"date" => "2001-03-08T02:57:16","version" => "0.30"},{"date" => "2001-06-01T12:39:15","version" => "0.31"},{"date" => "2001-08-20T02:41:52","version" => "0.32"},{"date" => "2001-10-16T13:32:04","version" => "0.33"},{"date" => "2002-02-25T03:17:15","version" => "0.34"},{"date" => "2002-07-03T04:31:57","version" => "0.35"},{"date" => "2002-11-08T02:31:59","version" => "0.36"},{"date" => "2002-11-08T14:59:11","version" => "0.37"},{"date" => "2002-12-07T03:33:51","version" => "0.38"},{"date" => "2003-10-03T17:45:51","version" => "0.39"},{"date" => "2005-07-11T01:33:32","version" => "0.40"},{"date" => "2006-07-01T04:27:59","version" => "0.41"},{"date" => "2008-01-26T05:34:53","version" => "0.42"},{"date" => "2008-07-18T04:05:51","version" => "0.43"},{"date" => "2008-07-25T14:29:08","version" => "0.44"},{"date" => "2008-09-08T15:39:40","version" => "0.45"},{"date" => "2012-10-19T13:58:48","version" => "0.46"},{"date" => "2013-02-16T16:06:35","version" => "0.47"},{"date" => "2013-05-26T22:20:21","version" => "0.48"},{"date" => "2013-12-05T23:31:39","version" => "0.49"},{"date" => "2013-12-15T15:47:54","version" => "0.50"},{"date" => "2014-05-17T21:03:43","version" => "0.50_01"},{"date" => "2014-10-17T22:56:58","version" => "0.51"},{"date" => "2015-08-23T10:12:37","version" => "0.52"},{"date" => "2015-08-24T19:36:41","version" => "0.53"},{"date" => "2018-02-01T21:02:36","version" => "0.54"},{"date" => "2018-02-01T21:57:51","version" => "0.55"},{"date" => "2019-02-07T22:38:02","version" => "0.56"},{"date" => "2019-06-14T21:16:11","version" => "0.56_01"},{"date" => "2019-06-15T11:28:52","version" => "0.56_02"},{"date" => "2019-06-15T18:56:51","version" => "0.57"},{"date" => "2019-06-15T19:20:02","version" => "0.58"},{"date" => "2019-06-20T19:35:05","version" => "0.59"},{"date" => "2021-08-14T16:19:38","version" => "0.60"},{"date" => "2021-08-17T22:50:12","version" => "0.61"},{"date" => "2021-08-18T06:57:20","version" => "0.611"},{"date" => "2021-09-08T10:39:21","version" => "0.612"},{"date" => "2021-09-13T14:03:14","version" => "0.62"},{"date" => "2021-09-26T21:58:24","version" => "0.631"},{"date" => "2021-09-26T22:35:32","version" => "0.632"},{"date" => "2021-09-26T23:01:20","version" => "0.633"},{"date" => "2021-09-26T23:04:23","version" => "0.634"},{"date" => "2023-05-08T06:51:59","version" => "0.635"},{"date" => "2023-06-21T06:25:43","version" => "0.636"},{"date" => "2025-07-28T20:23:29","version" => "0.637"}]},"RPC-XML" => {"advisories" => [{"affected_versions" => ["<0.45"],"cves" => [],"description" => "A a potential security hole in the parsing of external entities.\n","distribution" => "RPC-XML","fixed_versions" => [">=0.45"],"id" => "CPANSA-RPC-XML-2002-01","references" => ["https://metacpan.org/dist/RPC-XML/changes"],"reported" => "2002-10-29"}],"main_module" => "RPC::XML","versions" => [{"date" => "2001-06-13T06:30:46","version" => "0.25"},{"date" => "2001-06-27T06:18:37","version" => "0.26"},{"date" => "2001-07-08T23:38:52","version" => "0.27"},{"date" => "2001-10-08T05:10:22","version" => "0.28"},{"date" => "2001-12-03T07:08:58","version" => "0.29"},{"date" => "2002-01-03T09:49:30","version" => "0.30"},{"date" => "2002-01-28T00:48:45","version" => "0.35"},{"date" => "2002-01-29T20:03:48","version" => "0.36"},{"date" => "2002-03-23T06:39:00","version" => "0.37"},{"date" => "2002-05-04T07:56:19","version" => "0.40"},{"date" => "2002-05-22T10:04:14","version" => "0.41"},{"date" => "2002-08-01T08:41:21","version" => "0.42"},{"date" => "2002-08-19T05:56:10","version" => "0.43"},{"date" => "2002-08-31T06:58:58","version" => "0.44"},{"date" => "2002-10-30T05:15:04","version" => "0.45"},{"date" => "2002-12-30T07:51:25","version" => "0.46"},{"date" => "2003-01-27T11:37:20","version" => "0.50"},{"date" => "2003-01-30T09:36:24","version" => "0.51"},{"date" => "2003-02-10T09:48:58","version" => "0.52"},{"date" => "2003-02-25T09:25:51","version" => "0.53"},{"date" => "2004-04-14T12:55:46","version" => "0.54"},{"date" => "2004-11-30T09:27:12","version" => "0.55"},{"date" => "2004-12-09T09:29:34","version" => "0.56"},{"date" => "2004-12-24T11:07:31","version" => "0.57"},{"date" => "2005-05-12T10:47:19","version" => "0.58"},{"date" => "2006-06-30T07:56:12","version" => "0.59"},{"date" => "2008-04-09T17:59:42","version" => "0.60"},{"date" => "2008-09-15T10:19:12","version" => "0.61"},{"date" => "2008-09-19T09:16:21","version" => "0.62"},{"date" => "2008-09-19T09:28:08","version" => "0.63"},{"date" => "2008-09-29T11:24:26","version" => "0.64"},{"date" => "2009-06-17T13:19:54","version" => "0.65"},{"date" => "2009-07-09T14:42:56","version" => "0.66"},{"date" => "2009-07-10T08:34:44","version" => "0.67"},{"date" => "2009-09-03T17:37:20","version" => "0.69"},{"date" => "2009-12-07T06:33:13","version" => "0.70"},{"date" => "2009-12-08T04:11:10","version" => "0.71"},{"date" => "2009-12-14T05:48:11","version" => "0.72"},{"date" => "2010-03-17T05:55:29","version" => "0.73"},{"date" => "2011-01-23T21:08:04","version" => "0.74"},{"date" => "2011-08-14T00:40:40","version" => "0.75"},{"date" => "2011-08-21T19:48:16","version" => "0.76"},{"date" => "2012-09-03T18:58:22","version" => "0.77"},{"date" => "2014-02-07T04:15:00","version" => "0.78"},{"date" => "2015-05-01T16:02:19","version" => "0.79"},{"date" => "2016-05-08T20:17:31","version" => "0.80"},{"date" => "2021-01-06T02:49:51","version" => "0.81"},{"date" => "2021-01-06T18:05:35","version" => "0.82"}]},"RT-Authen-ExternalAuth" => {"advisories" => [{"affected_versions" => ["<0.27"],"cves" => ["CVE-2017-5361"],"description" => "Timing sidechannel vulnerability in password checking.\n","distribution" => "RT-Authen-ExternalAuth","fixed_versions" => [">=0.27"],"id" => "CPANSA-RT-Authen-ExternalAuth-2017-01","references" => ["https://metacpan.org/changes/distribution/RT-Authen-ExternalAuth"],"reported" => "2017-06-15"}],"main_module" => "RT::Authen::ExternalAuth","versions" => [{"date" => "2008-03-13T16:16:36","version" => "0.01"},{"date" => "2008-03-17T13:34:40","version" => "0.02"},{"date" => "2008-03-31T14:55:18","version" => "0.03"},{"date" => "2008-04-03T14:20:36","version" => "0.04"},{"date" => "2008-04-09T08:57:51","version" => "0.05"},{"date" => "2008-10-17T13:22:11","version" => "0.06_01"},{"date" => "2008-10-17T16:41:34","version" => "0.06_02"},{"date" => "2008-10-31T12:08:54","version" => "0.06_02"},{"date" => "2008-11-01T18:23:27","version" => "0.06_02"},{"date" => "2008-11-06T21:16:42","version" => "0.06_02"},{"date" => "2008-12-22T22:08:06","version" => "0.07_02"},{"date" => "2009-01-20T21:09:48","version" => "0.07_02"},{"date" => "2009-01-24T13:52:42","version" => "0.07_02"},{"date" => "2011-02-19T00:43:35","version" => "0.08_01"},{"date" => "2011-04-15T19:46:43","version" => "0.08_02"},{"date" => "2011-05-06T21:08:52","version" => "0.09"},{"date" => "2012-01-23T17:51:41","version" => "0.09_01"},{"date" => "2012-01-26T18:48:51","version" => "0.09_02"},{"date" => "2012-01-27T23:07:12","version" => "0.09_03"},{"date" => "2012-02-17T16:34:10","version" => "0.10"},{"date" => "2012-02-23T16:31:54","version" => "0.10_01"},{"date" => "2012-07-25T08:57:21","version" => "0.11"},{"date" => "2012-07-25T18:36:36","version" => "0.11"},{"date" => "2012-10-26T19:59:54","version" => "0.12"},{"date" => "2013-01-31T19:22:43","version" => "0.13"},{"date" => "2013-05-22T21:28:15","version" => "0.14"},{"date" => "2013-05-23T00:20:43","version" => "0.15"},{"date" => "2013-06-27T19:24:37","version" => "0.16"},{"date" => "2013-07-10T19:43:08","version" => "0.17"},{"date" => "2014-03-07T22:19:49","version" => "0.18"},{"date" => "2014-04-04T17:21:04","version" => "0.19"},{"date" => "2014-04-09T19:34:29","version" => "0.20"},{"date" => "2014-07-02T02:20:30","version" => "0.21"},{"date" => "2014-08-14T04:04:28","version" => "0.22_01"},{"date" => "2014-08-14T17:28:53","version" => "0.23"},{"date" => "2014-09-30T22:04:16","version" => "0.23_01"},{"date" => "2014-10-09T16:24:49","version" => "0.24"},{"date" => "2014-10-16T20:59:29","version" => "0.25"},{"date" => "2016-08-02T16:14:34","version" => "0.26"},{"date" => "2017-06-15T18:44:24","version" => "0.27"}]},"RT-Extension-MobileUI" => {"advisories" => [{"affected_versions" => ["<1.02"],"cves" => ["CVE-2012-2769"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page.\n","distribution" => "RT-Extension-MobileUI","fixed_versions" => [">=1.02"],"id" => "CPANSA-RT-Extension-MobileUI-2012-01","references" => ["https://metacpan.org/changes/distribution/RT-Extension-MobileUI"],"reported" => "2012-05-18"}],"main_module" => "RT::Extension::MobileUI","versions" => [{"date" => "2010-08-05T20:58:09","version" => "0.9"},{"date" => "2010-08-06T15:38:53","version" => "0.91"},{"date" => "2010-08-06T15:58:11","version" => "0.92"},{"date" => "2010-08-06T17:55:08","version" => "0.93"},{"date" => "2010-08-09T13:36:43","version" => "0.94"},{"date" => "2010-08-09T13:44:33","version" => "0.95"},{"date" => "2010-08-26T21:28:07","version" => "0.96"},{"date" => "2010-09-06T18:11:56","version" => "0.96"},{"date" => "2010-10-28T15:50:29","version" => "0.98"},{"date" => "2010-10-29T14:08:08","version" => "0.99"},{"date" => "2010-11-19T18:11:43","version" => "1.00"},{"date" => "2010-12-08T16:36:01","version" => "1.01"},{"date" => "2012-07-25T08:57:33","version" => "1.02"},{"date" => "2012-07-25T18:36:52","version" => "1.02"},{"date" => "2012-08-27T16:42:55","version" => "1.03"},{"date" => "2013-06-12T19:09:14","version" => "1.04"},{"date" => "2013-08-13T18:06:54","version" => "1.05"},{"date" => "2014-04-23T20:25:25","version" => "1.06"},{"date" => "2014-04-23T20:26:56","version" => "1.07"}]},"RTMP-Client" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "TBD\n","distribution" => "RTMP-Client","fixed_versions" => [">=0.04"],"id" => "CPANSA-RTMP-Client-2011-01","references" => ["https://metacpan.org/changes/distribution/RTMP-Client"],"reported" => "2011-12-01"}],"main_module" => "RTMP::Client","versions" => [{"date" => "2011-07-26T08:17:20","version" => "0.01"},{"date" => "2011-07-27T02:09:05","version" => "0.02"},{"date" => "2011-07-27T02:17:06","version" => "0.03"},{"date" => "2011-12-01T08:59:19","version" => "0.04"}]},"Redis-Fast" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.14"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => [">=0.15,<=0.16"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => [">=0.17,<=0.26"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => [">=0.27,<=0.31"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"}],"main_module" => "Redis::Fast","versions" => [{"date" => "2013-10-10T16:48:55","version" => "0.01"},{"date" => "2013-10-13T13:31:18","version" => "0.02"},{"date" => "2013-10-16T12:17:21","version" => "0.03"},{"date" => "2013-12-10T02:59:49","version" => "0.04"},{"date" => "2013-12-20T02:25:52","version" => "0.05"},{"date" => "2014-02-01T02:03:01","version" => "0.06"},{"date" => "2014-05-17T07:23:45","version" => "0.07"},{"date" => "2014-05-31T03:52:00","version" => "0.08"},{"date" => "2014-07-08T15:52:19","version" => "0.09"},{"date" => "2014-07-16T01:00:34","version" => "0.10"},{"date" => "2014-07-16T02:35:51","version" => "0.11"},{"date" => "2014-09-08T16:22:31","version" => "0.12"},{"date" => "2014-10-16T11:25:20","version" => "0.13"},{"date" => "2014-12-07T13:36:56","version" => "0.14"},{"date" => "2015-03-10T14:15:01","version" => "0.15"},{"date" => "2015-03-12T02:37:40","version" => "0.16"},{"date" => "2016-01-23T06:47:00","version" => "0.17"},{"date" => "2016-01-26T13:13:22","version" => "0.18"},{"date" => "2016-12-20T11:37:58","version" => "0.19"},{"date" => "2017-02-25T22:54:41","version" => "0.20"},{"date" => "2018-01-28T01:08:06","version" => "0.21"},{"date" => "2018-08-12T06:30:24","version" => "0.22"},{"date" => "2019-05-29T11:24:31","version" => "0.23"},{"date" => "2019-08-19T22:59:06","version" => "0.24"},{"date" => "2019-08-20T02:35:05","version" => "0.25"},{"date" => "2020-05-02T04:21:12","version" => "0.26"},{"date" => "2020-08-08T22:48:49","version" => "0.27"},{"date" => "2020-11-01T23:10:16","version" => "0.28"},{"date" => "2021-01-17T10:40:10","version" => "0.29"},{"date" => "2021-05-07T13:10:39","version" => "0.30"},{"date" => "2021-07-04T06:57:25","version" => "0.31"},{"date" => "2021-10-16T07:19:44","version" => "0.32"},{"date" => "2021-10-30T11:33:21","version" => "0.33"},{"date" => "2022-06-07T22:23:52","version" => "0.34"},{"date" => "2022-11-19T06:52:56","version" => "0.35"},{"date" => "2023-07-05T20:28:55","version" => "0.36"},{"date" => "2024-03-08T16:30:57","version" => "0.37"}]},"Redis-hiredis" => {"advisories" => [{"affected_versions" => ["==0.9.2,>=0.9.2.1,<0.9.2.8"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => ["==0.10.1"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => ["==0.10.2"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => ["==0.11.0"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"}],"main_module" => "Redis::hiredis","versions" => [{"date" => "2010-08-29T15:04:34","version" => "v0.0.1"},{"date" => "2010-08-31T21:10:48","version" => "v0.0.2"},{"date" => "2010-11-03T03:16:19","version" => "v0.0.3"},{"date" => "2010-12-23T22:44:49","version" => "0.9.2"},{"date" => "2010-12-24T15:19:10","version" => "0.9.2.1"},{"date" => "2011-01-03T14:51:09","version" => "0.9.2.2"},{"date" => "2011-01-09T01:19:16","version" => "0.9.2.3"},{"date" => "2011-02-19T17:57:38","version" => "0.9.2.4"},{"date" => "2011-02-20T02:07:52","version" => "0.9.2.5"},{"date" => "2011-03-01T01:47:19","version" => "0.9.2.6"},{"date" => "2012-04-07T15:01:24","version" => "0.10.1"},{"date" => "2012-06-28T14:54:48","version" => "0.10.2"},{"date" => "2013-04-02T14:14:24","version" => "v0.11.0"}]},"Redland" => {"advisories" => [{"affected_versions" => ["==0.9.13,==0.9.13.2"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==0.9.14.1"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==1.0.5.2,==1.0.5.3"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==1.0.13.1"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef}],"main_module" => "RDF::Redland::World","versions" => [{"date" => "2003-09-04T14:24:10","version" => "v0.9.13"},{"date" => "2003-09-07T19:13:18","version" => "v0.9.13.2"},{"date" => "2003-09-08T18:13:06","version" => "v0.9.14.1"},{"date" => "2006-11-28T06:09:59","version" => "v1.0.5.2"},{"date" => "2006-11-29T06:05:03","version" => "v1.0.5.3"},{"date" => "2006-11-30T19:01:24","version" => "v1.0.5.4"},{"date" => "2011-03-29T11:33:50","version" => "v1.0.13.1"}]},"Resource-Pack-jQuery" => {"advisories" => [{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Resource::Pack::jQuery","versions" => [{"date" => "2010-04-19T20:02:13","version" => "0.01"}]},"SOAP-Lite" => {"advisories" => [{"affected_versions" => ["<1.15"],"cves" => ["CVE-2015-8978"],"description" => "An example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.\n","distribution" => "SOAP-Lite","fixed_versions" => [">=1.15"],"id" => "CPANSA-SOAP-Lite-2015-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite","https://www.securityfocus.com/bid/94487","https://github.com/redhotpenguin/perl-soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124"],"reported" => "2015-07-21"},{"affected_versions" => ["<0.55"],"cves" => ["CVE-2002-1742"],"description" => "Allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger.\n","distribution" => "SOAP-Lite","fixed_versions" => [">=0.55"],"id" => "CPANSA-SOAP-Lite-2002-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite"],"reported" => "2002-04-08","severity" => "high"},{"affected_versions" => ["<0.38"],"cves" => [],"description" => "Security problem on server side (no more details).\n","distribution" => "SOAP-Lite","fixed_versions" => [">=0.38"],"id" => "CPANSA-SOAP-Lite-2000-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite"],"reported" => "2000-10-05"}],"main_module" => "SOAP::Lite","versions" => [{"date" => "2000-09-25T01:49:14","version" => "0.36"},{"date" => "2000-10-06T01:58:32","version" => "0.38"},{"date" => "2000-10-09T04:27:51","version" => "0.39"},{"date" => "2000-10-16T05:12:09","version" => "0.40"},{"date" => "2000-10-31T15:10:52","version" => "0.41"},{"date" => "2000-11-15T15:00:57","version" => "0.42"},{"date" => "2000-11-28T20:43:40","version" => "0.43"},{"date" => "2000-12-13T07:37:47","version" => "0.44"},{"date" => "2001-01-17T17:28:31","version" => "0.45"},{"date" => "2001-02-01T02:23:51","version" => "0.46"},{"date" => "2001-02-22T07:28:20","version" => "0.47"},{"date" => "2001-04-18T19:09:15","version" => "0.50"},{"date" => "2001-07-18T22:39:30","version" => "0.51"},{"date" => "2001-11-21T19:35:24","version" => "0.52"},{"date" => "2002-04-16T05:20:54","version" => "0.55"},{"date" => "2003-10-28T19:27:00","version" => "0.60"},{"date" => "2004-02-26T16:36:26","version" => "0.60"},{"date" => "2005-02-22T01:57:43","version" => "0.65_3"},{"date" => "2005-04-03T09:20:17","version" => "0.65_4"},{"date" => "2005-05-06T17:24:23","version" => "0.65_5"},{"date" => "2005-06-03T19:23:20","version" => "0.65_6"},{"date" => "2005-12-25T08:42:50","version" => "0.66"},{"date" => "2006-01-04T23:14:27","version" => "0.66.1"},{"date" => "2006-01-27T21:43:49","version" => "0.67"},{"date" => "2006-07-06T18:18:56","version" => "0.68"},{"date" => "2006-08-16T14:53:50","version" => "0.69"},{"date" => "2007-10-18T20:54:02","version" => "0.70_01"},{"date" => "2007-11-08T21:30:41","version" => "0.70_02"},{"date" => "2007-11-18T19:00:11","version" => "0.70_03"},{"date" => "2008-01-02T17:06:17","version" => "0.70_04"},{"date" => "2008-02-13T12:28:07","version" => "0.70_05"},{"date" => "2008-02-16T10:37:04","version" => "0.70_06"},{"date" => "2008-02-25T21:44:41","version" => "0.70_07"},{"date" => "2008-02-25T21:50:22","version" => "0.70_08"},{"date" => "2008-02-28T21:58:13","version" => "0.71"},{"date" => "2008-03-29T14:13:41","version" => "0.71.01"},{"date" => "2008-04-14T17:25:25","version" => "0.71.02"},{"date" => "2008-04-17T20:40:23","version" => "v0.71.03"},{"date" => "2008-04-22T06:03:55","version" => "0.71.04"},{"date" => "2008-05-05T21:50:36","version" => "0.710.05"},{"date" => "2008-06-05T18:47:08","version" => "0.710.06"},{"date" => "2008-06-13T20:27:05","version" => "0.710.07"},{"date" => "2008-07-13T20:41:11","version" => "0.710.08"},{"date" => "2009-09-29T21:20:02","version" => "0.710.09"},{"date" => "2009-09-30T18:40:30","version" => "0.710.10"},{"date" => "2010-03-18T20:24:42","version" => "0.711"},{"date" => "2010-06-03T15:41:39","version" => "0.712"},{"date" => "2011-08-16T17:53:28","version" => "0.713"},{"date" => "2011-08-18T19:51:02","version" => "0.714"},{"date" => "2012-07-15T09:37:20","version" => "0.715"},{"date" => "2013-05-11T06:44:04","version" => "0.716"},{"date" => "2013-07-17T06:17:00","version" => "1.0"},{"date" => "2013-07-29T08:26:07","version" => "1.01"},{"date" => "2013-07-30T02:20:34","version" => "1.02"},{"date" => "2013-08-04T17:49:18","version" => "1.03"},{"date" => "2013-08-10T03:46:49","version" => "1.04"},{"date" => "2013-08-19T05:31:17","version" => "1.05"},{"date" => "2013-08-22T04:20:29","version" => "1.06"},{"date" => "2013-11-08T03:09:10","version" => "1.07"},{"date" => "2013-11-08T17:41:10","version" => "1.08"},{"date" => "2014-01-14T21:41:07","version" => "1.09"},{"date" => "2014-01-23T18:53:42","version" => "1.10"},{"date" => "2014-02-22T05:18:14","version" => "1.11"},{"date" => "2014-11-27T07:08:11","version" => "1.12"},{"date" => "2014-12-30T15:58:06","version" => "1.13"},{"date" => "2015-03-25T05:04:34","version" => "1.14"},{"date" => "2015-07-21T18:12:21","version" => "1.15"},{"date" => "2015-07-23T07:34:59","version" => "1.16"},{"date" => "2015-07-31T05:59:50","version" => "1.17"},{"date" => "2015-08-26T04:31:24","version" => "1.18"},{"date" => "2015-08-26T15:38:01","version" => "1.19"},{"date" => "2016-06-09T21:34:36","version" => "1.20"},{"date" => "2017-08-16T05:18:24","version" => "1.22"},{"date" => "2017-12-19T02:30:48","version" => "1.23"},{"date" => "2017-12-19T18:36:52","version" => "1.24"},{"date" => "2017-12-29T18:39:43","version" => "1.25"},{"date" => "2017-12-30T22:19:12","version" => "1.26"},{"date" => "2018-05-14T20:36:08","version" => "1.27"}]},"SVG-Sparkline" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "Invalid data input validation makes it possible to pass arbitrary strings to module loading eval.\n","distribution" => "SVG-Sparkline","fixed_versions" => [">=1.12"],"id" => "CPANSA-SVG-Sparkline-2017-01","references" => ["https://metacpan.org/changes/distribution/SVG-Sparkline","https://github.com/gwadej/svg-sparkline/commit/ca83d6eb56aa86f3ca735866ffa9aa97acc2e708"],"reported" => "2017-05-15"}],"main_module" => "SVG::Sparkline","versions" => [{"date" => "2009-04-02T02:42:59","version" => "0.1.0"},{"date" => "2009-04-03T01:30:19","version" => "0.1.1"},{"date" => "2009-04-05T21:43:08","version" => "0.2.0"},{"date" => "2009-04-18T04:46:33","version" => "0.2.5"},{"date" => "2009-04-21T00:31:44","version" => "0.2.6"},{"date" => "2009-04-27T03:42:24","version" => "0.2.7"},{"date" => "2009-05-06T23:20:05","version" => "0.3"},{"date" => "2009-05-07T22:11:10","version" => "0.31"},{"date" => "2009-10-19T04:12:52","version" => "0.32"},{"date" => "2009-10-21T00:27:30","version" => "0.33"},{"date" => "2010-05-01T04:50:06","version" => "0.34"},{"date" => "2010-10-30T22:01:18","version" => "0.35"},{"date" => "2012-09-04T00:09:32","version" => "0.36"},{"date" => "2013-10-24T14:01:00","version" => 1},{"date" => "2014-09-04T02:01:54","version" => "1.1"},{"date" => "2015-03-03T19:38:44","version" => "1.11"},{"date" => "2017-05-15T01:32:51","version" => "1.12"}]},"SVN-Look" => {"advisories" => [{"affected_versions" => ["<0.40"],"cves" => [],"description" => "Two-arg open with a possibility of running arbitrary commands.\n","distribution" => "SVN-Look","fixed_versions" => [">=0.40"],"id" => "CPANSA-SVN-Look-2014-01","references" => ["https://metacpan.org/changes/distribution/SVN-Look","https://github.com/gnustavo/SVN-Look/commit/b413ac1c397dfc6b2d164fede693f7ff9a94c83c","https://bugs.launchpad.net/ubuntu/+source/libsvn-look-perl/+bug/1323300"],"reported" => "2014-05-31"}],"main_module" => "SVN::Look","versions" => [{"date" => "2008-09-26T03:22:44","version" => "0.08.360"},{"date" => "2008-09-27T22:10:54","version" => "0.09.366"},{"date" => "2008-09-28T03:07:02","version" => "0.10.369"},{"date" => "2008-10-05T03:16:35","version" => "0.11.388"},{"date" => "2008-10-10T02:25:16","version" => "0.12.409"},{"date" => "2008-10-24T00:51:56","version" => "0.12.442"},{"date" => "2008-11-03T10:43:38","version" => "0.12.455"},{"date" => "2008-11-06T03:11:52","version" => "0.13.463"},{"date" => "2009-02-28T02:50:53","version" => "0.14.5"},{"date" => "2009-03-01T12:17:06","version" => "0.14.7"},{"date" => "2009-03-06T01:52:43","version" => "0.14.9"},{"date" => "2009-03-08T02:25:41","version" => "0.14.10"},{"date" => "2009-03-20T01:24:06","version" => "0.14.12"},{"date" => "2009-10-25T01:23:51","version" => "0.15"},{"date" => "2010-02-16T20:16:51","version" => "0.16"},{"date" => "2010-02-24T23:20:51","version" => "0.17"},{"date" => "2010-04-28T11:38:27","version" => "0.18"},{"date" => "2010-12-12T10:35:04","version" => "0.19"},{"date" => "2010-12-12T19:59:46","version" => "0.20"},{"date" => "2011-07-20T20:11:31","version" => "0.21"},{"date" => "2011-07-22T22:31:55","version" => "0.22"},{"date" => "2011-07-27T20:22:58","version" => "0.23"},{"date" => "2011-07-30T21:52:08","version" => "0.24"},{"date" => "2011-08-21T23:31:44","version" => "0.25"},{"date" => "2011-08-27T20:12:39","version" => "0.26"},{"date" => "2011-09-18T02:42:31","version" => "0.27"},{"date" => "2011-10-10T23:18:59","version" => "0.28"},{"date" => "2011-10-13T01:06:12","version" => "0.29"},{"date" => "2011-11-02T21:00:23","version" => "0.30"},{"date" => "2012-02-26T00:04:15","version" => "0.31"},{"date" => "2012-02-26T21:55:01","version" => "0.32"},{"date" => "2012-02-27T23:49:07","version" => "0.33"},{"date" => "2012-03-05T14:37:05","version" => "0.34"},{"date" => "2012-04-22T00:14:50","version" => "0.35"},{"date" => "2012-06-18T17:07:07","version" => "0.36"},{"date" => "2012-06-18T17:34:58","version" => "0.37"},{"date" => "2012-06-19T17:00:40","version" => "0.38"},{"date" => "2013-10-20T23:32:26","version" => "0.39"},{"date" => "2014-06-12T18:05:32","version" => "0.40"},{"date" => "2014-06-14T02:51:53","version" => "0.41"},{"date" => "2020-10-09T01:36:59","version" => "0.42"},{"date" => "2022-05-21T14:32:05","version" => "0.43"}]},"Safe" => {"advisories" => [{"affected_versions" => ["<=2.26"],"cves" => ["CVE-2010-1447"],"description" => "The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.\n","distribution" => "Safe","fixed_versions" => [">=2.27"],"id" => "CPANSA-Safe-2010-1447","references" => ["https://bugs.launchpad.net/bugs/cve/2010-1447","http://www.vupen.com/english/advisories/2010/1167","http://secunia.com/advisories/39845","http://www.postgresql.org/about/news.1203","http://security-tracker.debian.org/tracker/CVE-2010-1447","https://bugzilla.redhat.com/show_bug.cgi?id=588269","http://www.securitytracker.com/id?1023988","http://osvdb.org/64756","http://www.securityfocus.com/bid/40305","http://secunia.com/advisories/40052","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://www.openwall.com/lists/oss-security/2010/05/20/5","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://www.redhat.com/support/errata/RHSA-2010-0457.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:115","http://secunia.com/advisories/40049","http://www.debian.org/security/2011/dsa-2267","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530"],"reported" => "2010-05-19","severity" => undef},{"affected_versions" => ["<2.25"],"cves" => ["CVE-2010-1168"],"description" => "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\"\n","distribution" => "Safe","fixed_versions" => [],"id" => "CPANSA-Safe-2010-1168","references" => ["http://www.openwall.com/lists/oss-security/2010/05/20/5","http://www.redhat.com/support/errata/RHSA-2010-0457.html","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://secunia.com/advisories/40049","http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes","http://www.mandriva.com/security/advisories?name=MDVSA-2010:115","http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","https://bugzilla.redhat.com/show_bug.cgi?id=576508","http://secunia.com/advisories/40052","http://securitytracker.com/id?1024062","http://secunia.com/advisories/42402","http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in","http://www.vupen.com/english/advisories/2010/3075","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"],"reported" => "2010-06-21","severity" => undef},{"affected_versions" => ["<=2.07"],"cves" => ["CVE-2002-1323"],"description" => "Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined \@_ variable, which is not reset between successive calls.\n","distribution" => "Safe","fixed_versions" => [">=2.08"],"id" => "CPANSA-Safe-2002-1323","references" => ["http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5","http://www.securityfocus.com/bid/6111","http://www.debian.org/security/2002/dsa-208","http://www.iss.net/security_center/static/10574.php","http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744","http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html","http://www.redhat.com/support/errata/RHSA-2003-256.html","http://www.redhat.com/support/errata/RHSA-2003-257.html","ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A","ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt","ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt","http://www.osvdb.org/2183","http://www.osvdb.org/3814","http://marc.info/?l=bugtraq&m=104040175522502&w=2","http://marc.info/?l=bugtraq&m=104033126305252&w=2","http://marc.info/?l=bugtraq&m=104005919814869&w=2","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1160"],"reported" => "2002-12-11","severity" => undef}],"main_module" => "Safe","versions" => [{"date" => "1995-08-24T12:36:38","version" => 0},{"date" => "1995-09-01T21:17:14","version" => 0},{"date" => "1996-02-10T20:04:44","version" => "2.01"},{"date" => "2002-10-05T18:38:39","version" => "2.08"},{"date" => "2002-10-06T12:17:23","version" => "2.09"},{"date" => "2004-07-02T13:08:36","version" => "2.11"},{"date" => "2008-01-28T17:33:00","version" => "2.13"},{"date" => "2008-01-30T16:30:34","version" => "2.14"},{"date" => "2008-02-06T12:34:21","version" => "2.15"},{"date" => "2008-03-13T10:54:21","version" => "2.16"},{"date" => "2009-06-28T14:20:14","version" => "2.17"},{"date" => "2009-08-25T07:44:28","version" => "2.19"},{"date" => "2009-11-30T23:33:41","version" => "2.20"},{"date" => "2010-01-14T21:51:28","version" => "2.21"},{"date" => "2010-02-11T21:59:56","version" => "2.22"},{"date" => "2010-02-22T22:45:10","version" => "2.23"},{"date" => "2010-03-06T21:42:25","version" => "2.24"},{"date" => "2010-03-07T21:51:36","version" => "2.25"},{"date" => "2010-03-09T10:56:56","version" => "2.26"},{"date" => "2010-04-29T20:37:15","version" => "2.27"},{"date" => "2010-09-13T13:50:58","version" => "2.28"},{"date" => "2010-10-31T13:20:32","version" => "2.29"},{"date" => "2011-12-07T08:22:34","version" => "2.30"},{"date" => "2012-03-31T15:27:57","version" => "2.32"},{"date" => "2012-04-03T10:12:30","version" => "2.33"},{"date" => "2013-02-21T07:31:30","version" => "2.35"},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "1.00"},{"date" => "1996-10-10T00:00:00","dual_lived" => 1,"perl_release" => "5.00307","version" => "2.06"},{"date" => "2003-11-15T00:00:00","dual_lived" => 1,"perl_release" => "5.006002","version" => "2.10"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.07"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "2.12"},{"date" => "2009-08-22T00:00:00","dual_lived" => 1,"perl_release" => "5.010001","version" => "2.18"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "2.31"},{"date" => "2012-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.016000","version" => "2.31_01"},{"date" => "2012-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017001","version" => "2.33_01"},{"date" => "2013-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017008","version" => "2.34"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.36"},{"date" => "2013-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.019002","version" => "2.37"},{"date" => "2014-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021003","version" => "2.38"},{"date" => "2015-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021008","version" => "2.39"},{"date" => "2017-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025012","version" => "2.40"},{"date" => "2019-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031005","version" => "2.41"},{"date" => "2021-01-23T00:00:00","dual_lived" => 1,"perl_release" => "5.032001","version" => "2.41_01"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "2.42"},{"date" => "2020-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033002","version" => "2.43"},{"date" => "2022-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037004","version" => "2.44"},{"date" => "2023-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039002","version" => "2.45"},{"date" => "2024-02-23T00:00:00","dual_lived" => 1,"perl_release" => "5.039008","version" => "2.46"},{"date" => "2024-08-29T00:00:00","dual_lived" => 1,"perl_release" => "5.041003","version" => "2.47"}]},"Search-OpenSearch-Server" => {"advisories" => [{"affected_versions" => ["<0.17"],"cves" => [],"description" => "Arbitrary Perl methods could be called via HTTP like RPC.\n","distribution" => "Search-OpenSearch-Server","fixed_versions" => [">=0.17"],"id" => "CPANSA-Search-OpenSearch-Server-2012-01","references" => ["https://metacpan.org/changes/distribution/Search-OpenSearch-Server","https://github.com/karpet/search-opensearch-server/commit/69d53fde9d70fe12e1f592de482601c43c45a278"],"reported" => "2012-08-31"}],"main_module" => "Search::OpenSearch::Server","versions" => [{"date" => "2010-05-28T03:07:46","version" => "0.01"},{"date" => "2010-05-29T01:11:09","version" => "0.02"},{"date" => "2010-06-23T01:22:53","version" => "0.03"},{"date" => "2010-06-26T21:08:31","version" => "0.04"},{"date" => "2011-01-08T04:05:22","version" => "0.05"},{"date" => "2011-09-26T18:12:08","version" => "0.06"},{"date" => "2011-09-26T18:16:12","version" => "0.07"},{"date" => "2011-09-30T03:15:51","version" => "0.08"},{"date" => "2011-10-23T01:42:30","version" => "0.09"},{"date" => "2012-05-01T02:22:52","version" => "0.10"},{"date" => "2012-07-15T03:32:57","version" => "0.11"},{"date" => "2012-07-27T02:42:45","version" => "0.12"},{"date" => "2012-08-07T01:48:25","version" => "0.13"},{"date" => "2012-08-10T03:10:13","version" => "0.14"},{"date" => "2012-08-21T02:34:37","version" => "0.15"},{"date" => "2012-08-21T17:47:00","version" => "0.16"},{"date" => "2012-09-04T01:54:00","version" => "0.17"},{"date" => "2012-09-12T03:42:03","version" => "0.18"},{"date" => "2012-09-13T14:06:58","version" => "0.19"},{"date" => "2012-09-20T02:21:37","version" => "0.20"},{"date" => "2012-10-15T04:32:38","version" => "0.21"},{"date" => "2012-11-08T03:20:16","version" => "0.22"},{"date" => "2012-11-21T19:01:22","version" => "0.23"},{"date" => "2012-11-26T19:37:12","version" => "0.24"},{"date" => "2012-12-18T19:11:36","version" => "0.25"},{"date" => "2013-01-04T19:08:19","version" => "0.26"},{"date" => "2013-06-14T02:28:09","version" => "0.27"},{"date" => "2014-03-02T22:22:17","version" => "0.28"},{"date" => "2014-04-23T18:20:52","version" => "0.299_01"},{"date" => "2014-04-24T02:56:24","version" => "0.299_02"},{"date" => "2014-06-05T07:29:19","version" => "0.299_03"},{"date" => "2014-06-08T04:57:40","version" => "0.300"},{"date" => "2015-08-14T20:04:12","version" => "0.301"}]},"Sereal-Decoder" => {"advisories" => [{"affected_versions" => [">=4.009_002,<5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2019-11922"],"description" => "A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2019-11922-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2019-11922","https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html","https://usn.ubuntu.com/4108-1/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00078.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2019-07-25","severity" => undef},{"affected_versions" => [">=4.009_002,<4.012"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.012,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002_001"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.012"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.012,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002_001"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"}],"main_module" => "Sereal::Decoder","versions" => [{"date" => "2012-09-10T09:44:39","version" => "0.06"},{"date" => "2012-09-11T11:16:49","version" => "0.07"},{"date" => "2012-09-13T15:19:16","version" => "0.08"},{"date" => "2012-09-14T08:13:35","version" => "0.09"},{"date" => "2012-09-17T11:45:59","version" => "0.10"},{"date" => "2012-09-18T11:24:00","version" => "0.11"},{"date" => "2012-10-02T12:58:59","version" => "0.13"},{"date" => "2012-10-17T15:20:23","version" => "0.15"},{"date" => "2012-11-23T06:50:18","version" => "0.19"},{"date" => "2013-01-02T09:01:45","version" => "0.21"},{"date" => "2013-01-08T06:40:29","version" => "0.23"},{"date" => "2013-01-10T07:54:57","version" => "0.24"},{"date" => "2013-01-22T17:04:30","version" => "0.25"},{"date" => "2013-02-09T12:09:15","version" => "0.27"},{"date" => "2013-02-09T15:37:44","version" => "0.28"},{"date" => "2013-02-09T17:24:46","version" => "0.29"},{"date" => "2013-02-13T05:46:48","version" => "0.30"},{"date" => "2013-02-17T14:28:38","version" => "0.31"},{"date" => "2013-03-23T14:41:14","version" => "0.32"},{"date" => "2013-03-23T16:48:31","version" => "0.33"},{"date" => "2013-03-23T18:00:17","version" => "0.34"},{"date" => "2013-04-01T09:59:34","version" => "0.35"},{"date" => "2013-05-07T11:13:38","version" => "0.36"},{"date" => "2013-09-02T05:49:42","version" => "0.37"},{"date" => "2013-10-01T05:50:10","version" => "2.00_01"},{"date" => "2013-10-28T18:31:59","version" => "2.00_02"},{"date" => "2013-12-29T09:43:11","version" => "2.00_03"},{"date" => "2013-12-31T08:30:39","version" => "2.01"},{"date" => "2014-01-06T14:02:01","version" => "2.02"},{"date" => "2014-01-07T19:08:14","version" => "2.03"},{"date" => "2014-03-05T17:32:45","version" => "2.04"},{"date" => "2014-03-09T10:48:14","version" => "2.06"},{"date" => "2014-03-26T17:11:19","version" => "2.07_01"},{"date" => "2014-04-06T15:50:32","version" => "2.070_101"},{"date" => "2014-04-06T16:56:29","version" => "2.070_102"},{"date" => "2014-04-08T22:36:48","version" => "2.070_103"},{"date" => "2014-04-10T20:44:01","version" => "2.08"},{"date" => "2014-04-13T19:24:30","version" => "2.09"},{"date" => "2014-04-13T19:33:58","version" => "2.10"},{"date" => "2014-04-13T21:13:15","version" => "2.11"},{"date" => "2014-05-11T21:48:57","version" => "2.12"},{"date" => "2014-05-29T10:52:41","version" => "3.000_001"},{"date" => "2014-06-01T21:49:26","version" => "3.000_002"},{"date" => "2014-06-01T22:17:01","version" => "3.000_003"},{"date" => "2014-06-03T20:11:57","version" => "3.000_004"},{"date" => "2014-06-04T20:54:19","version" => "3.001"},{"date" => "2014-06-12T19:19:47","version" => "3.001_001"},{"date" => "2014-06-27T14:55:30","version" => "3.001_002"},{"date" => "2014-07-15T11:53:29","version" => "3.001_003"},{"date" => "2014-07-27T17:59:04","version" => "3.001_004"},{"date" => "2014-07-28T10:29:01","version" => "3.001_005"},{"date" => "2014-08-03T20:41:48","version" => "3.001_006"},{"date" => "2014-08-04T19:15:53","version" => "3.001_007"},{"date" => "2014-08-05T16:35:50","version" => "3.001_008"},{"date" => "2014-08-05T20:00:37","version" => "3.001_009"},{"date" => "2014-08-12T18:10:42","version" => "3.001_010"},{"date" => "2014-08-12T18:36:29","version" => "3.001_011"},{"date" => "2014-08-15T12:08:35","version" => "3.001_012"},{"date" => "2014-08-20T09:23:57","version" => "3.002"},{"date" => "2014-09-26T11:40:22","version" => "3.002_001"},{"date" => "2014-10-18T12:06:18","version" => "3.002_002"},{"date" => "2014-10-19T22:06:20","version" => "3.003"},{"date" => "2014-11-23T15:58:21","version" => "3.003_001"},{"date" => "2014-12-21T17:53:23","version" => "3.003_002"},{"date" => "2014-12-26T04:50:12","version" => "3.003_003"},{"date" => "2014-12-26T15:06:03","version" => "3.003_004"},{"date" => "2014-12-27T15:20:21","version" => "3.004"},{"date" => "2015-01-05T14:37:58","version" => "3.005"},{"date" => "2015-01-27T21:39:30","version" => "3.005_001"},{"date" => "2015-11-09T09:32:04","version" => "3.005_002"},{"date" => "2015-11-12T13:57:53","version" => "3.005_003"},{"date" => "2015-11-13T14:55:50","version" => "3.005_004"},{"date" => "2015-11-13T19:57:24","version" => "3.005_005"},{"date" => "2015-11-14T10:41:41","version" => "3.006"},{"date" => "2015-11-16T10:11:19","version" => "3.006_001"},{"date" => "2015-11-16T11:39:40","version" => "3.006_002"},{"date" => "2015-11-18T16:25:19","version" => "3.006_003"},{"date" => "2015-11-18T18:49:44","version" => "3.006_004"},{"date" => "2015-11-20T08:33:23","version" => "3.006_005"},{"date" => "2015-11-21T15:42:08","version" => "3.006_006"},{"date" => "2015-11-25T13:37:19","version" => "3.006_007"},{"date" => "2015-11-26T21:00:53","version" => "3.007"},{"date" => "2015-11-27T20:48:32","version" => "3.008"},{"date" => "2015-11-30T11:07:39","version" => "3.009"},{"date" => "2015-12-06T22:53:40","version" => "3.011"},{"date" => "2015-12-06T23:48:32","version" => "3.012"},{"date" => "2015-12-07T00:07:29","version" => "3.014"},{"date" => "2016-08-30T09:45:18","version" => "3.014_002"},{"date" => "2016-09-01T18:23:21","version" => "3.015"},{"date" => "2017-02-06T10:52:56","version" => "4.001_001"},{"date" => "2017-04-22T11:08:36","version" => "4.001_002"},{"date" => "2017-04-23T09:56:11","version" => "4.001_003"},{"date" => "2017-11-11T09:33:51","version" => "4.002"},{"date" => "2017-11-12T16:10:52","version" => "4.003"},{"date" => "2017-11-12T19:09:55","version" => "4.004"},{"date" => "2018-01-23T20:57:49","version" => "4.005"},{"date" => "2019-04-08T20:03:23","version" => "4.006"},{"date" => "2019-04-09T17:26:43","version" => "4.007"},{"date" => "2020-01-29T17:33:56","version" => "4.007_001"},{"date" => "2020-01-30T06:22:37","version" => "4.008"},{"date" => "2020-01-31T15:51:57","version" => "4.009"},{"date" => "2020-02-02T03:23:18","version" => "4.009_001"},{"date" => "2020-02-02T09:19:30","version" => "4.009_002"},{"date" => "2020-02-02T17:40:26","version" => "4.009_003"},{"date" => "2020-02-04T02:57:02","version" => "4.010"},{"date" => "2020-02-04T05:06:24","version" => "4.011"},{"date" => "2020-06-10T21:07:04","version" => "4.012"},{"date" => "2020-06-11T16:51:45","version" => "4.014"},{"date" => "2020-07-08T07:09:15","version" => "4.015"},{"date" => "2020-07-09T14:12:25","version" => "4.016"},{"date" => "2020-07-09T18:30:34","version" => "4.017"},{"date" => "2020-07-29T09:01:02","version" => "4.017_001"},{"date" => "2020-08-03T10:39:28","version" => "4.018"},{"date" => "2022-02-07T11:58:57","version" => "4.019"},{"date" => "2022-02-17T11:27:44","version" => "4.020"},{"date" => "2022-02-18T04:47:33","version" => "4.021"},{"date" => "2022-02-19T11:23:46","version" => "4.022"},{"date" => "2022-02-20T04:16:56","version" => "4.023"},{"date" => "2022-07-28T11:26:37","version" => "4.024"},{"date" => "2022-07-28T12:22:47","version" => "4.025"},{"date" => "2022-09-01T13:13:13","version" => "5.000_001"},{"date" => "2022-09-02T18:56:25","version" => "5.000_002"},{"date" => "2022-09-03T13:56:39","version" => "5.001"},{"date" => "2023-01-31T14:34:21","version" => "5.001_001"},{"date" => "2023-02-01T08:09:30","version" => "5.001_002"},{"date" => "2023-02-01T10:53:49","version" => "5.001_003"},{"date" => "2023-02-01T11:38:26","version" => "5.002"},{"date" => "2023-02-06T16:44:17","version" => "5.002_001"},{"date" => "2023-02-07T10:26:08","version" => "5.002_002"},{"date" => "2023-02-08T02:39:42","version" => "5.003"},{"date" => "2023-04-19T13:20:25","version" => "5.004"}]},"Sereal-Encoder" => {"advisories" => [{"affected_versions" => [">=4.009_002,<5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2019-11922"],"description" => "A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2019-11922-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2019-11922","https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html","https://usn.ubuntu.com/4108-1/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00078.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2019-07-25","severity" => undef},{"affected_versions" => [">=4.009_002,<4.014"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.014,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.014"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.014,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"}],"main_module" => "Sereal::Encoder","versions" => [{"date" => "2012-09-10T09:43:11","version" => "0.06"},{"date" => "2012-09-11T11:17:07","version" => "0.07"},{"date" => "2012-09-13T15:19:40","version" => "0.08"},{"date" => "2012-09-14T08:13:49","version" => "0.09"},{"date" => "2012-09-17T11:44:12","version" => "0.10"},{"date" => "2012-09-18T11:24:11","version" => "0.11"},{"date" => "2012-09-19T06:01:22","version" => "0.12"},{"date" => "2012-10-10T09:14:22","version" => "0.14"},{"date" => "2012-10-17T15:20:00","version" => "0.15"},{"date" => "2012-10-25T09:33:51","version" => "0.16"},{"date" => "2012-10-29T10:58:18","version" => "0.17"},{"date" => "2012-11-14T06:42:06","version" => "0.18"},{"date" => "2012-11-23T14:37:56","version" => "0.20"},{"date" => "2013-01-08T06:40:40","version" => "0.23"},{"date" => "2013-01-22T17:03:02","version" => "0.25"},{"date" => "2013-02-03T11:46:46","version" => "0.26"},{"date" => "2013-02-09T12:09:26","version" => "0.27"},{"date" => "2013-02-09T15:37:48","version" => "0.28"},{"date" => "2013-02-09T17:24:34","version" => "0.29"},{"date" => "2013-02-13T05:46:59","version" => "0.30"},{"date" => "2013-02-17T14:30:05","version" => "0.31"},{"date" => "2013-03-23T14:39:47","version" => "0.32"},{"date" => "2013-03-23T16:47:04","version" => "0.33"},{"date" => "2013-03-23T18:00:05","version" => "0.34"},{"date" => "2013-04-01T09:59:22","version" => "0.35"},{"date" => "2013-05-07T11:13:49","version" => "0.36"},{"date" => "2013-09-02T05:49:19","version" => "0.37"},{"date" => "2013-10-01T05:51:37","version" => "2.00_01"},{"date" => "2013-10-28T18:38:35","version" => "2.00_02"},{"date" => "2013-12-29T09:44:38","version" => "2.00_03"},{"date" => "2013-12-31T08:30:50","version" => "2.01"},{"date" => "2014-01-06T14:01:57","version" => "2.02"},{"date" => "2014-01-07T19:08:26","version" => "2.03"},{"date" => "2014-03-05T17:32:56","version" => "2.04"},{"date" => "2014-03-09T10:48:25","version" => "2.06"},{"date" => "2014-03-26T17:11:30","version" => "2.07_01"},{"date" => "2014-04-06T15:50:20","version" => "2.070_101"},{"date" => "2014-04-06T16:56:18","version" => "2.070_102"},{"date" => "2014-04-08T22:36:36","version" => "2.070_103"},{"date" => "2014-04-10T20:43:50","version" => "2.08"},{"date" => "2014-04-13T19:24:19","version" => "2.09"},{"date" => "2014-04-13T19:33:47","version" => "2.10"},{"date" => "2014-04-13T21:13:04","version" => "2.11"},{"date" => "2014-05-11T21:49:09","version" => "2.12"},{"date" => "2014-05-29T10:52:53","version" => "3.000_001"},{"date" => "2014-06-01T21:49:38","version" => "3.000_002"},{"date" => "2014-06-01T22:17:13","version" => "3.000_003"},{"date" => "2014-06-03T20:12:08","version" => "3.000_004"},{"date" => "2014-06-04T20:54:31","version" => "3.001"},{"date" => "2014-06-12T19:19:59","version" => "3.001_001"},{"date" => "2014-06-27T14:55:41","version" => "3.001_002"},{"date" => "2014-07-15T11:53:41","version" => "3.001_003"},{"date" => "2014-07-27T17:59:16","version" => "3.001_004"},{"date" => "2014-07-28T10:29:12","version" => "3.001_005"},{"date" => "2014-08-03T20:42:00","version" => "3.001_006"},{"date" => "2014-08-04T19:16:04","version" => "3.001_007"},{"date" => "2014-08-05T16:35:53","version" => "3.001_008"},{"date" => "2014-08-05T19:58:59","version" => "3.001_009"},{"date" => "2014-08-12T18:10:53","version" => "3.001_010"},{"date" => "2014-08-12T18:36:41","version" => "3.001_011"},{"date" => "2014-08-15T12:08:46","version" => "3.001_012"},{"date" => "2014-08-20T09:24:08","version" => "3.002"},{"date" => "2014-09-26T11:40:33","version" => "3.002_001"},{"date" => "2014-10-18T12:06:29","version" => "3.002_002"},{"date" => "2014-10-19T22:06:31","version" => "3.003"},{"date" => "2014-11-23T15:58:32","version" => "3.003_001"},{"date" => "2014-12-21T17:53:35","version" => "3.003_002"},{"date" => "2014-12-26T04:50:23","version" => "3.003_003"},{"date" => "2014-12-26T15:06:15","version" => "3.003_004"},{"date" => "2014-12-27T15:20:32","version" => "3.004"},{"date" => "2015-01-05T14:38:10","version" => "3.005"},{"date" => "2015-01-27T21:37:51","version" => "3.005_001"},{"date" => "2015-11-09T09:32:15","version" => "3.005_002"},{"date" => "2015-11-12T13:58:04","version" => "3.005_003"},{"date" => "2015-11-13T14:56:01","version" => "3.005_004"},{"date" => "2015-11-13T19:57:36","version" => "3.005_005"},{"date" => "2015-11-14T10:41:52","version" => "3.006"},{"date" => "2015-11-16T10:11:31","version" => "3.006_001"},{"date" => "2015-11-16T11:39:51","version" => "3.006_002"},{"date" => "2015-11-18T16:25:31","version" => "3.006_003"},{"date" => "2015-11-18T18:49:56","version" => "3.006_004"},{"date" => "2015-11-20T08:33:34","version" => "3.006_005"},{"date" => "2015-11-21T15:42:19","version" => "3.006_006"},{"date" => "2015-11-25T13:35:40","version" => "3.006_007"},{"date" => "2015-11-26T21:01:05","version" => "3.007"},{"date" => "2015-11-27T20:48:43","version" => "3.008"},{"date" => "2015-11-30T11:07:50","version" => "3.009"},{"date" => "2015-12-06T22:53:53","version" => "3.011"},{"date" => "2015-12-06T23:48:43","version" => "3.012"},{"date" => "2015-12-07T00:07:40","version" => "3.014"},{"date" => "2016-08-30T09:43:28","version" => "3.014_002"},{"date" => "2016-09-01T18:23:33","version" => "3.015"},{"date" => "2017-02-06T10:51:16","version" => "4.001_001"},{"date" => "2017-04-22T11:08:48","version" => "4.001_002"},{"date" => "2017-04-23T09:56:23","version" => "4.001_003"},{"date" => "2017-11-11T09:34:03","version" => "4.002"},{"date" => "2017-11-12T16:11:04","version" => "4.003"},{"date" => "2017-11-12T19:10:06","version" => "4.004"},{"date" => "2018-01-23T20:58:01","version" => "4.005"},{"date" => "2019-04-08T20:03:34","version" => "4.006"},{"date" => "2019-04-09T17:26:54","version" => "4.007"},{"date" => "2020-01-29T17:34:08","version" => "4.007_001"},{"date" => "2020-01-30T06:22:49","version" => "4.008"},{"date" => "2020-01-31T15:52:09","version" => "4.009"},{"date" => "2020-02-02T03:23:30","version" => "4.009_001"},{"date" => "2020-02-02T09:19:41","version" => "4.009_002"},{"date" => "2020-02-02T17:38:48","version" => "4.009_003"},{"date" => "2020-02-04T02:57:13","version" => "4.010"},{"date" => "2020-02-04T05:06:35","version" => "4.011"},{"date" => "2020-06-10T21:07:15","version" => "4.012"},{"date" => "2020-06-11T16:51:56","version" => "4.014"},{"date" => "2020-07-08T07:09:27","version" => "4.015"},{"date" => "2020-07-09T14:12:37","version" => "4.016"},{"date" => "2020-07-09T18:30:45","version" => "4.017"},{"date" => "2020-07-29T09:01:13","version" => "4.017_001"},{"date" => "2020-08-03T10:39:39","version" => "4.018"},{"date" => "2022-02-07T11:59:08","version" => "4.019"},{"date" => "2022-02-17T11:27:55","version" => "4.020"},{"date" => "2022-02-18T04:47:44","version" => "4.021"},{"date" => "2022-02-19T11:23:57","version" => "4.022"},{"date" => "2022-02-20T04:17:07","version" => "4.023"},{"date" => "2022-07-28T11:26:48","version" => "4.024"},{"date" => "2022-07-28T12:21:09","version" => "4.025"},{"date" => "2022-09-01T13:13:25","version" => "5.000_001"},{"date" => "2022-09-02T18:56:37","version" => "5.000_002"},{"date" => "2022-09-03T13:56:50","version" => "5.001"},{"date" => "2023-01-31T14:34:32","version" => "5.001_001"},{"date" => "2023-02-01T08:09:41","version" => "5.001_002"},{"date" => "2023-02-01T10:54:00","version" => "5.001_003"},{"date" => "2023-02-01T11:38:37","version" => "5.002"},{"date" => "2023-02-06T16:44:28","version" => "5.002_001"},{"date" => "2023-02-07T10:26:19","version" => "5.002_002"},{"date" => "2023-02-08T02:39:53","version" => "5.003"},{"date" => "2023-04-19T13:20:36","version" => "5.004"}]},"Sidef" => {"advisories" => [{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Sidef","versions" => [{"date" => "2015-06-19T22:56:13","version" => "0.06"},{"date" => "2015-07-07T22:15:05","version" => "0.07"},{"date" => "2015-07-16T17:29:42","version" => "0.08"},{"date" => "2015-07-23T06:30:35","version" => "0.09"},{"date" => "2015-07-24T05:59:07","version" => "0.0900001"},{"date" => "2015-09-07T00:03:50","version" => "0.0900002"},{"date" => "2015-09-16T22:58:56","version" => "0.10"},{"date" => "2015-10-31T07:15:42","version" => "2.10"},{"date" => "2015-11-24T18:52:00","version" => "2.11"},{"date" => "2015-12-10T23:46:41","version" => "2.12"},{"date" => "2015-12-24T09:03:59","version" => "2.13"},{"date" => "2016-01-02T10:53:48","version" => "2.20"},{"date" => "2016-01-14T13:51:33","version" => "2.21"},{"date" => "2016-02-08T03:21:05","version" => "2.22"},{"date" => "2016-03-06T14:33:37","version" => "2.23"},{"date" => "2016-03-24T16:49:45","version" => "2.24"},{"date" => "2016-05-27T20:32:46","version" => "2.25"},{"date" => "2016-06-01T15:48:21","version" => "2.26"},{"date" => "2016-07-29T13:02:29","version" => "2.30"},{"date" => "2016-08-18T22:40:23","version" => "2.300001"},{"date" => "2016-09-08T22:23:21","version" => "2.31"},{"date" => "2016-10-07T19:01:28","version" => "2.32"},{"date" => "2016-11-13T15:40:06","version" => "2.33"},{"date" => "2016-11-17T17:46:34","version" => "2.330001"},{"date" => "2016-12-24T19:58:48","version" => "2.34"},{"date" => "2017-01-30T20:53:41","version" => "2.35"},{"date" => "2017-03-02T08:58:20","version" => "2.36"},{"date" => "2017-04-04T19:53:33","version" => "2.37"},{"date" => "2017-04-22T19:35:52","version" => "3.00"},{"date" => "2017-05-09T22:49:43","version" => "3.01"},{"date" => "2017-06-05T21:56:28","version" => "3.02"},{"date" => "2017-08-27T20:59:15","version" => "3.03"},{"date" => "2017-10-06T01:08:28","version" => "3.04"},{"date" => "2017-11-03T23:04:20","version" => "3.05"},{"date" => "2017-12-08T13:13:05","version" => "3.10"},{"date" => "2018-02-17T11:31:53","version" => "3.15"},{"date" => "2018-05-05T20:49:50","version" => "3.16"},{"date" => "2018-05-30T21:54:08","version" => "3.17"},{"date" => "2018-07-04T20:15:48","version" => "3.18"},{"date" => "2018-07-31T09:11:13","version" => "3.19"},{"date" => "2018-10-13T22:10:15","version" => "3.50"},{"date" => "2019-01-07T00:48:34","version" => "3.60"},{"date" => "2019-03-24T18:15:23","version" => "3.70"},{"date" => "2019-05-18T23:57:28","version" => "3.80"},{"date" => "2019-08-18T09:18:32","version" => "3.85"},{"date" => "2019-12-25T18:38:15","version" => "3.90"},{"date" => "2020-03-22T22:05:56","version" => "3.95"},{"date" => "2020-07-20T16:23:44","version" => "3.96"},{"date" => "2021-01-17T23:11:25","version" => "3.97"},{"date" => "2021-01-18T22:53:11","version" => "v3.97.1"},{"date" => "2021-03-26T16:00:09","version" => "3.98"},{"date" => "2021-09-02T11:47:37","version" => "3.99"},{"date" => "2022-03-27T09:40:38","version" => "22.03"},{"date" => "2022-05-13T08:16:40","version" => "22.05"},{"date" => "2022-07-16T16:52:14","version" => "22.07"},{"date" => "2022-12-01T21:12:53","version" => "22.12"},{"date" => "2023-03-06T12:08:52","version" => "23.03"},{"date" => "2023-05-11T10:10:43","version" => "23.05"},{"date" => "2023-08-29T10:34:43","version" => "23.08"},{"date" => "2023-10-17T05:11:25","version" => "23.10"},{"date" => "2023-11-07T05:18:27","version" => "23.11"},{"date" => "2024-01-06T17:09:42","version" => "24.01"},{"date" => "2024-05-12T07:43:14","version" => "24.05"},{"date" => "2024-11-28T19:18:13","version" => "24.11"},{"date" => "2025-12-21T00:33:44","version" => "25.12"},{"date" => "2026-01-13T18:42:36","version" => "26.01"}]},"Smolder" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-58041"],"description" => "Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions.  Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Smolder::DB::Developer uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Smolder","fixed_versions" => [],"id" => "CPANSA-Smolder-2024-58041","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L221","https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L5","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2026-02-24","severity" => undef}],"main_module" => "Smolder","versions" => [{"date" => "2009-03-30T07:16:46","version" => "1.30"},{"date" => "2009-03-30T08:54:42","version" => "1.31"},{"date" => "2009-03-30T14:21:48","version" => "1.32"},{"date" => "2009-03-30T21:47:26","version" => "1.33"},{"date" => "2009-04-02T13:59:15","version" => "1.34"},{"date" => "2009-04-04T12:02:59","version" => "1.35"},{"date" => "2009-04-08T21:49:00","version" => "1.36"},{"date" => "2009-04-22T01:45:55","version" => "1.37"},{"date" => "2009-04-24T19:18:08","version" => "1.38"},{"date" => "2009-05-08T16:54:22","version" => "1.39"},{"date" => "2009-06-23T03:41:41","version" => "1.40"},{"date" => "2009-12-14T01:28:30","version" => "1.50"},{"date" => "2009-12-16T00:54:47","version" => "1.51"},{"date" => "2013-07-08T12:13:08","version" => "1.52"}]},"SockJS" => {"advisories" => [{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.10"],"cves" => ["CVE-2020-7693"],"description" => "Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7693-sockjs","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-7693"],"reported" => "2020-07-09","severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-7693"],"description" => "Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7693-sockjs","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-7693"],"reported" => "2020-07-09","severity" => undef}],"main_module" => "SockJS","versions" => [{"date" => "2013-04-06T13:37:32","version" => "0.01"},{"date" => "2018-08-26T06:26:34","version" => "0.03"},{"date" => "2018-08-26T12:25:45","version" => "0.04"},{"date" => "2018-08-26T17:55:40","version" => "0.05"},{"date" => "2018-08-26T18:26:38","version" => "0.06"},{"date" => "2018-09-29T11:17:26","version" => "0.07"},{"date" => "2018-12-02T09:25:55","version" => "0.08"},{"date" => "2018-12-02T11:11:31","version" => "0.09"},{"date" => "2018-12-07T12:02:52","version" => "0.10"}]},"Socket" => {"advisories" => [{"affected_versions" => ["<2.026"],"cves" => [],"description" => "The function croak is variadic which expects as a first parameter printf-style format.  Passing arbitrary and string from the caller as a printf format leads to the security problem CWE-134: Use of Externally-Controlled Format String.\n","distribution" => "Socket","fixed_versions" => [">=2.027"],"id" => "CPANSA-Socket-2017-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=122830"],"reported" => "2017-08-17","severity" => undef}],"main_module" => "Socket","versions" => [{"date" => "1995-11-09T22:44:00","version" => "1.3"},{"date" => "1996-06-09T12:32:00","version" => "1.5"},{"date" => "2011-10-25T22:29:20","version" => "1.94_03"},{"date" => "2011-10-26T17:37:31","version" => "1.94_04"},{"date" => "2011-10-27T17:28:25","version" => "1.94_05"},{"date" => "2011-10-30T01:34:45","version" => "1.94_06"},{"date" => "2011-11-22T15:09:56","version" => "1.94_07"},{"date" => "2011-12-01T14:07:01","version" => "1.95"},{"date" => "2011-12-02T23:40:37","version" => "1.95_001"},{"date" => "2011-12-05T19:33:32","version" => "1.95_002"},{"date" => "2011-12-06T23:28:06","version" => "1.95_003"},{"date" => "2011-12-07T16:24:12","version" => "1.95_004"},{"date" => "2011-12-11T00:25:11","version" => "1.96"},{"date" => "2011-12-16T19:47:41","version" => "1.97"},{"date" => "2012-02-07T15:33:00","version" => "1.97_001"},{"date" => "2012-02-12T11:40:21","version" => "1.97_002"},{"date" => "2012-02-16T00:52:35","version" => "1.98"},{"date" => "2012-02-17T00:24:56","version" => "1.98_001"},{"date" => "2012-02-21T23:39:36","version" => "1.99"},{"date" => "2012-03-10T00:09:16","version" => "2.000"},{"date" => "2012-03-27T13:59:43","version" => "2.001"},{"date" => "2012-05-18T16:23:54","version" => "2.001_001"},{"date" => "2012-05-22T15:38:46","version" => "2.001_002"},{"date" => "2012-05-31T15:02:53","version" => "2.001_003"},{"date" => "2012-06-06T10:22:21","version" => "2.002"},{"date" => "2012-08-15T13:14:45","version" => "2.003"},{"date" => "2012-08-15T21:22:04","version" => "2.004"},{"date" => "2012-08-16T21:27:21","version" => "2.005"},{"date" => "2012-08-19T21:49:58","version" => "2.006"},{"date" => "2012-12-16T18:27:03","version" => "2.007"},{"date" => "2012-12-27T15:41:41","version" => "2.008"},{"date" => "2013-01-18T16:13:59","version" => "2.009"},{"date" => "2013-06-24T19:25:09","version" => "2.010"},{"date" => "2013-07-28T18:46:32","version" => "2.011"},{"date" => "2013-09-03T12:23:51","version" => "2.012"},{"date" => "2013-10-28T00:53:02","version" => "2.013"},{"date" => "2014-05-31T23:16:34","version" => "2.014"},{"date" => "2014-08-15T22:38:05","version" => "2.015"},{"date" => "2014-10-08T20:58:19","version" => "2.016"},{"date" => "2015-02-10T12:28:48","version" => "2.017"},{"date" => "2015-02-12T13:45:11","version" => "2.018"},{"date" => "2015-04-27T20:25:03","version" => "2.018_001"},{"date" => "2015-04-29T16:08:52","version" => "2.019"},{"date" => "2015-06-24T13:49:15","version" => "2.020"},{"date" => "2015-11-18T17:15:18","version" => "2.021"},{"date" => "2016-04-16T22:49:32","version" => "2.021_01"},{"date" => "2016-06-06T10:07:12","version" => "2.021_02"},{"date" => "2016-08-01T15:05:16","version" => "2.022"},{"date" => "2016-08-02T13:53:11","version" => "2.023"},{"date" => "2016-08-11T12:52:58","version" => "2.024"},{"date" => "2016-08-26T17:50:04","version" => "2.024_01"},{"date" => "2016-08-26T22:33:20","version" => "2.024_02"},{"date" => "2016-10-04T14:06:42","version" => "2.024_03"},{"date" => "2018-01-09T15:15:51","version" => "2.025"},{"date" => "2018-01-11T23:18:50","version" => "2.026"},{"date" => "2018-01-12T17:00:49","version" => "2.027"},{"date" => "2018-09-05T10:32:16","version" => "2.027_04"},{"date" => "2019-02-20T00:03:23","version" => "2.028"},{"date" => "2019-02-20T19:58:07","version" => "2.029"},{"date" => "2019-02-21T19:41:16","version" => "2.029"},{"date" => "2019-04-14T09:28:49","version" => "2.027_05"},{"date" => "2019-06-15T14:08:34","version" => "2.029_05"},{"date" => "2020-07-06T13:57:06","version" => "2.030"},{"date" => "2021-01-05T15:50:53","version" => "2.031"},{"date" => "2021-06-02T23:32:40","version" => "2.032"},{"date" => "2022-04-29T14:34:23","version" => "2.033"},{"date" => "2022-06-27T09:29:08","version" => "2.034"},{"date" => "2022-07-01T14:22:10","version" => "2.035"},{"date" => "2022-08-19T16:40:53","version" => "2.036"},{"date" => "2023-06-06T11:57:25","version" => "2.037"},{"date" => "2024-04-15T20:15:41","version" => "2.038"},{"date" => "2025-06-25T17:07:24","version" => "2.039"},{"date" => "2025-07-16T11:30:51","version" => "2.040"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.6"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "1.7"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006000","version" => "1.72"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.75"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.76"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "1.77"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.78"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "1.81"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "1.79"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.01","version" => "1.80"},{"date" => "2009-08-22T00:00:00","dual_lived" => 1,"perl_release" => "5.010001","version" => "1.82"},{"date" => "2009-10-02T00:00:00","dual_lived" => 1,"perl_release" => "5.011000","version" => "1.84"},{"date" => "2009-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011001","version" => "1.85"},{"date" => "2010-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011005","version" => "1.86"},{"date" => "2010-04-12T00:00:00","dual_lived" => 1,"perl_release" => "5.012000","version" => "1.87"},{"date" => "2011-01-21T00:00:00","dual_lived" => 1,"perl_release" => "5.012003","version" => "1.87_01"},{"date" => "2010-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013001","version" => "1.88"},{"date" => "2010-06-22T00:00:00","dual_lived" => 1,"perl_release" => "5.013002","version" => "1.89"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "1.90"},{"date" => "2010-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013007","version" => "1.91"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "1.92"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "1.93"},{"date" => "2011-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013010","version" => "1.94"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "1.94_01"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "1.94_02"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "2.006_001"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "2.020_01"},{"date" => "2015-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023004","version" => "2.020_02"},{"date" => "2016-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023009","version" => "2.020_03"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "2.020_04"}]},"Spoon" => {"advisories" => [{"affected_versions" => [">0.24"],"cves" => ["CVE-2012-6143"],"description" => "Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "Spoon","fixed_versions" => [],"id" => "CPANSA-Spoon-Cookie-2012-6143","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=85217","http://www.securityfocus.com/bid/59834","http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84197"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "Spoon","versions" => [{"date" => "2004-03-21T10:04:10","version" => "0.10"},{"date" => "2004-03-23T07:50:48","version" => "0.11"},{"date" => "2004-03-30T16:23:32","version" => "0.12"},{"date" => "2004-05-07T16:21:27","version" => "0.13"},{"date" => "2004-06-02T10:15:14","version" => "0.14"},{"date" => "2004-06-21T17:39:05","version" => "0.15"},{"date" => "2004-06-22T17:43:16","version" => "0.16"},{"date" => "2004-07-20T20:01:22","version" => "0.17"},{"date" => "2004-08-12T05:59:51","version" => "0.18"},{"date" => "2004-12-16T00:12:10","version" => "0.19"},{"date" => "2004-12-18T09:04:38","version" => "0.20"},{"date" => "2005-01-11T16:27:02","version" => "0.21"},{"date" => "2005-04-04T14:49:45","version" => "0.22"},{"date" => "2005-04-07T03:44:14","version" => "0.23"},{"date" => "2006-12-09T23:29:37","version" => "0.24"}]},"Spreadsheet-ParseExcel" => {"advisories" => [{"affected_versions" => ["<0.66"],"cves" => ["CVE-2023-7101"],"description" => "Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type \x{201c}eval\x{201d}. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.\n","distribution" => "Spreadsheet-ParseExcel","fixed_versions" => [">=0.66"],"id" => "CPANSA-Spreadsheet-ParseExcel-2023-7101","references" => ["http://www.openwall.com/lists/oss-security/2023/12/29/4","https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171","https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md","https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc","https://https://metacpan.org/dist/Spreadsheet-ParseExcel","https://https://www.cve.org/CVERecord?id=CVE-2023-7101","https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html"],"reported" => "2023-12-24","severity" => undef}],"main_module" => "Spreadsheet::ParseExcel","versions" => [{"date" => "2000-10-06T00:33:12","version" => "0.06"},{"date" => "2000-11-18T03:01:33","version" => "0.07"},{"date" => "2000-11-24T23:59:57","version" => "0.08"},{"date" => "2000-12-15T02:58:39","version" => "0.09"},{"date" => "2001-01-16T00:27:35","version" => "0.10"},{"date" => "2001-01-31T15:09:13","version" => "0.11"},{"date" => "2001-02-05T11:37:49","version" => "0.12"},{"date" => "2001-02-22T22:35:17","version" => "0.13"},{"date" => "2001-03-06T02:14:24","version" => "0.15"},{"date" => "2001-03-07T21:50:33","version" => "0.16"},{"date" => "2001-03-12T23:08:09","version" => "0.17"},{"date" => "2001-03-17T07:39:42","version" => "0.18"},{"date" => "2001-03-26T11:41:43","version" => "0.19"},{"date" => "2001-03-30T11:22:58","version" => "0.20"},{"date" => "2001-04-11T00:12:29","version" => "0.201"},{"date" => "2001-04-11T00:17:15","version" => "v0.20.1"},{"date" => "2001-04-28T02:18:17","version" => "0.21"},{"date" => "2001-04-29T05:37:04","version" => "v0.21.1"},{"date" => "2001-05-01T07:23:55","version" => "v0.21.2"},{"date" => "2001-05-05T09:46:39","version" => "0.22"},{"date" => "2001-05-15T22:20:34","version" => "v0.22.1"},{"date" => "2001-05-24T22:12:58","version" => "v0.22.2"},{"date" => "2001-06-05T22:21:24","version" => "v0.22.3"},{"date" => "2001-06-21T21:38:06","version" => "0.23"},{"date" => "2001-06-26T03:05:48","version" => "0.2301"},{"date" => "2001-07-05T10:44:34","version" => "0.24"},{"date" => "2001-07-13T10:51:35","version" => "0.2402"},{"date" => "2001-07-24T21:45:07","version" => "0.2403"},{"date" => "2001-12-06T22:01:45","version" => "0.2404"},{"date" => "2002-01-28T22:38:34","version" => "0.2405"},{"date" => "2002-04-07T22:20:17","version" => "0.2406"},{"date" => "2002-04-24T13:05:42","version" => "0.2407"},{"date" => "2002-05-09T15:05:41","version" => "0.25"},{"date" => "2002-06-05T20:57:29","version" => "0.26"},{"date" => "2002-07-13T22:41:34","version" => "0.2601"},{"date" => "2002-07-16T02:07:27","version" => "0.2602"},{"date" => "2004-05-30T01:51:09","version" => "0.2603"},{"date" => "2006-09-11T09:15:23","version" => "0.27_01"},{"date" => "2006-09-12T20:55:36","version" => "0.27_02"},{"date" => "2006-11-02T16:44:10","version" => "0.27_03"},{"date" => "2007-01-03T15:48:01","version" => "0.27"},{"date" => "2007-01-07T17:20:30","version" => "0.28"},{"date" => "2007-03-29T23:21:14","version" => "0.29"},{"date" => "2007-03-31T15:33:28","version" => "0.30"},{"date" => "2007-05-03T02:21:13","version" => "0.31"},{"date" => "2007-05-05T03:56:46","version" => "0.32"},{"date" => "2008-09-07T07:47:07","version" => "0.33"},{"date" => "2008-10-24T00:05:35","version" => "0.40"},{"date" => "2008-10-24T00:18:27","version" => "0.33"},{"date" => "2009-01-01T20:42:10","version" => "0.42"},{"date" => "2009-01-08T02:06:27","version" => "0.43"},{"date" => "2009-01-09T03:37:10","version" => "0.44"},{"date" => "2009-01-14T02:19:46","version" => "0.45"},{"date" => "2009-01-20T00:34:23","version" => "0.46"},{"date" => "2009-01-22T00:39:18","version" => "0.47"},{"date" => "2009-01-23T07:07:04","version" => "0.48"},{"date" => "2009-01-24T01:19:12","version" => "0.49"},{"date" => "2009-08-18T23:30:07","version" => "0.50"},{"date" => "2009-08-19T22:08:26","version" => "0.51"},{"date" => "2009-08-21T18:09:01","version" => "0.52"},{"date" => "2009-08-24T23:06:49","version" => "0.53"},{"date" => "2009-08-25T20:24:31","version" => "0.54"},{"date" => "2009-09-30T06:26:08","version" => "0.55"},{"date" => "2009-12-10T00:23:50","version" => "0.56"},{"date" => "2010-01-24T19:18:56","version" => "0.57"},{"date" => "2010-09-17T18:09:07","version" => "0.58"},{"date" => "2011-04-06T19:13:26","version" => "0.59"},{"date" => "2014-02-26T19:58:52","version" => "0.60"},{"date" => "2014-03-04T18:56:46","version" => "0.61"},{"date" => "2014-03-05T17:16:00","version" => "0.62"},{"date" => "2014-03-07T20:47:21","version" => "0.63"},{"date" => "2014-03-11T17:22:13","version" => "0.64"},{"date" => "2014-03-18T20:47:23","version" => "0.65"},{"date" => "2023-12-29T01:14:58","version" => "0.66"}]},"Spreadsheet-ParseXLSX" => {"advisories" => [{"affected_versions" => ["<0.28"],"cves" => ["CVE-2024-22368"],"description" => "The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.\n","distribution" => "Spreadsheet-ParseXLSX","fixed_versions" => [">=0.28"],"id" => "CPANSA-Spreadsheet-ParseXLSX-2024-22368","references" => ["https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md","https://github.com/briandfoy/cpan-security-advisory/issues/131","https://nvd.nist.gov/vuln/detail/CVE-2024-22368","https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md","https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes","https://github.com/advisories/GHSA-x2hg-844v-frvh"],"reported" => "2024-01-03"},{"affected_versions" => ["<0.30"],"cves" => ["CVE-2024-23525"],"description" => "In default configuration of Spreadsheet::ParseXLSX, whenever we call Spreadsheet::ParseXLSX->new()->parse('user_input_file.xlsx'), we'd be vulnerable for XXE vulnerability if the XLSX file that we are parsing is from user input.\n","distribution" => "Spreadsheet-ParseXLSX","fixed_versions" => [">=0.30"],"id" => "CPANSA-Spreadsheet-ParseXLSX-2024-23525","references" => ["https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes","https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a","https://github.com/briandfoy/cpan-security-advisory/issues/134","https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10","https://github.com/advisories/GHSA-cxjh-j6f8-vrmf","https://nvd.nist.gov/vuln/detail/CVE-2024-23525"],"reported" => "2024-01-17"}],"main_module" => "Spreadsheet::ParseXLSX","versions" => [{"date" => "2013-07-17T02:45:07","version" => "0.01"},{"date" => "2013-07-17T15:14:43","version" => "0.02"},{"date" => "2013-07-26T07:34:38","version" => "0.03"},{"date" => "2013-07-31T18:28:38","version" => "0.04"},{"date" => "2013-07-31T22:15:56","version" => "0.05"},{"date" => "2013-08-29T20:02:30","version" => "0.06"},{"date" => "2013-09-05T18:34:35","version" => "0.07"},{"date" => "2013-09-10T18:21:15","version" => "0.08"},{"date" => "2013-10-09T14:52:49","version" => "0.09"},{"date" => "2013-11-06T18:36:10","version" => "0.10"},{"date" => "2013-11-14T00:30:46","version" => "0.11"},{"date" => "2013-12-09T20:27:26","version" => "0.12"},{"date" => "2014-01-29T21:32:54","version" => "0.13"},{"date" => "2014-04-03T16:56:25","version" => "0.14"},{"date" => "2014-07-05T01:39:06","version" => "0.15"},{"date" => "2014-07-05T18:55:08","version" => "0.16"},{"date" => "2015-03-26T03:38:16","version" => "0.17"},{"date" => "2015-09-19T06:08:07","version" => "0.18"},{"date" => "2015-12-04T07:38:39","version" => "0.19"},{"date" => "2015-12-05T18:45:32","version" => "0.20"},{"date" => "2016-05-23T07:09:47","version" => "0.21"},{"date" => "2016-05-25T05:39:15","version" => "0.22"},{"date" => "2016-05-29T03:01:59","version" => "0.23"},{"date" => "2016-06-25T18:03:32","version" => "0.24"},{"date" => "2016-07-15T02:36:28","version" => "0.25"},{"date" => "2016-08-16T06:35:10","version" => "0.26"},{"date" => "2016-08-16T07:12:41","version" => "0.27"},{"date" => "2024-01-02T13:45:35","version" => "0.28"},{"date" => "2024-01-02T17:49:11","version" => "0.29"},{"date" => "2024-01-17T11:34:43","version" => "0.30"},{"date" => "2024-01-18T11:30:17","version" => "0.31"},{"date" => "2024-03-08T11:04:50","version" => "0.32"},{"date" => "2024-03-08T12:50:37","version" => "0.33"},{"date" => "2024-03-13T10:28:28","version" => "0.34"},{"date" => "2024-03-19T16:22:17","version" => "0.35"},{"date" => "2025-01-24T09:33:40","version" => "0.36"}]},"Squatting" => {"advisories" => [{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Squatting","versions" => [{"date" => "2008-05-13T22:22:58","version" => "0.20"},{"date" => "2008-05-14T06:05:11","version" => "0.21"},{"date" => "2008-06-02T19:48:13","version" => "0.30"},{"date" => "2008-06-06T10:48:50","version" => "0.31"},{"date" => "2008-07-06T17:46:05","version" => "0.40"},{"date" => "2008-07-09T04:13:14","version" => "0.41"},{"date" => "2008-07-25T14:38:30","version" => "0.42"},{"date" => "2008-07-31T02:12:58","version" => "0.50"},{"date" => "2008-08-07T23:35:32","version" => "0.51"},{"date" => "2008-08-09T00:05:02","version" => "0.52"},{"date" => "2009-04-21T18:46:53","version" => "0.60"},{"date" => "2009-08-27T12:18:15","version" => "0.70"},{"date" => "2011-04-27T11:37:19","version" => "0.80"},{"date" => "2011-04-27T21:17:13","version" => "0.81"},{"date" => "2013-08-12T04:12:05","version" => "0.82"},{"date" => "2014-02-20T03:16:20","version" => "0.83"}]},"Starch" => {"advisories" => [{"affected_versions" => ["<=0.14"],"cves" => ["CVE-2025-40925"],"description" => "Starch versions 0.14 and earlier generate session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Starch","fixed_versions" => [],"id" => "CPANSA-Starch-2025-40925","references" => ["https://github.com/bluefeet/Starch/commit/5573449e64e0660f7ee209d1eab5881d4ccbee3b.patch","https://github.com/bluefeet/Starch/pull/5","https://metacpan.org/dist/Starch/source/lib/Starch/Manager.pm"],"reported" => "2025-09-20","severity" => undef}],"main_module" => "Starch","versions" => [{"date" => "2015-07-31T23:11:38","version" => "0.06"},{"date" => "2018-05-17T14:47:29","version" => "0.07"},{"date" => "2018-09-04T01:40:23","version" => "0.08"},{"date" => "2018-09-04T17:20:53","version" => "0.09"},{"date" => "2019-02-14T19:42:01","version" => "0.10"},{"date" => "2019-02-20T15:55:30","version" => "0.11"},{"date" => "2019-03-01T06:11:34","version" => "0.12"},{"date" => "2019-03-23T21:36:38","version" => "0.13"},{"date" => "2019-05-13T02:14:22","version" => "0.14"}]},"Stardust" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Stardust","versions" => [{"date" => "2009-08-28T03:34:38","version" => "0.01"},{"date" => "2009-09-02T08:17:45","version" => "0.02"},{"date" => "2009-09-08T13:01:44","version" => "0.03"},{"date" => "2009-09-08T20:19:12","version" => "0.04"},{"date" => "2009-09-11T02:44:30","version" => "0.05"},{"date" => "2009-09-11T07:03:42","version" => "0.06"},{"date" => "2009-09-11T08:22:34","version" => "0.07"},{"date" => "2011-08-04T18:24:59","version" => "0.08"}]},"Storable" => {"advisories" => [{"affected_versions" => ["<3.05"],"cves" => [],"description" => "Malcrafted storable files or buffers.\n","distribution" => "Storable","fixed_versions" => [">=3.05"],"id" => "CPANSA-Storable-2017-01","references" => ["https://metacpan.org/changes/distribution/Storable","https://cxsecurity.com/issue/WLB-2007120031"],"reported" => "2017-01-29"}],"main_module" => "Storable","versions" => [{"date" => "1995-10-02T10:50:02","version" => "0.1"},{"date" => "1997-01-13T11:42:25","version" => "0.2"},{"date" => "1997-01-13T17:18:01","version" => "0.2"},{"date" => "1997-01-14T15:12:36","version" => "0.3"},{"date" => "1997-01-15T18:25:57","version" => "0.4"},{"date" => "1997-01-22T14:47:23","version" => "0.4"},{"date" => "1997-02-27T15:02:37","version" => "0.4"},{"date" => "1997-02-27T15:38:18","version" => "0.4"},{"date" => "1997-03-25T10:32:00","version" => "0.4"},{"date" => "1997-05-16T09:24:59","version" => "0.4"},{"date" => "1997-06-03T09:38:38","version" => "0.4"},{"date" => "1997-06-10T16:47:47","version" => "0.5"},{"date" => "1997-11-05T10:05:11","version" => "0.5"},{"date" => "1998-01-13T16:59:38","version" => "0.5"},{"date" => "1998-01-20T08:32:03","version" => "0.5"},{"date" => "1998-03-06T20:52:28","version" => "0.5"},{"date" => "1998-03-25T14:10:24","version" => "0.5"},{"date" => "1998-04-08T11:20:48","version" => "0.5"},{"date" => "1998-04-09T16:17:05","version" => "0.5"},{"date" => "1998-04-24T15:29:23","version" => "0.5"},{"date" => "1998-04-30T13:13:58","version" => "0.5"},{"date" => "1998-05-12T07:15:48","version" => "0.5"},{"date" => "1998-06-04T16:19:02","version" => "0.6"},{"date" => "1998-06-12T09:54:35","version" => "0.6"},{"date" => "1998-06-22T09:00:32","version" => "0.6"},{"date" => "1998-07-03T13:53:55","version" => "0.6"},{"date" => "1998-07-21T12:10:39","version" => "0.6"},{"date" => "1999-01-31T18:01:47","version" => "0.6"},{"date" => "1999-07-12T13:05:25","version" => "0.6"},{"date" => "1999-09-02T12:47:03","version" => "0.6"},{"date" => "1999-09-14T20:27:23","version" => "v0.6.5"},{"date" => "1999-10-19T19:33:43","version" => "v0.6.6"},{"date" => "1999-10-20T17:10:19","version" => "v0.6.7"},{"date" => "2000-03-02T22:29:53","version" => "v0.6.9"},{"date" => "2000-03-29T18:00:09","version" => "v0.6.10"},{"date" => "2000-04-02T22:12:47","version" => "v0.6.11"},{"date" => "2000-08-03T22:12:31","version" => "v0.7.0"},{"date" => "2000-08-13T20:17:55","version" => "v0.7.1"},{"date" => "2000-08-14T07:27:17","version" => "v0.7.2"},{"date" => "2000-08-23T23:12:01","version" => "v0.7.4"},{"date" => "2000-09-01T19:44:37","version" => "v1.0.0"},{"date" => "2000-09-17T16:56:12","version" => "v1.0.1"},{"date" => "2000-09-28T21:50:42","version" => "v1.0.2"},{"date" => "2000-09-29T19:55:57","version" => "v1.0.3"},{"date" => "2000-10-23T18:12:41","version" => "v1.0.4"},{"date" => "2000-10-26T17:18:33","version" => "v1.0.5"},{"date" => "2000-11-05T17:30:34","version" => "v1.0.6"},{"date" => "2001-01-03T09:48:40","version" => "v1.0.7"},{"date" => "2001-02-17T12:43:23","version" => "v1.0.10"},{"date" => "2001-03-15T00:30:04","version" => "v1.0.11"},{"date" => "2001-07-01T11:30:39","version" => "v1.0.12"},{"date" => "2001-08-28T21:59:16","version" => "v1.0.13"},{"date" => "2001-12-01T13:48:14","version" => "v1.0.14"},{"date" => "2002-05-18T16:48:08","version" => "2.00"},{"date" => "2002-05-28T20:34:47","version" => "2.02"},{"date" => "2002-06-01T04:35:47","version" => "2.03"},{"date" => "2002-06-08T02:11:56","version" => "2.04"},{"date" => "2002-10-03T03:37:51","version" => "2.05"},{"date" => "2002-11-25T12:34:01","version" => "2.06"},{"date" => "2003-05-05T05:21:16","version" => "2.07"},{"date" => "2003-09-05T20:01:37","version" => "2.08"},{"date" => "2004-01-06T01:47:55","version" => "2.09"},{"date" => "2004-03-01T04:28:16","version" => "2.10"},{"date" => "2004-03-17T15:11:57","version" => "2.11"},{"date" => "2004-03-24T03:24:16","version" => "2.12"},{"date" => "2004-06-28T16:41:47","version" => "2.13"},{"date" => "2005-04-25T02:15:51","version" => "2.14"},{"date" => "2005-05-23T17:21:53","version" => "2.15"},{"date" => "2007-03-31T00:51:12","version" => "2.16"},{"date" => "2007-11-16T20:48:24","version" => "2.17"},{"date" => "2007-11-23T18:18:24","version" => "2.18"},{"date" => "2009-05-18T04:18:09","version" => "2.20"},{"date" => "2009-08-06T05:30:04","version" => "2.21"},{"date" => "2010-11-12T17:12:42","version" => "2.23"},{"date" => "2010-11-12T17:29:29","version" => "2.24"},{"date" => "2010-12-11T06:08:33","version" => "2.25"},{"date" => "2011-07-03T04:04:14","version" => "2.29"},{"date" => "2011-07-12T03:59:06","version" => "2.30"},{"date" => "2012-06-07T01:16:46","version" => "2.35"},{"date" => "2012-09-11T01:30:44","version" => "2.38"},{"date" => "2012-09-11T01:38:57","version" => "2.39"},{"date" => "2013-07-13T16:49:48","version" => "2.45"},{"date" => "2014-07-02T11:09:04","version" => "2.51"},{"date" => "2017-01-29T11:41:00","version" => "3.05"},{"date" => "2017-01-30T14:25:11","version" => "3.05_01"},{"date" => "2017-01-30T18:55:50","version" => "3.05_02"},{"date" => "2017-01-31T01:58:36","version" => "3.05_03"},{"date" => "2017-02-02T11:22:12","version" => "3.05_04"},{"date" => "2017-03-05T10:48:10","version" => "3.05_06"},{"date" => "2017-03-05T12:52:10","version" => "3.05_07"},{"date" => "2017-03-11T07:51:19","version" => "3.05_09"},{"date" => "2017-03-14T09:03:54","version" => "3.05_10"},{"date" => "2017-03-29T20:00:48","version" => "3.05_11"},{"date" => "2017-04-19T07:20:42","version" => "3.05_12"},{"date" => "2017-10-15T12:06:30","version" => "3.05_14"},{"date" => "2017-10-21T09:30:17","version" => "3.05_15"},{"date" => "2017-10-21T16:17:28","version" => "3.05_16"},{"date" => "2018-04-19T08:29:33","version" => "3.06"},{"date" => "2018-04-20T16:11:03","version" => "3.05_17"},{"date" => "2018-04-21T10:08:56","version" => "3.08"},{"date" => "2018-04-21T16:50:30","version" => "3.09"},{"date" => "2018-04-27T17:46:19","version" => "3.11"},{"date" => "2018-09-05T15:12:26","version" => "3.11_01"},{"date" => "2019-03-06T12:42:01","version" => "3.12_03"},{"date" => "2019-03-12T09:31:55","version" => "3.12_04"},{"date" => "2019-04-16T07:32:16","version" => "3.14_04"},{"date" => "2019-04-23T13:29:25","version" => "3.15"},{"date" => "2019-05-05T12:46:33","version" => "3.15_04"},{"date" => "2021-08-25T09:06:32","version" => "3.24_50"},{"date" => "2021-08-30T08:39:08","version" => "3.25"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.015"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.19"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "2.15_02"},{"date" => "2009-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011001","version" => "2.22"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "2.26"},{"date" => "2011-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013011","version" => "2.27"},{"date" => "2011-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015","version" => "2.28"},{"date" => "2011-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015001","version" => "2.31"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "2.32"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "2.33"},{"date" => "2011-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015006","version" => "2.34"},{"date" => "2012-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017001","version" => "2.36"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.37"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "2.40"},{"date" => "2013-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017011","version" => "2.41"},{"date" => "2013-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019","version" => "2.42"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.43"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "2.46"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.47"},{"date" => "2013-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019007","version" => "2.48"},{"date" => "2014-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019011","version" => "2.49"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "2.49_01"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "2.52"},{"date" => "2015-02-21T00:00:00","dual_lived" => 1,"perl_release" => "5.021009","version" => "2.53"},{"date" => "2015-12-13T00:00:00","dual_lived" => 1,"perl_release" => "5.022001","version" => "2.53_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.53_02"},{"date" => "2015-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023001","version" => "2.54"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "2.55"},{"date" => "2016-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023009","version" => "2.56"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "2.56_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "2.57"},{"date" => "2016-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025006","version" => "2.58"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "2.59"},{"date" => "2017-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025009","version" => "2.61"},{"date" => "2017-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025010","version" => "2.62"},{"date" => "2017-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027001","version" => "2.63"},{"date" => "2017-08-21T00:00:00","dual_lived" => 1,"perl_release" => "5.027003","version" => "2.64"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "2.65"},{"date" => "2019-04-19T00:00:00","dual_lived" => 1,"perl_release" => "5.028002","version" => "3.08_01"},{"date" => "2018-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029002","version" => "3.12"},{"date" => "2018-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029003","version" => "3.13"},{"date" => "2018-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.029006","version" => "3.14"},{"date" => "2019-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031001","version" => "3.16"},{"date" => "2019-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031003","version" => "3.17"},{"date" => "2019-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031007","version" => "3.18"},{"date" => "2020-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031009","version" => "3.19"},{"date" => "2020-04-28T00:00:00","dual_lived" => 1,"perl_release" => "5.031011","version" => "3.20"},{"date" => "2020-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.032","version" => "3.21"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "3.22"},{"date" => "2020-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033003","version" => "3.23"},{"date" => "2021-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035003","version" => "3.24"},{"date" => "2022-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035011","version" => "3.26"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "3.27"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.28"},{"date" => "2023-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037008","version" => "3.29"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.03701","version" => "3.31"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038000","version" => "3.32"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.33"},{"date" => "2024-08-29T00:00:00","dual_lived" => 1,"perl_release" => "5.041003","version" => "3.34"},{"date" => "2024-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041004","version" => "3.35"},{"date" => "2025-03-21T00:00:00","dual_lived" => 1,"perl_release" => "5.041010","version" => "3.36"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "3.37"}]},"String-Compare-ConstantTime" => {"advisories" => [{"affected_versions" => ["<=0.321"],"cves" => ["CVE-2024-13939"],"description" => "String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.  As stated in the documentation: \"If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents).\"  This is similar to\x{a0}CVE-2020-36829","distribution" => "String-Compare-ConstantTime","fixed_versions" => [],"id" => "CPANSA-String-Compare-ConstantTime-2024-13939","references" => ["https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL"],"reported" => "2025-03-28","severity" => undef}],"main_module" => "String::Compare::ConstantTime","versions" => [{"date" => "2012-07-13T00:08:31","version" => "0.20"},{"date" => "2012-10-10T01:38:04","version" => "0.300"},{"date" => "2014-09-24T03:21:54","version" => "0.310"},{"date" => "2015-10-24T21:53:39","version" => "0.311"},{"date" => "2017-02-14T16:57:07","version" => "0.312"},{"date" => "2018-04-23T16:13:42","version" => "0.320"},{"date" => "2019-06-17T13:33:11","version" => "0.321"}]},"Sub-HandlesVia" => {"advisories" => [{"affected_versions" => ["<0.050002"],"cves" => ["CVE-2025-30673"],"description" => "Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be\x{a0}loaded instead of the intended file, potentially leading to arbitrary\x{a0}code execution.  Sub::HandlesVia uses Mite to produce the affected code section due to\x{a0}CVE-2025-30672","distribution" => "Sub-HandlesVia","fixed_versions" => [">=0.050002"],"id" => "CPANSA-Sub-HandlesVia-2025-30673","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/dist/Sub-HandlesVia/changes#L12","https://metacpan.org/release/TOBYINK/Sub-HandlesVia-0.050001/source/lib/Sub/HandlesVia/Mite.pm#L114"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Sub::HandlesVia","versions" => [{"date" => "2020-01-21T12:20:29","version" => "0.001"},{"date" => "2020-01-21T12:44:10","version" => "0.002"},{"date" => "2020-01-21T21:31:54","version" => "0.003"},{"date" => "2020-01-22T20:46:52","version" => "0.004"},{"date" => "2020-01-23T12:15:51","version" => "0.005"},{"date" => "2020-01-23T12:57:19","version" => "0.006"},{"date" => "2020-01-25T18:32:49","version" => "0.007"},{"date" => "2020-01-26T21:21:53","version" => "0.008_000"},{"date" => "2020-01-26T23:51:45","version" => "0.008_001"},{"date" => "2020-01-27T01:42:52","version" => "0.008_002"},{"date" => "2020-01-27T08:53:01","version" => "0.008_003"},{"date" => "2020-01-27T10:55:08","version" => "0.009"},{"date" => "2020-01-27T14:35:32","version" => "0.010"},{"date" => "2020-01-27T20:50:11","version" => "0.011"},{"date" => "2020-02-02T19:19:39","version" => "0.012"},{"date" => "2020-02-04T23:25:52","version" => "0.013"},{"date" => "2020-08-25T12:50:04","version" => "0.014"},{"date" => "2020-09-12T14:08:39","version" => "0.015"},{"date" => "2020-09-20T16:31:29","version" => "0.016"},{"date" => "2022-06-11T11:23:50","version" => "0.017"},{"date" => "2022-06-11T14:29:41","version" => "0.018"},{"date" => "2022-06-11T16:47:08","version" => "0.019"},{"date" => "2022-06-11T20:23:02","version" => "0.020"},{"date" => "2022-06-12T17:24:14","version" => "0.021"},{"date" => "2022-06-14T16:04:34","version" => "0.022"},{"date" => "2022-06-15T01:20:36","version" => "0.023"},{"date" => "2022-06-15T14:42:36","version" => "0.024"},{"date" => "2022-06-16T10:36:27","version" => "0.025"},{"date" => "2022-06-29T23:39:10","version" => "0.026"},{"date" => "2022-06-30T00:10:02","version" => "0.027"},{"date" => "2022-07-01T23:17:41","version" => "0.028"},{"date" => "2022-07-09T18:26:58","version" => "0.029"},{"date" => "2022-07-09T18:32:11","version" => "0.030"},{"date" => "2022-07-09T19:48:20","version" => "0.031"},{"date" => "2022-07-12T19:15:21","version" => "0.032"},{"date" => "2022-08-05T15:26:32","version" => "0.033"},{"date" => "2022-08-07T14:36:37","version" => "0.034"},{"date" => "2022-08-12T14:45:11","version" => "0.035"},{"date" => "2022-08-26T14:46:58","version" => "0.036"},{"date" => "2022-09-26T08:48:59","version" => "0.037"},{"date" => "2022-10-21T14:29:19","version" => "0.038"},{"date" => "2022-10-26T10:30:49","version" => "0.039"},{"date" => "2022-10-27T12:45:21","version" => "0.040"},{"date" => "2022-10-29T15:58:04","version" => "0.041"},{"date" => "2022-10-30T12:28:45","version" => "0.042"},{"date" => "2022-10-31T11:04:11","version" => "0.043"},{"date" => "2022-10-31T18:24:28","version" => "0.044"},{"date" => "2022-11-08T18:45:23","version" => "0.045"},{"date" => "2022-12-16T16:02:25","version" => "0.046"},{"date" => "2023-04-05T21:51:07","version" => "0.050000"},{"date" => "2025-03-23T18:30:54","version" => "0.050001"},{"date" => "2025-03-31T11:34:28","version" => "0.050002"},{"date" => "2025-07-14T21:33:31","version" => "0.050003"},{"date" => "2025-11-10T17:13:26","version" => "0.050004"},{"date" => "2025-11-10T17:24:14","version" => "0.050005"},{"date" => "2025-11-11T22:25:44","version" => "0.050006"},{"date" => "2025-11-15T20:17:13","version" => "0.050007"},{"date" => "2025-11-21T09:14:26","version" => "0.052000"},{"date" => "2026-01-28T23:06:43","version" => "0.053000"},{"date" => "2026-01-29T09:02:27","version" => "0.053001"},{"date" => "2026-01-30T17:28:28","version" => "0.053002"},{"date" => "2026-01-31T23:44:23","version" => "0.053003"},{"date" => "2026-02-01T23:30:36","version" => "0.053004"},{"date" => "2026-02-04T17:17:58","version" => "0.053005"}]},"Sys-Syslog" => {"advisories" => [{"affected_versions" => ["<0.35"],"cves" => ["CVE-2016-1238"],"description" => "Optional modules loaded from loading optional modules from \".\"\n","distribution" => "Sys-Syslog","fixed_versions" => [">=0.35"],"id" => "CPANSA-Sys-Syslog-2016-1238","references" => ["https://metacpan.org/dist/Sys-Syslog/changes","https://rt.cpan.org/Public/Bug/Display.html?id=116543"],"reported" => "2016-07-27","severity" => "high"}],"main_module" => "Sys::Syslog","versions" => [{"date" => "2005-12-06T22:19:29","version" => "0.09"},{"date" => "2005-12-08T01:10:57","version" => "0.10"},{"date" => "2005-12-27T23:49:31","version" => "0.11"},{"date" => "2006-01-07T04:07:20","version" => "0.12"},{"date" => "2006-01-11T01:03:02","version" => "0.13"},{"date" => "2006-05-25T22:42:27","version" => "0.14"},{"date" => "2006-06-10T23:57:12","version" => "0.15"},{"date" => "2006-06-20T21:26:29","version" => "0.16"},{"date" => "2006-07-23T01:51:16","version" => "0.17"},{"date" => "2006-08-28T22:18:29","version" => "0.18"},{"date" => "2007-09-05T09:39:56","version" => "0.19"},{"date" => "2007-09-05T10:23:25","version" => "0.20"},{"date" => "2007-09-13T23:01:59","version" => "0.21"},{"date" => "2007-11-08T00:58:57","version" => "0.22"},{"date" => "2007-11-12T22:42:29","version" => "0.23"},{"date" => "2007-12-31T17:18:56","version" => "0.24"},{"date" => "2008-06-05T23:16:19","version" => "0.25"},{"date" => "2008-06-15T23:49:12","version" => "0.25"},{"date" => "2008-09-21T17:05:08","version" => "0.27"},{"date" => "2009-03-14T03:24:36","version" => "1.00"},{"date" => "2011-04-16T17:01:20","version" => "0.28"},{"date" => "2011-04-18T14:10:00","version" => "0.29"},{"date" => "2012-08-15T01:27:23","version" => "0.30"},{"date" => "2012-08-18T18:07:17","version" => "0.31"},{"date" => "2012-09-14T12:36:22","version" => "0.32"},{"date" => "2013-05-24T00:13:07","version" => "0.33"},{"date" => "2016-05-05T23:20:00","version" => "0.34"},{"date" => "2016-09-01T16:56:39","version" => "0.35"},{"date" => "2019-10-21T22:41:02","version" => "0.36"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006000","version" => "0.01"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "0.02"},{"date" => "2002-07-19T00:00:00","dual_lived" => 1,"perl_release" => "5.008","version" => "0.03"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "0.04"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "0.05"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "0.06"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "0.18_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.33_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "0.34_01"}]},"Tcl" => {"advisories" => [{"affected_versions" => [">=0.89,<=1.27"],"cves" => ["CVE-2008-0553"],"description" => "Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.\n","distribution" => "Tcl","fixed_versions" => [],"id" => "CPANSA-Tcl-2008-0553-tcl","references" => ["http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894","http://www.securityfocus.com/bid/27655","http://securitytracker.com/id?1019309","http://secunia.com/advisories/28784","https://bugzilla.redhat.com/show_bug.cgi?id=431518","https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html","https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html","https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html","https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html","http://www.mandriva.com/security/advisories?name=MDVSA-2008:041","http://secunia.com/advisories/28807","http://secunia.com/advisories/28848","http://www.debian.org/security/2008/dsa-1490","http://www.debian.org/security/2008/dsa-1491","http://secunia.com/advisories/28857","http://secunia.com/advisories/28867","http://wiki.rpath.com/Advisories:rPSA-2008-0054","https://issues.rpath.com/browse/RPL-2215","http://secunia.com/advisories/28954","http://www.redhat.com/support/errata/RHSA-2008-0135.html","http://www.redhat.com/support/errata/RHSA-2008-0134.html","http://www.redhat.com/support/errata/RHSA-2008-0136.html","http://secunia.com/advisories/29069","http://secunia.com/advisories/29070","http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html","http://secunia.com/advisories/29622","http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1","http://secunia.com/advisories/30129","http://www.vmware.com/security/advisories/VMSA-2008-0009.html","http://secunia.com/advisories/30535","http://secunia.com/advisories/30717","http://secunia.com/advisories/30783","http://www.novell.com/linux/security/advisories/2008_13_sr.html","http://www.debian.org/security/2008/dsa-1598","https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html","http://secunia.com/advisories/30188","http://www.vupen.com/english/advisories/2008/0430","http://www.vupen.com/english/advisories/2008/1744","http://www.vupen.com/english/advisories/2008/1456/references","http://ubuntu.com/usn/usn-664-1","http://secunia.com/advisories/32608","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098","http://www.securityfocus.com/archive/1/493080/100/0/threaded","http://www.securityfocus.com/archive/1/488069/100/0/threaded"],"reported" => "2008-02-07","severity" => undef}],"main_module" => "Tcl","versions" => [{"date" => "1995-08-20T09:21:54","version" => 0},{"date" => "1997-09-18T16:57:00","version" => 0},{"date" => "2001-03-11T23:23:17","version" => 0},{"date" => "2003-05-18T23:45:54","version" => "0.4"},{"date" => "2003-05-25T20:00:11","version" => "0.5"},{"date" => "2003-06-08T08:07:42","version" => "0.6"},{"date" => "2003-07-02T17:33:44","version" => "0.7"},{"date" => "2003-07-03T16:40:09","version" => "0.71"},{"date" => "2003-08-19T20:32:16","version" => "0.72"},{"date" => "2004-03-28T11:29:19","version" => "0.75"},{"date" => "2004-04-17T07:03:50","version" => "0.76"},{"date" => "2004-04-17T09:34:42","version" => "0.77"},{"date" => "2004-05-02T20:16:01","version" => "0.80"},{"date" => "2004-05-09T19:45:16","version" => "0.81"},{"date" => "2004-09-12T22:11:09","version" => "0.84"},{"date" => "2004-12-31T07:20:14","version" => "0.85"},{"date" => "2005-02-02T17:03:47","version" => "0.87"},{"date" => "2005-08-22T20:31:27","version" => "0.88"},{"date" => "2006-05-23T09:36:56","version" => "0.89"},{"date" => "2006-11-11T09:22:01","version" => "0.90"},{"date" => "2006-11-13T17:53:37","version" => "0.91"},{"date" => "2007-06-07T19:50:54","version" => "0.95"},{"date" => "2008-09-06T21:03:59","version" => "0.97"},{"date" => "2009-11-24T01:24:12","version" => "0.98"},{"date" => "2010-11-02T22:20:55","version" => "0.99"},{"date" => "2010-11-23T20:42:35","version" => "1.00"},{"date" => "2011-02-10T09:28:49","version" => "1.01"},{"date" => "2011-02-11T06:06:07","version" => "1.02"},{"date" => "2013-04-12T06:43:49","version" => "1.02_50"},{"date" => "2016-02-21T18:58:43","version" => "1.03"},{"date" => "2016-03-20T15:25:13","version" => "1.04"},{"date" => "2016-06-28T17:10:13","version" => "1.05"},{"date" => "2018-06-23T13:50:33","version" => "1.06"},{"date" => "2018-06-26T20:55:40","version" => "1.07"},{"date" => "2018-06-27T11:47:10","version" => "1.08"},{"date" => "2018-06-27T13:50:27","version" => "1.09"},{"date" => "2018-06-28T08:02:58","version" => "1.10"},{"date" => "2018-07-13T08:35:58","version" => "1.11"},{"date" => "2018-07-14T08:03:20","version" => "1.12"},{"date" => "2018-07-15T11:36:17","version" => "1.15"},{"date" => "2018-07-15T12:22:05","version" => "1.13"},{"date" => "2018-07-15T16:43:59","version" => "1.16"},{"date" => "2018-07-17T11:29:52","version" => "1.17"},{"date" => "2018-07-18T15:54:30","version" => "1.18"},{"date" => "2018-07-19T16:25:01","version" => "1.19"},{"date" => "2018-07-19T19:14:28","version" => "1.20"},{"date" => "2018-07-20T09:58:37","version" => "1.21"},{"date" => "2018-07-20T18:15:43","version" => "1.22"},{"date" => "2018-07-21T17:34:34","version" => "1.23"},{"date" => "2018-07-23T19:28:49","version" => "1.24"},{"date" => "2018-07-25T16:37:19","version" => "1.25"},{"date" => "2018-08-22T08:49:39","version" => "1.27"},{"date" => "2024-01-02T12:27:15","version" => "1.28"},{"date" => "2024-01-02T14:18:57","version" => "1.29"},{"date" => "2024-01-02T16:00:50","version" => "1.30"},{"date" => "2024-01-03T12:37:05","version" => "1.31"},{"date" => "2024-01-06T15:12:10","version" => "1.32"},{"date" => "2025-01-06T19:58:52","version" => "1.50"},{"date" => "2025-01-07T18:25:32","version" => "1.51_01"},{"date" => "2025-01-26T17:49:05","version" => "1.51"},{"date" => "2025-03-16T09:15:07","version" => "1.51_02"},{"date" => "2025-03-16T09:25:42","version" => "1.52"},{"date" => "2025-03-16T14:25:32","version" => "1.53"}]},"Term-ReadLine-Gnu" => {"advisories" => [{"affected_versions" => ["<1.27"],"comment" => "The presense of affected versions of Term-ReadLine-Gnu suggests that a vulnerable version of the readline linrary is installed on the host system.\n","cves" => ["CVE-2014-2524"],"description" => "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.\n","distribution" => "Term-ReadLine-Gnu","external_vulnerability" => {"distributed_version" => "<=6.3","name" => "readline"},"fixed_versions" => [">=1.27"],"id" => "CPANSA-Term-ReadLine-Gnu-2014-2524","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1077023","http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html","http://seclists.org/oss-sec/2014/q1/579","http://seclists.org/oss-sec/2014/q1/587","https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html","http://www.mandriva.com/security/advisories?name=MDVSA-2014:154","http://advisories.mageia.org/MGASA-2014-0319.html","http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html","http://www.mandriva.com/security/advisories?name=MDVSA-2015:132"],"reported" => "2014-08-20","severity" => undef}],"main_module" => "Term::ReadLine::Gnu","versions" => [{"date" => "1997-02-07T02:03:51","version" => "0.06"},{"date" => "1997-03-26T07:17:23","version" => "0.07"},{"date" => "1997-08-25T15:02:01","version" => "0.09"},{"date" => "1998-03-31T15:49:08","version" => "0.10"},{"date" => "1998-04-17T05:23:29","version" => "1.00"},{"date" => "1998-05-13T15:45:47","version" => "1.01"},{"date" => "1998-09-30T16:10:02","version" => "1.03"},{"date" => "1999-02-22T17:28:32","version" => "1.04"},{"date" => "1999-04-10T16:08:54","version" => "1.05"},{"date" => "1999-05-05T14:55:21","version" => "1.06"},{"date" => "1999-07-19T15:13:19","version" => "1.07"},{"date" => "1999-12-30T13:37:18","version" => "1.08"},{"date" => "2000-04-03T18:05:33","version" => "1.09"},{"date" => "2001-04-22T14:23:37","version" => "1.10"},{"date" => "2001-10-28T04:38:19","version" => "1.11"},{"date" => "2002-03-31T05:54:31","version" => "1.12"},{"date" => "2002-07-28T05:07:18","version" => "1.13"},{"date" => "2003-03-17T03:59:29","version" => "1.14"},{"date" => "2004-10-17T20:00:06","version" => "1.15"},{"date" => "2006-04-02T01:36:28","version" => "1.16"},{"date" => "2008-02-07T15:00:09","version" => "1.17"},{"date" => "2008-02-07T15:52:11","version" => "1.17"},{"date" => "2009-02-27T14:14:29","version" => "1.18"},{"date" => "2009-03-20T17:00:37","version" => "1.19"},{"date" => "2010-05-02T14:26:20","version" => "1.20"},{"date" => "2014-03-01T17:19:57","version" => "1.21"},{"date" => "2014-03-05T14:48:24","version" => "1.22"},{"date" => "2014-03-19T15:53:44","version" => "1.23"},{"date" => "2014-03-23T11:58:51","version" => "1.24"},{"date" => "2014-12-20T13:25:24","version" => "1.25"},{"date" => "2015-01-31T12:30:45","version" => "1.26"},{"date" => "2015-09-06T06:03:05","version" => "1.27"},{"date" => "2015-09-21T13:14:52","version" => "1.28"},{"date" => "2016-02-29T14:06:51","version" => "1.29"},{"date" => "2016-03-01T15:55:22","version" => "1.30"},{"date" => "2016-03-06T00:45:52","version" => "1.31"},{"date" => "2016-06-07T15:25:50","version" => "1.32"},{"date" => "2016-06-09T17:11:29","version" => "1.33"},{"date" => "2016-06-12T14:53:40","version" => "1.34"},{"date" => "2016-11-03T14:36:40","version" => "1.35"},{"date" => "2019-01-14T05:39:06","version" => "1.36"},{"date" => "2020-12-27T03:26:23","version" => "1.37"},{"date" => "2021-02-22T09:48:52","version" => "1.38"},{"date" => "2021-02-22T14:36:24","version" => "1.39"},{"date" => "2021-02-23T07:24:27","version" => "1.40"},{"date" => "2021-05-01T14:45:09","version" => "1.41"},{"date" => "2021-05-07T03:30:02","version" => "1.42"},{"date" => "2022-10-01T08:45:18","version" => "1.43"},{"date" => "2022-11-06T14:03:08","version" => "1.44"},{"date" => "2022-11-27T13:23:27","version" => "1.45"},{"date" => "2023-07-01T09:18:33","version" => "1.46"},{"date" => "2025-07-06T02:25:46","version" => "1.47"}]},"Tk" => {"advisories" => [{"affected_versions" => ["<804.029"],"cves" => ["CVE-2006-4484"],"description" => "Buffer overflow in the LWZReadByte_ function in the GD extension in allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.\n","distribution" => "Tk","fixed_versions" => [">=804.029"],"id" => "CPANSA-Tk-2008-01","references" => ["https://metacpan.org/changes/distribution/Tk"],"reported" => "2008-10-01"},{"affected_versions" => [">804.024,<=804.027"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"},{"affected_versions" => [">804.027_500,<=804.036"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"},{"affected_versions" => [">0"],"cves" => ["CVE-2007-4769"],"description" => "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2007-4769-tcl","references" => ["http://www.postgresql.org/about/news.905","http://www.securityfocus.com/bid/27163","http://securitytracker.com/id?1019157","http://secunia.com/advisories/28359","http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894","http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894","http://www.mandriva.com/security/advisories?name=MDVSA-2008:004","https://issues.rpath.com/browse/RPL-1768","http://www.debian.org/security/2008/dsa-1460","http://www.debian.org/security/2008/dsa-1463","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html","http://www.redhat.com/support/errata/RHSA-2008-0038.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1","http://secunia.com/advisories/28376","http://secunia.com/advisories/28438","http://secunia.com/advisories/28437","http://secunia.com/advisories/28454","http://secunia.com/advisories/28464","http://secunia.com/advisories/28477","http://secunia.com/advisories/28479","http://secunia.com/advisories/28455","http://security.gentoo.org/glsa/glsa-200801-15.xml","http://secunia.com/advisories/28679","http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html","http://secunia.com/advisories/28698","http://www.redhat.com/support/errata/RHSA-2008-0040.html","http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1","http://secunia.com/advisories/29638","http://www.vupen.com/english/advisories/2008/1071/references","http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154","http://www.vupen.com/english/advisories/2008/0109","http://www.vupen.com/english/advisories/2008/0061","https://exchange.xforce.ibmcloud.com/vulnerabilities/39499","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804","https://usn.ubuntu.com/568-1/","http://www.securityfocus.com/archive/1/486407/100/0/threaded","http://www.securityfocus.com/archive/1/485864/100/0/threaded"],"reported" => "2008-01-09","severity" => undef}],"main_module" => "Tk","versions" => [{"date" => "1995-08-22T23:03:30","version" => 0},{"date" => "1995-12-19T01:56:04","version" => 0},{"date" => "1996-08-29T00:19:01","version" => 0},{"date" => "1996-09-07T01:08:44","version" => "400.200"},{"date" => "1997-01-08T23:27:30","version" => "400.201"},{"date" => "1997-01-25T12:33:02","version" => "400.202"},{"date" => "1997-05-04T20:05:58","version" => "402.000"},{"date" => "1997-06-14T19:17:26","version" => "402.001"},{"date" => "1997-07-18T17:01:40","version" => "402.002"},{"date" => "1997-10-04T15:32:53","version" => "402.003"},{"date" => "1998-01-25T17:07:27","version" => "402.004"},{"date" => "1998-02-07T21:22:00","version" => "402.003"},{"date" => "1998-02-22T19:34:11","version" => "800.000"},{"date" => "1998-03-02T00:12:00","version" => "800.0_01"},{"date" => "1998-03-09T22:37:37","version" => "800.0_02"},{"date" => "1998-03-17T13:43:00","version" => "402.003"},{"date" => "1998-04-01T04:36:00","version" => "402.003"},{"date" => "1998-04-02T18:32:00","version" => "402.003"},{"date" => "1998-04-05T08:37:23","version" => "800.003"},{"date" => "1998-04-19T17:23:45","version" => "800.004"},{"date" => "1998-05-17T18:07:11","version" => "800.005"},{"date" => "1998-06-14T20:30:35","version" => "800.006"},{"date" => "1998-06-26T16:30:23","version" => "800.007"},{"date" => "1998-07-17T16:47:42","version" => "800.008"},{"date" => "1998-08-08T19:31:23","version" => "800.010"},{"date" => "1998-09-01T17:20:02","version" => "800.011"},{"date" => "1998-11-15T14:28:04","version" => "800.012"},{"date" => "1999-03-16T22:13:10","version" => "800.013"},{"date" => "1999-04-05T20:15:39","version" => "800.014"},{"date" => "1999-07-28T22:10:03","version" => "800.015"},{"date" => "2000-01-08T12:48:56","version" => "800.017"},{"date" => "2000-01-08T12:58:16","version" => "800.0_16"},{"date" => "2000-01-22T19:44:55","version" => "800.018"},{"date" => "2000-03-13T16:39:08","version" => "800.019"},{"date" => "2000-03-27T17:01:22","version" => "800.020"},{"date" => "2000-04-21T13:38:21","version" => "800.021"},{"date" => "2000-05-13T09:48:51","version" => "800.022"},{"date" => "2001-05-15T15:07:21","version" => "800.023"},{"date" => "2001-07-14T21:06:00","version" => "800.012"},{"date" => "2002-03-05T16:38:25","version" => "800.024"},{"date" => "2002-03-17T20:30:42","version" => "800.024"},{"date" => "2002-10-13T17:20:55","version" => "804.0_24"},{"date" => "2003-05-02T01:10:54","version" => "v804.024."},{"date" => "2003-09-08T08:13:16","version" => "800.025"},{"date" => "2003-09-28T18:01:55","version" => "804.025"},{"date" => "2003-10-10T18:24:24","version" => "804.025"},{"date" => "2003-10-20T20:44:44","version" => "804.025"},{"date" => "2003-10-27T08:23:07","version" => "804.025"},{"date" => "2003-11-02T22:28:10","version" => "804.025"},{"date" => "2003-11-16T22:15:42","version" => "804.025"},{"date" => "2003-12-02T21:26:56","version" => "804.025"},{"date" => "2003-12-08T08:01:15","version" => "804.025_"},{"date" => "2003-12-11T08:03:20","version" => "804.025"},{"date" => "2003-12-14T20:22:05","version" => "804.025"},{"date" => "2003-12-19T17:42:32","version" => "804.025"},{"date" => "2003-12-21T21:09:10","version" => "804.025_"},{"date" => "2003-12-23T23:19:20","version" => "804.025"},{"date" => "2004-01-12T21:59:01","version" => "804.025"},{"date" => "2004-02-28T17:33:01","version" => "804.025_"},{"date" => "2004-03-07T20:33:56","version" => "804.025_"},{"date" => "2004-03-19T08:10:49","version" => "804.026"},{"date" => "2004-04-11T19:04:25","version" => "804.026"},{"date" => "2007-02-11T08:49:16","version" => "804.027_500"},{"date" => "2007-09-21T22:57:57","version" => "804.027_501"},{"date" => "2007-12-04T21:03:29","version" => "804.027_502"},{"date" => "2007-12-18T22:01:39","version" => "804.028"},{"date" => "2008-10-01T21:48:52","version" => "804.0285"},{"date" => "2008-11-04T22:27:51","version" => "804.028501"},{"date" => "2010-01-30T17:54:07","version" => "804.028502"},{"date" => "2010-05-13T00:00:04","version" => "804.028503"},{"date" => "2010-05-27T19:25:41","version" => "804.029"},{"date" => "2011-06-13T17:53:20","version" => "804.0295"},{"date" => "2011-10-14T19:22:48","version" => "804.029501"},{"date" => "2011-10-17T21:12:41","version" => "804.029502"},{"date" => "2011-10-20T21:08:12","version" => "804.03"},{"date" => "2013-05-17T22:16:24","version" => "804.030500"},{"date" => "2013-05-18T05:01:41","version" => "804.030501"},{"date" => "2013-05-21T07:30:50","version" => "804.030502"},{"date" => "2013-05-25T12:57:05","version" => "804.031"},{"date" => "2013-11-17T11:24:41","version" => "804.031500"},{"date" => "2013-11-18T20:19:08","version" => "804.031501"},{"date" => "2013-12-01T15:07:28","version" => "804.031502"},{"date" => "2013-12-07T13:00:14","version" => "804.031503"},{"date" => "2014-01-26T17:01:07","version" => "804.032"},{"date" => "2014-11-06T21:01:44","version" => "804.032500"},{"date" => "2015-01-31T10:28:08","version" => "804.032501"},{"date" => "2015-02-21T15:54:08","version" => "804.033"},{"date" => "2017-08-20T09:29:42","version" => "804.033500"},{"date" => "2017-08-26T15:26:56","version" => "804.034"},{"date" => "2020-02-23T16:12:23","version" => "804.034500"},{"date" => "2020-03-19T21:02:47","version" => "804.034501"},{"date" => "2020-03-28T19:28:42","version" => "804.035"},{"date" => "2021-02-07T19:55:40","version" => "804.035501"},{"date" => "2021-02-14T12:53:44","version" => "804.036"}]},"UI-Dialog" => {"advisories" => [{"affected_versions" => ["<1.11"],"cves" => [],"description" => "Allows remote attackers to execute arbitrary commands.\n","distribution" => "UI-Dialog","fixed_versions" => [">=1.11"],"id" => "CPANSA-UI-Dialog-2015-01","references" => ["https://metacpan.org/changes/distribution/UI-Dialog"],"reported" => "2015-10-10"},{"affected_versions" => ["<1.03"],"cves" => [],"description" => "CDialog and Whiptail backends usage of the temp files.\n","distribution" => "UI-Dialog","fixed_versions" => [">=1.03"],"id" => "CPANSA-UI-Dialog-2004-01","references" => ["https://metacpan.org/changes/distribution/UI-Dialog"],"reported" => "2004-02-18"},{"affected_versions" => ["<=1.09"],"cves" => ["CVE-2008-7315"],"description" => "UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.\n","distribution" => "UI-Dialog","fixed_versions" => [">1.09"],"id" => "CPANSA-UI-Dialog-2008-7315","references" => ["https://security-tracker.debian.org/tracker/CVE-2008-7315/","https://rt.cpan.org/Public/Bug/Display.html?id=107364","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448","http://www.securityfocus.com/bid/77031/info","http://www.openwall.com/lists/oss-security/2015/10/08/6"],"reported" => "2017-10-10","severity" => "critical"}],"main_module" => "UI::Dialog","versions" => [{"date" => "2004-01-04T10:51:34","version" => "1.00"},{"date" => "2004-01-13T00:08:39","version" => "1.01"},{"date" => "2004-02-15T11:03:37","version" => "1.02"},{"date" => "2004-02-18T16:52:59","version" => "1.03"},{"date" => "2004-02-22T18:34:25","version" => "1.04"},{"date" => "2004-03-18T02:12:03","version" => "1.05"},{"date" => "2004-03-18T16:01:50","version" => "1.06"},{"date" => "2004-07-21T19:59:51","version" => "1.07"},{"date" => "2004-10-05T00:46:22","version" => "1.08"},{"date" => "2013-08-10T09:39:07","version" => "1.09"},{"date" => "2013-08-10T17:09:57","version" => "1.09"},{"date" => "2013-08-19T17:22:00","version" => "1.09"},{"date" => "2016-01-19T19:05:07","version" => "1.11"},{"date" => "2016-01-22T06:42:45","version" => "1.12"},{"date" => "2016-01-30T21:24:56","version" => "1.13"},{"date" => "2016-02-03T02:10:12","version" => "1.14"},{"date" => "2016-02-09T00:11:17","version" => "1.15"},{"date" => "2016-02-10T02:57:43","version" => "1.16"},{"date" => "2016-02-12T05:25:14","version" => "1.17"},{"date" => "2016-02-13T02:56:26","version" => "1.18"},{"date" => "2016-02-21T23:33:48","version" => "1.19"},{"date" => "2016-03-07T02:15:26","version" => "1.20"},{"date" => "2016-04-02T22:17:32","version" => "1.21"}]},"UR" => {"advisories" => [{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "UR","versions" => [{"date" => "2009-06-07T02:56:12","version" => "0.5"},{"date" => "2009-06-07T14:35:30","version" => "0.6"},{"date" => "2009-06-10T13:02:02","version" => "0.7"},{"date" => "2009-06-17T19:58:14","version" => "0.8"},{"date" => "2009-06-19T21:24:12","version" => "0.9"},{"date" => "2009-07-23T02:44:02","version" => "0.010000"},{"date" => "2009-08-08T02:06:36","version" => "v0.11"},{"date" => "2009-09-10T15:29:51","version" => "v0.12"},{"date" => "2010-07-24T01:13:14","version" => "v0.12"},{"date" => "2010-08-03T20:14:01","version" => "v0.12"},{"date" => "2010-09-28T19:29:58","version" => "v0.16"},{"date" => "2010-11-10T17:12:23","version" => "v0.17"},{"date" => "2010-12-10T15:09:46","version" => "v0.17"},{"date" => "2010-12-24T15:27:18","version" => "v0.17"},{"date" => "2011-01-09T22:52:34","version" => "v0.20.0"},{"date" => "2011-01-11T04:01:49","version" => "0.20"},{"date" => "2011-01-12T02:21:39","version" => "v0.20.0"},{"date" => "2011-01-13T01:06:47","version" => "v0.20.0"},{"date" => "2011-01-13T02:53:43","version" => "v0.21.0"},{"date" => "2011-01-13T03:02:18","version" => "v0.22.0"},{"date" => "2011-01-13T03:17:32","version" => "v0.23.0"},{"date" => "2011-01-15T18:02:04","version" => "v0.24.0"},{"date" => "2011-01-15T18:58:48","version" => "0.25"},{"date" => "2011-01-16T18:14:53","version" => "0.26"},{"date" => "2011-01-23T03:21:45","version" => "0.27"},{"date" => "2011-01-23T21:45:44","version" => "0.28"},{"date" => "2011-03-07T16:47:26","version" => "0.29"},{"date" => "2011-03-07T17:30:00","version" => "0.30"},{"date" => "2011-06-29T18:14:31","version" => "0.32"},{"date" => "2011-06-29T19:29:49","version" => "0.32"},{"date" => "2011-06-30T23:11:11","version" => "0.33"},{"date" => "2011-07-26T17:06:49","version" => "0.34"},{"date" => "2011-10-28T20:35:09","version" => "0.35"},{"date" => "2012-01-05T22:13:28","version" => "0.36"},{"date" => "2012-02-03T20:20:16","version" => "0.37"},{"date" => "2012-03-28T20:41:57","version" => "0.38"},{"date" => "2012-03-29T15:18:49","version" => "0.38"},{"date" => "2013-01-31T02:50:56","version" => "0.39"},{"date" => "2013-01-31T19:53:27","version" => "0.391"},{"date" => "2013-01-31T21:45:49","version" => "0.392"},{"date" => "2013-02-25T17:16:34","version" => "0.40"},{"date" => "2013-03-01T21:36:01","version" => "0.41_01"},{"date" => "2013-03-04T17:41:12","version" => "0.41_02"},{"date" => "2013-03-05T14:57:47","version" => "0.41_03"},{"date" => "2013-03-11T16:47:16","version" => "0.41_04"},{"date" => "2013-03-13T16:00:04","version" => "0.41_05"},{"date" => "2013-03-18T18:11:56","version" => "0.41"},{"date" => "2014-06-26T22:26:14","version" => "0.42_01"},{"date" => "2014-06-27T16:57:25","version" => "0.42_02"},{"date" => "2014-06-30T18:50:27","version" => "0.42_03"},{"date" => "2014-07-03T14:36:23","version" => "0.43"},{"date" => "2015-07-06T14:36:22","version" => "0.44"},{"date" => "2016-09-19T21:06:59","version" => "0.44_01"},{"date" => "2016-09-22T20:09:37","version" => "0.45"},{"date" => "2017-03-24T19:46:02","version" => "0.46"},{"date" => "2018-07-30T00:43:07","version" => "0.46"},{"date" => "2018-08-06T14:29:10","version" => "0.47"}]},"Ukigumo-Agent" => {"advisories" => [{"affected_versions" => [">=0.0.7,<=0.1.8"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Agent","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Agent-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "Ukigumo::Agent","versions" => [{"date" => "2013-03-14T03:40:56","version" => "v0.0.1"},{"date" => "2013-03-14T03:50:26","version" => "v0.0.2"},{"date" => "2013-03-14T03:59:34","version" => "v0.0.3"},{"date" => "2013-03-14T05:53:39","version" => "v0.0.5"},{"date" => "2013-03-14T08:46:38","version" => "v0.0.6"},{"date" => "2013-03-27T03:35:38","version" => "0.0.7"},{"date" => "2013-03-28T02:48:36","version" => "0.0.8"},{"date" => "2013-03-30T13:26:16","version" => "0.0.9"},{"date" => "2013-04-01T01:30:42","version" => "0.0.10"},{"date" => "2013-06-16T02:24:50","version" => "v0.0.11"},{"date" => "2014-03-13T10:54:45","version" => "v0.0.12"},{"date" => "2014-03-17T03:51:33","version" => "v0.0.13"},{"date" => "2014-03-17T04:05:38","version" => "v0.0.14"},{"date" => "2014-03-17T15:33:36","version" => "v0.0.15"},{"date" => "2014-03-19T08:49:23","version" => "v0.0.16"},{"date" => "2014-03-27T23:35:17","version" => "v0.1.0"},{"date" => "2014-03-27T23:36:44","version" => "v0.1.1"},{"date" => "2014-04-05T05:50:05","version" => "v0.1.2"},{"date" => "2014-04-06T14:49:08","version" => "v0.1.3"},{"date" => "2014-04-08T06:56:15","version" => "v0.1.4"},{"date" => "2014-05-01T04:34:16","version" => "v0.1.5"},{"date" => "2014-05-02T03:52:32","version" => "v0.1.6"},{"date" => "2014-06-20T02:38:53","version" => "v0.1.7"},{"date" => "2015-10-22T08:21:09","version" => "v0.1.8"}]},"Ukigumo-Server" => {"advisories" => [{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-7746"],"description" => "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7746-chartjs","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376","https://github.com/chartjs/Chart.js/pull/7920","https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374"],"reported" => "2020-10-29","severity" => "high"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Ukigumo::Server","versions" => [{"date" => "2013-10-03T02:13:43","version" => "0.01"},{"date" => "2013-10-03T16:59:57","version" => "v1.0.0"},{"date" => "2013-11-02T00:26:13","version" => "v1.0.1"},{"date" => "2013-11-02T09:29:47","version" => "v1.0.2"},{"date" => "2014-02-20T10:34:17","version" => "v1.1.0"},{"date" => "2014-03-13T10:42:41","version" => "v2.0.0"},{"date" => "2014-03-13T15:34:35","version" => "v2.0.1"},{"date" => "2014-03-14T14:37:37","version" => "v2.0.2"},{"date" => "2014-03-17T15:24:12","version" => "v2.0.3"},{"date" => "2014-04-05T05:47:09","version" => "v2.1.0"},{"date" => "2014-04-06T14:51:57","version" => "v2.1.1"},{"date" => "2014-04-08T07:09:05","version" => "v2.1.2"},{"date" => "2014-04-30T06:46:48","version" => "v2.1.3"},{"date" => "2015-01-23T12:07:31","version" => "v2.1.4"},{"date" => "2018-07-26T05:25:21","version" => "v2.1.5"}]},"UnQLite" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2026-3257"],"description" => "UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library.  UnQLite for Perl embeds the UnQLite library.  Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.","distribution" => "UnQLite","fixed_versions" => [],"id" => "CPANSA-UnQLite-2026-3257","references" => ["https://metacpan.org/release/TOKUHIROM/UnQLite-0.07/source/Changes","https://unqlite.symisc.net/","https://www.cve.org/CVERecord?id=CVE-2025-3791"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "UnQLite","versions" => [{"date" => "2013-07-03T19:04:57","version" => "0.01"},{"date" => "2013-07-05T06:44:50","version" => "0.02"},{"date" => "2013-07-18T03:14:55","version" => "0.03"},{"date" => "2014-08-30T09:37:46","version" => "0.04"},{"date" => "2014-12-23T22:57:03","version" => "0.05"},{"date" => "2026-02-25T01:20:29","version" => "0.06"},{"date" => "2026-02-28T01:51:39","version" => "0.07"}]},"Valiant" => {"advisories" => [{"affected_versions" => ["<0.002011"],"cves" => [],"description" => "closed potential security issue with deeply nested paramters in the DBIC glue code.  This was a hack that could let someone create a child record if you were allowing find_by_unique rather than find by primary key.\n","distribution" => "Valiant","fixed_versions" => [">=0.002011"],"id" => "CPANSA-Valiant-2024-001","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/175","https://github.com/jjn1056/Valiant/commit/242348776cc01e736397767f11f86cc4055817c4"],"reported" => undef,"severity" => undef}],"main_module" => "Valiant","versions" => [{"date" => "2021-02-25T17:30:04","version" => "0.001001"},{"date" => "2021-02-25T17:57:04","version" => "0.001002"},{"date" => "2021-03-04T15:56:07","version" => "0.001003"},{"date" => "2021-04-07T14:42:08","version" => "0.001004"},{"date" => "2021-04-18T12:44:18","version" => "0.001005"},{"date" => "2021-04-20T01:13:20","version" => "0.001006"},{"date" => "2021-09-07T01:06:25","version" => "0.001007"},{"date" => "2021-09-14T14:58:28","version" => "0.001008"},{"date" => "2021-10-01T17:54:48","version" => "0.001009"},{"date" => "2021-10-26T17:09:00","version" => "0.001010"},{"date" => "2021-11-03T21:55:14","version" => "0.001011"},{"date" => "2022-02-27T23:39:59","version" => "0.001012"},{"date" => "2022-03-03T14:37:57","version" => "0.001013"},{"date" => "2022-03-04T15:43:13","version" => "0.001014"},{"date" => "2022-08-03T23:46:42","version" => "0.001015"},{"date" => "2022-09-11T19:09:30","version" => "0.001016"},{"date" => "2022-12-06T23:57:19","version" => "0.001017"},{"date" => "2023-04-06T18:14:16","version" => "0.001018"},{"date" => "2023-04-08T22:55:02","version" => "0.001019"},{"date" => "2023-04-09T19:34:57","version" => "0.001020"},{"date" => "2023-04-10T21:53:58","version" => "0.001021"},{"date" => "2023-04-18T13:17:26","version" => "0.001022"},{"date" => "2023-07-13T01:06:07","version" => "0.001023"},{"date" => "2023-07-14T12:59:23","version" => "0.001024"},{"date" => "2023-08-02T23:49:48","version" => "0.001025"},{"date" => "2023-08-03T22:50:38","version" => "0.001026"},{"date" => "2023-08-11T22:44:06","version" => "0.002001"},{"date" => "2023-08-27T14:18:29","version" => "0.002002"},{"date" => "2023-10-04T17:28:16","version" => "0.002003"},{"date" => "2024-07-29T19:33:48","version" => "0.002004"},{"date" => "2024-10-02T00:46:07","version" => "0.002005"},{"date" => "2024-11-11T21:41:15","version" => "0.002006"},{"date" => "2024-11-26T18:52:22","version" => "0.002007"},{"date" => "2024-11-29T16:12:40","version" => "0.002008"},{"date" => "2024-12-05T17:37:52","version" => "0.002009"},{"date" => "2024-12-07T15:43:12","version" => "0.002010"},{"date" => "2024-12-07T19:59:50","version" => "0.002011"},{"date" => "2024-12-12T22:53:06","version" => "0.002012"},{"date" => "2025-01-02T02:25:00","version" => "0.002013"},{"date" => "2025-01-02T15:12:36","version" => "0.002014"},{"date" => "2025-01-02T16:14:29","version" => "0.002015"},{"date" => "2025-03-02T16:09:42","version" => "0.002016"},{"date" => "2025-03-10T16:29:26","version" => "0.002017"},{"date" => "2025-06-21T13:56:39","version" => "0.002018"},{"date" => "2025-07-10T15:04:52","version" => "0.002019"}]},"WWW-Mechanize" => {"advisories" => [{"affected_versions" => ["<1.05_03"],"cves" => [],"description" => "find_link() uses eval().\n","distribution" => "WWW-Mechanize","fixed_versions" => [">=1.05_03"],"id" => "CPANSA-WWW-Mechanize-2004-01","references" => ["https://metacpan.org/dist/WWW-Mechanize/changes"],"reported" => "2004-10-31","severity" => undef}],"main_module" => "WWW::Mechanize","versions" => [{"date" => "2002-09-10T21:50:10","version" => "0.30"},{"date" => "2002-09-13T20:19:21","version" => "0.31"},{"date" => "2002-10-24T04:25:30","version" => "0.32"},{"date" => "2003-01-16T16:05:31","version" => "0.33"},{"date" => "2003-01-22T23:57:57","version" => "0.35"},{"date" => "2003-02-04T17:40:03","version" => "0.36"},{"date" => "2003-03-04T21:13:29","version" => "0.37"},{"date" => "2003-03-25T05:52:17","version" => "0.38"},{"date" => "2003-04-02T05:31:16","version" => "0.39"},{"date" => "2003-04-20T02:56:53","version" => "0.40"},{"date" => "2003-05-23T04:29:22","version" => "0.41"},{"date" => "2003-05-27T03:44:25","version" => "0.42"},{"date" => "2003-05-29T14:30:01","version" => "0.43"},{"date" => "2003-06-05T17:16:31","version" => "0.44"},{"date" => "2003-06-17T04:25:04","version" => "0.45"},{"date" => "2003-06-20T16:17:58","version" => "0.46"},{"date" => "2003-06-22T03:54:22","version" => "0.47"},{"date" => "2003-06-22T18:56:42","version" => "0.48"},{"date" => "2003-06-23T19:49:13","version" => "0.49"},{"date" => "2003-06-24T14:54:50","version" => "0.50"},{"date" => "2003-06-30T02:43:06","version" => "0.51"},{"date" => "2003-07-08T23:52:55","version" => "0.52"},{"date" => "2003-07-17T17:26:47","version" => "0.53"},{"date" => "2003-07-20T05:50:27","version" => "0.54"},{"date" => "2003-07-22T17:15:43","version" => "0.55"},{"date" => "2003-07-24T17:25:57","version" => "0.56"},{"date" => "2003-08-01T04:36:32","version" => "0.57"},{"date" => "2003-08-15T04:41:26","version" => "0.58"},{"date" => "2003-09-04T05:33:00","version" => "0.59"},{"date" => "2003-09-23T04:32:57","version" => "0.60"},{"date" => "2003-10-06T23:41:02","version" => "0.61"},{"date" => "2003-10-08T01:55:58","version" => "0.62"},{"date" => "2003-10-13T20:24:52","version" => "0.63"},{"date" => "2003-10-24T04:57:15","version" => "0.64"},{"date" => "2003-11-10T06:19:18","version" => "0.65"},{"date" => "2003-11-13T21:09:41","version" => "0.66"},{"date" => "2003-11-26T05:21:34","version" => "0.69_01"},{"date" => "2003-12-01T05:52:38","version" => "0.70"},{"date" => "2003-12-22T05:53:11","version" => "0.71_01"},{"date" => "2003-12-22T21:01:12","version" => "0.71_02"},{"date" => "2004-01-13T04:45:37","version" => "0.72"},{"date" => "2004-02-29T05:58:51","version" => "0.73_01"},{"date" => "2004-03-03T05:57:51","version" => "0.73_02"},{"date" => "2004-03-21T06:08:45","version" => "0.73_03"},{"date" => "2004-03-23T05:41:11","version" => "0.74"},{"date" => "2004-03-28T04:54:18","version" => "0.75_01"},{"date" => "2004-04-05T05:01:50","version" => "0.75_02"},{"date" => "2004-04-08T03:05:29","version" => "0.76"},{"date" => "2004-04-10T05:55:21","version" => "1.00"},{"date" => "2004-04-14T04:14:17","version" => "1.02"},{"date" => "2004-05-27T20:23:15","version" => "1.03_01"},{"date" => "2004-08-17T04:10:41","version" => "1.03_02"},{"date" => "2004-09-16T04:32:03","version" => "1.04"},{"date" => "2004-10-01T02:18:55","version" => "1.05_01"},{"date" => "2004-10-02T22:08:55","version" => "1.05_02"},{"date" => "2004-11-01T03:25:19","version" => "1.05_03"},{"date" => "2004-11-06T05:39:06","version" => "1.05_04"},{"date" => "2004-12-08T21:25:06","version" => "1.06"},{"date" => "2004-12-24T07:08:27","version" => "1.08"},{"date" => "2005-02-02T05:58:14","version" => "1.10"},{"date" => "2005-02-14T06:21:29","version" => "1.11_01"},{"date" => "2005-02-22T04:05:23","version" => "1.11_02"},{"date" => "2005-02-25T05:50:52","version" => "1.12"},{"date" => "2005-04-12T19:32:06","version" => "1.13_01"},{"date" => "2005-08-30T22:32:23","version" => "1.14"},{"date" => "2005-10-28T22:38:43","version" => "1.16"},{"date" => "2006-01-12T22:26:07","version" => "1.17_01"},{"date" => "2006-02-02T06:32:25","version" => "1.18"},{"date" => "2006-08-08T05:13:01","version" => "1.19_02"},{"date" => "2006-08-19T06:44:58","version" => "1.20"},{"date" => "2006-09-18T22:22:26","version" => "1.21_01"},{"date" => "2006-10-04T18:17:54","version" => "1.21_02"},{"date" => "2006-10-07T06:26:26","version" => "1.21_03"},{"date" => "2006-10-08T02:39:57","version" => "1.21_04"},{"date" => "2007-03-02T06:09:51","version" => "1.22"},{"date" => "2007-05-11T21:01:11","version" => "1.24"},{"date" => "2007-05-16T05:27:55","version" => "1.26"},{"date" => "2007-05-22T19:16:39","version" => "1.29_01"},{"date" => "2007-05-25T02:37:45","version" => "1.30"},{"date" => "2007-09-18T04:39:11","version" => "1.31_01"},{"date" => "2007-10-25T16:59:57","version" => "1.31_02"},{"date" => "2007-10-30T17:09:44","version" => "1.32"},{"date" => "2007-12-10T06:39:14","version" => "1.34"},{"date" => "2008-09-28T04:52:28","version" => "1.49_01"},{"date" => "2008-10-27T04:12:02","version" => "1.50"},{"date" => "2008-11-06T21:12:28","version" => "1.51_01"},{"date" => "2008-11-18T07:34:58","version" => "1.51_02"},{"date" => "2008-11-20T17:07:18","version" => "1.51_03"},{"date" => "2008-11-25T15:56:37","version" => "1.52"},{"date" => "2009-01-12T06:51:13","version" => "1.54"},{"date" => "2009-07-06T17:20:24","version" => "1.55_01"},{"date" => "2009-07-10T22:13:25","version" => "1.56"},{"date" => "2009-07-14T03:40:28","version" => "1.58"},{"date" => "2009-08-17T06:04:34","version" => "1.60"},{"date" => "2010-04-11T04:14:18","version" => "1.62"},{"date" => "2010-07-01T15:49:38","version" => "1.64"},{"date" => "2010-09-10T22:10:32","version" => "1.66"},{"date" => "2011-04-07T05:12:31","version" => "1.67_01"},{"date" => "2011-04-21T15:11:30","version" => "1.68"},{"date" => "2011-08-01T21:49:08","version" => "1.69_01"},{"date" => "2011-08-26T17:52:15","version" => "1.70"},{"date" => "2011-11-25T18:39:23","version" => "1.71"},{"date" => "2012-02-02T23:40:39","version" => "1.72"},{"date" => "2012-03-24T16:20:29","version" => "1.72_01"},{"date" => "2012-04-27T00:35:00","version" => "1.72_02"},{"date" => "2013-08-24T04:33:44","version" => "1.73"},{"date" => "2015-01-24T05:52:57","version" => "1.74"},{"date" => "2015-06-03T03:27:34","version" => "1.75"},{"date" => "2016-07-29T16:21:58","version" => "1.76"},{"date" => "2016-08-05T16:58:03","version" => "1.77"},{"date" => "2016-08-08T13:30:07","version" => "1.78"},{"date" => "2016-09-17T04:05:20","version" => "1.79"},{"date" => "2016-09-25T02:46:39","version" => "1.80"},{"date" => "2016-10-06T12:55:47","version" => "1.81"},{"date" => "2016-10-07T13:50:48","version" => "1.82"},{"date" => "2016-10-14T20:59:34","version" => "1.83"},{"date" => "2017-03-07T18:46:19","version" => "1.84"},{"date" => "2017-06-28T22:11:34","version" => "1.85"},{"date" => "2017-07-04T15:51:05","version" => "1.86"},{"date" => "2018-02-07T22:07:28","version" => "1.87"},{"date" => "2018-03-23T15:41:01","version" => "1.88"},{"date" => "2018-10-18T19:56:43","version" => "1.89"},{"date" => "2018-11-12T18:53:49","version" => "1.90"},{"date" => "2019-01-10T19:04:12","version" => "1.91"},{"date" => "2019-08-24T01:02:55","version" => "1.92"},{"date" => "2019-10-04T21:10:14","version" => "1.93"},{"date" => "2019-10-10T13:15:13","version" => "1.94"},{"date" => "2019-10-28T13:17:10","version" => "1.95"},{"date" => "2020-02-21T02:27:01","version" => "1.96"},{"date" => "2020-05-14T00:48:07","version" => "1.97"},{"date" => "2020-05-25T17:08:10","version" => "1.98"},{"date" => "2020-06-08T15:44:13","version" => "1.99"},{"date" => "2020-06-09T19:17:21","version" => "2.00"},{"date" => "2020-09-18T17:52:29","version" => "2.01"},{"date" => "2020-10-13T13:53:04","version" => "2.02"},{"date" => "2020-11-10T14:49:20","version" => "2.03"},{"date" => "2021-08-06T12:35:04","version" => "2.04"},{"date" => "2021-09-21T14:23:14","version" => "2.05"},{"date" => "2021-10-25T21:00:18","version" => "2.06"},{"date" => "2022-04-29T15:40:57","version" => "2.07"},{"date" => "2022-05-30T17:33:59","version" => "2.08"},{"date" => "2022-06-14T14:22:59","version" => "2.09"},{"date" => "2022-07-04T21:09:58","version" => "2.10"},{"date" => "2022-07-17T17:27:26","version" => "2.11"},{"date" => "2022-07-20T06:47:33","version" => "2.12"},{"date" => "2022-07-29T09:50:42","version" => "2.13"},{"date" => "2022-08-15T19:26:39","version" => "2.14"},{"date" => "2022-08-21T08:24:07","version" => "2.15"},{"date" => "2023-02-11T12:11:44","version" => "2.16"},{"date" => "2023-04-27T15:49:35","version" => "2.17"},{"date" => "2024-01-30T14:34:27","version" => "2.18"},{"date" => "2024-09-16T15:28:35","version" => "2.19"},{"date" => "2025-10-22T19:06:27","version" => "2.20"}]},"WWW-OAuth" => {"advisories" => [{"affected_versions" => ["<=1.000"],"cves" => ["CVE-2025-40905"],"description" => "WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.","distribution" => "WWW-OAuth","fixed_versions" => [">=1.001"],"id" => "CPANSA-WWW-OAuth-2025-40905","references" => ["https://metacpan.org/release/DBOOK/WWW-OAuth-1.000/source/lib/WWW/OAuth.pm#L86","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","http://www.openwall.com/lists/oss-security/2026/02/13/1"],"reported" => "2026-02-13","severity" => undef}],"main_module" => "WWW::OAuth","versions" => [{"date" => "2016-01-31T07:53:39","version" => "0.001"},{"date" => "2016-02-01T04:23:38","version" => "0.002"},{"date" => "2016-05-19T04:37:32","version" => "0.003"},{"date" => "2016-11-23T22:30:34","version" => "0.004"},{"date" => "2016-12-09T03:50:40","version" => "0.005"},{"date" => "2016-12-10T04:46:51","version" => "0.006"},{"date" => "2018-09-17T23:08:53","version" => "1.000"},{"date" => "2025-01-06T09:16:26","version" => "1.001"},{"date" => "2025-01-15T01:57:07","version" => "1.002"},{"date" => "2025-04-25T09:28:55","version" => "1.003"}]},"WWW-ORCID" => {"advisories" => [{"affected_versions" => [">=0.02"],"cves" => ["CVE-2021-3822"],"description" => "jsoneditor is vulnerable to Inefficient Regular Expression Complexity\n","distribution" => "WWW-ORCID","fixed_versions" => [],"id" => "CPANSA-WWW-ORCID-2021-3822-jsoneditor","references" => ["https://github.com/josdejong/jsoneditor/commit/092e386cf49f2a1450625617da8e0137ed067c3e","https://huntr.dev/bounties/1e3ed803-b7ed-42f1-a4ea-c4c75da9de73"],"reported" => "2021-09-27","severity" => "high"}],"main_module" => "WWW::ORCID","versions" => [{"date" => "2013-05-23T15:40:49","version" => "0.01"},{"date" => "2013-05-23T18:36:32","version" => "0.0101"},{"date" => "2015-04-22T12:01:16","version" => "0.0102"},{"date" => "2015-09-01T12:23:38","version" => "0.02"},{"date" => "2017-08-07T13:35:26","version" => "0.02_01"},{"date" => "2017-08-08T08:31:22","version" => "0.0201"},{"date" => "2017-08-08T08:46:24","version" => "0.0201_01"},{"date" => "2017-08-08T09:23:10","version" => "0.03_01"},{"date" => "2017-08-10T07:31:58","version" => "0.03_02"},{"date" => "2017-08-11T14:09:25","version" => "0.03_03"},{"date" => "2017-08-18T13:59:11","version" => "0.04"},{"date" => "2017-08-18T15:12:32","version" => "0.0401"},{"date" => "2019-06-21T12:29:19","version" => "0.0402"}]},"WWW-UsePerl-Server" => {"advisories" => [{"affected_versions" => ["==0.36"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "WWW-UsePerl-Server","fixed_versions" => [],"id" => "CPANSA-WWW-UsePerl-Server-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "WWW::UsePerl::Server","versions" => [{"date" => "2012-05-05T19:00:47","version" => "0.36"}]},"Web-API" => {"advisories" => [{"affected_versions" => ["<=2.8"],"cves" => ["CVE-2024-57868"],"description" => "Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Web::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Web-API","fixed_versions" => [">2.8"],"id" => "CPANSA-Web-API-2024-57868","references" => ["https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L20","https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L348","https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Web::API","versions" => [{"date" => "2013-01-07T00:40:46","version" => "0.4"},{"date" => "2013-01-07T01:20:59","version" => "0.5"},{"date" => "2013-01-12T20:34:30","version" => "0.6"},{"date" => "2013-02-28T02:17:58","version" => "0.7"},{"date" => "2013-03-05T20:49:09","version" => "0.8"},{"date" => "2013-05-06T06:15:17","version" => "0.9"},{"date" => "2013-09-13T19:52:23","version" => "1.0"},{"date" => "2013-09-16T21:17:08","version" => "1.1"},{"date" => "2013-09-24T16:34:33","version" => "1.2"},{"date" => "2013-09-25T21:59:25","version" => "1.3"},{"date" => "2013-10-28T04:52:47","version" => "1.4"},{"date" => "2013-10-30T11:32:40","version" => "1.5"},{"date" => "2013-12-18T00:33:16","version" => "1.6"},{"date" => "2014-03-06T11:15:31","version" => "1.7"},{"date" => "2014-03-27T11:28:58","version" => "1.8"},{"date" => "2014-07-02T15:27:23","version" => "1.9"},{"date" => "2014-11-26T16:03:35","version" => "2.0"},{"date" => "2014-11-27T02:30:18","version" => "2.1"},{"date" => "2014-12-19T01:19:05","version" => "2.2"},{"date" => "2017-05-09T12:30:47","version" => "2.2.1"},{"date" => "2017-05-10T13:33:17","version" => "2.3.0"},{"date" => "2017-06-12T15:35:44","version" => "2.2.2"},{"date" => "2017-10-21T05:34:45","version" => "2.2.3"},{"date" => "2018-12-25T10:23:53","version" => "2.3"},{"date" => "2018-12-25T10:58:10","version" => "2.3.1"},{"date" => "2019-01-07T12:26:54","version" => "2.4.0"},{"date" => "2019-01-15T04:02:07","version" => "2.4.1"},{"date" => "2019-11-18T02:38:25","version" => "2.5"},{"date" => "2019-11-26T05:00:01","version" => "2.6"},{"date" => "2020-05-02T07:58:13","version" => "2.7"},{"date" => "2024-04-09T16:02:08","version" => "2.8"}]},"WebService-Xero" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-52322"],"description" => "WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "WebService-Xero","fixed_versions" => [],"id" => "CPANSA-WebService-Xero-2024-52322","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "WebService::Xero","versions" => [{"date" => "2016-11-29T16:57:37","version" => "0.10"},{"date" => "2016-11-30T16:52:01","version" => "0.11"}]},"Wight-Chart" => {"advisories" => [{"affected_versions" => ["==0.003"],"cves" => ["CVE-2020-7746"],"description" => "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.\n","distribution" => "Wight-Chart","fixed_versions" => [],"id" => "CPANSA-Wight-Chart-2020-7746-chartjs","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376","https://github.com/chartjs/Chart.js/pull/7920","https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374"],"reported" => "2020-10-29","severity" => "high"}],"main_module" => "Wight::Chart","versions" => [{"date" => "2013-08-27T12:23:48","version" => "0.003"}]},"Win32-File-Summary" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2018-12015"],"description" => "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-12015","https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5"],"reported" => "2018-06-12","severity" => "medium"},{"affected_versions" => [">0"],"cves" => ["CVE-2007-4829"],"description" => "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2007-4829","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=29517","https://bugzilla.redhat.com/show_bug.cgi?id=295021","http://rt.cpan.org/Public/Bug/Display.html?id=30380","https://issues.rpath.com/browse/RPL-1716","http://www.securityfocus.com/bid/26355","http://secunia.com/advisories/27539","http://osvdb.org/40410","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-2","http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml","http://secunia.com/advisories/33116","http://www.vupen.com/english/advisories/2007/3755","https://exchange.xforce.ibmcloud.com/vulnerabilities/38285","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"],"reported" => "2007-11-02","severity" => undef},{"affected_versions" => [">0"],"cves" => ["CVE-2016-1238"],"description" => "'(1) cpan/Win32-File-Summary/bin/ptar, (2) cpan/Win32-File-Summary/bin/ptardiff, (3) cpan/Win32-File-Summary/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.'\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=1.00,<=1.10"],"cves" => ["CVE-2016-4570"],"description" => "The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.\n","distribution" => "Win32-File-Summary","fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-4570-mxml","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1334648","http://www.openwall.com/lists/oss-security/2016/05/11/14","http://www.openwall.com/lists/oss-security/2016/05/09/16","http://www.securityfocus.com/bid/90315","https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"],"reported" => "2017-02-03","severity" => "medium"},{"affected_versions" => [">=1.00,<=1.10"],"cves" => ["CVE-2016-4571"],"description" => "The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.\n","distribution" => "Win32-File-Summary","fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-4571-mxml","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1334648","http://www.openwall.com/lists/oss-security/2016/05/11/14","http://www.openwall.com/lists/oss-security/2016/05/09/16","http://www.securityfocus.com/bid/90315","https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"],"reported" => "2017-02-03","severity" => "medium"}],"main_module" => "Win32::File::Summary","versions" => [{"date" => "2005-04-24T18:36:18","version" => "0.01"},{"date" => "2005-04-25T15:18:03","version" => "0.01"},{"date" => "2005-04-30T12:09:11","version" => "0.01"},{"date" => "2005-05-17T09:52:46","version" => "0.01"},{"date" => "2005-08-06T18:10:08","version" => "0.01"},{"date" => "2005-08-24T04:39:30","version" => "0.01"},{"date" => "2006-06-11T14:15:36","version" => "0.01"}]},"Win32-Printer" => {"advisories" => [{"affected_versions" => [">=0.7.0,<=0.7.1"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.8.0,<=0.8.3"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => ["==0.8.4"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.9.0,<=0.9.1"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.7.0,<0.9.0"],"cves" => ["CVE-2016-9601"],"description" => "ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2016-9601-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601","https://bugs.ghostscript.com/show_bug.cgi?id=697457","http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092","https://www.debian.org/security/2017/dsa-3817","https://security.gentoo.org/glsa/201706-24","http://www.securityfocus.com/bid/97095"],"reported" => "2018-04-24","severity" => "medium"},{"affected_versions" => [">=0.9.0,<=0.9.1"],"cves" => ["CVE-2016-9601"],"description" => "ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2016-9601-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601","https://bugs.ghostscript.com/show_bug.cgi?id=697457","http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092","https://www.debian.org/security/2017/dsa-3817","https://security.gentoo.org/glsa/201706-24","http://www.securityfocus.com/bid/97095"],"reported" => "2018-04-24","severity" => "medium"}],"main_module" => "Win32::Printer","versions" => [{"date" => "2003-08-05T07:57:55","version" => "v0.6.1"},{"date" => "2003-08-05T08:26:35","version" => "v0.6.1"},{"date" => "2003-08-14T12:07:09","version" => "v0.6.2"},{"date" => "2003-08-31T16:02:18","version" => "v0.6.3"},{"date" => "2003-09-01T14:26:20","version" => "v0.6.3.1"},{"date" => "2003-09-22T14:05:39","version" => "v0.6.4"},{"date" => "2003-10-12T17:37:04","version" => "v0.6.5"},{"date" => "2003-10-28T13:16:47","version" => "v0.6.6"},{"date" => "2003-11-03T08:07:09","version" => "v0.6.6.1"},{"date" => "2004-01-08T01:49:39","version" => "v0.7.0"},{"date" => "2004-03-11T12:29:29","version" => "v0.7.1"},{"date" => "2004-04-22T13:37:23","version" => "v0.8.0"},{"date" => "2004-06-22T07:26:31","version" => "v0.8.1"},{"date" => "2004-08-09T09:53:52","version" => "v0.8.2"},{"date" => "2004-08-11T12:35:45","version" => "v0.8.3"},{"date" => "2004-11-04T07:45:40","version" => "v0.8.4"},{"date" => "2005-02-07T11:06:58","version" => "v0.9.0"},{"date" => "2008-04-28T07:49:03","version" => "v0.9.1"}]},"XAO-Web" => {"advisories" => [{"affected_versions" => ["<1.84"],"cves" => ["CVE-2020-36827"],"description" => "Embedded HTML in JSON data was not escaped.\n","distribution" => "XAO-Web","fixed_versions" => [">=1.84"],"id" => "CPANSA-XAO-Web-2020-01","references" => ["https://github.com/amaltsev/XAO-Web/commit/20dd1d3bc5b811503f5722a16037b60197fe7ef4","https://metacpan.org/release/AMALTSEV/XAO-Web-1.84/changes"],"reported" => "2020-09-18","severity" => undef}],"main_module" => "XAO::Web","versions" => [{"date" => "2002-01-03T03:05:25","version" => "1.0"},{"date" => "2002-01-04T02:47:11","version" => "1.01"},{"date" => "2002-01-04T03:44:00","version" => "1.02"},{"date" => "2002-03-19T04:56:54","version" => "1.03"},{"date" => "2002-11-09T02:33:07","version" => "1.04"},{"date" => "2003-11-13T02:15:48","version" => "1.05"},{"date" => "2003-11-13T07:09:31","version" => "1.05"},{"date" => "2005-01-14T01:48:49","version" => "1.06"},{"date" => "2005-02-01T03:24:39","version" => "1.07"},{"date" => "2017-04-19T20:26:55","version" => "1.45"},{"date" => "2017-04-20T00:32:26","version" => "1.46"},{"date" => "2017-05-01T19:57:48","version" => "1.47"},{"date" => "2018-07-07T00:42:57","version" => "1.68"},{"date" => "2018-07-07T03:29:38","version" => "1.69"},{"date" => "2018-07-07T16:38:26","version" => "1.70"},{"date" => "2018-07-30T13:35:32","version" => "1.71"},{"date" => "2018-10-20T00:50:11","version" => "1.72"},{"date" => "2018-10-25T19:16:09","version" => "1.73"},{"date" => "2018-10-30T01:27:58","version" => "1.74"},{"date" => "2019-01-10T02:17:29","version" => "1.75"},{"date" => "2019-03-02T17:38:20","version" => "1.76"},{"date" => "2019-04-26T23:13:56","version" => "1.77"},{"date" => "2019-11-20T20:52:59","version" => "1.78"},{"date" => "2019-12-24T02:26:57","version" => "1.79"},{"date" => "2020-01-10T01:19:32","version" => "1.80"},{"date" => "2020-07-21T02:08:41","version" => "1.81"},{"date" => "2020-08-26T22:28:48","version" => "1.82"},{"date" => "2020-08-26T23:19:26","version" => "1.83"},{"date" => "2020-09-18T03:22:46","version" => "1.84"},{"date" => "2020-09-22T23:47:44","version" => "1.85"},{"date" => "2020-09-23T00:51:16","version" => "1.86"},{"date" => "2021-06-08T22:38:04","version" => "1.87"},{"date" => "2022-04-09T02:06:50","version" => "1.88"},{"date" => "2022-07-02T00:05:43","version" => "1.89"},{"date" => "2022-12-08T04:50:55","version" => "1.90"},{"date" => "2023-05-22T21:52:57","version" => "1.91"},{"date" => "2025-04-03T00:49:02","version" => "1.92"},{"date" => "2025-04-03T02:01:24","version" => "1.93"}]},"XML-Atom" => {"advisories" => [{"affected_versions" => ["<0.39"],"cves" => ["CVE-2012-1102"],"description" => "It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.\n","distribution" => "XML-Atom","fixed_versions" => [],"id" => "CPANSA-XML-Atom-2012-1102","references" => ["https://seclists.org/oss-sec/2012/q1/549","https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes"],"reported" => "2021-07-09","severity" => "high"}],"main_module" => "XML::Atom","versions" => [{"date" => "2003-09-08T04:47:09","version" => "0.01"},{"date" => "2003-09-28T23:11:32","version" => "0.02"},{"date" => "2003-12-05T09:20:27","version" => "0.03"},{"date" => "2003-12-15T08:03:04","version" => "0.04"},{"date" => "2003-12-15T17:10:29","version" => "0.041"},{"date" => "2004-01-06T05:04:22","version" => "0.05"},{"date" => "2004-04-24T23:47:03","version" => "0.06"},{"date" => "2004-05-16T01:13:46","version" => "0.07"},{"date" => "2004-06-02T06:05:57","version" => "0.08"},{"date" => "2004-07-30T05:49:54","version" => "0.09"},{"date" => "2005-01-01T00:20:55","version" => "0.10"},{"date" => "2005-02-24T03:19:08","version" => "0.11"},{"date" => "2005-06-07T05:13:21","version" => "0.12"},{"date" => "2005-07-19T21:00:39","version" => "0.12_01"},{"date" => "2005-08-16T21:46:06","version" => "0.12_02"},{"date" => "2005-08-18T07:18:26","version" => "0.13"},{"date" => "2005-09-14T05:38:53","version" => "0.13_01"},{"date" => "2005-10-21T04:55:40","version" => "0.14"},{"date" => "2005-11-01T05:55:40","version" => "0.15"},{"date" => "2005-11-22T21:17:26","version" => "0.16"},{"date" => "2006-02-22T23:24:00","version" => "0.17"},{"date" => "2006-03-16T06:14:49","version" => "0.18"},{"date" => "2006-03-19T05:03:12","version" => "0.19"},{"date" => "2006-04-30T16:49:38","version" => "0.19_01"},{"date" => "2006-07-07T06:39:52","version" => "0.19_03"},{"date" => "2006-07-12T03:44:58","version" => "0.20"},{"date" => "2006-07-12T17:44:49","version" => "0.21"},{"date" => "2006-07-19T10:42:43","version" => "0.21_01"},{"date" => "2006-07-20T08:07:49","version" => "0.21_02"},{"date" => "2006-07-21T10:15:06","version" => "0.21_03"},{"date" => "2006-07-24T20:00:37","version" => "0.22"},{"date" => "2006-08-27T05:53:47","version" => "0.22_01"},{"date" => "2006-08-27T06:42:17","version" => "0.23"},{"date" => "2006-11-25T23:03:57","version" => "0.24"},{"date" => "2006-11-30T23:14:23","version" => "0.25"},{"date" => "2007-04-27T20:57:39","version" => "0.25_01"},{"date" => "2007-06-20T19:23:36","version" => "0.25_02"},{"date" => "2007-09-16T04:24:44","version" => "0.26"},{"date" => "2007-09-16T04:41:58","version" => "0.27"},{"date" => "2007-10-04T20:30:48","version" => "0.27_01"},{"date" => "2007-11-06T21:08:06","version" => "0.28"},{"date" => "2008-10-26T00:27:44","version" => "0.29"},{"date" => "2008-11-12T22:45:37","version" => "0.30"},{"date" => "2008-11-13T21:19:34","version" => "0.31"},{"date" => "2008-11-23T22:07:41","version" => "0.32"},{"date" => "2009-01-07T02:00:59","version" => "0.33"},{"date" => "2009-04-29T17:46:03","version" => "0.34"},{"date" => "2009-05-01T23:42:30","version" => "0.35"},{"date" => "2009-12-21T22:02:23","version" => "0.36"},{"date" => "2009-12-29T02:32:53","version" => "0.37"},{"date" => "2011-05-23T02:57:51","version" => "0.38"},{"date" => "2011-06-21T04:07:51","version" => "0.39"},{"date" => "2011-09-18T19:43:27","version" => "0.40"},{"date" => "2011-09-27T01:44:56","version" => "0.41"},{"date" => "2017-05-12T05:34:02","version" => "0.42"},{"date" => "2021-04-28T20:40:29","version" => "0.43"}]},"XML-DT" => {"advisories" => [{"affected_versions" => ["<0.64"],"cves" => ["CVE-2014-5260"],"description" => "The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.\n","distribution" => "XML-DT","fixed_versions" => [],"id" => "CPANSA-XML-DT-2014-5260","references" => ["http://openwall.com/lists/oss-security/2014/08/15/8","https://metacpan.org/diff/file?target=AMBS/XML-DT-0.64/&source=AMBS/XML-DT-0.63/","https://metacpan.org/source/AMBS/XML-DT-0.66/Changes","https://bugs.debian.org/756566"],"reported" => "2014-08-16","severity" => undef}],"main_module" => "XML::DT","versions" => [{"date" => "1999-07-30T13:04:11","version" => "0.11"},{"date" => "2000-04-07T09:24:55","version" => "0.14"},{"date" => "2000-09-19T17:03:40","version" => "0.15"},{"date" => "2000-10-16T16:21:54","version" => "0.16"},{"date" => "2000-11-30T12:37:27","version" => "0.19"},{"date" => "2002-03-07T17:54:06","version" => "0.20"},{"date" => "2002-05-28T12:35:07","version" => "0.21"},{"date" => "2002-12-20T17:31:58","version" => "0.22"},{"date" => "2002-12-27T09:10:47","version" => "0.23"},{"date" => "2003-02-20T16:16:43","version" => "0.24"},{"date" => "2003-06-17T10:15:16","version" => "v0.24.1"},{"date" => "2003-10-09T08:12:32","version" => "0.25"},{"date" => "2003-10-13T07:47:22","version" => "0.25"},{"date" => "2003-11-14T10:55:50","version" => "0.27"},{"date" => "2003-12-16T14:25:13","version" => "0.28"},{"date" => "2004-01-07T11:38:24","version" => "0.29"},{"date" => "2004-01-22T11:25:21","version" => "0.30"},{"date" => "2004-08-09T17:43:41","version" => "0.31"},{"date" => "2004-09-20T19:15:56","version" => "0.32"},{"date" => "2004-10-03T19:21:18","version" => "0.33"},{"date" => "2004-10-30T14:43:29","version" => "0.34"},{"date" => "2004-11-15T16:39:19","version" => "0.35"},{"date" => "2004-11-19T17:29:05","version" => "0.36"},{"date" => "2004-11-21T16:27:45","version" => "0.37"},{"date" => "2004-12-24T16:34:24","version" => "0.38"},{"date" => "2005-03-22T12:05:18","version" => "0.39"},{"date" => "2005-04-06T08:14:46","version" => "0.40"},{"date" => "2005-07-20T20:28:06","version" => "0.41"},{"date" => "2005-09-18T16:06:11","version" => "0.42"},{"date" => "2006-05-15T09:08:21","version" => "0.43"},{"date" => "2006-05-15T09:33:07","version" => "0.44"},{"date" => "2006-05-16T14:14:36","version" => "0.45"},{"date" => "2006-11-03T09:39:12","version" => "0.46"},{"date" => "2006-11-23T18:14:09","version" => "0.47"},{"date" => "2008-02-20T22:00:02","version" => "0.48"},{"date" => "2008-02-20T22:16:45","version" => "0.49"},{"date" => "2008-02-21T22:02:53","version" => "0.50"},{"date" => "2008-02-22T17:19:12","version" => "0.51"},{"date" => "2008-10-22T09:12:08","version" => "0.52"},{"date" => "2009-01-18T20:10:36","version" => "0.53"},{"date" => "2010-11-19T16:27:23","version" => "0.54"},{"date" => "2011-02-12T22:08:27","version" => "0.55"},{"date" => "2011-02-12T22:09:55","version" => "0.56"},{"date" => "2012-04-07T20:30:58","version" => "0.57"},{"date" => "2012-04-09T10:19:15","version" => "0.58"},{"date" => "2012-06-05T13:37:08","version" => "0.59"},{"date" => "2012-06-25T16:57:54","version" => "0.60"},{"date" => "2012-06-25T17:04:58","version" => "0.61"},{"date" => "2012-06-25T19:02:40","version" => "0.62"},{"date" => "2013-03-25T22:27:48","version" => "0.63"},{"date" => "2014-07-31T19:46:44","version" => "0.64"},{"date" => "2014-08-01T13:00:43","version" => "0.65"},{"date" => "2014-08-15T20:17:39","version" => "0.66"},{"date" => "2015-03-15T18:28:49","version" => "0.67"},{"date" => "2015-09-29T08:06:14","version" => "0.68"},{"date" => "2019-04-22T17:01:30","version" => "0.69"}]},"XML-LibXML" => {"advisories" => [{"affected_versions" => ["<2.0120"],"cves" => ["CVE-2015-3451"],"description" => "The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.\n","distribution" => "XML-LibXML","fixed_versions" => [">=2.0120"],"id" => "CPANSA-XML-LibXML-2015-01","references" => ["https://metacpan.org/changes/distribution/XML-LibXML"],"reported" => "2015-04-23"},{"affected_versions" => ["<2.0129"],"cves" => ["CVE-2017-10672"],"description" => "Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.\n","distribution" => "XML-LibXML","fixed_versions" => [">=2.0129"],"id" => "CPANSA-XML-LibXML-2017-01","references" => ["https://www.debian.org/security/2017/dsa-4042","https://rt.cpan.org/Public/Bug/Display.html?id=122246","https://lists.debian.org/debian-lts-announce/2017/11/msg00017.html"],"reported" => "2015-04-23"}],"main_module" => "XML::LibXML","versions" => [{"date" => "2001-05-18T11:31:21","version" => "0.91"},{"date" => "2001-06-03T07:47:14","version" => "0.92"},{"date" => "2001-06-09T16:52:26","version" => "0.93"},{"date" => "2001-06-10T08:54:23","version" => "0.94"},{"date" => "2001-06-21T10:07:56","version" => "0.96"},{"date" => "2001-06-29T20:39:47","version" => "0.97"},{"date" => "2001-07-20T16:08:25","version" => "0.99"},{"date" => "2001-08-07T10:13:29","version" => "1.00"},{"date" => "2001-11-14T11:39:59","version" => "1.30"},{"date" => "2001-11-25T17:25:52","version" => "1.31"},{"date" => "2002-03-13T14:24:12","version" => "1.40"},{"date" => "2002-05-11T21:07:22","version" => "1.49"},{"date" => "2002-05-20T11:33:20","version" => "1.50"},{"date" => "2002-05-31T16:53:50","version" => "1.51"},{"date" => "2002-06-12T10:16:35","version" => "1.52"},{"date" => "2002-09-14T21:02:38","version" => "1.53"},{"date" => "2002-10-26T15:21:51","version" => "1.54_0"},{"date" => "2002-11-08T10:03:05","version" => "1.54_1"},{"date" => "2002-11-08T18:15:20","version" => "1.54_2"},{"date" => "2002-11-15T20:14:58","version" => "1.54_3"},{"date" => "2003-05-22T23:44:39","version" => "1.54_4"},{"date" => "2003-05-30T18:46:39","version" => "1.54"},{"date" => "2003-08-19T21:15:43","version" => "1.55"},{"date" => "2003-08-25T13:39:01","version" => "1.56"},{"date" => "2004-02-29T16:56:42","version" => "1.57"},{"date" => "2004-03-31T19:49:55","version" => "1.58"},{"date" => "2004-04-04T11:42:03","version" => "1.58_1"},{"date" => "2006-08-02T10:59:49","version" => "1.59"},{"date" => "2006-08-26T18:11:05","version" => "1.60"},{"date" => "2006-09-24T15:43:20","version" => "1.61"},{"date" => "2006-09-25T07:21:39","version" => "1.61"},{"date" => "2006-09-25T07:42:26","version" => "1.61"},{"date" => "2006-09-25T11:38:04","version" => "1.61"},{"date" => "2006-11-18T09:57:51","version" => "1.62"},{"date" => "2006-11-25T09:10:37","version" => "1.62"},{"date" => "2007-04-16T11:46:21","version" => "1.63"},{"date" => "2007-09-09T21:51:03","version" => "1.64"},{"date" => "2007-09-25T16:37:46","version" => "1.65"},{"date" => "2008-01-29T21:10:45","version" => "1.66"},{"date" => "2008-11-04T14:26:16","version" => "1.67"},{"date" => "2008-11-05T13:32:59","version" => "1.68"},{"date" => "2008-11-11T21:00:56","version" => "1.69"},{"date" => "2009-01-23T22:30:52","version" => "1.69_1"},{"date" => "2009-02-06T19:12:24","version" => "1.69_2"},{"date" => "2009-10-07T12:31:25","version" => "1.70"},{"date" => "2011-06-14T17:01:30","version" => "1.71"},{"date" => "2011-06-16T16:40:11","version" => "1.72"},{"date" => "2011-06-18T08:35:40","version" => "1.73"},{"date" => "2011-06-23T12:27:53","version" => "1.74"},{"date" => "2011-06-24T16:02:54","version" => "1.75"},{"date" => "2011-06-30T18:20:41","version" => "1.76"},{"date" => "2011-07-01T19:31:51","version" => "1.77"},{"date" => "2011-07-06T17:27:49","version" => "1.78"},{"date" => "2011-07-08T17:06:33","version" => "1.79"},{"date" => "2011-07-12T20:39:51","version" => "1.80"},{"date" => "2011-07-16T15:36:21","version" => "1.81"},{"date" => "2011-07-20T20:49:05","version" => "1.82"},{"date" => "2011-07-23T11:34:22","version" => "1.83"},{"date" => "2011-07-23T20:17:26","version" => "1.84"},{"date" => "2011-08-24T14:08:28","version" => "1.85"},{"date" => "2011-08-25T08:46:56","version" => "1.86"},{"date" => "2011-08-27T11:07:44","version" => "1.87"},{"date" => "2011-09-21T10:01:23","version" => "1.88"},{"date" => "2011-12-24T07:47:30","version" => "1.89"},{"date" => "2012-01-08T19:01:33","version" => "1.90"},{"date" => "2012-02-21T12:02:10","version" => "1.91"},{"date" => "2012-02-21T17:03:56","version" => "1.92"},{"date" => "2012-02-27T09:18:12","version" => "1.93"},{"date" => "2012-03-03T20:10:26","version" => "1.94"},{"date" => "2012-03-06T08:42:27","version" => "1.95"},{"date" => "2012-03-16T19:05:40","version" => "1.96"},{"date" => "2012-04-30T17:35:11","version" => "1.97"},{"date" => "2012-05-13T18:06:03","version" => "1.98"},{"date" => "2012-05-31T07:25:35","version" => "1.99"},{"date" => "2012-06-19T20:07:27","version" => "2.0000"},{"date" => "2012-06-20T16:53:03","version" => "2.0001"},{"date" => "2012-07-08T15:12:36","version" => "2.0002"},{"date" => "2012-07-27T15:22:53","version" => "2.0003"},{"date" => "2012-08-07T20:06:48","version" => "2.0004"},{"date" => "2012-10-13T11:23:03","version" => "2.0005"},{"date" => "2012-10-13T20:34:57","version" => "2.0006"},{"date" => "2012-10-17T17:05:13","version" => "2.0007"},{"date" => "2012-10-22T10:13:20","version" => "2.0008"},{"date" => "2012-11-01T14:29:13","version" => "2.0009"},{"date" => "2012-11-01T18:16:34","version" => "2.0010"},{"date" => "2012-11-07T22:29:47","version" => "2.0011"},{"date" => "2012-11-09T04:42:04","version" => "2.0012"},{"date" => "2012-12-04T15:46:46","version" => "2.0013"},{"date" => "2012-12-05T09:13:26","version" => "2.0014"},{"date" => "2013-04-12T23:35:55","version" => "2.0015"},{"date" => "2013-04-13T19:39:51","version" => "2.0016"},{"date" => "2013-05-09T08:07:47","version" => "2.0017"},{"date" => "2013-05-13T10:44:19","version" => "2.0018"},{"date" => "2013-07-01T08:08:50","version" => "2.0019"},{"date" => "2013-08-14T05:27:26","version" => "2.0100"},{"date" => "2013-08-15T05:34:30","version" => "2.0101"},{"date" => "2013-08-19T12:18:31","version" => "2.0102"},{"date" => "2013-08-22T05:35:19","version" => "2.0103"},{"date" => "2013-08-30T09:38:04","version" => "2.0104"},{"date" => "2013-09-07T17:24:00","version" => "2.0105"},{"date" => "2013-09-17T16:14:51","version" => "2.0106"},{"date" => "2013-10-31T07:16:02","version" => "2.0107"},{"date" => "2013-12-17T09:10:53","version" => "2.0108"},{"date" => "2014-01-31T08:01:23","version" => "2.0109"},{"date" => "2014-02-01T14:14:02","version" => "2.0110"},{"date" => "2014-03-05T15:31:25","version" => "2.0111"},{"date" => "2014-03-13T18:19:10","version" => "2.0112"},{"date" => "2014-03-14T12:15:54","version" => "2.0113"},{"date" => "2014-04-03T13:01:06","version" => "2.0114"},{"date" => "2014-04-03T13:15:41","version" => "2.0115"},{"date" => "2014-04-12T08:10:37","version" => "2.0116"},{"date" => "2014-10-26T16:31:29","version" => "2.0117"},{"date" => "2015-02-05T10:57:03","version" => "2.0118"},{"date" => "2015-04-23T07:14:45","version" => "2.0119"},{"date" => "2015-05-01T09:50:18","version" => "2.0120"},{"date" => "2015-05-03T12:08:06","version" => "2.0121"},{"date" => "2015-09-01T09:02:29","version" => "2.0122"},{"date" => "2015-12-06T13:19:22","version" => "2.0123"},{"date" => "2016-02-27T11:21:08","version" => "2.0124"},{"date" => "2016-05-30T09:24:51","version" => "2.0125"},{"date" => "2016-06-24T16:21:00","version" => "2.0126"},{"date" => "2016-07-22T17:40:51","version" => "2.0127"},{"date" => "2016-07-24T09:15:48","version" => "2.0128"},{"date" => "2017-03-14T13:37:23","version" => "2.0129"},{"date" => "2017-10-18T08:45:49","version" => "2.0130"},{"date" => "2017-10-24T08:57:20","version" => "2.0131"},{"date" => "2017-10-28T17:58:34","version" => "2.0132"},{"date" => "2019-02-02T11:11:30","version" => "2.0133"},{"date" => "2019-02-10T15:02:55","version" => "2.0134"},{"date" => "2019-03-23T08:54:34","version" => "2.0200"},{"date" => "2019-05-25T17:46:46","version" => "2.0201"},{"date" => "2020-01-13T09:16:50","version" => "2.0202"},{"date" => "2020-03-11T06:48:19","version" => "2.0203"},{"date" => "2020-03-17T16:33:17","version" => "2.0204"},{"date" => "2020-05-08T11:36:06","version" => "2.0205"},{"date" => "2020-09-15T08:06:58","version" => "2.0206"},{"date" => "2021-04-17T08:16:22","version" => "2.0207"},{"date" => "2022-09-30T03:29:15","version" => "2.0208"},{"date" => "2023-07-15T06:04:39","version" => "2.0209"},{"date" => "2024-01-24T15:19:39","version" => "2.0210"}]},"XML-Sig" => {"advisories" => [{"affected_versions" => [">=0.27,<=0.67"],"cves" => ["CVE-2025-40934"],"description" => "XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.  An attacker can remove the signature from the XML document to make it pass the verification check.  XML-Sig is a Perl module to validate signatures on XML files.\x{a0} An unsigned XML file should return an error message.\x{a0} The affected versions return true when attempting to validate an XML file that contains no signatures.","distribution" => "XML-Sig","fixed_versions" => [">=0.68"],"id" => "CPANSA-XML-Sig-2025-40934","references" => ["https://github.com/perl-net-saml2/perl-XML-Sig/issues/63","https://github.com/perl-net-saml2/perl-XML-Sig/pull/64"],"reported" => "2025-11-26","severity" => undef}],"main_module" => "XML::Sig","versions" => [{"date" => "2009-10-28T23:54:04","version" => "0.1"},{"date" => "2009-10-29T05:20:59","version" => "0.2"},{"date" => "2009-11-20T04:35:13","version" => "0.2.1"},{"date" => "2009-11-20T05:09:41","version" => "0.21"},{"date" => "2009-12-08T18:00:44","version" => "0.22"},{"date" => "2020-06-27T03:58:29","version" => "0.27"},{"date" => "2020-06-27T14:35:14","version" => "0.28"},{"date" => "2020-11-29T23:46:03","version" => "0.29"},{"date" => "2020-11-30T03:29:19","version" => "0.30"},{"date" => "2020-12-02T22:36:05","version" => "0.31"},{"date" => "2020-12-03T01:18:15","version" => "0.32"},{"date" => "2020-12-07T00:59:38","version" => "0.33"},{"date" => "2020-12-07T02:29:37","version" => "0.34"},{"date" => "2021-01-08T01:28:22","version" => "0.35"},{"date" => "2021-01-08T11:50:22","version" => "0.36"},{"date" => "2021-01-10T02:50:59","version" => "0.37"},{"date" => "2021-01-10T15:27:25","version" => "0.38"},{"date" => "2021-01-13T00:29:13","version" => "0.39"},{"date" => "2021-03-13T02:24:22","version" => "0.40"},{"date" => "2021-03-13T13:33:53","version" => "0.41"},{"date" => "2021-03-15T00:03:02","version" => "0.42"},{"date" => "2021-03-15T01:18:04","version" => "0.43"},{"date" => "2021-03-20T14:15:36","version" => "0.44"},{"date" => "2021-03-20T21:28:09","version" => "0.45"},{"date" => "2021-03-27T16:02:51","version" => "0.46"},{"date" => "2021-03-28T14:31:07","version" => "0.47"},{"date" => "2021-04-10T00:47:31","version" => "0.48"},{"date" => "2021-04-10T13:01:06","version" => "0.49"},{"date" => "2021-04-18T22:43:29","version" => "0.50"},{"date" => "2021-07-03T22:46:09","version" => "0.51"},{"date" => "2021-11-27T19:48:18","version" => "0.52"},{"date" => "2021-11-28T15:08:21","version" => "0.53"},{"date" => "2021-12-05T17:16:00","version" => "0.54"},{"date" => "2021-12-07T22:14:01","version" => "0.55"},{"date" => "2022-03-16T00:06:40","version" => "0.56"},{"date" => "2022-04-15T22:57:47","version" => "0.57"},{"date" => "2022-07-19T00:46:35","version" => "0.58"},{"date" => "2022-11-25T02:26:53","version" => "0.59"},{"date" => "2023-03-13T00:29:05","version" => "0.60"},{"date" => "2023-03-13T00:44:20","version" => "0.61"},{"date" => "2023-03-18T23:22:43","version" => "0.62"},{"date" => "2023-03-19T12:59:49","version" => "0.63"},{"date" => "2023-06-26T22:04:31","version" => "0.64"},{"date" => "2023-11-21T22:39:12","version" => "0.65"},{"date" => "2025-05-09T00:13:19","version" => "0.66"},{"date" => "2025-11-07T22:27:16","version" => "0.67"},{"date" => "2025-11-26T22:29:54","version" => "0.68"},{"date" => "2026-01-11T00:19:14","version" => "0.69"}]},"XML-Simple" => {"advisories" => [{"affected_versions" => ["<2.25"],"cves" => [],"description" => "The No. 4 item on the OWASP top 10 is external XML entities. When using XML::Parser, XML::Simple is currently vulnerable by default.\n","distribution" => "XML-Simple","fixed_versions" => [">=2.25"],"id" => "CPANSA-XML-Simple-2018-01","references" => ["https://metacpan.org/dist/XML-Simple/changes","https://github.com/grantm/xml-simple/pull/8"],"reported" => "2018-02-18","severity" => undef}],"main_module" => "XML::Simple","versions" => [{"date" => "1999-11-29T02:30:19","version" => "1.00"},{"date" => "1999-12-01T11:02:42","version" => "1.01"},{"date" => "2000-03-05T20:58:37","version" => "1.03"},{"date" => "2000-04-03T04:12:07","version" => "1.04"},{"date" => "2000-08-30T23:40:57","version" => "1.05"},{"date" => "2001-11-19T22:04:26","version" => "1.06"},{"date" => "2002-02-05T22:46:39","version" => "1.07"},{"date" => "2002-02-09T22:43:03","version" => "1.08"},{"date" => "2002-02-14T22:13:24","version" => "1.08_01"},{"date" => "2002-12-08T08:23:26","version" => "2.00"},{"date" => "2002-12-11T09:56:59","version" => "2.01"},{"date" => "2002-12-15T08:21:09","version" => "2.02"},{"date" => "2003-01-20T07:54:05","version" => "2.03"},{"date" => "2003-04-10T10:25:56","version" => "2.04"},{"date" => "2003-04-16T10:22:00","version" => "2.05"},{"date" => "2003-05-18T08:50:04","version" => "2.06"},{"date" => "2003-05-20T08:53:19","version" => "2.07"},{"date" => "2003-06-13T10:31:53","version" => "2.08"},{"date" => "2003-09-09T09:43:24","version" => "2.09"},{"date" => "2004-02-29T10:18:06","version" => "2.10"},{"date" => "2004-03-02T08:29:33","version" => "2.11"},{"date" => "2004-04-05T09:29:23","version" => "2.12"},{"date" => "2004-11-17T09:06:18","version" => "2.13"},{"date" => "2005-01-29T05:16:40","version" => "2.14"},{"date" => "2006-10-03T01:33:47","version" => "2.15"},{"date" => "2006-10-30T08:33:07","version" => "2.16"},{"date" => "2007-08-02T10:47:38","version" => "2.17"},{"date" => "2007-08-15T10:39:25","version" => "2.18"},{"date" => "2012-06-17T11:28:59","version" => "2.19_01"},{"date" => "2012-06-19T08:34:33","version" => "2.19_02"},{"date" => "2012-06-20T10:01:37","version" => "2.20"},{"date" => "2015-12-04T03:35:12","version" => "2.21"},{"date" => "2015-12-04T22:08:47","version" => "2.22"},{"date" => "2017-04-17T03:49:52","version" => "2.23"},{"date" => "2017-04-17T04:12:48","version" => "2.24"},{"date" => "2018-03-18T03:19:24","version" => "2.25"}]},"XML-Twig" => {"advisories" => [{"affected_versions" => ["<1.39"],"cves" => ["CVE-2016-9180"],"description" => "perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.\n","distribution" => "XML-Twig","fixed_versions" => [">=1.39"],"id" => "CPANSA-XML-Twig-2016-9180","references" => ["http://www.securityfocus.com/bid/94219","http://www.openwall.com/lists/oss-security/2016/11/04/2","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00033.html","https://rt.cpan.org/Public/Bug/Display.html?id=118097"],"reported" => "2016-12-22","severity" => "critical"}],"main_module" => "XML::Twig","versions" => [{"date" => "1999-10-05T22:25:47","version" => "1.6"},{"date" => "1999-12-07T16:53:28","version" => "1.7"},{"date" => "1999-12-17T17:03:18","version" => "1.8"},{"date" => "2000-02-18T00:39:24","version" => "1.9"},{"date" => "2000-03-24T23:22:37","version" => "1.10"},{"date" => "2000-06-05T19:27:48","version" => "2.00"},{"date" => "2000-08-18T12:10:46","version" => "2.01"},{"date" => "2001-01-16T09:14:14","version" => "2.02"},{"date" => "2002-01-09T16:33:44","version" => "3.00"},{"date" => "2002-01-09T17:01:53","version" => "3.01"},{"date" => "2002-01-16T14:11:04","version" => "3.02"},{"date" => "2002-03-26T14:40:14","version" => "3.03"},{"date" => "2002-04-02T04:57:42","version" => "3.04"},{"date" => "2002-07-09T16:02:36","version" => "3.05"},{"date" => "2002-09-17T17:07:34","version" => "3.06"},{"date" => "2002-09-17T20:03:49","version" => "3.07"},{"date" => "2002-09-17T21:57:09","version" => "3.08"},{"date" => "2002-11-11T07:42:10","version" => "3.09"},{"date" => "2003-06-09T19:35:52","version" => "3.10"},{"date" => "2003-09-24T13:23:47","version" => "3.11"},{"date" => "2004-01-29T15:20:30","version" => "3.12"},{"date" => "2004-02-02T07:13:15","version" => "3.13"},{"date" => "2004-03-17T15:39:18","version" => "3.14"},{"date" => "2004-04-05T08:30:51","version" => "3.15"},{"date" => "2005-02-11T17:51:59","version" => "3.16"},{"date" => "2005-03-16T14:06:47","version" => "3.17"},{"date" => "2005-08-08T12:22:25","version" => "3.18"},{"date" => "2005-08-10T16:22:28","version" => "3.19"},{"date" => "2005-08-11T13:51:56","version" => "3.20"},{"date" => "2005-08-12T12:59:54","version" => "3.21"},{"date" => "2005-10-14T16:27:05","version" => "3.22"},{"date" => "2006-01-23T14:26:19","version" => "3.23"},{"date" => "2006-05-09T08:56:08","version" => "3.24"},{"date" => "2006-05-10T11:07:37","version" => "3.25"},{"date" => "2006-07-01T11:18:04","version" => "3.26"},{"date" => "2007-01-05T17:23:58","version" => "3.28"},{"date" => "2007-01-22T09:42:28","version" => "3.29"},{"date" => "2007-11-06T14:49:35","version" => "3.30"},{"date" => "2007-11-07T19:29:27","version" => "3.31"},{"date" => "2007-11-13T20:40:13","version" => "3.32"},{"date" => "2010-01-15T17:14:59","version" => "3.33"},{"date" => "2010-01-18T19:31:16","version" => "3.34"},{"date" => "2010-05-16T05:25:45","version" => "3.35"},{"date" => "2010-10-07T09:55:43","version" => "3.36"},{"date" => "2010-10-10T05:53:41","version" => "3.37"},{"date" => "2011-02-27T06:57:30","version" => "3.38"},{"date" => "2011-09-22T01:30:24","version" => "3.39"},{"date" => "2012-05-10T10:44:35","version" => "3.40"},{"date" => "2012-08-08T20:31:00","version" => "3.41"},{"date" => "2012-11-08T12:28:17","version" => "3.42"},{"date" => "2013-05-13T08:47:04","version" => "3.44"},{"date" => "2014-03-01T08:34:52","version" => "3.45"},{"date" => "2014-03-05T11:25:33","version" => "3.46"},{"date" => "2014-03-29T10:30:09","version" => "3.47"},{"date" => "2014-03-30T09:01:59","version" => "3.48"},{"date" => "2015-04-12T09:17:47","version" => "3.49"},{"date" => "2016-11-22T15:01:43","version" => "3.50"},{"date" => "2016-11-23T12:34:37","version" => "3.51"},{"date" => "2016-11-23T17:21:16","version" => "3.52"},{"date" => "2024-12-13T15:34:19","version" => "3.53"},{"date" => "2025-06-11T09:49:17","version" => "3.54"}]},"YAML" => {"advisories" => [{"affected_versions" => ["<1.28"],"cves" => [],"description" => "Loading globs is easily exploitable.\n","distribution" => "YAML","fixed_versions" => [">=1.28"],"id" => "CPANSA-YAML-2019-01","references" => ["https://github.com/ingydotnet/yaml-pm/issues/212"],"reported" => "2019-04-27","severity" => undef},{"affected_versions" => ["<1.25"],"cves" => [],"description" => "YAML loader can run DESTROY method of object created with perl/* tag.\n","distribution" => "YAML","fixed_versions" => [">=1.25"],"id" => "CPANSA-YAML-2017-01","references" => ["https://github.com/ingydotnet/yaml-pm/issues/176"],"reported" => "2017-05-10","severity" => undef}],"main_module" => "YAML","versions" => [{"date" => "2001-12-19T10:33:57","version" => "0.25"},{"date" => "2002-01-10T06:33:41","version" => "0.26"},{"date" => "2002-01-15T22:34:34","version" => "0.30"},{"date" => "2002-06-25T06:25:48","version" => "0.35"},{"date" => "2004-01-20T09:22:57","version" => "0.49_01"},{"date" => "2005-01-31T06:49:59","version" => "0.36"},{"date" => "2005-03-31T02:57:10","version" => "0.37"},{"date" => "2005-03-31T10:16:09","version" => "0.38"},{"date" => "2005-04-12T22:41:53","version" => "0.39"},{"date" => "2005-04-25T19:42:26","version" => "0.39"},{"date" => "2005-12-25T19:27:42","version" => "0.49_70"},{"date" => "2006-01-10T05:55:16","version" => "0.50"},{"date" => "2006-01-14T19:47:39","version" => "0.50"},{"date" => "2006-01-18T23:03:28","version" => "0.52"},{"date" => "2006-01-19T19:13:35","version" => "0.53"},{"date" => "2006-01-30T02:22:33","version" => "0.54"},{"date" => "2006-01-30T03:11:55","version" => "0.55"},{"date" => "2006-01-30T18:41:21","version" => "0.56"},{"date" => "2006-02-02T07:36:12","version" => "0.56"},{"date" => "2006-02-14T21:21:22","version" => "0.58"},{"date" => "2006-07-01T05:16:14","version" => "0.60"},{"date" => "2006-07-02T20:36:06","version" => "0.61"},{"date" => "2006-07-03T22:52:48","version" => "0.62"},{"date" => "2007-06-20T23:18:21","version" => "0.63"},{"date" => "2007-06-21T23:29:30","version" => "0.64"},{"date" => "2007-06-22T00:58:23","version" => "0.65"},{"date" => "2007-09-27T09:16:07","version" => "0.66"},{"date" => "2008-12-01T10:57:39","version" => "0.67"},{"date" => "2008-12-04T09:07:34","version" => "0.68"},{"date" => "2009-08-10T05:19:57","version" => "0.69_01"},{"date" => "2009-08-10T12:44:33","version" => "0.69_02"},{"date" => "2009-08-10T17:23:08","version" => "0.70"},{"date" => "2010-01-03T01:52:05","version" => "0.71"},{"date" => "2010-09-01T02:04:50","version" => "0.72"},{"date" => "2011-04-19T10:57:00","version" => "0.73"},{"date" => "2011-09-25T20:06:34","version" => "0.74"},{"date" => "2011-09-26T22:47:06","version" => "0.75"},{"date" => "2011-09-28T10:06:35","version" => "0.76"},{"date" => "2011-09-29T16:29:20","version" => "0.77"},{"date" => "2012-01-02T07:55:05","version" => "0.78"},{"date" => "2012-02-09T01:26:43","version" => "0.79"},{"date" => "2012-02-10T20:57:18","version" => "0.80"},{"date" => "2012-04-19T18:04:48","version" => "0.81"},{"date" => "2012-07-12T18:51:27","version" => "0.82"},{"date" => "2012-07-13T15:45:29","version" => "0.83"},{"date" => "2012-07-13T18:19:24","version" => "0.84"},{"date" => "2013-11-24T15:44:47","version" => "0.85"},{"date" => "2013-11-26T16:43:45","version" => "0.86"},{"date" => "2013-12-01T05:53:16","version" => "0.87"},{"date" => "2013-12-03T05:30:33","version" => "0.88"},{"date" => "2014-02-08T22:12:24","version" => "0.89"},{"date" => "2014-02-10T16:45:22","version" => "0.90"},{"date" => "2014-05-27T21:16:01","version" => "0.91"},{"date" => "2014-05-29T03:07:13","version" => "0.92"},{"date" => "2014-06-14T05:33:25","version" => "0.93"},{"date" => "2014-06-14T17:34:58","version" => "0.94"},{"date" => "2014-06-20T19:10:04","version" => "0.95"},{"date" => "2014-07-14T05:59:12","version" => "0.96"},{"date" => "2014-07-17T06:38:34","version" => "0.97"},{"date" => "2014-07-30T19:33:24","version" => "0.98"},{"date" => "2014-08-07T00:57:08","version" => "0.99"},{"date" => "2014-08-07T07:36:47","version" => "1.00"},{"date" => "2014-08-07T21:49:48","version" => "1.01"},{"date" => "2014-08-16T04:11:27","version" => "1.02"},{"date" => "2014-08-16T10:33:26","version" => "1.03"},{"date" => "2014-08-16T15:30:43","version" => "1.04"},{"date" => "2014-08-16T20:04:31","version" => "1.05"},{"date" => "2014-08-16T23:51:52","version" => "1.06"},{"date" => "2014-08-18T15:40:59","version" => "1.07"},{"date" => "2014-08-18T17:23:04","version" => "1.08"},{"date" => "2014-08-19T23:42:23","version" => "1.09"},{"date" => "2014-08-29T05:54:45","version" => "1.10"},{"date" => "2014-08-30T03:10:03","version" => "1.11"},{"date" => "2014-09-22T15:25:30","version" => "1.12"},{"date" => "2014-10-11T16:07:22","version" => "1.13"},{"date" => "2015-01-17T23:33:39","version" => "1.14"},{"date" => "2015-04-18T15:04:42","version" => "1.15"},{"date" => "2016-07-03T17:53:34","version" => "1.16"},{"date" => "2016-07-05T20:04:45","version" => "1.16_001"},{"date" => "2016-07-05T20:10:01","version" => "1.16_002"},{"date" => "2016-07-05T20:21:25","version" => "1.17"},{"date" => "2016-07-08T14:53:24","version" => "1.18"},{"date" => "2016-11-11T22:44:07","version" => "1.18_001"},{"date" => "2016-11-18T18:46:59","version" => "1.19"},{"date" => "2016-11-27T20:27:37","version" => "1.19_001"},{"date" => "2016-12-02T21:21:40","version" => "1.20"},{"date" => "2016-12-02T22:00:08","version" => "1.20_001"},{"date" => "2016-12-07T21:17:58","version" => "1.20_002"},{"date" => "2016-12-23T20:20:06","version" => "1.21"},{"date" => "2017-02-14T22:24:38","version" => "1.22"},{"date" => "2017-02-19T21:08:48","version" => "1.23"},{"date" => "2017-05-12T15:06:03","version" => "1.23_001"},{"date" => "2017-05-14T13:15:34","version" => "1.23_002"},{"date" => "2017-10-29T22:09:18","version" => "1.23_003"},{"date" => "2017-10-30T19:33:07","version" => "1.24"},{"date" => "2018-05-06T19:10:48","version" => "1.24_001"},{"date" => "2018-05-10T16:22:16","version" => "1.24_002"},{"date" => "2018-05-11T17:59:33","version" => "1.25"},{"date" => "2018-05-12T11:43:38","version" => "1.25_001"},{"date" => "2018-05-17T13:00:07","version" => "1.25_002"},{"date" => "2018-05-18T19:58:16","version" => "1.26"},{"date" => "2018-10-18T19:46:23","version" => "1.26_001"},{"date" => "2018-11-03T13:02:53","version" => "1.27"},{"date" => "2019-04-27T13:41:56","version" => "1.27_001"},{"date" => "2019-04-28T09:46:43","version" => "1.28"},{"date" => "2019-05-05T11:31:39","version" => "1.28_001"},{"date" => "2019-05-11T08:28:01","version" => "1.29"},{"date" => "2020-01-27T22:10:33","version" => "1.30"},{"date" => "2023-12-27T15:11:23","version" => "1.31"}]},"YAML-LibYAML" => {"advisories" => [{"affected_versions" => ["<0.69"],"cves" => [],"description" => "Need SafeLoad and SafeDump analog to python\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.69"],"id" => "CPANSA-YAML-LibYAML-2016-01","references" => ["https://github.com/ingydotnet/yaml-libyaml-pm/issues/45"],"reported" => "2016-03-10","severity" => undef},{"affected_versions" => ["<0.53"],"cves" => ["CVE-2014-9130"],"description" => "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.54"],"id" => "CPANSA-YAML-LibYAML-2014-9130","references" => ["http://www.openwall.com/lists/oss-security/2014/11/29/3","http://www.openwall.com/lists/oss-security/2014/11/28/8","https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2","http://www.securityfocus.com/bid/71349","http://secunia.com/advisories/59947","https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure","http://secunia.com/advisories/60944","http://www.openwall.com/lists/oss-security/2014/11/28/1","http://linux.oracle.com/errata/ELSA-2015-0100.html","http://secunia.com/advisories/62723","http://secunia.com/advisories/62705","http://secunia.com/advisories/62774","http://www.ubuntu.com/usn/USN-2461-2","http://www.ubuntu.com/usn/USN-2461-3","http://www.ubuntu.com/usn/USN-2461-1","http://rhn.redhat.com/errata/RHSA-2015-0100.html","http://www.debian.org/security/2014/dsa-3103","http://rhn.redhat.com/errata/RHSA-2015-0112.html","http://www.debian.org/security/2014/dsa-3102","http://www.debian.org/security/2014/dsa-3115","http://rhn.redhat.com/errata/RHSA-2015-0260.html","http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html","http://www.mandriva.com/security/advisories?name=MDVSA-2015:060","http://www.mandriva.com/security/advisories?name=MDVSA-2014:242","http://advisories.mageia.org/MGASA-2014-0508.html","http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html","http://secunia.com/advisories/62176","http://secunia.com/advisories/62174","http://secunia.com/advisories/62164","https://exchange.xforce.ibmcloud.com/vulnerabilities/99047","https://puppet.com/security/cve/cve-2014-9130"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">0.38,<0.57"],"cves" => ["CVE-2012-1152"],"description" => "Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.57"],"id" => "CPANSA-YAML-LibYAML-2012-1152","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=801738","https://rt.cpan.org/Public/Bug/Display.html?id=46507","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077023.html","http://www.openwall.com/lists/oss-security/2012/03/10/4","http://www.openwall.com/lists/oss-security/2012/03/09/6","http://www.debian.org/security/2012/dsa-2432","http://www.securityfocus.com/bid/52381","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077782.html","https://rt.cpan.org/Public/Bug/Display.html?id=75365","http://secunia.com/advisories/48317","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077004.html","http://lists.opensuse.org/opensuse-updates/2012-08/msg00029.html","http://secunia.com/advisories/50277","http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/73856"],"reported" => "2012-09-09","severity" => undef},{"affected_versions" => ["<0.903.0"],"cves" => ["CVE-2025-40908"],"description" => "YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.903.0"],"id" => "CPANSA-YAML-LibYAML-2025-001","references" => ["https://www.cve.org/CVERecord?id=CVE-2025-40908","https://github.com/ingydotnet/yaml-libyaml-pm/issues/120","https://github.com/ingydotnet/yaml-libyaml-pm/pull/121","https://github.com/ingydotnet/yaml-libyaml-pm/pull/122"],"reported" => "2025-06-01","severity" => "critical"}],"main_module" => "YAML::LibYAML","versions" => [{"date" => "2007-05-11T21:37:19","version" => "0.01"},{"date" => "2007-05-15T06:37:59","version" => "0.02"},{"date" => "2007-05-19T22:23:53","version" => "0.03"},{"date" => "2007-05-21T05:19:05","version" => "0.04"},{"date" => "2007-05-21T07:45:35","version" => "0.05"},{"date" => "2007-05-23T06:56:11","version" => "0.06"},{"date" => "2007-05-23T07:10:14","version" => "0.07"},{"date" => "2007-05-26T04:58:43","version" => "0.08"},{"date" => "2007-05-28T07:47:31","version" => "0.09"},{"date" => "2007-05-28T10:30:28","version" => "0.10"},{"date" => "2007-05-30T00:30:09","version" => "0.11"},{"date" => "2007-05-30T08:13:24","version" => "0.12"},{"date" => "2007-05-30T09:38:37","version" => "0.14"},{"date" => "2007-05-31T07:48:16","version" => "0.15"},{"date" => "2007-05-31T21:05:50","version" => "0.16"},{"date" => "2007-06-07T02:55:10","version" => "0.17"},{"date" => "2007-06-18T01:35:48","version" => "0.18"},{"date" => "2007-06-18T08:06:43","version" => "0.19"},{"date" => "2007-06-18T23:34:20","version" => "0.20"},{"date" => "2007-06-21T23:27:47","version" => "0.21"},{"date" => "2007-06-22T07:42:47","version" => "0.22"},{"date" => "2007-06-23T01:17:58","version" => "0.23"},{"date" => "2007-06-24T18:37:51","version" => "0.24"},{"date" => "2007-06-25T01:40:09","version" => "0.25"},{"date" => "2007-06-26T21:00:04","version" => "0.26"},{"date" => "2008-06-07T05:37:26","version" => "0.27"},{"date" => "2008-11-12T07:09:30","version" => "0.29"},{"date" => "2009-01-11T11:00:54","version" => "0.30"},{"date" => "2009-01-12T09:26:53","version" => "0.31"},{"date" => "2009-01-12T09:34:50","version" => "0.32"},{"date" => "2010-04-15T01:01:10","version" => "0.33"},{"date" => "2010-09-23T22:43:36","version" => "0.34"},{"date" => "2011-04-03T16:41:03","version" => "0.35"},{"date" => "2011-09-29T18:10:52","version" => "0.37"},{"date" => "2012-01-04T06:58:09","version" => "0.38"},{"date" => "2013-02-12T02:09:38","version" => "0.39"},{"date" => "2013-03-12T18:07:29","version" => "0.40"},{"date" => "2013-03-13T17:36:09","version" => "0.41"},{"date" => "2014-07-11T22:30:03","version" => "0.42"},{"date" => "2014-07-12T17:05:47","version" => "0.43"},{"date" => "2014-07-13T22:24:47","version" => "0.44"},{"date" => "2014-08-04T08:23:39","version" => "0.45"},{"date" => "2014-08-05T17:33:54","version" => "0.46"},{"date" => "2014-08-09T07:30:51","version" => "0.47"},{"date" => "2014-08-16T04:07:46","version" => "0.48"},{"date" => "2014-08-16T14:31:04","version" => "0.49"},{"date" => "2014-08-16T19:58:18","version" => "0.50"},{"date" => "2014-08-16T21:29:48","version" => "0.51"},{"date" => "2014-08-23T04:04:49","version" => "0.52"},{"date" => "2014-11-28T17:22:06","version" => "0.53"},{"date" => "2014-11-29T19:48:26","version" => "0.54"},{"date" => "2014-12-23T01:27:43","version" => "0.55"},{"date" => "2015-01-16T03:23:05","version" => "0.56"},{"date" => "2015-01-16T04:06:00","version" => "0.57"},{"date" => "2015-01-21T05:02:46","version" => "0.58"},{"date" => "2015-01-26T23:05:30","version" => "0.59"},{"date" => "2016-02-09T19:36:50","version" => "0.60"},{"date" => "2016-02-20T18:05:06","version" => "0.61"},{"date" => "2016-02-22T15:47:18","version" => "0.62"},{"date" => "2016-07-03T17:33:17","version" => "0.62_001"},{"date" => "2016-07-03T17:40:25","version" => "0.62_002"},{"date" => "2016-07-08T14:41:45","version" => "0.63"},{"date" => "2016-09-08T09:56:51","version" => "0.71"},{"date" => "2016-09-13T14:44:45","version" => "0.73"},{"date" => "2017-01-03T04:10:44","version" => "0.63_001"},{"date" => "2017-04-03T18:56:26","version" => "0.63_002"},{"date" => "2017-04-07T18:32:36","version" => "0.64"},{"date" => "2017-05-18T21:10:50","version" => "0.65"},{"date" => "2017-08-13T11:49:59","version" => "0.65_001"},{"date" => "2017-08-17T18:07:26","version" => "0.66"},{"date" => "2017-11-10T21:07:40","version" => "0.66_001"},{"date" => "2017-11-14T20:03:09","version" => "0.66_002"},{"date" => "2017-11-15T18:00:42","version" => "0.67"},{"date" => "2017-12-16T21:50:01","version" => "0.67_001"},{"date" => "2017-12-18T19:01:27","version" => "0.68"},{"date" => "2017-12-20T18:38:40","version" => "0.68_001"},{"date" => "2017-12-22T11:40:39","version" => "0.68_002"},{"date" => "2017-12-26T17:37:54","version" => "0.69"},{"date" => "2018-06-07T20:16:52","version" => "0.69_001"},{"date" => "2018-06-09T19:53:37","version" => "0.70"},{"date" => "2018-06-27T17:14:44","version" => "0.70_001"},{"date" => "2018-07-08T15:04:37","version" => "0.72"},{"date" => "2018-08-31T15:38:28","version" => "0.72_01"},{"date" => "2018-09-01T01:07:45","version" => "0.74"},{"date" => "2018-10-14T14:09:48","version" => "0.74_001"},{"date" => "2018-11-03T13:17:49","version" => "0.75"},{"date" => "2018-12-16T17:28:49","version" => "0.75_001"},{"date" => "2018-12-30T19:11:20","version" => "0.76"},{"date" => "2019-03-13T18:47:41","version" => "0.76_001"},{"date" => "2019-04-15T20:56:14","version" => "0.77"},{"date" => "2019-05-15T18:20:47","version" => "0.77_001"},{"date" => "2019-05-18T16:36:19","version" => "0.78"},{"date" => "2019-05-30T16:01:02","version" => "0.78_001"},{"date" => "2019-06-10T11:10:47","version" => "0.78_002"},{"date" => "2019-06-11T19:36:40","version" => "0.79"},{"date" => "2019-08-21T16:49:31","version" => "0.79_001"},{"date" => "2019-08-22T11:18:19","version" => "0.80"},{"date" => "2020-01-27T22:06:22","version" => "0.81"},{"date" => "2020-05-02T18:40:13","version" => "0.82"},{"date" => "2021-05-02T00:16:51","version" => "0.82_001"},{"date" => "2021-05-08T21:52:55","version" => "0.83"},{"date" => "2022-09-03T19:20:07","version" => "0.84"},{"date" => "2022-09-09T15:31:45","version" => "0.84_001"},{"date" => "2022-09-09T18:12:56","version" => "0.84_002"},{"date" => "2022-09-09T19:01:06","version" => "0.84_003"},{"date" => "2022-09-12T12:21:48","version" => "0.85"},{"date" => "2023-01-26T02:35:03","version" => "0.86"},{"date" => "2023-05-04T10:47:26","version" => "0.86_001"},{"date" => "2023-05-04T19:38:30","version" => "0.87"},{"date" => "2023-05-12T12:28:46","version" => "0.88"},{"date" => "2024-01-24T21:55:26","version" => "0.88_001"},{"date" => "2024-01-27T00:45:43","version" => "0.89"},{"date" => "2024-05-26T13:07:57","version" => "0.89_001"},{"date" => "2024-09-06T21:47:43","version" => "0.90"},{"date" => "2024-09-06T22:09:50","version" => "v0.901.0"},{"date" => "2024-09-09T20:42:09","version" => "v0.901.1"},{"date" => "2024-09-20T19:48:00","version" => "v0.902.0"},{"date" => "2025-01-12T21:19:33","version" => "v0.902.1"},{"date" => "2025-01-26T01:28:39","version" => "v0.902.2"},{"date" => "2025-01-26T15:02:24","version" => "v0.902.3"},{"date" => "2025-02-02T22:21:19","version" => "v0.902.4"},{"date" => "2025-02-02T23:15:49","version" => "v0.903.0"},{"date" => "2025-05-01T14:17:45","version" => "v0.903.1"},{"date" => "2025-05-03T08:45:21","version" => "v0.903.2"},{"date" => "2025-05-03T16:35:27","version" => "v0.903.3"},{"date" => "2025-05-03T19:49:05","version" => "v0.903.4"},{"date" => "2025-05-08T12:21:43","version" => "v0.904.0"}]},"YAML-Syck" => {"advisories" => [{"affected_versions" => ["<1.36"],"cves" => ["CVE-2025-11683"],"description" => "YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure  Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read  The issue is seen with complex YAML files with a hash of all keys and empty values.\x{a0} There is no indication that the issue leads to accessing memory outside that allocated to the module.","distribution" => "YAML-Syck","fixed_versions" => [">=1.36"],"id" => "CPANSA-YAML-Syck-2025-11683","references" => ["https://github.com/cpan-authors/YAML-Syck/pull/65","https://metacpan.org/dist/YAML-Syck/changes"],"reported" => "2025-10-16","severity" => undef}],"main_module" => "YAML::Syck","versions" => [{"date" => "2005-12-25T17:59:15","version" => "0.01"},{"date" => "2005-12-26T12:10:56","version" => "0.02"},{"date" => "2005-12-27T15:53:07","version" => "0.03"},{"date" => "2005-12-28T12:16:03","version" => "0.04"},{"date" => "2006-01-08T15:54:21","version" => "0.05"},{"date" => "2006-01-08T16:03:43","version" => "0.06"},{"date" => "2006-01-08T16:25:54","version" => "0.07"},{"date" => "2006-01-08T16:38:52","version" => "0.08"},{"date" => "2006-01-08T16:42:46","version" => "0.09"},{"date" => "2006-01-08T17:13:31","version" => "0.10"},{"date" => "2006-01-08T17:22:15","version" => "0.11"},{"date" => "2006-01-09T04:57:24","version" => "0.12"},{"date" => "2006-01-09T05:44:42","version" => "0.13"},{"date" => "2006-01-09T16:03:57","version" => "0.14"},{"date" => "2006-01-10T10:57:02","version" => "0.15"},{"date" => "2006-01-10T11:57:08","version" => "0.16"},{"date" => "2006-01-10T12:28:26","version" => "0.17"},{"date" => "2006-01-10T12:49:52","version" => "0.18"},{"date" => "2006-01-10T15:52:23","version" => "0.19"},{"date" => "2006-01-11T11:18:16","version" => "0.20"},{"date" => "2006-01-11T12:36:14","version" => "0.21"},{"date" => "2006-01-11T18:44:14","version" => "0.22"},{"date" => "2006-01-14T11:44:53","version" => "0.23"},{"date" => "2006-01-14T12:21:56","version" => "0.24"},{"date" => "2006-01-15T07:45:04","version" => "0.25"},{"date" => "2006-01-15T18:03:09","version" => "0.26"},{"date" => "2006-01-15T19:16:11","version" => "0.27"},{"date" => "2006-01-16T09:58:39","version" => "0.28"},{"date" => "2006-02-05T03:50:47","version" => "0.29"},{"date" => "2006-02-06T12:54:49","version" => "0.30"},{"date" => "2006-02-10T19:25:13","version" => "0.31"},{"date" => "2006-02-11T11:00:16","version" => "0.32"},{"date" => "2006-02-15T11:53:00","version" => "0.33"},{"date" => "2006-03-06T23:28:23","version" => "0.34"},{"date" => "2006-03-09T13:11:32","version" => "0.35"},{"date" => "2006-03-10T10:27:01","version" => "0.36"},{"date" => "2006-03-14T01:19:25","version" => "0.37"},{"date" => "2006-03-14T12:44:44","version" => "0.38"},{"date" => "2006-03-31T07:32:11","version" => "0.40"},{"date" => "2006-04-01T05:50:05","version" => "0.41"},{"date" => "2006-04-25T13:07:17","version" => "0.42"},{"date" => "2006-04-29T15:26:40","version" => "0.43"},{"date" => "2006-05-03T18:04:03","version" => "0.43"},{"date" => "2006-05-27T03:30:37","version" => "0.45"},{"date" => "2006-06-24T22:55:59","version" => "0.46_01"},{"date" => "2006-07-01T05:26:06","version" => "0.60"},{"date" => "2006-07-01T14:03:38","version" => "0.61"},{"date" => "2006-07-12T06:56:58","version" => "0.62"},{"date" => "2006-07-20T19:19:13","version" => "0.63"},{"date" => "2006-07-23T00:30:37","version" => "0.64"},{"date" => "2006-07-29T16:47:56","version" => "0.65"},{"date" => "2006-07-29T23:27:40","version" => "0.66"},{"date" => "2006-07-30T01:00:36","version" => "0.67"},{"date" => "2006-10-02T12:49:23","version" => "0.70"},{"date" => "2006-10-03T15:25:46","version" => "0.70"},{"date" => "2006-11-26T00:07:30","version" => "0.72"},{"date" => "2007-01-25T19:36:14","version" => "0.80"},{"date" => "2007-01-25T23:07:09","version" => "0.81"},{"date" => "2007-01-25T23:22:51","version" => "0.82"},{"date" => "2007-04-01T16:57:59","version" => "0.84"},{"date" => "2007-04-20T14:49:50","version" => "0.85"},{"date" => "2007-06-16T13:17:35","version" => "0.86"},{"date" => "2007-06-16T16:51:23","version" => "0.86"},{"date" => "2007-06-16T20:33:56","version" => "0.86"},{"date" => "2007-06-21T19:55:23","version" => "0.86"},{"date" => "2007-06-23T02:21:39","version" => "0.86"},{"date" => "2007-07-10T01:11:34","version" => "0.86"},{"date" => "2007-08-03T17:35:53","version" => "0.86"},{"date" => "2007-08-07T17:25:31","version" => "0.86"},{"date" => "2007-09-02T16:30:10","version" => "0.86"},{"date" => "2007-10-13T13:58:17","version" => "0.86"},{"date" => "2007-10-22T18:08:48","version" => "0.86"},{"date" => "2007-12-09T21:14:09","version" => "0.86"},{"date" => "2008-01-18T17:50:22","version" => "0.86"},{"date" => "2008-02-16T12:20:10","version" => "0.86"},{"date" => "2008-02-16T13:04:46","version" => "0.86"},{"date" => "2008-02-16T16:13:51","version" => "0.86"},{"date" => "2008-06-09T02:50:39","version" => "0.86"},{"date" => "2009-04-25T03:38:49","version" => "0.86"},{"date" => "2009-04-25T03:41:41","version" => "0.86"},{"date" => "2010-05-20T10:41:25","version" => "1.07_01"},{"date" => "2010-05-23T17:10:30","version" => "1.08"},{"date" => "2010-05-23T17:48:37","version" => "1.08_01"},{"date" => "2010-05-29T22:54:14","version" => "1.09"},{"date" => "2010-06-06T21:44:15","version" => "1.10"},{"date" => "2010-07-16T11:41:50","version" => "1.10_01"},{"date" => "2010-07-19T17:41:06","version" => "1.10_01"},{"date" => "2010-07-19T22:34:01","version" => "1.10_01"},{"date" => "2010-07-19T23:55:46","version" => "1.10_01"},{"date" => "2010-07-28T06:23:27","version" => "1.10_01"},{"date" => "2010-07-29T21:34:27","version" => "1.10_06"},{"date" => "2010-07-29T22:07:40","version" => "1.10_07"},{"date" => "2010-08-03T15:06:07","version" => "1.11"},{"date" => "2010-08-04T17:28:29","version" => "1.12"},{"date" => "2010-08-26T18:14:47","version" => "1.13"},{"date" => "2010-08-26T20:39:52","version" => "1.14"},{"date" => "2010-09-23T12:20:14","version" => "1.15"},{"date" => "2010-11-21T14:40:01","version" => "1.16"},{"date" => "2010-11-21T16:43:16","version" => "1.17"},{"date" => "2011-11-03T07:09:03","version" => "1.17_01"},{"date" => "2011-11-05T19:16:14","version" => "1.17_01"},{"date" => "2011-11-08T06:51:54","version" => "1.17_01"},{"date" => "2012-02-11T09:48:37","version" => "1.20_01"},{"date" => "2012-02-15T04:54:29","version" => "1.20"},{"date" => "2012-08-22T21:49:37","version" => "1.21_01"},{"date" => "2012-09-21T03:45:26","version" => "1.21"},{"date" => "2012-11-28T00:21:05","version" => "1.22_01"},{"date" => "2012-12-04T23:06:27","version" => "1.22"},{"date" => "2013-02-21T20:13:43","version" => "1.23_01"},{"date" => "2013-02-26T19:19:43","version" => "1.23"},{"date" => "2013-03-02T07:57:56","version" => "1.24_01"},{"date" => "2013-03-02T08:54:34","version" => "1.24_02"},{"date" => "2013-03-07T16:44:31","version" => "1.24"},{"date" => "2013-03-11T04:31:15","version" => "1.25"},{"date" => "2013-05-21T03:09:18","version" => "1.26"},{"date" => "2013-05-21T04:14:10","version" => "1.27"},{"date" => "2014-06-11T19:33:47","version" => "1.28_01"},{"date" => "2014-12-11T07:31:36","version" => "1.28"},{"date" => "2014-12-14T08:32:24","version" => "1.29_01"},{"date" => "2014-12-15T15:58:26","version" => "1.29"},{"date" => "2017-04-18T00:21:57","version" => "1.30_01"},{"date" => "2017-04-20T05:05:41","version" => "1.30"},{"date" => "2018-10-25T19:22:24","version" => "1.31"},{"date" => "2020-01-27T22:19:52","version" => "1.32"},{"date" => "2020-10-26T19:35:28","version" => "1.33"},{"date" => "2020-10-26T20:20:42","version" => "1.34"},{"date" => "2025-10-09T22:46:16","version" => "1.35"},{"date" => "2025-10-10T04:58:28","version" => "1.36"}]},"YATT-Lite" => {"advisories" => [{"affected_versions" => [">=0,<=0.101_102"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "YATT::Lite","versions" => [{"date" => "2013-05-15T03:12:13","version" => "0.0_4"},{"date" => "2013-05-16T06:28:33","version" => "0.0_5"},{"date" => "2013-05-17T07:24:55","version" => "0.0_6"},{"date" => "2013-05-18T02:10:28","version" => "v0.0.6"},{"date" => "2013-06-18T09:57:42","version" => "0.0_7"},{"date" => "2013-06-20T06:09:54","version" => "v0.0.7"},{"date" => "2013-08-25T12:22:03","version" => "0.0_8"},{"date" => "2014-05-13T03:27:34","version" => "v0.0.8"},{"date" => "2014-05-14T13:17:13","version" => "0.0_9"},{"date" => "2014-05-26T13:31:04","version" => "v0.0.9"},{"date" => "2015-04-09T03:34:39","version" => "v0.0.9_001"},{"date" => "2015-04-09T06:01:16","version" => "v0.0.9_002"},{"date" => "2015-04-28T03:29:18","version" => "0.100"},{"date" => "2015-09-03T05:45:15","version" => "0.100_001"},{"date" => "2015-10-31T05:31:03","version" => "0.100_002"},{"date" => "2015-11-05T07:30:33","version" => "0.100_003"},{"date" => "2016-05-24T00:35:40","version" => "0.101"},{"date" => "2017-06-17T00:04:00","version" => "0.101_001"},{"date" => "2020-10-15T11:00:17","version" => "0.101_100"},{"date" => "2020-10-17T07:22:36","version" => "0.101_101"},{"date" => "2020-10-17T10:33:49","version" => "0.101_102"},{"date" => "2023-12-05T06:59:47","version" => "0.101_103"},{"date" => "2024-08-16T05:04:15","version" => "0.110"},{"date" => "2024-11-29T09:35:12","version" => "0.120"},{"date" => "2024-12-10T07:10:28","version" => "0.121"},{"date" => "2025-03-20T02:36:40","version" => "0.122"},{"date" => "2025-03-29T07:49:37","version" => "0.123"},{"date" => "2025-05-17T08:02:02","version" => "0.130"},{"date" => "2025-05-18T12:55:44","version" => "0.131"}]},"Yancy" => {"advisories" => [{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["X-CVE-2018-vue-001"],"description" => "Regular Expression Denial of Service.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-X-CVE-2018-vue-001-vue","references" => ["https://security.snyk.io/vuln/npm:vue:20180222"],"reported" => "2018-02-21","severity" => undef}],"main_module" => "Yancy","versions" => [{"date" => "2017-12-03T00:52:00","version" => "0.001"},{"date" => "2017-12-03T02:48:33","version" => "0.002"},{"date" => "2017-12-05T19:18:06","version" => "0.003"},{"date" => "2017-12-05T20:50:34","version" => "0.004"},{"date" => "2017-12-12T21:48:00","version" => "0.005"},{"date" => "2017-12-15T17:07:32","version" => "0.006"},{"date" => "2017-12-17T00:34:29","version" => "0.007"},{"date" => "2017-12-18T00:39:37","version" => "0.008"},{"date" => "2018-01-07T22:33:53","version" => "0.009"},{"date" => "2018-01-12T22:59:55","version" => "0.010"},{"date" => "2018-01-13T18:49:01","version" => "0.011"},{"date" => "2018-01-29T18:51:02","version" => "0.012"},{"date" => "2018-02-08T05:23:07","version" => "0.013"},{"date" => "2018-02-09T20:51:30","version" => "0.014"},{"date" => "2018-02-12T18:53:07","version" => "0.015"},{"date" => "2018-02-17T04:34:18","version" => "0.016"},{"date" => "2018-02-18T04:27:50","version" => "0.017"},{"date" => "2018-02-22T00:11:09","version" => "0.018"},{"date" => "2018-02-24T05:26:49","version" => "0.019"},{"date" => "2018-02-25T20:44:25","version" => "0.020"},{"date" => "2018-03-02T18:40:59","version" => "0.021"},{"date" => "2018-03-06T21:58:19","version" => "0.022"},{"date" => "2018-03-11T01:00:16","version" => "0.023"},{"date" => "2018-03-15T05:22:49","version" => "1.000"},{"date" => "2018-03-15T19:57:00","version" => "1.001"},{"date" => "2018-03-18T21:57:03","version" => "1.002"},{"date" => "2018-03-28T21:27:52","version" => "1.003"},{"date" => "2018-03-30T18:25:45","version" => "1.004"},{"date" => "2018-05-19T02:53:00","version" => "1.005"},{"date" => "2018-08-12T06:09:06","version" => "1.006"},{"date" => "2018-08-12T20:27:15","version" => "1.007"},{"date" => "2018-09-11T01:20:18","version" => "1.008"},{"date" => "2018-10-22T01:51:24","version" => "1.009"},{"date" => "2018-10-25T00:25:17","version" => "1.010"},{"date" => "2018-10-27T05:32:05","version" => "1.011"},{"date" => "2018-10-30T03:33:36","version" => "1.012"},{"date" => "2018-11-09T17:33:11","version" => "1.013"},{"date" => "2018-11-09T22:02:05","version" => "1.014"},{"date" => "2018-11-25T04:56:36","version" => "1.015"},{"date" => "2018-12-07T04:54:02","version" => "1.016"},{"date" => "2018-12-09T23:45:29","version" => "1.017"},{"date" => "2018-12-18T04:40:44","version" => "1.018"},{"date" => "2018-12-31T00:38:59","version" => "1.019"},{"date" => "2019-01-02T01:03:29","version" => "1.020"},{"date" => "2019-01-09T05:55:47","version" => "1.021"},{"date" => "2019-01-13T19:30:57","version" => "1.022"},{"date" => "2019-02-15T02:25:28","version" => "1.023"},{"date" => "2019-04-26T14:56:12","version" => "1.024"},{"date" => "2019-05-06T04:11:41","version" => "1.025"},{"date" => "2019-05-17T06:27:23","version" => "1.026"},{"date" => "2019-06-02T06:06:08","version" => "1.027"},{"date" => "2019-06-04T17:15:26","version" => "1.028"},{"date" => "2019-06-06T05:25:24","version" => "1.029"},{"date" => "2019-06-07T02:08:14","version" => "1.030"},{"date" => "2019-06-07T02:27:03","version" => "1.031"},{"date" => "2019-06-14T03:39:20","version" => "1.032"},{"date" => "2019-06-20T02:48:25","version" => "1.033"},{"date" => "2019-06-24T00:57:16","version" => "1.034"},{"date" => "2019-07-01T03:16:03","version" => "1.035"},{"date" => "2019-07-06T23:50:11","version" => "1.036"},{"date" => "2019-07-27T00:50:49","version" => "1.037"},{"date" => "2019-07-30T04:27:18","version" => "1.038"},{"date" => "2019-08-10T23:39:44","version" => "1.039"},{"date" => "2019-09-14T04:17:35","version" => "1.040"},{"date" => "2019-10-12T23:55:02","version" => "1.041"},{"date" => "2019-11-24T08:24:08","version" => "1.042"},{"date" => "2019-12-05T23:08:45","version" => "1.043"},{"date" => "2019-12-06T03:51:58","version" => "1.044"},{"date" => "2019-12-17T04:40:46","version" => "1.045"},{"date" => "2020-03-29T18:00:56","version" => "1.046"},{"date" => "2020-04-01T03:02:07","version" => "1.047"},{"date" => "2020-04-06T02:30:40","version" => "1.048"},{"date" => "2020-04-07T04:31:26","version" => "1.049"},{"date" => "2020-04-08T04:28:36","version" => "1.050"},{"date" => "2020-04-11T05:13:41","version" => "1.051"},{"date" => "2020-04-14T04:57:48","version" => "1.052"},{"date" => "2020-04-15T04:01:57","version" => "1.053"},{"date" => "2020-04-19T21:32:12","version" => "1.054"},{"date" => "2020-04-25T02:06:45","version" => "1.055"},{"date" => "2020-04-26T19:33:14","version" => "1.056"},{"date" => "2020-05-31T02:45:58","version" => "1.057"},{"date" => "2020-06-03T20:37:49","version" => "1.058"},{"date" => "2020-06-06T23:00:04","version" => "1.059"},{"date" => "2020-06-07T21:49:37","version" => "1.060"},{"date" => "2020-06-10T15:54:16","version" => "1.061"},{"date" => "2020-06-17T01:02:58","version" => "1.062"},{"date" => "2020-06-25T02:56:34","version" => "1.063"},{"date" => "2020-06-26T05:04:42","version" => "1.064"},{"date" => "2020-07-30T03:14:01","version" => "1.065"},{"date" => "2020-08-08T00:49:06","version" => "1.066"},{"date" => "2020-11-16T04:55:02","version" => "1.067"},{"date" => "2020-12-19T22:43:03","version" => "1.068"},{"date" => "2021-03-04T15:49:34","version" => "1.069"},{"date" => "2021-05-09T01:57:45","version" => "1.070"},{"date" => "2021-05-24T17:07:54","version" => "1.071"},{"date" => "2021-05-26T04:38:25","version" => "1.072"},{"date" => "2021-06-07T16:41:34","version" => "1.073"},{"date" => "2021-06-18T17:57:53","version" => "1.074"},{"date" => "2021-08-07T20:15:50","version" => "1.075"},{"date" => "2021-08-11T18:10:15","version" => "1.076"},{"date" => "2021-09-06T02:25:08","version" => "1.077"},{"date" => "2021-10-17T17:04:53","version" => "1.078"},{"date" => "2021-10-24T20:02:37","version" => "1.079"},{"date" => "2021-10-25T00:42:07","version" => "1.080"},{"date" => "2021-10-26T14:34:15","version" => "1.081"},{"date" => "2021-10-29T22:45:47","version" => "1.082"},{"date" => "2021-10-31T20:56:53","version" => "1.083"},{"date" => "2021-11-03T17:00:00","version" => "1.084"},{"date" => "2021-12-04T04:58:21","version" => "1.085"},{"date" => "2021-12-12T01:08:52","version" => "1.086"},{"date" => "2021-12-14T22:11:27","version" => "1.087"},{"date" => "2021-12-19T02:26:57","version" => "1.088"}]},"Yote" => {"advisories" => [{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Yote","versions" => [{"date" => "2012-01-22T10:43:15","version" => "0.03"},{"date" => "2012-01-29T07:46:40","version" => "0.05"},{"date" => "2012-02-01T08:18:26","version" => "0.06"},{"date" => "2012-02-11T16:40:05","version" => "0.070"},{"date" => "2012-02-12T16:46:56","version" => "0.071"},{"date" => "2012-02-12T20:11:04","version" => "0.073"},{"date" => "2012-02-16T08:01:45","version" => "0.075"},{"date" => "2012-02-25T06:16:49","version" => "0.076"},{"date" => "2012-03-07T15:53:55","version" => "0.077"},{"date" => "2012-03-13T15:45:53","version" => "0.078"},{"date" => "2012-03-14T01:40:01","version" => "0.079"},{"date" => "2012-03-17T04:58:12","version" => "0.080"},{"date" => "2012-03-21T01:00:10","version" => "0.081"},{"date" => "2012-03-23T15:29:25","version" => "0.082"},{"date" => "2012-03-29T16:10:50","version" => "0.083"},{"date" => "2012-04-03T03:36:11","version" => "0.084"},{"date" => "2012-04-07T01:57:35","version" => "0.085"},{"date" => "2012-04-17T14:58:33","version" => "0.086"},{"date" => "2012-04-23T00:34:04","version" => "0.087"},{"date" => "2012-05-09T15:44:27","version" => "0.088"},{"date" => "2012-06-17T16:41:27","version" => "0.89"},{"date" => "2012-07-07T18:21:53","version" => "0.090"},{"date" => "2012-12-07T23:08:36","version" => "0.092"},{"date" => "2012-12-12T00:15:28","version" => "0.093"},{"date" => "2012-12-15T03:00:06","version" => "0.094"},{"date" => "2012-12-21T15:03:35","version" => "0.095"},{"date" => "2012-12-21T15:10:23","version" => "0.094"},{"date" => "2012-12-21T16:41:46","version" => "0.097"},{"date" => "2013-02-26T16:07:02","version" => "0.097"},{"date" => "2013-02-26T22:00:08","version" => "0.097"},{"date" => "2013-04-11T09:00:27","version" => "0.097"},{"date" => "2013-04-13T18:08:08","version" => "0.097"},{"date" => "2013-04-24T05:02:26","version" => "0.0975"},{"date" => "2013-04-24T20:50:26","version" => "0.0975"},{"date" => "2013-04-24T21:06:41","version" => "0.0976"},{"date" => "2013-04-24T23:55:23","version" => "0.0977"},{"date" => "2013-04-27T00:36:29","version" => "0.0978"},{"date" => "2013-04-27T01:37:31","version" => "0.0979"},{"date" => "2013-04-27T20:40:51","version" => "0.0980"},{"date" => "2013-05-02T02:22:35","version" => "0.0981"},{"date" => "2013-05-02T22:58:43","version" => "0.0982"},{"date" => "2013-05-06T15:52:27","version" => "0.0983"},{"date" => "2013-05-06T18:20:49","version" => "0.0984"},{"date" => "2013-05-11T01:05:36","version" => "0.0985"},{"date" => "2013-05-13T19:58:35","version" => "0.0986"},{"date" => "2013-05-13T23:31:05","version" => "0.0987"},{"date" => "2013-05-14T23:16:07","version" => "0.0988"},{"date" => "2013-05-19T19:40:20","version" => "0.0989"},{"date" => "2013-05-20T20:35:57","version" => "0.0990"},{"date" => "2013-05-21T01:32:16","version" => "0.0991"},{"date" => "2013-05-26T05:36:04","version" => "0.0992"},{"date" => "2013-06-04T05:13:09","version" => "0.0993"},{"date" => "2013-06-09T19:10:13","version" => "0.0994"},{"date" => "2013-06-09T21:09:39","version" => "0.0995"},{"date" => "2013-06-13T17:22:45","version" => "0.0996"},{"date" => "2013-06-19T23:18:28","version" => "0.1000"},{"date" => "2013-06-20T01:15:43","version" => "0.1001"},{"date" => "2013-07-08T18:51:52","version" => "0.1002"},{"date" => "2013-07-11T04:25:50","version" => "0.1003"},{"date" => "2013-07-25T05:35:23","version" => "0.1004"},{"date" => "2013-07-25T06:10:27","version" => "0.1005"},{"date" => "2013-09-10T03:54:55","version" => "0.1007"},{"date" => "2013-09-18T07:11:47","version" => "0.1008"},{"date" => "2013-10-13T04:31:17","version" => "0.1010"},{"date" => "2013-11-20T01:45:12","version" => "0.1011"},{"date" => "2013-11-28T06:46:16","version" => "0.1012"},{"date" => "2013-11-28T07:09:28","version" => "0.1013"},{"date" => "2013-12-26T03:28:50","version" => "0.1014"},{"date" => "2013-12-26T08:20:18","version" => "0.1015"},{"date" => "2013-12-28T19:05:21","version" => "0.1016"},{"date" => "2014-01-03T05:59:02","version" => "0.1017"},{"date" => "2014-01-03T06:25:40","version" => "0.1018"},{"date" => "2014-01-07T06:55:43","version" => "0.1019"},{"date" => "2014-02-07T05:56:36","version" => "0.1020"},{"date" => "2014-02-08T04:50:07","version" => "0.1021"},{"date" => "2014-02-20T17:39:10","version" => "0.1022"},{"date" => "2014-03-19T17:10:59","version" => "0.2"},{"date" => "2014-04-05T15:46:56","version" => "0.201"},{"date" => "2014-04-09T05:41:25","version" => "0.202"},{"date" => "2014-04-09T06:26:12","version" => "0.203"},{"date" => "2014-04-16T05:15:00","version" => "0.204"},{"date" => "2014-04-16T06:14:50","version" => "0.205"},{"date" => "2014-04-17T16:14:50","version" => "0.206"},{"date" => "2014-04-19T05:22:53","version" => "0.207"},{"date" => "2014-04-26T00:43:56","version" => "0.208"},{"date" => "2014-04-26T20:08:07","version" => "0.209"},{"date" => "2014-04-28T06:20:54","version" => "0.210"},{"date" => "2014-05-01T07:40:34","version" => "0.211"},{"date" => "2014-05-01T21:51:37","version" => "0.212"},{"date" => "2014-05-02T05:53:29","version" => "0.213"},{"date" => "2014-06-01T08:43:50","version" => "0.214"},{"date" => "2014-07-14T21:20:42","version" => "0.215"},{"date" => "2014-07-28T02:56:15","version" => "0.217"},{"date" => "2014-08-02T03:52:23","version" => "0.218"},{"date" => "2014-08-15T07:05:20","version" => "0.219"},{"date" => "2014-08-16T00:26:35","version" => "0.220"},{"date" => "2014-08-16T21:00:03","version" => "0.221"},{"date" => "2014-08-16T21:07:56","version" => "0.222"},{"date" => "2014-08-17T05:44:33","version" => "0.223"},{"date" => "2014-08-20T06:51:52","version" => "0.224"},{"date" => "2014-08-23T02:39:34","version" => "0.225"},{"date" => "2014-09-04T04:16:58","version" => "0.226"},{"date" => "2014-09-14T04:58:03","version" => "0.228"},{"date" => "2014-09-28T21:11:57","version" => "0.230"},{"date" => "2014-12-09T18:14:17","version" => "0.231"},{"date" => "2015-03-29T20:00:25","version" => "0.300"},{"date" => "2015-04-06T04:00:18","version" => "0.302"},{"date" => "2015-04-06T17:37:33","version" => "0.303"},{"date" => "2015-04-07T05:21:56","version" => "0.304"},{"date" => "2015-04-07T16:52:31","version" => "0.306"},{"date" => "2015-04-07T18:12:24","version" => "0.307"},{"date" => "2015-05-26T21:43:52","version" => "0.308"},{"date" => "2015-05-26T21:48:26","version" => "0.309"},{"date" => "2015-05-26T22:35:35","version" => "0.310"},{"date" => "2015-08-19T01:10:26","version" => "0.311"},{"date" => "2015-09-04T16:15:30","version" => "0.312"},{"date" => "2015-10-11T03:06:17","version" => "1.0"},{"date" => "2015-11-03T00:30:41","version" => "1.1"},{"date" => "2015-12-09T07:17:54","version" => "1.2"},{"date" => "2016-03-09T19:59:10","version" => "1.3"},{"date" => "2016-03-09T20:02:02","version" => "1.02"},{"date" => "2016-03-09T23:15:18","version" => "1.31"},{"date" => "2016-05-01T19:53:03","version" => "1.32"},{"date" => "2016-05-03T02:00:18","version" => "1.33"},{"date" => "2016-05-05T15:33:14","version" => "1.34"},{"date" => "2016-05-06T19:58:06","version" => "1.35"},{"date" => "2016-05-06T20:45:29","version" => "1.36"},{"date" => "2016-05-07T17:30:07","version" => "1.37"},{"date" => "2016-05-10T23:16:25","version" => "1.38"},{"date" => "2016-05-11T23:57:21","version" => "1.39"},{"date" => "2016-05-31T18:50:56","version" => "1.40"},{"date" => "2016-09-01T16:14:07","version" => "1.41"},{"date" => "2016-11-21T18:59:45","version" => "1.43"},{"date" => "2016-12-01T07:11:37","version" => "1.44"},{"date" => "2016-12-21T19:44:12","version" => "1.45"},{"date" => "2017-04-08T21:01:47","version" => "2.0"},{"date" => "2017-08-16T23:30:57","version" => "2.01"},{"date" => "2017-09-20T19:01:58","version" => "2.02"},{"date" => "2018-03-25T03:31:35","version" => "3.0"}]},"Yukki" => {"advisories" => [{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41182"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41182-jqueryui","references" => ["https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc","https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41183"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41183-jqueryui","references" => ["https://bugs.jqueryui.com/ticket/15284","https://github.com/jquery/jquery-ui/pull/1953","https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-001","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41184"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41184-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280","https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-core-2022-001","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.112770"],"cves" => ["CVE-2010-5312"],"description" => "Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2010-5312-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3","http://seclists.org/oss-sec/2014/q4/616","http://bugs.jqueryui.com/ticket/6016","http://seclists.org/oss-sec/2014/q4/613","http://rhn.redhat.com/errata/RHSA-2015-0442.html","http://www.debian.org/security/2015/dsa-3249","http://www.securityfocus.com/bid/71106","http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","http://rhn.redhat.com/errata/RHSA-2015-1462.html","http://www.securitytracker.com/id/1037035","https://exchange.xforce.ibmcloud.com/vulnerabilities/98696","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.drupal.org/sa-core-2022-002","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E"],"reported" => "2014-11-24","severity" => undef},{"affected_versions" => [">=0.0.121700,<=0.140290"],"cves" => ["CVE-2010-5312"],"description" => "Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2010-5312-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3","http://seclists.org/oss-sec/2014/q4/616","http://bugs.jqueryui.com/ticket/6016","http://seclists.org/oss-sec/2014/q4/613","http://rhn.redhat.com/errata/RHSA-2015-0442.html","http://www.debian.org/security/2015/dsa-3249","http://www.securityfocus.com/bid/71106","http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","http://rhn.redhat.com/errata/RHSA-2015-1462.html","http://www.securitytracker.com/id/1037035","https://exchange.xforce.ibmcloud.com/vulnerabilities/98696","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.drupal.org/sa-core-2022-002","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E"],"reported" => "2014-11-24","severity" => undef},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => ["<=0.140290"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => [">=0.110830,<=0.111160"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => [">=0.111280,<=0.112770"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => [">=0.121700,<=0.140290"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"}],"main_module" => "Yukki","versions" => [{"date" => "2011-03-24T04:47:01","version" => "0.110830"},{"date" => "2011-03-25T05:35:01","version" => "0.110840"},{"date" => "2011-03-26T04:25:48","version" => "0.110850"},{"date" => "2011-03-29T03:08:58","version" => "0.110880"},{"date" => "2011-03-31T22:33:47","version" => "0.110900"},{"date" => "2011-04-16T02:29:38","version" => "0.111060"},{"date" => "2011-04-26T03:12:19","version" => "0.111160"},{"date" => "2011-05-08T01:46:50","version" => "0.111280"},{"date" => "2011-06-15T01:52:19","version" => "0.111660"},{"date" => "2011-06-21T03:20:58","version" => "0.111720"},{"date" => "2011-07-02T20:55:01","version" => "0.111830"},{"date" => "2011-10-04T19:30:44","version" => "0.112770"},{"date" => "2012-06-18T04:45:34","version" => "0.121700"},{"date" => "2012-06-27T02:33:18","version" => "0.121790"},{"date" => "2013-08-04T02:04:00","version" => "0.132160"},{"date" => "2014-01-29T14:29:25","version" => "0.140290"},{"date" => "2017-07-19T16:04:21","version" => "0.99_01"},{"date" => "2017-07-20T18:43:41","version" => "0.990_001"},{"date" => "2017-07-21T00:30:50","version" => "0.990_002"},{"date" => "2017-07-23T04:49:37","version" => "0.991_001"},{"date" => "2017-08-04T04:09:29","version" => "0.991_002"},{"date" => "2017-08-11T00:22:44","version" => "0.991_003"},{"date" => "2017-08-13T02:54:57","version" => "0.991_004"},{"date" => "2017-08-18T18:47:13","version" => "0.991_005"},{"date" => "2017-11-09T02:48:59","version" => "0.991_006"},{"date" => "2026-01-31T18:55:04","version" => "0.991_007"}]},"Zabbix-Reporter" => {"advisories" => [{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Zabbix::Reporter","versions" => [{"date" => "2013-03-27T23:01:45","version" => "0.01"},{"date" => "2013-03-29T20:06:46","version" => "0.02"},{"date" => "2013-05-05T11:26:24","version" => "0.03"},{"date" => "2013-05-13T20:38:47","version" => "0.04"},{"date" => "2013-05-21T19:59:56","version" => "0.05"},{"date" => "2013-06-16T12:55:56","version" => "0.06"},{"date" => "2013-09-08T21:14:34","version" => "0.07"}]},"Zonemaster-Backend" => {"advisories" => [{"affected_versions" => ["<7.0.0"],"cves" => [],"description" => "When running the API behind a reverse proxy on the same machine (like it is using the configuration example provided by the GUI) the remote ip might always be localhost even if the query was done from elsewher\n","distribution" => "Zonemaster-Backend","fixed_versions" => [">=7.0.0"],"id" => "CPANSA-Zonemaster-Backend-2021-001","references" => ["https://github.com/zonemaster/zonemaster-backend/issues/838","https://metacpan.org/dist/Zonemaster-Backend/changes"],"reported" => "2021-08-05","severity" => undef},{"affected_versions" => ["<1.0.1"],"cves" => [],"description" => "Potential SQL injection.\n","distribution" => "Zonemaster-Backend","fixed_versions" => [">=1.0.1"],"id" => "CPANSA-Zonemaster-Backend-2015-001","references" => ["https://github.com/zonemaster/zonemaster-backend/issues/25","https://metacpan.org/dist/Zonemaster-Backend/changes"],"reported" => "2015-01-28","severity" => undef}],"main_module" => "Zonemaster::Backend","versions" => [{"date" => "2017-11-02T13:57:24","version" => "2.0.0"},{"date" => "2018-01-12T17:25:15","version" => "2.0.1"},{"date" => "2018-02-23T13:09:41","version" => "2.0.2"},{"date" => "2018-06-25T08:43:15","version" => "2.1.0"},{"date" => "2019-05-24T07:07:47","version" => "4.0.0"},{"date" => "2019-05-31T16:42:26","version" => "4.0.1"},{"date" => "2020-05-01T14:49:55","version" => "5.0.0"},{"date" => "2020-05-15T12:59:00","version" => "5.0.1"},{"date" => "2020-05-22T07:31:56","version" => "5.0.2"},{"date" => "2020-11-09T09:49:51","version" => "6.0.0"},{"date" => "2020-11-10T10:02:13","version" => "6.0.1"},{"date" => "2020-11-18T09:08:50","version" => "6.0.2"},{"date" => "2021-02-09T11:02:57","version" => "6.1.0"},{"date" => "2021-05-31T20:39:03","version" => "6.2.0"},{"date" => "2021-09-18T14:05:03","version" => "7.0.0"},{"date" => "2021-12-06T00:20:51","version" => "8.0.0"},{"date" => "2021-12-20T10:08:13","version" => "8.1.0"},{"date" => "2022-06-10T11:39:25","version" => "9.0.0"},{"date" => "2022-07-08T08:40:31","version" => "9.0.1"},{"date" => "2022-12-19T09:29:40","version" => "10.0.0"},{"date" => "2023-01-31T16:06:19","version" => "10.0.1"},{"date" => "2023-03-01T17:37:05","version" => "10.0.2"},{"date" => "2023-06-21T16:14:40","version" => "11.0.0"},{"date" => "2023-08-08T02:40:32","version" => "11.0.1"},{"date" => "2023-09-08T09:18:30","version" => "11.0.2"},{"date" => "2024-03-18T15:59:50","version" => "11.1.0"},{"date" => "2024-03-28T10:49:24","version" => "11.1.1"},{"date" => "2024-07-01T15:45:21","version" => "11.2.0"},{"date" => "2024-12-09T13:52:41","version" => "11.3.0"},{"date" => "2025-03-04T21:47:49","version" => "11.4.0"},{"date" => "2025-06-26T17:21:54","version" => "11.5.0"},{"date" => "2025-12-19T11:15:27","version" => "12.0.0"}]},"Zonemaster-GUI" => {"advisories" => [{"affected_versions" => [">=1.0.7,<=1.0.11"],"cves" => ["CVE-2019-14863"],"description" => "There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2019-14863-angular","references" => ["https://snyk.io/vuln/npm:angular:20150807","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863"],"reported" => "2020-01-02","severity" => "medium"},{"affected_versions" => [">=1.0.7,<1.0.11"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Zonemaster::GUI","versions" => [{"date" => "2016-10-17T13:50:05","version" => "v1.0.7"},{"date" => "2016-10-17T14:35:43","version" => "v1.0.7"},{"date" => "2017-11-02T14:09:33","version" => "1.0.8"},{"date" => "2018-01-12T17:25:49","version" => "1.0.9"},{"date" => "2018-01-26T11:37:00","version" => "1.0.10"},{"date" => "2018-02-23T13:11:09","version" => "1.0.11"}]},"cppAdaptive1" => {"advisories" => [{"affected_versions" => ["==0.01"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "cppAdaptive1","fixed_versions" => [],"id" => "CPANSA-cppAdaptive1-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "cppAdaptive1","fixed_versions" => [],"id" => "CPANSA-cppAdaptive1-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "cppAdaptive1","versions" => [{"date" => "2017-08-15T00:25:43","version" => "0.01"}]},"cppAdaptive2" => {"advisories" => [{"affected_versions" => [">=0.01,<=3.0.3"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "cppAdaptive2","fixed_versions" => [],"id" => "CPANSA-cppAdaptive2-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"},{"affected_versions" => [">=0.01,<=3.0.3"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "cppAdaptive2","fixed_versions" => [],"id" => "CPANSA-cppAdaptive2-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "cppAdaptive2","versions" => [{"date" => "2018-05-30T06:24:48","version" => "0.01"},{"date" => "2018-06-04T20:54:37","version" => "v0.2.0"},{"date" => "2018-06-05T05:02:05","version" => "v1.0.0"},{"date" => "2018-06-05T15:49:02","version" => "v2.0.0"},{"date" => "2018-06-05T18:41:34","version" => "v2.0.1"},{"date" => "2018-06-06T17:15:24","version" => "v2.0.2"},{"date" => "2018-06-10T16:13:47","version" => "v3.0.0"},{"date" => "2018-06-10T18:17:00","version" => "v3.0.1"},{"date" => "2018-06-10T20:01:07","version" => "v3.0.2"},{"date" => "2018-06-11T04:59:40","version" => "v3.0.3"}]},"eperl" => {"advisories" => [{"affected_versions" => ["<=2.2.14"],"cves" => ["CVE-2001-0733"],"description" => "The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.\n","distribution" => "eperl","fixed_versions" => [],"id" => "CPANSA-ePerl-2001-0733","references" => ["http://www.securityfocus.com/archive/1/192711","http://www.securityfocus.com/bid/2912","https://exchange.xforce.ibmcloud.com/vulnerabilities/6743"],"reported" => "2001-10-18","severity" => undef}],"main_module" => "Parse::ePerl","versions" => [{"date" => "1996-09-08T09:22:26","version" => "1.4"},{"date" => "1997-01-20T06:55:18","version" => "v2.0.3"},{"date" => "1997-03-25T09:19:29","version" => "2.1"},{"date" => "1997-04-03T12:24:29","version" => "2.1"},{"date" => "1997-04-05T08:04:08","version" => "2.1"},{"date" => "1997-04-18T16:36:34","version" => "2.1"},{"date" => "1997-04-27T15:20:23","version" => "v2.1.0"},{"date" => "1997-05-04T20:06:49","version" => "v2.1.1"},{"date" => "1997-05-29T10:26:35","version" => "2.2"},{"date" => "1997-05-30T06:24:00","version" => "v2.1.2"},{"date" => "1997-05-30T16:53:19","version" => "2.2"},{"date" => "1997-06-06T07:37:49","version" => "2.2"},{"date" => "1997-06-28T15:59:18","version" => "2.2"},{"date" => "1997-07-19T08:23:43","version" => "v2.2.0"},{"date" => "1997-08-14T15:16:02","version" => "v2.2.2"},{"date" => "1997-08-21T15:44:18","version" => "v2.2.3"},{"date" => "1997-09-01T14:16:42","version" => "v2.2.4"},{"date" => "1997-09-03T10:33:40","version" => "v2.2.5"},{"date" => "1997-10-28T13:28:21","version" => "v2.2.6"},{"date" => "1997-11-17T16:37:11","version" => "v2.2.8"},{"date" => "1998-01-02T11:42:11","version" => "v2.2.12"},{"date" => "1998-07-10T09:22:54","version" => "v2.2.13"}]},"libapreq2" => {"advisories" => [{"affected_versions" => ["<2.07"],"cves" => ["CVE-2006-0042"],"description" => "Unspecified vulnerability in apreq_parse_headers and apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.\n","distribution" => "libapreq2","fixed_versions" => [">=2.07"],"id" => "CPANSA-libapreq2-2006-01","references" => ["https://metacpan.org/changes/distribution/libapreq2"],"reported" => "2007-04-17"}],"main_module" => "Apache2::Cookie","versions" => [{"date" => "2003-11-11T01:28:48","version" => "2.01_03"},{"date" => "2003-11-16T04:16:12","version" => "2.02_02"},{"date" => "2004-06-12T14:52:49","version" => "2.03_04"},{"date" => "2004-08-30T16:13:45","version" => "2.04_03"},{"date" => "2005-05-04T23:38:05","version" => "2.05"},{"date" => "2005-07-20T17:10:48","version" => "2.06"},{"date" => "2006-02-12T18:10:47","version" => "2.07"},{"date" => "2006-08-09T04:54:07","version" => "2.08"},{"date" => "2009-03-13T22:47:11","version" => "2.12"},{"date" => "2010-12-02T18:41:57","version" => "2.13"},{"date" => "2021-02-23T13:26:47","version" => "2.15"},{"date" => "2021-03-22T17:59:11","version" => "2.16"}]},"libwww-perl" => {"advisories" => [{"affected_versions" => ["<6.28"],"cves" => [],"description" => "LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command\n","distribution" => "libwww-perl","fixed_versions" => [">=6.27"],"id" => "CPANSA-libwww-perl-2017-01","references" => ["https://github.com/libwww-perl/libwww-perl/pull/270"],"reported" => "2017-11-06","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]},{"affected_versions" => ["<6.00"],"cves" => ["CVE-2011-0633"],"description" => "The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.\n","distribution" => "libwww-perl","fixed_versions" => [">=6.00"],"id" => "CPANSA-libwww-perl-2011-01","references" => ["http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html","http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html"],"reported" => "2011-01-20"},{"affected_versions" => ["<5.835"],"cves" => ["CVE-2010-2253"],"description" => "lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.\n","distribution" => "libwww-perl","fixed_versions" => [">=5.835"],"id" => "CPANSA-libwww-perl-2010-01","references" => ["http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html","http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html"],"reported" => "2010-07-06"},{"affected_versions" => ["<5.51"],"cves" => [],"description" => "If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for \"http_proxy\" permits \"HTTP_PROXY\" to be found, but this can be trivially set by the web client using the \"Proxy:\" header.\n","distribution" => "libwww-perl","fixed_versions" => [">=5.51"],"id" => "CPANSA-libwww-perl-2001-01","reported" => "2001-03-14"},{"affected_versions" => ["<0.04"],"cves" => [],"description" => "There is a security hole with the implementation of getBasicCredentials().\n","distribution" => "libwww-perl","fixed_versions" => [">=0.04"],"id" => "CPANSA-libwww-perl-1995-01","references" => ["https://metacpan.org/dist/libwww-perl/changes"],"reported" => "1995-09-06"}],"main_module" => "LWP","versions" => [{"date" => "1995-09-16T13:51:35","version" => 5},{"date" => "1995-11-06T14:29:13","version" => 5},{"date" => "1996-05-09T22:43:16","version" => 5},{"date" => "1996-05-26T14:01:51","version" => "5.00"},{"date" => "1996-08-02T16:38:58","version" => "5.01"},{"date" => "1996-09-11T16:19:57","version" => "5.02"},{"date" => "1996-09-30T22:58:37","version" => "5.03"},{"date" => "1996-10-22T10:39:33","version" => "5.04"},{"date" => "1996-12-04T23:36:17","version" => "5.05"},{"date" => "1997-01-27T23:53:38","version" => "5.06"},{"date" => "1997-02-11T14:20:18","version" => "5.07"},{"date" => "1997-04-05T13:10:16","version" => "5.08"},{"date" => "1997-06-10T11:07:01","version" => "5.09"},{"date" => "1997-06-20T10:51:10","version" => "5.10"},{"date" => "1997-08-06T08:41:11","version" => "5.11"},{"date" => "1997-09-05T09:38:58","version" => "5.12"},{"date" => "1997-09-20T12:50:59","version" => "5.13"},{"date" => "1997-10-12T20:55:32","version" => "5.14"},{"date" => "1997-11-06T20:23:06","version" => "5.15"},{"date" => "1997-12-12T17:44:29","version" => "5.18"},{"date" => "1997-12-16T22:25:00","version" => "5.18_03"},{"date" => "1997-12-17T10:08:54","version" => "5.18_04"},{"date" => "1998-01-20T18:16:51","version" => "5.18_05"},{"date" => "1998-01-26T23:55:39","version" => "5.19"},{"date" => "1998-02-12T23:43:23","version" => "5.20"},{"date" => "1998-03-12T18:39:08","version" => "5.21"},{"date" => "1998-03-24T19:42:54","version" => "5.22"},{"date" => "1998-03-31T22:25:14","version" => "5.30"},{"date" => "1998-04-10T15:07:10","version" => "5.31"},{"date" => "1998-04-17T05:23:45","version" => "5.32"},{"date" => "1998-05-07T15:10:00","version" => "5.33"},{"date" => "1998-07-07T16:06:51","version" => "5.34"},{"date" => "1998-07-09T23:05:12","version" => "5.35"},{"date" => "1998-08-04T15:15:44","version" => "5.36"},{"date" => "1998-10-12T17:42:28","version" => "5.40_01"},{"date" => "1998-11-19T22:17:29","version" => "5.41"},{"date" => "1999-03-20T07:52:48","version" => "5.42"},{"date" => "1999-05-09T19:26:17","version" => "5.43"},{"date" => "1999-06-25T20:34:40","version" => "5.44"},{"date" => "1999-09-20T13:36:22","version" => "5.45"},{"date" => "1999-10-28T12:30:45","version" => "5.46"},{"date" => "1999-11-16T14:59:58","version" => "5.47"},{"date" => "2000-04-09T19:45:32","version" => "5.48"},{"date" => "2001-01-01T06:35:20","version" => "5.49"},{"date" => "2001-01-12T20:58:43","version" => "5.50"},{"date" => "2001-03-14T21:33:03","version" => "5.51"},{"date" => "2001-03-29T21:39:12","version" => "5.52"},{"date" => "2001-04-10T23:15:00","version" => "5.53"},{"date" => "2001-04-19T06:13:35","version" => "5.53_90"},{"date" => "2001-04-21T05:02:13","version" => "5.53_91"},{"date" => "2001-04-25T17:37:11","version" => "5.53_92"},{"date" => "2001-04-29T06:28:31","version" => "5.53_93"},{"date" => "2001-05-05T13:57:20","version" => "5.53_94"},{"date" => "2001-08-07T00:46:18","version" => "5.53_95"},{"date" => "2001-08-28T05:59:46","version" => "5.53_96"},{"date" => "2001-09-20T00:33:20","version" => "5.53_97"},{"date" => "2001-10-26T23:30:57","version" => "5.60"},{"date" => "2001-11-17T02:56:46","version" => "5.61"},{"date" => "2001-11-21T19:00:47","version" => "5.62"},{"date" => "2001-12-14T21:01:09","version" => "5.63"},{"date" => "2002-02-09T18:54:35","version" => "5.64"},{"date" => "2002-05-31T20:59:15","version" => "5.65"},{"date" => "2002-12-20T19:28:34","version" => "5.66"},{"date" => "2003-01-01T16:53:11","version" => "5.67"},{"date" => "2003-01-03T05:04:44","version" => "5.68"},{"date" => "2003-01-24T16:55:35","version" => "5.69"},{"date" => "2003-10-13T20:56:35","version" => "5.70"},{"date" => "2003-10-14T19:12:56","version" => "5.71"},{"date" => "2003-10-15T19:53:47","version" => "5.72"},{"date" => "2003-10-19T20:04:40","version" => "5.73"},{"date" => "2003-10-23T19:26:57","version" => "5.74"},{"date" => "2003-10-26T22:10:48","version" => "5.75"},{"date" => "2003-11-21T19:33:09","version" => "5.76"},{"date" => "2004-04-06T13:41:45","version" => "5.77"},{"date" => "2004-04-07T11:13:36","version" => "5.78"},{"date" => "2004-04-13T08:09:08","version" => "5.79"},{"date" => "2004-06-16T10:43:42","version" => "5.800"},{"date" => "2004-11-12T18:32:17","version" => "5.801"},{"date" => "2004-11-30T13:06:01","version" => "5.802"},{"date" => "2004-12-11T15:48:30","version" => "5.803"},{"date" => "2005-12-06T09:36:12","version" => "5.804"},{"date" => "2005-12-08T12:29:02","version" => "5.805"},{"date" => "2007-07-19T21:31:44","version" => "5.806"},{"date" => "2007-07-31T13:14:54","version" => "5.807"},{"date" => "2007-08-05T13:29:17","version" => "5.808"},{"date" => "2008-04-08T11:47:19","version" => "5.810"},{"date" => "2008-04-14T08:28:19","version" => "5.811"},{"date" => "2008-04-16T10:32:51","version" => "5.812"},{"date" => "2008-06-17T20:37:17","version" => "5.813"},{"date" => "2008-07-25T09:09:53","version" => "5.814"},{"date" => "2008-09-24T18:10:11","version" => "5.815"},{"date" => "2008-09-29T09:27:09","version" => "5.816"},{"date" => "2008-10-10T21:31:27","version" => "5.817"},{"date" => "2008-10-16T10:32:24","version" => "5.818"},{"date" => "2008-10-20T11:43:37","version" => "5.819"},{"date" => "2008-11-05T18:07:29","version" => "5.820"},{"date" => "2008-11-25T00:16:49","version" => "5.821"},{"date" => "2008-12-05T19:18:40","version" => "5.822"},{"date" => "2009-01-12T16:50:02","version" => "5.823"},{"date" => "2009-02-13T14:12:29","version" => "5.824"},{"date" => "2009-02-16T10:00:35","version" => "5.825"},{"date" => "2009-04-24T20:42:45","version" => "5.826"},{"date" => "2009-06-15T19:36:37","version" => "5.827"},{"date" => "2009-06-25T19:44:55","version" => "5.828"},{"date" => "2009-07-08T20:03:11","version" => "5.829"},{"date" => "2009-07-26T19:39:49","version" => "5.830"},{"date" => "2009-08-13T20:53:34","version" => "5.831"},{"date" => "2009-09-21T18:24:41","version" => "5.832"},{"date" => "2009-10-06T21:23:39","version" => "5.833"},{"date" => "2009-11-21T13:09:14","version" => "5.834"},{"date" => "2010-05-05T21:13:47","version" => "5.835"},{"date" => "2010-05-13T07:34:58","version" => "5.836"},{"date" => "2010-09-20T21:24:38","version" => "5.837"},{"date" => "2010-11-04T15:16:35","version" => "5.837"},{"date" => "2011-03-08T19:25:05","version" => "6.00"},{"date" => "2011-03-09T23:30:57","version" => "6.01"},{"date" => "2011-03-27T11:35:01","version" => "6.02"},{"date" => "2011-10-15T13:38:28","version" => "6.03"},{"date" => "2012-02-18T22:13:13","version" => "6.04"},{"date" => "2013-03-11T21:47:56","version" => "6.05"},{"date" => "2014-04-16T18:38:49","version" => "6.06"},{"date" => "2014-07-02T05:10:47","version" => "6.07"},{"date" => "2014-07-25T03:19:43","version" => "6.08"},{"date" => "2015-02-10T02:58:40","version" => "6.09"},{"date" => "2015-02-12T17:40:48","version" => "6.10"},{"date" => "2015-02-13T21:38:49","version" => "6.11"},{"date" => "2015-02-14T00:16:15","version" => "6.12"},{"date" => "2015-02-14T18:45:12","version" => "6.13"},{"date" => "2015-11-25T20:23:47","version" => "6.14_001"},{"date" => "2015-12-05T06:01:09","version" => "6.15"},{"date" => "2016-01-05T00:29:20","version" => "6.15_001"},{"date" => "2016-01-14T01:52:18","version" => "6.15_002"},{"date" => "2016-01-14T02:01:20","version" => "6.15_003"},{"date" => "2016-02-13T06:18:45","version" => "6.15_004"},{"date" => "2017-01-18T14:22:22","version" => "6.16"},{"date" => "2017-01-31T19:39:10","version" => "6.17"},{"date" => "2017-02-03T20:31:54","version" => "6.18"},{"date" => "2017-02-14T19:56:20","version" => "6.19"},{"date" => "2017-02-21T15:19:06","version" => "6.20"},{"date" => "2017-02-21T20:38:03","version" => "6.21"},{"date" => "2017-03-01T15:27:43","version" => "6.22"},{"date" => "2017-03-07T03:49:52","version" => "6.23"},{"date" => "2017-03-14T16:36:38","version" => "6.24"},{"date" => "2017-04-03T17:20:06","version" => "6.25"},{"date" => "2017-04-12T15:36:20","version" => "6.26"},{"date" => "2017-09-21T22:32:37","version" => "6.27"},{"date" => "2017-11-06T15:43:47","version" => "6.28"},{"date" => "2017-11-06T20:34:56","version" => "6.29"},{"date" => "2017-12-08T01:57:23","version" => "6.30"},{"date" => "2017-12-11T01:57:47","version" => "6.31"},{"date" => "2018-02-20T19:41:40","version" => "6.32"},{"date" => "2018-02-27T04:04:55","version" => "6.33"},{"date" => "2018-06-05T18:50:45","version" => "6.34"},{"date" => "2018-07-16T04:51:16","version" => "6.35"},{"date" => "2018-10-10T02:21:49","version" => "6.36"},{"date" => "2019-03-06T20:51:05","version" => "6.37"},{"date" => "2019-03-25T19:00:53","version" => "6.38"},{"date" => "2019-05-06T14:19:25","version" => "6.39"},{"date" => "2019-10-24T13:08:25","version" => "6.40"},{"date" => "2019-10-28T14:45:05","version" => "6.41"},{"date" => "2019-11-20T17:41:59","version" => "6.42"},{"date" => "2019-11-26T13:56:02","version" => "6.43"},{"date" => "2020-04-14T19:39:37","version" => "6.44"},{"date" => "2020-06-08T14:52:52","version" => "6.45"},{"date" => "2020-06-23T21:20:14","version" => "6.46"},{"date" => "2020-08-18T15:28:34","version" => "6.47"},{"date" => "2020-09-20T15:26:52","version" => "6.48"},{"date" => "2020-09-24T00:29:49","version" => "6.49"},{"date" => "2020-12-16T18:36:35","version" => "6.50"},{"date" => "2020-12-29T22:09:46","version" => "6.51"},{"date" => "2021-01-07T21:58:27","version" => "6.52"},{"date" => "2021-03-07T16:55:35","version" => "6.53"},{"date" => "2021-05-06T17:55:38","version" => "6.54"},{"date" => "2021-06-17T13:58:40","version" => "6.55"},{"date" => "2021-08-17T13:58:19","version" => "6.56"},{"date" => "2021-09-20T20:29:02","version" => "6.57"},{"date" => "2021-10-25T20:44:12","version" => "6.58"},{"date" => "2021-12-02T21:20:00","version" => "6.59"},{"date" => "2021-12-17T22:33:53","version" => "6.60"},{"date" => "2022-01-21T21:44:31","version" => "6.61"},{"date" => "2022-04-05T01:05:20","version" => "6.62"},{"date" => "2022-04-25T15:25:43","version" => "6.63"},{"date" => "2022-04-26T13:17:45","version" => "6.64"},{"date" => "2022-05-09T18:42:27","version" => "6.65"},{"date" => "2022-05-18T16:57:21","version" => "6.66"},{"date" => "2022-06-14T20:24:12","version" => "6.67"},{"date" => "2023-02-27T19:20:03","version" => "6.68"},{"date" => "2023-04-29T13:15:34","version" => "6.69"},{"date" => "2023-04-30T13:26:14","version" => "6.70"},{"date" => "2023-06-20T19:46:00","version" => "6.71"},{"date" => "2023-07-17T22:02:15","version" => "6.72"},{"date" => "2024-01-13T20:26:02","version" => "6.73"},{"date" => "2024-01-22T17:49:13","version" => "6.74"},{"date" => "2024-01-24T14:30:24","version" => "6.75"},{"date" => "2024-01-25T18:33:12","version" => "6.76"},{"date" => "2024-03-11T00:58:25","version" => "6.77"},{"date" => "2025-02-20T00:44:17","version" => "6.78"},{"date" => "2025-06-27T22:44:59","version" => "6.79"},{"date" => "2025-09-11T22:58:55","version" => "6.80"},{"date" => "2025-10-22T17:05:45","version" => "6.81"}]},"mod_perl" => {"advisories" => [{"affected_versions" => ["<1.31"],"cves" => ["CVE-2009-0796"],"description" => "XSS in Apache::Status.\n","distribution" => "mod_perl","fixed_versions" => [">=1.31"],"id" => "CPANSA-mod_perl-2009-01","references" => ["https://metacpan.org/changes/distribution/mod_perl"],"reported" => "2009-05-11"},{"affected_versions" => ["<1.30"],"cves" => ["CVE-2007-1349"],"description" => "Unescaped variable interpolation in Apache::PerlRun regular expression could cause regex engine tampering.\n","distribution" => "mod_perl","fixed_versions" => [">=1.30"],"id" => "CPANSA-mod_perl-2007-01","references" => ["https://metacpan.org/changes/distribution/mod_perl"],"reported" => "2007-03-29"},{"affected_versions" => [">=2.0,<=2.0.10"],"cves" => ["CVE-2011-2767"],"description" => "mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.\n","distribution" => "mod_perl","fixed_versions" => [],"id" => "CPANSA-mod_perl-2011-2767","references" => ["https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E","https://bugs.debian.org/644169","https://lists.debian.org/debian-lts-announce/2018/09/msg00018.html","https://access.redhat.com/errata/RHSA-2018:2737","https://access.redhat.com/errata/RHSA-2018:2826","https://access.redhat.com/errata/RHSA-2018:2825","http://www.securityfocus.com/bid/105195","https://usn.ubuntu.com/3825-1/","https://usn.ubuntu.com/3825-2/","https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d\@%3Cmodperl-cvs.perl.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.html"],"reported" => "2018-08-26","severity" => "critical"}],"main_module" => "mod_perl2","versions" => [{"date" => "1996-05-21T02:07:05","version" => "0.60"},{"date" => "1996-05-21T20:51:37","version" => "0.60"},{"date" => "1996-06-18T19:41:55","version" => "0.60"},{"date" => "1996-06-25T15:49:56","version" => "0.60"},{"date" => "1996-07-14T23:39:07","version" => "0.70"},{"date" => "1996-07-26T20:39:23","version" => "0.76"},{"date" => "1996-09-08T22:13:32","version" => "0.81"},{"date" => "1996-10-04T15:50:31","version" => "0.83_02"},{"date" => "1996-10-09T07:10:24","version" => "0.83_03"},{"date" => "1996-10-14T03:46:54","version" => "0.83_04"},{"date" => "1996-10-15T13:34:22","version" => "0.83_05"},{"date" => "1996-10-17T03:48:27","version" => "0.83_06"},{"date" => "1996-10-18T22:18:01","version" => "0.83_07"},{"date" => "1996-10-21T01:37:29","version" => "0.83_09"},{"date" => "1996-10-25T14:09:06","version" => "0.83_10"},{"date" => "1996-10-28T00:01:00","version" => "0.84"},{"date" => "1996-11-13T05:39:14","version" => "0.85"},{"date" => "1996-11-14T07:21:01","version" => "0.85_01"},{"date" => "1996-11-27T17:19:02","version" => "0.85_02"},{"date" => "1996-12-05T03:37:12","version" => "0.85_03"},{"date" => "1996-12-10T23:17:33","version" => "0.85_04"},{"date" => "1996-12-17T13:31:40","version" => "0.85_06"},{"date" => "1996-12-19T14:32:44","version" => "0.86"},{"date" => "1996-12-24T04:19:35","version" => "0.87"},{"date" => "1996-12-24T20:41:28","version" => "0.88"},{"date" => "1996-12-31T04:43:25","version" => "0.89"},{"date" => "1996-12-31T07:52:56","version" => "0.90"},{"date" => "1997-01-20T10:04:20","version" => "0.90_01"},{"date" => "1997-01-23T00:58:22","version" => "0.91"},{"date" => "1997-01-23T15:56:19","version" => "0.92"},{"date" => "1997-01-28T02:37:30","version" => "0.93"},{"date" => "1997-03-05T03:19:32","version" => "0.93_01"},{"date" => "1997-03-10T12:07:39","version" => "0.94"},{"date" => "1997-03-23T18:53:46","version" => "0.95"},{"date" => "1997-03-23T18:54:02","version" => "0.95_02"},{"date" => "1997-04-01T04:44:44","version" => "0.95_03"},{"date" => "1997-04-02T01:35:22","version" => "0.95_04"},{"date" => "1997-04-02T03:20:37","version" => "0.95_05"},{"date" => "1997-04-02T04:42:28","version" => "0.95_06"},{"date" => "1997-04-04T05:33:39","version" => "0.96"},{"date" => "1997-04-16T03:54:02","version" => "0.97"},{"date" => "1997-04-23T03:29:01","version" => "0.97_01"},{"date" => "1997-04-30T03:56:50","version" => "0.97_02"},{"date" => "1997-05-02T19:58:12","version" => "0.98"},{"date" => "1997-05-19T22:59:20","version" => "0.98_03"},{"date" => "1997-05-23T00:24:28","version" => "0.98_05"},{"date" => "1997-05-30T02:07:03","version" => "0.98_08"},{"date" => "1997-06-02T00:05:45","version" => "0.98_09"},{"date" => "1997-06-03T03:15:48","version" => "0.98_10"},{"date" => "1997-06-04T01:54:46","version" => "0.98_11"},{"date" => "1997-06-06T01:14:09","version" => "0.98_12"},{"date" => "1997-06-12T00:36:43","version" => "0.99"},{"date" => "1997-06-30T03:04:22","version" => "1.00"},{"date" => "1997-07-08T06:20:15","version" => "1.00"},{"date" => "1997-07-30T20:57:59","version" => "1.00"},{"date" => "1997-08-25T22:00:29","version" => "0.85_05"},{"date" => "1997-09-16T01:09:06","version" => "1.00_02"},{"date" => "1997-09-21T21:40:32","version" => "1.00_03"},{"date" => "1997-10-17T00:04:35","version" => "1.01"},{"date" => "1997-10-17T15:40:45","version" => "1.02"},{"date" => "1997-10-24T04:02:30","version" => "1.03"},{"date" => "1997-10-31T03:59:22","version" => "1.04"},{"date" => "1997-11-07T04:32:07","version" => "1.05"},{"date" => "1997-11-26T02:09:01","version" => "1.07"},{"date" => "1997-12-02T21:34:03","version" => "1.07_01"},{"date" => "1997-12-22T09:29:56","version" => "1.07_02"},{"date" => "1998-01-08T10:21:31","version" => "1.07_03"},{"date" => "1998-01-28T02:10:28","version" => "1.07_03"},{"date" => "1998-01-29T00:47:52","version" => "1.07_03"},{"date" => "1998-02-10T11:04:03","version" => "1.07_04"},{"date" => "1998-02-12T15:08:20","version" => "1.07_04"},{"date" => "1998-02-20T03:43:49","version" => "1.08"},{"date" => "1998-03-07T01:06:09","version" => "1.08"},{"date" => "1998-03-19T07:39:18","version" => "1.09"},{"date" => "1998-03-21T04:14:02","version" => "1.10"},{"date" => "1998-03-27T16:52:20","version" => "1.10"},{"date" => "1998-04-21T14:43:05","version" => "1.11"},{"date" => "1998-04-24T18:58:30","version" => "1.11"},{"date" => "1998-06-09T16:51:19","version" => "1.11"},{"date" => "1998-06-14T19:21:25","version" => "1.12"},{"date" => "1998-07-14T01:13:07","version" => "1.13"},{"date" => "1998-07-19T00:19:20","version" => "1.14"},{"date" => "1998-07-24T13:52:53","version" => "1.15"},{"date" => "1998-07-24T15:59:13","version" => "1.15"},{"date" => "1998-09-20T00:02:57","version" => "1.15_01"},{"date" => "1998-10-02T23:10:02","version" => "1.16"},{"date" => "1998-10-28T18:16:45","version" => "1.16"},{"date" => "1998-11-24T23:54:59","version" => "1.16_01"},{"date" => "1998-12-01T00:01:25","version" => "1.16_02"},{"date" => "1999-01-28T06:27:45","version" => "1.18"},{"date" => "1999-06-11T17:22:35","version" => "1.20"},{"date" => "1999-07-02T23:43:56","version" => "1.21"},{"date" => "2000-03-06T01:32:31","version" => "1.21_01"},{"date" => "2000-03-07T07:56:53","version" => "1.21_02"},{"date" => "2000-03-15T10:25:52","version" => "1.21_03"},{"date" => "2000-03-23T06:51:53","version" => "1.22"},{"date" => "2000-04-21T06:51:47","version" => "1.23"},{"date" => "2000-05-17T05:44:34","version" => "1.24"},{"date" => "2000-10-10T16:44:39","version" => "1.24_01"},{"date" => "2001-01-30T04:33:45","version" => "1.25"},{"date" => "2001-07-06T21:27:16","version" => "1.25_01"},{"date" => "2001-07-12T02:23:32","version" => "1.26"},{"date" => "2002-04-07T04:58:26","version" => "1.99_01"},{"date" => "2002-06-02T03:05:50","version" => "1.27"},{"date" => "2002-06-02T03:27:13","version" => "1.99_02"},{"date" => "2002-06-15T23:59:37","version" => "1.99_03"},{"date" => "2002-06-21T22:45:41","version" => "1.99_04"},{"date" => "2002-08-20T16:54:13","version" => "1.99_05"},{"date" => "2002-09-27T15:19:03","version" => "1.99_06"},{"date" => "2002-09-27T19:41:50","version" => "1.99_07"},{"date" => "2003-01-11T04:22:19","version" => "1.99_08"},{"date" => "2003-04-28T02:36:59","version" => "1.99_09"},{"date" => "2003-07-03T03:32:20","version" => "1.28"},{"date" => "2003-09-29T17:11:24","version" => "1.99_10"},{"date" => "2003-10-08T04:54:22","version" => "1.29"},{"date" => "2003-11-10T21:04:15","version" => "1.99_11"},{"date" => "2003-12-22T19:56:22","version" => "1.99_12"},{"date" => "2004-03-09T00:29:43","version" => "1.99_13"},{"date" => "2004-05-21T18:02:49","version" => "1.99_14"},{"date" => "2004-08-20T18:35:12","version" => "1.99_15"},{"date" => "2004-08-23T05:59:47","version" => "1.99_16"},{"date" => "2004-10-22T21:38:19","version" => "1.99_17"},{"date" => "2004-12-12T23:22:37","version" => "v2.0.0"},{"date" => "2004-12-23T23:38:49","version" => "v2.0.0"},{"date" => "2005-01-06T01:27:43","version" => "v2.0.0"},{"date" => "2005-01-22T08:55:19","version" => "v2.0.0"},{"date" => "2005-04-14T13:19:23","version" => "v2.0.0"},{"date" => "2005-05-04T02:48:58","version" => "v2.0.0"},{"date" => "2005-05-20T05:12:45","version" => "v2.0.0"},{"date" => "2005-06-17T21:05:23","version" => "v2.0.1"},{"date" => "2005-10-21T01:27:23","version" => "v2.0.2"},{"date" => "2006-11-29T08:29:30","version" => "v2.0.3"},{"date" => "2007-03-30T06:19:02","version" => "1.30"},{"date" => "2008-04-17T06:32:36","version" => "v2.0.4"},{"date" => "2009-05-13T02:29:50","version" => "1.31"},{"date" => "2011-02-07T23:31:36","version" => "v2.0.5"},{"date" => "2012-04-25T15:31:27","version" => "v2.0.6"},{"date" => "2012-06-06T02:40:24","version" => "v2.0.7"},{"date" => "2013-04-18T02:15:56","version" => "2.0.8"},{"date" => "2015-06-18T21:16:34","version" => "2.0.9"},{"date" => "2016-10-27T21:16:36","version" => "2.0.10"},{"date" => "2019-10-05T11:36:44","version" => "2.0.11"},{"date" => "2022-01-30T13:36:21","version" => "2.0.12"},{"date" => "2023-10-21T10:32:29","version" => "2.0.13"}]},"perl" => {"advisories" => [{"affected_versions" => ["<1.13"],"cves" => ["CVE-2011-2728"],"description" => "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.\n","distribution" => "perl","fixed_versions" => [">=1.13"],"id" => "CPANSA-File-Glob-2011-2728","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html","http://www.securityfocus.com/bid/49858","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77","http://secunia.com/advisories/46172","https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1","https://bugzilla.redhat.com/show_bug.cgi?id=742987"],"reported" => "2012-12-21","severity" => undef},{"affected_versions" => ["<5.24.1"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "perl","fixed_versions" => [">=5.24.1"],"id" => "CPANSA-ExtUtils-ParseXS-2016-1238","references" => ["https://perldoc.perl.org/5.24.1/perldelta","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=5.22.0,<5.24.0"],"cves" => ["CVE-2016-6185"],"description" => "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2016-6185","references" => ["https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/","https://github.com/Perl/perl5/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/","http://www.openwall.com/lists/oss-security/2016/07/07/1","http://www.openwall.com/lists/oss-security/2016/07/08/5","https://rt.cpan.org/Public/Bug/Display.html?id=115808","http://www.debian.org/security/2016/dsa-3628","http://www.securitytracker.com/id/1036260","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.securityfocus.com/bid/91685","https://security.gentoo.org/glsa/201701-75","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/","https://github.com/Perl/perl5/blob/blead/pod/perl5260delta.pod"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=5.005,<5.24.0"],"cves" => ["CVE-2015-8608"],"description" => "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2015-8608","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=126755","https://github.com/Perl/perl5/issues/15067","https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2017-02-07","severity" => "critical"},{"affected_versions" => ["<5.14.2"],"cves" => ["CVE-2011-2728"],"description" => "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.\n","distribution" => "perl","fixed_versions" => [">=5.14.2"],"id" => "CPANSA-perl-2011-2728","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html","http://www.securityfocus.com/bid/49858","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77","http://secunia.com/advisories/46172","https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1","https://bugzilla.redhat.com/show_bug.cgi?id=742987"],"reported" => "2012-12-21","severity" => undef},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-12723"],"description" => "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-12723","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://github.com/Perl/perl5/issues/16947","https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a","https://github.com/Perl/perl5/issues/17743","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-10878"],"description" => "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-10878","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c","https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-10543"],"description" => "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-10543","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => [">=5.22.0,<5.24.4",">=5.26.0,<5.28.2"],"cves" => ["CVE-2018-6798"],"description" => "An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.\n","distribution" => "perl","fixed_versions" => [">=5.28.0"],"id" => "CPANSA-perl-2018-6798","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=132063","http://www.securitytracker.com/id/1040681","https://access.redhat.com/errata/RHSA-2018:1192","https://usn.ubuntu.com/3625-1/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta","https://github.com/Perl/perl5/issues/16143"],"reported" => "2018-04-17","severity" => "high"},{"affected_versions" => [">=5.18.0,<5.24.4",">=5.26.0,<5.26.2"],"cves" => ["CVE-2018-6797"],"description" => "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.\n","distribution" => "perl","fixed_versions" => [">=5.28.0"],"id" => "CPANSA-perl-2018-6797","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=132227","http://www.securitytracker.com/id/1040681","https://access.redhat.com/errata/RHSA-2018:1192","https://usn.ubuntu.com/3625-1/","http://www.securitytracker.com/id/1042004","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta"],"reported" => "2018-04-17","severity" => "critical"},{"affected_versions" => ["<5.24.4",">=5.26.0,<5.26.2"],"cves" => ["CVE-2018-6913"],"description" => "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.\n","distribution" => "perl","fixed_versions" => [">=5.26.2"],"id" => "CPANSA-perl-2018-6913","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=131844","https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html","http://www.securitytracker.com/id/1040681","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/","http://www.securityfocus.com/bid/103953","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta","https://github.com/Perl/perl5/issues/16098"],"reported" => "2018-04-17","severity" => "critical"},{"affected_versions" => ["<5.26.3"],"cves" => ["CVE-2018-18314"],"description" => "Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.26.3"],"id" => "CPANSA-perl-2018-18314","references" => ["https://www.debian.org/security/2018/dsa-4347","https://rt.perl.org/Ticket/Display.html?id=131649","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f","https://bugzilla.redhat.com/show_bug.cgi?id=1646751","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106145","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["<5.26.3"],"cves" => ["CVE-2018-18313"],"description" => "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.\n","distribution" => "perl","fixed_versions" => [">=5.26.3"],"id" => "CPANSA-perl-2018-18313","references" => ["https://www.debian.org/security/2018/dsa-4347","https://usn.ubuntu.com/3834-2/","https://rt.perl.org/Ticket/Display.html?id=133192","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62","https://bugzilla.redhat.com/show_bug.cgi?id=1646738","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://support.apple.com/kb/HT209600","https://seclists.org/bugtraq/2019/Mar/42","http://seclists.org/fulldisclosure/2019/Mar/49","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["==5.28.0","<5.26.3"],"cves" => ["CVE-2018-18312"],"description" => "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.28.1"],"id" => "CPANSA-perl-2018-18312","references" => ["https://www.debian.org/security/2018/dsa-4347","https://rt.perl.org/Public/Bug/Display.html?id=133423","https://metacpan.org/changes/release/SHAY/perl-5.28.1","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://bugzilla.redhat.com/show_bug.cgi?id=1646734","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106179","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5281delta","https://perldoc.perl.org/perl5263delta"],"reported" => "2018-12-05","severity" => "critical"},{"affected_versions" => ["<5.26.3","==5.28.0"],"cves" => ["CVE-2018-18311"],"description" => "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.28.1"],"id" => "CPANSA-perl-2018-18311","references" => ["https://www.debian.org/security/2018/dsa-4347","https://usn.ubuntu.com/3834-2/","https://rt.perl.org/Ticket/Display.html?id=133204","https://metacpan.org/changes/release/SHAY/perl-5.28.1","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html","https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be","https://bugzilla.redhat.com/show_bug.cgi?id=1646730","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106145","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://access.redhat.com/errata/RHSA-2019:0109","https://security.netapp.com/advisory/ntap-20190221-0003/","https://support.apple.com/kb/HT209600","https://seclists.org/bugtraq/2019/Mar/42","http://seclists.org/fulldisclosure/2019/Mar/49","https://kc.mcafee.com/corporate/index?page=content&id=SB10278","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:1790","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:1942","https://access.redhat.com/errata/RHSA-2019:2400","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5281delta","https://perldoc.perl.org/perl5263delta"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["==5.26.0",">=5.20.0,<5.24.3"],"cves" => ["CVE-2017-12883"],"description" => "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\\\N{U+...}' escape.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12883","references" => ["https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1","https://bugzilla.redhat.com/show_bug.cgi?id=1492093","http://www.securityfocus.com/bid/100852","http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch","https://rt.perl.org/Public/Bug/Display.html?id=131598","http://www.debian.org/security/2017/dsa-3982","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://github.com/Perl/perl5/issues/16025","https://perldoc.perl.org/perl5243delta","https://perldoc.perl.org/perl5280delta","https://perldoc.perl.org/perl5261delta"],"reported" => "2017-09-19","severity" => "critical"},{"affected_versions" => [">=5.18.0,<5.24.3","==5.26.0"],"cves" => ["CVE-2017-12837"],"description" => "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\\\\N{}' escape and the case-insensitive modifier.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12837","references" => ["https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5","https://bugzilla.redhat.com/show_bug.cgi?id=1492091","http://www.securityfocus.com/bid/100860","https://rt.perl.org/Public/Bug/Display.html?id=131582","http://www.debian.org/security/2017/dsa-3982","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://github.com/Perl/perl5/issues/16021","https://perldoc.perl.org/perl5243delta","https://perldoc.perl.org/perl5261delta","https://perldoc.perl.org/perl5280delta"],"reported" => "2017-09-19","severity" => "high"},{"affected_versions" => ["<5.24.0"],"cves" => ["CVE-2015-8853"],"description" => "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\"\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2015-8853","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html","http://www.openwall.com/lists/oss-security/2016/04/20/7","https://bugzilla.redhat.com/show_bug.cgi?id=1329106","https://rt.perl.org/Public/Bug/Display.html?id=123562","http://www.openwall.com/lists/oss-security/2016/04/20/5","http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securityfocus.com/bid/86707","https://security.gentoo.org/glsa/201701-75","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/"],"reported" => "2016-05-25","severity" => "high"},{"affected_versions" => ["<5.18.0"],"cves" => ["CVE-2013-1667"],"description" => "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2013-1667","references" => ["http://www.securityfocus.com/bid/58311","http://perl5.git.perl.org/perl.git/commitdiff/d59e31f","http://perl5.git.perl.org/perl.git/commitdiff/9d83adc","http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html","http://www.debian.org/security/2013/dsa-2641","http://secunia.com/advisories/52499","http://secunia.com/advisories/52472","https://bugzilla.redhat.com/show_bug.cgi?id=912276","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296","http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5","http://osvdb.org/90892","http://www.ubuntu.com/usn/USN-1770-1","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html","http://marc.info/?l=bugtraq&m=137891988921058&w=2","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/82598","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"],"reported" => "2013-03-14","severity" => undef},{"affected_versions" => [">=5.10.0,<5.12.0"],"cves" => ["CVE-2011-0761"],"description" => "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.\n","distribution" => "perl","fixed_versions" => [">=5.12.0"],"id" => "CPANSA-perl-2011-0761","references" => ["http://www.securityfocus.com/bid/47766","http://securitytracker.com/id?1025507","http://www.toucan-system.com/advisories/tssa-2011-03.txt","http://securityreason.com/securityalert/8248","https://exchange.xforce.ibmcloud.com/vulnerabilities/67355","http://www.securityfocus.com/archive/1/517916/100/0/threaded"],"reported" => "2011-05-13","severity" => undef},{"affected_versions" => ["<=5.14.0"],"cves" => ["CVE-2010-4777"],"description" => "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.\n","distribution" => "perl","fixed_versions" => [">5.14.0"],"id" => "CPANSA-perl-2010-4777","references" => ["http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html","https://bugzilla.redhat.com/show_bug.cgi?id=694166","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836","https://rt.perl.org/Public/Bug/Display.html?id=76538","https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html","http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html","http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"],"reported" => "2014-02-10","severity" => undef},{"affected_versions" => ["<5.10.0"],"cves" => ["CVE-2010-1158"],"description" => "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.\n","distribution" => "perl","fixed_versions" => [">=5.10.0"],"id" => "CPANSA-perl-2010-1158","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=313565","http://www.openwall.com/lists/oss-security/2010/04/14/3","http://perldoc.perl.org/perl5100delta.html","http://www.openwall.com/lists/oss-security/2010/04/08/9","https://bugzilla.redhat.com/show_bug.cgi?id=580605","http://secunia.com/advisories/55314"],"reported" => "2010-04-20","severity" => undef},{"affected_versions" => ["<=5.10.1"],"cves" => ["CVE-2009-3626"],"description" => "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.\n","distribution" => "perl","fixed_versions" => [">5.10.1"],"id" => "CPANSA-perl-2009-3626","references" => ["http://securitytracker.com/id?1023077","http://www.vupen.com/english/advisories/2009/3023","http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4","http://www.securityfocus.com/bid/36812","https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225","http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/","http://www.osvdb.org/59283","http://www.openwall.com/lists/oss-security/2009/10/23/8","http://secunia.com/advisories/37144","http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973","https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"],"reported" => "2009-10-29","severity" => undef},{"affected_versions" => ["<=5.8.8"],"cves" => ["CVE-2008-1927"],"description" => "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.  NOTE: this issue might only be present on certain operating systems.\n","distribution" => "perl","fixed_versions" => [">5.8.8"],"id" => "CPANSA-perl-2008-1927","references" => ["http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792","http://www.debian.org/security/2008/dsa-1556","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html","http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml","http://www.securityfocus.com/bid/28928","http://secunia.com/advisories/29948","http://secunia.com/advisories/30025","http://secunia.com/advisories/30326","http://www.securitytracker.com/id?1020253","http://www.redhat.com/support/errata/RHSA-2008-0522.html","http://secunia.com/advisories/30624","http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm","http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://secunia.com/advisories/31467","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","http://secunia.com/advisories/31604","http://secunia.com/advisories/31208","http://secunia.com/advisories/31328","http://www.vmware.com/security/advisories/VMSA-2008-0013.html","http://www.redhat.com/support/errata/RHSA-2008-0532.html","http://secunia.com/advisories/31687","http://osvdb.org/44588","http://www.mandriva.com/security/advisories?name=MDVSA-2008:100","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html","http://secunia.com/advisories/33937","http://support.apple.com/kb/HT3438","http://www.vupen.com/english/advisories/2009/0422","http://www.vupen.com/english/advisories/2008/2361","http://www.vupen.com/english/advisories/2008/2424","http://www.vupen.com/english/advisories/2008/2265/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41996","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-04-24","severity" => undef},{"affected_versions" => ["<5.10.0"],"cves" => ["CVE-2005-3962"],"description" => "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.\n","distribution" => "perl","fixed_versions" => [">=5.10.1"],"id" => "CPANSA-perl-2005-3962","references" => ["http://www.dyadsecurity.com/perl-0002.html","http://www.kb.cert.org/vuls/id/948385","http://www.securityfocus.com/bid/15629","http://secunia.com/advisories/17802","http://secunia.com/advisories/17844","http://secunia.com/advisories/17762","http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html","http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml","http://www.trustix.org/errata/2005/0070","http://secunia.com/advisories/17941","http://secunia.com/advisories/17952","http://www.redhat.com/support/errata/RHSA-2005-880.html","http://www.novell.com/linux/security/advisories/2005_71_perl.html","http://secunia.com/advisories/18183","http://secunia.com/advisories/18187","http://www.redhat.com/support/errata/RHSA-2005-881.html","http://secunia.com/advisories/18075","http://www.openbsd.org/errata37.html#perl","http://secunia.com/advisories/18295","ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch","http://www.osvdb.org/21345","http://www.osvdb.org/22255","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://secunia.com/advisories/18517","http://secunia.com/advisories/17993","https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1","http://secunia.com/advisories/19041","http://www.debian.org/security/2006/dsa-943","http://secunia.com/advisories/18413","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm","http://www.novell.com/linux/security/advisories/2005_29_sr.html","http://secunia.com/advisories/20894","http://docs.info.apple.com/article.html?artnum=304829","http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html","http://www.us-cert.gov/cas/techalerts/TA06-333A.html","http://secunia.com/advisories/23155","http://www.mandriva.com/security/advisories?name=MDKSA-2005:225","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://secunia.com/advisories/31208","http://www.vupen.com/english/advisories/2006/2613","http://www.vupen.com/english/advisories/2006/0771","http://www.vupen.com/english/advisories/2006/4750","ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch","http://www.vupen.com/english/advisories/2005/2688","http://marc.info/?l=full-disclosure&m=113342788118630&w=2","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598","https://usn.ubuntu.com/222-1/","http://www.securityfocus.com/archive/1/438726/100/0/threaded","http://www.securityfocus.com/archive/1/418333/100/0/threaded"],"reported" => "2005-12-01","severity" => undef},{"affected_versions" => ["==5.8.0"],"cves" => ["CVE-2005-0156"],"description" => "Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.\n","distribution" => "perl","fixed_versions" => [">=5.8.1"],"id" => "CPANSA-perl-2005-0156","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://www.trustix.org/errata/2005/0003/","http://www.securityfocus.com/bid/12426","http://secunia.com/advisories/14120","http://fedoranews.org/updates/FEDORA--.shtml","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://www.mandriva.com/security/advisories?name=MDKSA-2005:031","http://secunia.com/advisories/55314","http://marc.info/?l=bugtraq&m=110737149402683&w=2","http://marc.info/?l=full-disclosure&m=110779721503111&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/19208","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803","http://www.digitalmunition.com/DMA[2005-0131b].txt"],"reported" => "2005-02-07","severity" => undef},{"affected_versions" => ["==5.8.0"],"cves" => ["CVE-2005-0155"],"description" => "The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.\n","distribution" => "perl","fixed_versions" => [">=5.8.1"],"id" => "CPANSA-perl-2005-0155","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://www.trustix.org/errata/2005/0003/","http://www.securityfocus.com/bid/12426","http://secunia.com/advisories/14120","http://fedoranews.org/updates/FEDORA--.shtml","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm","http://secunia.com/advisories/21646","http://www.mandriva.com/security/advisories?name=MDKSA-2005:031","http://marc.info/?l=bugtraq&m=110737149402683&w=2","http://marc.info/?l=full-disclosure&m=110779723332339&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/19207","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404","http://www.digitalmunition.com/DMA[2005-0131a].txt"],"reported" => "2005-05-02","severity" => undef},{"affected_versions" => ["<=5.8.8"],"cves" => ["CVE-2007-5116"],"description" => "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.\n","distribution" => "perl","fixed_versions" => [">5.8.8"],"id" => "CPANSA-perl-2007-5116","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=323571","http://www.mandriva.com/security/advisories?name=MDKSA-2007:207","http://www.redhat.com/support/errata/RHSA-2007-0966.html","http://www.redhat.com/support/errata/RHSA-2007-1011.html","http://www.securityfocus.com/bid/26350","http://secunia.com/advisories/27531","http://secunia.com/advisories/27546","https://bugzilla.redhat.com/show_bug.cgi?id=378131","https://issues.rpath.com/browse/RPL-1813","http://www.debian.org/security/2007/dsa-1400","http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml","http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html","http://www.novell.com/linux/security/advisories/2007_24_sr.html","http://www.ubuntu.com/usn/usn-552-1","http://securitytracker.com/id?1018899","http://secunia.com/advisories/27479","http://secunia.com/advisories/27515","http://secunia.com/advisories/27548","http://secunia.com/advisories/27613","http://secunia.com/advisories/27570","http://secunia.com/advisories/27936","http://docs.info.apple.com/article.html?artnum=307179","ftp://aix.software.ibm.com/aix/efixes/security/README","http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220","http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28167","http://lists.vmware.com/pipermail/security-announce/2008/000002.html","http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm","http://secunia.com/advisories/28368","http://secunia.com/advisories/28387","http://secunia.com/advisories/27756","http://www.vmware.com/security/advisories/VMSA-2008-0001.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1","http://secunia.com/advisories/28993","http://secunia.com/advisories/29074","http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1","http://secunia.com/advisories/31208","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2008/0064","http://www.vupen.com/english/advisories/2008/0641","http://www.vupen.com/english/advisories/2007/3724","http://www.vupen.com/english/advisories/2007/4255","http://marc.info/?l=bugtraq&m=120352263023774&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/38270","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669","http://www.securityfocus.com/archive/1/486859/100/0/threaded","http://www.securityfocus.com/archive/1/485936/100/0/threaded","http://www.securityfocus.com/archive/1/483584/100/0/threaded","http://www.securityfocus.com/archive/1/483563/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => ["<5.16.0"],"cves" => ["CVE-2012-5195"],"description" => "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.\n","distribution" => "perl","fixed_versions" => [">=5.16.0"],"id" => "CPANSA-perl-2012-5195","references" => ["http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44","http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html","http://www.securityfocus.com/bid/56287","http://www.openwall.com/lists/oss-security/2012/10/27/1","http://secunia.com/advisories/51457","http://www.openwall.com/lists/oss-security/2012/10/26/2","http://www.ubuntu.com/usn/USN-1643-1","http://www.debian.org/security/2012/dsa-2586","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://secunia.com/advisories/55314","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673"],"reported" => "2012-12-18","severity" => undef},{"affected_versions" => ["<5.22.1"],"cves" => ["CVE-2016-2381"],"description" => "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.\n","distribution" => "perl","fixed_versions" => [">=5.22.1"],"id" => "CPANSA-perl-2016-2381","references" => ["http://www.gossamer-threads.com/lists/perl/porters/326387","http://www.debian.org/security/2016/dsa-3501","http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.securityfocus.com/bid/83802","http://www.ubuntu.com/usn/USN-2916-1","http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html","https://security.gentoo.org/glsa/201701-75","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2016-04-08","severity" => "high"},{"affected_versions" => ["==5.8.1"],"cves" => ["CVE-2003-0900"],"description" => "Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.\n","distribution" => "perl","fixed_versions" => [">5.8.1"],"id" => "CPANSA-perl-2003-0900","references" => ["https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711"],"reported" => "2003-12-31","severity" => undef},{"affected_versions" => ["<5.20.0"],"cves" => ["CVE-2013-7422"],"description" => "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.\n","distribution" => "perl","fixed_versions" => [">=5.20"],"id" => "CPANSA-perl-2013-7422","references" => ["http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html","https://support.apple.com/kb/HT205031","http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06","http://www.securityfocus.com/bid/75704","http://www.ubuntu.com/usn/USN-2916-1","https://security.gentoo.org/glsa/201507-11"],"reported" => "2015-08-16","severity" => undef},{"affected_versions" => ["<5.22.2"],"cves" => ["CVE-2015-8608"],"description" => "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.\n","distribution" => "perl","fixed_versions" => [">=5.22.2"],"id" => "CPANSA-perl-2015-8608","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=126755","https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2017-02-07","severity" => "critical"},{"affected_versions" => ["<5.14.0"],"cves" => ["CVE-2011-1487"],"description" => "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.\n","distribution" => "perl","fixed_versions" => [">=5.14.0"],"id" => "CPANSA-perl-2011-1487","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=692844","http://openwall.com/lists/oss-security/2011/04/01/3","http://openwall.com/lists/oss-security/2011/04/04/35","https://bugzilla.redhat.com/show_bug.cgi?id=692898","http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336","http://secunia.com/advisories/43921","http://www.securityfocus.com/bid/47124","http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99","http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html","http://secunia.com/advisories/44168","http://www.debian.org/security/2011/dsa-2265","http://www.mandriva.com/security/advisories?name=MDVSA-2011:091","http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"],"reported" => "2011-04-11","severity" => undef},{"affected_versions" => ["<5.4.4"],"cves" => ["CVE-1999-1386"],"description" => "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.\n","distribution" => "perl","fixed_versions" => [">5.4.4"],"id" => "CPANSA-perl-1999-1386","references" => ["http://www.redhat.com/support/errata/rh50-errata-general.html#perl","http://www.iss.net/security_center/static/7243.php","http://marc.info/?l=bugtraq&m=88932165406213&w=2"],"reported" => "1999-12-31","severity" => undef},{"affected_versions" => [">=5.24.0,<5.24.3","==5.26.0"],"cves" => ["CVE-2017-12814"],"description" => "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12814","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=131665","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","http://www.securityfocus.com/bid/101051","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5243delta","https://github.com/Perl/perl5/issues/16051","https://perldoc.perl.org/perl5261delta","https://perldoc.perl.org/perl5280delta"],"reported" => "2017-09-28","severity" => "critical"},{"affected_versions" => ["==5.34.0"],"cves" => ["CVE-2022-48522"],"description" => "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.\n","distribution" => "perl","fixed_versions" => [">=5.34.1"],"id" => "CPANSA-perl-2022-48522","references" => ["https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48522","https://security.netapp.com/advisory/ntap-20230915-0008/","https://ubuntu.com/security/CVE-2022-48522"],"reported" => "2023-08-22","severity" => undef},{"affected_versions" => [">=5.30.0,<5.34.3",">=5.36.0,<5.36.3","==5.38.0"],"cves" => ["CVE-2023-47038"],"description" => "A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one attacker controlled byte buffer overflow in a heap allocated buffer\n","distribution" => "perl","fixed_versions" => ["==5.34.3","==5.36.3","==5.38.1"],"id" => "CPANSA-perl-2023-47038","references" => ["https://perldoc.perl.org/perl5342delta","https://perldoc.perl.org/perl5363delta","https://perldoc.perl.org/perl5381delta","https://perldoc.perl.org/perl5382delta","https://perldoc.perl.org/perl5400delta"],"reported" => "2023-10-30","severity" => undef},{"affected_versions" => ["<5.34.2",">=5.36.0,<5.36.3","==5.38.0"],"cves" => ["CVE-2023-47039"],"description" => "Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory.\n\nAn attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.\n","distribution" => "perl","fixed_versions" => [">=5.38.1"],"id" => "CPANSA-perl-2023-47039","references" => ["https://github.com/ycdxsb/WindowsPrivilegeEscalation","https://perldoc.perl.org/perl5342delta","https://perldoc.perl.org/perl5363delta","https://perldoc.perl.org/perl5381delta","https://perldoc.perl.org/perl5382delta","https://perldoc.perl.org/perl5400delta"],"reported" => "2023-10-30","severity" => undef},{"affected_versions" => ["<5.34.3",">=5.36.0,<5.36.3",">=5.38.0,<5.38.2"],"cves" => ["CVE-2023-47100"],"description" => "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.\n","distribution" => "perl","fixed_versions" => [">=5.38.2"],"id" => "CPANSA-perl-2023-47100","references" => ["https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3","https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010","https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"],"reported" => undef,"severity" => undef},{"affected_versions" => [">0,<5.38.4",">=5.40.0,<5.40.2"],"cves" => ["CVE-2024-56406"],"description" => "A heap buffer overflow vulnerability was discovered in Perl.   When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.  \x{a0} \x{a0}\$ perl -e '\$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;'  \x{a0} \x{a0}Segmentation fault (core dumped)  It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.","distribution" => "perl","fixed_versions" => [">=5.40.1",">=5.38.4,<5.40.0"],"id" => "CPANSA-perl-2024-56406","references" => ["https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch","https://metacpan.org/release/SHAY/perl-5.38.4/changes","https://metacpan.org/release/SHAY/perl-5.40.2/changes","http://www.openwall.com/lists/oss-security/2025/04/13/3","http://www.openwall.com/lists/oss-security/2025/04/13/4"],"reported" => "2025-04-13","severity" => undef},{"affected_versions" => [">=5.16.3,<5.38.5",">=5.40.0,<5.40.3",">=5.41.0,<5.41.13"],"cves" => ["CVE-2025-40909"],"description" => "Perl threads have a working directory race condition where file operations may target unintended paths.  If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\x{a0}that handle for the new thread, which is visible from any third (or\x{a0}more) thread already running.   This may lead to unintended operations\x{a0}such as loading code or accessing files from unexpected locations,\x{a0}which a local attacker may be able to exploit.  The bug was introduced in commit\x{a0}11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6","distribution" => "perl","fixed_versions" => [">=5.41.13",">=5.38.5,<5.40.0",">=5.40.3"],"id" => "CPANSA-perl-2025-40909","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226","https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e","https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch","https://github.com/Perl/perl5/issues/10387","https://github.com/Perl/perl5/issues/23010","https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads","https://www.openwall.com/lists/oss-security/2025/05/22/2","http://www.openwall.com/lists/oss-security/2025/05/23/1","http://www.openwall.com/lists/oss-security/2025/05/30/4"],"reported" => "2025-05-30","severity" => undef},{"affected_versions" => [">=4.0,<5.4.0"],"cves" => ["CVE-1999-0034"],"description" => "Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-1999-0034","references" => ["https://exchange.xforce.ibmcloud.com/vulnerabilities/448","https://www.cpan.org/src/5.0/CA-97.17.sperl"],"reported" => "1997-05-29","severity" => undef},{"affected_versions" => [">=4.0,<5.6.0"],"cves" => ["CVE-1999-0462"],"description" => "suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-1999-0462","references" => ["http://www.securityfocus.com/bid/339"],"reported" => "1999-03-17","severity" => undef},{"affected_versions" => ["<5.6.1"],"cves" => ["CVE-2000-0703"],"description" => "suidperl (aka sperl) does not properly cleanse the escape sequence \"~!\" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the \"interactive\" environmental variable and calling suidperl with a filename that contains the escape sequence.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-2000-0703","references" => ["http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html","http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt","http://www.securityfocus.com/bid/1547","http://www.novell.com/linux/security/advisories/suse_security_announce_59.html","http://www.redhat.com/support/errata/RHSA-2000-048.html","http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html","https://www.cpan.org/src/5.0/sperl-2000-08-05/sperl-2000-08-05.txt"],"reported" => "2000-10-20","severity" => undef}],"main_module" => "perl","versions" => [{"date" => "1996-02-03T07:48:14","version" => "5.002"},{"date" => "1996-08-08T23:13:50","version" => "5.003_02"},{"date" => "1996-08-10T19:07:27","version" => "5.003_02"},{"date" => "1996-08-28T16:43:47","version" => "5.003_03"},{"date" => "1996-09-02T23:25:30","version" => "5.003_04"},{"date" => "1996-09-12T20:10:42","version" => "5.003_05"},{"date" => "1996-10-08T21:59:27","version" => "5.003_06"},{"date" => "1996-10-11T03:39:44","version" => "5.003_07"},{"date" => "1996-11-19T07:27:23","version" => "5.003_08"},{"date" => "1996-11-26T09:46:17","version" => "5.003_09"},{"date" => "1996-11-30T01:22:23","version" => "5.003_10"},{"date" => "1996-12-06T09:08:18","version" => "5.003_11"},{"date" => "1996-12-19T04:59:47","version" => "5.003_12"},{"date" => "1996-12-20T02:59:16","version" => "5.003_13"},{"date" => "1996-12-23T22:09:26","version" => "5.003_15"},{"date" => "1996-12-24T23:22:02","version" => "5.003_16"},{"date" => "1996-12-27T20:20:05","version" => "5.003_17"},{"date" => "1996-12-31T21:35:40","version" => "5.003_18"},{"date" => "1997-01-04T06:02:28","version" => "5.003_19"},{"date" => "1997-01-08T02:15:49","version" => "5.003_20"},{"date" => "1997-01-15T23:12:15","version" => "5.003_21"},{"date" => "1997-01-16T20:04:16","version" => "5.003_22"},{"date" => "1997-01-25T10:04:29","version" => "5.003_23"},{"date" => "1997-01-29T06:05:11","version" => "5.003_24"},{"date" => "1997-02-04T05:41:02","version" => "5.003_25"},{"date" => "1997-02-10T19:37:44","version" => "5.003_26"},{"date" => "1997-02-18T01:13:23","version" => "5.003_27"},{"date" => "1997-02-21T17:17:57","version" => "5.003_28"},{"date" => "1997-02-25T03:29:59","version" => "5.003_90"},{"date" => "1997-03-01T08:08:54","version" => "5.003_91"},{"date" => "1997-03-06T18:24:17","version" => "5.003_92"},{"date" => "1997-03-10T12:06:55","version" => "5.003_93"},{"date" => "1997-03-22T05:43:00","version" => "5.003_94"},{"date" => "1997-03-25T19:52:24","version" => "5.003_95"},{"date" => "1997-04-01T00:50:13","version" => "5.003_96"},{"date" => "1997-04-03T00:50:37","version" => "5.003_97"},{"date" => "1997-04-24T00:56:53","version" => "5.003_97"},{"date" => "1997-04-25T03:44:34","version" => "5.003_97"},{"date" => "1997-04-28T20:33:01","version" => "5.003_97"},{"date" => "1997-04-30T15:40:09","version" => "5.003_98"},{"date" => "1997-05-01T18:40:08","version" => "5.003_99"},{"date" => "1997-05-09T05:37:58","version" => "5.003_99"},{"date" => "1997-05-15T22:54:01","version" => "5.004"},{"date" => "1997-06-13T15:08:00","version" => "5.004_01"},{"date" => "1997-08-07T20:07:25","version" => "5.004_02"},{"date" => "1997-09-05T17:46:00","version" => "5.004_03"},{"date" => "1997-09-05T18:13:00","version" => "5.004"},{"date" => "1997-09-19T18:22:20","version" => "5.004"},{"date" => "1997-09-23T06:21:18","version" => "5.004"},{"date" => "1997-10-02T16:49:00","version" => "5.004_51"},{"date" => "1997-10-09T23:16:38","version" => "5.004"},{"date" => "1997-10-14T19:19:40","version" => "5.004"},{"date" => "1997-10-15T16:17:00","version" => "5.004_52"},{"date" => "1997-10-15T16:28:24","version" => "5.004_04"},{"date" => "1997-10-16T16:24:00","version" => "5.004_53"},{"date" => "1997-11-14T17:04:00","version" => "5.004_54"},{"date" => "1997-11-25T17:17:00","version" => "5.004_55"},{"date" => "1997-12-18T16:20:00","version" => "5.004_56"},{"date" => "1998-02-03T15:06:00","version" => "5.004_57"},{"date" => "1998-02-06T17:25:00","version" => "5.004_58"},{"date" => "1998-02-13T16:42:00","version" => "5.004_59"},{"date" => "1998-02-20T17:42:00","version" => "5.004_60"},{"date" => "1998-02-27T17:55:00","version" => "5.004_61"},{"date" => "1998-03-04T19:46:42","version" => "5.004"},{"date" => "1998-03-06T15:27:00","version" => "5.004_62"},{"date" => "1998-03-17T15:29:00","version" => "5.004_63"},{"date" => "1998-04-03T15:44:00","version" => "5.004_64"},{"date" => "1998-05-01T23:37:24","version" => "5.004_04"},{"date" => "1998-05-15T15:57:00","version" => "5.004_65"},{"date" => "1998-05-15T23:46:53","version" => "5.004_04"},{"date" => "1998-05-19T23:51:10","version" => "5.004_04"},{"date" => "1998-05-29T15:23:00","version" => "5.004_66"},{"date" => "1998-06-15T11:47:27","version" => "5.004_67"},{"date" => "1998-06-23T11:50:59","version" => "5.004_68"},{"date" => "1998-06-29T09:42:04","version" => "5.004_69"},{"date" => "1998-07-06T08:22:24","version" => "5.004_70"},{"date" => "1998-07-09T13:47:36","version" => "5.004_71"},{"date" => "1998-07-12T13:32:41","version" => "5.004_72"},{"date" => "1998-07-13T09:17:14","version" => "5.004_73"},{"date" => "1998-07-14T10:31:15","version" => "5.004_74"},{"date" => "1998-07-15T11:29:51","version" => "5.005"},{"date" => "1998-07-21T05:16:24","version" => "5.004_05"},{"date" => "1998-07-21T11:36:27","version" => "5.005"},{"date" => "1998-07-23T00:55:19","version" => "5.005"},{"date" => "1998-07-26T06:20:30","version" => "5.005_50"},{"date" => "1998-07-27T00:16:22","version" => "5.005_01"},{"date" => "1998-08-02T10:32:29","version" => "5.005_02"},{"date" => "1998-08-05T10:49:59","version" => "5.005_02"},{"date" => "1998-08-08T05:46:05","version" => "5.005_02"},{"date" => "1998-08-10T08:33:23","version" => "5.005_51"},{"date" => "1998-09-25T11:59:38","version" => "5.005_52"},{"date" => "1998-10-09T17:05:49","version" => "5.004_05"},{"date" => "1998-10-31T12:32:20","version" => "5.005_53"},{"date" => "1998-11-22T23:06:16","version" => "5.004_05"},{"date" => "1998-11-30T03:26:39","version" => "5.005_03"},{"date" => "1998-11-30T04:29:11","version" => "5.005_54"},{"date" => "1998-12-03T17:22:19","version" => "5.004_05"},{"date" => "1999-01-03T20:44:49","version" => "5.005_03"},{"date" => "1999-01-17T18:28:14","version" => "5.005_03"},{"date" => "1999-01-26T04:39:36","version" => "5.005_03"},{"date" => "1999-01-29T05:03:44","version" => "5.005_03"},{"date" => "1999-02-16T07:11:42","version" => "5.005_55"},{"date" => "1999-03-01T05:38:00","version" => "5.005_56"},{"date" => "1999-03-05T02:22:53","version" => "5.005_03"},{"date" => "1999-03-29T00:50:43","version" => "5.005_03"},{"date" => "1999-04-27T00:23:40","version" => "5.004_05"},{"date" => "1999-04-29T20:04:24","version" => "5.004_05"},{"date" => "1999-05-25T10:36:40","version" => "5.005_57"},{"date" => "1999-07-27T11:00:38","version" => "5.005_58"},{"date" => "1999-08-02T08:52:25","version" => "5.005_59"},{"date" => "1999-08-02T21:13:44","version" => "5.005_60"},{"date" => "1999-08-22T20:40:16","version" => "5.005_61"},{"date" => "1999-10-15T10:36:17","version" => "5.005_62"},{"date" => "1999-12-09T11:38:49","version" => "5.005_63"},{"date" => "2000-02-02T13:06:00","version" => "v5.5.640"},{"date" => "2000-02-08T08:37:47","version" => "v5.5.650"},{"date" => "2000-02-22T11:41:34","version" => "v5.5.660"},{"date" => "2000-03-01T07:34:59","version" => "v5.5.670"},{"date" => "2000-03-23T06:06:13","version" => "v5.6.0"},{"date" => "2000-09-02T18:07:32","version" => "v5.7.0"},{"date" => "2000-12-18T10:12:29","version" => "v5.6.1"},{"date" => "2001-01-31T16:18:51","version" => "v5.6.1"},{"date" => "2001-03-19T09:36:57","version" => "v5.6.1"},{"date" => "2001-04-09T04:47:17","version" => "v5.6.1"},{"date" => "2001-04-10T02:54:00","version" => "v5.7.1"},{"date" => "2001-07-13T14:50:55","version" => "v5.7.2"},{"date" => "2002-03-05T05:00:31","version" => "v5.7.3"},{"date" => "2002-06-01T19:09:00","version" => "v5.8.0"},{"date" => "2002-06-21T14:56:35","version" => "v5.8.0"},{"date" => "2002-07-14T00:26:18","version" => "v5.8.0"},{"date" => "2002-07-18T23:32:56","version" => "v5.8.0"},{"date" => "2003-07-10T06:52:39","version" => "v5.8.1"},{"date" => "2003-07-11T12:23:20","version" => "v5.8.1"},{"date" => "2003-07-30T20:28:59","version" => "v5.8.1"},{"date" => "2003-08-01T15:49:36","version" => "v5.8.1"},{"date" => "2003-09-22T09:14:19","version" => "v5.8.1"},{"date" => "2003-09-25T11:49:06","version" => "v5.8.1"},{"date" => "2003-10-27T02:59:51","version" => "5.009"},{"date" => "2003-10-27T23:40:16","version" => "5.008001"},{"date" => "2003-11-03T09:03:41","version" => "5.008001"},{"date" => "2003-11-05T23:34:05","version" => "5.008001"},{"date" => "2003-11-08T15:53:25","version" => "v5.6.2"},{"date" => "2003-11-15T12:53:43","version" => "v5.6.2"},{"date" => "2003-12-05T16:42:45","version" => "5.005_03"},{"date" => "2004-01-07T14:40:01","version" => "5.008001"},{"date" => "2004-01-14T19:03:21","version" => "5.008003"},{"date" => "2004-01-20T21:48:04","version" => "5.005_03"},{"date" => "2004-01-27T21:18:43","version" => "5.005_03"},{"date" => "2004-02-04T22:55:06","version" => "5.005_04"},{"date" => "2004-02-18T14:20:15","version" => "5.005"},{"date" => "2004-02-23T14:02:10","version" => "5.005"},{"date" => "2004-03-16T19:35:25","version" => "5.009001"},{"date" => "2004-04-05T21:27:48","version" => "5.008003"},{"date" => "2004-04-15T22:59:51","version" => "5.008003"},{"date" => "2004-04-21T23:03:10","version" => "5.008003"},{"date" => "2004-07-06T21:41:21","version" => "5.008005"},{"date" => "2004-07-08T21:55:05","version" => "5.008005"},{"date" => "2004-07-19T21:56:20","version" => "5.008005"},{"date" => "2004-11-11T19:56:33","version" => "5.008006"},{"date" => "2004-11-27T23:56:17","version" => "5.008006"},{"date" => "2005-04-01T09:53:24","version" => "5.009002"},{"date" => "2005-05-18T16:35:37","version" => "5.008007"},{"date" => "2005-05-30T22:19:23","version" => "5.008007"},{"date" => "2006-01-20T10:09:18","version" => "5.008008"},{"date" => "2006-01-28T11:11:38","version" => "5.009003"},{"date" => "2006-02-01T00:00:59","version" => "5.008008"},{"date" => "2006-08-15T13:48:30","version" => "5.009004"},{"date" => "2007-07-07T16:13:57","version" => "5.009005"},{"date" => "2007-11-17T15:31:20","version" => "5.009005"},{"date" => "2007-11-25T18:22:18","version" => "5.010000"},{"date" => "2007-12-18T17:41:41","version" => "5.010000"},{"date" => "2008-11-10T23:14:59","version" => "5.008009"},{"date" => "2008-12-06T22:50:35","version" => "5.008009"},{"date" => "2008-12-14T23:08:28","version" => "5.008009"},{"date" => "2009-08-06T16:11:03","version" => "5.010001"},{"date" => "2009-08-18T23:45:03","version" => "5.010001"},{"date" => "2009-08-23T14:21:38","version" => "5.010001"},{"date" => "2009-10-02T20:51:46","version" => "5.011000"},{"date" => "2009-10-20T17:51:38","version" => "5.011001"},{"date" => "2009-11-20T07:20:52","version" => "5.011002"},{"date" => "2009-12-21T04:49:14","version" => "5.011003"},{"date" => "2010-01-20T16:48:28","version" => "5.011004"},{"date" => "2010-02-21T00:45:26","version" => "5.011005"},{"date" => "2010-03-21T20:41:11","version" => "5.012000"},{"date" => "2010-03-29T18:29:49","version" => "5.012000"},{"date" => "2010-04-01T02:38:12","version" => "5.012000"},{"date" => "2010-04-03T02:40:48","version" => "5.012000"},{"date" => "2010-04-07T05:39:46","version" => "5.012000"},{"date" => "2010-04-10T03:46:04","version" => "5.012000"},{"date" => "2010-04-12T22:38:37","version" => "5.012000"},{"date" => "2010-04-20T20:06:02","version" => "5.013000"},{"date" => "2010-05-10T02:43:48","version" => "5.012001"},{"date" => "2010-05-13T22:31:41","version" => "5.012001"},{"date" => "2010-05-16T22:40:16","version" => "5.012001"},{"date" => "2010-05-20T14:03:45","version" => "5.013001"},{"date" => "2010-06-22T21:39:26","version" => "5.013002"},{"date" => "2010-07-20T10:23:23","version" => "5.013003"},{"date" => "2010-08-20T15:39:07","version" => "5.013004"},{"date" => "2010-08-31T16:48:01","version" => "5.012002"},{"date" => "2010-09-07T01:41:31","version" => "5.012002"},{"date" => "2010-09-19T21:22:47","version" => "5.013005"},{"date" => "2010-10-21T01:41:01","version" => "5.013006"},{"date" => "2010-11-21T01:14:06","version" => "5.013007"},{"date" => "2010-12-19T23:06:25","version" => "5.013008"},{"date" => "2011-01-10T02:12:53","version" => "5.012003"},{"date" => "2011-01-15T04:05:30","version" => "5.012003"},{"date" => "2011-01-18T02:13:17","version" => "5.012003"},{"date" => "2011-01-21T01:42:07","version" => "5.013009"},{"date" => "2011-01-22T03:35:35","version" => "5.012003"},{"date" => "2011-02-20T19:18:02","version" => "5.013010"},{"date" => "2011-03-20T19:49:16","version" => "5.013011"},{"date" => "2011-04-20T11:53:32","version" => "5.014000"},{"date" => "2011-05-04T16:42:27","version" => "5.014000"},{"date" => "2011-05-11T15:49:42","version" => "5.014000"},{"date" => "2011-05-14T20:34:05","version" => "5.014000"},{"date" => "2011-06-08T13:19:36","version" => "5.012004"},{"date" => "2011-06-09T23:48:04","version" => "5.014001"},{"date" => "2011-06-15T17:00:36","version" => "5.012004"},{"date" => "2011-06-17T02:42:01","version" => "5.014001"},{"date" => "2011-06-20T10:41:26","version" => "5.012004"},{"date" => "2011-06-20T23:26:37","version" => "5.015000"},{"date" => "2011-07-20T21:15:08","version" => "5.015001"},{"date" => "2011-08-21T00:05:23","version" => "5.015002"},{"date" => "2011-09-19T11:23:55","version" => "5.014002"},{"date" => "2011-09-21T03:05:05","version" => "5.015003"},{"date" => "2011-09-26T14:56:49","version" => "5.014002"},{"date" => "2011-10-20T21:17:45","version" => "5.015004"},{"date" => "2011-11-20T20:41:00","version" => "5.015005"},{"date" => "2011-12-20T17:55:58","version" => "5.015006"},{"date" => "2012-01-20T20:08:28","version" => "5.015007"},{"date" => "2012-02-20T22:38:13","version" => "5.015008"},{"date" => "2012-03-20T19:16:38","version" => "5.015009"},{"date" => "2012-05-11T03:41:02","version" => "5.016000"},{"date" => "2012-05-15T02:51:48","version" => "5.016000"},{"date" => "2012-05-16T03:22:59","version" => "5.016000"},{"date" => "2012-05-20T22:51:12","version" => "5.016000"},{"date" => "2012-05-26T16:24:02","version" => "5.017000"},{"date" => "2012-06-20T17:35:18","version" => "5.017001"},{"date" => "2012-07-20T14:27:59","version" => "5.017002"},{"date" => "2012-08-03T18:59:23","version" => "5.016001"},{"date" => "2012-08-08T22:30:11","version" => "5.016001"},{"date" => "2012-08-20T14:12:02","version" => "5.017003"},{"date" => "2012-09-20T00:39:08","version" => "5.017004"},{"date" => "2012-09-26T22:15:57","version" => "5.014003"},{"date" => "2012-10-10T19:46:29","version" => "5.014003"},{"date" => "2012-10-12T20:25:20","version" => "5.014003"},{"date" => "2012-10-20T16:31:11","version" => "5.017005"},{"date" => "2012-10-27T01:23:09","version" => "5.016002"},{"date" => "2012-11-01T13:44:07","version" => "5.016002"},{"date" => "2012-11-03T17:27:59","version" => "5.012005"},{"date" => "2012-11-08T21:12:17","version" => "5.012005"},{"date" => "2012-11-10T14:02:17","version" => "5.012005"},{"date" => "2012-11-21T00:08:12","version" => "5.017006"},{"date" => "2012-12-18T21:50:28","version" => "5.017007"},{"date" => "2013-01-20T18:48:45","version" => "5.017008"},{"date" => "2013-02-20T22:21:02","version" => "5.017009"},{"date" => "2013-03-05T17:03:49","version" => "5.014004"},{"date" => "2013-03-07T16:03:14","version" => "5.016003"},{"date" => "2013-03-07T19:52:52","version" => "5.014004"},{"date" => "2013-03-10T23:47:40","version" => "5.014004"},{"date" => "2013-03-11T21:08:33","version" => "5.016003"},{"date" => "2013-03-21T23:11:03","version" => "5.017010"},{"date" => "2013-04-21T00:52:16","version" => "5.017011"},{"date" => "2013-05-11T12:29:53","version" => "5.018000"},{"date" => "2013-05-12T23:14:51","version" => "5.018000"},{"date" => "2013-05-14T01:32:05","version" => "5.018000"},{"date" => "2013-05-16T02:53:44","version" => "5.018000"},{"date" => "2013-05-18T13:33:49","version" => "5.018000"},{"date" => "2013-05-20T13:12:38","version" => "5.019000"},{"date" => "2013-06-21T01:24:18","version" => "5.019001"},{"date" => "2013-07-22T05:59:35","version" => "5.019002"},{"date" => "2013-08-02T03:09:02","version" => "5.018001"},{"date" => "2013-08-04T12:34:33","version" => "5.018001"},{"date" => "2013-08-09T02:28:00","version" => "5.018001"},{"date" => "2013-08-12T14:31:08","version" => "5.018001"},{"date" => "2013-08-20T16:09:42","version" => "5.019003"},{"date" => "2013-09-20T15:58:20","version" => "5.019004"},{"date" => "2013-10-20T13:25:55","version" => "5.019005"},{"date" => "2013-11-20T20:37:20","version" => "5.019006"},{"date" => "2013-12-02T22:36:49","version" => "5.018002"},{"date" => "2013-12-07T13:55:43","version" => "5.018002"},{"date" => "2013-12-19T21:27:42","version" => "5.018002"},{"date" => "2013-12-20T20:55:37","version" => "5.019007"},{"date" => "2013-12-22T03:30:43","version" => "5.018002"},{"date" => "2014-01-07T01:52:57","version" => "5.018002"},{"date" => "2014-01-20T21:59:04","version" => "5.019008"},{"date" => "2014-02-20T04:24:45","version" => "5.019009"},{"date" => "2014-03-20T20:40:26","version" => "5.019010"},{"date" => "2014-04-20T15:47:12","version" => "5.019011"},{"date" => "2014-05-17T00:16:49","version" => "5.020000"},{"date" => "2014-05-27T01:35:13","version" => "5.020000"},{"date" => "2014-05-27T14:32:18","version" => "5.021000"},{"date" => "2014-06-20T15:31:10","version" => "5.021001"},{"date" => "2014-07-20T13:48:02","version" => "5.021002"},{"date" => "2014-08-21T02:26:13","version" => "5.021003"},{"date" => "2014-08-25T18:10:32","version" => "5.020001"},{"date" => "2014-09-07T17:01:11","version" => "5.020001"},{"date" => "2014-09-14T13:11:14","version" => "5.020001"},{"date" => "2014-09-17T20:29:53","version" => "5.018003"},{"date" => "2014-09-20T13:33:14","version" => "5.021004"},{"date" => "2014-09-27T12:54:08","version" => "5.018003"},{"date" => "2014-10-01T13:22:50","version" => "5.018003"},{"date" => "2014-10-02T00:48:31","version" => "5.018004"},{"date" => "2014-10-20T16:54:20","version" => "5.021005"},{"date" => "2014-11-20T23:39:06","version" => "5.021006"},{"date" => "2014-12-20T17:34:57","version" => "5.021007"},{"date" => "2015-01-20T20:20:05","version" => "5.021008"},{"date" => "2015-02-01T03:07:56","version" => "5.020002"},{"date" => "2015-02-14T18:26:43","version" => "5.020002"},{"date" => "2015-02-21T05:27:09","version" => "5.021009"},{"date" => "2015-03-20T18:30:20","version" => "5.021010"},{"date" => "2015-04-20T21:28:37","version" => "5.021011"},{"date" => "2015-05-19T14:12:19","version" => "5.022000"},{"date" => "2015-05-21T23:03:22","version" => "5.022000"},{"date" => "2015-06-01T17:51:59","version" => "5.022000"},{"date" => "2015-06-20T20:22:32","version" => "5.023000"},{"date" => "2015-07-20T19:26:31","version" => "5.023001"},{"date" => "2015-08-20T15:36:45","version" => "5.023002"},{"date" => "2015-08-22T22:12:34","version" => "5.020003"},{"date" => "2015-08-29T22:02:43","version" => "5.020003"},{"date" => "2015-09-12T19:09:14","version" => "5.020003"},{"date" => "2015-09-21T02:47:16","version" => "5.023003"},{"date" => "2015-10-20T22:17:48","version" => "5.023004"},{"date" => "2015-10-31T18:42:58","version" => "5.022001"},{"date" => "2015-11-15T15:15:03","version" => "5.022001"},{"date" => "2015-11-20T17:09:38","version" => "5.023005"},{"date" => "2015-12-02T22:07:35","version" => "5.022001"},{"date" => "2015-12-08T21:34:05","version" => "5.022001"},{"date" => "2015-12-13T19:48:31","version" => "5.022001"},{"date" => "2015-12-21T22:40:27","version" => "5.023006"},{"date" => "2016-01-20T21:52:22","version" => "5.023007"},{"date" => "2016-02-20T21:56:31","version" => "5.023008"},{"date" => "2016-03-20T16:45:40","version" => "5.023009"},{"date" => "2016-04-10T17:29:04","version" => "5.022002"},{"date" => "2016-04-14T03:27:48","version" => "5.024000"},{"date" => "2016-04-23T20:56:14","version" => "5.024000"},{"date" => "2016-04-27T01:02:55","version" => "5.024000"},{"date" => "2016-04-29T21:39:25","version" => "5.022002"},{"date" => "2016-05-02T14:41:03","version" => "5.024000"},{"date" => "2016-05-04T22:27:57","version" => "5.024000"},{"date" => "2016-05-09T11:35:29","version" => "5.024000"},{"date" => "2016-05-09T12:02:53","version" => "5.025000"},{"date" => "2016-05-20T21:33:43","version" => "5.025001"},{"date" => "2016-06-20T21:02:44","version" => "5.025002"},{"date" => "2016-07-17T22:27:32","version" => "5.022003"},{"date" => "2016-07-17T22:29:08","version" => "5.024001"},{"date" => "2016-07-20T16:22:41","version" => "5.025003"},{"date" => "2016-07-25T12:58:33","version" => "5.022003"},{"date" => "2016-07-25T13:01:21","version" => "5.024001"},{"date" => "2016-08-11T23:47:40","version" => "5.022003"},{"date" => "2016-08-11T23:50:29","version" => "5.024001"},{"date" => "2016-08-20T20:25:19","version" => "5.025004"},{"date" => "2016-09-20T17:45:06","version" => "5.025005"},{"date" => "2016-10-12T21:39:57","version" => "5.022003"},{"date" => "2016-10-12T21:40:57","version" => "5.024001"},{"date" => "2016-10-20T15:44:55","version" => "5.025006"},{"date" => "2016-11-20T21:20:07","version" => "5.025007"},{"date" => "2016-12-20T19:14:33","version" => "5.025008"},{"date" => "2017-01-02T18:54:51","version" => "5.022003"},{"date" => "2017-01-02T18:57:38","version" => "5.024001"},{"date" => "2017-01-14T20:04:05","version" => "5.022003"},{"date" => "2017-01-14T20:04:30","version" => "5.024001"},{"date" => "2017-01-20T15:25:43","version" => "5.025009"},{"date" => "2017-02-20T21:21:01","version" => "5.025010"},{"date" => "2017-03-20T20:56:49","version" => "5.025011"},{"date" => "2017-04-20T19:32:05","version" => "5.025012"},{"date" => "2017-05-11T17:07:17","version" => "5.026000"},{"date" => "2017-05-23T23:19:34","version" => "5.026000"},{"date" => "2017-05-30T19:42:51","version" => "5.026000"},{"date" => "2017-05-31T21:11:57","version" => "5.027000"},{"date" => "2017-06-20T06:39:54","version" => "5.027001"},{"date" => "2017-07-01T21:50:24","version" => "5.022004"},{"date" => "2017-07-01T21:50:55","version" => "5.024002"},{"date" => "2017-07-15T17:26:52","version" => "5.022004"},{"date" => "2017-07-15T17:29:00","version" => "5.024002"},{"date" => "2017-07-20T19:28:36","version" => "5.027002"},{"date" => "2017-08-21T20:43:51","version" => "5.027003"},{"date" => "2017-09-10T15:37:08","version" => "5.024003"},{"date" => "2017-09-10T15:38:22","version" => "5.026001"},{"date" => "2017-09-20T21:44:22","version" => "5.027004"},{"date" => "2017-09-22T21:29:50","version" => "5.024003"},{"date" => "2017-09-22T21:30:56","version" => "5.026001"},{"date" => "2017-10-20T22:08:15","version" => "5.027005"},{"date" => "2017-11-20T22:39:31","version" => "5.027006"},{"date" => "2017-12-20T22:58:25","version" => "5.027007"},{"date" => "2018-01-20T03:17:50","version" => "5.027008"},{"date" => "2018-02-20T20:46:45","version" => "5.027009"},{"date" => "2018-03-20T21:08:53","version" => "5.027010"},{"date" => "2018-03-24T19:33:50","version" => "5.024004"},{"date" => "2018-03-24T19:37:40","version" => "5.026002"},{"date" => "2018-04-14T11:25:22","version" => "5.024004"},{"date" => "2018-04-14T11:27:18","version" => "5.026002"},{"date" => "2018-04-20T15:10:52","version" => "5.027011"},{"date" => "2018-05-21T13:12:00","version" => "5.028000"},{"date" => "2018-06-06T12:34:00","version" => "5.028000"},{"date" => "2018-06-18T22:47:34","version" => "5.028000"},{"date" => "2018-06-19T20:45:05","version" => "5.028000"},{"date" => "2018-06-23T02:05:28","version" => "5.028000"},{"date" => "2018-06-26T21:25:53","version" => "5.029000"},{"date" => "2018-07-20T15:13:07","version" => "5.029001"},{"date" => "2018-08-20T21:04:27","version" => "5.029002"},{"date" => "2018-09-21T02:58:51","version" => "5.029003"},{"date" => "2018-10-20T14:20:56","version" => "5.029004"},{"date" => "2018-11-20T22:03:07","version" => "5.029005"},{"date" => "2018-11-29T19:03:17","version" => "5.026003"},{"date" => "2018-11-29T19:03:28","version" => "5.028001"},{"date" => "2018-11-30T22:02:29","version" => "5.026003"},{"date" => "2018-11-30T22:03:06","version" => "5.028001"},{"date" => "2018-12-18T12:26:18","version" => "5.029006"},{"date" => "2019-01-20T02:16:52","version" => "5.029007"},{"date" => "2019-02-21T05:30:00","version" => "5.029008"},{"date" => "2019-03-21T11:49:45","version" => "5.029009"},{"date" => "2019-04-05T19:46:23","version" => "5.028002"},{"date" => "2019-04-19T15:07:44","version" => "5.028002"},{"date" => "2019-04-20T18:11:45","version" => "5.029010"},{"date" => "2019-05-11T22:58:31","version" => "5.030000"},{"date" => "2019-05-17T20:44:42","version" => "5.030000"},{"date" => "2019-05-22T09:35:50","version" => "5.030000"},{"date" => "2019-05-24T19:28:47","version" => "5.031000"},{"date" => "2019-06-20T20:19:01","version" => "5.031001"},{"date" => "2019-07-20T17:01:20","version" => "5.031002"},{"date" => "2019-08-20T14:02:01","version" => "5.031003"},{"date" => "2019-09-20T21:27:31","version" => "5.031004"},{"date" => "2019-10-20T14:29:11","version" => "5.031005"},{"date" => "2019-10-27T16:29:27","version" => "5.030001"},{"date" => "2019-11-10T14:14:00","version" => "5.030001"},{"date" => "2019-11-20T22:14:49","version" => "5.031006"},{"date" => "2019-12-21T03:38:57","version" => "5.031007"},{"date" => "2020-01-20T17:17:53","version" => "5.031008"},{"date" => "2020-02-20T23:03:22","version" => "5.031009"},{"date" => "2020-02-29T19:25:07","version" => "5.030002"},{"date" => "2020-03-14T17:04:56","version" => "5.030002"},{"date" => "2020-03-20T20:08:58","version" => "5.031010"},{"date" => "2020-04-28T19:49:59","version" => "5.031011"},{"date" => "2020-05-30T18:47:47","version" => "5.032000"},{"date" => "2020-06-01T19:17:48","version" => "5.028003"},{"date" => "2020-06-01T19:19:30","version" => "5.028003"},{"date" => "2020-06-01T19:19:54","version" => "5.030003"},{"date" => "2020-06-01T19:21:31","version" => "5.030003"},{"date" => "2020-06-07T21:13:05","version" => "5.032000"},{"date" => "2020-06-20T20:38:54","version" => "5.032000"},{"date" => "2020-07-17T19:38:54","version" => "5.033000"},{"date" => "2020-08-20T20:36:01","version" => "5.033001"},{"date" => "2020-09-20T16:29:59","version" => "5.033002"},{"date" => "2020-10-20T21:30:28","version" => "5.033003"},{"date" => "2020-11-20T13:32:10","version" => "5.033004"},{"date" => "2020-12-20T14:00:43","version" => "5.033005"},{"date" => "2021-01-09T16:48:26","version" => "5.032001"},{"date" => "2021-01-21T01:34:41","version" => "5.033006"},{"date" => "2021-01-23T14:56:24","version" => "5.032001"},{"date" => "2021-02-20T09:58:24","version" => "5.033007"},{"date" => "2021-03-21T00:55:24","version" => "5.033008"},{"date" => "2021-04-20T23:37:29","version" => "5.033009"},{"date" => "2021-05-04T23:24:07","version" => "5.034000"},{"date" => "2021-05-15T14:56:00","version" => "5.034000"},{"date" => "2021-05-20T20:07:59","version" => "5.034000"},{"date" => "2021-05-21T02:06:41","version" => "5.035000"},{"date" => "2021-06-20T12:39:44","version" => "5.035001"},{"date" => "2021-07-23T12:53:17","version" => "5.035002"},{"date" => "2021-08-21T03:17:40","version" => "5.035003"},{"date" => "2021-09-20T19:46:41","version" => "5.035004"},{"date" => "2021-10-21T19:32:21","version" => "5.035005"},{"date" => "2021-11-21T00:22:09","version" => "5.035006"},{"date" => "2021-12-20T23:35:42","version" => "5.035007"},{"date" => "2022-01-20T22:39:08","version" => "5.035008"},{"date" => "2022-02-20T12:32:59","version" => "5.035009"},{"date" => "2022-02-27T14:18:13","version" => "5.034001"},{"date" => "2022-03-06T17:23:15","version" => "5.034001"},{"date" => "2022-03-13T08:40:18","version" => "5.034001"},{"date" => "2022-03-20T18:33:42","version" => "5.035010"},{"date" => "2022-04-20T20:33:20","version" => "5.035011"},{"date" => "2022-05-21T00:12:21","version" => "5.036000"},{"date" => "2022-05-22T19:36:07","version" => "5.036000"},{"date" => "2022-05-28T00:26:10","version" => "5.036000"},{"date" => "2022-05-28T02:33:40","version" => "5.037000"},{"date" => "2022-06-20T18:57:04","version" => "5.037001"},{"date" => "2022-07-21T01:37:24","version" => "5.037002"},{"date" => "2022-08-20T18:57:47","version" => "5.037003"},{"date" => "2022-09-21T00:25:19","version" => "5.037004"},{"date" => "2022-10-20T17:33:58","version" => "5.037005"},{"date" => "2022-11-20T11:56:16","version" => "5.037006"},{"date" => "2022-12-20T17:14:30","version" => "5.037007"},{"date" => "2023-01-20T15:20:59","version" => "5.037008"},{"date" => "2023-02-20T20:45:20","version" => "5.037009"},{"date" => "2023-03-21T08:16:37","version" => "5.037010"},{"date" => "2023-04-10T20:07:53","version" => "5.036001"},{"date" => "2023-04-11T19:50:09","version" => "5.036001"},{"date" => "2023-04-16T15:35:15","version" => "5.036001"},{"date" => "2023-04-20T19:05:36","version" => "5.037011"},{"date" => "2023-04-23T15:22:26","version" => "5.036001"},{"date" => "2023-06-16T02:09:05","version" => "5.038000"},{"date" => "2023-06-23T21:17:27","version" => "5.038000"},{"date" => "2023-07-02T23:00:28","version" => "5.038000"},{"date" => "2023-07-20T19:09:13","version" => "5.039001"},{"date" => "2023-08-20T22:46:17","version" => "5.039002"},{"date" => "2023-09-20T16:12:58","version" => "5.039003"},{"date" => "2023-10-25T19:15:57","version" => "5.039004"},{"date" => "2023-11-20T02:49:43","version" => "5.039005"},{"date" => "2023-11-25T15:19:49","version" => "5.034002"},{"date" => "2023-11-25T15:20:11","version" => "5.036002"},{"date" => "2023-11-25T15:21:49","version" => "5.038001"},{"date" => "2023-11-25T15:58:49","version" => "5.034002"},{"date" => "2023-11-25T15:59:01","version" => "5.036002"},{"date" => "2023-11-25T15:59:13","version" => "5.038001"},{"date" => "2023-11-29T13:10:30","version" => "5.034003"},{"date" => "2023-11-29T16:08:59","version" => "5.036003"},{"date" => "2023-11-29T16:10:36","version" => "5.038002"},{"date" => "2023-12-30T21:59:20","version" => "5.039006"},{"date" => "2024-01-20T12:44:12","version" => "5.039007"},{"date" => "2024-02-23T14:25:56","version" => "5.039008"},{"date" => "2024-03-20T16:26:28","version" => "5.039009"},{"date" => "2024-04-27T19:22:49","version" => "5.039010"},{"date" => "2024-05-24T20:45:21","version" => "5.040000"},{"date" => "2024-06-04T21:47:57","version" => "5.040000"},{"date" => "2024-06-09T20:45:37","version" => "5.040000"},{"date" => "2024-07-02T14:28:09","version" => "5.041001"},{"date" => "2024-07-20T20:54:48","version" => "5.041002"},{"date" => "2024-08-29T13:23:40","version" => "5.041003"},{"date" => "2024-09-20T11:18:14","version" => "5.041004"},{"date" => "2024-10-20T20:49:26","version" => "5.041005"},{"date" => "2024-11-20T08:29:25","version" => "5.041006"},{"date" => "2024-12-20T14:31:24","version" => "5.041007"},{"date" => "2025-01-05T20:28:54","version" => "5.038003"},{"date" => "2025-01-05T20:32:07","version" => "5.040001"},{"date" => "2025-01-18T19:43:21","version" => "5.038003"},{"date" => "2025-01-18T19:48:20","version" => "5.040001"},{"date" => "2025-01-20T21:30:07","version" => "5.041008"},{"date" => "2025-02-24T08:19:26","version" => "5.041009"},{"date" => "2025-03-21T12:49:33","version" => "5.041010"},{"date" => "2025-04-13T13:05:54","version" => "5.038004"},{"date" => "2025-04-13T13:06:16","version" => "5.038004"},{"date" => "2025-04-13T13:06:38","version" => "5.040002"},{"date" => "2025-04-13T13:07:01","version" => "5.040002"},{"date" => "2025-04-21T01:51:01","version" => "5.041011"},{"date" => "2025-04-21T22:49:29","version" => "5.041012"},{"date" => "2025-05-28T22:19:58","version" => "5.041013"},{"date" => "2025-06-25T05:03:48","version" => "5.042000"},{"date" => "2025-06-28T06:28:22","version" => "5.042000"},{"date" => "2025-07-01T20:32:04","version" => "5.042000"},{"date" => "2025-07-03T15:23:01","version" => "5.042000"},{"date" => "2025-07-20T21:38:33","version" => "5.043001"},{"date" => "2025-07-21T20:15:44","version" => "5.038005"},{"date" => "2025-07-21T20:16:11","version" => "5.040003"},{"date" => "2025-08-03T10:10:35","version" => "5.038005"},{"date" => "2025-08-03T10:12:20","version" => "5.040003"},{"date" => "2025-08-20T19:40:22","version" => "5.043002"},{"date" => "2025-09-23T06:27:34","version" => "5.043003"},{"date" => "2025-10-23T15:35:36","version" => "5.043004"},{"date" => "2025-11-20T05:48:21","version" => "5.043005"},{"date" => "2025-12-20T17:47:41","version" => "5.043006"},{"date" => "2026-01-19T18:04:21","version" => "5.043007"},{"date" => "2026-02-20T22:33:36","version" => "5.043008"},{"date" => "2026-02-22T12:07:04","version" => "5.042001"},{"date" => "2026-03-08T18:47:44","version" => "5.042001"}]},"perl-ldap" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2020-16093"],"description" => "In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.\n","distribution" => "perl-ldap","fixed_versions" => [],"id" => "CPANSA-Net-LDAPS-2020-16093","references" => ["https://lemonldap-ng.org/download","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250","https://rt.cpan.org/Ticket/Display.html?id=131045"],"reported" => "2022-07-18","severity" => undef}],"main_module" => "Net::LDAP","versions" => [{"date" => "1998-10-31T01:14:57","version" => "1.08"},{"date" => "1998-10-31T01:19:38","version" => "0.08"},{"date" => "1998-12-23T01:16:35","version" => "0.09"},{"date" => "1999-03-18T02:58:45","version" => "0.10"},{"date" => "1999-04-18T22:10:20","version" => "0.11"},{"date" => "1999-06-28T02:40:38","version" => "0.12"},{"date" => "1999-08-15T23:27:41","version" => "0.13"},{"date" => "2000-02-14T10:34:19","version" => "0.14"},{"date" => "2000-03-22T10:46:21","version" => "0.15"},{"date" => "2000-04-27T17:02:43","version" => "0.16"},{"date" => "2000-05-12T10:16:37","version" => "0.17"},{"date" => "2000-05-22T14:53:07","version" => "0.18"},{"date" => "2000-06-08T08:30:48","version" => "0.19"},{"date" => "2000-08-03T17:07:52","version" => "0.20"},{"date" => "2000-09-12T09:32:12","version" => "0.21"},{"date" => "2000-09-14T19:08:19","version" => "0.22"},{"date" => "2001-04-19T23:25:47","version" => "0.23"},{"date" => "2001-07-17T13:01:04","version" => "0.24"},{"date" => "2001-08-25T08:15:47","version" => "0.2401"},{"date" => "2001-10-29T17:35:12","version" => "0.25"},{"date" => "2002-05-28T07:49:00","version" => "0.251"},{"date" => "2002-07-18T13:13:03","version" => "0.26"},{"date" => "2003-01-27T14:48:49","version" => "0.27"},{"date" => "2003-01-27T18:26:51","version" => "0.2701"},{"date" => "2003-05-19T22:40:30","version" => "0.28"},{"date" => "2003-06-24T10:21:09","version" => "0.29"},{"date" => "2003-10-17T21:42:36","version" => "0.30"},{"date" => "2004-01-01T10:47:23","version" => "0.31"},{"date" => "2004-07-01T15:59:03","version" => "0.32"},{"date" => "2004-07-14T21:00:39","version" => "0.3201"},{"date" => "2004-07-19T18:24:58","version" => "0.3202"},{"date" => "2005-04-25T23:02:59","version" => "0.33"},{"date" => "2007-02-10T23:53:48","version" => "0.34"},{"date" => "2008-03-30T18:58:37","version" => "0.35"},{"date" => "2008-04-21T15:21:03","version" => "0.36"},{"date" => "2008-08-28T13:02:29","version" => "0.37"},{"date" => "2008-09-21T14:28:08","version" => "0.38"},{"date" => "2008-10-27T20:10:12","version" => "0.39"},{"date" => "2010-03-12T03:03:48","version" => "0.40"},{"date" => "2010-03-24T20:01:45","version" => "0.4001"},{"date" => "2011-09-03T12:44:01","version" => "0.41"},{"date" => "2011-09-03T12:48:31","version" => "0.42"},{"date" => "2011-09-03T17:55:11","version" => "0.43"},{"date" => "2012-01-29T09:55:22","version" => "0.44"},{"date" => "2012-09-05T09:46:44","version" => "0.45"},{"date" => "2012-09-05T16:17:53","version" => "0.46"},{"date" => "2012-09-16T10:06:08","version" => "0.47"},{"date" => "2012-09-20T08:58:48","version" => "0.48"},{"date" => "2012-10-06T08:15:30","version" => "0.49"},{"date" => "2012-11-17T17:10:16","version" => "0.50_01"},{"date" => "2012-11-24T12:11:37","version" => "0.50"},{"date" => "2012-12-01T13:39:38","version" => "0.51"},{"date" => "2013-01-01T13:03:26","version" => "0.52"},{"date" => "2013-01-26T17:43:28","version" => "0.53"},{"date" => "2013-03-29T11:25:51","version" => "0.54"},{"date" => "2013-04-23T09:38:16","version" => "0.55"},{"date" => "2013-06-08T11:31:48","version" => "0.56"},{"date" => "2013-07-21T17:04:36","version" => "0.57"},{"date" => "2013-12-23T16:50:28","version" => "0.58"},{"date" => "2014-03-04T17:17:26","version" => "0.59"},{"date" => "2014-03-08T13:14:49","version" => "0.60"},{"date" => "2014-03-29T16:44:29","version" => "0.61"},{"date" => "2014-04-06T09:39:40","version" => "0.62"},{"date" => "2014-06-01T10:58:37","version" => "0.63"},{"date" => "2014-06-19T15:59:40","version" => "0.64"},{"date" => "2015-04-06T18:02:34","version" => "0.65"},{"date" => "2019-04-16T09:42:54","version" => "0.66"},{"date" => "2020-12-26T14:37:52","version" => "0.67"},{"date" => "2021-01-03T17:37:50","version" => "0.68"}]},"urxvt-bgdsl" => {"advisories" => [{"affected_versions" => [">=9.25,<=9.26"],"cves" => ["CVE-2022-4170"],"description" => "The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.\n","distribution" => "urxvt-bgdsl","fixed_versions" => [">=9.29"],"id" => "CPANSA-urxvt-bgdsl-2022-4170","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=2151597","https://www.openwall.com/lists/oss-security/2022/12/05/1"],"reported" => "2022-12-09","severity" => undef}],"main_module" => "","versions" => []}},"meta" => {"commit" => "a9f8afbc36f0047a2a60bd8a66160f7ac2facb25","date" => "Wed Mar 11 13:03:14 2026","epoch" => 1773234194,"generator" => "util/generate","repo" => "https://github.com/briandfoy/cpan-security-advisory.git"},"module2dist" => {"APR" => "mod_perl","APR::Base64" => "mod_perl","APR::Brigade" => "mod_perl","APR::Bucket" => "mod_perl","APR::BucketAlloc" => "mod_perl","APR::BucketType" => "mod_perl","APR::Const" => "mod_perl","APR::Date" => "mod_perl","APR::Error" => "mod_perl","APR::Finfo" => "mod_perl","APR::FunctionTable" => "mod_perl","APR::IpSubnet" => "mod_perl","APR::OS" => "mod_perl","APR::PerlIO" => "mod_perl","APR::Pool" => "mod_perl","APR::Request" => "libapreq2","APR::Request::Apache2" => "libapreq2","APR::Request::CGI" => "libapreq2","APR::Request::Cookie" => "libapreq2","APR::Request::Error" => "libapreq2","APR::Request::Param" => "libapreq2","APR::SockAddr" => "mod_perl","APR::Socket" => "mod_perl","APR::Status" => "mod_perl","APR::String" => "mod_perl","APR::Table" => "mod_perl","APR::ThreadMutex" => "mod_perl","APR::ThreadRWLock" => "mod_perl","APR::URI" => "mod_perl","APR::UUID" => "mod_perl","APR::Util" => "mod_perl","APR::XSLoader" => "mod_perl","Agni" => "PApp","Agni::Callback" => "PApp","Alien::FreeImage" => "Alien-FreeImage","Alien::GCrypt" => "Alien-GCrypt","Alien::OTR" => "Alien-OTR","Alien::PCRE2" => "Alien-PCRE2","Alien::SVN" => "Alien-SVN","Amiga::ARexx" => "perl","Amiga::ARexx::Msg" => "perl","Amiga::Exec" => "perl","Amon2::Auth::Site::LINE" => "Amon2-Auth-Site-LINE","AnyDBM_File" => "perl","Apache" => "mod_perl","Apache2::Access" => "mod_perl","Apache2::AuthAny" => "Apache2-AuthAny","Apache2::AuthAny::AuthUtil" => "Apache2-AuthAny","Apache2::AuthAny::AuthenHandler" => "Apache2-AuthAny","Apache2::AuthAny::AuthzHandler" => "Apache2-AuthAny","Apache2::AuthAny::Cookie" => "Apache2-AuthAny","Apache2::AuthAny::DB" => "Apache2-AuthAny","Apache2::AuthAny::FixupHandler" => "Apache2-AuthAny","Apache2::AuthAny::MapToStorageHandler" => "Apache2-AuthAny","Apache2::AuthAny::RequestConfig" => "Apache2-AuthAny","Apache2::Build" => "mod_perl","Apache2::CmdParms" => "mod_perl","Apache2::Command" => "mod_perl","Apache2::Connection" => "mod_perl","Apache2::ConnectionUtil" => "mod_perl","Apache2::ConstantsTable" => "mod_perl","Apache2::Cookie" => "libapreq2","Apache2::Directive" => "mod_perl","Apache2::Filter" => "mod_perl","Apache2::FilterRec" => "mod_perl","Apache2::FunctionTable" => "mod_perl","Apache2::HookRun" => "mod_perl","Apache2::Log" => "mod_perl","Apache2::MPM" => "mod_perl","Apache2::Module" => "mod_perl","Apache2::ParseSource" => "mod_perl","Apache2::ParseSource::Scan" => "mod_perl","Apache2::PerlSections" => "mod_perl","Apache2::PerlSections::Dump" => "mod_perl","Apache2::Process" => "mod_perl","Apache2::Provider" => "mod_perl","Apache2::Request" => "libapreq2","Apache2::RequestIO" => "mod_perl","Apache2::RequestRec" => "mod_perl","Apache2::RequestUtil" => "mod_perl","Apache2::Resource" => "mod_perl","Apache2::Response" => "mod_perl","Apache2::ServerRec" => "mod_perl","Apache2::ServerUtil" => "mod_perl","Apache2::SourceTables" => "mod_perl","Apache2::Status" => "mod_perl","Apache2::Status::_version" => "mod_perl","Apache2::StructureTable" => "mod_perl","Apache2::SubProcess" => "mod_perl","Apache2::SubRequest" => "mod_perl","Apache2::URI" => "mod_perl","Apache2::Upload" => "libapreq2","Apache2::Util" => "mod_perl","Apache2::XSLoader" => "mod_perl","Apache2::compat" => "mod_perl","Apache2::porting" => "mod_perl","Apache::ASP" => "Apache-ASP","Apache::ASP::ApacheCommon" => "Apache-ASP","Apache::ASP::Application" => "Apache-ASP","Apache::ASP::CGI" => "Apache-ASP","Apache::ASP::CGI::Table" => "Apache-ASP","Apache::ASP::CGI::Test" => "Apache-ASP","Apache::ASP::Collection" => "Apache-ASP","Apache::ASP::CollectionItem" => "Apache-ASP","Apache::ASP::Date" => "Apache-ASP","Apache::ASP::GlobalASA" => "Apache-ASP","Apache::ASP::Lang::PerlScript" => "Apache-ASP","Apache::ASP::Load" => "Apache-ASP","Apache::ASP::Request" => "Apache-ASP","Apache::ASP::Response" => "Apache-ASP","Apache::ASP::STDERR" => "Apache-ASP","Apache::ASP::Server" => "Apache-ASP","Apache::ASP::Session" => "Apache-ASP","Apache::ASP::State" => "Apache-ASP","Apache::App" => "App-Context","Apache::AuthCAS" => "Apache-AuthCAS","Apache::Connection" => "mod_perl","Apache::Constants" => "mod_perl","Apache::Constants::Exports" => "mod_perl","Apache::Debug" => "mod_perl","Apache::EP" => "HTML-EP","Apache::ExtUtils" => "mod_perl","Apache::FakeRequest" => "mod_perl","Apache::File" => "mod_perl","Apache::Framework::App" => "App-Context","Apache::Include" => "mod_perl","Apache::Leak" => "mod_perl","Apache::Log" => "mod_perl","Apache::MP3" => "Apache-MP3","Apache::MP3::L10N" => "Apache-MP3","Apache::MP3::L10N::Aliases" => "Apache-MP3","Apache::MP3::L10N::RightToLeft" => "Apache-MP3","Apache::MP3::L10N::ar" => "Apache-MP3","Apache::MP3::L10N::ca" => "Apache-MP3","Apache::MP3::L10N::cs" => "Apache-MP3","Apache::MP3::L10N::de" => "Apache-MP3","Apache::MP3::L10N::en" => "Apache-MP3","Apache::MP3::L10N::es" => "Apache-MP3","Apache::MP3::L10N::fa" => "Apache-MP3","Apache::MP3::L10N::fi" => "Apache-MP3","Apache::MP3::L10N::fr" => "Apache-MP3","Apache::MP3::L10N::ga" => "Apache-MP3","Apache::MP3::L10N::he" => "Apache-MP3","Apache::MP3::L10N::hr" => "Apache-MP3","Apache::MP3::L10N::is" => "Apache-MP3","Apache::MP3::L10N::it" => "Apache-MP3","Apache::MP3::L10N::ja" => "Apache-MP3","Apache::MP3::L10N::ko" => "Apache-MP3","Apache::MP3::L10N::ms" => "Apache-MP3","Apache::MP3::L10N::nb" => "Apache-MP3","Apache::MP3::L10N::nb_no" => "Apache-MP3","Apache::MP3::L10N::nl" => "Apache-MP3","Apache::MP3::L10N::nl_be" => "Apache-MP3","Apache::MP3::L10N::nl_nl" => "Apache-MP3","Apache::MP3::L10N::nn" => "Apache-MP3","Apache::MP3::L10N::nn_no" => "Apache-MP3","Apache::MP3::L10N::no" => "Apache-MP3","Apache::MP3::L10N::no_no" => "Apache-MP3","Apache::MP3::L10N::pl" => "Apache-MP3","Apache::MP3::L10N::ru" => "Apache-MP3","Apache::MP3::L10N::sh" => "Apache-MP3","Apache::MP3::L10N::sk" => "Apache-MP3","Apache::MP3::L10N::sl" => "Apache-MP3","Apache::MP3::L10N::sr" => "Apache-MP3","Apache::MP3::L10N::tr" => "Apache-MP3","Apache::MP3::L10N::uk" => "Apache-MP3","Apache::MP3::L10N::x_marklar" => "Apache-MP3","Apache::MP3::L10N::zh_cn" => "Apache-MP3","Apache::MP3::L10N::zh_tw" => "Apache-MP3","Apache::MP3::Playlist" => "Apache-MP3","Apache::MP3::Resample" => "Apache-MP3","Apache::MP3::Sorted" => "Apache-MP3","Apache::MVC" => "Maypole","Apache::ModuleConfig" => "mod_perl","Apache::Opcode" => "mod_perl","Apache::Options" => "mod_perl","Apache::PerlRun" => "mod_perl","Apache::PerlRunXS" => "mod_perl","Apache::PerlSections" => "mod_perl","Apache::RPC::Server" => "RPC-XML","Apache::RPC::Status" => "RPC-XML","Apache::ReadConfig" => "mod_perl","Apache::RedirectLogFix" => "mod_perl","Apache::Registry" => "mod_perl","Apache::RegistryBB" => "mod_perl","Apache::RegistryLoader" => "mod_perl","Apache::RegistryNG" => "mod_perl","Apache::Resource" => "mod_perl","Apache::SIG" => "mod_perl","Apache::SOAP" => "SOAP-Lite","Apache::Server" => "mod_perl","Apache::Session" => "Apache-Session","Apache::Session::Browseable" => "Apache-Session-Browseable","Apache::Session::Browseable::Cassandra" => "Apache-Session-Browseable","Apache::Session::Browseable::DBI" => "Apache-Session-Browseable","Apache::Session::Browseable::File" => "Apache-Session-Browseable","Apache::Session::Browseable::Informix" => "Apache-Session-Browseable","Apache::Session::Browseable::LDAP" => "Apache-Session-Browseable","Apache::Session::Browseable::MySQL" => "Apache-Session-Browseable","Apache::Session::Browseable::MySQLJSON" => "Apache-Session-Browseable","Apache::Session::Browseable::Oracle" => "Apache-Session-Browseable","Apache::Session::Browseable::Patroni" => "Apache-Session-Browseable","Apache::Session::Browseable::PgHstore" => "Apache-Session-Browseable","Apache::Session::Browseable::PgJSON" => "Apache-Session-Browseable","Apache::Session::Browseable::Postgres" => "Apache-Session-Browseable","Apache::Session::Browseable::Redis" => "Apache-Session-Browseable","Apache::Session::Browseable::SQLite" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Cassandra" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::DBI" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::File" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Informix" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::LDAP" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::MySQL" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Oracle" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Patroni" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Postgres" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Redis" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::SQLite" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Sybase" => "Apache-Session-Browseable","Apache::Session::Browseable::Sybase" => "Apache-Session-Browseable","Apache::Session::DBI" => "Apache-Session","Apache::Session::DBIStore" => "Apache-Session","Apache::Session::DB_File" => "Apache-Session","Apache::Session::Daemon" => "Apache-Session","Apache::Session::DaemonLocker" => "Apache-Session","Apache::Session::Embperl" => "Apache-Session","Apache::Session::File" => "Apache-Session","Apache::Session::FileStore" => "Apache-Session","Apache::Session::Flex" => "Apache-Session","Apache::Session::Generate::MD5" => "Apache-Session","Apache::Session::Generate::ModUniqueId" => "Apache-Session","Apache::Session::Generate::ModUsertrack" => "Apache-Session","Apache::Session::Generate::SHA256" => "Apache-Session-Browseable","Apache::Session::IPC" => "Apache-Session","Apache::Session::Informix" => "Apache-Session","Apache::Session::LDAP" => "Apache-Session-LDAP","Apache::Session::Lock::File" => "Apache-Session","Apache::Session::Lock::MySQL" => "Apache-Session","Apache::Session::Lock::Null" => "Apache-Session","Apache::Session::Lock::Semaphore" => "Apache-Session","Apache::Session::Lock::Sybase" => "Apache-Session","Apache::Session::MemoryStore" => "Apache-Session","Apache::Session::MySQL" => "Apache-Session","Apache::Session::MySQL::NoLock" => "Apache-Session","Apache::Session::NullLocker" => "Apache-Session","Apache::Session::Oracle" => "Apache-Session","Apache::Session::PosixFileLocker" => "Apache-Session","Apache::Session::Postgres" => "Apache-Session","Apache::Session::Serialize::Base64" => "Apache-Session","Apache::Session::Serialize::Hstore" => "Apache-Session-Browseable","Apache::Session::Serialize::JSON" => "Apache-Session-Browseable","Apache::Session::Serialize::Storable" => "Apache-Session","Apache::Session::Serialize::Sybase" => "Apache-Session","Apache::Session::Serialize::UUEncode" => "Apache-Session","Apache::Session::SingleThread" => "Apache-Session","Apache::Session::Store::DBI" => "Apache-Session","Apache::Session::Store::DB_File" => "Apache-Session","Apache::Session::Store::File" => "Apache-Session","Apache::Session::Store::Informix" => "Apache-Session","Apache::Session::Store::LDAP" => "Apache-Session-LDAP","Apache::Session::Store::MySQL" => "Apache-Session","Apache::Session::Store::Oracle" => "Apache-Session","Apache::Session::Store::Postgres" => "Apache-Session","Apache::Session::Store::Sybase" => "Apache-Session","Apache::Session::Sybase" => "Apache-Session","Apache::Session::SysVSemaphoreLocker" => "Apache-Session","Apache::Session::Tree" => "Apache-Session","Apache::Session::TreeStore" => "Apache-Session","Apache::Session::Win32" => "Apache-Session","Apache::SessionX" => "Apache-SessionX","Apache::SessionX::Generate::MD5" => "Apache-SessionX","Apache::SessionX::Manager" => "Apache-SessionX","Apache::SessionX::Store::File" => "Apache-SessionX","Apache::StatINC" => "mod_perl","Apache::Status" => "mod_perl","Apache::Symbol" => "mod_perl","Apache::Symdump" => "mod_perl","Apache::Table" => "mod_perl","Apache::TiedSession" => "Apache-Session","Apache::URI" => "mod_perl","Apache::Util" => "mod_perl","Apache::Wyrd" => "Apache-Wyrd","Apache::Wyrd::Attribute" => "Apache-Wyrd","Apache::Wyrd::Bot" => "Apache-Wyrd","Apache::Wyrd::BrowserSwitch" => "Apache-Wyrd","Apache::Wyrd::CGICond" => "Apache-Wyrd","Apache::Wyrd::CGISetter" => "Apache-Wyrd","Apache::Wyrd::Chart" => "Apache-Wyrd","Apache::Wyrd::Cookie" => "Apache-Wyrd","Apache::Wyrd::DBL" => "Apache-Wyrd","Apache::Wyrd::Datum" => "Apache-Wyrd","Apache::Wyrd::Datum::Blob" => "Apache-Wyrd","Apache::Wyrd::Datum::Char" => "Apache-Wyrd","Apache::Wyrd::Datum::Enum" => "Apache-Wyrd","Apache::Wyrd::Datum::Integer" => "Apache-Wyrd","Apache::Wyrd::Datum::Null" => "Apache-Wyrd","Apache::Wyrd::Datum::Set" => "Apache-Wyrd","Apache::Wyrd::Datum::Text" => "Apache-Wyrd","Apache::Wyrd::Datum::Varchar" => "Apache-Wyrd","Apache::Wyrd::Debug" => "Apache-Wyrd","Apache::Wyrd::Defaults" => "Apache-Wyrd","Apache::Wyrd::ErrField" => "Apache-Wyrd","Apache::Wyrd::ErrTag" => "Apache-Wyrd","Apache::Wyrd::FileSize" => "Apache-Wyrd","Apache::Wyrd::Form" => "Apache-Wyrd","Apache::Wyrd::Form::Preload" => "Apache-Wyrd","Apache::Wyrd::Form::Template" => "Apache-Wyrd","Apache::Wyrd::Form::View" => "Apache-Wyrd","Apache::Wyrd::Handler" => "Apache-Wyrd","Apache::Wyrd::Input" => "Apache-Wyrd","Apache::Wyrd::Input::Complex" => "Apache-Wyrd","Apache::Wyrd::Input::Condenser" => "Apache-Wyrd","Apache::Wyrd::Input::Opt" => "Apache-Wyrd","Apache::Wyrd::Input::Set" => "Apache-Wyrd","Apache::Wyrd::Input::URLInput" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Columnize" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Dater" => "Apache-Wyrd","Apache::Wyrd::Interfaces::GetUser" => "Apache-Wyrd","Apache::Wyrd::Interfaces::IndexUser" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Indexable" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Mother" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Setter" => "Apache-Wyrd","Apache::Wyrd::Interfaces::SmartInput" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Stealth" => "Apache-Wyrd","Apache::Wyrd::Lattice" => "Apache-Wyrd","Apache::Wyrd::Lib" => "Apache-Wyrd","Apache::Wyrd::LogDump" => "Apache-Wyrd","Apache::Wyrd::Lookup" => "Apache-Wyrd","Apache::Wyrd::Loop" => "Apache-Wyrd","Apache::Wyrd::MySQLForm" => "Apache-Wyrd","Apache::Wyrd::Number" => "Apache-Wyrd","Apache::Wyrd::Query" => "Apache-Wyrd","Apache::Wyrd::Redirect" => "Apache-Wyrd","Apache::Wyrd::Request" => "Apache-Wyrd","Apache::Wyrd::SQLForm" => "Apache-Wyrd","Apache::Wyrd::Services::Auth" => "Apache-Wyrd","Apache::Wyrd::Services::CodeRing" => "Apache-Wyrd","Apache::Wyrd::Services::FileCache" => "Apache-Wyrd","Apache::Wyrd::Services::Index" => "Apache-Wyrd","Apache::Wyrd::Services::Key" => "Apache-Wyrd","Apache::Wyrd::Services::LoginServer" => "Apache-Wyrd","Apache::Wyrd::Services::MetaTable" => "Apache-Wyrd","Apache::Wyrd::Services::MySQLIndex" => "Apache-Wyrd","Apache::Wyrd::Services::PreAuth" => "Apache-Wyrd","Apache::Wyrd::Services::SAK" => "Apache-Wyrd","Apache::Wyrd::Services::SearchParser" => "Apache-Wyrd","Apache::Wyrd::Services::TicketPad" => "Apache-Wyrd","Apache::Wyrd::Services::Tree" => "Apache-Wyrd","Apache::Wyrd::ShowParams" => "Apache-Wyrd","Apache::Wyrd::Site::GDButton" => "Apache-Wyrd","Apache::Wyrd::Site::Index" => "Apache-Wyrd","Apache::Wyrd::Site::IndexBot" => "Apache-Wyrd","Apache::Wyrd::Site::Login" => "Apache-Wyrd","Apache::Wyrd::Site::MySQLIndex" => "Apache-Wyrd","Apache::Wyrd::Site::MySQLIndexBot" => "Apache-Wyrd","Apache::Wyrd::Site::NavPull" => "Apache-Wyrd","Apache::Wyrd::Site::Page" => "Apache-Wyrd","Apache::Wyrd::Site::Pull" => "Apache-Wyrd","Apache::Wyrd::Site::SearchResults" => "Apache-Wyrd","Apache::Wyrd::Site::TagPull" => "Apache-Wyrd","Apache::Wyrd::Site::Widget" => "Apache-Wyrd","Apache::Wyrd::Site::WidgetControl" => "Apache-Wyrd","Apache::Wyrd::Site::WidgetIndex" => "Apache-Wyrd","Apache::Wyrd::Template" => "Apache-Wyrd","Apache::Wyrd::User" => "Apache-Wyrd","Apache::Wyrd::Var" => "Apache-Wyrd","Apache::Wyrd::Version" => "Apache-Wyrd","Apache::Wyrd::View" => "Apache-Wyrd","Apache::XAO" => "XAO-Web","Apache::XMLRPC::Lite" => "SOAP-Lite","Apache::ePerl" => "eperl","Apache::fork" => "mod_perl","Apache::httpd_conf" => "mod_perl","Apache::src" => "mod_perl","Apache::testold" => "mod_perl","App" => "App-Context","App::Authentication" => "App-Context","App::Authentication::Htpasswd" => "App-Context","App::Authorization" => "App-Context","App::CallDispatcher" => "App-Context","App::CallDispatcher::HTTPSimple" => "App-Context","App::Conf" => "App-Context","App::Conf::File" => "App-Context","App::Context" => "App-Context","App::Context::ClusterController" => "App-Context","App::Context::ClusterNode" => "App-Context","App::Context::Cmd" => "App-Context","App::Context::HTTP" => "App-Context","App::Context::ModPerl" => "App-Context","App::Context::NetServer" => "App-Context","App::Context::POE" => "App-Context","App::Context::POE::ClusterController" => "App-Context","App::Context::POE::ClusterNode" => "App-Context","App::Context::POE::Server" => "App-Context","App::Context::Server" => "App-Context","App::Cpan" => "CPAN","App::Documentation" => "App-Context","App::Exceptions" => "App-Context","App::Genpass" => "App-Genpass","App::Github::Email" => "App-Github-Email","App::LogChannel" => "App-Context","App::MessageDispatcher" => "App-Context","App::Netdisco" => "App-Netdisco","App::Netdisco::AnyEvent::Nbtstat" => "App-Netdisco","App::Netdisco::Backend::Job" => "App-Netdisco","App::Netdisco::Backend::Role::Manager" => "App-Netdisco","App::Netdisco::Backend::Role::Poller" => "App-Netdisco","App::Netdisco::Backend::Role::Scheduler" => "App-Netdisco","App::Netdisco::Builder" => "App-Netdisco","App::Netdisco::Configuration" => "App-Netdisco","App::Netdisco::DB" => "App-Netdisco","App::Netdisco::DB::ExplicitLocking" => "App-Netdisco","App::Netdisco::DB::Result" => "App-Netdisco","App::Netdisco::DB::Result::AccessControlList" => "App-Netdisco","App::Netdisco::DB::Result::Admin" => "App-Netdisco","App::Netdisco::DB::Result::Community" => "App-Netdisco","App::Netdisco::DB::Result::Device" => "App-Netdisco","App::Netdisco::DB::Result::DeviceBrowser" => "App-Netdisco","App::Netdisco::DB::Result::DeviceIp" => "App-Netdisco","App::Netdisco::DB::Result::DeviceModule" => "App-Netdisco","App::Netdisco::DB::Result::DevicePort" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortLog" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortPower" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortProperties" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortSsid" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortVlan" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortWireless" => "App-Netdisco","App::Netdisco::DB::Result::DevicePower" => "App-Netdisco","App::Netdisco::DB::Result::DeviceSkip" => "App-Netdisco","App::Netdisco::DB::Result::DeviceVlan" => "App-Netdisco","App::Netdisco::DB::Result::Enterprise" => "App-Netdisco","App::Netdisco::DB::Result::Log" => "App-Netdisco","App::Netdisco::DB::Result::Manufacturer" => "App-Netdisco","App::Netdisco::DB::Result::NetmapPositions" => "App-Netdisco","App::Netdisco::DB::Result::Node" => "App-Netdisco","App::Netdisco::DB::Result::NodeIp" => "App-Netdisco","App::Netdisco::DB::Result::NodeMonitor" => "App-Netdisco","App::Netdisco::DB::Result::NodeNbt" => "App-Netdisco","App::Netdisco::DB::Result::NodeWireless" => "App-Netdisco","App::Netdisco::DB::Result::Oui" => "App-Netdisco","App::Netdisco::DB::Result::PortCtlRole" => "App-Netdisco","App::Netdisco::DB::Result::Process" => "App-Netdisco","App::Netdisco::DB::Result::Product" => "App-Netdisco","App::Netdisco::DB::Result::SNMPFilter" => "App-Netdisco","App::Netdisco::DB::Result::SNMPObject" => "App-Netdisco","App::Netdisco::DB::Result::Session" => "App-Netdisco","App::Netdisco::DB::Result::Statistics" => "App-Netdisco","App::Netdisco::DB::Result::Subnet" => "App-Netdisco","App::Netdisco::DB::Result::Topology" => "App-Netdisco","App::Netdisco::DB::Result::User" => "App-Netdisco","App::Netdisco::DB::Result::UserLog" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ACLEntriesWithDNS" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ActiveNode" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ActiveNodeWithAge" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ApRadioChannelPower" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::CidrIps" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DeviceDnsMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DeviceLinks" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePlatforms" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePoeStatus" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePortSpeed" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DuplexMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::FilteredSNMPObject" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::GenericReport" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::LastNode" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeIp4" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeIp6" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeMonitor" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeWithAge" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodesDiscovered" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::OrphanedDevices" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PollerPerformance" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortMacs" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortUtilization" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortVLANMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::SlowDevices" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::SubnetUtilization" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::TastyJobs" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UnDirEdgesAgg" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UndiscoveredNeighbors" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UserRole" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::WalkJobs" => "App-Netdisco","App::Netdisco::DB::ResultSet" => "App-Netdisco","App::Netdisco::DB::ResultSet::Admin" => "App-Netdisco","App::Netdisco::DB::ResultSet::Device" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceBrowser" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceModule" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePort" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePortLog" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePortSsid" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePower" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceSkip" => "App-Netdisco","App::Netdisco::DB::ResultSet::Node" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeIp" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeNbt" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeWireless" => "App-Netdisco","App::Netdisco::DB::ResultSet::PortCtlRole" => "App-Netdisco","App::Netdisco::DB::ResultSet::Subnet" => "App-Netdisco","App::Netdisco::DB::SchemaVersioned" => "App-Netdisco","App::Netdisco::DB::SetOperations" => "App-Netdisco","App::Netdisco::Environment" => "App-Netdisco","App::Netdisco::GenericDB" => "App-Netdisco","App::Netdisco::GenericDB::Result::Virtual::GenericReport" => "App-Netdisco","App::Netdisco::JobQueue" => "App-Netdisco","App::Netdisco::JobQueue::PostgreSQL" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ACE" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ASA" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ASAContext" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Aruba" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ArubaCX" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ArubaCont" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::BigIP" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::CPVSX" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Clavister" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::EOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FTD" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FortiOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FreeBSD" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::GAIAEmbedded" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXE" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXEMac" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXR" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Linux" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::NXOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::OS10" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::PaloAlto" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::VOSS" => "App-Netdisco","App::Netdisco::Transport::Python" => "App-Netdisco","App::Netdisco::Transport::SNMP" => "App-Netdisco","App::Netdisco::Transport::SSH" => "App-Netdisco","App::Netdisco::Util::CustomFields" => "App-Netdisco","App::Netdisco::Util::DNS" => "App-Netdisco","App::Netdisco::Util::Device" => "App-Netdisco","App::Netdisco::Util::DeviceAuth" => "App-Netdisco","App::Netdisco::Util::ExpandParams" => "App-Netdisco","App::Netdisco::Util::FastResolver" => "App-Netdisco","App::Netdisco::Util::Graph" => "App-Netdisco","App::Netdisco::Util::MCE" => "App-Netdisco","App::Netdisco::Util::Nbtstat" => "App-Netdisco","App::Netdisco::Util::Node" => "App-Netdisco","App::Netdisco::Util::NodeMonitor" => "App-Netdisco","App::Netdisco::Util::Noop" => "App-Netdisco","App::Netdisco::Util::Permission" => "App-Netdisco","App::Netdisco::Util::Port" => "App-Netdisco","App::Netdisco::Util::PortAccessEntity" => "App-Netdisco","App::Netdisco::Util::PortMAC" => "App-Netdisco","App::Netdisco::Util::Python" => "App-Netdisco","App::Netdisco::Util::SNMP" => "App-Netdisco","App::Netdisco::Util::Snapshot" => "App-Netdisco","App::Netdisco::Util::Statistics" => "App-Netdisco","App::Netdisco::Util::Web" => "App-Netdisco","App::Netdisco::Util::Worker" => "App-Netdisco","App::Netdisco::Web" => "App-Netdisco","App::Netdisco::Web::API::Objects" => "App-Netdisco","App::Netdisco::Web::API::Queue" => "App-Netdisco","App::Netdisco::Web::AdminTask" => "App-Netdisco","App::Netdisco::Web::Auth::Provider::DBIC" => "App-Netdisco","App::Netdisco::Web::AuthN" => "App-Netdisco","App::Netdisco::Web::CustomFields" => "App-Netdisco","App::Netdisco::Web::Device" => "App-Netdisco","App::Netdisco::Web::GenericReport" => "App-Netdisco","App::Netdisco::Web::Password" => "App-Netdisco","App::Netdisco::Web::Plugin" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::DuplicateDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::JobQueue" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::NodeMonitor" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::OrphanedDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PollerPerformance" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PortCtlRole" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PseudoDevice" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::RolePermissionsEditor" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::SlowDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::TimedOutDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::Topology" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::UndiscoveredNeighbors" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::UserLog" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::Users" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Addresses" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Details" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Modules" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Neighbors" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Ports" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::SNMP" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Vlans" => "App-Netdisco","App::Netdisco::Web::Plugin::Inventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApChannelDist" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApClients" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApRadioChannelPower" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceAddrNoDNS" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceByLocation" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceDnsMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DevicePoeStatus" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DuplexMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::HalfDuplex" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::InventoryByModelByOS" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::IpInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ModuleInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::Netbios" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodeMultiIPs" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodeVendor" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodesDiscovered" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortAdminDown" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortBlocking" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortLog" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortMultiNodes" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortSsid" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortUtilization" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortVLANMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::SsidInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::SubnetUtilization" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::VlanInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Device" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Node" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Port" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::VLAN" => "App-Netdisco","App::Netdisco::Web::PortControl" => "App-Netdisco","App::Netdisco::Web::Report" => "App-Netdisco","App::Netdisco::Web::Search" => "App-Netdisco","App::Netdisco::Web::Static" => "App-Netdisco","App::Netdisco::Web::Statistics" => "App-Netdisco","App::Netdisco::Web::TypeAhead" => "App-Netdisco","App::Netdisco::Worker::Loader" => "App-Netdisco","App::Netdisco::Worker::Plugin" => "App-Netdisco","App::Netdisco::Worker::Plugin::AddPseudoDevice" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Nodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Subnets" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::Contact" => "App-Netdisco","App::Netdisco::Worker::Plugin::Delete" => "App-Netdisco","App::Netdisco::Worker::Plugin::Delete::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::CanonicalIP" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Entities" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Neighbors" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Neighbors::DOCSIS" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::NextHopNeighbors" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::PortPower" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::PortProperties" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Properties" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Properties::Tags" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::VLANs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Wireless" => "App-Netdisco","App::Netdisco::Worker::Plugin::DiscoverAll" => "App-Netdisco","App::Netdisco::Worker::Plugin::DumpConfig" => "App-Netdisco","App::Netdisco::Worker::Plugin::DumpInfoCache" => "App-Netdisco","App::Netdisco::Worker::Plugin::Expire" => "App-Netdisco","App::Netdisco::Worker::Plugin::ExpireNodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::GetAPIKey" => "App-Netdisco","App::Netdisco::Worker::Plugin::Graph" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook::Exec" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook::HTTP" => "App-Netdisco","App::Netdisco::Worker::Plugin::Internal::BackendFQDN" => "App-Netdisco","App::Netdisco::Worker::Plugin::Internal::SNMPFastDiscover" => "App-Netdisco","App::Netdisco::Worker::Plugin::Linter" => "App-Netdisco","App::Netdisco::Worker::Plugin::LoadMIBs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Location" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::InterfacesStatus" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::Nodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::PortAccessEntity" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::WirelessNodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::MakeRancidConf" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtstat" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtstat::Core" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::NodeMonitor" => "App-Netdisco","App::Netdisco::Worker::Plugin::PingSweep" => "App-Netdisco","App::Netdisco::Worker::Plugin::PortControl" => "App-Netdisco","App::Netdisco::Worker::Plugin::PortName" => "App-Netdisco","App::Netdisco::Worker::Plugin::Power" => "App-Netdisco","App::Netdisco::Worker::Plugin::PrimeSkiplist" => "App-Netdisco","App::Netdisco::Worker::Plugin::Psql" => "App-Netdisco","App::Netdisco::Worker::Plugin::PythonShim" => "App-Netdisco","App::Netdisco::Worker::Plugin::Renumber" => "App-Netdisco","App::Netdisco::Worker::Plugin::Scheduler" => "App-Netdisco","App::Netdisco::Worker::Plugin::Show" => "App-Netdisco","App::Netdisco::Worker::Plugin::Snapshot" => "App-Netdisco","App::Netdisco::Worker::Plugin::Stats" => "App-Netdisco","App::Netdisco::Worker::Plugin::TastyJobs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Vlan" => "App-Netdisco","App::Netdisco::Worker::Plugin::Vlan::Core" => "App-Netdisco","App::Netdisco::Worker::Runner" => "App-Netdisco","App::Netdisco::Worker::Status" => "App-Netdisco","App::Packer::Backend::PAR" => "PAR","App::Packer::PAR" => "PAR-Packer","App::Packer::Temp" => "PAR","App::Pinto" => "Pinto","App::Pinto::Command" => "Pinto","App::Pinto::Command::add" => "Pinto","App::Pinto::Command::clean" => "Pinto","App::Pinto::Command::copy" => "Pinto","App::Pinto::Command::default" => "Pinto","App::Pinto::Command::delete" => "Pinto","App::Pinto::Command::diff" => "Pinto","App::Pinto::Command::help" => "Pinto","App::Pinto::Command::init" => "Pinto","App::Pinto::Command::install" => "Pinto","App::Pinto::Command::kill" => "Pinto","App::Pinto::Command::list" => "Pinto","App::Pinto::Command::lock" => "Pinto","App::Pinto::Command::log" => "Pinto","App::Pinto::Command::look" => "Pinto","App::Pinto::Command::manual" => "Pinto","App::Pinto::Command::merge" => "Pinto","App::Pinto::Command::migrate" => "Pinto","App::Pinto::Command::new" => "Pinto","App::Pinto::Command::nop" => "Pinto","App::Pinto::Command::pin" => "Pinto","App::Pinto::Command::props" => "Pinto","App::Pinto::Command::pull" => "Pinto","App::Pinto::Command::register" => "Pinto","App::Pinto::Command::rename" => "Pinto","App::Pinto::Command::reset" => "Pinto","App::Pinto::Command::revert" => "Pinto","App::Pinto::Command::roots" => "Pinto","App::Pinto::Command::stacks" => "Pinto","App::Pinto::Command::statistics" => "Pinto","App::Pinto::Command::thanks" => "Pinto","App::Pinto::Command::unlock" => "Pinto","App::Pinto::Command::unpin" => "Pinto","App::Pinto::Command::unregister" => "Pinto","App::Pinto::Command::update" => "Pinto","App::Pinto::Command::verify" => "Pinto","App::Reference" => "App-Context","App::Request" => "App-Context","App::Request::CGI" => "App-Context","App::ResourceLocker" => "App-Context","App::ResourceLocker::IPCLocker" => "App-Context","App::ResourceLocker::IPCSemaphore" => "App-Context","App::Response" => "App-Context","App::Security" => "App-Context","App::Serializer" => "App-Context","App::Serializer::Html" => "App-Context","App::Serializer::Ini" => "App-Context","App::Serializer::Json" => "App-Context","App::Serializer::OneLine" => "App-Context","App::Serializer::Perl" => "App-Context","App::Serializer::Properties" => "App-Context","App::Serializer::Scalar" => "App-Context","App::Serializer::Storable" => "App-Context","App::Serializer::TextArray" => "App-Context","App::Serializer::XMLDumper" => "App-Context","App::Serializer::XMLSimple" => "App-Context","App::Serializer::Xml" => "App-Context","App::Serializer::Yaml" => "App-Context","App::Service" => "App-Context","App::Session" => "App-Context","App::Session::Cookie" => "App-Context","App::Session::HTMLHidden" => "App-Context","App::SessionObject" => "App-Context","App::SharedDatastore" => "App-Context","App::UserAgent" => "App-Context","App::ValueDomain" => "App-Context","App::cpanminus" => "App-cpanminus","App::japerl" => "App-japerl","App::perlall" => "App-perlall","App::revealup" => "App-revealup","App::revealup::base" => "App-revealup","App::revealup::builder" => "App-revealup","App::revealup::cli" => "App-revealup","App::revealup::cli::export" => "App-revealup","App::revealup::cli::export::html" => "App-revealup","App::revealup::cli::export::theme" => "App-revealup","App::revealup::cli::serve" => "App-revealup","App::revealup::cli::server" => "App-revealup","App::revealup::cli::theme" => "App-revealup","App::revealup::util" => "App-revealup","Archive::Tar" => "Archive-Tar","Archive::Tar::Constant" => "Archive-Tar","Archive::Tar::File" => "Archive-Tar","Archive::Tar::Std" => "Archive-Tar","Archive::Tar::Std::_io" => "Archive-Tar","Archive::Tar::Win32" => "Archive-Tar","Archive::Tar::_io" => "Archive-Tar","Archive::Unzip::Burst" => "Archive-Unzip-Burst","Archive::Zip" => "Archive-Zip","Archive::Zip::Archive" => "Archive-Zip","Archive::Zip::BufferedFileHandle" => "Archive-Zip","Archive::Zip::DirectoryMember" => "Archive-Zip","Archive::Zip::FileMember" => "Archive-Zip","Archive::Zip::Member" => "Archive-Zip","Archive::Zip::MemberRead" => "Archive-Zip","Archive::Zip::MockFileHandle" => "Archive-Zip","Archive::Zip::NewFileMember" => "Archive-Zip","Archive::Zip::StringMember" => "Archive-Zip","Archive::Zip::Tree" => "Archive-Zip","Archive::Zip::ZipFileMember" => "Archive-Zip","Authen::DigestMD5" => "Authen-DigestMD5","Authen::DigestMD5::Packet" => "Authen-DigestMD5","Authen::DigestMD5::Request" => "Authen-DigestMD5","Authen::DigestMD5::Response" => "Authen-DigestMD5","Authen::SASL" => "Authen-SASL","Authen::SASL::CRAM_MD5" => "Authen-SASL","Authen::SASL::EXTERNAL" => "Authen-SASL","Authen::SASL::Perl" => "Authen-SASL","Authen::SASL::Perl::ANONYMOUS" => "Authen-SASL","Authen::SASL::Perl::CRAM_MD5" => "Authen-SASL","Authen::SASL::Perl::DIGEST_MD5" => "Authen-SASL","Authen::SASL::Perl::EXTERNAL" => "Authen-SASL","Authen::SASL::Perl::GSSAPI" => "Authen-SASL","Authen::SASL::Perl::LOGIN" => "Authen-SASL","Authen::SASL::Perl::Layer" => "Authen-SASL","Authen::SASL::Perl::OAUTHBEARER" => "Authen-SASL","Authen::SASL::Perl::PLAIN" => "Authen-SASL","Authen::SASL::Perl::XOAUTH2" => "Authen-SASL","Axis" => "perl","B" => "perl","B::Concise" => "perl","B::Deparse" => "perl","B::Lint::Plugin::Test" => "perl","B::OBJECT" => "perl","B::Op_private" => "perl","B::Section" => "perl","B::Showlex" => "perl","B::Terse" => "perl","B::Xref" => "perl","BSON::XS" => "BSON-XS","Batch::Batchrun" => "Batch-Batchrun","Batch::Batchrun::BuildFile" => "Batch-Batchrun","Batch::Batchrun::Dbfunctions" => "Batch-Batchrun","Batch::Batchrun::Extract" => "Batch-Batchrun","Batch::Batchrun::Initialize" => "Batch-Batchrun","Batch::Batchrun::Load" => "Batch-Batchrun","Batch::Batchrun::Mail" => "Batch-Batchrun","Batch::Batchrun::ProcessSteps" => "Batch-Batchrun","Batch::Batchrun::Pwlookup" => "Batch-Batchrun","Batch::Batchrun::Retain" => "Batch-Batchrun","Batch::Batchrun::TableFunctions" => "Batch-Batchrun","BeerDB" => "Maypole","BeerDB::Base" => "Maypole","BeerDB::Beer" => "Maypole","BeerDB::Brewery" => "Maypole","BeerDB::Drinker" => "Maypole","Benchmark" => "perl","Bio::DB::GFF::Aggregator::match_gap" => "GBrowse","Bio::DB::GFF::Aggregator::reftranscript" => "GBrowse","Bio::DB::GFF::Aggregator::waba_alignment" => "GBrowse","Bio::DB::GFF::Aggregator::wormbase_gene" => "GBrowse","Bio::DB::SeqFeature::Store::Alias" => "GBrowse","Bio::DB::SeqFeature::Store::Alias::Iterator" => "GBrowse","Bio::DB::SeqFeature::Store::Alias::Segment" => "GBrowse","Bio::DB::SeqFeature::Store::BedLoader" => "GBrowse","Bio::DB::Tagger" => "GBrowse","Bio::DB::Tagger::Iterator" => "GBrowse","Bio::DB::Tagger::Tag" => "GBrowse","Bio::DB::Tagger::mysql" => "GBrowse","Bio::Graphics::Browser2" => "GBrowse","Bio::Graphics::Browser2::Action" => "GBrowse","Bio::Graphics::Browser2::AdminTracks" => "GBrowse","Bio::Graphics::Browser2::AuthorizedFeatureFile" => "GBrowse","Bio::Graphics::Browser2::CAlign" => "GBrowse","Bio::Graphics::Browser2::CachedTrack" => "GBrowse","Bio::Graphics::Browser2::DataBase" => "GBrowse","Bio::Graphics::Browser2::DataLoader" => "GBrowse","Bio::Graphics::Browser2::DataLoader::archive" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bam" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bed" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bigbed" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bigwig" => "GBrowse","Bio::Graphics::Browser2::DataLoader::featurefile" => "GBrowse","Bio::Graphics::Browser2::DataLoader::generic" => "GBrowse","Bio::Graphics::Browser2::DataLoader::gff" => "GBrowse","Bio::Graphics::Browser2::DataLoader::gff3" => "GBrowse","Bio::Graphics::Browser2::DataLoader::sam" => "GBrowse","Bio::Graphics::Browser2::DataLoader::useq" => "GBrowse","Bio::Graphics::Browser2::DataLoader::wig2bigwig" => "GBrowse","Bio::Graphics::Browser2::DataLoader::wiggle" => "GBrowse","Bio::Graphics::Browser2::DataSource" => "GBrowse","Bio::Graphics::Browser2::ExternalData" => "GBrowse","Bio::Graphics::Browser2::GFFhelper" => "GBrowse","Bio::Graphics::Browser2::I18n" => "GBrowse","Bio::Graphics::Browser2::Markup" => "GBrowse","Bio::Graphics::Browser2::MetaDB" => "GBrowse","Bio::Graphics::Browser2::MetaSegment" => "GBrowse","Bio::Graphics::Browser2::MetaSegment::Iterator" => "GBrowse","Bio::Graphics::Browser2::OptionPick" => "GBrowse","Bio::Graphics::Browser2::PadAlignment" => "GBrowse","Bio::Graphics::Browser2::Plugin" => "GBrowse","Bio::Graphics::Browser2::Plugin::AuthPlugin" => "GBrowse","Bio::Graphics::Browser2::PluginSet" => "GBrowse","Bio::Graphics::Browser2::Realign" => "GBrowse","Bio::Graphics::Browser2::Region" => "GBrowse","Bio::Graphics::Browser2::RegionSearch" => "GBrowse","Bio::Graphics::Browser2::RemoteSet" => "GBrowse","Bio::Graphics::Browser2::Render" => "GBrowse","Bio::Graphics::Browser2::Render::HTML" => "GBrowse","Bio::Graphics::Browser2::Render::HTML::TrackListing" => "GBrowse","Bio::Graphics::Browser2::Render::HTML::TrackListing::Categories" => "GBrowse","Bio::Graphics::Browser2::Render::Login" => "GBrowse","Bio::Graphics::Browser2::Render::Slave" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::AWS_Balancer" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::StagingServer" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::Status" => "GBrowse","Bio::Graphics::Browser2::Render::SnapshotManager" => "GBrowse","Bio::Graphics::Browser2::Render::TrackConfig" => "GBrowse","Bio::Graphics::Browser2::RenderPanels" => "GBrowse","Bio::Graphics::Browser2::SendMail" => "GBrowse","Bio::Graphics::Browser2::Session" => "GBrowse","Bio::Graphics::Browser2::Shellwords" => "GBrowse","Bio::Graphics::Browser2::SubtrackTable" => "GBrowse","Bio::Graphics::Browser2::TrackDumper" => "GBrowse","Bio::Graphics::Browser2::TrackDumper::RichSeqMaker" => "GBrowse","Bio::Graphics::Browser2::UserConf" => "GBrowse","Bio::Graphics::Browser2::UserDB" => "GBrowse","Bio::Graphics::Browser2::UserTracks" => "GBrowse","Bio::Graphics::Browser2::UserTracks::Database" => "GBrowse","Bio::Graphics::Browser2::UserTracks::Filesystem" => "GBrowse","Bio::Graphics::Browser2::Util" => "GBrowse","Bio::Graphics::GBrowseFeature" => "GBrowse","Bio::Graphics::Karyotype" => "GBrowse","Bio::Graphics::Wiggle::Loader::Nosample" => "GBrowse","Boost::Graph" => "Boost-Graph","Boost::Graph::Directed" => "Boost-Graph","Boost::Graph::Undirected" => "Boost-Graph","Bundle::Apache" => "mod_perl","Bundle::Apache2" => "mod_perl","Bundle::Apache::ASP" => "Apache-ASP","Bundle::Apache::ASP::Extra" => "Apache-ASP","Bundle::DBD::Pg" => "DBD-Pg","Bundle::DBD::mysql" => "DBD-mysql","Bundle::DBI" => "DBI","Bundle::HTML::EP" => "HTML-EP","Bundle::Image::Info::Everything" => "Image-Info","Bundle::Image::Info::PNG" => "Image-Info","Bundle::Image::Info::SVG" => "Image-Info","Bundle::Image::Info::XBM" => "Image-Info","Bundle::Image::Info::XPM" => "Image-Info","Bundle::LWP" => "libwww-perl","Bundle::Net::LDAP" => "perl-ldap","Bundle::PlRPC" => "PlRPC","CBC" => "Crypt-CBC","CBOR::XS" => "CBOR-XS","CGI" => "CGI","CGI::Application" => "CGI-Application","CGI::Application::Dispatch" => "CGI-Application-Dispatch","CGI::Application::Dispatch::PSGI" => "CGI-Application-Dispatch","CGI::Application::Dispatch::Regexp" => "CGI-Application-Dispatch","CGI::Application::Mailform" => "CGI-Application","CGI::Application::Plugin::AutoRunmode" => "CGI-Application-Plugin-AutoRunmode","CGI::Application::Plugin::AutoRunmode::FileDelegate" => "CGI-Application-Plugin-AutoRunmode","CGI::Application::Plugin::CAPTCHA" => "CGI-Application-Plugin-CAPTCHA","CGI::Application::Plugin::RunmodeDeclare" => "CGI-Application-Plugin-RunmodeDeclare","CGI::Carp" => "CGI","CGI::Cookie" => "CGI","CGI::File::Temp" => "CGI","CGI::HTML::Functions" => "CGI","CGI::Maypole" => "Maypole","CGI::MultipartBuffer" => "CGI","CGI::Pretty" => "CGI","CGI::Push" => "CGI","CGI::Session" => "CGI-Session","CGI::Session::BluePrint" => "CGI-Session","CGI::Session::CookBook" => "CGI-Session","CGI::Session::DB_File" => "CGI-Session","CGI::Session::Driver" => "CGI-Session","CGI::Session::Driver::DBI" => "CGI-Session","CGI::Session::Driver::db_file" => "CGI-Session","CGI::Session::Driver::file" => "CGI-Session","CGI::Session::Driver::mysql" => "CGI-Session","CGI::Session::Driver::postgresql" => "CGI-Session","CGI::Session::Driver::sqlite" => "CGI-Session","CGI::Session::ErrorHandler" => "CGI-Session","CGI::Session::Example" => "CGI-Session","CGI::Session::File" => "CGI-Session","CGI::Session::ID::SHA1" => "CGI-Session","CGI::Session::ID::incr" => "CGI-Session","CGI::Session::ID::md5" => "CGI-Session","CGI::Session::ID::static" => "CGI-Session","CGI::Session::MySQL" => "CGI-Session","CGI::Session::PostgreSQL" => "CGI-Session","CGI::Session::Query" => "CGI-Session","CGI::Session::Serialize::default" => "CGI-Session","CGI::Session::Serialize::freezethaw" => "CGI-Session","CGI::Session::Serialize::json" => "CGI-Session","CGI::Session::Serialize::storable" => "CGI-Session","CGI::Session::Test::Default" => "CGI-Session","CGI::Session::Test::SimpleObjectClass" => "CGI-Session","CGI::Session::Tutorial" => "CGI-Session","CGI::Simple" => "CGI-Simple","CGI::Simple::Cookie" => "CGI-Simple","CGI::Simple::Standard" => "CGI-Simple","CGI::Simple::Util" => "CGI-Simple","CGI::Toggle" => "GBrowse","CGI::Untaint::Maypole" => "Maypole","CGI::Util" => "CGI","CGI::apacheSSI" => "CGI-apacheSSI","CGI::apacheSSI::Gmt" => "CGI-apacheSSI","CGI::apacheSSI::LMOD" => "CGI-apacheSSI","CGI::apacheSSI::Local" => "CGI-apacheSSI","CGI::mod_perl" => "mod_perl","CPAN" => "CPAN","CPAN::Admin" => "CPAN","CPAN::Author" => "CPAN","CPAN::Bundle" => "CPAN","CPAN::CacheMgr" => "CPAN","CPAN::Checksums" => "CPAN-Checksums","CPAN::Complete" => "CPAN","CPAN::Debug" => "CPAN","CPAN::DeferredCode" => "CPAN","CPAN::Distribution" => "CPAN","CPAN::Distroprefs" => "CPAN","CPAN::Distroprefs::Iterator" => "CPAN","CPAN::Distroprefs::Pref" => "CPAN","CPAN::Distroprefs::Result" => "CPAN","CPAN::Distroprefs::Result::Error" => "CPAN","CPAN::Distroprefs::Result::Fatal" => "CPAN","CPAN::Distroprefs::Result::Success" => "CPAN","CPAN::Distroprefs::Result::Warning" => "CPAN","CPAN::Distrostatus" => "CPAN","CPAN::Eval" => "CPAN","CPAN::Exception::RecursiveDependency" => "CPAN","CPAN::Exception::RecursiveDependency::na" => "CPAN","CPAN::Exception::blocked_urllist" => "CPAN","CPAN::Exception::yaml_not_installed" => "CPAN","CPAN::Exception::yaml_process_error" => "CPAN","CPAN::FTP" => "CPAN","CPAN::FTP::netrc" => "CPAN","CPAN::FirstTime" => "CPAN","CPAN::HTTP::Client" => "CPAN","CPAN::HTTP::Credentials" => "CPAN","CPAN::HandleConfig" => "CPAN","CPAN::Index" => "CPAN","CPAN::InfoObj" => "CPAN","CPAN::Kwalify" => "CPAN","CPAN::LWP::UserAgent" => "CPAN","CPAN::Mirrored::By" => "CPAN","CPAN::Mirrors" => "CPAN","CPAN::Module" => "CPAN","CPAN::Nox" => "CPAN","CPAN::Plugin" => "CPAN","CPAN::Plugin::Specfile" => "CPAN","CPAN::Prompt" => "CPAN","CPAN::Queue" => "CPAN","CPAN::Queue::Item" => "CPAN","CPAN::Shell" => "CPAN","CPAN::Tarzip" => "CPAN","CPAN::URL" => "CPAN","CPAN::Version" => "CPAN","Capture::Tiny" => "Capture-Tiny","Catalyst" => "Catalyst-Runtime","Catalyst::Action" => "Catalyst-Runtime","Catalyst::Action::Deserialize" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::Callback" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::JSON" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::JSON::XS" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::View" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::XML::Simple" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::YAML" => "Catalyst-Action-REST","Catalyst::Action::DeserializeMultiPart" => "Catalyst-Action-REST","Catalyst::Action::REST" => "Catalyst-Action-REST","Catalyst::Action::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Action::Serialize" => "Catalyst-Action-REST","Catalyst::Action::Serialize::Callback" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSON" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSON::XS" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSONP" => "Catalyst-Action-REST","Catalyst::Action::Serialize::View" => "Catalyst-Action-REST","Catalyst::Action::Serialize::XML::Simple" => "Catalyst-Action-REST","Catalyst::Action::Serialize::YAML" => "Catalyst-Action-REST","Catalyst::Action::Serialize::YAML::HTML" => "Catalyst-Action-REST","Catalyst::Action::SerializeBase" => "Catalyst-Action-REST","Catalyst::ActionChain" => "Catalyst-Runtime","Catalyst::ActionContainer" => "Catalyst-Runtime","Catalyst::ActionRole::ConsumesContent" => "Catalyst-Runtime","Catalyst::ActionRole::HTTPMethods" => "Catalyst-Runtime","Catalyst::ActionRole::QueryMatching" => "Catalyst-Runtime","Catalyst::ActionRole::Scheme" => "Catalyst-Runtime","Catalyst::Authentication::Credential::HTTP" => "Catalyst-Authentication-Credential-HTTP","Catalyst::Authentication::Credential::HTTP::Nonce" => "Catalyst-Authentication-Credential-HTTP","Catalyst::Authentication::Store::LDAP" => "Catalyst-Authentication-Store-LDAP","Catalyst::Authentication::Store::LDAP::Backend" => "Catalyst-Authentication-Store-LDAP","Catalyst::Authentication::Store::LDAP::User" => "Catalyst-Authentication-Store-LDAP","Catalyst::Base" => "Catalyst-Runtime","Catalyst::ClassData" => "Catalyst-Runtime","Catalyst::Component" => "Catalyst-Runtime","Catalyst::Component::ApplicationAttribute" => "Catalyst-Runtime","Catalyst::Component::ContextClosure" => "Catalyst-Runtime","Catalyst::Controller" => "Catalyst-Runtime","Catalyst::Controller::Combine" => "Catalyst-Controller-Combine","Catalyst::Controller::REST" => "Catalyst-Action-REST","Catalyst::DispatchType" => "Catalyst-Runtime","Catalyst::DispatchType::Chained" => "Catalyst-Runtime","Catalyst::DispatchType::Default" => "Catalyst-Runtime","Catalyst::DispatchType::Index" => "Catalyst-Runtime","Catalyst::DispatchType::Path" => "Catalyst-Runtime","Catalyst::Dispatcher" => "Catalyst-Runtime","Catalyst::Engine" => "Catalyst-Runtime","Catalyst::Engine::CGI" => "Catalyst-Runtime","Catalyst::Engine::FastCGI" => "Catalyst-Runtime","Catalyst::Engine::HTTP" => "Catalyst-Runtime","Catalyst::Engine::HTTP::Restarter" => "Catalyst-Runtime","Catalyst::Engine::HTTP::Restarter::Watcher" => "Catalyst-Runtime","Catalyst::EngineLoader" => "Catalyst-Runtime","Catalyst::Exception" => "Catalyst-Runtime","Catalyst::Exception::Base" => "Catalyst-Runtime","Catalyst::Exception::Basic" => "Catalyst-Runtime","Catalyst::Exception::Detach" => "Catalyst-Runtime","Catalyst::Exception::Go" => "Catalyst-Runtime","Catalyst::Exception::Interface" => "Catalyst-Runtime","Catalyst::Helper::Controller::Combine" => "Catalyst-Controller-Combine","Catalyst::Log" => "Catalyst-Runtime","Catalyst::Middleware::Stash" => "Catalyst-Runtime","Catalyst::Model" => "Catalyst-Runtime","Catalyst::Plugin::Session" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::State" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Store" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Store::Dummy" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Test::Store" => "Catalyst-Plugin-Session","Catalyst::Plugin::Static" => "Catalyst-Plugin-Static","Catalyst::Plugin::Static::Simple" => "Catalyst-Plugin-Static-Simple","Catalyst::Plugin::Unicode::Encoding" => "Catalyst-Runtime","Catalyst::Request" => "Catalyst-Runtime","Catalyst::Request::PartData" => "Catalyst-Runtime","Catalyst::Request::REST" => "Catalyst-Action-REST","Catalyst::Request::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Request::Upload" => "Catalyst-Runtime","Catalyst::Response" => "Catalyst-Runtime","Catalyst::Response::Writer" => "Catalyst-Runtime","Catalyst::Runtime" => "Catalyst-Runtime","Catalyst::Script::CGI" => "Catalyst-Runtime","Catalyst::Script::Create" => "Catalyst-Runtime","Catalyst::Script::FastCGI" => "Catalyst-Runtime","Catalyst::Script::Server" => "Catalyst-Runtime","Catalyst::Script::Test" => "Catalyst-Runtime","Catalyst::ScriptRole" => "Catalyst-Runtime","Catalyst::ScriptRunner" => "Catalyst-Runtime","Catalyst::Stats" => "Catalyst-Runtime","Catalyst::Test" => "Catalyst-Runtime","Catalyst::TraitFor::Request::REST" => "Catalyst-Action-REST","Catalyst::TraitFor::Request::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Utils" => "Catalyst-Runtime","Catalyst::View" => "Catalyst-Runtime","CatalystX::Controller::OpenSearch" => "Search-OpenSearch-Server","Chat::Controllers" => "Squatting","Chat::Views" => "Squatting","Class::Struct" => "perl","Class::Struct::Tie_ISA" => "perl","Clipboard" => "Clipboard","Clipboard::MacPasteboard" => "Clipboard","Clipboard::Pb" => "Clipboard","Clipboard::WaylandClipboard" => "Clipboard","Clipboard::Win32" => "Clipboard","Clipboard::Xclip" => "Clipboard","Clipboard::Xsel" => "Clipboard","Cmd::Dwarf" => "Cmd-Dwarf","Command" => "UR","Command::Common" => "UR","Command::DynamicSubCommands" => "UR","Command::Shell" => "UR","Command::SubCommandFactory" => "UR","Command::Test" => "UR","Command::Test::Echo" => "UR","Command::Test::Tree1" => "UR","Command::Test::Tree1::Echo1" => "UR","Command::Test::Tree1::Echo2" => "UR","Command::Tree" => "UR","Command::V1" => "UR","Command::V2" => "UR","Compress::LZ4" => "Compress-LZ4","Compress::Raw::Bunzip2" => "Compress-Raw-Bzip2","Compress::Raw::Bzip2" => "Compress-Raw-Bzip2","Compress::Raw::Zlib" => "Compress-Raw-Zlib","Compress::Zlib" => "IO-Compress","Concierge::Sessions" => "Concierge-Sessions","Concierge::Sessions::Base" => "Concierge-Sessions","Concierge::Sessions::File" => "Concierge-Sessions","Concierge::Sessions::SQLite" => "Concierge-Sessions","Concierge::Sessions::Session" => "Concierge-Sessions","Config::Extensions" => "perl","Config::IniFiles" => "Config-IniFiles","Config::Model" => "Config-Model","Config::Model::Annotation" => "Config-Model","Config::Model::AnyId" => "Config-Model","Config::Model::AnyThing" => "Config-Model","Config::Model::Backend::Any" => "Config-Model","Config::Model::Backend::CdsFile" => "Config-Model","Config::Model::Backend::Fstab" => "Config-Model","Config::Model::Backend::IniFile" => "Config-Model","Config::Model::Backend::Json" => "Config-Model","Config::Model::Backend::PerlFile" => "Config-Model","Config::Model::Backend::PlainFile" => "Config-Model","Config::Model::Backend::ShellVar" => "Config-Model","Config::Model::BackendMgr" => "Config-Model","Config::Model::BackendTrackOrder" => "Config-Model","Config::Model::CheckList" => "Config-Model","Config::Model::DeprecatedHandle" => "Config-Model","Config::Model::Describe" => "Config-Model","Config::Model::DumpAsData" => "Config-Model","Config::Model::Dumper" => "Config-Model","Config::Model::Exception" => "Config-Model","Config::Model::Exception::AncestorClass" => "Config-Model","Config::Model::Exception::Any" => "Config-Model","Config::Model::Exception::ConfigFile" => "Config-Model","Config::Model::Exception::ConfigFile::Missing" => "Config-Model","Config::Model::Exception::Fatal" => "Config-Model","Config::Model::Exception::Formula" => "Config-Model","Config::Model::Exception::Internal" => "Config-Model","Config::Model::Exception::Load" => "Config-Model","Config::Model::Exception::LoadData" => "Config-Model","Config::Model::Exception::Model" => "Config-Model","Config::Model::Exception::ModelDeclaration" => "Config-Model","Config::Model::Exception::ObsoleteElement" => "Config-Model","Config::Model::Exception::Syntax" => "Config-Model","Config::Model::Exception::UnavailableElement" => "Config-Model","Config::Model::Exception::UnknownElement" => "Config-Model","Config::Model::Exception::UnknownId" => "Config-Model","Config::Model::Exception::User" => "Config-Model","Config::Model::Exception::WarpError" => "Config-Model","Config::Model::Exception::WrongType" => "Config-Model","Config::Model::Exception::WrongValue" => "Config-Model","Config::Model::FuseUI" => "Config-Model","Config::Model::HashId" => "Config-Model","Config::Model::IdElementReference" => "Config-Model","Config::Model::Instance" => "Config-Model","Config::Model::Iterator" => "Config-Model","Config::Model::ListId" => "Config-Model","Config::Model::Lister" => "Config-Model","Config::Model::Loader" => "Config-Model","Config::Model::Node" => "Config-Model","Config::Model::ObjTreeScanner" => "Config-Model","Config::Model::Report" => "Config-Model","Config::Model::Role::ComputeFunction" => "Config-Model","Config::Model::Role::Constants" => "Config-Model","Config::Model::Role::FileHandler" => "Config-Model","Config::Model::Role::Grab" => "Config-Model","Config::Model::Role::HelpAsText" => "Config-Model","Config::Model::Role::NodeLoader" => "Config-Model","Config::Model::Role::Utils" => "Config-Model","Config::Model::Role::WarpMaster" => "Config-Model","Config::Model::SearchElement" => "Config-Model","Config::Model::SimpleUI" => "Config-Model","Config::Model::TermUI" => "Config-Model","Config::Model::TreeSearcher" => "Config-Model","Config::Model::TypeConstraints" => "Config-Model","Config::Model::Utils::GenClassPod" => "Config-Model","Config::Model::Value" => "Config-Model","Config::Model::Value::LayeredInclude" => "Config-Model","Config::Model::Value::Update" => "Config-Model","Config::Model::Value::UpdateFromFile" => "Config-Model","Config::Model::ValueComputer" => "Config-Model","Config::Model::WarpedNode" => "Config-Model","Config::Model::Warper" => "Config-Model","Convert::ASN1" => "Convert-ASN1","Convert::UUlib" => "Convert-UUlib","CouchWiki" => "Squatting","CouchWiki::Controllers" => "Squatting","CouchWiki::Models" => "Squatting","CouchWiki::Views" => "Squatting","Counter::Controllers" => "Squatting","Cpanel::JSON::XS" => "Cpanel-JSON-XS","Cpanel::JSON::XS::Type" => "Cpanel-JSON-XS","Crypt::AuthEnc" => "CryptX","Crypt::AuthEnc::CCM" => "CryptX","Crypt::AuthEnc::ChaCha20Poly1305" => "CryptX","Crypt::AuthEnc::EAX" => "CryptX","Crypt::AuthEnc::GCM" => "CryptX","Crypt::AuthEnc::OCB" => "CryptX","Crypt::CBC" => "Crypt-CBC","Crypt::CBC::PBKDF" => "Crypt-CBC","Crypt::CBC::PBKDF::none" => "Crypt-CBC","Crypt::CBC::PBKDF::opensslv1" => "Crypt-CBC","Crypt::CBC::PBKDF::opensslv2" => "Crypt-CBC","Crypt::CBC::PBKDF::pbkdf2" => "Crypt-CBC","Crypt::CBC::PBKDF::randomiv" => "Crypt-CBC","Crypt::Checksum" => "CryptX","Crypt::Checksum::Adler32" => "CryptX","Crypt::Checksum::CRC32" => "CryptX","Crypt::Cipher" => "CryptX","Crypt::Cipher::AES" => "CryptX","Crypt::Cipher::Anubis" => "CryptX","Crypt::Cipher::Blowfish" => "CryptX","Crypt::Cipher::CAST5" => "CryptX","Crypt::Cipher::Camellia" => "CryptX","Crypt::Cipher::DES" => "CryptX","Crypt::Cipher::DES_EDE" => "CryptX","Crypt::Cipher::IDEA" => "CryptX","Crypt::Cipher::KASUMI" => "CryptX","Crypt::Cipher::Khazad" => "CryptX","Crypt::Cipher::MULTI2" => "CryptX","Crypt::Cipher::Noekeon" => "CryptX","Crypt::Cipher::RC2" => "CryptX","Crypt::Cipher::RC5" => "CryptX","Crypt::Cipher::RC6" => "CryptX","Crypt::Cipher::SAFERP" => "CryptX","Crypt::Cipher::SAFER_K128" => "CryptX","Crypt::Cipher::SAFER_K64" => "CryptX","Crypt::Cipher::SAFER_SK128" => "CryptX","Crypt::Cipher::SAFER_SK64" => "CryptX","Crypt::Cipher::SEED" => "CryptX","Crypt::Cipher::Serpent" => "CryptX","Crypt::Cipher::Skipjack" => "CryptX","Crypt::Cipher::Twofish" => "CryptX","Crypt::Cipher::XTEA" => "CryptX","Crypt::DSA" => "Crypt-DSA","Crypt::DSA::Key" => "Crypt-DSA","Crypt::DSA::Key::PEM" => "Crypt-DSA","Crypt::DSA::Key::SSH2" => "Crypt-DSA","Crypt::DSA::KeyChain" => "Crypt-DSA","Crypt::DSA::Signature" => "Crypt-DSA","Crypt::DSA::Util" => "Crypt-DSA","Crypt::Digest" => "CryptX","Crypt::Digest::BLAKE2b_160" => "CryptX","Crypt::Digest::BLAKE2b_256" => "CryptX","Crypt::Digest::BLAKE2b_384" => "CryptX","Crypt::Digest::BLAKE2b_512" => "CryptX","Crypt::Digest::BLAKE2s_128" => "CryptX","Crypt::Digest::BLAKE2s_160" => "CryptX","Crypt::Digest::BLAKE2s_224" => "CryptX","Crypt::Digest::BLAKE2s_256" => "CryptX","Crypt::Digest::CHAES" => "CryptX","Crypt::Digest::Keccak224" => "CryptX","Crypt::Digest::Keccak256" => "CryptX","Crypt::Digest::Keccak384" => "CryptX","Crypt::Digest::Keccak512" => "CryptX","Crypt::Digest::MD2" => "CryptX","Crypt::Digest::MD4" => "CryptX","Crypt::Digest::MD5" => "CryptX","Crypt::Digest::RIPEMD128" => "CryptX","Crypt::Digest::RIPEMD160" => "CryptX","Crypt::Digest::RIPEMD256" => "CryptX","Crypt::Digest::RIPEMD320" => "CryptX","Crypt::Digest::SHA1" => "CryptX","Crypt::Digest::SHA224" => "CryptX","Crypt::Digest::SHA256" => "CryptX","Crypt::Digest::SHA384" => "CryptX","Crypt::Digest::SHA3_224" => "CryptX","Crypt::Digest::SHA3_256" => "CryptX","Crypt::Digest::SHA3_384" => "CryptX","Crypt::Digest::SHA3_512" => "CryptX","Crypt::Digest::SHA512" => "CryptX","Crypt::Digest::SHA512_224" => "CryptX","Crypt::Digest::SHA512_256" => "CryptX","Crypt::Digest::SHAKE" => "CryptX","Crypt::Digest::Tiger192" => "CryptX","Crypt::Digest::Whirlpool" => "CryptX","Crypt::JWT" => "Crypt-JWT","Crypt::KeyDerivation" => "CryptX","Crypt::KeyWrap" => "Crypt-JWT","Crypt::Mac" => "CryptX","Crypt::Mac::BLAKE2b" => "CryptX","Crypt::Mac::BLAKE2s" => "CryptX","Crypt::Mac::F9" => "CryptX","Crypt::Mac::HMAC" => "CryptX","Crypt::Mac::OMAC" => "CryptX","Crypt::Mac::PMAC" => "CryptX","Crypt::Mac::Pelican" => "CryptX","Crypt::Mac::Poly1305" => "CryptX","Crypt::Mac::XCBC" => "CryptX","Crypt::Misc" => "CryptX","Crypt::Mode" => "CryptX","Crypt::Mode::CBC" => "CryptX","Crypt::Mode::CFB" => "CryptX","Crypt::Mode::CTR" => "CryptX","Crypt::Mode::ECB" => "CryptX","Crypt::Mode::OFB" => "CryptX","Crypt::NaCl::Sodium" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::aead" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::auth" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::box" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::generichash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::hash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::onetimeauth" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::pwhash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::scalarmult" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::secretbox" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::shorthash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::sign" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::stream" => "Crypt-NaCl-Sodium","Crypt::OpenSSL::DSA" => "Crypt-OpenSSL-DSA","Crypt::OpenSSL::RSA" => "Crypt-OpenSSL-RSA","Crypt::PK" => "CryptX","Crypt::PK::DH" => "CryptX","Crypt::PK::DSA" => "CryptX","Crypt::PK::ECC" => "CryptX","Crypt::PK::Ed25519" => "CryptX","Crypt::PK::RSA" => "CryptX","Crypt::PK::X25519" => "CryptX","Crypt::PRNG" => "CryptX","Crypt::PRNG::ChaCha20" => "CryptX","Crypt::PRNG::Fortuna" => "CryptX","Crypt::PRNG::RC4" => "CryptX","Crypt::PRNG::Sober128" => "CryptX","Crypt::PRNG::Yarrow" => "CryptX","Crypt::Passwd::XS" => "Crypt-Passwd-XS","Crypt::Perl" => "Crypt-Perl","Crypt::Perl::ASN1" => "Crypt-Perl","Crypt::Perl::ASN1::BitString" => "Crypt-Perl","Crypt::Perl::ASN1::Encodee" => "Crypt-Perl","Crypt::Perl::ASN1::Signatures" => "Crypt-Perl","Crypt::Perl::BigInt" => "Crypt-Perl","Crypt::Perl::ECDSA" => "Crypt-Perl","Crypt::Perl::ECDSA::Deterministic" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::Curve" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::CurvesDB" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::DB" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::FieldElement" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::Point" => "Crypt-Perl","Crypt::Perl::ECDSA::ECParameters" => "Crypt-Perl","Crypt::Perl::ECDSA::EncodedPoint" => "Crypt-Perl","Crypt::Perl::ECDSA::Generate" => "Crypt-Perl","Crypt::Perl::ECDSA::KeyBase" => "Crypt-Perl","Crypt::Perl::ECDSA::Math" => "Crypt-Perl","Crypt::Perl::ECDSA::NIST" => "Crypt-Perl","Crypt::Perl::ECDSA::Parse" => "Crypt-Perl","Crypt::Perl::ECDSA::PrivateKey" => "Crypt-Perl","Crypt::Perl::ECDSA::PublicKey" => "Crypt-Perl","Crypt::Perl::ECDSA::Utils" => "Crypt-Perl","Crypt::Perl::Ed25519" => "Crypt-Perl","Crypt::Perl::Ed25519::KeyBase" => "Crypt-Perl","Crypt::Perl::Ed25519::Math" => "Crypt-Perl","Crypt::Perl::Ed25519::Parse" => "Crypt-Perl","Crypt::Perl::Ed25519::PrivateKey" => "Crypt-Perl","Crypt::Perl::Ed25519::PublicKey" => "Crypt-Perl","Crypt::Perl::JWK" => "Crypt-Perl","Crypt::Perl::KeyBase" => "Crypt-Perl","Crypt::Perl::Math" => "Crypt-Perl","Crypt::Perl::PK" => "Crypt-Perl","Crypt::Perl::PKCS10" => "Crypt-Perl","Crypt::Perl::PKCS10::ASN1" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute::challengePassword" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute::extensionRequest" => "Crypt-Perl","Crypt::Perl::PKCS10::Attributes" => "Crypt-Perl","Crypt::Perl::PKCS8" => "Crypt-Perl","Crypt::Perl::RNG" => "Crypt-Perl","Crypt::Perl::RSA" => "Crypt-Perl","Crypt::Perl::RSA::Generate" => "Crypt-Perl","Crypt::Perl::RSA::KeyBase" => "Crypt-Perl","Crypt::Perl::RSA::PKCS1_v1_5" => "Crypt-Perl","Crypt::Perl::RSA::Parse" => "Crypt-Perl","Crypt::Perl::RSA::PrivateKey" => "Crypt-Perl","Crypt::Perl::RSA::PublicKey" => "Crypt-Perl","Crypt::Perl::RSA::Template" => "Crypt-Perl","Crypt::Perl::ToDER" => "Crypt-Perl","Crypt::Perl::X" => "Crypt-Perl","Crypt::Perl::X509::Extension" => "Crypt-Perl","Crypt::Perl::X509::Extension::acmeValidation_v1" => "Crypt-Perl","Crypt::Perl::X509::Extension::authorityInfoAccess" => "Crypt-Perl","Crypt::Perl::X509::Extension::authorityKeyIdentifier" => "Crypt-Perl","Crypt::Perl::X509::Extension::basicConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::cRLDistributionPoints" => "Crypt-Perl","Crypt::Perl::X509::Extension::certificatePolicies" => "Crypt-Perl","Crypt::Perl::X509::Extension::ct_precert_poison" => "Crypt-Perl","Crypt::Perl::X509::Extension::ct_precert_scts" => "Crypt-Perl","Crypt::Perl::X509::Extension::extKeyUsage" => "Crypt-Perl","Crypt::Perl::X509::Extension::freshestCRL" => "Crypt-Perl","Crypt::Perl::X509::Extension::inhibitAnyPolicy" => "Crypt-Perl","Crypt::Perl::X509::Extension::issuerAltName" => "Crypt-Perl","Crypt::Perl::X509::Extension::keyUsage" => "Crypt-Perl","Crypt::Perl::X509::Extension::nameConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::noCheck" => "Crypt-Perl","Crypt::Perl::X509::Extension::policyConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::policyMappings" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectAltName" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectDirectoryAttributes" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectInfoAccess" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectKeyIdentifier" => "Crypt-Perl","Crypt::Perl::X509::Extension::tlsFeature" => "Crypt-Perl","Crypt::Perl::X509::Extensions" => "Crypt-Perl","Crypt::Perl::X509::GeneralName" => "Crypt-Perl","Crypt::Perl::X509::GeneralNames" => "Crypt-Perl","Crypt::Perl::X509::InfoAccessBase" => "Crypt-Perl","Crypt::Perl::X509::Name" => "Crypt-Perl","Crypt::Perl::X509::RelativeDistinguishedName" => "Crypt-Perl","Crypt::Perl::X509::SCT" => "Crypt-Perl","Crypt::Perl::X509v3" => "Crypt-Perl","Crypt::Perl::X::ASN1::Decode" => "Crypt-Perl","Crypt::Perl::X::ASN1::Encode" => "Crypt-Perl","Crypt::Perl::X::ASN1::Find" => "Crypt-Perl","Crypt::Perl::X::ASN1::Prepare" => "Crypt-Perl","Crypt::Perl::X::Base" => "Crypt-Perl","Crypt::Perl::X::ECDSA::CharacteristicTwoUnsupported" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForNISTName" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForName" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForOID" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForParameters" => "Crypt-Perl","Crypt::Perl::X::Generic" => "Crypt-Perl","Crypt::Perl::X::InvalidJWK" => "Crypt-Perl","Crypt::Perl::X::TooLongToSign" => "Crypt-Perl","Crypt::Perl::X::UnknownHash" => "Crypt-Perl","Crypt::Perl::X::UnknownJWKkty" => "Crypt-Perl","Crypt::Primes" => "Crypt-Primes","Crypt::Random" => "Crypt-Random","Crypt::Random::Generator" => "Crypt-Random","Crypt::Random::Provider::File" => "Crypt-Random","Crypt::Random::Provider::Win32API" => "Crypt-Random","Crypt::Random::Provider::devrandom" => "Crypt-Random","Crypt::Random::Provider::devurandom" => "Crypt-Random","Crypt::Random::Provider::egd" => "Crypt-Random","Crypt::Random::Provider::rand" => "Crypt-Random","Crypt::Random::Source" => "Crypt-Random-Source","Crypt::Random::Source::Base" => "Crypt-Random-Source","Crypt::Random::Source::Base::File" => "Crypt-Random-Source","Crypt::Random::Source::Base::Handle" => "Crypt-Random-Source","Crypt::Random::Source::Base::Proc" => "Crypt-Random-Source","Crypt::Random::Source::Base::RandomDevice" => "Crypt-Random-Source","Crypt::Random::Source::Factory" => "Crypt-Random-Source","Crypt::Random::Source::Strong" => "Crypt-Random-Source","Crypt::Random::Source::Strong::devrandom" => "Crypt-Random-Source","Crypt::Random::Source::Weak" => "Crypt-Random-Source","Crypt::Random::Source::Weak::devurandom" => "Crypt-Random-Source","Crypt::RandomEncryption" => "Crypt-RandomEncryption","Crypt::Salt" => "Crypt-Salt","Crypt::Sodium::XS" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Base" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Base64" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Core" => "Crypt-Sodium-XS","Crypt::Sodium::XS::MemVault" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::Base" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::aead" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::auth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::box" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::curve25519" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::generichash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::hash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::hkdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::ipcrypt" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::kdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::kx" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::onetimeauth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::pwhash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::scalarmult" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::secretbox" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::secretstream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::shorthash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::sign" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::stream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::ProtMem" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Util" => "Crypt-Sodium-XS","Crypt::Sodium::XS::aead" => "Crypt-Sodium-XS","Crypt::Sodium::XS::auth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::box" => "Crypt-Sodium-XS","Crypt::Sodium::XS::curve25519" => "Crypt-Sodium-XS","Crypt::Sodium::XS::generichash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::hash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::hkdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::ipcrypt" => "Crypt-Sodium-XS","Crypt::Sodium::XS::kdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::kx" => "Crypt-Sodium-XS","Crypt::Sodium::XS::onetimeauth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::pwhash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::scalarmult" => "Crypt-Sodium-XS","Crypt::Sodium::XS::secretbox" => "Crypt-Sodium-XS","Crypt::Sodium::XS::secretstream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::shorthash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::sign" => "Crypt-Sodium-XS","Crypt::Sodium::XS::stream" => "Crypt-Sodium-XS","Crypt::Stream::ChaCha" => "CryptX","Crypt::Stream::RC4" => "CryptX","Crypt::Stream::Rabbit" => "CryptX","Crypt::Stream::Salsa20" => "CryptX","Crypt::Stream::Sober128" => "CryptX","Crypt::Stream::Sosemanuk" => "CryptX","Crypt::SysRandom::XS" => "Crypt-SysRandom-XS","Crypt::URandom" => "Crypt-URandom","CryptX" => "CryptX","Cwd" => "PathTools","DBD::DBM" => "DBI","DBD::DBM::Statement" => "DBI","DBD::DBM::Table" => "DBI","DBD::DBM::db" => "DBI","DBD::DBM::dr" => "DBI","DBD::DBM::st" => "DBI","DBD::ExampleP" => "DBI","DBD::ExampleP::db" => "DBI","DBD::ExampleP::dr" => "DBI","DBD::ExampleP::st" => "DBI","DBD::File" => "DBI","DBD::File::DataSource::File" => "DBI","DBD::File::DataSource::Stream" => "DBI","DBD::File::Statement" => "DBI","DBD::File::Table" => "DBI","DBD::File::TableSource::FileSystem" => "DBI","DBD::File::db" => "DBI","DBD::File::dr" => "DBI","DBD::File::st" => "DBI","DBD::Gofer" => "DBI","DBD::Gofer::Policy::Base" => "DBI","DBD::Gofer::Policy::classic" => "DBI","DBD::Gofer::Policy::pedantic" => "DBI","DBD::Gofer::Policy::rush" => "DBI","DBD::Gofer::Transport::Base" => "DBI","DBD::Gofer::Transport::corostream" => "DBI","DBD::Gofer::Transport::null" => "DBI","DBD::Gofer::Transport::pipeone" => "DBI","DBD::Gofer::Transport::stream" => "DBI","DBD::Gofer::db" => "DBI","DBD::Gofer::dr" => "DBI","DBD::Gofer::st" => "DBI","DBD::MariaDB" => "DBD-MariaDB","DBD::Mem" => "DBI","DBD::Mem::DataSource" => "DBI","DBD::Mem::Statement" => "DBI","DBD::Mem::Table" => "DBI","DBD::Mem::db" => "DBI","DBD::Mem::dr" => "DBI","DBD::Mem::st" => "DBI","DBD::NullP" => "DBI","DBD::NullP::db" => "DBI","DBD::NullP::dr" => "DBI","DBD::NullP::st" => "DBI","DBD::Pg" => "DBD-Pg","DBD::Proxy" => "DBI","DBD::Proxy::RPC::PlClient" => "DBI","DBD::Proxy::db" => "DBI","DBD::Proxy::dr" => "DBI","DBD::Proxy::st" => "DBI","DBD::SQLite" => "DBD-SQLite","DBD::SQLite::Constants" => "DBD-SQLite","DBD::SQLite::GetInfo" => "DBD-SQLite","DBD::SQLite::VirtualTable" => "DBD-SQLite","DBD::SQLite::VirtualTable::Cursor" => "DBD-SQLite","DBD::SQLite::VirtualTable::FileContent" => "DBD-SQLite","DBD::SQLite::VirtualTable::FileContent::Cursor" => "DBD-SQLite","DBD::SQLite::VirtualTable::PerlData" => "DBD-SQLite","DBD::SQLite::VirtualTable::PerlData::Cursor" => "DBD-SQLite","DBD::Sponge" => "DBI","DBD::Sponge::db" => "DBI","DBD::Sponge::dr" => "DBI","DBD::Sponge::st" => "DBI","DBD::mysql" => "DBD-mysql","DBD::mysql::GetInfo" => "DBD-mysql","DBD::mysql::db" => "DBD-mysql","DBD::mysql::dr" => "DBD-mysql","DBD::mysql::st" => "DBD-mysql","DBD::mysqlPP" => "DBD-mysqlPP","DBD::mysqlPP::db" => "DBD-mysqlPP","DBD::mysqlPP::dr" => "DBD-mysqlPP","DBD::mysqlPP::st" => "DBD-mysqlPP","DBDI" => "DBI","DBI" => "DBI","DBI::Const::GetInfo::ANSI" => "DBI","DBI::Const::GetInfo::ODBC" => "DBI","DBI::Const::GetInfoReturn" => "DBI","DBI::Const::GetInfoType" => "DBI","DBI::DBD" => "DBI","DBI::DBD::Metadata" => "DBI","DBI::DBD::SqlEngine" => "DBI","DBI::DBD::SqlEngine::DataSource" => "DBI","DBI::DBD::SqlEngine::Statement" => "DBI","DBI::DBD::SqlEngine::Table" => "DBI","DBI::DBD::SqlEngine::TableSource" => "DBI","DBI::DBD::SqlEngine::TieMeta" => "DBI","DBI::DBD::SqlEngine::TieTables" => "DBI","DBI::DBD::SqlEngine::db" => "DBI","DBI::DBD::SqlEngine::dr" => "DBI","DBI::DBD::SqlEngine::st" => "DBI","DBI::FAQ" => "DBI","DBI::Gofer::Execute" => "DBI","DBI::Gofer::Request" => "DBI","DBI::Gofer::Response" => "DBI","DBI::Gofer::Serializer::Base" => "DBI","DBI::Gofer::Serializer::DataDumper" => "DBI","DBI::Gofer::Serializer::Storable" => "DBI","DBI::Gofer::Transport::Base" => "DBI","DBI::Gofer::Transport::pipeone" => "DBI","DBI::Gofer::Transport::stream" => "DBI","DBI::Library" => "MySQL-Admin","DBI::Library::Database" => "MySQL-Admin","DBI::Library::Database::db" => "MySQL-Admin","DBI::Library::Database::st" => "MySQL-Admin","DBI::Library::db" => "MySQL-Admin","DBI::Library::st" => "MySQL-Admin","DBI::Profile" => "DBI","DBI::ProfileData" => "DBI","DBI::ProfileDumper" => "DBI","DBI::ProfileDumper::Apache" => "DBI","DBI::ProfileSubs" => "DBI","DBI::ProxyServer" => "DBI","DBI::ProxyServer::db" => "DBI","DBI::ProxyServer::dr" => "DBI","DBI::ProxyServer::st" => "DBI","DBI::SQL::Nano" => "DBI","DBI::SQL::Nano::Statement_" => "DBI","DBI::SQL::Nano::Table_" => "DBI","DBI::Util::CacheMemory" => "DBI","DBI::Util::_accessor" => "DBI","DBI::common" => "DBI","DBIx::Class::EncodedColumn" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt::Eksblowfish::Bcrypt" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt::OpenPGP" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Digest" => "DBIx-Class-EncodedColumn","DBIx::Class::Valiant" => "Valiant","DBIx::Class::Valiant::Result" => "Valiant","DBIx::Class::Valiant::Result::HTML::FormFields" => "Valiant","DBIx::Class::Valiant::ResultSet" => "Valiant","DBIx::Class::Valiant::Util::Exception" => "Valiant","DBIx::Class::Valiant::Util::Exception::BadParameterFK" => "Valiant","DBIx::Class::Valiant::Util::Exception::BadParameters" => "Valiant","DBIx::Class::Valiant::Util::Exception::TooManyRows" => "Valiant","DBIx::Class::Valiant::Validates" => "Valiant","DBIx::Class::Valiant::Validator::Result" => "Valiant","DBIx::Class::Valiant::Validator::ResultSet" => "Valiant","DBIx::Class::Valiant::Validator::SetSize" => "Valiant","DBIx::Custom" => "DBIx-Custom","DBIx::Custom::Mapper" => "DBIx-Custom","DBIx::Custom::Model" => "DBIx-Custom","DBIx::Custom::NotExists" => "DBIx-Custom","DBIx::Custom::Order" => "DBIx-Custom","DBIx::Custom::Query" => "DBIx-Custom","DBIx::Custom::Result" => "DBIx-Custom","DBIx::Custom::Util" => "DBIx-Custom","DBIx::Custom::Where" => "DBIx-Custom","DBIx::Otogiri" => "Otogiri","DBIx::Otogiri::Iterator" => "Otogiri","DBM_Filter" => "perl","DBM_Filter::compress" => "perl","DBM_Filter::encode" => "perl","DBM_Filter::int32" => "perl","DBM_Filter::null" => "perl","DBM_Filter::utf8" => "perl","Dancer" => "Dancer","Dancer2" => "Dancer2","Dancer2::CLI" => "Dancer2","Dancer2::CLI::Command::gen" => "Dancer2","Dancer2::CLI::Command::version" => "Dancer2","Dancer2::CLI::Gen" => "Dancer2","Dancer2::CLI::Version" => "Dancer2","Dancer2::ConfigReader" => "Dancer2","Dancer2::ConfigReader::Config::Any" => "Dancer2","Dancer2::ConfigUtils" => "Dancer2","Dancer2::Core" => "Dancer2","Dancer2::Core::App" => "Dancer2","Dancer2::Core::Cookie" => "Dancer2","Dancer2::Core::DSL" => "Dancer2","Dancer2::Core::Dispatcher" => "Dancer2","Dancer2::Core::Error" => "Dancer2","Dancer2::Core::Factory" => "Dancer2","Dancer2::Core::HTTP" => "Dancer2","Dancer2::Core::Hook" => "Dancer2","Dancer2::Core::MIME" => "Dancer2","Dancer2::Core::Request" => "Dancer2","Dancer2::Core::Request::Upload" => "Dancer2","Dancer2::Core::Response" => "Dancer2","Dancer2::Core::Response::Delayed" => "Dancer2","Dancer2::Core::Role::ConfigReader" => "Dancer2","Dancer2::Core::Role::DSL" => "Dancer2","Dancer2::Core::Role::Engine" => "Dancer2","Dancer2::Core::Role::Handler" => "Dancer2","Dancer2::Core::Role::HasConfig" => "Dancer2","Dancer2::Core::Role::HasEnvironment" => "Dancer2","Dancer2::Core::Role::HasLocation" => "Dancer2","Dancer2::Core::Role::Hookable" => "Dancer2","Dancer2::Core::Role::Logger" => "Dancer2","Dancer2::Core::Role::Serializer" => "Dancer2","Dancer2::Core::Role::SessionFactory" => "Dancer2","Dancer2::Core::Role::SessionFactory::File" => "Dancer2","Dancer2::Core::Role::StandardResponses" => "Dancer2","Dancer2::Core::Role::Template" => "Dancer2","Dancer2::Core::Route" => "Dancer2","Dancer2::Core::Runner" => "Dancer2","Dancer2::Core::Session" => "Dancer2","Dancer2::Core::Time" => "Dancer2","Dancer2::Core::Types" => "Dancer2","Dancer2::FileUtils" => "Dancer2","Dancer2::Handler::AutoPage" => "Dancer2","Dancer2::Handler::File" => "Dancer2","Dancer2::Logger::Capture" => "Dancer2","Dancer2::Logger::Capture::Trap" => "Dancer2","Dancer2::Logger::Console" => "Dancer2","Dancer2::Logger::Diag" => "Dancer2","Dancer2::Logger::File" => "Dancer2","Dancer2::Logger::Note" => "Dancer2","Dancer2::Logger::Null" => "Dancer2","Dancer2::Plugin" => "Dancer2","Dancer2::Serializer::Dumper" => "Dancer2","Dancer2::Serializer::JSON" => "Dancer2","Dancer2::Serializer::Mutable" => "Dancer2","Dancer2::Serializer::YAML" => "Dancer2","Dancer2::Session::Simple" => "Dancer2","Dancer2::Session::YAML" => "Dancer2","Dancer2::Template::Implementation::ForkedTiny" => "Dancer2","Dancer2::Template::TemplateToolkit" => "Dancer2","Dancer2::Template::Tiny" => "Dancer2","Dancer2::Test" => "Dancer2","Dancer::App" => "Dancer","Dancer::Config" => "Dancer","Dancer::Config::Object" => "Dancer","Dancer::Continuation" => "Dancer","Dancer::Continuation::Halted" => "Dancer","Dancer::Continuation::Route" => "Dancer","Dancer::Continuation::Route::ErrorSent" => "Dancer","Dancer::Continuation::Route::FileSent" => "Dancer","Dancer::Continuation::Route::Forwarded" => "Dancer","Dancer::Continuation::Route::Passed" => "Dancer","Dancer::Continuation::Route::Templated" => "Dancer","Dancer::Cookie" => "Dancer","Dancer::Cookies" => "Dancer","Dancer::Deprecation" => "Dancer","Dancer::Engine" => "Dancer","Dancer::Error" => "Dancer","Dancer::Exception" => "Dancer","Dancer::Exception::Base" => "Dancer","Dancer::Exceptions" => "Dancer","Dancer::Factory::Hook" => "Dancer","Dancer::FileUtils" => "Dancer","Dancer::GetOpt" => "Dancer","Dancer::HTTP" => "Dancer","Dancer::Handler" => "Dancer","Dancer::Handler::Debug" => "Dancer","Dancer::Handler::PSGI" => "Dancer","Dancer::Handler::Standalone" => "Dancer","Dancer::Hook" => "Dancer","Dancer::Hook::Properties" => "Dancer","Dancer::Logger" => "Dancer","Dancer::Logger::Abstract" => "Dancer","Dancer::Logger::Capture" => "Dancer","Dancer::Logger::Capture::Trap" => "Dancer","Dancer::Logger::Console" => "Dancer","Dancer::Logger::Diag" => "Dancer","Dancer::Logger::File" => "Dancer","Dancer::Logger::Note" => "Dancer","Dancer::Logger::Null" => "Dancer","Dancer::MIME" => "Dancer","Dancer::ModuleLoader" => "Dancer","Dancer::Object" => "Dancer","Dancer::Object::Singleton" => "Dancer","Dancer::Plugin" => "Dancer","Dancer::Plugin::Ajax" => "Dancer","Dancer::Renderer" => "Dancer","Dancer::Request" => "Dancer","Dancer::Request::Upload" => "Dancer","Dancer::Response" => "Dancer","Dancer::Route" => "Dancer","Dancer::Route::Cache" => "Dancer","Dancer::Route::Registry" => "Dancer","Dancer::Serializer" => "Dancer","Dancer::Serializer::Abstract" => "Dancer","Dancer::Serializer::Dumper" => "Dancer","Dancer::Serializer::JSON" => "Dancer","Dancer::Serializer::JSONP" => "Dancer","Dancer::Serializer::Mutable" => "Dancer","Dancer::Serializer::XML" => "Dancer","Dancer::Serializer::YAML" => "Dancer","Dancer::Session" => "Dancer","Dancer::Session::Abstract" => "Dancer","Dancer::Session::Simple" => "Dancer","Dancer::Session::YAML" => "Dancer","Dancer::SharedData" => "Dancer","Dancer::Template" => "Dancer","Dancer::Template::Abstract" => "Dancer","Dancer::Template::NetdiscoTemplateToolkit" => "App-Netdisco","Dancer::Template::Simple" => "Dancer","Dancer::Template::TemplateToolkit" => "Dancer","Dancer::Test" => "Dancer","Dancer::Timer" => "Dancer","Data::BytesLocker" => "Crypt-NaCl-Sodium","Data::Dumper" => "Data-Dumper","Data::Entropy" => "Data-Entropy","Data::Entropy::Algorithms" => "Data-Entropy","Data::Entropy::RawSource::CryptCounter" => "Data-Entropy","Data::Entropy::RawSource::Local" => "Data-Entropy","Data::Entropy::RawSource::RandomOrg" => "Data-Entropy","Data::Entropy::RawSource::RandomnumbersInfo" => "Data-Entropy","Data::Entropy::Source" => "Data-Entropy","Data::FormValidator" => "Data-FormValidator","Data::FormValidator::Constraints" => "Data-FormValidator","Data::FormValidator::Constraints::Dates" => "Data-FormValidator","Data::FormValidator::Constraints::RegexpCommon" => "Data-FormValidator","Data::FormValidator::Constraints::Upload" => "Data-FormValidator","Data::FormValidator::ConstraintsFactory" => "Data-FormValidator","Data::FormValidator::Filters" => "Data-FormValidator","Data::FormValidator::Results" => "Data-FormValidator","Data::UUID" => "Data-UUID","Data::Validate::IP" => "Data-Validate-IP","DemoASP" => "Apache-ASP","Devel::PPPort" => "Devel-PPPort","Devel::PatchPerl::Plugin::Asan" => "App-perlall","Devel::PatchPerl::Plugin::Compiler" => "App-perlall","Devel::PatchPerl::Plugin::General" => "App-perlall","Devel::Peek" => "perl","Devel::StackTrace" => "Devel-StackTrace","Devel::StackTrace::Frame" => "Devel-StackTrace","Devel::callsfrom" => "UR","Dezi" => "Dezi","Dezi::Config" => "Dezi","Dezi::Server" => "Dezi","Dezi::Server::About" => "Dezi","Digest" => "Digest","Digest::MD5" => "Digest-MD5","Digest::SHA" => "Digest-SHA","Digest::base" => "Digest","Digest::file" => "Digest","DirHandle" => "perl","Dpkg" => "Dpkg","Dpkg::Arch" => "Dpkg","Dpkg::Archive::Ar" => "Dpkg","Dpkg::Build::Env" => "Dpkg","Dpkg::Build::Info" => "Dpkg","Dpkg::Build::Types" => "Dpkg","Dpkg::BuildAPI" => "Dpkg","Dpkg::BuildDriver" => "Dpkg","Dpkg::BuildDriver::DebianRules" => "Dpkg","Dpkg::BuildEnv" => "Dpkg","Dpkg::BuildFlags" => "Dpkg","Dpkg::BuildInfo" => "Dpkg","Dpkg::BuildOptions" => "Dpkg","Dpkg::BuildProfiles" => "Dpkg","Dpkg::BuildTree" => "Dpkg","Dpkg::BuildTypes" => "Dpkg","Dpkg::Changelog" => "Dpkg","Dpkg::Changelog::Debian" => "Dpkg","Dpkg::Changelog::Entry" => "Dpkg","Dpkg::Changelog::Entry::Debian" => "Dpkg","Dpkg::Changelog::Parse" => "Dpkg","Dpkg::Checksums" => "Dpkg","Dpkg::Compression" => "Dpkg","Dpkg::Compression::FileHandle" => "Dpkg","Dpkg::Compression::Process" => "Dpkg","Dpkg::Conf" => "Dpkg","Dpkg::Control" => "Dpkg","Dpkg::Control::Changelog" => "Dpkg","Dpkg::Control::Fields" => "Dpkg","Dpkg::Control::FieldsCore" => "Dpkg","Dpkg::Control::Hash" => "Dpkg","Dpkg::Control::HashCore" => "Dpkg","Dpkg::Control::HashCore::Tie" => "Dpkg","Dpkg::Control::Info" => "Dpkg","Dpkg::Control::Tests" => "Dpkg","Dpkg::Control::Tests::Entry" => "Dpkg","Dpkg::Control::Types" => "Dpkg","Dpkg::Deps" => "Dpkg","Dpkg::Deps::AND" => "Dpkg","Dpkg::Deps::KnownFacts" => "Dpkg","Dpkg::Deps::Multiple" => "Dpkg","Dpkg::Deps::OR" => "Dpkg","Dpkg::Deps::Simple" => "Dpkg","Dpkg::Deps::Union" => "Dpkg","Dpkg::Dist::Files" => "Dpkg","Dpkg::Email::Address" => "Dpkg","Dpkg::Email::AddressList" => "Dpkg","Dpkg::ErrorHandling" => "Dpkg","Dpkg::Exit" => "Dpkg","Dpkg::File" => "Dpkg","Dpkg::Getopt" => "Dpkg","Dpkg::Gettext" => "Dpkg","Dpkg::IPC" => "Dpkg","Dpkg::Index" => "Dpkg","Dpkg::Interface::Storable" => "Dpkg","Dpkg::Lock" => "Dpkg","Dpkg::OpenPGP" => "Dpkg","Dpkg::OpenPGP::Backend" => "Dpkg","Dpkg::OpenPGP::Backend::GnuPG" => "Dpkg","Dpkg::OpenPGP::Backend::SOP" => "Dpkg","Dpkg::OpenPGP::Backend::Sequoia" => "Dpkg","Dpkg::OpenPGP::ErrorCodes" => "Dpkg","Dpkg::OpenPGP::KeyHandle" => "Dpkg","Dpkg::Package" => "Dpkg","Dpkg::Path" => "Dpkg","Dpkg::Shlibs" => "Dpkg","Dpkg::Shlibs::Cppfilt" => "Dpkg","Dpkg::Shlibs::Objdump" => "Dpkg","Dpkg::Shlibs::Objdump::Object" => "Dpkg","Dpkg::Shlibs::Symbol" => "Dpkg","Dpkg::Shlibs::SymbolFile" => "Dpkg","Dpkg::Source::Archive" => "Dpkg","Dpkg::Source::BinaryFiles" => "Dpkg","Dpkg::Source::Format" => "Dpkg","Dpkg::Source::Functions" => "Dpkg","Dpkg::Source::Package" => "Dpkg","Dpkg::Source::Package::V1" => "Dpkg","Dpkg::Source::Package::V2" => "Dpkg","Dpkg::Source::Package::V3::Bzr" => "Dpkg","Dpkg::Source::Package::V3::Custom" => "Dpkg","Dpkg::Source::Package::V3::Git" => "Dpkg","Dpkg::Source::Package::V3::Native" => "Dpkg","Dpkg::Source::Package::V3::Quilt" => "Dpkg","Dpkg::Source::Patch" => "Dpkg","Dpkg::Source::Quilt" => "Dpkg","Dpkg::Substvars" => "Dpkg","Dpkg::SysInfo" => "Dpkg","Dpkg::Vars" => "Dpkg","Dpkg::Vendor" => "Dpkg","Dpkg::Vendor::Debian" => "Dpkg","Dpkg::Vendor::Default" => "Dpkg","Dpkg::Vendor::Devuan" => "Dpkg","Dpkg::Vendor::PureOS" => "Dpkg","Dpkg::Vendor::Ubuntu" => "Dpkg","Dpkg::Version" => "Dpkg","Dwarf" => "Cmd-Dwarf","EV::Hiredis" => "EV-Hiredis","Elive" => "Elive","Elive::Connection" => "Elive","Elive::Connection::SDK" => "Elive","Elive::DAO" => "Elive","Elive::DAO::Array" => "Elive","Elive::DAO::Singleton" => "Elive","Elive::DAO::_Base" => "Elive","Elive::Entity" => "Elive","Elive::Entity::Group" => "Elive","Elive::Entity::Group::Members" => "Elive","Elive::Entity::InvitedGuest" => "Elive","Elive::Entity::Meeting" => "Elive","Elive::Entity::MeetingParameters" => "Elive","Elive::Entity::Participant" => "Elive","Elive::Entity::ParticipantList" => "Elive","Elive::Entity::Participants" => "Elive","Elive::Entity::Preload" => "Elive","Elive::Entity::Preloads" => "Elive","Elive::Entity::Recording" => "Elive","Elive::Entity::Report" => "Elive","Elive::Entity::Role" => "Elive","Elive::Entity::ServerDetails" => "Elive","Elive::Entity::ServerParameters" => "Elive","Elive::Entity::Session" => "Elive","Elive::Entity::User" => "Elive","Elive::Util" => "Elive","Elive::Util::Type" => "Elive","Elive::View::Session" => "Elive","Email::Address" => "Email-Address","Email::MIME" => "Email-MIME","Email::MIME::Creator" => "Email-MIME","Email::MIME::Encode" => "Email-MIME","Email::MIME::Header" => "Email-MIME","Email::MIME::Header::AddressList" => "Email-MIME","Email::MIME::Modifier" => "Email-MIME","EnableModule" => "perl","Encode" => "Encode","Encode::Alias" => "Encode","Encode::Byte" => "Encode","Encode::CJKConstants" => "Encode","Encode::CN" => "Encode","Encode::CN::HZ" => "Encode","Encode::Config" => "Encode","Encode::EBCDIC" => "Encode","Encode::Encoder" => "Encode","Encode::Encoding" => "Encode","Encode::GSM0338" => "Encode","Encode::Guess" => "Encode","Encode::Internal" => "Encode","Encode::JP" => "Encode","Encode::JP::H2Z" => "Encode","Encode::JP::JIS7" => "Encode","Encode::KR" => "Encode","Encode::KR::2022_KR" => "Encode","Encode::MIME::Header" => "Encode","Encode::MIME::Header::ISO_2022_JP" => "Encode","Encode::MIME::Name" => "Encode","Encode::Symbol" => "Encode","Encode::TW" => "Encode","Encode::UTF_EBCDIC" => "Encode","Encode::Unicode" => "Encode","Encode::Unicode::UTF7" => "Encode","Encode::XS" => "Encode","Encode::utf8" => "Encode","English" => "perl","Example::Controllers" => "Squatting","Example::Views" => "Squatting","ExtUtils::Command" => "ExtUtils-MakeMaker","ExtUtils::Command::MM" => "ExtUtils-MakeMaker","ExtUtils::Embed" => "perl","ExtUtils::Liblist" => "ExtUtils-MakeMaker","ExtUtils::Liblist::Kid" => "ExtUtils-MakeMaker","ExtUtils::MM" => "ExtUtils-MakeMaker","ExtUtils::MM_AIX" => "ExtUtils-MakeMaker","ExtUtils::MM_Any" => "ExtUtils-MakeMaker","ExtUtils::MM_BeOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Cygwin" => "ExtUtils-MakeMaker","ExtUtils::MM_DOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Darwin" => "ExtUtils-MakeMaker","ExtUtils::MM_MacOS" => "ExtUtils-MakeMaker","ExtUtils::MM_NW5" => "ExtUtils-MakeMaker","ExtUtils::MM_OS2" => "ExtUtils-MakeMaker","ExtUtils::MM_OS390" => "ExtUtils-MakeMaker","ExtUtils::MM_QNX" => "ExtUtils-MakeMaker","ExtUtils::MM_UWIN" => "ExtUtils-MakeMaker","ExtUtils::MM_Unix" => "ExtUtils-MakeMaker","ExtUtils::MM_VMS" => "ExtUtils-MakeMaker","ExtUtils::MM_VOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Win32" => "ExtUtils-MakeMaker","ExtUtils::MM_Win95" => "ExtUtils-MakeMaker","ExtUtils::MY" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::Config" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::Locale" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::_version" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::charstar" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version::regex" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version::vpp" => "ExtUtils-MakeMaker","ExtUtils::Miniperl" => "perl","ExtUtils::Mkbootstrap" => "ExtUtils-MakeMaker","ExtUtils::Mksymlists" => "ExtUtils-MakeMaker","ExtUtils::ParseXS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Constants" => "ExtUtils-ParseXS","ExtUtils::ParseXS::CountLines" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Eval" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ALIAS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ALIAS_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ATTRS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::BOOT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CASE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CLEANUP" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CODE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_ARGS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_POD" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_code" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_postamble" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::EXPORT_XSUB_SYMBOLS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::FALLBACK" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INCLUDE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INCLUDE_COMMAND" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INIT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INPUT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INPUT_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INTERFACE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INTERFACE_MACRO" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::IO_Param" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::MODULE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::NOT_IMPLEMENTED_YET" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OUTPUT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OUTPUT_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OVERLOAD" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::POSTCALL" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PPCODE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PREINIT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PROTOTYPE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PROTOTYPES" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Param" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Params" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::REQUIRE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ReturnType" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::SCOPE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Sig" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::TYPEMAP" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::VERSIONCHECK" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::XS_file" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::autocall" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::boot_xsub" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::cleanup_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::code_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::codeblock" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::cpp_scope" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::enable" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::global_cpp_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::init_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::input_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::keyline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::keylines" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::multiline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::multiline_merged" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::oneline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::output_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::pre_boot" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::preamble" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xbody" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xsub" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xsub_decl" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Utilities" => "ExtUtils-ParseXS","ExtUtils::Typemaps" => "ExtUtils-ParseXS","ExtUtils::Typemaps::Cmd" => "ExtUtils-ParseXS","ExtUtils::Typemaps::InputMap" => "ExtUtils-ParseXS","ExtUtils::Typemaps::OutputMap" => "ExtUtils-ParseXS","ExtUtils::Typemaps::Type" => "ExtUtils-ParseXS","ExtUtils::XSSymSet" => "perl","ExtUtils::testlib" => "ExtUtils-MakeMaker","FCGI" => "FCGI","FCGI::Stream" => "FCGI","Fake::Encode" => "Fake-Encode","Fake::Our" => "Fake-Our","FakeHomol" => "GBrowse","Fcntl" => "perl","Fh" => "CGI","File::Basename" => "perl","File::Compare" => "perl","File::Copy" => "perl","File::DataClass" => "File-DataClass","File::DataClass::Cache" => "File-DataClass","File::DataClass::Constants" => "File-DataClass","File::DataClass::Exception" => "File-DataClass","File::DataClass::Functions" => "File-DataClass","File::DataClass::IO" => "File-DataClass","File::DataClass::List" => "File-DataClass","File::DataClass::Result" => "File-DataClass","File::DataClass::ResultSet" => "File-DataClass","File::DataClass::ResultSource" => "File-DataClass","File::DataClass::Schema" => "File-DataClass","File::DataClass::Storage" => "File-DataClass","File::DataClass::Storage::Any" => "File-DataClass","File::DataClass::Storage::JSON" => "File-DataClass","File::DataClass::Types" => "File-DataClass","File::DosGlob" => "perl","File::Find" => "perl","File::Find::Rule" => "File-Find-Rule","File::Find::Rule::Test::ATeam" => "File-Find-Rule","File::Glob" => "perl","File::GlobMapper" => "IO-Compress","File::KeePass" => "File-KeePass","File::Path" => "File-Path","File::RandomAccess" => "Image-ExifTool","File::Slurp" => "File-Slurp","File::Spec" => "PathTools","File::Spec::AmigaOS" => "PathTools","File::Spec::Cygwin" => "PathTools","File::Spec::Epoc" => "PathTools","File::Spec::Functions" => "PathTools","File::Spec::Mac" => "PathTools","File::Spec::OS2" => "PathTools","File::Spec::Unix" => "PathTools","File::Spec::VMS" => "PathTools","File::Spec::Win32" => "PathTools","File::Temp" => "File-Temp","File::stat" => "perl","FileCache" => "perl","FileHandle" => "perl","FileSlurp_12" => "File-Slurp","Filesys::SmbClientParser" => "Filesys-SmbClientParser","FindExt" => "perl","GD" => "GD","GD::Group" => "GD","GD::Image" => "GD","GD::Polygon" => "GD","GD::Polyline" => "GD","GD::Simple" => "GD","GDBM_File" => "perl","GPIB" => "GPIB","GPIB::hp33120a" => "GPIB","GPIB::hp3585a" => "GPIB","GPIB::hp59306a" => "GPIB","GPIB::hpe3631a" => "GPIB","GPIB::hpserial" => "GPIB","GPIB::llp" => "GPIB","GPIB::ni" => "GPIB","GPIB::rmt" => "GPIB","Galileo" => "Galileo","Galileo::Admin" => "Galileo","Galileo::Command::dump" => "Galileo","Galileo::Command::setup" => "Galileo","Galileo::DB::Deploy" => "Galileo","Galileo::DB::Schema" => "Galileo","Galileo::DB::Schema::Result::Menu" => "Galileo","Galileo::DB::Schema::Result::Page" => "Galileo","Galileo::DB::Schema::Result::User" => "Galileo","Galileo::File" => "Galileo","Galileo::Menu" => "Galileo","Galileo::Page" => "Galileo","Galileo::Plugin::Deploy" => "Galileo","Galileo::Plugin::Modal" => "Galileo","Galileo::User" => "Galileo","Getopt::Std" => "perl","Git::Raw" => "Git-Raw","Git::Raw::AnnotatedCommit" => "Git-Raw","Git::Raw::Blame" => "Git-Raw","Git::Raw::Blame::Hunk" => "Git-Raw","Git::Raw::Blob" => "Git-Raw","Git::Raw::Branch" => "Git-Raw","Git::Raw::Cert" => "Git-Raw","Git::Raw::Cert::HostKey" => "Git-Raw","Git::Raw::Cert::X509" => "Git-Raw","Git::Raw::Commit" => "Git-Raw","Git::Raw::Config" => "Git-Raw","Git::Raw::Cred" => "Git-Raw","Git::Raw::Diff" => "Git-Raw","Git::Raw::Diff::Delta" => "Git-Raw","Git::Raw::Diff::File" => "Git-Raw","Git::Raw::Diff::Hunk" => "Git-Raw","Git::Raw::Diff::Stats" => "Git-Raw","Git::Raw::Error" => "Git-Raw","Git::Raw::Error::Category" => "Git-Raw","Git::Raw::Filter" => "Git-Raw","Git::Raw::Filter::List" => "Git-Raw","Git::Raw::Filter::Source" => "Git-Raw","Git::Raw::Graph" => "Git-Raw","Git::Raw::Index" => "Git-Raw","Git::Raw::Index::Conflict" => "Git-Raw","Git::Raw::Index::Entry" => "Git-Raw","Git::Raw::Indexer" => "Git-Raw","Git::Raw::Mempack" => "Git-Raw","Git::Raw::Merge::File::Result" => "Git-Raw","Git::Raw::Note" => "Git-Raw","Git::Raw::Object" => "Git-Raw","Git::Raw::Odb" => "Git-Raw","Git::Raw::Odb::Backend" => "Git-Raw","Git::Raw::Odb::Backend::Loose" => "Git-Raw","Git::Raw::Odb::Backend::OnePack" => "Git-Raw","Git::Raw::Odb::Backend::Pack" => "Git-Raw","Git::Raw::Odb::Object" => "Git-Raw","Git::Raw::Packbuilder" => "Git-Raw","Git::Raw::Patch" => "Git-Raw","Git::Raw::PathSpec" => "Git-Raw","Git::Raw::PathSpec::MatchList" => "Git-Raw","Git::Raw::Rebase" => "Git-Raw","Git::Raw::Rebase::Operation" => "Git-Raw","Git::Raw::RefSpec" => "Git-Raw","Git::Raw::Reference" => "Git-Raw","Git::Raw::Reflog" => "Git-Raw","Git::Raw::Reflog::Entry" => "Git-Raw","Git::Raw::Remote" => "Git-Raw","Git::Raw::Repository" => "Git-Raw","Git::Raw::Signature" => "Git-Raw","Git::Raw::Stash" => "Git-Raw","Git::Raw::Stash::Progress" => "Git-Raw","Git::Raw::Submodule" => "Git-Raw","Git::Raw::Tag" => "Git-Raw","Git::Raw::TransferProgress" => "Git-Raw","Git::Raw::Tree" => "Git-Raw","Git::Raw::Tree::Builder" => "Git-Raw","Git::Raw::Tree::Entry" => "Git-Raw","Git::Raw::Walker" => "Git-Raw","Git::Raw::Worktree" => "Git-Raw","Git::XS" => "Git-XS","GitLab::API::v4" => "GitLab-API-v4","GitLab::API::v4::Config" => "GitLab-API-v4","GitLab::API::v4::Constants" => "GitLab-API-v4","GitLab::API::v4::Mock" => "GitLab-API-v4","GitLab::API::v4::Mock::Engine" => "GitLab-API-v4","GitLab::API::v4::Mock::RESTClient" => "GitLab-API-v4","GitLab::API::v4::Paginator" => "GitLab-API-v4","GitLab::API::v4::RESTClient" => "GitLab-API-v4","GitLab::API::v4::WWWClient" => "GitLab-API-v4","GitUtils" => "perl","Graphics::ColorNames" => "Graphics-ColorNames","Graphics::ColorNames::X" => "Graphics-ColorNames","Guess::Controllers" => "Squatting","HTML::EP" => "HTML-EP","HTML::EP::CGIEncryptForm" => "HTML-EP","HTML::EP::EditTable" => "HTML-EP","HTML::EP::Examples::Admin" => "HTML-EP","HTML::EP::Examples::Glimpse" => "HTML-EP","HTML::EP::Examples::POP3Client" => "HTML-EP","HTML::EP::Install" => "HTML-EP","HTML::EP::Locale" => "HTML-EP","HTML::EP::Parser" => "HTML-EP","HTML::EP::Session" => "HTML-EP","HTML::EP::Session::Cookie" => "HTML-EP","HTML::EP::Session::DBI" => "HTML-EP","HTML::EP::Session::DBIq" => "HTML-EP","HTML::EP::Session::Dumper" => "HTML-EP","HTML::EP::Shop" => "HTML-EP","HTML::EP::Tokens" => "HTML-EP","HTML::Editor" => "MySQL-Admin","HTML::Editor::Markdown" => "MySQL-Admin","HTML::Entities" => "HTML-Parser","HTML::Filter" => "HTML-Parser","HTML::HeadParser" => "HTML-Parser","HTML::LinkExtor" => "HTML-Parser","HTML::Menu::Pages" => "MySQL-Admin","HTML::Parser" => "HTML-Parser","HTML::Perlinfo" => "HTML-Perlinfo","HTML::Perlinfo::Apache" => "HTML-Perlinfo","HTML::Perlinfo::Base" => "HTML-Perlinfo","HTML::Perlinfo::Common" => "HTML-Perlinfo","HTML::Perlinfo::General" => "HTML-Perlinfo","HTML::Perlinfo::Loaded" => "HTML-Perlinfo","HTML::Perlinfo::Modules" => "HTML-Perlinfo","HTML::Perlinfo::_version" => "HTML-Perlinfo","HTML::PullParser" => "HTML-Parser","HTML::Scrubber" => "HTML-Scrubber","HTML::StripScripts" => "HTML-StripScripts","HTML::Template::Pro" => "HTML-Template-Pro","HTML::Template::Pro::WrapAssociate" => "HTML-Template-Pro","HTML::TokeParser" => "HTML-Parser","HTTP::Body" => "HTTP-Body","HTTP::Body::MultiPart" => "HTTP-Body","HTTP::Body::OctetStream" => "HTTP-Body","HTTP::Body::UrlEncoded" => "HTTP-Body","HTTP::Body::XForms" => "HTTP-Body","HTTP::Body::XFormsMultipart" => "HTTP-Body","HTTP::Daemon" => "HTTP-Daemon","HTTP::Daemon::ClientConn" => "HTTP-Daemon","HTTP::Message::PSGI" => "Plack","HTTP::Server::PSGI" => "Plack","HTTP::Session2" => "HTTP-Session2","HTTP::Session2::Base" => "HTTP-Session2","HTTP::Session2::ClientStore" => "HTTP-Session2","HTTP::Session2::ClientStore2" => "HTTP-Session2","HTTP::Session2::Expired" => "HTTP-Session2","HTTP::Session2::Random" => "HTTP-Session2","HTTP::Session2::ServerStore" => "HTTP-Session2","HTTP::Tiny" => "HTTP-Tiny","HTTP::Tiny::NoProxy" => "Dancer","HTTPAuth" => "Squatting","HTTPAuth::Controllers" => "Squatting","HTTPAuth::Views" => "Squatting","Haiku" => "perl","HarfBuzz::Shaper" => "HarfBuzz-Shaper","Hash::Util" => "perl","Hash::Util::FieldHash" => "perl","HeaderParser" => "perl","I18N::LangTags" => "perl","I18N::LangTags::Detect" => "perl","I18N::LangTags::List" => "perl","I18N::Langinfo" => "perl","IO::Compress" => "IO-Compress","IO::Compress::Adapter::Bzip2" => "IO-Compress","IO::Compress::Adapter::Deflate" => "IO-Compress","IO::Compress::Adapter::Identity" => "IO-Compress","IO::Compress::Base" => "IO-Compress","IO::Compress::Base::Common" => "IO-Compress","IO::Compress::Brotli" => "IO-Compress-Brotli","IO::Compress::Bzip2" => "IO-Compress","IO::Compress::Deflate" => "IO-Compress","IO::Compress::Gzip" => "IO-Compress","IO::Compress::Gzip::Constants" => "IO-Compress","IO::Compress::RawDeflate" => "IO-Compress","IO::Compress::Zip" => "IO-Compress","IO::Compress::Zip::Constants" => "IO-Compress","IO::Compress::Zlib::Constants" => "IO-Compress","IO::Compress::Zlib::Extra" => "IO-Compress","IO::Socket::SSL" => "IO-Socket-SSL","IO::Socket::SSL::Intercept" => "IO-Socket-SSL","IO::Socket::SSL::OCSP_Cache" => "IO-Socket-SSL","IO::Socket::SSL::OCSP_Resolver" => "IO-Socket-SSL","IO::Socket::SSL::PublicSuffix" => "IO-Socket-SSL","IO::Socket::SSL::SSL_Context" => "IO-Socket-SSL","IO::Socket::SSL::SSL_HANDLE" => "IO-Socket-SSL","IO::Socket::SSL::Session_Cache" => "IO-Socket-SSL","IO::Socket::SSL::Trace" => "IO-Socket-SSL","IO::Socket::SSL::Utils" => "IO-Socket-SSL","IO::Uncompress::Adapter::Bunzip2" => "IO-Compress","IO::Uncompress::Adapter::Identity" => "IO-Compress","IO::Uncompress::Adapter::Inflate" => "IO-Compress","IO::Uncompress::AnyInflate" => "IO-Compress","IO::Uncompress::AnyUncompress" => "IO-Compress","IO::Uncompress::Base" => "IO-Compress","IO::Uncompress::Brotli" => "IO-Compress-Brotli","IO::Uncompress::Bunzip2" => "IO-Compress","IO::Uncompress::Gunzip" => "IO-Compress","IO::Uncompress::Inflate" => "IO-Compress","IO::Uncompress::RawInflate" => "IO-Compress","IO::Uncompress::Unzip" => "IO-Compress","IPC::Cmd" => "IPC-Cmd","IPC::Cmd::System" => "IPC-Cmd","IPC::Open2" => "perl","IPC::Open3" => "perl","IPC::Run" => "IPC-Run","IPC::Run::Debug" => "IPC-Run","IPC::Run::IO" => "IPC-Run","IPC::Run::Timer" => "IPC-Run","IPC::Run::Win32Helper" => "IPC-Run","IPC::Run::Win32IO" => "IPC-Run","IPC::Run::Win32Process" => "IPC-Run","IPC::Run::Win32Pump" => "IPC-Run","IPTables::Parse" => "IPTables-Parse","Image::ExifTool" => "Image-ExifTool","Image::ExifTool::7Z" => "Image-ExifTool","Image::ExifTool::AAC" => "Image-ExifTool","Image::ExifTool::AES" => "Image-ExifTool","Image::ExifTool::AFCP" => "Image-ExifTool","Image::ExifTool::AIFF" => "Image-ExifTool","Image::ExifTool::APE" => "Image-ExifTool","Image::ExifTool::APP12" => "Image-ExifTool","Image::ExifTool::ASF" => "Image-ExifTool","Image::ExifTool::Apple" => "Image-ExifTool","Image::ExifTool::Audible" => "Image-ExifTool","Image::ExifTool::BMP" => "Image-ExifTool","Image::ExifTool::BPG" => "Image-ExifTool","Image::ExifTool::BZZ" => "Image-ExifTool","Image::ExifTool::BigTIFF" => "Image-ExifTool","Image::ExifTool::BuildTagLookup" => "Image-ExifTool","Image::ExifTool::CBOR" => "Image-ExifTool","Image::ExifTool::Canon" => "Image-ExifTool","Image::ExifTool::CanonCustom" => "Image-ExifTool","Image::ExifTool::CanonRaw" => "Image-ExifTool","Image::ExifTool::CanonVRD" => "Image-ExifTool","Image::ExifTool::CaptureOne" => "Image-ExifTool","Image::ExifTool::Casio" => "Image-ExifTool","Image::ExifTool::Charset" => "Image-ExifTool","Image::ExifTool::DICOM" => "Image-ExifTool","Image::ExifTool::DJI" => "Image-ExifTool","Image::ExifTool::DNG" => "Image-ExifTool","Image::ExifTool::DPX" => "Image-ExifTool","Image::ExifTool::DSF" => "Image-ExifTool","Image::ExifTool::DV" => "Image-ExifTool","Image::ExifTool::DarwinCore" => "Image-ExifTool","Image::ExifTool::DjVu" => "Image-ExifTool","Image::ExifTool::EXE" => "Image-ExifTool","Image::ExifTool::Exif" => "Image-ExifTool","Image::ExifTool::FITS" => "Image-ExifTool","Image::ExifTool::FLAC" => "Image-ExifTool","Image::ExifTool::FLIF" => "Image-ExifTool","Image::ExifTool::FLIR" => "Image-ExifTool","Image::ExifTool::Fixup" => "Image-ExifTool","Image::ExifTool::Flash" => "Image-ExifTool","Image::ExifTool::FlashPix" => "Image-ExifTool","Image::ExifTool::Font" => "Image-ExifTool","Image::ExifTool::FotoStation" => "Image-ExifTool","Image::ExifTool::FujiFilm" => "Image-ExifTool","Image::ExifTool::GE" => "Image-ExifTool","Image::ExifTool::GIF" => "Image-ExifTool","Image::ExifTool::GIMP" => "Image-ExifTool","Image::ExifTool::GM" => "Image-ExifTool","Image::ExifTool::GPS" => "Image-ExifTool","Image::ExifTool::GeoTiff" => "Image-ExifTool","Image::ExifTool::Geolocation" => "Image-ExifTool","Image::ExifTool::Geotag" => "Image-ExifTool","Image::ExifTool::GoPro" => "Image-ExifTool","Image::ExifTool::Google" => "Image-ExifTool","Image::ExifTool::H264" => "Image-ExifTool","Image::ExifTool::HP" => "Image-ExifTool","Image::ExifTool::HTML" => "Image-ExifTool","Image::ExifTool::HtmlDump" => "Image-ExifTool","Image::ExifTool::ICC_Profile" => "Image-ExifTool","Image::ExifTool::ICO" => "Image-ExifTool","Image::ExifTool::ID3" => "Image-ExifTool","Image::ExifTool::IPTC" => "Image-ExifTool","Image::ExifTool::ISO" => "Image-ExifTool","Image::ExifTool::ITC" => "Image-ExifTool","Image::ExifTool::Import" => "Image-ExifTool","Image::ExifTool::InDesign" => "Image-ExifTool","Image::ExifTool::InfiRay" => "Image-ExifTool","Image::ExifTool::JPEG" => "Image-ExifTool","Image::ExifTool::JPEGDigest" => "Image-ExifTool","Image::ExifTool::JSON" => "Image-ExifTool","Image::ExifTool::JVC" => "Image-ExifTool","Image::ExifTool::Jpeg2000" => "Image-ExifTool","Image::ExifTool::Kandao" => "Image-ExifTool","Image::ExifTool::Kodak" => "Image-ExifTool","Image::ExifTool::KyoceraRaw" => "Image-ExifTool","Image::ExifTool::LIF" => "Image-ExifTool","Image::ExifTool::LNK" => "Image-ExifTool","Image::ExifTool::Lang::cs" => "Image-ExifTool","Image::ExifTool::Lang::de" => "Image-ExifTool","Image::ExifTool::Lang::en_ca" => "Image-ExifTool","Image::ExifTool::Lang::en_gb" => "Image-ExifTool","Image::ExifTool::Lang::es" => "Image-ExifTool","Image::ExifTool::Lang::fi" => "Image-ExifTool","Image::ExifTool::Lang::fr" => "Image-ExifTool","Image::ExifTool::Lang::it" => "Image-ExifTool","Image::ExifTool::Lang::ja" => "Image-ExifTool","Image::ExifTool::Lang::ko" => "Image-ExifTool","Image::ExifTool::Lang::nl" => "Image-ExifTool","Image::ExifTool::Lang::pl" => "Image-ExifTool","Image::ExifTool::Lang::ru" => "Image-ExifTool","Image::ExifTool::Lang::sk" => "Image-ExifTool","Image::ExifTool::Lang::sv" => "Image-ExifTool","Image::ExifTool::Lang::tr" => "Image-ExifTool","Image::ExifTool::Lang::zh_cn" => "Image-ExifTool","Image::ExifTool::Lang::zh_tw" => "Image-ExifTool","Image::ExifTool::Leaf" => "Image-ExifTool","Image::ExifTool::LigoGPS" => "Image-ExifTool","Image::ExifTool::Lytro" => "Image-ExifTool","Image::ExifTool::M2TS" => "Image-ExifTool","Image::ExifTool::MIE" => "Image-ExifTool","Image::ExifTool::MIFF" => "Image-ExifTool","Image::ExifTool::MISB" => "Image-ExifTool","Image::ExifTool::MNG" => "Image-ExifTool","Image::ExifTool::MOI" => "Image-ExifTool","Image::ExifTool::MPC" => "Image-ExifTool","Image::ExifTool::MPEG" => "Image-ExifTool","Image::ExifTool::MPF" => "Image-ExifTool","Image::ExifTool::MRC" => "Image-ExifTool","Image::ExifTool::MWG" => "Image-ExifTool","Image::ExifTool::MXF" => "Image-ExifTool","Image::ExifTool::MacOS" => "Image-ExifTool","Image::ExifTool::MakerNotes" => "Image-ExifTool","Image::ExifTool::Matroska" => "Image-ExifTool","Image::ExifTool::Microsoft" => "Image-ExifTool","Image::ExifTool::Minolta" => "Image-ExifTool","Image::ExifTool::MinoltaRaw" => "Image-ExifTool","Image::ExifTool::Motorola" => "Image-ExifTool","Image::ExifTool::Nikon" => "Image-ExifTool","Image::ExifTool::NikonCapture" => "Image-ExifTool","Image::ExifTool::NikonCustom" => "Image-ExifTool","Image::ExifTool::NikonSettings" => "Image-ExifTool","Image::ExifTool::Nintendo" => "Image-ExifTool","Image::ExifTool::OOXML" => "Image-ExifTool","Image::ExifTool::Ogg" => "Image-ExifTool","Image::ExifTool::Olympus" => "Image-ExifTool","Image::ExifTool::OpenEXR" => "Image-ExifTool","Image::ExifTool::Opus" => "Image-ExifTool","Image::ExifTool::Other" => "Image-ExifTool","Image::ExifTool::PCAP" => "Image-ExifTool","Image::ExifTool::PCX" => "Image-ExifTool","Image::ExifTool::PDF" => "Image-ExifTool","Image::ExifTool::PGF" => "Image-ExifTool","Image::ExifTool::PICT" => "Image-ExifTool","Image::ExifTool::PLIST" => "Image-ExifTool","Image::ExifTool::PLUS" => "Image-ExifTool","Image::ExifTool::PNG" => "Image-ExifTool","Image::ExifTool::PPM" => "Image-ExifTool","Image::ExifTool::PSP" => "Image-ExifTool","Image::ExifTool::Palm" => "Image-ExifTool","Image::ExifTool::Panasonic" => "Image-ExifTool","Image::ExifTool::PanasonicRaw" => "Image-ExifTool","Image::ExifTool::Parrot" => "Image-ExifTool","Image::ExifTool::Pentax" => "Image-ExifTool","Image::ExifTool::PhaseOne" => "Image-ExifTool","Image::ExifTool::PhotoCD" => "Image-ExifTool","Image::ExifTool::PhotoMechanic" => "Image-ExifTool","Image::ExifTool::Photoshop" => "Image-ExifTool","Image::ExifTool::Plot" => "Image-ExifTool","Image::ExifTool::PostScript" => "Image-ExifTool","Image::ExifTool::PrintIM" => "Image-ExifTool","Image::ExifTool::Protobuf" => "Image-ExifTool","Image::ExifTool::Qualcomm" => "Image-ExifTool","Image::ExifTool::QuickTime" => "Image-ExifTool","Image::ExifTool::RIFF" => "Image-ExifTool","Image::ExifTool::RSRC" => "Image-ExifTool","Image::ExifTool::RTF" => "Image-ExifTool","Image::ExifTool::Radiance" => "Image-ExifTool","Image::ExifTool::Rawzor" => "Image-ExifTool","Image::ExifTool::Real" => "Image-ExifTool","Image::ExifTool::Reconyx" => "Image-ExifTool","Image::ExifTool::Red" => "Image-ExifTool","Image::ExifTool::Ricoh" => "Image-ExifTool","Image::ExifTool::Samsung" => "Image-ExifTool","Image::ExifTool::Sanyo" => "Image-ExifTool","Image::ExifTool::Scalado" => "Image-ExifTool","Image::ExifTool::Shortcuts" => "Image-ExifTool","Image::ExifTool::Sigma" => "Image-ExifTool","Image::ExifTool::SigmaRaw" => "Image-ExifTool","Image::ExifTool::Sony" => "Image-ExifTool","Image::ExifTool::SonyIDC" => "Image-ExifTool","Image::ExifTool::Stim" => "Image-ExifTool","Image::ExifTool::TNEF" => "Image-ExifTool","Image::ExifTool::TagInfoXML" => "Image-ExifTool","Image::ExifTool::TagLookup" => "Image-ExifTool","Image::ExifTool::Text" => "Image-ExifTool","Image::ExifTool::Theora" => "Image-ExifTool","Image::ExifTool::Torrent" => "Image-ExifTool","Image::ExifTool::Trailer" => "Image-ExifTool","Image::ExifTool::Unknown" => "Image-ExifTool","Image::ExifTool::VCard" => "Image-ExifTool","Image::ExifTool::Validate" => "Image-ExifTool","Image::ExifTool::Vorbis" => "Image-ExifTool","Image::ExifTool::WPG" => "Image-ExifTool","Image::ExifTool::WTV" => "Image-ExifTool","Image::ExifTool::WavPack" => "Image-ExifTool","Image::ExifTool::XISF" => "Image-ExifTool","Image::ExifTool::XMP" => "Image-ExifTool","Image::ExifTool::ZIP" => "Image-ExifTool","Image::ExifTool::ZISRAW" => "Image-ExifTool","Image::ExifTool::iWork" => "Image-ExifTool","Image::Info" => "Image-Info","Image::Info::AVIF" => "Image-Info","Image::Info::BMP" => "Image-Info","Image::Info::GIF" => "Image-Info","Image::Info::ICO" => "Image-Info","Image::Info::JPEG" => "Image-Info","Image::Info::PNG" => "Image-Info","Image::Info::PPM" => "Image-Info","Image::Info::Result" => "Image-Info","Image::Info::SVG" => "Image-Info","Image::Info::SVG::XMLLibXMLReader" => "Image-Info","Image::Info::SVG::XMLSimple" => "Image-Info","Image::Info::TIFF" => "Image-Info","Image::Info::WBMP" => "Image-Info","Image::Info::WEBP" => "Image-Info","Image::Info::XBM" => "Image-Info","Image::Info::XPM" => "Image-Info","Image::PNG::Simple" => "Image-PNG-Simple","Image::TIFF" => "Image-Info","Image::TIFF::Rational" => "Image-Info","Imager" => "Imager","Imager::Color" => "Imager","Imager::Color::Float" => "Imager","Imager::Color::Table" => "Imager","Imager::CountColor" => "Imager","Imager::Expr" => "Imager","Imager::Expr::Assem" => "Imager","Imager::Expr::Infix" => "Imager","Imager::Expr::Postfix" => "Imager","Imager::ExtUtils" => "Imager","Imager::FORMATS" => "Imager","Imager::File::CUR" => "Imager","Imager::File::ICO" => "Imager","Imager::File::SGI" => "Imager","Imager::Fill" => "Imager","Imager::Filter::DynTest" => "Imager","Imager::Filter::Flines" => "Imager","Imager::Filter::Mandelbrot" => "Imager","Imager::Font" => "Imager","Imager::Font::BBox" => "Imager","Imager::Font::FreeType2" => "Imager","Imager::Font::Image" => "Imager","Imager::Font::Test" => "Imager","Imager::Font::Truetype" => "Imager","Imager::Font::Type1" => "Imager","Imager::Font::Wrap" => "Imager","Imager::Fountain" => "Imager","Imager::IO" => "Imager","Imager::Matrix2d" => "Imager","Imager::Preprocess" => "Imager","Imager::Probe" => "Imager","Imager::Regops" => "Imager","Imager::Test" => "Imager","Imager::Test::OverUtf8" => "Imager","Imager::Transform" => "Imager","Imager::TrimColorList" => "Imager","Inline::Pugs" => "Perl6-Pugs","JNI" => "perl","JPL::AutoLoader" => "perl","JPL::Class" => "perl","JPL::Compile" => "perl","JS::jQuery" => "JS-jQuery","JSON::SIMD" => "JSON-SIMD","JSON::Syck" => "YAML-Syck","JSON::XS" => "JSON-XS","JavaScript::Duktape" => "JavaScript-Duktape","JavaScript::Duktape::Bool" => "JavaScript-Duktape","JavaScript::Duktape::Buffer" => "JavaScript-Duktape","JavaScript::Duktape::Data" => "JavaScript-Duktape","JavaScript::Duktape::Function" => "JavaScript-Duktape","JavaScript::Duktape::NULL" => "JavaScript-Duktape","JavaScript::Duktape::Object" => "JavaScript-Duktape","JavaScript::Duktape::Util" => "JavaScript-Duktape","JavaScript::Duktape::Vm" => "JavaScript-Duktape","JavaScript::Duktape::XS" => "JavaScript-Duktape-XS","Jifty" => "Jifty","Jifty::API" => "Jifty","Jifty::Action" => "Jifty","Jifty::Action::AboutMe" => "Jifty","Jifty::Action::Autocomplete" => "Jifty","Jifty::Action::Record" => "Jifty","Jifty::Action::Record::Bulk" => "Jifty","Jifty::Action::Record::Create" => "Jifty","Jifty::Action::Record::Delete" => "Jifty","Jifty::Action::Record::Execute" => "Jifty","Jifty::Action::Record::Search" => "Jifty","Jifty::Action::Record::Update" => "Jifty","Jifty::Action::Redirect" => "Jifty","Jifty::Bootstrap" => "Jifty","Jifty::CAS" => "Jifty","Jifty::CAS::Blob" => "Jifty","Jifty::CAS::Store" => "Jifty","Jifty::CAS::Store::LocalFile" => "Jifty","Jifty::CAS::Store::Memcached" => "Jifty","Jifty::CAS::Store::Memory" => "Jifty","Jifty::CAS::Store::Nested" => "Jifty","Jifty::ClassLoader" => "Jifty","Jifty::Client" => "Jifty","Jifty::Collection" => "Jifty","Jifty::Config" => "Jifty","Jifty::Continuation" => "Jifty","Jifty::CurrentUser" => "Jifty","Jifty::DBI" => "Jifty-DBI","Jifty::DBI::Collection" => "Jifty-DBI","Jifty::DBI::Collection::Union" => "Jifty-DBI","Jifty::DBI::Collection::Unique" => "Jifty-DBI","Jifty::DBI::Column" => "Jifty-DBI","Jifty::DBI::Filter" => "Jifty-DBI","Jifty::DBI::Filter::Boolean" => "Jifty-DBI","Jifty::DBI::Filter::Date" => "Jifty-DBI","Jifty::DBI::Filter::DateTime" => "Jifty-DBI","Jifty::DBI::Filter::Duration" => "Jifty-DBI","Jifty::DBI::Filter::SaltHash" => "Jifty-DBI","Jifty::DBI::Filter::Storable" => "Jifty-DBI","Jifty::DBI::Filter::Time" => "Jifty-DBI","Jifty::DBI::Filter::Truncate" => "Jifty-DBI","Jifty::DBI::Filter::URI" => "Jifty-DBI","Jifty::DBI::Filter::YAML" => "Jifty-DBI","Jifty::DBI::Filter::base64" => "Jifty-DBI","Jifty::DBI::Filter::utf8" => "Jifty-DBI","Jifty::DBI::Handle" => "Jifty-DBI","Jifty::DBI::Handle::Informix" => "Jifty-DBI","Jifty::DBI::Handle::ODBC" => "Jifty-DBI","Jifty::DBI::Handle::Oracle" => "Jifty-DBI","Jifty::DBI::Handle::Pg" => "Jifty-DBI","Jifty::DBI::Handle::SQLite" => "Jifty-DBI","Jifty::DBI::Handle::Sybase" => "Jifty-DBI","Jifty::DBI::Handle::mysql" => "Jifty-DBI","Jifty::DBI::Handle::mysqlPP" => "Jifty-DBI","Jifty::DBI::HasFilters" => "Jifty-DBI","Jifty::DBI::Record" => "Jifty-DBI","Jifty::DBI::Record::Cachable" => "Jifty-DBI","Jifty::DBI::Record::Memcached" => "Jifty-DBI","Jifty::DBI::Record::Plugin" => "Jifty-DBI","Jifty::DBI::Schema" => "Jifty-DBI","Jifty::DBI::SchemaGenerator" => "Jifty-DBI","Jifty::DateTime" => "Jifty","Jifty::Dispatcher" => "Jifty","Jifty::Everything" => "Jifty","Jifty::Filter::DateTime" => "Jifty","Jifty::Filter::JSON" => "Jifty","Jifty::Handle" => "Jifty","Jifty::Handler" => "Jifty","Jifty::I18N" => "Jifty","Jifty::I18N::en" => "Jifty","Jifty::JSON" => "Jifty","Jifty::LetMe" => "Jifty","Jifty::Logger" => "Jifty","Jifty::Model::Metadata" => "Jifty","Jifty::Model::Session" => "Jifty","Jifty::Model::SessionCollection" => "Jifty","Jifty::Module::Pluggable" => "Jifty","Jifty::Notification" => "Jifty","Jifty::Object" => "Jifty","Jifty::Param" => "Jifty","Jifty::Param::Schema" => "Jifty","Jifty::Plugin" => "Jifty","Jifty::Plugin::ActorMetadata" => "Jifty","Jifty::Plugin::ActorMetadata::Mixin::Model::ActorMetadata" => "Jifty","Jifty::Plugin::AdminUI" => "Jifty","Jifty::Plugin::AdminUI::Dispatcher" => "Jifty","Jifty::Plugin::AdminUI::View" => "Jifty","Jifty::Plugin::Authentication::Password" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ConfirmEmail" => "Jifty","Jifty::Plugin::Authentication::Password::Action::GeneratePasswordToken" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Login" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Logout" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ResendConfirmation" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ResetLostPassword" => "Jifty","Jifty::Plugin::Authentication::Password::Action::SendAccountConfirmation" => "Jifty","Jifty::Plugin::Authentication::Password::Action::SendPasswordReminder" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Signup" => "Jifty","Jifty::Plugin::Authentication::Password::Dispatcher" => "Jifty","Jifty::Plugin::Authentication::Password::Mixin::Model::User" => "Jifty","Jifty::Plugin::Authentication::Password::Notification::ConfirmEmail" => "Jifty","Jifty::Plugin::Authentication::Password::Notification::ConfirmLostPassword" => "Jifty","Jifty::Plugin::Authentication::Password::View" => "Jifty","Jifty::Plugin::CSSQuery" => "Jifty","Jifty::Plugin::ClassLoader" => "Jifty","Jifty::Plugin::Compat" => "Jifty","Jifty::Plugin::Compat::Apache" => "Jifty","Jifty::Plugin::Compat::CGI" => "Jifty","Jifty::Plugin::CompressedCSSandJS" => "Jifty","Jifty::Plugin::CompressedCSSandJS::Dispatcher" => "Jifty","Jifty::Plugin::Config" => "Jifty","Jifty::Plugin::Config::Action::AddConfig" => "Jifty","Jifty::Plugin::Config::Action::Config" => "Jifty","Jifty::Plugin::Config::Action::Restart" => "Jifty","Jifty::Plugin::Config::Dispatcher" => "Jifty","Jifty::Plugin::Config::View" => "Jifty","Jifty::Plugin::Deflater" => "Jifty","Jifty::Plugin::ErrorTemplates" => "Jifty","Jifty::Plugin::ErrorTemplates::View" => "Jifty","Jifty::Plugin::Halo" => "Jifty","Jifty::Plugin::Halo::Mason" => "Jifty","Jifty::Plugin::I18N" => "Jifty","Jifty::Plugin::I18N::Action::SetLang" => "Jifty","Jifty::Plugin::IEFixes" => "Jifty","Jifty::Plugin::LetMe" => "Jifty","Jifty::Plugin::LetMe::Dispatcher" => "Jifty","Jifty::Plugin::OnlineDocs" => "Jifty","Jifty::Plugin::OnlineDocs::Dispatcher" => "Jifty","Jifty::Plugin::Prototypism" => "Jifty","Jifty::Plugin::PubSub" => "Jifty","Jifty::Plugin::PubSub::Bus" => "Jifty","Jifty::Plugin::PubSub::Connection" => "Jifty","Jifty::Plugin::PubSub::Subscriptions" => "Jifty","Jifty::Plugin::REST" => "Jifty","Jifty::Plugin::REST::Dispatcher" => "Jifty","Jifty::Plugin::RPC" => "Jifty","Jifty::Plugin::RequestInspector" => "Jifty","Jifty::Plugin::RequestInspector::Model::Request" => "Jifty","Jifty::Plugin::RequestInspector::View" => "Jifty","Jifty::Plugin::SQLQueries" => "Jifty","Jifty::Plugin::SQLQueries::View" => "Jifty","Jifty::Plugin::SetupWizard" => "Jifty","Jifty::Plugin::SetupWizard::Action::TestDatabaseConnectivity" => "Jifty","Jifty::Plugin::SetupWizard::View" => "Jifty","Jifty::Plugin::SinglePage" => "Jifty","Jifty::Plugin::SinglePage::Dispatcher" => "Jifty","Jifty::Plugin::SkeletonApp" => "Jifty","Jifty::Plugin::SkeletonApp::Dispatcher" => "Jifty","Jifty::Plugin::SkeletonApp::View" => "Jifty","Jifty::Plugin::TestServerWarnings" => "Jifty","Jifty::Plugin::TestServerWarnings::Appender" => "Jifty","Jifty::Plugin::TestServerWarnings::View" => "Jifty","Jifty::Plugin::User" => "Jifty","Jifty::Plugin::User::Mixin::Model::User" => "Jifty","Jifty::Plugin::ViewDeclarePage" => "Jifty","Jifty::Plugin::ViewDeclarePage::Page" => "Jifty","Jifty::Record" => "Jifty","Jifty::Request" => "Jifty","Jifty::Request::Action" => "Jifty","Jifty::Request::Fragment" => "Jifty","Jifty::Request::Mapper" => "Jifty","Jifty::Request::StateVariable" => "Jifty","Jifty::Response" => "Jifty","Jifty::Result" => "Jifty","Jifty::RightsFrom" => "Jifty","Jifty::Schema" => "Jifty","Jifty::Script" => "Jifty","Jifty::Script::Action" => "Jifty","Jifty::Script::Adopt" => "Jifty","Jifty::Script::App" => "Jifty","Jifty::Script::Env" => "Jifty","Jifty::Script::FastCGI" => "Jifty","Jifty::Script::Help" => "Jifty","Jifty::Script::ModPerl2" => "Jifty","Jifty::Script::Model" => "Jifty","Jifty::Script::Plugin" => "Jifty","Jifty::Script::Po" => "Jifty","Jifty::Script::Schema" => "Jifty","Jifty::Script::Script" => "Jifty","Jifty::Script::Server" => "Jifty","Jifty::Script::WriteCCJS" => "Jifty","Jifty::Server" => "Jifty","Jifty::Server::Fork" => "Jifty","Jifty::Server::Fork::NetServer" => "Jifty","Jifty::Server::Prefork" => "Jifty","Jifty::Server::Prefork::NetServer" => "Jifty","Jifty::Test" => "Jifty","Jifty::Test::Dist" => "Jifty","Jifty::Test::Email" => "Jifty","Jifty::Test::WWW::Declare" => "Jifty","Jifty::Test::WWW::Mechanize" => "Jifty","Jifty::Test::WWW::Selenium" => "Jifty","Jifty::Test::WWW::WebDriver" => "Jifty","Jifty::TestServer" => "Jifty","Jifty::TestServer::Apache" => "Jifty","Jifty::TestServer::Inline" => "Jifty","Jifty::Upgrade" => "Jifty","Jifty::Upgrade::Internal" => "Jifty","Jifty::Util" => "Jifty","Jifty::View" => "Jifty","Jifty::View::Declare" => "Jifty","Jifty::View::Declare::BaseClass" => "Jifty","Jifty::View::Declare::CRUD" => "Jifty","Jifty::View::Declare::CoreTemplates" => "Jifty","Jifty::View::Declare::Handler" => "Jifty","Jifty::View::Declare::Helpers" => "Jifty","Jifty::View::Declare::Page" => "Jifty","Jifty::View::Mason::Halo" => "Jifty","Jifty::View::Mason::Handler" => "Jifty","Jifty::View::Mason::Request" => "Jifty","Jifty::View::Static::Handler" => "Jifty","Jifty::Web" => "Jifty","Jifty::Web::FileUpload" => "Jifty","Jifty::Web::Form" => "Jifty","Jifty::Web::Form::Clickable" => "Jifty","Jifty::Web::Form::Element" => "Jifty","Jifty::Web::Form::Field" => "Jifty","Jifty::Web::Form::Field::Button" => "Jifty","Jifty::Web::Form::Field::Checkbox" => "Jifty","Jifty::Web::Form::Field::Checkboxes" => "Jifty","Jifty::Web::Form::Field::Collection" => "Jifty","Jifty::Web::Form::Field::Combobox" => "Jifty","Jifty::Web::Form::Field::Date" => "Jifty","Jifty::Web::Form::Field::DateTime" => "Jifty","Jifty::Web::Form::Field::Hidden" => "Jifty","Jifty::Web::Form::Field::InlineButton" => "Jifty","Jifty::Web::Form::Field::OrderedList" => "Jifty","Jifty::Web::Form::Field::Password" => "Jifty","Jifty::Web::Form::Field::Radio" => "Jifty","Jifty::Web::Form::Field::ResetButton" => "Jifty","Jifty::Web::Form::Field::Select" => "Jifty","Jifty::Web::Form::Field::Text" => "Jifty","Jifty::Web::Form::Field::Textarea" => "Jifty","Jifty::Web::Form::Field::Time" => "Jifty","Jifty::Web::Form::Field::Unrendered" => "Jifty","Jifty::Web::Form::Field::Upload" => "Jifty","Jifty::Web::Form::Field::Uploads" => "Jifty","Jifty::Web::Form::Link" => "Jifty","Jifty::Web::Menu" => "Jifty","Jifty::Web::PageRegion" => "Jifty","Jifty::Web::Session" => "Jifty","Jifty::Web::Session::ApacheSession" => "Jifty","Jifty::Web::Session::ClientSide" => "Jifty","Jifty::Web::Session::JDBI" => "Jifty","Jifty::Web::Session::None" => "Jifty","Jifty::YAML" => "Jifty","Kelp" => "Kelp","Kelp::Base" => "Kelp","Kelp::Context" => "Kelp","Kelp::Exception" => "Kelp","Kelp::Generator" => "Kelp","Kelp::Less" => "Kelp","Kelp::Middleware" => "Kelp","Kelp::Module" => "Kelp","Kelp::Module::Config" => "Kelp","Kelp::Module::Config::Less" => "Kelp","Kelp::Module::Config::Null" => "Kelp","Kelp::Module::Config::Sandbox" => "Kelp","Kelp::Module::Encoder" => "Kelp","Kelp::Module::JSON" => "Kelp","Kelp::Module::Logger" => "Kelp","Kelp::Module::Logger::Simple" => "Kelp","Kelp::Module::Null" => "Kelp","Kelp::Module::Routes" => "Kelp","Kelp::Module::Template" => "Kelp","Kelp::Module::Template::Null" => "Kelp","Kelp::Request" => "Kelp","Kelp::Response" => "Kelp","Kelp::Routes" => "Kelp","Kelp::Routes::Controller" => "Kelp","Kelp::Routes::Location" => "Kelp","Kelp::Routes::Pattern" => "Kelp","Kelp::Template" => "Kelp","Kelp::Test" => "Kelp","Kelp::Test::CookieJar" => "Kelp","Kelp::Util" => "Kelp","Kossy" => "Kossy","Kossy::Assets" => "Kossy","Kossy::BodyParser" => "Kossy","Kossy::BodyParser::JSON" => "Kossy","Kossy::BodyParser::MultiPart" => "Kossy","Kossy::BodyParser::OctetStream" => "Kossy","Kossy::BodyParser::UrlEncoded" => "Kossy","Kossy::Connection" => "Kossy","Kossy::Exception" => "Kossy","Kossy::Request" => "Kossy","Kossy::Response" => "Kossy","Kwid::AST" => "Perl6-Pugs","Kwid::Base" => "Perl6-Pugs","Kwid::HTML" => "Perl6-Pugs","Kwid::Loader" => "Perl6-Pugs","Kwid::Parser" => "Perl6-Pugs","LRUCache" => "GBrowse","LWP" => "libwww-perl","LWP::Authen::Basic" => "libwww-perl","LWP::Authen::Digest" => "libwww-perl","LWP::Authen::Ntlm" => "libwww-perl","LWP::ConnCache" => "libwww-perl","LWP::Debug" => "libwww-perl","LWP::Debug::TraceHTTP" => "libwww-perl","LWP::DebugFile" => "libwww-perl","LWP::MemberMixin" => "libwww-perl","LWP::Protocol" => "libwww-perl","LWP::Protocol::Net::Curl" => "LWP-Protocol-Net-Curl","LWP::Protocol::cpan" => "libwww-perl","LWP::Protocol::data" => "libwww-perl","LWP::Protocol::file" => "libwww-perl","LWP::Protocol::ftp" => "libwww-perl","LWP::Protocol::gopher" => "libwww-perl","LWP::Protocol::http" => "libwww-perl","LWP::Protocol::https" => "LWP-Protocol-https","LWP::Protocol::https::Socket" => "LWP-Protocol-https","LWP::Protocol::ldap" => "perl-ldap","LWP::Protocol::ldapi" => "perl-ldap","LWP::Protocol::ldaps" => "perl-ldap","LWP::Protocol::loopback" => "libwww-perl","LWP::Protocol::mailto" => "libwww-perl","LWP::Protocol::nntp" => "libwww-perl","LWP::Protocol::nogo" => "libwww-perl","LWP::RobotUA" => "libwww-perl","LWP::Simple" => "libwww-perl","LWP::UserAgent" => "libwww-perl","LWP::UserAgent::AtomClient" => "XML-Atom","Legacy::DB::SyntenyBlock" => "GBrowse","Legacy::DB::SyntenyIO" => "GBrowse","Legacy::Graphics::Browser" => "GBrowse","Legacy::Graphics::Browser::I18n" => "GBrowse","Legacy::Graphics::Browser::PageSettings" => "GBrowse","Legacy::Graphics::Browser::Synteny" => "GBrowse","Legacy::Graphics::Browser::Util" => "GBrowse","Legacy::Graphics::BrowserConfig" => "GBrowse","Lemonldap::NG::Common" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Generate::SHA256" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Lock" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::SOAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Serialize::JSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Store" => "Lemonldap-NG-Common","Lemonldap::NG::Common::AuditLogger::UserLoggerCompat" => "Lemonldap-NG-Common","Lemonldap::NG::Common::AuditLogger::UserLoggerJSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Cli" => "Lemonldap-NG-Common","Lemonldap::NG::Common::CliSessions" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Combination::Parser" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::AccessLib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::CDBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::File" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::JSONFile" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::LDAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Local" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::MongoDB" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Overlay" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Patroni" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::RDBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::SOAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::YAMLFile" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::_DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Compact" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::DefaultValues" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::RESTServer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::ReConstants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::SAML::Metadata" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Serializer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Wrapper" => "Lemonldap-NG-Common","Lemonldap::NG::Common::CrowdSec" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Crypto" => "Lemonldap-NG-Common","Lemonldap::NG::Common::EmailAddress" => "Lemonldap-NG-Common","Lemonldap::NG::Common::EmailTransport" => "Lemonldap-NG-Common","Lemonldap::NG::Common::FormEncode" => "Lemonldap-NG-Common","Lemonldap::NG::Common::IPv6" => "Lemonldap-NG-Common","Lemonldap::NG::Common::JWT" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Languages" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Lib::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Apache2" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Dispatch" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Log4perl" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Loki" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::MessageBroker" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Null" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Sentry" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Std" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Syslog" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::_Duplicate" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::MQTT" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::NoBroker" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Pg" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Redis" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Web" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Module" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::File" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::JSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::LDAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::XML" => "Lemonldap-NG-Common","Lemonldap::NG::Common::OpenIDConnect::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::OpenIDConnect::Metadata" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Cli::Lib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Request" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Router" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::SOAPServer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::SOAPService" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Regexp" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Safelib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session::Purge" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::TOTP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::UserAgent" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Util" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Util::Crypto" => "Lemonldap-NG-Common","Lemonldap::NG::DBI::Failed" => "Lemonldap-NG-Common","Lemonldap::NG::Handler" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::FCGIClient" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Menu" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Request" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::PSGI" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::Status" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::StatusConstants" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Init" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::MsgActions" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Reload" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Run" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::SharedVariables" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Router" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Try" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Nginx" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Traefik" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Manager" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::2ndFA" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::2F" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Common" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::History" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Menu::App" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Menu::Cat" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Misc" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::CasApp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::OidcRp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::SamlSp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Attributes" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::Attributes" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::CTrees" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::OpenApi" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::PortalConstants" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::Tree" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli::Lib" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli::Request" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Diff" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Parser" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Tests" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Zero" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Notifications" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Plugin" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Sessions" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Viewer" => "Lemonldap-NG-Manager","Lemonldap::NG::Portal" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Engines::Default" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Ext2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Mail2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Okta" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Password" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Generic" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Password" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::TOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Yubikey" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::TOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::UTOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Yubikey" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Apache" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Facebook" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::GPG" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::GitHub" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Kerberos" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::LinkedIn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::PAM" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Proxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::SSL" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Twitter" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::WebID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::_Ajax" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::_WebForm" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CDC" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::ReCaptcha" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::ReCaptcha3" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::SecurityImage" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::Get" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::JitsiMeetTokens" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::2fDevices" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Captcha" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Code2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Combination::UserLogger" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CrowdSec" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CrowdSecFilter" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CustomModule" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Key" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::LazyLoadedConfiguration" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Net::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Notifications::JSON" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Notifications::XML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OIDCTokenExchange" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Okta" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OneTimeToken" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenID::SREG" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenID::Server" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OtherSessions" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OverConf" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::RESTProxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SMTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SOAPProxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Wrapper" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::_tokenRule" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Auth" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Constants" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Display" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Init" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Issuer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Menu" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Plugin" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Plugins" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Process" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Request" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Run" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::SecondFactor" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::UserDB" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::MenuTab" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AdaptativeAuthenticationLevel" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AdminLogout" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AuthOidcPkce" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AutoSignin" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::BasePasswordPolicy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::BruteForceProtection" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CDA" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CertificateResetByMail" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckDevOps" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckEntropy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckHIBP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckState" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckUser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::ContextSwitching" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CrowdSec" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CrowdSecAgent" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::DecryptValue" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::FindUser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::ForceAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::GlobalLogout" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::GrantSession" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::History" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Impersonation" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::InitializePasswordReset" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::LocationDetect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::MailPasswordReset" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::NewLocationWarning" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Notifications" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OIDCInternalTokenExchange" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OIDCNativeSso" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OidcOfflineTokens" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::PublicNotifications" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::PublicPages" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::RESTServer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Refresh" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Register" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::RememberAuthChoice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SOAPServer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SamlFederation" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SingleSession" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Status" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::StayConnected" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::TrustedBrowser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Upgrade" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::WebCron" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Facebook" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Proxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::WebID" => "Lemonldap-NG-Portal","Lemonldap::NG::SSOaaS::Apache::Client" => "Lemonldap-NG-Handler","Linux::Statm::Tiny" => "Linux-Statm-Tiny","Linux::Statm::Tiny::Mite" => "Linux-Statm-Tiny","Locale::Maketext" => "Locale-Maketext","Locale::Maketext::Guts" => "Locale-Maketext","Locale::Maketext::GutsLoader" => "Locale-Maketext","Log::Any" => "Log-Any","Log::Any::Adapter" => "Log-Any","Log::Any::Adapter::Base" => "Log-Any","Log::Any::Adapter::Capture" => "Log-Any","Log::Any::Adapter::Core" => "Log-Any","Log::Any::Adapter::File" => "Log-Any","Log::Any::Adapter::Multiplex" => "Log-Any","Log::Any::Adapter::Null" => "Log-Any","Log::Any::Adapter::Stderr" => "Log-Any","Log::Any::Adapter::Stdout" => "Log-Any","Log::Any::Adapter::Syslog" => "Log-Any","Log::Any::Adapter::Test" => "Log-Any","Log::Any::Adapter::Util" => "Log-Any","Log::Any::Manager" => "Log-Any","Log::Any::Proxy" => "Log-Any","Log::Any::Proxy::Null" => "Log-Any","Log::Any::Proxy::Test" => "Log-Any","Log::Any::Proxy::WithStackTrace" => "Log-Any","Log::Any::Test" => "Log-Any","MARC::File::XML" => "MARC-File-XML","MDK::Common" => "MDK-Common","MDK::Common::DataStructure" => "MDK-Common","MDK::Common::File" => "MDK-Common","MDK::Common::Func" => "MDK-Common","MDK::Common::Math" => "MDK-Common","MDK::Common::String" => "MDK-Common","MDK::Common::System" => "MDK-Common","MDK::Common::Various" => "MDK-Common","MHonArc::Char" => "MHonArc","MHonArc::Char::JP" => "MHonArc","MHonArc::Char::KR" => "MHonArc","MHonArc::CharEnt" => "MHonArc","MHonArc::CharEnt::AppleArabic" => "MHonArc","MHonArc::CharEnt::AppleCenteuro" => "MHonArc","MHonArc::CharEnt::AppleCroatian" => "MHonArc","MHonArc::CharEnt::AppleCyrillic" => "MHonArc","MHonArc::CharEnt::AppleGreek" => "MHonArc","MHonArc::CharEnt::AppleHebrew" => "MHonArc","MHonArc::CharEnt::AppleIceland" => "MHonArc","MHonArc::CharEnt::AppleRoman" => "MHonArc","MHonArc::CharEnt::AppleRomanian" => "MHonArc","MHonArc::CharEnt::AppleThai" => "MHonArc","MHonArc::CharEnt::AppleTurkish" => "MHonArc","MHonArc::CharEnt::BIG5_ETEN" => "MHonArc","MHonArc::CharEnt::BIG5_HKSCS" => "MHonArc","MHonArc::CharEnt::CP1250" => "MHonArc","MHonArc::CharEnt::CP1251" => "MHonArc","MHonArc::CharEnt::CP1252" => "MHonArc","MHonArc::CharEnt::CP1253" => "MHonArc","MHonArc::CharEnt::CP1254" => "MHonArc","MHonArc::CharEnt::CP1255" => "MHonArc","MHonArc::CharEnt::CP1256" => "MHonArc","MHonArc::CharEnt::CP1257" => "MHonArc","MHonArc::CharEnt::CP1258" => "MHonArc","MHonArc::CharEnt::CP866" => "MHonArc","MHonArc::CharEnt::CP932" => "MHonArc","MHonArc::CharEnt::CP936" => "MHonArc","MHonArc::CharEnt::CP949" => "MHonArc","MHonArc::CharEnt::CP950" => "MHonArc","MHonArc::CharEnt::EUC_JP" => "MHonArc","MHonArc::CharEnt::GB2312" => "MHonArc","MHonArc::CharEnt::GOST19768_87" => "MHonArc","MHonArc::CharEnt::HP_ROMAN8" => "MHonArc","MHonArc::CharEnt::ISO8859_1" => "MHonArc","MHonArc::CharEnt::ISO8859_10" => "MHonArc","MHonArc::CharEnt::ISO8859_11" => "MHonArc","MHonArc::CharEnt::ISO8859_13" => "MHonArc","MHonArc::CharEnt::ISO8859_14" => "MHonArc","MHonArc::CharEnt::ISO8859_15" => "MHonArc","MHonArc::CharEnt::ISO8859_16" => "MHonArc","MHonArc::CharEnt::ISO8859_2" => "MHonArc","MHonArc::CharEnt::ISO8859_3" => "MHonArc","MHonArc::CharEnt::ISO8859_4" => "MHonArc","MHonArc::CharEnt::ISO8859_5" => "MHonArc","MHonArc::CharEnt::ISO8859_6" => "MHonArc","MHonArc::CharEnt::ISO8859_7" => "MHonArc","MHonArc::CharEnt::ISO8859_8" => "MHonArc","MHonArc::CharEnt::ISO8859_9" => "MHonArc","MHonArc::CharEnt::KOI8_A" => "MHonArc","MHonArc::CharEnt::KOI8_B" => "MHonArc","MHonArc::CharEnt::KOI8_E" => "MHonArc","MHonArc::CharEnt::KOI8_F" => "MHonArc","MHonArc::CharEnt::KOI8_R" => "MHonArc","MHonArc::CharEnt::KOI8_U" => "MHonArc","MHonArc::CharEnt::KOI_0" => "MHonArc","MHonArc::CharEnt::KOI_7" => "MHonArc","MHonArc::CharEnt::VISCII" => "MHonArc","MHonArc::CharMaps" => "MHonArc","MHonArc::Encode" => "MHonArc","MHonArc::RFC822" => "MHonArc","MHonArc::UTF8" => "MHonArc","MHonArc::UTF8::AppleArabic" => "MHonArc","MHonArc::UTF8::AppleCenteuro" => "MHonArc","MHonArc::UTF8::AppleCroatian" => "MHonArc","MHonArc::UTF8::AppleCyrillic" => "MHonArc","MHonArc::UTF8::AppleGreek" => "MHonArc","MHonArc::UTF8::AppleHebrew" => "MHonArc","MHonArc::UTF8::AppleIceland" => "MHonArc","MHonArc::UTF8::AppleRoman" => "MHonArc","MHonArc::UTF8::AppleRomanian" => "MHonArc","MHonArc::UTF8::AppleThai" => "MHonArc","MHonArc::UTF8::AppleTurkish" => "MHonArc","MHonArc::UTF8::BIG5_ETEN" => "MHonArc","MHonArc::UTF8::BIG5_HKSCS" => "MHonArc","MHonArc::UTF8::CP1250" => "MHonArc","MHonArc::UTF8::CP1251" => "MHonArc","MHonArc::UTF8::CP1252" => "MHonArc","MHonArc::UTF8::CP1253" => "MHonArc","MHonArc::UTF8::CP1254" => "MHonArc","MHonArc::UTF8::CP1255" => "MHonArc","MHonArc::UTF8::CP1256" => "MHonArc","MHonArc::UTF8::CP1257" => "MHonArc","MHonArc::UTF8::CP1258" => "MHonArc","MHonArc::UTF8::CP866" => "MHonArc","MHonArc::UTF8::CP932" => "MHonArc","MHonArc::UTF8::CP936" => "MHonArc","MHonArc::UTF8::CP949" => "MHonArc","MHonArc::UTF8::CP950" => "MHonArc","MHonArc::UTF8::EUC_JP" => "MHonArc","MHonArc::UTF8::Encode" => "MHonArc","MHonArc::UTF8::GB2312" => "MHonArc","MHonArc::UTF8::GOST19768_87" => "MHonArc","MHonArc::UTF8::HP_ROMAN8" => "MHonArc","MHonArc::UTF8::ISO8859_1" => "MHonArc","MHonArc::UTF8::ISO8859_10" => "MHonArc","MHonArc::UTF8::ISO8859_11" => "MHonArc","MHonArc::UTF8::ISO8859_13" => "MHonArc","MHonArc::UTF8::ISO8859_14" => "MHonArc","MHonArc::UTF8::ISO8859_15" => "MHonArc","MHonArc::UTF8::ISO8859_16" => "MHonArc","MHonArc::UTF8::ISO8859_2" => "MHonArc","MHonArc::UTF8::ISO8859_3" => "MHonArc","MHonArc::UTF8::ISO8859_4" => "MHonArc","MHonArc::UTF8::ISO8859_5" => "MHonArc","MHonArc::UTF8::ISO8859_6" => "MHonArc","MHonArc::UTF8::ISO8859_7" => "MHonArc","MHonArc::UTF8::ISO8859_8" => "MHonArc","MHonArc::UTF8::ISO8859_9" => "MHonArc","MHonArc::UTF8::KOI8_A" => "MHonArc","MHonArc::UTF8::KOI8_B" => "MHonArc","MHonArc::UTF8::KOI8_E" => "MHonArc","MHonArc::UTF8::KOI8_F" => "MHonArc","MHonArc::UTF8::KOI8_R" => "MHonArc","MHonArc::UTF8::KOI8_U" => "MHonArc","MHonArc::UTF8::KOI_0" => "MHonArc","MHonArc::UTF8::KOI_7" => "MHonArc","MHonArc::UTF8::MapUTF8" => "MHonArc","MHonArc::UTF8::MhaEncode" => "MHonArc","MHonArc::UTF8::VISCII" => "MHonArc","MIME::Body" => "MIME-tools","MIME::Body::File" => "MIME-tools","MIME::Body::InCore" => "MIME-tools","MIME::Body::Scalar" => "MIME-tools","MIME::Decoder" => "MIME-tools","MIME::Decoder::Base64" => "MIME-tools","MIME::Decoder::BinHex" => "MIME-tools","MIME::Decoder::Binary" => "MIME-tools","MIME::Decoder::Gzip64" => "MIME-tools","MIME::Decoder::NBit" => "MIME-tools","MIME::Decoder::QuotedPrint" => "MIME-tools","MIME::Decoder::UU" => "MIME-tools","MIME::Entity" => "MIME-tools","MIME::Field::ConTraEnc" => "MIME-tools","MIME::Field::ContDisp" => "MIME-tools","MIME::Field::ContType" => "MIME-tools","MIME::Field::ParamVal" => "MIME-tools","MIME::Head" => "MIME-tools","MIME::Parser" => "MIME-tools","MIME::Parser::FileInto" => "MIME-tools","MIME::Parser::FileUnder" => "MIME-tools","MIME::Parser::Filer" => "MIME-tools","MIME::Parser::InnerFile" => "MIME-tools","MIME::Parser::Reader" => "MIME-tools","MIME::Parser::Results" => "MIME-tools","MIME::ToolUtils" => "MIME-tools","MIME::Tools" => "MIME-tools","MIME::WordDecoder" => "MIME-tools","MIME::WordDecoder::ISO_8859" => "MIME-tools","MIME::WordDecoder::US_ASCII" => "MIME-tools","MIME::WordDecoder::UTF_8" => "MIME-tools","MIME::Words" => "MIME-tools","MM" => "ExtUtils-MakeMaker","MY" => "ExtUtils-MakeMaker","Mail::Address" => "MailTools","Mail::Audit" => "Mail-Audit","Mail::Audit::KillDups" => "Mail-Audit","Mail::Audit::MAPS" => "Mail-Audit","Mail::Audit::MailInternet" => "Mail-Audit","Mail::Audit::MimeEntity" => "Mail-Audit","Mail::Audit::Util::Tempdir" => "Mail-Audit","Mail::Audit::Vacation" => "Mail-Audit","Mail::Cap" => "MailTools","Mail::Field" => "MailTools","Mail::Field::AddrList" => "MailTools","Mail::Field::Date" => "MailTools","Mail::Field::Generic" => "MailTools","Mail::Filter" => "MailTools","Mail::Header" => "MailTools","Mail::Internet" => "MailTools","Mail::Mailer" => "MailTools","Mail::Mailer::qmail" => "MailTools","Mail::Mailer::rfc822" => "MailTools","Mail::Mailer::sendmail" => "MailTools","Mail::Mailer::smtp" => "MailTools","Mail::Mailer::smtp::pipe" => "MailTools","Mail::Mailer::smtps" => "MailTools","Mail::Mailer::smtps::pipe" => "MailTools","Mail::Mailer::testfile" => "MailTools","Mail::Mailer::testfile::pipe" => "MailTools","Mail::Send" => "MailTools","Mail::Util" => "MailTools","MailTools" => "MailTools","Maintainers" => "perl","MarpaX::ESLIF" => "MarpaX-ESLIF","MarpaX::ESLIF::Base" => "MarpaX-ESLIF","MarpaX::ESLIF::Event::Type" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Rule::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Symbol::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Decoder" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Decoder::RecognizerInterface" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Encoder" => "MarpaX-ESLIF","MarpaX::ESLIF::Logger::Level" => "MarpaX-ESLIF","MarpaX::ESLIF::Recognizer" => "MarpaX-ESLIF","MarpaX::ESLIF::RegexCallout" => "MarpaX-ESLIF","MarpaX::ESLIF::Rule::PropertyBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::String" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::EventBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::PropertyBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::Type" => "MarpaX-ESLIF","MarpaX::ESLIF::Value" => "MarpaX-ESLIF","MarpaX::ESLIF::Value::Type" => "MarpaX-ESLIF","Math::BigInt::LTM" => "CryptX","Maypole" => "Maypole","Maypole::Application" => "Maypole","Maypole::CLI" => "Maypole","Maypole::Config" => "Maypole","Maypole::Constants" => "Maypole","Maypole::Headers" => "Maypole","Maypole::Model::Base" => "Maypole","Maypole::Model::CDBI" => "Maypole","Maypole::Model::CDBI::AsForm" => "Maypole","Maypole::Model::CDBI::Base" => "Maypole","Maypole::Model::CDBI::DFV" => "Maypole","Maypole::Model::CDBI::FromCGI" => "Maypole","Maypole::Model::CDBI::Plain" => "Maypole","Maypole::Session" => "Maypole","Maypole::View::Base" => "Maypole","Maypole::View::TT" => "Maypole","MicroWiki::Controllers" => "Squatting","MicroWiki::Views" => "Squatting","Mite" => "Mite","Mite::App" => "Mite","Mite::App::Command" => "Mite","Mite::App::Command::clean" => "Mite","Mite::App::Command::compile" => "Mite","Mite::App::Command::exec" => "Mite","Mite::App::Command::init" => "Mite","Mite::App::Command::preview" => "Mite","Mite::Attribute" => "Mite","Mite::Attribute::SHV::CodeGen" => "Mite","Mite::Class" => "Mite","Mite::Compiled" => "Mite","Mite::Config" => "Mite","Mite::MakeMaker" => "Mite","Mite::Miteception" => "Mite","Mite::ModuleBuild" => "Mite","Mite::Package" => "Mite","Mite::Project" => "Mite","Mite::Role" => "Mite","Mite::Role::Tiny" => "Mite","Mite::Shim" => "Mite","Mite::Signature" => "Mite","Mite::Signature::Compiler" => "Mite","Mite::Source" => "Mite","Mite::Trait::HasAttributes" => "Mite","Mite::Trait::HasConstructor" => "Mite","Mite::Trait::HasDestructor" => "Mite","Mite::Trait::HasMOP" => "Mite","Mite::Trait::HasMethods" => "Mite","Mite::Trait::HasRequiredMethods" => "Mite","Mite::Trait::HasRoles" => "Mite","Mite::Trait::HasSuperclasses" => "Mite","Mite::Types" => "Mite","ModPerl::BuildMM" => "mod_perl","ModPerl::BuildOptions" => "mod_perl","ModPerl::CScan" => "mod_perl","ModPerl::Code" => "mod_perl","ModPerl::Config" => "mod_perl","ModPerl::FunctionMap" => "mod_perl","ModPerl::FunctionTable" => "mod_perl","ModPerl::Global" => "mod_perl","ModPerl::InterpPool" => "mod_perl","ModPerl::Interpreter" => "mod_perl","ModPerl::MM" => "mod_perl","ModPerl::Manifest" => "mod_perl","ModPerl::MapBase" => "mod_perl","ModPerl::MapUtil" => "mod_perl","ModPerl::MethodLookup" => "mod_perl","ModPerl::ParseSource" => "mod_perl","ModPerl::PerlRun" => "mod_perl","ModPerl::PerlRunPrefork" => "mod_perl","ModPerl::Registry" => "mod_perl","ModPerl::RegistryBB" => "mod_perl","ModPerl::RegistryCooker" => "mod_perl","ModPerl::RegistryLoader" => "mod_perl","ModPerl::RegistryPrefork" => "mod_perl","ModPerl::StructureMap" => "mod_perl","ModPerl::TestConfig" => "mod_perl","ModPerl::TestReport" => "mod_perl","ModPerl::TestRun" => "mod_perl","ModPerl::TiPool" => "mod_perl","ModPerl::TiPoolConfig" => "mod_perl","ModPerl::TypeMap" => "mod_perl","ModPerl::Util" => "mod_perl","ModPerl::WrapXS" => "mod_perl","Module::Load::Conditional" => "Module-Load-Conditional","Module::Metadata" => "Module-Metadata","Module::Provision" => "Module-Provision","Module::Provision::Base" => "Module-Provision","Module::Provision::Config" => "Module-Provision","Module::Provision::MetaData" => "Module-Provision","Module::Provision::TraitFor::AddingFiles" => "Module-Provision","Module::Provision::TraitFor::Badges" => "Module-Provision","Module::Provision::TraitFor::CPANDistributions" => "Module-Provision","Module::Provision::TraitFor::CreatingDistributions" => "Module-Provision","Module::Provision::TraitFor::EnvControl" => "Module-Provision","Module::Provision::TraitFor::PrereqDifferences" => "Module-Provision","Module::Provision::TraitFor::Rendering" => "Module-Provision","Module::Provision::TraitFor::UpdatingContent" => "Module-Provision","Module::Provision::TraitFor::VCS" => "Module-Provision","Module::ScanDeps" => "Module-ScanDeps","Module::Signature" => "Module-Signature","Mojo" => "Mojolicious","Mojo::Asset" => "Mojolicious","Mojo::Asset::File" => "Mojolicious","Mojo::Asset::Memory" => "Mojolicious","Mojo::Base" => "Mojolicious","Mojo::BaseUtil" => "Mojolicious","Mojo::ByteStream" => "Mojolicious","Mojo::Cache" => "Mojolicious","Mojo::Collection" => "Mojolicious","Mojo::Collection::Role::Extra" => "Mojo-DOM-Role-Analyzer","Mojo::Content" => "Mojolicious","Mojo::Content::MultiPart" => "Mojolicious","Mojo::Content::Single" => "Mojolicious","Mojo::Cookie" => "Mojolicious","Mojo::Cookie::Request" => "Mojolicious","Mojo::Cookie::Response" => "Mojolicious","Mojo::DOM" => "Mojolicious","Mojo::DOM::CSS" => "Mojolicious","Mojo::DOM::HTML" => "Mojolicious","Mojo::DOM::Role::Analyzer" => "Mojo-DOM-Role-Analyzer","Mojo::Date" => "Mojolicious","Mojo::DynamicMethods" => "Mojolicious","Mojo::EventEmitter" => "Mojolicious","Mojo::Exception" => "Mojolicious","Mojo::Exception::_Guard" => "Mojolicious","Mojo::File" => "Mojolicious","Mojo::Headers" => "Mojolicious","Mojo::HelloWorld" => "Mojolicious","Mojo::Home" => "Mojolicious","Mojo::IOLoop" => "Mojolicious","Mojo::IOLoop::Client" => "Mojolicious","Mojo::IOLoop::Server" => "Mojolicious","Mojo::IOLoop::Stream" => "Mojolicious","Mojo::IOLoop::Subprocess" => "Mojolicious","Mojo::IOLoop::TLS" => "Mojolicious","Mojo::JSON" => "Mojolicious","Mojo::JSON::Pointer" => "Mojolicious","Mojo::Loader" => "Mojolicious","Mojo::Log" => "Mojolicious","Mojo::Message" => "Mojolicious","Mojo::Message::Request" => "Mojolicious","Mojo::Message::Response" => "Mojolicious","Mojo::Parameters" => "Mojolicious","Mojo::Path" => "Mojolicious","Mojo::Promise" => "Mojolicious","Mojo::Reactor" => "Mojolicious","Mojo::Reactor::EV" => "Mojolicious","Mojo::Reactor::Poll" => "Mojolicious","Mojo::SSE" => "Mojolicious","Mojo::Server" => "Mojolicious","Mojo::Server::CGI" => "Mojolicious","Mojo::Server::Daemon" => "Mojolicious","Mojo::Server::Hypnotoad" => "Mojolicious","Mojo::Server::Morbo" => "Mojolicious","Mojo::Server::Morbo::Backend" => "Mojolicious","Mojo::Server::Morbo::Backend::Poll" => "Mojolicious","Mojo::Server::PSGI" => "Mojolicious","Mojo::Server::PSGI::_IO" => "Mojolicious","Mojo::Server::Prefork" => "Mojolicious","Mojo::Template" => "Mojolicious","Mojo::Transaction" => "Mojolicious","Mojo::Transaction::HTTP" => "Mojolicious","Mojo::Transaction::WebSocket" => "Mojolicious","Mojo::URL" => "Mojolicious","Mojo::Upload" => "Mojolicious","Mojo::UserAgent" => "Mojolicious","Mojo::UserAgent::CookieJar" => "Mojolicious","Mojo::UserAgent::Proxy" => "Mojolicious","Mojo::UserAgent::Server" => "Mojolicious","Mojo::UserAgent::Transactor" => "Mojolicious","Mojo::Util" => "Mojolicious","Mojo::WebSocket" => "Mojolicious","MojoMojo" => "MojoMojo","MojoMojo::Controller::Admin" => "MojoMojo","MojoMojo::Controller::Attachment" => "MojoMojo","MojoMojo::Controller::Comment" => "MojoMojo","MojoMojo::Controller::Export" => "MojoMojo","MojoMojo::Controller::Gallery" => "MojoMojo","MojoMojo::Controller::Image" => "MojoMojo","MojoMojo::Controller::JSON" => "MojoMojo","MojoMojo::Controller::Journal" => "MojoMojo","MojoMojo::Controller::Jsrpc" => "MojoMojo","MojoMojo::Controller::Page" => "MojoMojo","MojoMojo::Controller::PageAdmin" => "MojoMojo","MojoMojo::Controller::Root" => "MojoMojo","MojoMojo::Controller::Tag" => "MojoMojo","MojoMojo::Controller::User" => "MojoMojo","MojoMojo::Declaw" => "MojoMojo","MojoMojo::Extension" => "MojoMojo","MojoMojo::Extensions::Counter" => "MojoMojo","MojoMojo::Formatter" => "MojoMojo","MojoMojo::Formatter::Amazon" => "MojoMojo","MojoMojo::Formatter::CPANHyperlink" => "MojoMojo","MojoMojo::Formatter::Comment" => "MojoMojo","MojoMojo::Formatter::Defang" => "MojoMojo","MojoMojo::Formatter::Dir" => "MojoMojo","MojoMojo::Formatter::DocBook" => "MojoMojo","MojoMojo::Formatter::DocBook::Colorize" => "MojoMojo","MojoMojo::Formatter::Emote" => "MojoMojo","MojoMojo::Formatter::File" => "MojoMojo","MojoMojo::Formatter::File::DocBook" => "MojoMojo","MojoMojo::Formatter::File::Image" => "MojoMojo","MojoMojo::Formatter::File::Pod" => "MojoMojo","MojoMojo::Formatter::File::Test" => "MojoMojo","MojoMojo::Formatter::File::Text" => "MojoMojo","MojoMojo::Formatter::Gist" => "MojoMojo","MojoMojo::Formatter::GoogleCalendar" => "MojoMojo","MojoMojo::Formatter::GoogleSearch" => "MojoMojo","MojoMojo::Formatter::IDLink" => "MojoMojo","MojoMojo::Formatter::IRCLog" => "MojoMojo","MojoMojo::Formatter::Include" => "MojoMojo","MojoMojo::Formatter::Main" => "MojoMojo","MojoMojo::Formatter::Markdown" => "MojoMojo","MojoMojo::Formatter::Pod" => "MojoMojo","MojoMojo::Formatter::Pod::Simple::HTML" => "MojoMojo","MojoMojo::Formatter::RSS" => "MojoMojo","MojoMojo::Formatter::Redirect" => "MojoMojo","MojoMojo::Formatter::SyntaxHighlight" => "MojoMojo","MojoMojo::Formatter::TOC" => "MojoMojo","MojoMojo::Formatter::Text" => "MojoMojo","MojoMojo::Formatter::Textile" => "MojoMojo","MojoMojo::Formatter::Wiki" => "MojoMojo","MojoMojo::Formatter::WikipediaLink" => "MojoMojo","MojoMojo::Formatter::YouTube" => "MojoMojo","MojoMojo::I18N" => "MojoMojo","MojoMojo::Model::DBIC" => "MojoMojo","MojoMojo::Model::Search" => "MojoMojo","MojoMojo::Model::Themes" => "MojoMojo","MojoMojo::Schema" => "MojoMojo","MojoMojo::Schema::Base::Result" => "MojoMojo","MojoMojo::Schema::Base::ResultSet" => "MojoMojo","MojoMojo::Schema::Result::Attachment" => "MojoMojo","MojoMojo::Schema::Result::Comment" => "MojoMojo","MojoMojo::Schema::Result::Content" => "MojoMojo","MojoMojo::Schema::Result::Entry" => "MojoMojo","MojoMojo::Schema::Result::Journal" => "MojoMojo","MojoMojo::Schema::Result::Link" => "MojoMojo","MojoMojo::Schema::Result::Page" => "MojoMojo","MojoMojo::Schema::Result::PageVersion" => "MojoMojo","MojoMojo::Schema::Result::PathPermissions" => "MojoMojo","MojoMojo::Schema::Result::Person" => "MojoMojo","MojoMojo::Schema::Result::Photo" => "MojoMojo","MojoMojo::Schema::Result::Preference" => "MojoMojo","MojoMojo::Schema::Result::Role" => "MojoMojo","MojoMojo::Schema::Result::RoleMember" => "MojoMojo","MojoMojo::Schema::Result::RolePrivilege" => "MojoMojo","MojoMojo::Schema::Result::Tag" => "MojoMojo","MojoMojo::Schema::Result::WantedPage" => "MojoMojo","MojoMojo::Schema::ResultSet::Attachment" => "MojoMojo","MojoMojo::Schema::ResultSet::Content" => "MojoMojo","MojoMojo::Schema::ResultSet::Page" => "MojoMojo","MojoMojo::Schema::ResultSet::Person" => "MojoMojo","MojoMojo::Schema::ResultSet::Role" => "MojoMojo","MojoMojo::Schema::ResultSet::Tag" => "MojoMojo","MojoMojo::View::Email" => "MojoMojo","MojoMojo::View::JSON" => "MojoMojo","MojoMojo::View::TT" => "MojoMojo","MojoMojo::WordDiff" => "MojoMojo","Mojolicious" => "Mojolicious","Mojolicious::Command" => "Mojolicious","Mojolicious::Command::Author::cpanify" => "Mojolicious","Mojolicious::Command::Author::generate" => "Mojolicious","Mojolicious::Command::Author::generate::app" => "Mojolicious","Mojolicious::Command::Author::generate::dockerfile" => "Mojolicious","Mojolicious::Command::Author::generate::lite_app" => "Mojolicious","Mojolicious::Command::Author::generate::makefile" => "Mojolicious","Mojolicious::Command::Author::generate::plugin" => "Mojolicious","Mojolicious::Command::Author::inflate" => "Mojolicious","Mojolicious::Command::cgi" => "Mojolicious","Mojolicious::Command::cpanify" => "Mojolicious","Mojolicious::Command::daemon" => "Mojolicious","Mojolicious::Command::eval" => "Mojolicious","Mojolicious::Command::generate" => "Mojolicious","Mojolicious::Command::generate::app" => "Mojolicious","Mojolicious::Command::generate::lite_app" => "Mojolicious","Mojolicious::Command::generate::makefile" => "Mojolicious","Mojolicious::Command::generate::plugin" => "Mojolicious","Mojolicious::Command::get" => "Mojolicious","Mojolicious::Command::inflate" => "Mojolicious","Mojolicious::Command::prefork" => "Mojolicious","Mojolicious::Command::psgi" => "Mojolicious","Mojolicious::Command::routes" => "Mojolicious","Mojolicious::Command::test" => "Mojolicious","Mojolicious::Command::version" => "Mojolicious","Mojolicious::Commands" => "Mojolicious","Mojolicious::Controller" => "Mojolicious","Mojolicious::Lite" => "Mojolicious","Mojolicious::Plugin" => "Mojolicious","Mojolicious::Plugin::CSRF" => "Mojolicious-Plugin-CSRF","Mojolicious::Plugin::CSRF::Base" => "Mojolicious-Plugin-CSRF","Mojolicious::Plugin::CaptchaPNG" => "Mojolicious-Plugin-CaptchaPNG","Mojolicious::Plugin::Config" => "Mojolicious","Mojolicious::Plugin::Config::Sandbox" => "Mojolicious","Mojolicious::Plugin::DefaultHelpers" => "Mojolicious","Mojolicious::Plugin::EPLRenderer" => "Mojolicious","Mojolicious::Plugin::EPRenderer" => "Mojolicious","Mojolicious::Plugin::HeaderCondition" => "Mojolicious","Mojolicious::Plugin::JSONConfig" => "Mojolicious","Mojolicious::Plugin::Mount" => "Mojolicious","Mojolicious::Plugin::NotYAMLConfig" => "Mojolicious","Mojolicious::Plugin::OAuth2" => "Mojolicious-Plugin-OAuth2","Mojolicious::Plugin::OAuth2::Mock" => "Mojolicious-Plugin-OAuth2","Mojolicious::Plugin::PODRenderer" => "Mojolicious","Mojolicious::Plugin::TagHelpers" => "Mojolicious","Mojolicious::Plugin::Yancy" => "Yancy","Mojolicious::Plugins" => "Mojolicious","Mojolicious::Renderer" => "Mojolicious","Mojolicious::Routes" => "Mojolicious","Mojolicious::Routes::Match" => "Mojolicious","Mojolicious::Routes::Pattern" => "Mojolicious","Mojolicious::Routes::Route" => "Mojolicious","Mojolicious::Sessions" => "Mojolicious","Mojolicious::Static" => "Mojolicious","Mojolicious::Types" => "Mojolicious","Mojolicious::Validator" => "Mojolicious","Mojolicious::Validator::Validation" => "Mojolicious","Moped::Msg" => "perl","Moxy" => "Moxy","Moxy::Attribute::CarrierHook" => "Moxy","Moxy::Component::Context" => "Moxy","Moxy::Plugin" => "Moxy","Moxy::Plugin::AuthorizationCutter" => "Moxy","Moxy::Plugin::Bookmark" => "Moxy","Moxy::Plugin::ControlPanel" => "Moxy","Moxy::Plugin::CookieCutter" => "Moxy","Moxy::Plugin::DisableTableTag" => "Moxy","Moxy::Plugin::DisplayWidth" => "Moxy","Moxy::Plugin::FlashUseImgTag" => "Moxy","Moxy::Plugin::GPS" => "Moxy","Moxy::Plugin::GPS::AirHPhone" => "Moxy","Moxy::Plugin::GPS::DoCoMo" => "Moxy","Moxy::Plugin::GPS::EZweb" => "Moxy","Moxy::Plugin::GPS::ThirdForce" => "Moxy","Moxy::Plugin::HTTPHeader" => "Moxy","Moxy::Plugin::Hosts" => "Moxy","Moxy::Plugin::LocationBar" => "Moxy","Moxy::Plugin::OpenSocial" => "Moxy","Moxy::Plugin::Pictogram" => "Moxy","Moxy::Plugin::QRCode" => "Moxy","Moxy::Plugin::RefererCutter" => "Moxy","Moxy::Plugin::RelativeLocation" => "Moxy","Moxy::Plugin::ResponseTime" => "Moxy","Moxy::Plugin::Scrubber" => "Moxy","Moxy::Plugin::ShowHTMLSource" => "Moxy","Moxy::Plugin::ShowHTTPHeaders" => "Moxy","Moxy::Plugin::Status::401" => "Moxy","Moxy::Plugin::Status::404" => "Moxy","Moxy::Plugin::Status::500" => "Moxy","Moxy::Plugin::StripScripts" => "Moxy","Moxy::Plugin::UserAgentSwitcher" => "Moxy","Moxy::Plugin::UserID" => "Moxy","Moxy::Plugin::XMLisHTML" => "Moxy","Moxy::Request" => "Moxy","Moxy::Session::State::BasicAuth" => "Moxy","Moxy::Util" => "Moxy","Mozilla::CA" => "Mozilla-CA","My::Chat" => "SOAP-Lite","My::Examples" => "SOAP-Lite","My::Parameters" => "SOAP-Lite","My::PersistentIterator" => "SOAP-Lite","My::PingPong" => "SOAP-Lite","My::SessionIterator" => "SOAP-Lite","My::TAP::Parser::Iterator::Process::LSF" => "UR","My::TAP::Parser::IteratorFactory::LSF" => "UR","My::TAP::Parser::Multiplexer" => "UR","My::TAP::Parser::Scheduler" => "UR","My::TAP::Parser::Timer" => "UR","MyFeatureFileLoader" => "GBrowse","MySQL::Admin" => "MySQL-Admin","MySQL::Admin::Actions" => "MySQL-Admin","MySQL::Admin::Config" => "MySQL-Admin","MySQL::Admin::Documentation" => "MySQL-Admin","MySQL::Admin::GUI" => "MySQL-Admin","MySQL::Admin::Session" => "MySQL-Admin","MySQL::Admin::Settings" => "MySQL-Admin","MySQL::Admin::Translate" => "MySQL-Admin","MySession" => "App-Netdisco","MyStripScripts" => "HTML-StripScripts","MyTestModule" => "perl","Mysql" => "DBD-mysql","Mysql::Statement" => "DBD-mysql","Mysql::db" => "DBD-mysql","Mysql::dr" => "DBD-mysql","Mysql::st" => "DBD-mysql","NDBM_File" => "perl","Net::CIDR" => "Net-CIDR","Net::CIDR::Lite" => "Net-CIDR-Lite","Net::CIDR::Lite::Span" => "Net-CIDR-Lite","Net::CIDR::Set" => "Net-CIDR-Set","Net::CIDR::Set::IPv4" => "Net-CIDR-Set","Net::CIDR::Set::IPv6" => "Net-CIDR-Set","Net::DNS" => "Net-DNS","Net::DNS::Domain" => "Net-DNS","Net::DNS::DomainName" => "Net-DNS","Net::DNS::DomainName1035" => "Net-DNS","Net::DNS::DomainName2535" => "Net-DNS","Net::DNS::Header" => "Net-DNS","Net::DNS::Mailbox" => "Net-DNS","Net::DNS::Mailbox1035" => "Net-DNS","Net::DNS::Mailbox2535" => "Net-DNS","Net::DNS::Nameserver" => "Net-DNS","Net::DNS::Packet" => "Net-DNS","Net::DNS::Parameters" => "Net-DNS","Net::DNS::Question" => "Net-DNS","Net::DNS::RR" => "Net-DNS","Net::DNS::RR::A" => "Net-DNS","Net::DNS::RR::AAAA" => "Net-DNS","Net::DNS::RR::AFSDB" => "Net-DNS","Net::DNS::RR::AMTRELAY" => "Net-DNS","Net::DNS::RR::APL" => "Net-DNS","Net::DNS::RR::APL::Item" => "Net-DNS","Net::DNS::RR::CAA" => "Net-DNS","Net::DNS::RR::CDNSKEY" => "Net-DNS","Net::DNS::RR::CDS" => "Net-DNS","Net::DNS::RR::CERT" => "Net-DNS","Net::DNS::RR::CNAME" => "Net-DNS","Net::DNS::RR::CSYNC" => "Net-DNS","Net::DNS::RR::DELEG" => "Net-DNS","Net::DNS::RR::DELEGI" => "Net-DNS","Net::DNS::RR::DHCID" => "Net-DNS","Net::DNS::RR::DLV" => "Net-DNS","Net::DNS::RR::DNAME" => "Net-DNS","Net::DNS::RR::DNSKEY" => "Net-DNS","Net::DNS::RR::DS" => "Net-DNS","Net::DNS::RR::DSYNC" => "Net-DNS","Net::DNS::RR::EUI48" => "Net-DNS","Net::DNS::RR::EUI64" => "Net-DNS","Net::DNS::RR::GPOS" => "Net-DNS","Net::DNS::RR::HINFO" => "Net-DNS","Net::DNS::RR::HIP" => "Net-DNS","Net::DNS::RR::HTTPS" => "Net-DNS","Net::DNS::RR::IPSECKEY" => "Net-DNS","Net::DNS::RR::ISDN" => "Net-DNS","Net::DNS::RR::KEY" => "Net-DNS","Net::DNS::RR::KX" => "Net-DNS","Net::DNS::RR::L32" => "Net-DNS","Net::DNS::RR::L64" => "Net-DNS","Net::DNS::RR::LOC" => "Net-DNS","Net::DNS::RR::LP" => "Net-DNS","Net::DNS::RR::MB" => "Net-DNS","Net::DNS::RR::MG" => "Net-DNS","Net::DNS::RR::MINFO" => "Net-DNS","Net::DNS::RR::MR" => "Net-DNS","Net::DNS::RR::MX" => "Net-DNS","Net::DNS::RR::NAPTR" => "Net-DNS","Net::DNS::RR::NID" => "Net-DNS","Net::DNS::RR::NS" => "Net-DNS","Net::DNS::RR::NSEC" => "Net-DNS","Net::DNS::RR::NSEC3" => "Net-DNS","Net::DNS::RR::NSEC3PARAM" => "Net-DNS","Net::DNS::RR::NULL" => "Net-DNS","Net::DNS::RR::OPENPGPKEY" => "Net-DNS","Net::DNS::RR::OPT" => "Net-DNS","Net::DNS::RR::OPT::CHAIN" => "Net-DNS","Net::DNS::RR::OPT::CLIENT_SUBNET" => "Net-DNS","Net::DNS::RR::OPT::COOKIE" => "Net-DNS","Net::DNS::RR::OPT::DAU" => "Net-DNS","Net::DNS::RR::OPT::DHU" => "Net-DNS","Net::DNS::RR::OPT::EXPIRE" => "Net-DNS","Net::DNS::RR::OPT::EXTENDED_ERROR" => "Net-DNS","Net::DNS::RR::OPT::KEY_TAG" => "Net-DNS","Net::DNS::RR::OPT::N3U" => "Net-DNS","Net::DNS::RR::OPT::NSID" => "Net-DNS","Net::DNS::RR::OPT::PADDING" => "Net-DNS","Net::DNS::RR::OPT::REPORT_CHANNEL" => "Net-DNS","Net::DNS::RR::OPT::TCP_KEEPALIVE" => "Net-DNS","Net::DNS::RR::OPT::ZONEVERSION" => "Net-DNS","Net::DNS::RR::PTR" => "Net-DNS","Net::DNS::RR::PX" => "Net-DNS","Net::DNS::RR::RESINFO" => "Net-DNS","Net::DNS::RR::RP" => "Net-DNS","Net::DNS::RR::RRSIG" => "Net-DNS","Net::DNS::RR::RT" => "Net-DNS","Net::DNS::RR::SIG" => "Net-DNS","Net::DNS::RR::SMIMEA" => "Net-DNS","Net::DNS::RR::SOA" => "Net-DNS","Net::DNS::RR::SPF" => "Net-DNS","Net::DNS::RR::SRV" => "Net-DNS","Net::DNS::RR::SSHFP" => "Net-DNS","Net::DNS::RR::SVCB" => "Net-DNS","Net::DNS::RR::TKEY" => "Net-DNS","Net::DNS::RR::TLSA" => "Net-DNS","Net::DNS::RR::TSIG" => "Net-DNS","Net::DNS::RR::TXT" => "Net-DNS","Net::DNS::RR::URI" => "Net-DNS","Net::DNS::RR::X25" => "Net-DNS","Net::DNS::RR::ZONEMD" => "Net-DNS","Net::DNS::Resolver" => "Net-DNS","Net::DNS::Resolver::Base" => "Net-DNS","Net::DNS::Resolver::MSWin32" => "Net-DNS","Net::DNS::Resolver::Recurse" => "Net-DNS","Net::DNS::Resolver::UNIX" => "Net-DNS","Net::DNS::Resolver::android" => "Net-DNS","Net::DNS::Resolver::cygwin" => "Net-DNS","Net::DNS::Resolver::os2" => "Net-DNS","Net::DNS::Resolver::os390" => "Net-DNS","Net::DNS::Text" => "Net-DNS","Net::DNS::Update" => "Net-DNS","Net::DNS::ZoneFile" => "Net-DNS","Net::DNS::ZoneFile::Generator" => "Net-DNS","Net::DNS::ZoneFile::Text" => "Net-DNS","Net::Dropbear" => "Net-Dropbear","Net::Dropbear::SSH" => "Net-Dropbear","Net::Dropbear::SSHd" => "Net-Dropbear","Net::Dropbear::XS" => "Net-Dropbear","Net::Dropbear::XS::AuthState" => "Net-Dropbear","Net::Dropbear::XS::SessionAccept" => "Net-Dropbear","Net::Dropbox::API" => "Net-Dropbox-API","Net::EasyTCP" => "EasyTCP","Net::IP::LPM" => "Net-IP-LPM","Net::IPAddress::Util" => "Net-IPAddress-Util","Net::IPAddress::Util::Collection" => "Net-IPAddress-Util","Net::IPAddress::Util::Collection::Tie" => "Net-IPAddress-Util","Net::IPAddress::Util::Range" => "Net-IPAddress-Util","Net::IPv4Addr" => "Net-IPv4Addr","Net::LDAP" => "perl-ldap","Net::LDAP::ASN" => "perl-ldap","Net::LDAP::Bind" => "perl-ldap","Net::LDAP::Constant" => "perl-ldap","Net::LDAP::Control" => "perl-ldap","Net::LDAP::Control::Assertion" => "perl-ldap","Net::LDAP::Control::DontUseCopy" => "perl-ldap","Net::LDAP::Control::EntryChange" => "perl-ldap","Net::LDAP::Control::ManageDsaIT" => "perl-ldap","Net::LDAP::Control::MatchedValues" => "perl-ldap","Net::LDAP::Control::NoOp" => "perl-ldap","Net::LDAP::Control::Paged" => "perl-ldap","Net::LDAP::Control::PasswordPolicy" => "perl-ldap","Net::LDAP::Control::PersistentSearch" => "perl-ldap","Net::LDAP::Control::PostRead" => "perl-ldap","Net::LDAP::Control::PreRead" => "perl-ldap","Net::LDAP::Control::ProxyAuth" => "perl-ldap","Net::LDAP::Control::Relax" => "perl-ldap","Net::LDAP::Control::Sort" => "perl-ldap","Net::LDAP::Control::SortResult" => "perl-ldap","Net::LDAP::Control::Subentries" => "perl-ldap","Net::LDAP::Control::SyncDone" => "perl-ldap","Net::LDAP::Control::SyncRequest" => "perl-ldap","Net::LDAP::Control::SyncState" => "perl-ldap","Net::LDAP::Control::TreeDelete" => "perl-ldap","Net::LDAP::Control::VLV" => "perl-ldap","Net::LDAP::Control::VLVResponse" => "perl-ldap","Net::LDAP::DSML" => "perl-ldap","Net::LDAP::DSML::output" => "perl-ldap","Net::LDAP::DSML::pp" => "perl-ldap","Net::LDAP::Entry" => "perl-ldap","Net::LDAP::Extension" => "perl-ldap","Net::LDAP::Extension::Cancel" => "perl-ldap","Net::LDAP::Extension::Refresh" => "perl-ldap","Net::LDAP::Extension::SetPassword" => "perl-ldap","Net::LDAP::Extension::WhoAmI" => "perl-ldap","Net::LDAP::Extra" => "perl-ldap","Net::LDAP::Extra::AD" => "perl-ldap","Net::LDAP::Extra::eDirectory" => "perl-ldap","Net::LDAP::Filter" => "perl-ldap","Net::LDAP::FilterList" => "perl-ldap","Net::LDAP::FilterMatch" => "perl-ldap","Net::LDAP::Intermediate" => "perl-ldap","Net::LDAP::Intermediate::SyncInfo" => "perl-ldap","Net::LDAP::LDIF" => "perl-ldap","Net::LDAP::Message" => "perl-ldap","Net::LDAP::Message::Dummy" => "perl-ldap","Net::LDAP::Reference" => "perl-ldap","Net::LDAP::RootDSE" => "perl-ldap","Net::LDAP::Schema" => "perl-ldap","Net::LDAP::Search" => "perl-ldap","Net::LDAP::Util" => "perl-ldap","Net::LDAPI" => "perl-ldap","Net::LDAPS" => "perl-ldap","Net::NSCA::Client" => "Net-NSCA-Client","Net::NSCA::Client::Connection" => "Net-NSCA-Client","Net::NSCA::Client::Connection::TLS" => "Net-NSCA-Client","Net::NSCA::Client::DataPacket" => "Net-NSCA-Client","Net::NSCA::Client::InitialPacket" => "Net-NSCA-Client","Net::NSCA::Client::Library" => "Net-NSCA-Client","Net::NSCA::Client::ServerConfig" => "Net-NSCA-Client","Net::NSCA::Client::Utils" => "Net-NSCA-Client","Net::Netmask" => "Net-Netmask","Net::OAuth" => "Net-OAuth","Net::OAuth::AccessToken" => "Net-OAuth","Net::OAuth::AccessTokenRequest" => "Net-OAuth","Net::OAuth::AccessTokenResponse" => "Net-OAuth","Net::OAuth::Client" => "Net-OAuth","Net::OAuth::ConsumerRequest" => "Net-OAuth","Net::OAuth::Message" => "Net-OAuth","Net::OAuth::ProtectedResourceRequest" => "Net-OAuth","Net::OAuth::Request" => "Net-OAuth","Net::OAuth::RequestTokenRequest" => "Net-OAuth","Net::OAuth::RequestTokenResponse" => "Net-OAuth","Net::OAuth::Response" => "Net-OAuth","Net::OAuth::SignatureMethod::HMAC_SHA1" => "Net-OAuth","Net::OAuth::SignatureMethod::HMAC_SHA256" => "Net-OAuth","Net::OAuth::SignatureMethod::PLAINTEXT" => "Net-OAuth","Net::OAuth::SignatureMethod::RSA_SHA1" => "Net-OAuth","Net::OAuth::UserAuthRequest" => "Net-OAuth","Net::OAuth::UserAuthResponse" => "Net-OAuth","Net::OAuth::V1_0A::AccessTokenRequest" => "Net-OAuth","Net::OAuth::V1_0A::RequestTokenRequest" => "Net-OAuth","Net::OAuth::V1_0A::RequestTokenResponse" => "Net-OAuth","Net::OAuth::V1_0A::UserAuthResponse" => "Net-OAuth","Net::OAuth::XauthAccessTokenRequest" => "Net-OAuth","Net::OAuth::YahooAccessTokenRefreshRequest" => "Net-OAuth","Net::OpenID::Association" => "Net-OpenID-Consumer","Net::OpenID::ClaimedIdentity" => "Net-OpenID-Consumer","Net::OpenID::Consumer" => "Net-OpenID-Consumer","Net::OpenID::VerifiedIdentity" => "Net-OpenID-Consumer","Net::Ping::External" => "Net-Ping-External","Net::SNMP" => "Net-SNMP","Net::SNMP::Dispatcher" => "Net-SNMP","Net::SNMP::Message" => "Net-SNMP","Net::SNMP::MessageProcessing" => "Net-SNMP","Net::SNMP::PDU" => "Net-SNMP","Net::SNMP::Security" => "Net-SNMP","Net::SNMP::Security::Community" => "Net-SNMP","Net::SNMP::Security::USM" => "Net-SNMP","Net::SNMP::Transport" => "Net-SNMP","Net::SNMP::Transport::IPv4" => "Net-SNMP","Net::SNMP::Transport::IPv4::TCP" => "Net-SNMP","Net::SNMP::Transport::IPv4::UDP" => "Net-SNMP","Net::SNMP::Transport::IPv6" => "Net-SNMP","Net::SNMP::Transport::IPv6::TCP" => "Net-SNMP","Net::SNMP::Transport::IPv6::UDP" => "Net-SNMP","Net::SNMP::Transport::TCP" => "Net-SNMP","Net::SNMP::Transport::TCP6" => "Net-SNMP","Net::SNMP::Transport::UDP" => "Net-SNMP","Net::SNMP::Transport::UDP6" => "Net-SNMP","Net::SSLeay" => "Net-SSLeay","Net::SSLeay::Handle" => "Net-SSLeay","Net::Server" => "Net-Server","Net::Server::Coro" => "Net-Server-Coro","Net::Server::Daemonize" => "Net-Server","Net::Server::Fork" => "Net-Server","Net::Server::HTTP" => "Net-Server","Net::Server::INET" => "Net-Server","Net::Server::INET::Handle" => "Net-Server","Net::Server::IP" => "Net-Server","Net::Server::Log::Log::Log4perl" => "Net-Server","Net::Server::Log::Sys::Syslog" => "Net-Server","Net::Server::MultiType" => "Net-Server","Net::Server::Multiplex" => "Net-Server","Net::Server::Multiplex::MUX" => "Net-Server","Net::Server::PSGI" => "Net-Server","Net::Server::PreFork" => "Net-Server","Net::Server::PreForkSimple" => "Net-Server","Net::Server::Proto" => "Net-Server","Net::Server::Proto::Coro" => "Net-Server-Coro","Net::Server::Proto::Coro::FH" => "Net-Server-Coro","Net::Server::Proto::SSL" => "Net-Server","Net::Server::Proto::SSLEAY" => "Net-Server","Net::Server::Proto::TCP" => "Net-Server","Net::Server::Proto::UDP" => "Net-Server","Net::Server::Proto::UNIX" => "Net-Server","Net::Server::Proto::UNIXDGRAM" => "Net-Server","Net::Server::SIG" => "Net-Server","Net::Server::Single" => "Net-Server","Net::Server::Thread" => "Net-Server","Net::Server::TiedHandle" => "Net-Server","Net::Xero" => "Net-Xero","Net::hostent" => "perl","Net::netent" => "perl","Net::protoent" => "perl","Net::servent" => "perl","Nginx" => "Nginx-Perl","Nginx::Perl" => "Nginx-Perl","Nginx::Test" => "Nginx-Perl","Nginx::Test::Child" => "Nginx-Perl","NginxPerlTest" => "Nginx-Perl","O" => "perl","ODBM_File" => "perl","OS2::DLL" => "perl","OS2::DLL::dll" => "perl","OS2::ExtAttr" => "perl","OS2::PrfDB" => "perl","OS2::PrfDB::Hini" => "perl","OS2::PrfDB::Sub" => "perl","OS2::Process" => "perl","OS2::REXX" => "perl","OS2::REXX::_ARRAY" => "perl","OS2::REXX::_HASH" => "perl","OS2::REXX::_SCALAR" => "perl","OS2::localMorphPM" => "perl","Opcode" => "perl","OptreeCheck" => "perl","Otogiri" => "Otogiri","OverloadedClass" => "CGI-Session","OverloadedObjectClass" => "CGI-Session","PAR" => "PAR","PAR::Filter" => "PAR-Packer","PAR::Filter::Bleach" => "PAR-Packer","PAR::Filter::Bytecode" => "PAR-Packer","PAR::Filter::Obfuscate" => "PAR-Packer","PAR::Filter::PatchContent" => "PAR-Packer","PAR::Filter::PodStrip" => "PAR-Packer","PAR::Heavy" => "PAR","PAR::Packer" => "PAR-Packer","PAR::SetupProgname" => "PAR","PAR::SetupTemp" => "PAR","PAR::StrippedPARL::Base" => "PAR-Packer","PApp" => "PApp","PApp::Admin" => "PApp","PApp::Application" => "PApp","PApp::Application::Agni" => "PApp","PApp::CGI" => "PApp","PApp::CGI::Connection" => "PApp","PApp::CGI::Request" => "PApp","PApp::Callback" => "PApp","PApp::Callback::Function" => "PApp","PApp::Config" => "PApp","PApp::DataRef" => "PApp","PApp::DataRef::Base" => "PApp","PApp::DataRef::DB_row" => "PApp","PApp::DataRef::Hash::Proxy" => "PApp","PApp::DataRef::Scalar" => "PApp","PApp::DataRef::Scalar::Proxy" => "PApp","PApp::ECMAScript" => "PApp","PApp::ECMAScript::Layer" => "PApp","PApp::EditForm" => "PApp","PApp::Env" => "PApp","PApp::Event" => "PApp","PApp::Exception" => "PApp","PApp::FormBuffer" => "PApp","PApp::HTML" => "PApp","PApp::I18n" => "PApp","PApp::I18n::PO_Reader" => "PApp","PApp::I18n::PO_Writer" => "PApp","PApp::Lock" => "PApp","PApp::Log" => "PApp","PApp::MimeType" => "PApp","PApp::PCode" => "PApp","PApp::Prefs" => "PApp","PApp::Preprocessor" => "PApp","PApp::Recode" => "PApp","PApp::SCGI" => "PApp","PApp::SCGI::PApp" => "PApp","PApp::SCGI::Worker" => "PApp","PApp::Session" => "PApp","PApp::Storable" => "PApp","PApp::User" => "PApp","PApp::UserObs" => "PApp","PApp::Util" => "PApp","PApp::XBox" => "PApp","PApp::XML" => "PApp","PApp::XML::Pod2xml" => "PApp","PApp::XML::Template" => "PApp","PApp::XPCSE" => "PApp","PApp::XSLT" => "PApp","PApp::XSLT::LibXSLT" => "PApp","PApp::XSLT::Sablotron" => "PApp","PGObject::Util::DBAdmin" => "PGObject-Util-DBAdmin","PODServer" => "Squatting","PODServer::Controllers" => "Squatting","PODServer::Views" => "Squatting","POE::Component::IRC" => "POE-Component-IRC","POE::Component::IRC::Common" => "POE-Component-IRC","POE::Component::IRC::Constants" => "POE-Component-IRC","POE::Component::IRC::Plugin" => "POE-Component-IRC","POE::Component::IRC::Plugin::AutoJoin" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotAddressed" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotCommand" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotTraffic" => "POE-Component-IRC","POE::Component::IRC::Plugin::CTCP" => "POE-Component-IRC","POE::Component::IRC::Plugin::Connector" => "POE-Component-IRC","POE::Component::IRC::Plugin::Console" => "POE-Component-IRC","POE::Component::IRC::Plugin::CycleEmpty" => "POE-Component-IRC","POE::Component::IRC::Plugin::DCC" => "POE-Component-IRC","POE::Component::IRC::Plugin::FollowTail" => "POE-Component-IRC","POE::Component::IRC::Plugin::ISupport" => "POE-Component-IRC","POE::Component::IRC::Plugin::Logger" => "POE-Component-IRC","POE::Component::IRC::Plugin::NickReclaim" => "POE-Component-IRC","POE::Component::IRC::Plugin::NickServID" => "POE-Component-IRC","POE::Component::IRC::Plugin::PlugMan" => "POE-Component-IRC","POE::Component::IRC::Plugin::Proxy" => "POE-Component-IRC","POE::Component::IRC::Plugin::Whois" => "POE-Component-IRC","POE::Component::IRC::Qnet" => "POE-Component-IRC","POE::Component::IRC::Qnet::State" => "POE-Component-IRC","POE::Component::IRC::State" => "POE-Component-IRC","POE::Filter::IRC" => "POE-Component-IRC","POE::Filter::IRC::Compat" => "POE-Component-IRC","POSIX" => "perl","POSIX::2008" => "POSIX-2008","POSIX::SigAction" => "perl","POSIX::SigRt" => "perl","POSIX::SigSet" => "perl","PalImg" => "Perlbal","PaletteModify" => "Perlbal","Parallel::ForkManager" => "Parallel-ForkManager","Parallel::ForkManager::Child" => "Parallel-ForkManager","Parse::ePerl" => "eperl","Perl6::MakeMaker" => "Perl6-Pugs","Perl6::Pugs" => "Perl6-Pugs","Perl6::Pugs::Config" => "Perl6-Pugs","Perl6::Pugs::Config::MiniYAML" => "Perl6-Pugs","Perl::Tidy" => "Perl-Tidy","Perl::Tidy::Debugger" => "Perl-Tidy","Perl::Tidy::DevNull" => "Perl-Tidy","Perl::Tidy::Diagnostics" => "Perl-Tidy","Perl::Tidy::FileWriter" => "Perl-Tidy","Perl::Tidy::Formatter" => "Perl-Tidy","Perl::Tidy::HtmlWriter" => "Perl-Tidy","Perl::Tidy::IOScalar" => "Perl-Tidy","Perl::Tidy::IOScalarArray" => "Perl-Tidy","Perl::Tidy::IndentationItem" => "Perl-Tidy","Perl::Tidy::LineBuffer" => "Perl-Tidy","Perl::Tidy::LineSink" => "Perl-Tidy","Perl::Tidy::LineSource" => "Perl-Tidy","Perl::Tidy::Logger" => "Perl-Tidy","Perl::Tidy::Tokenizer" => "Perl-Tidy","Perl::Tidy::VerticalAligner" => "Perl-Tidy","Perl::Tidy::VerticalAligner::Alignment" => "Perl-Tidy","Perl::Tidy::VerticalAligner::Line" => "Perl-Tidy","Perl::Version" => "Perl-Version","PerlIO" => "perl","PerlIO::encoding" => "perl","PerlIO::mmap" => "perl","PerlIO::scalar" => "perl","PerlIO::via" => "perl","PerlTmp" => "Batch-Batchrun","Perlbal" => "Perlbal","Perlbal::AIO" => "Perlbal","Perlbal::BackendHTTP" => "Perlbal","Perlbal::Cache" => "Perlbal","Perlbal::ChunkedUploadState" => "Perlbal","Perlbal::ClientHTTP" => "Perlbal","Perlbal::ClientHTTPBase" => "Perlbal","Perlbal::ClientManage" => "Perlbal","Perlbal::ClientProxy" => "Perlbal","Perlbal::CommandContext" => "Perlbal","Perlbal::Fields" => "Perlbal","Perlbal::HTTPHeaders" => "Perlbal","Perlbal::ManageCommand" => "Perlbal","Perlbal::Plugin::AccessControl" => "Perlbal","Perlbal::Plugin::AutoRemoveLeadingDir" => "Perlbal","Perlbal::Plugin::Cgilike" => "Perlbal","Perlbal::Plugin::Cgilike::Request" => "Perlbal","Perlbal::Plugin::EchoService" => "Perlbal","Perlbal::Plugin::EchoService::Client" => "Perlbal","Perlbal::Plugin::FlvStreaming" => "Perlbal","Perlbal::Plugin::Highpri" => "Perlbal","Perlbal::Plugin::Include" => "Perlbal","Perlbal::Plugin::LazyCDN" => "Perlbal","Perlbal::Plugin::MaxContentLength" => "Perlbal","Perlbal::Plugin::NotModified" => "Perlbal","Perlbal::Plugin::Palimg" => "Perlbal","Perlbal::Plugin::Queues" => "Perlbal","Perlbal::Plugin::Redirect" => "Perlbal","Perlbal::Plugin::Stats" => "Perlbal","Perlbal::Plugin::Stats::Storage" => "Perlbal","Perlbal::Plugin::Throttle" => "Perlbal","Perlbal::Plugin::Throttle::Store" => "Perlbal","Perlbal::Plugin::Throttle::Store::Memcached" => "Perlbal","Perlbal::Plugin::Throttle::Store::Memory" => "Perlbal","Perlbal::Plugin::Vhosts" => "Perlbal","Perlbal::Plugin::Vpaths" => "Perlbal","Perlbal::Plugin::XFFExtras" => "Perlbal","Perlbal::Pool" => "Perlbal","Perlbal::ReproxyManager" => "Perlbal","Perlbal::Service" => "Perlbal","Perlbal::Socket" => "Perlbal","Perlbal::SocketSSL" => "Perlbal","Perlbal::SocketSSL2" => "Perlbal","Perlbal::TCPListener" => "Perlbal","Perlbal::Test" => "Perlbal","Perlbal::Test::WebClient" => "Perlbal","Perlbal::Test::WebServer" => "Perlbal","Perlbal::UploadListener" => "Perlbal","Perlbal::Util" => "Perlbal","Perldoc::Server" => "Perldoc-Server","Perldoc::Server::Controller::Ajax" => "Perldoc-Server","Perldoc::Server::Controller::Ajax::PerlSyntax" => "Perldoc-Server","Perldoc::Server::Controller::Functions" => "Perldoc-Server","Perldoc::Server::Controller::Index" => "Perldoc-Server","Perldoc::Server::Controller::Index::Modules" => "Perldoc-Server","Perldoc::Server::Controller::Root" => "Perldoc-Server","Perldoc::Server::Controller::Search" => "Perldoc-Server","Perldoc::Server::Controller::Source" => "Perldoc-Server","Perldoc::Server::Controller::View" => "Perldoc-Server","Perldoc::Server::Convert::html" => "Perldoc-Server","Perldoc::Server::Model::Index" => "Perldoc-Server","Perldoc::Server::Model::PerlFunc" => "Perldoc-Server","Perldoc::Server::Model::Pod" => "Perldoc-Server","Perldoc::Server::Model::Section" => "Perldoc-Server","Perldoc::Server::View::Function" => "Perldoc-Server","Perldoc::Server::View::OpenThoughtTT" => "Perldoc-Server","Perldoc::Server::View::Pod2HTML" => "Perldoc-Server","Perldoc::Server::View::Pod2Source" => "Perldoc-Server","Perldoc::Server::View::TT" => "Perldoc-Server","PhonyClipboard" => "Clipboard","Pinto" => "Pinto","Pinto::Action" => "Pinto","Pinto::Action::Add" => "Pinto","Pinto::Action::Clean" => "Pinto","Pinto::Action::Copy" => "Pinto","Pinto::Action::Default" => "Pinto","Pinto::Action::Delete" => "Pinto","Pinto::Action::Diff" => "Pinto","Pinto::Action::Install" => "Pinto","Pinto::Action::Kill" => "Pinto","Pinto::Action::List" => "Pinto","Pinto::Action::Lock" => "Pinto","Pinto::Action::Log" => "Pinto","Pinto::Action::Look" => "Pinto","Pinto::Action::Merge" => "Pinto","Pinto::Action::New" => "Pinto","Pinto::Action::Nop" => "Pinto","Pinto::Action::Pin" => "Pinto","Pinto::Action::Props" => "Pinto","Pinto::Action::Pull" => "Pinto","Pinto::Action::Register" => "Pinto","Pinto::Action::Rename" => "Pinto","Pinto::Action::Reset" => "Pinto","Pinto::Action::Revert" => "Pinto","Pinto::Action::Roots" => "Pinto","Pinto::Action::Stacks" => "Pinto","Pinto::Action::Statistics" => "Pinto","Pinto::Action::Unlock" => "Pinto","Pinto::Action::Unpin" => "Pinto","Pinto::Action::Unregister" => "Pinto","Pinto::Action::Update" => "Pinto","Pinto::Action::Verify" => "Pinto","Pinto::ArchiveUnpacker" => "Pinto","Pinto::Chrome" => "Pinto","Pinto::Chrome::Net" => "Pinto","Pinto::Chrome::Term" => "Pinto","Pinto::CommitMessage" => "Pinto","Pinto::Config" => "Pinto","Pinto::Constants" => "Pinto","Pinto::Database" => "Pinto","Pinto::Difference" => "Pinto","Pinto::DifferenceEntry" => "Pinto","Pinto::DistributionSpec" => "Pinto","Pinto::Editor" => "Pinto","Pinto::Editor::Clip" => "Pinto","Pinto::Editor::Edit" => "Pinto","Pinto::Exception" => "Pinto","Pinto::Globals" => "Pinto","Pinto::IndexCache" => "Pinto","Pinto::IndexReader" => "Pinto","Pinto::IndexWriter" => "Pinto","Pinto::Initializer" => "Pinto","Pinto::Locator" => "Pinto","Pinto::Locator::Mirror" => "Pinto","Pinto::Locator::Multiplex" => "Pinto","Pinto::Locator::Stratopan" => "Pinto","Pinto::Locker" => "Pinto","Pinto::Manual" => "Pinto","Pinto::Manual::Installing" => "Pinto","Pinto::Manual::Introduction" => "Pinto","Pinto::Manual::QuickStart" => "Pinto","Pinto::Manual::Thanks" => "Pinto","Pinto::Manual::Tutorial" => "Pinto","Pinto::Migrator" => "Pinto","Pinto::ModlistWriter" => "Pinto","Pinto::PackageExtractor" => "Pinto","Pinto::PackageSpec" => "Pinto","Pinto::PrerequisiteWalker" => "Pinto","Pinto::Remote" => "Pinto","Pinto::Remote::Action" => "Pinto","Pinto::Remote::Action::Add" => "Pinto","Pinto::Remote::Action::Install" => "Pinto","Pinto::Remote::Result" => "Pinto","Pinto::Repository" => "Pinto","Pinto::Result" => "Pinto","Pinto::RevisionWalker" => "Pinto","Pinto::Role::Committable" => "Pinto","Pinto::Role::FileFetcher" => "Pinto","Pinto::Role::Installer" => "Pinto","Pinto::Role::PauseConfig" => "Pinto","Pinto::Role::Plated" => "Pinto","Pinto::Role::Puller" => "Pinto","Pinto::Role::Schema::Result" => "Pinto","Pinto::Role::Transactional" => "Pinto","Pinto::Role::UserAgent" => "Pinto","Pinto::Schema" => "Pinto","Pinto::Schema::Result::Ancestry" => "Pinto","Pinto::Schema::Result::Distribution" => "Pinto","Pinto::Schema::Result::Package" => "Pinto","Pinto::Schema::Result::Prerequisite" => "Pinto","Pinto::Schema::Result::Registration" => "Pinto","Pinto::Schema::Result::RegistrationChange" => "Pinto","Pinto::Schema::Result::Revision" => "Pinto","Pinto::Schema::Result::Stack" => "Pinto","Pinto::Schema::ResultSet::Distribution" => "Pinto","Pinto::Schema::ResultSet::Package" => "Pinto","Pinto::Schema::ResultSet::Registration" => "Pinto","Pinto::Server" => "Pinto","Pinto::Server::Responder" => "Pinto","Pinto::Server::Responder::Action" => "Pinto","Pinto::Server::Responder::File" => "Pinto","Pinto::Server::Router" => "Pinto","Pinto::Shell" => "Pinto","Pinto::SpecFactory" => "Pinto","Pinto::Statistics" => "Pinto","Pinto::Store" => "Pinto","Pinto::Target" => "Pinto","Pinto::Target::Distribution" => "Pinto","Pinto::Target::Package" => "Pinto","Pinto::Types" => "Pinto","Pinto::Util" => "Pinto","Plack" => "Plack","Plack::App::CGIBin" => "Plack","Plack::App::Cascade" => "Plack","Plack::App::Debugger" => "Plack-Debugger","Plack::App::Directory" => "Plack","Plack::App::File" => "Plack","Plack::App::PSGIBin" => "Plack","Plack::App::URLMap" => "Plack","Plack::App::WrapCGI" => "Plack","Plack::App::XAO" => "XAO-Web","Plack::Builder" => "Plack","Plack::Component" => "Plack","Plack::Debugger" => "Plack-Debugger","Plack::Debugger::Panel" => "Plack-Debugger","Plack::Debugger::Panel::AJAX" => "Plack-Debugger","Plack::Debugger::Panel::Environment" => "Plack-Debugger","Plack::Debugger::Panel::Memory" => "Plack-Debugger","Plack::Debugger::Panel::ModuleVersions" => "Plack-Debugger","Plack::Debugger::Panel::Parameters" => "Plack-Debugger","Plack::Debugger::Panel::PerlConfig" => "Plack-Debugger","Plack::Debugger::Panel::PlackRequest" => "Plack-Debugger","Plack::Debugger::Panel::PlackResponse" => "Plack-Debugger","Plack::Debugger::Panel::Timer" => "Plack-Debugger","Plack::Debugger::Panel::Warnings" => "Plack-Debugger","Plack::Debugger::Storage" => "Plack-Debugger","Plack::HTTPParser" => "Plack","Plack::HTTPParser::PP" => "Plack","Plack::Handler" => "Plack","Plack::Handler::Apache1" => "Plack","Plack::Handler::Apache2" => "Plack","Plack::Handler::Apache2::Registry" => "Plack","Plack::Handler::CGI" => "Plack","Plack::Handler::CGI::Writer" => "Plack","Plack::Handler::FCGI" => "Plack","Plack::Handler::HTTP::Server::PSGI" => "Plack","Plack::Handler::Standalone" => "Plack","Plack::LWPish" => "Plack","Plack::Loader" => "Plack","Plack::Loader::Delayed" => "Plack","Plack::Loader::Restarter" => "Plack","Plack::Loader::Shotgun" => "Plack","Plack::MIME" => "Plack","Plack::Middleware" => "Plack","Plack::Middleware::AccessLog" => "Plack","Plack::Middleware::AccessLog::Timed" => "Plack","Plack::Middleware::Auth::Basic" => "Plack","Plack::Middleware::Auth::LemonldapNG" => "Lemonldap-NG-Handler","Plack::Middleware::Bootstrap" => "Plack-Middleware-Bootstrap","Plack::Middleware::BufferedStreaming" => "Plack","Plack::Middleware::Chunked" => "Plack","Plack::Middleware::Conditional" => "Plack","Plack::Middleware::ConditionalGET" => "Plack","Plack::Middleware::ContentLength" => "Plack","Plack::Middleware::ContentMD5" => "Plack","Plack::Middleware::Debugger::Collector" => "Plack-Debugger","Plack::Middleware::Debugger::Injector" => "Plack-Debugger","Plack::Middleware::ErrorDocument" => "Plack","Plack::Middleware::HTTPExceptions" => "Plack","Plack::Middleware::Head" => "Plack","Plack::Middleware::IIS6ScriptNameFix" => "Plack","Plack::Middleware::IIS7KeepAliveFix" => "Plack","Plack::Middleware::JSONP" => "Plack","Plack::Middleware::LighttpdScriptNameFix" => "Plack","Plack::Middleware::Lint" => "Plack","Plack::Middleware::Log4perl" => "Plack","Plack::Middleware::LogDispatch" => "Plack","Plack::Middleware::NullLogger" => "Plack","Plack::Middleware::RearrangeHeaders" => "Plack","Plack::Middleware::Recursive" => "Plack","Plack::Middleware::Refresh" => "Plack","Plack::Middleware::Runtime" => "Plack","Plack::Middleware::Session" => "Plack-Middleware-Session","Plack::Middleware::Session::Cookie" => "Plack-Middleware-Session","Plack::Middleware::Session::Simple" => "Plack-Middleware-Session-Simple","Plack::Middleware::Session::Simple::Session" => "Plack-Middleware-Session-Simple","Plack::Middleware::SimpleContentFilter" => "Plack","Plack::Middleware::SimpleLogger" => "Plack","Plack::Middleware::StackTrace" => "Plack","Plack::Middleware::Static" => "Plack","Plack::Middleware::StaticShared" => "Plack-Middleware-StaticShared","Plack::Middleware::Statsd" => "Plack-Middleware-Statsd","Plack::Middleware::Writer" => "Plack","Plack::Middleware::XFramework" => "Plack","Plack::Middleware::XSRFBlock" => "Plack-Middleware-XSRFBlock","Plack::Middleware::XSendfile" => "Plack","Plack::Recursive::ForwardRequest" => "Plack","Plack::Request" => "Plack","Plack::Request::Upload" => "Plack","Plack::Response" => "Plack","Plack::Runner" => "Plack","Plack::Server" => "Plack","Plack::Server::Apache1" => "Plack","Plack::Server::Apache2" => "Plack","Plack::Server::CGI" => "Plack","Plack::Server::FCGI" => "Plack","Plack::Server::ServerSimple" => "Plack","Plack::Server::Standalone" => "Plack","Plack::Server::Standalone::Prefork" => "Plack","Plack::Session" => "Plack-Middleware-Session","Plack::Session::Cleanup" => "Plack-Middleware-Session","Plack::Session::State" => "Plack-Middleware-Session","Plack::Session::State::Cookie" => "Plack-Middleware-Session","Plack::Session::Store" => "Plack-Middleware-Session","Plack::Session::Store::Cache" => "Plack-Middleware-Session","Plack::Session::Store::DBI" => "Plack-Middleware-Session","Plack::Session::Store::File" => "Plack-Middleware-Session","Plack::Session::Store::Null" => "Plack-Middleware-Session","Plack::TempBuffer" => "Plack","Plack::TempBuffer::Auto" => "Plack","Plack::TempBuffer::File" => "Plack","Plack::TempBuffer::PerlIO" => "Plack","Plack::Test" => "Plack","Plack::Test::Debugger" => "Plack-Debugger","Plack::Test::Debugger::ResultGenerator" => "Plack-Debugger","Plack::Test::MockHTTP" => "Plack","Plack::Test::MockHTTP::WithCleanupHandlers" => "Plack-Debugger","Plack::Test::Server" => "Plack","Plack::Test::Suite" => "Plack","Plack::Util" => "Plack","Plack::Util::Accessor" => "Plack","Plack::Util::IOWithPath" => "Plack","Plack::Util::Prototype" => "Plack","Pod::Html" => "perl","Pod::Html::Util" => "perl","Pod::Perldoc" => "Pod-Perldoc","Pod::Perldoc::BaseTo" => "Pod-Perldoc","Pod::Perldoc::GetOptsOO" => "Pod-Perldoc","Pod::Perldoc::ToANSI" => "Pod-Perldoc","Pod::Perldoc::ToChecker" => "Pod-Perldoc","Pod::Perldoc::ToMan" => "Pod-Perldoc","Pod::Perldoc::ToNroff" => "Pod-Perldoc","Pod::Perldoc::ToPod" => "Pod-Perldoc","Pod::Perldoc::ToRtf" => "Pod-Perldoc","Pod::Perldoc::ToTerm" => "Pod-Perldoc","Pod::Perldoc::ToText" => "Pod-Perldoc","Pod::Perldoc::ToTk" => "Pod-Perldoc","Pod::Perldoc::ToXml" => "Pod-Perldoc","Pod::Simple::XHTML::LocalPodLinks" => "perl","Porting::updateAUTHORS" => "perl","Proc::Daemon" => "Proc-Daemon","Proc::Killall" => "Proc-ProcessTable","Proc::Killfam" => "Proc-ProcessTable","Proc::ProcessTable" => "Proc-ProcessTable","Proc::ProcessTable::Process" => "Proc-ProcessTable","Pugs::MakeMaker" => "Perl6-Pugs","PugsConfig" => "Perl6-Pugs","RDF::Redland" => "Redland","RDF::Redland::BlankNode" => "Redland","RDF::Redland::CORE" => "Redland","RDF::Redland::COREc" => "Redland","RDF::Redland::Iterator" => "Redland","RDF::Redland::LiteralNode" => "Redland","RDF::Redland::Model" => "Redland","RDF::Redland::Node" => "Redland","RDF::Redland::Parser" => "Redland","RDF::Redland::Query" => "Redland","RDF::Redland::QueryResults" => "Redland","RDF::Redland::RSS" => "Redland","RDF::Redland::RSS::Node" => "Redland","RDF::Redland::Serializer" => "Redland","RDF::Redland::Statement" => "Redland","RDF::Redland::Storage" => "Redland","RDF::Redland::Stream" => "Redland","RDF::Redland::URI" => "Redland","RDF::Redland::URINode" => "Redland","RDF::Redland::World" => "Redland","RDF::Redland::XMLLiteralNode" => "Redland","RPC::PlClient" => "PlRPC","RPC::PlClient::Comm" => "PlRPC","RPC::PlClient::Object" => "PlRPC","RPC::PlServer" => "PlRPC","RPC::PlServer::Comm" => "PlRPC","RPC::PlServer::Test" => "PlRPC","RPC::XML" => "RPC-XML","RPC::XML::Client" => "RPC-XML","RPC::XML::Function" => "RPC-XML","RPC::XML::Method" => "RPC-XML","RPC::XML::Parser" => "RPC-XML","RPC::XML::Parser::XMLLibXML" => "RPC-XML","RPC::XML::Parser::XMLParser" => "RPC-XML","RPC::XML::ParserFactory" => "RPC-XML","RPC::XML::Procedure" => "RPC-XML","RPC::XML::Server" => "RPC-XML","RPC::XML::array" => "RPC-XML","RPC::XML::base64" => "RPC-XML","RPC::XML::boolean" => "RPC-XML","RPC::XML::datatype" => "RPC-XML","RPC::XML::datetime_iso8601" => "RPC-XML","RPC::XML::double" => "RPC-XML","RPC::XML::fault" => "RPC-XML","RPC::XML::i4" => "RPC-XML","RPC::XML::i8" => "RPC-XML","RPC::XML::int" => "RPC-XML","RPC::XML::nil" => "RPC-XML","RPC::XML::request" => "RPC-XML","RPC::XML::response" => "RPC-XML","RPC::XML::simple_type" => "RPC-XML","RPC::XML::string" => "RPC-XML","RPC::XML::struct" => "RPC-XML","RT::Authen::ExternalAuth" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::DBI" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::DBI::Cookie" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::LDAP" => "RT-Authen-ExternalAuth","RT::Extension::MobileUI" => "RT-Extension-MobileUI","RTMP::Client" => "RTMP-Client","Redis::Fast" => "Redis-Fast","Redis::Fast::Hash" => "Redis-Fast","Redis::Fast::List" => "Redis-Fast","Redis::Fast::Sentinel" => "Redis-Fast","Redis::hiredis" => "Redis-hiredis","Resource::Pack::jQuery" => "Resource-Pack-jQuery","SDBM_File" => "perl","SOAP::Apache" => "SOAP-Lite","SOAP::Cloneable" => "SOAP-Lite","SOAP::Constants" => "SOAP-Lite","SOAP::Custom::XML::Data" => "SOAP-Lite","SOAP::Custom::XML::Deserializer" => "SOAP-Lite","SOAP::Data" => "SOAP-Lite","SOAP::Deserializer" => "SOAP-Lite","SOAP::Fault" => "SOAP-Lite","SOAP::Header" => "SOAP-Lite","SOAP::Lite" => "SOAP-Lite","SOAP::Lite::COM" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchema1999" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchema2001" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchemaSOAP1_1" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchemaSOAP1_2" => "SOAP-Lite","SOAP::Lite::Packager" => "SOAP-Lite","SOAP::Lite::Packager::DIME" => "SOAP-Lite","SOAP::Lite::Packager::MIME" => "SOAP-Lite","SOAP::Lite::Utils" => "SOAP-Lite","SOAP::MIMEParser" => "SOAP-Lite","SOAP::Packager" => "SOAP-Lite","SOAP::Packager::DIME" => "SOAP-Lite","SOAP::Packager::MIME" => "SOAP-Lite","SOAP::SOM" => "SOAP-Lite","SOAP::Schema" => "SOAP-Lite","SOAP::Schema::Deserializer" => "SOAP-Lite","SOAP::Schema::WSDL" => "SOAP-Lite","SOAP::Server" => "SOAP-Lite","SOAP::Server::Object" => "SOAP-Lite","SOAP::Server::Parameters" => "SOAP-Lite","SOAP::Test" => "SOAP-Lite","SOAP::Test::Server" => "SOAP-Lite","SOAP::Trace" => "SOAP-Lite","SOAP::Transport" => "SOAP-Lite","SOAP::Transport::HTTP" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon::ForkAfterProcessing" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon::ForkOnAccept" => "SOAP-Lite","SOAP::Transport::HTTP::FCGI" => "SOAP-Lite","SOAP::Transport::IO" => "SOAP-Lite","SOAP::Transport::IO::Server" => "SOAP-Lite","SOAP::Transport::LOCAL" => "SOAP-Lite","SOAP::Transport::LOCAL::Client" => "SOAP-Lite","SOAP::Transport::LOOPBACK" => "SOAP-Lite","SOAP::Transport::LOOPBACK::Client" => "SOAP-Lite","SOAP::Transport::MAILTO" => "SOAP-Lite","SOAP::Transport::MAILTO::Client" => "SOAP-Lite","SOAP::Transport::POP3" => "SOAP-Lite","SOAP::Transport::POP3::Server" => "SOAP-Lite","SOAP::Transport::TCP" => "SOAP-Lite","SOAP::Transport::TCP::Client" => "SOAP-Lite","SOAP::Transport::TCP::Server" => "SOAP-Lite","SOAP::Utils" => "SOAP-Lite","SOAP::XMLSchema1999::Deserializer" => "SOAP-Lite","SOAP::XMLSchema1999::Serializer" => "SOAP-Lite","SOAP::XMLSchema2001::Deserializer" => "SOAP-Lite","SOAP::XMLSchema2001::Serializer" => "SOAP-Lite","SOAP::XMLSchema::Serializer" => "SOAP-Lite","SOAP::XMLSchemaApacheSOAP::Deserializer" => "SOAP-Lite","SOAP::XMLSchemaSOAP1_1::Deserializer" => "SOAP-Lite","SOAP::XMLSchemaSOAP1_2::Deserializer" => "SOAP-Lite","SSL_Context" => "IO-Socket-SSL","SSL_HANDLE" => "IO-Socket-SSL","SSL_SSL" => "IO-Socket-SSL","SVG::Sparkline" => "SVG-Sparkline","SVG::Sparkline::Area" => "SVG-Sparkline","SVG::Sparkline::Bar" => "SVG-Sparkline","SVG::Sparkline::Line" => "SVG-Sparkline","SVG::Sparkline::RangeArea" => "SVG-Sparkline","SVG::Sparkline::RangeBar" => "SVG-Sparkline","SVG::Sparkline::Utils" => "SVG-Sparkline","SVG::Sparkline::Whisker" => "SVG-Sparkline","SVN::Base" => "Alien-SVN","SVN::Client" => "Alien-SVN","SVN::Core" => "Alien-SVN","SVN::Delta" => "Alien-SVN","SVN::Fs" => "Alien-SVN","SVN::Look" => "SVN-Look","SVN::Ra" => "Alien-SVN","SVN::Repos" => "Alien-SVN","SVN::Wc" => "Alien-SVN","Safe" => "Safe","Search::OpenSearch::Result" => "Search-OpenSearch-Server","Search::OpenSearch::Server" => "Search-OpenSearch-Server","Search::OpenSearch::Server::Catalyst" => "Search-OpenSearch-Server","Search::OpenSearch::Server::Plack" => "Search-OpenSearch-Server","SelectSaver" => "perl","Sereal::Decoder" => "Sereal-Decoder","Sereal::Decoder::Constants" => "Sereal-Decoder","Sereal::Encoder" => "Sereal-Encoder","Sereal::Encoder::Constants" => "Sereal-Encoder","Sereal::Performance" => "Sereal-Decoder","Sidef" => "Sidef","Sidef::Deparse::Perl" => "Sidef","Sidef::Deparse::Sidef" => "Sidef","Sidef::Math::Math" => "Sidef","Sidef::Module::Func" => "Sidef","Sidef::Module::OO" => "Sidef","Sidef::Object::Convert" => "Sidef","Sidef::Object::Enumerator" => "Sidef","Sidef::Object::Lazy" => "Sidef","Sidef::Object::LazyMethod" => "Sidef","Sidef::Object::Object" => "Sidef","Sidef::Optimizer" => "Sidef","Sidef::Parser" => "Sidef","Sidef::Perl::Perl" => "Sidef","Sidef::Sys::Sig" => "Sidef","Sidef::Sys::Sys" => "Sidef","Sidef::Time::Date" => "Sidef","Sidef::Time::Gmtime" => "Sidef","Sidef::Time::Localtime" => "Sidef","Sidef::Time::Time" => "Sidef","Sidef::Types::Array::Array" => "Sidef","Sidef::Types::Array::Matrix" => "Sidef","Sidef::Types::Array::Pair" => "Sidef","Sidef::Types::Array::Vector" => "Sidef","Sidef::Types::Block::Block" => "Sidef","Sidef::Types::Block::Fork" => "Sidef","Sidef::Types::Block::Try" => "Sidef","Sidef::Types::Bool::Bool" => "Sidef","Sidef::Types::Glob::Backtick" => "Sidef","Sidef::Types::Glob::Dir" => "Sidef","Sidef::Types::Glob::DirHandle" => "Sidef","Sidef::Types::Glob::File" => "Sidef","Sidef::Types::Glob::FileHandle" => "Sidef","Sidef::Types::Glob::Pipe" => "Sidef","Sidef::Types::Glob::Socket" => "Sidef","Sidef::Types::Glob::SocketHandle" => "Sidef","Sidef::Types::Glob::Stat" => "Sidef","Sidef::Types::Hash::Hash" => "Sidef","Sidef::Types::Null::Null" => "Sidef","Sidef::Types::Number::Complex" => "Sidef","Sidef::Types::Number::Fraction" => "Sidef","Sidef::Types::Number::Gauss" => "Sidef","Sidef::Types::Number::Mod" => "Sidef","Sidef::Types::Number::Number" => "Sidef","Sidef::Types::Number::Polynomial" => "Sidef","Sidef::Types::Number::PolynomialMod" => "Sidef","Sidef::Types::Number::Quadratic" => "Sidef","Sidef::Types::Number::Quaternion" => "Sidef","Sidef::Types::Perl::Perl" => "Sidef","Sidef::Types::Range::Range" => "Sidef","Sidef::Types::Range::RangeNumber" => "Sidef","Sidef::Types::Range::RangeString" => "Sidef","Sidef::Types::Regex::Match" => "Sidef","Sidef::Types::Regex::Regex" => "Sidef","Sidef::Types::Set::Bag" => "Sidef","Sidef::Types::Set::Set" => "Sidef","Sidef::Types::String::String" => "Sidef","Sidef::Variable::GetOpt" => "Sidef","Sidef::Variable::NamedParam" => "Sidef","SimpleObjectClass" => "CGI-Session","Smolder" => "Smolder","Smolder::AuthHandler" => "Smolder","Smolder::AuthInfo" => "Smolder","Smolder::Build" => "Smolder","Smolder::Conf" => "Smolder","Smolder::Constraints" => "Smolder","Smolder::Control" => "Smolder","Smolder::Control::Admin" => "Smolder","Smolder::Control::Admin::Developers" => "Smolder","Smolder::Control::Admin::Projects" => "Smolder","Smolder::Control::Developer" => "Smolder","Smolder::Control::Developer::Prefs" => "Smolder","Smolder::Control::Graphs" => "Smolder","Smolder::Control::Projects" => "Smolder","Smolder::Control::Public" => "Smolder","Smolder::Control::Public::Auth" => "Smolder","Smolder::DB" => "Smolder","Smolder::DB::Developer" => "Smolder","Smolder::DB::Preference" => "Smolder","Smolder::DB::Project" => "Smolder","Smolder::DB::ProjectDeveloper" => "Smolder","Smolder::DB::SmokeReport" => "Smolder","Smolder::DB::TestFile" => "Smolder","Smolder::DB::TestFileComment" => "Smolder","Smolder::DB::TestFileResult" => "Smolder","Smolder::Debug" => "Smolder","Smolder::Dispatch" => "Smolder","Smolder::Email" => "Smolder","Smolder::Manual" => "Smolder","Smolder::Mech" => "Smolder","Smolder::Redirect" => "Smolder","Smolder::Server" => "Smolder","Smolder::Server::Control" => "Smolder","Smolder::Server::PreFork" => "Smolder","Smolder::TAPHTMLMatrix" => "Smolder","Smolder::TestData" => "Smolder","Smolder::TestScript" => "Smolder","Smolder::Upgrade" => "Smolder","Smolder::Upgrade::V0_1" => "Smolder","Smolder::Upgrade::V0_3" => "Smolder","Smolder::Upgrade::V1_1" => "Smolder","Smolder::Upgrade::V1_21" => "Smolder","Smolder::Upgrade::V1_24" => "Smolder","Smolder::Upgrade::V1_30" => "Smolder","Smolder::Upgrade::V1_37" => "Smolder","Smolder::Upgrade::V1_50" => "Smolder","Smolder::Util" => "Smolder","SockJS" => "SockJS","SockJS::Connection" => "SockJS","SockJS::Exception" => "SockJS","SockJS::Handle" => "SockJS","SockJS::Middleware::Cache" => "SockJS","SockJS::Middleware::Cors" => "SockJS","SockJS::Middleware::Http10" => "SockJS","SockJS::Middleware::JSessionID" => "SockJS","SockJS::Session" => "SockJS","SockJS::Transport" => "SockJS","SockJS::Transport::Base" => "SockJS","SockJS::Transport::EventSource" => "SockJS","SockJS::Transport::HtmlFile" => "SockJS","SockJS::Transport::JSONPPolling" => "SockJS","SockJS::Transport::JSONPSend" => "SockJS","SockJS::Transport::WebSocket" => "SockJS","SockJS::Transport::XHRPolling" => "SockJS","SockJS::Transport::XHRSend" => "SockJS","SockJS::Transport::XHRStreaming" => "SockJS","Socket" => "Socket","Spoon" => "Spoon","Spoon::Base" => "Spoon","Spoon::CGI" => "Spoon","Spoon::Command" => "Spoon","Spoon::Config" => "Spoon","Spoon::ContentObject" => "Spoon","Spoon::Cookie" => "Spoon","Spoon::DataObject" => "Spoon","Spoon::Formatter" => "Spoon","Spoon::Formatter::Block" => "Spoon","Spoon::Formatter::Container" => "Spoon","Spoon::Formatter::Phrase" => "Spoon","Spoon::Formatter::Wafl" => "Spoon","Spoon::Headers" => "Spoon","Spoon::Hook" => "Spoon","Spoon::Hooked" => "Spoon","Spoon::Hooks" => "Spoon","Spoon::Hub" => "Spoon","Spoon::IndexList" => "Spoon","Spoon::Installer" => "Spoon","Spoon::Lookup" => "Spoon","Spoon::MetadataObject" => "Spoon","Spoon::Plugin" => "Spoon","Spoon::Registry" => "Spoon","Spoon::Template" => "Spoon","Spoon::Template::TT2" => "Spoon","Spoon::Trace" => "Spoon","Spoon::Utils" => "Spoon","Spreadsheet::ParseExcel" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Cell" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Dump" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtDefault" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtJapan" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtJapan2" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtUnicode" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Font" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Format" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser::Workbook" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser::Worksheet" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Utility" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Workbook" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Worksheet" => "Spreadsheet-ParseExcel","Spreadsheet::ParseXLSX" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Cell" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor::Agile" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor::Standard" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Worksheet" => "Spreadsheet-ParseXLSX","Squatting" => "Squatting","Squatting::Controller" => "Squatting","Squatting::H" => "Squatting","Squatting::Log" => "Squatting","Squatting::Mapper" => "Squatting","Squatting::On::CGI" => "Squatting","Squatting::On::Catalyst" => "Squatting","Squatting::On::Continuity" => "Squatting","Squatting::On::Jifty" => "Squatting","Squatting::On::MP13" => "Squatting","Squatting::On::MP20" => "Squatting","Squatting::Q" => "Squatting","Squatting::View" => "Squatting","Squatting::With::AccessTrace" => "Squatting","Squatting::With::Coro::Debug" => "Squatting","Squatting::With::Log" => "Squatting","Squatting::With::MockRequest" => "Squatting","Squatting::With::Mount" => "Squatting","Squatting::With::PerHostConfig" => "Squatting","Starch" => "Starch","Starch::Factory" => "Starch","Starch::Manager" => "Starch","Starch::Plugin::AlwaysLoad" => "Starch","Starch::Plugin::Bundle" => "Starch","Starch::Plugin::CookieArgs" => "Starch","Starch::Plugin::CookieArgs::Manager" => "Starch","Starch::Plugin::CookieArgs::State" => "Starch","Starch::Plugin::DisableStore" => "Starch","Starch::Plugin::ForManager" => "Starch","Starch::Plugin::ForState" => "Starch","Starch::Plugin::ForStore" => "Starch","Starch::Plugin::LogStoreExceptions" => "Starch","Starch::Plugin::RenewExpiration" => "Starch","Starch::Plugin::RenewExpiration::Manager" => "Starch","Starch::Plugin::RenewExpiration::State" => "Starch","Starch::Plugin::ThrottleStore" => "Starch","Starch::Plugin::Trace" => "Starch","Starch::Plugin::Trace::Manager" => "Starch","Starch::Plugin::Trace::State" => "Starch","Starch::Plugin::Trace::Store" => "Starch","Starch::Role::Log" => "Starch","Starch::State" => "Starch","Starch::Store" => "Starch","Starch::Store::Layered" => "Starch","Starch::Store::Memory" => "Starch","Starch::Util" => "Starch","Stardust" => "Stardust","Stardust::Controllers" => "Stardust","Stardust::Demo" => "Stardust","Stardust::Demo::Controllers" => "Stardust","Stardust::Demo::Views" => "Stardust","Storable" => "Storable","String::Compare::ConstantTime" => "String-Compare-ConstantTime","Sub::HandlesVia" => "Sub-HandlesVia","Sub::HandlesVia::CodeGenerator" => "Sub-HandlesVia","Sub::HandlesVia::Declare" => "Sub-HandlesVia","Sub::HandlesVia::Handler" => "Sub-HandlesVia","Sub::HandlesVia::Handler::CodeRef" => "Sub-HandlesVia","Sub::HandlesVia::Handler::Traditional" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Array" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Blessed" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Bool" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Code" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Counter" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Enum" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Hash" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Number" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Scalar" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::String" => "Sub-HandlesVia","Sub::HandlesVia::Mite" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mite" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moo" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose::PackageTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose::RoleTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse::PackageTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse::RoleTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::ObjectPad" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Plain" => "Sub-HandlesVia","Symbol" => "perl","Sys::Hostname" => "perl","Sys::Syslog" => "Sys-Syslog","Sys::Syslog::Win32" => "Sys-Syslog","Tcl" => "Tcl","Tcl::Cmdbase" => "Tcl","Tcl::Code" => "Tcl","Tcl::List" => "Tcl","Tcl::Var" => "Tcl","Template::Declare::Exception" => "Jifty","Template::Quick" => "MySQL-Admin","Term::ReadLine::Gnu" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::AU" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::Var" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::XS" => "Term-ReadLine-Gnu","Test::Dpkg" => "Dpkg","Test::Mojo" => "Mojolicious","Test::Simply" => "Fake-Our","Test::Starch" => "Starch","TestChunks" => "Perl6-Pugs","Testing" => "perl","Text::SmartyPants" => "MojoMojo","Text::Wikispaces2Markdown" => "MojoMojo","Thread" => "perl","Thread::Signal" => "perl","Thread::Specific" => "perl","Tie::Array" => "perl","Tie::ExtraHash" => "perl","Tie::Handle" => "perl","Tie::Hash" => "perl","Tie::Hash::NamedCapture" => "perl","Tie::Memoize" => "perl","Tie::Scalar" => "perl","Tie::StdArray" => "perl","Tie::StdHandle" => "perl","Tie::StdHash" => "perl","Tie::StdScalar" => "perl","Tie::SubstrHash" => "perl","Tie::Watch" => "Tk","Time::gmtime" => "perl","Time::localtime" => "perl","Time::tm" => "perl","Tk" => "Tk","Tk::Adjuster" => "Tk","Tk::Adjuster::Item" => "Tk","Tk::After" => "Tk","Tk::Animation" => "Tk","Tk::Balloon" => "Tk","Tk::Bitmap" => "Tk","Tk::BrowseEntry" => "Tk","Tk::Button" => "Tk","Tk::Canvas" => "Tk","Tk::Checkbutton" => "Tk","Tk::Clipboard" => "Tk","Tk::CmdLine" => "Tk","Tk::ColorDialog" => "Tk","Tk::ColorEditor" => "Tk","Tk::ColorSelect" => "Tk","Tk::Compound" => "Tk","Tk::Configure" => "Tk","Tk::Derived" => "Tk","Tk::Dialog" => "Tk","Tk::DialogBox" => "Tk","Tk::DirTree" => "Tk","Tk::DirTreeDialog" => "Tk","Tk::Dirlist" => "Tk","Tk::DragDrop" => "Tk","Tk::DragDrop::Common" => "Tk","Tk::DragDrop::Local" => "Tk","Tk::DragDrop::Rect" => "Tk","Tk::DragDrop::SunConst" => "Tk","Tk::DragDrop::SunDrop" => "Tk","Tk::DragDrop::SunSite" => "Tk","Tk::DragDrop::Win32Drop" => "Tk","Tk::DragDrop::Win32Site" => "Tk","Tk::DragDrop::XDNDDrop" => "Tk","Tk::DragDrop::XDNDSite" => "Tk","Tk::DropSite" => "Tk","Tk::DummyEncode" => "Tk","Tk::DummyEncode::iso8859_1" => "Tk","Tk::English" => "Tk","Tk::Entry" => "Tk","Tk::ErrorDialog" => "Tk","Tk::Event" => "Tk","Tk::Event::IO" => "Tk","Tk::FBox" => "Tk","Tk::FileSelect" => "Tk","Tk::FloatEntry" => "Tk","Tk::Font" => "Tk","Tk::Frame" => "Tk","Tk::HList" => "Tk","Tk::IO" => "Tk","Tk::IconList" => "Tk","Tk::Image" => "Tk","Tk::InputO" => "Tk","Tk::ItemStyle" => "Tk","Tk::JPEG" => "Tk","Tk::LabEntry" => "Tk","Tk::LabFrame" => "Tk","Tk::LabRadiobutton" => "Tk","Tk::Label" => "Tk","Tk::LabeledEntryLabeledRadiobutton" => "Tk","Tk::Labelframe" => "Tk","Tk::Listbox" => "Tk","Tk::MMtry" => "Tk","Tk::MMutil" => "Tk","Tk::MainWindow" => "Tk","Tk::MakeDepend" => "Tk","Tk::Menu" => "Tk","Tk::Menu::Button" => "Tk","Tk::Menu::Cascade" => "Tk","Tk::Menu::Checkbutton" => "Tk","Tk::Menu::Item" => "Tk","Tk::Menu::Radiobutton" => "Tk","Tk::Menu::Separator" => "Tk","Tk::Menubar" => "Tk","Tk::Menubutton" => "Tk","Tk::Message" => "Tk","Tk::MsgBox" => "Tk","Tk::Mwm" => "Tk","Tk::NBFrame" => "Tk","Tk::NoteBook" => "Tk","Tk::Optionmenu" => "Tk","Tk::PNG" => "Tk","Tk::Pane" => "Tk","Tk::Panedwindow" => "Tk","Tk::Photo" => "Tk","Tk::Pixmap" => "Tk","Tk::Pretty" => "Tk","Tk::ProgressBar" => "Tk","Tk::ROText" => "Tk","Tk::Radiobutton" => "Tk","Tk::Region" => "Tk","Tk::Reindex" => "Tk","Tk::ReindexedROText" => "Tk","Tk::ReindexedText" => "Tk","Tk::Scale" => "Tk","Tk::Scrollbar" => "Tk","Tk::Spinbox" => "Tk","Tk::Stats" => "Tk","Tk::Stdio" => "PAR","Tk::Stdio::Handle" => "PAR","Tk::Submethods" => "Tk","Tk::TList" => "Tk","Tk::Table" => "Tk","Tk::Text" => "Tk","Tk::Text::Tag" => "Tk","Tk::TextEdit" => "Tk","Tk::TextList" => "Tk","Tk::TextUndo" => "Tk","Tk::Tiler" => "Tk","Tk::TixGrid" => "Tk","Tk::Toplevel" => "Tk","Tk::Trace" => "Tk","Tk::Tree" => "Tk","Tk::Widget" => "Tk","Tk::WinPhoto" => "Tk","Tk::Wm" => "Tk","Tk::X" => "Tk","Tk::X11Font" => "Tk","Tk::Xlib" => "Tk","Tk::Xrm" => "Tk","Tk::install" => "Tk","Tk::widgets" => "Tk","U64" => "IO-Compress","UDDI::Constants" => "SOAP-Lite","UI::Dialog" => "UI-Dialog","UI::Dialog::Backend" => "UI-Dialog","UI::Dialog::Backend::ASCII" => "UI-Dialog","UI::Dialog::Backend::CDialog" => "UI-Dialog","UI::Dialog::Backend::GDialog" => "UI-Dialog","UI::Dialog::Backend::KDialog" => "UI-Dialog","UI::Dialog::Backend::Nautilus" => "UI-Dialog","UI::Dialog::Backend::NotifySend" => "UI-Dialog","UI::Dialog::Backend::Whiptail" => "UI-Dialog","UI::Dialog::Backend::XDialog" => "UI-Dialog","UI::Dialog::Backend::XOSD" => "UI-Dialog","UI::Dialog::Backend::Zenity" => "UI-Dialog","UI::Dialog::Console" => "UI-Dialog","UI::Dialog::GNOME" => "UI-Dialog","UI::Dialog::Gauged" => "UI-Dialog","UI::Dialog::KDE" => "UI-Dialog","UI::Dialog::Screen::Druid" => "UI-Dialog","UI::Dialog::Screen::Menu" => "UI-Dialog","UNIVERSAL" => "perl","UR" => "UR","UR::All" => "UR","UR::AttributeHandlers" => "UR","UR::BoolExpr" => "UR","UR::BoolExpr::BxParser" => "UR","UR::BoolExpr::BxParser::Yapp::Driver" => "UR","UR::BoolExpr::Parser::ParseYappDriver" => "UR","UR::BoolExpr::Template" => "UR","UR::BoolExpr::Template::And" => "UR","UR::BoolExpr::Template::Composite" => "UR","UR::BoolExpr::Template::Or" => "UR","UR::BoolExpr::Template::PropertyComparison" => "UR","UR::BoolExpr::Template::PropertyComparison::Between" => "UR","UR::BoolExpr::Template::PropertyComparison::Equals" => "UR","UR::BoolExpr::Template::PropertyComparison::False" => "UR","UR::BoolExpr::Template::PropertyComparison::GreaterOrEqual" => "UR","UR::BoolExpr::Template::PropertyComparison::GreaterThan" => "UR","UR::BoolExpr::Template::PropertyComparison::In" => "UR","UR::BoolExpr::Template::PropertyComparison::Isa" => "UR","UR::BoolExpr::Template::PropertyComparison::LessOrEqual" => "UR","UR::BoolExpr::Template::PropertyComparison::LessThan" => "UR","UR::BoolExpr::Template::PropertyComparison::Like" => "UR","UR::BoolExpr::Template::PropertyComparison::Matches" => "UR","UR::BoolExpr::Template::PropertyComparison::NotBetween" => "UR","UR::BoolExpr::Template::PropertyComparison::NotEquals" => "UR","UR::BoolExpr::Template::PropertyComparison::NotIn" => "UR","UR::BoolExpr::Template::PropertyComparison::NotLike" => "UR","UR::BoolExpr::Template::PropertyComparison::True" => "UR","UR::BoolExpr::Util" => "UR","UR::BoolExpr::Util::clonedThing" => "UR","UR::Change" => "UR","UR::Context" => "UR","UR::Context::AutoUnloadPool" => "UR","UR::Context::DefaultRoot" => "UR","UR::Context::LoadingIterator" => "UR","UR::Context::ObjectFabricator" => "UR","UR::Context::Process" => "UR","UR::Context::Root" => "UR","UR::Context::Transaction" => "UR","UR::DBI" => "UR","UR::DBI::Report" => "UR","UR::DBI::db" => "UR","UR::DBI::st" => "UR","UR::DataSource" => "UR","UR::DataSource::CSV" => "UR","UR::DataSource::Code" => "UR","UR::DataSource::Default" => "UR","UR::DataSource::File" => "UR","UR::DataSource::FileMux" => "UR","UR::DataSource::Filesystem" => "UR","UR::DataSource::Meta" => "UR","UR::DataSource::MySQL" => "UR","UR::DataSource::Oracle" => "UR","UR::DataSource::Pg" => "UR","UR::DataSource::Pg::Operator::False" => "UR","UR::DataSource::Pg::Operator::True" => "UR","UR::DataSource::QueryPlan" => "UR","UR::DataSource::RDBMS" => "UR","UR::DataSource::RDBMS::BitmapIndex" => "UR","UR::DataSource::RDBMS::Entity" => "UR","UR::DataSource::RDBMS::FkConstraint" => "UR","UR::DataSource::RDBMS::FkConstraintColumn" => "UR","UR::DataSource::RDBMS::Operator::Between" => "UR","UR::DataSource::RDBMS::Operator::Equals" => "UR","UR::DataSource::RDBMS::Operator::False" => "UR","UR::DataSource::RDBMS::Operator::GreaterOrEqual" => "UR","UR::DataSource::RDBMS::Operator::GreaterThan" => "UR","UR::DataSource::RDBMS::Operator::In" => "UR","UR::DataSource::RDBMS::Operator::LessOrEqual" => "UR","UR::DataSource::RDBMS::Operator::LessThan" => "UR","UR::DataSource::RDBMS::Operator::Like" => "UR","UR::DataSource::RDBMS::Operator::NotBetween" => "UR","UR::DataSource::RDBMS::Operator::NotEquals" => "UR","UR::DataSource::RDBMS::Operator::NotIn" => "UR","UR::DataSource::RDBMS::Operator::NotLike" => "UR","UR::DataSource::RDBMS::Operator::True" => "UR","UR::DataSource::RDBMS::PkConstraintColumn" => "UR","UR::DataSource::RDBMS::Table" => "UR","UR::DataSource::RDBMS::Table::View::Default::Text" => "UR","UR::DataSource::RDBMS::TableColumn" => "UR","UR::DataSource::RDBMS::TableColumn::View::Default::Text" => "UR","UR::DataSource::RDBMS::UniqueConstraintColumn" => "UR","UR::DataSource::RDBMSRetriableOperations" => "UR","UR::DataSource::SQLite" => "UR","UR::DataSource::ValueDomain" => "UR","UR::Debug" => "UR","UR::DeletedRef" => "UR","UR::Doc::Pod2Html" => "UR","UR::Doc::Section" => "UR","UR::Doc::Writer" => "UR","UR::Doc::Writer::Html" => "UR","UR::Doc::Writer::Pod" => "UR","UR::Env::UR_COMMAND_DUMP_DEBUG_MESSAGES" => "UR","UR::Env::UR_COMMAND_DUMP_STATUS_MESSAGES" => "UR","UR::Env::UR_CONTEXT_BASE" => "UR","UR::Env::UR_CONTEXT_CACHE_SIZE_HIGHWATER" => "UR","UR::Env::UR_CONTEXT_CACHE_SIZE_LOWWATER" => "UR","UR::Env::UR_CONTEXT_LIBS" => "UR","UR::Env::UR_CONTEXT_MONITOR_QUERY" => "UR","UR::Env::UR_CONTEXT_ROOT" => "UR","UR::Env::UR_DBI_DUMP_STACK_ON_CONNECT" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_CALLSTACK" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_IF" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_MATCH" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_SLOW" => "UR","UR::Env::UR_DBI_MONITOR_DML" => "UR","UR::Env::UR_DBI_MONITOR_EVERY_FETCH" => "UR","UR::Env::UR_DBI_MONITOR_SQL" => "UR","UR::Env::UR_DBI_NO_COMMIT" => "UR","UR::Env::UR_DBI_SUMMARIZE_SQL" => "UR","UR::Env::UR_DEBUG_OBJECT_PRUNING" => "UR","UR::Env::UR_DEBUG_OBJECT_RELEASE" => "UR","UR::Env::UR_DUMP_DEBUG_MESSAGES" => "UR","UR::Env::UR_DUMP_STATUS_MESSAGES" => "UR","UR::Env::UR_IGNORE" => "UR","UR::Env::UR_MOOSE" => "UR","UR::Env::UR_NO_REQUIRE_USER_VERIFY" => "UR","UR::Env::UR_NR_CPU" => "UR","UR::Env::UR_RUN_LONG_TESTS" => "UR","UR::Env::UR_STACK_DUMP_ON_DIE" => "UR","UR::Env::UR_STACK_DUMP_ON_WARN" => "UR","UR::Env::UR_TEST_QUIET" => "UR","UR::Env::UR_USED_MODS" => "UR","UR::Env::UR_USE_ANY" => "UR","UR::Env::UR_USE_DUMMY_AUTOGENERATED_IDS" => "UR","UR::Exit" => "UR","UR::Iterator" => "UR","UR::ModuleBase" => "UR","UR::ModuleBase::Message" => "UR","UR::ModuleBuild" => "UR","UR::ModuleConfig" => "UR","UR::ModuleLoader" => "UR","UR::Moose" => "UR","UR::Namespace" => "UR","UR::Namespace::Command" => "UR","UR::Namespace::Command::Base" => "UR","UR::Namespace::Command::Define" => "UR","UR::Namespace::Command::Define::Class" => "UR","UR::Namespace::Command::Define::Datasource" => "UR","UR::Namespace::Command::Define::Datasource::File" => "UR","UR::Namespace::Command::Define::Datasource::Mysql" => "UR","UR::Namespace::Command::Define::Datasource::Oracle" => "UR","UR::Namespace::Command::Define::Datasource::Pg" => "UR","UR::Namespace::Command::Define::Datasource::Rdbms" => "UR","UR::Namespace::Command::Define::Datasource::RdbmsWithAuth" => "UR","UR::Namespace::Command::Define::Datasource::Sqlite" => "UR","UR::Namespace::Command::Define::Db" => "UR","UR::Namespace::Command::Define::Namespace" => "UR","UR::Namespace::Command::Describe" => "UR","UR::Namespace::Command::Init" => "UR","UR::Namespace::Command::List" => "UR","UR::Namespace::Command::List::Classes" => "UR","UR::Namespace::Command::List::Modules" => "UR","UR::Namespace::Command::List::Objects" => "UR","UR::Namespace::Command::Old" => "UR","UR::Namespace::Command::Old::DiffRewrite" => "UR","UR::Namespace::Command::Old::DiffUpdate" => "UR","UR::Namespace::Command::Old::ExportDbicClasses" => "UR","UR::Namespace::Command::Old::Info" => "UR","UR::Namespace::Command::Old::Redescribe" => "UR","UR::Namespace::Command::RunsOnModulesInTree" => "UR","UR::Namespace::Command::Show" => "UR","UR::Namespace::Command::Show::Properties" => "UR","UR::Namespace::Command::Show::Schema" => "UR","UR::Namespace::Command::Show::Subclasses" => "UR","UR::Namespace::Command::Sys" => "UR","UR::Namespace::Command::Sys::ClassBrowser" => "UR","UR::Namespace::Command::Sys::ClassBrowser::TreeItem" => "UR","UR::Namespace::Command::Test" => "UR","UR::Namespace::Command::Test::Callcount" => "UR","UR::Namespace::Command::Test::Callcount::List" => "UR","UR::Namespace::Command::Test::Compile" => "UR","UR::Namespace::Command::Test::Eval" => "UR","UR::Namespace::Command::Test::Run" => "UR","UR::Namespace::Command::Test::TrackObjectRelease" => "UR","UR::Namespace::Command::Test::Use" => "UR","UR::Namespace::Command::Test::Window" => "UR","UR::Namespace::Command::Test::Window::Tk" => "UR","UR::Namespace::Command::Update" => "UR","UR::Namespace::Command::Update::ClassDiagram" => "UR","UR::Namespace::Command::Update::ClassesFromDb" => "UR","UR::Namespace::Command::Update::Doc" => "UR","UR::Namespace::Command::Update::Pod" => "UR","UR::Namespace::Command::Update::RenameClass" => "UR","UR::Namespace::Command::Update::RewriteClassHeader" => "UR","UR::Namespace::Command::Update::SchemaDiagram" => "UR","UR::Namespace::Command::Update::TabCompletionSpec" => "UR","UR::Object" => "UR","UR::Object::Accessorized" => "UR","UR::Object::Command::FetchAndDo" => "UR","UR::Object::Command::List" => "UR","UR::Object::Command::List::Csv" => "UR","UR::Object::Command::List::Html" => "UR","UR::Object::Command::List::Newtext" => "UR","UR::Object::Command::List::Pretty" => "UR","UR::Object::Command::List::Style" => "UR","UR::Object::Command::List::Text" => "UR","UR::Object::Command::List::Tsv" => "UR","UR::Object::Command::List::Xml" => "UR","UR::Object::Ghost" => "UR","UR::Object::Index" => "UR","UR::Object::Iterator" => "UR","UR::Object::Join" => "UR","UR::Object::Property" => "UR","UR::Object::Property::View::Default::Text" => "UR","UR::Object::Property::View::DescriptionLineItem::Text" => "UR","UR::Object::Property::View::ReferenceDescription::Text" => "UR","UR::Object::Set" => "UR","UR::Object::Set::View::Default::Html" => "UR","UR::Object::Set::View::Default::Json" => "UR","UR::Object::Set::View::Default::Text" => "UR","UR::Object::Set::View::Default::Xml" => "UR","UR::Object::Tag" => "UR","UR::Object::Type" => "UR","UR::Object::Type::AccessorWriter" => "UR","UR::Object::Type::AccessorWriter::Product" => "UR","UR::Object::Type::AccessorWriter::Sum" => "UR","UR::Object::Type::Initializer" => "UR","UR::Object::Type::ModuleWriter" => "UR","UR::Object::Type::View::AvailableViews::Json" => "UR","UR::Object::Type::View::AvailableViews::Xml" => "UR","UR::Object::Type::View::Default::Text" => "UR","UR::Object::Type::View::Default::Umlet" => "UR","UR::Object::Type::View::Default::Xml" => "UR","UR::Object::Umlet" => "UR","UR::Object::Umlet::Class" => "UR","UR::Object::Umlet::Diagram" => "UR","UR::Object::Umlet::Other" => "UR","UR::Object::Umlet::PictureElement" => "UR","UR::Object::Umlet::Relation" => "UR","UR::Object::Value" => "UR","UR::Object::View" => "UR","UR::Object::View::Aspect" => "UR","UR::Object::View::Default::Gtk" => "UR","UR::Object::View::Default::Gtk2" => "UR","UR::Object::View::Default::Html" => "UR","UR::Object::View::Default::Json" => "UR","UR::Object::View::Default::Text" => "UR","UR::Object::View::Default::Xml" => "UR","UR::Object::View::Default::Xsl" => "UR","UR::Object::View::Lister::Text" => "UR","UR::Object::View::Static::Html" => "UR","UR::Object::View::Toolkit" => "UR","UR::Object::View::Toolkit::Text" => "UR","UR::Object::View::Toolkit::Umlet" => "UR","UR::Observer" => "UR","UR::Role" => "UR","UR::Role::Instance" => "UR","UR::Role::MethodModifier" => "UR","UR::Role::MethodModifier::After" => "UR","UR::Role::MethodModifier::Around" => "UR","UR::Role::MethodModifier::Before" => "UR","UR::Role::Param" => "UR","UR::Role::Prototype" => "UR","UR::Role::PrototypeWithParams" => "UR","UR::Service::JsonRpcServer" => "UR","UR::Service::RPC::Executer" => "UR","UR::Service::RPC::Message" => "UR","UR::Service::RPC::Server" => "UR","UR::Service::RPC::TcpConnectionListener" => "UR","UR::Service::UrlRouter" => "UR","UR::Service::WebServer" => "UR","UR::Service::WebServer::Server" => "UR","UR::Service::XMLCommandExecutor" => "UR","UR::Singleton" => "UR","UR::Time" => "UR","UR::Util" => "UR","UR::Util::ArrayRefIterator" => "UR","UR::Value" => "UR","UR::Value::ARRAY" => "UR","UR::Value::Blob" => "UR","UR::Value::Boolean" => "UR","UR::Value::Boolean::View::Default::Text" => "UR","UR::Value::CODE" => "UR","UR::Value::CSV" => "UR","UR::Value::DateTime" => "UR","UR::Value::Decimal" => "UR","UR::Value::DirectoryPath" => "UR","UR::Value::FOF" => "UR","UR::Value::FilePath" => "UR","UR::Value::FilesystemPath" => "UR","UR::Value::Float" => "UR","UR::Value::GLOB" => "UR","UR::Value::HASH" => "UR","UR::Value::Integer" => "UR","UR::Value::Iterator" => "UR","UR::Value::JSON" => "UR","UR::Value::Number" => "UR","UR::Value::PerlReference" => "UR","UR::Value::REF" => "UR","UR::Value::SCALAR" => "UR","UR::Value::Set" => "UR","UR::Value::SloppyPrimitive" => "UR","UR::Value::String" => "UR","UR::Value::Text" => "UR","UR::Value::Timestamp" => "UR","UR::Value::Type" => "UR","UR::Value::URL" => "UR","UR::Value::View::Default::Html" => "UR","UR::Value::View::Default::Json" => "UR","UR::Value::View::Default::Text" => "UR","UR::Value::View::Default::Xml" => "UR","UR::Vocabulary" => "UR","URI::jabber" => "SOAP-Lite","UTF_8" => "Squatting","UTF_8::Controllers" => "Squatting","UTF_8::Views" => "Squatting","Ukigumo::Agent" => "Ukigumo-Agent","Ukigumo::Agent::Cleaner" => "Ukigumo-Agent","Ukigumo::Agent::Dispatcher" => "Ukigumo-Agent","Ukigumo::Agent::Logger" => "Ukigumo-Agent","Ukigumo::Agent::Manager" => "Ukigumo-Agent","Ukigumo::Agent::View" => "Ukigumo-Agent","Ukigumo::Server" => "Ukigumo-Server","Ukigumo::Server::API" => "Ukigumo-Server","Ukigumo::Server::API::Dispatcher" => "Ukigumo-Server","Ukigumo::Server::Command::Branch" => "Ukigumo-Server","Ukigumo::Server::Command::Docs" => "Ukigumo-Server","Ukigumo::Server::Command::Report" => "Ukigumo-Server","Ukigumo::Server::DB" => "Ukigumo-Server","Ukigumo::Server::DB::Schema" => "Ukigumo-Server","Ukigumo::Server::L10N" => "Ukigumo-Server","Ukigumo::Server::Launcher" => "Ukigumo-Server","Ukigumo::Server::Schema" => "Ukigumo-Server","Ukigumo::Server::Util" => "Ukigumo-Server","Ukigumo::Server::Web" => "Ukigumo-Server","Ukigumo::Server::Web::Dispatcher" => "Ukigumo-Server","Ukigumo::Server::Web::ViewFunctions" => "Ukigumo-Server","UnQLite" => "UnQLite","UnQLite::Cursor" => "UnQLite","UniCodePoints" => "Squatting","UniCodePoints::Controllers" => "Squatting","UniCodePoints::Views" => "Squatting","Unicode::UCD" => "perl","UnicodeCD" => "perl","User::grent" => "perl","User::pwent" => "perl","VMS::DCLsym" => "perl","VMS::Filespec" => "perl","VMS::Stdio" => "perl","Valiant" => "Valiant","Valiant::Error" => "Valiant","Valiant::Errors" => "Valiant","Valiant::Filter" => "Valiant","Valiant::Filter::Collapse" => "Valiant","Valiant::Filter::Collection" => "Valiant","Valiant::Filter::Each" => "Valiant","Valiant::Filter::Flatten" => "Valiant","Valiant::Filter::HtmlEscape" => "Valiant","Valiant::Filter::Lower" => "Valiant","Valiant::Filter::Numberize" => "Valiant","Valiant::Filter::Template" => "Valiant","Valiant::Filter::Title" => "Valiant","Valiant::Filter::ToArray" => "Valiant","Valiant::Filter::Trim" => "Valiant","Valiant::Filter::UcFirst" => "Valiant","Valiant::Filter::Upper" => "Valiant","Valiant::Filter::With" => "Valiant","Valiant::Filterable" => "Valiant","Valiant::Filters" => "Valiant","Valiant::HTML::BaseComponent" => "Valiant","Valiant::HTML::Component" => "Valiant","Valiant::HTML::Components" => "Valiant","Valiant::HTML::ContentComponent" => "Valiant","Valiant::HTML::Form" => "Valiant","Valiant::HTML::FormBuilder" => "Valiant","Valiant::HTML::FormBuilder::Checkbox" => "Valiant","Valiant::HTML::FormBuilder::DefaultModel" => "Valiant","Valiant::HTML::FormBuilder::Model" => "Valiant","Valiant::HTML::FormBuilder::Model::TextField" => "Valiant","Valiant::HTML::FormBuilder::Proxy" => "Valiant","Valiant::HTML::FormBuilder::RadioButton" => "Valiant","Valiant::HTML::FormBuilder::Renderer::TextField" => "Valiant","Valiant::HTML::FormTags" => "Valiant","Valiant::HTML::PagerBuilder" => "Valiant","Valiant::HTML::SafeString" => "Valiant","Valiant::HTML::Tag" => "Valiant","Valiant::HTML::TagBuilder" => "Valiant","Valiant::HTML::Util::Collection" => "Valiant","Valiant::HTML::Util::Collection::HashItem" => "Valiant","Valiant::HTML::Util::Collection::Item" => "Valiant","Valiant::HTML::Util::Form" => "Valiant","Valiant::HTML::Util::Form::FormObject" => "Valiant","Valiant::HTML::Util::FormTags" => "Valiant","Valiant::HTML::Util::Pager" => "Valiant","Valiant::HTML::Util::TagBuilder" => "Valiant","Valiant::HTML::Util::TagBuilder::_tags" => "Valiant","Valiant::HTML::Util::View" => "Valiant","Valiant::I18N" => "Valiant","Valiant::I18N::Tag" => "Valiant","Valiant::JSON::JSONBuilder" => "Valiant","Valiant::JSON::Util" => "Valiant","Valiant::Name" => "Valiant","Valiant::Naming" => "Valiant","Valiant::NestedError" => "Valiant","Valiant::Proxy" => "Valiant","Valiant::Proxy::Array" => "Valiant","Valiant::Proxy::Hash" => "Valiant","Valiant::Proxy::Object" => "Valiant","Valiant::Translation" => "Valiant","Valiant::Util" => "Valiant","Valiant::Util::Ancestors" => "Valiant","Valiant::Util::Exception" => "Valiant","Valiant::Util::Exception::General" => "Valiant","Valiant::Util::Exception::InvalidFilterArgs" => "Valiant","Valiant::Util::Exception::InvalidValidatorArgs" => "Valiant","Valiant::Util::Exception::MissingCountKey" => "Valiant","Valiant::Util::Exception::MissingMethod" => "Valiant","Valiant::Util::Exception::NameNotFilter" => "Valiant","Valiant::Util::Exception::NameNotValidator" => "Valiant","Valiant::Util::Exception::Strict" => "Valiant","Valiant::Util::Exception::UnexpectedUseModuleError" => "Valiant","Valiant::Validates" => "Valiant","Valiant::Validations" => "Valiant","Valiant::Validator" => "Valiant","Valiant::Validator::Absence" => "Valiant","Valiant::Validator::Array" => "Valiant","Valiant::Validator::Boolean" => "Valiant","Valiant::Validator::Check" => "Valiant","Valiant::Validator::Collection" => "Valiant","Valiant::Validator::Confirmation" => "Valiant","Valiant::Validator::Date" => "Valiant","Valiant::Validator::Each" => "Valiant","Valiant::Validator::Exclusion" => "Valiant","Valiant::Validator::Format" => "Valiant","Valiant::Validator::Hash" => "Valiant","Valiant::Validator::Inclusion" => "Valiant","Valiant::Validator::Length" => "Valiant","Valiant::Validator::Numericality" => "Valiant","Valiant::Validator::Object" => "Valiant","Valiant::Validator::OnlyOf" => "Valiant","Valiant::Validator::Presence" => "Valiant","Valiant::Validator::Scalar" => "Valiant","Valiant::Validator::Unique" => "Valiant","Valiant::Validator::With" => "Valiant","WWW::Mechanize" => "WWW-Mechanize","WWW::Mechanize::Image" => "WWW-Mechanize","WWW::Mechanize::Link" => "WWW-Mechanize","WWW::OAuth" => "WWW-OAuth","WWW::OAuth::Request" => "WWW-OAuth","WWW::OAuth::Request::Basic" => "WWW-OAuth","WWW::OAuth::Request::HTTP_Request" => "WWW-OAuth","WWW::OAuth::Request::Mojo" => "WWW-OAuth","WWW::OAuth::Util" => "WWW-OAuth","WWW::ORCID" => "WWW-ORCID","WWW::ORCID::API" => "WWW-ORCID","WWW::ORCID::API::Common" => "WWW-ORCID","WWW::ORCID::API::Pub" => "WWW-ORCID","WWW::ORCID::API::v2_0" => "WWW-ORCID","WWW::ORCID::API::v2_0_public" => "WWW-ORCID","WWW::ORCID::Base" => "WWW-ORCID","WWW::ORCID::MemberAPI" => "WWW-ORCID","WWW::ORCID::Transport" => "WWW-ORCID","WWW::ORCID::Transport::HTTP::Tiny" => "WWW-ORCID","WWW::ORCID::Transport::LWP" => "WWW-ORCID","WWW::UsePerl::Server" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Controller::Root" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Model::DB" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Comment" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Journal" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Story" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::User" => "WWW-UsePerl-Server","WWW::UsePerl::Server::View::TT" => "WWW-UsePerl-Server","Web::API" => "Web-API","WebService::Xero" => "WebService-Xero","WebService::Xero::Agent" => "WebService-Xero","WebService::Xero::Agent::PrivateApplication" => "WebService-Xero","WebService::Xero::Agent::PublicApplication" => "WebService-Xero","WebService::Xero::Contact" => "WebService-Xero","WebService::Xero::Invoice" => "WebService-Xero","WebService::Xero::Item" => "WebService-Xero","WebService::Xero::Organisation" => "WebService-Xero","WidgetDemo" => "Tk","Wight::Chart" => "Wight-Chart","Wight::Chart::ChartJS" => "Wight-Chart","Wight::Chart::Google" => "Wight-Chart","Win32::File::Summary" => "Win32-File-Summary","Win32::Printer" => "Win32-Printer","Win32::Printer::Direct" => "Win32-Printer","Win32::Printer::Enum" => "Win32-Printer","Win32CORE" => "perl","X509_Certificate" => "IO-Socket-SSL","XAO::DO::CGI" => "XAO-Web","XAO::DO::Context" => "XAO-Web","XAO::DO::Web::Action" => "XAO-Web","XAO::DO::Web::Benchmark" => "XAO-Web","XAO::DO::Web::CgiParam" => "XAO-Web","XAO::DO::Web::Clipboard" => "XAO-Web","XAO::DO::Web::Condition" => "XAO-Web","XAO::DO::Web::Config" => "XAO-Web","XAO::DO::Web::Cookie" => "XAO-Web","XAO::DO::Web::Date" => "XAO-Web","XAO::DO::Web::Debug" => "XAO-Web","XAO::DO::Web::Default" => "XAO-Web","XAO::DO::Web::FS" => "XAO-Web","XAO::DO::Web::FilloutForm" => "XAO-Web","XAO::DO::Web::Footer" => "XAO-Web","XAO::DO::Web::Header" => "XAO-Web","XAO::DO::Web::IdentifyAgent" => "XAO-Web","XAO::DO::Web::IdentifyUser" => "XAO-Web","XAO::DO::Web::Mailer" => "XAO-Web","XAO::DO::Web::Math" => "XAO-Web","XAO::DO::Web::MenuBuilder" => "XAO-Web","XAO::DO::Web::MultiPageNav" => "XAO-Web","XAO::DO::Web::Page" => "XAO-Web","XAO::DO::Web::Redirect" => "XAO-Web","XAO::DO::Web::Search" => "XAO-Web","XAO::DO::Web::SetArg" => "XAO-Web","XAO::DO::Web::Styler" => "XAO-Web","XAO::DO::Web::TextTable" => "XAO-Web","XAO::DO::Web::URL" => "XAO-Web","XAO::DO::Web::Utility" => "XAO-Web","XAO::PageSupport" => "XAO-Web","XAO::PluginUtils" => "XAO-Web","XAO::PreLoad" => "XAO-Web","XAO::Templates" => "XAO-Web","XAO::Web" => "XAO-Web","XAO::testcases::Web::base" => "XAO-Web","XML::Atom" => "XML-Atom","XML::Atom::Base" => "XML-Atom","XML::Atom::Category" => "XML-Atom","XML::Atom::Client" => "XML-Atom","XML::Atom::Content" => "XML-Atom","XML::Atom::Entry" => "XML-Atom","XML::Atom::ErrorHandler" => "XML-Atom","XML::Atom::Feed" => "XML-Atom","XML::Atom::Link" => "XML-Atom","XML::Atom::Namespace" => "XML-Atom","XML::Atom::Person" => "XML-Atom","XML::Atom::Server" => "XML-Atom","XML::Atom::Thing" => "XML-Atom","XML::Atom::Util" => "XML-Atom","XML::DT" => "XML-DT","XML::LibXML" => "XML-LibXML","XML::LibXML::Attr" => "XML-LibXML","XML::LibXML::AttributeHash" => "XML-LibXML","XML::LibXML::Boolean" => "XML-LibXML","XML::LibXML::CDATASection" => "XML-LibXML","XML::LibXML::Comment" => "XML-LibXML","XML::LibXML::Common" => "XML-LibXML","XML::LibXML::Devel" => "XML-LibXML","XML::LibXML::Document" => "XML-LibXML","XML::LibXML::DocumentFragment" => "XML-LibXML","XML::LibXML::Dtd" => "XML-LibXML","XML::LibXML::Element" => "XML-LibXML","XML::LibXML::ErrNo" => "XML-LibXML","XML::LibXML::Error" => "XML-LibXML","XML::LibXML::InputCallback" => "XML-LibXML","XML::LibXML::Literal" => "XML-LibXML","XML::LibXML::NamedNodeMap" => "XML-LibXML","XML::LibXML::Namespace" => "XML-LibXML","XML::LibXML::Node" => "XML-LibXML","XML::LibXML::NodeList" => "XML-LibXML","XML::LibXML::Number" => "XML-LibXML","XML::LibXML::PI" => "XML-LibXML","XML::LibXML::Pattern" => "XML-LibXML","XML::LibXML::Reader" => "XML-LibXML","XML::LibXML::RegExp" => "XML-LibXML","XML::LibXML::RelaxNG" => "XML-LibXML","XML::LibXML::SAX" => "XML-LibXML","XML::LibXML::SAX::AttributeNode" => "XML-LibXML","XML::LibXML::SAX::Builder" => "XML-LibXML","XML::LibXML::SAX::Generator" => "XML-LibXML","XML::LibXML::SAX::Parser" => "XML-LibXML","XML::LibXML::Schema" => "XML-LibXML","XML::LibXML::Text" => "XML-LibXML","XML::LibXML::XPathContext" => "XML-LibXML","XML::LibXML::XPathExpression" => "XML-LibXML","XML::LibXML::_SAXParser" => "XML-LibXML","XML::Sig" => "XML-Sig","XML::Simple" => "XML-Simple","XML::Twig" => "XML-Twig","XML::Twig::Elt" => "XML-Twig","XML::Twig::Entity" => "XML-Twig","XML::Twig::Entity_list" => "XML-Twig","XML::Twig::Notation" => "XML-Twig","XML::Twig::Notation_list" => "XML-Twig","XML::Twig::XPath" => "XML-Twig","XML::Twig::XPath::Attribute" => "XML-Twig","XML::Twig::XPath::Elt" => "XML-Twig","XML::Twig::XPath::Namespace" => "XML-Twig","XS::APItest" => "perl","XS::Typemap" => "perl","YAML" => "YAML","YAML::Any" => "YAML","YAML::Dumper" => "YAML","YAML::Dumper::Base" => "YAML","YAML::Dumper::Syck" => "YAML-Syck","YAML::Error" => "YAML","YAML::LibYAML" => "YAML-LibYAML","YAML::Loader" => "YAML","YAML::Loader::Base" => "YAML","YAML::Loader::Syck" => "YAML-Syck","YAML::Marshall" => "YAML","YAML::Mo" => "YAML","YAML::Node" => "YAML","YAML::Syck" => "YAML-Syck","YAML::Tag" => "YAML","YAML::Type::blessed" => "YAML","YAML::Type::code" => "YAML","YAML::Type::glob" => "YAML","YAML::Type::ref" => "YAML","YAML::Type::regexp" => "YAML","YAML::Type::undef" => "YAML","YAML::Types" => "YAML","YAML::Warning" => "YAML","YAML::XS" => "YAML-LibYAML","YAML::XS::LibYAML" => "YAML-LibYAML","YATT::Lite" => "YATT-Lite","YATT::Lite::Breakpoint" => "YATT-Lite","YATT::Lite::CGen" => "YATT-Lite","YATT::Lite::CGen::ArgMacro" => "YATT-Lite","YATT::Lite::CGen::Perl" => "YATT-Lite","YATT::Lite::Connection" => "YATT-Lite","YATT::Lite::Constants" => "YATT-Lite","YATT::Lite::Core" => "YATT-Lite","YATT::Lite::Entities" => "YATT-Lite","YATT::Lite::Error" => "YATT-Lite","YATT::Lite::Factory" => "YATT-Lite","YATT::Lite::Inc" => "YATT-Lite","YATT::Lite::Inspector" => "YATT-Lite","YATT::Lite::LRXML" => "YATT-Lite","YATT::Lite::LRXML::AltTree" => "YATT-Lite","YATT::Lite::LRXML::FormatEntpath" => "YATT-Lite","YATT::Lite::LRXML::ParseBody" => "YATT-Lite","YATT::Lite::LRXML::ParseEntpath" => "YATT-Lite","YATT::Lite::LanguageServer" => "YATT-Lite","YATT::Lite::LanguageServer::Generic" => "YATT-Lite","YATT::Lite::LanguageServer::Protocol" => "YATT-Lite","YATT::Lite::LanguageServer::Spec2Types" => "YATT-Lite","YATT::Lite::LanguageServer::SpecParser" => "YATT-Lite","YATT::Lite::MFields" => "YATT-Lite","YATT::Lite::MFields::Decl" => "YATT-Lite","YATT::Lite::Macro" => "YATT-Lite","YATT::Lite::NSBuilder" => "YATT-Lite","YATT::Lite::Object" => "YATT-Lite","YATT::Lite::PSGIEnv" => "YATT-Lite","YATT::Lite::Partial" => "YATT-Lite","YATT::Lite::Partial::AppPath" => "YATT-Lite","YATT::Lite::Partial::ErrorReporter" => "YATT-Lite","YATT::Lite::Partial::Gettext" => "YATT-Lite","YATT::Lite::Partial::MarkAfterNew" => "YATT-Lite","YATT::Lite::RegexpNames" => "YATT-Lite","YATT::Lite::Test::TestFCGI" => "YATT-Lite","YATT::Lite::Test::TestUtil" => "YATT-Lite","YATT::Lite::Test::XHFTest" => "YATT-Lite","YATT::Lite::Test::XHFTest2" => "YATT-Lite","YATT::Lite::Test::XHFTest::Item" => "YATT-Lite","YATT::Lite::Types" => "YATT-Lite","YATT::Lite::Types::TypeDesc" => "YATT-Lite","YATT::Lite::Util" => "YATT-Lite","YATT::Lite::Util::AllowRedundantSprintf" => "YATT-Lite","YATT::Lite::Util::AsBase" => "YATT-Lite","YATT::Lite::Util::CGICompat" => "YATT-Lite","YATT::Lite::Util::CmdLine" => "YATT-Lite","YATT::Lite::Util::CycleDetector" => "YATT-Lite","YATT::Lite::Util::Enum" => "YATT-Lite","YATT::Lite::Util::File" => "YATT-Lite","YATT::Lite::Util::FindMethods" => "YATT-Lite","YATT::Lite::VFS" => "YATT-Lite","YATT::Lite::VarMaker" => "YATT-Lite","YATT::Lite::VarTypes" => "YATT-Lite","YATT::Lite::VarTypes::t_delegate" => "YATT-Lite","YATT::Lite::VarTypes::t_html" => "YATT-Lite","YATT::Lite::Walker" => "YATT-Lite","YATT::Lite::WebMVC0::Connection" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema::DBIC" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema::DBIC::DBIC_SCHEMA" => "YATT-Lite","YATT::Lite::WebMVC0::DirApp" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::LangSwitch" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session2" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session3" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp::CGI" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp::FCGI" => "YATT-Lite","YATT::Lite::WebMVC0::SubRoutes" => "YATT-Lite","YATT::Lite::XHF" => "YATT-Lite","YATT::Lite::XHF::Dumper" => "YATT-Lite","YATT::Lite::XHF::StoreDir" => "YATT-Lite","Yancy" => "Yancy","Yancy::Backend" => "Yancy","Yancy::Backend::Dbic" => "Yancy","Yancy::Backend::Memory" => "Yancy","Yancy::Backend::MojoDB" => "Yancy","Yancy::Backend::Mysql" => "Yancy","Yancy::Backend::Pg" => "Yancy","Yancy::Backend::Role::DBI" => "Yancy","Yancy::Backend::Role::MojoAsync" => "Yancy","Yancy::Backend::Role::Relational" => "Yancy","Yancy::Backend::Role::Sync" => "Yancy","Yancy::Backend::Sqlite" => "Yancy","Yancy::Command::backend" => "Yancy","Yancy::Command::backend::copy" => "Yancy","Yancy::Controller::Yancy" => "Yancy","Yancy::Controller::Yancy::API" => "Yancy","Yancy::Controller::Yancy::MultiTenant" => "Yancy","Yancy::I18N" => "Yancy","Yancy::I18N::en" => "Yancy","Yancy::Model" => "Yancy","Yancy::Model::Item" => "Yancy","Yancy::Model::Schema" => "Yancy","Yancy::Plugin::Auth" => "Yancy","Yancy::Plugin::Auth::Basic" => "Yancy","Yancy::Plugin::Auth::Github" => "Yancy","Yancy::Plugin::Auth::OAuth2" => "Yancy","Yancy::Plugin::Auth::Password" => "Yancy","Yancy::Plugin::Auth::Role::RequireUser" => "Yancy","Yancy::Plugin::Auth::Token" => "Yancy","Yancy::Plugin::Editor" => "Yancy","Yancy::Plugin::File" => "Yancy","Yancy::Plugin::Form" => "Yancy","Yancy::Plugin::Form::Bootstrap4" => "Yancy","Yancy::Plugin::Roles" => "Yancy","Yancy::Util" => "Yancy","Yote" => "Yote","Yote::Array" => "Yote","Yote::ArrayGatekeeper" => "Yote","Yote::BigHash" => "Yote","Yote::Hash" => "Yote","Yote::Obj" => "Yote","Yote::ObjStore" => "Yote","Yote::YoteDB" => "Yote","Yukki" => "Yukki","Yukki::Error" => "Yukki","Yukki::Error::Fixup" => "Yukki","Yukki::Model" => "Yukki","Yukki::Model::File" => "Yukki","Yukki::Model::FilePreview" => "Yukki","Yukki::Model::Repository" => "Yukki","Yukki::Model::User" => "Yukki","Yukki::Role::App" => "Yukki","Yukki::Settings" => "Yukki","Yukki::Settings::Anonymous" => "Yukki","Yukki::Settings::Repository" => "Yukki","Yukki::Types" => "Yukki","Yukki::Web" => "Yukki","Yukki::Web::Context" => "Yukki","Yukki::Web::Controller" => "Yukki","Yukki::Web::Controller::Attachment" => "Yukki","Yukki::Web::Controller::Login" => "Yukki","Yukki::Web::Controller::Page" => "Yukki","Yukki::Web::Controller::Redirect" => "Yukki","Yukki::Web::Plugin" => "Yukki","Yukki::Web::Plugin::Attachment" => "Yukki","Yukki::Web::Plugin::Role::FormatHelper" => "Yukki","Yukki::Web::Plugin::Role::Formatter" => "Yukki","Yukki::Web::Plugin::Spreadsheet" => "Yukki","Yukki::Web::Plugin::SyntaxHighlight" => "Yukki","Yukki::Web::Plugin::Viewer" => "Yukki","Yukki::Web::Plugin::YukkiText" => "Yukki","Yukki::Web::Request" => "Yukki","Yukki::Web::Response" => "Yukki","Yukki::Web::Router" => "Yukki","Yukki::Web::Router::Route" => "Yukki","Yukki::Web::Router::Route::Match" => "Yukki","Yukki::Web::Settings" => "Yukki","Yukki::Web::View" => "Yukki","Yukki::Web::View::Attachment" => "Yukki","Yukki::Web::View::Login" => "Yukki","Yukki::Web::View::Page" => "Yukki","Zabbix::Reporter" => "Zabbix-Reporter","Zabbix::Reporter::Cmd" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command::actions" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command::list" => "Zabbix-Reporter","Zabbix::Reporter::Web" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::Demo" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::History" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::List" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::Selftest" => "Zabbix-Reporter","Zlib::OldDeflate" => "IO-Compress","Zlib::OldInflate" => "IO-Compress","Zonemaster::Backend" => "Zonemaster-Backend","Zonemaster::Backend::Config" => "Zonemaster-Backend","Zonemaster::Backend::Config::DCPlugin" => "Zonemaster-Backend","Zonemaster::Backend::DB" => "Zonemaster-Backend","Zonemaster::Backend::DB::MySQL" => "Zonemaster-Backend","Zonemaster::Backend::DB::PostgreSQL" => "Zonemaster-Backend","Zonemaster::Backend::DB::SQLite" => "Zonemaster-Backend","Zonemaster::Backend::Error" => "Zonemaster-Backend","Zonemaster::Backend::Error::Conflict" => "Zonemaster-Backend","Zonemaster::Backend::Error::Internal" => "Zonemaster-Backend","Zonemaster::Backend::Error::JsonError" => "Zonemaster-Backend","Zonemaster::Backend::Error::PermissionDenied" => "Zonemaster-Backend","Zonemaster::Backend::Error::ResourceNotFound" => "Zonemaster-Backend","Zonemaster::Backend::Log" => "Zonemaster-Backend","Zonemaster::Backend::Metrics" => "Zonemaster-Backend","Zonemaster::Backend::RPCAPI" => "Zonemaster-Backend","Zonemaster::Backend::TestAgent" => "Zonemaster-Backend","Zonemaster::Backend::Translator" => "Zonemaster-Backend","Zonemaster::Backend::Validator" => "Zonemaster-Backend","above" => "UR","arybase" => "perl","attributes" => "perl","attrs" => "perl","back_tick_a_command" => "PAR","blib" => "perl","builtin" => "perl","bytes" => "perl","charnames" => "perl","class_name" => "UR","cppAdaptive1" => "cppAdaptive1","cppAdaptive2" => "cppAdaptive2","cppAdaptive2::Inline" => "cppAdaptive2","deprecate" => "perl","diagnostics" => "perl","encoding" => "Encode","feature" => "perl","filetest" => "perl","for" => "perl","in" => "perl","integer" => "perl","java::lang::String" => "perl","less" => "perl","locale" => "perl","mod_perl" => "mod_perl","mod_perl2" => "mod_perl","mro" => "perl","of" => "perl","ojo" => "Mojolicious","open" => "perl","ops" => "perl","overload" => "perl","overload::numbers" => "perl","overloading" => "perl","pipe_a_command" => "PAR","pp" => "PAR-Packer","prior_to_test" => "PAR","pugs" => "Perl6-Pugs","re" => "perl","remove_file_and_try_executable_again" => "PAR","sigtrap" => "perl","site" => "Apache-ASP","sort" => "perl","source::encoding" => "perl","strict" => "perl","subs" => "perl","t::BHK" => "perl","t::Markers" => "perl","test_in_further_subdir" => "PAR","testcases::base" => "XAO-Web","testcases::requires" => "XAO-Web","utf8" => "perl","vars" => "perl","vmsish" => "perl","warnings" => "perl","warnings::register" => "perl","yaml_mapping" => "YAML","yaml_scalar" => "YAML","yaml_sequence" => "YAML"}}
+	{"dists" => {"ActivePerl" => {"advisories" => [{"affected_versions" => ["==5.16.1.1601"],"cves" => ["CVE-2012-5377"],"description" => "Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\\Perl\\Site\\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2012-5377","references" => ["https://www.htbridge.com/advisory/HTB23108","http://osvdb.org/86177"],"reported" => "2012-10-11","severity" => undef},{"affected_versions" => ["==5.8.8.817"],"cves" => ["CVE-2006-2856"],"description" => "ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with \"Users\" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2006-2856","references" => ["http://secunia.com/advisories/20328","http://www.securityfocus.com/bid/18269","http://www.osvdb.org/25974","http://www.vupen.com/english/advisories/2006/2140","https://exchange.xforce.ibmcloud.com/vulnerabilities/26915"],"reported" => "2006-06-06","severity" => undef},{"affected_versions" => ["<=5.8.1"],"cves" => ["CVE-2004-2286"],"description" => "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-2286","references" => ["http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html","http://www.securityfocus.com/bid/10380","https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"],"reported" => "2004-12-31","severity" => undef},{"affected_versions" => ["<5.10"],"cves" => ["CVE-2004-2022"],"description" => "ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow.  NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-2022","references" => ["http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt","http://www.perlmonks.org/index.pl?node_id=354145","http://www.securityfocus.com/bid/10375","http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html","http://marc.info/?l=full-disclosure&m=108489112131099&w=2","http://marc.info/?l=full-disclosure&m=108482796105922&w=2","http://marc.info/?l=full-disclosure&m=108483058514596&w=2","http://marc.info/?l=bugtraq&m=108489894009025&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/16169"],"reported" => "2004-12-31","severity" => undef},{"affected_versions" => [],"cves" => ["CVE-2004-0377"],"description" => "Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-0377","references" => ["http://www.kb.cert.org/vuls/id/722414","http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html","http://public.activestate.com/cgi-bin/perlbrowse?patch=22552","http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities","http://marc.info/?l=bugtraq&m=108118694327979&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/15732"],"reported" => "2004-05-04","severity" => undef},{"affected_versions" => ["<=5.6.1.629"],"cves" => ["CVE-2001-0815"],"description" => "Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2001-0815","references" => ["http://bugs.activestate.com/show_bug.cgi?id=18062","http://www.securityfocus.com/bid/3526","http://www.osvdb.org/678","http://marc.info/?l=bugtraq&m=100583978302585&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/7539"],"reported" => "2001-12-06","severity" => undef}],"main_module" => "","versions" => []},"Alien-FreeImage" => {"advisories" => [{"affected_versions" => [">=0.001,<=0.011"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Alien-FreeImage","fixed_versions" => [],"id" => "CPANSA-Alien-FreeImage-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=1.000_1,<=1.001"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Alien-FreeImage","fixed_versions" => [],"id" => "CPANSA-Alien-FreeImage-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef}],"main_module" => "Alien::FreeImage","versions" => [{"date" => "2014-11-27T21:33:19","version" => "0.001"},{"date" => "2014-11-27T23:23:17","version" => "0.002"},{"date" => "2014-11-28T06:50:21","version" => "0.003"},{"date" => "2014-11-28T08:16:43","version" => "0.004"},{"date" => "2014-11-28T09:42:55","version" => "0.005"},{"date" => "2014-11-29T17:54:12","version" => "0.006"},{"date" => "2014-11-29T22:00:16","version" => "0.007"},{"date" => "2014-11-29T22:04:22","version" => "0.008"},{"date" => "2014-11-30T21:50:53","version" => "0.009"},{"date" => "2014-12-08T22:22:02","version" => "0.010"},{"date" => "2014-12-09T21:26:56","version" => "0.011"},{"date" => "2017-06-25T21:05:55","version" => "1.000_1"},{"date" => "2017-06-26T17:54:11","version" => "1.000_2"},{"date" => "2017-06-27T08:30:16","version" => "1.000_3"},{"date" => "2017-07-11T11:46:10","version" => "1.001"}]},"Alien-GCrypt" => {"advisories" => [{"affected_versions" => [">=1.6.2.0,<=1.6.2.1"],"cves" => ["CVE-2018-0495"],"description" => "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.\n","distribution" => "Alien-GCrypt","fixed_versions" => [],"id" => "CPANSA-Alien-GCrypt-2018-0495-libgcrypt","references" => ["https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://dev.gnupg.org/T4011","https://www.debian.org/security/2018/dsa-4231","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3689-1/","http://www.securitytracker.com/id/1041147","http://www.securitytracker.com/id/1041144","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3692-1/","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237"],"reported" => "2018-06-13","severity" => "medium"},{"affected_versions" => ["==1.6.5.0"],"cves" => ["CVE-2018-0495"],"description" => "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.\n","distribution" => "Alien-GCrypt","fixed_versions" => [],"id" => "CPANSA-Alien-GCrypt-2018-0495-libgcrypt","references" => ["https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://dev.gnupg.org/T4011","https://www.debian.org/security/2018/dsa-4231","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3689-1/","http://www.securitytracker.com/id/1041147","http://www.securitytracker.com/id/1041144","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3692-1/","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237"],"reported" => "2018-06-13","severity" => "medium"}],"main_module" => "Alien::GCrypt","versions" => [{"date" => "2014-11-19T00:20:20","version" => "1.6.2.0"},{"date" => "2014-11-21T22:25:49","version" => "1.6.2.1"},{"date" => "2016-03-11T00:00:36","version" => "1.6.5.0"}]},"Alien-OTR" => {"advisories" => [{"affected_versions" => [">=4.0.0.0,<=4.0.0.1"],"cves" => ["CVE-2016-2851"],"description" => "Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.\n","distribution" => "Alien-OTR","fixed_versions" => [],"id" => "CPANSA-Alien-OTR-2016-2851-libotr","references" => ["https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/","http://www.debian.org/security/2016/dsa-3512","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html","https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html","http://seclists.org/fulldisclosure/2016/Mar/21","http://www.securityfocus.com/bid/84285","http://www.ubuntu.com/usn/USN-2926-1","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html","https://security.gentoo.org/glsa/201701-10","https://www.exploit-db.com/exploits/39550/","http://www.securityfocus.com/archive/1/537745/100/0/threaded"],"reported" => "2016-04-07","severity" => "critical"},{"affected_versions" => ["==4.1.0.0"],"cves" => ["CVE-2016-2851"],"description" => "Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.\n","distribution" => "Alien-OTR","fixed_versions" => [],"id" => "CPANSA-Alien-OTR-2016-2851-libotr","references" => ["https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/","http://www.debian.org/security/2016/dsa-3512","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html","https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html","http://seclists.org/fulldisclosure/2016/Mar/21","http://www.securityfocus.com/bid/84285","http://www.ubuntu.com/usn/USN-2926-1","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html","https://security.gentoo.org/glsa/201701-10","https://www.exploit-db.com/exploits/39550/","http://www.securityfocus.com/archive/1/537745/100/0/threaded"],"reported" => "2016-04-07","severity" => "critical"}],"main_module" => "Alien::OTR","versions" => [{"date" => "2014-02-04T00:25:37","version" => "4.0.0.0"},{"date" => "2014-06-16T00:29:25","version" => "4.0.0.1"},{"date" => "2014-11-19T00:30:34","version" => "4.1.0.0"},{"date" => "2016-03-10T23:38:55","version" => "4.1.1.0"}]},"Alien-PCRE2" => {"advisories" => [{"affected_versions" => ["<0.016000"],"comment" => "This Alien module fetches libpcre2 sources from the network. It tries to get the latest unless you set environment variables to get a different version.\n","cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "Alien-PCRE2","fixed_versions" => [">=0.016000"],"id" => "CPANSA-Alien-PCRE2-2019-20454","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"}],"main_module" => "Alien::PCRE2","versions" => [{"date" => "2017-06-30T23:18:21","version" => "0.001000"},{"date" => "2017-07-01T02:48:02","version" => "0.002000"},{"date" => "2017-07-02T04:51:35","version" => "0.003000"},{"date" => "2017-07-02T06:53:29","version" => "0.004000"},{"date" => "2017-07-02T09:21:41","version" => "0.005000"},{"date" => "2017-07-03T01:03:23","version" => "0.006000"},{"date" => "2017-07-12T17:40:07","version" => "0.007000"},{"date" => "2017-07-13T07:43:28","version" => "0.008000"},{"date" => "2017-07-15T10:31:20","version" => "0.009000"},{"date" => "2017-07-17T04:44:54","version" => "0.010000"},{"date" => "2017-07-18T18:30:06","version" => "0.011000"},{"date" => "2017-07-19T05:07:21","version" => "0.012000"},{"date" => "2017-07-23T04:43:01","version" => "0.013000"},{"date" => "2017-11-01T02:50:14","version" => "0.014000"},{"date" => "2017-11-08T00:42:33","version" => "0.015000"},{"date" => "2022-05-08T20:22:53","version" => "0.016000"},{"date" => "2023-02-04T00:21:59","version" => "0.017000"}]},"Alien-SVN" => {"advisories" => [{"affected_versions" => [">=1.4.5.0,<=1.4.5.3"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.4.5.0,<=1.4.5.3"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.4.6.0,<=1.4.6.0"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.4.6.0,<=1.4.6.0"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.6.12.0,<=1.6.12.1"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.6.12.0,<=1.6.12.1"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.7.3.0,<=1.17.3.0"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.7.3.0,<=1.17.3.0"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.7.17.0,<=1.17.1.0"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.7.17.0,<=1.17.1.0"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => ["==1.7.19.0"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => ["==1.7.19.0"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.4.5.0,<=1.4.5.3"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"},{"affected_versions" => ["==1.4.6.0"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"},{"affected_versions" => [">=1.6.12.0,<=1.6.12.1"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"},{"affected_versions" => [">=1.7.17.0,<=1.7.17.1"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"},{"affected_versions" => ["==1.7.19.0"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"},{"affected_versions" => [">=1.7.3.0,<=1.7.3.1"],"cves" => ["CVE-2013-1968"],"description" => "Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2013-1968-svn","references" => ["http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html","https://subversion.apache.org/security/CVE-2013-1968-advisory.txt","http://www.ubuntu.com/usn/USN-1893-1","http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E","http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E","http://www.debian.org/security/2013/dsa-2703","http://rhn.redhat.com/errata/RHSA-2014-0255.html","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986"],"reported" => "2013-07-31","severity" => undef},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"}],"main_module" => "Alien::SVN","versions" => [{"date" => "2007-09-12T10:21:02","version" => "1.4.5.0"},{"date" => "2007-09-21T01:13:48","version" => "1.4.5.1"},{"date" => "2007-09-21T11:45:13","version" => "1.4.5.2"},{"date" => "2007-12-26T09:04:20","version" => "1.4.5.3"},{"date" => "2007-12-27T05:34:26","version" => "1.4.6.0"},{"date" => "2010-08-18T07:45:18","version" => "v1.6.12.0"},{"date" => "2011-02-23T00:51:22","version" => "v1.6.12.1"},{"date" => "2012-03-02T00:57:20","version" => "v1.7.3.0"},{"date" => "2012-03-18T22:14:33","version" => "v1.7.3.1"},{"date" => "2014-06-12T04:08:38","version" => "v1.7.17.0"},{"date" => "2014-06-12T17:19:44","version" => "v1.7.17.1"},{"date" => "2015-01-12T23:26:41","version" => "v1.7.19.0"},{"date" => "2015-01-13T00:12:19","version" => "v1.8.11.0"}]},"Amon2-Auth-Site-LINE" => {"advisories" => [{"affected_versions" => ["<0.05"],"cves" => ["CVE-2024-57835"],"description" => "Amon2::Auth::Site::LINE uses the String::Random module\x{a0}to generate nonce values.\x{a0}  String::Random\x{a0}defaults to Perl's built-in predictable\x{a0}random number generator,\x{a0}the rand() function, which is not cryptographically secure","distribution" => "Amon2-Auth-Site-LINE","fixed_versions" => [">=0.05"],"id" => "CPANSA-Amon2-Auth-Site-LINE-2024-57835","references" => ["https://metacpan.org/release/SHLOMIF/String-Random-0.32/source/lib/String/Random.pm#L377","https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L235","https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L255","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://jvndb.jvn.jp/ja/contents/2025/JVNDB-2025-003449.html"],"reported" => "2025-04-05","severity" => "moderate"}],"main_module" => "Amon2::Auth::Site::LINE","versions" => [{"date" => "2020-11-21T06:34:32","version" => "0.01"},{"date" => "2020-11-23T00:05:03","version" => "0.02"},{"date" => "2020-11-25T01:33:35","version" => "0.03"},{"date" => "2020-11-26T07:04:40","version" => "0.04"},{"date" => "2025-05-20T12:14:56","version" => "0.05"}]},"Apache-ASP" => {"advisories" => [{"affected_versions" => ["<1.95"],"cves" => [],"description" => "A bug would allow a malicious user possible writing of files in the same directory as the source.asp script.\n","distribution" => "Apache-ASP","fixed_versions" => [">=1.95"],"id" => "CPANSA-Apache-ASP-2000-01","references" => ["https://metacpan.org/release/CHAMAS/Apache-ASP-2.63/source/README"],"reported" => "2000-07-10","severity" => undef}],"main_module" => "Apache::ASP","versions" => [{"date" => "1998-06-24T02:10:51","version" => "0.01"},{"date" => "1998-07-11T01:48:14","version" => "0.02"},{"date" => "1998-09-14T11:13:32","version" => "0.03"},{"date" => "1998-10-12T07:50:56","version" => "0.04"},{"date" => "1998-10-18T21:29:19","version" => "0.05"},{"date" => "1999-02-06T06:04:50","version" => "0.08"},{"date" => "1999-04-22T08:30:57","version" => "0.09"},{"date" => "1999-06-24T20:04:52","version" => "0.11"},{"date" => "1999-07-02T07:05:05","version" => "0.12"},{"date" => "1999-07-29T10:58:20","version" => "0.14"},{"date" => "1999-08-25T02:02:31","version" => "0.15"},{"date" => "1999-09-22T20:54:01","version" => "0.16"},{"date" => "1999-11-16T04:44:48","version" => "0.17"},{"date" => "2000-02-04T02:14:14","version" => "0.18"},{"date" => "2000-07-03T13:08:54","version" => "1.91"},{"date" => "2000-07-03T22:43:45","version" => "1.93"},{"date" => "2000-07-11T01:44:02","version" => "1.95"},{"date" => "2000-07-16T07:17:39","version" => "2.00"},{"date" => "2000-07-22T23:31:36","version" => "2.01"},{"date" => "2000-08-02T00:11:15","version" => "2.03"},{"date" => "2000-11-26T19:15:48","version" => "2.07"},{"date" => "2001-01-31T04:03:17","version" => "2.09"},{"date" => "2001-05-30T01:37:39","version" => "2.11"},{"date" => "2001-06-12T00:41:33","version" => "2.15"},{"date" => "2001-06-18T02:35:48","version" => "2.17"},{"date" => "2001-07-11T05:27:22","version" => "2.19"},{"date" => "2001-08-05T23:01:50","version" => "2.21"},{"date" => "2001-10-11T07:54:39","version" => "2.23"},{"date" => "2001-10-11T23:34:01","version" => "2.25"},{"date" => "2001-11-01T01:11:12","version" => "2.27"},{"date" => "2001-11-19T21:41:12","version" => "2.29"},{"date" => "2002-01-22T09:52:49","version" => "2.31"},{"date" => "2002-04-30T09:12:20","version" => "2.33"},{"date" => "2002-05-30T19:47:22","version" => "2.35"},{"date" => "2002-07-03T21:11:15","version" => "2.37"},{"date" => "2002-09-12T08:16:20","version" => "2.39"},{"date" => "2002-09-30T06:35:47","version" => "2.41"},{"date" => "2002-10-14T04:01:36","version" => "2.45"},{"date" => "2002-11-07T02:03:41","version" => "2.47"},{"date" => "2002-11-11T07:15:21","version" => "2.49"},{"date" => "2003-02-10T21:11:34","version" => "2.51"},{"date" => "2003-04-10T16:27:14","version" => "2.53"},{"date" => "2003-08-10T07:39:57","version" => "2.55"},{"date" => "2004-01-29T08:30:48","version" => "2.57"},{"date" => "2005-05-24T05:52:39","version" => "2.59"},{"date" => "2008-05-25T23:07:57","version" => "2.61"},{"date" => "2011-10-02T19:18:10","version" => "2.62"},{"date" => "2012-02-13T23:15:04","version" => "2.62"},{"date" => "2018-03-15T05:28:37","version" => "2.63"}]},"Apache-AuthCAS" => {"advisories" => [{"affected_versions" => ["<0.5"],"cves" => ["CVE-2007-6342"],"description" => "A tainted cookie could be sent by a malicious user and it would be used in an SQL query without protection against SQL injection.\n","distribution" => "Apache-AuthCAS","fixed_versions" => [">=0.5"],"id" => "CPANSA-Apache-AuthCAS-2007-01","references" => ["https://metacpan.org/changes/distribution/Apache-AuthCAS","https://cxsecurity.com/issue/WLB-2007120031"],"reported" => "2007-12-13","severity" => "high"}],"main_module" => "Apache::AuthCAS","versions" => [{"date" => "2004-09-15T19:17:43","version" => "0.1"},{"date" => "2004-09-15T20:11:40","version" => "0.2"},{"date" => "2004-10-05T22:51:50","version" => "0.3"},{"date" => "2004-10-13T00:45:52","version" => "0.4"},{"date" => "2008-03-23T23:03:16","version" => "0.5"}]},"Apache-AuthenHook" => {"advisories" => [{"affected_versions" => [">=2.00_04"],"cves" => ["CVE-2010-3845"],"description" => "libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.\n","distribution" => "Apache-AuthenHook","fixed_versions" => [],"id" => "CPANSA-Apache-AuthenHook-2010-3845","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=62040","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712","http://seclists.org/oss-sec/2010/q4/63"],"reported" => "2017-08-08","severity" => "critical"}],"main_module" => "Apache::AuthenHook","versions" => [{"date" => "2003-06-20T19:05:21","version" => "2.00_01"},{"date" => "2004-04-06T01:20:10","version" => "2.00_03"},{"date" => "2005-04-14T12:57:55","version" => "2.00_04"}]},"Apache-MP3" => {"advisories" => [{"affected_versions" => ["<2.15"],"cves" => [],"description" => "A security bug allowed people to bypass the AllowDownload setting.\n","distribution" => "Apache-MP3","fixed_versions" => [">=2.15"],"id" => "CPANSA-Apache-MP3-2001-01","references" => ["https://metacpan.org/dist/Apache-MP3/changes"],"reported" => "2001-01-01","severity" => undef}],"main_module" => "Apache::MP3","versions" => [{"date" => "2000-03-20T13:00:07","version" => "1.00"},{"date" => "2000-05-27T04:19:21","version" => "2.00"},{"date" => "2000-05-27T04:34:42","version" => "2.01"},{"date" => "2000-05-28T16:17:59","version" => "2.02"},{"date" => "2000-08-23T13:46:23","version" => "2.04"},{"date" => "2000-08-25T14:45:54","version" => "2.05"},{"date" => "2000-08-26T03:41:07","version" => "2.06"},{"date" => "2000-08-31T20:28:28","version" => "2.08"},{"date" => "2000-09-03T18:31:17","version" => "2.10"},{"date" => "2000-09-09T22:12:04","version" => "2.11"},{"date" => "2000-11-21T22:15:07","version" => "2.12"},{"date" => "2000-12-31T04:29:03","version" => "2.14"},{"date" => "2001-01-02T03:37:33","version" => "2.15"},{"date" => "2001-05-01T02:43:47","version" => "2.16"},{"date" => "2001-06-10T22:02:46","version" => "2.18"},{"date" => "2001-07-17T01:39:59","version" => "2.19"},{"date" => "2001-09-26T01:14:42","version" => "2.20"},{"date" => "2002-01-06T20:38:33","version" => "2.22"},{"date" => "2002-05-31T01:12:04","version" => "2.26"},{"date" => "2002-08-16T04:18:25","version" => "3.00"},{"date" => "2002-08-18T17:41:46","version" => "3.01"},{"date" => "2002-10-14T03:26:03","version" => "3.03"},{"date" => "2003-02-15T00:51:19","version" => "3.04"},{"date" => "2003-10-06T14:12:34","version" => "3.05"},{"date" => "2006-04-15T01:26:38","version" => "4.00"}]},"Apache-Session" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40931"],"description" => "Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.  Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache-Session","fixed_versions" => [],"id" => "CPANSA-Apache-Session-2025-40931","references" => ["https://metacpan.org/dist/Apache-Session/source/lib/Apache/Session/Generate/MD5.pm#L27","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Apache::Session","versions" => [{"date" => "1998-05-20T21:03:28","version" => "0.10"},{"date" => "1998-06-26T23:12:16","version" => "0.12"},{"date" => "1998-07-08T11:14:44","version" => "0.13"},{"date" => "1998-07-20T07:21:32","version" => "0.14"},{"date" => "1998-09-15T21:29:50","version" => "0.16"},{"date" => "1998-09-29T05:20:47","version" => "v0.16.1"},{"date" => "1998-11-14T20:39:57","version" => "0.17"},{"date" => "1998-12-09T18:17:21","version" => "v0.17.1"},{"date" => "1999-01-28T19:45:49","version" => "v0.99.0"},{"date" => "1999-02-14T21:44:23","version" => "v0.99.3"},{"date" => "1999-02-16T05:47:59","version" => "v0.99.5"},{"date" => "1999-03-01T05:57:39","version" => "v0.99.6"},{"date" => "1999-03-03T23:57:45","version" => "v0.99.7"},{"date" => "1999-04-05T04:51:55","version" => "v0.99.8"},{"date" => "1999-08-16T02:06:04","version" => "1.00"},{"date" => "1999-09-12T04:35:00","version" => "1.03"},{"date" => "2000-05-26T16:31:41","version" => "1.50"},{"date" => "2000-05-26T22:31:44","version" => "1.51"},{"date" => "2000-07-24T03:48:07","version" => "1.52"},{"date" => "2000-09-01T22:43:07","version" => "1.53"},{"date" => "2001-10-11T18:37:18","version" => "1.54"},{"date" => "2004-02-24T19:58:32","version" => "1.6"},{"date" => "2004-09-01T18:55:04","version" => "1.70_01"},{"date" => "2005-10-06T22:17:32","version" => "1.80"},{"date" => "2006-05-23T16:03:15","version" => "1.81"},{"date" => "2007-02-12T17:53:50","version" => "1.81_01"},{"date" => "2007-02-21T13:35:35","version" => "1.82"},{"date" => "2007-03-10T11:45:09","version" => "1.82_01"},{"date" => "2007-03-11T15:30:47","version" => "1.82_02"},{"date" => "2007-03-12T22:00:28","version" => "1.82_03"},{"date" => "2007-04-27T20:08:58","version" => "1.82_04"},{"date" => "2007-05-14T09:03:50","version" => "1.82_05"},{"date" => "2007-05-25T11:28:49","version" => "1.83"},{"date" => "2007-08-03T21:02:51","version" => "1.83_01"},{"date" => "2007-10-02T12:53:28","version" => "1.84"},{"date" => "2007-11-26T22:09:17","version" => "1.84_01"},{"date" => "2007-12-21T22:28:51","version" => "1.85"},{"date" => "2008-01-24T15:00:36","version" => "1.85_01"},{"date" => "2008-02-01T12:14:19","version" => "1.86"},{"date" => "2008-06-20T09:48:31","version" => "1.86_01"},{"date" => "2008-06-27T20:54:45","version" => "1.86_02"},{"date" => "2008-08-03T11:34:12","version" => "1.86_03"},{"date" => "2008-08-08T09:28:24","version" => "1.87"},{"date" => "2008-12-20T21:04:01","version" => "1.88"},{"date" => "2010-09-21T22:56:17","version" => "1.89"},{"date" => "2013-01-27T13:38:31","version" => "1.90"},{"date" => "2014-01-06T22:44:40","version" => "1.91"},{"date" => "2014-03-08T23:03:33","version" => "1.92"},{"date" => "2014-04-12T19:35:25","version" => "1.93"},{"date" => "2020-09-18T22:00:45","version" => "1.94"}]},"Apache-Session-Browseable" => {"advisories" => [{"affected_versions" => ["<1.3.6"],"cves" => ["CVE-2020-36659"],"description" => "In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n","distribution" => "Apache-Session-Browseable","fixed_versions" => [">=1.3.6"],"id" => "CPANSA-Apache-Session-Browseable-2020-36659","references" => ["https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f","https://lists.debian.org/debian-lts-announce/2023/01/msg00025.html"],"reported" => "2023-01-27","severity" => undef}],"main_module" => "Apache::Session::Browseable","versions" => [{"date" => "2009-10-31T08:09:42","version" => "0.1"},{"date" => "2009-11-01T09:10:13","version" => "0.2"},{"date" => "2009-11-01T16:21:16","version" => "0.3"},{"date" => "2010-08-16T15:26:19","version" => "0.4"},{"date" => "2010-12-06T21:08:25","version" => "0.5"},{"date" => "2010-12-08T15:45:21","version" => "0.6"},{"date" => "2012-06-24T07:14:37","version" => "0.7"},{"date" => "2012-10-13T16:15:41","version" => "0.8"},{"date" => "2013-02-28T06:05:09","version" => "0.9"},{"date" => "2013-08-28T04:42:23","version" => "1.0"},{"date" => "2013-08-30T04:47:02","version" => "1.0"},{"date" => "2013-10-20T05:39:14","version" => "v1.0.2"},{"date" => "2015-06-12T15:56:45","version" => "1.1"},{"date" => "2016-03-09T05:31:13","version" => "1.2"},{"date" => "2016-03-10T06:30:41","version" => "v1.2.1"},{"date" => "2016-04-01T11:34:51","version" => "v1.2.2"},{"date" => "2016-06-07T13:59:19","version" => "v1.2.3"},{"date" => "2017-02-19T07:34:18","version" => "v1.2.4"},{"date" => "2017-04-04T05:18:26","version" => "v1.2.5"},{"date" => "2017-09-12T09:35:30","version" => "v1.2.5"},{"date" => "2017-10-03T05:00:07","version" => "v1.2.7"},{"date" => "2017-10-03T10:42:35","version" => "v1.2.8"},{"date" => "2019-02-08T06:29:20","version" => "v1.2.9"},{"date" => "2019-02-08T09:31:22","version" => "v1.3.0"},{"date" => "2019-05-04T10:55:48","version" => "v1.3.1"},{"date" => "2019-07-04T18:30:30","version" => "v1.3.2"},{"date" => "2019-09-19T20:44:43","version" => "v1.3.3"},{"date" => "2019-11-20T19:43:04","version" => "v1.3.4"},{"date" => "2020-01-21T10:20:26","version" => "v1.3.5"},{"date" => "2020-09-04T13:23:31","version" => "v1.3.6"},{"date" => "2020-09-04T13:39:40","version" => "v1.3.7"},{"date" => "2020-09-06T21:03:06","version" => "v1.3.8"},{"date" => "2021-08-10T04:44:06","version" => "v1.3.9"},{"date" => "2022-03-08T13:51:31","version" => "v1.3.10"},{"date" => "2022-09-26T16:41:24","version" => "v1.3.11"},{"date" => "2023-07-06T10:43:25","version" => "v1.3.12"},{"date" => "2023-07-06T11:38:32","version" => "v1.3.13"},{"date" => "2024-12-19T07:59:19","version" => "v1.3.13"},{"date" => "2025-04-10T19:24:48","version" => "v1.3.15"},{"date" => "2025-04-12T10:31:56","version" => "v1.3.16"},{"date" => "2025-06-18T12:49:41","version" => "v1.3.17"},{"date" => "2025-09-23T10:46:46","version" => "v1.3.18"}]},"Apache-Session-LDAP" => {"advisories" => [{"affected_versions" => ["<0.5"],"cves" => ["CVE-2020-36658"],"description" => "In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n","distribution" => "Apache-Session-LDAP","fixed_versions" => [">=0.5"],"id" => "CPANSA-Apache-Session-LDAP-2020-36658","references" => ["https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f","https://lists.debian.org/debian-lts-announce/2023/01/msg00024.html"],"reported" => "2023-01-27","severity" => undef}],"main_module" => "Apache::Session::LDAP","versions" => [{"date" => "2009-04-18T17:09:10","version" => "0.01"},{"date" => "2009-04-18T19:43:50","version" => "0.02"},{"date" => "2010-12-08T15:30:51","version" => "0.1"},{"date" => "2012-06-26T04:22:47","version" => "0.2"},{"date" => "2014-10-24T12:21:07","version" => "0.2"},{"date" => "2015-06-12T15:47:40","version" => "0.4"},{"date" => "2020-09-06T13:13:20","version" => "0.2"}]},"Apache-SessionX" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40932"],"description" => "Apache::SessionX versions through 2.01 for Perl create insecure session id.  Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache-SessionX","fixed_versions" => [],"id" => "CPANSA-Apache-SessionX-2005-01","references" => ["https://metacpan.org/release/GRICHTER/Apache-SessionX-2.01/source/SessionX/Generate/MD5.pm#L29","https://metacpan.org/changes/distribution/Apache-SessionX"],"reported" => "2005-11-15","severity" => undef}],"main_module" => "Apache::SessionX","versions" => [{"date" => "2001-11-20T15:36:53","version" => "2.00"},{"date" => "2003-03-02T14:18:57","version" => "2.00"},{"date" => "2005-11-15T05:21:49","version" => "2.01"}]},"Apache-Wyrd" => {"advisories" => [{"affected_versions" => ["<0.97"],"cves" => [],"description" => "User-submitted data cab be executed if it is displayed on a page, if the data contains a string that can be interpreted as a Wyrd.\n","distribution" => "Apache-Wyrd","fixed_versions" => [">=0.97"],"id" => "CPANSA-Apache-Wyrd-2008-01","references" => ["https://metacpan.org/dist/Apache-Wyrd/changes"],"reported" => "2008-04-14","severity" => undef}],"main_module" => "Apache::Wyrd","versions" => [{"date" => "2004-03-17T21:36:52","version" => "0.8"},{"date" => "2004-03-18T22:52:04","version" => "0.81"},{"date" => "2004-03-25T23:52:49","version" => "0.82"},{"date" => "2004-08-19T15:42:55","version" => "0.83"},{"date" => "2004-09-03T19:44:01","version" => "0.84"},{"date" => "2004-09-22T16:08:23","version" => "0.85"},{"date" => "2004-09-23T02:04:43","version" => "0.86"},{"date" => "2004-10-31T20:59:42","version" => "0.87"},{"date" => "2004-12-16T20:56:33","version" => "0.90"},{"date" => "2005-01-09T21:52:49","version" => "0.91"},{"date" => "2005-01-13T17:42:18","version" => "0.92"},{"date" => "2005-03-25T21:22:56","version" => "0.93"},{"date" => "2006-10-22T22:57:04","version" => "0.94"},{"date" => "2007-04-30T23:02:05","version" => "0.95"},{"date" => "2007-05-01T15:20:02","version" => "0.96"},{"date" => "2008-04-14T18:49:14","version" => "0.97"},{"date" => "2008-04-15T21:32:47","version" => "0.98"}]},"Apache2-AuthAny" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40933"],"description" => "Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely.  Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache2-AuthAny","fixed_versions" => [],"id" => "CPANSA-Apache2-AuthAny-2025-40933","references" => ["https://metacpan.org/release/KGOLDOV/Apache2-AuthAny-0.201/source/lib/Apache2/AuthAny/Cookie.pm"],"reported" => "2025-09-17","severity" => undef}],"main_module" => "Apache2::AuthAny","versions" => [{"date" => "2011-05-09T22:32:29","version" => "0.20"},{"date" => "2011-05-16T18:32:03","version" => "0.201"}]},"App-Context" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.968"],"cves" => ["CVE-2012-6141"],"description" => "The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.\n","distribution" => "App-Context","fixed_versions" => [">0.968"],"id" => "CPANSA-App-Context-2012-6141","references" => ["http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84198"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "App::Context","versions" => [{"date" => "2002-10-10T21:31:39","version" => "0.01"},{"date" => "2004-09-02T21:17:44","version" => "0.90"},{"date" => "2005-01-07T14:02:06","version" => "0.93"},{"date" => "2005-08-09T20:05:02","version" => "0.95"},{"date" => "2006-03-10T04:24:13","version" => "0.96"},{"date" => "2006-03-12T01:30:11","version" => "0.962"},{"date" => "2006-07-25T02:30:21","version" => "0.963"},{"date" => "2006-09-04T19:41:12","version" => "0.964"},{"date" => "2007-04-17T13:33:24","version" => "0.965"},{"date" => "2008-02-27T03:13:41","version" => "0.966"},{"date" => "2008-02-27T14:19:23","version" => "0.9661"},{"date" => "2009-09-11T14:31:52","version" => "0.967"},{"date" => "2010-06-09T21:33:19","version" => "0.968"}]},"App-Genpass" => {"advisories" => [{"affected_versions" => ["<0.2400"],"cves" => [],"description" => "App-genpass before v0.2400 generated passwords using build in rand()\n","distribution" => "App-Genpass","fixed_versions" => [">=0.2400"],"id" => "CPANSA-App-Genpass-2024-001","references" => ["https://metacpan.org/dist/App-Genpass/changes","https://github.com/xsawyerx/app-genpass/pull/5","https://github.com/briandfoy/cpan-security-advisory/issues/178"],"reported" => undef,"severity" => undef}],"main_module" => "App::Genpass","versions" => [{"date" => "2009-12-14T22:15:31","version" => "0.03"},{"date" => "2010-01-01T18:06:50","version" => "0.04"},{"date" => "2010-01-02T07:45:49","version" => "0.05"},{"date" => "2010-05-28T21:46:01","version" => "0.06"},{"date" => "2010-05-29T21:37:11","version" => "0.07"},{"date" => "2010-05-30T08:35:54","version" => "0.08"},{"date" => "2010-05-31T18:39:55","version" => "0.09"},{"date" => "2010-06-07T10:16:54","version" => "0.10"},{"date" => "2010-07-16T21:15:53","version" => "0.11"},{"date" => "2010-07-16T22:36:16","version" => "1.00"},{"date" => "2010-07-18T15:20:18","version" => "1.01"},{"date" => "2011-02-17T10:52:08","version" => "2.00"},{"date" => "2011-03-10T12:26:49","version" => "2.01"},{"date" => "2011-08-03T11:58:46","version" => "2.02"},{"date" => "2011-08-03T16:05:37","version" => "2.03"},{"date" => "2011-08-06T07:36:59","version" => "2.04"},{"date" => "2011-08-08T12:51:57","version" => "2.10"},{"date" => "2011-11-27T17:45:15","version" => "2.20"},{"date" => "2012-03-26T19:55:19","version" => "2.30"},{"date" => "2012-06-26T08:16:36","version" => "2.31"},{"date" => "2012-06-30T23:12:23","version" => "2.32"},{"date" => "2012-11-20T08:48:46","version" => "2.33"},{"date" => "2014-08-04T20:00:26","version" => "2.34"},{"date" => "2016-10-12T08:56:56","version" => "2.400"},{"date" => "2016-10-14T21:27:13","version" => "2.401"}]},"App-Github-Email" => {"advisories" => [{"affected_versions" => ["<0.3.3"],"cves" => ["CVE-2015-7686"],"description" => "Insecure dependency on Email::Address.\n","distribution" => "App-Github-Email","fixed_versions" => [">=0.3.3"],"id" => "CPANSA-App-Github-Email-2018-01","references" => ["https://metacpan.org/changes/distribution/App-Github-Email","https://github.com/faraco/App-Github-Email/commit/b7f052280d1c8ae97bdefc106ca3cbba4aea7213"],"reported" => "2018-01-20"}],"main_module" => "App::Github::Email","versions" => [{"date" => "2017-01-16T08:03:02","version" => "0.0.1"},{"date" => "2017-01-16T12:56:51","version" => "0.0.2"},{"date" => "2017-01-16T17:38:16","version" => "0.0.3"},{"date" => "2017-03-11T10:45:23","version" => "0.0.4"},{"date" => "2017-04-05T11:19:02","version" => "0.0.5"},{"date" => "2017-04-15T17:35:18","version" => "0.0.6"},{"date" => "2017-05-19T05:05:24","version" => "0.0.7"},{"date" => "2017-12-18T14:11:19","version" => "0.1.0"},{"date" => "2017-12-21T08:24:12","version" => "0.1.1"},{"date" => "2018-01-15T03:18:05","version" => "0.2.0"},{"date" => "2018-01-20T12:55:34","version" => "0.2.1"},{"date" => "2018-08-30T16:07:18","version" => "0.3.1"},{"date" => "2018-08-30T16:13:54","version" => "0.3.2"},{"date" => "2018-08-31T03:49:31","version" => "0.3.3"}]},"App-Netdisco" => {"advisories" => [{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=2.028008,<=2.052002"],"cves" => ["CVE-2022-24785"],"description" => "Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2022-24785-momentjs","references" => ["https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5","https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4","https://www.tenable.com/security/tns-2022-09","https://security.netapp.com/advisory/ntap-20220513-0006/"],"reported" => "2022-04-04","severity" => "high"}],"main_module" => "App::Netdisco","versions" => [{"date" => "2012-12-20T21:16:29","version" => "2.00_011"},{"date" => "2012-12-21T08:21:35","version" => "2.00_012"},{"date" => "2013-01-05T16:14:21","version" => "2.00_012"},{"date" => "2013-01-06T01:16:03","version" => "2.00_012"},{"date" => "2013-01-06T02:03:22","version" => "2.00_012"},{"date" => "2013-01-14T22:16:29","version" => "2.00_012"},{"date" => "2013-01-30T13:23:14","version" => "2.004002"},{"date" => "2013-02-09T22:37:41","version" => "2.005000_001"},{"date" => "2013-02-10T21:39:04","version" => "2.005000_001"},{"date" => "2013-03-05T23:03:41","version" => "2.005000_003"},{"date" => "2013-03-05T23:21:44","version" => "2.005000_004"},{"date" => "2013-03-07T21:52:05","version" => "2.006000"},{"date" => "2013-03-17T14:50:06","version" => "2.007000_001"},{"date" => "2013-06-03T19:54:38","version" => "2.007000_002"},{"date" => "2013-06-08T20:22:28","version" => "2.007000_003"},{"date" => "2013-06-09T10:31:46","version" => "2.007000_004"},{"date" => "2013-06-09T13:10:45","version" => "2.007000_005"},{"date" => "2013-06-09T14:45:42","version" => "2.008000"},{"date" => "2013-06-11T12:39:12","version" => "2.008001"},{"date" => "2013-06-11T21:55:59","version" => "2.008002"},{"date" => "2013-06-16T17:29:20","version" => "2.009000_001"},{"date" => "2013-06-17T07:18:07","version" => "2.010000"},{"date" => "2013-06-17T22:10:21","version" => "2.010001_001"},{"date" => "2013-06-20T12:55:28","version" => "2.010001_002"},{"date" => "2013-06-20T12:58:16","version" => "2.010001_003"},{"date" => "2013-07-23T23:02:00","version" => "2.010002"},{"date" => "2013-07-24T22:50:05","version" => "2.010004"},{"date" => "2013-07-29T07:04:27","version" => "2.011000"},{"date" => "2013-08-06T17:37:28","version" => "2.012000"},{"date" => "2013-08-06T17:42:25","version" => "2.012001"},{"date" => "2013-08-07T09:06:31","version" => "2.012002"},{"date" => "2013-08-16T16:28:13","version" => "2.012003_001"},{"date" => "2013-08-16T16:48:37","version" => "2.012004"},{"date" => "2013-08-16T16:51:08","version" => "2.012005"},{"date" => "2013-08-23T05:52:12","version" => "2.012006"},{"date" => "2013-08-23T10:29:04","version" => "2.013000"},{"date" => "2013-08-23T11:34:38","version" => "2.013001"},{"date" => "2013-08-26T21:44:14","version" => "2.014000"},{"date" => "2013-09-05T23:57:20","version" => "2.015000"},{"date" => "2013-09-10T22:33:43","version" => "2.016000"},{"date" => "2013-09-11T21:38:31","version" => "2.016001"},{"date" => "2013-09-11T22:15:54","version" => "2.016002"},{"date" => "2013-09-12T07:28:46","version" => "2.016003"},{"date" => "2013-09-23T19:49:48","version" => "2.017000"},{"date" => "2013-10-06T22:38:36","version" => "2.017001_001"},{"date" => "2013-10-07T20:55:41","version" => "2.017001_002"},{"date" => "2013-10-07T22:36:36","version" => "2.017001_003"},{"date" => "2013-10-08T10:28:21","version" => "2.018000"},{"date" => "2013-10-16T22:57:00","version" => "2.018000_001"},{"date" => "2013-10-22T12:44:58","version" => "2.018000_002"},{"date" => "2013-10-22T13:19:30","version" => "2.019000"},{"date" => "2013-10-22T14:41:32","version" => "2.019001"},{"date" => "2013-10-24T04:57:13","version" => "2.019002"},{"date" => "2013-10-27T03:07:39","version" => "2.019003"},{"date" => "2013-12-08T19:46:22","version" => "2.020000"},{"date" => "2013-12-08T21:49:04","version" => "2.020001"},{"date" => "2013-12-11T15:59:18","version" => "2.020002"},{"date" => "2013-12-29T21:34:57","version" => "2.020003_001"},{"date" => "2014-01-01T23:33:18","version" => "2.020003_002"},{"date" => "2014-01-06T20:49:38","version" => "2.020003_003"},{"date" => "2014-01-12T17:36:59","version" => "2.021000"},{"date" => "2014-01-13T00:42:23","version" => "2.021000_001"},{"date" => "2014-01-13T14:02:33","version" => "2.021000_002"},{"date" => "2014-01-13T18:50:36","version" => "2.021000_004"},{"date" => "2014-01-26T13:49:10","version" => "2.022000"},{"date" => "2014-02-10T21:24:32","version" => "2.023000"},{"date" => "2014-02-14T19:41:51","version" => "2.023001"},{"date" => "2014-02-17T13:23:06","version" => "2.023002"},{"date" => "2014-02-22T19:18:19","version" => "2.024000"},{"date" => "2014-02-25T22:36:15","version" => "2.024001"},{"date" => "2014-02-27T17:39:32","version" => "2.024002"},{"date" => "2014-02-27T17:52:08","version" => "2.024003"},{"date" => "2014-03-02T23:30:02","version" => "2.024003_001"},{"date" => "2014-03-04T22:23:50","version" => "2.024004"},{"date" => "2014-03-28T07:32:33","version" => "2.025000_001"},{"date" => "2014-04-08T18:51:46","version" => "2.025001"},{"date" => "2014-04-10T20:17:35","version" => "2.026000"},{"date" => "2014-04-17T06:01:16","version" => "2.026001_001"},{"date" => "2014-04-18T22:35:47","version" => "2.026001_002"},{"date" => "2014-04-20T22:48:43","version" => "2.026001_003"},{"date" => "2014-04-28T21:01:11","version" => "2.026001_004"},{"date" => "2014-05-03T07:27:54","version" => "2.027001"},{"date" => "2014-05-04T09:01:14","version" => "2.027002"},{"date" => "2014-05-15T07:12:35","version" => "2.027003"},{"date" => "2014-05-15T15:55:07","version" => "2.027004"},{"date" => "2014-05-21T20:21:35","version" => "2.027005_001"},{"date" => "2014-05-27T06:05:59","version" => "2.027006"},{"date" => "2014-05-27T09:45:15","version" => "2.027007"},{"date" => "2014-06-23T12:59:01","version" => "2.027008_001"},{"date" => "2014-07-02T08:20:20","version" => "2.028000"},{"date" => "2014-07-13T17:55:04","version" => "2.028001"},{"date" => "2014-07-13T20:59:54","version" => "2.028002_001"},{"date" => "2014-07-15T16:10:41","version" => "2.028003"},{"date" => "2014-07-16T07:05:29","version" => "2.028004"},{"date" => "2014-07-17T13:25:34","version" => "2.028005"},{"date" => "2014-07-21T08:09:06","version" => "2.028006"},{"date" => "2014-07-22T07:01:44","version" => "2.028008"},{"date" => "2014-07-22T21:40:24","version" => "2.028010"},{"date" => "2014-07-22T21:49:10","version" => "2.028011"},{"date" => "2014-07-22T22:21:11","version" => "2.028012"},{"date" => "2014-07-30T23:57:34","version" => "2.028013"},{"date" => "2014-08-08T06:35:55","version" => "2.029000_001"},{"date" => "2014-08-08T21:43:46","version" => "2.029000_002"},{"date" => "2014-08-10T20:21:10","version" => "2.029001"},{"date" => "2014-08-10T20:37:39","version" => "2.029002"},{"date" => "2014-08-11T15:14:59","version" => "2.029003"},{"date" => "2014-08-11T21:04:08","version" => "2.029004"},{"date" => "2014-08-13T10:48:53","version" => "2.029005"},{"date" => "2014-08-25T16:24:00","version" => "2.029006"},{"date" => "2014-09-12T13:09:36","version" => "2.029007"},{"date" => "2014-09-23T19:32:12","version" => "2.029008"},{"date" => "2014-09-27T10:37:24","version" => "2.029009"},{"date" => "2014-10-07T07:39:18","version" => "2.029010"},{"date" => "2014-10-07T17:50:07","version" => "2.029011"},{"date" => "2014-10-09T16:01:27","version" => "2.029012"},{"date" => "2014-11-14T00:16:10","version" => "2.029013_001"},{"date" => "2014-11-14T23:58:24","version" => "2.029013_002"},{"date" => "2014-11-20T08:04:38","version" => "2.029014"},{"date" => "2015-01-08T11:10:55","version" => "2.030000"},{"date" => "2015-02-04T15:28:08","version" => "2.031000"},{"date" => "2015-02-04T18:45:47","version" => "2.031001"},{"date" => "2015-02-04T19:01:00","version" => "2.031002"},{"date" => "2015-02-04T22:47:46","version" => "2.031003"},{"date" => "2015-02-05T14:19:47","version" => "2.031004"},{"date" => "2015-02-06T10:20:08","version" => "2.031005"},{"date" => "2015-02-15T15:40:46","version" => "2.031006"},{"date" => "2015-02-19T08:51:44","version" => "2.031007"},{"date" => "2015-02-22T09:43:23","version" => "2.031008"},{"date" => "2015-02-25T21:21:31","version" => "2.031009"},{"date" => "2015-02-25T22:12:31","version" => "2.031010"},{"date" => "2015-02-27T08:35:31","version" => "2.031011"},{"date" => "2015-02-28T11:59:22","version" => "2.031012"},{"date" => "2015-03-07T17:12:38","version" => "2.032000_001"},{"date" => "2015-03-24T22:46:31","version" => "2.032001"},{"date" => "2015-04-03T19:21:56","version" => "2.032002"},{"date" => "2015-05-05T19:42:05","version" => "2.032003"},{"date" => "2015-05-17T21:09:24","version" => "2.032004"},{"date" => "2015-05-18T09:25:35","version" => "2.032005"},{"date" => "2015-07-19T11:40:08","version" => "2.032006"},{"date" => "2015-07-30T16:33:06","version" => "2.032007"},{"date" => "2015-08-26T11:27:02","version" => "2.033000"},{"date" => "2015-08-27T14:50:17","version" => "2.033001"},{"date" => "2015-09-29T08:56:31","version" => "2.033002"},{"date" => "2015-10-13T21:37:21","version" => "2.033003"},{"date" => "2015-11-16T21:41:13","version" => "2.033004"},{"date" => "2016-02-02T09:11:15","version" => "2.033005"},{"date" => "2016-03-20T13:17:57","version" => "2.033005"},{"date" => "2016-10-03T15:58:17","version" => "2.034000"},{"date" => "2016-11-20T17:51:25","version" => "2.034001"},{"date" => "2017-01-06T14:35:56","version" => "2.034002"},{"date" => "2017-04-19T20:59:13","version" => "2.035000"},{"date" => "2017-04-19T21:18:39","version" => "2.035001"},{"date" => "2017-04-24T11:50:12","version" => "2.035002"},{"date" => "2017-04-24T13:44:38","version" => "2.035003"},{"date" => "2017-04-25T09:54:37","version" => "2.035004"},{"date" => "2017-04-29T08:13:48","version" => "2.035005"},{"date" => "2017-04-29T08:31:09","version" => "2.035006"},{"date" => "2017-05-17T06:44:07","version" => "2.035999_001"},{"date" => "2017-05-27T14:50:21","version" => "2.035999_002"},{"date" => "2017-05-29T16:22:27","version" => "2.035999_003"},{"date" => "2017-05-30T10:40:20","version" => "2.035999_004"},{"date" => "2017-05-30T11:05:45","version" => "2.035999_005"},{"date" => "2017-05-30T15:03:49","version" => "2.035999_006"},{"date" => "2017-05-30T20:27:22","version" => "2.035999_007"},{"date" => "2017-06-13T06:23:11","version" => "2.035999_008"},{"date" => "2017-06-18T22:37:11","version" => "2.035999_009"},{"date" => "2017-06-19T17:50:27","version" => "2.035999_010"},{"date" => "2017-06-22T07:36:42","version" => "2.036000"},{"date" => "2017-06-22T11:25:23","version" => "2.036001"},{"date" => "2017-06-26T18:58:33","version" => "2.036002"},{"date" => "2017-06-28T15:44:41","version" => "2.036003"},{"date" => "2017-07-02T08:56:33","version" => "2.036004"},{"date" => "2017-07-05T05:07:47","version" => "2.036005"},{"date" => "2017-07-09T13:28:10","version" => "2.036006"},{"date" => "2017-07-12T06:01:03","version" => "2.036007"},{"date" => "2017-07-14T12:52:34","version" => "2.036008"},{"date" => "2017-08-01T09:30:17","version" => "2.036009"},{"date" => "2017-10-08T13:22:48","version" => "2.036010"},{"date" => "2017-10-09T07:01:31","version" => "2.036011"},{"date" => "2017-10-11T17:33:31","version" => "2.036012_001"},{"date" => "2017-11-19T13:49:04","version" => "2.036012_002"},{"date" => "2017-11-28T21:49:40","version" => "2.036012_003"},{"date" => "2017-12-14T21:49:14","version" => "2.037000"},{"date" => "2017-12-14T21:57:42","version" => "2.037001"},{"date" => "2017-12-17T20:22:25","version" => "2.037002"},{"date" => "2017-12-18T17:35:24","version" => "2.037003"},{"date" => "2017-12-21T20:06:32","version" => "2.037004"},{"date" => "2017-12-22T23:46:44","version" => "2.037005"},{"date" => "2017-12-31T09:54:24","version" => "2.038000"},{"date" => "2018-01-02T13:10:42","version" => "2.038001"},{"date" => "2018-01-02T22:07:51","version" => "2.038002_001"},{"date" => "2018-01-04T20:21:13","version" => "2.038002_002"},{"date" => "2018-01-04T22:38:07","version" => "2.038002_003"},{"date" => "2018-01-04T22:53:29","version" => "2.038003"},{"date" => "2018-01-05T17:43:24","version" => "2.038004"},{"date" => "2018-01-05T20:22:23","version" => "2.038005"},{"date" => "2018-01-08T14:14:33","version" => "2.038006"},{"date" => "2018-01-09T09:57:13","version" => "2.038007"},{"date" => "2018-01-09T15:38:57","version" => "2.038008"},{"date" => "2018-01-10T01:16:32","version" => "2.038009"},{"date" => "2018-01-15T11:34:50","version" => "2.038028"},{"date" => "2018-01-23T22:56:08","version" => "2.038031"},{"date" => "2018-01-28T20:04:09","version" => "2.038032"},{"date" => "2018-01-31T15:06:37","version" => "2.038033"},{"date" => "2018-01-31T20:00:58","version" => "2.038034"},{"date" => "2018-02-02T14:54:43","version" => "2.039000"},{"date" => "2018-02-02T18:35:11","version" => "2.039001"},{"date" => "2018-02-07T23:03:50","version" => "2.039002"},{"date" => "2018-02-12T21:11:07","version" => "2.039003"},{"date" => "2018-02-15T08:29:55","version" => "2.039004"},{"date" => "2018-02-15T19:55:25","version" => "2.039005"},{"date" => "2018-02-15T20:17:31","version" => "2.039006"},{"date" => "2018-02-16T08:23:49","version" => "2.039007"},{"date" => "2018-02-22T22:06:19","version" => "2.039008"},{"date" => "2018-02-22T22:23:38","version" => "2.039009"},{"date" => "2018-02-22T22:52:04","version" => "2.039010"},{"date" => "2018-02-25T09:28:46","version" => "2.039011"},{"date" => "2018-03-02T13:12:05","version" => "2.039012"},{"date" => "2018-03-02T14:18:44","version" => "2.039013"},{"date" => "2018-03-04T09:58:06","version" => "2.039014"},{"date" => "2018-03-05T23:01:48","version" => "2.039015"},{"date" => "2018-03-19T23:12:52","version" => "2.039016"},{"date" => "2018-03-20T10:12:42","version" => "2.039017"},{"date" => "2018-03-22T21:46:51","version" => "2.039018"},{"date" => "2018-03-23T09:55:03","version" => "2.039019"},{"date" => "2018-03-26T21:59:24","version" => "2.039020"},{"date" => "2018-04-10T20:47:57","version" => "2.039021"},{"date" => "2018-04-18T21:24:35","version" => "2.039022"},{"date" => "2018-04-19T07:27:07","version" => "2.039023"},{"date" => "2018-04-22T17:54:24","version" => "2.039024"},{"date" => "2018-04-27T12:27:18","version" => "2.039025"},{"date" => "2018-04-28T12:11:41","version" => "2.039026"},{"date" => "2018-04-28T21:16:54","version" => "2.039027"},{"date" => "2018-05-05T15:29:52","version" => "2.039028"},{"date" => "2018-05-09T05:55:14","version" => "2.039029"},{"date" => "2018-05-09T06:00:13","version" => "2.039030"},{"date" => "2018-06-17T20:58:47","version" => "2.039031"},{"date" => "2018-10-19T14:38:26","version" => "2.039032"},{"date" => "2018-10-19T20:36:53","version" => "2.039033"},{"date" => "2018-12-28T17:07:03","version" => "2.040000"},{"date" => "2018-12-30T10:53:04","version" => "2.040001"},{"date" => "2018-12-30T10:59:07","version" => "2.040002"},{"date" => "2019-01-18T07:10:03","version" => "2.040003"},{"date" => "2019-03-03T14:56:07","version" => "2.040004"},{"date" => "2019-03-04T10:02:25","version" => "2.040005"},{"date" => "2019-03-04T12:04:34","version" => "2.040006"},{"date" => "2019-03-06T18:44:33","version" => "2.040007"},{"date" => "2019-03-12T19:59:49","version" => "2.041000"},{"date" => "2019-03-15T05:34:08","version" => "2.041001"},{"date" => "2019-03-17T09:37:27","version" => "2.041002"},{"date" => "2019-03-17T20:32:01","version" => "2.042000"},{"date" => "2019-03-18T21:28:43","version" => "2.042001"},{"date" => "2019-03-20T12:26:14","version" => "2.042002"},{"date" => "2019-03-21T16:19:51","version" => "2.042003"},{"date" => "2019-03-28T23:00:19","version" => "2.042004"},{"date" => "2019-04-03T13:56:55","version" => "2.042005"},{"date" => "2019-04-16T16:48:15","version" => "2.042006"},{"date" => "2019-04-28T19:57:19","version" => "2.042007"},{"date" => "2019-04-30T10:51:06","version" => "2.042008"},{"date" => "2019-05-30T06:13:10","version" => "2.042009"},{"date" => "2019-06-02T06:55:13","version" => "2.042010"},{"date" => "2019-09-03T19:27:26","version" => "2.043000"},{"date" => "2019-09-04T12:36:05","version" => "2.043001"},{"date" => "2019-09-23T13:58:04","version" => "2.044000"},{"date" => "2019-09-26T14:01:50","version" => "2.044001"},{"date" => "2019-10-01T09:43:52","version" => "2.044002"},{"date" => "2019-10-15T17:57:05","version" => "2.044003"},{"date" => "2019-10-30T19:52:42","version" => "2.044004"},{"date" => "2020-01-19T15:31:55","version" => "2.044005"},{"date" => "2020-01-22T21:20:09","version" => "2.044006"},{"date" => "2020-01-22T21:25:34","version" => "2.044007"},{"date" => "2020-01-23T18:44:49","version" => "2.044008"},{"date" => "2020-01-23T18:48:48","version" => "2.044009"},{"date" => "2020-01-25T18:09:41","version" => "2.044010"},{"date" => "2020-01-26T21:46:22","version" => "2.044011"},{"date" => "2020-02-01T13:27:10","version" => "2.044012"},{"date" => "2020-02-04T21:35:18","version" => "2.044013"},{"date" => "2020-02-09T10:03:07","version" => "2.044014"},{"date" => "2020-02-12T16:56:14","version" => "2.044015"},{"date" => "2020-04-15T20:25:36","version" => "2.045000"},{"date" => "2020-04-18T08:50:13","version" => "2.045001"},{"date" => "2020-04-19T17:03:54","version" => "2.045002"},{"date" => "2020-05-15T11:02:33","version" => "2.045003"},{"date" => "2020-05-18T11:34:20","version" => "2.045005"},{"date" => "2020-05-24T18:43:31","version" => "2.045006"},{"date" => "2020-06-05T08:11:31","version" => "2.045007"},{"date" => "2020-07-08T21:29:53","version" => "2.046000"},{"date" => "2020-07-10T21:30:48","version" => "2.046001"},{"date" => "2020-08-07T10:02:15","version" => "2.046002"},{"date" => "2020-10-17T12:15:43","version" => "2.046003"},{"date" => "2020-10-17T13:29:56","version" => "2.046004"},{"date" => "2020-10-17T13:40:12","version" => "2.046005"},{"date" => "2020-10-31T11:15:17","version" => "2.046006"},{"date" => "2020-12-23T11:58:41","version" => "2.047000"},{"date" => "2020-12-29T13:08:42","version" => "2.047001"},{"date" => "2020-12-30T20:42:02","version" => "2.047002"},{"date" => "2021-02-14T14:05:50","version" => "2.047003"},{"date" => "2021-02-15T22:13:51","version" => "2.047004"},{"date" => "2021-02-24T10:48:16","version" => "2.047005"},{"date" => "2021-07-14T11:34:50","version" => "2.047006"},{"date" => "2021-07-14T12:15:22","version" => "2.047007"},{"date" => "2021-07-21T08:54:04","version" => "2.047008"},{"date" => "2021-08-14T12:38:48","version" => "2.048000"},{"date" => "2021-08-22T13:29:25","version" => "2.049000"},{"date" => "2021-08-22T19:32:21","version" => "2.049001"},{"date" => "2021-09-03T05:26:59","version" => "2.049002"},{"date" => "2021-09-03T07:11:01","version" => "2.049003"},{"date" => "2021-09-03T20:36:58","version" => "2.049004"},{"date" => "2021-09-09T07:52:58","version" => "2.049005"},{"date" => "2021-10-03T07:55:21","version" => "2.049006"},{"date" => "2021-10-05T16:38:38","version" => "2.049007"},{"date" => "2021-10-06T15:53:00","version" => "2.049008"},{"date" => "2021-10-06T21:33:32","version" => "2.049009"},{"date" => "2021-10-11T20:34:00","version" => "2.049010"},{"date" => "2021-10-12T07:43:57","version" => "2.049011"},{"date" => "2021-10-12T12:28:03","version" => "2.050000"},{"date" => "2021-10-12T14:28:01","version" => "2.050001"},{"date" => "2021-10-19T08:13:11","version" => "2.050003"},{"date" => "2021-11-14T19:39:02","version" => "2.051001"},{"date" => "2021-11-23T16:10:12","version" => "2.051002"},{"date" => "2021-11-24T13:15:54","version" => "2.051003"},{"date" => "2021-11-25T11:53:35","version" => "2.051004"},{"date" => "2021-11-25T20:20:22","version" => "2.051005"},{"date" => "2021-11-30T05:19:10","version" => "2.052000"},{"date" => "2022-02-01T20:51:26","version" => "2.052001"},{"date" => "2022-02-28T18:14:51","version" => "2.052002"},{"date" => "2022-04-13T19:12:04","version" => "2.052003"},{"date" => "2022-04-22T08:58:41","version" => "2.052005"},{"date" => "2022-05-17T21:06:21","version" => "2.052006"},{"date" => "2022-06-03T21:24:35","version" => "2.052007"},{"date" => "2022-07-12T08:18:54","version" => "2.052008"},{"date" => "2022-07-26T21:00:56","version" => "2.052009"},{"date" => "2022-07-27T21:54:42","version" => "2.052010"},{"date" => "2022-08-01T16:54:16","version" => "2.052011"},{"date" => "2022-08-02T16:05:09","version" => "2.052012"},{"date" => "2022-08-02T20:51:15","version" => "2.053000"},{"date" => "2022-08-02T21:21:25","version" => "2.053001"},{"date" => "2022-08-03T17:05:56","version" => "2.053002"},{"date" => "2022-08-03T21:05:28","version" => "2.053003"},{"date" => "2022-08-04T22:02:30","version" => "2.053004"},{"date" => "2022-08-04T22:11:32","version" => "2.053005"},{"date" => "2022-08-07T22:32:50","version" => "2.053006"},{"date" => "2022-08-09T09:32:35","version" => "2.053007"},{"date" => "2022-08-15T12:46:43","version" => "2.054000"},{"date" => "2022-08-17T10:15:23","version" => "2.055000"},{"date" => "2022-09-02T08:05:05","version" => "2.055001"},{"date" => "2022-09-24T19:09:03","version" => "2.056000"},{"date" => "2022-09-24T19:09:14","version" => "2.057000"},{"date" => "2022-09-24T19:09:26","version" => "2.057001"},{"date" => "2022-09-24T21:42:34","version" => "2.057002"},{"date" => "2022-09-27T15:34:42","version" => "2.057004"},{"date" => "2022-09-28T14:20:19","version" => "2.057005"},{"date" => "2022-09-30T21:07:39","version" => "2.057006"},{"date" => "2022-10-04T12:22:31","version" => "2.057007"},{"date" => "2022-10-18T12:00:41","version" => "2.057008"},{"date" => "2022-11-04T10:29:49","version" => "2.058000"},{"date" => "2022-11-04T15:42:53","version" => "2.058001"},{"date" => "2022-11-04T15:54:41","version" => "2.058003"},{"date" => "2022-11-25T15:29:29","version" => "2.059000"},{"date" => "2022-11-26T20:37:56","version" => "2.059001"},{"date" => "2022-12-09T10:32:14","version" => "2.060000"},{"date" => "2022-12-11T16:58:49","version" => "2.060001"},{"date" => "2022-12-13T15:34:56","version" => "2.060002"},{"date" => "2022-12-14T16:55:04","version" => "2.060003"},{"date" => "2023-01-11T15:14:43","version" => "2.060004"},{"date" => "2023-02-21T14:22:36","version" => "2.060005"},{"date" => "2023-03-03T15:43:58","version" => "2.060007"},{"date" => "2023-03-08T17:21:35","version" => "2.060008"},{"date" => "2023-03-10T18:09:47","version" => "2.060009"},{"date" => "2023-03-10T18:12:29","version" => "2.060010"},{"date" => "2023-03-29T10:43:01","version" => "2.061000"},{"date" => "2023-04-27T15:33:52","version" => "2.061001"},{"date" => "2023-05-30T08:58:07","version" => "2.062000"},{"date" => "2023-06-05T17:02:14","version" => "2.062001"},{"date" => "2023-06-06T06:07:49","version" => "2.062002"},{"date" => "2023-06-20T09:11:03","version" => "2.062003"},{"date" => "2023-06-26T17:00:40","version" => "2.062004"},{"date" => "2023-06-26T18:35:55","version" => "2.062005"},{"date" => "2023-06-28T09:03:56","version" => "2.063000"},{"date" => "2023-06-28T16:06:44","version" => "2.063001"},{"date" => "2023-07-14T21:25:14","version" => "2.063002"},{"date" => "2023-07-15T10:11:43","version" => "2.063004"},{"date" => "2023-07-22T09:17:38","version" => "2.064000"},{"date" => "2023-07-25T12:03:07","version" => "2.064001"},{"date" => "2023-08-13T15:06:31","version" => "2.065000"},{"date" => "2023-08-13T18:47:39","version" => "2.065001"},{"date" => "2023-09-03T08:12:02","version" => "2.065002"},{"date" => "2023-09-19T18:11:32","version" => "2.066000"},{"date" => "2023-09-27T13:20:00","version" => "2.067001"},{"date" => "2023-09-27T13:27:43","version" => "2.067002"},{"date" => "2023-10-27T14:38:37","version" => "2.068000"},{"date" => "2023-11-01T21:58:28","version" => "2.068001"},{"date" => "2023-11-12T07:36:25","version" => "2.069000"},{"date" => "2023-11-14T19:10:46","version" => "2.070000"},{"date" => "2023-11-15T11:29:20","version" => "2.070001"},{"date" => "2023-11-21T16:01:49","version" => "2.070002"},{"date" => "2023-11-24T20:50:38","version" => "2.070003"},{"date" => "2023-12-07T08:00:38","version" => "2.071000"},{"date" => "2023-12-07T15:51:30","version" => "2.071001"},{"date" => "2024-01-06T14:13:03","version" => "2.071002"},{"date" => "2024-01-10T20:49:02","version" => "2.071003"},{"date" => "2024-01-14T16:49:02","version" => "2.072000"},{"date" => "2024-01-15T20:04:01","version" => "2.072001"},{"date" => "2024-01-21T11:04:41","version" => "2.072002"},{"date" => "2024-02-14T21:31:03","version" => "2.072003"},{"date" => "2024-03-13T15:45:46","version" => "2.073000"},{"date" => "2024-03-13T16:54:38","version" => "2.073001"},{"date" => "2024-03-19T09:53:20","version" => "2.074000"},{"date" => "2024-03-19T17:08:31","version" => "2.074001"},{"date" => "2024-04-08T18:12:37","version" => "2.075000"},{"date" => "2024-04-09T10:16:31","version" => "2.075001"},{"date" => "2024-04-10T10:43:31","version" => "2.075002"},{"date" => "2024-04-12T10:31:45","version" => "2.075003"},{"date" => "2024-04-22T16:27:19","version" => "2.076000"},{"date" => "2024-04-24T20:20:10","version" => "2.076001"},{"date" => "2024-04-30T16:36:08","version" => "2.076002"},{"date" => "2024-05-03T14:28:39","version" => "2.076004"},{"date" => "2024-05-20T18:19:33","version" => "2.076005"},{"date" => "2024-08-10T18:36:30","version" => "2.076006"},{"date" => "2024-08-15T09:14:32","version" => "2.077000"},{"date" => "2024-08-15T10:17:44","version" => "2.077001"},{"date" => "2024-08-15T10:52:40","version" => "2.077002"},{"date" => "2024-08-15T19:54:33","version" => "2.077003"},{"date" => "2024-08-15T21:20:21","version" => "2.077004"},{"date" => "2024-08-16T00:14:40","version" => "2.077005"},{"date" => "2024-08-18T06:35:14","version" => "2.077006"},{"date" => "2024-08-18T12:19:30","version" => "2.077007"},{"date" => "2024-08-19T06:08:24","version" => "2.077008"},{"date" => "2024-08-19T11:03:29","version" => "2.077009"},{"date" => "2024-08-23T09:20:50","version" => "2.077010"},{"date" => "2024-08-23T10:06:31","version" => "2.077011"},{"date" => "2024-08-27T08:13:19","version" => "2.078000"},{"date" => "2024-09-12T20:31:33","version" => "2.079000"},{"date" => "2024-09-13T12:33:44","version" => "2.079001"},{"date" => "2024-10-29T18:29:18","version" => "2.080000"},{"date" => "2024-10-29T22:40:05","version" => "2.080001"},{"date" => "2024-10-30T10:32:44","version" => "2.080002"},{"date" => "2024-10-30T14:56:55","version" => "2.080003"},{"date" => "2024-12-30T11:04:42","version" => "2.081000"},{"date" => "2024-12-30T22:06:11","version" => "2.081001"},{"date" => "2024-12-31T14:05:40","version" => "2.081002"},{"date" => "2024-12-31T18:13:01","version" => "2.081003"},{"date" => "2025-01-19T11:32:49","version" => "2.081004"},{"date" => "2025-01-29T09:05:34","version" => "2.082000"},{"date" => "2025-01-29T09:05:46","version" => "2.082001"},{"date" => "2025-02-02T21:01:02","version" => "2.082002"},{"date" => "2025-02-04T20:24:13","version" => "2.082003"},{"date" => "2025-02-06T12:37:52","version" => "2.083000"},{"date" => "2025-02-06T13:18:05","version" => "2.083001"},{"date" => "2025-03-05T17:35:07","version" => "2.084000"},{"date" => "2025-03-09T18:50:08","version" => "2.084001"},{"date" => "2025-04-19T14:09:15","version" => "2.084002"},{"date" => "2025-04-26T18:03:12","version" => "2.085000"},{"date" => "2025-05-02T11:38:20","version" => "2.085001"},{"date" => "2025-05-22T04:57:55","version" => "2.085002"},{"date" => "2025-05-24T17:59:36","version" => "2.085003"},{"date" => "2025-06-03T17:29:52","version" => "2.086000"},{"date" => "2025-06-04T16:09:11","version" => "2.086001"},{"date" => "2025-06-18T16:02:11","version" => "2.086002"},{"date" => "2025-06-21T21:19:20","version" => "2.086003"},{"date" => "2025-07-14T06:58:58","version" => "2.087000"},{"date" => "2025-08-20T08:48:08","version" => "2.087001"},{"date" => "2025-08-26T19:48:48","version" => "2.088000"},{"date" => "2025-08-26T20:55:03","version" => "2.088001"},{"date" => "2025-08-31T18:25:51","version" => "2.088002"},{"date" => "2025-09-02T16:27:31","version" => "2.088003"},{"date" => "2025-09-05T14:23:42","version" => "2.088004"},{"date" => "2025-09-07T21:39:05","version" => "2.089000"},{"date" => "2025-09-07T22:24:00","version" => "2.089001"},{"date" => "2025-09-12T08:53:38","version" => "2.089002"},{"date" => "2025-09-21T12:24:20","version" => "2.089003"},{"date" => "2025-09-21T17:24:33","version" => "2.089004"},{"date" => "2025-09-21T19:32:52","version" => "2.090000"},{"date" => "2025-09-25T11:53:09","version" => "2.090001"},{"date" => "2025-09-25T14:07:38","version" => "2.090002"},{"date" => "2025-09-30T18:57:58","version" => "2.091000"},{"date" => "2025-10-09T13:32:39","version" => "2.091001"},{"date" => "2025-10-19T21:09:39","version" => "2.092000"},{"date" => "2025-10-21T13:26:48","version" => "2.092001"},{"date" => "2025-10-22T15:55:40","version" => "2.092002"},{"date" => "2025-10-24T15:11:24","version" => "2.093000"},{"date" => "2025-10-24T15:34:57","version" => "2.093001"},{"date" => "2025-10-25T18:33:51","version" => "2.094000"},{"date" => "2025-10-29T13:02:15","version" => "2.094001"},{"date" => "2025-10-29T21:19:58","version" => "2.094002"},{"date" => "2025-11-03T21:28:10","version" => "2.094003"},{"date" => "2025-11-15T12:44:12","version" => "2.095000"},{"date" => "2025-11-15T17:24:25","version" => "2.095001"},{"date" => "2025-11-16T18:08:46","version" => "2.095002"},{"date" => "2025-11-18T20:13:49","version" => "2.095003"},{"date" => "2025-11-23T19:49:42","version" => "2.095004"},{"date" => "2025-11-30T16:31:48","version" => "2.095005"},{"date" => "2025-11-30T18:18:11","version" => "2.095006"},{"date" => "2025-12-07T20:39:51","version" => "2.096000"},{"date" => "2025-12-13T16:24:36","version" => "2.096001"},{"date" => "2025-12-16T12:26:36","version" => "2.097000"},{"date" => "2026-01-08T22:37:02","version" => "2.097001"},{"date" => "2026-01-09T10:32:45","version" => "2.097002"},{"date" => "2026-02-21T11:16:58","version" => "2.097003"}]},"App-cpanminus" => {"advisories" => [{"affected_versions" => ["<=1.7044"],"cves" => ["CVE-2020-16154"],"description" => "The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.\n","distribution" => "App-cpanminus","fixed_versions" => [">=1.7045"],"id" => "CPANSA-App-cpanminus-2020-01","references" => ["https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/","https://metacpan.org/pod/App::cpanminus","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","https://access.redhat.com/security/cve/cve-2020-16154","https://security-tracker.debian.org/tracker/CVE-2020-16154","https://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html","https://github.com/miyagawa/cpanminus/pull/638"],"reported" => "2020-07-30"},{"affected_versions" => [">0"],"cves" => ["CVE-2024-45321"],"description" => "The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.\n","distribution" => "App-cpanminus","fixed_versions" => [],"id" => "CPANSA-App-cpanminus-2024-45321","references" => ["https://github.com/miyagawa/cpanminus/issues/611","https://github.com/miyagawa/cpanminus/pull/674","https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html"],"reported" => "2024-08-27"}],"main_module" => "App::cpanminus","versions" => [{"date" => "2010-02-20T02:27:00","version" => "0.01"},{"date" => "2010-02-20T03:14:10","version" => "0.02"},{"date" => "2010-02-20T03:39:56","version" => "0.03"},{"date" => "2010-02-20T05:04:01","version" => "0.04"},{"date" => "2010-02-20T05:16:03","version" => "0.05"},{"date" => "2010-02-20T05:48:44","version" => "0.06"},{"date" => "2010-02-20T20:20:08","version" => "0.07"},{"date" => "2010-02-20T23:41:01","version" => "0.08"},{"date" => "2010-02-21T07:48:49","version" => "0.09"},{"date" => "2010-02-23T20:52:46","version" => "0.99_01"},{"date" => "2010-02-24T06:20:33","version" => "0.99_02"},{"date" => "2010-02-24T07:05:47","version" => "0.99_03"},{"date" => "2010-02-25T17:20:05","version" => "0.99_04"},{"date" => "2010-02-25T22:42:22","version" => "0.99_05"},{"date" => "2010-02-25T22:51:43","version" => "0.99_06"},{"date" => "2010-02-28T05:14:30","version" => "0.99_07"},{"date" => "2010-03-01T05:59:15","version" => "0.9910"},{"date" => "2010-03-02T00:29:51","version" => "0.9911"},{"date" => "2010-03-03T02:55:22","version" => "0.9912"},{"date" => "2010-03-03T03:21:59","version" => "0.9913"},{"date" => "2010-03-04T08:42:03","version" => "0.9914"},{"date" => "2010-03-04T09:58:11","version" => "0.9915"},{"date" => "2010-03-04T19:35:22","version" => "0.9916"},{"date" => "2010-03-09T13:58:32","version" => "0.9917"},{"date" => "2010-03-10T02:26:03","version" => "0.9918"},{"date" => "2010-03-10T02:41:31","version" => "0.9919"},{"date" => "2010-03-10T09:49:22","version" => "0.99_20"},{"date" => "2010-03-10T15:03:38","version" => "0.9921"},{"date" => "2010-03-11T02:01:28","version" => "0.9922"},{"date" => "2010-03-16T00:07:01","version" => "0.9923"},{"date" => "2010-03-22T05:05:33","version" => "0.99_24"},{"date" => "2010-03-23T02:54:44","version" => "0.99_25"},{"date" => "2010-03-23T03:24:34","version" => "0.99_26"},{"date" => "2010-03-23T18:24:55","version" => "0.9927"},{"date" => "2010-03-26T05:09:12","version" => "0.9928"},{"date" => "2010-03-27T04:42:41","version" => "0.9929"},{"date" => "2010-03-30T21:29:41","version" => "0.9930"},{"date" => "2010-04-05T01:18:12","version" => "0.9931"},{"date" => "2010-04-05T23:28:11","version" => "0.9932"},{"date" => "2010-04-11T07:51:27","version" => "0.99_33"},{"date" => "2010-04-11T11:55:44","version" => "0.9934"},{"date" => "2010-04-12T11:09:47","version" => "0.999_01"},{"date" => "2010-04-13T07:11:08","version" => "0.999_02"},{"date" => "2010-04-14T09:29:25","version" => "0.999_03"},{"date" => "2010-04-14T09:30:52","version" => "0.9935"},{"date" => "2010-04-19T06:23:01","version" => "0.999_04"},{"date" => "2010-04-21T11:40:46","version" => "0.999_05"},{"date" => "2010-04-21T11:53:47","version" => "0.9936"},{"date" => "2010-04-24T08:23:24","version" => "1.0000"},{"date" => "2010-04-24T08:26:40","version" => "1.0001"},{"date" => "2010-05-02T03:51:09","version" => "1.0002"},{"date" => "2010-05-04T23:16:18","version" => "1.0003"},{"date" => "2010-05-14T23:10:54","version" => "1.0004"},{"date" => "2010-07-02T23:39:32","version" => "1.0005"},{"date" => "2010-07-02T23:54:14","version" => "1.0006"},{"date" => "2010-07-30T19:55:47","version" => "1.0010"},{"date" => "2010-08-18T23:42:36","version" => "1.0011"},{"date" => "2010-08-20T19:58:19","version" => "1.0012"},{"date" => "2010-09-12T19:54:17","version" => "1.0013"},{"date" => "2010-09-21T19:43:20","version" => "1.0014"},{"date" => "2010-09-24T23:52:00","version" => "1.0015"},{"date" => "2010-11-12T07:57:33","version" => "1.1000"},{"date" => "2010-11-12T20:37:49","version" => "1.1001"},{"date" => "2010-11-17T02:28:44","version" => "1.1002"},{"date" => "2010-11-25T09:18:34","version" => "1.1003"},{"date" => "2010-11-30T18:07:12","version" => "1.1004"},{"date" => "2010-12-14T23:08:40","version" => "1.1005"},{"date" => "2010-12-16T19:32:01","version" => "1.1006"},{"date" => "2011-01-18T17:40:16","version" => "1.1007"},{"date" => "2011-01-18T20:54:34","version" => "1.19_01"},{"date" => "2011-01-18T22:11:52","version" => "1.19_02"},{"date" => "2011-01-26T22:08:11","version" => "1.1008"},{"date" => "2011-02-16T18:11:52","version" => "1.2000"},{"date" => "2011-02-16T18:55:46","version" => "1.2001"},{"date" => "2011-03-01T02:59:25","version" => "1.29_01"},{"date" => "2011-03-02T00:09:00","version" => "1.29_02"},{"date" => "2011-03-02T22:41:40","version" => "1.3000"},{"date" => "2011-03-04T02:35:03","version" => "1.3001"},{"date" => "2011-03-04T03:54:53","version" => "1.30_02"},{"date" => "2011-03-04T08:32:56","version" => "1.30_03"},{"date" => "2011-03-04T08:53:22","version" => "1.30_04"},{"date" => "2011-03-04T09:41:34","version" => "1.30_05"},{"date" => "2011-03-04T22:57:43","version" => "1.30_06"},{"date" => "2011-03-04T23:20:45","version" => "1.30_07"},{"date" => "2011-03-05T00:07:44","version" => "1.30_08"},{"date" => "2011-03-05T02:16:54","version" => "1.30_09"},{"date" => "2011-03-05T22:57:38","version" => "1.30_10"},{"date" => "2011-03-06T09:37:36","version" => "1.30_11"},{"date" => "2011-03-07T03:00:09","version" => "1.30_12"},{"date" => "2011-03-07T18:54:03","version" => "1.30_13"},{"date" => "2011-03-08T09:11:33","version" => "1.4000"},{"date" => "2011-03-08T18:11:57","version" => "1.4001"},{"date" => "2011-03-09T01:57:18","version" => "1.4002"},{"date" => "2011-03-10T02:15:19","version" => "1.4003"},{"date" => "2011-03-10T18:09:34","version" => "1.4004"},{"date" => "2011-05-11T19:49:38","version" => "1.4005"},{"date" => "2011-05-16T17:17:29","version" => "1.4006"},{"date" => "2011-05-17T17:54:45","version" => "1.4007"},{"date" => "2011-06-16T01:00:00","version" => "1.4008"},{"date" => "2011-06-26T17:59:17","version" => "1.49_01"},{"date" => "2011-10-12T09:57:03","version" => "1.49_02"},{"date" => "2011-10-13T06:40:49","version" => "1.5000"},{"date" => "2011-10-13T15:21:16","version" => "1.5001"},{"date" => "2011-10-18T00:13:36","version" => "1.5002"},{"date" => "2011-10-19T07:31:10","version" => "1.5003"},{"date" => "2011-11-08T22:29:31","version" => "1.5004"},{"date" => "2011-11-22T21:31:21","version" => "1.5005"},{"date" => "2011-11-29T19:49:42","version" => "1.5006"},{"date" => "2011-12-20T18:18:50","version" => "1.5007"},{"date" => "2012-03-18T01:23:40","version" => "1.5008"},{"date" => "2012-03-30T16:45:43","version" => "1.5009"},{"date" => "2012-03-31T11:01:47","version" => "1.5010"},{"date" => "2012-04-12T09:59:39","version" => "1.5011"},{"date" => "2012-05-11T03:50:22","version" => "1.5012"},{"date" => "2012-05-12T03:18:19","version" => "1.5013"},{"date" => "2012-06-13T01:34:12","version" => "1.5014"},{"date" => "2012-06-24T22:37:49","version" => "1.5015"},{"date" => "2012-07-17T19:02:48","version" => "1.5016"},{"date" => "2012-07-18T15:41:26","version" => "1.5017"},{"date" => "2012-09-19T05:42:19","version" => "1.5018"},{"date" => "2012-12-22T17:22:02","version" => "1.5019"},{"date" => "2013-01-29T18:32:26","version" => "1.5020"},{"date" => "2013-01-31T08:45:31","version" => "1.5021"},{"date" => "2013-01-31T18:07:46","version" => "1.59_01"},{"date" => "2013-02-01T03:12:10","version" => "1.59_02"},{"date" => "2013-02-01T18:54:58","version" => "1.59_03"},{"date" => "2013-02-03T17:07:16","version" => "1.59_04"},{"date" => "2013-02-04T19:52:48","version" => "1.59_05"},{"date" => "2013-02-05T20:40:30","version" => "1.59_06"},{"date" => "2013-02-06T19:17:51","version" => "1.59_07"},{"date" => "2013-02-06T19:32:27","version" => "1.59_08"},{"date" => "2013-02-07T09:59:04","version" => "1.59_09"},{"date" => "2013-02-08T00:29:16","version" => "1.59_10"},{"date" => "2013-02-11T22:12:12","version" => "1.59_11"},{"date" => "2013-02-14T02:15:12","version" => "1.59_12"},{"date" => "2013-02-25T20:16:34","version" => "1.59_13"},{"date" => "2013-02-26T17:57:00","version" => "1.6000"},{"date" => "2013-02-27T01:04:54","version" => "1.6001"},{"date" => "2013-02-27T20:13:45","version" => "1.6002"},{"date" => "2013-03-08T19:03:47","version" => "1.6003"},{"date" => "2013-03-08T19:32:25","version" => "1.6004"},{"date" => "2013-03-08T19:48:06","version" => "1.6005"},{"date" => "2013-03-14T06:00:27","version" => "1.6006"},{"date" => "2013-03-17T21:34:17","version" => "1.6007"},{"date" => "2013-03-19T17:03:36","version" => "1.6008"},{"date" => "2013-03-25T04:10:51","version" => "1.6100"},{"date" => "2013-03-25T20:41:37","version" => "1.6101"},{"date" => "2013-03-28T00:16:09","version" => "1.6102"},{"date" => "2013-03-30T21:36:49","version" => "1.6103"},{"date" => "2013-04-03T01:04:42","version" => "1.6104"},{"date" => "2013-04-05T05:17:38","version" => "1.6105"},{"date" => "2013-04-06T21:19:18","version" => "1.6106"},{"date" => "2013-04-07T04:19:16","version" => "1.6107"},{"date" => "2013-04-13T06:32:52","version" => "1.6108"},{"date" => "2013-04-13T11:48:43","version" => "1.6190"},{"date" => "2013-04-14T03:09:40","version" => "1.6191"},{"date" => "2013-04-14T08:17:32","version" => "1.6192"},{"date" => "2013-04-15T07:37:08","version" => "1.6193"},{"date" => "2013-04-15T07:42:51","version" => "1.6900"},{"date" => "2013-04-21T00:50:44","version" => "1.6901"},{"date" => "2013-04-21T01:06:02","version" => "1.6109"},{"date" => "2013-04-21T01:18:10","version" => "1.6902"},{"date" => "2013-04-22T01:07:09","version" => "1.6903"},{"date" => "2013-04-24T02:24:37","version" => "1.6904"},{"date" => "2013-04-24T03:05:21","version" => "1.6905"},{"date" => "2013-04-25T06:20:23","version" => "1.6906"},{"date" => "2013-04-26T18:40:08","version" => "1.6907"},{"date" => "2013-04-27T01:12:17","version" => "1.6908"},{"date" => "2013-04-29T08:49:53","version" => "1.6909"},{"date" => "2013-05-03T07:29:32","version" => "1.6910"},{"date" => "2013-05-04T20:28:02","version" => "1.6911"},{"date" => "2013-05-06T20:59:52","version" => "1.6912"},{"date" => "2013-05-10T00:05:10","version" => "1.6913"},{"date" => "2013-05-12T23:03:52","version" => "1.6914"},{"date" => "2013-05-16T02:01:33","version" => "1.6915"},{"date" => "2013-06-04T10:55:37","version" => "1.6916"},{"date" => "2013-06-05T01:07:33","version" => "1.6917"},{"date" => "2013-06-10T20:03:21","version" => "1.6918"},{"date" => "2013-06-12T15:33:22","version" => "1.6919"},{"date" => "2013-06-14T21:09:54","version" => "1.6920"},{"date" => "2013-06-18T10:19:43","version" => "1.6921"},{"date" => "2013-06-19T20:57:09","version" => "1.6922"},{"date" => "2013-07-04T05:17:11","version" => "1.6923"},{"date" => "2013-07-16T18:38:21","version" => "1.6924"},{"date" => "2013-07-20T05:08:06","version" => "1.6925"},{"date" => "2013-07-20T16:03:14","version" => "1.6926"},{"date" => "2013-07-23T07:45:33","version" => "1.6927"},{"date" => "2013-07-23T21:07:02","version" => "1.6928"},{"date" => "2013-07-24T18:46:29","version" => "1.6929"},{"date" => "2013-07-24T20:48:14","version" => "1.6930"},{"date" => "2013-07-24T21:51:33","version" => "1.6931"},{"date" => "2013-07-24T22:29:04","version" => "1.6932"},{"date" => "2013-07-25T16:58:24","version" => "1.6933"},{"date" => "2013-07-26T23:17:21","version" => "1.6934"},{"date" => "2013-07-31T18:36:57","version" => "1.6935"},{"date" => "2013-08-05T04:37:54","version" => "1.6936"},{"date" => "2013-08-06T01:55:29","version" => "1.6937"},{"date" => "2013-08-06T06:12:45","version" => "1.6938"},{"date" => "2013-08-06T09:55:55","version" => "1.6939"},{"date" => "2013-08-08T19:36:34","version" => "1.6940"},{"date" => "2013-08-20T18:32:44","version" => "1.6941"},{"date" => "2013-08-27T18:11:47","version" => "1.6942"},{"date" => "2013-09-03T23:40:37","version" => "1.6943"},{"date" => "2013-09-04T22:02:21","version" => "1.7000"},{"date" => "2013-09-08T20:12:16","version" => "1.7001"},{"date" => "2013-09-19T05:31:34","version" => "1.7100"},{"date" => "2013-09-19T11:15:59","version" => "1.7101"},{"date" => "2013-09-20T04:33:50","version" => "1.7102"},{"date" => "2014-04-27T05:46:31","version" => "1.7002"},{"date" => "2014-04-27T15:11:46","version" => "1.7003"},{"date" => "2014-04-27T16:23:35","version" => "1.7004"},{"date" => "2014-09-02T04:00:49","version" => "1.7005"},{"date" => "2014-09-02T06:27:35","version" => "1.7006"},{"date" => "2014-09-05T12:04:41","version" => "1.7005"},{"date" => "2014-09-05T22:45:37","version" => "1.7006"},{"date" => "2014-09-09T16:26:54","version" => "1.7007"},{"date" => "2014-09-10T08:19:24","version" => "1.7008"},{"date" => "2014-09-10T08:44:00","version" => "1.7009"},{"date" => "2014-09-17T09:28:23","version" => "1.7010"},{"date" => "2014-09-22T06:08:51","version" => "1.7011"},{"date" => "2014-09-27T02:29:33","version" => "1.7012"},{"date" => "2014-10-07T06:52:45","version" => "1.7013"},{"date" => "2014-10-08T03:54:02","version" => "1.7014"},{"date" => "2014-11-14T21:14:40","version" => "1.7015"},{"date" => "2014-11-16T19:47:26","version" => "1.7016"},{"date" => "2014-11-25T22:01:56","version" => "1.7017"},{"date" => "2014-11-25T22:08:49","version" => "1.7018"},{"date" => "2014-12-04T20:52:24","version" => "1.7019"},{"date" => "2014-12-09T01:54:37","version" => "1.7020"},{"date" => "2014-12-12T05:43:01","version" => "1.7021"},{"date" => "2014-12-13T00:42:15","version" => "1.7022"},{"date" => "2015-01-04T23:00:30","version" => "1.7023"},{"date" => "2015-01-12T21:32:45","version" => "1.7024"},{"date" => "2015-02-07T06:59:17","version" => "1.7025"},{"date" => "2015-02-14T01:12:18","version" => "1.7026"},{"date" => "2015-02-14T20:15:20","version" => "1.7027"},{"date" => "2015-04-17T17:24:16","version" => "1.7028"},{"date" => "2015-04-18T22:16:17","version" => "1.7029"},{"date" => "2015-04-19T12:15:59","version" => "1.7030"},{"date" => "2015-04-22T21:14:17","version" => "1.7031"},{"date" => "2015-04-30T01:52:49","version" => "1.7032"},{"date" => "2015-05-02T00:18:54","version" => "1.7033"},{"date" => "2015-05-07T21:21:07","version" => "1.7034"},{"date" => "2015-06-05T17:51:53","version" => "1.7035"},{"date" => "2015-06-06T05:08:20","version" => "1.7036"},{"date" => "2015-06-18T21:38:47","version" => "1.7037"},{"date" => "2015-06-23T01:05:25","version" => "1.7038"},{"date" => "2015-06-29T01:06:18","version" => "1.7039"},{"date" => "2016-01-07T19:29:19","version" => "1.7040"},{"date" => "2016-05-08T18:29:30","version" => "1.7041"},{"date" => "2016-05-24T07:49:34","version" => "1.7042"},{"date" => "2017-04-03T03:57:15","version" => "1.7043"},{"date" => "2018-04-19T11:54:56","version" => "1.7044"},{"date" => "2018-04-20T12:17:48","version" => "1.7900"},{"date" => "2018-04-20T12:20:35","version" => "1.7901"},{"date" => "2018-04-20T12:43:24","version" => "1.7902"},{"date" => "2018-04-20T14:54:30","version" => "1.7903"},{"date" => "2018-04-20T21:22:56","version" => "1.7904"},{"date" => "2018-04-21T09:40:47","version" => "1.7905"},{"date" => "2018-04-21T10:57:20","version" => "1.9015"},{"date" => "2018-04-21T11:17:58","version" => "1.9016"},{"date" => "2018-04-21T17:31:13","version" => "1.9017"},{"date" => "2018-04-22T13:54:32","version" => "1.9018"},{"date" => "2018-04-25T09:27:31","version" => "1.7906"},{"date" => "2018-04-26T11:36:59","version" => "1.7907"},{"date" => "2022-01-27T03:05:02","version" => "1.7045"},{"date" => "2022-04-27T06:01:26","version" => "1.7046"},{"date" => "2023-07-30T06:01:02","version" => "1.7047"},{"date" => "2024-10-29T18:49:03","version" => "1.7048"},{"date" => "2026-03-17T00:38:08","version" => "1.7049"}]},"App-japerl" => {"advisories" => [{"affected_versions" => ["<0.09"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "App-japerl","fixed_versions" => [">=0.09"],"id" => "CPANSA-App-japerl-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "App::japerl","versions" => [{"date" => "2018-09-07T15:19:24","version" => "0.10"},{"date" => "2018-09-08T15:07:20","version" => "0.11"},{"date" => "2019-07-14T03:35:18","version" => "0.12"},{"date" => "2021-02-18T14:03:58","version" => "0.13"},{"date" => "2021-09-18T18:20:37","version" => "0.14"},{"date" => "2023-03-25T01:04:11","version" => "0.15"}]},"App-perlall" => {"advisories" => [{"affected_versions" => ["<0.33"],"cves" => ["CVE-2013-1667"],"description" => "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.\n","distribution" => "App-perlall","fixed_versions" => [">=0.33"],"id" => "CPANSA-App-perlall-2013-1667","references" => ["http://www.securityfocus.com/bid/58311","http://perl5.git.perl.org/perl.git/commitdiff/d59e31f","http://perl5.git.perl.org/perl.git/commitdiff/9d83adc","http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html","http://www.debian.org/security/2013/dsa-2641","http://secunia.com/advisories/52499","http://secunia.com/advisories/52472","https://bugzilla.redhat.com/show_bug.cgi?id=912276","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296","http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5","http://osvdb.org/90892","http://www.ubuntu.com/usn/USN-1770-1","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html","http://marc.info/?l=bugtraq&m=137891988921058&w=2","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/82598","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"],"reported" => "2013-03-14","severity" => undef}],"main_module" => "App::perlall","versions" => [{"date" => "2011-12-23T21:52:22","version" => "0.01"},{"date" => "2011-12-24T00:56:03","version" => "0.02"},{"date" => "2012-01-06T17:07:08","version" => "0.03"},{"date" => "2012-01-09T22:05:35","version" => "0.04"},{"date" => "2012-01-31T21:18:20","version" => "0.05"},{"date" => "2012-02-06T23:12:27","version" => "0.06"},{"date" => "2012-02-07T20:52:55","version" => "0.07"},{"date" => "2012-02-23T10:35:50","version" => "0.08"},{"date" => "2012-03-22T18:24:53","version" => "0.09"},{"date" => "2012-05-03T13:44:26","version" => "0.10"},{"date" => "2012-05-05T02:22:56","version" => "0.11"},{"date" => "2012-05-05T14:18:09","version" => "0.12"},{"date" => "2012-05-29T15:34:02","version" => "0.13"},{"date" => "2012-06-07T16:07:09","version" => "0.14"},{"date" => "2012-07-18T17:55:03","version" => "0.15"},{"date" => "2012-07-18T18:05:33","version" => "0.15_01"},{"date" => "2012-07-19T19:07:14","version" => "0.16"},{"date" => "2012-08-06T15:11:54","version" => "0.17"},{"date" => "2012-11-06T22:12:59","version" => "0.18"},{"date" => "2012-11-08T15:37:31","version" => "0.19"},{"date" => "2012-11-08T15:50:30","version" => "0.20"},{"date" => "2012-11-08T18:53:37","version" => "0.21"},{"date" => "2012-11-09T22:04:21","version" => "0.22"},{"date" => "2012-11-11T19:50:41","version" => "0.23"},{"date" => "2012-11-13T20:46:09","version" => "0.25"},{"date" => "2012-11-13T22:45:49","version" => "0.26"},{"date" => "2012-11-15T16:26:40","version" => "0.27"},{"date" => "2012-12-13T20:09:18","version" => "0.28"},{"date" => "2012-12-20T22:29:59","version" => "0.29"},{"date" => "2013-01-09T20:22:21","version" => "0.30"},{"date" => "2013-02-04T19:58:18","version" => "0.31"},{"date" => "2013-02-23T21:35:31","version" => "0.32"},{"date" => "2013-03-05T01:04:28","version" => "0.33"},{"date" => "2013-03-05T15:34:37","version" => "0.34"},{"date" => "2013-03-22T22:34:57","version" => "0.35"},{"date" => "2013-07-11T19:58:07","version" => "0.36"},{"date" => "2013-07-13T19:53:25","version" => "0.37"},{"date" => "2013-10-23T15:58:48","version" => "0.39"},{"date" => "2013-11-18T16:12:38","version" => "0.40"},{"date" => "2013-12-03T17:08:11","version" => "0.41"},{"date" => "2013-12-06T18:40:51","version" => "0.42"},{"date" => "2013-12-09T18:31:19","version" => "0.43"},{"date" => "2014-01-11T23:39:19","version" => "0.44"},{"date" => "2014-07-25T13:36:23","version" => "0.45"},{"date" => "2014-08-10T01:42:03","version" => "0.46"},{"date" => "2015-07-08T07:43:56","version" => "0.47"},{"date" => "2015-10-06T09:33:35","version" => "0.48"},{"date" => "2015-11-27T15:53:11","version" => "0.49"},{"date" => "2016-06-12T12:48:37","version" => "0.50"},{"date" => "2019-12-10T20:02:45","version" => "0.51"}]},"App-revealup" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.19"],"cves" => ["CVE-2020-8127"],"description" => "Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2020-8127-revealjs","references" => ["https://hackerone.com/reports/691977"],"reported" => "2020-02-28","severity" => "medium"},{"affected_versions" => [">=0.20,<=0.21"],"cves" => ["CVE-2020-8127"],"description" => "Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2020-8127-revealjs","references" => ["https://hackerone.com/reports/691977"],"reported" => "2020-02-28","severity" => "medium"},{"affected_versions" => ["==0.22"],"cves" => ["CVE-2022-0776"],"description" => "Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2022-0776-revealjs","references" => ["https://github.com/hakimel/reveal.js/commit/32cdd3b1872ba8e2267c9e87ae216cb55f40f4d2","https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001","https://github.com/yusukebe/App-revealup/issues/12#issuecomment-1169417411","https://github.com/yusukebe/App-revealup/commit/c8fea67994b1aa6d734066bff9ada4e834b09cb7"],"reported" => "2022-03-01","severity" => "medium"}],"main_module" => "App::revealup","versions" => [{"date" => "2014-05-25T10:34:08","version" => "0.01"},{"date" => "2014-05-25T11:39:22","version" => "0.02"},{"date" => "2014-06-06T08:03:43","version" => "0.03"},{"date" => "2014-06-06T22:08:16","version" => "0.04"},{"date" => "2014-06-11T05:44:23","version" => "0.05"},{"date" => "2014-06-11T06:22:41","version" => "0.06"},{"date" => "2014-06-11T11:27:29","version" => "0.07"},{"date" => "2014-06-16T01:22:48","version" => "0.08"},{"date" => "2014-06-17T02:53:12","version" => "0.09"},{"date" => "2014-07-05T21:47:41","version" => "0.10"},{"date" => "2014-07-05T21:54:30","version" => "0.11"},{"date" => "2014-09-03T20:57:24","version" => "0.12"},{"date" => "2014-09-16T03:40:03","version" => "0.13"},{"date" => "2014-11-07T16:32:52","version" => "0.14"},{"date" => "2014-11-24T06:40:45","version" => "0.15"},{"date" => "2014-12-19T06:25:32","version" => "0.16"},{"date" => "2014-12-19T20:12:33","version" => "0.17"},{"date" => "2014-12-21T22:32:08","version" => "0.18"},{"date" => "2014-12-21T22:43:49","version" => "0.19"},{"date" => "2015-07-07T15:34:28","version" => "0.20"},{"date" => "2015-08-28T12:57:12","version" => "0.21"},{"date" => "2020-02-06T12:53:05","version" => "0.22"},{"date" => "2022-06-29T00:31:20","version" => "0.23"}]},"Archive-Tar" => {"advisories" => [{"affected_versions" => ["<2.28"],"cves" => ["CVE-2018-12015"],"description" => "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.\n","distribution" => "Archive-Tar","fixed_versions" => [">=2.28"],"id" => "CPANSA-Archive-Tar-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-12015","https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5"],"reported" => "2018-06-12","severity" => "medium"},{"affected_versions" => ["<=1.36"],"cves" => ["CVE-2007-4829"],"description" => "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.\n","distribution" => "Archive-Tar","fixed_versions" => [">1.36"],"id" => "CPANSA-Archive-Tar-2007-4829","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=29517","https://bugzilla.redhat.com/show_bug.cgi?id=295021","http://rt.cpan.org/Public/Bug/Display.html?id=30380","https://issues.rpath.com/browse/RPL-1716","http://www.securityfocus.com/bid/26355","http://secunia.com/advisories/27539","http://osvdb.org/40410","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-2","http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml","http://secunia.com/advisories/33116","http://www.vupen.com/english/advisories/2007/3755","https://exchange.xforce.ibmcloud.com/vulnerabilities/38285","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"],"reported" => "2007-11-02","severity" => undef},{"affected_versions" => ["<2.10"],"cves" => ["CVE-2016-1238"],"description" => "'(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.'\n","distribution" => "Archive-Tar","fixed_versions" => [">=2.10"],"id" => "CPANSA-Archive-Tar-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Archive::Tar","versions" => [{"date" => "1998-02-02T06:13:59","version" => "0.071"},{"date" => "1998-04-10T17:07:35","version" => "0.072"},{"date" => "1998-07-30T00:56:03","version" => "0.08"},{"date" => "1999-01-10T02:22:23","version" => "0.20"},{"date" => "1999-02-02T19:01:41","version" => "0.21"},{"date" => "2000-04-28T00:37:46","version" => "0.22"},{"date" => "2003-01-21T23:07:30","version" => "0.23"},{"date" => "2003-03-18T17:08:50","version" => "0.99_01"},{"date" => "2003-03-26T14:57:35","version" => "0.99_02"},{"date" => "2003-04-28T16:01:24","version" => "0.99_03"},{"date" => "2003-04-28T16:57:58","version" => "0.99_04"},{"date" => "2003-04-30T12:52:19","version" => "0.99_05"},{"date" => "2003-05-05T12:06:35","version" => "0.99_06"},{"date" => "2003-05-31T09:27:33","version" => "1.00"},{"date" => "2003-06-08T10:46:56","version" => "1.01"},{"date" => "2003-06-12T09:47:58","version" => "1.02"},{"date" => "2003-06-26T12:52:19","version" => "1.03"},{"date" => "2003-07-27T17:07:50","version" => "1.04"},{"date" => "2003-08-25T13:38:44","version" => "1.05"},{"date" => "2003-10-15T14:35:12","version" => "1.06"},{"date" => "2003-10-17T11:42:14","version" => "1.07"},{"date" => "2004-01-05T12:59:23","version" => "1.08"},{"date" => "2004-05-22T12:32:02","version" => "1.09"},{"date" => "2004-06-11T19:24:06","version" => "1.10"},{"date" => "2004-11-09T16:12:40","version" => "1.20"},{"date" => "2004-11-10T16:04:13","version" => "1.21"},{"date" => "2004-11-21T10:09:52","version" => "1.22"},{"date" => "2004-12-03T15:53:06","version" => "1.23"},{"date" => "2005-05-03T13:11:19","version" => "1.24"},{"date" => "2005-08-20T10:14:40","version" => "1.25"},{"date" => "2005-08-22T09:29:53","version" => "1.26"},{"date" => "2006-01-19T13:31:53","version" => "1.28"},{"date" => "2006-03-03T13:56:20","version" => "1.29"},{"date" => "2006-08-02T15:00:41","version" => "1.30"},{"date" => "2007-05-18T12:18:49","version" => "1.31"},{"date" => "2007-05-25T09:32:48","version" => "1.32"},{"date" => "2007-08-15T14:20:33","version" => "1.34"},{"date" => "2007-09-16T09:13:21","version" => "1.36"},{"date" => "2007-11-11T11:59:00","version" => "1.37_01"},{"date" => "2007-12-24T11:02:07","version" => "1.38"},{"date" => "2008-08-22T16:33:49","version" => "1.39_01"},{"date" => "2008-08-25T03:56:58","version" => "1.39_02"},{"date" => "2008-08-25T22:07:56","version" => "1.39_03"},{"date" => "2008-09-08T12:14:37","version" => "1.39_04"},{"date" => "2008-10-13T13:42:10","version" => "1.40"},{"date" => "2008-12-13T17:10:15","version" => "1.42"},{"date" => "2009-01-19T17:08:08","version" => "1.44"},{"date" => "2009-03-05T16:10:06","version" => "1.46"},{"date" => "2009-04-20T17:07:30","version" => "1.48"},{"date" => "2009-06-12T12:01:54","version" => "1.50"},{"date" => "2009-06-13T11:29:50","version" => "1.52"},{"date" => "2009-09-10T12:13:03","version" => "1.54"},{"date" => "2010-02-03T14:40:15","version" => "1.56"},{"date" => "2010-02-17T21:47:16","version" => "1.58"},{"date" => "2010-04-23T14:12:31","version" => "1.60"},{"date" => "2010-06-28T21:02:59","version" => "1.62"},{"date" => "2010-07-09T11:04:45","version" => "1.64"},{"date" => "2010-07-26T08:44:00","version" => "1.66"},{"date" => "2010-08-17T16:06:19","version" => "1.68"},{"date" => "2010-11-15T22:02:53","version" => "1.70"},{"date" => "2010-11-18T19:22:01","version" => "1.72"},{"date" => "2010-12-18T21:19:51","version" => "1.74"},{"date" => "2011-01-07T22:27:40","version" => "1.76"},{"date" => "2011-09-08T22:13:33","version" => "1.78"},{"date" => "2011-10-13T10:25:39","version" => "1.80"},{"date" => "2011-11-21T12:14:43","version" => "1.82"},{"date" => "2012-03-03T00:00:05","version" => "1.84"},{"date" => "2012-05-24T11:38:09","version" => "1.86"},{"date" => "2012-06-01T11:06:25","version" => "1.88"},{"date" => "2012-09-05T18:19:00","version" => "1.90"},{"date" => "2013-06-18T15:13:27","version" => "1.92"},{"date" => "2013-10-22T14:28:22","version" => "0.93_01"},{"date" => "2013-10-22T14:36:08","version" => "1.93_02"},{"date" => "2013-10-24T18:02:48","version" => "1.94"},{"date" => "2013-10-24T19:10:34","version" => "1.96"},{"date" => "2014-06-14T17:12:02","version" => "1.98"},{"date" => "2014-06-15T14:59:24","version" => "2.00"},{"date" => "2014-09-14T18:03:23","version" => "2.02"},{"date" => "2014-12-14T20:13:33","version" => "2.04"},{"date" => "2016-04-24T14:05:11","version" => "2.06"},{"date" => "2016-05-12T08:57:35","version" => "2.08"},{"date" => "2016-07-27T12:40:29","version" => "2.10"},{"date" => "2016-10-16T11:27:58","version" => "2.12"},{"date" => "2016-10-20T12:38:57","version" => "2.14"},{"date" => "2016-11-01T19:19:36","version" => "2.16"},{"date" => "2016-11-07T13:36:15","version" => "2.18"},{"date" => "2016-12-15T10:54:40","version" => "2.20"},{"date" => "2016-12-16T09:46:28","version" => "2.22"},{"date" => "2016-12-16T15:27:38","version" => "2.24"},{"date" => "2017-05-12T12:46:05","version" => "2.26"},{"date" => "2018-06-08T10:57:04","version" => "2.28"},{"date" => "2018-06-19T11:55:28","version" => "2.30"},{"date" => "2018-09-13T07:17:10","version" => "2.32"},{"date" => "2020-02-01T16:41:47","version" => "2.34"},{"date" => "2020-02-02T13:34:34","version" => "2.36"},{"date" => "2020-06-25T07:51:56","version" => "2.38"},{"date" => "2021-07-27T09:51:54","version" => "2.40"},{"date" => "2023-03-25T12:10:20","version" => "3.00"},{"date" => "2023-04-12T23:09:11","version" => "3.02"},{"date" => "2025-02-25T20:25:09","version" => "3.04"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "1.26_01"},{"date" => "2006-08-15T00:00:00","dual_lived" => 1,"perl_release" => "5.009004","version" => "1.30_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.04_01"},{"date" => "2018-11-29T00:00:00","dual_lived" => 1,"perl_release" => "5.026003","version" => "2.24_01"},{"date" => "2023-12-30T00:00:00","dual_lived" => 1,"perl_release" => "5.039006","version" => "3.02_001"}]},"Archive-Unzip-Burst" => {"advisories" => [{"affected_versions" => [">=0.01"],"comment" => "0.09 is the latest version, so all versions are affected","cves" => ["CVE-2022-4976"],"description" => "Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities.  The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2022-4976","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=143547"],"reported" => "2025-06-12","severity" => undef},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8141"],"description" => "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8141-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174856","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8140"],"description" => "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8140-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174851","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8139"],"description" => "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8139-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174844"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8141"],"description" => "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8141-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174856","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8140"],"description" => "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8140-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174851","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8139"],"description" => "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8139-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174844"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Archive::Unzip::Burst","versions" => [{"date" => "2007-07-29T11:01:34","version" => "0.01"},{"date" => "2007-08-30T13:06:24","version" => "0.02"},{"date" => "2007-09-05T15:27:53","version" => "0.02_01"},{"date" => "2008-05-16T12:03:35","version" => "0.02_02"},{"date" => "2015-01-15T02:22:44","version" => "0.03"},{"date" => "2016-05-01T14:28:01","version" => "0.04"},{"date" => "2016-05-02T04:28:22","version" => "0.05"},{"date" => "2016-05-07T01:31:26","version" => "0.06"},{"date" => "2016-05-08T17:38:43","version" => "0.07"},{"date" => "2016-05-08T17:42:49","version" => "0.08"},{"date" => "2018-03-16T20:38:14","version" => "0.09"},{"date" => "2025-05-19T13:29:32","version" => "0.03"}]},"Archive-Zip" => {"advisories" => [{"affected_versions" => ["<1.61"],"cves" => ["CVE-2018-10860"],"description" => "perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.\n","distribution" => "Archive-Zip","fixed_versions" => [],"id" => "CPANSA-Archive-Zip-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-10860","https://github.com/redhotpenguin/perl-Archive-Zip/pull/33"],"reported" => "2018-06-28","severity" => "medium"},{"affected_versions" => ["<1.14"],"cves" => ["CVE-2004-1096"],"description" => "Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.\n","distribution" => "Archive-Zip","fixed_versions" => [],"id" => "CPANSA-Archive-Zip-2004-1096","references" => ["http://www.securityfocus.com/bid/11448","http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml","http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true","http://www.kb.cert.org/vuls/id/492545","http://secunia.com/advisories/13038/","http://www.mandriva.com/security/advisories?name=MDKSA-2004:118","https://exchange.xforce.ibmcloud.com/vulnerabilities/17761"],"reported" => "2005-01-10","severity" => undef}],"main_module" => "Archive::Zip","versions" => [{"date" => "2000-03-22T00:10:21","version" => "0.06"},{"date" => "2000-03-29T17:03:46","version" => "0.07"},{"date" => "2000-06-16T16:48:41","version" => "0.09"},{"date" => "2000-08-08T20:56:31","version" => "0.10"},{"date" => "2001-01-17T08:06:58","version" => "0.11"},{"date" => "2002-04-22T15:32:49","version" => "1.00"},{"date" => "2002-05-11T02:45:20","version" => "1.01"},{"date" => "2002-08-24T00:19:19","version" => "1.02"},{"date" => "2002-09-03T04:40:33","version" => "1.03"},{"date" => "2002-09-11T15:17:37","version" => "1.04"},{"date" => "2002-09-11T19:35:26","version" => "1.05"},{"date" => "2003-07-17T18:18:14","version" => "1.06"},{"date" => "2003-10-20T13:59:00","version" => "1.07"},{"date" => "2003-10-21T17:04:03","version" => "1.08"},{"date" => "2003-11-27T18:02:03","version" => "1.09"},{"date" => "2004-03-25T14:39:05","version" => "1.10"},{"date" => "2004-07-05T23:25:19","version" => "1_11"},{"date" => "2004-07-08T17:31:27","version" => "1.11"},{"date" => "2004-07-08T19:14:46","version" => "1.12"},{"date" => "2004-07-27T22:50:39","version" => "1.12_02"},{"date" => "2004-07-29T15:15:49","version" => "1.12_03"},{"date" => "2004-08-23T15:39:23","version" => "1.13"},{"date" => "2004-10-21T15:28:12","version" => "1.14"},{"date" => "2005-03-10T04:34:04","version" => "1.15_01"},{"date" => "2005-03-12T15:29:48","version" => "1.15_02"},{"date" => "2005-06-22T18:29:34","version" => "1.15"},{"date" => "2005-07-04T17:55:17","version" => "1.16"},{"date" => "2006-04-30T03:53:15","version" => "1.17_01"},{"date" => "2006-05-07T02:49:30","version" => "1.17_02"},{"date" => "2006-09-15T15:56:10","version" => "1.17_03"},{"date" => "2006-10-24T15:06:32","version" => "1.17_05"},{"date" => "2006-10-25T12:24:52","version" => "1.18"},{"date" => "2007-06-05T01:50:42","version" => "1.20"},{"date" => "2007-11-01T02:59:20","version" => "1.21"},{"date" => "2007-11-02T01:52:47","version" => "1.22"},{"date" => "2007-11-07T13:04:41","version" => "1.23"},{"date" => "2008-08-23T23:35:50","version" => "1.24"},{"date" => "2008-10-10T05:28:17","version" => "1.25"},{"date" => "2008-10-12T14:13:05","version" => "1.26"},{"date" => "2008-12-16T13:23:21","version" => "1.27_01"},{"date" => "2009-06-16T10:09:03","version" => "1.28"},{"date" => "2009-06-29T13:27:17","version" => "1.29"},{"date" => "2009-06-30T14:13:29","version" => "1.30"},{"date" => "2010-03-05T05:11:20","version" => "1.31_01"},{"date" => "2011-03-08T15:52:02","version" => "1.31_02"},{"date" => "2011-08-23T03:42:14","version" => "1.31_03"},{"date" => "2012-01-23T06:28:16","version" => "1.31_04"},{"date" => "2013-11-09T00:05:06","version" => "1.32"},{"date" => "2013-11-10T03:50:45","version" => "1.33"},{"date" => "2013-12-02T22:16:54","version" => "1.34"},{"date" => "2013-12-30T19:16:52","version" => "1.35"},{"date" => "2013-12-30T22:12:14","version" => "1.36"},{"date" => "2014-01-13T18:32:19","version" => "1.37"},{"date" => "2014-09-02T23:23:11","version" => "1.38"},{"date" => "2014-10-22T04:17:15","version" => "1.39"},{"date" => "2015-01-05T05:58:46","version" => "1.40"},{"date" => "2015-01-10T02:47:42","version" => "1.41"},{"date" => "2015-01-12T00:46:36","version" => "1.42"},{"date" => "2015-01-15T06:37:32","version" => "1.43"},{"date" => "2015-01-24T06:12:21","version" => "1.44"},{"date" => "2015-01-27T07:51:17","version" => "1.45"},{"date" => "2015-03-25T05:19:23","version" => "1.46"},{"date" => "2015-06-17T18:26:02","version" => "1.47"},{"date" => "2015-06-18T21:13:37","version" => "1.48"},{"date" => "2015-07-31T19:01:40","version" => "1.49"},{"date" => "2015-08-26T00:11:35","version" => "1.50"},{"date" => "2015-09-22T06:03:54","version" => "1.51"},{"date" => "2015-09-23T17:43:44","version" => "1.53"},{"date" => "2015-12-04T19:36:41","version" => "1.55"},{"date" => "2015-12-17T18:29:06","version" => "1.56"},{"date" => "2016-04-01T18:06:36","version" => "1.57"},{"date" => "2016-08-02T17:50:20","version" => "1.58"},{"date" => "2016-08-11T20:09:16","version" => "1.59"},{"date" => "2017-12-19T18:44:16","version" => "1.60"},{"date" => "2018-08-19T03:35:10","version" => "1.61"},{"date" => "2018-08-20T03:29:01","version" => "1.62"},{"date" => "2018-08-22T15:42:15","version" => "1.63"},{"date" => "2018-09-12T15:50:29","version" => "1.64"},{"date" => "2019-09-08T05:20:03","version" => "1.65"},{"date" => "2019-09-17T04:37:32","version" => "1.66"},{"date" => "2019-10-07T04:30:05","version" => "1.67"},{"date" => "2020-03-12T17:59:46","version" => "1.68"}]},"Authen-DigestMD5" => {"advisories" => [{"affected_versions" => [">=0.01"],"comment" => "The report incorrectly reports 0.02, although this problem is present in 0.04, which is the latest version","cves" => ["CVE-2025-40919"],"description" => "Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.  The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  According to RFC 2831, \"The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.\"","distribution" => "Authen-DigestMD5","fixed_versions" => [],"id" => "CPANSA-Authen-DigestMD5-2025-40919","references" => ["https://datatracker.ietf.org/doc/html/rfc2831","https://metacpan.org/release/SALVA/Authen-DigestMD5-0.01/source/DigestMD5.pm#L126"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Authen::DigestMD5","versions" => [{"date" => "2003-10-29T00:00:32","version" => "0.01"},{"date" => "2003-10-29T17:18:03","version" => "0.02"},{"date" => "2003-11-08T21:21:26","version" => "0.03"},{"date" => "2003-11-08T22:58:09","version" => "0.04"}]},"Authen-SASL" => {"advisories" => [{"affected_versions" => [">=2.04,<=2.1900"],"cves" => ["CVE-2025-40918"],"description" => "Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.  The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation  depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.","distribution" => "Authen-SASL","fixed_versions" => [">=2.1900"],"id" => "CPANSA-Authen-SASL-2025-40918","references" => ["https://datatracker.ietf.org/doc/html/rfc2831","https://github.com/gbarr/perl-authen-sasl/pull/22","https://metacpan.org/dist/Authen-SASL/source/lib/Authen/SASL/Perl/DIGEST_MD5.pm#L263","https://security.metacpan.org/patches/A/Authen-SASL/2.1800/CVE-2025-40918-r1.patch"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Authen::SASL","versions" => [{"date" => "2002-01-31T17:03:51","version" => "2.00"},{"date" => "2002-03-31T14:44:21","version" => "2.01"},{"date" => "2002-05-28T14:24:59","version" => "2.02"},{"date" => "2003-01-21T19:16:46","version" => "2.03"},{"date" => "2003-05-19T21:44:39","version" => "2.04"},{"date" => "2003-10-17T21:16:45","version" => "2.05"},{"date" => "2003-11-01T21:26:08","version" => "2.06"},{"date" => "2004-04-10T08:18:07","version" => "2.07"},{"date" => "2004-05-25T10:31:46","version" => "2.08"},{"date" => "2005-04-26T13:37:18","version" => "2.09"},{"date" => "2006-03-25T23:40:21","version" => "2.10"},{"date" => "2008-04-21T15:43:42","version" => "2.11"},{"date" => "2008-07-01T02:59:22","version" => "2.12"},{"date" => "2009-09-24T22:36:34","version" => "2.13"},{"date" => "2010-03-11T15:12:30","version" => "2.14"},{"date" => "2010-03-29T19:28:04","version" => "2.1401"},{"date" => "2010-06-02T18:58:54","version" => "2.15"},{"date" => "2012-09-04T16:12:29","version" => "2.16"},{"date" => "2023-08-09T22:53:31","version" => "2.1700"},{"date" => "2023-08-10T10:19:40","version" => "2.1700"},{"date" => "2025-04-25T16:10:56","version" => "2.1800"},{"date" => "2025-08-05T13:23:40","version" => "2.1900"},{"date" => "2026-01-28T22:01:16","version" => "2.2000"}]},"BSON-XS" => {"advisories" => [{"affected_versions" => ["<=0.8.4"],"cves" => ["CVE-2025-40906","CVE-2017-14227","CVE-2018-16790","CVE-2023-0437","CVE-2024-6381","CVE-2024-6383","CVE-2025-0755"],"description" => "BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.\nThose include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755.\nBSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.\n","distribution" => "BSON-XS","fixed_versions" => [],"id" => "CPANSA-BSON-XS-2025-40906","references" => ["https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html","https://www.mongodb.com/community/forums/t/mongodb-perl-driver-end-of-life/7890"],"reported" => "2025-05-16","severity" => "critical"},{"affected_versions" => [">=0.2.0,<=0.8.4"],"cves" => ["CVE-2024-6383"],"description" => "The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1\n","distribution" => "BSON-XS","fixed_versions" => [],"id" => "CPANSA-BSON-XS-2024-6383-libbson","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2024-6383","https://jira.mongodb.org/browse/CDRIVER-5628"],"reported" => "2024-07-03","severity" => "moderate"}],"main_module" => "BSON::XS","versions" => [{"date" => "2016-10-25T01:44:04","version" => "v0.2.0"},{"date" => "2016-10-27T14:29:08","version" => "v0.2.1"},{"date" => "2016-10-27T21:57:22","version" => "v0.2.2"},{"date" => "2018-05-17T20:38:16","version" => "v0.4.0"},{"date" => "2018-05-25T17:23:21","version" => "v0.4.1"},{"date" => "2018-06-13T14:02:45","version" => "v0.4.2"},{"date" => "2018-07-10T13:54:25","version" => "v0.4.3"},{"date" => "2018-09-13T03:31:32","version" => "v0.4.4"},{"date" => "2018-10-12T01:39:57","version" => "v0.4.5"},{"date" => "2018-10-12T15:51:36","version" => "v0.4.6"},{"date" => "2018-11-29T22:12:13","version" => "v0.6.0"},{"date" => "2019-07-12T18:08:23","version" => "v0.8.0"},{"date" => "2019-08-13T12:22:17","version" => "v0.8.1"},{"date" => "2019-12-05T18:59:17","version" => "v0.8.2"},{"date" => "2020-04-13T14:58:34","version" => "v0.8.3"},{"date" => "2020-08-13T14:54:04","version" => "v0.8.4"}]},"Batch-Batchrun" => {"advisories" => [{"affected_versions" => [">=1.03"],"cves" => ["CVE-2011-4117"],"description" => "The Batch::Batchrun module 1.03 for Perl does not properly handle temporary files.\n","distribution" => "Batch-Batchrun","fixed_versions" => [],"id" => "CPANSA-Batch-Batchrun-2011-4117","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://rt.cpan.org/Public/Bug/Display.html?id=69594"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Batch::Batchrun","versions" => [{"date" => "1999-08-21T20:25:47","version" => "1.03"}]},"Boost-Graph" => {"advisories" => [{"affected_versions" => [">=1.1,<=1.4"],"cves" => ["CVE-2008-0171"],"description" => "regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.\n","distribution" => "Boost-Graph","fixed_versions" => [],"id" => "CPANSA-Boost-Graph-2008-0171-boost","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=205955","http://svn.boost.org/trac/boost/changeset/42674","http://svn.boost.org/trac/boost/changeset/42745","https://issues.rpath.com/browse/RPL-2143","http://www.ubuntu.com/usn/usn-570-1","http://www.securityfocus.com/bid/27325","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html","http://secunia.com/advisories/28545","http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032","http://secunia.com/advisories/28705","http://secunia.com/advisories/28511","http://secunia.com/advisories/28527","http://wiki.rpath.com/Advisories:rPSA-2008-0063","http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml","http://secunia.com/advisories/28943","http://secunia.com/advisories/28860","http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html","http://secunia.com/advisories/29323","http://www.vupen.com/english/advisories/2008/0249","http://secunia.com/advisories/48099","http://www.securityfocus.com/archive/1/488102/100/0/threaded"],"reported" => "2008-01-17","severity" => undef},{"affected_versions" => [">=1.1,<=1.4"],"cves" => ["CVE-2008-0172"],"description" => "The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.\n","distribution" => "Boost-Graph","fixed_versions" => [],"id" => "CPANSA-Boost-Graph-2008-0172-boost","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=205955","http://svn.boost.org/trac/boost/changeset/42674","http://svn.boost.org/trac/boost/changeset/42745","https://issues.rpath.com/browse/RPL-2143","http://www.ubuntu.com/usn/usn-570-1","http://www.securityfocus.com/bid/27325","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html","http://secunia.com/advisories/28545","http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032","http://secunia.com/advisories/28705","http://secunia.com/advisories/28511","http://secunia.com/advisories/28527","http://wiki.rpath.com/Advisories:rPSA-2008-0063","http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml","http://secunia.com/advisories/28943","http://secunia.com/advisories/28860","http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html","http://secunia.com/advisories/29323","http://www.vupen.com/english/advisories/2008/0249","http://secunia.com/advisories/48099","http://www.securityfocus.com/archive/1/488102/100/0/threaded"],"reported" => "2008-01-17","severity" => undef}],"main_module" => "Boost::Graph","versions" => [{"date" => "2006-05-15T23:21:14","version" => "1.1"},{"date" => "2006-06-19T20:32:45","version" => "1.2"},{"date" => "2006-11-13T18:58:01","version" => "1.2"},{"date" => "2007-07-11T18:07:27","version" => "1.4"},{"date" => "2013-11-05T09:24:41","version" => "1.4_001"}]},"CBOR-XS" => {"advisories" => [{"affected_versions" => ["<1.7"],"cves" => [],"description" => "An out-of bound sharedref or stringref index could cause an out of bounds access - might be exploitable. A decoding error during indefinite array or hash decoding could cause an endless loop.\n","distribution" => "CBOR-XS","fixed_versions" => [">=1.7"],"id" => "CPANSA-CBOR-XS-2017-01","references" => ["https://metacpan.org/dist/CBOR-XS/changes"],"reported" => "2017-07-27","severity" => undef}],"main_module" => "CBOR::XS","versions" => [{"date" => "2013-10-25T23:10:42","version" => "0.01"},{"date" => "2013-10-26T11:09:56","version" => "0.02"},{"date" => "2013-10-26T23:04:01","version" => "0.03"},{"date" => "2013-10-27T22:48:22","version" => "0.04"},{"date" => "2013-10-28T21:28:30","version" => "0.05"},{"date" => "2013-10-29T15:57:13","version" => "0.06"},{"date" => "2013-10-29T22:05:30","version" => "0.07"},{"date" => "2013-10-30T10:11:46","version" => "0.08"},{"date" => "2013-11-22T16:19:26","version" => "0.09"},{"date" => "2013-11-28T16:09:19","version" => "1.0"},{"date" => "2013-11-30T18:42:59","version" => "1.1"},{"date" => "2013-12-01T17:11:47","version" => "1.11"},{"date" => "2013-12-03T10:25:03","version" => "1.12"},{"date" => "2013-12-10T21:07:58","version" => "1.2"},{"date" => "2014-01-05T14:25:36","version" => "1.25"},{"date" => "2014-10-25T06:37:38","version" => "1.26"},{"date" => "2015-04-27T20:22:15","version" => "1.3"},{"date" => "2016-02-08T04:38:25","version" => "1.4"},{"date" => "2016-02-25T14:23:47","version" => "1.41"},{"date" => "2016-04-27T09:40:38","version" => "1.5"},{"date" => "2016-12-07T14:14:49","version" => "1.6"},{"date" => "2017-06-27T02:03:48","version" => "1.7"},{"date" => "2018-11-15T19:53:50","version" => "1.71"},{"date" => "2020-11-29T21:36:13","version" => "1.8"},{"date" => "2020-11-30T18:31:32","version" => "1.81"},{"date" => "2020-12-01T01:50:49","version" => "1.82"},{"date" => "2020-12-08T08:30:59","version" => "1.83"},{"date" => "2021-10-21T01:16:11","version" => "1.84"},{"date" => "2021-10-23T03:00:48","version" => "1.85"},{"date" => "2021-11-04T16:50:24","version" => "1.86"},{"date" => "2023-09-10T20:45:43","version" => "1.87"}]},"CGI" => {"advisories" => [{"affected_versions" => ["<3.63"],"cves" => ["CVE-2012-5526"],"description" => "CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.\n","distribution" => "CGI","fixed_versions" => [">=3.63"],"id" => "CPANSA-CGI-2012-5526","references" => ["http://www.securityfocus.com/bid/56562","http://www.openwall.com/lists/oss-security/2012/11/15/6","https://github.com/markstos/CGI.pm/pull/23","http://www.securitytracker.com/id?1027780","http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://www.debian.org/security/2012/dsa-2586","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://secunia.com/advisories/55314","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/80098"],"reported" => "2012-11-21","severity" => undef},{"affected_versions" => ["<3.56"],"cves" => ["CVE-2011-2766"],"description" => "Usage of deprecated FCGI.pm API.\n","distribution" => "CGI","fixed_versions" => [">=3.56"],"id" => "CPANSA-CGI-2011-2766","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=68380","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766"],"reported" => "2011-11-08"},{"affected_versions" => ["<3.50"],"cves" => [],"description" => "Non-random MIME boundary.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-02","reported" => "2010-11-08"},{"affected_versions" => ["<3.49"],"cves" => [],"description" => "Newlines in headers.\n","distribution" => "CGI","fixed_versions" => [">=3.49"],"id" => "CPANSA-CGI-2010-01","reported" => "2010-02-05"},{"affected_versions" => ["<3.50"],"cves" => ["CVE-2010-4411"],"description" => "Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors.  NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-4411","references" => ["http://openwall.com/lists/oss-security/2010/12/01/3","http://www.mandriva.com/security/advisories?name=MDVSA-2011:008","http://www.vupen.com/english/advisories/2011/0106","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.vupen.com/english/advisories/2011/0271","http://www.vupen.com/english/advisories/2011/0212","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://secunia.com/advisories/43068","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"],"reported" => "2010-12-06","severity" => undef},{"affected_versions" => ["<3.50"],"cves" => ["CVE-2010-2761"],"description" => "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-2761","references" => ["https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380","http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes","http://openwall.com/lists/oss-security/2010/12/01/1","http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html","http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm","http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1","http://openwall.com/lists/oss-security/2010/12/01/2","http://openwall.com/lists/oss-security/2010/12/01/3","https://bugzilla.mozilla.org/show_bug.cgi?id=600464","http://osvdb.org/69588","http://osvdb.org/69589","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:237","http://www.vupen.com/english/advisories/2011/0076","http://www.mandriva.com/security/advisories?name=MDVSA-2010:250","http://secunia.com/advisories/42877","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html","http://secunia.com/advisories/43147","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html","http://www.vupen.com/english/advisories/2011/0249","http://www.vupen.com/english/advisories/2011/0271","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://www.vupen.com/english/advisories/2011/0212","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://secunia.com/advisories/43068","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2010-12-06","severity" => undef}],"main_module" => "CGI","versions" => [{"date" => "1995-11-25T09:21:00","version" => "2.10"},{"date" => "1995-12-28T09:08:00","version" => "2.13"},{"date" => "1996-05-22T22:30:00","version" => "2.20"},{"date" => "1996-05-31T05:31:00","version" => "2.21"},{"date" => "1996-08-07T09:24:00","version" => "2.22"},{"date" => "1996-08-14T08:17:00","version" => "2.23"},{"date" => "1996-08-21T09:09:00","version" => "2.24"},{"date" => "1996-09-10T14:23:00","version" => "2.25"},{"date" => "1996-10-22T11:17:00","version" => "2.26"},{"date" => "1996-10-24T18:21:00","version" => "2.27"},{"date" => "1996-12-02T11:48:00","version" => "2.28"},{"date" => "1996-12-09T13:39:00","version" => "2.29"},{"date" => "1997-01-02T16:40:00","version" => "2.30"},{"date" => "1997-02-15T15:36:00","version" => "2.31"},{"date" => "1997-03-25T08:58:00","version" => "2.32"},{"date" => "1997-04-04T20:45:00","version" => "2.33"},{"date" => "1997-04-10T15:41:00","version" => "2.34"},{"date" => "1997-04-20T18:29:00","version" => "2.35"},{"date" => "1997-05-09T09:33:00","version" => "2.36"},{"date" => "1997-08-29T04:42:00","version" => "2.37"},{"date" => "1997-09-15T17:51:00","version" => "2.37"},{"date" => "1997-10-01T04:15:00","version" => "2.37"},{"date" => "1997-10-12T07:10:00","version" => "2.37"},{"date" => "1997-11-23T11:37:00","version" => "2.37"},{"date" => "1997-12-20T09:57:00","version" => "2.37"},{"date" => "1998-01-16T12:22:00","version" => "2.37"},{"date" => "1998-01-19T11:34:00","version" => "2.37"},{"date" => "1998-01-26T11:00:00","version" => "2.37"},{"date" => "1998-01-29T19:48:00","version" => "2.37"},{"date" => "1998-02-02T13:37:00","version" => "2.37"},{"date" => "1998-02-05T08:25:00","version" => "2.37"},{"date" => "1998-02-09T13:58:00","version" => "2.37"},{"date" => "1998-02-16T16:21:00","version" => "2.37"},{"date" => "1998-02-23T08:33:00","version" => "2.37"},{"date" => "1998-02-24T16:52:00","version" => "2.37"},{"date" => "1998-03-13T15:33:00","version" => "2.37"},{"date" => "1998-03-22T21:12:00","version" => "2.38"},{"date" => "1998-03-24T22:37:08","version" => "2.39"},{"date" => "1998-05-20T09:17:00","version" => "2.40"},{"date" => "1998-05-28T15:03:00","version" => "2.41"},{"date" => "1998-06-09T09:00:00","version" => "2.42"},{"date" => "1998-10-14T19:06:31","version" => "2.43"},{"date" => "1998-11-24T19:41:41","version" => "2.44"},{"date" => "1998-11-26T11:07:27","version" => "2.45"},{"date" => "1998-12-06T10:22:46","version" => "2.46"},{"date" => "1999-02-18T03:50:16","version" => "2.47"},{"date" => "1999-02-19T14:10:25","version" => "2.48"},{"date" => "1999-02-23T22:00:33","version" => "2.49"},{"date" => "1999-06-08T15:13:15","version" => "2.52"},{"date" => "1999-06-09T14:56:06","version" => "2.53"},{"date" => "1999-08-09T14:18:33","version" => "2.54"},{"date" => "1999-08-31T17:11:00","version" => "2.55"},{"date" => "1999-09-13T21:11:51","version" => "2.56"},{"date" => "2000-03-23T23:00:12","version" => "2.58"},{"date" => "2000-03-24T12:31:52","version" => "2.59"},{"date" => "2000-03-27T22:11:34","version" => "2.60"},{"date" => "2000-03-28T02:50:18","version" => "2.61"},{"date" => "2000-03-28T21:38:03","version" => "2.62"},{"date" => "2000-04-10T15:19:54","version" => "2.63"},{"date" => "2000-04-11T15:25:13","version" => "2.64"},{"date" => "2000-04-11T15:55:40","version" => "2.65"},{"date" => "2000-04-12T20:16:46","version" => "2.66"},{"date" => "2000-05-16T01:38:08","version" => "2.67"},{"date" => "2000-05-18T17:55:55","version" => "2.68"},{"date" => "2000-07-28T03:06:11","version" => "2.69"},{"date" => "2000-08-04T19:37:27","version" => "2.70"},{"date" => "2000-08-13T16:09:25","version" => "2.71"},{"date" => "2000-08-20T17:35:50","version" => "2.72"},{"date" => "2000-08-24T13:33:37","version" => "3."},{"date" => "2000-09-13T02:55:51","version" => "2.73"},{"date" => "2000-09-13T16:35:14","version" => "2.74"},{"date" => "2001-02-02T15:43:07","version" => "2.75"},{"date" => "2001-02-02T15:50:53","version" => "2.751"},{"date" => "2001-02-04T23:49:27","version" => "2.752"},{"date" => "2001-03-12T17:00:13","version" => "2.753"},{"date" => "2001-06-15T15:33:28","version" => "3.02"},{"date" => "2001-06-29T14:47:39","version" => "3.02_"},{"date" => "2001-07-05T16:13:55","version" => "3.03_01"},{"date" => "2001-07-26T21:29:22","version" => "2.76"},{"date" => "2001-08-07T12:33:22","version" => "2.77"},{"date" => "2001-09-26T02:26:36","version" => "2.78"},{"date" => "2001-12-09T21:39:11","version" => "2.79"},{"date" => "2002-01-12T02:47:17","version" => "2.80"},{"date" => "2002-04-10T19:39:49","version" => "2.81"},{"date" => "2002-09-11T12:27:48","version" => "2.84"},{"date" => "2002-09-11T14:01:02","version" => "2.85"},{"date" => "2002-09-12T03:58:40","version" => "2.86"},{"date" => "2002-10-07T02:00:58","version" => "2.87"},{"date" => "2002-10-14T13:58:09","version" => "2.88"},{"date" => "2002-10-16T17:50:26","version" => "2.89"},{"date" => "2002-11-22T23:03:39","version" => 0},{"date" => "2003-02-10T20:11:57","version" => "2.90"},{"date" => "2003-02-11T14:15:15","version" => "2.91"},{"date" => "2003-04-28T00:44:10","version" => "2.92"},{"date" => "2003-04-28T13:37:43","version" => "2.93"},{"date" => "2003-06-09T12:15:29","version" => "2.94"},{"date" => "2003-06-13T02:35:42","version" => "2.95"},{"date" => "2003-06-16T18:42:38","version" => "2.96"},{"date" => "2003-06-17T23:32:52","version" => "2.97"},{"date" => "2003-07-16T17:06:29","version" => "2.98"},{"date" => "2003-08-01T14:43:54","version" => "2.99"},{"date" => "2003-08-18T17:51:48","version" => "3.00"},{"date" => "2003-12-10T17:05:47","version" => "3.01"},{"date" => "2004-01-13T16:34:47","version" => "3.03"},{"date" => "2004-01-19T12:44:30","version" => "3.04"},{"date" => "2004-04-12T20:39:57","version" => "3.05"},{"date" => "2005-03-09T21:06:46","version" => "3.06"},{"date" => "2005-03-14T16:34:03","version" => "3.07"},{"date" => "2005-04-20T15:31:11","version" => "3.08"},{"date" => "2005-05-05T20:16:55","version" => "3.09"},{"date" => "2005-05-13T21:48:46","version" => "3.10"},{"date" => "2005-08-03T21:17:14","version" => "3.11"},{"date" => "2005-12-04T16:46:53","version" => "3.12"},{"date" => "2005-12-05T13:54:26","version" => "3.13"},{"date" => "2005-12-06T22:14:19","version" => "3.14"},{"date" => "2005-12-07T20:16:49","version" => "3.15"},{"date" => "2006-02-08T18:50:56","version" => "3.16"},{"date" => "2006-02-24T19:04:58","version" => "3.17"},{"date" => "2006-04-17T13:56:06","version" => "3.19"},{"date" => "2006-04-23T14:27:55","version" => "3.20"},{"date" => "2006-08-21T19:12:36","version" => "3.21"},{"date" => "2006-08-23T15:24:41","version" => "3.22"},{"date" => "2006-08-24T11:53:26","version" => "3.23"},{"date" => "2006-09-28T17:09:45","version" => "3.25"},{"date" => "2007-02-27T15:42:54","version" => "3.27"},{"date" => "2007-03-29T15:38:01","version" => "3.28"},{"date" => "2007-04-16T17:00:18","version" => "3.29"},{"date" => "2007-11-30T19:06:19","version" => "3.31"},{"date" => "2007-12-27T18:41:32","version" => "3.32"},{"date" => "2008-01-03T15:03:17","version" => "3.33"},{"date" => "2008-03-18T16:04:41","version" => "3.34"},{"date" => "2008-03-27T14:26:48","version" => "3.35"},{"date" => "2008-04-23T13:09:44","version" => "3.37"},{"date" => "2008-06-25T14:58:32","version" => "3.38"},{"date" => "2008-07-29T15:01:52","version" => "3.39"},{"date" => "2008-08-06T18:21:51","version" => "3.40"},{"date" => "2008-08-26T13:56:27","version" => "3.41"},{"date" => "2008-09-08T14:15:41","version" => "3.42"},{"date" => "2009-04-06T18:35:19","version" => "3.43"},{"date" => "2009-07-30T16:34:17","version" => "3.44"},{"date" => "2009-08-14T13:37:12","version" => "3.45"},{"date" => "2009-09-09T15:39:42","version" => "3.46"},{"date" => "2009-09-09T20:03:01","version" => "3.47"},{"date" => "2009-09-25T15:07:03","version" => "3.48"},{"date" => "2010-02-05T16:24:53","version" => "3.49"},{"date" => "2010-11-08T21:53:26","version" => "3.50"},{"date" => "2011-01-05T18:28:41","version" => "3.51"},{"date" => "2011-01-25T04:30:05","version" => "3.52"},{"date" => "2011-04-25T23:01:21","version" => "3.53"},{"date" => "2011-04-28T14:36:41","version" => "3.54"},{"date" => "2011-06-03T15:39:16","version" => "3.55"},{"date" => "2011-11-09T02:00:20","version" => "3.56"},{"date" => "2011-11-09T15:59:18","version" => "3.57"},{"date" => "2011-11-12T03:36:07","version" => "3.58"},{"date" => "2011-12-30T13:35:35","version" => "3.59"},{"date" => "2012-08-16T03:21:13","version" => "3.60"},{"date" => "2012-11-03T02:10:42","version" => "3.61"},{"date" => "2012-11-10T01:40:50","version" => "3.62"},{"date" => "2012-11-14T23:45:29","version" => "3.63"},{"date" => "2013-11-24T01:22:00","version" => "3.64"},{"date" => "2014-02-12T03:13:58","version" => "3.65"},{"date" => "2014-05-15T12:59:58","version" => "3.65_01"},{"date" => "2014-05-16T11:43:33","version" => "3.65_02"},{"date" => "2014-05-20T12:31:46","version" => "3.65_03"},{"date" => "2014-05-22T19:58:14","version" => "4.00"},{"date" => "2014-05-27T13:13:51","version" => "4.01"},{"date" => "2014-06-09T13:55:49","version" => "4.02"},{"date" => "2014-07-02T14:53:06","version" => "4.03"},{"date" => "2014-07-28T18:30:34","version" => "4.03_01"},{"date" => "2014-07-30T14:26:40","version" => "4.03_02"},{"date" => "2014-08-13T11:40:14","version" => "4.03_03"},{"date" => "2014-09-04T14:42:14","version" => "4.04"},{"date" => "2014-09-20T16:08:55","version" => "4.04_01"},{"date" => "2014-09-28T19:57:05","version" => "4.04_02"},{"date" => "2014-09-29T09:50:07","version" => "4.04_03"},{"date" => "2014-10-06T12:01:14","version" => "4.04_04"},{"date" => "2014-10-06T12:24:10","version" => "4.04_05"},{"date" => "2014-10-08T07:42:49","version" => "4.05"},{"date" => "2014-10-10T11:35:49","version" => "4.06"},{"date" => "2014-10-12T16:29:35","version" => "4.07"},{"date" => "2014-10-18T11:00:38","version" => "4.08"},{"date" => "2014-10-21T07:33:36","version" => "4.09"},{"date" => "2014-11-25T21:06:50","version" => "4.09_01"},{"date" => "2014-11-27T12:53:51","version" => "4.10"},{"date" => "2014-11-30T12:12:26","version" => "4.10_01"},{"date" => "2014-12-03T07:25:15","version" => "4.11"},{"date" => "2014-12-18T08:35:52","version" => "4.12"},{"date" => "2014-12-18T09:21:52","version" => "4.13"},{"date" => "2015-02-12T14:19:13","version" => "4.13_01"},{"date" => "2015-02-13T08:01:29","version" => "4.13_02"},{"date" => "2015-03-01T13:28:25","version" => "4.13_03"},{"date" => "2015-03-08T16:09:21","version" => "4.13_04"},{"date" => "2015-03-25T17:55:15","version" => "4.13_05"},{"date" => "2015-04-01T06:51:57","version" => "4.14"},{"date" => "2015-04-17T14:27:39","version" => "4.14_01"},{"date" => "2015-04-20T07:15:45","version" => "4.15"},{"date" => "2015-05-29T14:48:42","version" => "4.20"},{"date" => "2015-06-22T07:50:02","version" => "4.21"},{"date" => "2015-10-16T09:46:31","version" => "4.22"},{"date" => "2015-12-20T18:33:35","version" => "4.24"},{"date" => "2015-12-21T09:29:19","version" => "4.25"},{"date" => "2016-02-04T16:37:12","version" => "4.26"},{"date" => "2016-03-02T08:03:46","version" => "4.27"},{"date" => "2016-03-14T07:21:48","version" => "4.28"},{"date" => "2016-05-22T12:23:19","version" => "4.28_01"},{"date" => "2016-05-22T12:54:23","version" => "4.28_02"},{"date" => "2016-05-23T08:25:25","version" => "4.28_03"},{"date" => "2016-06-09T12:01:20","version" => "4.29"},{"date" => "2016-06-09T12:11:54","version" => "4.30"},{"date" => "2016-06-14T07:14:00","version" => "4.31"},{"date" => "2016-07-19T07:05:46","version" => "4.32"},{"date" => "2016-09-16T09:47:49","version" => "4.33"},{"date" => "2016-10-13T11:58:55","version" => "4.34"},{"date" => "2016-10-13T13:56:21","version" => "4.35"},{"date" => "2017-03-29T08:56:26","version" => "4.35_01"},{"date" => "2017-04-06T14:42:12","version" => "4.36"},{"date" => "2017-11-01T10:17:40","version" => "4.37"},{"date" => "2017-12-01T08:41:02","version" => "4.38"},{"date" => "2018-08-13T15:57:52","version" => "4.39"},{"date" => "2018-08-15T08:39:39","version" => "4.40"},{"date" => "2019-03-26T15:58:49","version" => "4.41"},{"date" => "2019-03-26T16:33:27","version" => "4.42"},{"date" => "2019-05-01T14:28:45","version" => "4.43"},{"date" => "2019-06-03T09:00:55","version" => "4.44"},{"date" => "2020-01-13T07:03:55","version" => "4.45"},{"date" => "2020-02-03T14:49:22","version" => "4.46"},{"date" => "2020-05-01T13:01:44","version" => "4.47"},{"date" => "2020-06-02T08:22:41","version" => "4.48"},{"date" => "2020-06-08T09:46:25","version" => "4.49"},{"date" => "2020-06-22T07:35:25","version" => "4.50"},{"date" => "2020-10-05T06:14:39","version" => "4.51"},{"date" => "2021-05-04T08:02:27","version" => "4.52"},{"date" => "2021-06-03T06:45:55","version" => "4.53"},{"date" => "2022-02-03T07:52:34","version" => "4.54"},{"date" => "2023-01-03T07:45:53","version" => "4.55"},{"date" => "2023-03-03T08:51:51","version" => "4.56"},{"date" => "2023-05-02T13:16:01","version" => "4.57"},{"date" => "2023-10-02T07:08:45","version" => "4.58"},{"date" => "2023-10-02T07:14:30","version" => "4.59"},{"date" => "2023-11-01T07:57:12","version" => "4.60"},{"date" => "2024-01-08T15:17:04","version" => "4.61"},{"date" => "2024-03-01T13:46:49","version" => "4.62"},{"date" => "2024-03-06T15:20:30","version" => "4.63"},{"date" => "2024-03-18T12:10:48","version" => "4.64"},{"date" => "2024-06-04T15:15:17","version" => "4.65"},{"date" => "2024-06-19T08:59:52","version" => "4.66"},{"date" => "2025-01-08T15:27:45","version" => "4.67"},{"date" => "2025-04-01T09:38:18","version" => "4.68"},{"date" => "2025-06-11T06:21:57","version" => "4.69"},{"date" => "2025-07-07T11:59:39","version" => "4.70"},{"date" => "2025-10-01T08:09:27","version" => "4.71"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "3.15_01"}]},"CGI-Application" => {"advisories" => [{"affected_versions" => ["<4.50_51"],"cves" => ["CVE-2013-7329"],"description" => "The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.\n","distribution" => "CGI-Application","fixed_versions" => [],"id" => "CPANSA-CGI-Application-2013-7329","references" => ["https://github.com/markstos/CGI--Application/pull/15","http://openwall.com/lists/oss-security/2014/02/19/11","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129436.html","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129444.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739505","http://www.securityfocus.com/bid/65687","https://rt.cpan.org/Public/Bug/Display.html?id=84403","https://bugzilla.redhat.com/show_bug.cgi?id=1067180","https://exchange.xforce.ibmcloud.com/vulnerabilities/91735"],"reported" => "2014-10-06","severity" => undef}],"main_module" => "CGI::Application","versions" => [{"date" => "2000-07-11T04:23:51","version" => "1.0"},{"date" => "2000-07-12T15:21:41","version" => "1.1"},{"date" => "2000-07-18T21:11:44","version" => "1.2"},{"date" => "2001-05-21T12:03:59","version" => "1.3"},{"date" => "2001-05-28T18:29:06","version" => "1.31"},{"date" => "2001-06-25T03:17:50","version" => "2.0"},{"date" => "2001-08-11T22:18:28","version" => "2.1"},{"date" => "2002-05-06T03:21:57","version" => "2.2"},{"date" => "2002-05-06T11:57:30","version" => "2.3"},{"date" => "2002-05-27T01:01:18","version" => "2.4"},{"date" => "2002-07-18T11:59:16","version" => "2.5"},{"date" => "2002-10-07T13:03:27","version" => "2.6"},{"date" => "2003-02-01T13:52:45","version" => "3.0"},{"date" => "2003-06-02T13:01:50","version" => "3.1"},{"date" => "2004-02-04T03:23:56","version" => "3.2"},{"date" => "2004-02-04T15:53:56","version" => "3.2"},{"date" => "2004-02-14T01:47:53","version" => "3.22"},{"date" => "2004-09-26T19:22:20","version" => "3.30"},{"date" => "2004-09-26T19:35:26","version" => "3.31"},{"date" => "2005-03-19T14:42:14","version" => "4.0_2"},{"date" => "2005-06-07T03:25:55","version" => "4.0_4"},{"date" => "2005-06-11T04:00:57","version" => "4.0"},{"date" => "2005-06-13T19:15:12","version" => "4.01_01"},{"date" => "2005-06-14T14:37:30","version" => "4.01"},{"date" => "2005-07-24T19:08:18","version" => "4.02_1"},{"date" => "2005-07-31T03:11:25","version" => "4.02"},{"date" => "2005-08-04T23:45:52","version" => "4.03"},{"date" => "2005-09-01T02:54:00","version" => "4.04_01"},{"date" => "2005-09-09T01:12:21","version" => "4.04_02"},{"date" => "2005-10-12T02:12:18","version" => "4.04"},{"date" => "2006-03-02T01:58:41","version" => "4.05"},{"date" => "2006-04-13T02:34:40","version" => "4.06"},{"date" => "2006-07-02T05:05:34","version" => "4.07_01"},{"date" => "2007-10-31T23:34:31","version" => "4.07_02"},{"date" => "2008-06-16T20:09:18","version" => "4.07_03"},{"date" => "2008-06-18T03:30:33","version" => "4.10"},{"date" => "2008-08-10T15:36:00","version" => "4.11"},{"date" => "2008-09-27T04:18:05","version" => "4.11"},{"date" => "2008-11-02T00:43:18","version" => "4.11"},{"date" => "2009-01-03T16:13:59","version" => "4.21"},{"date" => "2009-07-30T01:35:48","version" => "4.30"},{"date" => "2009-07-30T01:42:34","version" => "4.31"},{"date" => "2010-02-14T00:33:00","version" => "4.32_1"},{"date" => "2011-06-16T17:07:16","version" => "4.50"},{"date" => "2015-01-23T12:19:21","version" => "4.50_50"},{"date" => "2015-07-18T12:57:01","version" => "4.50_51"},{"date" => "2018-02-28T13:57:05","version" => "4.60"},{"date" => "2018-03-01T13:29:17","version" => "4.60_1"},{"date" => "2018-03-02T09:20:24","version" => "4.61"}]},"CGI-Application-Dispatch" => {"advisories" => [{"affected_versions" => ["<1.02"],"cves" => [],"description" => "Untainted module names.\n","distribution" => "CGI-Application-Dispatch","fixed_versions" => [">=1.02"],"id" => "CPANSA-CGI-Application-Dispatch-2005-001","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Dispatch"],"reported" => "2005-01-20"}],"main_module" => "CGI::Application::Dispatch","versions" => [{"date" => "2004-09-13T01:35:58","version" => "0.01"},{"date" => "2004-10-19T18:26:01","version" => "0.02"},{"date" => "2004-10-29T16:53:40","version" => "0.03"},{"date" => "2005-01-06T15:34:49","version" => "1.00"},{"date" => "2005-01-08T12:42:00","version" => "1.01"},{"date" => "2005-01-20T14:43:28","version" => "1.02"},{"date" => "2005-03-04T16:28:16","version" => "1.03"},{"date" => "2005-07-12T21:44:54","version" => "1.04"},{"date" => "2006-01-12T15:56:53","version" => "2.00_02"},{"date" => "2006-02-06T15:50:52","version" => "2.00_03"},{"date" => "2006-02-14T15:41:25","version" => "2.00_04"},{"date" => "2006-04-12T14:18:22","version" => "2.00_05"},{"date" => "2006-06-27T04:29:04","version" => "2.00_06"},{"date" => "2006-07-03T15:52:12","version" => "2.00"},{"date" => "2006-08-14T14:14:10","version" => "2.01"},{"date" => "2006-08-17T14:57:55","version" => "2.02"},{"date" => "2006-09-30T02:13:40","version" => "2.03"},{"date" => "2007-01-03T18:12:57","version" => "2.10_01"},{"date" => "2007-01-11T18:55:41","version" => "2.10_02"},{"date" => "2007-01-15T14:08:30","version" => "2.10"},{"date" => "2007-12-28T20:23:49","version" => "2.11"},{"date" => "2007-12-31T20:43:51","version" => "2.12_01"},{"date" => "2008-01-03T14:39:57","version" => "2.12"},{"date" => "2008-03-08T18:33:34","version" => "2.13_01"},{"date" => "2008-03-11T16:41:27","version" => "2.13_02"},{"date" => "2008-09-17T00:44:02","version" => "2.13"},{"date" => "2008-11-03T01:33:21","version" => "2.14"},{"date" => "2008-12-04T16:00:05","version" => "2.15"},{"date" => "2009-03-24T02:03:51","version" => "2.16"},{"date" => "2009-12-30T19:06:27","version" => "2.17"},{"date" => "2011-01-05T03:42:59","version" => "2.18"},{"date" => "2011-06-16T17:42:14","version" => "3.00"},{"date" => "2011-06-24T02:53:20","version" => "3.01"},{"date" => "2011-06-24T22:33:01","version" => "3.02"},{"date" => "2011-06-26T03:52:14","version" => "3.03"},{"date" => "2011-06-29T13:45:53","version" => "3.04"},{"date" => "2011-09-07T22:21:15","version" => "3.05"},{"date" => "2011-09-09T15:29:58","version" => "3.06"},{"date" => "2011-09-09T17:32:11","version" => "3.07"},{"date" => "2012-09-03T04:04:19","version" => "3.10"},{"date" => "2012-09-14T01:02:58","version" => "3.11"},{"date" => "2012-09-14T01:19:52","version" => "3.12"}]},"CGI-Application-Plugin-AutoRunmode" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "Non-word characters are allowed in runmode name.\n","distribution" => "CGI-Application-Plugin-AutoRunmode","fixed_versions" => [">=0.04"],"id" => "CPANSA-CGI-Application-Plugin-AutoRunmode-2005-01","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Plugin-AutoRunmode"],"reported" => "2005-03-04"}],"main_module" => "CGI::Application::Plugin::AutoRunmode","versions" => [{"date" => "2005-03-04T06:59:51","version" => "0.04"},{"date" => "2005-03-10T07:22:55","version" => "0.05"},{"date" => "2005-06-15T10:20:17","version" => "0.06"},{"date" => "2005-06-18T02:09:08","version" => "0.07"},{"date" => "2005-07-17T00:49:10","version" => "0.08"},{"date" => "2005-09-22T12:31:22","version" => "0.09"},{"date" => "2005-10-16T00:17:47","version" => "0.10"},{"date" => "2005-10-18T13:23:50","version" => "0.11"},{"date" => "2005-11-03T01:10:37","version" => "0.12"},{"date" => "2006-04-08T07:18:44","version" => "0.13"},{"date" => "2006-05-21T05:04:48","version" => "0.14"},{"date" => "2006-12-17T07:46:24","version" => "0.15"},{"date" => "2009-02-14T09:16:39","version" => "0.16"},{"date" => "2010-05-21T04:24:45","version" => "0.17"},{"date" => "2011-02-18T09:23:15","version" => "0.18"}]},"CGI-Application-Plugin-CAPTCHA" => {"advisories" => [{"affected_versions" => ["<0.02"],"cves" => [],"description" => "A malicious programmer creating an application to use the service can just have his application send along a cookie that he has created himself, and with that supply an appropriate verification string for his cookie. To avoid that you need to include som kind of hidden server-side password in the string being encrypted, and also include it when you verify.\n","distribution" => "CGI-Application-Plugin-CAPTCHA","fixed_versions" => [">=0.02"],"id" => "CPANSA-CGI-Application-Plugin-CAPTCHA-2024-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=30759","https://metacpan.org/release/CROMEDOME/CGI-Application-Plugin-CAPTCHA-0.02/changes","https://github.com/cromedome/cgi-application-plugin-captcha/commit/9acb5b6561a9983787ad85f55b01c69a895014e6"],"reported" => undef,"severity" => undef}],"main_module" => "CGI::Application::Plugin::CAPTCHA","versions" => [{"date" => "2005-08-28T18:31:21","version" => "0.01"},{"date" => "2011-01-05T05:07:55","version" => "0.02"},{"date" => "2011-01-05T05:10:54","version" => "0.03"},{"date" => "2011-01-06T14:08:56","version" => "0.04"}]},"CGI-Application-Plugin-RunmodeDeclare" => {"advisories" => [{"affected_versions" => ["<0.03"],"cves" => [],"description" => "Wrong order of arguments.\n","distribution" => "CGI-Application-Plugin-RunmodeDeclare","fixed_versions" => [">=0.03"],"id" => "CPANSA-CGI-Application-Plugin-RunmodeDeclare-2008-01","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Plugin-RunmodeDeclare"],"reported" => "2008-10-20"}],"main_module" => "CGI::Application::Plugin::RunmodeDeclare","versions" => [{"date" => "2008-09-26T19:59:14","version" => "0.01"},{"date" => "2008-09-26T21:37:11","version" => "0.02"},{"date" => "2008-10-19T23:22:06","version" => "0.03"},{"date" => "2008-10-23T14:18:23","version" => "0.03_01"},{"date" => "2008-10-24T13:32:43","version" => "0.03_02"},{"date" => "2008-10-24T16:20:27","version" => "0.03_03"},{"date" => "2008-10-25T10:54:25","version" => "0.04"},{"date" => "2008-10-25T11:46:28","version" => "0.05"},{"date" => "2008-10-25T16:39:34","version" => "0.06"},{"date" => "2009-01-10T02:32:39","version" => "0.07"},{"date" => "2009-05-17T22:29:18","version" => "0.08"},{"date" => "2010-01-07T13:24:09","version" => "0.09"},{"date" => "2012-02-10T00:53:54","version" => "0.10"}]},"CGI-Auth-Basic" => {"advisories" => [{"affected_versions" => ["<1.11"],"cves" => [],"description" => "TBD\n","distribution" => "CGI-Auth-Basic","fixed_versions" => [">=1.11"],"id" => "CPANSA-CGI-Auth-Basic-2007-01","references" => ["https://metacpan.org/changes/distribution/CGI-Auth-Basic"],"reported" => "2007-12-30"}],"main_module" => "CGI::Auth::Basic","versions" => [{"date" => "2004-02-21T14:58:09","version" => "1.0"},{"date" => "2004-08-31T13:29:28","version" => "1.01"},{"date" => "2004-11-07T03:34:32","version" => "1.02"},{"date" => "2006-06-18T01:12:15","version" => "1.10"},{"date" => "2007-12-30T20:53:33","version" => "1.11"},{"date" => "2009-04-18T04:22:51","version" => "1.20"},{"date" => "2009-04-23T17:00:50","version" => "1.21"},{"date" => "2009-04-24T15:07:48","version" => "1.21"},{"date" => "2012-08-27T01:50:53","version" => "1.22"},{"date" => "2015-01-21T00:26:01","version" => "1.23"},{"date" => "2018-12-23T21:03:03","version" => "1.24"}]},"CGI-Session" => {"advisories" => [{"affected_versions" => ["<4.10"],"cves" => ["CVE-2006-1279"],"description" => "CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite.\n","distribution" => "CGI-Session","fixed_versions" => [],"id" => "CPANSA-CGI-Session-2006-1279","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555","http://secunia.com/advisories/19211","http://www.securityfocus.com/bid/17177","http://www.osvdb.org/23865","http://www.vupen.com/english/advisories/2006/0946","https://exchange.xforce.ibmcloud.com/vulnerabilities/25285"],"reported" => "2006-03-19","severity" => undef},{"affected_versions" => ["<4.12"],"cves" => [],"description" => "possible SQL injection attack\n","distribution" => "CGI-Session","fixed_versions" => [">=4.12"],"id" => "CPANSA-CGI-Session-2006-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=18578"],"reported" => "2006-04-06","severity" => undef}],"main_module" => "CGI::Session","versions" => [{"date" => "2001-10-30T08:59:10","version" => "0.01"},{"date" => "2002-05-10T12:04:15","version" => "2.0"},{"date" => "2002-05-10T17:38:46","version" => "2.1"},{"date" => "2002-05-14T18:21:39","version" => "2.2"},{"date" => "2002-05-17T18:02:23","version" => "2.4"},{"date" => "2002-05-27T09:52:46","version" => "2.7"},{"date" => "2002-06-06T08:08:21","version" => "2.9"},{"date" => "2002-06-06T08:36:26","version" => "2.91"},{"date" => "2002-06-18T18:15:57","version" => "2.92"},{"date" => "2002-08-26T08:23:54","version" => "2.94"},{"date" => "2002-11-27T07:20:47","version" => "3.1"},{"date" => "2002-11-27T12:27:59","version" => "3.2"},{"date" => "2002-11-28T03:19:31","version" => "v3.2.2.1"},{"date" => "2002-11-28T03:26:41","version" => "3.3"},{"date" => "2002-11-28T03:44:39","version" => "3.4"},{"date" => "2002-11-28T06:55:29","version" => "3.5"},{"date" => "2002-11-28T17:12:32","version" => "3.6"},{"date" => "2002-11-29T21:29:53","version" => "3.7"},{"date" => "2002-12-03T16:26:55","version" => "3.8"},{"date" => "2002-12-04T07:37:02","version" => "3.9"},{"date" => "2002-12-09T09:02:18","version" => "3.10"},{"date" => "2002-12-09T20:09:24","version" => "3.11"},{"date" => "2003-03-09T11:26:21","version" => "3.91"},{"date" => "2003-03-10T02:42:16","version" => "3.92"},{"date" => "2003-03-14T13:21:20","version" => "3.93"},{"date" => "2003-05-02T20:12:40","version" => "3.94"},{"date" => "2003-07-26T13:51:31","version" => "3.95"},{"date" => "2005-02-09T08:35:23","version" => "4.00_01"},{"date" => "2005-02-09T09:54:17","version" => "4.00_02"},{"date" => "2005-02-11T08:23:00","version" => "4.00_03"},{"date" => "2005-02-17T03:24:21","version" => "4.00_04"},{"date" => "2005-02-22T17:56:43","version" => "4.00_05"},{"date" => "2005-02-24T18:46:45","version" => "4.00_06"},{"date" => "2005-03-13T19:18:37","version" => "4.00_07"},{"date" => "2005-03-15T16:48:17","version" => "4.00_08"},{"date" => "2005-07-22T02:00:21","version" => "4.00_09"},{"date" => "2005-09-01T05:57:49","version" => "4.00"},{"date" => "2005-09-01T16:25:46","version" => "4.01"},{"date" => "2005-09-02T15:51:20","version" => "4.02"},{"date" => "2005-09-24T02:12:22","version" => "4.02_01"},{"date" => "2005-10-05T23:22:54","version" => "4.03"},{"date" => "2006-03-02T03:00:28","version" => "4.04"},{"date" => "2006-03-04T00:08:26","version" => "4.05"},{"date" => "2006-03-09T03:13:06","version" => "4.06"},{"date" => "2006-03-09T12:09:28","version" => "4.07"},{"date" => "2006-03-16T02:38:25","version" => "4.08"},{"date" => "2006-03-17T04:08:57","version" => "4.09"},{"date" => "2006-03-28T07:00:52","version" => "4.10"},{"date" => "2006-04-03T19:33:30","version" => "4.11"},{"date" => "2006-04-07T14:34:06","version" => "4.12"},{"date" => "2006-04-12T17:05:18","version" => "4.13"},{"date" => "2006-06-11T11:36:57","version" => "4.14"},{"date" => "2006-11-24T14:10:38","version" => "4.20_1"},{"date" => "2006-12-05T02:08:37","version" => "4.20"},{"date" => "2008-03-22T02:42:57","version" => "4.29_1"},{"date" => "2008-03-28T01:45:56","version" => "4.29_2"},{"date" => "2008-04-26T01:31:34","version" => "4.30"},{"date" => "2008-06-16T14:44:06","version" => "4.31"},{"date" => "2008-06-17T21:35:03","version" => "4.32"},{"date" => "2008-07-08T01:27:59","version" => "4.33"},{"date" => "2008-07-13T02:39:59","version" => "4.34"},{"date" => "2008-07-16T00:36:46","version" => "4.35"},{"date" => "2008-09-13T15:45:06","version" => "4.36"},{"date" => "2008-10-23T02:57:30","version" => "4.37"},{"date" => "2008-11-01T03:47:46","version" => "4.38"},{"date" => "2008-12-16T01:22:42","version" => "4.39"},{"date" => "2009-01-03T01:18:15","version" => "4.40"},{"date" => "2009-03-21T02:01:09","version" => "4.41"},{"date" => "2009-08-26T13:38:39","version" => "4.42"},{"date" => "2010-12-12T00:32:27","version" => "4.43"},{"date" => "2011-06-06T20:48:07","version" => "4.44"},{"date" => "2011-07-02T01:33:33","version" => "4.45"},{"date" => "2011-07-08T14:34:42","version" => "4.46"},{"date" => "2011-07-08T19:31:44","version" => "4.47"},{"date" => "2011-07-11T13:02:37","version" => "4.48"},{"date" => "2021-02-08T07:00:20","version" => "4.49"}]},"CGI-Simple" => {"advisories" => [{"affected_versions" => ["<1.113"],"cves" => ["CVE-2010-4410"],"description" => "Newlines in headers, which could lead to header injection attacks.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-02","references" => ["https://metacpan.org/changes/distribution/CGI-Simple"],"reported" => "2010-12-27"},{"affected_versions" => ["<1.113"],"cves" => [],"description" => "Non-random multipart boundary.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-01","references" => ["https://metacpan.org/changes/distribution/CGI-Simple"],"reported" => "2010-12-27"},{"affected_versions" => ["<=1.112"],"cves" => ["CVE-2010-2761"],"description" => "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-2761","references" => ["https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380","http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes","http://openwall.com/lists/oss-security/2010/12/01/1","http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html","http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm","http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1","http://openwall.com/lists/oss-security/2010/12/01/2","http://openwall.com/lists/oss-security/2010/12/01/3","https://bugzilla.mozilla.org/show_bug.cgi?id=600464","http://osvdb.org/69588","http://osvdb.org/69589","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:237","http://www.vupen.com/english/advisories/2011/0076","http://www.mandriva.com/security/advisories?name=MDVSA-2010:250","http://secunia.com/advisories/42877","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html","http://secunia.com/advisories/43147","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html","http://www.vupen.com/english/advisories/2011/0249","http://www.vupen.com/english/advisories/2011/0271","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://www.vupen.com/english/advisories/2011/0212","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://secunia.com/advisories/43068","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2010-12-06","severity" => undef},{"affected_versions" => ["<=1.282"],"cves" => ["CVE-2025-40927"],"description" => "CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting\x{a0}flaw in CGI::Simple\x{a0}that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions.  Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters.    As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks.  The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete.  Impact  By injecting %0A\x{a0}(newline) into a query string parameter, an attacker can:    *  Break the current HTTP header   *  Inject a new header or entire body   *  Deliver a script payload that is reflected in the server\x{2019}s response That can lead to the following attacks:    *  reflected XSS   *  open redirect   *  cache poisoning   *  header manipulation","distribution" => "CGI-Simple","fixed_versions" => [">=1.282"],"id" => "CPANSA-CGI-Simple-2025-40927","references" => ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2320","https://datatracker.ietf.org/doc/html/rfc7230#section-3","https://metacpan.org/release/MANWAR/CGI-Simple-1.281/diff/MANWAR/CGI-Simple-1.282/lib/CGI/Simple.pm","https://metacpan.org/release/MANWAR/CGI-Simple-1.281/source/lib/CGI/Simple.pm#L1031-1035","https://owasp.org/www-community/attacks/HTTP_Response_Splitting","https://rt.perl.org/Public/Bug/Display.html?id=21951"],"reported" => "2025-08-29","severity" => undef}],"main_module" => "CGI::Simple","versions" => [{"date" => "2007-01-09T22:31:27","version" => "0.078"},{"date" => "2007-02-23T16:22:19","version" => "0.079"},{"date" => "2007-03-30T20:15:35","version" => "0.080"},{"date" => "2007-05-20T19:19:40","version" => "0.081"},{"date" => "2007-05-22T18:43:01","version" => "0.082"},{"date" => "2007-05-22T18:54:06","version" => "0.83"},{"date" => "2007-05-24T03:15:01","version" => "1.0"},{"date" => "2007-07-13T18:58:16","version" => "1.1"},{"date" => "2007-07-31T01:57:01","version" => "1.1.1"},{"date" => "2007-07-31T02:04:25","version" => "1.1.2"},{"date" => "2007-07-31T02:10:47","version" => "1.103"},{"date" => "2008-05-13T15:46:18","version" => "1.104"},{"date" => "2008-05-16T14:37:31","version" => "1.105"},{"date" => "2008-09-14T13:29:51","version" => "1.106"},{"date" => "2009-03-07T21:24:59","version" => "1.107"},{"date" => "2009-03-13T14:06:24","version" => "1.108"},{"date" => "2009-04-16T17:54:13","version" => "1.109"},{"date" => "2009-05-24T21:25:22","version" => "1.110"},{"date" => "2009-05-28T18:02:08","version" => "1.111"},{"date" => "2009-05-31T10:43:56","version" => "1.112"},{"date" => "2010-12-27T13:11:56","version" => "1.113"},{"date" => "2014-10-19T12:53:24","version" => "1.115"},{"date" => "2018-03-01T15:09:42","version" => "1.13"},{"date" => "2018-03-03T10:42:06","version" => "1.14"},{"date" => "2018-03-04T03:42:20","version" => "1.15"},{"date" => "2018-07-25T15:17:39","version" => "1.16"},{"date" => "2018-10-02T09:48:08","version" => "1.17"},{"date" => "2018-10-03T14:21:12","version" => "1.18"},{"date" => "2018-10-04T12:05:58","version" => "1.19"},{"date" => "2018-10-05T11:30:05","version" => "1.20"},{"date" => "2018-10-06T07:21:31","version" => "1.21"},{"date" => "2019-09-07T04:28:17","version" => "1.22"},{"date" => "2020-02-06T06:12:09","version" => "1.23"},{"date" => "2020-02-07T11:11:56","version" => "1.24"},{"date" => "2020-02-10T13:00:54","version" => "1.25"},{"date" => "2022-01-02T18:00:56","version" => "1.26"},{"date" => "2022-01-06T16:00:18","version" => "1.27"},{"date" => "2022-01-11T15:16:20","version" => "1.280"},{"date" => "2024-01-31T14:19:02","version" => "1.281"},{"date" => "2025-08-28T19:12:51","version" => "1.282"}]},"CGI-apacheSSI" => {"advisories" => [{"affected_versions" => ["<0.95"],"cves" => [],"description" => "Security and parsing problems with \"include\" calls.\n","distribution" => "CGI-apacheSSI","fixed_versions" => [">=0.95"],"id" => "CPANSA-CGI-apacheSSI-2016-01","references" => ["https://metacpan.org/changes/distribution/CGI-apacheSSI"],"reported" => "2016-01-31"}],"main_module" => "CGI::apacheSSI","versions" => [{"date" => "2014-08-20T22:55:20","version" => "0.93"},{"date" => "2016-01-30T12:57:47","version" => "0.94"},{"date" => "2016-01-31T22:48:55","version" => "0.95"},{"date" => "2016-02-01T00:36:49","version" => "0.96"}]},"CPAN" => {"advisories" => [{"affected_versions" => ["<2.35"],"cves" => ["CVE-2023-31484"],"description" => "The verify_SSL flag is missing from HTTP::Tiny, and allows a network attacker to MITM the connection if it is used by the CPAN client\n","distribution" => "CPAN","fixed_versions" => [">=2.35"],"id" => "CPANSA-CPAN-2023-31484","previous_id" => ["CPANSA-CPAN-2023-01"],"references" => ["https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0","https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://github.com/andk/cpanpm/pull/175","https://www.openwall.com/lists/oss-security/2023/04/18/14"],"reported" => "2023-02-28"},{"affected_versions" => ["<1.93"],"cves" => [],"description" => "Archive::Tar preserves permissions in the tarball; extracted file permissions will be set from users umask instead.\n","distribution" => "CPAN","fixed_versions" => [">=1.93"],"id" => "CPANSA-CPAN-2009-01","references" => ["https://github.com/andk/cpanpm/commit/079fa2e7ee77d626eab8bb06d0465c6a05f6c8b6","https://rt.cpan.org/Ticket/Display.html?id=46384"],"reported" => "2009-09-23"},{"affected_versions" => ["<2.28"],"cves" => ["CVE-2020-16156"],"description" => "CPAN 2.28 allows Signature Verification Bypass.","distribution" => "CPAN","fixed_versions" => [">=2.29"],"id" => "CPANSA-CPAN-2020-16156","references" => ["https://metacpan.org/pod/distribution/CPAN/scripts/cpan","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/"],"reported" => "2021-12-13","severity" => "high"}],"main_module" => "CPAN","versions" => [{"date" => "1996-09-10T17:13:59","version" => "0.17"},{"date" => "1996-09-10T20:51:00","version" => "0.20"},{"date" => "1996-09-12T05:53:35","version" => "0.26"},{"date" => "1996-09-12T14:01:39","version" => "0.27"},{"date" => "1996-09-16T20:18:59","version" => "0.28"},{"date" => "1996-09-17T17:14:51","version" => "0.29"},{"date" => "1996-09-19T05:24:17","version" => "0.30"},{"date" => "1996-09-20T10:40:01","version" => "0.31"},{"date" => "1996-09-22T19:30:33","version" => "0.35"},{"date" => "1996-09-23T12:55:23","version" => "0.36"},{"date" => "1996-09-23T14:05:44","version" => "0.37"},{"date" => "1996-09-27T12:52:07","version" => "0.39"},{"date" => "1996-09-28T20:51:31","version" => "0.40"},{"date" => "1996-10-01T21:14:27","version" => "0.41"},{"date" => "1996-11-17T07:56:02","version" => "0.42"},{"date" => "1996-11-17T14:51:59","version" => "0.43"},{"date" => "1996-11-30T17:04:28","version" => "0.44"},{"date" => "1996-12-01T12:19:19","version" => "0.45"},{"date" => "1996-12-01T18:24:17","version" => "0.46"},{"date" => "1996-12-10T00:58:25","version" => "1.00"},{"date" => "1996-12-10T10:17:15","version" => "1.01"},{"date" => "1996-12-11T01:31:55","version" => "1.02"},{"date" => "1996-12-21T03:10:23","version" => "1.03"},{"date" => "1996-12-21T20:08:49","version" => "1.04"},{"date" => "1996-12-22T13:04:58","version" => "1.05"},{"date" => "1996-12-22T14:16:08","version" => "1.06"},{"date" => "1996-12-23T04:05:01","version" => "1.07"},{"date" => "1996-12-23T13:18:01","version" => "1.08"},{"date" => "1996-12-24T00:46:19","version" => "1.09"},{"date" => "1997-01-17T02:29:49","version" => "1.09_01"},{"date" => "1997-01-21T01:06:40","version" => "1.10"},{"date" => "1997-01-22T18:50:00","version" => "1.11"},{"date" => "1997-01-23T00:07:58","version" => "1.12"},{"date" => "1997-01-24T01:07:44","version" => "1.14"},{"date" => "1997-01-24T12:32:12","version" => "1.15"},{"date" => "1997-02-02T13:51:48","version" => "1.16_01"},{"date" => "1997-02-02T21:05:12","version" => "1.17"},{"date" => "1997-02-03T00:38:36","version" => "1.18"},{"date" => "1997-02-03T09:13:48","version" => "1.19"},{"date" => "1997-02-05T09:38:00","version" => "1.20"},{"date" => "1997-02-11T06:32:42","version" => "1.21"},{"date" => "1997-03-13T23:14:59","version" => "1.22_01"},{"date" => "1997-03-31T12:03:55","version" => "1.23"},{"date" => "1997-03-31T22:47:11","version" => "1.24"},{"date" => "1997-06-30T18:13:23","version" => "1.25"},{"date" => "1997-07-28T13:58:09","version" => "1.27"},{"date" => "1997-08-04T06:09:33","version" => "1.28"},{"date" => "1997-08-11T23:33:58","version" => "1.29"},{"date" => "1997-08-29T14:34:37","version" => "1.30"},{"date" => "1997-09-21T08:53:03","version" => "1.31"},{"date" => "1997-09-23T18:45:50","version" => "1.3101"},{"date" => "1998-01-02T18:22:35","version" => "1.32"},{"date" => "1998-01-10T18:24:23","version" => "1.33"},{"date" => "1998-02-03T18:06:41","version" => "1.35"},{"date" => "1998-02-08T08:55:55","version" => "1.36"},{"date" => "1998-06-12T06:51:25","version" => "1.37"},{"date" => "1998-06-14T20:18:08","version" => "1.38"},{"date" => "1998-07-24T20:13:41","version" => "1.40"},{"date" => "1998-12-01T02:20:32","version" => "1.41"},{"date" => "1998-12-01T07:58:35","version" => "1.42"},{"date" => "1998-12-01T22:16:27","version" => "1.43"},{"date" => "1998-12-03T17:07:54","version" => "1.43"},{"date" => "1999-01-09T18:38:33","version" => "1.44"},{"date" => "1999-01-10T19:38:27","version" => "1.44_51"},{"date" => "1999-01-13T12:15:42","version" => "1.44_52"},{"date" => "1999-01-15T09:26:40","version" => "1.44_53"},{"date" => "1999-01-15T09:27:45","version" => "1.44_54"},{"date" => "1999-01-23T14:56:16","version" => "1.45"},{"date" => "1999-01-25T01:43:42","version" => "1.46"},{"date" => "1999-01-25T13:11:23","version" => "1.47"},{"date" => "1999-03-06T19:34:54","version" => "1.48"},{"date" => "1999-05-22T16:45:00","version" => "1.49"},{"date" => "1999-05-23T14:32:20","version" => "1.50"},{"date" => "1999-10-23T03:06:39","version" => "1.50_01"},{"date" => "1999-12-29T22:30:22","version" => "1.51"},{"date" => "2000-01-08T15:32:55","version" => "1.52"},{"date" => "2000-03-23T23:39:41","version" => "1.53"},{"date" => "2000-03-25T22:51:15","version" => "1.54"},{"date" => "2000-07-30T11:15:04","version" => "1.55"},{"date" => "2000-08-01T20:47:09","version" => "1.56"},{"date" => "2000-08-16T12:54:07","version" => "1.57"},{"date" => "2000-08-21T19:44:18","version" => "1.57_51"},{"date" => "2000-08-27T22:09:36","version" => "1.57_53"},{"date" => "2000-08-30T16:54:50","version" => "1.57_54"},{"date" => "2000-08-31T08:11:01","version" => "1.57_55"},{"date" => "2000-08-31T22:16:21","version" => "1.57_56"},{"date" => "2000-09-01T12:18:43","version" => "1.57_57"},{"date" => "2000-09-03T22:19:20","version" => "1.57_58"},{"date" => "2000-09-05T09:44:05","version" => "1.57_59"},{"date" => "2000-09-05T19:55:34","version" => "1.57_60"},{"date" => "2000-09-06T10:54:07","version" => "1.57_61"},{"date" => "2000-09-08T02:19:06","version" => "1.57_62"},{"date" => "2000-09-10T08:54:37","version" => "1.57_65"},{"date" => "2000-09-12T08:46:40","version" => "1.57_66"},{"date" => "2000-09-17T10:24:31","version" => "1.57_67"},{"date" => "2000-10-08T14:25:04","version" => "1.57_68"},{"date" => "2000-10-18T14:53:45","version" => "1.58"},{"date" => "2000-10-21T14:21:06","version" => "1.58_51"},{"date" => "2000-10-25T07:05:38","version" => "1.58_52"},{"date" => "2000-10-26T11:03:29","version" => "1.58_53"},{"date" => "2000-10-26T15:34:21","version" => "1.58_54"},{"date" => "2000-10-27T07:59:03","version" => "1.58_55"},{"date" => "2000-11-04T09:36:53","version" => "1.58_56"},{"date" => "2000-11-06T19:30:27","version" => "1.58_57"},{"date" => "2000-11-08T08:10:51","version" => "1.58_90"},{"date" => "2000-11-13T10:26:38","version" => "1.58_91"},{"date" => "2000-11-14T18:24:18","version" => "1.58_92"},{"date" => "2000-11-15T07:19:56","version" => "1.58_93"},{"date" => "2000-12-01T06:05:58","version" => "1.59"},{"date" => "2000-12-01T08:19:58","version" => "1.59_51"},{"date" => "2000-12-26T13:54:06","version" => "1.59_52"},{"date" => "2001-01-02T16:37:24","version" => "1.59_53"},{"date" => "2001-02-09T21:44:55","version" => "1.59_54"},{"date" => "2002-04-19T13:29:54","version" => "1.60"},{"date" => "2002-04-20T02:18:41","version" => "1.60"},{"date" => "2002-04-21T11:31:25","version" => "1.60"},{"date" => "2002-05-07T10:38:54","version" => "1.61"},{"date" => "2002-07-28T10:51:47","version" => "1.62"},{"date" => "2002-08-30T08:58:10","version" => "1.63"},{"date" => "2003-02-06T10:04:06","version" => "1.64"},{"date" => "2003-02-08T17:10:13","version" => "1.65"},{"date" => "2003-03-04T19:38:21","version" => "1.70"},{"date" => "2003-04-11T04:33:18","version" => "1.70_52"},{"date" => "2003-04-13T12:43:40","version" => "1.70_53"},{"date" => "2003-05-15T21:04:52","version" => "1.70_54"},{"date" => "2003-07-04T09:48:08","version" => "1.71"},{"date" => "2003-07-27T20:35:05","version" => "1.72"},{"date" => "2003-07-28T08:21:47","version" => "1.73"},{"date" => "2003-07-28T22:58:08","version" => "1.74"},{"date" => "2003-07-29T15:14:13","version" => "1.75"},{"date" => "2003-07-31T15:14:02","version" => "1.76"},{"date" => "2003-09-21T21:25:41","version" => "1.76_01"},{"date" => "2005-09-19T06:37:38","version" => "1.76_51"},{"date" => "2005-09-22T07:02:02","version" => "1.76_52"},{"date" => "2005-09-22T07:09:48","version" => "1.76_53"},{"date" => "2005-10-01T08:23:38","version" => "1.76_54"},{"date" => "2005-10-19T06:10:58","version" => "1.76_55"},{"date" => "2005-10-21T04:59:36","version" => "1.76_56"},{"date" => "2005-10-27T07:08:29","version" => "1.76_57"},{"date" => "2005-11-02T04:03:28","version" => "1.76_58"},{"date" => "2005-11-03T06:37:52","version" => "1.76_59"},{"date" => "2005-11-03T07:38:40","version" => "1.76_60"},{"date" => "2005-11-06T10:36:53","version" => "1.76_61"},{"date" => "2005-11-07T04:22:19","version" => "1.76_62"},{"date" => "2005-11-07T04:47:05","version" => "1.76_63"},{"date" => "2005-11-07T21:58:06","version" => "1.76_64"},{"date" => "2005-11-07T22:18:44","version" => "1.76_65"},{"date" => "2005-12-03T10:12:08","version" => "1.80"},{"date" => "2005-12-18T11:29:26","version" => "1.80_51"},{"date" => "2005-12-21T12:13:15","version" => "1.80_53"},{"date" => "2005-12-22T08:42:59","version" => "1.80_54"},{"date" => "2005-12-24T07:25:34","version" => "1.80_55"},{"date" => "2005-12-24T09:59:47","version" => "1.80_56"},{"date" => "2005-12-31T11:58:10","version" => "1.80_57"},{"date" => "2006-01-01T09:01:43","version" => "1.80_58"},{"date" => "2006-01-02T23:15:15","version" => "1.81"},{"date" => "2006-01-04T07:47:25","version" => "1.82"},{"date" => "2006-01-05T08:03:36","version" => "1.83"},{"date" => "2006-01-08T13:35:16","version" => "1.83_51"},{"date" => "2006-01-10T05:00:26","version" => "1.83_52"},{"date" => "2006-01-12T07:54:36","version" => "1.83_53"},{"date" => "2006-01-13T08:20:42","version" => "1.83_54"},{"date" => "2006-01-14T11:34:47","version" => "1.83_55"},{"date" => "2006-01-18T06:03:44","version" => "1.83_56"},{"date" => "2006-01-19T08:00:02","version" => "1.83_57"},{"date" => "2006-01-22T12:05:01","version" => "1.83_58"},{"date" => "2006-01-25T13:10:20","version" => "1.83_59"},{"date" => "2006-01-30T10:35:47","version" => "1.83_60"},{"date" => "2006-01-30T23:18:09","version" => "1.83_61"},{"date" => "2006-01-31T10:28:57","version" => "1.83_62"},{"date" => "2006-02-01T07:49:36","version" => "1.83_63"},{"date" => "2006-02-02T09:17:39","version" => "1.83_64"},{"date" => "2006-02-04T11:20:05","version" => "1.83_65"},{"date" => "2006-02-04T17:05:00","version" => "1.83_66"},{"date" => "2006-02-06T00:46:27","version" => "1.83_67"},{"date" => "2006-02-08T07:43:36","version" => "1.83_68"},{"date" => "2006-02-14T08:17:55","version" => "1.83_69"},{"date" => "2006-02-15T07:01:02","version" => "1.84"},{"date" => "2006-02-19T17:05:36","version" => "1.85"},{"date" => "2006-02-20T08:36:51","version" => "1.86"},{"date" => "2006-02-21T06:05:05","version" => "1.86_51"},{"date" => "2006-02-22T22:29:54","version" => "1.86_52"},{"date" => "2006-02-24T08:24:09","version" => "1.86_53"},{"date" => "2006-02-27T07:01:10","version" => "1.87"},{"date" => "2006-03-06T08:02:28","version" => "1.87_51"},{"date" => "2006-07-21T22:33:11","version" => "1.87_52"},{"date" => "2006-07-22T18:55:13","version" => "1.87_53"},{"date" => "2006-07-23T21:37:11","version" => "1.87_54"},{"date" => "2006-07-29T19:36:50","version" => "1.87_55"},{"date" => "2006-08-24T05:57:41","version" => "1.87_56"},{"date" => "2006-08-26T17:05:56","version" => "1.87_57"},{"date" => "2006-08-31T06:50:49","version" => "1.87_58"},{"date" => "2006-09-03T21:05:29","version" => "1.87_59"},{"date" => "2006-09-10T11:57:33","version" => "1.87_61"},{"date" => "2006-09-11T21:24:18","version" => "1.87_62"},{"date" => "2006-09-13T05:44:15","version" => "1.87_63"},{"date" => "2006-09-16T11:02:25","version" => "1.87_64"},{"date" => "2006-09-19T03:44:51","version" => "1.87_65"},{"date" => "2006-09-21T20:30:41","version" => "1.88"},{"date" => "2006-09-22T20:40:40","version" => "1.8801"},{"date" => "2006-09-30T10:41:20","version" => "1.88_51"},{"date" => "2006-10-03T09:51:49","version" => "1.88_52"},{"date" => "2006-10-09T19:31:56","version" => "1.88_53"},{"date" => "2006-10-14T09:37:15","version" => "1.88_54"},{"date" => "2006-10-16T06:59:27","version" => "1.88_55"},{"date" => "2006-10-22T10:34:16","version" => "1.88_56"},{"date" => "2006-10-23T07:17:30","version" => "1.8802"},{"date" => "2006-10-24T07:18:16","version" => "1.88_57"},{"date" => "2006-10-28T15:00:07","version" => "1.88_58"},{"date" => "2006-11-05T21:24:52","version" => "1.88_59"},{"date" => "2006-11-10T08:39:55","version" => "1.88_61"},{"date" => "2006-11-13T07:44:27","version" => "1.88_62"},{"date" => "2006-11-29T08:11:50","version" => "1.88_63"},{"date" => "2006-12-04T07:53:37","version" => "1.88_64"},{"date" => "2006-12-11T21:36:04","version" => "1.88_65"},{"date" => "2006-12-19T08:21:17","version" => "1.88_66"},{"date" => "2006-12-31T17:18:53","version" => "1.88_67"},{"date" => "2007-01-07T21:22:12","version" => "1.88_68"},{"date" => "2007-01-08T03:42:56","version" => "1.88_69"},{"date" => "2007-01-27T16:57:49","version" => "1.88_71"},{"date" => "2007-01-31T07:11:33","version" => "1.88_72"},{"date" => "2007-02-13T05:24:13","version" => "1.88_73"},{"date" => "2007-02-15T07:12:17","version" => "1.88_74"},{"date" => "2007-02-18T16:52:49","version" => "1.88_75"},{"date" => "2007-02-19T06:20:20","version" => "1.88_76"},{"date" => "2007-02-19T21:26:47","version" => "1.88_77"},{"date" => "2007-03-05T23:26:57","version" => "1.88_78"},{"date" => "2007-03-16T01:54:55","version" => "1.88_79"},{"date" => "2007-04-07T07:41:18","version" => "1.90"},{"date" => "2007-04-19T07:03:03","version" => "1.91"},{"date" => "2007-04-23T00:09:11","version" => "1.9101"},{"date" => "2007-05-08T20:35:04","version" => "1.9102"},{"date" => "2007-07-07T16:15:40","version" => "1.91_51"},{"date" => "2007-07-14T18:45:58","version" => "1.91_52"},{"date" => "2007-08-09T06:49:38","version" => "1.91_53"},{"date" => "2007-09-14T21:18:33","version" => "1.91_54"},{"date" => "2007-09-15T07:14:26","version" => "1.91_55"},{"date" => "2007-09-23T11:15:08","version" => "1.92"},{"date" => "2007-09-27T07:11:10","version" => "1.9201"},{"date" => "2007-09-28T06:58:04","version" => "1.9202"},{"date" => "2007-09-28T07:13:26","version" => "1.9203"},{"date" => "2007-11-04T23:04:18","version" => "1.92_51"},{"date" => "2007-11-05T23:30:06","version" => "1.9204"},{"date" => "2007-11-11T11:27:20","version" => "1.92_52"},{"date" => "2007-11-11T18:49:37","version" => "1.9205"},{"date" => "2007-12-09T23:27:18","version" => "1.92_53"},{"date" => "2007-12-27T04:57:34","version" => "1.92_54"},{"date" => "2007-12-30T15:24:13","version" => "1.92_55"},{"date" => "2008-02-04T21:56:28","version" => "1.92_56"},{"date" => "2008-02-27T05:13:49","version" => "1.92_57"},{"date" => "2008-03-12T07:56:18","version" => "1.92_58"},{"date" => "2008-03-16T18:57:04","version" => "1.92_59"},{"date" => "2008-03-26T07:53:08","version" => "1.92_60"},{"date" => "2008-04-25T04:47:52","version" => "1.92_61"},{"date" => "2008-05-23T04:07:04","version" => "1.92_62"},{"date" => "2008-06-19T06:42:18","version" => "1.92_63"},{"date" => "2008-09-03T05:27:35","version" => "1.92_64"},{"date" => "2008-09-14T09:54:03","version" => "1.92_65"},{"date" => "2008-09-29T23:15:10","version" => "1.92_66"},{"date" => "2008-10-12T16:07:51","version" => "1.93"},{"date" => "2008-10-13T19:37:43","version" => "1.9301"},{"date" => "2009-01-11T22:07:01","version" => "1.93_02"},{"date" => "2009-02-01T12:38:23","version" => "1.93_03"},{"date" => "2009-02-01T21:06:21","version" => "1.93_51"},{"date" => "2009-02-28T15:58:39","version" => "1.9304"},{"date" => "2009-04-13T19:24:43","version" => "1.93_52"},{"date" => "2009-05-04T06:11:28","version" => "1.93_53"},{"date" => "2009-05-07T20:13:16","version" => "1.93_54"},{"date" => "2009-05-24T05:37:28","version" => "1.94"},{"date" => "2009-06-14T19:53:52","version" => "1.94_01"},{"date" => "2009-06-27T02:55:22","version" => "1.9402"},{"date" => "2009-09-14T02:47:24","version" => "1.94_51"},{"date" => "2009-10-15T19:33:19","version" => "1.94_52"},{"date" => "2009-12-18T07:00:09","version" => "1.94_53"},{"date" => "2010-01-14T08:01:42","version" => "1.94_54"},{"date" => "2010-02-03T03:43:49","version" => "1.94_55"},{"date" => "2010-02-17T13:39:33","version" => "1.94_56"},{"date" => "2010-05-24T19:33:41","version" => "1.94_57"},{"date" => "2010-06-24T06:34:13","version" => "1.94_58"},{"date" => "2010-09-26T20:23:30","version" => "1.94_59"},{"date" => "2010-09-28T20:44:58","version" => "1.94_60"},{"date" => "2010-10-03T17:29:37","version" => "1.94_61"},{"date" => "2010-10-26T06:43:51","version" => "1.94_62"},{"date" => "2011-01-16T17:58:10","version" => "1.94_63"},{"date" => "2011-01-21T04:58:35","version" => "1.94_64"},{"date" => "2011-02-14T12:10:12","version" => "1.94_65"},{"date" => "2011-03-12T11:30:03","version" => "1.9600"},{"date" => "2011-06-27T06:56:01","version" => "1.97_51"},{"date" => "2011-08-07T09:40:33","version" => "1.9800"},{"date" => "2012-10-16T21:42:49","version" => "1.99_51"},{"date" => "2013-02-06T07:41:54","version" => "2.00-TRIAL"},{"date" => "2013-04-12T16:57:44","version" => "2.00"},{"date" => "2013-06-22T20:27:32","version" => "2.01-TRIAL"},{"date" => "2013-06-23T07:33:40","version" => "2.02-TRIAL"},{"date" => "2013-09-15T09:42:33","version" => "2.03-TRIAL"},{"date" => "2014-03-18T22:33:22","version" => "2.04-TRIAL"},{"date" => "2014-03-31T20:55:24","version" => "2.05-TRIAL"},{"date" => "2014-04-04T02:07:20","version" => "2.05-TRIAL2"},{"date" => "2014-04-18T13:35:51","version" => "2.05"},{"date" => "2014-08-06T19:32:53","version" => "2.06-TRIAL"},{"date" => "2015-01-04T18:54:54","version" => "2.06-TRIAL"},{"date" => "2015-01-05T06:31:55","version" => "2.08-TRIAL"},{"date" => "2015-02-02T04:41:02","version" => "2.09-TRIAL"},{"date" => "2015-02-22T15:57:42","version" => "2.10-TRIAL"},{"date" => "2015-03-13T07:45:04","version" => "2.10"},{"date" => "2015-12-31T11:00:08","version" => "2.12-TRIAL"},{"date" => "2016-05-16T09:56:01","version" => "2.13-TRIAL"},{"date" => "2016-06-04T14:41:28","version" => "2.14-TRIAL"},{"date" => "2016-06-25T04:32:45","version" => "2.14"},{"date" => "2016-07-17T12:10:30","version" => "2.15-TRIAL"},{"date" => "2017-01-16T16:20:27","version" => "2.16-TRIAL"},{"date" => "2017-01-16T21:27:06","version" => "2.16-TRIAL2"},{"date" => "2017-02-14T16:22:20","version" => "2.16"},{"date" => "2017-02-15T09:37:10","version" => "2.17-TRIAL"},{"date" => "2017-02-16T09:48:46","version" => "2.17-TRIAL2"},{"date" => "2017-03-30T21:38:23","version" => "2.18-TRIAL"},{"date" => "2017-11-04T23:27:47","version" => "2.19-TRIAL"},{"date" => "2017-11-26T22:10:39","version" => "2.20-TRIAL"},{"date" => "2018-09-22T20:46:35","version" => "2.21-TRIAL"},{"date" => "2018-12-16T10:35:04","version" => "2.22-TRIAL"},{"date" => "2018-12-23T09:11:29","version" => "2.22"},{"date" => "2019-02-10T20:28:53","version" => "2.23-TRIAL"},{"date" => "2019-02-14T21:21:03","version" => "2.24-TRIAL"},{"date" => "2019-02-16T05:56:23","version" => "2.25-TRIAL"},{"date" => "2019-03-03T06:27:10","version" => "2.25"},{"date" => "2019-03-19T00:04:34","version" => "2.26"},{"date" => "2019-05-31T21:11:50","version" => "2.27-TRIAL"},{"date" => "2019-06-09T05:48:20","version" => "2.27-TRIAL2"},{"date" => "2019-07-03T20:15:40","version" => "2.27"},{"date" => "2020-04-03T02:52:43","version" => "2.28-TRIAL"},{"date" => "2020-06-13T04:57:39","version" => "2.28"},{"date" => "2021-11-23T16:58:45","version" => "2.29"},{"date" => "2021-12-12T09:16:03","version" => "2.30-TRIAL"},{"date" => "2021-12-14T20:52:30","version" => "2.31-TRIAL"},{"date" => "2021-12-26T21:35:55","version" => "2.32-TRIAL"},{"date" => "2022-01-21T04:09:07","version" => "2.33-TRIAL"},{"date" => "2022-03-27T17:53:47","version" => "2.33"},{"date" => "2022-04-03T19:19:13","version" => "2.34-TRIAL"},{"date" => "2022-04-17T17:40:25","version" => "2.34"},{"date" => "2023-04-15T14:44:27","version" => "2.35-TRIAL"},{"date" => "2023-04-27T13:05:07","version" => "2.35"},{"date" => "2023-05-10T07:08:30","version" => "2.36-TRIAL"},{"date" => "2023-05-14T19:36:11","version" => "2.36"},{"date" => "2024-08-18T17:03:50","version" => "2.37-TRIAL"},{"date" => "2024-08-30T17:18:31","version" => "2.37"},{"date" => "2024-10-03T10:21:39","version" => "2.38-TRIAL"},{"date" => "2024-10-13T11:32:53","version" => "2.38-TRIAL2"},{"date" => "2024-11-17T19:52:34","version" => "2.38"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.2401"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "1.3901"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.59_56"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.76_02"},{"date" => "2009-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011003","version" => "1.94_5301"},{"date" => "2011-09-26T00:00:00","dual_lived" => 1,"perl_release" => "5.014002","version" => "1.9600_01"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.03"},{"date" => "2014-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.01901","version" => "2.04"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "2.11"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.11_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "2.14_01"},{"date" => "2017-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02501","version" => "2.17"},{"date" => "2017-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025012","version" => "2.18"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "2.20"},{"date" => "2018-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029004","version" => "2.21"}]},"CPAN-Checksums" => {"advisories" => [{"affected_versions" => ["<=2.12"],"cves" => ["CVE-2020-16155"],"description" => "The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.\n","distribution" => "CPAN-Checksums","fixed_versions" => [">=2.13"],"id" => "CPANSA-CPAN-Checksums-2020-16155","references" => ["https://metacpan.org/pod/CPAN::Checksums","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/"],"reported" => "2021-12-13","severity" => "medium"}],"main_module" => "CPAN::Checksums","versions" => [{"date" => "2000-12-10T09:31:19","version" => "1.003"},{"date" => "2000-12-11T08:49:05","version" => "1.004"},{"date" => "2000-12-11T10:20:16","version" => "1.006"},{"date" => "2000-12-11T13:38:18","version" => "1.007"},{"date" => "2000-12-13T11:24:09","version" => "1.008"},{"date" => "2002-03-31T20:27:49","version" => "1.009"},{"date" => "2002-10-06T17:22:35","version" => "1.0"},{"date" => "2002-10-07T08:56:12","version" => "1.011"},{"date" => "2003-02-02T10:26:00","version" => "1.014"},{"date" => "2003-02-03T15:44:57","version" => "1.015"},{"date" => "2003-02-03T19:21:46","version" => "1.016"},{"date" => "2005-01-24T07:59:41","version" => "1.018"},{"date" => "2005-10-31T07:27:02","version" => "1.032"},{"date" => "2005-11-11T07:16:04","version" => "1.039"},{"date" => "2006-05-01T13:34:41","version" => "1.048"},{"date" => "2006-05-09T03:30:39","version" => "1.050"},{"date" => "2007-08-05T12:10:58","version" => "1.061"},{"date" => "2007-10-09T03:09:45","version" => "1.064"},{"date" => "2008-05-17T05:26:24","version" => "2.00"},{"date" => "2008-09-03T19:33:28","version" => "2.01"},{"date" => "2008-10-31T06:54:59","version" => "2.02"},{"date" => "2009-09-20T01:50:36","version" => "2.03"},{"date" => "2009-09-28T04:10:09","version" => "2.04"},{"date" => "2010-01-23T05:39:17","version" => "2.05"},{"date" => "2010-10-24T12:13:44","version" => "2.06"},{"date" => "2010-11-20T22:18:39","version" => "2.07"},{"date" => "2011-08-30T06:32:02","version" => "2.08"},{"date" => "2014-04-04T04:06:11","version" => "2.09"},{"date" => "2015-04-11T05:48:38","version" => "2.10"},{"date" => "2016-04-09T05:42:27","version" => "2.11"},{"date" => "2016-06-14T02:42:03","version" => "2.12"},{"date" => "2021-11-23T16:57:18","version" => "2.13"},{"date" => "2021-12-04T10:00:42","version" => "2.14"}]},"Capture-Tiny" => {"advisories" => [{"affected_versions" => ["<0.24"],"cves" => ["CVE-2014-1875"],"description" => "The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.\n","distribution" => "Capture-Tiny","fixed_versions" => [">=0.24"],"id" => "CPANSA-Capture-Tiny-2014-1875","references" => ["http://osvdb.org/102963","https://bugzilla.redhat.com/show_bug.cgi?id=1062424","http://www.securityfocus.com/bid/65475","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737835","https://github.com/dagolden/Capture-Tiny/issues/16","http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128882.html","https://github.com/dagolden/Capture-Tiny/commit/635c9eabd52ab8042b0c841823bd6e692de87924","http://cpansearch.perl.org/src/DAGOLDEN/Capture-Tiny-0.24/Changes","http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128823.html","http://seclists.org/oss-sec/2014/q1/272","http://seclists.org/oss-sec/2014/q1/267","http://secunia.com/advisories/56823","https://exchange.xforce.ibmcloud.com/vulnerabilities/91464"],"reported" => "2014-10-06","severity" => undef}],"main_module" => "Capture::Tiny","versions" => [{"date" => "2009-02-14T04:25:26","version" => "0.01"},{"date" => "2009-02-17T22:26:18","version" => "0.02"},{"date" => "2009-02-20T18:09:46","version" => "0.03"},{"date" => "2009-02-25T14:29:32","version" => "0.04"},{"date" => "2009-03-03T11:58:12","version" => "0.05"},{"date" => "2009-04-21T11:07:47","version" => "0.05_51"},{"date" => "2009-05-07T10:57:33","version" => "0.06"},{"date" => "2010-01-24T05:21:56","version" => "0.07"},{"date" => "2010-06-20T23:17:16","version" => "0.08"},{"date" => "2011-01-28T04:53:00","version" => "0.09"},{"date" => "2011-02-07T12:02:15","version" => "0.10"},{"date" => "2011-05-20T03:35:28","version" => "0.11"},{"date" => "2011-12-01T22:00:04","version" => "0.12"},{"date" => "2011-12-02T18:40:05","version" => "0.13"},{"date" => "2011-12-22T15:16:31","version" => "0.14"},{"date" => "2011-12-23T16:12:30","version" => "0.15"},{"date" => "2012-02-13T02:06:15","version" => "0.16"},{"date" => "2012-02-22T13:09:42","version" => "0.17"},{"date" => "2012-03-07T23:25:31","version" => "0.17_51"},{"date" => "2012-03-09T16:46:53","version" => "0.17_52"},{"date" => "2012-05-04T20:33:43","version" => "0.18"},{"date" => "2012-08-07T00:28:08","version" => "0.19"},{"date" => "2012-09-19T17:22:24","version" => "0.20"},{"date" => "2012-11-15T00:13:08","version" => "0.21"},{"date" => "2013-03-27T19:52:10","version" => "0.22"},{"date" => "2013-10-20T15:28:15","version" => "0.23"},{"date" => "2014-02-06T22:18:06","version" => "0.24"},{"date" => "2014-08-16T14:09:48","version" => "0.25"},{"date" => "2014-11-04T11:57:19","version" => "0.26"},{"date" => "2014-11-05T04:12:33","version" => "0.27"},{"date" => "2015-02-11T11:41:44","version" => "0.28"},{"date" => "2015-04-19T16:44:50","version" => "0.29"},{"date" => "2015-05-16T00:45:01","version" => "0.30"},{"date" => "2016-02-14T14:39:55","version" => "0.31"},{"date" => "2016-02-18T15:14:06","version" => "0.32"},{"date" => "2016-02-19T04:29:41","version" => "0.34"},{"date" => "2016-02-29T02:38:12","version" => "0.36"},{"date" => "2016-05-02T11:09:27","version" => "0.37"},{"date" => "2016-05-02T14:24:23","version" => "0.39"},{"date" => "2016-05-23T15:45:16","version" => "0.40"},{"date" => "2016-05-23T16:01:05","version" => "0.41"},{"date" => "2016-05-31T16:41:30","version" => "0.42"},{"date" => "2016-08-05T18:02:43","version" => "0.44"},{"date" => "2017-02-23T18:32:44","version" => "0.45"},{"date" => "2017-02-25T19:26:54","version" => "0.46"},{"date" => "2017-07-26T14:36:03","version" => "0.47"},{"date" => "2018-04-22T07:09:08","version" => "0.48"},{"date" => "2024-12-16T13:11:27","version" => "0.49"},{"date" => "2024-12-19T13:16:05","version" => "0.50"}]},"Catalyst-Action-REST" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "YAML and YAML::HTML parsers are a potential security hole, as they may allow arbitrary Perl objects to be instantiated.\n","distribution" => "Catalyst-Action-REST","fixed_versions" => [">=1.12"],"id" => "CPANSA-Catalyst-Action-REST-2013-01","references" => ["https://metacpan.org/dist/Catalyst-Action-REST/changes"],"reported" => "2013-09-03","severity" => undef}],"main_module" => "Catalyst::Action::REST","versions" => [{"date" => "2006-11-20T03:15:08","version" => "0.1"},{"date" => "2006-12-01T01:42:22","version" => "0.2"},{"date" => "2006-12-04T00:22:45","version" => "0.30"},{"date" => "2006-12-06T08:48:49","version" => "0.31"},{"date" => "2007-03-10T00:44:35","version" => "0.40"},{"date" => "2007-05-24T21:09:40","version" => "0.41"},{"date" => "2007-07-07T19:33:22","version" => "0.50"},{"date" => "2008-01-04T01:33:04","version" => "0.60"},{"date" => "2008-06-30T19:30:56","version" => "0.61"},{"date" => "2008-07-02T15:25:10","version" => "0.62"},{"date" => "2008-08-07T17:14:34","version" => "0.63"},{"date" => "2008-08-14T16:09:53","version" => "0.64"},{"date" => "2008-08-20T17:45:46","version" => "0.65"},{"date" => "2008-08-22T18:24:57","version" => "0.66"},{"date" => "2009-03-25T16:38:07","version" => "0.67_01"},{"date" => "2009-03-26T05:04:33","version" => "0.67"},{"date" => "2009-03-26T05:37:53","version" => "0.68"},{"date" => "2009-03-26T21:19:43","version" => "0.69"},{"date" => "2009-03-28T06:23:19","version" => "0.70"},{"date" => "2009-03-28T16:19:10","version" => "0.71"},{"date" => "2009-06-25T18:56:47","version" => "0.72"},{"date" => "2009-06-28T00:22:51","version" => "0.73"},{"date" => "2009-07-22T23:12:44","version" => "0.74"},{"date" => "2009-08-17T13:11:15","version" => "0.75"},{"date" => "2009-08-21T20:42:44","version" => "0.76"},{"date" => "2009-08-27T01:26:49","version" => "0.77"},{"date" => "2009-09-28T14:05:11","version" => "0.78"},{"date" => "2009-12-11T01:11:49","version" => "0.79"},{"date" => "2009-12-19T14:59:13","version" => "0.80"},{"date" => "2010-01-14T20:56:56","version" => "0.81"},{"date" => "2010-02-04T22:35:05","version" => "0.82"},{"date" => "2010-02-08T22:24:29","version" => "0.83"},{"date" => "2010-05-06T08:34:09","version" => "0.84"},{"date" => "2010-05-13T08:15:30","version" => "0.85"},{"date" => "2010-09-01T22:17:14","version" => "0.86"},{"date" => "2010-11-03T19:48:23","version" => "0.87"},{"date" => "2011-01-11T23:12:42","version" => "0.88"},{"date" => "2011-01-24T21:59:02","version" => "0.89"},{"date" => "2011-02-25T13:58:06","version" => "0.90"},{"date" => "2011-08-04T12:46:05","version" => "0.91"},{"date" => "2011-10-01T10:11:59","version" => "0.91"},{"date" => "2011-10-12T18:35:31","version" => "0.93"},{"date" => "2011-12-09T08:51:25","version" => "0.94"},{"date" => "2012-01-04T19:54:14","version" => "0.95"},{"date" => "2012-01-30T11:32:44","version" => "0.96"},{"date" => "2012-02-21T10:06:13","version" => "0.97"},{"date" => "2012-02-21T11:44:32","version" => "0.98"},{"date" => "2012-02-28T09:14:17","version" => "0.99"},{"date" => "2012-04-13T08:37:31","version" => "1.00"},{"date" => "2012-05-29T20:02:44","version" => "1.01"},{"date" => "2012-06-05T21:45:05","version" => "1.02"},{"date" => "2012-06-27T23:52:31","version" => "1.03"},{"date" => "2012-06-30T09:32:24","version" => "1.04"},{"date" => "2012-07-02T19:16:30","version" => "1.05"},{"date" => "2012-12-11T22:13:48","version" => "1.06"},{"date" => "2013-04-11T19:25:51","version" => "1.07"},{"date" => "2013-04-16T07:36:02","version" => "1.08"},{"date" => "2013-04-19T12:43:57","version" => "1.09"},{"date" => "2013-04-22T13:43:09","version" => "1.10"},{"date" => "2013-06-16T14:28:48","version" => "1.11"},{"date" => "2013-09-11T17:50:54","version" => "1.12"},{"date" => "2013-11-08T15:49:54","version" => "1.13"},{"date" => "2013-12-27T21:33:09","version" => "1.14"},{"date" => "2014-05-07T14:04:03","version" => "1.15"},{"date" => "2014-09-12T18:22:35","version" => "1.16"},{"date" => "2014-10-24T00:59:39","version" => "1.17"},{"date" => "2015-01-20T18:22:02","version" => "1.18"},{"date" => "2015-02-06T15:40:56","version" => "1.19"},{"date" => "2015-10-29T20:34:02","version" => "1.20"},{"date" => "2017-12-05T15:16:47","version" => "1.21"}]},"Catalyst-Authentication-Credential-HTTP" => {"advisories" => [{"affected_versions" => ["<=1.018"],"cves" => ["CVE-2025-40920"],"description" => "Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.   *  Data::UUID does not use a strong cryptographic source for generating UUIDs.   *  Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.   *  The nonces should be generated from a strong cryptographic source, as per RFC 7616.","distribution" => "Catalyst-Authentication-Credential-HTTP","fixed_versions" => [">=1.019"],"id" => "CPANSA-Catalyst-Authentication-Credential-HTTP-2025-40920","references" => ["https://datatracker.ietf.org/doc/html/rfc7616#section-5.12","https://datatracker.ietf.org/doc/html/rfc9562#name-security-considerations","https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1","https://metacpan.org/release/ETHER/Catalyst-Authentication-Credential-HTTP-1.018/source/lib/Catalyst/Authentication/Credential/HTTP.pm#L391","https://security.metacpan.org/patches/C/Catalyst-Authentication-Credential-HTTP/1.018/CVE-2025-40920-r1.patch"],"reported" => "2025-08-11","severity" => undef}],"main_module" => "Catalyst::Authentication::Credential::HTTP","versions" => [{"date" => "2008-09-01T13:41:15","version" => "1.000"},{"date" => "2008-09-02T18:15:58","version" => "1.001"},{"date" => "2008-09-03T00:16:26","version" => "1.002"},{"date" => "2008-09-11T14:35:17","version" => "1.003"},{"date" => "2008-09-11T18:06:53","version" => "0.12"},{"date" => "2008-09-12T18:21:26","version" => "1.004"},{"date" => "2008-09-25T22:13:58","version" => "1.005"},{"date" => "2008-10-06T18:56:06","version" => "1.006"},{"date" => "2008-11-19T09:41:15","version" => "1.007"},{"date" => "2008-12-10T23:58:04","version" => "1.008"},{"date" => "2009-01-04T21:37:39","version" => "1.009"},{"date" => "2009-05-14T08:34:09","version" => "1.010"},{"date" => "2009-06-27T04:00:10","version" => "1.011"},{"date" => "2010-03-07T21:07:20","version" => "1.012"},{"date" => "2010-12-14T22:03:35","version" => "1.013"},{"date" => "2012-02-05T18:51:03","version" => "1.014"},{"date" => "2012-06-27T18:43:56","version" => "1.015"},{"date" => "2013-07-27T20:38:37","version" => "1.016"},{"date" => "2017-06-27T23:22:26","version" => "1.017"},{"date" => "2017-06-28T00:29:58","version" => "1.018"},{"date" => "2025-08-20T17:38:38","version" => "1.019"}]},"Catalyst-Authentication-Store-LDAP" => {"advisories" => [{"affected_versions" => ["<1.013"],"cves" => [],"description" => "Incorrect password check binds to the unauthenticated user.\n","distribution" => "Catalyst-Authentication-Store-LDAP","fixed_versions" => [">=1.013"],"id" => "CPANSA-Catalyst-Authentication-Store-LDAP-2012-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=81908"],"reported" => "2012-12-11","severity" => "high"}],"main_module" => "Catalyst::Authentication::Store::LDAP","versions" => [{"date" => "2008-02-05T18:18:24","version" => "0.1000"},{"date" => "2008-04-10T02:06:58","version" => "0.1001"},{"date" => "2008-07-09T20:45:43","version" => "0.1002"},{"date" => "2008-09-10T13:21:33","version" => "0.1003"},{"date" => "2008-10-22T01:57:27","version" => "0.1003"},{"date" => "2009-05-01T02:34:18","version" => "0.1005"},{"date" => "2009-12-11T18:54:26","version" => "1.006"},{"date" => "2010-03-19T10:07:13","version" => "1.007"},{"date" => "2010-04-03T03:04:13","version" => "1.008"},{"date" => "2010-05-15T07:14:41","version" => "1.009"},{"date" => "2010-07-06T21:39:55","version" => "1.010"},{"date" => "2010-07-07T20:41:22","version" => "1.011"},{"date" => "2010-10-05T08:11:56","version" => "1.012"},{"date" => "2013-01-09T14:58:46","version" => "1.013"},{"date" => "2013-04-26T19:51:28","version" => "1.014"},{"date" => "2015-02-20T18:07:31","version" => "1.015"},{"date" => "2016-02-11T17:50:52","version" => "1.016"},{"date" => "2021-05-26T09:59:28","version" => "1.017"}]},"Catalyst-Controller-Combine" => {"advisories" => [{"affected_versions" => ["<0.12"],"cves" => [],"description" => "Allows to use url-encoded path-parts to crawl along the file system and read files outside the intended directory.\n","distribution" => "Catalyst-Controller-Combine","fixed_versions" => [">=0.12"],"id" => "CPANSA-Catalyst-Controller-Combine-2010-01","references" => ["https://metacpan.org/changes/distribution/Catalyst-Controller-Combine"],"reported" => "2010-05-21"}],"main_module" => "Catalyst::Controller::Combine","versions" => [{"date" => "2009-07-11T17:58:25","version" => "0.06"},{"date" => "2009-07-13T06:49:00","version" => "0.07"},{"date" => "2009-10-24T12:48:21","version" => "0.08"},{"date" => "2010-03-13T19:31:13","version" => "0.09"},{"date" => "2010-03-27T18:44:05","version" => "0.10"},{"date" => "2010-06-21T20:47:02","version" => "0.12"},{"date" => "2011-07-28T19:53:12","version" => "0.13"},{"date" => "2012-02-20T20:59:00","version" => "0.14"},{"date" => "2012-05-04T10:43:12","version" => "0.15"}]},"Catalyst-Plugin-Session" => {"advisories" => [{"affected_versions" => ["<0.44"],"cves" => ["CVE-2025-40924"],"description" => "Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.  The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Catalyst-Plugin-Session","fixed_versions" => [">=0.44"],"id" => "CPANSA-Catalyst-Plugin-Session-2025-40924","references" => ["https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/c0e2b4ab1e42ebce1008286db8c571b6ee98c22c.patch","https://github.com/perl-catalyst/Catalyst-Plugin-Session/pull/5","https://metacpan.org/release/HAARG/Catalyst-Plugin-Session-0.43/source/lib/Catalyst/Plugin/Session.pm#L632"],"reported" => "2025-07-17","severity" => undef}],"main_module" => "Catalyst::Plugin::Session","versions" => [{"date" => "2005-11-14T20:45:06","version" => "0.01"},{"date" => "2005-11-23T12:29:16","version" => "0.02"},{"date" => "2005-12-26T08:24:04","version" => "0.03"},{"date" => "2005-12-28T11:51:50","version" => "0.04"},{"date" => "2006-01-01T10:45:07","version" => "0.05"},{"date" => "2006-07-29T16:35:24","version" => "0.06"},{"date" => "2006-07-31T11:24:16","version" => "0.07"},{"date" => "2006-07-31T12:11:58","version" => "0.08"},{"date" => "2006-07-31T18:24:07","version" => "0.09"},{"date" => "2006-08-01T08:08:13","version" => "0.10"},{"date" => "2006-08-10T15:03:04","version" => "0.11"},{"date" => "2006-08-26T17:55:09","version" => "0.12"},{"date" => "2006-10-12T19:54:32","version" => "0.13"},{"date" => "2007-01-31T11:24:20","version" => "0.14"},{"date" => "2007-06-24T15:17:44","version" => "0.15"},{"date" => "2007-07-03T14:40:50","version" => "0.16"},{"date" => "2007-07-16T10:20:50","version" => "0.17"},{"date" => "2007-08-15T18:06:22","version" => "0.18"},{"date" => "2007-10-08T18:18:10","version" => "0.19"},{"date" => "2009-01-09T02:13:40","version" => "0.19_01"},{"date" => "2009-02-05T14:50:15","version" => "0.20"},{"date" => "2009-04-30T20:54:07","version" => "0.21"},{"date" => "2009-05-13T21:00:18","version" => "0.22"},{"date" => "2009-06-16T19:43:53","version" => "0.23"},{"date" => "2009-06-23T08:20:00","version" => "0.24"},{"date" => "2009-07-08T21:54:31","version" => "0.25"},{"date" => "2009-08-19T21:23:25","version" => "0.26"},{"date" => "2009-10-06T08:45:28","version" => "0.26_01"},{"date" => "2009-10-08T21:38:42","version" => "0.27"},{"date" => "2009-10-29T09:59:18","version" => "0.28"},{"date" => "2009-11-04T23:43:22","version" => "0.29"},{"date" => "2010-06-24T12:54:05","version" => "0.30"},{"date" => "2010-10-08T14:39:33","version" => "0.31"},{"date" => "2011-06-08T12:05:42","version" => "0.32"},{"date" => "2012-03-26T10:03:59","version" => "0.33"},{"date" => "2012-04-02T14:51:39","version" => "0.34"},{"date" => "2012-04-24T08:24:54","version" => "0.35"},{"date" => "2012-10-19T22:40:25","version" => "0.36"},{"date" => "2013-02-25T14:04:31","version" => "0.37"},{"date" => "2013-09-18T14:03:08","version" => "0.38"},{"date" => "2013-10-16T15:09:02","version" => "0.39"},{"date" => "2015-01-27T01:20:24","version" => "0.40"},{"date" => "2018-12-06T02:31:20","version" => "0.41"},{"date" => "2022-05-31T00:20:53","version" => "0.42"},{"date" => "2022-06-03T14:15:38","version" => "0.43"},{"date" => "2025-07-16T14:18:57","version" => "0.44"}]},"Catalyst-Plugin-Static" => {"advisories" => [{"affected_versions" => ["<0.10"],"cves" => [],"description" => "Serving files outside of \$config->{root} directory.\n","distribution" => "Catalyst-Plugin-Static","fixed_versions" => [">=0.10"],"id" => "CPANSA-Catalyst-Plugin-Static-2005-01","reported" => "2005-11-14"}],"main_module" => "Catalyst::Plugin::Static","versions" => [{"date" => "2005-01-29T00:00:20","version" => "0.01"},{"date" => "2005-02-19T20:28:50","version" => "0.02"},{"date" => "2005-03-17T01:01:03","version" => "0.03"},{"date" => "2005-03-17T19:10:36","version" => "0.04"},{"date" => "2005-03-21T13:34:27","version" => "0.05"},{"date" => "2005-03-23T06:48:05","version" => "0.05"},{"date" => "2005-04-15T16:58:18","version" => "0.06"},{"date" => "2005-04-17T14:50:45","version" => "0.07"},{"date" => "2005-09-06T13:42:42","version" => "0.08"},{"date" => "2005-11-14T08:38:35","version" => "0.09"},{"date" => "2005-11-14T10:26:31","version" => "0.10"},{"date" => "2009-10-18T18:13:00","version" => "0.11"}]},"Catalyst-Plugin-Static-Simple" => {"advisories" => [{"affected_versions" => ["<0.34"],"cves" => ["CVE-2017-16248"],"description" => "The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.\n","distribution" => "Catalyst-Plugin-Static-Simple","fixed_versions" => [">=0.34"],"id" => "CPANSA-Catalyst-Plugin-Static-Simple-2017-01","references" => ["https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","https://metacpan.org/pod/CPAN::Checksums"],"reported" => "2017-10-31"}],"main_module" => "Catalyst::Plugin::Static::Simple","versions" => [{"date" => "2005-08-12T01:37:04","version" => "0.01"},{"date" => "2005-08-16T22:09:54","version" => "0.02"},{"date" => "2005-08-22T03:44:24","version" => "0.03"},{"date" => "2005-08-22T15:59:08","version" => "0.04"},{"date" => "2005-08-26T15:58:06","version" => "0.05"},{"date" => "2005-09-05T19:36:58","version" => "0.06"},{"date" => "2005-09-06T01:07:28","version" => "0.07"},{"date" => "2005-09-07T22:52:21","version" => "0.08"},{"date" => "2005-10-07T17:40:16","version" => "0.09"},{"date" => "2005-10-19T21:19:04","version" => "0.10"},{"date" => "2005-11-14T00:28:01","version" => "0.11"},{"date" => "2005-12-15T14:56:40","version" => "0.13"},{"date" => "2006-03-24T16:18:59","version" => "0.14"},{"date" => "2006-07-05T16:35:54","version" => "0.14"},{"date" => "2006-12-09T03:25:57","version" => "0.15"},{"date" => "2007-04-30T18:48:25","version" => "0.16"},{"date" => "2007-05-11T14:52:16","version" => "0.17"},{"date" => "2007-07-01T04:12:31","version" => "0.18"},{"date" => "2007-07-02T20:54:05","version" => "0.19"},{"date" => "2007-09-24T13:50:15","version" => "0.20"},{"date" => "2009-03-29T18:47:56","version" => "0.21"},{"date" => "2009-08-21T16:21:17","version" => "0.22"},{"date" => "2009-10-06T16:51:19","version" => "0.23"},{"date" => "2009-10-18T18:12:48","version" => "0.24"},{"date" => "2009-10-22T20:49:26","version" => "0.25"},{"date" => "2009-12-06T12:32:46","version" => "0.26"},{"date" => "2010-01-03T14:56:26","version" => "0.27"},{"date" => "2010-01-04T13:18:25","version" => "0.28"},{"date" => "2010-02-01T18:48:45","version" => "0.29"},{"date" => "2012-05-04T17:17:29","version" => "0.30"},{"date" => "2013-09-09T14:32:43","version" => "0.31"},{"date" => "2014-06-05T12:44:48","version" => "0.32"},{"date" => "2014-10-29T16:02:17","version" => "0.33"},{"date" => "2017-08-02T17:00:14","version" => "0.34"},{"date" => "2018-03-14T12:13:30","version" => "0.35"},{"date" => "2018-03-15T11:41:17","version" => "0.36"},{"date" => "2021-05-05T14:30:07","version" => "0.37"}]},"Catalyst-Runtime" => {"advisories" => [{"affected_versions" => ["<5.90020"],"cves" => [],"description" => "Passing a special host to the redirect page link makes it vulnerable to XSS attack.\n","distribution" => "Catalyst-Runtime","fixed_versions" => [">=5.90020"],"id" => "CPANSA-Catalyst-Runtime-2013-01","references" => ["http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/Catalyst-Runtime.git;a=commitdiff;h=7af54927870a7c6f89323ac1876d49f92e7841f5"],"reported" => "2013-01-23"},{"affected_versions" => ["<5.58"],"cves" => [],"description" => "Path traversal in Static::Simple plugin.\n","distribution" => "Catalyst-Runtime","fixed_versions" => [">=5.58"],"id" => "CPANSA-Catalyst-Runtime-2005-01","reported" => "2005-11-24"}],"main_module" => "Catalyst::Runtime","versions" => [{"date" => "2006-06-25T19:20:53","version" => "5.70_01"},{"date" => "2006-06-27T18:10:20","version" => "5.70_02"},{"date" => "2006-06-28T21:50:30","version" => "5.70_03"},{"date" => "2006-07-07T22:47:30","version" => "5.7000"},{"date" => "2006-07-20T06:00:58","version" => "5.7001"},{"date" => "2006-09-19T07:36:29","version" => "5.7002"},{"date" => "2006-09-23T17:43:12","version" => "5.7003"},{"date" => "2006-11-06T23:28:40","version" => "5.7004"},{"date" => "2006-11-07T19:43:56","version" => "5.7005"},{"date" => "2006-11-15T08:27:59","version" => "5.7006"},{"date" => "2007-03-14T11:13:37","version" => "5.7007"},{"date" => "2007-08-13T06:36:11","version" => "5.7008"},{"date" => "2007-08-21T22:23:53","version" => "5.7009"},{"date" => "2007-08-22T05:51:41","version" => "5.7010"},{"date" => "2007-10-18T18:11:24","version" => "5.7011"},{"date" => "2007-12-17T08:19:28","version" => "5.7012"},{"date" => "2008-05-17T12:41:13","version" => "5.7013"},{"date" => "2008-05-25T21:16:45","version" => "5.7013"},{"date" => "2008-06-25T20:43:41","version" => "5.7099_01"},{"date" => "2008-07-18T11:41:25","version" => "5.7099_02"},{"date" => "2008-07-20T08:15:02","version" => "5.7099_02"},{"date" => "2008-10-13T20:55:41","version" => "5.7099_02"},{"date" => "2008-10-14T06:06:06","version" => "5.7099_02"},{"date" => "2008-10-15T21:44:15","version" => "5.7015"},{"date" => "2008-10-17T12:42:53","version" => "5.8000_03"},{"date" => "2008-12-05T15:11:14","version" => "5.8000_04"},{"date" => "2009-01-12T15:46:59","version" => "5.7099_04"},{"date" => "2009-01-19T17:36:04","version" => "5.71000"},{"date" => "2009-01-29T08:56:09","version" => "5.8000_05"},{"date" => "2009-02-04T20:08:22","version" => "5.8000_06"},{"date" => "2009-03-27T09:21:12","version" => "5.71001"},{"date" => "2009-04-13T19:03:36","version" => "5.8000_07"},{"date" => "2009-04-18T20:26:00","version" => "5.80001"},{"date" => "2009-04-21T23:45:45","version" => "5.80002"},{"date" => "2009-04-29T14:39:21","version" => "5.80003"},{"date" => "2009-05-18T15:16:38","version" => "5.80004"},{"date" => "2009-06-06T12:49:15","version" => "5.80005"},{"date" => "2009-06-29T22:11:48","version" => "5.80006"},{"date" => "2009-06-30T22:11:36","version" => "5.80007"},{"date" => "2009-08-21T16:14:33","version" => "5.80008"},{"date" => "2009-08-21T20:29:33","version" => "5.80009"},{"date" => "2009-08-21T21:42:08","version" => "5.80010"},{"date" => "2009-08-23T11:57:26","version" => "5.80011"},{"date" => "2009-09-09T18:01:32","version" => "5.80012"},{"date" => "2009-09-17T09:35:20","version" => "5.80013"},{"date" => "2009-11-21T02:32:20","version" => "5.80014"},{"date" => "2009-11-22T20:24:47","version" => "5.80014_01"},{"date" => "2009-12-01T01:14:00","version" => "5.80014_02"},{"date" => "2009-12-02T15:42:50","version" => "5.80015"},{"date" => "2009-12-11T23:37:44","version" => "5.80016"},{"date" => "2010-01-10T02:01:50","version" => "5.80017"},{"date" => "2010-01-12T21:39:47","version" => "5.80018"},{"date" => "2010-01-29T00:18:07","version" => "5.80019"},{"date" => "2010-02-04T06:19:31","version" => "5.80020"},{"date" => "2010-03-03T23:16:29","version" => "5.80021"},{"date" => "2010-03-28T19:25:48","version" => "5.80022"},{"date" => "2010-05-07T22:07:08","version" => "5.80023"},{"date" => "2010-05-15T09:57:52","version" => "5.80024"},{"date" => "2010-07-29T00:59:16","version" => "5.80025"},{"date" => "2010-09-01T15:10:42","version" => "5.80026"},{"date" => "2010-09-02T11:33:03","version" => "5.80027"},{"date" => "2010-09-28T20:14:11","version" => "5.80028"},{"date" => "2010-10-03T16:24:08","version" => "5.80029"},{"date" => "2011-01-04T12:56:30","version" => "5.80030"},{"date" => "2011-01-24T10:50:27","version" => "5.89000"},{"date" => "2011-01-31T08:25:21","version" => "5.80031"},{"date" => "2011-02-23T08:28:58","version" => "5.80032"},{"date" => "2011-03-01T14:56:37","version" => "5.89001"},{"date" => "2011-03-02T10:37:42","version" => "5.89002"},{"date" => "2011-07-24T15:58:37","version" => "5.80033"},{"date" => "2011-07-28T20:05:01","version" => "5.89003"},{"date" => "2011-08-15T21:35:34","version" => "5.9000"},{"date" => "2011-08-15T21:59:58","version" => "5.90001"},{"date" => "2011-08-22T20:55:10","version" => "5.90002"},{"date" => "2011-10-05T07:48:57","version" => "5.90003"},{"date" => "2011-10-11T15:19:05","version" => "5.90004"},{"date" => "2011-10-22T21:01:24","version" => "5.90005"},{"date" => "2011-10-25T17:54:34","version" => "5.90006"},{"date" => "2011-11-22T20:40:44","version" => "5.90007"},{"date" => "2012-02-06T21:08:28","version" => "5.90008"},{"date" => "2012-02-16T09:29:44","version" => "5.90009"},{"date" => "2012-02-18T00:49:30","version" => "5.90010"},{"date" => "2012-03-08T21:53:00","version" => "5.90011"},{"date" => "2012-05-19T07:13:21","version" => "5.90012"},{"date" => "2012-06-08T00:37:40","version" => "5.90013"},{"date" => "2012-06-21T20:41:41","version" => "5.90013"},{"date" => "2012-06-26T14:34:56","version" => "5.90014"},{"date" => "2012-06-30T18:00:53","version" => "5.90015"},{"date" => "2012-08-17T01:39:42","version" => "5.90016"},{"date" => "2012-10-19T21:51:54","version" => "5.90017"},{"date" => "2012-10-24T01:01:44","version" => "5.90018"},{"date" => "2012-12-04T22:04:19","version" => "5.90019"},{"date" => "2013-02-22T14:05:39","version" => "5.90020"},{"date" => "2013-04-12T17:09:27","version" => "5.90030"},{"date" => "2013-06-12T21:26:14","version" => "5.90040"},{"date" => "2013-06-15T02:10:17","version" => "5.90041"},{"date" => "2013-06-16T01:57:47","version" => "5.90042"},{"date" => "2013-07-26T19:13:01","version" => "5.90049_001"},{"date" => "2013-08-21T02:39:45","version" => "5.90049_002"},{"date" => "2013-09-20T19:03:54","version" => "5.90049_003"},{"date" => "2013-10-18T22:19:33","version" => "5.90049_004"},{"date" => "2013-10-31T20:48:42","version" => "5.90049_005"},{"date" => "2013-11-05T03:25:31","version" => "5.90049_006"},{"date" => "2013-11-05T22:35:22","version" => "5.90050"},{"date" => "2013-11-07T17:14:35","version" => "5.90051"},{"date" => "2013-12-18T20:03:22","version" => "5.90052"},{"date" => "2013-12-19T14:33:08","version" => "5.90059_001"},{"date" => "2013-12-22T16:18:16","version" => "5.90053"},{"date" => "2013-12-22T16:34:11","version" => "5.90059_002"},{"date" => "2013-12-27T02:27:08","version" => "5.90059_003"},{"date" => "2014-01-27T17:20:51","version" => "5.90059_004"},{"date" => "2014-01-28T19:36:58","version" => "5.90059_005"},{"date" => "2014-02-06T20:41:25","version" => "5.90059_006"},{"date" => "2014-02-08T03:11:11","version" => "5.90060"},{"date" => "2014-03-10T14:46:10","version" => "5.90061"},{"date" => "2014-04-14T18:53:26","version" => "5.90062"},{"date" => "2014-05-02T00:15:16","version" => "5.90063"},{"date" => "2014-05-05T14:55:25","version" => "5.90064"},{"date" => "2014-05-27T18:08:08","version" => "5.90069_001"},{"date" => "2014-06-05T12:44:59","version" => "5.90065"},{"date" => "2014-06-10T00:22:42","version" => "5.90069_002"},{"date" => "2014-08-06T15:09:29","version" => "5.90069_003"},{"date" => "2014-08-07T15:59:15","version" => "5.90069_004"},{"date" => "2014-08-07T21:49:59","version" => "5.90070"},{"date" => "2014-08-10T13:15:52","version" => "5.90071"},{"date" => "2014-09-15T16:30:58","version" => "5.90072"},{"date" => "2014-09-23T17:24:54","version" => "5.90073"},{"date" => "2014-10-01T21:45:12","version" => "5.90074"},{"date" => "2014-10-07T00:07:51","version" => "5.90075"},{"date" => "2014-11-14T00:20:16","version" => "5.90076"},{"date" => "2014-11-19T00:28:27","version" => "5.90077"},{"date" => "2014-12-02T21:50:30","version" => "5.90079_001"},{"date" => "2014-12-02T23:22:07","version" => "5.90079_002"},{"date" => "2014-12-03T19:45:16","version" => "5.90079_003"},{"date" => "2014-12-26T23:05:46","version" => "5.90079_004"},{"date" => "2014-12-31T16:26:20","version" => "5.90078"},{"date" => "2014-12-31T21:04:56","version" => "5.90079_005"},{"date" => "2015-01-02T15:11:55","version" => "5.90079_006"},{"date" => "2015-01-02T18:11:38","version" => "5.90079"},{"date" => "2015-01-07T20:01:40","version" => "5.90079_007"},{"date" => "2015-01-07T23:26:17","version" => "5.90079_008"},{"date" => "2015-01-09T17:04:47","version" => "5.90080"},{"date" => "2015-01-10T22:39:56","version" => "5.90081"},{"date" => "2015-01-10T23:33:56","version" => "5.90082"},{"date" => "2015-02-17T02:29:50","version" => "5.90083"},{"date" => "2015-02-23T22:24:50","version" => "5.90084"},{"date" => "2015-03-25T18:58:11","version" => "5.90085"},{"date" => "2015-03-26T21:30:15","version" => "5.90089_001"},{"date" => "2015-04-17T21:32:30","version" => "5.90089_002"},{"date" => "2015-04-27T20:20:40","version" => "5.90089_003"},{"date" => "2015-04-28T18:24:12","version" => "5.90089_004"},{"date" => "2015-04-29T14:04:24","version" => "5.90090"},{"date" => "2015-05-08T20:36:59","version" => "5.90091"},{"date" => "2015-05-19T16:48:30","version" => "5.90092"},{"date" => "2015-05-29T17:06:23","version" => "5.90093"},{"date" => "2015-07-24T20:17:46","version" => "5.90094"},{"date" => "2015-07-27T14:32:30","version" => "5.90095"},{"date" => "2015-07-27T15:44:59","version" => "5.90096"},{"date" => "2015-07-28T20:33:41","version" => "5.90097"},{"date" => "2015-08-24T16:30:12","version" => "5.90100"},{"date" => "2015-09-04T22:57:40","version" => "5.90101"},{"date" => "2015-10-29T19:39:24","version" => "5.90102"},{"date" => "2015-11-12T10:19:42","version" => "5.90103"},{"date" => "2016-04-04T17:18:38","version" => "5.90104"},{"date" => "2016-06-08T20:06:53","version" => "5.90105"},{"date" => "2016-07-06T01:21:42","version" => "5.90106"},{"date" => "2016-07-20T19:12:32","version" => "5.90110"},{"date" => "2016-07-20T20:07:16","version" => "5.90111"},{"date" => "2016-07-25T21:03:05","version" => "5.90112"},{"date" => "2016-12-15T21:35:30","version" => "5.90113"},{"date" => "2016-12-19T16:54:08","version" => "5.90114"},{"date" => "2017-05-01T16:42:46","version" => "5.90115"},{"date" => "2018-01-19T20:55:15","version" => "5.90116"},{"date" => "2018-01-21T23:47:21","version" => "5.90117"},{"date" => "2018-05-01T09:59:20","version" => "5.90118"},{"date" => "2018-09-24T00:25:48","version" => "5.90119"},{"date" => "2018-10-19T06:13:58","version" => "5.90120"},{"date" => "2018-10-22T20:39:48","version" => "5.90_121"},{"date" => "2018-11-03T14:52:06","version" => "5.90122"},{"date" => "2018-11-27T15:39:35","version" => "5.90123"},{"date" => "2019-01-18T22:36:07","version" => "5.90124"},{"date" => "2020-01-19T01:11:05","version" => "5.90125"},{"date" => "2020-01-20T01:40:16","version" => "5.90126"},{"date" => "2020-07-27T01:25:21","version" => "5.90_127"},{"date" => "2020-09-11T12:38:26","version" => "5.90128"},{"date" => "2022-07-23T13:13:34","version" => "5.90129"},{"date" => "2022-11-09T15:37:01","version" => "5.90130"},{"date" => "2023-07-20T23:09:29","version" => "5.90131"},{"date" => "2024-11-08T19:56:41","version" => "5.90132"}]},"Clipboard" => {"advisories" => [{"affected_versions" => ["<0.16"],"cves" => ["CVE-2014-5509"],"description" => "clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit\$\$.\n","distribution" => "Clipboard","fixed_versions" => [">=0.16"],"id" => "CPANSA-Clipboard-2014-5509","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=98435","https://bugzilla.redhat.com/show_bug.cgi?id=1135624","http://www.securityfocus.com/bid/69473","http://www.openwall.com/lists/oss-security/2014/08/30/2"],"reported" => "2018-01-08","severity" => "medium"}],"main_module" => "Clipboard","versions" => [{"date" => "2005-05-01T17:19:57","version" => "0.01"},{"date" => "2005-05-02T06:17:33","version" => "0.02"},{"date" => "2005-05-04T06:17:44","version" => "0.03"},{"date" => "2005-05-08T05:54:44","version" => "0.04"},{"date" => "2005-06-01T17:00:34","version" => "0.06"},{"date" => "2005-06-02T05:06:37","version" => "0.07"},{"date" => "2005-06-22T17:05:15","version" => "0.08"},{"date" => "2005-11-19T06:12:48","version" => "0.09"},{"date" => "2010-10-07T01:39:10","version" => "0.10"},{"date" => "2010-10-07T04:49:39","version" => "0.11"},{"date" => "2010-10-11T06:13:22","version" => "0.12"},{"date" => "2010-10-13T04:46:50","version" => "0.13"},{"date" => "2019-01-30T10:47:45","version" => "0.14"},{"date" => "2019-01-30T11:00:22","version" => "0.15"},{"date" => "2019-01-30T11:22:23","version" => "0.16"},{"date" => "2019-01-30T14:00:52","version" => "0.17"},{"date" => "2019-01-30T20:12:11","version" => "0.18"},{"date" => "2019-01-31T11:00:20","version" => "0.19"},{"date" => "2019-04-17T20:55:35","version" => "0.20"},{"date" => "2019-12-02T06:04:27","version" => "0.21"},{"date" => "2020-01-28T18:10:34","version" => "0.22"},{"date" => "2020-03-06T15:43:11","version" => "0.23"},{"date" => "2020-03-07T08:25:07","version" => "0.24"},{"date" => "2020-05-14T06:33:28","version" => "0.25"},{"date" => "2020-05-16T07:56:58","version" => "0.26"},{"date" => "2021-02-13T18:13:34","version" => "0.27"},{"date" => "2021-02-23T07:47:20","version" => "0.28"},{"date" => "2024-04-07T03:11:57","version" => "0.29"},{"date" => "2024-06-16T12:03:21","version" => "0.30"},{"date" => "2025-01-21T17:04:47","version" => "0.31"},{"date" => "2025-02-10T08:24:16","version" => "0.32"}]},"Cmd-Dwarf" => {"advisories" => [{"affected_versions" => ["<1.20"],"cves" => [],"description" => "JSON highjacking possibility.\n","distribution" => "Cmd-Dwarf","fixed_versions" => [">=1.20"],"id" => "CPANSA-Cmd-Dwarf-2014-01","references" => ["https://github.com/seagirl/dwarf/commit/14cf7a1d55db635a07f4838e16f3d9a28e63f529","https://metacpan.org/changes/distribution/Cmd-Dwarf"],"reported" => "2014-12-03"}],"main_module" => "Cmd::Dwarf","versions" => [{"date" => "2015-07-30T06:48:35","version" => "1.27"},{"date" => "2015-08-26T13:27:51","version" => "1.28"},{"date" => "2015-08-28T08:58:33","version" => "1.29"},{"date" => "2015-09-17T08:17:32","version" => "1.30"},{"date" => "2016-01-20T06:39:15","version" => "1.31"},{"date" => "2016-10-25T05:56:33","version" => "1.41"},{"date" => "2017-03-29T04:42:05","version" => "1.42"},{"date" => "2017-06-21T07:06:05","version" => "1.50"},{"date" => "2017-10-05T08:08:01","version" => "1.60"},{"date" => "2018-03-17T07:35:19","version" => "1.70"},{"date" => "2018-08-18T11:43:10","version" => "1.80"},{"date" => "2019-04-05T05:22:33","version" => "1.81"},{"date" => "2019-04-05T05:36:46","version" => "1.82"},{"date" => "2019-04-05T09:06:55","version" => "1.83"}]},"Compress-LZ4" => {"advisories" => [{"affected_versions" => ["<0.20"],"cves" => [],"description" => "Outdated LZ4 source code with security issue on 32bit systems.\n","distribution" => "Compress-LZ4","fixed_versions" => [">=0.20"],"id" => "CPANSA-Compress-LZ4-2014-01","references" => ["https://metacpan.org/changes/distribution/Compress-LZ4","https://github.com/gray/compress-lz4/commit/fc503812b4cbba16429658e1dfe20ad8bbfd77a0"],"reported" => "2014-07-07"}],"main_module" => "Compress::LZ4","versions" => [{"date" => "2012-02-11T16:33:26","version" => "0.01"},{"date" => "2012-02-20T21:26:48","version" => "0.02"},{"date" => "2012-03-02T04:47:50","version" => "0.03"},{"date" => "2012-03-18T07:09:30","version" => "0.04"},{"date" => "2012-03-18T19:45:25","version" => "0.05"},{"date" => "2012-03-22T09:23:45","version" => "0.06"},{"date" => "2012-03-22T16:12:43","version" => "0.07"},{"date" => "2012-03-23T16:29:14","version" => "0.08"},{"date" => "2012-03-23T17:27:12","version" => "0.09"},{"date" => "2012-03-26T11:28:24","version" => "0.10"},{"date" => "2012-04-03T21:36:24","version" => "0.11"},{"date" => "2012-04-04T12:55:22","version" => "0.12"},{"date" => "2012-06-01T18:55:41","version" => "0.13"},{"date" => "2012-08-10T00:21:56","version" => "0.14"},{"date" => "2012-08-11T16:37:53","version" => "0.15"},{"date" => "2012-09-08T18:18:41","version" => "0.16"},{"date" => "2013-03-19T00:39:07","version" => "0.17"},{"date" => "2013-11-19T00:56:57","version" => "0.18"},{"date" => "2014-02-08T00:35:09","version" => "0.19"},{"date" => "2014-07-07T21:08:49","version" => "0.20"},{"date" => "2015-05-12T19:01:36","version" => "0.21"},{"date" => "2015-05-20T06:16:53","version" => "0.22"},{"date" => "2016-07-25T20:45:05","version" => "0.23"},{"date" => "2017-03-23T04:34:45","version" => "0.24"},{"date" => "2017-04-06T16:38:31","version" => "0.25"}]},"Compress-Raw-Bzip2" => {"advisories" => [{"affected_versions" => ["<2.031"],"cves" => ["CVE-2010-0405"],"description" => "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.\n","distribution" => "Compress-Raw-Bzip2","fixed_versions" => [">=2.031"],"id" => "CPANSA-Compress-Raw-Bzip2-2010-0405","references" => ["https://metacpan.org/changes/distribution/Compress-Raw-Bzip2"],"reported" => "2010-01-27"},{"affected_versions" => ["<2.018"],"cves" => ["CVE-2009-1884"],"description" => "Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.\n","distribution" => "Compress-Raw-Bzip2","fixed_versions" => [">=2.018"],"id" => "CPANSA-Compress-Raw-Bzip2-2009-1884","references" => ["http://security.gentoo.org/glsa/glsa-200908-07.xml","https://bugs.gentoo.org/show_bug.cgi?id=281955","https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html","https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html","http://www.securityfocus.com/bid/36082","http://secunia.com/advisories/36386","https://bugzilla.redhat.com/show_bug.cgi?id=518278","http://secunia.com/advisories/36415","https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"],"reported" => "2009-08-19","severity" => undef}],"main_module" => "Compress::Raw::Bzip2","versions" => [{"date" => "2006-03-13T16:14:00","version" => "2.000_10"},{"date" => "2006-04-15T21:23:09","version" => "2.000_11"},{"date" => "2006-05-17T12:43:30","version" => "2.000_12"},{"date" => "2006-06-20T12:43:47","version" => "2.000_13"},{"date" => "2006-10-26T14:15:45","version" => "2.000_14"},{"date" => "2006-11-01T10:35:27","version" => "2.001"},{"date" => "2006-12-29T20:40:23","version" => "2.002"},{"date" => "2007-01-02T13:03:45","version" => "2.003"},{"date" => "2007-03-03T15:50:04","version" => "2.004"},{"date" => "2007-07-01T00:06:51","version" => "2.005"},{"date" => "2007-09-01T19:44:48","version" => "2.006"},{"date" => "2007-11-10T11:59:25","version" => "2.008"},{"date" => "2008-04-20T14:41:25","version" => "2.009"},{"date" => "2008-05-05T17:18:15","version" => "2.010"},{"date" => "2008-05-17T11:16:17","version" => "2.011"},{"date" => "2008-07-15T22:23:56","version" => "2.012"},{"date" => "2008-09-02T20:20:05","version" => "2.014"},{"date" => "2008-09-03T20:47:15","version" => "2.015"},{"date" => "2009-04-04T09:47:36","version" => "2.017"},{"date" => "2009-05-03T16:26:57","version" => "2.018"},{"date" => "2009-05-04T09:42:06","version" => "2.019"},{"date" => "2009-06-03T17:48:18","version" => "2.020"},{"date" => "2009-08-30T20:25:24","version" => "2.021"},{"date" => "2009-11-09T23:25:19","version" => "2.023"},{"date" => "2010-01-09T17:56:12","version" => "2.024"},{"date" => "2010-03-28T12:56:33","version" => "2.025"},{"date" => "2010-04-07T19:49:29","version" => "2.026"},{"date" => "2010-04-24T19:15:32","version" => "2.027"},{"date" => "2010-07-24T14:29:17","version" => "2.030"},{"date" => "2010-09-21T19:44:52","version" => "2.031"},{"date" => "2011-01-06T11:26:00","version" => "2.032"},{"date" => "2011-01-11T14:02:05","version" => "2.033"},{"date" => "2011-05-02T21:50:15","version" => "2.034"},{"date" => "2011-05-07T08:30:09","version" => "2.035"},{"date" => "2011-06-18T21:45:13","version" => "2.036"},{"date" => "2011-06-22T07:17:56","version" => "2.037"},{"date" => "2011-10-28T14:27:59","version" => "2.039"},{"date" => "2011-10-28T22:18:59","version" => "2.040"},{"date" => "2011-11-17T23:44:58","version" => "2.042"},{"date" => "2011-11-20T21:31:34","version" => "2.043"},{"date" => "2011-12-03T22:48:47","version" => "2.044"},{"date" => "2011-12-04T19:19:58","version" => "2.045"},{"date" => "2012-01-28T23:26:44","version" => "2.047"},{"date" => "2012-01-29T16:58:55","version" => "2.048"},{"date" => "2012-02-18T15:56:34","version" => "2.049"},{"date" => "2012-04-29T12:40:06","version" => "2.052"},{"date" => "2012-08-05T20:35:37","version" => "2.055"},{"date" => "2012-11-10T19:08:29","version" => "2.057"},{"date" => "2012-11-12T22:14:16","version" => "2.058"},{"date" => "2012-11-25T13:38:19","version" => "2.059"},{"date" => "2013-01-07T20:02:08","version" => "2.060"},{"date" => "2013-05-27T09:54:30","version" => "2.061"},{"date" => "2013-08-12T19:06:20","version" => "2.062"},{"date" => "2013-11-02T17:14:54","version" => "2.063"},{"date" => "2014-02-01T23:19:50","version" => "2.064"},{"date" => "2014-09-21T12:40:58","version" => "2.066"},{"date" => "2014-12-08T15:12:21","version" => "2.067"},{"date" => "2014-12-23T17:44:34","version" => "2.068"},{"date" => "2015-09-27T14:33:57","version" => "2.069"},{"date" => "2016-12-28T23:07:42","version" => "2.070"},{"date" => "2017-02-12T20:39:20","version" => "2.072"},{"date" => "2017-02-19T20:35:17","version" => "2.073"},{"date" => "2017-02-19T22:11:17","version" => "2.074"},{"date" => "2018-04-03T18:20:04","version" => "2.080"},{"date" => "2018-04-08T15:01:21","version" => "2.081"},{"date" => "2018-12-30T22:38:05","version" => "2.083"},{"date" => "2019-01-06T08:56:52","version" => "2.084"},{"date" => "2019-03-31T19:13:22","version" => "2.086"},{"date" => "2019-08-10T18:11:44","version" => "2.087"},{"date" => "2019-11-03T08:56:50","version" => "2.088"},{"date" => "2019-11-03T19:53:42","version" => "2.089"},{"date" => "2019-11-09T18:35:48","version" => "2.090"},{"date" => "2019-11-23T19:34:12","version" => "2.091"},{"date" => "2019-12-04T22:08:25","version" => "2.092"},{"date" => "2019-12-07T16:05:12","version" => "2.093"},{"date" => "2020-07-13T10:53:44","version" => "2.094"},{"date" => "2020-07-20T19:13:40","version" => "2.095"},{"date" => "2020-07-31T20:50:12","version" => "2.096"},{"date" => "2021-01-07T13:00:00","version" => "2.100"},{"date" => "2021-02-20T14:08:53","version" => "2.101"},{"date" => "2022-04-03T19:48:28","version" => "2.103"},{"date" => "2022-06-25T09:02:32","version" => "2.201"},{"date" => "2023-02-08T19:23:39","version" => "2.204"},{"date" => "2023-07-16T15:36:44","version" => "2.205"},{"date" => "2023-07-25T15:36:59","version" => "2.206"},{"date" => "2024-02-18T22:19:11","version" => "2.207"},{"date" => "2024-02-19T09:28:45","version" => "2.208"},{"date" => "2024-02-20T13:23:07","version" => "2.209"},{"date" => "2024-02-26T09:33:37","version" => "2.210"},{"date" => "2024-04-06T13:40:27","version" => "2.211"},{"date" => "2024-04-27T12:52:31","version" => "2.212"},{"date" => "2024-08-28T15:29:28","version" => "2.213"},{"date" => "2025-10-24T16:23:16","version" => "2.214"},{"date" => "2026-01-31T23:47:12","version" => "2.217"},{"date" => "2026-03-08T13:51:32","version" => "2.218"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.05201"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038","version" => "2.204_001"}]},"Compress-Raw-Zlib" => {"advisories" => [{"affected_versions" => ["<2.017"],"cves" => ["CVE-2009-1391"],"description" => "Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [">=2.017"],"id" => "CPANSA-Compress-Raw-Zlib-2009-1391","references" => ["http://article.gmane.org/gmane.mail.virus.amavis.user/33635","http://article.gmane.org/gmane.mail.virus.amavis.user/33638","http://www.securityfocus.com/bid/35307","http://secunia.com/advisories/35422","https://bugzilla.redhat.com/show_bug.cgi?id=504386","http://www.vupen.com/english/advisories/2009/1571","http://thread.gmane.org/gmane.mail.virus.amavis.user/33635","http://osvdb.org/55041","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35876","http://secunia.com/advisories/35685","https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html","http://secunia.com/advisories/35689","http://www.mandriva.com/security/advisories?name=MDVSA-2009:157","http://security.gentoo.org/glsa/glsa-200908-07.xml","https://bugs.gentoo.org/show_bug.cgi?id=273141","https://exchange.xforce.ibmcloud.com/vulnerabilities/51062","https://usn.ubuntu.com/794-1/"],"reported" => "2009-06-16","severity" => undef},{"affected_versions" => ["<=2.219"],"cves" => ["CVE-2026-3381"],"description" => "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.  Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.","distribution" => "Compress-Raw-Zlib","fixed_versions" => [">=2.220"],"id" => "CPANSA-Compress-Raw-Zlib-2026-3381","references" => ["https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/","https://github.com/madler/zlib","https://github.com/madler/zlib/releases/tag/v1.3.2","https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes","https://www.cve.org/CVERecord?id=CVE-2026-27171","https://www.zlib.net/"],"reported" => "2026-03-05","severity" => undef},{"affected_versions" => [">=2.025,<=2.048"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.049,<=2.052"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.053,<=2.060"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.061,<=2.074"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.075,<=2.101"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Compress::Raw::Zlib","versions" => [{"date" => "2006-03-03T23:06:38","version" => "2.000_09"},{"date" => "2006-03-13T16:14:20","version" => "2.000_10"},{"date" => "2006-04-15T21:23:24","version" => "2.000_11"},{"date" => "2006-05-17T12:43:41","version" => "2.000_12"},{"date" => "2006-06-20T12:45:30","version" => "2.000_13"},{"date" => "2006-10-26T14:15:34","version" => "2.000_09"},{"date" => "2006-11-01T10:35:38","version" => "2.001"},{"date" => "2006-12-29T20:40:35","version" => "2.002"},{"date" => "2007-01-02T13:03:57","version" => "2.003"},{"date" => "2007-03-03T15:50:15","version" => "2.004"},{"date" => "2007-07-01T00:07:02","version" => "2.005"},{"date" => "2007-09-01T19:44:59","version" => "2.006"},{"date" => "2007-11-10T11:59:36","version" => "2.008"},{"date" => "2008-04-20T14:42:52","version" => "2.009"},{"date" => "2008-05-05T17:18:27","version" => "2.010"},{"date" => "2008-05-17T11:16:28","version" => "2.011"},{"date" => "2008-07-15T22:24:07","version" => "2.012"},{"date" => "2008-09-02T20:20:16","version" => "2.014"},{"date" => "2008-09-03T20:47:27","version" => "2.015"},{"date" => "2009-04-04T09:49:03","version" => "2.017"},{"date" => "2009-05-03T16:27:08","version" => "2.018"},{"date" => "2009-05-04T09:42:17","version" => "2.019"},{"date" => "2009-06-03T17:48:30","version" => "2.020"},{"date" => "2009-08-30T20:25:35","version" => "2.021"},{"date" => "2009-11-09T23:26:59","version" => "2.023"},{"date" => "2010-01-09T17:56:35","version" => "2.024"},{"date" => "2010-03-28T12:57:08","version" => "2.025"},{"date" => "2010-04-07T19:51:09","version" => "2.026"},{"date" => "2010-04-24T19:15:54","version" => "2.027"},{"date" => "2010-07-24T14:31:01","version" => "2.030"},{"date" => "2011-01-06T11:23:45","version" => "2.032"},{"date" => "2011-01-11T14:03:45","version" => "2.033"},{"date" => "2011-05-02T22:05:37","version" => "2.034"},{"date" => "2011-05-07T08:31:57","version" => "2.035"},{"date" => "2011-06-18T21:45:36","version" => "2.036"},{"date" => "2011-06-22T07:18:22","version" => "2.037"},{"date" => "2011-10-28T14:28:35","version" => "2.039"},{"date" => "2011-10-28T22:20:38","version" => "2.040"},{"date" => "2011-11-17T23:45:21","version" => "2.042"},{"date" => "2011-11-20T21:33:33","version" => "2.043"},{"date" => "2011-12-03T22:49:10","version" => "2.044"},{"date" => "2011-12-04T19:21:36","version" => "2.045"},{"date" => "2012-01-28T23:28:28","version" => "2.047"},{"date" => "2012-01-29T17:00:33","version" => "2.048"},{"date" => "2012-02-18T15:58:12","version" => "2.049"},{"date" => "2012-02-21T19:35:18","version" => "2.050"},{"date" => "2012-02-22T20:43:23","version" => "2.051"},{"date" => "2012-04-29T12:41:57","version" => "2.052"},{"date" => "2012-05-06T08:40:06","version" => "2.053"},{"date" => "2012-05-08T19:22:47","version" => "2.054"},{"date" => "2012-08-05T20:36:06","version" => "2.055"},{"date" => "2012-08-10T22:20:09","version" => "2.056"},{"date" => "2012-11-10T19:08:56","version" => "2.057"},{"date" => "2012-11-12T22:14:42","version" => "2.058"},{"date" => "2012-11-25T13:38:42","version" => "2.059"},{"date" => "2013-01-07T20:02:22","version" => "2.060"},{"date" => "2013-05-27T09:54:54","version" => "2.061"},{"date" => "2013-08-12T19:08:05","version" => "2.062"},{"date" => "2013-11-02T17:15:17","version" => "2.063"},{"date" => "2014-02-01T23:21:28","version" => "2.064"},{"date" => "2014-02-03T20:23:00","version" => "2.065"},{"date" => "2014-09-21T12:42:35","version" => "2.066"},{"date" => "2014-12-08T15:14:00","version" => "2.067"},{"date" => "2014-12-23T17:44:57","version" => "2.068"},{"date" => "2015-09-26T18:41:58","version" => "2.069"},{"date" => "2016-12-28T23:09:21","version" => "2.070"},{"date" => "2016-12-30T22:58:08","version" => "2.071"},{"date" => "2017-02-12T20:41:25","version" => "2.072"},{"date" => "2017-02-19T20:37:20","version" => "2.073"},{"date" => "2017-02-19T22:11:41","version" => "2.074"},{"date" => "2017-11-14T15:43:26","version" => "2.075"},{"date" => "2017-11-21T22:29:23","version" => "2.076"},{"date" => "2018-04-03T18:22:06","version" => "2.080"},{"date" => "2018-04-08T15:02:55","version" => "2.081"},{"date" => "2018-12-30T22:40:08","version" => "2.083"},{"date" => "2019-01-06T08:57:15","version" => "2.084"},{"date" => "2019-03-31T19:11:54","version" => "2.086"},{"date" => "2019-08-10T18:12:03","version" => "2.087"},{"date" => "2019-11-03T08:55:23","version" => "2.088"},{"date" => "2019-11-03T19:54:04","version" => "2.089"},{"date" => "2019-11-09T15:58:48","version" => "2.090"},{"date" => "2019-11-23T19:34:34","version" => "2.091"},{"date" => "2019-12-04T22:08:37","version" => "2.092"},{"date" => "2019-12-07T16:05:34","version" => "2.093"},{"date" => "2020-07-13T10:54:06","version" => "2.094"},{"date" => "2020-07-21T06:57:01","version" => "2.095"},{"date" => "2020-07-31T20:48:45","version" => "2.096"},{"date" => "2021-01-07T13:00:23","version" => "2.100"},{"date" => "2021-02-20T14:10:43","version" => "2.101"},{"date" => "2022-04-03T19:48:50","version" => "2.103"},{"date" => "2022-05-13T06:30:30","version" => "2.104"},{"date" => "2022-05-14T14:24:32","version" => "2.105"},{"date" => "2022-06-21T21:19:21","version" => "2.200"},{"date" => "2022-06-25T09:04:10","version" => "2.201"},{"date" => "2022-06-27T08:18:10","version" => "2.202"},{"date" => "2023-02-08T19:26:25","version" => "2.204"},{"date" => "2023-07-16T15:32:41","version" => "2.205"},{"date" => "2023-07-25T15:35:40","version" => "2.206"},{"date" => "2024-02-18T22:16:24","version" => "2.207"},{"date" => "2024-02-19T09:27:19","version" => "2.208"},{"date" => "2024-02-26T16:11:33","version" => "2.209"},{"date" => "2024-04-06T13:41:58","version" => "2.211"},{"date" => "2024-04-27T12:55:28","version" => "2.212"},{"date" => "2024-08-28T15:27:59","version" => "2.213"},{"date" => "2025-10-24T16:23:27","version" => "2.214"},{"date" => "2026-01-31T22:31:04","version" => "2.217"},{"date" => "2026-02-03T10:45:59","version" => "2.218"},{"date" => "2026-02-23T15:24:28","version" => "2.219"},{"date" => "2026-02-27T10:04:09","version" => "2.220"},{"date" => "2026-02-27T13:17:42","version" => "2.221"},{"date" => "2026-03-08T12:34:59","version" => "2.222"},{"date" => "2010-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013003","version" => "2.027_01"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.05401"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "2.068_01"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038","version" => "2.204_001"}]},"Concierge-Sessions" => {"advisories" => [{"affected_versions" => [">=0.8.1,<0.8.5"],"cves" => ["CVE-2026-2439"],"description" => "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,    *  There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.   *  The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.   *  UUIDs are identifiers whose mere possession grants access, as per RFC 9562.   *  The output of the built-in rand() function is predictable and unsuitable for security applications.","distribution" => "Concierge-Sessions","fixed_versions" => [">=0.8.5"],"id" => "CPANSA-Concierge-Sessions-2026-2439","references" => ["https://github.com/bwva/Concierge-Sessions/commit/20bb28e92e8fba307c4ff8264701c215be65e73b","https://metacpan.org/release/BVA/Concierge-Sessions-v0.8.4/diff/BVA/Concierge-Sessions-v0.8.5#lib/Concierge/Sessions/Base.pm","https://perldoc.perl.org/5.42.0/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://www.rfc-editor.org/rfc/rfc9562.html#name-security-considerations"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Concierge::Sessions","versions" => [{"date" => "2026-02-11T23:31:48","version" => "v0.8.1"},{"date" => "2026-02-12T04:02:53","version" => "v0.8.2"},{"date" => "2026-02-12T08:43:53","version" => "v0.8.3"},{"date" => "2026-02-12T09:47:28","version" => "v0.8.4"},{"date" => "2026-02-12T16:49:19","version" => "v0.8.5"},{"date" => "2026-02-13T04:18:00","version" => "v0.8.6"},{"date" => "2026-02-13T15:38:42","version" => "v0.8.7"},{"date" => "2026-02-13T17:47:48","version" => "v0.8.8"},{"date" => "2026-02-13T22:10:44","version" => "v0.8.9"},{"date" => "2026-02-13T22:32:58","version" => "v0.9.0"},{"date" => "2026-02-15T04:14:21","version" => "v0.10.0"},{"date" => "2026-02-15T18:14:32","version" => "v0.11.0"}]},"Config-IniFiles" => {"advisories" => [{"affected_versions" => ["<2.71"],"cves" => ["CVE-2012-2451"],"description" => "The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.  NOTE: some of these details are obtained from third party information.  NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.\n","distribution" => "Config-IniFiles","fixed_versions" => [],"id" => "CPANSA-Config-IniFiles-2012-2451","references" => ["http://www.openwall.com/lists/oss-security/2012/05/02/6","http://www.osvdb.org/81671","http://secunia.com/advisories/48990","https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59","https://bugzilla.redhat.com/show_bug.cgi?id=818386","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html","http://www.securityfocus.com/bid/53361","http://www.ubuntu.com/usn/USN-1543-1","https://exchange.xforce.ibmcloud.com/vulnerabilities/75328"],"reported" => "2012-06-27","severity" => undef}],"main_module" => "Config::IniFiles","versions" => [{"date" => "2000-06-20T02:07:11","version" => "0.05"},{"date" => "2000-06-26T02:38:13","version" => "0.06"},{"date" => "2000-07-31T01:32:53","version" => "0.08"},{"date" => "2000-07-31T01:51:15","version" => "0.09"},{"date" => "2000-09-17T03:29:50","version" => "0.11"},{"date" => "2000-09-20T01:06:10","version" => "1.6"},{"date" => "2000-10-17T02:01:37","version" => "1.8"},{"date" => "2000-11-25T03:36:14","version" => "1.11"},{"date" => "2000-11-28T14:09:00","version" => "1.12"},{"date" => "2000-11-28T14:09:15","version" => "1.13"},{"date" => "2000-12-13T17:45:25","version" => "2.10"},{"date" => "2000-12-18T17:56:28","version" => "2.13"},{"date" => "2001-01-08T18:27:24","version" => "2.14"},{"date" => "2001-03-24T21:54:18","version" => "2.17"},{"date" => "2001-03-30T04:48:27","version" => "2.18"},{"date" => "2001-04-05T01:06:51","version" => "2.19"},{"date" => "2001-08-28T11:05:35","version" => "2.21"},{"date" => "2001-12-06T17:15:03","version" => "2.22"},{"date" => "2001-12-07T16:24:14","version" => "2.23"},{"date" => "2001-12-07T17:27:08","version" => "2.24"},{"date" => "2001-12-12T20:50:06","version" => "2.25"},{"date" => "2001-12-19T22:26:32","version" => "2.26"},{"date" => "2001-12-20T16:11:24","version" => "2.27"},{"date" => "2002-08-15T21:41:35","version" => "2.29"},{"date" => "2002-10-15T18:59:21","version" => "2.30"},{"date" => "2002-12-18T01:58:55","version" => "2.36"},{"date" => "2003-01-31T23:06:08","version" => "2.37"},{"date" => "2003-05-14T01:38:13","version" => "2.38"},{"date" => "2005-04-29T20:33:23","version" => "2.39"},{"date" => "2008-12-04T17:02:19","version" => "2.43"},{"date" => "2008-12-25T09:47:08","version" => "2.44"},{"date" => "2008-12-27T15:25:59","version" => "2.45"},{"date" => "2009-01-17T14:40:26","version" => "2.46"},{"date" => "2009-01-21T09:41:11","version" => "2.47"},{"date" => "2009-04-07T12:26:44","version" => "2.48"},{"date" => "2009-05-02T14:27:53","version" => "2.49"},{"date" => "2009-05-31T11:58:04","version" => "2.50"},{"date" => "2009-06-08T09:41:11","version" => "2.51"},{"date" => "2009-06-28T13:21:57","version" => "2.52"},{"date" => "2009-11-13T09:58:28","version" => "2.53"},{"date" => "2009-11-18T11:15:13","version" => "2.54"},{"date" => "2009-12-22T15:48:07","version" => "2.55"},{"date" => "2009-12-31T04:57:40","version" => "2.56"},{"date" => "2010-03-01T13:51:57","version" => "2.57"},{"date" => "2010-05-17T07:45:33","version" => "2.58"},{"date" => "2010-11-12T11:33:52","version" => "2.59"},{"date" => "2010-11-13T07:22:50","version" => "2.60"},{"date" => "2010-11-14T08:57:26","version" => "2.61"},{"date" => "2010-11-19T13:37:37","version" => "2.62"},{"date" => "2010-11-19T14:54:12","version" => "2.63"},{"date" => "2010-11-20T09:55:05","version" => "2.64"},{"date" => "2010-11-25T18:48:52","version" => "2.65"},{"date" => "2011-01-29T16:40:18","version" => "2.66"},{"date" => "2011-06-21T11:59:37","version" => "2.67"},{"date" => "2011-06-21T19:18:33","version" => "2.68"},{"date" => "2012-04-05T09:10:11","version" => "2.69"},{"date" => "2012-04-06T09:52:14","version" => "2.70"},{"date" => "2012-05-02T08:05:15","version" => "2.71"},{"date" => "2012-05-05T16:56:55","version" => "2.72"},{"date" => "2012-05-14T07:49:33","version" => "2.73"},{"date" => "2012-05-23T21:47:46","version" => "2.74"},{"date" => "2012-05-25T12:29:48","version" => "2.75"},{"date" => "2012-06-15T14:47:10","version" => "2.76"},{"date" => "2012-06-21T16:39:23","version" => "2.77"},{"date" => "2012-10-21T11:18:39","version" => "2.78"},{"date" => "2013-05-06T07:10:33","version" => "2.79"},{"date" => "2013-05-14T19:25:07","version" => "2.80"},{"date" => "2013-05-16T10:36:17","version" => "2.81"},{"date" => "2013-05-21T15:35:10","version" => "2.82"},{"date" => "2014-01-27T09:01:28","version" => "2.83"},{"date" => "2015-04-13T18:40:30","version" => "2.84"},{"date" => "2015-04-13T19:08:57","version" => "2.85"},{"date" => "2015-04-14T07:55:59","version" => "2.86"},{"date" => "2015-06-16T09:06:37","version" => "2.87"},{"date" => "2015-07-10T08:38:11","version" => "2.88"},{"date" => "2016-05-03T09:14:13","version" => "2.89"},{"date" => "2016-06-02T13:09:19","version" => "2.90"},{"date" => "2016-06-03T03:11:38","version" => "2.91"},{"date" => "2016-06-17T09:34:08","version" => "2.92"},{"date" => "2016-07-24T08:34:00","version" => "2.93"},{"date" => "2016-11-29T17:31:38","version" => "2.94"},{"date" => "2018-03-16T11:14:39","version" => "2.95"},{"date" => "2018-04-07T08:45:56","version" => "2.96"},{"date" => "2018-04-21T09:13:56","version" => "2.97"},{"date" => "2018-04-21T11:50:34","version" => "2.98"},{"date" => "2018-09-13T07:11:41","version" => "3.000000"},{"date" => "2019-01-16T09:54:40","version" => "3.000001"},{"date" => "2019-03-14T13:34:40","version" => "3.000002"},{"date" => "2020-03-24T15:45:08","version" => "3.000003"}]},"Config-Model" => {"advisories" => [{"affected_versions" => ["<2.102"],"cves" => ["CVE-2017-0373"],"description" => "The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous \"use lib\" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-03","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/9bd64d9ec6c0939166a2216a37d58dd19a725951"],"reported" => "2017-05-10"},{"affected_versions" => ["<2.102"],"cves" => ["CVE-2017-0374"],"description" => "Loads models from a local directory, making it possible to substitute the model.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-02","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/4d37c75b0c4f9633b67999f8260b08027a6bc524"],"reported" => "2017-05-10"},{"affected_versions" => ["<2.102"],"cves" => [],"description" => "YAML or YAML::XS can be loaded automatically making it possible to run arbitrary code loading a specially crafted YAML file.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-01","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/01d212348bfbadf31bd74aadd26b1e391ff2fd92"],"reported" => "2017-05-10"}],"main_module" => "Config::Model","versions" => [{"date" => "2006-04-21T12:27:44","version" => "0.505"},{"date" => "2006-05-19T13:32:14","version" => "0.506"},{"date" => "2006-06-15T12:10:38","version" => "0.507"},{"date" => "2006-07-20T12:28:36","version" => "0.601"},{"date" => "2006-09-07T12:06:17","version" => "0.602"},{"date" => "2006-10-19T11:24:40","version" => "0.603"},{"date" => "2006-12-06T12:58:35","version" => "0.604"},{"date" => "2007-01-08T13:16:42","version" => "0.605"},{"date" => "2007-01-11T12:42:09","version" => "0.606"},{"date" => "2007-01-12T13:06:38","version" => "0.607"},{"date" => "2007-02-23T13:00:34","version" => "0.608"},{"date" => "2007-05-14T11:41:18","version" => "0.609"},{"date" => "2007-06-06T12:28:06","version" => "0.610"},{"date" => "2007-07-03T15:35:21","version" => "0.611"},{"date" => "2007-07-27T11:38:57","version" => "0.612"},{"date" => "2007-10-01T15:52:56","version" => "0.613"},{"date" => "2007-10-23T16:10:29","version" => "0.614"},{"date" => "2007-11-15T12:36:18","version" => "0.615"},{"date" => "2007-12-04T12:41:22","version" => "0.616"},{"date" => "2008-01-28T11:55:50","version" => "0.617"},{"date" => "2008-02-14T12:56:25","version" => "0.618"},{"date" => "2008-02-29T12:08:41","version" => "0.619"},{"date" => "2008-03-18T17:40:57","version" => "0.620"},{"date" => "2008-03-20T07:49:00","version" => "0.6201"},{"date" => "2008-04-04T11:38:49","version" => "0.621"},{"date" => "2008-04-25T16:23:31","version" => "0.622"},{"date" => "2008-05-19T11:47:46","version" => "0.623"},{"date" => "2008-07-25T11:35:07","version" => "0.624"},{"date" => "2008-07-30T12:02:43","version" => "0.625"},{"date" => "2008-09-22T12:20:00","version" => "0.626"},{"date" => "2008-09-23T11:05:58","version" => "0.627"},{"date" => "2008-09-29T12:35:05","version" => "0.628"},{"date" => "2008-10-13T15:09:27","version" => "0.629"},{"date" => "2008-10-21T11:59:27","version" => "0.630"},{"date" => "2008-11-10T14:37:44","version" => "0.631"},{"date" => "2008-12-16T13:32:26","version" => "0.632"},{"date" => "2008-12-23T15:36:48","version" => "0.633"},{"date" => "2009-03-05T13:06:32","version" => "0.634"},{"date" => "2009-04-20T12:21:46","version" => "0.635"},{"date" => "2009-05-30T16:19:54","version" => "0.636"},{"date" => "2009-06-23T12:07:41","version" => "0.637"},{"date" => "2009-06-30T11:31:35","version" => "0.638"},{"date" => "2009-09-08T11:35:25","version" => "0.639"},{"date" => "2009-09-09T16:10:41","version" => "0.640"},{"date" => "2010-01-20T17:30:14","version" => "0.641"},{"date" => "2010-01-21T17:17:34","version" => "0.642"},{"date" => "2010-02-25T13:04:52","version" => "0.643"},{"date" => "2010-03-12T15:24:45","version" => "0.644"},{"date" => "2010-03-28T14:53:46","version" => "1.001"},{"date" => "2010-04-22T12:22:00","version" => "1.202"},{"date" => "2010-06-03T11:09:45","version" => "1.203"},{"date" => "2010-06-03T11:20:09","version" => "1.204"},{"date" => "2010-06-07T16:04:03","version" => "1.205"},{"date" => "2010-08-13T10:53:09","version" => "1.206"},{"date" => "2010-09-14T16:14:40","version" => "1.207"},{"date" => "2010-09-16T11:46:11","version" => "1.208"},{"date" => "2010-09-20T12:29:12","version" => "1.209"},{"date" => "2010-09-30T16:34:27","version" => "1.210"},{"date" => "2010-10-08T10:46:45","version" => "1.211"},{"date" => "2010-10-15T11:08:52","version" => "1.212"},{"date" => "2010-10-19T12:29:03","version" => "1.213"},{"date" => "2010-10-19T15:17:01","version" => "1.214"},{"date" => "2010-10-19T15:28:56","version" => "1.215"},{"date" => "2010-10-26T12:16:51","version" => "1.216"},{"date" => "2010-10-30T12:44:11","version" => "1.217"},{"date" => "2010-11-05T11:53:14","version" => "1.218"},{"date" => "2010-11-09T13:20:51","version" => "1.219"},{"date" => "2010-11-10T08:41:22","version" => "1.220"},{"date" => "2010-11-21T17:40:10","version" => "1.221"},{"date" => "2010-11-22T14:01:55","version" => "1.222"},{"date" => "2010-11-28T17:34:03","version" => "1.223"},{"date" => "2010-12-06T13:18:53","version" => "1.224"},{"date" => "2010-12-07T08:01:43","version" => "1.225"},{"date" => "2010-12-08T18:48:08","version" => "1.226"},{"date" => "2011-01-07T18:12:45","version" => "1.227"},{"date" => "2011-01-09T12:27:15","version" => "1.228"},{"date" => "2011-01-10T19:57:53","version" => "1.229"},{"date" => "2011-01-20T16:47:27","version" => "1.230"},{"date" => "2011-01-30T11:30:23","version" => "1.231"},{"date" => "2011-01-30T13:51:34","version" => "1.232"},{"date" => "2011-02-11T12:25:32","version" => "1.233"},{"date" => "2011-02-21T17:11:22","version" => "1.234"},{"date" => "2011-03-01T13:06:28","version" => "1.235"},{"date" => "2011-04-01T14:09:03","version" => "1.236"},{"date" => "2011-04-04T12:57:04","version" => "1.237"},{"date" => "2011-04-05T14:45:45","version" => "1.238"},{"date" => "2011-04-05T17:40:17","version" => "1.240"},{"date" => "2011-04-07T18:09:49","version" => "1.241"},{"date" => "2011-04-25T15:28:14","version" => "1.242"},{"date" => "2011-05-02T12:33:33","version" => "1.243"},{"date" => "2011-05-16T15:52:46","version" => "1.244"},{"date" => "2011-06-17T12:10:22","version" => "1.245"},{"date" => "2011-06-20T12:32:24","version" => "1.246"},{"date" => "2011-06-27T14:14:52","version" => "1.247"},{"date" => "2011-07-05T15:48:52","version" => "1.248"},{"date" => "2011-07-12T09:54:39","version" => "1.249"},{"date" => "2011-07-22T12:40:47","version" => "1.250"},{"date" => "2011-08-30T12:16:32","version" => "1.251"},{"date" => "2011-09-01T16:06:19","version" => "1.252"},{"date" => "2011-09-02T16:03:35","version" => "1.253"},{"date" => "2011-09-04T15:21:52","version" => "1.254"},{"date" => "2011-09-15T15:23:39","version" => "1.255"},{"date" => "2011-09-16T12:28:51","version" => "1.256"},{"date" => "2011-09-23T10:52:00","version" => "1.257"},{"date" => "2011-10-14T14:45:06","version" => "1.258"},{"date" => "2011-10-16T10:17:53","version" => "1.259"},{"date" => "2011-10-28T13:28:02","version" => "1.260"},{"date" => "2011-11-18T17:02:26","version" => "1.261"},{"date" => "2011-11-19T11:55:30","version" => "1.262"},{"date" => "2011-11-29T15:43:38","version" => "1.263"},{"date" => "2011-11-30T07:50:25","version" => "1.264"},{"date" => "2011-12-06T18:26:54","version" => "1.265"},{"date" => "2012-02-06T11:55:29","version" => "2.001"},{"date" => "2012-02-08T09:49:49","version" => "2.002"},{"date" => "2012-02-08T13:14:22","version" => "2.003"},{"date" => "2012-02-09T11:28:18","version" => "2.004"},{"date" => "2012-02-23T18:25:32","version" => "2.005"},{"date" => "2012-02-25T11:30:41","version" => "2.006"},{"date" => "2012-02-26T16:34:50","version" => "2.007"},{"date" => "2012-03-01T12:40:23","version" => "2.008"},{"date" => "2012-03-13T13:11:49","version" => "2.009"},{"date" => "2012-03-13T13:15:03","version" => "2.010"},{"date" => "2012-03-19T21:41:44","version" => "2.011"},{"date" => "2012-04-05T11:41:54","version" => "2.012"},{"date" => "2012-04-06T12:10:46","version" => "2.013"},{"date" => "2012-05-04T13:57:13","version" => "2.014"},{"date" => "2012-05-14T10:06:13","version" => "2.015"},{"date" => "2012-05-20T08:38:36","version" => "2.016"},{"date" => "2012-05-21T10:56:35","version" => "2.017"},{"date" => "2012-05-29T13:53:06","version" => "2.018"},{"date" => "2012-06-05T12:34:15","version" => "2.019"},{"date" => "2012-06-18T08:34:26","version" => "2.020"},{"date" => "2012-06-27T14:44:55","version" => "2.021_01"},{"date" => "2012-06-28T15:30:52","version" => "2.021"},{"date" => "2012-07-03T14:47:31","version" => "2.022"},{"date" => "2012-07-04T13:50:37","version" => "2.023"},{"date" => "2012-09-04T11:30:02","version" => "2.024"},{"date" => "2012-09-10T10:52:02","version" => "2.025"},{"date" => "2012-09-20T17:12:09","version" => "2.026_1"},{"date" => "2012-09-21T10:38:47","version" => "2.026_2"},{"date" => "2012-09-27T11:53:42","version" => "2.026"},{"date" => "2012-10-30T12:48:16","version" => "2.027"},{"date" => "2012-11-27T12:44:55","version" => "2.028"},{"date" => "2012-11-28T13:31:04","version" => "2.029"},{"date" => "2013-02-27T18:37:05","version" => "2.030_01"},{"date" => "2013-03-23T09:47:53","version" => "2.030"},{"date" => "2013-04-03T17:22:28","version" => "2.031"},{"date" => "2013-04-15T11:28:33","version" => "2.032"},{"date" => "2013-04-15T19:27:14","version" => "2.033"},{"date" => "2013-04-17T19:29:52","version" => "2.034"},{"date" => "2013-04-27T15:05:09","version" => "2.035"},{"date" => "2013-05-25T17:53:04","version" => "2.036"},{"date" => "2013-06-15T17:46:45","version" => "2.037"},{"date" => "2013-07-03T19:30:32","version" => "2.038"},{"date" => "2013-07-18T18:12:07","version" => "2.039"},{"date" => "2013-07-20T09:46:11","version" => "2.040"},{"date" => "2013-08-14T17:58:40","version" => "2.041"},{"date" => "2013-09-15T17:41:45","version" => "2.042"},{"date" => "2013-09-20T17:35:06","version" => "2.043"},{"date" => "2013-10-13T16:02:40","version" => "2.044"},{"date" => "2013-10-18T17:48:15","version" => "2.045"},{"date" => "2013-12-15T13:07:37","version" => "2.046"},{"date" => "2014-01-25T15:54:37","version" => "2.047"},{"date" => "2014-02-23T18:02:19","version" => "2.048"},{"date" => "2014-02-26T19:45:44","version" => "2.049"},{"date" => "2014-02-27T18:12:32","version" => "2.050"},{"date" => "2014-03-06T18:23:11","version" => "2.051"},{"date" => "2014-03-23T16:20:43","version" => "2.052"},{"date" => "2014-03-25T19:11:57","version" => "2.053"},{"date" => "2014-04-01T17:51:50","version" => "2.054"},{"date" => "2014-05-02T11:33:28","version" => "2.055"},{"date" => "2014-05-18T19:34:53","version" => "2.056"},{"date" => "2014-06-12T19:32:47","version" => "2.057"},{"date" => "2014-06-19T19:43:18","version" => "2.058"},{"date" => "2014-06-29T15:08:02","version" => "2.059"},{"date" => "2014-08-19T12:43:59","version" => "2.060"},{"date" => "2014-09-23T19:21:04","version" => "2.061"},{"date" => "2014-11-23T19:45:05","version" => "2.062"},{"date" => "2014-11-28T17:55:21","version" => "2.063"},{"date" => "2014-12-04T18:47:05","version" => "2.064"},{"date" => "2015-01-06T20:16:15","version" => "2.065"},{"date" => "2015-02-15T16:13:00","version" => "2.066"},{"date" => "2015-03-01T18:38:28","version" => "2.067"},{"date" => "2015-03-29T13:39:56","version" => "2.068"},{"date" => "2015-04-25T19:29:15","version" => "2.069"},{"date" => "2015-05-03T14:00:52","version" => "2.070"},{"date" => "2015-05-23T11:15:16","version" => "2.071"},{"date" => "2015-07-18T19:31:43","version" => "2.072"},{"date" => "2015-07-19T07:35:51","version" => "2.073"},{"date" => "2015-09-30T18:56:39","version" => "2.074"},{"date" => "2015-11-22T20:11:19","version" => "2.075"},{"date" => "2016-01-14T18:13:20","version" => "2.076"},{"date" => "2016-01-20T19:55:36","version" => "2.077"},{"date" => "2016-01-24T18:48:46","version" => "2.078"},{"date" => "2016-02-12T20:44:28","version" => "2.079"},{"date" => "2016-02-27T17:59:55","version" => "2.080"},{"date" => "2016-02-29T19:01:45","version" => "2.081"},{"date" => "2016-03-29T18:22:30","version" => "2.082"},{"date" => "2016-04-20T18:32:29","version" => "2.083"},{"date" => "2016-05-26T17:35:53","version" => "2.084"},{"date" => "2016-05-29T17:13:14","version" => "2.085"},{"date" => "2016-06-04T19:28:08","version" => "2.086"},{"date" => "2016-06-29T17:35:35","version" => "2.087"},{"date" => "2016-07-09T18:06:03","version" => "2.088"},{"date" => "2016-09-04T13:17:52","version" => "2.089"},{"date" => "2016-09-10T16:07:07","version" => "2.090"},{"date" => "2016-09-13T17:05:56","version" => "2.091"},{"date" => "2016-09-23T17:46:04","version" => "2.092"},{"date" => "2016-11-08T18:33:39","version" => "2.093"},{"date" => "2016-11-09T18:23:05","version" => "2.094"},{"date" => "2016-12-06T18:01:00","version" => "2.095"},{"date" => "2016-12-11T20:28:14","version" => "2.096"},{"date" => "2016-12-22T17:35:34","version" => "2.097"},{"date" => "2017-02-26T18:58:23","version" => "2.098"},{"date" => "2017-03-05T17:09:37","version" => "2.099"},{"date" => "2017-03-18T12:06:34","version" => "2.100"},{"date" => "2017-04-28T17:40:56","version" => "2.101"},{"date" => "2017-05-14T19:10:40","version" => "2.102"},{"date" => "2017-05-25T08:15:17","version" => "2.103"},{"date" => "2017-06-03T13:23:33","version" => "2.104"},{"date" => "2017-06-09T17:26:55","version" => "2.105"},{"date" => "2017-07-16T14:07:23","version" => "2.106"},{"date" => "2017-08-30T19:12:10","version" => "2.107"},{"date" => "2017-08-31T17:23:43","version" => "2.108"},{"date" => "2017-09-18T17:52:57","version" => "2.109"},{"date" => "2017-09-21T19:12:32","version" => "2.110"},{"date" => "2017-09-22T18:41:04","version" => "2.111"},{"date" => "2017-10-01T09:12:45","version" => "2.112"},{"date" => "2017-10-12T19:07:46","version" => "2.113"},{"date" => "2017-11-11T16:35:03","version" => "2.114"},{"date" => "2017-12-14T18:03:18","version" => "2.115"},{"date" => "2017-12-16T09:52:09","version" => "2.116"},{"date" => "2018-02-03T18:09:35","version" => "2.117"},{"date" => "2018-03-26T18:33:19","version" => "2.118"},{"date" => "2018-04-02T16:55:50","version" => "2.119"},{"date" => "2018-04-08T07:56:03","version" => "2.120"},{"date" => "2018-04-15T17:08:18","version" => "2.121"},{"date" => "2018-04-17T17:20:14","version" => "2.122"},{"date" => "2018-05-01T17:18:09","version" => "2.123"},{"date" => "2018-06-09T17:16:59","version" => "2.124"},{"date" => "2018-06-24T12:47:24","version" => "2.125"},{"date" => "2018-08-20T13:10:09","version" => "2.126"},{"date" => "2018-09-30T16:44:13","version" => "2.127"},{"date" => "2018-11-21T19:33:41","version" => "2.128"},{"date" => "2018-12-05T18:44:58","version" => "2.129"},{"date" => "2018-12-07T19:02:10","version" => "2.130"},{"date" => "2018-12-16T18:32:58","version" => "2.131"},{"date" => "2018-12-22T17:50:27","version" => "2.132"},{"date" => "2019-01-13T20:17:07","version" => "2.133"},{"date" => "2019-05-05T10:51:38","version" => "2.134"},{"date" => "2019-06-05T17:21:24","version" => "2.135"},{"date" => "2019-07-29T15:44:09","version" => "2.136"},{"date" => "2019-12-01T17:32:00","version" => "2.137"},{"date" => "2019-12-27T14:43:21","version" => "2.138"},{"date" => "2020-07-18T14:38:14","version" => "2.139"},{"date" => "2020-07-31T08:24:37","version" => "2.140"},{"date" => "2021-01-17T18:04:01","version" => "2.141"},{"date" => "2021-04-07T17:08:47","version" => "2.142"},{"date" => "2021-10-31T17:28:44","version" => "2.143"},{"date" => "2021-11-04T17:26:40","version" => "2.144"},{"date" => "2021-11-06T18:23:25","version" => "2.145"},{"date" => "2021-11-28T18:13:47","version" => "2.146"},{"date" => "2021-11-29T18:42:25","version" => "2.147"},{"date" => "2022-01-09T15:02:17","version" => "2.148"},{"date" => "2022-01-13T16:42:50","version" => "2.149"},{"date" => "2022-05-08T15:10:12","version" => "2.150"},{"date" => "2022-07-26T14:32:41","version" => "2.151"},{"date" => "2022-07-28T08:07:07","version" => "2.152"},{"date" => "2023-07-14T14:05:14","version" => "2.153"},{"date" => "2023-07-14T17:35:53","version" => "2.153"},{"date" => "2024-06-15T14:47:56","version" => "2.154"},{"date" => "2024-11-24T15:11:43","version" => "2.155"},{"date" => "2026-02-02T15:05:59","version" => "2.156"},{"date" => "2026-03-03T18:24:07","version" => "2.157"},{"date" => "2026-03-04T18:23:59","version" => "2.158"},{"date" => "2026-03-08T15:55:43","version" => "2.159"}]},"Convert-ASN1" => {"advisories" => [{"affected_versions" => ["<0.27"],"cves" => ["CVE-2013-7488"],"description" => "perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.\n","distribution" => "Convert-ASN1","fixed_versions" => [],"id" => "CPANSA-Convert-ASN1-2013-7488","references" => ["https://github.com/gbarr/perl-Convert-ASN1/issues/14","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ONNQSW4SSKMG5RUEFZJZA5T5R2WXEGQF/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/6V3PJEQOT47ZO77263XPGS3Y3AJROI4X/"],"reported" => "2020-04-07","severity" => "high"}],"main_module" => "Convert::ASN1","versions" => [{"date" => "2000-04-03T21:52:45","version" => "0.04"},{"date" => "2000-05-12T10:14:51","version" => "0.05"},{"date" => "2000-05-22T11:08:54","version" => "0.06"},{"date" => "2000-05-30T14:31:54","version" => "0.07"},{"date" => "2001-02-05T22:44:53","version" => "0.08"},{"date" => "2001-04-19T23:07:25","version" => "0.09"},{"date" => "2001-04-20T06:40:05","version" => "0.10"},{"date" => "2001-06-11T13:37:41","version" => "0.11"},{"date" => "2001-07-31T17:11:59","version" => "0.12"},{"date" => "2001-08-26T07:23:52","version" => "0.13"},{"date" => "2001-09-10T18:07:31","version" => "0.14"},{"date" => "2002-01-22T11:33:25","version" => "0.15"},{"date" => "2002-08-20T00:05:24","version" => "0.16"},{"date" => "2003-05-12T17:52:00","version" => "0.17"},{"date" => "2003-10-08T14:31:56","version" => "0.18"},{"date" => "2005-04-19T00:51:07","version" => "0.19"},{"date" => "2006-02-22T01:29:15","version" => "0.20"},{"date" => "2007-02-03T02:50:32","version" => "0.21"},{"date" => "2008-09-15T19:39:08","version" => "0.22"},{"date" => "2012-05-03T21:33:29","version" => "0.23"},{"date" => "2012-06-04T22:12:03","version" => "0.24"},{"date" => "2012-06-09T00:32:31","version" => "0.25"},{"date" => "2012-06-09T18:31:05","version" => "0.26"},{"date" => "2014-06-25T18:49:11","version" => "0.27"},{"date" => "2021-05-23T21:05:04","version" => "0.28"},{"date" => "2021-05-24T21:29:37","version" => "0.29"},{"date" => "2021-05-30T00:58:54","version" => "0.30"},{"date" => "2021-06-03T01:30:40","version" => "0.31"},{"date" => "2021-09-21T21:46:25","version" => "0.32"},{"date" => "2021-09-22T22:51:23","version" => "0.33"},{"date" => "2023-08-07T22:47:22","version" => "0.34"}]},"Convert-UUlib" => {"advisories" => [{"affected_versions" => ["<1.051"],"cves" => ["CVE-2005-1349"],"description" => "Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.\n","distribution" => "Convert-UUlib","fixed_versions" => [],"id" => "CPANSA-Convert-UUlib-2005-1349","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200504-26.xml","http://secunia.com/advisories/15130","http://www.securityfocus.com/bid/13401","http://www.mandriva.com/security/advisories?name=MDKSA-2006:022","https://exchange.xforce.ibmcloud.com/vulnerabilities/20275"],"reported" => "2005-05-02","severity" => undef}],"main_module" => "Convert::UUlib","versions" => [{"date" => "1999-05-08T20:44:28","version" => "0.03"},{"date" => "1999-05-25T19:26:16","version" => "0.05"},{"date" => "1999-07-29T21:35:05","version" => "0.06"},{"date" => "2000-07-16T20:52:56","version" => "0.11"},{"date" => "2001-05-04T21:14:40","version" => "0.111"},{"date" => "2001-06-14T16:49:29","version" => "0.2"},{"date" => "2001-09-16T01:45:11","version" => "0.201"},{"date" => "2002-03-31T22:10:15","version" => "0.21"},{"date" => "2002-03-31T22:52:00","version" => "0.21"},{"date" => "2002-04-05T22:18:55","version" => "0.211"},{"date" => "2002-04-06T02:39:32","version" => "0.212"},{"date" => "2002-07-27T19:20:26","version" => "0.213"},{"date" => "2002-10-13T18:14:28","version" => "0.3"},{"date" => "2002-10-15T23:26:09","version" => "0.31"},{"date" => "2003-11-24T16:10:49","version" => "1.0"},{"date" => "2004-03-16T20:05:14","version" => "1.01"},{"date" => "2004-04-18T14:51:27","version" => "1.02"},{"date" => "2004-04-18T20:16:15","version" => "1.03"},{"date" => "2004-12-28T14:12:40","version" => "1.04"},{"date" => "2005-03-03T17:52:16","version" => "1.051"},{"date" => "2005-12-05T23:58:50","version" => "1.06"},{"date" => "2006-12-10T16:45:11","version" => "1.07"},{"date" => "2006-12-16T22:31:30","version" => "1.08"},{"date" => "2007-05-25T17:40:35","version" => "1.09"},{"date" => "2008-06-13T13:27:38","version" => "1.10"},{"date" => "2008-06-13T13:34:18","version" => "1.11"},{"date" => "2008-10-13T12:13:26","version" => "1.12"},{"date" => "2009-08-28T23:26:34","version" => "1.3"},{"date" => "2009-09-16T07:05:05","version" => "1.31"},{"date" => "2009-09-16T18:10:46","version" => "1.32"},{"date" => "2009-10-28T08:05:40","version" => "1.33"},{"date" => "2010-12-14T21:21:33","version" => "1.34"},{"date" => "2011-05-29T15:23:57","version" => "1.4"},{"date" => "2015-07-11T01:57:19","version" => "1.5"},{"date" => "2019-10-24T15:19:15","version" => "1.6"},{"date" => "2020-02-17T22:21:21","version" => "1.62"},{"date" => "2020-02-29T21:09:26","version" => "1.7"},{"date" => "2020-03-16T23:54:43","version" => "1.71"},{"date" => "2020-12-17T01:25:02","version" => "1.8"}]},"Cpanel-JSON-XS" => {"advisories" => [{"affected_versions" => ["<3.0225"],"cves" => [],"description" => "Overflow during processing of ill-formed UTF-8 strings.\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=3.0225"],"id" => "CPANSA-Cpanel-JSON-XS-2016-02","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/commit/f71768984ba7f50b0476c17a4f3b3f2ca88a6951","https://github.com/dankogai/p5-encode/issues/64"],"reported" => "2016-11-23"},{"affected_versions" => ["<3.0218"],"cves" => [],"description" => "Possible overflows in av and hv length types.\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=3.0218"],"id" => "CPANSA-Cpanel-JSON-XS-2016-01","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/commit/6554531b39fac236321d8601d35eaaa75ae45e20"],"reported" => undef},{"affected_versions" => ["<4.033"],"cves" => ["CVE-2022-48623"],"description" => "Wrong error messages/sometimes crashes or endless loops with invalid JSON in relaxed mode\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=4.033"],"id" => "CPANSA-Cpanel-JSON-XS-2023-01","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/issues/208","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.33/changes","https://nvd.nist.gov/vuln/detail/CVE-2022-48623","https://github.com/rurban/Cpanel-JSON-XS/commit/41f32396eee9395a40f9ed80145c37622560de9b","https://github.com/advisories/GHSA-44qr-8pf6-6q33"],"reported" => "2023-02-21"},{"affected_versions" => ["<4.40"],"cves" => ["CVE-2025-40929"],"description" => "Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=4.40"],"id" => "CPANSA-Cpanel-JSON-XS-2025-40929","references" => ["https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "Cpanel::JSON::XS","versions" => [{"date" => "2013-03-01T00:52:41","version" => "2.33_03"},{"date" => "2013-03-01T22:07:06","version" => "2.33_04"},{"date" => "2013-03-27T16:53:34","version" => "2.3305"},{"date" => "2013-03-27T17:17:51","version" => "2.3306"},{"date" => "2013-03-27T22:58:47","version" => "2.3307"},{"date" => "2013-03-28T14:28:56","version" => "2.3308"},{"date" => "2013-03-28T15:12:42","version" => "2.3309"},{"date" => "2013-03-28T17:33:21","version" => "2.3310"},{"date" => "2013-06-26T16:24:40","version" => "2.3313"},{"date" => "2013-09-09T05:54:40","version" => "2.3314"},{"date" => "2013-10-02T20:06:47","version" => "2.3401"},{"date" => "2013-11-02T14:42:20","version" => "2.3402"},{"date" => "2013-11-02T15:17:41","version" => "2.3403"},{"date" => "2014-01-30T15:58:58","version" => "2.3404"},{"date" => "2014-04-15T21:17:11","version" => "3.0101"},{"date" => "2014-04-17T18:37:34","version" => "3.0102"},{"date" => "2014-04-21T17:49:09","version" => "3.0103"},{"date" => "2014-04-26T16:04:39","version" => "3.0104"},{"date" => "2014-11-06T10:38:31","version" => "3.0105"},{"date" => "2014-11-11T21:57:49","version" => "3.0106"},{"date" => "2014-11-28T12:16:29","version" => "3.0107"},{"date" => "2014-12-11T17:02:07","version" => "3.0108"},{"date" => "2014-12-12T10:24:33","version" => "3.0109"},{"date" => "2014-12-12T22:35:37","version" => "3.0110"},{"date" => "2014-12-13T18:40:06","version" => "3.0111"},{"date" => "2014-12-14T16:34:01","version" => "3.0112"},{"date" => "2014-12-15T12:23:32","version" => "3.0113"},{"date" => "2015-01-04T14:06:03","version" => "3.0114"},{"date" => "2015-01-31T21:42:51","version" => "3.0115"},{"date" => "2015-11-26T08:58:33","version" => "3.0201"},{"date" => "2015-11-26T13:16:40","version" => "3.0202"},{"date" => "2015-11-26T13:42:02","version" => "3.0203"},{"date" => "2015-11-26T22:30:26","version" => "3.0204"},{"date" => "2015-11-29T14:09:00","version" => "3.0205"},{"date" => "2015-11-30T16:16:48","version" => "3.0206"},{"date" => "2015-12-02T16:34:35","version" => "3.0207"},{"date" => "2015-12-02T22:46:58","version" => "3.0208"},{"date" => "2015-12-03T09:45:04","version" => "3.0209"},{"date" => "2015-12-03T11:59:24","version" => "3.0210"},{"date" => "2016-01-10T17:38:25","version" => "3.0211"},{"date" => "2016-02-27T13:30:04","version" => "3.0212"},{"date" => "2016-03-02T10:28:37","version" => "3.0213"},{"date" => "2016-04-12T08:40:05","version" => "3.0213_01"},{"date" => "2016-04-13T10:40:03","version" => "3.0213_02"},{"date" => "2016-06-02T16:18:51","version" => "3.0214"},{"date" => "2016-06-06T13:28:49","version" => "3.0215"},{"date" => "2016-06-12T12:14:20","version" => "3.0216"},{"date" => "2016-06-18T09:59:27","version" => "3.0217"},{"date" => "2016-10-04T10:11:33","version" => "3.0217_01"},{"date" => "2016-10-04T14:47:29","version" => "3.0217_02"},{"date" => "2016-10-06T08:46:17","version" => "3.0217_03"},{"date" => "2016-10-07T12:11:03","version" => "3.0217_04"},{"date" => "2016-10-07T17:22:48","version" => "3.0217_05"},{"date" => "2016-10-08T08:01:50","version" => "3.0217_06"},{"date" => "2016-10-13T12:47:31","version" => "3.0218"},{"date" => "2016-10-26T11:45:35","version" => "3.0219"},{"date" => "2016-10-28T08:34:28","version" => "3.0220"},{"date" => "2016-10-30T12:27:36","version" => "3.0221"},{"date" => "2016-10-30T15:04:32","version" => "3.0222"},{"date" => "2016-11-16T11:47:38","version" => "3.0223"},{"date" => "2016-11-20T11:31:34","version" => "3.0224"},{"date" => "2016-11-23T18:43:00","version" => "3.0225"},{"date" => "2017-02-11T13:24:48","version" => "3.0226"},{"date" => "2017-02-13T10:57:06","version" => "3.0227"},{"date" => "2017-03-07T23:57:39","version" => "3.0228"},{"date" => "2017-03-10T14:08:07","version" => "3.0229"},{"date" => "2017-03-12T09:52:13","version" => "3.0230"},{"date" => "2017-03-29T09:51:51","version" => "3.0231"},{"date" => "2017-05-01T05:35:12","version" => "3.0232"},{"date" => "2017-05-01T14:54:56","version" => "3.0233"},{"date" => "2017-07-27T15:43:41","version" => "3.0234"},{"date" => "2017-07-27T16:21:47","version" => "3.0235"},{"date" => "2017-07-27T20:15:25","version" => "3.0236"},{"date" => "2017-07-28T11:15:05","version" => "3.0237"},{"date" => "2017-08-25T20:53:56","version" => "3.0238"},{"date" => "2017-08-28T20:48:37","version" => "3.0239"},{"date" => "2018-01-30T11:52:27","version" => "3.99_01"},{"date" => "2018-01-31T12:58:24","version" => "3.99_02"},{"date" => "2018-01-31T17:18:58","version" => "3.99_03"},{"date" => "2018-02-02T01:57:54","version" => "4.00"},{"date" => "2018-02-03T11:50:36","version" => "4.01"},{"date" => "2018-02-27T16:08:55","version" => "4.02"},{"date" => "2018-06-21T11:16:14","version" => "4.03"},{"date" => "2018-06-22T17:37:07","version" => "4.04"},{"date" => "2018-08-19T16:55:22","version" => "4.05"},{"date" => "2018-08-23T07:50:22","version" => "4.06"},{"date" => "2018-11-02T09:51:34","version" => "4.07"},{"date" => "2018-11-28T14:26:40","version" => "4.08"},{"date" => "2019-02-15T10:09:53","version" => "4.09"},{"date" => "2019-03-18T07:50:15","version" => "4.10"},{"date" => "2019-03-26T16:46:53","version" => "4.11"},{"date" => "2019-06-11T08:04:04","version" => "4.12"},{"date" => "2019-10-14T14:14:37","version" => "4.13"},{"date" => "2019-10-15T15:16:21","version" => "4.14"},{"date" => "2019-10-22T07:01:03","version" => "4.15"},{"date" => "2019-11-04T15:51:01","version" => "4.16"},{"date" => "2019-11-05T13:48:29","version" => "4.17"},{"date" => "2019-12-13T15:54:58","version" => "4.18"},{"date" => "2020-02-06T15:07:47","version" => "4.19"},{"date" => "2020-08-12T12:18:46","version" => "4.20"},{"date" => "2020-08-13T06:56:18","version" => "4.21"},{"date" => "2020-09-04T19:26:28","version" => "4.22"},{"date" => "2020-09-05T10:21:25","version" => "4.23"},{"date" => "2020-10-02T09:05:37","version" => "4.24"},{"date" => "2020-10-28T07:04:49","version" => "4.25"},{"date" => "2021-04-12T06:34:32","version" => "4.26"},{"date" => "2021-10-14T19:19:01","version" => "4.27"},{"date" => "2022-05-05T14:46:07","version" => "4.28"},{"date" => "2022-05-27T15:32:51","version" => "4.29"},{"date" => "2022-06-16T19:19:38","version" => "4.30"},{"date" => "2022-08-10T14:25:08","version" => "4.31"},{"date" => "2022-08-13T07:13:40","version" => "4.32"},{"date" => "2023-02-21T16:34:10","version" => "4.33"},{"date" => "2023-02-21T18:39:09","version" => "4.34"},{"date" => "2023-02-22T15:40:53","version" => "4.35"},{"date" => "2023-03-02T15:11:52","version" => "4.36"},{"date" => "2023-07-04T10:35:53","version" => "4.37"},{"date" => "2024-05-28T07:42:37","version" => "4.38"},{"date" => "2024-12-12T21:17:16","version" => "4.39"},{"date" => "2025-09-08T14:02:35","version" => "4.40"}]},"Crypt-CBC" => {"advisories" => [{"affected_versions" => ["<3.04"],"cves" => [],"description" => "Fixed bug involving manually-specified IV not being used in some circumstances.\n","distribution" => "Crypt-CBC","fixed_versions" => [">=3.04"],"id" => "CPANSA-Crypt-CBC-2021-0001","references" => ["https://metacpan.org/changes/distribution/Crypt-CBC","https://github.com/briandfoy/cpan-security-advisory/issues/165"],"reported" => "2021-05-17","severity" => undef},{"affected_versions" => ["<2.17"],"cves" => ["CVE-2006-0898"],"description" => "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.\n","distribution" => "Crypt-CBC","fixed_versions" => [">=2.17"],"id" => "CPANSA-Crypt-CBC-2006-0898","references" => ["https://metacpan.org/changes/distribution/Crypt-CBC","http://www.securityfocus.com/bid/16802","http://secunia.com/advisories/18755","http://www.debian.org/security/2006/dsa-996","http://secunia.com/advisories/19187","http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml","http://secunia.com/advisories/19303","http://www.novell.com/linux/security/advisories/2006_38_security.html","http://secunia.com/advisories/20899","http://securityreason.com/securityalert/488","http://www.redhat.com/support/errata/RHSA-2008-0261.html","http://secunia.com/advisories/31493","http://rhn.redhat.com/errata/RHSA-2008-0630.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/24954","http://www.securityfocus.com/archive/1/425966/100/0/threaded"],"reported" => "2006-02-25","severity" => undef},{"affected_versions" => [">=1.21,<3.07"],"cves" => ["CVE-2025-2814"],"description" => "Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  This issue affects operating systems where \"/dev/urandom'\" is unavailable.\x{a0} In that case, Crypt::CBC will fallback to use the insecure rand() function.","distribution" => "Crypt-CBC","fixed_versions" => [">=3.07"],"id" => "CPANSA-Crypt-CBC-2025-2814","references" => ["https://metacpan.org/dist/Crypt-CBC/source/lib/Crypt/CBC.pm#L777","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://github.com/lstein/Lib-Crypt-CBC/issues/9"],"reported" => "2025-04-13","severity" => undef}],"main_module" => "Crypt::CBC","versions" => [{"date" => "1998-06-19T19:48:52","version" => "1.00"},{"date" => "1998-09-22T18:30:35","version" => "1.10"},{"date" => "1998-12-20T23:36:49","version" => "1.20"},{"date" => "2000-01-27T00:27:56","version" => "1.22"},{"date" => "2000-02-22T15:20:56","version" => "1.23"},{"date" => "2000-06-07T18:55:59","version" => "1.24"},{"date" => "2000-06-08T15:59:07","version" => "1.25"},{"date" => "2001-12-10T17:16:25","version" => "2.01"},{"date" => "2002-01-24T05:30:16","version" => "2.02"},{"date" => "2002-06-02T18:40:15","version" => "2.03"},{"date" => "2002-06-12T02:20:51","version" => "2.04"},{"date" => "2002-06-22T13:02:09","version" => "2.05"},{"date" => "2002-08-08T18:47:49","version" => "2.07"},{"date" => "2002-09-11T12:17:23","version" => "2.08"},{"date" => "2004-05-27T15:20:52","version" => "2.09"},{"date" => "2004-05-29T17:29:19","version" => "2.10"},{"date" => "2004-06-03T16:22:32","version" => "2.11"},{"date" => "2004-06-17T15:55:19","version" => "2.11"},{"date" => "2005-05-05T20:11:50","version" => "2.14"},{"date" => "2005-08-01T14:02:45","version" => "2.15"},{"date" => "2006-02-16T14:08:57","version" => "2.17"},{"date" => "2006-06-06T23:22:02","version" => "2.18"},{"date" => "2006-08-12T19:52:11","version" => "2.19"},{"date" => "2006-10-16T23:40:13","version" => "2.21"},{"date" => "2006-10-29T21:55:34","version" => "2.22"},{"date" => "2007-09-28T15:25:53","version" => "2.24"},{"date" => "2008-03-28T14:17:29","version" => "2.27"},{"date" => "2008-03-31T14:56:52","version" => "2.28"},{"date" => "2008-04-22T14:27:07","version" => "2.29"},{"date" => "2008-09-30T15:17:58","version" => "2.30"},{"date" => "2012-10-30T11:08:06","version" => "2.31"},{"date" => "2012-12-14T19:30:14","version" => "2.32"},{"date" => "2013-07-30T20:03:53","version" => "2.33"},{"date" => "2021-02-07T15:30:51","version" => "3.00"},{"date" => "2021-02-08T21:38:16","version" => "3.01"},{"date" => "2021-04-11T22:16:48","version" => "3.02"},{"date" => "2021-04-19T02:59:12","version" => "3.03"},{"date" => "2021-05-17T15:03:53","version" => "3.04"},{"date" => "2025-07-21T00:57:11","version" => "3.05"},{"date" => "2025-07-26T16:23:53","version" => "3.06"},{"date" => "2025-07-27T14:50:49","version" => "3.07"}]},"Crypt-DSA" => {"advisories" => [{"affected_versions" => ["<1.18"],"cves" => ["CVE-2011-3599"],"description" => "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.\n","distribution" => "Crypt-DSA","fixed_versions" => [],"id" => "CPANSA-Crypt-DSA-2011-3599","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=71421","https://bugzilla.redhat.com/show_bug.cgi?id=743567","http://www.openwall.com/lists/oss-security/2011/10/05/9","http://www.openwall.com/lists/oss-security/2011/10/05/5","http://secunia.com/advisories/46275","http://www.securityfocus.com/bid/49928","http://osvdb.org/76025"],"reported" => "2011-10-10","severity" => undef}],"main_module" => "Crypt::DSA","versions" => [{"date" => "2001-03-24T01:21:08","version" => "0.02"},{"date" => "2001-04-07T07:44:41","version" => "0.03"},{"date" => "2001-04-23T00:09:38","version" => "0.10"},{"date" => "2001-05-02T23:26:09","version" => "0.11"},{"date" => "2001-05-04T06:12:08","version" => "0.12"},{"date" => "2005-05-26T16:19:59","version" => "0.13"},{"date" => "2006-05-08T18:43:01","version" => "0.14"},{"date" => "2009-08-19T11:11:31","version" => "0.15_01"},{"date" => "2009-09-11T12:47:36","version" => "1.16"},{"date" => "2011-06-17T01:49:57","version" => "1.17"},{"date" => "2024-12-04T04:25:53","version" => "1.18"},{"date" => "2024-12-04T13:54:34","version" => "1.18"},{"date" => "2024-12-04T14:50:02","version" => "1.19"}]},"Crypt-JWT" => {"advisories" => [{"affected_versions" => ["<0.023"],"cves" => ["CVE-2019-1010263"],"description" => "Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c.\n","distribution" => "Crypt-JWT","fixed_versions" => [">=0.023"],"id" => "CPANSA-Crypt-JWT-2019-01","references" => ["https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c","https://www.openwall.com/lists/oss-security/2018/09/07/1"],"reported" => "2019-03-20","severity" => "high"},{"affected_versions" => ["<0.022"],"cves" => ["CVE-2019-1010161"],"description" => "perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.\n","distribution" => "Crypt-JWT","fixed_versions" => [">=0.022"],"id" => "CPANSA-Crypt-JWT-2019-01","references" => ["https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483"],"reported" => "2019-03-20","severity" => "high"}],"main_module" => "Crypt::JWT","versions" => [{"date" => "2015-07-02T22:24:01","version" => "0.004"},{"date" => "2015-07-02T22:54:29","version" => "0.005"},{"date" => "2015-07-07T19:43:45","version" => "0.010"},{"date" => "2015-10-22T07:08:48","version" => "0.011"},{"date" => "2016-05-02T17:33:01","version" => "0.012"},{"date" => "2016-05-03T07:10:15","version" => "0.013"},{"date" => "2016-05-04T05:48:13","version" => "0.014"},{"date" => "2016-05-12T05:38:49","version" => "0.015"},{"date" => "2016-05-12T08:03:49","version" => "0.016"},{"date" => "2016-06-03T10:17:48","version" => "0.017"},{"date" => "2016-08-31T19:49:41","version" => "0.018"},{"date" => "2018-01-26T16:07:54","version" => "0.019"},{"date" => "2018-02-02T15:02:28","version" => "0.020"},{"date" => "2018-03-15T11:59:25","version" => "0.021"},{"date" => "2018-06-24T20:29:50","version" => "0.022"},{"date" => "2018-09-01T16:09:10","version" => "0.023"},{"date" => "2019-03-26T11:11:25","version" => "0.024"},{"date" => "2019-09-29T15:23:58","version" => "0.025"},{"date" => "2020-02-02T08:44:56","version" => "0.026"},{"date" => "2020-06-04T22:35:39","version" => "0.027"},{"date" => "2020-06-14T18:17:45","version" => "0.028"},{"date" => "2020-06-22T13:13:53","version" => "0.029"},{"date" => "2021-01-08T14:22:56","version" => "0.030"},{"date" => "2021-01-10T14:18:25","version" => "0.031"},{"date" => "2021-03-18T21:02:33","version" => "0.032"},{"date" => "2021-05-01T17:18:31","version" => "0.033"},{"date" => "2021-11-28T22:08:38","version" => "0.034"},{"date" => "2023-10-03T10:20:23","version" => "0.035"},{"date" => "2025-01-26T10:17:48","version" => "0.036"},{"date" => "2025-04-27T15:02:48","version" => "0.037"}]},"Crypt-NaCl-Sodium" => {"advisories" => [{"affected_versions" => ["<2.002"],"cves" => ["CVE-2026-2588"],"description" => "Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems.  Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions.  On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 64-bits.","distribution" => "Crypt-NaCl-Sodium","fixed_versions" => [">=2.002"],"id" => "CPANSA-Crypt-NaCl-Sodium-2026-2588","references" => ["https://github.com/cpan-authors/crypt-nacl-sodium/commit/557388bdb4da416a56663cda0154b80cd524395c.patch","https://github.com/cpan-authors/crypt-nacl-sodium/commit/8cf7f66ba922443e131c9deae1ee00fafe4f62e4.patch","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.001/source/Sodium.xs#L2119"],"reported" => "2026-02-23","severity" => undef},{"affected_versions" => ["<2.003"],"cves" => ["CVE-2026-30909"],"description" => "Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows.  bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer.  Encountering this issue is unlikely as the message length would need to be very large.  For bin2hex() the bin_len would have to be > SIZE_MAX / 2 For encrypt() the msg_len would need to be > SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be > SIZE_MAX - 16U For seal() the enc_len would need to be > SIZE_MAX - 64U","distribution" => "Crypt-NaCl-Sodium","fixed_versions" => [">=2.003"],"id" => "CPANSA-Crypt-NaCl-Sodium-2026-30909","references" => ["https://github.com/cpan-authors/crypt-nacl-sodium/pull/24.patch","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L2116","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L2310","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L3304","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L942","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.003/source/Changes","http://www.openwall.com/lists/oss-security/2026/03/08/1"],"reported" => "2026-03-08","severity" => undef}],"main_module" => "Crypt::NaCl::Sodium","versions" => [{"date" => "2015-05-11T23:46:38","version" => "0.01"},{"date" => "2015-05-12T00:36:27","version" => "0.02"},{"date" => "2015-05-12T21:28:08","version" => "0.03"},{"date" => "2015-05-17T23:32:58","version" => "0.04"},{"date" => "2015-05-19T21:42:19","version" => "0.05"},{"date" => "2015-05-20T21:42:03","version" => "0.06"},{"date" => "2015-07-13T21:38:48","version" => "0.07"},{"date" => "2015-07-16T23:17:55","version" => "0.08"},{"date" => "2015-11-22T23:01:21","version" => "1.0.6.0"},{"date" => "2015-11-25T23:52:50","version" => "1.0.6.1"},{"date" => "2015-12-24T02:46:57","version" => "1.0.7.0"},{"date" => "2015-12-27T21:47:41","version" => "1.0.8.0"},{"date" => "2026-02-11T00:21:19","version" => "2.000"},{"date" => "2026-02-12T23:20:54","version" => "2.001"},{"date" => "2026-02-22T23:28:45","version" => "2.002"},{"date" => "2026-03-08T01:06:53","version" => "2.003"}]},"Crypt-OpenSSL-DSA" => {"advisories" => [{"affected_versions" => ["<0.14"],"cves" => ["CVE-2009-0129"],"description" => "Missing error check in do_verify, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.\n","distribution" => "Crypt-OpenSSL-DSA","fixed_versions" => [">=0.14"],"id" => "CPANSA-Crypt-OpenSSL-DSA-2009-01","references" => ["https://metacpan.org/changes/distribution/Crypt-OpenSSL-DSA","https://www.openwall.com/lists/oss-security/2009/01/12/4","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519"],"reported" => "2009-01-15"}],"main_module" => "Crypt::OpenSSL::DSA","versions" => [{"date" => "2001-09-19T04:45:14","version" => "0.01"},{"date" => "2001-09-24T17:32:49","version" => "0.02"},{"date" => "2002-02-07T05:57:36","version" => "0.03"},{"date" => "2002-09-24T04:52:06","version" => "0.04"},{"date" => "2002-09-26T00:21:17","version" => "0.10"},{"date" => "2003-01-06T19:08:08","version" => "0.11"},{"date" => "2005-05-23T01:44:36","version" => "0.12"},{"date" => "2005-10-15T21:37:10","version" => "0.13"},{"date" => "2012-10-16T22:55:16","version" => "0.14"},{"date" => "2015-02-03T21:57:37","version" => "0.15"},{"date" => "2016-10-27T11:25:18","version" => "0.16"},{"date" => "2016-10-27T18:54:42","version" => "0.17"},{"date" => "2016-11-17T10:33:35","version" => "0.18"},{"date" => "2017-01-13T08:24:56","version" => "0.19"},{"date" => "2021-03-20T12:31:50","version" => "0.20"}]},"Crypt-OpenSSL-RSA" => {"advisories" => [{"affected_versions" => ["<0.35"],"cves" => ["CVE-2024-2467"],"description" => "A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.\n","distribution" => "Crypt-OpenSSL-RSA","fixed_versions" => [">=0.35"],"id" => "CPANSA-Crypt-OpenSSL-RSA-2024-2467","references" => ["https://access.redhat.com/security/cve/CVE-2024-2467","https://bugzilla.redhat.com/show_bug.cgi?id=2269567","https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42","https://people.redhat.com/~hkario/marvin/"],"reported" => "2024-04-25","severity" => undef}],"main_module" => "Crypt::OpenSSL::RSA","versions" => [{"date" => "2001-04-02T04:24:26","version" => "0.08"},{"date" => "2001-04-02T16:43:12","version" => "0.09"},{"date" => "2001-04-10T20:56:43","version" => "0.10"},{"date" => "2001-04-11T02:58:01","version" => "0.11"},{"date" => "2001-09-07T03:14:26","version" => "0.12"},{"date" => "2002-03-22T04:46:17","version" => "0.13"},{"date" => "2002-05-19T16:54:53","version" => "0.14"},{"date" => "2002-06-07T13:25:40","version" => "0.15"},{"date" => "2002-06-12T02:15:47","version" => "0.16"},{"date" => "2003-01-07T04:08:58","version" => "0.17"},{"date" => "2003-02-24T02:27:12","version" => "0.18"},{"date" => "2003-04-27T22:48:40","version" => "0.19"},{"date" => "2004-02-15T20:43:41","version" => "0.20"},{"date" => "2004-02-16T02:19:45","version" => "0.21"},{"date" => "2005-06-06T10:51:24","version" => "0.22"},{"date" => "2005-11-15T04:34:15","version" => "0.22"},{"date" => "2006-04-13T04:38:04","version" => "0.23"},{"date" => "2006-11-13T15:34:59","version" => "0.24"},{"date" => "2007-05-20T19:06:56","version" => "0.25"},{"date" => "2009-11-22T20:40:31","version" => "0.26"},{"date" => "2011-06-29T18:49:35","version" => "0.26_01"},{"date" => "2011-07-03T20:14:52","version" => "0.27"},{"date" => "2011-08-24T23:04:56","version" => "0.28"},{"date" => "2017-11-27T03:36:04","version" => "0.28"},{"date" => "2018-04-14T05:01:11","version" => "0.29_01"},{"date" => "2018-04-15T18:55:41","version" => "0.29_02"},{"date" => "2018-04-16T20:47:56","version" => "0.29_03"},{"date" => "2018-05-01T16:37:12","version" => "0.30"},{"date" => "2018-09-24T17:36:24","version" => "0.31"},{"date" => "2021-09-08T15:50:47","version" => "0.32"},{"date" => "2022-07-08T11:25:11","version" => "0.33"},{"date" => "2025-05-03T12:48:15","version" => "0.34_01"},{"date" => "2025-05-04T13:50:42","version" => "0.34_02"},{"date" => "2025-05-04T14:18:26","version" => "0.34_03"},{"date" => "2025-05-05T13:44:07","version" => "0.34"},{"date" => "2025-05-07T16:52:11","version" => "0.35"},{"date" => "2025-10-29T21:22:55","version" => "0.36"},{"date" => "2025-10-29T21:41:15","version" => "0.37"}]},"Crypt-Passwd-XS" => {"advisories" => [{"affected_versions" => ["<0.601"],"cves" => ["CVE-2012-2143"],"description" => "The crypt_des (aka DES-based crypt) function does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.\n","distribution" => "Crypt-Passwd-XS","fixed_versions" => [">=0.601"],"id" => "CPANSA-Crypt-Passwd-XS-2012-01","references" => ["https://metacpan.org/changes/distribution/Crypt-Passwd-XS"],"reported" => "2012-05-07"}],"main_module" => "Crypt::Passwd::XS","versions" => [{"date" => "2010-11-14T21:18:18","version" => "0.4"},{"date" => "2010-11-17T02:03:54","version" => "0.501"},{"date" => "2010-11-17T23:25:17","version" => "0.503"},{"date" => "2010-11-20T00:37:33","version" => "0.504"},{"date" => "2010-11-24T00:59:34","version" => "0.505"},{"date" => "2011-03-09T16:18:01","version" => "0.506"},{"date" => "2011-03-09T21:40:38","version" => "0.507"},{"date" => "2011-07-26T16:37:20","version" => "0.600"},{"date" => "2012-12-06T19:57:57","version" => "0.601"}]},"Crypt-Perl" => {"advisories" => [{"affected_versions" => ["<0.33"],"cves" => ["CVE-2020-17478"],"description" => "ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.\n","distribution" => "Crypt-Perl","fixed_versions" => [">=0.33"],"id" => "CPANSA-Crypt-Perl-2020-01","references" => ["https://github.com/FGasper/p5-Crypt-Perl/compare/0.32...0.33"],"reported" => "2020-08-10","severity" => "high"},{"affected_versions" => ["<0.32"],"cves" => ["CVE-2020-13895"],"description" => "Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.\n","distribution" => "Crypt-Perl","fixed_versions" => [">=0.32"],"id" => "CPANSA-Crypt-Perl-2020-02","references" => ["https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2","https://github.com/FGasper/p5-Crypt-Perl/issues/14"],"reported" => "2020-06-07","severity" => "high"}],"main_module" => "Crypt::Perl","versions" => [{"date" => "2016-12-14T06:20:54","version" => "0.01"},{"date" => "2016-12-17T05:33:45","version" => "0.02"},{"date" => "2016-12-19T14:55:23","version" => "0.021"},{"date" => "2016-12-19T22:19:39","version" => "0.022"},{"date" => "2016-12-20T08:45:47","version" => "0.03"},{"date" => "2016-12-20T18:44:49","version" => "0.031"},{"date" => "2016-12-21T05:18:09","version" => "0.032"},{"date" => "2016-12-23T05:59:32","version" => "0.033"},{"date" => "2016-12-29T16:03:59","version" => "0.1"},{"date" => "2016-12-31T06:23:01","version" => "0.11"},{"date" => "2017-01-02T21:24:31","version" => "0.12"},{"date" => "2017-01-03T14:55:13","version" => "0.13"},{"date" => "2017-01-03T16:30:45","version" => "0.14"},{"date" => "2017-01-04T00:12:29","version" => "0.15"},{"date" => "2017-02-02T09:09:40","version" => "0.15_1"},{"date" => "2017-02-03T03:31:34","version" => "0.16_rc1"},{"date" => "2017-02-03T03:38:07","version" => "0.15_2"},{"date" => "2017-02-03T07:21:32","version" => "0.15_3"},{"date" => "2017-02-07T04:16:06","version" => "0.16"},{"date" => "2017-02-08T07:56:45","version" => "0.16_1"},{"date" => "2017-02-08T09:25:41","version" => "0.17"},{"date" => "2017-02-09T04:07:34","version" => "0.17_1"},{"date" => "2018-06-18T01:48:20","version" => "0.18-TRIAL1"},{"date" => "2018-06-18T02:52:52","version" => "0.18-TRIAL2"},{"date" => "2018-06-18T12:03:17","version" => "0.18-TRIAL3"},{"date" => "2018-06-18T15:07:20","version" => "0.18-TRIAL4"},{"date" => "2018-06-18T20:34:04","version" => "0.18-TRIAL5"},{"date" => "2018-06-18T21:06:07","version" => "0.18-TRIAL6"},{"date" => "2018-06-18T21:47:43","version" => "0.18-TRIAL7"},{"date" => "2018-06-18T22:42:19","version" => "0.18"},{"date" => "2018-06-19T04:25:06","version" => "0.19"},{"date" => "2018-06-19T06:14:32","version" => "0.20-TRIAL1"},{"date" => "2018-06-19T14:23:57","version" => "0.20-TRIAL2"},{"date" => "2018-06-19T15:50:08","version" => "0.20"},{"date" => "2018-06-19T15:56:15","version" => "0.21"},{"date" => "2018-06-21T03:33:59","version" => "0.22-TRIAL1"},{"date" => "2018-06-21T13:31:18","version" => "0.22-TRIAL2"},{"date" => "2018-06-22T14:43:21","version" => "0.22"},{"date" => "2018-06-23T00:40:40","version" => "0.23-TRIAL1"},{"date" => "2018-06-25T14:35:15","version" => "0.23"},{"date" => "2018-07-23T03:11:37","version" => "0.24_TRIAL1"},{"date" => "2018-07-23T03:13:05","version" => "0.24_TRIAL2"},{"date" => "2018-07-23T03:16:58","version" => "0.24-TRIAL3"},{"date" => "2018-07-23T12:12:48","version" => "0.24-TRIAL4"},{"date" => "2018-07-24T22:03:18","version" => "0.24"},{"date" => "2018-07-25T01:54:45","version" => "0.25"},{"date" => "2018-07-28T19:52:07","version" => "0.26-TRIAL1"},{"date" => "2018-07-28T22:07:05","version" => "0.26"},{"date" => "2018-07-28T22:26:02","version" => "0.27-TRIAL1"},{"date" => "2018-07-29T02:05:05","version" => "0.27"},{"date" => "2018-08-25T00:24:23","version" => "0.28"},{"date" => "2018-08-25T02:38:45","version" => "0.29"},{"date" => "2018-12-22T02:29:37","version" => "0.30-TRIAL1"},{"date" => "2018-12-22T15:18:25","version" => "0.30-TRIAL2"},{"date" => "2018-12-24T03:14:46","version" => "0.30-TRIAL3"},{"date" => "2019-09-12T03:13:59","version" => "0.30"},{"date" => "2020-02-11T00:54:58","version" => "0.31_01"},{"date" => "2020-02-11T02:50:09","version" => "0.31_02"},{"date" => "2020-02-12T01:19:36","version" => "0.31"},{"date" => "2020-06-04T12:31:25","version" => "0.32_01"},{"date" => "2020-06-04T12:56:11","version" => "0.32_02"},{"date" => "2020-06-05T02:53:59","version" => "0.32"},{"date" => "2020-08-10T15:39:12","version" => "0.33"},{"date" => "2020-09-24T07:31:56","version" => "0.34_02"},{"date" => "2020-09-24T07:37:16","version" => "0.34_03"},{"date" => "2020-09-25T01:38:34","version" => "0.34_04"},{"date" => "2020-09-26T03:44:57","version" => "0.34_05"},{"date" => "2020-09-26T12:38:56","version" => "0.34_06"},{"date" => "2020-09-26T18:03:25","version" => "0.34_07"},{"date" => "2020-09-27T13:00:26","version" => "0.34_08"},{"date" => "2020-09-27T23:51:08","version" => "0.34_09"},{"date" => "2020-09-28T07:22:06","version" => "0.34"},{"date" => "2021-11-17T15:13:58","version" => "0.35_02"},{"date" => "2021-11-18T03:39:19","version" => "0.35"},{"date" => "2021-11-18T03:44:32","version" => "0.36"},{"date" => "2021-11-20T13:20:35","version" => "0.37_01"},{"date" => "2021-11-21T03:44:48","version" => "0.37_02"},{"date" => "2021-11-22T04:28:59","version" => "0.37_03"},{"date" => "2021-11-29T02:09:35","version" => "0.37_04"},{"date" => "2021-11-30T02:16:10","version" => "0.37_05"},{"date" => "2021-11-30T16:09:14","version" => "0.37_06"},{"date" => "2021-12-01T01:39:08","version" => "0.37_07"},{"date" => "2021-12-02T21:42:02","version" => "0.37_08"},{"date" => "2021-12-06T15:38:41","version" => "0.37_09"},{"date" => "2021-12-08T01:12:53","version" => "0.37_10"},{"date" => "2021-12-09T13:42:15","version" => "0.37_11"},{"date" => "2021-12-14T02:08:33","version" => "0.37_12"},{"date" => "2021-12-15T05:19:53","version" => "0.37_13"},{"date" => "2021-12-17T19:36:38","version" => "0.37"},{"date" => "2022-10-17T15:04:13","version" => "0.38"}]},"Crypt-Primes" => {"advisories" => [{"affected_versions" => ["<0.52"],"cves" => [],"description" => "bin/largeprimes uses a custom shebang, which allows it to load modules from several locations: '..', '../lib', 'lib'. This could lead to load modules from an unpredictable location depending from where the script is run and what user is running it.\n","distribution" => "Crypt-Primes","fixed_versions" => [">=0.52"],"id" => "CPANSA-Crypt-Primes-2024-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=128058","https://github.com/atoomic/Crypt-Primes/pull/2","https://github.com/perl-Crypt-OpenPGP/Crypt-Primes/blob/main/Changes"],"reported" => undef,"severity" => undef}],"main_module" => "Crypt::Primes","versions" => [{"date" => "2000-11-09T23:33:04","version" => "0.38"},{"date" => "2001-03-05T09:29:12","version" => "0.46"},{"date" => "2001-06-11T09:15:28","version" => "0.49"},{"date" => "2003-01-16T20:11:04","version" => "0.50"},{"date" => "2025-01-25T02:41:34","version" => "0.51"},{"date" => "2025-01-25T13:14:32","version" => "0.52"}]},"Crypt-Random" => {"advisories" => [{"affected_versions" => [">0"],"cves" => [],"description" => "The makerandom program that comes with Crypt::Random adds module search paths in its shebang line, potentially leading to issues with unexpected modules being loaded\n","distribution" => "Crypt-Random","fixed_versions" => [],"id" => "CPANSA-Crypt-Random-2024-001","references" => ["https://metacpan.org/dist/Crypt-Random/changes","https://rt.cpan.org/Ticket/Display.html?id=128062","https://github.com/atoomic/Crypt-Random/pull/1"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.05,<=1.55"],"cves" => ["CVE-2025-1828"],"description" => "Crypt::Random Perl package 1.05 through 1.55 may use rand() function,\x{a0}which is not\x{a0}cryptographically strong,\x{a0}for cryptographic functions.  If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available\x{a0}Crypt::Random will default to use the insecure\x{a0}Crypt::Random::rand provider.  In particular, Windows versions of perl will encounter this issue by default.","distribution" => "Crypt-Random","fixed_versions" => [">1.55"],"id" => "CPANSA-Crypt-Random-2025-1828","references" => ["https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05","https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1","https://perldoc.perl.org/functions/rand"],"reported" => "2025-03-11","severity" => undef}],"main_module" => "Crypt::Random","versions" => [{"date" => "1999-04-09T19:08:40","version" => "0.17"},{"date" => "1999-10-13T23:27:57","version" => "0.18"},{"date" => "2000-09-18T22:56:56","version" => "0.23"},{"date" => "2001-02-14T08:55:34","version" => "0.32"},{"date" => "2001-03-05T09:27:27","version" => "0.33"},{"date" => "2001-04-17T22:01:25","version" => "0.34"},{"date" => "2001-06-22T22:11:42","version" => "1.07"},{"date" => "2001-06-23T02:22:55","version" => "1.08"},{"date" => "2001-07-09T19:07:34","version" => "1.10"},{"date" => "2001-07-12T16:02:21","version" => "1.11"},{"date" => "2003-01-08T13:41:34","version" => "1.12"},{"date" => "2003-03-11T18:44:11","version" => "1.13"},{"date" => "2004-05-21T21:18:13","version" => "1.20"},{"date" => "2004-05-24T23:04:52","version" => "1.21"},{"date" => "2004-06-01T22:58:47","version" => "1.22"},{"date" => "2004-06-02T18:52:24","version" => "1.23"},{"date" => "2005-03-07T23:05:09","version" => "1.24"},{"date" => "2005-03-07T23:18:08","version" => "1.25"},{"date" => "2018-12-22T16:21:07","version" => "1.51"},{"date" => "2018-12-22T19:30:28","version" => "1.52"},{"date" => "2021-06-03T18:19:46","version" => "1.53"},{"date" => "2021-06-03T18:31:44","version" => "1.54"},{"date" => "2025-01-30T05:20:08","version" => "1.55"},{"date" => "2025-02-05T01:49:00","version" => "1.56"},{"date" => "2025-02-10T23:28:24","version" => "1.57"}]},"Crypt-Random-Source" => {"advisories" => [{"affected_versions" => ["<=0.12"],"cves" => ["CVE-2018-25107"],"description" => "In versions prior to 0.13, rand could be used as a result of calling get_weak, or get, if no random device was available. This implies that not explicitly asking for get_strong on a non POSIX operating system (e.g. Win32 without the Win32 backend) could have resulted in non cryptographically random data.\n","distribution" => "Crypt-Random-Source","fixed_versions" => [">=0.13"],"id" => "CPANSA-Crypt-Random-Source-2024-001","references" => ["https://metacpan.org/dist/Crypt-Random-Source/changes","https://nvd.nist.gov/vuln/detail/CVE-2018-25107","https://github.com/karenetheridge/Crypt-Random-Source/pull/3","https://metacpan.org/release/ETHER/Crypt-Random-Source-0.13/changes"],"reported" => undef,"severity" => undef}],"main_module" => "Crypt::Random::Source","versions" => [{"date" => "2008-06-17T00:15:09","version" => "0.01_01"},{"date" => "2008-06-17T01:51:37","version" => "0.01"},{"date" => "2008-06-17T01:53:15","version" => "0.02"},{"date" => "2008-06-17T06:01:16","version" => "0.03"},{"date" => "2009-11-25T17:09:48","version" => "0.04"},{"date" => "2009-11-25T17:11:14","version" => "0.05"},{"date" => "2010-12-23T03:04:46","version" => "0.06"},{"date" => "2011-01-05T08:42:20","version" => "0.07"},{"date" => "2014-08-05T00:05:07","version" => "0.08"},{"date" => "2014-08-30T17:12:48","version" => "0.09"},{"date" => "2014-08-31T18:06:40","version" => "0.10"},{"date" => "2015-10-24T04:00:11","version" => "0.11"},{"date" => "2016-03-11T03:43:41","version" => "0.12"},{"date" => "2018-04-08T01:09:20","version" => "0.13"},{"date" => "2018-04-10T02:58:59","version" => "0.14"}]},"Crypt-RandomEncryption" => {"advisories" => [{"affected_versions" => [">=0.01"],"cves" => ["CVE-2024-58040"],"description" => "Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.","distribution" => "Crypt-RandomEncryption","fixed_versions" => [],"id" => "CPANSA-Crypt-RandomEncryption-2024-58040","references" => ["https://metacpan.org/release/QWER/Crypt-RandomEncryption-0.01/source/lib/Crypt/RandomEncryption.pm#L33","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-09-30","severity" => undef}],"main_module" => "Crypt::RandomEncryption","versions" => [{"date" => "2013-05-16T18:07:28","version" => "0.01"}]},"Crypt-Salt" => {"advisories" => [{"affected_versions" => ["<=0.01"],"cves" => ["CVE-2025-1805"],"description" => "Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.","distribution" => "Crypt-Salt","fixed_versions" => [],"id" => "CPANSA-Crypt-Salt-2025-1805","references" => ["https://metacpan.org/release/HACHI/Crypt-Salt-0.01/source/lib/Crypt/Salt.pm#L76","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-02","severity" => undef}],"main_module" => "Crypt::Salt","versions" => [{"date" => "2003-11-12T06:13:44","version" => "0.01"}]},"Crypt-Sodium-XS" => {"advisories" => [{"affected_versions" => ["<0.000042"],"cves" => ["CVE-2025-15444"],"description" => "Crypt::Sodium::XS module versions prior to\x{a0}0.000042,\x{a0}for Perl, include a vulnerable version of libsodium  libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\x{a0} https://www.cve.org/CVERecord?id=CVE-2025-69277 .  The libsodium vulnerability states:  In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.  0.000042 includes a version of\x{a0}libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.","distribution" => "Crypt-Sodium-XS","embedded_vulnerability" => {"distributed_version" => "<-1.0.20","name" => "libsodium"},"fixed_versions" => [">=0.000042"],"id" => "CPANSA-Crypt-Sodium-XS-2025-15444","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://metacpan.org/dist/Crypt-Sodium-XS/changes"],"reported" => "2026-01-06","severity" => undef},{"affected_versions" => ["<0.001001"],"cves" => ["CVE-2026-30910"],"description" => "Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.  Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow.  Encountering this issue is unlikely as the message length would need to be very large.  For bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U","distribution" => "Crypt-Sodium-XS","fixed_versions" => [">=0.001001"],"id" => "CPANSA-Crypt-Sodium-XS-2026-30910","references" => ["https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes","http://www.openwall.com/lists/oss-security/2026/03/08/2"],"reported" => "2026-03-08","severity" => undef},{"affected_versions" => [">=0.000018,<=0.000027"],"cves" => ["CVE-2025-69277"],"description" => "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.\n","distribution" => "Crypt-Sodium-XS","fixed_versions" => [],"id" => "CPANSA-Crypt-Sodium-XS-2025-69277-libsodium","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7","https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf","https://github.com/pyca/pynacl/issues/920","https://ianix.com/pub/ed25519-deployment.html","https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html","https://news.ycombinator.com/item?id=46435614"],"reported" => "2025-12-31","severity" => "medium"},{"affected_versions" => [">=0.000028,<=0.000041"],"cves" => ["CVE-2025-69277"],"description" => "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.\n","distribution" => "Crypt-Sodium-XS","fixed_versions" => [],"id" => "CPANSA-Crypt-Sodium-XS-2025-69277-libsodium","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7","https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf","https://github.com/pyca/pynacl/issues/920","https://ianix.com/pub/ed25519-deployment.html","https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html","https://news.ycombinator.com/item?id=46435614"],"reported" => "2025-12-31","severity" => "medium"}],"main_module" => "Crypt::Sodium::XS","versions" => [{"date" => "2025-07-06T21:01:50","version" => "0.000018"},{"date" => "2025-07-07T16:16:33","version" => "0.000019"},{"date" => "2025-07-08T01:32:47","version" => "0.000020"},{"date" => "2025-07-08T02:22:03","version" => "0.000021"},{"date" => "2025-07-08T06:45:10","version" => "0.000022"},{"date" => "2025-07-08T22:14:02","version" => "0.000024"},{"date" => "2025-07-09T20:24:46","version" => "0.000025"},{"date" => "2025-07-09T21:42:18","version" => "0.000026"},{"date" => "2025-07-12T16:33:41","version" => "0.000027"},{"date" => "2025-07-15T19:55:23","version" => "0.000028"},{"date" => "2025-07-17T00:10:50","version" => "0.000029"},{"date" => "2025-07-19T21:47:23","version" => "0.000030"},{"date" => "2025-07-21T15:02:40","version" => "0.000031"},{"date" => "2025-07-23T23:48:57","version" => "0.000032"},{"date" => "2025-07-24T20:46:46","version" => "0.000033"},{"date" => "2025-08-01T19:01:56","version" => "0.000034"},{"date" => "2025-08-02T00:09:58","version" => "0.000035"},{"date" => "2025-08-03T14:55:38","version" => "0.000036"},{"date" => "2025-08-05T21:41:13","version" => "0.000037"},{"date" => "2025-08-09T18:31:17","version" => "0.000038"},{"date" => "2025-08-21T06:03:08","version" => "0.000039"},{"date" => "2025-12-04T06:38:40","version" => "0.000040"},{"date" => "2025-12-05T05:32:25","version" => "0.000041"},{"date" => "2026-01-04T09:58:53","version" => "0.000042"},{"date" => "2026-01-21T04:10:41","version" => "0.001000"},{"date" => "2026-03-07T22:47:08","version" => "0.001001"}]},"Crypt-SysRandom-XS" => {"advisories" => [{"affected_versions" => ["<0.010"],"cves" => ["CVE-2026-2597"],"description" => "Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes().  The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to chosen random function (e.g. getrandom) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service).  In common usage, the length argument is typically hardcoded by the caller, which reduces the likelihood of attacker-controlled exploitation. Applications that pass untrusted input to this parameter may be affected.","distribution" => "Crypt-SysRandom-XS","fixed_versions" => [">=0.010"],"id" => "CPANSA-Crypt-SysRandom-XS-2026-2597","references" => ["https://metacpan.org/dist/Crypt-SysRandom-XS/changes","https://metacpan.org/release/LEONT/Crypt-SysRandom-XS-0.011/source/lib/Crypt/SysRandom/XS.xs#L51-52"],"reported" => "2026-02-27","severity" => undef}],"main_module" => "Crypt::SysRandom::XS","versions" => [{"date" => "2025-02-04T01:59:42","version" => "0.006"},{"date" => "2025-02-05T19:46:04","version" => "0.007"},{"date" => "2025-02-20T12:52:45","version" => "0.008"},{"date" => "2025-04-11T16:46:48","version" => "0.009"},{"date" => "2026-02-16T20:43:40","version" => "0.010"},{"date" => "2026-02-16T23:58:52","version" => "0.011"}]},"Crypt-URandom" => {"advisories" => [{"affected_versions" => [">=0.41,<0.55"],"cves" => ["CVE-2026-2474"],"description" => "Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom().  The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to getrandom(data, length, GRND_NONBLOCK) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service).  In common usage, the length argument is typically hardcoded by the caller, which reduces the likelihood of attacker-controlled exploitation. Applications that pass untrusted input to this parameter may be affected.","distribution" => "Crypt-URandom","fixed_versions" => [">=0.55"],"id" => "CPANSA-Crypt-URandom-2026-2474","references" => ["https://metacpan.org/release/DDICK/Crypt-URandom-0.54/source/URandom.xs#L35-79","https://metacpan.org/release/DDICK/Crypt-URandom-0.55/source/Changes"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Crypt::URandom","versions" => [{"date" => "2011-04-19T21:19:07","version" => "0.0.27"},{"date" => "2011-09-03T08:32:28","version" => "0.28"},{"date" => "2013-02-14T08:52:19","version" => "0.29"},{"date" => "2013-02-26T10:34:54","version" => "0.30"},{"date" => "2013-03-01T07:59:28","version" => "0.31"},{"date" => "2013-03-09T04:25:55","version" => "0.32"},{"date" => "2013-03-09T04:32:35","version" => "0.33"},{"date" => "2013-03-10T09:20:53","version" => "0.34"},{"date" => "2015-05-13T20:12:12","version" => "0.35"},{"date" => "2015-06-01T11:45:38","version" => "0.36"},{"date" => "2023-05-10T11:55:21","version" => "0.37"},{"date" => "2023-05-10T19:57:07","version" => "0.38"},{"date" => "2023-05-21T09:05:01","version" => "0.39"},{"date" => "2024-02-24T09:03:35","version" => "0.40"},{"date" => "2024-12-29T23:34:13","version" => "0.41_01"},{"date" => "2024-12-30T00:00:05","version" => "0.41_02"},{"date" => "2025-01-01T22:58:00","version" => "0.41"},{"date" => "2025-01-02T23:56:10","version" => "0.42"},{"date" => "2025-01-03T09:04:23","version" => "0.43"},{"date" => "2025-01-03T20:47:27","version" => "0.44"},{"date" => "2025-01-03T22:28:26","version" => "0.45"},{"date" => "2025-01-04T08:47:50","version" => "0.46"},{"date" => "2025-01-06T10:45:06","version" => "0.47"},{"date" => "2025-01-06T21:08:58","version" => "0.48"},{"date" => "2025-01-07T21:28:34","version" => "0.49"},{"date" => "2025-01-08T21:56:14","version" => "0.50"},{"date" => "2025-01-19T07:28:53","version" => "0.51_01"},{"date" => "2025-01-19T07:57:30","version" => "0.51_02"},{"date" => "2025-01-22T11:25:07","version" => "0.51"},{"date" => "2025-01-22T19:39:34","version" => "0.52"},{"date" => "2025-02-08T09:07:55","version" => "0.53"},{"date" => "2025-03-15T09:46:36","version" => "0.54"},{"date" => "2026-02-16T20:08:04","version" => "0.55"}]},"CryptX" => {"advisories" => [{"affected_versions" => ["<0.062"],"cves" => ["CVE-2018-25099"],"description" => "A user can pass anything as the tag into gcm_decrypt_verify() and it will return decrypted plaintext.\n","distribution" => "CryptX","fixed_versions" => [">=0.062"],"id" => "CPANSA-CryptX-2018-01","references" => ["https://github.com/DCIT/perl-CryptX/issues/47","https://github.com/libtom/libtomcrypt/pull/451"],"reported" => "2018-10-26","severity" => undef},{"affected_versions" => ["<0.065"],"cves" => ["CVE-2025-40912","CVE-2019-17362"],"description" => "CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.  CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.","distribution" => "CryptX","embedded_vulnerability" => {"distributed_version" => undef,"name" => "libtomcrypt"},"fixed_versions" => [">=0.065"],"id" => "CPANSA-CryptX-2025-40912","references" => ["https://github.com/libtom/libtomcrypt/issues/507"],"reported" => "2025-06-11","severity" => undef},{"affected_versions" => ["<0.087"],"cves" => ["CVE-2025-40914","CVE-2023-36328"],"description" => "Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.  CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.","distribution" => "CryptX","embedded_vulnerability" => {"distributed_version" => undef,"name" => "libtommath"},"fixed_versions" => [">=0.087"],"id" => "CPANSA-CryptX-2025-40914","references" => ["https://github.com/advisories/GHSA-j3xv-6967-cv88","https://github.com/libtom/libtommath/pull/546","https://metacpan.org/release/MIK/CryptX-0.086/source/src/ltm/bn_mp_grow.c","https://www.cve.org/CVERecord?id=CVE-2023-36328"],"reported" => "2025-06-11","severity" => undef}],"main_module" => "CryptX","versions" => [{"date" => "2013-04-11T15:10:25","version" => "0.002"},{"date" => "2013-04-16T07:29:07","version" => "0.003"},{"date" => "2013-04-16T07:37:29","version" => "0.004"},{"date" => "2013-04-18T12:09:09","version" => "0.005"},{"date" => "2013-04-19T09:05:57","version" => "0.006"},{"date" => "2013-04-23T10:03:54","version" => "0.007"},{"date" => "2013-05-02T08:52:42","version" => "0.008"},{"date" => "2013-05-19T20:25:17","version" => "0.009"},{"date" => "2013-06-14T22:37:18","version" => "0.011"},{"date" => "2013-06-17T20:00:17","version" => "0.012"},{"date" => "2013-08-28T07:12:15","version" => "0.013"},{"date" => "2013-09-11T14:31:01","version" => "0.013_1"},{"date" => "2013-09-11T21:11:18","version" => "0.014"},{"date" => "2013-09-12T08:21:21","version" => "0.014_1"},{"date" => "2013-09-12T09:12:21","version" => "0.014_2"},{"date" => "2013-09-12T09:32:06","version" => "0.015"},{"date" => "2013-09-15T19:36:52","version" => "0.016"},{"date" => "2013-09-22T19:20:20","version" => "0.016_1"},{"date" => "2013-09-23T14:24:27","version" => "0.016_2"},{"date" => "2013-09-24T05:00:07","version" => "0.016_3"},{"date" => "2013-09-24T08:54:42","version" => "0.017"},{"date" => "2013-10-18T13:21:35","version" => "0.018"},{"date" => "2013-10-20T21:13:35","version" => "0.019"},{"date" => "2014-01-14T21:30:37","version" => "0.019_1"},{"date" => "2014-01-15T21:59:30","version" => "0.019_2"},{"date" => "2014-01-16T21:26:19","version" => "0.019_3"},{"date" => "2014-01-17T09:42:29","version" => "0.019_4"},{"date" => "2014-01-18T08:29:06","version" => "0.020"},{"date" => "2014-01-23T15:47:50","version" => "0.021"},{"date" => "2015-04-17T01:18:47","version" => "0.021_1"},{"date" => "2015-04-17T10:12:01","version" => "0.021_3"},{"date" => "2015-05-06T07:55:21","version" => "0.021_4"},{"date" => "2015-05-11T21:56:39","version" => "0.021_5"},{"date" => "2015-05-12T05:52:15","version" => "0.021_6"},{"date" => "2015-05-12T07:10:42","version" => "0.021_7"},{"date" => "2015-05-14T09:27:41","version" => "0.021_8"},{"date" => "2015-05-15T11:08:26","version" => "0.021_9"},{"date" => "2015-05-22T16:57:26","version" => "0.022"},{"date" => "2015-06-10T20:37:54","version" => "0.023"},{"date" => "2015-06-26T06:13:25","version" => "0.023_1"},{"date" => "2015-06-26T09:18:06","version" => "0.023_2"},{"date" => "2015-06-29T20:09:16","version" => "0.024"},{"date" => "2015-07-08T07:56:50","version" => "0.025"},{"date" => "2015-10-22T15:14:53","version" => "0.025_01"},{"date" => "2015-11-28T18:58:17","version" => "0.026"},{"date" => "2015-12-29T21:20:15","version" => "0.026_01"},{"date" => "2015-12-29T21:20:27","version" => "0.026_02"},{"date" => "2016-01-02T14:38:13","version" => "0.026_05"},{"date" => "2016-01-02T15:57:58","version" => "0.026_06"},{"date" => "2016-01-03T14:36:53","version" => "0.026_08"},{"date" => "2016-01-10T09:47:31","version" => "0.026_15"},{"date" => "2016-01-10T09:47:43","version" => "0.026_16"},{"date" => "2016-01-10T11:52:21","version" => "0.026_18"},{"date" => "2016-01-10T11:53:48","version" => "0.026_19"},{"date" => "2016-01-10T17:03:45","version" => "0.026_23"},{"date" => "2016-01-10T17:03:56","version" => "0.026_24"},{"date" => "2016-01-10T19:02:14","version" => "0.026_28"},{"date" => "2016-01-10T20:49:06","version" => "0.026_29"},{"date" => "2016-01-12T22:25:58","version" => "0.026_30"},{"date" => "2016-01-12T22:37:33","version" => "0.026_31"},{"date" => "2016-01-13T23:53:06","version" => "0.026_32"},{"date" => "2016-01-14T19:29:18","version" => "0.026_33"},{"date" => "2016-01-14T19:30:45","version" => "0.026_34"},{"date" => "2016-01-14T21:16:15","version" => "0.026_35"},{"date" => "2016-01-14T21:19:01","version" => "0.026_36"},{"date" => "2016-01-22T23:01:16","version" => "0.026_39"},{"date" => "2016-01-24T22:12:32","version" => "0.026_40"},{"date" => "2016-01-24T22:36:42","version" => "0.026_41"},{"date" => "2016-01-25T20:44:46","version" => "0.027"},{"date" => "2016-01-25T21:42:58","version" => "0.027_01"},{"date" => "2016-01-26T10:06:26","version" => "0.027_05"},{"date" => "2016-03-15T09:51:01","version" => "0.027_06"},{"date" => "2016-03-23T19:44:54","version" => "0.028"},{"date" => "2016-03-28T14:31:13","version" => "0.028_01"},{"date" => "2016-03-28T19:32:58","version" => "0.028_02"},{"date" => "2016-03-31T12:07:46","version" => "0.028_03"},{"date" => "2016-04-13T09:30:27","version" => "0.029"},{"date" => "2016-04-13T09:46:59","version" => "0.030"},{"date" => "2016-05-01T16:53:05","version" => "0.031"},{"date" => "2016-05-04T17:45:30","version" => "0.032"},{"date" => "2016-05-09T20:20:49","version" => "0.033"},{"date" => "2016-05-10T22:31:32","version" => "0.034"},{"date" => "2016-06-03T10:17:59","version" => "0.035"},{"date" => "2016-06-07T19:22:05","version" => "0.036"},{"date" => "2016-06-16T17:04:27","version" => "0.037"},{"date" => "2016-07-06T18:27:46","version" => "0.038"},{"date" => "2016-08-03T05:53:42","version" => "0.039"},{"date" => "2016-09-12T08:42:39","version" => "0.040"},{"date" => "2016-10-12T09:32:48","version" => "0.041"},{"date" => "2016-10-19T10:25:05","version" => "0.041_001"},{"date" => "2016-11-02T09:00:59","version" => "0.041_002"},{"date" => "2016-11-02T09:19:09","version" => "0.041_003"},{"date" => "2016-11-12T15:21:01","version" => "0.042"},{"date" => "2016-11-27T21:19:27","version" => "0.043"},{"date" => "2016-11-28T07:45:32","version" => "0.044"},{"date" => "2017-02-21T21:54:33","version" => "0.044_001"},{"date" => "2017-02-23T15:58:42","version" => "0.044_003"},{"date" => "2017-02-23T20:35:46","version" => "0.044_004"},{"date" => "2017-02-23T20:44:50","version" => "0.044_005"},{"date" => "2017-02-28T12:22:27","version" => "0.044_006"},{"date" => "2017-02-28T13:58:51","version" => "0.044_007"},{"date" => "2017-03-01T09:26:34","version" => "0.044_008"},{"date" => "2017-03-01T09:49:29","version" => "0.044_009"},{"date" => "2017-03-01T10:02:35","version" => "0.044_010"},{"date" => "2017-03-31T09:28:10","version" => "0.045"},{"date" => "2017-04-04T09:08:33","version" => "0.046"},{"date" => "2017-04-05T20:09:35","version" => "0.047"},{"date" => "2017-04-07T18:22:15","version" => "0.047_001"},{"date" => "2017-04-07T21:40:24","version" => "0.047_002"},{"date" => "2017-04-10T08:16:03","version" => "0.047_003"},{"date" => "2017-04-24T15:23:29","version" => "0.047_004"},{"date" => "2017-04-26T15:36:02","version" => "0.047_005"},{"date" => "2017-05-01T19:11:50","version" => "0.047_006"},{"date" => "2017-05-31T20:22:56","version" => "0.048"},{"date" => "2017-07-09T19:38:38","version" => "0.048_001"},{"date" => "2017-07-14T17:43:25","version" => "0.048_002"},{"date" => "2017-07-18T05:56:42","version" => "0.049"},{"date" => "2017-07-18T20:37:45","version" => "0.050"},{"date" => "2017-08-08T08:14:05","version" => "0.051"},{"date" => "2017-09-15T12:32:56","version" => "0.053"},{"date" => "2017-09-19T07:51:19","version" => "0.053_001"},{"date" => "2017-09-19T18:46:56","version" => "0.053_002"},{"date" => "2017-09-20T09:56:04","version" => "0.053_003"},{"date" => "2017-10-10T21:04:53","version" => "0.053_004"},{"date" => "2017-10-12T07:27:42","version" => "0.054"},{"date" => "2017-10-23T13:18:12","version" => "0.054_001"},{"date" => "2017-10-23T17:44:49","version" => "0.054_002"},{"date" => "2017-10-25T07:43:53","version" => "0.054_003"},{"date" => "2017-10-30T17:53:14","version" => "0.054_004"},{"date" => "2017-10-31T18:27:22","version" => "0.054_005"},{"date" => "2017-11-20T18:51:03","version" => "0.054_006"},{"date" => "2017-11-24T08:15:31","version" => "0.054_007"},{"date" => "2017-11-24T14:21:46","version" => "0.054_008"},{"date" => "2017-11-24T16:33:40","version" => "0.054_009"},{"date" => "2017-11-28T10:19:52","version" => "0.055"},{"date" => "2017-12-18T19:05:35","version" => "0.055_001"},{"date" => "2017-12-22T13:22:16","version" => "0.056"},{"date" => "2018-01-26T16:05:07","version" => "0.056_001"},{"date" => "2018-01-29T06:18:08","version" => "0.056_002"},{"date" => "2018-01-29T10:02:58","version" => "0.056_003"},{"date" => "2018-01-29T23:05:27","version" => "0.056_004"},{"date" => "2018-01-30T10:23:40","version" => "0.056_005"},{"date" => "2018-01-30T14:11:33","version" => "0.056_006"},{"date" => "2018-01-30T16:08:38","version" => "0.056_007"},{"date" => "2018-01-30T16:29:41","version" => "0.056_008"},{"date" => "2018-01-30T16:43:48","version" => "0.056_009"},{"date" => "2018-01-31T08:56:12","version" => "0.057"},{"date" => "2018-02-27T17:13:52","version" => "0.058"},{"date" => "2018-03-08T09:30:22","version" => "0.058_001"},{"date" => "2018-03-18T16:27:43","version" => "0.058_002"},{"date" => "2018-03-25T15:45:36","version" => "0.059"},{"date" => "2018-04-27T17:14:03","version" => "0.059_001"},{"date" => "2018-04-28T20:59:58","version" => "0.059_002"},{"date" => "2018-04-29T18:12:50","version" => "0.059_003"},{"date" => "2018-05-01T09:32:27","version" => "0.060"},{"date" => "2018-05-27T19:05:34","version" => "0.060_001"},{"date" => "2018-05-28T07:18:37","version" => "0.060_002"},{"date" => "2018-06-06T15:49:28","version" => "0.060_003"},{"date" => "2018-06-07T05:25:50","version" => "0.061"},{"date" => "2018-10-24T20:35:24","version" => "0.061_001"},{"date" => "2018-10-26T17:10:16","version" => "0.061_002"},{"date" => "2018-10-29T10:46:25","version" => "0.061_003"},{"date" => "2018-10-30T06:27:48","version" => "0.062"},{"date" => "2018-11-22T10:43:01","version" => "0.062_001"},{"date" => "2018-11-28T10:48:28","version" => "0.063"},{"date" => "2019-06-06T09:36:14","version" => "0.063_001"},{"date" => "2019-06-06T17:35:59","version" => "0.063_002"},{"date" => "2019-06-10T17:24:53","version" => "0.063_003"},{"date" => "2019-06-12T13:33:28","version" => "0.063_004"},{"date" => "2019-06-12T23:12:09","version" => "0.063_005"},{"date" => "2019-06-14T07:01:03","version" => "0.064"},{"date" => "2019-10-19T18:49:19","version" => "0.065"},{"date" => "2019-10-20T16:30:22","version" => "0.066"},{"date" => "2020-01-26T20:23:46","version" => "0.066_001"},{"date" => "2020-01-30T10:21:29","version" => "0.066_002"},{"date" => "2020-02-01T13:24:27","version" => "0.067"},{"date" => "2020-03-08T19:21:55","version" => "0.067_001"},{"date" => "2020-03-10T13:04:08","version" => "0.068"},{"date" => "2020-08-02T08:51:06","version" => "0.068_001"},{"date" => "2020-08-25T07:12:43","version" => "0.069"},{"date" => "2021-02-12T14:44:41","version" => "0.070"},{"date" => "2021-03-30T09:39:33","version" => "0.071"},{"date" => "2021-04-29T08:23:01","version" => "0.072"},{"date" => "2021-07-12T16:40:01","version" => "0.072_001"},{"date" => "2021-07-13T07:03:12","version" => "0.072_002"},{"date" => "2021-07-13T20:54:22","version" => "0.072_003"},{"date" => "2021-07-18T12:16:09","version" => "0.073"},{"date" => "2021-10-04T18:34:39","version" => "0.073_001"},{"date" => "2021-10-10T18:41:04","version" => "0.073_002"},{"date" => "2021-10-13T18:32:43","version" => "0.073_003"},{"date" => "2021-11-06T09:26:22","version" => "0.074"},{"date" => "2021-12-25T09:39:17","version" => "0.075"},{"date" => "2022-01-01T00:36:25","version" => "0.075_001"},{"date" => "2022-01-01T13:19:24","version" => "0.075_002"},{"date" => "2022-01-01T19:48:49","version" => "0.075_003"},{"date" => "2022-01-07T20:55:06","version" => "0.076"},{"date" => "2022-06-09T18:18:34","version" => "0.076_001"},{"date" => "2022-08-20T15:42:12","version" => "0.076_002"},{"date" => "2022-08-20T18:14:10","version" => "0.076_003"},{"date" => "2022-08-21T07:46:06","version" => "0.077"},{"date" => "2023-04-28T12:31:25","version" => "0.078"},{"date" => "2023-07-25T18:36:58","version" => "0.078_001"},{"date" => "2023-10-01T12:20:32","version" => "0.079"},{"date" => "2023-10-01T17:35:55","version" => "0.079_002"},{"date" => "2023-10-01T17:36:06","version" => "0.079_003"},{"date" => "2023-10-02T07:47:50","version" => "0.079_004"},{"date" => "2023-10-02T11:22:48","version" => "0.079_005"},{"date" => "2023-10-02T15:06:17","version" => "0.079_006"},{"date" => "2023-10-03T10:16:25","version" => "0.079_007"},{"date" => "2023-10-04T11:07:16","version" => "0.080"},{"date" => "2023-10-07T11:45:30","version" => "0.080_001"},{"date" => "2024-08-17T10:06:21","version" => "0.080_003"},{"date" => "2024-08-17T17:16:06","version" => "0.080_004"},{"date" => "2024-08-17T20:28:14","version" => "0.080_005"},{"date" => "2024-08-30T18:43:56","version" => "0.080_006"},{"date" => "2024-09-01T08:32:21","version" => "0.080_007"},{"date" => "2024-09-01T09:26:40","version" => "0.080_008"},{"date" => "2024-09-01T11:23:19","version" => "0.080_009"},{"date" => "2024-09-02T14:51:29","version" => "0.080_010"},{"date" => "2024-09-03T11:32:03","version" => "0.080_011"},{"date" => "2024-09-03T18:01:58","version" => "0.080_012"},{"date" => "2024-09-08T16:12:50","version" => "0.081"},{"date" => "2024-10-03T11:12:24","version" => "0.081_001"},{"date" => "2024-10-07T13:31:29","version" => "0.082"},{"date" => "2024-10-14T11:36:41","version" => "0.082_001"},{"date" => "2024-10-15T09:31:49","version" => "0.083"},{"date" => "2024-10-15T15:09:00","version" => "0.083_001"},{"date" => "2024-10-16T11:23:26","version" => "0.084"},{"date" => "2025-01-25T22:45:03","version" => "0.084_001"},{"date" => "2025-02-08T10:02:22","version" => "0.085"},{"date" => "2025-02-20T21:06:09","version" => "0.085_001"},{"date" => "2025-04-27T15:46:56","version" => "0.085_002"},{"date" => "2025-04-27T17:37:48","version" => "0.085_003"},{"date" => "2025-05-02T21:40:16","version" => "0.086"},{"date" => "2025-06-08T22:06:49","version" => "0.086_001"},{"date" => "2025-06-09T18:09:54","version" => "0.086_002"},{"date" => "2025-06-09T21:44:43","version" => "0.086_003"},{"date" => "2025-06-10T05:57:40","version" => "0.086_004"},{"date" => "2025-06-11T10:52:53","version" => "0.086_005"},{"date" => "2025-06-11T13:52:26","version" => "0.087"},{"date" => "2025-10-05T16:50:53","version" => "0.087_001"}]},"DBD-MariaDB" => {"advisories" => [{"affected_versions" => ["<1.00"],"cves" => ["CVE-2018-2767"],"description" => "SSL problems of MySQL and MariaDB clients.\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2018-01","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"},{"affected_versions" => ["<1.00"],"cves" => ["CVE-2017-10788"],"description" => "Use-after-free after calling mysql_stmt_close().\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2017-02","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"},{"affected_versions" => ["<1.00"],"cves" => ["CVE-2017-3302"],"description" => "Leaking dangling pointers.\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2017-01","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"}],"main_module" => "DBD::MariaDB","versions" => [{"date" => "2018-06-26T14:23:29","version" => "0.90_01"},{"date" => "2018-07-12T13:36:05","version" => "1.00"},{"date" => "2018-12-05T12:21:26","version" => "1.10"},{"date" => "2019-01-02T15:38:57","version" => "1.11"},{"date" => "2019-02-22T16:31:33","version" => "1.20"},{"date" => "2019-02-27T11:08:40","version" => "1.21"},{"date" => "2022-04-21T23:16:33","version" => "1.22"},{"date" => "2023-09-10T14:27:09","version" => "1.23"},{"date" => "2025-05-04T19:33:22","version" => "1.24"}]},"DBD-Pg" => {"advisories" => [{"affected_versions" => ["<2.19.0"],"cves" => ["CVE-2012-1151"],"description" => "Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.\n","distribution" => "DBD-Pg","fixed_versions" => [],"id" => "CPANSA-DBD-Pg-2012-1151","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536","https://rt.cpan.org/Public/Bug/Display.html?id=75642","http://secunia.com/advisories/48319","https://bugzilla.redhat.com/show_bug.cgi?id=801733","http://www.openwall.com/lists/oss-security/2012/03/10/4","http://secunia.com/advisories/48307","http://www.debian.org/security/2012/dsa-2431","http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes","http://www.openwall.com/lists/oss-security/2012/03/09/6","http://rhn.redhat.com/errata/RHSA-2012-1116.html","http://secunia.com/advisories/48824","http://security.gentoo.org/glsa/glsa-201204-08.xml","http://www.mandriva.com/security/advisories?name=MDVSA-2012:112","https://exchange.xforce.ibmcloud.com/vulnerabilities/73855","https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"],"reported" => "2012-09-09","severity" => undef},{"affected_versions" => ["==1.49"],"cves" => ["CVE-2009-0663"],"description" => "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.\n","distribution" => "DBD-Pg","fixed_versions" => [],"id" => "CPANSA-DBD-Pg-2009-0663","references" => ["http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz","https://launchpad.net/bugs/cve/2009-0663","http://www.debian.org/security/2009/dsa-1780","http://secunia.com/advisories/34909","http://www.securityfocus.com/bid/34755","http://www.redhat.com/support/errata/RHSA-2009-0479.html","http://secunia.com/advisories/35058","http://www.redhat.com/support/errata/RHSA-2009-1067.html","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35685","https://exchange.xforce.ibmcloud.com/vulnerabilities/50467","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"],"reported" => "2009-04-30","severity" => undef},{"affected_versions" => ["<2.0.0"],"cves" => ["CVE-2009-1341"],"description" => "Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.\n","distribution" => "DBD-Pg","fixed_versions" => [">=2.0.0"],"id" => "CPANSA-DBD-Pg-2009-1341","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=21392","https://launchpad.net/bugs/cve/2009-1341","http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz","http://www.debian.org/security/2009/dsa-1780","http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes","http://secunia.com/advisories/34909","http://www.securityfocus.com/bid/34757","http://www.redhat.com/support/errata/RHSA-2009-0479.html","http://secunia.com/advisories/35058","http://www.redhat.com/support/errata/RHSA-2009-1067.html","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35685","https://exchange.xforce.ibmcloud.com/vulnerabilities/50387","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680"],"reported" => "2009-04-30","severity" => undef}],"main_module" => "DBD::Pg","versions" => [{"date" => "1997-03-13T21:11:59","version" => "0.1"},{"date" => "1997-04-28T20:48:18","version" => "0.3"},{"date" => "1997-08-10T20:45:01","version" => "0.5"},{"date" => "1997-08-16T06:48:54","version" => "0.51"},{"date" => "1997-08-17T09:14:26","version" => "0.52"},{"date" => "1997-08-23T20:41:48","version" => "0.61"},{"date" => "1997-08-26T21:39:36","version" => "0.62"},{"date" => "1997-10-05T18:41:32","version" => "0.63"},{"date" => "1998-02-02T21:05:57","version" => "0.64"},{"date" => "1998-02-15T09:59:55","version" => "0.65"},{"date" => "1998-02-19T21:13:44","version" => "0.66"},{"date" => "1998-02-21T16:49:34","version" => "0.67"},{"date" => "1998-03-03T21:22:18","version" => "0.68"},{"date" => "1998-03-06T22:15:44","version" => "0.69"},{"date" => "1998-04-20T20:14:28","version" => "0.72"},{"date" => "1998-06-03T15:15:54","version" => "0.73"},{"date" => "1998-11-05T21:41:28","version" => "0.89"},{"date" => "1999-01-16T06:10:32","version" => "0.90"},{"date" => "1999-02-14T20:41:05","version" => "0.91"},{"date" => "1999-06-16T19:06:21","version" => "0.92"},{"date" => "1999-09-29T21:25:02","version" => "0.93"},{"date" => "2000-07-07T10:45:34","version" => "0.94"},{"date" => "2000-07-10T18:07:30","version" => "0.95"},{"date" => "2001-04-09T17:58:20","version" => "0.96"},{"date" => "2001-04-20T21:11:46","version" => "0.97"},{"date" => "2001-04-25T14:13:22","version" => "0.98"},{"date" => "2001-05-24T17:36:05","version" => "0.99"},{"date" => "2001-05-27T14:14:13","version" => "1.00"},{"date" => "2001-06-27T18:03:08","version" => "1.01"},{"date" => "2002-03-06T23:05:52","version" => "1.10"},{"date" => "2002-03-07T01:34:18","version" => "1.11"},{"date" => "2002-04-10T02:03:57","version" => "1.12"},{"date" => "2002-04-27T20:50:11","version" => "1.13"},{"date" => "2002-11-27T17:57:11","version" => "1.20"},{"date" => "2003-01-13T06:46:43","version" => "1.21"},{"date" => "2003-03-27T04:46:08","version" => "1.22"},{"date" => "2003-09-10T02:12:07","version" => "1.31_5"},{"date" => "2003-10-29T21:33:29","version" => "1.31_7"},{"date" => "2003-11-10T03:52:37","version" => "1.31_8"},{"date" => "2003-11-14T22:17:30","version" => "1.31_9"},{"date" => "2003-11-18T18:34:28","version" => "1.31"},{"date" => "2004-02-13T18:57:25","version" => "1.32_1"},{"date" => "2004-02-19T02:40:51","version" => "1.32_2"},{"date" => "2004-02-25T19:23:08","version" => "1.32"},{"date" => "2005-02-06T21:18:12","version" => "1.39_02"},{"date" => "2005-02-22T06:07:17","version" => "1.40"},{"date" => "2005-03-31T12:35:04","version" => "1.40_1"},{"date" => "2005-03-31T23:34:15","version" => "1.40_2"},{"date" => "2005-04-01T23:56:01","version" => "1.40_03"},{"date" => "2005-04-05T02:47:47","version" => "1.40_04"},{"date" => "2005-04-06T22:53:50","version" => "1.41"},{"date" => "2005-05-07T18:48:36","version" => "1.41_1"},{"date" => "2005-05-19T03:23:24","version" => "1.41_2"},{"date" => "2005-05-21T14:56:23","version" => "1.42"},{"date" => "2005-06-22T00:42:23","version" => "1.42_1"},{"date" => "2005-06-23T12:09:13","version" => "1.43"},{"date" => "2005-09-13T01:39:06","version" => "1.43_1"},{"date" => "2006-02-13T03:50:51","version" => "1.43_2"},{"date" => "2006-02-22T03:00:40","version" => "1.44"},{"date" => "2006-02-26T19:15:10","version" => "1.45"},{"date" => "2006-03-17T17:17:03","version" => "1.46"},{"date" => "2006-03-19T21:19:12","version" => "1.47"},{"date" => "2006-04-05T15:39:30","version" => "1.48"},{"date" => "2006-05-05T16:40:59","version" => "1.49"},{"date" => "2008-01-17T14:34:38","version" => "2.0.0"},{"date" => "2008-01-17T22:47:38","version" => "2.0.0_2"},{"date" => "2008-01-18T04:21:25","version" => "2.0.0_3"},{"date" => "2008-01-18T16:25:19","version" => "2.0.0_4"},{"date" => "2008-01-19T19:05:27","version" => "2.0.0_5"},{"date" => "2008-01-23T19:19:45","version" => "2.0.0_6"},{"date" => "2008-01-26T17:48:03","version" => "2.0.0_7"},{"date" => "2008-01-28T17:08:31","version" => "2.0.0_8"},{"date" => "2008-01-28T21:21:19","version" => "2.0.0_9"},{"date" => "2008-02-10T19:34:31","version" => "2.0.0"},{"date" => "2008-02-17T04:58:29","version" => "2.0.0_1"},{"date" => "2008-02-17T13:10:04","version" => "2.0.0_2"},{"date" => "2008-02-17T18:17:25","version" => "2.0.1_1"},{"date" => "2008-02-18T02:28:30","version" => "2.0.1_2"},{"date" => "2008-02-18T23:52:09","version" => "2.0.1_3"},{"date" => "2008-02-19T02:09:09","version" => "2.1.0"},{"date" => "2008-02-19T04:45:29","version" => "2.1.1"},{"date" => "2008-02-19T15:36:06","version" => "2.1.1_1"},{"date" => "2008-02-20T02:56:37","version" => "2.1.2"},{"date" => "2008-02-21T00:31:43","version" => "2.1.3"},{"date" => "2008-02-26T01:59:20","version" => "2.1.3_1"},{"date" => "2008-02-26T13:50:47","version" => "2.1.3_2"},{"date" => "2008-02-28T04:08:34","version" => "2.2.0"},{"date" => "2008-03-02T03:01:12","version" => "2.2.1"},{"date" => "2008-03-03T17:14:01","version" => "2.2.2"},{"date" => "2008-03-19T14:50:06","version" => "2.3.0"},{"date" => "2008-03-21T16:41:42","version" => "2.4.0"},{"date" => "2008-03-23T16:55:36","version" => "2.5.0"},{"date" => "2008-04-07T19:16:57","version" => "2.5.1"},{"date" => "2008-04-14T15:57:23","version" => "2.5.2_1"},{"date" => "2008-04-16T18:16:11","version" => "2.6.0"},{"date" => "2008-04-22T18:06:55","version" => "2.6.1"},{"date" => "2008-04-28T21:15:56","version" => "2.6.1_1"},{"date" => "2008-04-30T23:18:14","version" => "2.6.2"},{"date" => "2008-05-01T16:03:12","version" => "2.6.3"},{"date" => "2008-05-02T17:09:20","version" => "2.6.4"},{"date" => "2008-05-07T14:10:57","version" => "2.6.5"},{"date" => "2008-05-07T20:41:03","version" => "2.6.6"},{"date" => "2008-05-10T22:37:02","version" => "2.7.0"},{"date" => "2008-05-11T20:58:52","version" => "2.7.1"},{"date" => "2008-05-14T13:19:24","version" => "2.7.2"},{"date" => "2008-06-02T01:33:26","version" => "2.8.0"},{"date" => "2008-06-12T04:06:28","version" => "2.8.1"},{"date" => "2008-06-30T02:21:03","version" => "2.8.2"},{"date" => "2008-07-07T02:09:01","version" => "2.8.3"},{"date" => "2008-07-10T18:18:54","version" => "2.8.4"},{"date" => "2008-07-13T14:41:49","version" => "2.8.5"},{"date" => "2008-07-21T15:23:39","version" => "2.8.6"},{"date" => "2008-07-24T05:27:41","version" => "2.8.7"},{"date" => "2008-08-03T19:48:22","version" => "2.9.0"},{"date" => "2008-08-18T03:49:13","version" => "2.9.1"},{"date" => "2008-08-18T14:00:03","version" => "2.9.2"},{"date" => "2008-08-27T02:46:34","version" => "2.10.0"},{"date" => "2008-08-31T16:29:33","version" => "2.10.1"},{"date" => "2008-09-01T01:40:52","version" => "2.10.2"},{"date" => "2008-09-01T01:48:43","version" => "2.10.3"},{"date" => "2008-09-16T15:35:48","version" => "2.10.4"},{"date" => "2008-09-16T15:43:37","version" => "2.10.5"},{"date" => "2008-09-19T13:38:32","version" => "2.10.6"},{"date" => "2008-09-23T03:13:47","version" => "2.10.7"},{"date" => "2008-10-13T11:50:18","version" => "2.11.0"},{"date" => "2008-10-14T04:21:14","version" => "2.11.1"},{"date" => "2008-10-16T00:55:38","version" => "2.11.2"},{"date" => "2008-11-03T13:51:55","version" => "2.11.3"},{"date" => "2008-11-12T22:11:37","version" => "2.11.4"},{"date" => "2008-11-24T23:56:25","version" => "2.11.5"},{"date" => "2008-11-30T23:05:28","version" => "2.11.6"},{"date" => "2008-12-13T17:02:24","version" => "2.11.7"},{"date" => "2008-12-28T19:24:29","version" => "2.11.8"},{"date" => "2009-03-24T02:23:04","version" => "2.11.8_1"},{"date" => "2009-03-26T18:53:00","version" => "2.11.8_2"},{"date" => "2009-03-28T14:56:16","version" => "2.12.0"},{"date" => "2009-04-14T02:14:44","version" => "2.13.0"},{"date" => "2009-04-23T16:30:10","version" => "2.13.1"},{"date" => "2009-07-13T19:43:16","version" => "2.13.1_1"},{"date" => "2009-07-14T14:34:31","version" => "2.13.1_2"},{"date" => "2009-07-15T21:12:47","version" => "2.13.1_3"},{"date" => "2009-07-17T01:15:13","version" => "2.13.1_4"},{"date" => "2009-07-20T23:54:06","version" => "2.13.1_5"},{"date" => "2009-07-21T16:03:25","version" => "2.13.1_6"},{"date" => "2009-07-21T21:43:56","version" => "2.13.1_7"},{"date" => "2009-07-27T22:45:52","version" => "2.14.0"},{"date" => "2009-07-28T17:05:35","version" => "2.14.1"},{"date" => "2009-08-04T04:08:56","version" => "2.14.1_1"},{"date" => "2009-08-04T18:18:51","version" => "2.15.0"},{"date" => "2009-08-07T15:05:27","version" => "2.15.1"},{"date" => "2009-12-17T15:41:55","version" => "2.8.8"},{"date" => "2009-12-17T17:14:41","version" => "2.16.0"},{"date" => "2010-01-20T21:13:23","version" => "2.16.1"},{"date" => "2010-04-06T18:56:34","version" => "2.17.0"},{"date" => "2010-04-08T15:32:24","version" => "2.17.1"},{"date" => "2010-11-21T05:14:52","version" => "2.17.2"},{"date" => "2011-03-27T03:53:00","version" => "2.17.2_1"},{"date" => "2011-03-29T00:36:37","version" => "2.18.0"},{"date" => "2011-05-09T16:40:13","version" => "2.18.1"},{"date" => "2011-06-19T18:46:40","version" => "2.99.9_1"},{"date" => "2011-06-20T20:47:06","version" => "2.99.9_2"},{"date" => "2012-03-09T22:51:54","version" => "2.19.0"},{"date" => "2012-03-11T03:28:47","version" => "2.19.1"},{"date" => "2012-03-12T20:58:56","version" => "2.19.2"},{"date" => "2012-08-21T17:18:39","version" => "2.19.3"},{"date" => "2013-11-16T03:47:03","version" => "2.20.1_1"},{"date" => "2013-11-21T03:22:26","version" => "2.20.1_2"},{"date" => "2013-11-26T19:03:57","version" => "2.20.1_3"},{"date" => "2013-11-27T19:35:07","version" => "2.20.1_4"},{"date" => "2014-01-11T20:31:09","version" => "2.20.1_6"},{"date" => "2014-02-04T01:38:37","version" => "3.0.0"},{"date" => "2014-04-05T11:08:15","version" => "3.1.0"},{"date" => "2014-04-06T13:17:49","version" => "3.1.1"},{"date" => "2014-05-15T17:20:49","version" => "3.2.0"},{"date" => "2014-05-20T16:38:44","version" => "3.2.1"},{"date" => "2014-05-31T18:50:07","version" => "3.3.0"},{"date" => "2014-08-16T19:09:15","version" => "3.4.0"},{"date" => "2014-08-20T20:38:19","version" => "3.4.1"},{"date" => "2014-09-25T21:16:23","version" => "3.4.2"},{"date" => "2015-01-06T20:41:04","version" => "3.5.0"},{"date" => "2015-02-07T13:09:54","version" => "3.5.0_1"},{"date" => "2015-02-16T19:17:14","version" => "3.5.0_2"},{"date" => "2015-02-17T21:20:22","version" => "3.5.1"},{"date" => "2015-09-29T15:46:33","version" => "3.5.2"},{"date" => "2015-10-01T14:06:04","version" => "3.5.3"},{"date" => "2017-04-05T10:23:22","version" => "3.5.9_1"},{"date" => "2017-04-17T13:34:12","version" => "3.6.0"},{"date" => "2017-05-22T16:49:32","version" => "3.6.1"},{"date" => "2017-05-23T14:25:49","version" => "3.6.2"},{"date" => "2017-09-22T16:30:49","version" => "3.6.9_1"},{"date" => "2017-09-23T02:10:34","version" => "3.6.9_2"},{"date" => "2017-09-24T19:30:09","version" => "3.7.0"},{"date" => "2018-02-11T19:23:39","version" => "3.7.1"},{"date" => "2018-02-12T13:39:58","version" => "v3.7.3"},{"date" => "2018-02-13T04:10:10","version" => "3.7.4"},{"date" => "2019-04-26T02:20:41","version" => "3.8.0"},{"date" => "2019-07-06T19:44:25","version" => "3.8.1"},{"date" => "2019-07-25T15:48:44","version" => "3.8.9_1"},{"date" => "2019-08-13T21:10:51","version" => "3.9.0"},{"date" => "2019-08-15T19:46:43","version" => "3.9.1"},{"date" => "2019-09-03T15:18:09","version" => "3.10.0"},{"date" => "2020-01-14T03:27:38","version" => "3.10.1"},{"date" => "2020-01-17T22:34:46","version" => "3.10.2"},{"date" => "2020-01-20T21:01:45","version" => "3.10.3"},{"date" => "2020-02-03T17:19:38","version" => "3.10.4"},{"date" => "2020-03-23T17:47:23","version" => "3.10.5"},{"date" => "2020-04-23T16:46:52","version" => "3.11.0"},{"date" => "2020-04-28T15:12:38","version" => "3.11.1"},{"date" => "2020-05-07T18:35:28","version" => "3.12.0"},{"date" => "2020-06-03T13:39:22","version" => "3.12.1"},{"date" => "2020-06-04T15:30:54","version" => "3.12.2"},{"date" => "2020-06-05T17:59:13","version" => "3.12.3"},{"date" => "2020-06-08T20:38:00","version" => "3.12.3_1"},{"date" => "2020-06-15T21:25:55","version" => "3.12.3_2"},{"date" => "2020-06-17T15:53:25","version" => "3.13.0"},{"date" => "2020-07-20T00:24:23","version" => "3.14.0"},{"date" => "2020-08-12T16:17:33","version" => "3.14.1"},{"date" => "2020-08-13T13:36:09","version" => "3.14.2"},{"date" => "2021-05-21T21:20:28","version" => "3.15.0"},{"date" => "2022-02-14T15:39:15","version" => "3.15.1"},{"date" => "2022-08-08T18:03:02","version" => "3.16.0"},{"date" => "2023-03-06T00:06:35","version" => "3.16.1"},{"date" => "2023-04-04T19:49:11","version" => "3.16.2"},{"date" => "2023-04-04T20:43:26","version" => "3.16.3"},{"date" => "2023-08-24T00:42:24","version" => "3.17.0"},{"date" => "2023-12-06T23:47:13","version" => "3.18.0"},{"date" => "2026-03-14T17:02:30","version" => "3.19.0"}]},"DBD-SQLite" => {"advisories" => [{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-15358"],"description" => "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-15358","references" => ["https://www.sqlite.org/src/info/10fa79d00f8091e5","https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2","https://www.sqlite.org/src/tktview?name=8f157e8010","https://security.netapp.com/advisory/ntap-20200709-0001/","https://security.gentoo.org/glsa/202007-26","https://usn.ubuntu.com/4438-1/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211847","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpujan2021.html","https://support.apple.com/kb/HT212147","http://seclists.org/fulldisclosure/2021/Feb/14","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-06-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13632"],"description" => "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13632","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/a4dd148928ea65bd","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13631"],"description" => "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13631","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/eca0ba2cf4c0fdf7","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c\@%3Cissues.guacamole.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13630"],"description" => "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13630","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/0d69f76f0865f962","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "high"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13435","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13434","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-11656","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-11655","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-9327"],"description" => "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-9327","references" => ["https://www.sqlite.org/cgi/src/info/4374860b29383380","https://www.sqlite.org/cgi/src/info/abc473fb8fb99900","https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e","https://security.netapp.com/advisory/ntap-20200313-0002/","https://security.gentoo.org/glsa/202003-16","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-02-21","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-20218"],"description" => "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-20218","references" => ["https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://security.gentoo.org/glsa/202007-26","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html"],"reported" => "2020-01-02","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19959"],"description" => "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19959","references" => ["https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec","https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1","https://security.netapp.com/advisory/ntap-20200204-0001/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"reported" => "2020-01-03","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19926","CVE-2019-19880"],"description" => "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19926","references" => ["https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4298-2/","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-23","severity" => "high"},{"affected_versions" => [">=1.19_01,<1.63_03"],"cves" => ["CVE-2019-8457"],"description" => "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.63_04"],"id" => "CPANSA-DBD-SQLite-2019-8457","references" => ["https://www.sqlite.org/src/info/90acdbfce9c08858","https://www.sqlite.org/releaselog/3_28_0.html","https://usn.ubuntu.com/4004-1/","https://usn.ubuntu.com/4004-2/","https://security.netapp.com/advisory/ntap-20190606-0002/","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2019-05-30","severity" => "critical"},{"affected_versions" => [">=1.61_03,<1.63_03"],"cves" => ["CVE-2019-5018"],"description" => "An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.63_04"],"id" => "CPANSA-DBD-SQLite-2019-5018","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777","http://www.securityfocus.com/bid/108294","http://packetstormsecurity.com/files/152809/Sqlite3-Window-Function-Remote-Code-Execution.html","https://security.netapp.com/advisory/ntap-20190521-0001/","https://security.gentoo.org/glsa/201908-09","https://usn.ubuntu.com/4205-1/"],"reported" => "2019-05-10","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19925"],"description" => "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19925","references" => ["https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19924"],"description" => "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19924","references" => ["https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3","https://security.netapp.com/advisory/ntap-20200114-0003/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "medium"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19923"],"description" => "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19923","references" => ["https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19880"],"description" => "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19880","references" => ["https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54","https://security.netapp.com/advisory/ntap-20200114-0001/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-18","severity" => "high"},{"affected_versions" => ["<=1.65_02"],"cves" => ["CVE-2019-19646"],"description" => "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19646","references" => ["https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd","https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3","https://www.sqlite.org/","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "critical"},{"affected_versions" => ["<=1.65_02"],"cves" => ["CVE-2019-19645"],"description" => "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19645","references" => ["https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4394-1/","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "medium"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19603"],"description" => "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19603","references" => ["https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13","https://www.sqlite.org/","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4394-1/","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c\@%3Cissues.guacamole.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19317"],"description" => "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19317","references" => ["https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8","https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-05","severity" => "critical"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19244"],"description" => "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19244","references" => ["https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-25","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19242","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["<1.61_01"],"cves" => ["CVE-2018-20506"],"description" => "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.61_01"],"id" => "CPANSA-DBD-SQLite-2018-20506","references" => ["https://support.apple.com/kb/HT209451","https://support.apple.com/kb/HT209450","https://support.apple.com/kb/HT209448","https://support.apple.com/kb/HT209447","https://support.apple.com/kb/HT209446","https://support.apple.com/kb/HT209443","https://sqlite.org/src/info/940f2adc8541a838","https://seclists.org/bugtraq/2019/Jan/39","https://seclists.org/bugtraq/2019/Jan/33","https://seclists.org/bugtraq/2019/Jan/32","https://seclists.org/bugtraq/2019/Jan/31","https://seclists.org/bugtraq/2019/Jan/29","https://seclists.org/bugtraq/2019/Jan/28","http://www.securityfocus.com/bid/106698","http://seclists.org/fulldisclosure/2019/Jan/69","http://seclists.org/fulldisclosure/2019/Jan/68","http://seclists.org/fulldisclosure/2019/Jan/67","http://seclists.org/fulldisclosure/2019/Jan/66","http://seclists.org/fulldisclosure/2019/Jan/64","http://seclists.org/fulldisclosure/2019/Jan/62","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html","https://security.netapp.com/advisory/ntap-20190502-0004/","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2019-04-03","severity" => "high"},{"affected_versions" => ["==1.59_02"],"cves" => ["CVE-2018-20505"],"description" => "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.59_03"],"id" => "CPANSA-DBD-SQLite-2018-20505","references" => ["https://support.apple.com/kb/HT209451","https://support.apple.com/kb/HT209450","https://support.apple.com/kb/HT209448","https://support.apple.com/kb/HT209447","https://support.apple.com/kb/HT209446","https://support.apple.com/kb/HT209443","https://sqlite.org/src/info/1a84668dcfdebaf12415d","https://seclists.org/bugtraq/2019/Jan/39","https://seclists.org/bugtraq/2019/Jan/33","https://seclists.org/bugtraq/2019/Jan/32","https://seclists.org/bugtraq/2019/Jan/31","https://seclists.org/bugtraq/2019/Jan/29","https://seclists.org/bugtraq/2019/Jan/28","http://www.securityfocus.com/bid/106698","http://seclists.org/fulldisclosure/2019/Jan/69","http://seclists.org/fulldisclosure/2019/Jan/68","http://seclists.org/fulldisclosure/2019/Jan/67","http://seclists.org/fulldisclosure/2019/Jan/66","http://seclists.org/fulldisclosure/2019/Jan/64","http://seclists.org/fulldisclosure/2019/Jan/62","https://security.netapp.com/advisory/ntap-20190502-0004/","https://usn.ubuntu.com/4019-1/"],"reported" => "2019-04-03","severity" => "high"},{"affected_versions" => ["<1.61_01"],"cves" => ["CVE-2018-20346"],"description" => "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.61_01"],"id" => "CPANSA-DBD-SQLite-2018-20346","references" => ["https://www.sqlite.org/releaselog/3_25_3.html","https://www.mail-archive.com/sqlite-users\@mailinglists.sqlite.org/msg113218.html","https://crbug.com/900910","https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://bugzilla.redhat.com/show_bug.cgi?id=1659677","https://bugzilla.redhat.com/show_bug.cgi?id=1659379","https://blade.tencent.com/magellan/index_en.html","https://access.redhat.com/articles/3758321","https://worthdoingbadly.com/sqlitebug/","https://sqlite.org/src/info/d44318f59044162e","https://sqlite.org/src/info/940f2adc8541a838","https://news.ycombinator.com/item?id=18685296","https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html","https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html","https://www.synology.com/security/advisory/Synology_SA_18_61","http://www.securityfocus.com/bid/106323","https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html","https://security.gentoo.org/glsa/201904-21","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://support.apple.com/HT209448","https://support.apple.com/HT209447","https://support.apple.com/HT209446","https://support.apple.com/HT209451","https://support.apple.com/HT209443","https://support.apple.com/HT209450","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2018-12-21","severity" => "high"},{"affected_versions" => ["<1.59_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.59_01"],"id" => "CPANSA-DBD-SQLite-2018-8740","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["==1.55_06","<=1.55_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.55_07"],"id" => "CPANSA-DBD-SQLite-2017-10989","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["<=1.55_01"],"cves" => ["CVE-2016-6153"],"description" => "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.55_01"],"id" => "CPANSA-DBD-SQLite-2016-6153","references" => ["http://www.openwall.com/lists/oss-security/2016/07/01/1","http://www.securityfocus.com/bid/91546","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/","https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt","https://www.sqlite.org/releaselog/3_13_0.html","http://www.sqlite.org/cgi/src/info/67985761aa93fb61","http://www.openwall.com/lists/oss-security/2016/07/01/2","http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html","https://www.tenable.com/security/tns-2016-20","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://github.com/briandfoy/cpan-security-advisory/issues/187","https://rt.cpan.org/Public/Bug/Display.html?id=118395"],"reported" => "2016-09-26","severity" => "medium"},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3416"],"description" => "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3416","references" => ["http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://rhn.redhat.com/errata/RHSA-2015-1634.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3415"],"description" => "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3415","references" => ["https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3414"],"description" => "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3414","references" => ["https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["==1.47_01"],"cves" => ["CVE-2013-7443"],"description" => "Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2013-7443","references" => ["https://www.sqlite.org/src/info/520070ec7fbaac73eda0e0123596b7bb3e9a6897","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1448758","https://www.sqlite.org/src/info/ac5852d6403c9c9628ca0aa7be135c702f000698","http://ubuntu.com/usn/usn-2698-1","http://www.openwall.com/lists/oss-security/2015/07/14/5","http://www.openwall.com/lists/oss-security/2015/07/15/4","http://www.securityfocus.com/bid/76089"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.00,<=1.02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.03,<=1.04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.07"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.08"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.09"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.10,<=1.11"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.12"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.13"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.14"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.19_01,<=1.22_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.22_05,<=1.26_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.26_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.26_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.26_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.26_05,<=1.26_06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.26_07,<=1.27"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.28_01,<=1.28_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.29,<=1.30_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.30_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.30_04,<=1.31"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.32_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.32_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.32_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.32_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.33"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.34_01,<=1.34_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.36_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.36_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.36_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.36_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.37"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.38_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.38_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.38_03,<=1.40"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.41_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.41_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.41_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.41_04,<=1.41_05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.41_06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.41_07,<=1.43_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.43_03,<=1.43_07"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.43_08,<=1.44"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.45_01,<=1.45_05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.45_06,<=1.46"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.47_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.47_02,<1.47_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.47_05,<=1.48"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.49_01,<=1.49_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.49_03,<=1.49_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.49_05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.49_06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.49_07,<=1.50"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.51_01,<=1.51_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.51_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.51_05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.51_06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.51_07,<=1.54"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.55_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.55_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.55_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.55_04,<=1.55_05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.55_06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.55_07,<=1.58"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.59_01"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["=1.59_01"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.59_02,<=1.60"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => [">=1.59_02,<=1.60"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.61_01,<=1.61_02"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => [">=1.61_01,<=1.61_02"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.61_03,<=1.63_01"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => [">=1.61_03,<=1.63_01"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.63_02,<=1.63_03"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => [">=1.63_02,<=1.63_03"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => ["=1.63_04"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["=1.63_04"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.63_05,<=1.64"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => [">=1.63_05,<=1.64"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => ["=1.65_01"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["=1.65_01"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => ["=1.65_02"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["=1.65_02"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.65_03,<=1.66"],"cves" => ["CVE-2020-15358"],"description" => "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-15358-sqlite","references" => ["https://www.sqlite.org/src/info/10fa79d00f8091e5","https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2","https://www.sqlite.org/src/tktview?name=8f157e8010","https://security.netapp.com/advisory/ntap-20200709-0001/","https://security.gentoo.org/glsa/202007-26","https://usn.ubuntu.com/4438-1/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211847","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpujan2021.html","https://support.apple.com/kb/HT212147","http://seclists.org/fulldisclosure/2021/Feb/14","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-06-27","severity" => "medium"},{"affected_versions" => ["=1.67_01"],"cves" => ["CVE-2021-20223"],"description" => "An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode \"control-characters\" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20223-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b","https://www.sqlite.org/forum/forumpost/09609d7e22","https://sqlite.org/src/info/b7b7bde9b7a03665"],"reported" => "2022-08-25","severity" => "critical"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"}],"main_module" => "DBD::SQLite","versions" => [{"date" => "2002-02-19T18:56:55","version" => "0.05"},{"date" => "2002-02-22T07:29:26","version" => "0.06"},{"date" => "2002-02-23T11:19:51","version" => "0.07"},{"date" => "2002-02-25T12:59:46","version" => "0.08"},{"date" => "2002-02-27T19:46:01","version" => "0.09"},{"date" => "2002-02-28T11:11:10","version" => "0.10"},{"date" => "2002-03-13T12:16:23","version" => "0.11"},{"date" => "2002-03-21T16:49:25","version" => "0.12"},{"date" => "2002-03-26T22:39:39","version" => "0.13"},{"date" => "2002-03-28T15:59:02","version" => "0.14"},{"date" => "2002-04-02T10:48:10","version" => "0.15"},{"date" => "2002-06-17T23:50:53","version" => "0.16"},{"date" => "2002-06-26T13:59:05","version" => "0.17"},{"date" => "2002-07-12T13:46:37","version" => "0.18"},{"date" => "2002-08-13T22:19:45","version" => "0.19"},{"date" => "2002-10-17T16:25:57","version" => "0.20"},{"date" => "2002-10-18T07:08:42","version" => "0.21"},{"date" => "2002-12-18T18:02:11","version" => "0.22"},{"date" => "2002-12-29T16:25:29","version" => "0.23"},{"date" => "2003-01-29T16:47:23","version" => "0.24"},{"date" => "2003-03-06T22:24:48","version" => "0.25"},{"date" => "2003-07-31T15:16:06","version" => "0.26"},{"date" => "2003-08-18T20:17:31","version" => "0.27"},{"date" => "2003-08-25T13:42:07","version" => "0.28"},{"date" => "2003-12-05T15:42:05","version" => "0.29"},{"date" => "2004-02-08T18:45:02","version" => "0.30"},{"date" => "2004-02-14T19:18:16","version" => "0.31"},{"date" => "2004-07-21T21:19:33","version" => "1.00"},{"date" => "2004-08-01T04:49:09","version" => "1.01"},{"date" => "2004-08-02T18:35:42","version" => "1.02"},{"date" => "2004-08-09T15:43:59","version" => "1.03"},{"date" => "2004-08-23T15:14:21","version" => "1.04"},{"date" => "2004-09-10T15:46:34","version" => "1.05"},{"date" => "2004-09-21T17:26:28","version" => "1.06"},{"date" => "2004-10-12T09:07:33","version" => "1.07"},{"date" => "2005-02-26T13:47:33","version" => "1.08"},{"date" => "2005-06-20T15:42:32","version" => "1.09"},{"date" => "2005-12-01T20:56:30","version" => "1.10"},{"date" => "2005-12-02T19:13:29","version" => "1.11"},{"date" => "2006-04-10T02:24:08","version" => "1.12"},{"date" => "2006-09-08T05:02:06","version" => "1.13"},{"date" => "2007-09-19T19:25:09","version" => "1.14"},{"date" => "2009-03-27T11:11:41","version" => "1.19_01"},{"date" => "2009-03-28T16:46:41","version" => "1.19_02"},{"date" => "2009-03-30T21:58:59","version" => "1.19_03"},{"date" => "2009-03-31T20:31:37","version" => "1.19_04"},{"date" => "2009-04-02T04:24:12","version" => "1.19_05"},{"date" => "2009-04-03T19:21:54","version" => "1.19_06"},{"date" => "2009-04-04T00:49:42","version" => "1.19_07"},{"date" => "2009-04-04T04:29:03","version" => "1.19_08"},{"date" => "2009-04-05T03:16:37","version" => "1.19_09"},{"date" => "2009-04-05T19:43:04","version" => "1.19_10"},{"date" => "2009-04-07T14:00:36","version" => "1.20"},{"date" => "2009-04-08T01:24:11","version" => "1.21"},{"date" => "2009-04-08T02:05:13","version" => "1.22_01"},{"date" => "2009-04-08T11:49:36","version" => "1.22_02"},{"date" => "2009-04-09T09:40:39","version" => "1.22_03"},{"date" => "2009-04-11T01:58:53","version" => "1.22_04"},{"date" => "2009-04-14T15:52:05","version" => "1.22_05"},{"date" => "2009-04-15T14:59:20","version" => "1.22_06"},{"date" => "2009-04-16T05:40:28","version" => "1.22_07"},{"date" => "2009-04-17T09:08:15","version" => "1.22_08"},{"date" => "2009-04-19T09:53:00","version" => "1.23"},{"date" => "2009-04-22T02:14:33","version" => "1.24_01"},{"date" => "2009-04-23T00:50:02","version" => "1.24_02"},{"date" => "2009-04-23T10:20:49","version" => "1.25"},{"date" => "2009-05-05T06:04:00","version" => "1.26_01"},{"date" => "2009-06-19T06:56:29","version" => "1.26_02"},{"date" => "2009-08-12T06:01:13","version" => "1.26_03"},{"date" => "2009-10-06T06:23:40","version" => "1.26_04"},{"date" => "2009-10-15T04:05:19","version" => "1.26_05"},{"date" => "2009-10-28T11:16:12","version" => "1.26_06"},{"date" => "2009-11-16T01:47:37","version" => "1.26_07"},{"date" => "2009-11-23T11:15:09","version" => "1.27"},{"date" => "2009-12-23T11:44:07","version" => "1.28_01"},{"date" => "2010-01-03T05:56:21","version" => "1.28_02"},{"date" => "2010-01-08T09:14:18","version" => "1.29"},{"date" => "2010-03-10T15:55:37","version" => "1.30_01"},{"date" => "2010-03-30T11:45:57","version" => "1.30_02"},{"date" => "2010-05-31T03:13:24","version" => "1.30_03"},{"date" => "2010-08-25T09:25:41","version" => "1.30_04"},{"date" => "2010-08-27T15:31:59","version" => "1.30_05"},{"date" => "2010-09-09T01:49:17","version" => "1.30_06"},{"date" => "2010-09-15T07:30:11","version" => "1.31"},{"date" => "2010-12-10T05:14:51","version" => "1.32_01"},{"date" => "2011-03-07T06:57:51","version" => "1.32_02"},{"date" => "2011-05-12T05:05:38","version" => "1.32_03"},{"date" => "2011-05-20T02:39:29","version" => "1.32_04"},{"date" => "2011-05-30T07:39:31","version" => "1.33"},{"date" => "2011-09-21T16:26:23","version" => "1.34_01"},{"date" => "2011-10-21T06:13:45","version" => "1.34_02"},{"date" => "2011-11-01T03:51:19","version" => "1.34_03"},{"date" => "2011-11-29T00:16:47","version" => "1.35"},{"date" => "2012-01-19T06:15:08","version" => "1.36_01"},{"date" => "2012-02-23T04:11:05","version" => "1.36_02"},{"date" => "2012-05-07T22:56:21","version" => "1.36_03"},{"date" => "2012-05-19T09:46:14","version" => "1.36_04"},{"date" => "2012-06-09T14:43:03","version" => "1.37"},{"date" => "2012-09-24T10:18:25","version" => "1.38_01"},{"date" => "2013-04-09T05:03:21","version" => "1.38_02"},{"date" => "2013-05-21T05:14:23","version" => "1.38_03"},{"date" => "2013-05-29T07:11:57","version" => "1.38_04"},{"date" => "2013-05-31T04:39:53","version" => "1.38_05"},{"date" => "2013-06-09T15:10:40","version" => "1.39"},{"date" => "2013-07-28T05:31:53","version" => "1.40"},{"date" => "2013-08-27T06:41:37","version" => "1.41_01"},{"date" => "2013-08-29T18:53:29","version" => "1.41_02"},{"date" => "2013-09-04T17:57:50","version" => "1.41_03"},{"date" => "2014-01-12T01:19:09","version" => "1.41_04"},{"date" => "2014-01-22T03:53:26","version" => "1.41_05"},{"date" => "2014-02-12T02:53:38","version" => "1.41_06"},{"date" => "2014-03-13T13:44:52","version" => "1.41_07"},{"date" => "2014-03-19T15:29:13","version" => "1.42"},{"date" => "2014-03-25T18:50:08","version" => "1.43_01"},{"date" => "2014-03-25T19:58:13","version" => "1.43_02"},{"date" => "2014-06-12T05:01:15","version" => "1.43_03"},{"date" => "2014-07-21T01:13:47","version" => "1.43_04"},{"date" => "2014-07-21T05:45:41","version" => "1.43_05"},{"date" => "2014-07-22T00:31:31","version" => "1.43_06"},{"date" => "2014-07-29T17:03:09","version" => "1.43_07"},{"date" => "2014-08-21T09:01:11","version" => "1.43_08"},{"date" => "2014-10-20T07:50:46","version" => "1.43_09"},{"date" => "2014-10-22T14:15:00","version" => "1.44"},{"date" => "2014-10-22T15:33:37","version" => "1.45_01"},{"date" => "2014-10-23T08:21:27","version" => "1.45_02"},{"date" => "2014-10-24T17:57:53","version" => "1.45_03"},{"date" => "2014-10-28T08:28:00","version" => "1.45_04"},{"date" => "2014-11-25T04:07:43","version" => "1.45_05"},{"date" => "2014-11-26T08:52:49","version" => "1.45_06"},{"date" => "2014-12-10T06:23:03","version" => "1.46"},{"date" => "2015-02-17T07:00:46","version" => "1.47_01"},{"date" => "2015-04-16T13:30:38","version" => "1.47_02"},{"date" => "2015-04-16T14:45:00","version" => "1.47_03"},{"date" => "2015-05-01T17:37:17","version" => "1.47_04"},{"date" => "2015-05-08T13:49:32","version" => "1.47_05"},{"date" => "2015-06-11T16:10:44","version" => "1.48"},{"date" => "2015-08-04T11:18:05","version" => "1.49_01"},{"date" => "2015-10-10T03:43:45","version" => "1.49_02"},{"date" => "2015-11-05T05:52:27","version" => "1.49_03"},{"date" => "2015-11-24T12:59:11","version" => "1.49_04"},{"date" => "2016-01-11T13:32:43","version" => "1.49_05"},{"date" => "2016-01-15T03:40:44","version" => "1.49_06"},{"date" => "2016-01-21T01:11:59","version" => "1.49_07"},{"date" => "2016-01-30T00:55:58","version" => "1.49_08"},{"date" => "2016-02-10T15:04:42","version" => "1.50"},{"date" => "2016-02-20T01:03:50","version" => "1.51_01"},{"date" => "2016-02-20T01:49:29","version" => "1.51_02"},{"date" => "2016-02-20T11:06:51","version" => "1.51_03"},{"date" => "2016-03-07T04:33:35","version" => "1.51_04"},{"date" => "2016-06-23T01:22:57","version" => "1.51_05"},{"date" => "2016-10-15T00:21:14","version" => "1.51_06"},{"date" => "2016-10-16T05:16:29","version" => "1.51_07"},{"date" => "2016-11-15T13:02:35","version" => "1.52"},{"date" => "2016-11-26T01:34:30","version" => "1.53_01"},{"date" => "2016-12-24T02:36:45","version" => "1.54"},{"date" => "2017-01-03T15:42:47","version" => "1.55_01"},{"date" => "2017-01-07T16:49:21","version" => "1.55_02"},{"date" => "2017-02-14T01:31:43","version" => "1.55_03"},{"date" => "2017-11-21T17:07:32","version" => "1.55_04"},{"date" => "2017-12-15T18:52:29","version" => "1.55_05"},{"date" => "2018-01-27T07:33:51","version" => "1.55_06"},{"date" => "2018-01-27T07:42:58","version" => "1.55_07"},{"date" => "2018-02-28T09:01:25","version" => "1.56"},{"date" => "2018-03-21T06:45:29","version" => "1.57_01"},{"date" => "2018-03-28T11:56:19","version" => "1.58"},{"date" => "2018-09-16T19:25:50","version" => "1.59_01"},{"date" => "2018-09-30T06:09:34","version" => "1.59_02"},{"date" => "2018-11-03T12:14:20","version" => "1.59_03"},{"date" => "2018-12-01T02:42:29","version" => "1.60"},{"date" => "2018-12-01T08:01:30","version" => "1.61_01"},{"date" => "2018-12-01T09:10:18","version" => "1.61_02"},{"date" => "2018-12-19T13:03:22","version" => "1.61_03"},{"date" => "2018-12-22T06:37:21","version" => "1.61_04"},{"date" => "2018-12-28T17:59:27","version" => "1.62"},{"date" => "2019-01-25T22:31:45","version" => "1.63_01"},{"date" => "2019-02-13T19:09:44","version" => "1.63_02"},{"date" => "2019-02-14T16:56:40","version" => "1.63_03"},{"date" => "2019-05-24T16:39:18","version" => "1.63_04"},{"date" => "2019-07-11T17:50:51","version" => "1.63_05"},{"date" => "2019-08-12T09:02:59","version" => "1.64"},{"date" => "2020-01-18T01:56:18","version" => "1.65_01"},{"date" => "2020-02-08T13:02:59","version" => "1.65_02"},{"date" => "2020-07-26T16:42:08","version" => "1.65_03"},{"date" => "2020-08-30T02:14:15","version" => "1.66"},{"date" => "2020-11-24T12:57:56","version" => "1.67_01"},{"date" => "2020-12-05T17:06:24","version" => "1.67_02"},{"date" => "2021-03-30T21:37:13","version" => "1.67_03"},{"date" => "2021-05-30T22:56:01","version" => "1.67_04"},{"date" => "2021-06-12T23:39:11","version" => "1.67_05"},{"date" => "2021-06-14T03:49:54","version" => "1.67_06"},{"date" => "2021-06-19T00:57:41","version" => "1.67_07"},{"date" => "2021-07-22T05:30:17","version" => "1.68"},{"date" => "2021-07-29T21:09:19","version" => "1.69_01"},{"date" => "2021-07-30T14:21:39","version" => "1.69_02"},{"date" => "2021-08-01T10:20:33","version" => "1.70"},{"date" => "2021-12-01T17:03:29","version" => "1.71_01"},{"date" => "2022-01-06T20:51:05","version" => "1.71_02"},{"date" => "2022-02-23T10:49:28","version" => "1.71_03"},{"date" => "2022-02-26T00:59:40","version" => "1.71_04"},{"date" => "2022-02-26T02:49:09","version" => "1.71_05"},{"date" => "2022-03-12T02:54:15","version" => "1.71_06"},{"date" => "2022-10-25T18:36:30","version" => "1.71_07"},{"date" => "2022-11-03T16:28:17","version" => "1.72"},{"date" => "2023-07-09T01:04:52","version" => "1.73_01"},{"date" => "2023-09-19T17:26:03","version" => "1.74"},{"date" => "2024-09-17T14:05:40","version" => "1.75_01"},{"date" => "2024-10-19T04:47:07","version" => "1.76"},{"date" => "2025-11-24T04:21:58","version" => "1.77_01"},{"date" => "2025-11-24T08:08:46","version" => "1.77_02"},{"date" => "2025-12-27T02:02:17","version" => "1.77_03"},{"date" => "2026-01-02T01:23:08","version" => "1.78"}]},"DBD-mysql" => {"advisories" => [{"affected_versions" => ["<4.044"],"cves" => ["CVE-2017-10788"],"description" => "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.044"],"id" => "CPANSA-DBD-mysql-2017-02","references" => ["https://github.com/perl5-dbi/DBD-mysql/issues/120","http://www.securityfocus.com/bid/99374","http://seclists.org/oss-sec/2017/q2/443"],"reported" => "2017-04-13"},{"affected_versions" => ["<4.044"],"cves" => ["CVE-2017-10789"],"description" => "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.044"],"id" => "CPANSA-DBD-mysql-2017-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/pull/114"],"reported" => "2017-03-23"},{"affected_versions" => [">=2.9003,<4.039"],"cves" => ["CVE-2016-1249"],"description" => "Out-of-bounds read.\n","distribution" => "DBD-mysql","fixed_versions" => ["<2.9003,>=4.039"],"id" => "CPANSA-DBD-mysql-2016-03","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"],"reported" => "2016-11-16"},{"affected_versions" => ["<4.037"],"cves" => ["CVE-2016-1246"],"description" => "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.037"],"id" => "CPANSA-DBD-mysql-2016-02","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2","http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"],"reported" => "2016-10-02"},{"affected_versions" => ["<4.034"],"cves" => ["CVE-2015-8949"],"description" => "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.034"],"id" => "CPANSA-DBD-mysql-2016-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"],"reported" => "2016-08-19"},{"affected_versions" => ["<4.041"],"cves" => ["CVE-2016-1251"],"description" => "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.041"],"id" => "CPANSA-DBD-mysql-2015-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"],"reported" => "2015-12-27"},{"affected_versions" => ["<4.028"],"cves" => ["CVE-2014-9906"],"description" => "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.028"],"id" => "CPANSA-DBD-mysql-2014-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc","https://rt.cpan.org/Public/Bug/Display.html?id=97625"],"reported" => "2014-07-30"}],"main_module" => "DBD::mysql","versions" => [{"date" => "2000-04-15T20:17:36","version" => "v1.2212."},{"date" => "2001-05-06T21:47:46","version" => "2.0900"},{"date" => "2001-05-25T21:24:45","version" => "2.0901"},{"date" => "2001-07-09T21:10:17","version" => "2.0902"},{"date" => "2001-10-28T22:53:19","version" => "2.0903"},{"date" => "2001-10-31T04:01:07","version" => "2.1000"},{"date" => "2001-11-04T17:55:04","version" => "2.1001"},{"date" => "2001-11-04T18:22:30","version" => "2.1002"},{"date" => "2001-11-05T20:14:34","version" => "2.1003"},{"date" => "2001-11-13T01:24:26","version" => "2.1004"},{"date" => "2001-12-13T09:07:53","version" => "2.1005"},{"date" => "2001-12-27T18:10:04","version" => "2.1007"},{"date" => "2001-12-27T18:10:21","version" => "2.1006"},{"date" => "2001-12-28T17:06:05","version" => "2.1008"},{"date" => "2002-01-01T20:02:26","version" => "2.1009"},{"date" => "2002-01-07T21:33:21","version" => "2.1010"},{"date" => "2002-02-12T11:09:53","version" => "2.1011"},{"date" => "2002-04-12T07:21:06","version" => "2.1012"},{"date" => "2002-04-15T07:49:36","version" => "2.1013"},{"date" => "2002-04-17T21:24:26","version" => "2.1014"},{"date" => "2002-04-29T20:53:41","version" => "2.1015"},{"date" => "2002-05-01T20:07:05","version" => "2.1016"},{"date" => "2002-05-02T20:59:04","version" => "2.1017"},{"date" => "2002-08-13T17:52:25","version" => "2.1018"},{"date" => "2002-09-16T18:42:20","version" => "2.1019"},{"date" => "2002-09-23T20:42:50","version" => "2.1020"},{"date" => "2002-12-17T20:46:14","version" => "2.1021"},{"date" => "2003-01-03T02:46:24","version" => "2.1022"},{"date" => "2003-01-19T21:19:03","version" => "2.1023"},{"date" => "2003-01-20T12:08:27","version" => "2.1024"},{"date" => "2003-02-07T21:09:44","version" => "2.1025"},{"date" => "2003-03-03T20:46:27","version" => "2.1026"},{"date" => "2003-05-31T18:08:15","version" => "2.1027"},{"date" => "2003-06-25T16:12:36","version" => "2.1028"},{"date" => "2003-06-27T04:32:05","version" => "2.9002"},{"date" => "2003-09-12T17:04:42","version" => "2.9003_1"},{"date" => "2003-10-27T03:39:04","version" => "2.9003"},{"date" => "2004-07-01T03:24:14","version" => "2.9004_2"},{"date" => "2004-07-14T03:07:34","version" => "2.9004"},{"date" => "2004-10-20T17:27:25","version" => "2.9005_1"},{"date" => "2004-10-28T00:39:25","version" => "2.9005_3"},{"date" => "2005-03-29T02:43:14","version" => "2.9005"},{"date" => "2005-04-04T04:27:00","version" => "2.9006"},{"date" => "2005-04-27T00:13:49","version" => "2.9015_3"},{"date" => "2005-04-27T00:14:06","version" => "2.9007"},{"date" => "2005-06-06T01:39:20","version" => "2.9008"},{"date" => "2005-07-01T01:48:20","version" => "3.0000"},{"date" => "2005-07-03T21:56:11","version" => "3.0000_0"},{"date" => "2005-07-04T15:53:40","version" => "3.0001_0"},{"date" => "2005-07-04T16:16:00","version" => "3.0001_1"},{"date" => "2005-07-07T01:14:17","version" => "3.0001"},{"date" => "2005-07-07T01:22:39","version" => "3.0001_2"},{"date" => "2005-07-08T05:37:13","version" => "3.0001_3"},{"date" => "2005-07-11T16:49:47","version" => "3.0002"},{"date" => "2005-08-04T02:50:35","version" => "3.0002_1"},{"date" => "2005-09-26T23:22:57","version" => "3.0002_2"},{"date" => "2005-09-28T18:58:55","version" => "3.0002_3"},{"date" => "2005-11-06T21:47:29","version" => "3.0002_4"},{"date" => "2006-02-01T23:20:01","version" => "3.0002_5"},{"date" => "2006-05-04T17:49:06","version" => "3.0003"},{"date" => "2006-05-04T17:49:23","version" => "3.0003_1"},{"date" => "2006-05-21T17:28:22","version" => "3.0004"},{"date" => "2006-05-21T17:28:33","version" => "3.0004_1"},{"date" => "2006-06-10T01:21:49","version" => "3.0005_1"},{"date" => "2006-06-10T01:22:01","version" => "3.0005"},{"date" => "2006-06-11T17:05:25","version" => "3.0006"},{"date" => "2006-06-11T17:05:36","version" => "3.0006_1"},{"date" => "2006-09-08T23:12:02","version" => "3.0007"},{"date" => "2006-09-08T23:13:45","version" => "3.0007_1"},{"date" => "2006-10-07T12:59:23","version" => "3.0007_2"},{"date" => "2006-10-16T13:42:13","version" => "3.0008"},{"date" => "2006-10-16T13:42:24","version" => "3.0008_1"},{"date" => "2006-12-24T14:11:04","version" => "4.00"},{"date" => "2007-01-08T01:11:12","version" => "4.001"},{"date" => "2007-03-02T03:32:59","version" => "4.002"},{"date" => "2007-03-02T14:13:37","version" => "4.003"},{"date" => "2007-03-22T22:31:22","version" => "4.004"},{"date" => "2007-06-08T15:33:34","version" => "4.005"},{"date" => "2007-12-26T22:50:48","version" => "4.006"},{"date" => "2008-05-11T15:56:07","version" => "4.007"},{"date" => "2008-08-15T14:06:50","version" => "4.008"},{"date" => "2008-10-22T01:05:54","version" => "4.009"},{"date" => "2008-10-24T14:00:41","version" => "4.010"},{"date" => "2009-04-14T02:40:31","version" => "4.011"},{"date" => "2009-06-19T02:08:06","version" => "4.012"},{"date" => "2009-09-16T18:37:29","version" => "4.013"},{"date" => "2010-04-15T03:17:58","version" => "4.014"},{"date" => "2010-07-09T19:48:58","version" => "4.015"},{"date" => "2010-07-10T16:50:49","version" => "4.016"},{"date" => "2010-08-12T05:50:17","version" => "4.017"},{"date" => "2010-10-26T16:59:27","version" => "4.018"},{"date" => "2011-05-09T01:28:25","version" => "4.019"},{"date" => "2011-08-20T18:45:49","version" => "4.020"},{"date" => "2012-04-28T14:18:16","version" => "4.021"},{"date" => "2012-08-30T02:00:19","version" => "4.022"},{"date" => "2013-04-12T21:48:10","version" => "4.023"},{"date" => "2013-09-17T16:04:11","version" => "4.024"},{"date" => "2013-11-04T18:29:18","version" => "4.025"},{"date" => "2014-01-16T01:33:03","version" => "4.026"},{"date" => "2014-03-19T14:25:36","version" => "4.027"},{"date" => "2014-08-01T19:59:28","version" => "4.028"},{"date" => "2014-12-09T02:39:44","version" => "4.029"},{"date" => "2015-01-28T03:53:42","version" => "4.030_01"},{"date" => "2015-03-02T20:44:31","version" => "4.030_02"},{"date" => "2015-03-06T20:12:05","version" => "4.031"},{"date" => "2015-04-16T22:28:43","version" => "4.032_01"},{"date" => "2015-07-21T12:15:24","version" => "4.032"},{"date" => "2015-10-25T19:59:17","version" => "4.032_03"},{"date" => "2015-10-27T03:37:29","version" => "4.033"},{"date" => "2015-12-15T07:16:36","version" => "4.033_01"},{"date" => "2015-12-18T07:00:41","version" => "4.033_02"},{"date" => "2016-07-04T19:32:50","version" => "4.033_03"},{"date" => "2016-07-06T06:32:05","version" => "4.034"},{"date" => "2016-07-09T05:50:13","version" => "4.035"},{"date" => "2016-08-01T06:29:25","version" => "4.035_01"},{"date" => "2016-08-11T08:11:18","version" => "4.035_02"},{"date" => "2016-08-19T15:52:10","version" => "4.035_03"},{"date" => "2016-08-23T05:59:26","version" => "4.036"},{"date" => "2016-10-03T07:00:29","version" => "4.037"},{"date" => "2016-10-14T20:56:49","version" => "4.037_01"},{"date" => "2016-10-19T19:37:55","version" => "4.037_02"},{"date" => "2016-10-20T02:33:04","version" => "4.038"},{"date" => "2016-10-30T08:45:31","version" => "4.038_01"},{"date" => "2016-11-16T03:57:57","version" => "4.039"},{"date" => "2016-11-19T19:56:51","version" => "4.040"},{"date" => "2016-11-28T20:40:41","version" => "4.041"},{"date" => "2016-12-13T06:59:09","version" => "4.041_01"},{"date" => "2017-02-28T20:57:20","version" => "4.041_02"},{"date" => "2017-03-08T20:32:52","version" => "4.042"},{"date" => "2017-06-29T21:12:09","version" => "4.043"},{"date" => "2018-01-23T01:53:30","version" => "4.044"},{"date" => "2018-02-07T21:43:00","version" => "4.044"},{"date" => "2018-02-08T20:30:55","version" => "4.045"},{"date" => "2018-02-08T20:48:11","version" => "4.046"},{"date" => "2018-03-09T20:27:44","version" => "4.046_01"},{"date" => "2018-09-09T03:02:20","version" => "4.047"},{"date" => "2018-09-15T12:46:51","version" => "4.048"},{"date" => "2018-11-17T18:58:09","version" => "4.049"},{"date" => "2019-01-09T09:07:15","version" => "4.050"},{"date" => "2019-10-07T10:06:13","version" => "4.018_01"},{"date" => "2023-10-04T07:10:45","version" => "4.051"},{"date" => "2023-10-04T07:20:03","version" => "5.001"},{"date" => "2023-10-24T09:02:42","version" => "5.002"},{"date" => "2023-12-01T07:13:15","version" => "4.052"},{"date" => "2023-12-01T07:14:42","version" => "5.003"},{"date" => "2024-03-19T08:16:14","version" => "5.004"},{"date" => "2024-05-01T09:04:33","version" => "5.005"},{"date" => "2024-06-04T19:59:44","version" => "5.006"},{"date" => "2024-07-01T06:02:18","version" => "5.007"},{"date" => "2024-07-30T07:47:38","version" => "5.008"},{"date" => "2024-09-19T08:35:24","version" => "5.009"},{"date" => "2024-11-11T06:43:01","version" => "5.010"},{"date" => "2025-01-06T06:52:30","version" => "4.053"},{"date" => "2025-01-06T06:55:27","version" => "5.011"},{"date" => "2025-04-11T16:18:15","version" => "5.012"},{"date" => "2025-08-03T08:51:10","version" => "4.054"},{"date" => "2025-08-03T08:51:21","version" => "5.013"},{"date" => "2026-02-23T07:39:11","version" => "4.055"}]},"DBD-mysqlPP" => {"advisories" => [{"affected_versions" => ["<0.93"],"cves" => [],"description" => "SQL injection.\n","distribution" => "DBD-mysqlPP","fixed_versions" => [">=0.03"],"id" => "CPANSA-DBD-mysqlPP-2011-01","references" => ["https://metacpan.org/changes/distribution/DBD-mysqlPP","https://jvn.jp/en/jp/JVN51216285/index.html"],"reported" => "2011-10-14","severity" => "high"}],"main_module" => "DBD::mysqlPP","versions" => [{"date" => "2002-04-04T07:20:36","version" => "0.02"},{"date" => "2002-04-15T10:26:39","version" => "0.03"},{"date" => "2003-01-24T11:14:14","version" => "0.04"},{"date" => "2011-10-21T23:07:07","version" => "0.05"},{"date" => "2011-10-26T22:17:22","version" => "0.06"},{"date" => "2011-11-17T22:24:50","version" => "0.07"}]},"DBI" => {"advisories" => [{"affected_versions" => ["<1.643"],"cves" => ["CVE-2020-14393"],"description" => "A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-01","references" => ["https://metacpan.org/changes/distribution/DBI","https://bugzilla.redhat.com/show_bug.cgi?id=1877409"],"reported" => "2020-09-16","severity" => "high"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2020-14392"],"description" => "An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-03","references" => ["https://metacpan.org/changes/distribution/DBI","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://bugzilla.redhat.com/show_bug.cgi?id=1877402","https://bugzilla.redhat.com/show_bug.cgi?id=1877402","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html","https://usn.ubuntu.com/4503-1/"],"reported" => "2020-06-17","severity" => "high"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2019-20919"],"description" => "An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-02","references" => ["https://metacpan.org/changes/distribution/DBI","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20919","https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff","https://bugzilla.redhat.com/show_bug.cgi?id=1877405","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","https://lists.opensuse.org/archives/list/security-announce\@lists.opensuse.org/message/US6VXPKVAYHOKNFSAFLM3FWNYZSJKQHS/","https://lists.opensuse.org/archives/list/security-announce\@lists.opensuse.org/message/KJN7E27GD6QQ2CRGEJ3TNW2DJFXA2AKN/","https://ubuntu.com/security/notices/USN-4534-1"],"reported" => "2020-09-17","severity" => "high"},{"affected_versions" => ["<1.632"],"cves" => [],"description" => "DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.\n","distribution" => "DBI","fixed_versions" => [">=1.632"],"id" => "CPANSA-DBI-2014-01","references" => ["https://metacpan.org/changes/distribution/DBI","https://rt.cpan.org/Public/Bug/Display.html?id=99508"],"reported" => "2014-10-15","severity" => "high"},{"affected_versions" => ["<1.47"],"cves" => ["CVE-2005-0077"],"description" => "Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.\n","distribution" => "DBI","fixed_versions" => [">=1.47"],"id" => "CPANSA-DBI-2005-01","references" => ["https://metacpan.org/changes/distribution/DBI"],"reported" => "2005-05-02"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2014-10402"],"description" => "An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.\n","distribution" => "DBI","fixed_versions" => [">=1.644"],"id" => "CPANSA-DBI-2014-10402","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590","https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes"],"reported" => "2020-09-16","severity" => "medium"},{"affected_versions" => ["<1.632"],"cves" => ["CVE-2014-10401"],"description" => "An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.\n","distribution" => "DBI","fixed_versions" => [">=1.644"],"id" => "CPANSA-DBI-2014-10401","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=99508","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014","https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a","https://usn.ubuntu.com/4509-1/","https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes"],"reported" => "2020-09-11","severity" => "medium"},{"affected_versions" => ["<1.628"],"cves" => ["CVE-2013-7491"],"description" => "An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.\n","distribution" => "DBI","fixed_versions" => [">=1.628"],"id" => "CPANSA-DBI-2013-7491","references" => ["https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.628-22nd-July-2013","https://rt.cpan.org/Public/Bug/Display.html?id=85562"],"reported" => "2020-09-11","severity" => "medium"},{"affected_versions" => ["<1.632"],"cves" => ["CVE-2013-7490"],"description" => "An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.\n","distribution" => "DBI","fixed_versions" => [">=1.632"],"id" => "CPANSA-DBI-2013-7490","references" => ["https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014","https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941","https://usn.ubuntu.com/4509-1/"],"reported" => "2020-09-11","severity" => "medium"}],"main_module" => "DBI","versions" => [{"date" => "1995-10-27T08:14:00","version" => "0.64"},{"date" => "1996-02-15T22:07:00","version" => "0.67"},{"date" => "1996-04-22T10:22:00","version" => "0.68"},{"date" => "1996-05-07T19:46:00","version" => "0.69"},{"date" => "1996-06-16T21:08:00","version" => "0.70"},{"date" => "1996-07-10T00:49:00","version" => "0.71"},{"date" => "1996-09-23T16:33:00","version" => "0.72"},{"date" => "1996-10-15T00:58:00","version" => "0.73"},{"date" => "1997-01-14T16:59:00","version" => "0.74"},{"date" => "1997-01-27T21:59:00","version" => "0.75"},{"date" => "1997-02-03T18:54:00","version" => "0.76"},{"date" => "1997-02-21T14:27:00","version" => "0.77"},{"date" => "1997-03-28T14:36:00","version" => "0.78"},{"date" => "1997-04-07T18:28:00","version" => "0.79"},{"date" => "1997-05-07T11:45:00","version" => "0.80"},{"date" => "1997-05-07T14:05:00","version" => "0.81"},{"date" => "1997-05-23T15:56:00","version" => "0.82"},{"date" => "1997-06-11T21:40:00","version" => "0.83"},{"date" => "1997-06-20T15:36:00","version" => "0.84"},{"date" => "1997-06-25T10:25:00","version" => "0.85"},{"date" => "1997-07-16T16:38:00","version" => "0.001"},{"date" => "1997-07-18T11:27:00","version" => "0.87"},{"date" => "1997-07-22T21:27:00","version" => "0.88"},{"date" => "1997-07-25T13:46:55","version" => "0.89"},{"date" => "1997-09-05T19:38:52","version" => "0.90"},{"date" => "1997-12-10T17:15:14","version" => "0.91"},{"date" => "1998-02-05T20:45:45","version" => "0.92"},{"date" => "1998-02-13T15:21:52","version" => "0.93"},{"date" => "1998-08-10T03:23:46","version" => "0.94"},{"date" => "1998-08-11T13:21:19","version" => "0.95"},{"date" => "1998-08-14T20:38:42","version" => "1.00"},{"date" => "1998-09-02T14:59:47","version" => "1.01"},{"date" => "1998-09-04T12:29:52","version" => "1.02"},{"date" => "1999-01-18T21:52:15","version" => "1.06"},{"date" => "1999-05-13T01:49:11","version" => "1.08"},{"date" => "1999-06-02T13:44:40","version" => "1.08"},{"date" => "1999-06-09T20:57:59","version" => "1.09"},{"date" => "1999-06-13T23:52:03","version" => "1.10"},{"date" => "1999-06-17T13:22:36","version" => "1.11"},{"date" => "1999-06-29T23:07:41","version" => "1.12"},{"date" => "1999-07-12T03:28:41","version" => "1.13"},{"date" => "2000-06-11T02:39:59","version" => "1.03_80"},{"date" => "2000-06-14T20:30:57","version" => "1.14"},{"date" => "2001-03-30T15:03:31","version" => "1.15"},{"date" => "2001-05-29T23:25:57","version" => "1.16"},{"date" => "2001-06-04T17:12:30","version" => "1.17"},{"date" => "2001-06-04T19:00:37","version" => "1.18"},{"date" => "2001-07-20T22:29:24","version" => "1.19"},{"date" => "2001-08-24T23:32:10","version" => "1.20"},{"date" => "2002-01-10T15:25:45","version" => "1.201"},{"date" => "2002-02-07T03:30:16","version" => "1.21"},{"date" => "2002-03-13T14:18:00","version" => "1.21"},{"date" => "2002-05-22T13:42:15","version" => "1.22"},{"date" => "2002-05-25T17:38:03","version" => "1.23"},{"date" => "2002-06-05T03:32:38","version" => "1.24"},{"date" => "2002-06-05T22:42:04","version" => "1.25"},{"date" => "2002-06-13T12:30:47","version" => "1.26"},{"date" => "2002-06-13T15:19:06","version" => "1.27"},{"date" => "2002-06-14T13:13:53","version" => "1.28"},{"date" => "2002-06-26T09:34:24","version" => "1.28"},{"date" => "2002-07-15T11:24:40","version" => "1.29"},{"date" => "2002-07-18T14:27:25","version" => "1.30"},{"date" => "2002-11-30T00:49:54","version" => "1.31"},{"date" => "2002-12-01T23:01:26","version" => "1.32"},{"date" => "2002-12-20T16:23:29","version" => "1.32"},{"date" => "2003-02-26T18:01:24","version" => "1.32_90"},{"date" => "2003-02-27T00:25:32","version" => "1.33"},{"date" => "2003-02-28T17:53:35","version" => "1.34"},{"date" => "2003-03-07T22:02:20","version" => "1.35"},{"date" => "2003-05-14T11:13:39","version" => "1.36"},{"date" => "2003-05-15T18:02:26","version" => "1.37"},{"date" => "2003-08-25T20:36:26","version" => "1.38"},{"date" => "2003-11-27T23:46:40","version" => "1.39"},{"date" => "2004-01-08T14:04:59","version" => "1.39"},{"date" => "2004-02-23T14:54:21","version" => "1.41"},{"date" => "2004-03-12T16:40:08","version" => "1.41"},{"date" => "2004-07-05T10:02:05","version" => "1.43"},{"date" => "2004-10-05T21:27:23","version" => "1.44"},{"date" => "2004-10-06T13:49:20","version" => "1.45"},{"date" => "2004-11-16T12:38:32","version" => "1.46"},{"date" => "2005-02-02T11:28:46","version" => "1.47"},{"date" => "2005-03-14T17:03:33","version" => "1.48"},{"date" => "2005-11-29T19:59:40","version" => "1.49"},{"date" => "2005-12-14T16:55:16","version" => "1.50"},{"date" => "2006-04-19T15:56:38","version" => "1.45"},{"date" => "2006-06-06T12:08:36","version" => "1.51"},{"date" => "2006-08-08T21:13:32","version" => "1.52"},{"date" => "2006-11-02T00:38:01","version" => "1.53"},{"date" => "2007-02-23T17:15:23","version" => "1.54"},{"date" => "2007-05-04T14:56:38","version" => "1.55"},{"date" => "2007-05-10T14:04:04","version" => "1.56"},{"date" => "2007-05-13T22:00:58","version" => "1.56"},{"date" => "2007-06-13T16:45:34","version" => "1.57"},{"date" => "2007-06-15T17:06:42","version" => "1.57"},{"date" => "2007-06-18T15:15:31","version" => "1.57"},{"date" => "2007-06-25T22:11:47","version" => "1.58"},{"date" => "2007-08-22T17:02:10","version" => "1.59"},{"date" => "2007-08-23T12:22:26","version" => "1.59"},{"date" => "2007-08-23T13:59:53","version" => "1.59"},{"date" => "2007-08-24T09:19:29","version" => "1.59"},{"date" => "2007-10-16T13:12:55","version" => "1.601"},{"date" => "2007-10-21T22:12:52","version" => "1.601"},{"date" => "2008-02-09T22:06:13","version" => "1.602"},{"date" => "2008-03-22T00:11:03","version" => "1.603"},{"date" => "2008-03-24T14:11:41","version" => "1.604"},{"date" => "2008-06-16T19:19:43","version" => "1.605"},{"date" => "2008-07-22T21:01:09","version" => "1.606"},{"date" => "2008-07-22T21:50:54","version" => "1.607"},{"date" => "2009-05-02T22:58:48","version" => "1.608"},{"date" => "2009-05-05T12:05:19","version" => "1.608"},{"date" => "2009-06-05T22:57:34","version" => "1.609"},{"date" => "2009-06-08T10:29:18","version" => "1.609"},{"date" => "2010-03-02T21:26:39","version" => "1.611"},{"date" => "2010-04-22T11:06:31","version" => "1.611"},{"date" => "2010-04-27T15:13:32","version" => "1.611"},{"date" => "2010-04-29T19:54:44","version" => "1.611"},{"date" => "2010-05-28T10:29:17","version" => "1.612"},{"date" => "2010-06-15T22:47:23","version" => "1.612"},{"date" => "2010-06-16T19:18:05","version" => "1.612"},{"date" => "2010-07-02T14:26:03","version" => "1.612"},{"date" => "2010-07-15T15:00:53","version" => "1.612"},{"date" => "2010-07-16T19:36:42","version" => "1.612"},{"date" => "2010-07-22T17:34:16","version" => "1.613"},{"date" => "2010-07-25T15:50:15","version" => "1.613"},{"date" => "2010-07-30T14:17:33","version" => "1.614"},{"date" => "2010-08-16T16:34:58","version" => "1.614"},{"date" => "2010-08-30T20:11:00","version" => "1.614"},{"date" => "2010-08-30T20:26:37","version" => "1.614"},{"date" => "2010-08-30T20:56:09","version" => "1.614"},{"date" => "2010-09-02T15:44:21","version" => "1.614"},{"date" => "2010-09-09T10:24:11","version" => "1.614"},{"date" => "2010-09-16T16:23:50","version" => "1.614"},{"date" => "2010-09-17T09:48:02","version" => "1.614"},{"date" => "2010-09-21T10:14:29","version" => "1.615"},{"date" => "2010-09-22T12:28:20","version" => "1.615"},{"date" => "2010-12-18T21:51:52","version" => "1.616"},{"date" => "2010-12-21T23:26:46","version" => "1.616"},{"date" => "2010-12-29T14:39:48","version" => "1.616"},{"date" => "2010-12-30T10:26:51","version" => "1.616"},{"date" => "2012-01-02T17:12:53","version" => "1.617"},{"date" => "2012-01-28T09:34:18","version" => "1.617"},{"date" => "2012-01-30T10:06:49","version" => "1.617"},{"date" => "2012-02-07T22:54:02","version" => "1.618"},{"date" => "2012-02-13T18:24:33","version" => "1.618"},{"date" => "2012-02-23T11:05:45","version" => "1.618"},{"date" => "2012-02-25T14:24:39","version" => "1.618"},{"date" => "2012-04-18T11:57:55","version" => "1.619"},{"date" => "2012-04-20T20:21:54","version" => "1.619"},{"date" => "2012-04-23T22:09:14","version" => "1.619"},{"date" => "2012-04-25T12:46:54","version" => "1.620"},{"date" => "2012-05-21T13:06:09","version" => "1.621"},{"date" => "2012-05-22T22:17:06","version" => "1.621"},{"date" => "2012-06-06T16:51:00","version" => "1.622"},{"date" => "2012-07-13T15:24:35","version" => "1.623"},{"date" => "2012-10-30T13:01:14","version" => "1.623"},{"date" => "2012-11-19T23:27:04","version" => "1.623"},{"date" => "2012-12-13T16:26:23","version" => "1.623"},{"date" => "2012-12-21T17:22:01","version" => "1.623"},{"date" => "2013-01-02T10:09:42","version" => "1.623"},{"date" => "2013-03-22T20:41:50","version" => "1.624"},{"date" => "2013-03-28T21:59:38","version" => "1.625"},{"date" => "2013-05-15T11:28:03","version" => "1.626"},{"date" => "2013-05-16T20:30:50","version" => "1.627"},{"date" => "2013-06-24T21:56:27","version" => "1.628"},{"date" => "2013-06-24T22:12:23","version" => "1.628"},{"date" => "2013-06-30T19:08:08","version" => "1.628"},{"date" => "2013-07-02T11:27:23","version" => "1.628"},{"date" => "2013-07-22T13:22:40","version" => "1.628"},{"date" => "2013-10-11T12:28:12","version" => "1.629"},{"date" => "2013-10-13T16:02:52","version" => "1.629"},{"date" => "2013-10-15T12:24:53","version" => "1.629"},{"date" => "2013-10-22T11:58:53","version" => "1.629_50"},{"date" => "2013-10-28T12:51:39","version" => "1.630"},{"date" => "2014-01-13T13:51:01","version" => "1.631"},{"date" => "2014-01-16T11:34:34","version" => "1.631"},{"date" => "2014-01-20T11:12:44","version" => "1.631"},{"date" => "2014-10-23T14:08:22","version" => "1.631"},{"date" => "2014-11-05T11:15:07","version" => "1.632"},{"date" => "2015-01-08T14:31:52","version" => "1.632"},{"date" => "2015-01-11T13:26:05","version" => "1.633"},{"date" => "2015-07-18T13:16:07","version" => "1.633"},{"date" => "2015-07-19T14:34:22","version" => "1.633_91"},{"date" => "2015-07-22T15:27:59","version" => "1.633_92"},{"date" => "2015-08-02T16:52:48","version" => "1.633_93"},{"date" => "2015-08-03T14:52:56","version" => "1.634"},{"date" => "2016-04-23T15:28:02","version" => "1.634"},{"date" => "2016-04-24T11:57:03","version" => "1.635"},{"date" => "2016-04-24T22:20:56","version" => "1.636"},{"date" => "2017-08-14T10:10:55","version" => "1.637"},{"date" => "2017-08-16T09:02:40","version" => "1.637"},{"date" => "2017-12-28T14:40:44","version" => "1.639"},{"date" => "2018-01-28T20:50:53","version" => "1.640"},{"date" => "2018-03-19T18:06:08","version" => "1.641"},{"date" => "2018-10-28T15:08:54","version" => "1.641_90"},{"date" => "2018-10-29T10:43:41","version" => "1.642"},{"date" => "2020-01-26T20:48:52","version" => "1.642_90"},{"date" => "2020-01-31T19:02:41","version" => "1.643"},{"date" => "2024-08-20T11:29:56","version" => "1.643_01"},{"date" => "2024-08-22T07:09:52","version" => "1.643_02"},{"date" => "2024-08-23T17:54:09","version" => "1.644"},{"date" => "2024-09-03T09:25:33","version" => "1.645"},{"date" => "2025-01-11T12:59:58","version" => "1.646"},{"date" => "2025-01-20T08:14:47","version" => "1.647"}]},"DBIx-Class-EncodedColumn" => {"advisories" => [{"affected_versions" => ["<0.11"],"cves" => ["CVE-2025-27551"],"description" => "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.  This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm.  This issue affects DBIx::Class::EncodedColumn until 0.00032.","distribution" => "DBIx-Class-EncodedColumn","fixed_versions" => [">=0.11"],"id" => "CPANSA-DBIx-Class-EncodedColumn-2025-27551","references" => ["https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-03-26","severity" => undef},{"affected_versions" => ["<0.11"],"cves" => ["CVE-2025-27552"],"description" => "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.  This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.  This issue affects DBIx::Class::EncodedColumn until 0.00032.","distribution" => "DBIx-Class-EncodedColumn","fixed_versions" => [">=0.11"],"id" => "CPANSA-DBIx-Class-EncodedColumn-2025-27552","references" => ["https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-03-26","severity" => undef}],"main_module" => "DBIx::Class::EncodedColumn","versions" => [{"date" => "2008-01-29T23:47:22","version" => "0.00001_01"},{"date" => "2008-01-31T23:21:56","version" => "0.00001_02"},{"date" => "2008-02-01T00:17:42","version" => "0.00001_03"},{"date" => "2008-02-01T18:52:21","version" => "0.00001"},{"date" => "2008-07-28T22:45:39","version" => "0.00002"},{"date" => "2009-09-01T15:45:04","version" => "0.00003"},{"date" => "2009-09-03T18:11:37","version" => "0.00004"},{"date" => "2009-10-11T15:06:19","version" => "0.00005"},{"date" => "2010-01-16T00:39:59","version" => "0.00006"},{"date" => "2010-04-30T00:12:56","version" => "0.00007"},{"date" => "2010-04-30T17:51:03","version" => "0.00008"},{"date" => "2010-05-17T20:20:11","version" => "0.00009_1"},{"date" => "2010-05-18T14:56:30","version" => "0.00009"},{"date" => "2010-08-27T18:36:04","version" => "0.00010"},{"date" => "2011-04-11T20:21:16","version" => "0.00011"},{"date" => "2013-04-29T14:32:51","version" => "0.00012"},{"date" => "2014-02-27T13:50:24","version" => "0.00013"},{"date" => "2016-05-31T13:31:04","version" => "0.00014"},{"date" => "2016-06-01T14:04:39","version" => "0.00015"},{"date" => "2019-06-12T12:59:07","version" => "0.00016"},{"date" => "2019-09-03T21:54:20","version" => "0.00017"},{"date" => "2019-09-16T18:10:46","version" => "0.00018"},{"date" => "2019-09-19T18:13:13","version" => "0.00019"},{"date" => "2019-09-25T12:34:33","version" => "0.00020"},{"date" => "2025-03-25T14:30:45","version" => "0.00030"},{"date" => "2025-03-25T17:55:22","version" => "0.00031"},{"date" => "2025-03-25T18:05:54","version" => "0.00032"},{"date" => "2025-03-26T11:34:06","version" => "0.1.0"},{"date" => "2025-03-26T11:40:46","version" => "0.11"}]},"DBIx-Custom" => {"advisories" => [{"affected_versions" => ["<0.1641"],"cves" => [],"description" => "SQL injection when passing special column names.\n","distribution" => "DBIx-Custom","fixed_versions" => [">=0.1641"],"id" => "CPANSA-DBIx-Custom-2011-01","references" => ["https://metacpan.org/changes/distribution/DBIx-Custom","https://github.com/yuki-kimoto/DBIx-Custom/commit/5b00b9f9a966e7abecabd91710c8fa893784d919"],"reported" => "2011-01-27","severity" => "high"}],"main_module" => "DBIx::Custom","versions" => [{"date" => "2009-11-08T04:18:19","version" => "0.0101"},{"date" => "2009-11-09T10:46:44","version" => "0.0201"},{"date" => "2009-11-12T14:12:47","version" => "0.0301"},{"date" => "2009-11-15T11:43:40","version" => "0.0401"},{"date" => "2009-11-16T11:10:52","version" => "0.0501"},{"date" => "2009-11-17T12:37:33","version" => "0.0502"},{"date" => "2009-11-19T12:05:50","version" => "0.0601"},{"date" => "2009-11-19T13:37:39","version" => "0.0602"},{"date" => "2009-11-20T12:08:31","version" => "0.0603"},{"date" => "2009-11-23T13:39:53","version" => "0.0604"},{"date" => "2009-11-23T14:45:46","version" => "0.0605"},{"date" => "2009-11-25T13:57:52","version" => "0.0701"},{"date" => "2009-12-01T07:30:25","version" => "0.0702"},{"date" => "2009-12-02T13:59:36","version" => "0.0801"},{"date" => "2009-12-09T14:27:53","version" => "0.0901"},{"date" => "2009-12-22T13:40:07","version" => "0.0902"},{"date" => "2010-01-18T12:42:57","version" => "0.0903"},{"date" => "2010-01-21T14:29:12","version" => "0.0904"},{"date" => "2010-01-22T12:51:23","version" => "0.0905"},{"date" => "2010-01-24T09:49:30","version" => "0.0906"},{"date" => "2010-01-30T00:15:17","version" => "0.1001"},{"date" => "2010-01-30T03:51:04","version" => "0.1101"},{"date" => "2010-05-01T13:02:19","version" => "0.1301"},{"date" => "2010-05-01T23:29:22","version" => "0.1401"},{"date" => "2010-05-02T06:04:57","version" => "0.1402"},{"date" => "2010-05-26T15:13:04","version" => "0.1501"},{"date" => "2010-05-27T14:00:04","version" => "0.1502"},{"date" => "2010-05-28T13:28:16","version" => "0.1503"},{"date" => "2010-06-25T12:11:33","version" => "0.1602"},{"date" => "2010-07-14T13:55:33","version" => "0.1603"},{"date" => "2010-08-03T14:43:14","version" => "0.1604"},{"date" => "2010-08-05T15:17:49","version" => "0.1605"},{"date" => "2010-08-05T15:24:36","version" => "0.1606"},{"date" => "2010-08-06T14:57:35","version" => "0.1607"},{"date" => "2010-08-07T05:49:19","version" => "0.1608"},{"date" => "2010-08-08T04:45:12","version" => "0.1609"},{"date" => "2010-08-08T12:44:43","version" => "0.1610"},{"date" => "2010-08-09T12:08:31","version" => "0.1611"},{"date" => "2010-08-10T11:19:41","version" => "0.1612"},{"date" => "2010-08-10T12:35:17","version" => "0.1613"},{"date" => "2010-08-12T15:01:01","version" => "0.1614"},{"date" => "2010-08-15T04:00:44","version" => "0.1615"},{"date" => "2010-08-24T10:18:06","version" => "0.1616"},{"date" => "2010-09-07T12:12:04","version" => "0.1617"},{"date" => "2010-10-17T05:44:56","version" => "0.1618"},{"date" => "2010-10-20T15:01:35","version" => "0.1619"},{"date" => "2010-10-21T14:38:05","version" => "0.1620"},{"date" => "2010-11-10T06:54:46","version" => "0.1621"},{"date" => "2010-12-20T14:58:38","version" => "0.1622"},{"date" => "2010-12-21T16:10:25","version" => "0.1623"},{"date" => "2010-12-22T08:41:09","version" => "0.1624"},{"date" => "2011-01-01T16:08:48","version" => "0.1625"},{"date" => "2011-01-02T04:21:11","version" => "0.1626"},{"date" => "2011-01-04T15:18:21","version" => "0.1627"},{"date" => "2011-01-12T07:29:29","version" => "0.1628"},{"date" => "2011-01-12T15:35:11","version" => "0.1629"},{"date" => "2011-01-13T15:41:25","version" => "0.1630"},{"date" => "2011-01-17T15:53:44","version" => "0.1631"},{"date" => "2011-01-18T14:43:16","version" => "0.1632"},{"date" => "2011-01-18T15:22:37","version" => "0.1633"},{"date" => "2011-01-19T14:52:48","version" => "0.1634"},{"date" => "2011-01-21T14:04:02","version" => "0.1635"},{"date" => "2011-01-22T13:02:55","version" => "0.1636"},{"date" => "2011-01-24T12:58:40","version" => "0.1637"},{"date" => "2011-01-25T12:32:26","version" => "0.1638"},{"date" => "2011-01-26T09:23:22","version" => "0.1639"},{"date" => "2011-01-26T13:59:10","version" => "0.1640"},{"date" => "2011-01-27T05:19:14","version" => "0.1641"},{"date" => "2011-01-28T12:18:42","version" => "0.1642"},{"date" => "2011-02-09T08:54:11","version" => "0.1643"},{"date" => "2011-02-11T14:07:25","version" => "0.1644"},{"date" => "2011-02-14T15:24:30","version" => "0.1645"},{"date" => "2011-02-18T17:48:52","version" => "0.1646"},{"date" => "2011-02-19T00:30:41","version" => "0.1647"},{"date" => "2011-02-21T16:13:29","version" => "0.1648"},{"date" => "2011-02-22T14:53:08","version" => "0.1649"},{"date" => "2011-02-24T05:45:44","version" => "0.1650"},{"date" => "2011-02-24T14:35:20","version" => "0.1651"},{"date" => "2011-02-25T14:39:56","version" => "0.1652"},{"date" => "2011-02-28T13:18:03","version" => "0.1653"},{"date" => "2011-03-06T14:32:11","version" => "0.1654"},{"date" => "2011-03-08T14:59:08","version" => "0.1655"},{"date" => "2011-03-09T13:44:35","version" => "0.1656"},{"date" => "2011-03-10T15:44:50","version" => "0.1657"},{"date" => "2011-03-11T16:23:11","version" => "0.1658"},{"date" => "2011-03-12T08:20:07","version" => "0.1659"},{"date" => "2011-03-14T11:16:27","version" => "0.1660"},{"date" => "2011-03-15T16:32:52","version" => "0.1661"},{"date" => "2011-03-19T14:40:50","version" => "0.1662"},{"date" => "2011-03-21T03:53:25","version" => "0.1663"},{"date" => "2011-03-24T14:45:52","version" => "0.1664"},{"date" => "2011-03-25T14:25:43","version" => "0.1665"},{"date" => "2011-03-29T17:26:27","version" => "0.1666"},{"date" => "2011-03-30T08:03:39","version" => "0.1667"},{"date" => "2011-03-30T15:04:03","version" => "0.1668"},{"date" => "2011-03-30T15:25:45","version" => "0.1669"},{"date" => "2011-04-01T15:29:33","version" => "0.1670"},{"date" => "2011-04-02T16:31:44","version" => "0.1671"},{"date" => "2011-04-04T13:37:34","version" => "0.1672"},{"date" => "2011-04-05T11:45:54","version" => "0.1673"},{"date" => "2011-04-05T11:59:11","version" => "0.1674"},{"date" => "2011-04-11T13:47:34","version" => "0.1675"},{"date" => "2011-04-11T14:55:38","version" => "0.1676"},{"date" => "2011-04-12T15:17:24","version" => "0.1677"},{"date" => "2011-04-18T13:36:31","version" => "0.1678"},{"date" => "2011-04-19T11:07:27","version" => "0.1679"},{"date" => "2011-04-25T14:05:23","version" => "0.1680"},{"date" => "2011-04-26T14:07:02","version" => "0.1681"},{"date" => "2011-05-23T14:40:41","version" => "0.1682"},{"date" => "2011-06-06T11:52:44","version" => "0.1683"},{"date" => "2011-06-07T13:07:20","version" => "0.1684"},{"date" => "2011-06-08T10:32:35","version" => "0.1685"},{"date" => "2011-06-08T12:24:07","version" => "0.1686"},{"date" => "2011-06-09T13:59:44","version" => "0.1687"},{"date" => "2011-06-10T13:26:20","version" => "0.1688"},{"date" => "2011-06-12T03:22:26","version" => "0.1689"},{"date" => "2011-06-12T12:01:43","version" => "0.1690"},{"date" => "2011-06-13T13:31:21","version" => "0.1691"},{"date" => "2011-06-14T13:27:31","version" => "0.1692"},{"date" => "2011-06-15T08:51:43","version" => "0.1693"},{"date" => "2011-06-17T14:38:23","version" => "0.1694"},{"date" => "2011-06-20T13:08:47","version" => "0.1695"},{"date" => "2011-06-21T13:12:38","version" => "0.1696"},{"date" => "2011-06-24T13:42:00","version" => "0.1697"},{"date" => "2011-06-27T13:23:13","version" => "0.1698"},{"date" => "2011-06-28T14:39:21","version" => "0.1699"},{"date" => "2011-07-01T11:04:37","version" => "0.1700"},{"date" => "2011-07-11T13:19:20","version" => "0.1701"},{"date" => "2011-07-26T14:09:43","version" => "0.1702"},{"date" => "2011-07-28T04:59:20","version" => "0.1703"},{"date" => "2011-07-29T13:45:24","version" => "0.1704"},{"date" => "2011-07-29T14:35:38","version" => "0.1705"},{"date" => "2011-07-30T04:25:21","version" => "0.1706"},{"date" => "2011-07-30T05:16:05","version" => "0.1707"},{"date" => "2011-07-30T14:32:34","version" => "0.1708"},{"date" => "2011-08-01T12:48:52","version" => "0.1709"},{"date" => "2011-08-02T13:30:15","version" => "0.1710"},{"date" => "2011-08-09T14:11:24","version" => "0.1711"},{"date" => "2011-08-10T16:16:52","version" => "0.1712"},{"date" => "2011-08-12T13:45:58","version" => "0.1713"},{"date" => "2011-08-13T13:38:02","version" => "0.1714"},{"date" => "2011-08-14T03:47:28","version" => "0.1715"},{"date" => "2011-08-15T14:00:28","version" => "0.1716"},{"date" => "2011-08-16T04:03:16","version" => "0.1717"},{"date" => "2011-08-20T09:40:46","version" => "0.1718"},{"date" => "2011-08-22T13:43:21","version" => "0.1720"},{"date" => "2011-08-26T14:11:53","version" => "0.1721"},{"date" => "2011-09-02T15:12:10","version" => "0.1722"},{"date" => "2011-09-12T12:24:14","version" => "0.1723"},{"date" => "2011-09-16T15:15:54","version" => "0.1724"},{"date" => "2011-09-27T11:48:33","version" => "0.1725"},{"date" => "2011-09-30T11:21:45","version" => "0.1726"},{"date" => "2011-10-03T10:43:32","version" => "0.1727"},{"date" => "2011-10-05T04:10:35","version" => "0.1728"},{"date" => "2011-10-05T08:12:55","version" => "0.1729"},{"date" => "2011-10-10T11:35:23","version" => "0.1730"},{"date" => "2011-10-11T14:30:46","version" => "0.1731"},{"date" => "2011-10-20T11:56:08","version" => "0.1732"},{"date" => "2011-10-21T22:47:50","version" => "0.1733"},{"date" => "2011-10-22T22:02:37","version" => "0.1734"},{"date" => "2011-10-23T00:11:48","version" => "0.1735"},{"date" => "2011-10-23T13:08:15","version" => "0.1736"},{"date" => "2011-10-24T14:07:44","version" => "0.1737"},{"date" => "2011-10-25T14:31:15","version" => "0.1738"},{"date" => "2011-10-26T01:14:58","version" => "0.1739"},{"date" => "2011-10-27T12:59:00","version" => "0.1740"},{"date" => "2011-10-28T11:49:57","version" => "0.1741"},{"date" => "2011-10-31T15:37:07","version" => "0.1742"},{"date" => "2011-11-01T12:02:38","version" => "0.1743"},{"date" => "2011-11-03T13:38:04","version" => "0.1744"},{"date" => "2011-11-04T14:16:11","version" => "0.1745"},{"date" => "2011-11-07T12:19:53","version" => "0.1746"},{"date" => "2011-11-11T11:59:27","version" => "0.1747"},{"date" => "2011-11-16T00:36:45","version" => "0.20_01"},{"date" => "2011-11-16T08:50:11","version" => "0.2100"},{"date" => "2011-11-21T11:05:36","version" => "0.2101"},{"date" => "2011-11-25T14:34:26","version" => "0.2102"},{"date" => "2011-11-28T10:38:56","version" => "0.2103"},{"date" => "2011-11-29T13:48:49","version" => "0.2104"},{"date" => "2012-01-14T13:39:10","version" => "0.2105"},{"date" => "2012-01-20T15:16:34","version" => "0.2106"},{"date" => "2012-01-25T08:56:44","version" => "0.2107"},{"date" => "2012-01-29T14:30:53","version" => "0.2108"},{"date" => "2012-02-07T13:31:49","version" => "0.2109"},{"date" => "2012-02-10T14:51:17","version" => "0.2110"},{"date" => "2012-02-11T14:45:41","version" => "0.2111"},{"date" => "2012-02-28T14:33:03","version" => "0.22"},{"date" => "2012-03-01T00:07:11","version" => "0.23"},{"date" => "2012-03-02T14:57:03","version" => "0.24"},{"date" => "2012-03-19T11:58:43","version" => "0.25"},{"date" => "2012-07-11T08:20:53","version" => "0.26"},{"date" => "2012-09-17T13:15:26","version" => "0.27"},{"date" => "2013-03-04T11:25:17","version" => "0.28"},{"date" => "2014-02-03T09:21:29","version" => "0.29"},{"date" => "2014-02-04T00:17:32","version" => "0.30"},{"date" => "2015-01-13T01:36:24","version" => "0.31"},{"date" => "2015-01-13T05:24:10","version" => "0.32"},{"date" => "2015-01-13T07:52:20","version" => "0.33"},{"date" => "2015-01-15T02:04:26","version" => "0.34"},{"date" => "2015-05-23T05:44:25","version" => "0.35"},{"date" => "2015-05-25T02:52:16","version" => "0.36"},{"date" => "2016-05-21T07:00:46","version" => "0.37"},{"date" => "2017-03-16T07:48:58","version" => "0.38"},{"date" => "2017-03-29T02:29:03","version" => "0.39"},{"date" => "2017-03-30T01:41:11","version" => "0.40"},{"date" => "2017-11-06T15:17:26","version" => "0.41"},{"date" => "2019-10-15T04:14:26","version" => "0.41_99"},{"date" => "2019-10-19T08:52:17","version" => "0.42"},{"date" => "2020-04-01T05:39:43","version" => "0.43"},{"date" => "2020-08-03T00:46:29","version" => "0.44"},{"date" => "2021-12-16T00:31:02","version" => "0.45"}]},"Dancer" => {"advisories" => [{"affected_versions" => ["<1.3114"],"cves" => ["CVE-2012-5572"],"description" => "CRLF injection vulnerability in the cookie method allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name.\n","distribution" => "Dancer","fixed_versions" => [">=1.3114"],"id" => "CPANSA-Dancer-2014-01","references" => ["https://metacpan.org/changes/distribution/Dancer","https://github.com/PerlDancer/Dancer/commit/46ef9124f3149f697455061499ac7cee40930349"],"reported" => "2014-05-30"},{"affected_versions" => ["<1.3051"],"cves" => ["CVE-2011-1589"],"description" => "Directory traversal vulnerability (Mojolicious report, but Dancer was vulnerable as well).\n","distribution" => "Dancer","fixed_versions" => [">=1.3051"],"id" => "CPANSA-Dancer-2011-01","references" => ["https://metacpan.org/changes/distribution/Dancer","https://github.com/PerlDancer/Dancer/commit/91d0bf6a36705b0971b18f7d38fa2f3df8c7b994"],"reported" => "2011-04-05"}],"main_module" => "Dancer","versions" => [{"date" => "2009-07-27T13:18:07","version" => "20090727.1315"},{"date" => "2009-07-27T14:14:13","version" => "0_0.99"},{"date" => "2009-08-01T13:48:20","version" => "0.9901"},{"date" => "2009-08-04T10:01:54","version" => "0.9902"},{"date" => "2009-08-07T12:29:03","version" => "0.9003"},{"date" => "2009-09-19T15:30:19","version" => "0.9904"},{"date" => "2009-09-23T21:33:51","version" => "0.9905"},{"date" => "2009-11-20T11:14:20","version" => "1.000"},{"date" => "2010-01-06T13:53:28","version" => "1.100"},{"date" => "2010-01-11T09:46:45","version" => "1.110"},{"date" => "2010-01-15T16:03:35","version" => "1.120"},{"date" => "2010-01-15T17:53:08","version" => "1.121"},{"date" => "2010-01-20T07:48:38","version" => "1.122"},{"date" => "2010-01-29T17:29:24","version" => "1.130"},{"date" => "2010-02-09T07:55:18","version" => "1.140"},{"date" => "2010-02-17T15:09:48","version" => "1.150"},{"date" => "2010-03-07T17:50:01","version" => "1.160"},{"date" => "2010-03-24T11:19:00","version" => "1.170"},{"date" => "2010-03-24T13:44:04","version" => "1.171"},{"date" => "2010-03-28T15:09:59","version" => "1.172"},{"date" => "2010-04-01T14:13:30","version" => "1.173"},{"date" => "2010-04-04T11:03:53","version" => "1.173_01"},{"date" => "2010-04-08T13:49:39","version" => "1.174"},{"date" => "2010-04-11T10:49:39","version" => "1.175"},{"date" => "2010-04-19T08:43:22","version" => "1.175_01"},{"date" => "2010-04-22T20:29:56","version" => "1.176"},{"date" => "2010-05-05T12:21:26","version" => "1.178_01"},{"date" => "2010-05-16T10:28:47","version" => "1.1800"},{"date" => "2010-05-19T14:17:57","version" => "1.1801"},{"date" => "2010-05-19T17:32:52","version" => "1.1802"},{"date" => "2010-05-23T20:45:17","version" => "1.1803"},{"date" => "2010-06-18T11:59:20","version" => "1.1804"},{"date" => "2010-06-22T06:41:58","version" => "1.1805"},{"date" => "2010-07-07T06:15:55","version" => "1.1806_01"},{"date" => "2010-08-14T16:37:45","version" => "1.1806_02"},{"date" => "2010-08-23T17:47:12","version" => "1.1807"},{"date" => "2010-08-24T06:23:38","version" => "1.1808"},{"date" => "2010-08-25T05:41:15","version" => "1.1809"},{"date" => "2010-09-01T06:19:20","version" => "1.1810"},{"date" => "2010-09-03T09:23:14","version" => "1.1811"},{"date" => "2010-09-21T12:19:35","version" => "1.1812"},{"date" => "2010-09-24T14:25:44","version" => "1.1901"},{"date" => "2010-10-14T09:25:03","version" => "1.1999_01"},{"date" => "2010-10-28T15:41:17","version" => "1.1999_02"},{"date" => "2010-11-02T14:14:32","version" => "1.1902"},{"date" => "2010-11-02T14:25:04","version" => "1.1902"},{"date" => "2010-11-03T17:07:29","version" => "1.1903"},{"date" => "2010-11-04T11:16:17","version" => "1.1904"},{"date" => "2010-11-11T07:43:21","version" => "1.1999_03"},{"date" => "2010-11-14T08:08:56","version" => "1.1999_04"},{"date" => "2010-11-18T15:54:33","version" => "1.200"},{"date" => "2010-11-18T16:52:47","version" => "1.2000"},{"date" => "2010-11-29T22:05:38","version" => "1.2000_01"},{"date" => "2010-11-30T10:00:23","version" => "1.2000_02"},{"date" => "2010-11-30T19:59:09","version" => "1.2001"},{"date" => "2010-12-02T12:18:12","version" => "1.2001_01"},{"date" => "2010-12-03T20:28:56","version" => "1.2002"},{"date" => "2010-12-07T18:05:50","version" => "1.2002_01"},{"date" => "2010-12-08T21:38:17","version" => "1.2002_02"},{"date" => "2010-12-10T18:28:16","version" => "1.2003"},{"date" => "2010-12-22T17:57:55","version" => "1.3000_01"},{"date" => "2011-01-03T15:17:14","version" => "1.3000_02"},{"date" => "2011-01-27T10:00:22","version" => "1.2004"},{"date" => "2011-01-27T10:09:31","version" => "1.3001"},{"date" => "2011-02-02T15:42:28","version" => "1.3002"},{"date" => "2011-02-05T17:07:15","version" => "1.2005"},{"date" => "2011-02-06T13:12:28","version" => "1.3003"},{"date" => "2011-02-10T20:48:48","version" => "1.3010"},{"date" => "2011-02-12T12:50:18","version" => "1.3010_01"},{"date" => "2011-02-14T15:58:10","version" => "1.3011"},{"date" => "2011-03-01T19:00:52","version" => "1.3012"},{"date" => "2011-03-03T08:41:00","version" => "1.3013"},{"date" => "2011-03-04T12:56:36","version" => "1.3014"},{"date" => "2011-03-10T14:16:24","version" => "1.3014_01"},{"date" => "2011-03-13T13:17:43","version" => "1.3019_01"},{"date" => "2011-03-14T07:44:57","version" => "1.3019_02"},{"date" => "2011-03-21T13:44:17","version" => "1.3020"},{"date" => "2011-04-01T15:22:58","version" => "1.3029_01"},{"date" => "2011-04-08T20:07:26","version" => "1.3029_02"},{"date" => "2011-04-10T08:18:44","version" => "1.3029_03"},{"date" => "2011-04-13T08:26:50","version" => "1.3030"},{"date" => "2011-04-27T14:58:57","version" => "1.3039_01"},{"date" => "2011-05-01T14:55:49","version" => "1.3040"},{"date" => "2011-05-14T15:03:00","version" => "1.3049_01"},{"date" => "2011-05-20T10:57:10","version" => "1.3050"},{"date" => "2011-05-27T12:57:27","version" => "1.3051"},{"date" => "2011-05-27T13:07:51","version" => "1.3059_01"},{"date" => "2011-05-29T14:06:24","version" => "1.3059_02"},{"date" => "2011-06-11T14:02:50","version" => "1.3059_03"},{"date" => "2011-06-12T17:31:55","version" => "1.3059_04"},{"date" => "2011-06-15T10:35:07","version" => "1.3060"},{"date" => "2011-07-07T13:19:45","version" => "1.3069_01"},{"date" => "2011-07-10T16:14:53","version" => "1.3069_02"},{"date" => "2011-07-14T13:47:19","version" => "1.3070"},{"date" => "2011-07-26T16:21:51","version" => "1.3071"},{"date" => "2011-08-17T15:27:53","version" => "1.3079_01"},{"date" => "2011-08-23T09:55:46","version" => "1.3072"},{"date" => "2011-08-28T14:13:40","version" => "1.3079_02"},{"date" => "2011-09-10T15:10:29","version" => "1.3079_03"},{"date" => "2011-10-02T16:07:02","version" => "1.3079_04"},{"date" => "2011-10-18T14:43:22","version" => "1.3079_05"},{"date" => "2011-10-25T21:16:42","version" => "1.3080"},{"date" => "2011-11-27T06:51:43","version" => "1.3089_01"},{"date" => "2011-12-13T14:41:24","version" => "1.3090"},{"date" => "2011-12-17T11:09:48","version" => "1.3091"},{"date" => "2012-01-27T14:38:05","version" => "1.3092"},{"date" => "2012-02-29T14:34:55","version" => "1.3093"},{"date" => "2012-03-31T09:57:40","version" => "1.3094"},{"date" => "2012-04-01T19:22:56","version" => "1.3095"},{"date" => "2012-06-22T20:18:54","version" => "1.3095_01"},{"date" => "2012-07-03T07:27:28","version" => "1.3095_02"},{"date" => "2012-07-05T23:09:20","version" => "1.3096"},{"date" => "2012-07-08T18:36:14","version" => "1.3097"},{"date" => "2012-07-28T14:40:15","version" => "1.3098"},{"date" => "2012-08-11T13:54:49","version" => "1.3099"},{"date" => "2012-08-25T19:42:47","version" => "1.3100"},{"date" => "2012-10-06T13:24:53","version" => "1.3110"},{"date" => "2012-12-24T13:17:58","version" => "1.9999_01"},{"date" => "2012-12-24T13:48:35","version" => "1.9999_02"},{"date" => "2013-01-22T21:38:11","version" => "2.0000_01"},{"date" => "2013-02-22T15:33:14","version" => "2.000001"},{"date" => "2013-02-24T22:51:59","version" => "1.3111"},{"date" => "2013-03-30T16:33:05","version" => "1.3111_01"},{"date" => "2013-04-01T22:31:08","version" => "1.3111_02"},{"date" => "2013-04-11T01:04:37","version" => "1.3112"},{"date" => "2013-05-09T00:36:16","version" => "1.3113"},{"date" => "2013-06-02T16:49:58","version" => "1.3114"},{"date" => "2013-06-09T23:54:16","version" => "1.3115"},{"date" => "2013-07-04T01:35:27","version" => "1.3116"},{"date" => "2013-07-31T22:40:52","version" => "1.3117"},{"date" => "2013-09-01T16:45:13","version" => "1.3118"},{"date" => "2013-10-26T19:42:59","version" => "1.3119"},{"date" => "2013-12-24T16:23:20","version" => "1.3120"},{"date" => "2014-02-02T22:26:53","version" => "1.3121"},{"date" => "2014-04-10T23:16:40","version" => "1.3122"},{"date" => "2014-04-12T15:47:53","version" => "1.3123"},{"date" => "2014-05-10T16:15:17","version" => "1.3124"},{"date" => "2014-07-12T17:19:08","version" => "1.3125"},{"date" => "2014-07-15T02:01:21","version" => "1.3126"},{"date" => "2014-09-09T00:49:19","version" => "1.3127"},{"date" => "2014-09-09T11:47:21","version" => "1.3128"},{"date" => "2014-09-10T00:50:37","version" => "1.3129"},{"date" => "2014-09-16T01:21:25","version" => "1.3130"},{"date" => "2014-10-11T18:59:22","version" => "1.3131_0"},{"date" => "2014-10-13T23:25:36","version" => "1.3131_1"},{"date" => "2014-10-20T23:14:23","version" => "1.3132"},{"date" => "2014-11-26T22:20:35","version" => "1.3133"},{"date" => "2015-02-23T01:33:08","version" => "1.3134"},{"date" => "2015-04-23T01:54:25","version" => "1.3135"},{"date" => "2015-05-24T15:48:19","version" => "1.3136"},{"date" => "2015-06-05T20:05:21","version" => "1.3137"},{"date" => "2015-06-12T20:55:50","version" => "1.3138"},{"date" => "2015-06-25T20:13:45","version" => "1.3139"},{"date" => "2015-07-03T13:56:32","version" => "1.3140"},{"date" => "2015-09-07T15:15:26","version" => "1.3141"},{"date" => "2015-09-15T00:52:23","version" => "1.3142"},{"date" => "2015-10-26T21:15:31","version" => "1.3143"},{"date" => "2015-11-04T12:36:07","version" => "1.3144"},{"date" => "2015-11-06T22:12:42","version" => "1.3200"},{"date" => "2015-11-07T19:27:25","version" => "1.3201"},{"date" => "2015-11-07T21:52:17","version" => "1.3202"},{"date" => "2016-02-15T21:33:45","version" => "1.3300"},{"date" => "2016-02-16T22:42:44","version" => "1.3301"},{"date" => "2018-05-20T19:52:07","version" => "1.3203"},{"date" => "2018-05-23T13:43:34","version" => "1.3204"},{"date" => "2018-06-13T22:02:36","version" => "1.3205"},{"date" => "2018-06-15T22:11:45","version" => "1.3400"},{"date" => "2018-10-01T11:53:31","version" => "1.3401"},{"date" => "2018-10-10T10:44:29","version" => "1.3402"},{"date" => "2018-10-11T22:45:37","version" => "1.3403"},{"date" => "2018-10-12T20:33:54","version" => "1.3500"},{"date" => "2019-03-14T19:27:25","version" => "1.3501"},{"date" => "2019-03-19T14:49:14","version" => "1.3510"},{"date" => "2019-03-29T11:18:31","version" => "1.3511"},{"date" => "2019-03-31T19:16:29","version" => "1.3512"},{"date" => "2020-01-29T21:03:12","version" => "1.3513"},{"date" => "2020-06-29T16:44:22","version" => "1.3514"},{"date" => "2020-10-02T20:51:17","version" => "1.3514_02"},{"date" => "2020-10-06T21:24:49","version" => "1.3514_03"},{"date" => "2022-06-29T22:00:04","version" => "1.3514_04"},{"date" => "2023-01-02T10:57:26","version" => "1.3520"},{"date" => "2023-02-05T23:40:49","version" => "1.3521"},{"date" => "2023-02-08T20:58:09","version" => "1.3521"},{"date" => "2026-01-26T22:30:00","version" => "1.3522"}]},"Dancer2" => {"advisories" => [{"affected_versions" => ["<0.206000"],"cves" => [],"description" => "There is a potential RCE with regards to Storable. We have added session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE.\n","distribution" => "Dancer2","fixed_versions" => [">=0.206000"],"id" => "CPANSA-Dancer2-2018-01","references" => ["https://metacpan.org/changes/distribution/Dancer2","http://lists.preshweb.co.uk/pipermail/dancer-users/2018-April/005952.html","https://github.com/PerlDancer/Dancer2/commit/3580f5d0874a9abf5483528f73bda9a7fd9ec7f1"],"reported" => "2018-01-30","severity" => "critical"}],"main_module" => "Dancer2","versions" => [{"date" => "2013-02-22T15:39:46","version" => "0.01"},{"date" => "2013-02-24T11:04:25","version" => "0.02"},{"date" => "2013-03-07T17:30:37","version" => "0.03"},{"date" => "2013-04-22T19:58:02","version" => "0.04"},{"date" => "2013-07-20T16:53:37","version" => "0.05"},{"date" => "2013-07-30T14:29:42","version" => "0.06"},{"date" => "2013-08-03T22:17:54","version" => "0.07"},{"date" => "2013-08-18T12:24:31","version" => "0.08"},{"date" => "2013-09-01T21:19:26","version" => "0.09"},{"date" => "2013-09-28T13:29:35","version" => "0.10"},{"date" => "2013-12-15T13:21:28","version" => "0.11"},{"date" => "2014-04-07T21:05:16","version" => "0.12"},{"date" => "2014-04-13T17:20:22","version" => "0.13"},{"date" => "2014-04-28T21:16:57","version" => "0.140000"},{"date" => "2014-05-01T08:50:43","version" => "0.140001"},{"date" => "2014-06-07T20:35:57","version" => "0.140900_01"},{"date" => "2014-06-08T20:29:28","version" => "0.141000"},{"date" => "2014-06-24T19:18:07","version" => "0.142000"},{"date" => "2014-07-05T19:43:17","version" => "0.143000"},{"date" => "2014-07-23T19:34:51","version" => "0.149000_01"},{"date" => "2014-08-10T11:53:37","version" => "0.149000_02"},{"date" => "2014-08-16T23:38:39","version" => "0.150000"},{"date" => "2014-10-08T19:51:49","version" => "0.151000"},{"date" => "2014-10-14T02:33:06","version" => "0.152000"},{"date" => "2014-10-23T21:48:36","version" => "0.153000"},{"date" => "2014-10-29T21:41:13","version" => "0.153001"},{"date" => "2014-10-30T08:29:15","version" => "0.153002"},{"date" => "2014-11-17T14:41:14","version" => "0.154000"},{"date" => "2014-11-28T00:21:55","version" => "0.155000"},{"date" => "2014-11-28T16:44:27","version" => "0.155001"},{"date" => "2014-12-02T22:02:03","version" => "0.155002"},{"date" => "2014-12-03T21:35:35","version" => "0.155003"},{"date" => "2014-12-04T10:57:08","version" => "0.155004"},{"date" => "2014-12-07T17:07:21","version" => "0.156000"},{"date" => "2014-12-08T22:08:30","version" => "0.156001"},{"date" => "2014-12-14T17:25:53","version" => "0.157000"},{"date" => "2014-12-21T19:42:24","version" => "0.157001"},{"date" => "2015-01-01T17:11:48","version" => "0.158000"},{"date" => "2015-02-24T03:54:24","version" => "0.159000"},{"date" => "2015-02-25T14:33:59","version" => "0.159001"},{"date" => "2015-03-03T18:25:28","version" => "0.159002"},{"date" => "2015-03-23T14:00:19","version" => "0.159003"},{"date" => "2015-04-26T22:15:22","version" => "0.160000"},{"date" => "2015-05-14T18:46:02","version" => "0.160001"},{"date" => "2015-06-04T11:07:02","version" => "0.160002"},{"date" => "2015-06-06T09:11:43","version" => "0.160003"},{"date" => "2015-07-08T13:04:02","version" => "0.161000"},{"date" => "2015-08-28T13:32:02","version" => "0.161000_01"},{"date" => "2015-09-06T11:13:10","version" => "0.162000"},{"date" => "2015-10-13T15:08:16","version" => "0.162000_01"},{"date" => "2015-10-15T11:00:10","version" => "0.163000"},{"date" => "2015-12-16T22:44:32","version" => "0.164000"},{"date" => "2015-12-17T08:23:24","version" => "0.165000"},{"date" => "2016-01-12T18:04:57","version" => "0.166000"},{"date" => "2016-01-22T06:57:11","version" => "0.166001"},{"date" => "2016-04-19T19:52:27","version" => "0.166001_01"},{"date" => "2016-04-29T14:45:41","version" => "0.166001_02"},{"date" => "2016-05-27T11:25:55","version" => "0.166001_03"},{"date" => "2016-05-27T12:57:04","version" => "0.166001_04"},{"date" => "2016-05-31T13:29:37","version" => "0.200000"},{"date" => "2016-06-16T14:00:23","version" => "0.200001"},{"date" => "2016-06-22T14:41:29","version" => "0.200002"},{"date" => "2016-07-05T19:36:46","version" => "0.200003"},{"date" => "2016-07-11T15:21:33","version" => "0.200003"},{"date" => "2016-07-22T04:41:26","version" => "0.200004"},{"date" => "2016-07-22T13:28:45","version" => "0.201000"},{"date" => "2016-08-13T18:53:07","version" => "0.202000"},{"date" => "2016-08-25T03:12:19","version" => "0.203000"},{"date" => "2016-09-04T02:01:29","version" => "0.203001"},{"date" => "2016-10-11T01:59:49","version" => "0.204000"},{"date" => "2016-10-17T13:32:25","version" => "0.204001"},{"date" => "2016-12-21T21:47:24","version" => "0.204002"},{"date" => "2017-01-25T21:23:22","version" => "0.204003"},{"date" => "2017-01-26T17:31:30","version" => "0.204004"},{"date" => "2017-03-10T21:40:43","version" => "0.205000"},{"date" => "2017-07-11T13:04:56","version" => "0.205001"},{"date" => "2017-10-17T21:10:03","version" => "0.205002"},{"date" => "2018-04-09T00:54:25","version" => "0.206000_01"},{"date" => "2018-04-10T01:50:18","version" => "0.206000_02"},{"date" => "2018-04-20T02:12:22","version" => "0.206000"},{"date" => "2018-11-14T22:26:15","version" => "0.207000"},{"date" => "2019-06-19T14:23:06","version" => "0.208000"},{"date" => "2019-08-05T01:12:14","version" => "0.208001"},{"date" => "2019-12-14T21:13:32","version" => "0.208002"},{"date" => "2019-12-24T05:57:09","version" => "0.300000"},{"date" => "2020-04-06T16:18:33","version" => "0.300001"},{"date" => "2020-04-07T15:49:22","version" => "0.300002"},{"date" => "2020-04-09T14:42:55","version" => "0.300003"},{"date" => "2020-05-27T00:54:55","version" => "0.300004"},{"date" => "2021-01-26T20:59:33","version" => "0.300005"},{"date" => "2021-03-15T23:12:49","version" => "0.301000"},{"date" => "2021-03-17T12:56:09","version" => "0.301001"},{"date" => "2021-04-18T19:33:05","version" => "0.301002"},{"date" => "2021-06-03T13:29:26","version" => "0.301003"},{"date" => "2021-06-06T17:32:08","version" => "0.301004"},{"date" => "2022-03-14T02:18:12","version" => "0.400000"},{"date" => "2023-02-05T23:42:54","version" => "0.400001"},{"date" => "2023-10-09T14:11:25","version" => "1.0.0"},{"date" => "2023-12-12T01:29:05","version" => "1.1.0"},{"date" => "2024-07-18T23:49:14","version" => "1.1.1"},{"date" => "2024-11-25T13:36:09","version" => "1.1.2"},{"date" => "2025-09-15T21:50:07","version" => "2.0.0"},{"date" => "2025-10-22T22:14:58","version" => "2.0.1"},{"date" => "2026-03-12T01:31:28","version" => "2.1.0"}]},"Data-Dumper" => {"advisories" => [{"affected_versions" => ["<2.154"],"cves" => ["CVE-2014-4330"],"description" => "Infinite recursion.\n","distribution" => "Data-Dumper","fixed_versions" => [">=2.154"],"id" => "CPANSA-Data-Dumper-2014-01","references" => ["https://metacpan.org/changes/distribution/Data-Dumper"],"reported" => "2014-09-30"}],"main_module" => "Data::Dumper","versions" => [{"date" => "1995-11-19T22:29:08","version" => "1.21"},{"date" => "1995-11-23T05:45:27","version" => "1.22"},{"date" => "1995-12-04T03:12:16","version" => "1.23"},{"date" => "1996-04-09T15:54:26","version" => "2.00"},{"date" => "1996-04-10T04:25:17","version" => "2.01"},{"date" => "1996-04-13T07:14:35","version" => "2.02"},{"date" => "1996-08-26T14:36:59","version" => "2.03"},{"date" => "1996-08-28T20:11:49","version" => "2.04"},{"date" => "1996-12-02T13:42:49","version" => "2.05"},{"date" => "1996-12-02T23:07:56","version" => "2.06"},{"date" => "1996-12-07T17:28:27","version" => "2.07"},{"date" => "1997-12-07T21:27:09","version" => "2.08"},{"date" => "1998-01-15T20:36:46","version" => "2.081"},{"date" => "1998-03-06T21:08:49","version" => "2.081"},{"date" => "1998-07-17T05:23:08","version" => "2.09"},{"date" => "1998-07-21T12:08:19","version" => "2.09"},{"date" => "1998-10-31T12:10:30","version" => "2.10"},{"date" => "1999-05-01T02:01:03","version" => "2.101"},{"date" => "1999-06-02T01:30:55","version" => "2.101"},{"date" => "2003-07-20T16:59:48","version" => "2.12_01"},{"date" => "2003-07-31T19:12:44","version" => "2.12_02"},{"date" => "2003-08-25T11:49:41","version" => "2.121"},{"date" => "2009-06-06T14:45:36","version" => "2.121_20"},{"date" => "2009-06-09T15:49:12","version" => "2.122"},{"date" => "2009-06-11T08:07:01","version" => "2.123"},{"date" => "2009-06-13T15:22:32","version" => "2.124"},{"date" => "2009-08-08T10:33:01","version" => "2.125"},{"date" => "2010-04-15T19:55:01","version" => "2.126"},{"date" => "2010-09-06T14:28:10","version" => "2.126_01"},{"date" => "2010-09-10T07:08:41","version" => "2.127"},{"date" => "2010-09-10T07:11:52","version" => "2.128"},{"date" => "2011-05-20T15:53:12","version" => "2.130_03"},{"date" => "2011-05-27T14:19:03","version" => "2.131"},{"date" => "2011-12-19T08:23:05","version" => "2.135_01"},{"date" => "2011-12-29T17:09:49","version" => "2.135_02"},{"date" => "2012-08-07T06:59:51","version" => "2.135_07"},{"date" => "2012-10-04T07:35:07","version" => "2.136"},{"date" => "2012-12-12T06:30:48","version" => "2.139"},{"date" => "2013-02-26T06:57:29","version" => "2.143"},{"date" => "2013-03-15T09:46:49","version" => "2.145"},{"date" => "2014-03-07T09:28:44","version" => "2.151"},{"date" => "2014-09-18T15:47:37","version" => "2.154"},{"date" => "2016-07-03T19:17:57","version" => "2.160"},{"date" => "2016-07-11T20:13:06","version" => "2.161"},{"date" => "2017-07-31T15:31:28","version" => "2.167_01"},{"date" => "2017-08-04T08:05:22","version" => "2.167_02"},{"date" => "2018-09-19T14:41:58","version" => "2.172"},{"date" => "2018-11-10T10:10:30","version" => "2.173"},{"date" => "2021-05-14T12:47:34","version" => "2.179_50"},{"date" => "2021-05-17T05:53:02","version" => "2.180"},{"date" => "2021-05-22T09:51:29","version" => "2.180_50"},{"date" => "2021-05-23T14:14:12","version" => "2.180_51"},{"date" => "2021-05-24T08:03:55","version" => "2.180_52"},{"date" => "2021-05-25T05:20:34","version" => "2.180_53"},{"date" => "2021-05-26T06:46:41","version" => "2.181"},{"date" => "2021-06-29T10:42:11","version" => "2.181_50"},{"date" => "2021-06-30T09:36:34","version" => "2.182"},{"date" => "2021-07-01T07:05:45","version" => "2.182_50"},{"date" => "2021-07-03T13:07:49","version" => "2.182_51"},{"date" => "2021-07-05T07:07:44","version" => "2.183"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "2.102"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.12"},{"date" => "2004-11-27T00:00:00","dual_lived" => 1,"perl_release" => "5.008006","version" => "2.121_02"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "2.121_04"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "2.121_08"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.121_17"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "2.121_13"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.010000","version" => "2.121_14"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "2.129"},{"date" => "2010-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013007","version" => "2.130_01"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "2.130_02"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "2.132"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "2.134"},{"date" => "2012-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015007","version" => "2.135_03"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "2.135_05"},{"date" => "2012-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015009","version" => "2.135_06"},{"date" => "2012-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017006","version" => "2.137"},{"date" => "2013-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017008","version" => "2.141"},{"date" => "2013-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017009","version" => "2.142"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.146"},{"date" => "2013-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.019002","version" => "2.147"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "2.148"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.149"},{"date" => "2013-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019007","version" => "2.150"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "2.151_01"},{"date" => "2014-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021001","version" => "2.152"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "2.155"},{"date" => "2015-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021008","version" => "2.156"},{"date" => "2015-02-21T00:00:00","dual_lived" => 1,"perl_release" => "5.021009","version" => "2.157"},{"date" => "2015-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02101","version" => "2.158"},{"date" => "2015-12-21T00:00:00","dual_lived" => 1,"perl_release" => "5.023006","version" => "2.159"},{"date" => "2016-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025006","version" => "2.162"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "2.165"},{"date" => "2016-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025008","version" => "2.166"},{"date" => "2017-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025009","version" => "2.167"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "2.169"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "2.170"},{"date" => "2018-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029002","version" => "2.171"},{"date" => "2019-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029010","version" => "2.174"},{"date" => "2021-01-23T00:00:00","dual_lived" => 1,"perl_release" => "5.032001","version" => "2.174_01"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "2.175"},{"date" => "2020-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033003","version" => "2.176"},{"date" => "2021-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033008","version" => "2.177"},{"date" => "2021-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033009","version" => "2.178"},{"date" => "2021-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.034","version" => "2.179"},{"date" => "2022-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035008","version" => "2.184"},{"date" => "2022-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037001","version" => "2.185"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "2.186"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "2.187"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037010","version" => "2.188"},{"date" => "2023-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039003","version" => "2.189"},{"date" => "2024-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.041001","version" => "2.190"},{"date" => "2025-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041008","version" => "2.191"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "2.192"}]},"Data-Entropy" => {"advisories" => [{"affected_versions" => ["<=0.007"],"cves" => ["CVE-2025-1860"],"description" => "Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not\x{a0}cryptographically secure,\x{a0}for cryptographic functions.","distribution" => "Data-Entropy","fixed_versions" => [">0.007"],"id" => "CPANSA-Data-Entropy-2025-1860","references" => ["https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80","https://perldoc.perl.org/functions/rand","https://lists.debian.org/debian-lts-announce/2025/03/msg00026.html"],"reported" => "2025-03-28","severity" => undef}],"main_module" => "Data::Entropy","versions" => [{"date" => "2006-07-19T01:09:30","version" => "0.000"},{"date" => "2006-08-03T20:27:12","version" => "0.001"},{"date" => "2006-08-05T09:15:08","version" => "0.002"},{"date" => "2007-01-21T00:51:31","version" => "0.003"},{"date" => "2007-09-03T21:25:09","version" => "0.004"},{"date" => "2009-03-03T20:31:03","version" => "0.005"},{"date" => "2009-11-21T14:01:52","version" => "0.006"},{"date" => "2011-04-27T20:03:17","version" => "0.007"},{"date" => "2025-03-27T19:11:37","version" => "0.008"}]},"Data-FormValidator" => {"advisories" => [{"affected_versions" => ["<=4.66"],"cves" => ["CVE-2011-2201"],"description" => "The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.\n","distribution" => "Data-FormValidator","fixed_versions" => [">4.66"],"id" => "CPANSA-Data-FormValidator-2011-2201","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511","http://www.openwall.com/lists/oss-security/2011/06/13/13","https://bugzilla.redhat.com/show_bug.cgi?id=712694","http://www.openwall.com/lists/oss-security/2011/06/12/3","http://www.securityfocus.com/bid/48167","https://rt.cpan.org/Public/Bug/Display.html?id=61792","http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html","http://www.openwall.com/lists/oss-security/2011/06/13/5"],"reported" => "2011-09-14","severity" => undef}],"main_module" => "Data::FormValidator","versions" => [{"date" => "2001-06-19T21:43:01","version" => "1.3"},{"date" => "2001-06-22T16:36:08","version" => "1.4"},{"date" => "2001-06-25T17:02:43","version" => "1.4"},{"date" => "2001-06-28T15:13:01","version" => "1.5"},{"date" => "2001-07-18T14:23:17","version" => "v1.5.1"},{"date" => "2001-09-23T22:42:22","version" => "1.6"},{"date" => "2001-11-03T18:16:00","version" => "1.7"},{"date" => "2002-02-14T22:45:46","version" => "1.8"},{"date" => "2002-02-18T02:20:12","version" => "1.9"},{"date" => "2002-04-21T13:42:36","version" => "1.10"},{"date" => "2002-06-29T21:04:14","version" => "1.11"},{"date" => "2002-10-07T02:06:39","version" => "1.91"},{"date" => "2002-12-23T23:36:37","version" => "1.92"},{"date" => "2003-03-08T13:10:33","version" => "1.93"},{"date" => "2003-03-23T03:01:57","version" => "2.00"},{"date" => "2003-04-02T15:18:15","version" => "2.01"},{"date" => "2003-04-09T15:54:50","version" => "2.02"},{"date" => "2003-04-10T16:12:40","version" => "2.03"},{"date" => "2003-04-12T02:58:35","version" => "2.04"},{"date" => "2003-04-20T22:23:44","version" => "2.10"},{"date" => "2003-04-24T02:51:03","version" => "2.10"},{"date" => "2003-05-11T21:29:55","version" => "3.00"},{"date" => "2003-05-16T04:06:05","version" => "3.01"},{"date" => "2003-05-26T23:18:18","version" => "3.1"},{"date" => "2003-05-27T19:41:01","version" => "3.11"},{"date" => "2003-06-23T01:27:03","version" => "3.12"},{"date" => "2003-11-02T21:19:10","version" => "3.13"},{"date" => "2003-11-03T17:59:41","version" => "3.14"},{"date" => "2003-11-30T20:36:41","version" => "3.15"},{"date" => "2004-01-04T01:37:01","version" => "3.49_1"},{"date" => "2004-01-12T22:04:27","version" => "3.50"},{"date" => "2004-02-27T04:19:47","version" => "3.51"},{"date" => "2004-03-21T17:42:11","version" => "3.52"},{"date" => "2004-03-23T02:33:53","version" => "3.53"},{"date" => "2004-03-24T14:55:49","version" => "3.54"},{"date" => "2004-04-17T02:30:02","version" => "3.56"},{"date" => "2004-04-22T02:26:41","version" => "3.57"},{"date" => "2004-05-05T21:55:00","version" => "3.58"},{"date" => "2004-07-02T17:48:51","version" => "3.59"},{"date" => "2004-09-28T02:25:35","version" => "3.61"},{"date" => "2004-10-09T04:00:51","version" => "3.62"},{"date" => "2004-11-17T22:27:13","version" => "3.63"},{"date" => "2005-05-20T01:25:45","version" => "4.00_01"},{"date" => "2005-07-03T19:37:11","version" => "4.00_02"},{"date" => "2005-07-20T02:07:36","version" => "3.70"},{"date" => "2005-07-31T17:36:02","version" => "3.71"},{"date" => "2005-08-14T16:09:26","version" => "4.00"},{"date" => "2005-08-20T18:20:14","version" => "4.01"},{"date" => "2005-09-01T02:31:29","version" => "4.02"},{"date" => "2005-12-23T01:00:49","version" => "4.10"},{"date" => "2006-01-03T23:49:53","version" => "4.11"},{"date" => "2006-01-06T02:14:25","version" => "4.12"},{"date" => "2006-02-10T02:48:33","version" => "4.13"},{"date" => "2006-02-17T18:48:14","version" => "4.14"},{"date" => "2006-06-13T01:12:23","version" => "4.20"},{"date" => "2006-07-01T15:42:37","version" => "4.21_01"},{"date" => "2006-07-11T01:45:51","version" => "4.30"},{"date" => "2006-08-21T23:43:58","version" => "4.40"},{"date" => "2006-10-03T18:16:57","version" => "4.49_1"},{"date" => "2006-12-05T02:41:19","version" => "4.50"},{"date" => "2007-07-14T03:36:00","version" => "4.51"},{"date" => "2007-10-19T19:41:46","version" => "4.52"},{"date" => "2007-10-20T20:02:19","version" => "4.50"},{"date" => "2007-10-21T13:30:20","version" => "4.54"},{"date" => "2007-10-21T15:50:42","version" => "4.55"},{"date" => "2007-10-31T16:49:55","version" => "4.56"},{"date" => "2007-11-02T02:55:19","version" => "4.57"},{"date" => "2008-06-16T18:28:54","version" => "4.60"},{"date" => "2008-06-16T18:46:47","version" => "4.61"},{"date" => "2009-01-03T17:14:18","version" => "4.62"},{"date" => "2009-01-03T17:49:48","version" => "4.63"},{"date" => "2009-12-31T03:22:00","version" => "4.65"},{"date" => "2010-02-24T14:33:48","version" => "4.66"},{"date" => "2011-11-12T02:18:45","version" => "4.67"},{"date" => "2011-11-12T03:11:55","version" => "4.70"},{"date" => "2012-10-02T20:40:09","version" => "4.71"},{"date" => "2012-11-01T15:14:05","version" => "4.80"},{"date" => "2013-07-19T12:31:06","version" => "4.81"},{"date" => "2017-02-23T15:15:37","version" => "4.82"},{"date" => "2017-02-23T16:39:53","version" => "4.83"},{"date" => "2017-02-25T15:12:25","version" => "4.84"},{"date" => "2017-02-25T20:34:08","version" => "4.85"},{"date" => "2017-03-26T19:39:49","version" => "4.86"},{"date" => "2017-08-28T12:41:42","version" => "4.88"}]},"Data-UUID" => {"advisories" => [{"affected_versions" => [">1.219,<1.227"],"cves" => ["CVE-2013-4184"],"description" => "Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks\n","distribution" => "Data-UUID","fixed_versions" => [">=1.227"],"id" => "CPANSA-Data-UUID-2013-4184","references" => ["https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4184","http://www.openwall.com/lists/oss-security/2013/07/31/4","http://www.securityfocus.com/bid/61534","https://exchange.xforce.ibmcloud.com/vulnerabilities/86103","https://security-tracker.debian.org/tracker/CVE-2013-4184","https://access.redhat.com/security/cve/cve-2013-4184","https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4184"],"reported" => "2019-12-10","severity" => "medium"}],"main_module" => "Data::UUID","versions" => [{"date" => "2001-10-30T17:35:43","version" => "0.01"},{"date" => "2001-10-31T17:16:07","version" => "0.02"},{"date" => "2001-11-05T17:56:17","version" => "0.03"},{"date" => "2001-12-12T21:23:28","version" => "0.04"},{"date" => "2002-02-13T19:57:54","version" => "0.05"},{"date" => "2002-03-11T15:42:56","version" => "0.06"},{"date" => "2002-06-12T21:38:06","version" => "0.07"},{"date" => "2002-11-29T17:19:21","version" => "0.08"},{"date" => "2003-02-26T21:56:46","version" => "0.09"},{"date" => "2003-07-17T21:55:38","version" => "0.10"},{"date" => "2003-08-27T20:17:10","version" => "0.11"},{"date" => "2006-02-24T00:44:57","version" => "0.12_01"},{"date" => "2006-02-25T20:45:33","version" => "0.13"},{"date" => "2006-03-18T13:42:09","version" => "0.14"},{"date" => "2006-09-06T02:19:07","version" => "0.141"},{"date" => "2006-09-06T02:46:59","version" => "0.142"},{"date" => "2006-09-18T02:16:47","version" => "0.143"},{"date" => "2006-09-19T22:29:33","version" => "0.145"},{"date" => "2006-11-15T01:22:33","version" => "0.146"},{"date" => "2006-11-16T14:16:50","version" => "0.147_01"},{"date" => "2006-11-16T15:25:08","version" => "0.148"},{"date" => "2007-03-08T16:05:15","version" => "1.148"},{"date" => "2008-11-01T16:36:57","version" => "1.149"},{"date" => "2008-11-02T03:21:27","version" => "1.200_01"},{"date" => "2008-11-11T21:40:52","version" => "1.200_02"},{"date" => "2009-04-18T18:12:28","version" => "1.201"},{"date" => "2009-06-15T22:47:18","version" => "1.202"},{"date" => "2009-11-03T21:49:20","version" => "1.203"},{"date" => "2010-05-07T01:57:28","version" => "1.210"},{"date" => "2010-05-07T12:00:52","version" => "1.211"},{"date" => "2010-05-07T22:59:24","version" => "1.212"},{"date" => "2010-05-09T19:29:59","version" => "1.213"},{"date" => "2010-05-15T01:06:55","version" => "1.214"},{"date" => "2010-05-25T02:47:15","version" => "1.215"},{"date" => "2010-09-04T18:14:56","version" => "1.216"},{"date" => "2010-09-14T01:48:04","version" => "1.217"},{"date" => "2012-08-01T03:25:46","version" => "1.218"},{"date" => "2013-07-07T03:00:13","version" => "1.219"},{"date" => "2014-12-16T00:07:05","version" => "1.220"},{"date" => "2015-08-10T12:37:32","version" => "1.221"},{"date" => "2018-04-29T22:11:17","version" => "1.222"},{"date" => "2019-02-25T22:28:34","version" => "1.223"},{"date" => "2019-03-02T14:20:33","version" => "1.224"},{"date" => "2020-04-12T18:42:29","version" => "1.225"},{"date" => "2020-04-12T18:43:57","version" => "1.226"},{"date" => "2024-03-18T19:39:28","version" => "1.227"}]},"Data-Validate-IP" => {"advisories" => [{"affected_versions" => ["<=0.29"],"cves" => ["CVE-2021-29662"],"description" => "The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Data-Validate-IP","fixed_versions" => [">0.29"],"id" => "CPANSA-Data-Validate-IP-2021-01","references" => ["https://security.netapp.com/advisory/ntap-20210604-0002/","https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/houseabsolute/Data-Validate-IP","https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e","https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md","https://sick.codes/sick-2021-018/"],"reported" => "2021-03-31"}],"main_module" => "Data::Validate::IP","versions" => [{"date" => "2005-03-04T16:46:50","version" => "0.02"},{"date" => "2005-03-04T20:06:14","version" => "0.03"},{"date" => "2005-04-28T15:11:20","version" => "0.04"},{"date" => "2007-03-06T19:45:16","version" => "0.05"},{"date" => "2007-05-16T16:08:59","version" => "0.06"},{"date" => "2007-05-18T02:42:07","version" => "0.07"},{"date" => "2007-12-06T18:48:53","version" => "0.08"},{"date" => "2009-06-04T17:52:28","version" => "0.10"},{"date" => "2010-03-01T19:40:48","version" => "0.11"},{"date" => "2010-12-29T21:23:08","version" => "0.12"},{"date" => "2011-01-06T14:25:53","version" => "0.13"},{"date" => "2011-01-06T14:45:14","version" => "0.14"},{"date" => "2013-02-05T00:19:11","version" => "0.15"},{"date" => "2013-02-06T15:18:38","version" => "0.16"},{"date" => "2013-02-19T15:58:21","version" => "0.17"},{"date" => "2013-02-20T00:31:32","version" => "0.18"},{"date" => "2013-03-13T15:48:07","version" => "0.19"},{"date" => "2013-07-13T19:21:15","version" => "0.20"},{"date" => "2013-12-05T21:16:41","version" => "0.21"},{"date" => "2013-12-05T22:47:38","version" => "0.22"},{"date" => "2014-03-09T16:00:20","version" => "0.23"},{"date" => "2014-08-28T16:00:00","version" => "0.24"},{"date" => "2016-02-02T16:17:46","version" => "0.25"},{"date" => "2016-05-31T17:31:50","version" => "0.26"},{"date" => "2016-11-17T18:05:57","version" => "0.27"},{"date" => "2021-03-29T17:01:17","version" => "0.28"},{"date" => "2021-03-29T17:07:58","version" => "0.29"},{"date" => "2021-03-29T21:50:39","version" => "0.30"},{"date" => "2022-11-28T18:19:55","version" => "0.31"}]},"Devel-PPPort" => {"advisories" => [{"affected_versions" => ["<3.41"],"cves" => [],"description" => "Function croak() takes first parameter printf-like format. Arbitrary string from the variable \$\@ can cause perl crash when contains one or more '%'.\n","distribution" => "Devel-PPPort","fixed_versions" => [">=3.41"],"id" => "CPANSA-Devel-PPPort-2017-01","references" => ["https://metacpan.org/dist/Devel-PPPort/changes","https://github.com/Dual-Life/Devel-PPPort/pull/47"],"reported" => "2017-02-14","severity" => undef}],"main_module" => "Devel::PPPort","versions" => [{"date" => "1999-03-01T05:05:50","version" => "1.0004"},{"date" => "1999-03-08T02:57:01","version" => "1.0005"},{"date" => "1999-03-24T16:17:40","version" => "1.0006"},{"date" => "1999-03-29T16:29:09","version" => "1.0007"},{"date" => "2004-08-07T14:09:53","version" => "2.99_01"},{"date" => "2004-08-08T17:24:46","version" => "2.99_02"},{"date" => "2004-08-09T20:40:45","version" => "2.99_03"},{"date" => "2004-08-10T21:37:23","version" => "2.99_04"},{"date" => "2004-08-10T21:52:34","version" => "2.99_05"},{"date" => "2004-08-11T21:14:33","version" => "2.99_06"},{"date" => "2004-08-13T11:05:16","version" => "2.99_07"},{"date" => "2004-08-16T09:37:21","version" => "3.00"},{"date" => "2004-08-17T21:45:21","version" => "3.00_01"},{"date" => "2004-08-19T11:23:25","version" => "3.00_02"},{"date" => "2004-08-20T13:31:59","version" => "3.00_03"},{"date" => "2004-08-23T05:52:31","version" => "3.01"},{"date" => "2004-09-08T19:25:27","version" => "3.02"},{"date" => "2004-09-08T20:39:17","version" => "3.03"},{"date" => "2004-12-29T14:03:53","version" => "3.04"},{"date" => "2005-01-31T18:29:11","version" => "3.05"},{"date" => "2005-02-02T21:53:39","version" => "3.06"},{"date" => "2005-06-25T16:59:34","version" => "3.06_01"},{"date" => "2005-10-18T19:59:34","version" => "3.06_02"},{"date" => "2005-10-18T21:43:58","version" => "3.06_03"},{"date" => "2005-10-30T11:10:01","version" => "3.06_04"},{"date" => "2006-01-16T18:10:31","version" => "3.07"},{"date" => "2006-01-19T18:40:04","version" => "3.08"},{"date" => "2006-05-20T11:11:00","version" => "3.08_01"},{"date" => "2006-05-22T11:17:01","version" => "3.08_02"},{"date" => "2006-05-25T15:33:51","version" => "3.08_03"},{"date" => "2006-05-29T17:44:18","version" => "3.08_04"},{"date" => "2006-06-23T19:00:30","version" => "3.08_05"},{"date" => "2006-06-25T08:09:51","version" => "3.08_06"},{"date" => "2006-07-03T21:36:39","version" => "3.08_07"},{"date" => "2006-07-08T16:22:49","version" => "3.09"},{"date" => "2006-07-21T17:25:17","version" => "3.09_01"},{"date" => "2006-07-25T18:45:27","version" => "3.09_02"},{"date" => "2006-08-14T19:31:33","version" => "3.10"},{"date" => "2006-12-02T16:26:47","version" => "3.10_01"},{"date" => "2006-12-02T17:23:57","version" => "3.10_02"},{"date" => "2007-02-14T13:10:03","version" => "3.11"},{"date" => "2007-03-23T17:09:16","version" => "3.11_01"},{"date" => "2007-08-12T23:08:25","version" => "3.11_02"},{"date" => "2007-08-14T19:14:20","version" => "3.11_03"},{"date" => "2007-08-20T16:31:23","version" => "3.11_04"},{"date" => "2007-08-20T17:29:16","version" => "3.11_05"},{"date" => "2007-09-11T21:41:31","version" => "3.11_06"},{"date" => "2007-09-22T08:00:55","version" => "3.12"},{"date" => "2007-10-04T10:33:11","version" => "3.13"},{"date" => "2008-01-04T14:09:17","version" => "3.13_01"},{"date" => "2008-04-13T13:11:47","version" => "3.13_02"},{"date" => "2008-05-13T19:07:49","version" => "3.13_03"},{"date" => "2008-06-01T12:08:17","version" => "3.14"},{"date" => "2008-07-11T20:42:44","version" => "3.14_01"},{"date" => "2008-10-12T19:49:45","version" => "3.14_02"},{"date" => "2008-10-21T21:20:59","version" => "3.14_03"},{"date" => "2008-10-30T18:55:01","version" => "3.14_04"},{"date" => "2008-10-31T07:20:25","version" => "3.14_05"},{"date" => "2009-01-18T13:49:22","version" => "3.15"},{"date" => "2009-01-23T17:33:31","version" => "3.16"},{"date" => "2009-03-15T15:45:38","version" => "3.17"},{"date" => "2009-06-12T11:05:52","version" => "3.18"},{"date" => "2009-06-12T11:25:31","version" => "3.18_01"},{"date" => "2009-06-14T09:59:59","version" => "3.19"},{"date" => "2010-02-20T18:48:07","version" => "3.19_01"},{"date" => "2010-03-07T12:51:00","version" => "3.19_02"},{"date" => "2011-04-13T07:49:49","version" => "3.19_03"},{"date" => "2011-09-10T19:32:27","version" => "3.20"},{"date" => "2013-08-17T13:27:59","version" => "3.21"},{"date" => "2014-03-20T02:17:15","version" => "3.22"},{"date" => "2014-04-13T00:04:17","version" => "3.23"},{"date" => "2014-05-09T00:15:50","version" => "3.24"},{"date" => "2014-12-02T13:08:04","version" => "3.25"},{"date" => "2015-01-08T02:42:03","version" => "3.26"},{"date" => "2015-01-13T15:02:40","version" => "3.27"},{"date" => "2015-01-16T12:33:46","version" => "3.28"},{"date" => "2015-03-05T13:22:18","version" => "3.29"},{"date" => "2015-03-05T20:29:10","version" => "3.30"},{"date" => "2015-03-12T14:27:15","version" => "3.31"},{"date" => "2015-09-30T16:31:45","version" => "3.32"},{"date" => "2016-05-06T11:01:12","version" => "3.32_01"},{"date" => "2016-05-24T13:59:25","version" => "3.32_02"},{"date" => "2016-06-03T13:47:32","version" => "3.33"},{"date" => "2016-06-12T23:09:20","version" => "3.34"},{"date" => "2016-06-17T18:22:04","version" => "3.35"},{"date" => "2017-05-14T08:53:44","version" => "3.36"},{"date" => "2018-04-21T12:18:05","version" => "3.41"},{"date" => "2018-04-21T14:45:37","version" => "3.42"},{"date" => "2018-09-19T14:47:44","version" => "3.43"},{"date" => "2018-10-12T17:16:24","version" => "3.43_04"},{"date" => "2019-02-20T23:05:14","version" => "3.44"},{"date" => "2019-03-19T20:55:38","version" => "3.45"},{"date" => "2019-04-26T19:50:59","version" => "3.46"},{"date" => "2019-04-28T05:30:49","version" => "3.47"},{"date" => "2019-04-28T21:43:34","version" => "3.48"},{"date" => "2019-04-28T21:57:51","version" => "3.48"},{"date" => "2019-04-29T17:48:49","version" => "3.49"},{"date" => "2019-04-30T19:05:34","version" => "3.50"},{"date" => "2019-04-30T23:09:43","version" => "3.51"},{"date" => "2019-05-14T17:18:17","version" => "3.52"},{"date" => "2019-06-09T16:13:03","version" => "3.52_04"},{"date" => "2019-06-11T07:57:30","version" => "3.53_04"},{"date" => "2019-09-28T00:25:55","version" => "3.53"},{"date" => "2019-09-28T00:35:17","version" => "3.54"},{"date" => "2019-11-07T21:15:22","version" => "3.55"},{"date" => "2019-11-25T17:04:32","version" => "3.56"},{"date" => "2020-01-31T20:46:51","version" => "3.57"},{"date" => "2020-02-10T22:15:17","version" => "3.57_01"},{"date" => "2020-03-04T21:32:50","version" => "3.57_02"},{"date" => "2020-03-09T20:42:29","version" => "3.58"},{"date" => "2020-08-06T22:31:34","version" => "3.58_01"},{"date" => "2020-08-10T16:51:52","version" => "3.59"},{"date" => "2020-08-11T19:44:32","version" => "3.60"},{"date" => "2020-09-30T23:22:16","version" => "3.60_01"},{"date" => "2020-10-07T14:59:47","version" => "3.60_02"},{"date" => "2020-10-12T23:25:45","version" => "3.61"},{"date" => "2020-10-16T20:01:45","version" => "3.62"},{"date" => "2021-07-07T00:08:28","version" => "3.63"},{"date" => "2022-02-01T18:16:40","version" => "3.64"},{"date" => "2022-03-02T22:12:02","version" => "3.65"},{"date" => "2022-03-02T22:41:01","version" => "3.66"},{"date" => "2022-03-08T19:25:43","version" => "3.67"},{"date" => "2022-03-18T22:08:30","version" => "3.68"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.0002"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "2.007"},{"date" => "2003-11-05T00:00:00","dual_lived" => 1,"perl_release" => "5.008002","version" => "2.009"},{"date" => "2004-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008003","version" => "2.011"},{"date" => "2003-10-27T00:00:00","dual_lived" => 1,"perl_release" => "5.009","version" => "2.008"},{"date" => "2004-03-16T00:00:00","dual_lived" => 1,"perl_release" => "5.009001","version" => "2.011_01"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "3.37"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "3.38"},{"date" => "2018-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027009","version" => "3.39"},{"date" => "2018-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027011","version" => "3.40"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.69"},{"date" => "2023-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037009","version" => "3.70"},{"date" => "2023-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037011","version" => "3.71"},{"date" => "2023-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039003","version" => "3.72"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.73"}]},"Devel-StackTrace" => {"advisories" => [{"affected_versions" => ["<1.19"],"cves" => ["CVE-2008-3502"],"description" => "Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.\n","distribution" => "Devel-StackTrace","fixed_versions" => [">=1.19"],"id" => "CPANSA-Devel-StackTrace-2008-3502","references" => ["http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html","http://www.securityfocus.com/bid/29925","http://secunia.com/advisories/30830","https://exchange.xforce.ibmcloud.com/vulnerabilities/43337"],"reported" => "2008-08-06","severity" => undef}],"main_module" => "Devel::StackTrace","versions" => [{"date" => "2000-06-27T19:21:12","version" => "0.7"},{"date" => "2000-07-04T16:34:23","version" => "0.75"},{"date" => "2000-09-03T02:55:27","version" => "0.8"},{"date" => "2000-09-03T04:10:13","version" => "0.85"},{"date" => "2001-11-24T06:37:34","version" => "0.9"},{"date" => "2002-08-23T09:12:26","version" => "1.00"},{"date" => "2002-09-18T16:19:28","version" => "1.01"},{"date" => "2002-09-19T22:12:09","version" => "1.02"},{"date" => "2003-01-22T20:33:08","version" => "1.03"},{"date" => "2003-09-25T19:15:23","version" => "1.04"},{"date" => "2004-02-17T20:35:35","version" => "1.05"},{"date" => "2004-02-22T00:14:28","version" => "1.06"},{"date" => "2004-02-22T00:30:48","version" => "1.07"},{"date" => "2004-02-23T15:25:26","version" => "1.08"},{"date" => "2004-02-26T22:30:00","version" => "1.09"},{"date" => "2004-03-10T21:25:04","version" => "1.10"},{"date" => "2004-04-12T05:11:33","version" => "1.11"},{"date" => "2005-09-30T05:47:47","version" => "1.12"},{"date" => "2006-04-01T04:51:47","version" => "1.13"},{"date" => "2007-03-16T15:29:38","version" => "1.14"},{"date" => "2007-04-28T20:07:57","version" => "1.15"},{"date" => "2008-02-02T06:09:06","version" => "1.16"},{"date" => "2008-03-30T17:20:19","version" => "1.17"},{"date" => "2008-03-31T14:16:23","version" => "1.18"},{"date" => "2008-06-13T18:07:37","version" => "1.19"},{"date" => "2008-06-13T23:46:42","version" => "1.1901"},{"date" => "2008-07-16T13:20:57","version" => "1.1902"},{"date" => "2008-10-26T01:44:25","version" => "1.20"},{"date" => "2009-07-02T04:50:03","version" => "1.21"},{"date" => "2009-07-15T19:51:37","version" => "1.22"},{"date" => "2010-08-28T01:47:36","version" => "1.23"},{"date" => "2010-09-03T14:18:22","version" => "1.24"},{"date" => "2010-09-06T14:54:15","version" => "1.25"},{"date" => "2010-10-15T15:25:58","version" => "1.26"},{"date" => "2011-01-16T18:57:01","version" => "1.27"},{"date" => "2012-11-16T16:59:05","version" => "1.28"},{"date" => "2012-11-16T17:47:00","version" => "1.29"},{"date" => "2012-11-20T05:07:49","version" => "1.30"},{"date" => "2014-01-16T22:37:16","version" => "1.31"},{"date" => "2014-05-05T08:01:10","version" => "1.32"},{"date" => "2014-06-26T20:43:33","version" => "1.33"},{"date" => "2014-06-26T21:50:12","version" => "1.34"},{"date" => "2014-11-01T18:06:29","version" => "2.00"},{"date" => "2016-03-02T17:23:15","version" => "2.01"},{"date" => "2016-12-07T19:51:47","version" => "2.02"},{"date" => "2017-11-18T17:10:57","version" => "2.03"},{"date" => "2019-05-24T18:54:07","version" => "2.04"},{"date" => "2024-01-08T04:48:56","version" => "2.05"}]},"Dezi" => {"advisories" => [{"affected_versions" => ["<0.002002"],"cves" => [],"description" => "Bypassing authentication on the /index URL app with non-idempotent requests to /search URL.\n","distribution" => "Dezi","fixed_versions" => [">=0.002002"],"id" => "CPANSA-Dezi-2012-01","references" => ["https://metacpan.org/changes/distribution/Dezi","https://github.com/karpet/Dezi/commit/f1ad292b4dd988d1a38202c804bb7a2a3bcca3c8"],"reported" => "2012-09-13"}],"main_module" => "Dezi","versions" => [{"date" => "2011-06-22T04:53:57","version" => "0.001000"},{"date" => "2011-08-03T02:42:22","version" => "0.001001"},{"date" => "2011-09-30T03:35:08","version" => "0.001002"},{"date" => "2011-10-23T02:12:02","version" => "0.001003"},{"date" => "2012-03-17T02:40:15","version" => "0.001004"},{"date" => "2012-07-11T03:20:40","version" => "0.001005"},{"date" => "2012-08-18T02:43:23","version" => "0.001006"},{"date" => "2012-08-22T03:58:33","version" => "0.001007"},{"date" => "2012-09-04T02:05:34","version" => "0.001008"},{"date" => "2012-09-12T03:51:13","version" => "0.002000"},{"date" => "2012-09-13T01:50:59","version" => "0.002001"},{"date" => "2012-09-13T14:10:02","version" => "0.002002"},{"date" => "2012-10-16T00:57:46","version" => "0.002003"},{"date" => "2012-10-18T03:15:21","version" => "0.002004"},{"date" => "2012-12-19T05:25:13","version" => "0.002005"},{"date" => "2013-02-03T02:49:07","version" => "0.002006"},{"date" => "2013-02-05T15:02:54","version" => "0.002007"},{"date" => "2013-02-09T05:37:41","version" => "0.002008"},{"date" => "2013-02-13T02:30:33","version" => "0.002009"},{"date" => "2013-02-13T04:31:49","version" => "0.002010"},{"date" => "2013-11-13T17:08:03","version" => "0.002011"},{"date" => "2014-02-27T18:08:30","version" => "0.002012"},{"date" => "2014-06-05T06:59:12","version" => "0.002998_01"},{"date" => "2014-06-08T04:59:17","version" => "0.003000"},{"date" => "2014-07-30T20:40:24","version" => "0.004000"},{"date" => "2014-09-02T02:45:00","version" => "0.004001"},{"date" => "2015-04-30T22:01:11","version" => "0.004002"},{"date" => "2018-05-16T02:24:24","version" => "0.004003"}]},"Digest" => {"advisories" => [{"affected_versions" => ["<1.17"],"cves" => ["CVE-2011-3597"],"description" => "Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.\n","distribution" => "Digest","fixed_versions" => [">=0.17"],"id" => "CPANSA-Digest-2011-3597","references" => ["http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://www.redhat.com/support/errata/RHSA-2011-1424.html","https://bugzilla.redhat.com/show_bug.cgi?id=743010","http://www.securityfocus.com/bid/49911","http://secunia.com/advisories/46279","http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes","http://www.mandriva.com/security/advisories?name=MDVSA-2012:009","http://www.mandriva.com/security/advisories?name=MDVSA-2012:008","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446"],"reported" => "2012-01-13","reviewed_by" => [{"date" => "2022-07-05","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => ["<1.19"],"cves" => ["CVE-2016-1238"],"description" => "Includes . in \@INC which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Digest","fixed_versions" => [">=1.19"],"id" => "CPANSA-Digest-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Digest","versions" => [{"date" => "2001-03-14T06:33:08","version" => "1.00"},{"date" => "2003-01-05T01:23:53","version" => "1.01"},{"date" => "2003-01-19T04:35:36","version" => "1.02"},{"date" => "2003-11-28T12:29:42","version" => "1.03"},{"date" => "2003-11-29T12:08:20","version" => "1.04"},{"date" => "2003-12-01T07:58:06","version" => "1.05"},{"date" => "2004-04-01T10:55:24","version" => "1.06"},{"date" => "2004-04-25T14:39:53","version" => "1.07"},{"date" => "2004-04-29T07:56:42","version" => "1.08"},{"date" => "2004-11-05T12:20:28","version" => "1.09"},{"date" => "2004-11-08T09:41:14","version" => "1.10"},{"date" => "2005-09-11T11:14:33","version" => "1.11"},{"date" => "2005-09-29T10:20:20","version" => "1.12"},{"date" => "2005-10-18T11:59:24","version" => "1.13"},{"date" => "2005-11-26T10:10:21","version" => "1.14"},{"date" => "2006-03-20T15:18:01","version" => "1.15"},{"date" => "2009-06-09T18:58:26","version" => "1.16"},{"date" => "2011-10-02T10:14:32","version" => "1.17"},{"date" => "2020-10-13T19:16:47","version" => "1.18"},{"date" => "2020-10-13T20:02:35","version" => "1.19"},{"date" => "2021-08-24T13:51:51","version" => "1.20"},{"date" => "2012-10-12T00:00:00","dual_lived" => 1,"perl_release" => "5.014003","version" => "1.16_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "1.17_01"}]},"Digest-MD5" => {"advisories" => [{"affected_versions" => ["<2.25"],"cves" => ["CVE-2002-0703"],"description" => "An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.\n","distribution" => "Digest-MD5","fixed_versions" => [],"id" => "CPANSA-Digest-MD5-2002-0703","references" => ["http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php","http://www.iss.net/security_center/static/9051.php","http://www.securityfocus.com/bid/4716","http://rhn.redhat.com/errata/RHSA-2002-081.html"],"reported" => "2002-07-26","severity" => undef}],"main_module" => "Digest::MD5","versions" => [{"date" => "1998-10-23T12:30:56","version" => "1.99_53"},{"date" => "1998-10-24T13:58:24","version" => "1.99_54"},{"date" => "1998-10-24T22:44:03","version" => "1.99_55"},{"date" => "1998-10-24T23:07:15","version" => "1.99_56"},{"date" => "1998-10-27T21:09:37","version" => "1.99_57"},{"date" => "1998-10-28T14:11:30","version" => "1.99_58"},{"date" => "1998-10-28T20:57:10","version" => "1.99_59"},{"date" => "1998-10-30T17:23:27","version" => "1.99_60"},{"date" => "1998-11-04T22:27:42","version" => "2.00"},{"date" => "1998-12-30T04:01:06","version" => "2.01"},{"date" => "1999-01-31T16:44:38","version" => "2.02"},{"date" => "1999-02-01T20:25:06","version" => "2.02"},{"date" => "1999-02-27T21:39:24","version" => "2.03"},{"date" => "1999-03-05T21:17:35","version" => "2.04"},{"date" => "1999-03-15T10:58:32","version" => "2.05"},{"date" => "1999-03-19T05:05:36","version" => "2.05"},{"date" => "1999-03-26T13:51:38","version" => "2.06"},{"date" => "1999-04-26T09:45:43","version" => "2.07"},{"date" => "1999-06-02T13:44:41","version" => "2.07"},{"date" => "1999-07-28T10:55:54","version" => "2.08"},{"date" => "1999-08-05T23:29:15","version" => "2.09"},{"date" => "1999-09-02T12:45:17","version" => "2.09"},{"date" => "2000-08-18T08:49:59","version" => "2.10"},{"date" => "2000-08-19T17:39:04","version" => "2.11"},{"date" => "2000-09-18T15:10:45","version" => "2.12"},{"date" => "2001-01-19T06:08:47","version" => "2.12"},{"date" => "2001-03-14T05:56:41","version" => "2.13"},{"date" => "2001-03-17T04:35:32","version" => "2.13"},{"date" => "2001-06-24T07:37:20","version" => "2.13"},{"date" => "2001-07-18T13:40:13","version" => "2.14"},{"date" => "2001-08-27T17:53:29","version" => "2.15"},{"date" => "2001-08-29T06:32:30","version" => "2.15"},{"date" => "2001-09-07T05:52:46","version" => "2.16"},{"date" => "2002-04-25T17:24:14","version" => "2.17"},{"date" => "2002-05-01T23:34:50","version" => "2.18"},{"date" => "2002-05-02T03:21:40","version" => "2.19"},{"date" => "2002-05-06T05:20:38","version" => "2.20"},{"date" => "2002-12-28T05:33:19","version" => "2.21"},{"date" => "2003-01-05T01:04:07","version" => "2.22"},{"date" => "2003-01-19T04:55:24","version" => "2.23"},{"date" => "2003-03-09T15:26:49","version" => "2.24"},{"date" => "2003-07-05T05:33:54","version" => "2.25"},{"date" => "2003-07-22T06:15:03","version" => "2.26"},{"date" => "2003-08-05T06:12:31","version" => "2.27"},{"date" => "2003-10-06T13:16:20","version" => "2.28"},{"date" => "2003-10-06T17:37:30","version" => "2.29"},{"date" => "2003-10-09T09:40:47","version" => "2.30"},{"date" => "2003-11-28T13:10:59","version" => "2.31"},{"date" => "2003-12-05T10:15:43","version" => "2.32"},{"date" => "2003-12-07T10:31:15","version" => "2.33"},{"date" => "2005-11-26T10:05:19","version" => "2.34"},{"date" => "2005-11-26T11:15:35","version" => "2.35"},{"date" => "2005-11-30T13:55:38","version" => "2.36"},{"date" => "2008-11-12T09:36:42","version" => "2.37"},{"date" => "2008-11-14T13:50:45","version" => "2.38"},{"date" => "2009-06-09T20:21:55","version" => "2.39"},{"date" => "2010-07-03T14:01:25","version" => "2.40"},{"date" => "2010-09-25T22:12:42","version" => "2.50"},{"date" => "2010-09-30T19:46:29","version" => "2.51"},{"date" => "2012-06-07T22:37:00","version" => "2.52"},{"date" => "2013-07-02T17:56:06","version" => "2.53"},{"date" => "2015-01-12T21:19:42","version" => "2.54"},{"date" => "2016-03-09T21:17:10","version" => "2.55"},{"date" => "2020-10-05T17:19:37","version" => "2.56"},{"date" => "2020-10-05T17:42:48","version" => "2.57"},{"date" => "2020-10-05T21:53:32","version" => "2.58"},{"date" => "2023-12-30T21:01:56","version" => "2.59"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "2.36_01"},{"date" => "2019-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031005","version" => "2.55_01"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038","version" => "2.58_01"}]},"Digest-SHA" => {"advisories" => [{"affected_versions" => ["<5.96"],"cves" => ["CVE-2016-1238"],"description" => "Digest::SHA before 5.96 with perls earlier than v5.26 included the current working directory in the module search path, which could lead to the inadvernant loading of unexpected versions of a module. The current directory was removed from the default module search path in perls from v5.26 and later.\n","distribution" => "Digest-SHA","fixed_versions" => [">=5.96"],"id" => "CPANSA-Digest-SHA-2016-1238","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=116513","https://github.com/advisories/GHSA-hm5v-6984-hfqp","https://metacpan.org/release/MSHELOR/Digest-SHA-5.96/diff/MSHELOR/Digest-SHA-5.95","https://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","https://lists.debian.org/debian-security-announce/2016/msg00206.html","https://security.gentoo.org/glsa/201701-75"],"reported" => undef,"severity" => "high"}],"main_module" => "Digest::SHA","versions" => [{"date" => "2003-10-11T09:45:19","version" => "0.9"},{"date" => "2003-10-20T09:50:18","version" => "1.0"},{"date" => "2003-10-25T11:31:51","version" => "1.01"},{"date" => "2003-11-01T21:22:08","version" => "2.0"},{"date" => "2003-11-09T11:06:19","version" => "2.1"},{"date" => "2003-11-16T11:08:06","version" => "2.2"},{"date" => "2003-11-19T11:54:09","version" => "2.3"},{"date" => "2003-11-23T00:52:20","version" => "2.4"},{"date" => "2003-11-26T12:32:09","version" => "3.0"},{"date" => "2003-11-30T07:47:28","version" => "v4.0.0"},{"date" => "2003-11-30T16:19:28","version" => "3.1-alpha1"},{"date" => "2003-12-01T13:27:50","version" => "4.0.2"},{"date" => "2003-12-03T11:20:55","version" => "v4.0.3"},{"date" => "2003-12-04T07:54:40","version" => "v4.0.4"},{"date" => "2003-12-06T09:23:46","version" => "v4.0.5"},{"date" => "2003-12-11T11:30:14","version" => "v4.0.6"},{"date" => "2003-12-13T09:30:39","version" => "v4.0.7"},{"date" => "2003-12-19T07:30:18","version" => "v4.0.8"},{"date" => "2003-12-24T10:37:28","version" => "v4.0.9"},{"date" => "2003-12-25T08:13:32","version" => "v4.1.0"},{"date" => "2003-12-28T00:09:30","version" => "v4.2.0"},{"date" => "2004-01-24T08:43:05","version" => "v4.2.1"},{"date" => "2004-02-01T08:52:29","version" => "v4.2.2"},{"date" => "2004-02-07T10:45:32","version" => "v4.3.0"},{"date" => "2004-03-04T10:41:51","version" => "v4.3.1"},{"date" => "2004-04-28T11:30:19","version" => "4.3.2"},{"date" => "2004-05-05T07:56:21","version" => "4.3.3"},{"date" => "2004-05-14T12:08:55","version" => "5.00"},{"date" => "2004-05-21T20:20:18","version" => "5.01"},{"date" => "2004-07-29T10:13:58","version" => "5.02"},{"date" => "2004-07-31T07:34:46","version" => "5.03"},{"date" => "2004-08-06T09:44:08","version" => "5.10"},{"date" => "2004-08-15T12:25:38","version" => "5.20"},{"date" => "2004-08-23T12:35:36","version" => "5.21"},{"date" => "2004-09-08T08:01:56","version" => "5.22"},{"date" => "2004-09-10T06:51:39","version" => "5.23"},{"date" => "2004-09-12T11:33:41","version" => "5.24"},{"date" => "2004-09-13T02:27:16","version" => "5.25"},{"date" => "2004-10-10T09:13:00","version" => "5.26"},{"date" => "2004-10-24T11:25:48","version" => "5.27"},{"date" => "2004-11-17T09:23:50","version" => "5.28"},{"date" => "2005-08-15T09:20:59","version" => "5.29"},{"date" => "2005-08-21T00:35:30","version" => "5.30"},{"date" => "2005-09-05T08:36:39","version" => "5.31"},{"date" => "2005-12-02T10:13:07","version" => "5.32"},{"date" => "2006-02-03T02:22:56","version" => "5.34"},{"date" => "2006-05-08T01:10:50","version" => "5.35"},{"date" => "2006-05-08T11:19:00","version" => "5.36"},{"date" => "2006-05-15T11:31:17","version" => "5.37"},{"date" => "2006-05-25T10:10:52","version" => "5.38"},{"date" => "2006-05-28T10:49:11","version" => "5.39"},{"date" => "2006-06-02T21:45:07","version" => "5.40"},{"date" => "2006-06-03T09:31:44","version" => "5.41"},{"date" => "2006-07-24T11:22:26","version" => "5.42"},{"date" => "2006-08-05T10:13:57","version" => "5.43"},{"date" => "2006-10-14T07:59:30","version" => "5.44"},{"date" => "2007-06-26T10:20:05","version" => "5.45"},{"date" => "2008-04-09T12:40:29","version" => "5.46"},{"date" => "2008-04-30T11:17:26","version" => "5.47"},{"date" => "2010-01-05T02:07:18","version" => "5.48"},{"date" => "2010-12-12T14:44:43","version" => "5.49"},{"date" => "2010-12-14T13:46:10","version" => "5.50"},{"date" => "2011-03-03T13:19:38","version" => "5.60"},{"date" => "2011-03-09T12:56:01","version" => "5.61"},{"date" => "2011-05-14T11:11:34","version" => "5.62"},{"date" => "2011-11-08T13:27:54","version" => "5.63"},{"date" => "2011-12-14T10:18:37","version" => "5.70"},{"date" => "2012-02-29T11:11:59","version" => "5.71"},{"date" => "2012-09-25T01:14:59","version" => "5.72"},{"date" => "2012-10-31T11:42:32","version" => "5.73"},{"date" => "2012-11-24T11:40:47","version" => "5.74"},{"date" => "2012-12-10T21:21:06","version" => "5.80"},{"date" => "2013-01-14T14:32:22","version" => "5.81"},{"date" => "2013-01-24T12:06:14","version" => "5.82"},{"date" => "2013-03-04T16:22:03","version" => "5.83"},{"date" => "2013-03-10T00:42:51","version" => "5.84"},{"date" => "2013-06-26T11:11:56","version" => "5.85"},{"date" => "2014-01-30T15:40:50","version" => "5.86"},{"date" => "2014-02-18T01:26:20","version" => "5.87"},{"date" => "2014-03-17T16:05:33","version" => "5.88"},{"date" => "2014-04-19T13:09:10","version" => "5.89"},{"date" => "2014-05-07T15:54:15","version" => "5.90"},{"date" => "2014-05-16T17:36:12","version" => "5.91"},{"date" => "2014-06-01T07:25:04","version" => "5.92"},{"date" => "2014-10-26T13:15:37","version" => "5.93"},{"date" => "2015-01-10T09:49:55","version" => "5.94"},{"date" => "2015-01-10T20:24:40","version" => "5.95"},{"date" => "2016-07-28T11:11:53","version" => "5.96"},{"date" => "2017-09-06T09:38:45","version" => "5.97"},{"date" => "2017-10-04T08:38:13","version" => "5.98"},{"date" => "2017-12-09T06:04:13","version" => "6.00"},{"date" => "2017-12-25T07:41:55","version" => "6.01"},{"date" => "2018-04-20T23:47:19","version" => "6.02"},{"date" => "2022-08-08T18:56:41","version" => "6.03"},{"date" => "2023-02-25T19:06:34","version" => "6.04"},{"date" => "2013-08-12T00:00:00","dual_lived" => 1,"perl_release" => "5.018001","version" => "5.84_01"},{"date" => "2014-10-01T00:00:00","dual_lived" => 1,"perl_release" => "5.018003","version" => "5.84_02"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "5.95_01"}]},"Dpkg" => {"advisories" => [{"affected_versions" => ["<1.21.8"],"cves" => ["CVE-2022-1664"],"description" => "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.\n","distribution" => "Dpkg","fixed_versions" => [">=1.21.8"],"id" => "CPANSA-Dpkg-2022-1664","references" => ["https://lists.debian.org/debian-security-announce/2022/msg00115.html","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b","https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"],"reported" => "2022-05-26","severity" => "critical"},{"affected_versions" => ["<1.18.24"],"cves" => ["CVE-2017-8283"],"description" => "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.24"],"id" => "CPANSA-Dpkg-2017-8283","references" => ["http://www.openwall.com/lists/oss-security/2017/04/20/2","http://www.securityfocus.com/bid/98064"],"reported" => "2017-04-26","severity" => "critical"},{"affected_versions" => ["<1.18.11"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.11"],"id" => "CPANSA-Dpkg-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => ["<1.18.4"],"cves" => ["CVE-2015-0860"],"description" => "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.4"],"id" => "CPANSA-Dpkg-2015-0860","references" => ["http://www.ubuntu.com/usn/USN-2820-1","http://www.debian.org/security/2015/dsa-3407","https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324","https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d","https://security.gentoo.org/glsa/201612-07"],"reported" => "2015-12-03","severity" => undef},{"affected_versions" => ["<1.18.0"],"cves" => ["CVE-2015-0840"],"description" => "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.0"],"id" => "CPANSA-Dpkg-2015-0840","references" => ["http://www.ubuntu.com/usn/USN-2566-1","http://www.debian.org/security/2015/dsa-3217","http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"],"reported" => "2015-04-13","severity" => undef},{"affected_versions" => ["<1.17.22"],"cves" => ["CVE-2014-8625"],"description" => "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.22"],"id" => "CPANSA-Dpkg-2014-8625","references" => ["http://seclists.org/oss-sec/2014/q4/539","https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135","http://seclists.org/oss-sec/2014/q4/622","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485","http://seclists.org/oss-sec/2014/q4/551","http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"],"reported" => "2015-01-20","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3127"],"description" => "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3127","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306","http://www.securityfocus.com/bid/67181","http://seclists.org/oss-sec/2014/q2/227","http://seclists.org/oss-sec/2014/q2/191","http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"],"reported" => "2014-05-14","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3864"],"description" => "Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3864","references" => ["http://openwall.com/lists/oss-security/2014/05/25/2","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498","http://www.securityfocus.com/bid/67725","http://www.ubuntu.com/usn/USN-2242-1","http://www.debian.org/security/2014/dsa-2953"],"reported" => "2014-05-30","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3865"],"description" => "Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3865","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749183","http://openwall.com/lists/oss-security/2014/05/25/2","http://www.securityfocus.com/bid/67727","http://www.ubuntu.com/usn/USN-2242-1","http://www.debian.org/security/2014/dsa-2953"],"reported" => "2014-05-30","severity" => undef},{"affected_versions" => ["<1.17.9"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.9"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.17.9"],"cves" => ["CVE-2014-3127"],"description" => "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.9"],"id" => "CPANSA-Dpkg-2014-3127","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306","http://www.securityfocus.com/bid/67181","http://seclists.org/oss-sec/2014/q2/227","http://seclists.org/oss-sec/2014/q2/191","http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"],"reported" => "2014-05-14","severity" => undef},{"affected_versions" => ["<1.17.8"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.8"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.15.8.8"],"cves" => ["CVE-2010-1679"],"description" => "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.8.8"],"id" => "CPANSA-Dpkg-2010-1679","references" => ["http://www.vupen.com/english/advisories/2011/0044","http://secunia.com/advisories/42831","http://secunia.com/advisories/42826","http://www.ubuntu.com/usn/USN-1038-1","http://www.debian.org/security/2011/dsa-2142","http://www.vupen.com/english/advisories/2011/0040","http://osvdb.org/70368","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html","http://secunia.com/advisories/43054","http://www.securityfocus.com/bid/45703","http://www.vupen.com/english/advisories/2011/0196","https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"],"reported" => "2011-01-11","severity" => undef},{"affected_versions" => ["<1.15.6"],"cves" => ["CVE-2010-0396"],"description" => "Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.6"],"id" => "CPANSA-Dpkg-2010-0396","references" => ["http://www.debian.org/security/2010/dsa-2011","http://www.vupen.com/english/advisories/2010/0582","http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz","https://exchange.xforce.ibmcloud.com/vulnerabilities/56887"],"reported" => "2010-03-15","severity" => undef},{"affected_versions" => ["==1.9.21"],"cves" => ["CVE-2004-2768"],"description" => "dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.\n","distribution" => "Dpkg","fixed_versions" => [">=1.9.22"],"id" => "CPANSA-Dpkg-2004-2768","references" => ["http://www.hackinglinuxexposed.com/articles/20031214.html","http://lists.jammed.com/ISN/2003/12/0056.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692","https://bugzilla.redhat.com/show_bug.cgi?id=598775","https://exchange.xforce.ibmcloud.com/vulnerabilities/59428"],"reported" => "2010-06-08","severity" => undef},{"affected_versions" => ["<1.15.10"],"cves" => ["CVE-2011-0402"],"description" => "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.10"],"id" => "CPANSA-Dpkg-2011-0402","references" => ["http://www.ubuntu.com/usn/USN-1038-1","http://secunia.com/advisories/42831","http://www.debian.org/security/2011/dsa-2142","http://secunia.com/advisories/42826","http://www.vupen.com/english/advisories/2011/0040","http://www.vupen.com/english/advisories/2011/0044","http://osvdb.org/70367","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html","http://www.vupen.com/english/advisories/2011/0196","http://www.securityfocus.com/bid/45703","http://secunia.com/advisories/43054","https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"],"reported" => "2011-01-11","severity" => undef}],"main_module" => "Dpkg","versions" => [{"date" => "2018-09-26T18:53:52","version" => "v1.19.1"},{"date" => "2018-10-08T10:54:58","version" => "v1.19.2"},{"date" => "2019-01-22T18:41:25","version" => "v1.19.3"},{"date" => "2019-02-23T17:40:31","version" => "v1.19.5"},{"date" => "2019-03-25T14:54:21","version" => "v1.19.6"},{"date" => "2019-06-03T21:51:58","version" => "v1.19.7"},{"date" => "2020-03-08T03:05:24","version" => "v1.20.0"},{"date" => "2020-06-27T01:26:33","version" => "v1.20.1"},{"date" => "2020-06-27T23:35:03","version" => "v1.20.2"},{"date" => "2020-06-29T11:02:10","version" => "v1.20.3"},{"date" => "2020-07-07T06:22:23","version" => "v1.20.4"},{"date" => "2020-07-08T03:55:55","version" => "v1.20.5"},{"date" => "2021-01-08T04:23:50","version" => "v1.20.6"},{"date" => "2021-01-09T00:19:44","version" => "v1.20.7"},{"date" => "2021-04-13T21:44:34","version" => "v1.20.8"},{"date" => "2021-04-13T23:33:15","version" => "v1.20.9"},{"date" => "2021-12-05T18:08:48","version" => "v1.21.0"},{"date" => "2021-12-06T20:23:10","version" => "v1.21.1"},{"date" => "2022-03-13T20:07:04","version" => "v1.21.2"},{"date" => "2022-03-24T20:19:38","version" => "v1.21.3"},{"date" => "2022-03-26T12:56:21","version" => "v1.21.4"},{"date" => "2022-03-29T01:07:10","version" => "v1.21.5"},{"date" => "2022-05-25T15:21:07","version" => "v1.21.8"},{"date" => "2022-07-01T09:48:45","version" => "v1.21.9"},{"date" => "2022-12-01T12:08:26","version" => "v1.21.10"},{"date" => "2022-12-02T23:34:17","version" => "v1.21.11"},{"date" => "2022-12-19T01:27:49","version" => "v1.21.13"},{"date" => "2023-01-01T23:04:24","version" => "v1.21.14"},{"date" => "2023-01-25T22:18:51","version" => "v1.21.19"},{"date" => "2023-05-16T22:34:01","version" => "v1.21.22"},{"date" => "2023-08-30T10:44:22","version" => "v1.22.0"},{"date" => "2023-10-30T03:47:45","version" => "v1.22.1"},{"date" => "2023-12-18T03:09:08","version" => "v1.22.2"},{"date" => "2024-01-24T12:39:35","version" => "v1.22.4"},{"date" => "2024-02-27T03:56:46","version" => "v1.22.5"},{"date" => "2024-03-10T21:52:57","version" => "v1.22.6"},{"date" => "2024-07-16T23:58:08","version" => "v1.22.7"},{"date" => "2024-07-21T18:44:31","version" => "v1.22.8"},{"date" => "2024-08-01T11:07:53","version" => "v1.22.11"},{"date" => "2025-01-02T03:22:30","version" => "v1.22.12"},{"date" => "2025-01-03T11:09:37","version" => "v1.22.13"},{"date" => "2025-03-07T02:57:57","version" => "v1.22.16"},{"date" => "2025-03-09T18:23:59","version" => "v1.22.18"},{"date" => "2025-05-18T22:53:57","version" => "v1.22.19"},{"date" => "2025-06-04T23:18:14","version" => "v1.22.20"},{"date" => "2025-07-02T00:09:01","version" => "v1.22.21"},{"date" => "2025-12-16T22:55:42","version" => "v1.23.0"},{"date" => "2025-12-17T12:41:12","version" => "v1.23.1"},{"date" => "2026-01-18T17:58:28","version" => "v1.23.4"}]},"EV-Hiredis" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.04"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "EV-Hiredis","fixed_versions" => [],"id" => "CPANSA-EV-Hiredis-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"}],"main_module" => "EV::Hiredis","versions" => [{"date" => "2013-01-09T10:22:05","version" => "0.01"},{"date" => "2013-03-13T06:16:24","version" => "0.02"},{"date" => "2014-09-18T09:39:46","version" => "0.03"},{"date" => "2017-04-23T10:09:14","version" => "0.04"},{"date" => "2022-09-11T04:29:22","version" => "0.05"},{"date" => "2023-04-25T22:39:52","version" => "0.06"},{"date" => "2023-05-03T14:14:01","version" => "0.07"}]},"EasyTCP" => {"advisories" => [{"affected_versions" => ["<0.15"],"cves" => ["CVE-2002-20002"],"description" => "The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.\n","distribution" => "EasyTCP","fixed_versions" => [">=0.15"],"id" => "CPANSA-EasyTCP-2002-20002","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/184","https://metacpan.org/release/MNAGUIB/EasyTCP-0.15/view/EasyTCP.pm","https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"],"reported" => "2025-01-02","severity" => "moderate"},{"affected_versions" => [">=0.15"],"cves" => ["CVE-2024-56830"],"description" => "The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.\n","distribution" => "EasyTCP","fixed_versions" => [],"id" => "CPANSA-EasyTCP-2024-56830","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/184","https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"],"reported" => "2025-01-02","severity" => "moderate"}],"main_module" => "Net::EasyTCP","versions" => [{"date" => "2002-01-03T20:21:16","version" => "0.01"},{"date" => "2002-01-10T23:58:29","version" => "0.02"},{"date" => "2002-01-12T22:23:25","version" => "0.03"},{"date" => "2002-01-14T20:13:58","version" => "0.04"},{"date" => "2002-01-16T16:30:59","version" => "0.05"},{"date" => "2002-01-18T04:48:03","version" => "0.06"},{"date" => "2002-01-21T20:26:09","version" => "0.07"},{"date" => "2002-01-22T21:08:52","version" => "0.08"},{"date" => "2002-01-31T16:33:35","version" => "0.09"},{"date" => "2002-02-01T02:09:00","version" => "0.10"},{"date" => "2002-02-05T20:35:47","version" => "0.11"},{"date" => "2002-02-22T19:51:44","version" => "0.12"},{"date" => "2002-03-22T20:47:32","version" => "0.13"},{"date" => "2002-09-07T05:21:49","version" => "0.14"},{"date" => "2002-09-25T03:02:37","version" => "0.15"},{"date" => "2002-09-30T20:20:38","version" => "0.16"},{"date" => "2002-11-11T19:38:16","version" => "0.17"},{"date" => "2003-02-26T22:15:03","version" => "0.18"},{"date" => "2003-03-02T05:47:04","version" => "0.19"},{"date" => "2003-05-14T19:40:01","version" => "0.20"},{"date" => "2003-05-14T20:22:30","version" => "0.21"},{"date" => "2003-05-15T13:10:31","version" => "0.22"},{"date" => "2003-05-24T13:19:56","version" => "0.23"},{"date" => "2003-07-15T01:11:20","version" => "0.24"},{"date" => "2003-08-07T12:19:25","version" => "0.25"},{"date" => "2004-04-06T02:50:22","version" => "0.26"}]},"Elive" => {"advisories" => [{"affected_versions" => ["<1.20"],"cves" => [],"description" => "Elive::DAO->set() did not die on tainted data.\n","distribution" => "Elive","fixed_versions" => [">=1.20"],"id" => "CPANSA-Elive-2011-01","references" => ["https://metacpan.org/dist/Elive/changes"],"reported" => "2011-10-15","severity" => undef}],"main_module" => "Elive","versions" => [{"date" => "2009-03-17T06:37:43","version" => "0.01"},{"date" => "2009-04-13T23:51:59","version" => "0.02"},{"date" => "2009-04-14T20:26:27","version" => "0.03"},{"date" => "2009-04-15T22:30:08","version" => "0.04"},{"date" => "2009-04-17T07:27:23","version" => "0.05"},{"date" => "2009-04-17T22:04:55","version" => "0.06"},{"date" => "2009-04-22T00:14:13","version" => "0.07"},{"date" => "2009-04-22T03:10:13","version" => "0.08"},{"date" => "2009-04-24T22:26:35","version" => "0.09"},{"date" => "2009-04-28T07:30:45","version" => "0.10"},{"date" => "2009-04-29T21:49:12","version" => "0.11"},{"date" => "2009-05-01T23:15:47","version" => "0.12"},{"date" => "2009-05-04T22:19:09","version" => "0.13"},{"date" => "2009-05-05T20:09:18","version" => "0.14"},{"date" => "2009-05-08T22:04:14","version" => "0.15"},{"date" => "2009-05-11T20:38:56","version" => "0.16"},{"date" => "2009-05-13T21:31:52","version" => "0.17"},{"date" => "2009-05-15T03:47:36","version" => "0.18"},{"date" => "2009-05-18T21:43:03","version" => "0.19"},{"date" => "2009-05-24T00:13:36","version" => "0.20"},{"date" => "2009-05-24T20:48:19","version" => "0.21"},{"date" => "2009-05-27T22:05:37","version" => "0.22"},{"date" => "2009-05-29T05:09:57","version" => "0.23"},{"date" => "2009-06-03T04:48:43","version" => "0.24"},{"date" => "2009-06-03T22:18:02","version" => "0.25"},{"date" => "2009-06-12T22:36:31","version" => "0.26"},{"date" => "2009-06-19T21:34:40","version" => "0.27"},{"date" => "2009-06-22T03:47:43","version" => "0.28"},{"date" => "2009-06-24T04:14:37","version" => "0.29"},{"date" => "2009-06-26T23:24:47","version" => "0.30"},{"date" => "2009-07-03T06:18:23","version" => "0.31"},{"date" => "2009-07-17T22:56:55","version" => "0.32"},{"date" => "2009-07-22T03:22:18","version" => "0.33"},{"date" => "2009-07-28T06:46:45","version" => "0.34"},{"date" => "2009-08-02T22:36:31","version" => "0.35"},{"date" => "2009-08-03T22:44:25","version" => "0.36"},{"date" => "2009-08-05T21:02:32","version" => "0.37"},{"date" => "2009-08-21T08:29:37","version" => "0.38"},{"date" => "2009-08-31T02:24:45","version" => "0.39"},{"date" => "2009-09-10T01:20:54","version" => "0.40"},{"date" => "2009-09-11T21:34:13","version" => "0.41"},{"date" => "2009-10-08T00:53:22","version" => "0.42"},{"date" => "2009-10-20T23:09:46","version" => "0.43"},{"date" => "2009-10-22T00:05:22","version" => "0.44"},{"date" => "2009-10-26T04:15:36","version" => "0.45"},{"date" => "2009-10-28T08:27:27","version" => "0.46"},{"date" => "2009-10-28T21:26:06","version" => "0.47"},{"date" => "2009-10-29T00:00:43","version" => "0.48"},{"date" => "2009-11-02T21:37:24","version" => "0.48_01"},{"date" => "2009-11-06T20:36:30","version" => "0.49"},{"date" => "2009-11-09T21:34:02","version" => "0.50"},{"date" => "2009-11-16T00:26:26","version" => "0.51"},{"date" => "2009-11-30T20:38:39","version" => "0.52"},{"date" => "2009-12-14T23:14:43","version" => "0.53"},{"date" => "2009-12-18T00:24:06","version" => "0.53_1"},{"date" => "2009-12-18T22:36:34","version" => "0.54"},{"date" => "2009-12-20T20:02:22","version" => "0.55"},{"date" => "2010-01-04T06:35:00","version" => "0.56"},{"date" => "2010-01-04T21:18:52","version" => "0.57"},{"date" => "2010-01-14T00:08:40","version" => "0.58"},{"date" => "2010-01-21T22:46:27","version" => "0.59"},{"date" => "2010-01-24T21:24:09","version" => "0.60"},{"date" => "2010-01-26T22:38:54","version" => "0.61"},{"date" => "2010-02-15T23:06:41","version" => "0.62"},{"date" => "2010-03-06T22:34:53","version" => "0.63"},{"date" => "2010-03-11T22:45:28","version" => "0.64"},{"date" => "2010-05-17T00:40:50","version" => "0.65"},{"date" => "2010-05-21T23:54:39","version" => "0.66"},{"date" => "2010-05-27T22:12:29","version" => "0.67"},{"date" => "2010-06-02T07:33:50","version" => "0.68"},{"date" => "2010-06-11T00:12:21","version" => "0.69"},{"date" => "2010-06-22T05:13:22","version" => "0.70"},{"date" => "2010-06-22T22:20:27","version" => "0.71"},{"date" => "2010-08-13T01:10:30","version" => "0.72"},{"date" => "2010-09-03T03:48:51","version" => "0.73"},{"date" => "2010-10-14T20:54:08","version" => "0.74_2"},{"date" => "2010-10-18T01:49:41","version" => "0.74"},{"date" => "2010-10-27T23:52:59","version" => "0.75"},{"date" => "2010-11-09T23:46:08","version" => "0.76"},{"date" => "2010-12-08T21:27:13","version" => "0.77"},{"date" => "2010-12-08T23:17:00","version" => "0.78"},{"date" => "2011-01-20T02:01:43","version" => "0.79"},{"date" => "2011-01-27T19:56:34","version" => "0.80"},{"date" => "2011-02-03T03:17:09","version" => "0.81"},{"date" => "2011-02-10T00:02:08","version" => "0.82"},{"date" => "2011-03-10T05:19:08","version" => "0.83"},{"date" => "2011-03-11T01:11:39","version" => "0.84"},{"date" => "2011-03-14T00:55:18","version" => "0.85"},{"date" => "2011-03-14T21:15:08","version" => "0.86"},{"date" => "2011-04-11T00:59:22","version" => "0.87"},{"date" => "2011-04-11T19:19:42","version" => "0.87.1"},{"date" => "2011-04-15T02:12:50","version" => "0.87.2"},{"date" => "2011-04-27T02:43:51","version" => "0.88"},{"date" => "2011-05-20T00:15:55","version" => "0.89"},{"date" => "2011-06-08T23:34:06","version" => "0.90"},{"date" => "2011-06-14T23:35:27","version" => "0.91"},{"date" => "2011-06-28T07:09:46","version" => "0.95"},{"date" => "2011-06-29T21:42:38","version" => "0.96"},{"date" => "2011-07-05T06:35:18","version" => "0.97"},{"date" => "2011-07-08T00:35:18","version" => "0.98"},{"date" => "2011-07-14T03:25:12","version" => "0.99"},{"date" => "2011-07-19T00:14:00","version" => "1.00"},{"date" => "2011-07-20T01:14:39","version" => "1.01"},{"date" => "2011-07-21T05:49:47","version" => "1.02"},{"date" => "2011-07-23T23:23:35","version" => "1.03"},{"date" => "2011-07-29T00:14:06","version" => "1.04"},{"date" => "2011-08-01T02:20:53","version" => "1.05"},{"date" => "2011-08-05T21:36:24","version" => "1.06"},{"date" => "2011-08-07T01:43:31","version" => "1.07"},{"date" => "2011-08-09T00:51:44","version" => "1.08"},{"date" => "2011-08-10T05:13:13","version" => "1.09"},{"date" => "2011-08-10T21:06:42","version" => "1.10"},{"date" => "2011-08-11T22:27:24","version" => "1.11"},{"date" => "2011-08-15T00:58:40","version" => "1.12"},{"date" => "2011-08-19T00:21:11","version" => "1.13"},{"date" => "2011-08-20T22:44:01","version" => "1.14"},{"date" => "2011-08-23T21:43:48","version" => "1.15"},{"date" => "2011-08-26T22:25:28","version" => "1.16"},{"date" => "2011-09-08T22:32:49","version" => "1.17"},{"date" => "2011-09-16T00:00:34","version" => "1.18"},{"date" => "2011-09-28T07:09:24","version" => "1.19"},{"date" => "2011-11-15T01:28:33","version" => "1.20"},{"date" => "2011-12-03T01:49:03","version" => "1.21"},{"date" => "2012-01-05T04:04:10","version" => "1.22"},{"date" => "2012-01-25T20:01:01","version" => "1.23"},{"date" => "2012-02-28T01:03:16","version" => "1.24"},{"date" => "2012-04-18T04:53:06","version" => "1.25"},{"date" => "2012-05-04T04:11:34","version" => "1.26"},{"date" => "2012-07-13T21:59:27","version" => "1.27"},{"date" => "2012-10-12T02:45:37","version" => "1.28"},{"date" => "2012-10-26T21:16:49","version" => "1.29"},{"date" => "2013-01-04T01:33:50","version" => "1.30"},{"date" => "2013-03-28T02:39:54","version" => "1.31"},{"date" => "2014-02-28T16:40:50","version" => "1.32"},{"date" => "2015-01-21T21:14:50","version" => "1.33"},{"date" => "2015-04-03T22:38:32","version" => "1.34"},{"date" => "2015-06-29T02:59:33","version" => "1.35"},{"date" => "2015-12-03T20:48:05","version" => "1.36"},{"date" => "2015-12-04T02:58:35","version" => "1.37"}]},"Email-Address" => {"advisories" => [{"affected_versions" => ["<1.905"],"cves" => ["CVE-2014-0477"],"description" => "Inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.\n","distribution" => "Email-Address","fixed_versions" => [">=1.905"],"id" => "CPANSA-Email-Address-2014-01","references" => ["https://metacpan.org/changes/distribution/Email-Address"],"reported" => "2014-07-03"},{"affected_versions" => ["<1.909"],"cves" => ["CVE-2018-12558"],"description" => "The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters (\"\\f\").\n","distribution" => "Email-Address","fixed_versions" => [">=1.909"],"id" => "CPANSA-Email-Address-2014-01","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873","http://www.openwall.com/lists/oss-security/2018/06/19/3","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00012.html"],"reported" => "2018-06-19"},{"affected_versions" => ["<1.904"],"cves" => ["CVE-2014-4720"],"description" => "Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to \"backtracking into the phrase,\" a different vulnerability than CVE-2014-0477.\n","distribution" => "Email-Address","fixed_versions" => [">=1.904"],"id" => "CPANSA-Email-Address-2014-4720","references" => ["https://github.com/rjbs/Email-Address/blob/master/Changes","http://seclists.org/oss-sec/2014/q2/563"],"reported" => "2014-07-06","severity" => undef}],"main_module" => "Email::Address","versions" => [{"date" => "2004-05-27T03:19:56","version" => "1.1"},{"date" => "2004-06-02T16:35:30","version" => "1.2"},{"date" => "2004-08-16T21:39:58","version" => "1.3"},{"date" => "2004-10-05T18:10:42","version" => "1.5"},{"date" => "2004-10-05T18:20:42","version" => "1.6"},{"date" => "2004-10-13T10:21:17","version" => "1.7"},{"date" => "2004-10-22T16:37:27","version" => "1.80"},{"date" => "2006-07-11T15:04:28","version" => "1.85"},{"date" => "2006-07-22T00:42:17","version" => "1.86"},{"date" => "2006-08-10T16:48:44","version" => "1.870"},{"date" => "2006-10-12T19:35:04","version" => "1.861"},{"date" => "2006-10-12T22:16:28","version" => "1.871"},{"date" => "2006-11-11T16:01:38","version" => "1.880"},{"date" => "2006-11-19T21:19:02","version" => "1.881"},{"date" => "2006-11-22T01:26:44","version" => "1.882"},{"date" => "2006-11-25T13:53:46","version" => "1.883"},{"date" => "2006-12-05T03:41:39","version" => "1.884"},{"date" => "2007-03-01T01:08:16","version" => "1.885"},{"date" => "2007-03-01T20:18:53","version" => "1.886"},{"date" => "2007-04-01T19:15:49","version" => "1.887"},{"date" => "2007-06-23T01:27:24","version" => "1.888"},{"date" => "2007-12-19T22:14:37","version" => "1.889"},{"date" => "2010-08-22T19:03:33","version" => "1.890"},{"date" => "2010-08-31T00:56:53","version" => "1.891"},{"date" => "2010-09-03T23:45:13","version" => "1.892"},{"date" => "2012-01-03T03:55:12","version" => "1.893"},{"date" => "2012-01-14T16:17:56","version" => "1.894"},{"date" => "2012-01-15T18:41:33","version" => "1.895"},{"date" => "2012-08-01T03:07:33","version" => "1.896"},{"date" => "2012-12-17T15:16:33","version" => "1.897"},{"date" => "2013-02-07T21:41:48","version" => "1.898"},{"date" => "2013-08-02T14:54:13","version" => "1.899"},{"date" => "2013-08-08T18:46:07","version" => "1.900"},{"date" => "2014-01-29T03:43:28","version" => "1.901"},{"date" => "2014-04-17T15:19:31","version" => "1.902"},{"date" => "2014-04-18T01:07:10","version" => "1.903"},{"date" => "2014-06-14T04:22:22","version" => "1.904"},{"date" => "2014-06-18T02:55:59","version" => "1.905"},{"date" => "2015-02-03T21:49:39","version" => "1.906"},{"date" => "2015-02-03T22:48:46","version" => "1.907"},{"date" => "2015-09-20T02:55:12","version" => "1.908"},{"date" => "2018-03-05T03:26:56","version" => "1.909"},{"date" => "2018-12-18T02:29:23","version" => "1.910"},{"date" => "2018-12-22T16:31:37","version" => "1.911"},{"date" => "2018-12-31T19:51:36","version" => "1.912"},{"date" => "2023-01-10T00:42:33","version" => "1.913"}]},"Email-MIME" => {"advisories" => [{"affected_versions" => ["<1.954"],"cves" => ["CVE-2024-4140"],"description" => "An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.\n","distribution" => "Email-MIME","fixed_versions" => [">=1.954"],"id" => "CPANSA-Email-MIME-2024-4140","references" => ["https://bugs.debian.org/960062","https://github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2","https://github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8","https://github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531","https://github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2d","https://github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1","https://github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63","https://github.com/rjbs/Email-MIME/issues/66","https://github.com/rjbs/Email-MIME/pull/80","https://www.cve.org/CVERecord?id=CVE-2024-4140"],"reported" => "2024-05-02","severity" => undef}],"main_module" => "Email::MIME","versions" => [{"date" => "2004-01-23T12:04:54","version" => "1.0_01"},{"date" => "2004-03-24T16:01:33","version" => "1.1"},{"date" => "2004-04-02T08:52:35","version" => "1.2"},{"date" => "2004-04-05T16:27:42","version" => "1.3"},{"date" => "2004-07-01T17:38:00","version" => "1.4"},{"date" => "2004-07-01T17:40:06","version" => "1.5"},{"date" => "2004-07-04T20:17:06","version" => "1.6"},{"date" => "2004-07-05T21:56:19","version" => "1.7"},{"date" => "2004-08-25T09:58:28","version" => "1.8"},{"date" => "2004-10-30T00:19:03","version" => "1.81"},{"date" => "2004-11-18T01:02:46","version" => "1.82"},{"date" => "2006-07-13T12:09:00","version" => "1.85"},{"date" => "2006-08-22T12:15:01","version" => "1.851"},{"date" => "2006-09-06T03:22:24","version" => "1.852"},{"date" => "2006-10-12T19:23:59","version" => "1.853"},{"date" => "2006-10-15T12:57:06","version" => "1.854"},{"date" => "2006-10-19T19:26:56","version" => "1.855"},{"date" => "2006-11-28T01:54:55","version" => "1.856"},{"date" => "2006-11-28T02:45:42","version" => "1.857"},{"date" => "2007-02-10T03:53:13","version" => "1.858"},{"date" => "2007-03-21T02:13:51","version" => "1.859"},{"date" => "2007-07-14T02:17:11","version" => "1.860"},{"date" => "2007-11-06T02:03:23","version" => "1.861"},{"date" => "2008-09-08T22:24:06","version" => "1.861_01"},{"date" => "2009-01-24T03:09:24","version" => "1.862"},{"date" => "2009-01-30T13:35:20","version" => "1.863"},{"date" => "2009-11-03T20:49:02","version" => "1.900"},{"date" => "2009-11-05T19:29:16","version" => "1.901"},{"date" => "2009-11-11T20:53:15","version" => "1.902"},{"date" => "2009-12-23T14:14:45","version" => "1.903"},{"date" => "2010-09-04T22:05:49","version" => "1.904"},{"date" => "2010-09-06T13:25:51","version" => "1.905"},{"date" => "2010-10-08T01:06:33","version" => "1.906"},{"date" => "2011-02-02T22:52:42","version" => "1.907"},{"date" => "2011-06-02T03:16:50","version" => "1.908"},{"date" => "2011-09-08T19:27:38","version" => "1.909"},{"date" => "2011-09-12T16:45:52","version" => "1.910"},{"date" => "2012-07-22T23:12:42","version" => "1.911"},{"date" => "2013-04-08T19:42:09","version" => "1.912_01"},{"date" => "2013-06-17T15:24:37","version" => "1.920"},{"date" => "2013-07-02T02:51:36","version" => "1.921"},{"date" => "2013-07-10T12:45:29","version" => "1.922"},{"date" => "2013-08-09T02:00:30","version" => "1.923"},{"date" => "2013-08-11T03:25:40","version" => "1.924"},{"date" => "2013-11-08T12:02:21","version" => "1.925"},{"date" => "2014-01-29T04:29:29","version" => "1.926"},{"date" => "2014-12-04T15:22:49","version" => "1.927"},{"date" => "2014-12-16T02:49:06","version" => "1.928"},{"date" => "2015-02-17T14:32:33","version" => "1.929"},{"date" => "2015-03-26T03:00:09","version" => "1.930"},{"date" => "2015-07-12T21:32:56","version" => "1.931"},{"date" => "2015-07-25T02:25:32","version" => "1.932"},{"date" => "2015-07-25T13:33:07","version" => "1.933"},{"date" => "2015-08-02T00:35:40","version" => "1.934"},{"date" => "2015-08-31T20:49:57","version" => "1.935"},{"date" => "2015-09-11T02:48:33","version" => "1.936"},{"date" => "2016-01-28T18:33:58","version" => "1.937"},{"date" => "2017-01-02T01:04:29","version" => "1.938"},{"date" => "2017-01-14T19:59:46","version" => "1.939"},{"date" => "2017-01-29T15:34:49","version" => "1.940"},{"date" => "2017-03-05T00:18:30","version" => "1.941"},{"date" => "2017-03-05T13:16:39","version" => "1.942"},{"date" => "2017-06-09T23:01:41","version" => "1.943"},{"date" => "2017-07-25T16:40:42","version" => "1.944"},{"date" => "2017-07-25T18:18:48","version" => "1.945"},{"date" => "2017-08-31T13:31:14","version" => "1.946"},{"date" => "2020-05-09T18:30:39","version" => "1.947"},{"date" => "2020-05-09T19:06:22","version" => "1.948"},{"date" => "2020-05-24T14:27:02","version" => "1.949"},{"date" => "2020-11-03T00:22:52","version" => "1.950"},{"date" => "2021-12-14T14:43:29","version" => "1.951"},{"date" => "2021-12-14T14:58:13","version" => "1.952"},{"date" => "2023-01-09T00:03:49","version" => "1.953"},{"date" => "2024-05-02T21:13:55","version" => "1.954"}]},"Encode" => {"advisories" => [{"affected_versions" => ["<2.85"],"cves" => ["CVE-2016-1238"],"description" => "Loading optional modules from . (current directory).\n","distribution" => "Encode","fixed_versions" => [">=2.85"],"id" => "CPANSA-Encode-2016-01","references" => ["https://metacpan.org/changes/distribution/Encode","https://github.com/dankogai/p5-encode/pull/58/commits/12be15d64ce089154c4367dc1842cd0dc0993ec6"],"reported" => "2016-07-27","severity" => "high"},{"affected_versions" => [">=3.05","<=3.11"],"cves" => ["CVE-2021-36770"],"description" => "Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates \@INC in a scalar context, and thus \@INC has only an integer value.\n","distribution" => "Encode","fixed_versions" => [">3.11"],"id" => "CPANSA-Encode-2021-01","references" => ["https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9","https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74","https://metacpan.org/dist/Encode/changes","https://news.cpanel.com/unscheduled-tsr-10-august-2021/","https://security.netapp.com/advisory/ntap-20210909-0003/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/","https://security-tracker.debian.org/tracker/CVE-2021-36770"],"reported" => "2021-07-17"},{"affected_versions" => ["<2.44"],"cves" => ["CVE-2011-2939"],"description" => "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.\n","distribution" => "Encode","fixed_versions" => [">=2.44"],"id" => "CPANSA-Encode-2011-2939","references" => ["http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5","https://bugzilla.redhat.com/show_bug.cgi?id=731246","http://www.openwall.com/lists/oss-security/2011/08/19/17","http://www.redhat.com/support/errata/RHSA-2011-1424.html","http://www.openwall.com/lists/oss-security/2011/08/18/8","http://secunia.com/advisories/46989","http://www.mandriva.com/security/advisories?name=MDVSA-2012:008","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://www.securityfocus.com/bid/49858","http://secunia.com/advisories/46172","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://secunia.com/advisories/55314","http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)"],"reported" => "2012-01-13","severity" => undef,"x-commit" => "Encode CVE-2011-2939 GitHub #13"}],"main_module" => "Encode","versions" => [{"date" => "2002-03-20T08:30:40","version" => "0.93"},{"date" => "2002-03-20T20:15:52","version" => "0.94"},{"date" => "2002-03-21T16:07:21","version" => "0.95"},{"date" => "2002-03-22T22:33:15","version" => "0.96"},{"date" => "2002-03-23T20:36:05","version" => "0.97"},{"date" => "2002-03-24T16:07:09","version" => "0.98"},{"date" => "2002-03-25T19:45:16","version" => "0.99"},{"date" => "2002-03-28T23:39:49","version" => "1.00"},{"date" => "2002-03-29T21:43:17","version" => "1.01"},{"date" => "2002-03-31T21:40:25","version" => "1.10"},{"date" => "2002-03-31T22:27:07","version" => "1.11"},{"date" => "2002-04-04T20:02:40","version" => "1.20"},{"date" => "2002-04-07T15:36:48","version" => "1.26"},{"date" => "2002-04-07T18:49:41","version" => "1.27"},{"date" => "2002-04-07T19:05:34","version" => "1.28"},{"date" => "2002-04-08T02:49:31","version" => "1.30"},{"date" => "2002-04-08T18:51:14","version" => "1.31"},{"date" => "2002-04-09T20:26:37","version" => "1.32"},{"date" => "2002-04-10T22:44:19","version" => "1.33"},{"date" => "2002-04-14T22:49:10","version" => "1.40"},{"date" => "2002-04-16T23:47:16","version" => "1.41"},{"date" => "2002-04-19T06:18:26","version" => "1.50"},{"date" => "2002-04-20T10:08:39","version" => "1.51"},{"date" => "2002-04-20T23:55:45","version" => "1.52"},{"date" => "2002-04-22T09:56:04","version" => "1.56"},{"date" => "2002-04-22T20:37:12","version" => "1.57"},{"date" => "2002-04-23T00:22:06","version" => "1.58"},{"date" => "2002-04-24T20:23:42","version" => "1.60"},{"date" => "2002-04-26T03:19:40","version" => "1.61"},{"date" => "2002-04-27T11:43:39","version" => "1.62"},{"date" => "2002-04-27T19:52:51","version" => "1.63"},{"date" => "2002-04-29T07:20:38","version" => "1.64"},{"date" => "2002-04-30T16:40:07","version" => "1.65"},{"date" => "2002-05-01T05:51:35","version" => "1.66"},{"date" => "2002-05-02T07:43:35","version" => "1.67"},{"date" => "2002-05-03T12:29:47","version" => "1.68"},{"date" => "2002-05-04T16:50:40","version" => "1.69"},{"date" => "2002-05-06T10:36:39","version" => "1.70"},{"date" => "2002-05-07T16:30:42","version" => "1.71"},{"date" => "2002-05-20T16:04:48","version" => "1.72"},{"date" => "2002-05-28T18:41:36","version" => "1.74"},{"date" => "2002-06-01T18:17:49","version" => "1.75"},{"date" => "2002-08-25T15:18:49","version" => "1.76"},{"date" => "2002-10-06T03:59:19","version" => "1.77"},{"date" => "2002-10-20T15:55:16","version" => "1.78"},{"date" => "2002-10-21T06:11:36","version" => "1.79"},{"date" => "2002-10-21T20:42:56","version" => "1.80"},{"date" => "2002-11-08T18:42:11","version" => "1.81"},{"date" => "2002-11-14T23:17:11","version" => "1.82"},{"date" => "2002-11-18T18:06:47","version" => "1.83"},{"date" => "2003-01-10T12:09:05","version" => "1.84"},{"date" => "2003-01-21T22:23:28","version" => "1.85"},{"date" => "2003-01-22T03:36:42","version" => "1.86"},{"date" => "2003-02-06T02:01:00","version" => "1.87"},{"date" => "2003-02-20T14:46:12","version" => "1.88"},{"date" => "2003-02-28T01:45:53","version" => "1.89"},{"date" => "2003-03-09T17:54:26","version" => "1.90"},{"date" => "2003-03-09T20:12:08","version" => "1.91"},{"date" => "2003-03-31T03:51:31","version" => "1.92"},{"date" => "2003-04-24T17:50:54","version" => "1.93"},{"date" => "2003-05-10T18:31:48","version" => "1.94"},{"date" => "2003-05-21T09:22:43","version" => "1.95"},{"date" => "2003-06-18T09:41:21","version" => "1.96"},{"date" => "2003-07-08T22:01:28","version" => "1.97"},{"date" => "2003-08-25T11:47:32","version" => "1.98"},{"date" => "2003-12-29T02:52:28","version" => "1.99"},{"date" => "2004-05-16T21:05:06","version" => "2.00"},{"date" => "2004-05-25T16:31:35","version" => "2.01"},{"date" => "2004-08-31T11:01:51","version" => "2.02"},{"date" => "2004-10-06T06:50:47","version" => "2.03"},{"date" => "2004-10-16T21:26:58","version" => "2.04"},{"date" => "2004-10-19T05:03:32","version" => "2.05"},{"date" => "2004-10-22T06:29:14","version" => "2.06"},{"date" => "2004-10-22T19:43:19","version" => "2.07"},{"date" => "2004-10-24T13:04:29","version" => "2.08"},{"date" => "2004-12-03T19:21:42","version" => "2.09"},{"date" => "2005-05-16T18:54:53","version" => "2.10"},{"date" => "2005-08-05T11:26:06","version" => "2.11"},{"date" => "2005-09-08T14:23:38","version" => "2.12"},{"date" => "2006-01-15T15:12:01","version" => "2.13"},{"date" => "2006-01-15T15:57:41","version" => "2.14"},{"date" => "2006-04-06T16:01:30","version" => "2.15"},{"date" => "2006-05-03T18:38:44","version" => "2.16"},{"date" => "2006-05-09T17:14:04","version" => "2.17"},{"date" => "2006-06-03T20:34:08","version" => "2.18"},{"date" => "2007-04-06T13:05:52","version" => "2.19"},{"date" => "2007-04-22T15:17:34","version" => "2.20"},{"date" => "2007-05-12T06:50:09","version" => "2.21"},{"date" => "2007-05-29T07:43:07","version" => "2.22"},{"date" => "2007-05-29T18:21:25","version" => "2.23"},{"date" => "2008-03-12T10:12:18","version" => "2.24"},{"date" => "2008-05-07T21:06:08","version" => "2.25"},{"date" => "2008-07-01T21:03:33","version" => "2.26"},{"date" => "2009-01-21T23:01:50","version" => "2.27"},{"date" => "2009-02-01T13:16:44","version" => "2.29"},{"date" => "2009-02-15T17:48:01","version" => "2.30"},{"date" => "2009-02-16T06:25:32","version" => "2.31"},{"date" => "2009-03-07T07:45:00","version" => "2.32"},{"date" => "2009-03-25T08:01:10","version" => "2.33"},{"date" => "2009-07-08T13:53:25","version" => "2.34"},{"date" => "2009-07-13T02:32:45","version" => "2.35"},{"date" => "2009-09-06T09:20:21","version" => "2.36"},{"date" => "2009-09-06T14:37:23","version" => "2.37"},{"date" => "2009-11-16T14:34:43","version" => "2.38"},{"date" => "2009-11-26T09:31:02","version" => "2.39"},{"date" => "2010-09-18T18:47:17","version" => "2.40"},{"date" => "2010-12-23T11:12:33","version" => "2.41"},{"date" => "2010-12-31T22:52:35","version" => "2.42"},{"date" => "2011-05-21T23:21:24","version" => "2.43"},{"date" => "2011-08-09T08:01:30","version" => "2.44"},{"date" => "2012-08-05T23:15:11","version" => "2.45"},{"date" => "2012-08-12T05:52:45","version" => "2.46"},{"date" => "2012-08-15T05:40:21","version" => "2.47"},{"date" => "2013-02-18T02:43:35","version" => "2.48"},{"date" => "2013-03-05T03:19:15","version" => "2.49"},{"date" => "2013-04-26T18:36:59","version" => "2.50"},{"date" => "2013-04-29T22:21:31","version" => "2.51"},{"date" => "2013-08-14T02:33:46","version" => "2.52"},{"date" => "2013-08-29T15:27:02","version" => "2.53"},{"date" => "2013-08-29T16:50:08","version" => "2.54"},{"date" => "2013-09-14T07:58:54","version" => "2.55"},{"date" => "2013-12-22T04:12:07","version" => "2.56"},{"date" => "2014-01-03T04:55:36","version" => "2.57"},{"date" => "2014-03-28T02:41:54","version" => "2.58"},{"date" => "2014-04-06T17:41:19","version" => "2.59"},{"date" => "2014-04-29T16:34:10","version" => "2.60"},{"date" => "2014-05-31T09:55:56","version" => "2.61"},{"date" => "2014-05-31T12:20:28","version" => "2.62"},{"date" => "2014-10-19T07:13:44","version" => "2.63"},{"date" => "2014-10-29T15:42:04","version" => "2.64"},{"date" => "2014-11-27T14:12:57","version" => "2.65"},{"date" => "2014-12-02T23:37:28","version" => "2.66"},{"date" => "2014-12-04T20:28:33","version" => "2.67"},{"date" => "2015-01-22T10:29:46","version" => "2.68"},{"date" => "2015-02-05T10:43:34","version" => "2.69"},{"date" => "2015-02-05T10:56:52","version" => "2.70"},{"date" => "2015-03-12T00:14:19","version" => "2.71"},{"date" => "2015-03-14T02:51:25","version" => "2.72"},{"date" => "2015-04-15T23:27:13","version" => "2.73"},{"date" => "2015-06-25T00:59:20","version" => "2.74"},{"date" => "2015-06-30T10:10:03","version" => "2.75"},{"date" => "2015-07-31T02:26:51","version" => "2.76"},{"date" => "2015-09-15T14:03:35","version" => "2.77"},{"date" => "2015-09-24T02:29:52","version" => "2.78"},{"date" => "2016-01-22T07:08:25","version" => "2.79"},{"date" => "2016-01-25T15:04:42","version" => "2.80"},{"date" => "2016-02-06T19:34:58","version" => "2.81"},{"date" => "2016-02-06T20:21:37","version" => "2.82"},{"date" => "2016-03-24T08:00:30","version" => "2.83"},{"date" => "2016-04-11T07:24:26","version" => "2.84"},{"date" => "2016-08-04T03:37:23","version" => "2.85"},{"date" => "2016-08-10T18:25:39","version" => "2.86"},{"date" => "2016-10-28T05:15:33","version" => "2.87"},{"date" => "2016-11-29T23:38:19","version" => "2.88"},{"date" => "2017-04-21T05:24:59","version" => "2.89"},{"date" => "2017-06-10T17:46:11","version" => "2.90"},{"date" => "2017-06-22T08:18:22","version" => "2.91"},{"date" => "2017-07-18T07:23:39","version" => "2.92"},{"date" => "2017-10-06T22:33:35","version" => "2.93"},{"date" => "2018-01-09T06:04:38","version" => "2.94"},{"date" => "2018-02-08T00:41:02","version" => "2.95"},{"date" => "2018-02-11T05:41:37","version" => "2.96"},{"date" => "2018-02-21T12:30:05","version" => "2.97"},{"date" => "2018-04-22T09:14:59","version" => "2.98"},{"date" => "2019-01-21T03:28:35","version" => "2.99"},{"date" => "2019-01-31T04:42:29","version" => "2.100"},{"date" => "2019-01-31T05:05:06","version" => "3.00"},{"date" => "2019-03-13T00:45:28","version" => "3.01"},{"date" => "2019-12-25T09:47:36","version" => "3.02"},{"date" => "2020-03-02T04:45:26","version" => "3.03"},{"date" => "2020-03-10T22:40:35","version" => "3.04"},{"date" => "2020-03-18T05:03:23","version" => "3.05"},{"date" => "2020-05-02T02:40:38","version" => "3.06"},{"date" => "2020-07-25T13:08:13","version" => "3.07"},{"date" => "2020-12-02T09:20:23","version" => "3.08"},{"date" => "2021-05-14T11:03:11","version" => "3.09"},{"date" => "2021-05-18T07:51:48","version" => "3.10"},{"date" => "2021-07-23T02:41:38","version" => "3.11"},{"date" => "2021-08-09T14:30:33","version" => "3.12"},{"date" => "2021-10-06T00:57:50","version" => "3.13"},{"date" => "2021-10-08T00:35:29","version" => "3.14"},{"date" => "2021-10-08T15:45:44","version" => "3.15"},{"date" => "2021-10-13T08:39:09","version" => "3.16"},{"date" => "2022-04-07T03:18:23","version" => "3.17"},{"date" => "2022-06-25T02:14:35","version" => "3.18"},{"date" => "2022-08-04T04:51:01","version" => "3.19"},{"date" => "2023-11-10T01:26:15","version" => "3.20"},{"date" => "2024-02-25T23:19:43","version" => "3.21"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "0.40"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.9801"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "1.99_01"},{"date" => "2006-08-15T00:00:00","dual_lived" => 1,"perl_release" => "5.009004","version" => "2.18_01"},{"date" => "2012-11-10T00:00:00","dual_lived" => 1,"perl_release" => "5.012005","version" => "2.39_01"},{"date" => "2011-09-26T00:00:00","dual_lived" => 1,"perl_release" => "5.014002","version" => "2.42_01"},{"date" => "2013-03-10T00:00:00","dual_lived" => 1,"perl_release" => "5.014004","version" => "2.42_02"},{"date" => "2013-03-11T00:00:00","dual_lived" => 1,"perl_release" => "5.016003","version" => "2.44_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.72_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "2.80_01"},{"date" => "2022-03-13T00:00:00","dual_lived" => 1,"perl_release" => "5.034001","version" => "3.08_01"}]},"ExtUtils-MakeMaker" => {"advisories" => [{"affected_versions" => ["<7.22"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "ExtUtils-MakeMaker","fixed_versions" => [">=7.22"],"id" => "CPANSA-ExtUtils-MakeMaker-2016-01","references" => ["https://metacpan.org/changes/distribution/ExtUtils-MakeMaker","https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/commit/3e9df17d11c40f2561c23ec79693c8c390e0ae88"],"reported" => "2016-08-07","severity" => "high"}],"main_module" => "ExtUtils::MakeMaker","versions" => [{"date" => "2001-07-06T08:23:56","version" => "5.47_01"},{"date" => "2002-01-16T20:19:18","version" => "5.48_01"},{"date" => "2002-01-18T04:56:33","version" => "5.48_03"},{"date" => "2002-01-22T00:33:31","version" => "5.48_04"},{"date" => "2002-02-04T08:46:04","version" => "5.49_01"},{"date" => "2002-03-05T04:53:40","version" => "5.50_01"},{"date" => "2002-03-25T07:53:14","version" => "5.51_01"},{"date" => "2002-03-26T05:56:07","version" => "5.52_01"},{"date" => "2002-03-31T03:55:52","version" => "5.54_01"},{"date" => "2002-04-05T05:01:52","version" => "5.55_01"},{"date" => "2002-04-06T08:29:20","version" => "5.55_02"},{"date" => "2002-04-07T03:04:18","version" => "5.55_03"},{"date" => "2002-04-11T05:32:04","version" => "5.90_01"},{"date" => "2002-04-24T04:21:44","version" => "5.91_01"},{"date" => "2002-04-30T03:43:53","version" => "5.92_01"},{"date" => "2002-05-06T06:02:08","version" => "5.93_01"},{"date" => "2002-05-17T19:04:41","version" => "5.94_01"},{"date" => "2002-05-17T21:24:13","version" => "5.94_02"},{"date" => "2002-05-18T18:43:02","version" => "5.95_01"},{"date" => "2002-05-23T21:01:02","version" => "5.96_01"},{"date" => "2002-05-26T01:25:25","version" => "6.00"},{"date" => "2002-05-30T19:02:20","version" => "6.01"},{"date" => "2002-06-16T05:41:28","version" => "6.02"},{"date" => "2002-06-19T21:24:32","version" => "6.03"},{"date" => "2002-08-27T01:42:36","version" => "6.04"},{"date" => "2002-08-27T23:24:30","version" => "6.05"},{"date" => "2002-12-19T08:42:01","version" => "6.06_01"},{"date" => "2002-12-24T04:54:53","version" => "6.06_02"},{"date" => "2003-03-30T03:49:59","version" => "6.06_03"},{"date" => "2003-03-31T04:37:55","version" => "6.06_04"},{"date" => "2003-03-31T10:50:00","version" => "6.06_05"},{"date" => "2003-04-07T02:46:10","version" => "6.10_01"},{"date" => "2003-04-07T08:33:23","version" => "6.10_02"},{"date" => "2003-04-11T07:27:36","version" => "6.10_03"},{"date" => "2003-05-23T09:05:27","version" => "6.10_04"},{"date" => "2003-06-07T01:32:29","version" => "6.10_05"},{"date" => "2003-06-07T08:00:14","version" => "6.10_06"},{"date" => "2003-07-05T23:40:34","version" => "6.10_07"},{"date" => "2003-07-22T01:23:46","version" => "6.10_08"},{"date" => "2003-07-28T04:00:19","version" => "6.11"},{"date" => "2003-07-30T05:28:47","version" => "6.12"},{"date" => "2003-07-31T23:51:40","version" => "6.13"},{"date" => "2003-08-03T23:27:51","version" => "6.14"},{"date" => "2003-08-03T23:46:11","version" => "6.15"},{"date" => "2003-08-18T08:43:08","version" => "6.16"},{"date" => "2003-09-15T22:23:01","version" => "6.17"},{"date" => "2003-11-04T04:12:53","version" => "6.18"},{"date" => "2003-11-04T07:03:30","version" => "6.19"},{"date" => "2003-11-06T10:37:47","version" => "6.20"},{"date" => "2003-11-11T08:26:17","version" => "6.21"},{"date" => "2004-04-03T21:33:45","version" => "6.21_03"},{"date" => "2004-11-24T04:06:20","version" => "6.22"},{"date" => "2004-11-26T21:15:45","version" => "6.23"},{"date" => "2004-11-30T20:42:14","version" => "6.24"},{"date" => "2004-12-09T06:00:53","version" => "6.24_01"},{"date" => "2004-12-15T12:05:50","version" => "6.25"},{"date" => "2004-12-18T02:34:56","version" => "6.25_01"},{"date" => "2004-12-20T08:36:56","version" => "6.25_02"},{"date" => "2004-12-21T04:17:27","version" => "6.25_03"},{"date" => "2004-12-21T05:58:10","version" => "6.25_04"},{"date" => "2004-12-22T13:05:53","version" => "6.25_05"},{"date" => "2004-12-26T22:26:26","version" => "6.25_06"},{"date" => "2004-12-31T08:53:31","version" => "6.25_07"},{"date" => "2005-02-08T14:21:17","version" => "6.25_08"},{"date" => "2005-03-12T18:29:26","version" => "6.25_09"},{"date" => "2005-03-14T00:17:26","version" => "6.25_10"},{"date" => "2005-03-15T10:05:07","version" => "6.25_11"},{"date" => "2005-03-19T00:19:47","version" => "6.25_12"},{"date" => "2005-03-22T22:50:34","version" => "6.26"},{"date" => "2005-03-29T05:48:40","version" => "6.26_01"},{"date" => "2005-04-04T23:55:46","version" => "6.27"},{"date" => "2005-04-12T23:23:53","version" => "6.28"},{"date" => "2005-05-19T21:22:00","version" => "6.29"},{"date" => "2005-05-20T23:14:45","version" => "6.30"},{"date" => "2005-08-17T06:59:11","version" => "6.30_01"},{"date" => "2006-09-01T19:07:28","version" => "6.30_02"},{"date" => "2006-09-01T21:06:57","version" => "6.30_03"},{"date" => "2006-09-11T20:20:27","version" => "6.30_04"},{"date" => "2006-10-10T01:04:44","version" => "6.31"},{"date" => "2007-02-21T16:02:09","version" => "6.32"},{"date" => "2007-06-29T22:18:15","version" => "6.33"},{"date" => "2007-06-30T16:10:15","version" => "6.34"},{"date" => "2007-07-02T03:56:25","version" => "6.35"},{"date" => "2007-07-03T08:10:57","version" => "6.36"},{"date" => "2007-11-26T01:10:14","version" => "6.37_01"},{"date" => "2007-11-26T07:35:50","version" => "6.37_02"},{"date" => "2007-11-26T22:18:55","version" => "6.37_03"},{"date" => "2007-11-29T00:04:35","version" => "6.38"},{"date" => "2007-12-06T11:08:15","version" => "6.40"},{"date" => "2007-12-08T01:02:26","version" => "6.42"},{"date" => "2008-01-02T00:09:23","version" => "6.43_01"},{"date" => "2008-02-29T00:08:42","version" => "6.44"},{"date" => "2008-09-06T10:22:44","version" => "6.45_01"},{"date" => "2008-09-07T21:18:05","version" => "6.45_02"},{"date" => "2008-09-27T21:37:54","version" => "6.46"},{"date" => "2008-10-14T16:41:49","version" => "6.47_01"},{"date" => "2008-10-16T23:18:52","version" => "6.47_02"},{"date" => "2008-10-20T18:20:40","version" => "6.48"},{"date" => "2009-02-20T01:11:08","version" => "6.49_01"},{"date" => "2009-03-22T19:30:00","version" => "6.50"},{"date" => "2009-04-10T21:33:29","version" => "6.51_01"},{"date" => "2009-04-14T04:22:58","version" => "6.51_02"},{"date" => "2009-05-24T05:41:35","version" => "6.51_03"},{"date" => "2009-05-24T21:07:28","version" => "6.51_04"},{"date" => "2009-05-30T18:41:35","version" => "6.52"},{"date" => "2009-06-08T02:05:24","version" => "6.53_01"},{"date" => "2009-06-08T02:28:24","version" => "6.53_02"},{"date" => "2009-07-02T21:55:25","version" => "6.53_03"},{"date" => "2009-07-07T23:53:09","version" => "6.54"},{"date" => "2009-07-14T23:02:39","version" => "6.55_01"},{"date" => "2009-08-05T07:40:59","version" => "6.55_02"},{"date" => "2009-12-05T07:09:23","version" => "6.55_03"},{"date" => "2009-12-17T22:06:47","version" => "6.56"},{"date" => "2010-08-24T08:38:36","version" => "6.57_01"},{"date" => "2010-09-07T23:43:49","version" => "6.57_02"},{"date" => "2010-09-08T22:33:36","version" => "6.57_03"},{"date" => "2010-09-09T23:52:37","version" => "6.57_04"},{"date" => "2010-09-11T20:25:23","version" => "6.57_05"},{"date" => "2010-10-06T10:53:43","version" => "6.57_06"},{"date" => "2011-03-25T03:41:39","version" => "6.57_07"},{"date" => "2011-03-27T11:00:41","version" => "6.57_08"},{"date" => "2011-03-28T00:15:59","version" => "6.57_09"},{"date" => "2011-04-04T05:33:46","version" => "6.57_10"},{"date" => "2011-05-20T00:34:23","version" => "6.57_11"},{"date" => "2011-07-06T21:22:27","version" => "6.58"},{"date" => "2011-08-03T20:25:34","version" => "6.58_01"},{"date" => "2011-08-05T13:07:58","version" => "6.59"},{"date" => "2011-09-25T05:23:43","version" => "6.61_01"},{"date" => "2011-10-23T23:48:06","version" => "6.62"},{"date" => "2011-10-24T00:40:49","version" => "6.63_01"},{"date" => "2011-11-02T00:07:43","version" => "6.63_02"},{"date" => "2012-11-02T03:58:40","version" => "6.63_03"},{"date" => "2012-11-22T21:25:35","version" => "6.63_04"},{"date" => "2012-12-17T02:35:20","version" => "6.64"},{"date" => "2013-03-18T23:21:28","version" => "6.65_01"},{"date" => "2013-04-14T09:59:15","version" => "6.65_02"},{"date" => "2013-04-15T12:50:31","version" => "6.65_03"},{"date" => "2013-04-19T17:52:08","version" => "6.66"},{"date" => "2013-04-25T20:08:31","version" => "6.67_01"},{"date" => "2013-06-02T17:31:16","version" => "6.67_02"},{"date" => "2013-06-05T21:09:00","version" => "6.67_03"},{"date" => "2013-06-10T19:25:22","version" => "6.67_04"},{"date" => "2013-06-13T20:55:25","version" => "6.67_05"},{"date" => "2013-06-14T22:35:24","version" => "6.68"},{"date" => "2013-06-20T12:00:00","version" => "6.69_01"},{"date" => "2013-07-02T12:16:23","version" => "6.69_02"},{"date" => "2013-07-09T21:47:07","version" => "6.69_03"},{"date" => "2013-07-10T10:50:08","version" => "6.69_04"},{"date" => "2013-07-11T21:20:53","version" => "6.69_05"},{"date" => "2013-07-12T13:51:50","version" => "6.69_06"},{"date" => "2013-07-16T14:34:32","version" => "6.69_07"},{"date" => "2013-07-16T23:40:44","version" => "6.69_08"},{"date" => "2013-07-21T08:26:44","version" => "6.69_09"},{"date" => "2013-07-23T21:42:47","version" => "6.70"},{"date" => "2013-07-24T08:33:58","version" => "6.71_01"},{"date" => "2013-07-24T17:42:20","version" => "6.72"},{"date" => "2013-07-24T22:53:41","version" => "6.73_01"},{"date" => "2013-07-26T12:34:19","version" => "6.73_02"},{"date" => "2013-07-30T21:12:02","version" => "6.73_03"},{"date" => "2013-08-01T21:41:12","version" => "6.73_04"},{"date" => "2013-08-05T16:45:38","version" => "6.73_05"},{"date" => "2013-08-05T23:52:18","version" => "6.73_06"},{"date" => "2013-08-07T15:09:12","version" => "6.73_07"},{"date" => "2013-08-09T18:52:24","version" => "6.73_08"},{"date" => "2013-08-09T19:00:18","version" => "6.73_09"},{"date" => "2013-08-16T15:43:35","version" => "6.73_10"},{"date" => "2013-08-17T21:57:55","version" => "6.73_11"},{"date" => "2013-08-23T09:52:43","version" => "6.73_12"},{"date" => "2013-08-27T11:45:55","version" => "6.74"},{"date" => "2013-08-29T14:09:22","version" => "6.75_01"},{"date" => "2013-09-01T20:52:29","version" => "6.75_02"},{"date" => "2013-09-02T23:26:56","version" => "6.75_03"},{"date" => "2013-09-05T11:10:20","version" => "6.75_04"},{"date" => "2013-09-06T12:40:59","version" => "6.76"},{"date" => "2013-09-10T14:22:45","version" => "6.77_01"},{"date" => "2013-09-12T20:23:49","version" => "6.77_02"},{"date" => "2013-09-16T11:23:59","version" => "6.77_03"},{"date" => "2013-09-18T18:25:33","version" => "6.77_04"},{"date" => "2013-09-19T13:12:32","version" => "6.77_05"},{"date" => "2013-09-19T14:43:24","version" => "6.77_06"},{"date" => "2013-09-21T08:48:44","version" => "6.77_07"},{"date" => "2013-09-22T17:46:50","version" => "6.77_08"},{"date" => "2013-09-23T12:47:39","version" => "6.78"},{"date" => "2013-10-01T14:01:33","version" => "6.79_01"},{"date" => "2013-10-11T12:01:23","version" => "6.79_02"},{"date" => "2013-10-11T13:00:29","version" => "6.79_03"},{"date" => "2013-10-11T17:59:30","version" => "6.79_04"},{"date" => "2013-10-15T15:08:06","version" => "6.80"},{"date" => "2013-10-16T08:04:29","version" => "6.81_01"},{"date" => "2013-10-17T11:24:19","version" => "6.81_02"},{"date" => "2013-10-24T19:54:34","version" => "6.81_03"},{"date" => "2013-11-01T19:56:13","version" => "6.81_04"},{"date" => "2013-11-02T21:44:06","version" => "6.81_05"},{"date" => "2013-11-04T19:24:38","version" => "6.82"},{"date" => "2013-11-05T11:45:54","version" => "6.83_01"},{"date" => "2013-11-12T11:15:21","version" => "6.83_02"},{"date" => "2013-11-15T09:49:39","version" => "6.83_03"},{"date" => "2013-11-17T11:44:01","version" => "6.83_04"},{"date" => "2013-11-25T22:52:46","version" => "6.83_05"},{"date" => "2013-11-29T21:55:40","version" => "6.83_06"},{"date" => "2013-11-30T15:27:01","version" => "6.84"},{"date" => "2013-12-16T13:18:35","version" => "6.85_01"},{"date" => "2013-12-17T10:17:50","version" => "6.85_02"},{"date" => "2013-12-23T14:59:36","version" => "6.85_03"},{"date" => "2013-12-23T15:02:38","version" => "6.85_04"},{"date" => "2013-12-29T11:28:14","version" => "6.85_05"},{"date" => "2013-12-30T23:18:09","version" => "6.85_06"},{"date" => "2014-01-01T19:00:36","version" => "6.85_07"},{"date" => "2014-01-04T12:21:05","version" => "6.86"},{"date" => "2014-01-12T10:34:38","version" => "6.87_01"},{"date" => "2014-01-18T13:30:15","version" => "6.87_02"},{"date" => "2014-01-19T17:53:19","version" => "6.87_03"},{"date" => "2014-01-26T19:33:34","version" => "6.87_04"},{"date" => "2014-01-28T14:00:44","version" => "6.87_05"},{"date" => "2014-01-31T20:59:13","version" => "6.88"},{"date" => "2014-02-17T16:23:55","version" => "6.89_01"},{"date" => "2014-02-20T20:49:24","version" => "6.90"},{"date" => "2014-03-06T13:52:24","version" => "6.91_01"},{"date" => "2014-03-13T16:34:37","version" => "6.92"},{"date" => "2014-03-24T16:57:01","version" => "6.93_01"},{"date" => "2014-03-25T20:38:21","version" => "6.94"},{"date" => "2014-04-02T20:52:53","version" => "6.95_01"},{"date" => "2014-04-07T14:29:26","version" => "6.95_02"},{"date" => "2014-04-11T21:09:21","version" => "6.96"},{"date" => "2014-04-24T13:29:12","version" => "6.97_01"},{"date" => "2014-04-28T10:55:44","version" => "6.97_02"},{"date" => "2014-04-29T20:41:00","version" => "6.98"},{"date" => "2014-06-03T21:19:42","version" => "6.99_01"},{"date" => "2014-06-05T11:18:25","version" => "6.99_02"},{"date" => "2014-07-04T10:15:23","version" => "6.99_03"},{"date" => "2014-07-12T11:54:35","version" => "6.99_04"},{"date" => "2014-07-22T11:42:12","version" => "6.99_05"},{"date" => "2014-07-28T14:07:14","version" => "6.99_06"},{"date" => "2014-07-30T16:44:02","version" => "6.99_07"},{"date" => "2014-08-18T13:19:18","version" => "6.99_08"},{"date" => "2014-08-28T10:13:30","version" => "6.99_09"},{"date" => "2014-09-04T14:04:55","version" => "6.99_10"},{"date" => "2014-09-08T13:39:46","version" => "6.99_11"},{"date" => "2014-09-11T14:32:19","version" => "6.99_12"},{"date" => "2014-09-15T19:11:34","version" => "6.99_13"},{"date" => "2014-09-19T14:06:14","version" => "6.99_14"},{"date" => "2014-09-21T12:23:58","version" => "6.99_15"},{"date" => "2014-10-02T18:50:08","version" => "6.99_16"},{"date" => "2014-10-12T18:41:24","version" => "6.99_17"},{"date" => "2014-10-20T09:14:39","version" => "6.99_18"},{"date" => "2014-10-22T19:48:56","version" => "7.00"},{"date" => "2014-10-25T12:49:55","version" => "7.01_01"},{"date" => "2014-10-25T16:49:40","version" => "7.01_02"},{"date" => "2014-10-30T19:48:04","version" => "7.01_03"},{"date" => "2014-10-31T10:13:56","version" => "7.01_04"},{"date" => "2014-11-03T12:53:43","version" => "7.01_05"},{"date" => "2014-11-03T20:55:23","version" => "7.01_06"},{"date" => "2014-11-04T19:40:07","version" => "7.01_07"},{"date" => "2014-11-04T20:29:00","version" => "7.01_08"},{"date" => "2014-11-06T21:59:55","version" => "7.01_09"},{"date" => "2014-11-08T10:39:16","version" => "7.02"},{"date" => "2014-11-18T21:47:11","version" => "7.03_01"},{"date" => "2014-11-24T13:26:46","version" => "7.03_02"},{"date" => "2014-11-25T16:43:06","version" => "7.03_03"},{"date" => "2014-11-27T14:42:51","version" => "7.03_04"},{"date" => "2014-11-28T18:32:48","version" => "7.03_05"},{"date" => "2014-12-01T15:37:46","version" => "7.03_06"},{"date" => "2014-12-02T12:56:02","version" => "7.04"},{"date" => "2014-12-06T16:58:07","version" => "7.05_01"},{"date" => "2014-12-15T20:13:08","version" => "7.05_02"},{"date" => "2014-12-24T12:12:00","version" => "7.05_03"},{"date" => "2014-12-24T14:49:46","version" => "7.05_04"},{"date" => "2014-12-31T23:21:05","version" => "7.05_05"},{"date" => "2015-01-08T19:09:29","version" => "7.05_06"},{"date" => "2015-01-09T16:23:43","version" => "7.05_07"},{"date" => "2015-01-20T10:13:21","version" => "7.05_08"},{"date" => "2015-01-23T10:51:30","version" => "7.05_09"},{"date" => "2015-01-26T15:19:01","version" => "7.05_10"},{"date" => "2015-01-31T16:40:19","version" => "7.05_11"},{"date" => "2015-02-07T15:19:11","version" => "7.05_12"},{"date" => "2015-02-18T22:49:29","version" => "7.05_13"},{"date" => "2015-02-20T17:32:55","version" => "7.05_14"},{"date" => "2015-03-05T19:44:02","version" => "7.05_15"},{"date" => "2015-03-09T11:35:12","version" => "7.05_16"},{"date" => "2015-03-24T12:27:52","version" => "7.05_17"},{"date" => "2015-03-27T12:20:03","version" => "7.05_18"},{"date" => "2015-03-27T16:59:34","version" => "7.05_19"},{"date" => "2015-04-04T15:53:36","version" => "7.05_20"},{"date" => "2015-06-13T14:19:26","version" => "7.05_21"},{"date" => "2015-06-14T13:44:56","version" => "7.05_22"},{"date" => "2015-06-24T19:51:24","version" => "7.05_23"},{"date" => "2015-07-01T18:30:38","version" => "7.05_24"},{"date" => "2015-07-07T17:18:36","version" => "7.05_25"},{"date" => "2015-08-04T19:41:25","version" => "7.05_26"},{"date" => "2015-08-05T09:35:40","version" => "7.05_27"},{"date" => "2015-08-19T18:10:20","version" => "7.05_28"},{"date" => "2015-08-24T15:26:22","version" => "7.05_29"},{"date" => "2015-08-31T18:06:48","version" => "7.06"},{"date" => "2015-09-02T11:55:33","version" => "7.07_01"},{"date" => "2015-09-08T19:59:05","version" => "7.08"},{"date" => "2015-09-10T18:55:41","version" => "7.10"},{"date" => "2015-11-12T12:35:03","version" => "7.11_01"},{"date" => "2015-11-21T20:23:22","version" => "7.11_02"},{"date" => "2015-11-25T15:40:06","version" => "7.11_03"},{"date" => "2016-02-15T11:40:55","version" => "7.11_04"},{"date" => "2016-03-19T10:07:11","version" => "7.11_05"},{"date" => "2016-03-29T18:44:47","version" => "7.11_06"},{"date" => "2016-04-19T11:41:10","version" => "7.12"},{"date" => "2016-04-23T16:35:56","version" => "7.13_01"},{"date" => "2016-04-24T13:20:40","version" => "7.14"},{"date" => "2016-04-27T18:27:25","version" => "7.15_01"},{"date" => "2016-04-28T12:15:28","version" => "7.15_02"},{"date" => "2016-05-01T13:29:10","version" => "7.15_03"},{"date" => "2016-05-07T10:28:49","version" => "7.16"},{"date" => "2016-05-09T19:14:54","version" => "7.17_01"},{"date" => "2016-05-09T23:07:33","version" => "7.17_02"},{"date" => "2016-05-11T18:22:21","version" => "7.17_03"},{"date" => "2016-05-23T15:39:08","version" => "7.18"},{"date" => "2016-06-02T14:01:28","version" => "7.19_01"},{"date" => "2016-06-13T09:11:52","version" => "7.19_02"},{"date" => "2016-06-13T13:44:33","version" => "7.19_03"},{"date" => "2016-06-14T11:35:43","version" => "7.19_04"},{"date" => "2016-06-20T14:40:57","version" => "7.19_05"},{"date" => "2016-06-27T12:04:29","version" => "7.19_06"},{"date" => "2016-07-03T14:30:23","version" => "7.19_07"},{"date" => "2016-07-28T12:26:56","version" => "7.19_08"},{"date" => "2016-08-05T08:57:09","version" => "7.20"},{"date" => "2016-08-07T09:54:04","version" => "7.21_01"},{"date" => "2016-08-08T08:42:10","version" => "7.22"},{"date" => "2016-08-19T09:24:06","version" => "7.23_01"},{"date" => "2016-08-20T12:35:27","version" => "7.24"},{"date" => "2017-02-03T15:21:22","version" => "7.25_01"},{"date" => "2017-05-11T11:19:49","version" => "7.25_02"},{"date" => "2017-05-11T17:09:16","version" => "7.25_03"},{"date" => "2017-05-12T12:25:54","version" => "7.25_04"},{"date" => "2017-05-15T09:41:49","version" => "7.25_05"},{"date" => "2017-05-23T19:31:28","version" => "7.25_06"},{"date" => "2017-05-27T20:21:06","version" => "7.26"},{"date" => "2017-05-28T10:50:55","version" => "7.27_01"},{"date" => "2017-05-30T08:56:32","version" => "7.27_02"},{"date" => "2017-05-30T21:26:23","version" => "7.28"},{"date" => "2017-05-31T08:32:44","version" => "7.29_01"},{"date" => "2017-06-11T11:17:55","version" => "7.29_02"},{"date" => "2017-06-12T12:31:08","version" => "7.30"},{"date" => "2017-06-14T15:10:23","version" => "7.31_01"},{"date" => "2017-06-26T13:14:10","version" => "7.31_02"},{"date" => "2017-07-10T09:02:35","version" => "7.31_03"},{"date" => "2017-10-05T12:19:00","version" => "7.31_04"},{"date" => "2017-11-25T09:37:04","version" => "7.31_05"},{"date" => "2018-01-16T13:28:46","version" => "7.31_06"},{"date" => "2018-01-16T16:24:23","version" => "7.31_07"},{"date" => "2018-02-12T12:32:45","version" => "7.31_08"},{"date" => "2018-02-16T20:25:44","version" => "7.32"},{"date" => "2018-02-20T10:44:19","version" => "7.33_01"},{"date" => "2018-02-24T14:05:00","version" => "7.33_02"},{"date" => "2018-02-24T20:21:42","version" => "7.33_03"},{"date" => "2018-03-19T10:51:54","version" => "7.34"},{"date" => "2018-04-19T12:46:01","version" => "7.35_01"},{"date" => "2018-04-24T11:01:35","version" => "7.35_02"},{"date" => "2018-04-27T13:59:23","version" => "7.35_03"},{"date" => "2018-07-09T09:50:43","version" => "7.35_04"},{"date" => "2018-07-10T09:18:31","version" => "7.35_05"},{"date" => "2018-07-19T19:49:08","version" => "7.35_06"},{"date" => "2018-11-23T11:59:44","version" => "7.35_07"},{"date" => "2018-12-06T10:56:33","version" => "7.35_08"},{"date" => "2019-02-18T10:27:00","version" => "7.35_09"},{"date" => "2019-02-20T10:06:48","version" => "7.35_10"},{"date" => "2019-04-25T11:10:29","version" => "7.35_11"},{"date" => "2019-04-27T22:17:58","version" => "7.35_12"},{"date" => "2019-04-28T11:23:25","version" => "7.35_13"},{"date" => "2019-04-28T13:15:57","version" => "7.35_14"},{"date" => "2019-04-28T15:48:41","version" => "7.36"},{"date" => "2019-06-07T10:55:49","version" => "7.37_01"},{"date" => "2019-06-27T10:35:57","version" => "7.37_02"},{"date" => "2019-08-03T12:27:47","version" => "7.37_03"},{"date" => "2019-08-22T14:34:47","version" => "7.37_04"},{"date" => "2019-09-11T09:16:48","version" => "7.38"},{"date" => "2019-09-16T06:54:51","version" => "7.39_01"},{"date" => "2019-11-07T10:03:13","version" => "7.39_02"},{"date" => "2019-11-17T20:12:14","version" => "7.39_03"},{"date" => "2019-11-18T15:20:20","version" => "7.39_04"},{"date" => "2019-11-21T12:10:17","version" => "7.39_05"},{"date" => "2019-12-16T20:02:27","version" => "7.40"},{"date" => "2019-12-16T21:53:56","version" => "7.41_01"},{"date" => "2019-12-17T22:30:33","version" => "7.42"},{"date" => "2020-01-05T13:00:40","version" => "7.43_01"},{"date" => "2020-01-14T16:54:08","version" => "7.44"},{"date" => "2020-05-28T16:58:08","version" => "7.45_01"},{"date" => "2020-06-23T10:14:10","version" => "7.46"},{"date" => "2020-06-26T10:13:17","version" => "7.47_01"},{"date" => "2020-07-07T07:38:50","version" => "7.47_02"},{"date" => "2020-07-08T21:54:35","version" => "7.47_03"},{"date" => "2020-07-28T19:00:26","version" => "7.47_04"},{"date" => "2020-07-31T09:57:33","version" => "7.47_05"},{"date" => "2020-08-01T13:53:05","version" => "7.47_06"},{"date" => "2020-08-03T21:39:02","version" => "7.47_07"},{"date" => "2020-08-31T09:02:22","version" => "7.47_08"},{"date" => "2020-09-14T13:50:45","version" => "7.47_09"},{"date" => "2020-09-15T18:45:02","version" => "7.47_10"},{"date" => "2020-09-20T09:20:24","version" => "7.47_11"},{"date" => "2020-09-30T15:40:12","version" => "7.47_12"},{"date" => "2020-10-04T10:56:39","version" => "7.48"},{"date" => "2020-10-06T17:29:16","version" => "7.49_01"},{"date" => "2020-10-08T12:03:50","version" => "7.49_02"},{"date" => "2020-10-09T20:46:22","version" => "7.49_03"},{"date" => "2020-10-13T18:34:34","version" => "7.49_04"},{"date" => "2020-10-21T18:14:52","version" => "7.50"},{"date" => "2020-11-04T00:05:13","version" => "7.51_01"},{"date" => "2020-11-04T19:51:52","version" => "7.52"},{"date" => "2020-11-10T03:50:49","version" => "7.53_01"},{"date" => "2020-11-12T19:50:41","version" => "7.54"},{"date" => "2020-11-18T18:25:16","version" => "7.55_01"},{"date" => "2020-11-19T20:00:09","version" => "7.56"},{"date" => "2020-12-18T13:45:54","version" => "7.57_01"},{"date" => "2020-12-18T23:07:45","version" => "7.57_02"},{"date" => "2020-12-21T18:31:44","version" => "7.58"},{"date" => "2021-02-02T10:13:35","version" => "7.59_01"},{"date" => "2021-02-17T11:05:23","version" => "7.60"},{"date" => "2021-03-21T15:00:35","version" => "7.61_01"},{"date" => "2021-04-13T18:13:28","version" => "7.62"},{"date" => "2021-05-25T18:00:03","version" => "7.63_01"},{"date" => "2021-06-03T19:05:10","version" => "7.63_02"},{"date" => "2021-06-22T13:53:51","version" => "7.63_03"},{"date" => "2021-06-30T14:30:46","version" => "7.63_04"},{"date" => "2021-08-14T08:19:32","version" => "7.63_05"},{"date" => "2021-11-03T01:44:47","version" => "7.63_06"},{"date" => "2021-11-27T11:51:29","version" => "7.63_07"},{"date" => "2021-11-27T17:31:21","version" => "7.63_08"},{"date" => "2021-12-08T22:35:25","version" => "7.63_09"},{"date" => "2021-12-13T16:54:00","version" => "7.63_10"},{"date" => "2021-12-14T17:00:18","version" => "7.63_11"},{"date" => "2021-12-17T19:24:34","version" => "7.64"},{"date" => "2022-05-30T10:07:14","version" => "7.65_01"},{"date" => "2022-07-22T13:01:08","version" => "7.65_02"},{"date" => "2022-12-24T00:32:29","version" => "7.65_03"},{"date" => "2022-12-25T09:06:33","version" => "7.66"},{"date" => "2023-03-01T13:47:08","version" => "7.67_01"},{"date" => "2023-03-06T11:17:11","version" => "7.67_02"},{"date" => "2023-03-14T21:41:23","version" => "7.68"},{"date" => "2023-03-25T11:45:00","version" => "7.69_01"},{"date" => "2023-03-26T13:29:08","version" => "7.70"},{"date" => "2024-06-24T19:34:30","version" => "7.71_01"},{"date" => "2024-11-22T19:08:50","version" => "7.71_02"},{"date" => "2025-02-19T01:40:18","version" => "7.71_03"},{"date" => "2025-02-24T15:29:06","version" => "7.71_04"},{"date" => "2025-02-28T18:43:37","version" => "7.71_05"},{"date" => "2025-03-03T16:59:13","version" => "7.71_06"},{"date" => "2025-03-05T21:46:33","version" => "7.71_07"},{"date" => "2025-03-08T23:59:14","version" => "7.71_08"},{"date" => "2025-03-14T11:11:41","version" => "7.72"},{"date" => "2025-03-30T10:57:25","version" => "7.73_01"},{"date" => "2025-04-09T12:39:45","version" => "7.74"},{"date" => "2025-05-23T14:13:25","version" => "7.75_01"},{"date" => "2025-05-23T19:17:36","version" => "7.76"},{"date" => "2025-07-28T18:05:55","version" => "7.77_01"},{"date" => "2025-08-20T11:28:18","version" => "7.77_02"},{"date" => "2026-03-02T17:45:14","version" => "7.77_03"},{"date" => "2026-03-03T20:35:04","version" => "7.78"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "5.21"},{"date" => "1996-10-10T00:00:00","dual_lived" => 1,"perl_release" => "5.00307","version" => "5.38"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "5.4002"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "5.42"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "5.4301"},{"date" => "1999-03-28T00:00:00","dual_lived" => 1,"perl_release" => "5.00503","version" => "5.4302"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006","version" => "5.45"},{"date" => "2004-03-16T00:00:00","dual_lived" => 1,"perl_release" => "5.009001","version" => "6.21_02"},{"date" => "2010-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013","version" => "6.5601"},{"date" => "2015-06-01T00:00:00","dual_lived" => 1,"perl_release" => "5.022000","version" => "7.04_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "7.04_02"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "7.10_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "7.10_02"}]},"ExtUtils-ParseXS" => {"advisories" => [{"affected_versions" => ["<3.35"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.","distribution" => "ExtUtils-ParseXS","fixed_versions" => [">=3.35"],"id" => "CPANSA-ExtUtils-ParseXS-2016-1238","references" => ["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "ExtUtils::ParseXS","versions" => [{"date" => "2002-12-09T00:53:36","version" => "1.98_01"},{"date" => "2003-02-05T18:22:19","version" => "1.99"},{"date" => "2003-02-23T22:45:04","version" => "2.00"},{"date" => "2003-03-20T15:25:07","version" => "2.01"},{"date" => "2003-03-31T00:25:32","version" => "2.02"},{"date" => "2003-08-16T22:57:00","version" => "2.03"},{"date" => "2003-09-04T18:14:59","version" => "2.04"},{"date" => "2003-09-29T15:35:39","version" => "2.05"},{"date" => "2003-12-26T15:05:42","version" => "2.06"},{"date" => "2004-01-25T23:04:13","version" => "2.07"},{"date" => "2004-02-21T03:46:57","version" => "2.08"},{"date" => "2005-03-27T17:18:20","version" => "2.09"},{"date" => "2005-05-31T02:37:25","version" => "2.10"},{"date" => "2005-06-14T04:04:10","version" => "2.11"},{"date" => "2005-08-25T01:07:16","version" => "2.12"},{"date" => "2005-10-04T03:02:19","version" => "2.13"},{"date" => "2005-10-09T01:52:46","version" => "2.14"},{"date" => "2005-10-10T15:09:54","version" => "2.15"},{"date" => "2006-09-16T03:35:22","version" => "2.16"},{"date" => "2006-11-20T23:08:18","version" => "2.17"},{"date" => "2007-01-30T02:58:43","version" => "2.18"},{"date" => "2008-02-17T20:29:31","version" => "2.19"},{"date" => "2008-08-07T03:20:09","version" => "2.19_02"},{"date" => "2009-06-28T03:01:41","version" => "2.19_03"},{"date" => "2009-06-29T15:51:33","version" => "2.19_04"},{"date" => "2009-07-01T17:49:20","version" => "2.20"},{"date" => "2009-07-08T16:47:56","version" => "2.20_01"},{"date" => "2009-07-18T21:23:28","version" => "2.2002"},{"date" => "2009-07-24T03:16:46","version" => "2.20_03"},{"date" => "2009-08-10T15:44:42","version" => "2.20_04"},{"date" => "2009-08-23T01:50:17","version" => "2.20_05"},{"date" => "2009-09-15T02:36:48","version" => "2.200401"},{"date" => "2009-10-02T05:28:52","version" => "2.200402"},{"date" => "2009-10-02T06:06:00","version" => "2.200403"},{"date" => "2009-10-03T03:49:34","version" => "2.20_06"},{"date" => "2009-10-03T15:28:29","version" => "2.20_07"},{"date" => "2009-10-05T15:25:07","version" => "2.21"},{"date" => "2009-12-19T12:43:55","version" => "2.21_01"},{"date" => "2009-12-19T15:58:28","version" => "2.21_02"},{"date" => "2010-01-11T20:03:31","version" => "2.22"},{"date" => "2010-01-25T21:14:41","version" => "2.2201"},{"date" => "2010-01-27T20:07:51","version" => "2.2202"},{"date" => "2010-02-11T19:04:49","version" => "2.2203"},{"date" => "2010-03-10T19:27:43","version" => "2.2204"},{"date" => "2010-03-10T23:17:47","version" => "2.2205"},{"date" => "2010-07-04T19:53:47","version" => "2.2206"},{"date" => "2011-07-12T20:42:45","version" => "3.00_01"},{"date" => "2011-07-14T13:21:26","version" => "3.00_02"},{"date" => "2011-07-23T15:09:23","version" => "3.00_03"},{"date" => "2011-07-27T20:24:26","version" => "3.00_04"},{"date" => "2011-07-27T20:57:56","version" => "3.00_05"},{"date" => "2011-08-04T16:06:39","version" => "3.01"},{"date" => "2011-08-04T18:09:18","version" => "3.02"},{"date" => "2011-08-11T06:25:52","version" => "3.03"},{"date" => "2011-08-21T11:40:28","version" => "3.03_02"},{"date" => "2011-08-24T17:51:31","version" => "3.03_03"},{"date" => "2011-08-25T06:33:30","version" => "3.04"},{"date" => "2011-08-28T15:57:42","version" => "3.04_01"},{"date" => "2011-09-03T13:31:37","version" => "3.04_02"},{"date" => "2011-09-04T16:55:05","version" => "3.04_03"},{"date" => "2011-09-12T06:28:10","version" => "3.04_04"},{"date" => "2011-10-05T06:18:44","version" => "3.05"},{"date" => "2011-12-07T07:35:08","version" => "3.06"},{"date" => "2011-12-07T13:15:12","version" => "3.07"},{"date" => "2011-12-19T17:10:40","version" => "3.08"},{"date" => "2011-12-28T18:05:57","version" => "3.09"},{"date" => "2011-12-29T17:00:16","version" => "3.11"},{"date" => "2012-01-28T12:07:45","version" => "3.13_01"},{"date" => "2012-02-01T17:51:52","version" => "3.14"},{"date" => "2012-02-02T07:15:27","version" => "3.15"},{"date" => "2012-11-19T06:42:48","version" => "3.18"},{"date" => "2013-04-11T18:19:45","version" => "3.18_01"},{"date" => "2013-04-15T05:41:18","version" => "3.18_02"},{"date" => "2013-04-19T16:47:41","version" => "3.18_03"},{"date" => "2013-06-20T15:51:15","version" => "3.18_04"},{"date" => "2013-08-09T17:14:04","version" => "3.21"},{"date" => "2013-08-29T17:31:29","version" => "3.22"},{"date" => "2014-03-07T09:35:16","version" => "3.24"},{"date" => "2015-08-10T08:49:21","version" => "3.29_01"},{"date" => "2015-08-31T08:44:00","version" => "3.30"},{"date" => "2017-07-31T15:52:17","version" => "3.35"},{"date" => "2017-12-18T12:31:00","version" => "3.36_03"},{"date" => "2021-04-17T17:48:59","version" => "3.43_02"},{"date" => "2022-01-06T23:02:34","version" => "3.44"},{"date" => "2023-09-02T13:28:52","version" => "3.51"},{"date" => "2025-05-02T15:03:49","version" => "3.52"},{"date" => "2025-05-02T15:06:38","version" => "3.53"},{"date" => "2025-05-02T15:17:11","version" => "3.54"},{"date" => "2025-05-02T15:38:05","version" => "3.55"},{"date" => "2025-05-02T15:40:54","version" => "3.56"},{"date" => "2025-05-02T15:45:00","version" => "3.57"},{"date" => "2025-07-20T19:24:38","version" => "3.58"},{"date" => "2025-09-05T13:37:50","version" => "3.59"},{"date" => "2025-09-26T22:20:43","version" => "3.60"},{"date" => "2026-01-09T17:11:34","version" => "3.61"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "2.15_02"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.010000","version" => "2.18_02"},{"date" => "2010-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013004","version" => "2.2207"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "2.2208"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "2.2209"},{"date" => "2011-05-14T00:00:00","dual_lived" => 1,"perl_release" => "5.014","version" => "2.2210"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "3.03_01"},{"date" => "2012-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015007","version" => "3.12"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "3.16"},{"date" => "2012-05-26T00:00:00","dual_lived" => 1,"perl_release" => "5.017000","version" => "3.17"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "3.19"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "3.23"},{"date" => "2014-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021001","version" => "3.25"},{"date" => "2014-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021006","version" => "3.26"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "3.27"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "3.28"},{"date" => "2015-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023002","version" => "3.29"},{"date" => "2016-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023007","version" => "3.31"},{"date" => "2016-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025002","version" => "3.32"},{"date" => "2016-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025003","version" => "3.33"},{"date" => "2017-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025011","version" => "3.34"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "3.36"},{"date" => "2018-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027009","version" => "3.38"},{"date" => "2018-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027010","version" => "3.39"},{"date" => "2018-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.029006","version" => "3.40"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "3.41"},{"date" => "2020-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033005","version" => "3.42"},{"date" => "2021-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033009","version" => "3.43"},{"date" => "2022-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.03501","version" => "3.45"},{"date" => "2022-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037004","version" => "3.46"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.48"},{"date" => "2022-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037007","version" => "3.49"},{"date" => "2023-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037011","version" => "3.50"}]},"FCGI" => {"advisories" => [{"affected_versions" => ["<0.74"],"cves" => ["CVE-2011-2766"],"description" => "Leaking information across requests when using the deprecated and undocumented old FCGI interface.\n","distribution" => "FCGI","fixed_versions" => [">=0.74"],"id" => "CPANSA-FCGI-2011-01","references" => ["https://metacpan.org/changes/distribution/FCGI","https://github.com/perl-catalyst/FCGI/commit/297693dc8362d25bb25e473899c72508a0f71d2e"],"reported" => "2011-09-24"},{"affected_versions" => [">=0.44"],"cves" => ["CVE-2025-40907"],"description" => "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.  The included FastCGI library is affected by  CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.","distribution" => "FCGI","fixed_versions" => [],"id" => "CPANSA-FCGI-2025-40907","references" => ["http://www.openwall.com/lists/oss-security/2025/04/23/4","https://github.com/FastCGI-Archives/fcgi2/issues/67","https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5","https://github.com/perl-catalyst/FCGI/issues/14","https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch","https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library"],"reported" => "2025-05-16","severity" => undef}],"main_module" => "FCGI","versions" => [{"date" => "1996-09-25T17:48:57","version" => "0.25"},{"date" => "1996-10-15T21:51:06","version" => "0.26"},{"date" => "1997-02-20T08:55:44","version" => "0.27"},{"date" => "1997-02-25T07:14:13","version" => "0.28"},{"date" => "1997-06-10T18:16:17","version" => "0.29"},{"date" => "1997-06-24T17:17:05","version" => "0.30"},{"date" => "1997-07-24T11:05:43","version" => "0.31"},{"date" => "1998-06-17T10:24:17","version" => "0.34"},{"date" => "1998-06-22T15:38:51","version" => "0.35"},{"date" => "1998-06-24T19:42:57","version" => "0.36"},{"date" => "1998-06-27T16:08:39","version" => "0.37"},{"date" => "1998-07-15T15:24:00","version" => "0.40"},{"date" => "1998-07-29T16:05:51","version" => "0.41"},{"date" => "1998-08-28T15:30:49","version" => "0.42"},{"date" => "1998-12-22T22:34:14","version" => "0.43"},{"date" => "1998-12-23T11:28:39","version" => "0.44"},{"date" => "1999-03-08T17:04:02","version" => "0.45"},{"date" => "1999-07-30T08:26:31","version" => "0.46"},{"date" => "1999-07-31T21:58:01","version" => "0.47"},{"date" => "1999-08-27T13:41:54","version" => "0.48"},{"date" => "2000-04-09T18:58:32","version" => "0.49"},{"date" => "2000-04-10T07:04:43","version" => "0.50"},{"date" => "2000-04-12T12:27:09","version" => "0.51"},{"date" => "2000-04-12T14:10:02","version" => "0.52"},{"date" => "2000-07-10T10:01:51","version" => "0.53"},{"date" => "2000-10-08T19:52:29","version" => "0.54"},{"date" => "2000-10-18T21:22:46","version" => "0.55"},{"date" => "2000-11-03T15:44:28","version" => "0.56"},{"date" => "2000-11-12T15:15:01","version" => "0.57"},{"date" => "2000-11-14T23:20:24","version" => "0.58"},{"date" => "2000-12-31T22:05:44","version" => "0.59"},{"date" => "2001-06-08T15:19:08","version" => "0.60"},{"date" => "2001-09-20T12:34:13","version" => "0.61"},{"date" => "2001-09-21T16:19:42","version" => "0.62"},{"date" => "2001-09-24T20:43:48","version" => "0.63"},{"date" => "2001-09-25T08:26:24","version" => "0.64"},{"date" => "2002-02-19T14:16:27","version" => "0.65"},{"date" => "2002-09-05T16:23:07","version" => "0.66"},{"date" => "2002-12-23T10:21:36","version" => "0.67"},{"date" => "2009-12-20T21:05:48","version" => "0.67_01"},{"date" => "2010-01-06T10:07:05","version" => "0.68"},{"date" => "2010-01-10T01:35:11","version" => "0.68_01"},{"date" => "2010-01-13T19:25:40","version" => "0.68_02"},{"date" => "2010-02-15T23:08:12","version" => "0.69"},{"date" => "2010-03-22T14:35:03","version" => "0.70"},{"date" => "2010-04-01T00:55:33","version" => "0.71"},{"date" => "2010-08-24T21:32:56","version" => "0.71_01"},{"date" => "2011-04-28T08:50:09","version" => "0.71_02"},{"date" => "2011-04-28T09:05:42","version" => "0.71_03"},{"date" => "2011-05-19T09:06:02","version" => "0.72"},{"date" => "2011-05-28T01:35:17","version" => "0.73"},{"date" => "2011-09-24T08:31:47","version" => "0.74"},{"date" => "2014-07-17T00:19:02","version" => "0.75"},{"date" => "2014-08-05T01:29:06","version" => "0.76"},{"date" => "2014-08-05T15:53:28","version" => "0.77"},{"date" => "2016-03-07T00:08:23","version" => "0.78"},{"date" => "2019-12-14T18:29:19","version" => "0.79"},{"date" => "2021-07-25T04:54:49","version" => "0.80"},{"date" => "2021-07-30T23:19:01","version" => "0.81"},{"date" => "2021-07-31T03:26:34","version" => "0.82"}]},"Fake-Encode" => {"advisories" => [{"affected_versions" => ["<0.08"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "Fake-Encode","fixed_versions" => [">=0.08"],"id" => "CPANSA-Fake-Encode-2017-01","references" => ["https://metacpan.org/changes/distribution/Fake-Encode"],"reported" => "2017-01-23"}],"main_module" => "Fake::Encode","versions" => [{"date" => "2016-05-31T14:11:49","version" => "0.01"},{"date" => "2017-01-23T12:34:23","version" => "0.02"},{"date" => "2017-01-25T15:52:13","version" => "0.03"},{"date" => "2017-01-26T15:17:01","version" => "0.04"},{"date" => "2017-03-06T16:01:40","version" => "0.05"},{"date" => "2017-09-08T17:54:14","version" => "0.06"},{"date" => "2017-09-09T15:27:50","version" => "0.07"},{"date" => "2018-02-03T14:50:49","version" => "0.08"},{"date" => "2018-02-19T12:21:04","version" => "0.09"},{"date" => "2019-07-11T16:26:06","version" => "0.10"},{"date" => "2023-03-25T02:26:13","version" => "0.11"}]},"Fake-Our" => {"advisories" => [{"affected_versions" => ["<0.06"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "Fake-Our","fixed_versions" => [">=0.06"],"id" => "CPANSA-Fake-Our-2017-01","references" => ["https://metacpan.org/changes/distribution/Fake-Our"],"reported" => "2017-01-23"}],"main_module" => "Fake::Our","versions" => [{"date" => "2014-02-09T05:36:09","version" => "0.01"},{"date" => "2014-08-06T17:33:15","version" => "0.02"},{"date" => "2014-08-09T02:35:25","version" => "0.03"},{"date" => "2014-08-10T15:33:58","version" => "0.04"},{"date" => "2015-06-21T04:09:47","version" => "0.05"},{"date" => "2017-01-23T12:34:34","version" => "0.06"},{"date" => "2017-01-26T15:21:45","version" => "0.07"},{"date" => "2017-01-27T15:18:56","version" => "0.08"},{"date" => "2017-01-28T15:07:50","version" => "0.09"},{"date" => "2017-03-06T16:01:51","version" => "0.10"},{"date" => "2018-02-03T11:05:49","version" => "0.11"},{"date" => "2018-02-16T17:54:00","version" => "0.12"},{"date" => "2018-02-17T01:35:58","version" => "0.13"},{"date" => "2018-02-18T15:32:17","version" => "0.14"},{"date" => "2019-07-11T16:27:42","version" => "0.15"},{"date" => "2019-07-14T00:51:24","version" => "0.16"},{"date" => "2023-03-25T02:32:44","version" => "0.17"}]},"File-DataClass" => {"advisories" => [{"affected_versions" => ["<0.72.1"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "File-DataClass","fixed_versions" => [">=0.72.1"],"id" => "CPANSA-File-DataClass-2017-01","references" => ["https://metacpan.org/changes/distribution/File-DataClass"],"reported" => "2017-04-01"}],"main_module" => "File::DataClass","versions" => [{"date" => "2010-09-29T16:37:04","version" => "0.1.228"},{"date" => "2010-10-06T14:20:31","version" => "0.2.234"},{"date" => "2011-01-26T18:14:50","version" => "0.3.238"},{"date" => "2011-02-27T23:09:38","version" => "0.3.239"},{"date" => "2011-04-12T19:44:59","version" => "0.3.259"},{"date" => "2011-05-15T17:45:09","version" => "0.4.268"},{"date" => "2011-05-30T01:47:40","version" => "0.5.271"},{"date" => "2011-07-11T13:39:10","version" => "0.6.286"},{"date" => "2011-11-30T00:05:18","version" => "0.7.321"},{"date" => "2011-12-02T04:40:20","version" => "0.7.325"},{"date" => "2011-12-02T22:39:25","version" => "0.7.326"},{"date" => "2011-12-03T18:43:58","version" => "0.7.328"},{"date" => "2012-02-22T18:28:29","version" => "0.7.330"},{"date" => "2012-02-23T11:00:24","version" => "0.7.331"},{"date" => "2012-02-24T10:52:18","version" => "0.7.332"},{"date" => "2012-03-12T17:34:58","version" => "0.7.335"},{"date" => "2012-03-20T18:24:26","version" => "0.7.336"},{"date" => "2012-03-21T22:43:50","version" => "0.7.338"},{"date" => "2012-03-22T13:48:59","version" => "0.7.339"},{"date" => "2012-03-24T00:37:31","version" => "0.7.343"},{"date" => "2012-03-28T23:58:41","version" => "0.8.351"},{"date" => "2012-03-29T22:05:21","version" => "0.8.355"},{"date" => "2012-04-03T00:26:12","version" => "0.8.357"},{"date" => "2012-04-04T15:19:03","version" => "0.8.360"},{"date" => "2012-04-17T18:57:01","version" => "0.9.368"},{"date" => "2012-05-19T21:05:56","version" => "0.10.380"},{"date" => "2012-07-10T00:34:23","version" => "0.11.401"},{"date" => "2012-09-02T13:43:37","version" => "0.12.406"},{"date" => "2012-09-06T14:02:06","version" => "0.12.409"},{"date" => "2012-11-07T07:49:39","version" => "0.13.416"},{"date" => "2012-11-13T20:16:27","version" => "0.13.418"},{"date" => "2012-12-12T23:25:16","version" => "0.13.420"},{"date" => "2012-12-14T17:58:08","version" => "0.13.421"},{"date" => "2012-12-19T22:23:08","version" => "0.13.422"},{"date" => "2012-12-21T20:48:41","version" => "0.13.424"},{"date" => "2012-12-30T03:05:28","version" => "0.13.427"},{"date" => "2013-01-07T00:52:48","version" => "0.14.429"},{"date" => "2013-04-01T01:14:44","version" => "0.15.431"},{"date" => "2013-04-02T14:21:13","version" => "0.15.434"},{"date" => "2013-04-14T16:15:55","version" => "v0.16.438"},{"date" => "2013-04-15T20:42:56","version" => "v0.16.442"},{"date" => "2013-04-24T03:47:54","version" => "v0.16.445"},{"date" => "2013-04-29T17:12:37","version" => "v0.17.450"},{"date" => "2013-04-30T22:15:36","version" => "v0.18.6"},{"date" => "2013-05-02T14:14:57","version" => "v0.19.1"},{"date" => "2013-05-07T23:33:06","version" => "v0.20.6"},{"date" => "2013-05-10T14:58:03","version" => "v0.20.7"},{"date" => "2013-05-14T13:32:28","version" => "v0.20.8"},{"date" => "2013-05-15T20:03:34","version" => "v0.20.9"},{"date" => "2013-05-16T00:11:50","version" => "v0.20.10"},{"date" => "2013-05-17T16:07:41","version" => "v0.20.12"},{"date" => "2013-06-08T13:26:40","version" => "v0.20.13"},{"date" => "2013-07-28T17:41:14","version" => "v0.22.1"},{"date" => "2013-07-29T11:39:49","version" => "v0.22.2"},{"date" => "2013-07-29T11:46:28","version" => "v0.22.3"},{"date" => "2013-07-29T18:37:14","version" => "v0.22.4"},{"date" => "2013-07-30T10:19:23","version" => "v0.22.5"},{"date" => "2013-07-30T16:25:59","version" => "v0.22.7"},{"date" => "2013-07-31T09:54:30","version" => "v0.22.8"},{"date" => "2013-08-02T19:06:49","version" => "v0.22.9"},{"date" => "2013-08-06T17:19:31","version" => "v0.23.1"},{"date" => "2013-08-07T13:14:13","version" => "v0.23.2"},{"date" => "2013-08-13T18:01:24","version" => "0.24.1"},{"date" => "2013-08-16T22:49:23","version" => "0.24.3"},{"date" => "2013-09-03T13:11:17","version" => "0.25.1"},{"date" => "2013-09-26T16:04:18","version" => "0.26.1"},{"date" => "2013-11-22T09:42:00","version" => "0.27.1"},{"date" => "2014-01-01T15:02:23","version" => "0.28.1"},{"date" => "2014-01-01T17:03:18","version" => "0.29.1"},{"date" => "2014-01-02T02:33:28","version" => "0.30.1"},{"date" => "2014-01-13T18:41:29","version" => "0.31.1"},{"date" => "2014-01-24T20:56:21","version" => "0.33.1"},{"date" => "2014-04-04T10:52:59","version" => "0.34.1"},{"date" => "2014-05-01T14:40:32","version" => "0.35.1"},{"date" => "2014-05-13T10:03:54","version" => "0.36.1"},{"date" => "2014-05-13T21:08:07","version" => "0.37.1"},{"date" => "2014-05-15T00:11:43","version" => "0.38.1"},{"date" => "2014-05-16T08:19:01","version" => "0.39.1"},{"date" => "2014-05-22T09:37:34","version" => "0.40.1"},{"date" => "2014-05-22T14:10:49","version" => "0.40.2"},{"date" => "2014-05-28T10:28:42","version" => "0.41.1"},{"date" => "2014-07-03T23:27:53","version" => "0.42.1"},{"date" => "2014-07-04T09:25:10","version" => "0.42.2"},{"date" => "2014-07-04T12:19:02","version" => "0.43.1"},{"date" => "2014-07-16T12:39:03","version" => "0.44.1"},{"date" => "2014-08-18T23:00:05","version" => "0.45.1"},{"date" => "2014-08-26T12:43:14","version" => "0.45.5"},{"date" => "2014-08-26T16:41:35","version" => "0.46.1"},{"date" => "2014-08-27T16:17:50","version" => "0.47.1"},{"date" => "2014-09-03T22:25:51","version" => "0.48.1"},{"date" => "2014-10-02T17:39:13","version" => "0.48.3"},{"date" => "2014-10-02T19:59:28","version" => "0.49.1"},{"date" => "2014-11-07T18:51:52","version" => "0.50.1"},{"date" => "2014-11-08T21:45:45","version" => "0.50.2"},{"date" => "2014-11-09T13:19:50","version" => "0.50.3"},{"date" => "2014-11-09T15:52:41","version" => "0.51.1"},{"date" => "2014-11-10T12:44:49","version" => "0.52.1"},{"date" => "2014-12-19T11:49:49","version" => "0.53.1"},{"date" => "2014-12-19T22:54:41","version" => "0.54.1"},{"date" => "2015-02-05T00:04:33","version" => "0.55.1"},{"date" => "2015-03-19T14:59:03","version" => "0.56.1"},{"date" => "2015-04-04T20:00:58","version" => "0.57.1"},{"date" => "2015-04-04T20:16:31","version" => "0.58.1"},{"date" => "2015-04-05T17:58:31","version" => "0.59.1"},{"date" => "2015-04-08T23:10:28","version" => "0.60.1"},{"date" => "2015-05-11T12:15:05","version" => "0.61.1"},{"date" => "2015-05-24T11:52:28","version" => "0.62.1"},{"date" => "2015-06-21T21:42:17","version" => "0.63.1"},{"date" => "2015-08-29T08:58:54","version" => "0.66.1"},{"date" => "2016-02-01T00:18:43","version" => "0.67.1"},{"date" => "2016-02-01T14:33:11","version" => "0.68.1"},{"date" => "2016-07-05T00:36:52","version" => "0.69.1"},{"date" => "2016-07-29T15:24:24","version" => "0.70.1"},{"date" => "2016-07-29T18:59:13","version" => "0.71.1"},{"date" => "2017-04-02T08:23:47","version" => "0.72.1"},{"date" => "2017-06-02T00:03:17","version" => "0.73.1"}]},"File-Find-Rule" => {"advisories" => [{"affected_versions" => ["<=0.34"],"cves" => ["CVE-2011-10007"],"description" => "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.  A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.  Example:  \$ mkdir /tmp/poc; echo > \"/tmp/poc/|id\" \$ perl -MFile::Find::Rule \\ \x{a0} \x{a0} -E 'File::Find::Rule->grep(\"foo\")->in(\"/tmp/poc\")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)","distribution" => "File-Find-Rule","fixed_versions" => [">=0.35"],"id" => "CPANSA-File-Find-Rule-2011-10007","references" => ["https://github.com/richardc/perl-file-find-rule/commit/df58128bcee4c1da78c34d7f3fe1357e575ad56f.patch","https://github.com/richardc/perl-file-find-rule/pull/4","https://metacpan.org/release/RCLAMP/File-Find-Rule-0.34/source/lib/File/Find/Rule.pm#L423","https://rt.cpan.org/Public/Bug/Display.html?id=64504","http://www.openwall.com/lists/oss-security/2025/06/05/4","http://www.openwall.com/lists/oss-security/2025/06/06/1","http://www.openwall.com/lists/oss-security/2025/06/06/3","https://lists.debian.org/debian-lts-announce/2025/06/msg00006.html","https://github.com/richardc/perl-file-find-rule/pull/4"],"reported" => "2025-06-05","severity" => undef}],"main_module" => "File::Find::Rule","versions" => [{"date" => "2002-07-26T13:03:10","version" => "0.01"},{"date" => "2002-08-14T22:28:12","version" => "0.02"},{"date" => "2002-08-24T17:34:12","version" => "0.03"},{"date" => "2002-09-10T08:54:04","version" => "0.04"},{"date" => "2002-10-21T16:37:18","version" => "0.05"},{"date" => "2002-10-22T07:30:31","version" => "0.06"},{"date" => "2002-10-25T15:54:13","version" => "0.07"},{"date" => "2002-12-04T13:55:56","version" => "0.08"},{"date" => "2003-01-21T10:56:48","version" => "0.09"},{"date" => "2003-03-10T02:07:24","version" => "0.10"},{"date" => "2003-06-22T21:04:15","version" => "0.20_01"},{"date" => "2003-06-25T11:36:22","version" => "0.20_02"},{"date" => "2003-07-29T19:24:32","version" => "0.11"},{"date" => "2003-08-04T09:27:12","version" => "0.20_03"},{"date" => "2003-09-08T17:44:26","version" => "0.20"},{"date" => "2003-09-15T12:16:58","version" => "0.21"},{"date" => "2003-10-03T19:33:19","version" => "0.22"},{"date" => "2003-10-03T22:57:25","version" => "0.23"},{"date" => "2003-10-04T11:20:43","version" => "0.24_01"},{"date" => "2003-10-06T14:22:20","version" => "0.24"},{"date" => "2003-10-22T17:11:46","version" => "0.25"},{"date" => "2003-11-10T22:10:06","version" => "0.26"},{"date" => "2004-02-25T10:55:36","version" => "0.27"},{"date" => "2004-05-18T20:37:58","version" => "0.28"},{"date" => "2006-05-16T14:28:43","version" => "0.29"},{"date" => "2006-06-01T15:39:35","version" => "0.30"},{"date" => "2009-11-27T22:58:10","version" => "0.31"},{"date" => "2009-11-28T00:47:34","version" => "0.32"},{"date" => "2011-09-19T11:56:02","version" => "0.33"},{"date" => "2015-12-03T14:31:54","version" => "0.34"},{"date" => "2025-06-05T15:35:41","version" => "0.35"}]},"File-KeePass" => {"advisories" => [{"affected_versions" => [">0"],"cves" => [],"description" => "The module is making use of the perl rand function for key and iv generation (for Crypt::Rijndael).\n","distribution" => "File-KeePass","fixed_versions" => [],"id" => "CPANSA-File-KeePass-2016-01","references" => ["https://rt.cpan.org/Ticket/Display.html?id=117836"],"reported" => "2016-09-14","severity" => undef}],"main_module" => "File::KeePass","versions" => [{"date" => "2010-06-29T14:52:50","version" => "0.01"},{"date" => "2010-12-04T04:33:41","version" => "0.02"},{"date" => "2010-12-07T06:06:57","version" => "0.03"},{"date" => "2012-09-13T04:48:56","version" => "2.00"},{"date" => "2012-09-13T14:17:11","version" => "2.01"},{"date" => "2012-09-13T15:22:40","version" => "2.02"},{"date" => "2012-09-15T22:25:43","version" => "2.03"}]},"File-Path" => {"advisories" => [{"affected_versions" => ["<2.13"],"cves" => ["CVE-2017-6512"],"description" => "Race condition in the rmtree and remove_tree functions allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.\n","distribution" => "File-Path","fixed_versions" => [">=2.13"],"id" => "CPANSA-File-Path-2017-01","references" => ["https://metacpan.org/changes/distribution/File-Path","https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2"],"reported" => "2017-05-02"},{"affected_versions" => ["<=1.08"],"cves" => ["CVE-2008-5303"],"description" => "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2008-5303","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905","http://www.openwall.com/lists/oss-security/2008/11/28/2","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36","http://www.gossamer-threads.com/lists/perl/porters/233695#233695","http://www.debian.org/security/2008/dsa-1678","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://secunia.com/advisories/32980","http://support.apple.com/kb/HT4077","http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://secunia.com/advisories/40052","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/47044","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-12-01","severity" => undef},{"affected_versions" => ["==1.08","==2.07"],"cves" => ["CVE-2008-5302"],"description" => "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448.  It is different from CVE-2008-5303 due to affected versions.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2008-5302","references" => ["http://www.gossamer-threads.com/lists/perl/porters/233695#233695","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905","http://www.openwall.com/lists/oss-security/2008/11/28/2","http://www.debian.org/security/2008/dsa-1678","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-1","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","http://secunia.com/advisories/32980","http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","http://support.apple.com/kb/HT4077","http://secunia.com/advisories/40052","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/47043","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-12-01","severity" => undef},{"affected_versions" => [">=2.04,<2.07"],"cves" => ["CVE-2008-2827"],"description" => "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.\n","distribution" => "File-Path","fixed_versions" => [">=2.07"],"id" => "CPANSA-File-Path-2008-2827","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319","http://rt.cpan.org/Public/Bug/Display.html?id=36982","http://www.securityfocus.com/bid/29902","http://secunia.com/advisories/30790","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","http://www.mandriva.com/security/advisories?name=MDVSA-2008:165","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html","http://secunia.com/advisories/30837","http://secunia.com/advisories/31687","http://www.securitytracker.com/id?1020373","https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"],"reported" => "2008-06-23","severity" => undef},{"affected_versions" => ["<1.07"],"cves" => ["CVE-2005-0448"],"description" => "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2005-0448","references" => ["http://www.debian.org/security/2005/dsa-696","http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml","http://www.redhat.com/support/errata/RHSA-2005-881.html","http://secunia.com/advisories/18075","http://www.securityfocus.com/bid/12767","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://secunia.com/advisories/14531","http://secunia.com/advisories/18517","http://fedoranews.org/updates/FEDORA--.shtml","http://www.redhat.com/support/errata/RHSA-2005-674.html","http://secunia.com/advisories/17079","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://www.mandriva.com/security/advisories?name=MDKSA-2005:079","http://www.securityfocus.com/advisories/8704","http://secunia.com/advisories/55314","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475","https://usn.ubuntu.com/94-1/"],"reported" => "2005-05-02","severity" => undef},{"affected_versions" => [">=1.06,<=1.404"],"cves" => ["CVE-2004-0452"],"description" => "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2004-0452","references" => ["http://www.debian.org/security/2004/dsa-620","http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://www.securityfocus.com/bid/12072","http://secunia.com/advisories/12991","http://secunia.com/advisories/18517","http://fedoranews.org/updates/FEDORA--.shtml","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://secunia.com/advisories/55314","http://marc.info/?l=bugtraq&m=110547693019788&w=2","https://www.ubuntu.com/usn/usn-44-1/","https://exchange.xforce.ibmcloud.com/vulnerabilities/18650","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"],"reported" => "2004-12-21","severity" => undef}],"main_module" => "File::Path","versions" => [{"date" => "2007-05-17T13:46:15","version" => "1.99_01"},{"date" => "2007-05-27T09:29:48","version" => "1.99_02"},{"date" => "2007-06-27T19:23:09","version" => "2.00_05"},{"date" => "2007-07-04T21:37:13","version" => "2.00_06"},{"date" => "2007-07-09T19:37:02","version" => "2.00_07"},{"date" => "2007-08-01T00:10:43","version" => "2.00_08"},{"date" => "2007-08-20T18:15:55","version" => "2.00_09"},{"date" => "2007-09-04T17:20:45","version" => "2.00_10"},{"date" => "2007-09-08T12:53:07","version" => "2.00_11"},{"date" => "2007-09-29T10:29:32","version" => "2.01"},{"date" => "2007-10-24T10:36:09","version" => "2.02"},{"date" => "2007-11-04T18:36:19","version" => "2.03"},{"date" => "2007-11-24T09:53:23","version" => "2.04"},{"date" => "2008-05-07T08:25:05","version" => "2.05"},{"date" => "2008-05-08T09:36:50","version" => "2.06"},{"date" => "2008-05-10T21:02:47","version" => "2.06_01"},{"date" => "2008-05-12T10:07:46","version" => "2.06_02"},{"date" => "2008-05-12T21:43:43","version" => "2.06_03"},{"date" => "2008-05-13T14:40:30","version" => "2.06_04"},{"date" => "2008-10-01T20:41:37","version" => "2.06_05"},{"date" => "2008-10-05T21:59:58","version" => "2.06_06"},{"date" => "2008-10-29T17:55:36","version" => "2.06_07"},{"date" => "2008-11-05T00:12:29","version" => "2.06_08"},{"date" => "2008-11-09T13:11:17","version" => "2.07"},{"date" => "2009-06-21T13:23:32","version" => "2.07_03"},{"date" => "2009-10-04T10:31:05","version" => "2.08"},{"date" => "2013-01-16T21:36:05","version" => "2.09"},{"date" => "2015-06-24T17:03:22","version" => "2.10_001"},{"date" => "2015-06-26T17:28:20","version" => "2.10_002"},{"date" => "2015-07-08T16:59:11","version" => "2.10_003"},{"date" => "2015-07-10T11:34:44","version" => "2.10_004"},{"date" => "2015-07-17T15:03:07","version" => "2.10_005"},{"date" => "2015-07-18T02:28:14","version" => "2.11"},{"date" => "2015-07-24T23:01:36","version" => "2.11_001"},{"date" => "2015-07-25T09:56:18","version" => "2.11_002"},{"date" => "2015-08-03T18:07:05","version" => "2.11_003"},{"date" => "2015-10-01T19:34:07","version" => "2.11_004"},{"date" => "2015-10-09T12:11:52","version" => "2.12"},{"date" => "2016-09-18T13:35:39","version" => "2.12_001"},{"date" => "2017-03-12T22:09:35","version" => "2.12_002"},{"date" => "2017-04-07T13:59:30","version" => "2.12_003"},{"date" => "2017-04-18T18:37:56","version" => "2.12_004"},{"date" => "2017-04-21T12:03:20","version" => "2.12_005"},{"date" => "2017-04-21T21:58:56","version" => "2.12_006"},{"date" => "2017-04-22T20:09:24","version" => "2.12_007"},{"date" => "2017-05-07T17:48:35","version" => "2.12_008"},{"date" => "2017-05-31T23:44:51","version" => "2.13"},{"date" => "2017-06-07T21:34:52","version" => "2.14"},{"date" => "2017-07-30T02:40:36","version" => "2.15"},{"date" => "2018-08-31T13:04:13","version" => "2.16"},{"date" => "2020-07-18T18:29:28","version" => "2.17"},{"date" => "2020-11-04T12:38:02","version" => "2.18_001"},{"date" => "2020-11-05T01:30:15","version" => "2.18"},{"date" => "1995-03-14T00:00:00","dual_lived" => 1,"perl_release" => "5.001","version" => undef},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "1.01"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.04"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "1.0402"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "1.0401"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006","version" => "1.0403"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "1.0404"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.05"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.06"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "1.07"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.08"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.07_02"},{"date" => "2009-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011003","version" => "2.08_01"},{"date" => "2016-05-09T00:00:00","dual_lived" => 1,"perl_release" => "5.024","version" => "2.12_01"}]},"File-Slurp" => {"advisories" => [{"affected_versions" => ["<9999.26"],"cves" => [],"description" => "Use of sysread treats any :encoding(...) as effectively :utf8.\n","distribution" => "File-Slurp","fixed_versions" => [">=9999.26"],"id" => "CPANSA-File-Slurp-2013-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=83126","https://rt.perl.org/Ticket/Display.html?id=121870"],"reported" => "2013-02-04"}],"main_module" => "File::Slurp","versions" => [{"date" => "1996-04-22T21:18:00","version" => "96.042202"},{"date" => "1998-07-19T16:25:00","version" => "98.071901"},{"date" => "2001-11-04T03:17:00","version" => "2001.1103"},{"date" => "2002-03-08T05:22:00","version" => "2002.0305"},{"date" => "2002-11-01T03:14:00","version" => "2002.1031"},{"date" => "2003-09-04T16:28:00","version" => "2004.0904"},{"date" => "2003-11-24T07:45:57","version" => "0.01"},{"date" => "2003-11-24T08:02:47","version" => "9999.01"},{"date" => "2003-12-17T09:20:57","version" => "9999.02"},{"date" => "2003-12-22T06:54:57","version" => "9999.03"},{"date" => "2004-02-23T19:27:53","version" => "9999.04"},{"date" => "2004-09-21T05:23:58","version" => "9999.06"},{"date" => "2005-01-30T10:01:07","version" => "9999.07"},{"date" => "2005-04-16T05:06:09","version" => "9999.08"},{"date" => "2005-04-29T06:09:11","version" => "9999.09"},{"date" => "2006-01-19T18:29:42","version" => "9999.10"},{"date" => "2006-01-20T06:45:13","version" => "9999.11"},{"date" => "2006-03-07T07:13:42","version" => "9999.12"},{"date" => "2008-01-24T04:57:12","version" => "9999.13"},{"date" => "2011-03-22T22:41:08","version" => "9999.14"},{"date" => "2011-03-24T22:52:42","version" => "9999.15"},{"date" => "2011-04-24T04:26:18","version" => "9999.16"},{"date" => "2011-05-13T06:23:08","version" => "9999.17"},{"date" => "2011-05-13T07:03:44","version" => "9999.18"},{"date" => "2011-06-07T08:08:06","version" => "9999.19"},{"date" => "2018-09-28T01:57:50","version" => "9999.20_01"},{"date" => "2018-10-05T01:23:09","version" => "9999.20_02"},{"date" => "2018-10-08T21:16:27","version" => "9999.21"},{"date" => "2018-10-16T03:15:39","version" => "9999.22"},{"date" => "2018-10-20T20:06:53","version" => "9999.23"},{"date" => "2018-10-30T02:45:09","version" => "9999.24"},{"date" => "2018-11-16T16:11:34","version" => "9999.25"},{"date" => "2019-02-13T16:35:40","version" => "9999.26"},{"date" => "2019-04-05T13:28:05","version" => "9999.27"},{"date" => "2019-09-13T00:36:22","version" => "9999.28"},{"date" => "2019-11-27T20:40:47","version" => "9999.29"},{"date" => "2020-03-09T14:31:40","version" => "9999.30"},{"date" => "2020-06-28T22:33:21","version" => "9999.31"},{"date" => "2020-07-01T00:34:08","version" => "9999.32"}]},"File-Temp" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2011-4116"],"description" => "_is_safe in the File::Temp module for Perl does not properly handle symlinks.\n","distribution" => "File-Temp","fixed_versions" => [],"id" => "CPANSA-File-Temp-2011-4116","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","https://rt.cpan.org/Public/Bug/Display.html?id=69106","https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://seclists.org/oss-sec/2011/q4/238"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "File::Temp","versions" => [{"date" => "2000-03-14T20:15:55","version" => "0.05"},{"date" => "2000-04-28T04:48:55","version" => "0.07"},{"date" => "2000-05-16T01:10:28","version" => "0.08"},{"date" => "2000-07-26T20:30:30","version" => "0.09"},{"date" => "2000-12-12T21:04:53","version" => "0.11"},{"date" => "2001-02-23T00:37:44","version" => "0.12"},{"date" => "2003-08-16T04:06:11","version" => "0.13"},{"date" => "2003-08-17T04:42:50","version" => "0.14"},{"date" => "2005-02-22T05:40:33","version" => "0.15"},{"date" => "2005-02-22T21:42:47","version" => "0.16"},{"date" => "2006-08-18T22:40:10","version" => "0.17"},{"date" => "2007-01-22T00:18:40","version" => "0.18"},{"date" => "2007-11-20T08:28:08","version" => "0.19"},{"date" => "2007-12-21T00:46:29","version" => "0.20"},{"date" => "2008-11-14T01:30:09","version" => "0.21"},{"date" => "2009-06-29T07:41:24","version" => "0.22"},{"date" => "2013-02-07T17:03:45","version" => "0.22_90"},{"date" => "2013-03-14T21:57:42","version" => "0.23"},{"date" => "2013-04-11T15:31:13","version" => "0.2301"},{"date" => "2013-09-26T13:48:13","version" => "0.2302"},{"date" => "2013-10-09T13:59:01","version" => "0.2303"},{"date" => "2013-10-10T13:17:32","version" => "0.2304"},{"date" => "2018-04-19T12:01:34","version" => "0.2305"},{"date" => "2018-06-24T19:34:31","version" => "0.2306"},{"date" => "2018-06-24T19:41:28","version" => "0.2307"},{"date" => "2018-07-11T21:07:49","version" => "0.2308"},{"date" => "2019-01-06T20:32:53","version" => "0.2309"},{"date" => "2020-09-26T17:39:38","version" => "0.2310"},{"date" => "2020-10-03T04:04:55","version" => "0.2311"},{"date" => "2025-09-01T18:57:33","version" => "0.2312"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "0.16_01"}]},"Filesys-SmbClientParser" => {"advisories" => [{"affected_versions" => ["<=2.7"],"cves" => ["CVE-2008-3285"],"description" => "The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.\n","distribution" => "Filesys-SmbClientParser","fixed_versions" => [],"id" => "CPANSA-Filesys-SmbClientParser-2008-3285","references" => ["http://www.securityfocus.com/bid/30290","http://secunia.com/advisories/31175","http://securityreason.com/securityalert/4027","https://exchange.xforce.ibmcloud.com/vulnerabilities/43910","http://www.securityfocus.com/archive/1/494536/100/0/threaded"],"reported" => "2008-07-24","severity" => undef}],"main_module" => "Filesys::SmbClientParser","versions" => [{"date" => "2000-11-19T21:10:38","version" => "0.01"},{"date" => "2000-11-20T19:41:09","version" => "0.2"},{"date" => "2001-01-12T00:31:50","version" => "0.3"},{"date" => "2001-04-15T22:37:14","version" => "1.2"},{"date" => "2001-04-19T17:38:19","version" => "1.3"},{"date" => "2001-05-30T08:04:44","version" => "1.4"},{"date" => "2002-01-25T12:18:47","version" => "2.0"},{"date" => "2002-04-19T21:56:09","version" => "2.1"},{"date" => "2002-08-09T11:24:20","version" => "2.2"},{"date" => "2002-08-13T14:55:48","version" => "2.3"},{"date" => "2002-11-08T23:57:07","version" => "2.4"},{"date" => "2002-11-12T18:59:33","version" => "2.5"},{"date" => "2004-01-28T23:06:58","version" => "2.6"},{"date" => "2004-04-14T21:56:02","version" => "2.7"}]},"GBrowse" => {"advisories" => [{"affected_versions" => ["<2.56"],"cves" => [],"description" => "An attacker is able to delete other users' accounts.  No httponly cookie flag.  Cross-site scripting vulnerability in generation of citation text.\n","distribution" => "GBrowse","fixed_versions" => [">=2.56"],"id" => "CPANSA-GBrowse-2017-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2017-01-15"},{"affected_versions" => ["<1.62"],"cves" => [],"description" => "Cross-site scripting.\n","distribution" => "GBrowse","fixed_versions" => [">=1.62"],"id" => "CPANSA-GBrowse-2004-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2004-04-05"},{"affected_versions" => ["<1.54"],"cves" => [],"description" => "Path traversal.\n","distribution" => "GBrowse","fixed_versions" => [">=1.54"],"id" => "CPANSA-GBrowse-2003-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2003-08-23"}],"main_module" => "CGI::Toggle","versions" => [{"date" => "2008-12-29T15:38:27","version" => "1.981"},{"date" => "2008-12-29T17:21:12","version" => "1.982"},{"date" => "2009-01-06T07:42:56","version" => "1.983"},{"date" => "2009-01-06T09:17:54","version" => "1.984"},{"date" => "2009-01-10T12:37:42","version" => "1.985"},{"date" => "2009-01-12T16:58:20","version" => "1.986"},{"date" => "2009-01-22T19:49:50","version" => "1.987"},{"date" => "2009-01-30T00:12:57","version" => "1.988"},{"date" => "2009-03-10T19:24:17","version" => "1.989"},{"date" => "2009-04-03T19:29:22","version" => "1.99"},{"date" => "2009-05-04T05:30:31","version" => "1.991"},{"date" => "2009-05-05T23:40:00","version" => "1.992"},{"date" => "2009-05-07T14:11:11","version" => "1.993"},{"date" => "2009-05-30T22:07:17","version" => "1.994"},{"date" => "2009-06-08T21:27:08","version" => "1.995"},{"date" => "2009-07-06T14:12:57","version" => "1.996"},{"date" => "2009-07-30T16:40:54","version" => "1.997"},{"date" => "2009-08-19T19:19:44","version" => "1.9971"},{"date" => "2009-12-09T21:39:37","version" => "1.998"},{"date" => "2009-12-15T15:59:37","version" => "1.9982"},{"date" => "2009-12-18T19:25:25","version" => "1.9983"},{"date" => "2009-12-22T21:20:40","version" => "1.9984"},{"date" => "2009-12-23T21:56:31","version" => "1.999"},{"date" => "2010-01-28T02:58:41","version" => "2.00"},{"date" => "2010-02-09T18:13:33","version" => "2.01"},{"date" => "2010-03-10T05:56:50","version" => "2.02"},{"date" => "2010-03-25T16:06:21","version" => "2.03"},{"date" => "2010-04-18T21:44:27","version" => "2.04"},{"date" => "2010-05-13T03:30:32","version" => "2.05"},{"date" => "2010-05-13T21:17:05","version" => "2.06"},{"date" => "2010-05-17T14:49:41","version" => "2.07"},{"date" => "2010-05-21T02:52:47","version" => "2.08"},{"date" => "2010-06-10T20:17:32","version" => "2.09"},{"date" => "2010-06-15T14:20:30","version" => "2.10"},{"date" => "2010-06-30T19:15:37","version" => "2.11"},{"date" => "2010-06-30T19:30:03","version" => "2.12"},{"date" => "2010-07-05T20:17:39","version" => "2.13"},{"date" => "2010-08-27T15:06:04","version" => "2.14"},{"date" => "2010-09-13T22:17:44","version" => "2.15"},{"date" => "2010-11-01T16:24:01","version" => "2.16"},{"date" => "2010-11-18T17:08:57","version" => "2.17"},{"date" => "2011-01-18T22:35:59","version" => "2.20"},{"date" => "2011-01-22T17:17:34","version" => "2.21"},{"date" => "2011-01-26T14:31:35","version" => "2.22"},{"date" => "2011-01-30T20:03:25","version" => "2.23"},{"date" => "2011-01-31T17:19:08","version" => "2.24"},{"date" => "2011-02-02T18:53:40","version" => "2.25"},{"date" => "2011-02-04T18:51:54","version" => "2.26"},{"date" => "2011-04-10T21:07:42","version" => "2.27"},{"date" => "2011-04-10T21:32:05","version" => "2.28"},{"date" => "2011-05-02T16:12:11","version" => "2.29"},{"date" => "2011-05-03T12:17:18","version" => "2.30"},{"date" => "2011-05-03T15:50:21","version" => "2.31"},{"date" => "2011-05-04T18:47:51","version" => "2.32"},{"date" => "2011-05-07T03:27:32","version" => "2.33"},{"date" => "2011-06-01T15:19:47","version" => "2.34"},{"date" => "2011-06-03T13:41:28","version" => "2.35"},{"date" => "2011-06-04T14:58:14","version" => "2.36"},{"date" => "2011-06-06T21:24:59","version" => "2.37"},{"date" => "2011-06-09T16:00:48","version" => "2.38"},{"date" => "2011-06-29T17:45:00","version" => "2.39"},{"date" => "2011-09-30T16:56:29","version" => "2.40"},{"date" => "2011-10-07T13:31:48","version" => "2.41"},{"date" => "2011-10-12T19:33:22","version" => "2.42"},{"date" => "2011-10-24T16:43:23","version" => "2.43"},{"date" => "2011-12-08T23:09:26","version" => "2.44"},{"date" => "2012-01-03T21:35:41","version" => "2.45"},{"date" => "2012-02-10T17:28:20","version" => "2.46"},{"date" => "2012-02-16T12:40:04","version" => "2.47"},{"date" => "2012-02-24T21:06:10","version" => "2.48"},{"date" => "2012-04-17T23:48:26","version" => "2.49"},{"date" => "2012-09-04T16:22:21","version" => "2.50"},{"date" => "2012-09-18T03:01:31","version" => "2.51"},{"date" => "2012-09-26T02:54:36","version" => "2.52"},{"date" => "2012-12-10T11:23:34","version" => "2.53"},{"date" => "2012-12-11T15:49:03","version" => "2.54"},{"date" => "2013-07-10T14:51:25","version" => "2.55"},{"date" => "2017-01-15T21:29:11","version" => "2.56"}]},"GD" => {"advisories" => [{"affected_versions" => ["<2.72"],"cves" => ["CVE-2019-6977"],"description" => "gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.\n","distribution" => "GD","fixed_versions" => [">=2.72"],"id" => "CPANSA-GD-2019-6977","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2019-6977","https://bugs.php.net/bug.php?id=77270","http://php.net/ChangeLog-7.php","http://php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/106731","https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html","https://www.debian.org/security/2019/dsa-4384","https://usn.ubuntu.com/3900-1/","https://security.netapp.com/advisory/ntap-20190315-0003/","https://security.gentoo.org/glsa/201903-18","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html","http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html","https://www.exploit-db.com/exploits/46677/","https://access.redhat.com/errata/RHSA-2019:2519","https://access.redhat.com/errata/RHSA-2019:3299","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"],"reported" => "2019-01-27","severity" => "high"}],"main_module" => "GD","versions" => [{"date" => "1996-05-17T08:12:00","version" => "1.00"},{"date" => "1996-07-17T10:16:00","version" => "1.01"},{"date" => "1996-09-07T16:53:00","version" => "1.10"},{"date" => "1996-09-09T10:37:00","version" => "1.11"},{"date" => "1996-09-10T12:04:00","version" => "1.12"},{"date" => "1996-09-11T07:27:00","version" => "1.13"},{"date" => "1996-09-12T16:11:00","version" => "1.14"},{"date" => "1997-11-19T21:13:00","version" => "1.15"},{"date" => "1997-12-19T14:26:00","version" => "1.16"},{"date" => "1998-01-16T13:34:00","version" => "1.17"},{"date" => "1998-01-26T08:44:00","version" => "1.18"},{"date" => "1998-03-08T16:43:26","version" => "1.18"},{"date" => "1999-01-31T17:52:34","version" => "1.18"},{"date" => "1999-04-26T20:35:55","version" => "1.19"},{"date" => "1999-06-02T13:44:43","version" => "1.19"},{"date" => "1999-08-31T03:38:46","version" => "1.20"},{"date" => "1999-08-31T14:55:24","version" => "1.21"},{"date" => "1999-09-30T21:46:47","version" => "1.22"},{"date" => "1999-11-11T14:26:14","version" => "1.23"},{"date" => "2000-02-15T19:54:37","version" => "1.24"},{"date" => "2000-02-22T15:20:41","version" => "1.25"},{"date" => "2000-03-18T23:21:50","version" => "1.26"},{"date" => "2000-03-22T19:41:56","version" => "1.27"},{"date" => "2000-06-23T12:15:51","version" => "1.28"},{"date" => "2000-06-23T18:26:31","version" => "1.29"},{"date" => "2000-07-07T02:42:47","version" => "1.30"},{"date" => "2000-11-10T16:00:09","version" => "1.32"},{"date" => "2001-04-05T04:42:53","version" => "1.33"},{"date" => "2001-09-26T05:19:41","version" => "1.31"},{"date" => "2001-12-06T22:57:11","version" => "1.35"},{"date" => "2001-12-17T19:13:23","version" => "1.36"},{"date" => "2001-12-19T21:34:33","version" => "1.37"},{"date" => "2002-01-04T15:33:18","version" => "1.38"},{"date" => "2002-06-12T02:09:05","version" => "1.39"},{"date" => "2002-06-19T12:11:07","version" => "1.40"},{"date" => "2002-07-22T07:33:14","version" => "1.41"},{"date" => "2002-08-09T16:31:00","version" => "2.00"},{"date" => "2002-08-09T16:39:49","version" => "2.01"},{"date" => "2002-10-14T13:07:59","version" => "2.02"},{"date" => "2002-11-01T15:46:28","version" => "2.04"},{"date" => "2002-11-05T00:55:52","version" => "2.041"},{"date" => "2002-11-25T01:35:10","version" => "2.05"},{"date" => "2003-01-08T16:49:15","version" => "2.06"},{"date" => "2003-04-24T05:06:33","version" => "2.07"},{"date" => "2003-10-06T23:04:15","version" => "2.10"},{"date" => "2003-10-07T22:33:21","version" => "2.11"},{"date" => "2004-02-06T14:33:56","version" => "2.12"},{"date" => "2004-07-22T20:32:01","version" => "2.15"},{"date" => "2004-07-27T00:47:05","version" => "2.16"},{"date" => "2004-11-10T19:15:39","version" => "2.17"},{"date" => "2004-11-12T15:19:40","version" => "2.18"},{"date" => "2004-11-16T13:36:22","version" => "2.19"},{"date" => "2005-02-09T18:50:44","version" => "2.21"},{"date" => "2005-03-07T18:09:39","version" => "2.22"},{"date" => "2005-03-09T21:04:40","version" => "2.23"},{"date" => "2005-07-15T18:47:39","version" => "2.25"},{"date" => "2005-08-04T13:34:01","version" => "2.26"},{"date" => "2005-08-06T14:52:27","version" => "2.27"},{"date" => "2005-08-08T17:28:37","version" => "2.28"},{"date" => "2005-10-19T05:44:52","version" => "2.29"},{"date" => "2005-10-19T07:51:48","version" => "2.30"},{"date" => "2006-02-20T19:48:20","version" => "2.31"},{"date" => "2006-03-08T20:19:06","version" => "2.32"},{"date" => "2006-06-01T20:02:57","version" => "2.34"},{"date" => "2006-08-23T15:31:17","version" => "2.35"},{"date" => "2008-04-21T14:15:26","version" => "2.39"},{"date" => "2008-08-07T18:48:46","version" => "2.40"},{"date" => "2008-08-07T19:17:19","version" => "2.41"},{"date" => "2009-06-10T14:44:33","version" => "2.43"},{"date" => "2009-07-10T18:12:58","version" => "2.44"},{"date" => "2010-04-30T18:52:21","version" => "2.45"},{"date" => "2011-05-01T17:47:22","version" => "2.46"},{"date" => "2013-02-26T10:54:32","version" => "2.48"},{"date" => "2013-02-26T11:04:16","version" => "2.49"},{"date" => "2013-07-02T20:48:59","version" => "2.50"},{"date" => "2014-02-04T16:53:54","version" => "2.51"},{"date" => "2014-02-19T04:29:23","version" => "2.52"},{"date" => "2014-04-01T14:26:31","version" => "2.53"},{"date" => "2014-10-27T02:29:14","version" => "2.55"},{"date" => "2014-10-28T01:35:39","version" => "2.56"},{"date" => "2017-04-19T14:45:56","version" => "2.56_01"},{"date" => "2017-04-19T14:56:35","version" => "2.56_02"},{"date" => "2017-04-19T15:19:33","version" => "2.56_03"},{"date" => "2017-04-21T06:22:54","version" => "2.57"},{"date" => "2017-04-21T08:38:24","version" => "2.58"},{"date" => "2017-04-21T10:35:21","version" => "2.59"},{"date" => "2017-04-21T22:11:18","version" => "2.60"},{"date" => "2017-04-22T15:52:15","version" => "2.61"},{"date" => "2017-04-22T22:27:02","version" => "2.62"},{"date" => "2017-04-23T08:23:06","version" => "2.63"},{"date" => "2017-04-23T09:03:18","version" => "2.64"},{"date" => "2017-04-23T10:36:23","version" => "2.65"},{"date" => "2017-04-23T13:08:08","version" => "2.66"},{"date" => "2017-11-15T08:33:16","version" => "2.67"},{"date" => "2018-02-18T19:56:41","version" => "2.68"},{"date" => "2018-08-26T15:40:02","version" => "2.69"},{"date" => "2019-01-10T12:57:08","version" => "2.70"},{"date" => "2019-02-12T11:53:42","version" => "2.71"},{"date" => "2020-07-18T06:02:50","version" => "2.72"},{"date" => "2020-09-24T13:01:57","version" => "2.73"},{"date" => "2022-01-23T15:34:48","version" => "2.74"},{"date" => "2022-01-25T16:54:22","version" => "2.75"},{"date" => "2022-02-01T14:50:45","version" => "2.76"},{"date" => "2023-05-29T07:10:47","version" => "2.77"},{"date" => "2023-07-04T09:13:52","version" => "2.78"},{"date" => "2024-04-29T19:57:07","version" => "2.79"},{"date" => "2024-05-03T11:16:48","version" => "2.80"},{"date" => "2024-05-03T17:02:57","version" => "2.81"},{"date" => "2024-05-27T10:31:38","version" => "2.82"},{"date" => "2024-06-23T15:46:01","version" => "2.83"},{"date" => "2026-01-04T19:40:59","version" => "2.84"}]},"GPIB" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2006-1565"],"description" => "Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.\n","distribution" => "GPIB","fixed_versions" => [],"id" => "CPANSA-GPIB-2006-1565","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359239","http://www.securityfocus.com/bid/17288","https://exchange.xforce.ibmcloud.com/vulnerabilities/25681"],"reported" => "2006-03-31","severity" => undef}],"main_module" => "GPIB","versions" => [{"date" => "2002-01-02T03:13:38","version" => "0_30"}]},"Galileo" => {"advisories" => [{"affected_versions" => ["<0.043"],"cves" => ["CVE-2019-7410"],"description" => "There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via \$page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).\n","distribution" => "Galileo","fixed_versions" => [">=0.043"],"id" => "CPANSA-Galileo-2019-7410","references" => ["https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMS_v0.042.txt","https://metacpan.org/changes/distribution/Galileo","https://github.com/jberger/Galileo/pull/55/files","https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_Vulnerability_in_Galileo_CMS_v0.042.txt"],"reported" => "2020-08-14","severity" => "medium"}],"main_module" => "Galileo","versions" => [{"date" => "2012-07-30T17:03:42","version" => "0.001"},{"date" => "2012-07-30T17:38:19","version" => "0.002"},{"date" => "2012-07-30T20:36:06","version" => "0.003"},{"date" => "2012-07-31T15:41:59","version" => "0.004"},{"date" => "2012-08-06T21:26:17","version" => "0.005"},{"date" => "2012-08-09T20:39:14","version" => "0.006"},{"date" => "2012-09-10T17:57:20","version" => "0.007"},{"date" => "2012-10-27T17:40:15","version" => "0.008"},{"date" => "2012-10-28T18:03:00","version" => "0.009"},{"date" => "2012-10-28T18:10:15","version" => "0.01"},{"date" => "2012-10-31T22:10:19","version" => "0.011"},{"date" => "2013-01-15T15:10:42","version" => "0.012"},{"date" => "2013-01-15T21:07:00","version" => "0.013"},{"date" => "2013-01-16T21:37:32","version" => "0.014"},{"date" => "2013-01-19T03:59:45","version" => "0.015"},{"date" => "2013-01-26T21:28:59","version" => "0.016"},{"date" => "2013-02-05T03:32:32","version" => "0.017"},{"date" => "2013-02-06T02:47:47","version" => "0.018"},{"date" => "2013-02-06T03:09:27","version" => "0.019"},{"date" => "2013-02-11T23:33:00","version" => "0.020"},{"date" => "2013-02-17T01:24:51","version" => "0.021"},{"date" => "2013-02-17T02:44:14","version" => "0.022"},{"date" => "2013-03-04T18:25:01","version" => "0.023"},{"date" => "2013-03-12T15:24:22","version" => "0.024"},{"date" => "2013-03-12T18:48:22","version" => "0.025"},{"date" => "2013-03-15T15:18:18","version" => "0.026"},{"date" => "2013-04-03T20:04:15","version" => "0.027"},{"date" => "2013-05-14T15:59:46","version" => "0.028"},{"date" => "2013-06-29T03:30:18","version" => "0.029"},{"date" => "2013-08-27T03:43:39","version" => "0.030"},{"date" => "2013-11-28T18:36:10","version" => "0.031"},{"date" => "2014-04-06T16:17:22","version" => "0.032"},{"date" => "2014-05-10T19:38:50","version" => "0.033"},{"date" => "2014-05-31T13:06:42","version" => "0.034"},{"date" => "2014-08-16T22:10:46","version" => "0.035"},{"date" => "2014-08-31T15:31:15","version" => "0.036"},{"date" => "2014-10-14T04:03:53","version" => "0.037"},{"date" => "2015-01-25T18:08:54","version" => "0.038"},{"date" => "2015-09-28T18:25:31","version" => "0.039"},{"date" => "2016-01-07T16:33:46","version" => "0.040"},{"date" => "2016-08-13T18:15:17","version" => "0.041"},{"date" => "2017-03-16T03:14:04","version" => "0.042"},{"date" => "2020-08-06T16:26:58","version" => "0.043"}]},"Git-Raw" => {"advisories" => [{"affected_versions" => [">=0.08,<=0.24"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.25,<=0.28"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.29,<=0.40"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.41,<=0.50"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.51,<=0.53"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.54,<=0.58"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.59,<=0.60"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => ["==0.75"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.76,<=0.82"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.83,<=0.84"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.85,<=0.87"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => ["==0.88"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => ["==0.89"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.08,<=0.40"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=0.41,<=0.75"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=0.76,<=0.88"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Git::Raw","versions" => [{"date" => "2012-08-05T11:44:00","version" => "0.01"},{"date" => "2012-08-05T20:19:35","version" => "0.02"},{"date" => "2012-08-06T16:46:15","version" => "0.03"},{"date" => "2012-08-08T21:43:23","version" => "0.04"},{"date" => "2012-08-09T15:57:26","version" => "0.05"},{"date" => "2012-08-17T14:13:37","version" => "0.06"},{"date" => "2012-08-20T19:03:21","version" => "0.07"},{"date" => "2012-08-21T15:15:44","version" => "0.08"},{"date" => "2012-08-22T17:57:45","version" => "0.09"},{"date" => "2012-08-22T18:54:02","version" => "0.10"},{"date" => "2012-08-23T09:42:11","version" => "0.11"},{"date" => "2012-09-22T17:26:43","version" => "0.12"},{"date" => "2012-10-02T16:28:54","version" => "0.13"},{"date" => "2012-10-19T10:29:16","version" => "0.14"},{"date" => "2012-10-30T21:41:51","version" => "0.15"},{"date" => "2012-11-30T11:44:22","version" => "0.16"},{"date" => "2012-12-04T12:50:53","version" => "0.17"},{"date" => "2012-12-14T17:41:07","version" => "0.18"},{"date" => "2013-01-03T18:26:04","version" => "0.19"},{"date" => "2013-01-26T12:47:33","version" => "0.20"},{"date" => "2013-02-20T16:43:28","version" => "0.21"},{"date" => "2013-02-23T14:21:03","version" => "0.22"},{"date" => "2013-03-25T13:12:14","version" => "0.23"},{"date" => "2013-03-31T11:09:03","version" => "0.24"},{"date" => "2013-10-09T13:20:24","version" => "0.25"},{"date" => "2013-10-09T14:13:40","version" => "0.26"},{"date" => "2013-10-23T10:37:15","version" => "0.27"},{"date" => "2013-11-18T14:02:54","version" => "0.28"},{"date" => "2013-11-24T19:20:25","version" => "0.29"},{"date" => "2014-01-26T13:41:14","version" => "0.30"},{"date" => "2014-02-08T18:10:43","version" => "0.31"},{"date" => "2014-03-16T14:06:42","version" => "0.32"},{"date" => "2014-04-14T10:32:15","version" => "0.33"},{"date" => "2014-04-27T10:41:00","version" => "0.34"},{"date" => "2014-04-28T16:45:42","version" => "0.35"},{"date" => "2014-05-02T14:01:36","version" => "0.36"},{"date" => "2014-06-08T15:27:13","version" => "0.37"},{"date" => "2014-06-11T18:05:33","version" => "0.38"},{"date" => "2014-06-12T16:08:55","version" => "0.39"},{"date" => "2014-06-25T19:08:19","version" => "0.40"},{"date" => "2014-08-03T16:09:58","version" => "0.41"},{"date" => "2014-08-09T13:22:08","version" => "0.42"},{"date" => "2014-08-14T13:21:12","version" => "0.43"},{"date" => "2014-08-18T08:35:38","version" => "0.44"},{"date" => "2014-09-18T21:31:44","version" => "0.45"},{"date" => "2014-09-19T10:44:04","version" => "0.46"},{"date" => "2014-09-30T11:08:31","version" => "0.47"},{"date" => "2014-10-13T21:10:25","version" => "0.48"},{"date" => "2014-10-24T10:06:17","version" => "0.49"},{"date" => "2014-11-15T18:12:53","version" => "0.50"},{"date" => "2015-02-09T07:56:23","version" => "0.51"},{"date" => "2015-03-19T11:47:40","version" => "0.52"},{"date" => "2015-04-14T18:26:22","version" => "0.53"},{"date" => "2015-11-12T19:30:27","version" => "0.54"},{"date" => "2015-11-14T09:21:11","version" => "0.55"},{"date" => "2015-11-17T11:54:04","version" => "0.56"},{"date" => "2015-11-21T13:30:25","version" => "0.57"},{"date" => "2015-11-23T05:52:12","version" => "0.58"},{"date" => "2016-05-23T04:45:30","version" => "0.59"},{"date" => "2016-06-09T17:50:00","version" => "0.60"},{"date" => "2016-12-05T17:51:20","version" => "0.61"},{"date" => "2016-12-06T16:59:22","version" => "0.62"},{"date" => "2016-12-08T18:31:51","version" => "0.63"},{"date" => "2016-12-16T12:56:55","version" => "0.64"},{"date" => "2016-12-21T16:02:45","version" => "0.65"},{"date" => "2016-12-28T16:06:29","version" => "0.66"},{"date" => "2016-12-28T17:03:40","version" => "0.67"},{"date" => "2016-12-30T08:07:24","version" => "0.68"},{"date" => "2016-12-30T08:11:44","version" => "0.69"},{"date" => "2016-12-30T19:19:00","version" => "0.70"},{"date" => "2017-01-09T06:53:53","version" => "0.71"},{"date" => "2017-01-10T05:12:24","version" => "0.72"},{"date" => "2017-03-22T16:43:32","version" => "0.73"},{"date" => "2017-03-24T09:07:21","version" => "0.74"},{"date" => "2018-01-25T18:54:11","version" => "0.75"},{"date" => "2018-03-08T16:00:17","version" => "0.76"},{"date" => "2018-03-09T04:57:30","version" => "0.77"},{"date" => "2018-03-09T13:30:01","version" => "0.78"},{"date" => "2018-03-23T18:40:02","version" => "0.79"},{"date" => "2018-06-17T08:47:43","version" => "0.80"},{"date" => "2018-06-27T17:23:13","version" => "0.81"},{"date" => "2018-12-12T15:18:03","version" => "0.82"},{"date" => "2019-05-20T13:42:02","version" => "0.83"},{"date" => "2019-08-19T20:36:03","version" => "0.84"},{"date" => "2020-04-19T11:32:47","version" => "0.85"},{"date" => "2020-04-25T11:27:33","version" => "0.86"},{"date" => "2020-08-30T12:19:25","version" => "0.87"},{"date" => "2021-08-08T12:37:22","version" => "0.88"},{"date" => "2022-10-23T16:31:07","version" => "0.89"},{"date" => "2022-10-27T08:52:11","version" => "0.90"}]},"Git-XS" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.08,<=0.17"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.17"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.17,<=0.88"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.88"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Git::XS","versions" => [{"date" => "2011-12-27T05:42:38","version" => "0.01"},{"date" => "2011-12-27T23:09:56","version" => "0.02"}]},"GitLab-API-v4" => {"advisories" => [{"affected_versions" => [">=0.26"],"cves" => ["CVE-2023-31485"],"description" => "GitLab::API::v4 is missing the verify_SSL=>1 flag in HTTP::Tiny, allowing a network attacker to MITM connections to the GitLab server.\n","distribution" => "GitLab-API-v4","fixed_versions" => [],"id" => "CPANSA-GitLab-API-v4-2023-31485","references" => ["https://github.com/bluefeet/GitLab-API-v4/pull/57","https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://www.openwall.com/lists/oss-security/2023/04/18/14","https://github.com/chansen/p5-http-tiny/pull/151"],"reported" => "2023-02-28"}],"main_module" => "GitLab::API::v4","versions" => [{"date" => "2017-12-11T18:40:52","version" => "0.01"},{"date" => "2017-12-16T00:11:18","version" => "0.02"},{"date" => "2018-01-12T21:26:23","version" => "0.03"},{"date" => "2018-02-03T23:15:40","version" => "0.04"},{"date" => "2018-03-06T18:26:52","version" => "0.05"},{"date" => "2018-04-09T20:06:01","version" => "0.06"},{"date" => "2018-05-10T21:33:05","version" => "0.07"},{"date" => "2018-05-14T17:33:39","version" => "0.08"},{"date" => "2018-05-29T04:48:13","version" => "0.09"},{"date" => "2018-06-06T06:47:41","version" => "0.10"},{"date" => "2018-09-02T05:24:51","version" => "0.11"},{"date" => "2018-09-12T01:04:05","version" => "0.12"},{"date" => "2018-11-08T13:44:56","version" => "0.13"},{"date" => "2018-12-04T20:39:42","version" => "0.14"},{"date" => "2019-01-09T18:13:46","version" => "0.15"},{"date" => "2019-02-18T06:21:38","version" => "0.16"},{"date" => "2019-02-20T22:49:13","version" => "0.17"},{"date" => "2019-04-01T04:36:27","version" => "0.18"},{"date" => "2019-05-17T20:41:31","version" => "0.19"},{"date" => "2019-07-23T21:42:57","version" => "0.20"},{"date" => "2019-08-24T18:56:25","version" => "0.21"},{"date" => "2019-09-13T15:03:00","version" => "0.22"},{"date" => "2019-10-18T19:55:54","version" => "0.23"},{"date" => "2020-02-12T22:10:58","version" => "0.24"},{"date" => "2020-02-12T22:21:40","version" => "0.25"},{"date" => "2021-01-30T07:11:26","version" => "0.26"},{"date" => "2023-06-07T20:51:14","version" => "0.27"}]},"Graphics-ColorNames" => {"advisories" => [{"affected_versions" => [">=2.0_01,<=3.1.2"],"cves" => ["CVE-2024-55918"],"description" => "A specially-named file may lead to HTML injection attacks.\n","distribution" => "Graphics-ColorNames","fixed_versions" => [">3.1.2"],"id" => "CPANSA-Graphics-ColorNames-2010-02","references" => ["https://metacpan.org/changes/distribution/Graphics-ColorNames","https://rt.cpan.org/Public/Bug/Display.html?id=54500"],"reported" => "2010-02-11"}],"main_module" => "Graphics::ColorNames","versions" => [{"date" => "2001-02-20T03:47:48","version" => "0.10"},{"date" => "2001-04-12T02:32:22","version" => "0.20"},{"date" => "2001-04-13T04:37:27","version" => "0.21"},{"date" => "2001-04-15T14:26:41","version" => "0.22"},{"date" => "2001-04-18T03:13:51","version" => "0.23"},{"date" => "2001-04-28T16:09:48","version" => "0.24"},{"date" => "2001-10-05T02:42:20","version" => "0.30"},{"date" => "2002-10-24T01:17:51","version" => "0.31"},{"date" => "2002-12-05T03:07:24","version" => "0.32"},{"date" => "2004-07-22T00:41:35","version" => "0.3901"},{"date" => "2004-07-22T20:01:47","version" => "0.39_02"},{"date" => "2004-07-23T01:52:58","version" => "0.39_03"},{"date" => "2004-07-26T06:36:47","version" => "0.39_04"},{"date" => "2004-08-01T01:21:33","version" => "1.00"},{"date" => "2004-08-18T20:32:07","version" => "1.01"},{"date" => "2004-08-24T15:53:20","version" => "1.02"},{"date" => "2004-08-26T21:51:46","version" => "1.03"},{"date" => "2004-09-03T06:56:23","version" => "1.04"},{"date" => "2004-09-03T07:00:16","version" => "1.05"},{"date" => "2005-03-29T23:06:41","version" => "1.06"},{"date" => "2005-04-04T15:17:24","version" => "2.0_01"},{"date" => "2005-04-07T16:08:52","version" => "2.0_02"},{"date" => "2005-04-08T16:48:24","version" => "2.0_03"},{"date" => "2006-10-24T13:58:29","version" => "2.0_04"},{"date" => "2007-12-16T15:33:27","version" => "2.01"},{"date" => "2007-12-16T16:04:00","version" => "2.02"},{"date" => "2007-12-17T12:49:37","version" => "2.03"},{"date" => "2007-12-17T20:01:53","version" => "2.04"},{"date" => "2007-12-20T16:01:35","version" => "2.10_01"},{"date" => "2008-01-04T15:55:53","version" => "2.10_02"},{"date" => "2008-01-05T13:14:32","version" => "2.10_03"},{"date" => "2008-01-06T21:52:18","version" => "2.10_04"},{"date" => "2008-01-08T16:20:38","version" => "2.10_05"},{"date" => "2008-01-10T21:43:53","version" => "2.11"},{"date" => "2018-09-27T23:02:17","version" => "v3.0.0"},{"date" => "2018-09-28T12:40:06","version" => "v3.0.1"},{"date" => "2018-09-28T16:56:39","version" => "v3.0.2"},{"date" => "2018-09-30T12:37:45","version" => "v3.1.0"},{"date" => "2018-10-01T16:51:16","version" => "v3.1.1"},{"date" => "2018-10-01T22:15:39","version" => "v3.1.2"},{"date" => "2018-10-03T23:36:26","version" => "v3.2.0"},{"date" => "2018-10-06T10:00:38","version" => "v3.2.1"},{"date" => "2018-10-23T20:30:22","version" => "v3.3.0"},{"date" => "2018-10-24T15:03:58","version" => "v3.3.1"},{"date" => "2018-10-27T16:33:30","version" => "v3.3.2"},{"date" => "2018-10-27T18:31:44","version" => "v3.3.3"},{"date" => "2018-11-11T15:13:51","version" => "v3.3.4"},{"date" => "2018-11-18T19:13:42","version" => "v3.4.0"},{"date" => "2019-06-06T20:30:43","version" => "v3.5.0"}]},"HTML-EP" => {"advisories" => [{"affected_versions" => [">=0.2011"],"cves" => ["CVE-2012-6142"],"description" => "HTML::EP::Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "HTML-EP","fixed_versions" => [],"id" => "CPANSA-HTML-EP-2012-6142","references" => ["http://www.securityfocus.com/bid/59833","http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84199"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "HTML::EP","versions" => [{"date" => "1998-06-24T20:39:44","version" => "0.1000"},{"date" => "1998-06-26T12:21:47","version" => "0.1002"},{"date" => "1998-07-17T21:28:11","version" => "0.1005"},{"date" => "1998-07-18T16:05:32","version" => "0.1006"},{"date" => "1998-07-24T20:40:11","version" => "0.1100"},{"date" => "1998-09-12T20:26:57","version" => "0.1106"},{"date" => "1998-09-14T00:09:23","version" => "0.1107"},{"date" => "1998-09-18T01:41:54","version" => "0.1108"},{"date" => "1998-10-06T09:42:57","version" => "0.1109"},{"date" => "1998-10-13T16:57:33","version" => "0.1111"},{"date" => "1998-10-15T19:02:15","version" => "0.1112"},{"date" => "1998-10-21T21:58:15","version" => "0.1113"},{"date" => "1998-11-06T20:01:59","version" => "0.1116"},{"date" => "1998-11-29T18:25:07","version" => "0.1117"},{"date" => "1998-12-03T17:11:04","version" => "0.1118"},{"date" => "1999-01-26T02:07:08","version" => "0.1123"},{"date" => "1999-02-01T00:08:19","version" => "0.1124"},{"date" => "1999-02-07T20:07:50","version" => "0.1125"},{"date" => "1999-02-13T12:36:36","version" => "0.1126"},{"date" => "1999-02-23T18:47:31","version" => "0.1127"},{"date" => "1999-02-26T18:27:47","version" => "0.1128"},{"date" => "1999-05-04T22:59:11","version" => "0.1130"},{"date" => "1999-08-26T15:05:04","version" => "0.11321"},{"date" => "1999-08-27T11:29:51","version" => "0.1133"},{"date" => "1999-08-31T11:04:44","version" => "0.1134"},{"date" => "1999-09-21T10:22:21","version" => "0.1135"},{"date" => "1999-09-26T13:27:28","version" => "0.20_00"},{"date" => "1999-09-27T10:28:51","version" => "0.20_01"},{"date" => "1999-11-05T11:38:40","version" => "0.2003"},{"date" => "1999-11-08T15:38:12","version" => "0.2004"},{"date" => "1999-11-08T18:18:11","version" => "0.2005"},{"date" => "1999-11-17T12:28:55","version" => "0.2006"},{"date" => "1999-11-17T17:23:52","version" => "0.2007"},{"date" => "1999-11-25T10:15:38","version" => "0.2008"},{"date" => "1999-12-07T20:43:46","version" => "0.2009"},{"date" => "1999-12-15T22:41:39","version" => "0.2010"},{"date" => "2001-01-05T13:26:37","version" => "0.2011"},{"date" => "2001-01-05T13:27:07","version" => 0}]},"HTML-Parser" => {"advisories" => [{"affected_versions" => ["<3.63"],"cves" => ["CVE-2009-3627"],"description" => "The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.\n","distribution" => "HTML-Parser","fixed_versions" => [">=3.63"],"id" => "CPANSA-HTML-Parser-2009-3627","references" => ["https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225","http://www.openwall.com/lists/oss-security/2009/10/23/9","http://secunia.com/advisories/37155","http://www.securityfocus.com/bid/36807","https://bugzilla.redhat.com/show_bug.cgi?id=530604","http://www.vupen.com/english/advisories/2009/3022","http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c","https://exchange.xforce.ibmcloud.com/vulnerabilities/53941"],"reported" => "2009-10-29","severity" => undef}],"main_module" => "HTML::Parser","versions" => [{"date" => "1998-03-31T22:25:05","version" => "2.14"},{"date" => "1998-04-02T11:40:38","version" => "2.16"},{"date" => "1998-04-28T08:35:12","version" => "2.17"},{"date" => "1998-06-22T19:45:24","version" => "2.18"},{"date" => "1998-07-06T23:12:33","version" => "2.19"},{"date" => "1998-07-08T13:05:04","version" => "2.20"},{"date" => "1998-11-13T21:48:08","version" => "2.21"},{"date" => "1999-06-09T10:34:35","version" => "2.23"},{"date" => "1999-11-03T07:10:32","version" => "2.24"},{"date" => "1999-11-05T09:46:11","version" => "2.25"},{"date" => "1999-12-14T23:01:49","version" => "3.00"},{"date" => "1999-12-19T07:07:38","version" => "3.01"},{"date" => "1999-12-21T09:55:56","version" => "3.02"},{"date" => "2000-01-15T16:25:39","version" => "3.04"},{"date" => "2000-01-22T16:14:25","version" => "3.05"},{"date" => "2000-03-06T14:00:15","version" => "3.06"},{"date" => "2000-03-20T12:47:48","version" => "3.07"},{"date" => "2000-05-23T10:59:19","version" => "3.08"},{"date" => "2000-06-28T08:49:09","version" => "3.09"},{"date" => "2000-06-29T07:52:47","version" => "3.10"},{"date" => "2000-08-22T10:04:28","version" => "3.11"},{"date" => "2000-09-14T18:22:47","version" => "3.12"},{"date" => "2000-09-17T01:55:45","version" => "3.13"},{"date" => "2000-12-04T06:05:39","version" => "3.14"},{"date" => "2000-12-26T09:04:53","version" => "3.15"},{"date" => "2001-02-23T07:21:20","version" => "3.16"},{"date" => "2001-02-24T06:32:38","version" => "3.17"},{"date" => "2001-02-25T04:51:50","version" => "3.18"},{"date" => "2001-03-10T04:32:27","version" => "3.19"},{"date" => "2001-03-13T19:44:52","version" => "3.19_90"},{"date" => "2001-03-16T02:29:32","version" => "3.19"},{"date" => "2001-03-19T19:26:50","version" => "3.19_91"},{"date" => "2001-03-26T15:37:39","version" => "3.19_92"},{"date" => "2001-03-27T19:44:20","version" => "3.19_93"},{"date" => "2001-03-30T08:24:11","version" => "3.19_94"},{"date" => "2001-04-03T00:18:14","version" => "3.20"},{"date" => "2001-04-10T22:34:03","version" => "3.21"},{"date" => "2001-04-18T05:31:23","version" => "3.22"},{"date" => "2001-05-02T04:18:51","version" => "3.23"},{"date" => "2001-05-05T06:18:21","version" => "3.23"},{"date" => "2001-05-09T07:23:34","version" => "3.24"},{"date" => "2001-05-11T17:26:39","version" => "3.25"},{"date" => "2001-06-12T08:35:06","version" => "3.25"},{"date" => "2002-03-17T20:11:55","version" => "3.26"},{"date" => "2003-01-18T13:08:01","version" => "3.27"},{"date" => "2003-04-17T03:56:32","version" => "3.28"},{"date" => "2003-08-15T06:11:17","version" => "3.29"},{"date" => "2003-08-18T05:48:21","version" => "3.30"},{"date" => "2003-08-19T14:56:07","version" => "3.31"},{"date" => "2003-10-10T14:31:48","version" => "3.32"},{"date" => "2003-10-14T10:53:29","version" => "3.33"},{"date" => "2003-10-27T21:23:09","version" => "3.34"},{"date" => "2003-12-12T14:27:23","version" => "3.35"},{"date" => "2004-04-01T12:21:44","version" => "3.36"},{"date" => "2004-11-10T18:56:54","version" => "3.37"},{"date" => "2004-11-11T10:19:56","version" => "3.38"},{"date" => "2004-11-17T14:33:49","version" => "3.39_90"},{"date" => "2004-11-23T11:46:30","version" => "3.39_91"},{"date" => "2004-11-23T22:25:21","version" => "3.39_92"},{"date" => "2004-11-29T11:14:34","version" => "3.40"},{"date" => "2004-11-30T09:30:56","version" => "3.41"},{"date" => "2004-12-04T11:54:54","version" => "3.42"},{"date" => "2004-12-06T09:19:28","version" => "3.43"},{"date" => "2004-12-28T14:07:28","version" => "3.44"},{"date" => "2005-01-06T09:09:45","version" => "3.45"},{"date" => "2005-10-24T12:34:04","version" => "3.46"},{"date" => "2005-11-22T21:50:09","version" => "3.47"},{"date" => "2005-12-02T17:41:00","version" => "3.48"},{"date" => "2006-02-08T10:58:39","version" => "3.49"},{"date" => "2006-02-14T18:32:51","version" => "3.50"},{"date" => "2006-03-22T09:26:15","version" => "3.51"},{"date" => "2006-04-26T08:43:13","version" => "3.52"},{"date" => "2006-04-27T11:55:34","version" => "3.53"},{"date" => "2006-04-28T08:21:04","version" => "3.54"},{"date" => "2006-07-10T09:16:22","version" => "3.55"},{"date" => "2007-01-12T11:00:07","version" => "3.56"},{"date" => "2008-11-16T21:45:07","version" => "3.57"},{"date" => "2008-11-17T11:35:37","version" => "3.58"},{"date" => "2008-11-24T09:15:09","version" => "3.59"},{"date" => "2009-02-09T11:26:08","version" => "3.60"},{"date" => "2009-06-20T09:34:17","version" => "3.61"},{"date" => "2009-08-13T21:01:27","version" => "3.62"},{"date" => "2009-10-22T20:11:52","version" => "3.63"},{"date" => "2009-10-25T12:24:11","version" => "3.64"},{"date" => "2010-04-04T20:44:00","version" => "3.65"},{"date" => "2010-07-09T13:27:13","version" => "3.66"},{"date" => "2010-08-17T17:15:19","version" => "3.67"},{"date" => "2010-09-01T21:28:52","version" => "3.68"},{"date" => "2011-10-15T15:35:01","version" => "3.69"},{"date" => "2013-03-28T22:21:30","version" => "3.70"},{"date" => "2013-05-08T22:23:29","version" => "3.71"},{"date" => "2016-01-19T17:44:02","version" => "3.72"},{"date" => "2020-08-25T17:40:17","version" => "3.73"},{"date" => "2020-08-30T18:40:48","version" => "3.74"},{"date" => "2020-08-30T19:58:22","version" => "3.75"},{"date" => "2021-03-04T18:06:59","version" => "3.76"},{"date" => "2022-03-14T22:12:49","version" => "3.77"},{"date" => "2022-03-28T15:23:23","version" => "3.78"},{"date" => "2022-10-12T15:41:58","version" => "3.79"},{"date" => "2022-11-01T14:19:26","version" => "3.80"},{"date" => "2023-01-31T03:13:18","version" => "3.81"},{"date" => "2024-03-13T20:11:51","version" => "3.82"},{"date" => "2024-07-30T16:42:50","version" => "3.83"}]},"HTML-Perlinfo" => {"advisories" => [{"affected_versions" => ["<1.52"],"cves" => [],"description" => "Possibility of denial-of-service attack.\n","distribution" => "HTML-Perlinfo","fixed_versions" => [">=1.52"],"id" => "CPANSA-HTML-Perlinfo-2008-01","references" => ["https://metacpan.org/changes/release/ACCARDO/HTML-Perlinfo-1.52"],"reported" => "2008-07-04"}],"main_module" => "HTML::Perlinfo","versions" => [{"date" => "2005-08-18T21:39:08","version" => "1.00"},{"date" => "2005-09-19T20:41:07","version" => "1.05"},{"date" => "2006-01-14T05:25:20","version" => "1.25"},{"date" => "2006-08-13T03:42:36","version" => "1.40"},{"date" => "2006-08-13T09:29:45","version" => "1.41"},{"date" => "2006-08-15T01:04:34","version" => "1.42"},{"date" => "2006-08-25T07:51:28","version" => "1.43"},{"date" => "2006-09-10T23:20:13","version" => "1.44"},{"date" => "2006-09-24T02:22:48","version" => "1.45"},{"date" => "2006-09-27T20:08:12","version" => "1.46"},{"date" => "2006-10-02T19:30:30","version" => "1.47"},{"date" => "2008-03-16T03:15:04","version" => "1.48"},{"date" => "2008-04-26T04:17:07","version" => "1.49"},{"date" => "2008-04-30T20:44:40","version" => "1.50"},{"date" => "2008-06-08T21:07:29","version" => "1.51"},{"date" => "2008-07-03T23:57:26","version" => "1.52"},{"date" => "2008-07-21T22:24:22","version" => "1.53"},{"date" => "2008-07-27T23:52:36","version" => "1.54"},{"date" => "2009-04-08T01:09:54","version" => "1.55"},{"date" => "2009-04-08T19:06:59","version" => "1.56"},{"date" => "2009-04-16T15:57:34","version" => "1.57"},{"date" => "2009-04-17T02:41:48","version" => "1.58"},{"date" => "2009-04-22T03:29:45","version" => "1.59"},{"date" => "2009-05-02T20:48:38","version" => "1.60"},{"date" => "2009-05-02T22:21:42","version" => "1.60"},{"date" => "2009-05-03T23:02:35","version" => "1.61"},{"date" => "2011-06-13T19:28:39","version" => "1.62"},{"date" => "2014-08-19T21:37:30","version" => "1.63"},{"date" => "2014-08-19T22:29:15","version" => "1.64"},{"date" => "2015-06-06T23:25:41","version" => "1.65"},{"date" => "2015-06-08T18:20:03","version" => "1.66"},{"date" => "2015-06-08T20:22:33","version" => "1.67"},{"date" => "2015-06-12T02:03:18","version" => "1.68"},{"date" => "2016-11-29T19:21:00","version" => "1.69"},{"date" => "2019-06-24T15:33:44","version" => "1.70"},{"date" => "2019-06-25T02:15:30","version" => "1.71"},{"date" => "2019-07-02T19:22:14","version" => "1.72"},{"date" => "2019-07-02T20:41:23","version" => "1.73"}]},"HTML-Scrubber" => {"advisories" => [{"affected_versions" => ["<0.15"],"cves" => ["CVE-2015-5667"],"description" => "Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.\n","distribution" => "HTML-Scrubber","fixed_versions" => [">=0.15"],"id" => "CPANSA-HTML-Scrubber-2015-5667","references" => ["http://jvn.jp/en/jp/JVN53973084/index.html","http://jvndb.jvn.jp/jvndb/JVNDB-2015-000171","https://metacpan.org/release/HTML-Scrubber","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172997.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172983.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172934.html"],"reported" => "2015-10-31","severity" => undef}],"main_module" => "HTML::Scrubber","versions" => [{"date" => "2003-04-18T14:10:19","version" => "0.02"},{"date" => "2003-07-21T14:57:02","version" => "0.03"},{"date" => "2003-10-30T02:31:36","version" => "0.04"},{"date" => "2003-10-31T07:27:00","version" => "0.05"},{"date" => "2003-11-02T11:10:49","version" => "0.06"},{"date" => "2004-03-18T14:35:12","version" => "0.07"},{"date" => "2004-04-01T22:12:20","version" => "0.08"},{"date" => "2011-04-01T15:36:18","version" => "0.09"},{"date" => "2013-09-27T14:06:41","version" => "0.10"},{"date" => "2013-10-11T14:13:11","version" => "0.11"},{"date" => "2015-03-14T18:25:35","version" => "0.12"},{"date" => "2015-03-19T16:31:12","version" => "0.13"},{"date" => "2015-04-02T16:20:48","version" => "0.14"},{"date" => "2015-10-10T14:02:08","version" => "0.15"},{"date" => "2017-06-25T19:31:24","version" => "0.16"},{"date" => "2017-06-27T13:04:46","version" => "0.17"},{"date" => "2019-09-22T11:11:50","version" => "0.18"},{"date" => "2019-09-24T12:28:19","version" => "0.19"}]},"HTML-StripScripts" => {"advisories" => [{"affected_versions" => ["<=1.06"],"cves" => ["CVE-2023-24038"],"description" => "The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.\n","distribution" => "HTML-StripScripts","fixed_versions" => [],"id" => "CPANSA-HTML-StripScripts-2023-24038","references" => ["https://github.com/clintongormley/perl-html-stripscripts/issues/3","https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html","https://www.debian.org/security/2023/dsa-5339"],"reported" => "2023-01-21","severity" => "high"}],"main_module" => "HTML::StripScripts","versions" => [{"date" => "2003-03-30T10:08:51","version" => "0.01"},{"date" => "2003-07-25T18:13:42","version" => "0.02"},{"date" => "2004-04-27T16:45:34","version" => "0.03"},{"date" => "2007-05-28T11:57:07","version" => "0.90"},{"date" => "2007-05-28T12:31:03","version" => "0.99"},{"date" => "2007-05-29T13:15:46","version" => "0.991"},{"date" => "2007-06-05T12:44:56","version" => "1.00"},{"date" => "2007-10-22T14:30:52","version" => "1.01"},{"date" => "2007-10-22T15:47:44","version" => "1.02"},{"date" => "2007-10-22T17:21:36","version" => "1.03"},{"date" => "2007-11-16T17:53:46","version" => "1.04"},{"date" => "2009-11-05T10:25:59","version" => "1.05"},{"date" => "2016-05-12T09:44:35","version" => "1.06"}]},"HTML-Template-Pro" => {"advisories" => [{"affected_versions" => ["<0.9507"],"cves" => ["CVE-2011-4616"],"description" => "Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.\n","distribution" => "HTML-Template-Pro","fixed_versions" => [">=0.9507"],"id" => "CPANSA-HTML-Template-Pro-2011-4616","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587","http://openwall.com/lists/oss-security/2011/12/19/1","http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507","http://secunia.com/advisories/47184","http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes","http://www.securityfocus.com/bid/51117","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html"],"reported" => "2012-01-06","severity" => undef}],"main_module" => "HTML::Template::Pro","versions" => [{"date" => "2005-06-09T11:07:59","version" => "0.38"},{"date" => "2005-06-22T09:55:37","version" => "0.39"},{"date" => "2005-07-07T09:11:59","version" => "0.40"},{"date" => "2005-07-26T16:58:29","version" => "0.41"},{"date" => "2005-08-04T15:58:27","version" => "0.42"},{"date" => "2005-08-04T17:36:21","version" => "0.43"},{"date" => "2005-08-12T16:32:44","version" => "0.44"},{"date" => "2005-08-19T19:10:08","version" => "0.45"},{"date" => "2005-08-26T18:24:23","version" => "0.46"},{"date" => "2005-08-31T17:43:09","version" => "0.48"},{"date" => "2005-09-08T17:43:14","version" => "0.50"},{"date" => "2005-09-30T15:59:34","version" => "0.52"},{"date" => "2005-10-06T17:14:51","version" => "0.53"},{"date" => "2005-10-17T13:37:05","version" => "0.54"},{"date" => "2005-10-26T12:18:18","version" => "0.55"},{"date" => "2005-11-03T16:46:06","version" => "0.56"},{"date" => "2005-11-13T16:12:39","version" => "0.57"},{"date" => "2005-12-02T08:10:18","version" => "0.58"},{"date" => "2006-01-22T20:07:54","version" => "0.59"},{"date" => "2006-02-02T16:32:55","version" => "0.60"},{"date" => "2006-02-06T20:45:02","version" => "0.61"},{"date" => "2006-02-22T20:05:55","version" => "0.62"},{"date" => "2006-04-18T20:24:51","version" => "0.64"},{"date" => "2007-06-01T14:46:48","version" => "0.65"},{"date" => "2007-10-04T11:08:55","version" => "0.66"},{"date" => "2007-12-02T23:20:56","version" => "0.67"},{"date" => "2008-01-08T18:01:32","version" => "0.68"},{"date" => "2008-01-08T20:03:26","version" => "0.68"},{"date" => "2008-03-01T19:46:47","version" => "0.69"},{"date" => "2008-06-09T09:06:12","version" => "0.70"},{"date" => "2008-09-05T19:36:06","version" => "0.71"},{"date" => "2008-12-19T08:16:12","version" => "0.72"},{"date" => "2009-04-02T20:36:25","version" => "0.73"},{"date" => "2009-04-10T20:41:07","version" => "0.74"},{"date" => "2009-07-05T16:40:09","version" => "0.75"},{"date" => "2009-07-13T08:33:36","version" => "0.76"},{"date" => "2009-07-23T17:37:10","version" => "0.80"},{"date" => "2009-07-28T15:58:37","version" => "0.81"},{"date" => "2009-08-04T15:46:34","version" => "0.82"},{"date" => "2009-08-05T20:27:52","version" => "0.83"},{"date" => "2009-08-08T18:13:20","version" => "0.84"},{"date" => "2009-08-09T16:45:02","version" => "0.85"},{"date" => "2009-08-24T08:00:34","version" => "0.86"},{"date" => "2009-08-29T19:22:41","version" => "0.87"},{"date" => "2009-09-11T16:53:57","version" => "0.90"},{"date" => "2009-09-24T15:48:49","version" => "0.91"},{"date" => "2009-09-29T20:14:35","version" => "0.92"},{"date" => "2009-11-23T20:25:34","version" => "0.93"},{"date" => "2010-03-26T19:12:55","version" => "0.94"},{"date" => "2010-05-21T19:34:29","version" => "0.95"},{"date" => "2010-06-16T19:00:45","version" => "0.9501"},{"date" => "2010-06-24T18:50:34","version" => "0.9502"},{"date" => "2010-08-29T12:45:12","version" => "0.9503"},{"date" => "2010-09-29T07:16:03","version" => "0.9504"},{"date" => "2011-07-01T10:40:21","version" => "0.9505"},{"date" => "2011-10-04T20:31:16","version" => "0.9506"},{"date" => "2011-12-09T07:59:17","version" => "0.9507"},{"date" => "2011-12-26T21:57:41","version" => "0.9508"},{"date" => "2012-02-28T19:59:05","version" => "0.9509"},{"date" => "2013-05-13T08:40:09","version" => "0.9510"},{"date" => "2021-11-30T23:21:23","version" => "0.9520"},{"date" => "2021-12-02T07:27:12","version" => "0.9521"},{"date" => "2021-12-06T17:53:48","version" => "0.9522"},{"date" => "2021-12-15T09:50:03","version" => "0.9523"},{"date" => "2022-01-16T20:42:34","version" => "0.9524"}]},"HTTP-Body" => {"advisories" => [{"affected_versions" => [">=1.08,<1.23"],"cves" => ["CVE-2013-4407"],"description" => "HTTP::Body::Multipart in the HTTP-Body 1.08, 1.22, and earlier module for Perl uses the part of the uploaded file's name after the first \".\" character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.\n","distribution" => "HTTP-Body","fixed_versions" => [">=1.23"],"id" => "CPANSA-HTTP-Body-2013-4407","references" => ["https://www.openwall.com/lists/oss-security/2024/04/07/1","https://security-tracker.debian.org/tracker/CVE-2013-4407","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634"],"reported" => "2013-09-02","severity" => "moderate"}],"main_module" => "HTTP::Body","versions" => [{"date" => "2005-10-06T23:31:10","version" => "0.01"},{"date" => "2005-10-07T19:39:00","version" => "0.2"},{"date" => "2005-10-28T00:04:21","version" => "0.03"},{"date" => "2005-11-09T06:02:28","version" => "0.4"},{"date" => "2005-11-17T04:03:44","version" => "0.5"},{"date" => "2006-01-06T11:55:08","version" => "0.6"},{"date" => "2007-03-23T17:02:39","version" => "0.7"},{"date" => "2007-03-24T01:48:23","version" => "0.8"},{"date" => "2007-03-27T17:55:21","version" => "0.9"},{"date" => "2008-02-23T16:03:17","version" => "1.00"},{"date" => "2008-02-23T16:16:09","version" => "1.01"},{"date" => "2008-02-27T22:08:06","version" => "1.02"},{"date" => "2008-04-07T14:20:46","version" => "1.03"},{"date" => "2008-06-23T19:41:56","version" => "1.04"},{"date" => "2008-12-01T22:14:51","version" => "1.05"},{"date" => "2010-01-09T18:23:07","version" => "1.06"},{"date" => "2010-01-24T19:42:49","version" => "1.07"},{"date" => "2010-08-19T19:02:08","version" => "1.08"},{"date" => "2010-08-19T23:11:46","version" => "1.09"},{"date" => "2010-10-08T14:52:40","version" => "1.10"},{"date" => "2010-10-26T14:38:59","version" => "1.11"},{"date" => "2011-03-20T00:58:03","version" => "1.12"},{"date" => "2011-11-04T18:44:06","version" => "1.14"},{"date" => "2011-12-05T03:02:21","version" => "1.15"},{"date" => "2012-10-03T15:19:24","version" => "1.16"},{"date" => "2012-10-03T22:04:49","version" => "1.17"},{"date" => "2013-12-06T15:06:26","version" => "1.18"},{"date" => "2013-12-06T15:07:56","version" => "1.19"},{"date" => "2015-01-28T15:21:00","version" => "1.20"},{"date" => "2015-01-29T03:50:10","version" => "1.21"},{"date" => "2015-01-29T03:53:01","version" => "1.22"},{"date" => "2024-03-30T03:28:24","version" => "1.23"}]},"HTTP-Daemon" => {"advisories" => [{"affected_versions" => ["<6.15"],"cves" => ["CVE-2022-31081"],"description" => "HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my \$rqst = \$conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my \$cl = \$rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected.\n","distribution" => "HTTP-Daemon","fixed_versions" => [">=6.15"],"id" => "CPANSA-HTTP-Daemon-2022-31081","references" => ["https://github.com/libwww-perl/HTTP-Daemon/commit/e84475de51d6fd7b29354a997413472a99db70b2","https://github.com/libwww-perl/HTTP-Daemon/commit/8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0","https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn","https://datatracker.ietf.org/doc/html/rfc7230#section-9.5","https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf","http://metacpan.org/release/HTTP-Daemon/","https://cwe.mitre.org/data/definitions/444.html","https://github.com/libwww-perl/HTTP-Daemon/issues/56","https://github.com/NixOS/nixpkgs/pull/181632"],"reported" => "2022-06-27","severity" => "medium"}],"main_module" => "HTTP::Daemon","versions" => [{"date" => "2011-02-27T22:49:28","version" => "6.00"},{"date" => "2012-02-18T12:26:43","version" => "6.01"},{"date" => "2019-04-01T16:05:05","version" => "6.02"},{"date" => "2019-04-01T20:58:35","version" => "6.03"},{"date" => "2019-04-02T13:12:12","version" => "6.04"},{"date" => "2019-07-26T20:42:43","version" => "6.05"},{"date" => "2019-08-29T14:24:33","version" => "6.06"},{"date" => "2020-05-19T19:20:38","version" => "6.07"},{"date" => "2020-05-22T15:27:22","version" => "6.08"},{"date" => "2020-05-25T16:53:41","version" => "6.09"},{"date" => "2020-05-26T16:22:18","version" => "6.10"},{"date" => "2020-06-03T14:48:37","version" => "6.11"},{"date" => "2020-06-04T16:03:28","version" => "6.12"},{"date" => "2022-02-09T20:41:36","version" => "6.13"},{"date" => "2022-03-03T20:49:07","version" => "6.14"},{"date" => "2023-02-22T22:03:32","version" => "6.15"},{"date" => "2023-02-24T03:09:01","version" => "6.16"}]},"HTTP-Session2" => {"advisories" => [{"affected_versions" => ["<1.10"],"cves" => ["CVE-2018-25160"],"description" => "HTTP::Session2 1.09 does not validate session id, this causes RCE depending on the session store you use.\n","distribution" => "HTTP-Session2","fixed_versions" => [">=1.10"],"id" => "CPANSA-HTTP-Session2-2018-01","references" => ["https://metacpan.org/changes/distribution/HTTP-Session2","https://github.com/tokuhirom/HTTP-Session2/commit/813838f6d08034b6a265a70e53b59b941b5d3e6d"],"reported" => "2018-01-26","severity" => "critical"},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2026-3255"],"description" => "HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function.  The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand() function is unsuitable for cryptographic usage.  HTTP::Session2 after version 1.02 will attempt to use the /dev/urandom device to generate a session id, but if the device is unavailable (for example, under Windows), then it will revert to the insecure method described above.","distribution" => "HTTP-Session2","fixed_versions" => [">=1.12"],"id" => "CPANSA-HTTP-Session2-2026-3255","references" => ["https://github.com/tokuhirom/HTTP-Session2/commit/9cfde4d7e0965172aef5dcfa3b03bb48df93e636.patch","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.01/source/lib/HTTP/Session2/ServerStore.pm#L68","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.11/source/lib/HTTP/Session2/Random.pm#L35","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.12/changes","http://www.openwall.com/lists/oss-security/2026/02/27/12"],"reported" => "2026-02-27","severity" => undef}],"main_module" => "HTTP::Session2","versions" => [{"date" => "2013-10-28T03:20:09","version" => "0.01"},{"date" => "2013-10-30T00:17:21","version" => "0.02"},{"date" => "2013-10-31T01:21:27","version" => "0.03"},{"date" => "2013-11-01T01:10:52","version" => "0.04"},{"date" => "2014-03-18T18:53:09","version" => "0.05"},{"date" => "2014-07-28T04:10:11","version" => "1.00"},{"date" => "2014-07-28T11:44:05","version" => "1.01"},{"date" => "2014-07-31T21:17:23","version" => "1.02"},{"date" => "2014-08-01T11:04:00","version" => "1.03"},{"date" => "2014-08-01T11:10:56","version" => "1.04"},{"date" => "2014-08-01T11:20:46","version" => "1.05"},{"date" => "2014-08-01T14:04:04","version" => "1.06"},{"date" => "2014-08-01T14:08:11","version" => "1.07"},{"date" => "2014-08-03T07:23:00","version" => "1.08"},{"date" => "2014-09-01T02:26:38","version" => "1.09"},{"date" => "2018-01-26T05:02:08","version" => "1.10"},{"date" => "2026-02-25T16:30:30","version" => "1.11"},{"date" => "2026-02-26T14:47:32","version" => "1.12"}]},"HTTP-Tiny" => {"advisories" => [{"affected_versions" => ["<0.083"],"cves" => ["CVE-2023-31486"],"description" => "HTTP::Tiny v0.082, a Perl core module since v5.13.9 and available standalone on CPAN, does not verify TLS certs by default. Users must opt-in with the verify_SSL=>1 flag to verify certs when using HTTPS.\n\nResulting in a CWE-1188: Insecure Default Initialization of Resource weakness.\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.083"],"id" => "CPANSA-HTTP-Tiny-2023-31486","references" => ["https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://github.com/chansen/p5-http-tiny/issues/152","https://github.com/chansen/p5-http-tiny/pull/151","https://hackeriet.github.io/cpan-http-tiny-overview/","https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/","https://github.com/NixOS/nixpkgs/pull/187480","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089","https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92.patch","https://github.com/chansen/p5-http-tiny/issues/134","https://github.com/chansen/p5-http-tiny/issues/68"],"reported" => "2023-02-14"},{"affected_versions" => ["<0.059"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.059"],"id" => "CPANSA-HTTP-Tiny-2016-1238","references" => ["https://metacpan.org/changes/distribution/HTTP-Tiny","https://github.com/chansen/p5-http-tiny/commit/b239c95ea7a256cfee9b8848f1bd4d1df6e66444"],"reported" => "2016-07-29"},{"affected_versions" => ["<0.039"],"cves" => [],"description" => "Temporary file creating during mirror()  not opened exclusively.\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.039"],"id" => "CPANSA-HTTP-Tiny-2013-01","references" => ["https://metacpan.org/dist/HTTP-Tiny/changes"],"reported" => "2013-11-27"}],"main_module" => "HTTP::Tiny","versions" => [{"date" => "2010-12-11T12:59:31","version" => "0.001"},{"date" => "2010-12-14T02:59:37","version" => "0.002"},{"date" => "2010-12-15T17:30:49","version" => "0.003"},{"date" => "2010-12-16T03:53:33","version" => "0.004"},{"date" => "2011-01-08T11:32:21","version" => "0.005"},{"date" => "2011-01-10T12:27:39","version" => "0.006"},{"date" => "2011-01-12T09:56:28","version" => "0.007"},{"date" => "2011-01-14T11:34:51","version" => "0.008"},{"date" => "2011-01-17T21:29:27","version" => "0.009"},{"date" => "2011-02-04T07:45:53","version" => "0.010"},{"date" => "2011-03-20T00:49:53","version" => "0.011"},{"date" => "2011-03-31T19:49:33","version" => "0.012"},{"date" => "2011-07-18T03:15:12","version" => "0.013"},{"date" => "2011-10-20T17:55:01","version" => "0.014"},{"date" => "2011-10-26T20:42:15","version" => "0.015"},{"date" => "2011-10-27T03:06:06","version" => "0.016"},{"date" => "2012-02-23T02:58:42","version" => "0.017"},{"date" => "2012-04-18T13:41:15","version" => "0.018"},{"date" => "2012-05-14T11:15:52","version" => "0.019"},{"date" => "2012-05-14T19:25:57","version" => "0.020"},{"date" => "2012-05-16T02:39:55","version" => "0.021"},{"date" => "2012-06-02T03:32:21","version" => "0.022"},{"date" => "2012-09-19T16:06:37","version" => "0.023"},{"date" => "2012-10-10T00:45:59","version" => "0.024"},{"date" => "2012-12-26T17:11:23","version" => "0.025"},{"date" => "2013-03-05T03:54:12","version" => "0.026"},{"date" => "2013-03-05T17:04:07","version" => "0.027"},{"date" => "2013-03-05T19:13:42","version" => "0.028"},{"date" => "2013-04-17T17:51:23","version" => "0.029"},{"date" => "2013-06-13T15:47:33","version" => "0.030"},{"date" => "2013-06-17T03:18:45","version" => "0.031"},{"date" => "2013-06-20T15:42:26","version" => "0.032"},{"date" => "2013-06-21T10:27:45","version" => "0.033"},{"date" => "2013-06-26T23:03:50","version" => "0.034"},{"date" => "2013-09-10T16:30:04","version" => "0.035"},{"date" => "2013-09-25T16:11:04","version" => "0.036"},{"date" => "2013-10-28T17:50:02","version" => "0.037"},{"date" => "2013-11-18T17:57:17","version" => "0.038"},{"date" => "2013-11-28T00:49:36","version" => "0.039"},{"date" => "2014-02-17T18:05:10","version" => "0.040"},{"date" => "2014-02-17T18:09:12","version" => "0.041"},{"date" => "2014-02-18T16:24:50","version" => "0.042"},{"date" => "2014-02-21T01:42:05","version" => "0.043"},{"date" => "2014-07-17T03:47:41","version" => "0.044"},{"date" => "2014-07-20T23:24:33","version" => "0.045"},{"date" => "2014-07-21T14:33:53","version" => "0.046"},{"date" => "2014-07-29T18:13:01","version" => "0.047"},{"date" => "2014-08-21T17:20:45","version" => "0.048"},{"date" => "2014-09-02T15:21:17","version" => "0.049"},{"date" => "2014-09-23T19:32:00","version" => "0.050"},{"date" => "2014-11-18T03:59:56","version" => "0.051"},{"date" => "2014-12-11T20:25:19","version" => "0.052"},{"date" => "2014-12-12T04:43:37","version" => "0.053"},{"date" => "2015-01-27T12:18:58","version" => "0.054"},{"date" => "2015-05-07T22:15:24","version" => "0.055"},{"date" => "2015-05-19T10:01:27","version" => "0.056"},{"date" => "2016-04-18T14:19:09","version" => "0.057"},{"date" => "2016-05-03T17:49:33","version" => "0.058"},{"date" => "2016-07-29T20:12:12","version" => "0.059"},{"date" => "2016-08-05T16:12:02","version" => "0.061"},{"date" => "2016-08-08T16:20:33","version" => "0.063"},{"date" => "2016-08-17T01:43:01","version" => "0.064"},{"date" => "2016-09-10T02:43:48","version" => "0.065"},{"date" => "2016-09-14T15:45:04","version" => "0.067"},{"date" => "2016-09-23T20:15:05","version" => "0.068"},{"date" => "2016-10-05T15:37:11","version" => "0.069"},{"date" => "2016-10-10T03:25:33","version" => "0.070"},{"date" => "2018-07-24T15:35:02","version" => "0.073"},{"date" => "2018-07-30T19:37:29","version" => "0.074"},{"date" => "2018-08-01T11:10:11","version" => "0.075"},{"date" => "2018-08-06T01:09:54","version" => "0.076"},{"date" => "2021-07-22T17:08:36","version" => "0.077"},{"date" => "2021-08-02T13:26:31","version" => "0.078"},{"date" => "2021-11-04T16:34:59","version" => "0.079"},{"date" => "2021-11-05T12:17:42","version" => "0.080"},{"date" => "2022-07-17T13:02:38","version" => "0.081"},{"date" => "2022-07-25T13:47:22","version" => "0.082"},{"date" => "2023-06-11T11:06:38","version" => "0.083"},{"date" => "2023-06-14T10:35:44","version" => "0.084"},{"date" => "2023-06-22T14:07:29","version" => "0.086"},{"date" => "2023-07-11T12:54:02","version" => "0.088"},{"date" => "2024-10-21T07:38:21","version" => "0.089"},{"date" => "2024-11-12T10:52:55","version" => "0.090"},{"date" => "2025-12-13T05:27:26","version" => "0.091"},{"date" => "2025-12-27T19:51:28","version" => "0.092"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.054_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "0.056_001"}]},"HarfBuzz-Shaper" => {"advisories" => [{"affected_versions" => ["<0.032"],"cves" => ["CVE-2026-0943"],"description" => "HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.\x{a0}  Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.","distribution" => "HarfBuzz-Shaper","embedded_vulnerability" => {"distributed_version" => "8.4.0","name" => "harfbuzz"},"fixed_versions" => [">=0.032"],"id" => "CPANSA-HarfBuzz-Shaper-2026-0943","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=2429296","https://metacpan.org/release/JV/HarfBuzz-Shaper-0.032/changes","https://www.cve.org/CVERecord?id=CVE-2026-22693"],"reported" => "2026-01-19","severity" => undef},{"affected_versions" => [">0.017.1,<0.018.1"],"cves" => ["CVE-0000-0000"],"description" => "When debug messaging is enabled using hb_buffer_set_message_func, a maliciously crafted font can trigger a buffer overflow using a complicated sequence lookup, leading to unauthorised overwriting of other data.","distribution" => "HarfBuzz-Shaper","fixed_versions" => [],"id" => "CPANSA-HarfBuzz-Shaper-0000-0000-harfbuzz","references" => ["https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-p965-5rr7-9mhq"],"reported" => undef,"severity" => undef}],"main_module" => "HarfBuzz::Shaper","versions" => [{"date" => "2020-01-25T20:50:26","version" => "0.01"},{"date" => "2020-01-25T21:11:12","version" => "0.011"},{"date" => "2020-01-26T11:27:35","version" => "0.012"},{"date" => "2020-01-26T18:54:44","version" => "0.013"},{"date" => "2020-01-26T20:44:49","version" => "0.014"},{"date" => "2020-01-26T21:23:20","version" => "0.015"},{"date" => "2020-01-27T11:11:25","version" => "0.016"},{"date" => "2020-01-29T20:06:05","version" => "0.017"},{"date" => "2020-01-29T22:48:07","version" => "v0.017.1"},{"date" => "2020-01-30T08:56:56","version" => "0.018"},{"date" => "2020-01-30T23:01:26","version" => "v0.018.1"},{"date" => "2020-01-31T08:41:35","version" => "v0.018.2"},{"date" => "2020-01-31T14:42:22","version" => "v0.018.3"},{"date" => "2020-02-02T09:24:58","version" => "v0.018.4"},{"date" => "2020-02-06T15:32:38","version" => "0.019"},{"date" => "2020-02-07T08:52:42","version" => "0.020"},{"date" => "2020-02-08T21:13:09","version" => "0.021"},{"date" => "2020-06-05T11:33:14","version" => "0.022"},{"date" => "2020-07-11T20:50:43","version" => "0.023"},{"date" => "2021-04-12T09:07:33","version" => "0.024"},{"date" => "2021-12-24T07:18:44","version" => "0.025"},{"date" => "2022-01-07T19:55:32","version" => "0.026"},{"date" => "2024-05-07T12:06:56","version" => "0.027"},{"date" => "2025-01-29T09:03:21","version" => "0.028"},{"date" => "2025-01-30T05:18:06","version" => "0.029"},{"date" => "2025-01-31T14:13:59","version" => "0.030"},{"date" => "2025-01-31T19:34:57","version" => "0.031"},{"date" => "2026-01-14T23:19:07","version" => "0.032"},{"date" => "2026-01-19T21:24:52","version" => "0.033"}]},"IO-Compress" => {"advisories" => [{"affected_versions" => ["<2.070"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "IO-Compress","fixed_versions" => [">=2.070"],"id" => "CPANSA-IO-Compress-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "IO::Compress","versions" => [{"date" => "2009-04-04T09:49:11","version" => "2.017"},{"date" => "2009-05-03T16:27:20","version" => "2.018"},{"date" => "2009-05-04T09:43:44","version" => "2.019"},{"date" => "2009-06-03T17:48:41","version" => "2.020"},{"date" => "2009-08-30T20:27:02","version" => "2.021"},{"date" => "2009-10-09T21:56:08","version" => "2.022"},{"date" => "2009-11-09T23:43:07","version" => "2.023"},{"date" => "2010-01-09T17:56:46","version" => "2.024"},{"date" => "2010-03-28T12:57:23","version" => "2.025"},{"date" => "2010-04-07T19:51:37","version" => "2.026"},{"date" => "2010-04-24T19:16:06","version" => "2.027"},{"date" => "2010-07-24T14:46:19","version" => "2.030"},{"date" => "2011-01-06T11:24:01","version" => "2.032"},{"date" => "2011-01-11T14:03:58","version" => "2.033"},{"date" => "2011-05-02T21:50:29","version" => "2.034"},{"date" => "2011-05-07T08:32:12","version" => "2.035"},{"date" => "2011-06-18T21:45:50","version" => "2.036"},{"date" => "2011-06-22T07:19:49","version" => "2.037"},{"date" => "2011-10-28T14:28:46","version" => "2.039"},{"date" => "2011-10-28T22:20:49","version" => "2.040"},{"date" => "2011-11-17T23:45:33","version" => "2.042"},{"date" => "2011-11-20T21:34:13","version" => "2.043"},{"date" => "2011-12-03T22:49:21","version" => "2.044"},{"date" => "2011-12-04T19:21:48","version" => "2.045"},{"date" => "2011-12-18T22:38:32","version" => "2.046"},{"date" => "2012-01-28T23:28:39","version" => "2.047"},{"date" => "2012-01-29T17:00:45","version" => "2.048"},{"date" => "2012-02-18T15:58:24","version" => "2.049"},{"date" => "2012-04-29T12:42:10","version" => "2.052"},{"date" => "2012-08-05T20:37:36","version" => "2.055"},{"date" => "2012-11-10T19:09:13","version" => "2.057"},{"date" => "2012-11-12T22:15:00","version" => "2.058"},{"date" => "2012-12-15T13:41:23","version" => "2.059"},{"date" => "2013-01-07T20:02:34","version" => "2.060"},{"date" => "2013-05-27T09:55:05","version" => "2.061"},{"date" => "2013-08-12T19:08:16","version" => "2.062"},{"date" => "2013-11-02T17:15:29","version" => "2.063"},{"date" => "2014-02-01T23:21:32","version" => "2.064"},{"date" => "2014-09-21T12:42:45","version" => "2.066"},{"date" => "2014-12-08T15:14:06","version" => "2.067"},{"date" => "2014-12-23T17:46:25","version" => "2.068"},{"date" => "2015-09-26T18:42:09","version" => "2.069"},{"date" => "2016-12-28T23:09:27","version" => "2.070"},{"date" => "2017-02-12T20:41:37","version" => "2.072"},{"date" => "2017-02-19T20:37:27","version" => "2.073"},{"date" => "2017-02-19T22:11:53","version" => "2.074"},{"date" => "2018-04-03T18:22:13","version" => "2.080"},{"date" => "2018-04-08T15:03:07","version" => "2.081"},{"date" => "2018-12-30T22:40:20","version" => "2.083"},{"date" => "2019-01-06T08:57:26","version" => "2.084"},{"date" => "2019-03-31T19:16:41","version" => "2.086"},{"date" => "2019-08-10T18:12:14","version" => "2.087"},{"date" => "2019-11-03T09:29:00","version" => "2.088"},{"date" => "2019-11-03T19:54:15","version" => "2.089"},{"date" => "2019-11-09T16:00:26","version" => "2.090"},{"date" => "2019-11-23T19:44:59","version" => "2.091"},{"date" => "2019-12-04T22:10:26","version" => "2.092"},{"date" => "2019-12-07T16:05:46","version" => "2.093"},{"date" => "2020-07-14T15:32:09","version" => "2.094"},{"date" => "2020-07-20T19:25:09","version" => "2.095"},{"date" => "2020-07-31T20:53:32","version" => "2.096"},{"date" => "2021-01-07T13:57:52","version" => "2.100"},{"date" => "2021-02-20T14:25:27","version" => "2.101"},{"date" => "2021-02-28T08:57:41","version" => "2.102"},{"date" => "2022-04-03T19:50:28","version" => "2.103"},{"date" => "2022-04-09T15:43:24","version" => "2.104"},{"date" => "2022-04-09T21:36:46","version" => "2.105"},{"date" => "2022-04-12T16:10:04","version" => "2.106"},{"date" => "2022-06-25T09:04:18","version" => "2.201"},{"date" => "2023-02-08T21:49:30","version" => "2.204"},{"date" => "2023-07-16T19:41:51","version" => "2.205"},{"date" => "2023-07-25T15:56:21","version" => "2.206"},{"date" => "2024-02-18T22:20:49","version" => "2.207"},{"date" => "2024-03-31T15:17:06","version" => "2.208"},{"date" => "2024-04-06T13:44:44","version" => "2.211"},{"date" => "2024-04-27T12:55:39","version" => "2.212"},{"date" => "2024-08-28T15:36:27","version" => "2.213"},{"date" => "2025-10-24T16:29:27","version" => "2.214"},{"date" => "2026-01-30T17:09:53","version" => "2.215"},{"date" => "2026-01-30T22:29:53","version" => "2.216"},{"date" => "2026-02-01T11:12:56","version" => "2.217"},{"date" => "2026-03-08T15:13:32","version" => "2.218"},{"date" => "2026-03-09T13:58:06","version" => "2.219"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => undef}]},"IO-Compress-Brotli" => {"advisories" => [{"affected_versions" => [">=0.002,<=0.002001"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => [">=0.002_002,<=0.003"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => [">=0.003_001,<=0.004"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => ["==0.004001"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => ["==0.004_002"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"}],"main_module" => "IO::Compress::Brotli","versions" => [{"date" => "2015-12-31T19:03:44","version" => "0.001"},{"date" => "2016-01-01T09:33:21","version" => "0.001001"},{"date" => "2016-08-27T23:37:42","version" => "0.002"},{"date" => "2016-09-08T22:12:55","version" => "0.002001"},{"date" => "2017-09-09T17:15:27","version" => "0.002_002"},{"date" => "2017-09-16T20:41:00","version" => "0.003"},{"date" => "2017-09-23T19:24:01","version" => "0.003_001"},{"date" => "2017-10-14T17:57:14","version" => "0.003_002"},{"date" => "2017-10-28T19:51:35","version" => "0.004"},{"date" => "2018-05-19T19:01:07","version" => "0.004001"},{"date" => "2019-06-11T13:08:10","version" => "0.004_002"},{"date" => "2023-10-22T02:32:43","version" => "0.005"},{"date" => "2023-10-25T01:07:09","version" => "0.006"},{"date" => "2023-10-26T23:39:09","version" => "0.007"},{"date" => "2023-10-27T20:59:46","version" => "0.008"},{"date" => "2023-10-28T01:38:26","version" => "0.009"},{"date" => "2023-10-28T13:52:29","version" => "0.010"},{"date" => "2023-10-29T00:01:12","version" => "0.011"},{"date" => "2023-10-29T12:50:49","version" => "0.012"},{"date" => "2023-10-29T16:08:16","version" => "0.013"},{"date" => "2023-10-29T22:30:42","version" => "0.014"},{"date" => "2023-10-30T20:23:25","version" => "0.015"},{"date" => "2023-10-31T01:19:01","version" => "0.016"},{"date" => "2023-10-31T19:55:10","version" => "0.017"},{"date" => "2023-10-31T23:58:30","version" => "0.018"},{"date" => "2024-11-30T18:35:29","version" => "0.019"},{"date" => "2025-11-18T03:02:17","version" => "0.020"}]},"IO-Socket-SSL" => {"advisories" => [{"affected_versions" => ["<=1.35"],"cves" => ["CVE-2010-4334"],"description" => "The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.\n","distribution" => "IO-Socket-SSL","fixed_versions" => [">1.35"],"id" => "CPANSA-IO-Socket-SSL-2010-4334","references" => ["http://osvdb.org/69626","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058","http://www.securityfocus.com/bid/45189","http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes","http://secunia.com/advisories/42508","http://secunia.com/advisories/42757","http://www.openwall.com/lists/oss-security/2010/12/09/8","http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052594.html","http://www.openwall.com/lists/oss-security/2010/12/24/1","http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052601.html","http://www.mandriva.com/security/advisories?name=MDVSA-2011:092"],"reported" => "2011-01-14","severity" => undef},{"affected_versions" => [">=1.14","<=1.25"],"cves" => ["CVE-2009-3024"],"description" => "The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.\n","distribution" => "IO-Socket-SSL","fixed_versions" => [">=1.26"],"id" => "CPANSA-IO-Socket-SSL-2009-3024","references" => ["http://www.openwall.com/lists/oss-security/2009/08/31/4","http://www.openwall.com/lists/oss-security/2009/08/28/1","http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.30/Changes","http://www.openwall.com/lists/oss-security/2009/08/29/1","http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html","http://www.vupen.com/english/advisories/2011/0118","http://www.gentoo.org/security/en/glsa/glsa-201101-06.xml","http://secunia.com/advisories/42893"],"reported" => "2009-08-31","severity" => undef}],"main_module" => "IO::Socket::SSL","versions" => [{"date" => "1999-06-18T14:54:49","version" => "0.70"},{"date" => "1999-07-21T19:45:05","version" => "0.72"},{"date" => "1999-07-29T17:28:04","version" => "0.73"},{"date" => "2000-07-04T11:46:51","version" => "0.74"},{"date" => "2000-08-08T06:59:10","version" => "0.75"},{"date" => "2000-11-17T14:26:45","version" => "0.76"},{"date" => "2001-01-15T13:57:06","version" => "0.77"},{"date" => "2001-04-24T07:00:38","version" => "0.78"},{"date" => "2001-06-04T08:01:01","version" => "0.79"},{"date" => "2001-08-19T08:28:53","version" => "0.80"},{"date" => "2002-04-10T12:43:43","version" => "0.81"},{"date" => "2002-08-13T21:42:55","version" => "0.90"},{"date" => "2002-08-19T15:28:09","version" => "0.901"},{"date" => "2002-09-01T01:13:14","version" => "0.91"},{"date" => "2002-10-22T06:15:30","version" => "0.92"},{"date" => "2003-06-24T19:24:37","version" => "0.93"},{"date" => "2003-06-26T19:41:04","version" => "0.94"},{"date" => "2003-08-25T22:47:30","version" => "0.95"},{"date" => "2004-04-30T17:43:07","version" => "0.96"},{"date" => "2005-07-17T09:20:02","version" => "0.97"},{"date" => "2006-06-12T14:37:33","version" => "0.98"},{"date" => "2006-06-12T14:48:30","version" => "0.98"},{"date" => "2006-07-17T15:05:06","version" => "0.99"},{"date" => "2006-07-18T13:33:27","version" => "0.99"},{"date" => "2006-07-20T05:59:15","version" => "0.99"},{"date" => "2006-07-20T08:35:45","version" => "0.99"},{"date" => "2006-07-24T14:27:43","version" => "0.99"},{"date" => "2006-08-02T07:30:04","version" => "0.99"},{"date" => "2006-08-02T07:37:59","version" => "0.99"},{"date" => "2006-08-02T20:43:25","version" => "0.99"},{"date" => "2006-08-11T10:01:10","version" => "0.99"},{"date" => "2006-08-15T20:22:28","version" => "0.99"},{"date" => "2006-09-12T14:16:38","version" => "0.99"},{"date" => "2006-09-13T11:10:06","version" => "0.99"},{"date" => "2006-12-01T09:57:52","version" => "0.99"},{"date" => "2007-03-06T18:12:09","version" => "0.99"},{"date" => "2007-03-28T19:06:21","version" => "0.99"},{"date" => "2007-04-16T19:35:58","version" => "0.99"},{"date" => "2007-04-30T07:45:00","version" => "0.99"},{"date" => "2007-06-03T19:46:51","version" => "0.99"},{"date" => "2007-06-06T13:59:06","version" => "0.99"},{"date" => "2007-08-10T09:07:39","version" => "0.99"},{"date" => "2007-09-13T19:40:43","version" => "0.99"},{"date" => "2007-10-09T21:18:11","version" => "0.99"},{"date" => "2007-10-10T18:49:29","version" => "0.99"},{"date" => "2007-10-26T06:29:26","version" => "0.99"},{"date" => "2008-01-11T17:59:06","version" => "0.99"},{"date" => "2008-01-28T06:44:08","version" => "0.99"},{"date" => "2008-02-22T09:07:12","version" => "0.99"},{"date" => "2008-02-24T09:42:37","version" => "0.99"},{"date" => "2008-02-25T21:18:02","version" => "0.99"},{"date" => "2008-03-10T08:46:06","version" => "0.99"},{"date" => "2008-07-16T09:27:07","version" => "0.99"},{"date" => "2008-08-28T20:03:28","version" => "0.99"},{"date" => "2008-09-19T06:34:13","version" => "0.99"},{"date" => "2008-09-19T16:54:30","version" => "0.99"},{"date" => "2008-09-24T07:52:48","version" => "0.99"},{"date" => "2008-09-25T09:24:39","version" => "0.99"},{"date" => "2008-10-13T09:06:13","version" => "0.99"},{"date" => "2008-11-17T17:21:39","version" => "0.99"},{"date" => "2008-12-31T14:47:59","version" => "0.99"},{"date" => "2009-01-15T20:52:54","version" => "0.99"},{"date" => "2009-01-22T20:59:47","version" => "0.99"},{"date" => "2009-01-24T06:34:00","version" => "0.99"},{"date" => "2009-02-23T09:59:39","version" => "1.23"},{"date" => "2009-04-01T08:02:14","version" => "1.24"},{"date" => "2009-07-02T18:15:35","version" => "1.25"},{"date" => "2009-07-03T07:36:23","version" => "1.26"},{"date" => "2009-07-24T06:37:32","version" => "1.27"},{"date" => "2009-08-19T10:46:35","version" => "1.28"},{"date" => "2009-08-19T10:54:30","version" => "1.29"},{"date" => "2009-08-19T14:41:37","version" => "1.30"},{"date" => "2009-09-01T07:44:10","version" => "1.30_2"},{"date" => "2009-09-02T05:57:30","version" => "1.30_3"},{"date" => "2009-09-25T19:10:53","version" => "1.31"},{"date" => "2010-02-22T09:39:43","version" => "1.32"},{"date" => "2010-03-17T12:53:27","version" => "1.33"},{"date" => "2010-11-01T08:55:36","version" => "1.34"},{"date" => "2010-12-06T08:16:23","version" => "1.35"},{"date" => "2010-12-08T19:28:31","version" => "1.36"},{"date" => "2010-12-09T08:38:47","version" => "1.37"},{"date" => "2011-01-18T08:45:03","version" => "1.38"},{"date" => "2011-03-03T11:39:29","version" => "1.39"},{"date" => "2011-05-02T10:32:52","version" => "1.40"},{"date" => "2011-05-10T05:14:22","version" => "1.41"},{"date" => "2011-05-10T14:15:57","version" => "1.42"},{"date" => "2011-05-11T08:23:15","version" => "1.43"},{"date" => "2011-05-12T19:35:25","version" => "1.43_1"},{"date" => "2011-05-27T11:46:14","version" => "1.44"},{"date" => "2011-10-13T08:42:32","version" => "1.45"},{"date" => "2011-10-18T06:30:07","version" => "1.46"},{"date" => "2011-10-21T07:09:03","version" => "1.47"},{"date" => "2011-10-26T16:35:42","version" => "1.48"},{"date" => "2011-10-28T08:26:49","version" => "1.49"},{"date" => "2011-12-06T21:14:17","version" => "1.50"},{"date" => "2011-12-06T21:25:05","version" => "1.51"},{"date" => "2011-12-07T08:12:01","version" => "1.52"},{"date" => "2011-12-11T21:45:13","version" => "1.53"},{"date" => "2012-01-11T08:15:23","version" => "1.54"},{"date" => "2012-02-20T06:49:04","version" => "1.55"},{"date" => "2012-02-22T15:49:39","version" => "1.56"},{"date" => "2012-02-26T21:57:54","version" => "1.57"},{"date" => "2012-02-26T22:09:30","version" => "1.58"},{"date" => "2012-03-08T10:44:05","version" => "1.59"},{"date" => "2012-03-20T18:59:41","version" => "1.60"},{"date" => "2012-03-27T14:34:36","version" => "1.61"},{"date" => "2012-03-28T05:53:19","version" => "1.62"},{"date" => "2012-04-06T20:33:58","version" => "1.63"},{"date" => "2012-04-06T21:04:54","version" => "1.64"},{"date" => "2012-04-16T16:51:54","version" => "1.65"},{"date" => "2012-04-16T18:52:52","version" => "1.66"},{"date" => "2012-05-07T09:39:11","version" => "1.67"},{"date" => "2012-05-07T13:01:38","version" => "1.68"},{"date" => "2012-05-08T08:24:35","version" => "1.69"},{"date" => "2012-05-08T09:18:24","version" => "1.70"},{"date" => "2012-05-09T08:41:48","version" => "1.71"},{"date" => "2012-05-10T11:10:15","version" => "1.72"},{"date" => "2012-05-11T19:29:42","version" => "1.73"},{"date" => "2012-05-13T15:19:26","version" => "1.74"},{"date" => "2012-06-07T17:42:47","version" => "1.74_1"},{"date" => "2012-06-07T21:59:28","version" => "1.74_2"},{"date" => "2012-06-15T12:42:21","version" => "1.75"},{"date" => "2012-06-18T06:20:09","version" => "1.76"},{"date" => "2012-10-05T05:36:56","version" => "1.77"},{"date" => "2012-11-25T14:08:27","version" => "1.78"},{"date" => "2012-11-25T15:50:09","version" => "1.79"},{"date" => "2012-11-30T07:47:23","version" => "1.80"},{"date" => "2012-12-06T09:14:04","version" => "1.81"},{"date" => "2013-01-28T07:41:50","version" => "1.82"},{"date" => "2013-02-03T19:04:27","version" => "1.83"},{"date" => "2013-02-14T08:05:20","version" => "1.831"},{"date" => "2013-02-15T20:48:12","version" => "1.84"},{"date" => "2013-04-14T08:59:30","version" => "1.85"},{"date" => "2013-04-17T11:31:18","version" => "1.86"},{"date" => "2013-04-24T18:16:01","version" => "1.87"},{"date" => "2013-05-02T05:59:47","version" => "1.88"},{"date" => "2013-05-14T13:36:49","version" => "1.89"},{"date" => "2013-05-29T18:58:35","version" => "1.90"},{"date" => "2013-05-30T09:36:07","version" => "1.91"},{"date" => "2013-05-30T19:20:11","version" => "1.92"},{"date" => "2013-05-31T06:14:58","version" => "1.93"},{"date" => "2013-06-01T12:46:14","version" => "1.94"},{"date" => "2013-07-03T08:44:53","version" => "1.950"},{"date" => "2013-07-03T10:02:42","version" => "1.951"},{"date" => "2013-07-11T20:14:18","version" => "1.952"},{"date" => "2013-07-22T06:34:31","version" => "1.953"},{"date" => "2013-09-15T13:05:33","version" => "1.954"},{"date" => "2013-10-11T16:54:45","version" => "1.955"},{"date" => "2013-11-10T18:00:08","version" => "1.956"},{"date" => "2013-11-11T08:42:30","version" => "1.957"},{"date" => "2013-11-11T18:28:16","version" => "1.958"},{"date" => "2013-11-12T15:39:42","version" => "1.959"},{"date" => "2013-11-13T00:10:43","version" => "1.960"},{"date" => "2013-11-26T14:47:11","version" => "1.961"},{"date" => "2013-11-27T21:19:25","version" => "1.962"},{"date" => "2014-01-13T13:05:48","version" => "1.963"},{"date" => "2014-01-15T11:36:49","version" => "1.964"},{"date" => "2014-01-16T19:11:32","version" => "1.965"},{"date" => "2014-01-21T16:53:39","version" => "1.966"},{"date" => "2014-02-06T22:06:14","version" => "1.967"},{"date" => "2014-03-13T06:38:27","version" => "1.968"},{"date" => "2014-03-16T16:41:39","version" => "1.969"},{"date" => "2014-03-19T05:04:51","version" => "1.970"},{"date" => "2014-03-22T19:54:06","version" => "1.971"},{"date" => "2014-03-23T06:48:23","version" => "1.972"},{"date" => "2014-03-26T07:10:22","version" => "1.973"},{"date" => "2014-04-02T06:53:53","version" => "1.974"},{"date" => "2014-04-02T10:14:38","version" => "1.975"},{"date" => "2014-04-04T04:36:04","version" => "1.976"},{"date" => "2014-04-04T13:25:28","version" => "1.977"},{"date" => "2014-04-04T14:21:32","version" => "1.978"},{"date" => "2014-04-06T06:24:29","version" => "1.979"},{"date" => "2014-04-08T01:25:10","version" => "1.980"},{"date" => "2014-04-08T11:09:59","version" => "1.981"},{"date" => "2014-04-24T20:14:47","version" => "1.982"},{"date" => "2014-04-27T12:02:16","version" => "1.982_1"},{"date" => "2014-05-04T08:03:37","version" => "1.983"},{"date" => "2014-05-10T13:11:17","version" => "1.984"},{"date" => "2014-05-15T06:30:28","version" => "1.985"},{"date" => "2014-05-16T17:41:46","version" => "1.986"},{"date" => "2014-05-17T15:03:37","version" => "1.987"},{"date" => "2014-05-17T22:15:10","version" => "1.988"},{"date" => "2014-05-24T08:16:00","version" => "1.989"},{"date" => "2014-05-26T05:46:04","version" => "1.989_1"},{"date" => "2014-05-27T11:00:11","version" => "1.990"},{"date" => "2014-05-27T19:43:31","version" => "1.991"},{"date" => "2014-06-01T21:47:49","version" => "1.992"},{"date" => "2014-06-13T20:45:52","version" => "1.993"},{"date" => "2014-06-22T09:53:11","version" => "1.994"},{"date" => "2014-07-11T21:50:48","version" => "1.995"},{"date" => "2014-07-12T11:49:12","version" => "1.996"},{"date" => "2014-07-12T17:24:04","version" => "1.997"},{"date" => "2014-09-07T14:59:47","version" => "1.998"},{"date" => "2014-10-09T19:56:19","version" => "1.999"},{"date" => "2014-10-16T05:05:11","version" => "2.000"},{"date" => "2014-10-21T09:46:39","version" => "2.001"},{"date" => "2014-10-21T21:00:54","version" => "2.002"},{"date" => "2014-11-14T20:12:08","version" => "2.003"},{"date" => "2014-11-15T10:05:06","version" => "2.004"},{"date" => "2014-11-15T10:14:17","version" => "2.004_1"},{"date" => "2014-11-15T16:29:13","version" => "2.005"},{"date" => "2014-11-15T16:34:37","version" => "2.005_1"},{"date" => "2014-11-22T20:51:08","version" => "2.006"},{"date" => "2014-11-26T22:00:05","version" => "2.007"},{"date" => "2014-12-16T06:36:16","version" => "2.008"},{"date" => "2015-01-12T10:48:21","version" => "2.009"},{"date" => "2015-01-14T20:13:41","version" => "2.010"},{"date" => "2015-02-01T16:00:22","version" => "2.011"},{"date" => "2015-02-02T07:46:57","version" => "2.012"},{"date" => "2015-05-01T15:39:14","version" => "2.013"},{"date" => "2015-05-05T06:31:37","version" => "2.014"},{"date" => "2015-05-13T20:43:55","version" => "2.015"},{"date" => "2015-05-26T21:15:38","version" => "2.015_001"},{"date" => "2015-05-27T05:39:14","version" => "2.015_002"},{"date" => "2015-05-27T17:24:09","version" => "2.015_003"},{"date" => "2015-05-28T07:07:25","version" => "2.015_004"},{"date" => "2015-05-29T06:01:37","version" => "2.015_005"},{"date" => "2015-06-02T19:35:20","version" => "2.015_006"},{"date" => "2015-06-02T20:41:45","version" => "2.016"},{"date" => "2015-06-04T14:38:29","version" => "2.016_001"},{"date" => "2015-06-14T17:05:06","version" => "2.016_002"},{"date" => "2015-08-24T15:45:30","version" => "2.017"},{"date" => "2015-08-27T11:31:55","version" => "2.018"},{"date" => "2015-09-01T05:32:47","version" => "2.019"},{"date" => "2015-09-20T10:33:59","version" => "2.020"},{"date" => "2015-12-02T19:55:29","version" => "2.021"},{"date" => "2015-12-10T07:12:46","version" => "2.022"},{"date" => "2016-01-30T11:12:14","version" => "2.023"},{"date" => "2016-02-06T19:38:18","version" => "2.024"},{"date" => "2016-04-04T07:23:02","version" => "2.025"},{"date" => "2016-04-20T06:11:37","version" => "2.026"},{"date" => "2016-04-20T14:22:50","version" => "2.027"},{"date" => "2016-06-27T14:22:02","version" => "2.028"},{"date" => "2016-06-27T15:53:16","version" => "2.029"},{"date" => "2016-07-08T08:53:04","version" => "2.030"},{"date" => "2016-07-08T11:40:31","version" => "2.031"},{"date" => "2016-07-12T13:12:57","version" => "2.032"},{"date" => "2016-07-15T09:00:38","version" => "2.033"},{"date" => "2016-08-08T08:19:05","version" => "2.034"},{"date" => "2016-08-11T14:25:18","version" => "2.035"},{"date" => "2016-08-11T19:03:38","version" => "2.036"},{"date" => "2016-08-22T17:39:32","version" => "2.037"},{"date" => "2016-09-17T09:36:29","version" => "2.038"},{"date" => "2016-11-20T21:01:59","version" => "2.039"},{"date" => "2016-12-17T15:18:35","version" => "2.040"},{"date" => "2017-01-04T05:17:55","version" => "2.041"},{"date" => "2017-01-05T18:32:13","version" => "2.042"},{"date" => "2017-01-06T13:27:56","version" => "2.043"},{"date" => "2017-01-26T10:46:57","version" => "2.044"},{"date" => "2017-02-13T15:26:59","version" => "2.045"},{"date" => "2017-02-15T18:41:05","version" => "2.046"},{"date" => "2017-02-16T19:01:01","version" => "2.047"},{"date" => "2017-04-16T18:33:09","version" => "2.048"},{"date" => "2017-06-12T05:15:34","version" => "2.049"},{"date" => "2017-08-18T06:07:18","version" => "2.050"},{"date" => "2017-09-05T09:28:25","version" => "2.051"},{"date" => "2017-10-22T08:48:29","version" => "2.052"},{"date" => "2018-01-21T19:41:38","version" => "2.053"},{"date" => "2018-01-22T05:11:45","version" => "2.054"},{"date" => "2018-02-15T13:45:54","version" => "2.055"},{"date" => "2018-02-19T06:35:28","version" => "2.056"},{"date" => "2018-07-18T19:16:28","version" => "2.057"},{"date" => "2018-07-19T07:54:24","version" => "2.058"},{"date" => "2018-08-15T16:13:05","version" => "2.059"},{"date" => "2018-09-16T19:15:07","version" => "2.060"},{"date" => "2019-02-23T02:08:16","version" => "2.061"},{"date" => "2019-02-24T00:14:55","version" => "2.062"},{"date" => "2019-03-01T14:48:40","version" => "2.063"},{"date" => "2019-03-04T12:28:12","version" => "2.064"},{"date" => "2019-03-05T18:50:40","version" => "2.065"},{"date" => "2019-03-06T06:55:56","version" => "2.066"},{"date" => "2020-02-14T17:49:51","version" => "2.067"},{"date" => "2020-03-31T06:15:39","version" => "2.068"},{"date" => "2021-01-22T16:55:49","version" => "2.069"},{"date" => "2021-02-26T08:03:24","version" => "2.070"},{"date" => "2021-05-23T08:12:02","version" => "2.071"},{"date" => "2021-08-16T13:06:40","version" => "2.072"},{"date" => "2021-12-22T19:30:42","version" => "2.073"},{"date" => "2022-01-07T15:09:53","version" => "2.074"},{"date" => "2022-09-02T18:18:33","version" => "2.075"},{"date" => "2022-11-14T13:41:15","version" => "2.076"},{"date" => "2022-11-21T11:44:16","version" => "2.077"},{"date" => "2022-12-11T20:10:13","version" => "2.078"},{"date" => "2023-01-16T06:28:01","version" => "2.079"},{"date" => "2023-01-18T16:28:53","version" => "2.080"},{"date" => "2023-01-25T10:49:10","version" => "2.081"},{"date" => "2023-05-17T20:41:22","version" => "2.082"},{"date" => "2023-05-18T09:15:20","version" => "2.083"},{"date" => "2023-11-06T21:02:36","version" => "2.084"},{"date" => "2024-01-22T19:07:08","version" => "2.085"},{"date" => "2024-07-03T12:14:36","version" => "2.086"},{"date" => "2024-07-08T05:33:53","version" => "2.087"},{"date" => "2024-07-14T05:05:54","version" => "2.088"},{"date" => "2024-08-29T14:46:00","version" => "2.089"},{"date" => "2025-06-03T04:11:54","version" => "2.090"},{"date" => "2025-06-11T17:38:14","version" => "2.091"},{"date" => "2025-06-16T13:32:00","version" => "2.092"},{"date" => "2025-06-17T06:49:47","version" => "2.093"},{"date" => "2025-06-18T19:37:41","version" => "2.094"},{"date" => "2025-07-10T16:57:04","version" => "2.095"},{"date" => "2026-01-04T17:47:18","version" => "2.096"},{"date" => "2026-01-06T17:52:56","version" => "2.097"},{"date" => "2026-01-06T19:20:57","version" => "2.098"}]},"IPC-Cmd" => {"advisories" => [{"affected_versions" => ["<0.96"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "IPC-Cmd","fixed_versions" => [">=0.96"],"id" => "CPANSA-IPC-Cmd-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "IPC::Cmd","versions" => [{"date" => "2003-05-10T16:57:39","version" => "0.02"},{"date" => "2003-05-11T08:50:33","version" => "0.03"},{"date" => "2003-09-25T10:34:58","version" => "0.04"},{"date" => "2004-06-18T11:43:01","version" => "0.20"},{"date" => "2004-08-16T10:26:03","version" => "0.22"},{"date" => "2004-12-03T15:53:45","version" => "0.23"},{"date" => "2004-12-09T09:56:18","version" => "0.24"},{"date" => "2006-09-06T15:57:50","version" => "0.25"},{"date" => "2006-10-05T14:42:36","version" => "0.29_01"},{"date" => "2006-10-11T11:11:24","version" => "0.30"},{"date" => "2006-10-13T11:18:04","version" => "0.32"},{"date" => "2006-10-20T13:16:49","version" => "0.34"},{"date" => "2006-11-24T14:01:10","version" => "0.36"},{"date" => "2007-10-11T15:17:44","version" => "0.38"},{"date" => "2007-10-17T09:29:57","version" => "0.40"},{"date" => "2008-05-18T15:50:12","version" => "0.41_01"},{"date" => "2008-06-29T15:41:17","version" => "0.41_02"},{"date" => "2008-07-13T13:08:43","version" => "0.41_03"},{"date" => "2008-07-14T13:57:54","version" => "0.41_04"},{"date" => "2008-09-22T13:12:26","version" => "0.41_05"},{"date" => "2008-09-24T15:46:32","version" => "0.41_06"},{"date" => "2008-10-05T16:24:49","version" => "0.41_07"},{"date" => "2008-10-10T09:47:07","version" => "0.42"},{"date" => "2009-05-04T08:15:08","version" => "0.44"},{"date" => "2009-06-12T11:38:40","version" => "0.46"},{"date" => "2009-09-07T14:15:59","version" => "0.48"},{"date" => "2009-09-07T15:21:24","version" => "0.50"},{"date" => "2009-11-08T23:24:39","version" => "0.51_01"},{"date" => "2009-11-13T16:17:59","version" => "0.52"},{"date" => "2009-11-15T22:04:56","version" => "0.54"},{"date" => "2010-02-03T14:21:25","version" => "0.56"},{"date" => "2010-04-29T20:06:40","version" => "0.58"},{"date" => "2010-07-05T08:10:45","version" => "0.60"},{"date" => "2010-10-19T14:53:57","version" => "0.62"},{"date" => "2010-10-19T18:09:00","version" => "0.64"},{"date" => "2010-11-23T12:11:55","version" => "0.66"},{"date" => "2011-01-07T22:28:30","version" => "0.68"},{"date" => "2011-01-31T20:40:13","version" => "0.70"},{"date" => "2011-05-10T13:07:15","version" => "0.71_01"},{"date" => "2011-05-26T12:01:30","version" => "0.71_02"},{"date" => "2011-05-26T12:46:44","version" => "0.71_03"},{"date" => "2011-06-22T11:34:08","version" => "0.72"},{"date" => "2012-01-30T10:35:24","version" => "0.74"},{"date" => "2012-01-30T11:34:12","version" => "0.76"},{"date" => "2012-04-30T18:52:04","version" => "0.78"},{"date" => "2013-03-02T22:15:43","version" => "0.80"},{"date" => "2013-06-29T21:17:06","version" => "0.82"},{"date" => "2013-08-06T09:28:59","version" => "0.84"},{"date" => "2013-09-05T19:34:47","version" => "0.85_01"},{"date" => "2013-10-10T13:09:11","version" => "0.85_02"},{"date" => "2013-11-04T14:18:01","version" => "0.86"},{"date" => "2013-11-15T14:47:57","version" => "0.88"},{"date" => "2013-11-18T15:12:15","version" => "0.90"},{"date" => "2014-01-22T20:01:22","version" => "0.92"},{"date" => "2016-02-12T19:01:25","version" => "0.94"},{"date" => "2016-07-28T10:19:44","version" => "0.96"},{"date" => "2017-05-12T16:05:02","version" => "0.98"},{"date" => "2018-02-14T16:21:01","version" => "1.00"},{"date" => "2018-05-03T08:53:01","version" => "1.02"},{"date" => "2019-07-13T09:17:39","version" => "1.04"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "0.36_01"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.010000","version" => "0.40_1"},{"date" => "2013-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019005","version" => "0.84_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.92_01"}]},"IPC-Run" => {"advisories" => [{"affected_versions" => ["<0.90","==0.90_01","==0.90_02"],"cves" => [],"description" => "INADDR_ANY can be your external ip, IPC::Run should only listen on localhost.\n","distribution" => "IPC-Run","fixed_versions" => [">=0.90"],"id" => "CPANSA-IPC-Run-2009-01","references" => ["https://metacpan.org/dist/IPC-Run/changes","https://rt.cpan.org/Public/Bug/Display.html?id=49693"],"reported" => "2009-09-14"}],"main_module" => "IPC::Run","versions" => [{"date" => "2000-05-22T05:10:41","version" => "0.1"},{"date" => "2000-06-01T06:12:25","version" => "0.2"},{"date" => "2000-06-02T16:53:04","version" => "0.21"},{"date" => "2000-06-03T12:34:23","version" => "0.3"},{"date" => "2000-06-06T18:48:56","version" => "0.32"},{"date" => "2000-06-08T10:24:28","version" => "0.33"},{"date" => "2000-06-08T10:41:19","version" => "0.34"},{"date" => "2000-06-15T19:06:43","version" => "0.4"},{"date" => "2000-08-17T14:33:30","version" => "0.42"},{"date" => "2000-10-02T21:20:49","version" => "0.44"},{"date" => "2001-11-11T04:21:36","version" => "0.5"},{"date" => "2001-11-12T07:19:27","version" => "0.51"},{"date" => "2001-12-01T06:05:11","version" => "0.54"},{"date" => "2001-12-01T21:54:11","version" => "0.55"},{"date" => "2001-12-02T13:48:12","version" => "0.56"},{"date" => "2001-12-06T20:33:30","version" => "0.6"},{"date" => "2001-12-07T09:31:12","version" => "0.61"},{"date" => "2002-01-01T20:42:40","version" => "0.62"},{"date" => "2002-02-27T17:14:16","version" => "0.63"},{"date" => "2002-03-14T17:14:53","version" => "0.64"},{"date" => "2002-03-27T11:42:32","version" => "0.66"},{"date" => "2002-04-26T15:04:45","version" => "0.7"},{"date" => "2002-05-06T13:23:28","version" => "0.71"},{"date" => "2002-05-09T15:58:13","version" => "0.72"},{"date" => "2002-05-22T13:20:13","version" => "0.73"},{"date" => "2002-05-23T13:48:23","version" => "0.74"},{"date" => "2003-01-28T17:59:36","version" => "0.75"},{"date" => "2003-09-26T19:35:48","version" => "0.77"},{"date" => "2004-03-09T06:22:24","version" => "0.78"},{"date" => "2005-01-19T23:50:56","version" => "0.79"},{"date" => "2006-03-10T15:30:59","version" => "0.80_91"},{"date" => "2006-05-10T20:00:28","version" => "0.80"},{"date" => "2008-10-15T09:59:57","version" => "0.81_01"},{"date" => "2008-12-18T12:01:25","version" => "0.82"},{"date" => "2009-07-09T16:38:18","version" => "0.83"},{"date" => "2009-07-13T00:59:41","version" => "0.84"},{"date" => "2010-03-23T05:12:54","version" => "0.85"},{"date" => "2010-03-24T20:11:05","version" => "0.86"},{"date" => "2010-03-29T18:03:50","version" => "0.87"},{"date" => "2010-03-30T18:14:22","version" => "0.88"},{"date" => "2010-04-01T04:48:26","version" => "0.89"},{"date" => "2011-06-03T04:41:40","version" => "0.90_01"},{"date" => "2011-06-29T04:15:08","version" => "0.90_02"},{"date" => "2011-07-01T04:18:30","version" => "0.90_03"},{"date" => "2011-07-03T20:10:42","version" => "0.90"},{"date" => "2012-01-25T05:16:00","version" => "0.91_01"},{"date" => "2012-02-15T04:50:23","version" => "0.91"},{"date" => "2012-08-22T15:00:56","version" => "0.92_01"},{"date" => "2012-08-30T15:26:42","version" => "0.92"},{"date" => "2014-12-11T05:59:50","version" => "0.93"},{"date" => "2014-12-11T07:48:28","version" => "0.93_01"},{"date" => "2014-12-14T07:23:31","version" => "0.94"},{"date" => "2016-04-13T03:11:26","version" => "0.94_01"},{"date" => "2016-04-14T05:15:22","version" => "0.94_02"},{"date" => "2017-04-25T01:29:03","version" => "0.95"},{"date" => "2017-05-12T13:48:34","version" => "0.96"},{"date" => "2018-03-26T21:45:38","version" => "0.97"},{"date" => "2018-03-29T18:52:43","version" => "0.98"},{"date" => "2018-03-30T22:49:37","version" => "0.99"},{"date" => "2018-05-23T17:24:25","version" => "20180523.0"},{"date" => "2020-05-05T20:57:23","version" => "20200505.0"},{"date" => "2022-08-07T12:50:57","version" => "20220807.0"},{"date" => "2023-10-03T01:09:01","version" => "20231003.0"},{"date" => "2025-07-15T17:03:00","version" => "20250715.0_01"},{"date" => "2025-08-10T01:54:10","version" => "20250809.0"}]},"IPTables-Parse" => {"advisories" => [{"affected_versions" => ["<1.6"],"cves" => ["CVE-2015-8326"],"description" => "The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.\n","distribution" => "IPTables-Parse","fixed_versions" => [],"id" => "CPANSA-IPTables-Parse-2015-8326","references" => ["https://metacpan.org/source/MRASH/IPTables-Parse-1.6/Changes","https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87","https://bugzilla.redhat.com/show_bug.cgi?id=1267962","http://www.openwall.com/lists/oss-security/2015/11/24/10"],"reported" => "2017-06-07","severity" => "medium"}],"main_module" => "IPTables::Parse","versions" => [{"date" => "2008-10-26T23:15:50","version" => "0.7"},{"date" => "2012-02-27T02:20:58","version" => "0.8"},{"date" => "2012-02-27T02:22:29","version" => "0.9"},{"date" => "2012-02-29T02:51:44","version" => "1.0"},{"date" => "2012-03-03T03:56:08","version" => "1.1"},{"date" => "2015-02-25T02:08:58","version" => "1.1"},{"date" => "2015-03-01T20:15:52","version" => "1.3.1"},{"date" => "2015-03-01T20:50:07","version" => "1.4"},{"date" => "2015-09-09T13:53:26","version" => "1.5"},{"date" => "2015-11-07T21:08:49","version" => "1.6"},{"date" => "2015-11-30T01:16:22","version" => "1.6.1"}]},"Image-ExifTool" => {"advisories" => [{"affected_versions" => ["<=12.37"],"cves" => ["CVE-2022-23935"],"description" => "lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a \$file =~ /\\|\$/ check, leading to command injection.\n","distribution" => "Image-ExifTool","fixed_versions" => [">12.38"],"id" => "CPANSA-Image-ExifTool-2022-23935","references" => ["https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582","https://gist.github.com/ert-plus/1414276e4cb5d56dd431c2f0429e4429"],"reported" => "2022-01-25","severity" => "critical"},{"affected_versions" => [">=7.44,<=12.23"],"cves" => ["CVE-2021-22204"],"description" => "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image\n","distribution" => "Image-ExifTool","fixed_versions" => [">12.23"],"id" => "CPANSA-Image-ExifTool-2021-22204","references" => ["http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html","http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html","http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html","http://www.openwall.com/lists/oss-security/2021/05/09/1","http://www.openwall.com/lists/oss-security/2021/05/10/5","https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800","https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json","https://hackerone.com/reports/1154542","https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/","https://www.debian.org/security/2021/dsa-4910"],"reported" => "2021-04-23","severity" => undef},{"affected_versions" => ["==8.32"],"cves" => ["CVE-2018-20211"],"description" => "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\\\par-%username%\\\\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).\n","distribution" => "Image-ExifTool","fixed_versions" => [">8"],"id" => "CPANSA-Image-ExifTool-2018-20211","references" => ["http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html","http://seclists.org/fulldisclosure/2018/Dec/44"],"reported" => "2019-01-02","severity" => undef}],"main_module" => "Image::ExifTool","versions" => [{"date" => "2004-10-04T15:37:06","version" => "3.60"},{"date" => "2004-11-02T12:46:54","version" => "3.72"},{"date" => "2004-11-05T12:41:52","version" => "3.74"},{"date" => "2004-11-11T18:24:18","version" => "3.82"},{"date" => "2004-11-24T18:42:42","version" => "3.93"},{"date" => "2004-11-25T16:34:47","version" => "3.94"},{"date" => "2005-01-24T13:15:55","version" => "4.36"},{"date" => "2005-02-07T15:56:43","version" => "4.53"},{"date" => "2005-02-18T00:42:59","version" => "4.64"},{"date" => "2005-03-01T19:23:29","version" => "4.73"},{"date" => "2005-03-15T12:09:56","version" => "4.87"},{"date" => "2005-04-02T19:46:41","version" => "4.93"},{"date" => "2005-04-20T12:41:30","version" => "5.05"},{"date" => "2005-05-16T15:54:07","version" => "5.18"},{"date" => "2005-06-03T19:21:17","version" => "5.25"},{"date" => "2005-06-15T17:21:33","version" => "5.32"},{"date" => "2005-07-19T18:16:02","version" => "5.46"},{"date" => "2005-08-24T14:58:18","version" => "5.55"},{"date" => "2005-10-13T13:15:01","version" => "5.67"},{"date" => "2005-11-18T13:04:29","version" => "5.77"},{"date" => "2005-12-22T16:42:56","version" => "5.87"},{"date" => "2006-02-19T20:26:14","version" => "6.00"},{"date" => "2006-05-12T12:10:32","version" => "6.17"},{"date" => "2006-07-24T13:18:05","version" => "6.29"},{"date" => "2006-09-06T20:26:16","version" => "6.36"},{"date" => "2006-09-21T15:39:52","version" => "6.42"},{"date" => "2006-11-20T13:52:55","version" => "6.57"},{"date" => "2006-12-20T13:07:23","version" => "6.66"},{"date" => "2007-02-14T13:28:50","version" => "6.75"},{"date" => "2007-02-16T13:21:27","version" => "6.76"},{"date" => "2007-05-10T18:53:15","version" => "6.90"},{"date" => "2007-10-24T11:39:52","version" => "7.00"},{"date" => "2008-02-05T17:21:39","version" => "7.15"},{"date" => "2008-03-12T12:24:57","version" => "7.21"},{"date" => "2008-04-18T13:09:00","version" => "7.25"},{"date" => "2008-05-31T11:39:35","version" => "7.30"},{"date" => "2008-10-26T19:00:34","version" => "7.50"},{"date" => "2008-10-27T13:48:39","version" => "7.51"},{"date" => "2009-01-06T13:48:18","version" => "7.60"},{"date" => "2009-02-09T14:25:12","version" => "7.67"},{"date" => "2009-07-02T15:42:38","version" => "7.82"},{"date" => "2009-08-18T01:30:53","version" => "7.88"},{"date" => "2009-08-18T12:03:19","version" => "7.89"},{"date" => "2009-11-20T19:06:24","version" => "8.00"},{"date" => "2010-02-08T20:49:00","version" => "8.10"},{"date" => "2010-03-18T14:09:58","version" => "8.15"},{"date" => "2010-07-13T12:35:33","version" => "8.25"},{"date" => "2010-11-21T21:29:00","version" => "8.40"},{"date" => "2011-03-01T12:43:02","version" => "8.50"},{"date" => "2011-06-27T11:52:50","version" => "8.60"},{"date" => "2011-09-24T10:53:29","version" => "8.65"},{"date" => "2012-01-08T13:48:19","version" => "8.75"},{"date" => "2012-01-27T14:19:10","version" => "8.77"},{"date" => "2012-03-25T12:07:06","version" => "8.85"},{"date" => "2012-04-28T12:06:48","version" => "8.90"},{"date" => "2012-08-25T12:28:04","version" => "9.01"},{"date" => "2012-11-03T16:37:48","version" => "9.04"},{"date" => "2013-01-02T21:07:34","version" => "9.11"},{"date" => "2013-01-03T01:49:33","version" => "9.12"},{"date" => "2013-01-10T15:05:11","version" => "9.13"},{"date" => "2013-04-06T11:38:39","version" => "9.25"},{"date" => "2013-04-15T11:20:13","version" => "9.27"},{"date" => "2014-01-11T22:58:56","version" => "9.46"},{"date" => "2014-02-22T14:40:30","version" => "9.53"},{"date" => "2014-05-11T13:34:36","version" => "9.60"},{"date" => "2014-09-03T12:19:55","version" => "9.70"},{"date" => "2014-11-15T15:14:24","version" => "9.76"},{"date" => "2015-03-14T11:33:58","version" => "9.90"},{"date" => "2015-08-18T13:30:08","version" => "10.00"},{"date" => "2016-01-22T15:51:06","version" => "10.10"},{"date" => "2016-04-20T13:25:01","version" => "10.15"},{"date" => "2016-06-13T14:05:58","version" => "10.20"},{"date" => "2016-11-24T16:55:55","version" => "10.36"},{"date" => "2017-01-13T16:02:53","version" => "10.39"},{"date" => "2017-01-14T17:30:45","version" => "10.40"},{"date" => "2017-04-20T12:54:29","version" => "10.50"},{"date" => "2017-06-05T14:41:23","version" => "10.55"},{"date" => "2018-02-22T13:27:40","version" => "10.80"},{"date" => "2018-06-07T11:44:16","version" => "11.00"},{"date" => "2018-06-11T12:18:41","version" => "11.01"},{"date" => "2018-09-28T01:34:43","version" => "11.11"},{"date" => "2019-03-06T15:14:28","version" => "11.30"},{"date" => "2019-06-11T15:29:41","version" => "11.50"},{"date" => "2019-10-10T13:04:36","version" => "11.70"},{"date" => "2020-01-28T15:40:58","version" => "11.85"},{"date" => "2020-06-11T20:36:48","version" => "12.00"},{"date" => "2021-01-18T14:03:50","version" => "12.15"},{"date" => "2021-01-21T17:51:28","version" => "12.16"},{"date" => "2021-05-21T00:37:46","version" => "12.26"},{"date" => "2021-08-12T13:13:43","version" => "12.30"},{"date" => "2022-06-07T11:39:06","version" => "12.42"},{"date" => "2022-06-07T20:05:13","version" => "12.42"},{"date" => "2022-11-09T11:41:50","version" => "12.50"},{"date" => "2023-04-05T15:01:59","version" => "12.60"},{"date" => "2023-11-19T16:15:22","version" => "12.70"},{"date" => "2024-01-31T01:08:08","version" => "12.75"},{"date" => "2024-01-31T15:31:14","version" => "12.76"},{"date" => "2024-10-29T17:10:24","version" => "13.00"},{"date" => "2024-12-20T16:49:20","version" => "13.10"},{"date" => "2025-03-11T12:01:50","version" => "13.25"},{"date" => "2025-05-25T18:10:41","version" => "13.30"},{"date" => "2025-09-06T12:17:12","version" => "13.35"},{"date" => "2025-09-09T18:09:15","version" => "13.36"},{"date" => "2025-12-15T20:40:08","version" => "13.44"},{"date" => "2026-02-07T18:48:19","version" => "13.50"}]},"Image-Info" => {"advisories" => [{"affected_versions" => ["<1.39"],"cves" => ["CVE-2016-9181"],"description" => "perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.\n","distribution" => "Image-Info","fixed_versions" => [">=1.39"],"id" => "CPANSA-Image-Info-2016-01","references" => ["http://www.securityfocus.com/bid/94220","http://www.openwall.com/lists/oss-security/2016/11/04/2"],"reported" => "2016-11-04"}],"main_module" => "Image::Info","versions" => [{"date" => "1999-12-19T07:09:24","version" => "0.01"},{"date" => "1999-12-22T00:03:22","version" => "0.02"},{"date" => "1999-12-25T22:43:22","version" => "0.03"},{"date" => "2000-01-07T18:20:42","version" => "0.04"},{"date" => "2000-08-24T09:09:25","version" => "0.05"},{"date" => "2000-10-18T19:55:02","version" => "1.00"},{"date" => "2000-10-31T17:32:56","version" => "1.01"},{"date" => "2000-11-10T18:21:41","version" => "1.02"},{"date" => "2000-11-13T19:44:44","version" => "1.03"},{"date" => "2000-11-30T20:25:46","version" => "1.04"},{"date" => "2001-03-24T20:20:31","version" => "0.06"},{"date" => "2001-03-24T20:40:20","version" => "1.05"},{"date" => "2001-03-26T19:28:11","version" => "1.06"},{"date" => "2001-04-11T00:53:39","version" => "1.07"},{"date" => "2001-08-24T18:29:39","version" => "1.08"},{"date" => "2001-12-14T23:07:08","version" => "1.09"},{"date" => "2002-05-29T00:04:22","version" => "1.10"},{"date" => "2002-07-04T17:37:20","version" => "1.11"},{"date" => "2002-12-31T00:09:32","version" => "1.12"},{"date" => "2003-10-06T17:27:43","version" => "1.13"},{"date" => "2003-10-06T21:50:56","version" => "1.14"},{"date" => "2003-10-06T22:10:09","version" => "1.15"},{"date" => "2004-01-07T12:47:37","version" => "1.16"},{"date" => "2006-01-28T12:41:59","version" => "1.17"},{"date" => "2006-03-03T15:31:07","version" => "1.18"},{"date" => "2006-03-05T09:19:05","version" => "1.18"},{"date" => "2006-03-13T20:52:28","version" => "1.18"},{"date" => "2006-05-01T14:33:54","version" => "1.18"},{"date" => "2006-07-16T12:43:58","version" => "1.18"},{"date" => "2006-09-30T12:35:03","version" => "1.23"},{"date" => "2007-02-25T12:39:30","version" => "1.24"},{"date" => "2007-05-14T19:11:49","version" => "1.25"},{"date" => "2007-09-09T11:23:15","version" => "1.26"},{"date" => "2007-12-15T13:50:50","version" => "1.27"},{"date" => "2008-03-30T19:16:37","version" => "1.28"},{"date" => "2009-07-08T20:39:39","version" => "1.28_50"},{"date" => "2009-07-09T22:26:22","version" => "1.28_51"},{"date" => "2009-07-17T18:24:54","version" => "1.28_52"},{"date" => "2009-07-31T21:09:25","version" => "1.29"},{"date" => "2009-08-14T20:25:31","version" => "1.29_50"},{"date" => "2009-09-14T19:04:17","version" => "1.29_51"},{"date" => "2009-09-16T19:23:40","version" => "1.29_51"},{"date" => "2009-10-23T20:45:13","version" => "1.29_51"},{"date" => "2009-10-31T09:21:38","version" => "1.29_51"},{"date" => "2009-11-14T16:30:54","version" => "1.30_50"},{"date" => "2009-11-22T22:10:25","version" => "1.30_51"},{"date" => "2010-02-09T20:08:40","version" => "1.30_52"},{"date" => "2010-02-09T20:43:56","version" => "1.30_53"},{"date" => "2010-09-25T15:42:44","version" => "1.31"},{"date" => "2011-12-28T21:32:21","version" => "1.31_50"},{"date" => "2011-12-28T21:53:50","version" => "1.31_51"},{"date" => "2012-02-21T21:03:11","version" => "1.32"},{"date" => "2012-10-23T19:59:15","version" => "1.32_50"},{"date" => "2012-10-24T20:24:17","version" => "1.32_51"},{"date" => "2012-10-25T21:49:45","version" => "1.32_52"},{"date" => "2012-11-03T19:12:43","version" => "1.33"},{"date" => "2013-01-27T13:49:04","version" => "1.33_50"},{"date" => "2013-01-28T11:15:59","version" => "1.33_51"},{"date" => "2013-01-29T16:18:27","version" => "1.34"},{"date" => "2013-04-03T20:29:08","version" => "1.34_50"},{"date" => "2013-04-10T19:22:43","version" => "1.35"},{"date" => "2013-05-06T10:32:44","version" => "1.35_50"},{"date" => "2013-06-28T08:29:45","version" => "1.35_51"},{"date" => "2013-07-05T08:23:26","version" => "1.36"},{"date" => "2014-12-19T23:10:31","version" => "1.36_51"},{"date" => "2014-12-29T22:23:42","version" => "1.36_52"},{"date" => "2014-12-31T08:44:32","version" => "1.37"},{"date" => "2015-04-20T05:00:55","version" => "1.38"},{"date" => "2016-10-01T15:35:13","version" => "1.38_50"},{"date" => "2016-10-01T17:43:27","version" => "1.38_51"},{"date" => "2016-10-08T09:00:58","version" => "1.39"},{"date" => "2017-03-19T20:16:19","version" => "1.39_50"},{"date" => "2017-03-21T19:05:30","version" => "1.40"},{"date" => "2017-06-30T17:22:28","version" => "1.40_50"},{"date" => "2017-07-12T16:34:02","version" => "1.41"},{"date" => "2019-10-16T19:12:33","version" => "1.41_50"},{"date" => "2019-10-19T06:46:49","version" => "1.42"},{"date" => "2022-07-17T15:58:54","version" => "1.42_50"},{"date" => "2022-10-03T17:54:30","version" => "1.43"},{"date" => "2023-07-25T18:26:43","version" => "1.43_50"},{"date" => "2023-08-03T17:14:43","version" => "1.44"},{"date" => "2024-11-20T08:40:18","version" => "1.44_50"},{"date" => "2024-11-23T10:43:42","version" => "1.44_51"},{"date" => "2024-11-24T09:58:13","version" => "1.45"}]},"Image-PNG-Simple" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.07"],"cves" => ["CVE-2019-7317"],"description" => "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.\n","distribution" => "Image-PNG-Simple","fixed_versions" => [],"id" => "CPANSA-Image-PNG-Simple-2019-7317-libpng","references" => ["https://github.com/glennrp/libpng/issues/275","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","https://seclists.org/bugtraq/2019/Apr/30","http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","https://www.debian.org/security/2019/dsa-4435","https://seclists.org/bugtraq/2019/Apr/36","https://usn.ubuntu.com/3962-1/","https://usn.ubuntu.com/3991-1/","https://seclists.org/bugtraq/2019/May/56","https://seclists.org/bugtraq/2019/May/59","https://www.debian.org/security/2019/dsa-4448","https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","https://access.redhat.com/errata/RHSA-2019:1265","https://access.redhat.com/errata/RHSA-2019:1269","https://access.redhat.com/errata/RHSA-2019:1267","https://www.debian.org/security/2019/dsa-4451","https://seclists.org/bugtraq/2019/May/67","https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","https://usn.ubuntu.com/3997-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","https://access.redhat.com/errata/RHSA-2019:1310","https://access.redhat.com/errata/RHSA-2019:1309","https://access.redhat.com/errata/RHSA-2019:1308","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","http://www.securityfocus.com/bid/108098","https://security.netapp.com/advisory/ntap-20190719-0005/","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/","https://security.gentoo.org/glsa/201908-02","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"reported" => "2019-02-04","severity" => "medium"}],"main_module" => "Image::PNG::Simple","versions" => [{"date" => "2015-07-30T11:31:38","version" => "0.01"},{"date" => "2015-08-01T00:08:18","version" => "0.02"},{"date" => "2015-08-03T05:20:49","version" => "0.03"},{"date" => "2015-08-04T02:01:32","version" => "0.04"},{"date" => "2015-08-04T12:30:46","version" => "0.05"},{"date" => "2015-08-05T02:29:57","version" => "0.06"},{"date" => "2015-08-06T02:51:43","version" => "0.07"}]},"Imager" => {"advisories" => [{"affected_versions" => ["<1.006"],"cves" => ["CVE-2016-1238"],"description" => "Imager would search the default current directory entry in \@INC when searching for file format support modules.\n","distribution" => "Imager","fixed_versions" => [">=1.006"],"id" => "CPANSA-Imager-2016-1238","references" => ["https://metacpan.org/dist/Imager/changes","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => "high"},{"affected_versions" => [">=0.42,<=0.63"],"cves" => ["CVE-2008-1928"],"description" => "Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels.\n","distribution" => "Imager","fixed_versions" => [">=0.64"],"id" => "CPANSA-Imager-2008-1928","references" => ["https://metacpan.org/dist/Imager/changes","http://rt.cpan.org/Public/Bug/Display.html?id=35324","http://imager.perl.org/i/release064/Imager_0_64","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00569.html","http://www.securityfocus.com/bid/28980","http://secunia.com/advisories/30030","http://secunia.com/advisories/30011","http://www.vupen.com/english/advisories/2008/1387/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41986"],"reported" => "2008-04-24","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => [">=0.21,<=0.56"],"cves" => ["CVE-2007-2459"],"description" => "Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.\n","distribution" => "Imager","fixed_versions" => [">=0.57"],"id" => "CPANSA-Imager-2007-2459","references" => ["http://imager.perl.org/a/65.html","http://rt.cpan.org/Public/Bug/Display.html?id=26811","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421582","http://www.debian.org/security/2008/dsa-1498","http://www.securityfocus.com/bid/23711","http://secunia.com/advisories/25038","http://secunia.com/advisories/28868","http://osvdb.org/39846","http://www.vupen.com/english/advisories/2007/1587","http://osvdb.org/35470","https://exchange.xforce.ibmcloud.com/vulnerabilities/34010"],"reported" => "2007-05-02","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => ["<0.98"],"cves" => [],"description" => "When drawing on an image with an alpha channel where the source minimum is greater than zero, Imager would read from beyond the end of a malloc() allocated buffer.  In rare circumstances this could lead to some of the source image not being written to the target image, or possibly to a segmentation fault.\n","distribution" => "Imager","fixed_versions" => [">=0.98"],"id" => "CPANSA-Imager-2014-01","references" => ["https://metacpan.org/dist/Imager/changes"],"reported" => "2014-01-03","severity" => undef},{"affected_versions" => ["<=1.024"],"cves" => ["CVE-2024-53901"],"description" => "\"invalid next size\" backtrace on use of trim on certain images\n","distribution" => "Imager","fixed_versions" => [">1.024"],"id" => "CPANSA-Imager-2024-001","references" => ["https://metacpan.org/dist/Imager/changes","https://github.com/tonycoz/imager/issues/534"],"reported" => "2024-11-17","severity" => "moderate"},{"affected_versions" => ["<0.50"],"cves" => ["CVE-2006-0053"],"description" => "Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.\n","distribution" => "Imager","fixed_versions" => [">=0.50"],"id" => "CPANSA-Imager-2006-0053","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661","http://rt.cpan.org/Public/Bug/Display.html?id=18397","http://secunia.com/advisories/19575","http://secunia.com/advisories/19577","http://www.debian.org/security/2006/dsa-1028","http://www.securityfocus.com/bid/17415","http://www.vupen.com/english/advisories/2006/1294","https://exchange.xforce.ibmcloud.com/vulnerabilities/25717","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661","http://rt.cpan.org/Public/Bug/Display.html?id=18397","http://secunia.com/advisories/19575","http://secunia.com/advisories/19577","http://www.debian.org/security/2006/dsa-1028","http://www.securityfocus.com/bid/17415","http://www.vupen.com/english/advisories/2006/1294","https://exchange.xforce.ibmcloud.com/vulnerabilities/25717"],"reported" => "2006-04-10","severity" => undef}],"main_module" => "Imager","versions" => [{"date" => "1999-07-19T14:26:37","version" => "0.21"},{"date" => "2000-01-03T20:14:03","version" => "0.27"},{"date" => "2000-01-04T11:16:56","version" => "0.28"},{"date" => "2000-01-05T10:48:05","version" => "0.29"},{"date" => "2000-01-16T12:52:22","version" => "0.31"},{"date" => "2000-03-04T13:28:32","version" => "0.32"},{"date" => "2001-01-29T00:50:14","version" => "0.35"},{"date" => "2001-01-29T15:06:27","version" => "0.36"},{"date" => "2001-01-31T05:02:15","version" => "0.37"},{"date" => "2001-05-21T16:21:08","version" => "0.38"},{"date" => "2001-11-02T21:39:20","version" => "0.39"},{"date" => "2002-04-11T15:09:57","version" => "0.40"},{"date" => "2002-04-12T12:07:29","version" => "0.41"},{"date" => "2004-01-04T12:47:37","version" => "0.42"},{"date" => "2004-02-17T07:53:52","version" => "0.43"},{"date" => "2004-12-07T23:58:16","version" => "0.43_03"},{"date" => "2004-12-15T13:02:40","version" => "0.44"},{"date" => "2005-05-24T07:08:15","version" => "0.44_01"},{"date" => "2005-05-30T04:41:43","version" => "0.45"},{"date" => "2005-12-12T04:07:30","version" => "0.45_02"},{"date" => "2005-12-20T00:13:31","version" => "0.46"},{"date" => "2005-12-30T06:05:50","version" => "0.47"},{"date" => "2006-02-21T06:09:30","version" => "0.47_01"},{"date" => "2006-03-03T05:06:46","version" => "0.48"},{"date" => "2006-03-07T01:04:03","version" => "0.49"},{"date" => "2006-03-28T04:31:56","version" => "0.49_01"},{"date" => "2006-03-29T00:31:03","version" => "0.50"},{"date" => "2006-04-23T14:29:42","version" => "0.51"},{"date" => "2006-06-28T13:38:48","version" => "0.51_01"},{"date" => "2006-07-04T14:03:23","version" => "0.51_02"},{"date" => "2006-07-19T00:58:22","version" => "0.51_03"},{"date" => "2006-07-25T05:09:08","version" => "0.52"},{"date" => "2006-07-27T01:01:57","version" => "0.53"},{"date" => "2006-09-14T07:58:27","version" => "0.54"},{"date" => "2006-12-16T22:31:19","version" => "0.55"},{"date" => "2007-04-01T12:30:34","version" => "0.56"},{"date" => "2007-04-30T08:49:39","version" => "0.57"},{"date" => "2007-05-11T11:00:18","version" => "0.57_01"},{"date" => "2007-05-16T12:49:23","version" => "0.58"},{"date" => "2007-06-14T07:33:05","version" => "0.59"},{"date" => "2007-08-30T07:51:36","version" => "0.60"},{"date" => "2007-11-05T07:53:45","version" => "0.61"},{"date" => "2007-11-28T10:06:27","version" => "0.61_02"},{"date" => "2007-12-10T08:31:12","version" => "0.62"},{"date" => "2008-04-07T08:49:14","version" => "0.63"},{"date" => "2008-04-23T04:10:18","version" => "0.64"},{"date" => "2008-05-20T06:34:48","version" => "0.65"},{"date" => "2008-12-12T11:57:40","version" => "0.67"},{"date" => "2009-09-02T07:05:11","version" => "0.67_01"},{"date" => "2009-09-07T05:14:24","version" => "0.68"},{"date" => "2009-09-08T09:23:38","version" => "0.69"},{"date" => "2009-09-21T03:36:15","version" => "0.70"},{"date" => "2009-11-16T04:15:54","version" => "0.71"},{"date" => "2009-11-30T07:17:33","version" => "0.71_01"},{"date" => "2009-12-01T09:06:53","version" => "0.71_02"},{"date" => "2009-12-04T14:21:49","version" => "0.71_03"},{"date" => "2009-12-10T00:44:51","version" => "0.72"},{"date" => "2010-03-15T07:24:59","version" => "0.73"},{"date" => "2010-05-06T14:29:21","version" => "0.74"},{"date" => "2010-06-20T10:47:23","version" => "0.75"},{"date" => "2010-08-06T10:49:44","version" => "0.75_01"},{"date" => "2010-08-07T01:48:37","version" => "0.75_02"},{"date" => "2010-08-09T12:49:36","version" => "0.75_03"},{"date" => "2010-08-11T09:33:24","version" => "0.77"},{"date" => "2010-09-13T10:48:57","version" => "0.77_01"},{"date" => "2010-09-27T04:59:03","version" => "0.77_02"},{"date" => "2010-10-04T09:00:26","version" => "0.78"},{"date" => "2010-12-11T01:09:12","version" => "0.79"},{"date" => "2011-01-17T07:43:35","version" => "0.80"},{"date" => "2011-02-14T08:22:57","version" => "0.81"},{"date" => "2011-03-14T12:18:07","version" => "0.82"},{"date" => "2011-05-17T11:15:02","version" => "0.82_01"},{"date" => "2011-05-20T14:07:44","version" => "0.83"},{"date" => "2011-06-20T12:54:05","version" => "0.84"},{"date" => "2011-08-08T12:39:58","version" => "0.84_01"},{"date" => "2011-08-22T09:28:25","version" => "0.84_02"},{"date" => "2011-08-29T09:19:04","version" => "0.85"},{"date" => "2011-10-10T07:22:51","version" => "0.85_01"},{"date" => "2011-10-24T10:14:57","version" => "0.85_02"},{"date" => "2011-10-31T10:37:15","version" => "0.86"},{"date" => "2012-01-03T05:27:14","version" => "0.87"},{"date" => "2012-02-22T05:13:09","version" => "0.88"},{"date" => "2012-03-18T01:45:35","version" => "0.89"},{"date" => "2012-04-30T09:09:02","version" => "0.90"},{"date" => "2012-06-04T12:27:17","version" => "0.91"},{"date" => "2012-08-14T09:53:38","version" => "0.92"},{"date" => "2012-08-18T01:41:22","version" => "0.92_01"},{"date" => "2012-10-15T10:15:07","version" => "0.93"},{"date" => "2012-11-12T10:44:54","version" => "0.93_01"},{"date" => "2012-11-25T00:13:16","version" => "0.93_02"},{"date" => "2012-12-14T22:59:55","version" => "0.94"},{"date" => "2013-03-02T08:34:07","version" => "0.94_01"},{"date" => "2013-04-05T06:19:32","version" => "0.94_02"},{"date" => "2013-04-19T12:13:27","version" => "0.95"},{"date" => "2013-05-19T04:27:19","version" => "0.96"},{"date" => "2013-07-01T13:21:32","version" => "0.96_01"},{"date" => "2013-07-09T13:46:48","version" => "0.96_02"},{"date" => "2013-07-15T09:52:06","version" => "0.97"},{"date" => "2014-01-02T22:22:03","version" => "0.98"},{"date" => "2014-06-25T11:36:29","version" => "0.99"},{"date" => "2014-06-29T05:06:45","version" => "0.99_01"},{"date" => "2014-07-21T09:16:17","version" => "0.99_02"},{"date" => "2014-07-29T09:13:55","version" => "1.000"},{"date" => "2015-01-02T03:34:59","version" => "1.001"},{"date" => "2015-04-03T01:31:26","version" => "1.002"},{"date" => "2015-05-12T08:11:18","version" => "1.003"},{"date" => "2015-11-08T09:45:59","version" => "1.004"},{"date" => "2016-03-16T08:35:26","version" => "1.004_001"},{"date" => "2016-03-20T01:27:53","version" => "1.004_002"},{"date" => "2016-03-23T09:34:13","version" => "1.004_003"},{"date" => "2016-04-15T05:58:07","version" => "1.004_004"},{"date" => "2016-04-16T00:01:33","version" => "1.005"},{"date" => "2017-08-26T04:27:06","version" => "1.006"},{"date" => "2018-11-24T01:47:34","version" => "1.007"},{"date" => "2018-12-31T10:04:02","version" => "1.008"},{"date" => "2019-01-11T09:10:13","version" => "1.009"},{"date" => "2019-02-13T08:14:07","version" => "1.010"},{"date" => "2019-03-07T03:20:03","version" => "1.011"},{"date" => "2020-06-14T03:26:02","version" => "1.012"},{"date" => "2022-04-27T05:18:23","version" => "1.013"},{"date" => "2022-04-28T07:22:51","version" => "1.014"},{"date" => "2022-05-07T04:35:16","version" => "1.015"},{"date" => "2022-06-12T05:27:23","version" => "1.016"},{"date" => "2022-06-14T09:55:03","version" => "1.017"},{"date" => "2022-06-19T12:04:12","version" => "1.018"},{"date" => "2022-07-09T03:41:29","version" => "1.019"},{"date" => "2023-11-12T06:55:05","version" => "1.020"},{"date" => "2023-12-01T06:53:47","version" => "1.021"},{"date" => "2023-12-02T23:32:54","version" => "1.022"},{"date" => "2024-01-19T03:18:43","version" => "1.023"},{"date" => "2024-04-06T02:24:09","version" => "1.024"},{"date" => "2024-04-14T12:28:26","version" => "1.024_001"},{"date" => "2024-04-20T07:15:38","version" => "1.024_002"},{"date" => "2024-04-22T12:51:23","version" => "1.024_003"},{"date" => "2024-04-24T08:35:58","version" => "1.024_004"},{"date" => "2024-04-27T01:24:42","version" => "1.024_005"},{"date" => "2024-06-11T11:35:22","version" => "1.024_006"},{"date" => "2024-06-12T09:58:08","version" => "1.024_007"},{"date" => "2024-06-13T10:45:14","version" => "1.024_008"},{"date" => "2024-11-16T05:30:21","version" => "1.025"},{"date" => "2025-02-08T05:03:18","version" => "1.026"},{"date" => "2025-03-02T10:22:16","version" => "1.027"},{"date" => "2025-06-08T08:16:50","version" => "1.027_001"},{"date" => "2025-06-16T09:35:19","version" => "1.028"},{"date" => "2025-10-06T07:54:07","version" => "1.029"}]},"JS-jQuery" => {"advisories" => [{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "JS::jQuery","versions" => [{"date" => "2008-03-11T01:54:48","version" => "1.2.3.001"},{"date" => "2008-08-28T06:54:56","version" => "1.2.6.001"}]},"JSON-SIMD" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40930"],"description" => "JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact.","distribution" => "JSON-SIMD","fixed_versions" => [],"id" => "CPANSA-JSON-SIMD-2025-40930","references" => ["https://github.com/pjuhasz/JSON-SIMD/commit/9a87de7331c9fa5198cae404a83b17649cf7b918.patch","https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.06/source/SIMD.xs#L248","https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.07/changes"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "JSON::SIMD","versions" => [{"date" => "2023-04-17T17:13:41","version" => "1.00"},{"date" => "2023-04-17T17:37:46","version" => "1.01"},{"date" => "2023-04-17T18:04:21","version" => "1.02"},{"date" => "2023-04-18T18:56:08","version" => "1.03"},{"date" => "2023-04-20T18:02:37","version" => "1.04"},{"date" => "2023-04-22T20:28:17","version" => "1.05"},{"date" => "2023-04-27T16:22:59","version" => "1.06"},{"date" => "2025-09-08T14:44:06","version" => "1.07"}]},"JSON-XS" => {"advisories" => [{"affected_versions" => ["<4.04"],"cves" => ["CVE-2025-40928"],"description" => "JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact","distribution" => "JSON-XS","fixed_versions" => [">=4.04"],"id" => "CPANSA-JSON-XS-2025-40928","references" => ["https://metacpan.org/release/MLEHMANN/JSON-XS-4.03/source/XS.xs#L256","https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "JSON::XS","versions" => [{"date" => "2007-03-22T21:14:45","version" => "0.1"},{"date" => "2007-03-22T23:25:44","version" => "0.2"},{"date" => "2007-03-23T18:34:15","version" => "0.3"},{"date" => "2007-03-24T01:15:56","version" => "0.31"},{"date" => "2007-03-24T19:43:37","version" => "0.5"},{"date" => "2007-03-25T00:48:00","version" => "0.7"},{"date" => "2007-03-25T22:12:20","version" => "0.8"},{"date" => "2007-03-29T02:46:46","version" => "1.0"},{"date" => "2007-03-31T14:24:01","version" => "1.01"},{"date" => "2007-04-04T00:02:20","version" => "1.1"},{"date" => "2007-04-09T05:11:06","version" => "1.11"},{"date" => "2007-05-09T16:36:29","version" => "1.2"},{"date" => "2007-05-09T16:41:26","version" => "1.21"},{"date" => "2007-05-23T22:07:54","version" => "1.22"},{"date" => "2007-06-06T18:17:55","version" => "1.23"},{"date" => "2007-06-11T03:45:26","version" => "1.24"},{"date" => "2007-06-23T23:50:26","version" => "1.3"},{"date" => "2007-07-02T08:08:00","version" => "1.4"},{"date" => "2007-07-10T16:23:43","version" => "1.41"},{"date" => "2007-07-23T22:58:05","version" => "1.42"},{"date" => "2007-07-26T11:33:40","version" => "1.43"},{"date" => "2007-08-21T23:03:31","version" => "1.44"},{"date" => "2007-08-28T02:07:48","version" => "1.5"},{"date" => "2007-10-13T01:58:29","version" => "1.51"},{"date" => "2007-10-15T01:23:45","version" => "1.52"},{"date" => "2007-11-13T22:59:42","version" => "1.53"},{"date" => "2007-12-04T10:37:49","version" => "2.0"},{"date" => "2007-12-05T11:00:12","version" => "2.01"},{"date" => "2008-03-19T22:31:09","version" => "2.1"},{"date" => "2008-04-16T18:38:21","version" => "2.2"},{"date" => "2008-06-03T06:44:13","version" => "2.21"},{"date" => "2008-07-15T11:30:13","version" => "2.22"},{"date" => "2008-07-19T04:22:25","version" => "2.222"},{"date" => "2008-07-20T17:55:32","version" => "2.2222"},{"date" => "2008-09-29T03:09:52","version" => "2.23"},{"date" => "2008-11-20T04:00:26","version" => "2.231"},{"date" => "2009-02-19T01:13:45","version" => "2.2311"},{"date" => "2009-02-22T10:13:47","version" => "2.232"},{"date" => "2009-05-30T06:27:00","version" => "2.24"},{"date" => "2009-08-08T10:06:47","version" => "2.25"},{"date" => "2009-10-10T01:49:08","version" => "2.26"},{"date" => "2010-01-07T06:36:46","version" => "2.27"},{"date" => "2010-03-11T19:31:59","version" => "2.28"},{"date" => "2010-03-17T01:45:55","version" => "2.29"},{"date" => "2010-08-17T23:27:33","version" => "2.3"},{"date" => "2011-07-27T15:54:57","version" => "2.31"},{"date" => "2011-08-11T17:07:26","version" => "2.32"},{"date" => "2012-08-01T19:04:47","version" => "2.33"},{"date" => "2013-05-23T09:33:09","version" => "2.34"},{"date" => "2013-10-29T06:25:52","version" => "3.0"},{"date" => "2013-10-29T15:57:01","version" => "3.01"},{"date" => "2016-02-26T21:47:56","version" => "3.02"},{"date" => "2016-11-16T19:22:12","version" => "3.03"},{"date" => "2017-08-17T03:49:01","version" => "3.04"},{"date" => "2018-11-15T23:08:35","version" => "4.0_00"},{"date" => "2018-11-19T10:28:12","version" => "4.0"},{"date" => "2019-02-24T04:08:23","version" => "4.01"},{"date" => "2019-03-06T07:32:09","version" => "4.02"},{"date" => "2020-10-27T18:06:42","version" => "4.03"},{"date" => "2025-09-08T16:00:30","version" => "4.04"}]},"JavaScript-Duktape" => {"advisories" => [{"affected_versions" => [">=2.1.0,<=2.1.1"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.1.2,<=2.1.4"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.1.5,<=2.2.1"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.3.0,<=2.4.2"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => ["==2.5.0"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"}],"main_module" => "JavaScript::Duktape","versions" => [{"date" => "2015-05-06T22:56:32","version" => "v0.0.1_1"},{"date" => "2015-05-18T00:23:07","version" => "v0.0.1_2"},{"date" => "2015-05-20T21:48:48","version" => "v0.0.2_1"},{"date" => "2015-06-13T19:03:59","version" => "v0.0.3"},{"date" => "2015-07-03T17:56:13","version" => "v0.0.4"},{"date" => "2015-07-16T19:16:14","version" => "v0.0.5"},{"date" => "2015-10-24T00:09:54","version" => "v0.1.1"},{"date" => "2015-11-02T17:01:15","version" => "v0.2.0"},{"date" => "2015-11-03T16:48:04","version" => "v0.2.1"},{"date" => "2015-11-09T10:12:50","version" => "v0.3.0"},{"date" => "2016-04-01T20:02:28","version" => "v1.0.0"},{"date" => "2016-04-07T17:41:05","version" => "v1.0.1"},{"date" => "2016-05-03T17:13:29","version" => "v1.0.2"},{"date" => "2017-02-24T00:39:47","version" => "v2.1.0"},{"date" => "2017-03-10T12:24:35","version" => "v2.1.1"},{"date" => "2017-03-23T03:16:11","version" => "v2.1.2"},{"date" => "2017-03-25T17:49:27","version" => "v2.1.3"},{"date" => "2017-05-20T14:17:44","version" => "v2.1.4"},{"date" => "2017-05-27T15:04:29","version" => "v2.1.5"},{"date" => "2017-06-02T20:31:52","version" => "v2.2.0"},{"date" => "2017-06-21T22:08:07","version" => "v2.2.1"},{"date" => "2017-12-16T15:41:31","version" => "v2.3.0"},{"date" => "2017-12-16T19:24:58","version" => "v2.4.0"},{"date" => "2017-12-16T20:38:04","version" => "v2.4.1"},{"date" => "2017-12-17T20:04:05","version" => "v2.4.2"},{"date" => "2018-09-04T11:14:29","version" => "v2.5.0"}]},"JavaScript-Duktape-XS" => {"advisories" => [{"affected_versions" => [">=0.000030,<=0.000078"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape-XS","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-XS-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"}],"main_module" => "JavaScript::Duktape::XS","versions" => [{"date" => "2018-03-22T19:58:59","version" => "0.000030"},{"date" => "2018-03-23T11:49:50","version" => "0.000031"},{"date" => "2018-03-26T11:02:50","version" => "0.000032"},{"date" => "2018-03-29T14:31:21","version" => "0.000034"},{"date" => "2018-03-30T07:15:32","version" => "0.000035"},{"date" => "2018-04-04T09:33:24","version" => "0.000036"},{"date" => "2018-04-10T12:34:39","version" => "0.000037"},{"date" => "2018-04-10T15:15:12","version" => "0.000038"},{"date" => "2018-04-12T10:11:24","version" => "0.000039"},{"date" => "2018-04-12T11:44:15","version" => "0.000040"},{"date" => "2018-04-12T12:11:45","version" => "0.000041"},{"date" => "2018-04-13T08:53:34","version" => "0.000042"},{"date" => "2018-04-16T10:13:44","version" => "0.000043"},{"date" => "2018-04-17T07:52:14","version" => "0.000044"},{"date" => "2018-04-18T15:14:31","version" => "0.000045"},{"date" => "2018-04-19T06:55:16","version" => "0.000046"},{"date" => "2018-04-19T13:05:20","version" => "0.000047"},{"date" => "2018-04-19T15:00:21","version" => "0.000048"},{"date" => "2018-04-23T10:31:54","version" => "0.000049"},{"date" => "2018-04-23T15:11:03","version" => "0.000050"},{"date" => "2018-04-25T08:52:03","version" => "0.000051"},{"date" => "2018-05-13T22:52:47","version" => "0.000052"},{"date" => "2018-05-30T08:29:51","version" => "0.000060"},{"date" => "2018-05-30T14:48:38","version" => "0.000061"},{"date" => "2018-06-07T17:38:20","version" => "0.000062"},{"date" => "2018-06-08T07:14:07","version" => "0.000063"},{"date" => "2018-06-08T13:01:42","version" => "0.000064"},{"date" => "2018-06-08T15:37:05","version" => "0.000065"},{"date" => "2018-06-26T08:28:00","version" => "0.000066"},{"date" => "2018-06-26T10:34:38","version" => "0.000067"},{"date" => "2018-07-11T14:18:40","version" => "0.000068"},{"date" => "2018-07-27T11:54:29","version" => "0.000069"},{"date" => "2018-07-30T07:57:07","version" => "0.000070"},{"date" => "2018-08-28T14:01:07","version" => "0.000071"},{"date" => "2018-09-10T12:53:10","version" => "0.000073"},{"date" => "2018-09-11T08:44:24","version" => "0.000074"},{"date" => "2019-01-31T15:24:38","version" => "0.000075"},{"date" => "2019-04-08T08:53:49","version" => "0.000076"},{"date" => "2019-06-28T06:54:32","version" => "0.000077"},{"date" => "2019-08-14T11:05:18","version" => "0.000078"},{"date" => "2021-09-02T10:21:33","version" => "0.000079"},{"date" => "2025-02-19T09:44:22","version" => "0.000081"}]},"Jifty" => {"advisories" => [{"affected_versions" => ["<1.10518"],"cves" => [],"description" => "The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations.  This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.\n","distribution" => "Jifty","fixed_versions" => [">=1.10518"],"id" => "CPANSA-Jifty-2011-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2011-03-17"},{"affected_versions" => ["<0.90409"],"cves" => [],"description" => "The REST plugin would let you call any method on the model.\n","distribution" => "Jifty","fixed_versions" => [">=0.90409"],"id" => "CPANSA-Jifty-2009-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2009-04-09"},{"affected_versions" => ["<0.70408"],"cves" => [],"description" => "Allowed all actions on GET.\n","distribution" => "Jifty","fixed_versions" => [">=0.80408"],"id" => "CPANSA-Jifty-2008-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2009-04-08"},{"affected_versions" => ["<0.60706"],"cves" => [],"description" => "Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the \"standalone\" webserver in production, the attacker could gain read only access to local files.\n","distribution" => "Jifty","fixed_versions" => [">=0.60706"],"id" => "CPANSA-Jifty-2006-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2006-07-06"}],"main_module" => "Jifty","versions" => [{"date" => "2005-12-25T08:19:39","version" => "0.51225"},{"date" => "2005-12-28T17:23:39","version" => "0.51228"},{"date" => "2006-02-14T04:15:03","version" => "0.60213"},{"date" => "2006-02-22T04:57:24","version" => "0.60213"},{"date" => "2006-03-21T23:10:58","version" => "0.60213"},{"date" => "2006-05-05T18:56:21","version" => "0.60321"},{"date" => "2006-05-08T14:38:03","version" => "0.60507"},{"date" => "2006-06-15T14:01:15","version" => "0.60714"},{"date" => "2006-06-16T12:16:03","version" => "0.60616"},{"date" => "2006-07-07T04:32:27","version" => "0.60706"},{"date" => "2006-07-07T05:54:06","version" => "0.60707"},{"date" => "2006-07-23T00:27:10","version" => "0.60722"},{"date" => "2006-09-13T00:25:58","version" => "0.60912"},{"date" => "2006-11-24T03:39:06","version" => "0.61123_01"},{"date" => "2007-01-17T04:52:58","version" => "0.70116"},{"date" => "2007-01-17T20:49:04","version" => "0.70117"},{"date" => "2007-04-17T18:45:55","version" => "0.70415"},{"date" => "2007-04-23T01:08:41","version" => "0.70422"},{"date" => "2007-08-24T04:20:59","version" => "0.70824"},{"date" => "2007-11-29T22:13:17","version" => "0.71129"},{"date" => "2008-04-08T21:15:29","version" => "0.80408"},{"date" => "2009-04-09T23:10:34","version" => "0.90409"},{"date" => "2009-05-20T01:14:48","version" => "0.90519"},{"date" => "2009-06-30T17:41:18","version" => "0.90519"},{"date" => "2009-07-01T19:08:14","version" => "0.90519"},{"date" => "2009-11-18T00:08:35","version" => "0.90701"},{"date" => "2010-12-09T23:08:09","version" => "1.01209"},{"date" => "2011-02-14T22:10:50","version" => "1.10214"},{"date" => "2011-02-28T16:22:26","version" => "1.10228"},{"date" => "2011-05-18T18:12:42","version" => "1.10518"},{"date" => "2015-04-30T20:48:27","version" => "1.50430"}]},"Jifty-DBI" => {"advisories" => [{"affected_versions" => ["<0.68"],"cves" => [],"description" => "SQL injection in column names, operators, order and group by.\n","distribution" => "Jifty-DBI","fixed_versions" => [">=0.68"],"id" => "CPANSA-Jifty-DBI-2011-01","references" => ["https://metacpan.org/dist/Jifty-DBI/changes","https://metacpan.org/dist/Jifty/changes"],"reported" => "2011-04-04"}],"main_module" => "Jifty::DBI","versions" => [{"date" => "2005-11-08T21:32:52","version" => "0.02"},{"date" => "2005-11-26T07:21:20","version" => "0.05_01"},{"date" => "2005-12-23T20:48:59","version" => "0.06"},{"date" => "2005-12-24T04:29:10","version" => "0.06"},{"date" => "2005-12-25T19:37:31","version" => "0.08"},{"date" => "2005-12-29T13:31:40","version" => "0.09"},{"date" => "2006-01-08T10:05:05","version" => "0.10"},{"date" => "2006-01-15T17:22:14","version" => "0.11"},{"date" => "2006-03-05T01:55:32","version" => "0.15"},{"date" => "2006-03-05T02:07:03","version" => "0.15"},{"date" => "2006-03-31T13:22:16","version" => "0.18"},{"date" => "2006-04-02T10:05:36","version" => "0.19"},{"date" => "2006-04-21T16:27:47","version" => "0.20"},{"date" => "2006-05-03T18:26:47","version" => "0.20"},{"date" => "2006-06-15T12:17:00","version" => "0.21"},{"date" => "2006-09-12T22:56:59","version" => "0.25"},{"date" => "2006-11-13T16:15:30","version" => "0.25"},{"date" => "2006-11-24T03:15:46","version" => "0.25"},{"date" => "2007-01-17T20:34:50","version" => "0.25"},{"date" => "2007-01-26T11:55:26","version" => "0.31"},{"date" => "2007-01-26T12:22:07","version" => "0.39_99"},{"date" => "2007-01-26T12:56:35","version" => "0.32"},{"date" => "2007-01-26T13:34:03","version" => "0.39_999"},{"date" => "2007-01-28T13:30:21","version" => "0.32"},{"date" => "2007-04-15T15:26:52","version" => "0.39_9999"},{"date" => "2007-04-16T20:21:33","version" => "0.41"},{"date" => "2007-08-24T04:20:36","version" => "0.43"},{"date" => "2007-10-26T16:48:22","version" => "0.43"},{"date" => "2007-11-07T17:27:17","version" => "0.46"},{"date" => "2007-11-16T21:28:33","version" => "0.46"},{"date" => "2007-11-29T21:38:34","version" => "0.46"},{"date" => "2008-04-08T03:05:48","version" => "0.49"},{"date" => "2009-03-25T19:32:29","version" => "0.53"},{"date" => "2009-05-19T12:33:45","version" => "0.53"},{"date" => "2009-07-14T07:29:33","version" => "0.53"},{"date" => "2009-11-19T01:16:21","version" => "0.59"},{"date" => "2010-01-04T18:04:58","version" => "0.60"},{"date" => "2010-12-08T20:15:10","version" => "0.63"},{"date" => "2010-12-08T20:24:47","version" => "0.64"},{"date" => "2011-02-14T21:27:51","version" => "0.66"},{"date" => "2011-02-28T16:00:37","version" => "0.67"},{"date" => "2011-04-14T16:20:25","version" => "0.68"},{"date" => "2011-05-17T19:54:33","version" => "0.69"},{"date" => "2011-06-15T20:46:39","version" => "0.70"},{"date" => "2011-06-17T20:39:50","version" => "0.71"},{"date" => "2011-10-17T16:45:06","version" => "0.72"},{"date" => "2012-01-25T21:39:16","version" => "0.73"},{"date" => "2012-01-25T21:45:14","version" => "0.74"},{"date" => "2013-01-29T20:18:33","version" => "0.75"},{"date" => "2013-06-17T22:14:37","version" => "0.76"},{"date" => "2013-12-01T18:11:35","version" => "0.77"},{"date" => "2015-04-30T19:16:36","version" => "0.78"}]},"Kelp" => {"advisories" => [{"affected_versions" => ["<0.9001"],"cves" => [],"description" => "X-Real-IP, X-Forwarded-Host and X-Remote-User headers were trusted and used in Kelp::Request\n","distribution" => "Kelp","fixed_versions" => [">=0.9001"],"id" => "CPANSA-Kelp-2014-01","references" => ["https://metacpan.org/dist/Kelp/changes","https://github.com/sgnix/kelp/commit/9f8f5a5215bdc1685a671c1157132a65727aadff"],"reported" => "2014-05-30","reviewed_by" => [{"date" => "2022-06-28","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]}],"main_module" => "Kelp","versions" => [{"date" => "2013-04-12T17:16:52","version" => "0.1"},{"date" => "2013-04-12T17:39:48","version" => "0.11"},{"date" => "2013-04-14T01:05:22","version" => "0.2"},{"date" => "2013-04-16T21:52:38","version" => "0.21"},{"date" => "2013-04-17T04:59:31","version" => "0.215"},{"date" => "2013-04-17T13:16:42","version" => "0.216"},{"date" => "2013-04-17T19:13:12","version" => "0.217"},{"date" => "2013-04-20T01:47:43","version" => "0.218"},{"date" => "2013-04-20T20:27:42","version" => "0.2181"},{"date" => "2013-05-02T16:45:58","version" => "0.2182"},{"date" => "2013-05-06T03:44:19","version" => "0.219"},{"date" => "2013-05-14T20:01:26","version" => "0.2191"},{"date" => "2013-05-25T21:37:51","version" => "0.3001"},{"date" => "2013-06-14T05:59:18","version" => "0.3101"},{"date" => "2013-06-16T15:38:29","version" => "0.3102"},{"date" => "2013-07-03T02:34:18","version" => "0.4001"},{"date" => "2013-07-05T17:36:59","version" => "0.4011"},{"date" => "2013-07-05T22:46:46","version" => "0.4012"},{"date" => "2013-08-15T03:19:01","version" => "0.4501"},{"date" => "2013-11-11T18:10:07","version" => "0.455"},{"date" => "2013-11-20T05:15:34","version" => "0.456"},{"date" => "2014-03-02T17:34:04","version" => "0.457"},{"date" => "2014-03-27T16:29:16","version" => "0.4601"},{"date" => "2014-03-31T22:46:22","version" => "0.4602"},{"date" => "2014-05-31T00:52:57","version" => "0.9001"},{"date" => "2014-07-13T00:41:29","version" => "0.9012"},{"date" => "2014-08-08T17:57:48","version" => "0.9015"},{"date" => "2014-12-15T07:02:58","version" => "0.9021"},{"date" => "2015-04-03T00:32:47","version" => "0.9051"},{"date" => "2015-08-11T06:50:14","version" => "0.9071"},{"date" => "2016-11-09T00:00:02","version" => "0.9081"},{"date" => "2017-12-28T21:08:47","version" => "1.01"},{"date" => "2018-01-08T16:43:42","version" => "1.02"},{"date" => "2021-01-12T14:26:40","version" => "1.03"},{"date" => "2021-01-14T15:00:50","version" => "1.03_1"},{"date" => "2021-01-16T16:53:41","version" => "1.03_2"},{"date" => "2021-01-18T21:15:56","version" => "1.04"},{"date" => "2021-01-21T12:12:36","version" => "1.04_01"},{"date" => "2021-01-21T17:15:38","version" => "1.05"},{"date" => "2022-05-09T21:07:41","version" => "1.06"},{"date" => "2024-06-02T18:49:17","version" => "1.07"},{"date" => "2024-06-05T19:57:13","version" => "1.10_01"},{"date" => "2024-06-08T19:49:17","version" => "2.00_01"},{"date" => "2024-06-09T13:06:47","version" => "2.00_02"},{"date" => "2024-06-09T15:41:33","version" => "2.00_03"},{"date" => "2024-06-09T20:00:29","version" => "2.00_04"},{"date" => "2024-06-10T07:25:19","version" => "2.00_05"},{"date" => "2024-06-10T15:39:47","version" => "2.00"},{"date" => "2024-06-15T11:55:22","version" => "2.01_01"},{"date" => "2024-06-18T16:33:19","version" => "2.01_02"},{"date" => "2024-06-19T19:26:30","version" => "2.01_03"},{"date" => "2024-06-20T06:26:12","version" => "2.01_04"},{"date" => "2024-06-20T20:43:31","version" => "2.01_05"},{"date" => "2024-06-23T19:25:33","version" => "2.10_01"},{"date" => "2024-06-24T05:14:31","version" => "2.10"},{"date" => "2024-06-25T04:15:52","version" => "2.11"},{"date" => "2024-06-26T06:15:21","version" => "2.12"},{"date" => "2024-07-01T06:06:23","version" => "2.13"},{"date" => "2024-07-02T05:28:06","version" => "2.14"},{"date" => "2024-07-03T19:52:27","version" => "2.15"},{"date" => "2024-07-05T19:03:36","version" => "2.16"},{"date" => "2024-07-06T04:18:40","version" => "2.17"},{"date" => "2024-10-08T04:22:01","version" => "2.18"},{"date" => "2024-10-10T20:15:05","version" => "2.19"},{"date" => "2025-03-30T20:44:00","version" => "2.20"},{"date" => "2025-04-02T21:37:22","version" => "2.21"},{"date" => "2025-06-12T19:29:46","version" => "2.22"}]},"Kossy" => {"advisories" => [{"affected_versions" => ["<0.60"],"cves" => ["CVE-2021-47157"],"description" => "Flaw in defense from JSON hijacking.\n","distribution" => "Kossy","fixed_versions" => [">=0.60"],"id" => "CPANSA-Kossy-2021-01","references" => ["https://github.com/kazeburo/Kossy/pull/16","https://metacpan.org/dist/Kossy/changes"],"reported" => "2021-08-29","severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Kossy","versions" => [{"date" => "2011-11-29T08:45:37","version" => "0.05"},{"date" => "2012-01-05T01:58:20","version" => "0.06"},{"date" => "2012-02-17T03:11:05","version" => "0.07"},{"date" => "2012-04-24T10:06:21","version" => "0.08"},{"date" => "2012-05-17T08:52:24","version" => "0.09"},{"date" => "2012-06-19T02:16:23","version" => "0.10"},{"date" => "2012-07-24T12:51:12","version" => "0.11"},{"date" => "2012-08-24T09:24:50","version" => "0.12"},{"date" => "2012-12-05T02:26:49","version" => "0.13"},{"date" => "2013-03-14T13:28:06","version" => "0.14"},{"date" => "2013-04-04T15:38:05","version" => "0.14"},{"date" => "2013-07-16T04:32:43","version" => "0.16"},{"date" => "2013-07-16T04:40:39","version" => "0.17"},{"date" => "2013-08-08T07:08:09","version" => "0.18"},{"date" => "2013-08-30T07:04:23","version" => "0.19"},{"date" => "2013-10-09T06:49:21","version" => "0.20"},{"date" => "2013-10-10T06:42:16","version" => "0.21"},{"date" => "2013-10-15T02:46:09","version" => "0.22"},{"date" => "2013-10-21T05:21:48","version" => "0.23"},{"date" => "2013-10-31T04:44:36","version" => "0.24"},{"date" => "2013-11-06T02:29:36","version" => "0.25"},{"date" => "2013-11-12T02:17:30","version" => "0.26"},{"date" => "2013-11-12T05:48:05","version" => "0.27"},{"date" => "2013-11-28T01:33:03","version" => "0.28"},{"date" => "2014-02-12T04:48:29","version" => "0.30"},{"date" => "2014-02-12T04:56:17","version" => "0.31"},{"date" => "2014-02-19T06:55:53","version" => "0.32"},{"date" => "2014-02-19T16:20:13","version" => "0.33"},{"date" => "2014-02-19T17:19:43","version" => "0.34"},{"date" => "2014-05-28T15:13:06","version" => "0.34"},{"date" => "2014-05-28T15:51:34","version" => "0.34"},{"date" => "2014-05-28T16:50:27","version" => "0.37"},{"date" => "2014-05-29T06:37:53","version" => "0.38"},{"date" => "2014-10-20T05:47:47","version" => "0.39"},{"date" => "2016-07-19T15:04:31","version" => "0.40"},{"date" => "2021-08-26T13:50:58","version" => "0.50"},{"date" => "2021-09-16T12:04:39","version" => "0.60"},{"date" => "2023-11-06T14:27:18","version" => "0.61"},{"date" => "2023-11-09T08:57:59","version" => "0.62"},{"date" => "2023-11-13T02:24:42","version" => "0.63"}]},"LWP-Protocol-Net-Curl" => {"advisories" => [{"affected_versions" => ["<0.009"],"cves" => [],"description" => "Misconfiguration with libcurl v7.28.1 causes a HTTPS validation issues.\n","distribution" => "LWP-Protocol-Net-Curl","fixed_versions" => [">=0.009"],"id" => "CPANSA-LWP-Protocol-Net-Curl-2012-01","references" => ["https://metacpan.org/changes/distribution/LWP-Protocol-Net-Curl","https://github.com/creaktive/LWP-Protocol-Net-Curl/commit/dc8b183c6520a2b6bcde685de635675ee4a7e019"],"reported" => "2012-11-28"}],"main_module" => "LWP::Protocol::Net::Curl","versions" => [{"date" => "2012-10-24T18:49:20","version" => "0.001"},{"date" => "2012-10-26T20:05:13","version" => "0.002"},{"date" => "2012-10-29T18:55:46","version" => "0.003"},{"date" => "2012-10-31T13:01:46","version" => "0.004"},{"date" => "2012-11-01T15:17:14","version" => "0.005"},{"date" => "2012-11-12T12:23:09","version" => "0.006"},{"date" => "2012-11-13T14:33:10","version" => "0.007"},{"date" => "2012-11-25T22:38:58","version" => "0.008"},{"date" => "2012-11-28T19:03:10","version" => "0.009"},{"date" => "2012-12-07T00:13:55","version" => "0.010"},{"date" => "2012-12-18T12:05:00","version" => "0.011"},{"date" => "2013-02-08T11:00:04","version" => "0.012"},{"date" => "2013-02-11T01:56:30","version" => "0.013"},{"date" => "2013-02-16T12:51:03","version" => "0.014"},{"date" => "2013-05-13T21:41:47","version" => "0.015"},{"date" => "2013-05-18T22:12:03","version" => "0.016"},{"date" => "2013-07-13T12:22:34","version" => "0.017"},{"date" => "2013-08-17T11:34:49","version" => "0.018"},{"date" => "2013-10-11T12:33:53","version" => "0.019"},{"date" => "2013-10-13T09:02:17","version" => "0.020"},{"date" => "2014-01-21T17:46:37","version" => "0.021"},{"date" => "2014-07-09T15:04:06","version" => "0.022"},{"date" => "2014-12-23T17:06:56","version" => "0.023"},{"date" => "2019-07-12T12:27:08","version" => "0.024"},{"date" => "2019-07-15T11:29:17","version" => "0.025"},{"date" => "2019-10-08T12:01:54","version" => "0.026"},{"date" => "2025-01-21T10:57:04","version" => "0.027"}]},"LWP-Protocol-https" => {"advisories" => [{"affected_versions" => [">=6.04,<=6.06"],"cves" => ["CVE-2014-3230"],"description" => "The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.\n","distribution" => "LWP-Protocol-https","fixed_versions" => [">6.06"],"id" => "CPANSA-LWP-Protocol-https-2014-3230","references" => ["http://www.openwall.com/lists/oss-security/2014/05/04/1","http://www.openwall.com/lists/oss-security/2014/05/02/8","http://www.openwall.com/lists/oss-security/2014/05/06/8","https://github.com/libwww-perl/lwp-protocol-https/pull/14","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579"],"reported" => "2020-01-28","severity" => "medium"}],"main_module" => "LWP::Protocol::https","versions" => [{"date" => "2011-03-27T11:59:53","version" => "6.02"},{"date" => "2012-02-18T23:01:32","version" => "6.03"},{"date" => "2013-04-29T21:26:33","version" => "6.04"},{"date" => "2014-04-18T17:03:15","version" => "6.06"},{"date" => "2017-02-20T02:46:43","version" => "6.07"},{"date" => "2020-03-23T20:20:33","version" => "6.08"},{"date" => "2020-07-16T13:33:20","version" => "6.09"},{"date" => "2020-12-17T15:44:24","version" => "6.10"},{"date" => "2023-07-09T15:11:15","version" => "6.11"},{"date" => "2024-01-22T17:51:48","version" => "6.12"},{"date" => "2024-02-06T01:01:15","version" => "6.13"},{"date" => "2024-03-11T01:09:49","version" => "6.14"},{"date" => "2026-02-23T20:37:13","version" => "6.15"}]},"Lemonldap-NG-Common" => {"advisories" => [{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.94"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.94"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.95"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.95"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.12"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Common","versions" => [{"date" => "2008-12-25T08:24:58","version" => "0.9"},{"date" => "2008-12-28T09:07:37","version" => "0.91"},{"date" => "2009-02-08T07:12:51","version" => "0.92"},{"date" => "2009-06-29T10:14:12","version" => "0.93"},{"date" => "2009-06-29T11:55:37","version" => "0.94"},{"date" => "2009-10-11T08:25:47","version" => "0.95"},{"date" => "2010-10-13T21:00:29","version" => "0.99"},{"date" => "2010-10-22T05:34:36","version" => "0.99.1"},{"date" => "2010-10-22T05:44:23","version" => "0.991"},{"date" => "2010-10-24T06:31:39","version" => "0.992"},{"date" => "2010-11-26T13:38:09","version" => "1.0.0"},{"date" => "2011-02-28T13:40:38","version" => "1.0.2"},{"date" => "2011-03-07T11:16:29","version" => "1.0.3"},{"date" => "2011-03-23T14:52:32","version" => "1.0.4"},{"date" => "2011-04-15T14:51:05","version" => "1.0.5"},{"date" => "2011-05-30T08:40:05","version" => "1.0.6"},{"date" => "2011-07-08T09:33:02","version" => "1.1.0"},{"date" => "2011-07-29T13:41:39","version" => "1.1.1"},{"date" => "2011-10-07T12:56:16","version" => "1.1.2"},{"date" => "2012-06-18T10:11:39","version" => "1.2.0"},{"date" => "2012-07-06T09:18:20","version" => "1.2.1"},{"date" => "2012-09-17T14:02:30","version" => "1.2.2"},{"date" => "2013-01-25T21:51:20","version" => "1.2.2_01"},{"date" => "2013-02-08T17:09:50","version" => "1.2.3"},{"date" => "2013-04-23T13:19:31","version" => "1.2.4"},{"date" => "2013-08-26T10:37:20","version" => "1.2.5"},{"date" => "2013-11-02T16:29:19","version" => "v1.3.0"},{"date" => "2013-11-10T18:00:20","version" => "v1.3.0_01"},{"date" => "2013-11-11T13:59:28","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:16","version" => "1.3.2"},{"date" => "2014-03-07T13:54:49","version" => "1.3.3"},{"date" => "2014-06-30T12:52:26","version" => "v1.4.0"},{"date" => "2014-07-25T09:53:47","version" => "v1.4.1"},{"date" => "2014-11-05T15:13:39","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:12","version" => "v1.4.3"},{"date" => "2015-04-15T10:04:56","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:36","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:30","version" => "v1.4.6"},{"date" => "2016-03-02T09:49:50","version" => "v1.9.0"},{"date" => "2016-03-22T14:24:49","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:14","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:35","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:02","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:17","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:03","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:00","version" => "v1.9.4"},{"date" => "2016-07-13T09:07:43","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:20","version" => "v1.9.5"},{"date" => "2016-10-10T13:33:58","version" => "v1.4.11"},{"date" => "2016-10-16T12:22:51","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:20","version" => "v1.9.7"},{"date" => "2017-02-28T21:02:38","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:54:49","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:35","version" => "v1.9.99_02"},{"date" => "2017-03-07T05:58:47","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:13","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:20:56","version" => "v1.9.9"},{"date" => "2017-05-19T18:53:04","version" => "v1.9.10"},{"date" => "2017-09-01T10:30:44","version" => "v1.9.11"},{"date" => "2017-09-12T08:39:52","version" => "v1.9.12"},{"date" => "2017-09-29T13:58:45","version" => "v1.9.13"},{"date" => "2017-11-24T19:57:28","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:02","version" => "v1.9.15"},{"date" => "2018-03-16T10:33:38","version" => "v1.9.16"},{"date" => "2018-06-16T09:26:52","version" => "v1.9.17"},{"date" => "2018-10-05T09:39:50","version" => "v1.9.18"},{"date" => "2019-02-12T17:13:05","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:36","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:02","version" => "v2.0.4"},{"date" => "2019-06-29T21:29:43","version" => "v2.0.5"},{"date" => "2019-12-21T21:46:05","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:02","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:18","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:02","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:35","version" => "v2.0.11"},{"date" => "2021-07-22T17:37:52","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:22","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:37","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:02","version" => "v2.0.15"},{"date" => "2022-09-16T08:34:33","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:28:06","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:19","version" => "v2.16.2"},{"date" => "2023-08-30T16:22:52","version" => "v2.17.0"},{"date" => "2023-12-20T21:10:29","version" => "v2.18.0"},{"date" => "2023-12-22T23:40:41","version" => "v2.18.1"},{"date" => "2024-02-06T17:42:02","version" => "v2.18.2"},{"date" => "2024-04-30T15:22:47","version" => "v2.19.0"},{"date" => "2024-07-15T14:44:53","version" => "v2.19.1"},{"date" => "2024-09-04T07:29:59","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:27","version" => "v2.20.0"},{"date" => "2024-11-08T16:33:39","version" => "v2.20.1"},{"date" => "2025-01-22T17:42:14","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:01","version" => "v2.21.0"},{"date" => "2025-06-11T11:14:59","version" => "v2.21.1"},{"date" => "2025-07-11T15:39:59","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:23","version" => "v2.21.3"},{"date" => "2025-10-17T15:26:48","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:08","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:05","version" => "v2.22.2"}]},"Lemonldap-NG-Handler" => {"advisories" => [{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.76"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.76"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.88"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.88"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.92"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.92"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Handler","versions" => [{"date" => "2005-06-29T18:42:29","version" => "0.01"},{"date" => "2005-07-02T08:47:30","version" => "0.02"},{"date" => "2005-07-27T19:22:32","version" => "0.03"},{"date" => "2005-07-29T14:35:49","version" => "0.04"},{"date" => "2005-07-29T15:36:42","version" => "0.05"},{"date" => "2006-07-13T17:53:49","version" => "0.06"},{"date" => "2006-09-27T16:47:33","version" => "0.07"},{"date" => "2006-09-30T21:30:18","version" => "0.1"},{"date" => "2006-10-07T13:24:25","version" => "0.11"},{"date" => "2006-10-14T13:17:22","version" => "0.3"},{"date" => "2006-10-17T13:58:42","version" => "0.5"},{"date" => "2006-11-02T14:33:27","version" => "0.6"},{"date" => "2006-11-02T15:58:18","version" => "0.61"},{"date" => "2006-11-03T07:14:00","version" => "0.62"},{"date" => "2006-12-05T06:47:36","version" => "0.621"},{"date" => "2006-12-07T21:02:24","version" => "0.63"},{"date" => "2006-12-19T18:22:50","version" => "0.7"},{"date" => "2006-12-31T13:03:21","version" => "0.71"},{"date" => "2007-01-05T20:38:29","version" => "0.73"},{"date" => "2007-02-10T11:16:17","version" => "0.74"},{"date" => "2007-02-28T22:28:56","version" => "0.75"},{"date" => "2007-03-09T20:16:44","version" => "0.76"},{"date" => "2007-03-29T19:52:16","version" => "0.77"},{"date" => "2007-04-14T13:14:29","version" => "0.8"},{"date" => "2007-04-15T12:47:16","version" => "0.81"},{"date" => "2007-06-20T19:44:05","version" => "0.82"},{"date" => "2007-07-22T20:34:59","version" => "0.83"},{"date" => "2007-07-31T05:11:23","version" => "0.84"},{"date" => "2008-02-28T07:11:26","version" => "0.85"},{"date" => "2008-04-11T14:53:16","version" => "0.86"},{"date" => "2008-06-06T05:49:44","version" => "0.87"},{"date" => "2008-06-06T12:59:07","version" => "0.88"},{"date" => "2008-08-25T19:52:13","version" => "0.89"},{"date" => "2008-12-25T08:26:27","version" => "0.9"},{"date" => "2009-06-29T10:14:23","version" => "0.91"},{"date" => "2009-10-11T08:25:58","version" => "0.92"},{"date" => "2010-10-13T21:00:41","version" => "0.99"},{"date" => "2010-10-22T05:34:48","version" => "0.99.1"},{"date" => "2010-10-22T05:44:36","version" => "0.991"},{"date" => "2010-10-24T06:31:51","version" => "0.992"},{"date" => "2010-11-26T13:38:22","version" => "1.0.0"},{"date" => "2011-02-28T13:42:05","version" => "1.0.2"},{"date" => "2011-03-07T11:16:41","version" => "1.0.3"},{"date" => "2011-03-23T14:52:45","version" => "1.0.4"},{"date" => "2011-04-15T14:51:16","version" => "1.0.5"},{"date" => "2011-05-30T08:40:17","version" => "1.0.6"},{"date" => "2011-07-08T09:33:13","version" => "1.1.0"},{"date" => "2011-07-29T13:43:07","version" => "1.1.1"},{"date" => "2011-10-07T12:56:28","version" => "1.1.2"},{"date" => "2012-06-18T10:13:06","version" => "1.2.0"},{"date" => "2012-07-06T09:18:32","version" => "1.2.1"},{"date" => "2012-09-17T14:02:42","version" => "1.2.2"},{"date" => "2013-01-25T21:51:32","version" => "1.2.2_01"},{"date" => "2013-02-08T17:10:02","version" => "1.2.3"},{"date" => "2013-04-23T13:19:34","version" => "1.2.4"},{"date" => "2013-08-26T10:37:32","version" => "1.2.5"},{"date" => "2013-11-02T16:29:31","version" => "v1.3.0"},{"date" => "2013-11-11T14:00:55","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:27","version" => "1.3.2"},{"date" => "2014-03-07T13:55:01","version" => "1.3.3"},{"date" => "2014-06-30T12:52:38","version" => "v1.4.0"},{"date" => "2014-07-25T09:53:58","version" => "v1.4.1"},{"date" => "2014-11-05T15:13:51","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:24","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:08","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:47","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:41","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:01","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:00","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:26","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:47","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:13","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:29","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:15","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:11","version" => "v1.9.4"},{"date" => "2016-07-13T09:07:55","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:31","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:10","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:02","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:32","version" => "v1.9.7"},{"date" => "2017-02-28T21:10:55","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:01","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:46","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:15","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:25","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:08","version" => "v1.9.9"},{"date" => "2017-05-19T18:50:09","version" => "v1.9.10"},{"date" => "2017-09-01T10:30:55","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:03","version" => "v1.9.12"},{"date" => "2017-09-29T13:58:57","version" => "v1.9.13"},{"date" => "2017-11-24T19:57:39","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:13","version" => "v1.9.15"},{"date" => "2018-03-16T10:33:50","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:04","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:02","version" => "v1.9.18"},{"date" => "2018-11-30T10:48:13","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:16","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:47","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:13","version" => "v2.0.4"},{"date" => "2019-06-29T21:29:54","version" => "v2.0.5"},{"date" => "2019-09-24T13:00:38","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:16","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:13","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:30","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:13","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:46","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:04","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:33","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:48","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:13","version" => "v2.0.15"},{"date" => "2022-09-16T08:34:44","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:28:17","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:30","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:18","version" => "v2.17.0"},{"date" => "2023-12-20T21:10:42","version" => "v2.18.0"},{"date" => "2023-12-22T23:40:52","version" => "v2.18.1"},{"date" => "2024-02-06T17:42:13","version" => "v2.18.2"},{"date" => "2024-04-30T15:22:58","version" => "v2.19.0"},{"date" => "2024-07-15T14:45:04","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:10","version" => "v2.19.2"},{"date" => "2024-10-08T15:56:54","version" => "v2.20.0"},{"date" => "2024-11-08T16:33:50","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:18","version" => "v2.20.2"},{"date" => "2025-01-22T17:42:25","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:12","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:10","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:10","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:34","version" => "v2.21.3"},{"date" => "2025-10-17T15:26:59","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:19","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:16","version" => "v2.22.2"}]},"Lemonldap-NG-Manager" => {"advisories" => [{"affected_versions" => ["0.03"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.03"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.511"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.511"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.72"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.72"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.87"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.87"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Manager","versions" => [{"date" => "2006-12-10T21:39:02","version" => "0.01"},{"date" => "2006-12-11T07:00:16","version" => "0.02"},{"date" => "2006-12-16T11:32:53","version" => "0.03"},{"date" => "2006-12-19T18:25:24","version" => "0.04"},{"date" => "2006-12-31T13:03:44","version" => "0.1"},{"date" => "2007-01-05T20:38:40","version" => "0.3"},{"date" => "2007-01-13T19:49:19","version" => "0.4"},{"date" => "2007-02-04T14:12:51","version" => "0.43"},{"date" => "2007-02-28T22:29:07","version" => "0.44"},{"date" => "2007-03-04T18:22:09","version" => "0.5"},{"date" => "2007-03-09T20:18:20","version" => "0.51"},{"date" => "2007-03-11T20:25:29","version" => "0.511"},{"date" => "2007-03-29T19:52:20","version" => "0.61"},{"date" => "2007-04-15T11:33:06","version" => "0.63"},{"date" => "2007-05-05T20:35:41","version" => "0.64"},{"date" => "2007-05-06T14:43:00","version" => "0.65"},{"date" => "2007-06-13T13:52:42","version" => "0.7"},{"date" => "2007-06-20T19:43:54","version" => "0.72"},{"date" => "2007-07-03T05:51:25","version" => "0.8"},{"date" => "2007-07-22T20:35:02","version" => "0.82"},{"date" => "2008-02-28T07:11:37","version" => "0.83"},{"date" => "2008-04-11T14:53:27","version" => "0.84"},{"date" => "2008-06-06T05:49:55","version" => "0.85"},{"date" => "2008-08-25T19:53:40","version" => "0.86"},{"date" => "2008-12-25T08:26:37","version" => "0.87"},{"date" => "2009-06-29T10:14:34","version" => "0.89"},{"date" => "2009-06-29T11:57:03","version" => "0.9"},{"date" => "2009-06-29T16:52:14","version" => "0.90"},{"date" => "2009-10-11T08:26:09","version" => "0.91"},{"date" => "2010-10-13T21:00:54","version" => "0.99"},{"date" => "2010-10-22T05:36:18","version" => "0.99.1"},{"date" => "2010-10-22T05:44:52","version" => "0.991"},{"date" => "2010-10-24T06:32:02","version" => "0.992"},{"date" => "2010-11-26T13:38:43","version" => "1.0.0"},{"date" => "2011-02-28T13:42:13","version" => "1.0.2"},{"date" => "2011-03-07T11:16:52","version" => "v1.0.3"},{"date" => "2011-03-23T14:52:57","version" => "1.0.4"},{"date" => "2011-04-15T14:51:27","version" => "1.0.5"},{"date" => "2011-05-30T08:40:28","version" => "1.0.6"},{"date" => "2011-07-08T09:33:24","version" => "1.1.0"},{"date" => "2011-07-29T13:43:25","version" => "1.1.1"},{"date" => "2011-10-07T12:56:39","version" => "1.1.2"},{"date" => "2012-06-18T10:13:16","version" => "1.2.0"},{"date" => "2012-07-06T09:18:43","version" => "1.2.1"},{"date" => "2012-09-17T14:02:56","version" => "1.2.2"},{"date" => "2013-01-25T21:51:43","version" => "1.2.2_01"},{"date" => "2013-02-08T17:11:29","version" => "1.2.3"},{"date" => "2013-04-23T13:19:45","version" => "1.2.4"},{"date" => "2013-08-26T10:38:59","version" => "1.2.5"},{"date" => "2013-11-02T16:29:43","version" => "v1.3.0"},{"date" => "2013-11-11T14:01:06","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:39","version" => "1.3.2"},{"date" => "2014-03-07T13:55:12","version" => "1.3.3"},{"date" => "2014-06-30T12:54:05","version" => "v1.4.0"},{"date" => "2014-07-25T09:55:25","version" => "v1.4.1"},{"date" => "2014-11-05T15:14:02","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:36","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:19","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:59","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:52","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:13","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:12","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:37","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:58","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:25","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:41","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:26","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:23","version" => "v1.9.4"},{"date" => "2016-07-13T09:08:06","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:43","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:21","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:14","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:43","version" => "v1.9.7"},{"date" => "2017-02-28T21:11:07","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:22","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:58","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:17","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:36","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:20","version" => "v1.9.9"},{"date" => "2017-05-19T18:50:21","version" => "v1.9.10"},{"date" => "2017-09-01T10:31:07","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:15","version" => "v1.9.12"},{"date" => "2017-09-29T14:00:24","version" => "v1.9.13"},{"date" => "2017-11-24T19:59:07","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:25","version" => "v1.9.15"},{"date" => "2018-03-16T10:34:01","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:16","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:14","version" => "v1.9.18"},{"date" => "2018-11-30T10:49:40","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:28","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:59","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:24","version" => "v2.0.4"},{"date" => "2019-06-29T21:31:21","version" => "v2.0.5"},{"date" => "2019-09-24T13:00:49","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:27","version" => "v2.0.7"},{"date" => "2020-05-05T16:12:34","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:41","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:24","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:57","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:15","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:44","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:59","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:24","version" => "v2.0.15"},{"date" => "2022-09-16T08:36:11","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:29:43","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:41","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:29","version" => "v2.17.0"},{"date" => "2023-12-20T21:12:09","version" => "v2.18.0"},{"date" => "2023-12-22T23:41:03","version" => "v2.18.1"},{"date" => "2024-02-06T17:49:02","version" => "v2.18.2"},{"date" => "2024-04-30T15:23:09","version" => "v2.19.0"},{"date" => "2024-07-15T14:45:15","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:22","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:38","version" => "v2.20.0"},{"date" => "2024-11-08T16:34:01","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:29","version" => "v2.20.2"},{"date" => "2025-01-22T17:40:23","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:23","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:21","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:21","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:45","version" => "v2.21.3"},{"date" => "2025-10-17T15:27:10","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:30","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:27","version" => "v2.22.2"}]},"Lemonldap-NG-Portal" => {"advisories" => [{"affected_versions" => ["<0.87"],"cves" => [],"description" => "When running on Apache with thread support setMacros and setGroups were not launched with the good datas.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [">=0.87"],"id" => "CPANSA-Lemonldap-NG-Portal-2009-01","references" => ["https://metacpan.org/changes/distribution/Lemonldap-NG-Portal"],"reported" => "2009-02-08"},{"affected_versions" => ["0.42"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.42"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.64"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.64"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.73"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.73"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.74"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.74"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.89"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.89"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Portal","versions" => [{"date" => "2005-06-29T18:44:50","version" => "0.01"},{"date" => "2005-07-02T08:49:37","version" => "0.02"},{"date" => "2006-10-07T13:24:36","version" => "0.1"},{"date" => "2006-10-14T13:26:07","version" => "0.11"},{"date" => "2006-10-14T14:11:06","version" => "0.111"},{"date" => "2006-10-17T13:58:53","version" => "0.2"},{"date" => "2006-11-02T15:23:31","version" => "0.4"},{"date" => "2006-11-03T07:25:06","version" => "0.41"},{"date" => "2006-12-07T21:02:36","version" => "0.42"},{"date" => "2006-12-19T18:26:07","version" => "0.5"},{"date" => "2006-12-31T13:03:32","version" => "0.51"},{"date" => "2007-01-13T19:47:36","version" => "0.6"},{"date" => "2007-02-28T22:29:18","version" => "0.62"},{"date" => "2007-03-04T18:23:52","version" => "0.63"},{"date" => "2007-03-09T20:18:23","version" => "0.64"},{"date" => "2007-03-29T19:52:31","version" => "0.7"},{"date" => "2007-04-01T20:26:10","version" => "0.71"},{"date" => "2007-04-14T20:46:13","version" => "0.72"},{"date" => "2007-04-20T06:51:13","version" => "0.73"},{"date" => "2007-06-13T13:54:26","version" => "0.74"},{"date" => "2007-07-22T20:35:13","version" => "0.76"},{"date" => "2007-07-31T05:11:34","version" => "0.77"},{"date" => "2007-10-15T06:03:56","version" => "0.8"},{"date" => "2008-02-28T07:13:04","version" => "0.81"},{"date" => "2008-04-11T14:53:38","version" => "0.82"},{"date" => "2008-06-06T05:50:06","version" => "0.83"},{"date" => "2008-06-06T12:46:10","version" => "0.84"},{"date" => "2008-08-25T19:53:48","version" => "0.85"},{"date" => "2008-12-25T08:26:49","version" => "0.86"},{"date" => "2009-02-08T07:13:05","version" => "0.87"},{"date" => "2009-06-29T10:14:46","version" => "0.88"},{"date" => "2009-07-05T11:40:59","version" => "0.89"},{"date" => "2009-10-11T08:26:21","version" => "0.90"},{"date" => "2010-10-13T21:02:21","version" => "0.99"},{"date" => "2010-10-22T05:36:29","version" => "0.99.1"},{"date" => "2010-10-22T05:45:04","version" => "0.991"},{"date" => "2010-10-24T06:33:29","version" => "0.992"},{"date" => "2010-11-26T13:38:59","version" => "1.0.0"},{"date" => "2011-02-28T13:42:23","version" => "1.0.2"},{"date" => "2011-03-07T11:17:03","version" => "v1.0.3"},{"date" => "2011-03-23T14:54:26","version" => "1.0.4"},{"date" => "2011-04-15T14:51:44","version" => "1.0.5"},{"date" => "2011-05-30T08:40:46","version" => "1.0.6"},{"date" => "2011-07-08T09:33:35","version" => "1.1.0"},{"date" => "2011-07-29T13:43:35","version" => "1.1.1"},{"date" => "2011-10-07T12:58:06","version" => "1.1.2"},{"date" => "2012-06-18T10:13:31","version" => "1.2.0"},{"date" => "2012-07-06T09:18:54","version" => "1.2.1"},{"date" => "2012-09-17T14:04:26","version" => "1.2.2"},{"date" => "2013-01-25T21:51:54","version" => "1.2.2_01"},{"date" => "2013-02-08T17:11:38","version" => "1.2.3"},{"date" => "2013-04-23T13:19:57","version" => "1.2.4"},{"date" => "2013-08-26T10:39:11","version" => "1.2.5"},{"date" => "2013-11-02T16:31:10","version" => "v1.3.0"},{"date" => "2013-11-10T18:00:31","version" => "v1.3.0_01"},{"date" => "2013-11-11T14:01:21","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:50","version" => "1.3.2"},{"date" => "2014-03-07T13:55:23","version" => "1.3.3"},{"date" => "2014-06-30T12:54:16","version" => "v1.4.0"},{"date" => "2014-07-25T09:55:37","version" => "v1.4.1"},{"date" => "2014-11-05T15:15:30","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:47","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:31","version" => "v1.4.4"},{"date" => "2015-05-22T16:54:10","version" => "v1.4.5"},{"date" => "2015-10-09T09:21:04","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:24","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:24","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:49","version" => "v1.9.1"},{"date" => "2016-04-27T15:23:10","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:36","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:52","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:38","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:34","version" => "v1.9.4"},{"date" => "2016-07-13T09:08:18","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:54","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:33","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:25","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:55","version" => "v1.9.7"},{"date" => "2017-02-28T21:11:18","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:34","version" => "v1.9.8"},{"date" => "2017-03-07T05:48:09","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:28","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:48","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:31","version" => "v1.9.9"},{"date" => "2017-05-19T18:48:42","version" => "v1.9.10"},{"date" => "2017-09-01T10:32:34","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:27","version" => "v1.9.12"},{"date" => "2017-09-29T14:00:36","version" => "v1.9.13"},{"date" => "2017-11-24T19:59:18","version" => "v1.9.14"},{"date" => "2018-01-23T12:50:53","version" => "v1.9.15"},{"date" => "2018-03-16T10:34:13","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:27","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:26","version" => "v1.9.18"},{"date" => "2018-11-30T10:49:52","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:39","version" => "v2.0.2"},{"date" => "2019-04-11T12:23:10","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:36","version" => "v2.0.4"},{"date" => "2019-06-29T21:31:33","version" => "v2.0.5"},{"date" => "2019-09-24T13:01:00","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:38","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:25","version" => "v2.0.8"},{"date" => "2020-09-07T06:21:08","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:36","version" => "v2.0.10"},{"date" => "2021-01-31T14:52:09","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:26","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:56","version" => "v2.0.13"},{"date" => "2022-02-22T18:13:11","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:35","version" => "v2.0.15"},{"date" => "2022-09-16T08:36:23","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:29:55","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:52","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:40","version" => "v2.17.0"},{"date" => "2023-12-20T21:12:20","version" => "v2.18.0"},{"date" => "2023-12-22T23:41:14","version" => "v2.18.1"},{"date" => "2024-02-06T17:49:13","version" => "v2.18.2"},{"date" => "2024-04-30T15:23:21","version" => "v2.19.0"},{"date" => "2024-07-15T14:48:13","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:33","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:50","version" => "v2.20.0"},{"date" => "2024-11-08T16:34:12","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:40","version" => "v2.20.2"},{"date" => "2025-01-22T17:40:34","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:34","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:32","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:33","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:56","version" => "v2.21.3"},{"date" => "2025-10-17T15:27:21","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:41","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:38","version" => "v2.22.2"}]},"Linux-Statm-Tiny" => {"advisories" => [{"affected_versions" => ["<0.0701"],"cves" => ["CVE-2025-3051"],"description" => "Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be\x{a0}loaded instead of the intended file, potentially leading to arbitrary\x{a0}code execution.  Linux::Statm::Tiny uses Mite to produce the affected code section due to\x{a0}CVE-2025-30672","distribution" => "Linux-Statm-Tiny","fixed_versions" => [">=0.0701"],"id" => "CPANSA-Linux-Statm-Tiny-2025-3051","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0700/source/lib/Linux/Statm/Tiny/Mite.pm#L82","https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0701/changes"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Linux::Statm::Tiny","versions" => [{"date" => "2015-01-05T12:19:47","version" => "0.0100"},{"date" => "2015-01-05T15:39:13","version" => "0.0200"},{"date" => "2015-01-05T18:23:59","version" => "0.0201"},{"date" => "2015-01-12T11:30:31","version" => "0.0300"},{"date" => "2015-03-27T13:57:06","version" => "0.0400"},{"date" => "2015-04-09T08:05:00","version" => "0.0500"},{"date" => "2015-05-05T16:02:45","version" => "0.0501"},{"date" => "2015-05-05T16:22:04","version" => "0.0502"},{"date" => "2015-05-06T13:21:39","version" => "0.0503"},{"date" => "2015-05-25T13:38:11","version" => "0.0504"},{"date" => "2015-06-23T17:07:45","version" => "0.0505"},{"date" => "2018-10-27T22:38:48","version" => "0.0600"},{"date" => "2019-02-17T18:30:34","version" => "0.0601"},{"date" => "2022-04-04T15:34:50","version" => "0.0602"},{"date" => "2022-04-04T15:41:28","version" => "0.0603"},{"date" => "2022-07-26T16:29:04","version" => "0.0700"},{"date" => "2025-03-31T13:52:42","version" => "0.0701"}]},"Locale-Maketext" => {"advisories" => [{"affected_versions" => ["<1.25"],"cves" => ["CVE-2012-6329"],"description" => "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.\n","distribution" => "Locale-Maketext","fixed_versions" => [],"id" => "CPANSA-Locale-Maketext-2012-6329","references" => ["http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8","http://sourceforge.net/mailarchive/message.php?msg_id=30219695","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224","http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329","http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod","http://openwall.com/lists/oss-security/2012/12/11/4","http://code.activestate.com/lists/perl5-porters/187763/","http://code.activestate.com/lists/perl5-porters/187746/","https://bugzilla.redhat.com/show_bug.cgi?id=884354","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032","http://www.ubuntu.com/usn/USN-2099-1","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/56950","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2013-01-04","severity" => undef},{"affected_versions" => ["<1.28"],"cves" => ["CVE-2016-1238"],"description" => "Does not remove . from \@INC, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Locale-Maketext","fixed_versions" => [">=1.28"],"id" => "CPANSA-Locale-Maketext-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Locale::Maketext","versions" => [{"date" => "1999-03-16T05:22:44","version" => "0.17"},{"date" => "2000-05-14T08:26:33","version" => "0.18"},{"date" => "2001-05-25T14:21:01","version" => "1.01"},{"date" => "2001-06-20T08:28:48","version" => "1.02"},{"date" => "2001-06-22T05:27:18","version" => "1.03"},{"date" => "2003-04-02T20:20:43","version" => "1.04"},{"date" => "2003-04-19T06:11:36","version" => "1.05"},{"date" => "2003-06-22T07:51:14","version" => "1.06"},{"date" => "2004-01-12T04:18:16","version" => "1.07"},{"date" => "2004-01-20T00:14:54","version" => "1.08"},{"date" => "2004-03-31T06:47:07","version" => "1.09"},{"date" => "2005-11-11T03:42:57","version" => "1.10"},{"date" => "2007-05-08T05:03:08","version" => "1.11_01"},{"date" => "2007-11-18T05:22:03","version" => "1.12"},{"date" => "2008-05-28T15:01:40","version" => "1.13"},{"date" => "2009-06-23T18:13:14","version" => "1.13_80"},{"date" => "2009-06-24T00:22:21","version" => "1.13_81"},{"date" => "2009-06-24T02:33:08","version" => "1.13_82"},{"date" => "2010-09-28T22:59:25","version" => "1.15_01"},{"date" => "2010-10-07T14:12:19","version" => "1.15_02"},{"date" => "2010-10-11T18:07:07","version" => "1.16"},{"date" => "2010-10-20T15:54:47","version" => "1.16_01"},{"date" => "2010-10-20T18:42:13","version" => "1.17"},{"date" => "2011-05-25T15:44:55","version" => "1.18_01"},{"date" => "2011-05-31T19:29:50","version" => "1.19"},{"date" => "2011-12-15T04:02:22","version" => "1.19_01"},{"date" => "2011-12-23T15:18:14","version" => "1.21"},{"date" => "2012-01-15T05:02:24","version" => "1.22"},{"date" => "2012-12-04T21:29:08","version" => "1.23"},{"date" => "2014-04-14T03:15:07","version" => "1.25_01"},{"date" => "2014-04-15T20:10:23","version" => "1.25"},{"date" => "2014-12-04T20:57:02","version" => "1.26"},{"date" => "2016-06-22T23:30:00","version" => "1.27"},{"date" => "2016-07-25T17:57:25","version" => "1.28"},{"date" => "2020-01-20T05:04:23","version" => "1.29"},{"date" => "2022-04-01T19:18:30","version" => "1.30"},{"date" => "2022-04-14T21:18:43","version" => "1.31"},{"date" => "2022-08-22T19:20:51","version" => "1.32"},{"date" => "2023-12-30T21:23:51","version" => "1.33"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "1.10_01"},{"date" => "2009-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011002","version" => "1.14"},{"date" => "2010-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013003","version" => "1.15"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "1.18"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "1.20"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "1.24"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "1.26_01"}]},"Log-Any" => {"advisories" => [{"affected_versions" => [">=1.712,<=1.715"],"cves" => [],"description" => "The WithStackTrace proxy may expose sensitive information\n","distribution" => "Log-Any","fixed_versions" => ["1.716"],"id" => "CPANSA-Log-Any-2023-001","references" => ["https://metacpan.org/dist/Log-Any/changes","https://github.com/preaction/Log-Any/pull/97"],"reported" => undef,"severity" => undef}],"main_module" => "Log::Any","versions" => [{"date" => "2009-07-11T14:11:33","version" => "0.01"},{"date" => "2009-07-14T23:34:51","version" => "0.02"},{"date" => "2009-07-18T03:41:02","version" => "0.03"},{"date" => "2009-09-04T00:32:59","version" => "0.03"},{"date" => "2009-10-27T22:26:20","version" => "0.05"},{"date" => "2009-10-31T23:24:23","version" => "0.06"},{"date" => "2009-12-07T17:57:19","version" => "0.07"},{"date" => "2009-12-16T01:31:06","version" => "0.08"},{"date" => "2010-01-05T21:20:31","version" => "0.09"},{"date" => "2010-01-05T21:27:46","version" => "0.10"},{"date" => "2010-02-12T13:08:17","version" => "0.11"},{"date" => "2011-03-23T21:55:43","version" => "0.12"},{"date" => "2011-08-02T13:27:07","version" => "0.13"},{"date" => "2011-08-31T22:51:22","version" => "0.14"},{"date" => "2013-04-10T17:16:43","version" => "0.15"},{"date" => "2014-12-12T22:09:51","version" => "0.90"},{"date" => "2014-12-15T03:15:09","version" => "0.91"},{"date" => "2014-12-15T12:13:47","version" => "0.92"},{"date" => "2014-12-26T03:04:57","version" => "1.00"},{"date" => "2014-12-27T03:26:31","version" => "1.01"},{"date" => "2014-12-28T12:07:41","version" => "1.02"},{"date" => "2015-01-02T03:43:07","version" => "1.03"},{"date" => "2015-03-26T10:09:30","version" => "1.031"},{"date" => "2015-03-26T21:24:48","version" => "1.032"},{"date" => "2016-02-03T15:34:02","version" => "1.033"},{"date" => "2016-02-04T19:48:49","version" => "1.035"},{"date" => "2016-02-06T01:27:07","version" => "1.037"},{"date" => "2016-02-10T21:18:02","version" => "1.038"},{"date" => "2016-02-24T22:48:34","version" => "1.040"},{"date" => "2016-08-18T05:02:37","version" => "1.041"},{"date" => "2016-08-27T04:38:20","version" => "1.042"},{"date" => "2016-11-04T02:48:06","version" => "1.043"},{"date" => "2016-11-06T21:53:19","version" => "1.044"},{"date" => "2016-11-12T03:54:03","version" => "1.045"},{"date" => "2017-01-12T03:44:21","version" => "1.046"},{"date" => "2017-03-23T01:25:09","version" => "1.047"},{"date" => "2017-03-27T20:17:22","version" => "1.048"},{"date" => "2017-03-28T21:03:30","version" => "1.049"},{"date" => "2017-08-04T03:30:12","version" => "1.050"},{"date" => "2017-08-07T01:43:24","version" => "1.051"},{"date" => "2017-09-28T22:00:06","version" => "1.700"},{"date" => "2017-10-02T19:38:09","version" => "1.701"},{"date" => "2017-11-28T21:20:01","version" => "1.702"},{"date" => "2017-11-29T16:57:31","version" => "1.703"},{"date" => "2017-12-18T00:14:35","version" => "1.704"},{"date" => "2018-01-17T19:50:35","version" => "1.705"},{"date" => "2018-07-07T01:21:05","version" => "1.706"},{"date" => "2018-08-02T03:56:11","version" => "1.707"},{"date" => "2020-01-13T03:58:06","version" => "1.708"},{"date" => "2021-02-17T21:17:28","version" => "1.709"},{"date" => "2021-08-02T15:11:51","version" => "1.710"},{"date" => "2022-11-22T17:29:07","version" => "1.711"},{"date" => "2022-12-09T17:06:31","version" => "1.712"},{"date" => "2022-12-12T18:45:32","version" => "1.713"},{"date" => "2023-03-20T16:49:03","version" => "1.714"},{"date" => "2023-05-04T18:09:55","version" => "1.715"},{"date" => "2023-06-26T19:15:29","version" => "1.716"},{"date" => "2023-08-17T15:53:05","version" => "1.717"},{"date" => "2025-06-01T15:00:19","version" => "1.718"},{"date" => "2026-03-16T13:54:31","version" => "1.719"}]},"MARC-File-XML" => {"advisories" => [{"affected_versions" => ["<1.0.2"],"cves" => ["CVE-2014-1626"],"description" => "XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.\n","distribution" => "MARC-File-XML","fixed_versions" => [],"id" => "CPANSA-MARC-File-XML-2014-1626","references" => ["http://www.securityfocus.com/bid/65057","http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html","http://secunia.com/advisories/55404","http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html","https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes","http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html","http://osvdb.org/102367","https://exchange.xforce.ibmcloud.com/vulnerabilities/90620"],"reported" => "2014-01-26","severity" => undef}],"main_module" => "MARC::File::XML","versions" => [{"date" => "2017-05-24T01:18:18","version" => "v1.0.5"}]},"MDK-Common" => {"advisories" => [{"affected_versions" => ["==1.1.11","==1.1.24",">=1.2.9,<=1.2.14"],"cves" => ["CVE-2009-0912"],"description" => "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors.'\n","distribution" => "MDK-Common","fixed_versions" => [],"id" => "CPANSA-MDK-Common-2009-0912","references" => ["http://www.securityfocus.com/bid/34089","http://www.vupen.com/english/advisories/2009/0688","http://www.mandriva.com/security/advisories?name=MDVSA-2009:072","https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"],"reported" => "2009-03-16","severity" => undef}],"main_module" => "MDK::Common","versions" => [{"date" => "2012-09-14T16:23:25","version" => "1.2.29"},{"date" => "2014-05-06T17:14:10","version" => "v1.2.30"},{"date" => "2017-10-27T22:31:26","version" => "v1.2.32"},{"date" => "2017-10-27T23:18:48","version" => "v1.2.33"},{"date" => "2017-10-28T01:09:39","version" => "v1.2.34"},{"date" => "2017-10-28T03:37:17","version" => "v1.2.34.1"},{"date" => "2017-10-28T04:28:13","version" => "v1.2.34.2"}]},"MHonArc" => {"advisories" => [{"affected_versions" => ["<2.6.17"],"cves" => ["CVE-2010-4524"],"description" => "Improper escaping of certain HTML sequences (XSS).\n","distribution" => "MHonArc","fixed_versions" => [">=2.6.17"],"id" => "CPANSA-MHonArc-2011-01","references" => ["https://metacpan.org/changes/distribution/MHonArc"],"reported" => "2011-01-09"},{"affected_versions" => ["<2.6.17"],"cves" => ["CVE-2010-1677"],"description" => "DoS when processing html messages with deep tag nesting.\n","distribution" => "MHonArc","fixed_versions" => [">=2.6.17"],"id" => "CPANSA-MHonArc-2011-02","references" => ["https://metacpan.org/changes/distribution/MHonArc"],"reported" => "2011-01-09"}],"main_module" => "MHonArc::UTF8","versions" => [{"date" => "1997-12-11T20:44:41","version" => "2.1"},{"date" => "1998-03-04T01:06:00","version" => "v2.2.0"},{"date" => "1998-10-11T02:56:10","version" => "v2.3.0"},{"date" => "1998-10-25T19:27:37","version" => "v2.3.1"},{"date" => "1998-11-01T20:02:48","version" => "v2.3.2"},{"date" => "1998-11-08T21:59:21","version" => "v2.3.3"},{"date" => "1999-06-26T07:57:53","version" => "v2.4.0"},{"date" => "1999-07-26T19:30:51","version" => "v2.4.1"},{"date" => "1999-08-12T07:16:14","version" => "v2.4.2"},{"date" => "1999-08-16T06:25:39","version" => "v2.4.3"},{"date" => "1999-10-01T19:43:07","version" => "v2.4.4"},{"date" => "2000-02-15T03:44:03","version" => "v2.4.5"},{"date" => "2000-04-24T08:35:56","version" => "v2.4.6"},{"date" => "2000-10-29T04:18:32","version" => "v2.4.7"},{"date" => "2000-10-30T06:29:47","version" => "v2.4.7"},{"date" => "2001-04-14T21:48:01","version" => "v2.4.8"},{"date" => "2001-06-11T03:09:13","version" => "v2.4.9"},{"date" => "2001-08-26T19:46:53","version" => "v2.5.0"},{"date" => "2001-09-07T15:24:19","version" => "v2.5.0"},{"date" => "2001-10-17T16:03:13","version" => "v2.5.0"},{"date" => "2001-11-14T05:09:59","version" => "v2.5.1"},{"date" => "2001-11-25T06:46:19","version" => "v2.5.2"},{"date" => "2002-04-18T07:23:29","version" => "v2.5.3"},{"date" => "2002-05-03T05:06:16","version" => "v2.5.4"},{"date" => "2002-05-28T05:43:00","version" => "v2.5.5"},{"date" => "2002-06-18T18:07:38","version" => "v2.5.6"},{"date" => "2002-06-21T22:59:36","version" => "v2.5.7"},{"date" => "2002-06-29T03:22:26","version" => "v2.5.8"},{"date" => "2002-07-20T02:39:53","version" => "v2.5.9"},{"date" => "2002-07-29T00:10:32","version" => "v2.5.10"},{"date" => "2002-08-04T04:25:22","version" => "v2.5.11"},{"date" => "2002-09-04T04:32:14","version" => "v2.5.12"},{"date" => "2002-10-21T17:13:35","version" => "v2.5.13"},{"date" => "2002-12-22T01:07:40","version" => "v2.5.14"},{"date" => "2003-02-10T05:23:02","version" => "v2.6.0"},{"date" => "2003-02-23T00:39:05","version" => "v2.6.1"},{"date" => "2003-03-12T01:55:48","version" => "v2.6.2"},{"date" => "2003-04-06T02:11:59","version" => "v2.6.3"},{"date" => "2003-06-22T21:54:52","version" => "v2.6.4"},{"date" => "2003-07-20T04:51:56","version" => "v2.6.5"},{"date" => "2003-07-21T17:20:07","version" => "v2.6.6"},{"date" => "2003-08-07T23:49:43","version" => "v2.6.7"},{"date" => "2003-08-13T04:47:02","version" => "v2.6.8"},{"date" => "2004-05-17T06:24:46","version" => "v2.6.9"},{"date" => "2004-05-17T06:25:16","version" => "v2.6.10"},{"date" => "2005-05-20T17:15:40","version" => "v2.6.11"},{"date" => "2005-06-09T02:30:11","version" => "v2.6.12"},{"date" => "2005-07-06T05:15:55","version" => "v2.6.13"},{"date" => "2005-07-23T07:15:49","version" => "2.6.14"},{"date" => "2005-07-27T03:46:13","version" => "2.6.15"},{"date" => "2006-06-10T03:21:01","version" => "2.6.16"},{"date" => "2011-01-09T10:04:06","version" => "2.6.17"},{"date" => "2011-01-09T16:35:39","version" => "2.6.18"},{"date" => "2014-04-22T03:33:53","version" => "2.6.19"},{"date" => "2020-09-14T09:22:58","version" => "v2.6.20"},{"date" => "2020-09-14T11:54:14","version" => "v2.6.21"},{"date" => "2020-09-21T07:06:18","version" => "v2.6.22"},{"date" => "2020-11-12T12:54:55","version" => "v2.6.23"},{"date" => "2020-11-16T14:24:54","version" => "v2.6.24"}]},"MIME-tools" => {"advisories" => [{"affected_versions" => ["<4.109"],"cves" => [],"description" => "There was a potential security hole when outputting entities with recommended filenames.\n","distribution" => "MIME-tools","fixed_versions" => [">=4.109"],"id" => "CPANSA-MIME-tools-1998-01","references" => ["https://metacpan.org/dist/MIME-tools/changes"],"reported" => "1998-01-10","severity" => undef}],"main_module" => "MIME::Body","versions" => [{"date" => "1996-10-18T13:57:11","version" => "2.01"},{"date" => "1996-10-23T19:20:59","version" => "2.02"},{"date" => "1996-10-28T18:27:36","version" => "2.03"},{"date" => "1996-11-03T00:35:36","version" => "2.04"},{"date" => "1997-01-13T10:17:14","version" => "2.13"},{"date" => "1997-01-14T07:05:37","version" => "2.14"},{"date" => "1997-01-21T03:40:48","version" => "3.203"},{"date" => "1997-01-22T11:24:13","version" => "3.204"},{"date" => "1998-01-14T15:44:55","version" => "4.111"},{"date" => "1998-01-18T04:23:37","version" => "4.112"},{"date" => "1998-01-20T08:21:18","version" => "4.113"},{"date" => "1998-02-14T21:45:26","version" => "4.116"},{"date" => "1998-05-05T14:32:36","version" => "4.119"},{"date" => "1998-06-04T13:30:01","version" => "4.121"},{"date" => "1999-02-10T05:39:03","version" => "4.122"},{"date" => "1999-05-14T13:29:15","version" => "4.124"},{"date" => "2000-05-24T14:44:21","version" => "5.115"},{"date" => "2000-05-26T04:46:25","version" => "5.116"},{"date" => "2000-06-06T16:14:02","version" => "5.205"},{"date" => "2000-06-08T07:36:13","version" => "5.206"},{"date" => "2000-06-09T03:44:00","version" => "5.207"},{"date" => "2000-06-10T08:12:36","version" => "5.209"},{"date" => "2000-06-20T13:24:34","version" => "5.210"},{"date" => "2000-06-24T06:57:34","version" => "5.211"},{"date" => "2000-07-07T14:46:11","version" => "5.304"},{"date" => "2000-07-20T06:47:41","version" => "5.306"},{"date" => "2000-08-15T14:22:44","version" => "5.310"},{"date" => "2000-08-16T05:28:11","version" => "5.311"},{"date" => "2000-09-05T04:17:48","version" => "5.313"},{"date" => "2000-09-06T04:59:03","version" => "5.314"},{"date" => "2000-09-21T06:14:25","version" => "5.316"},{"date" => "2000-11-05T15:24:04","version" => "5.404"},{"date" => "2000-11-06T00:34:39","version" => "5.405"},{"date" => "2000-11-10T05:27:35","version" => "5.408"},{"date" => "2000-11-20T18:04:43","version" => "5.409"},{"date" => "2000-11-23T05:31:08","version" => "5.410"},{"date" => "2001-06-05T15:21:25","version" => "5.411"},{"date" => "2001-11-16T17:32:32","version" => "5.411"},{"date" => "2003-06-09T16:42:00","version" => "6.200_01"},{"date" => "2003-07-22T20:49:42","version" => "6.200_02"},{"date" => "2004-09-14T14:20:07","version" => "5.412"},{"date" => "2004-09-15T14:11:08","version" => "5.413"},{"date" => "2004-10-06T19:46:54","version" => "5.414"},{"date" => "2004-10-27T12:51:54","version" => "5.415"},{"date" => "2005-01-03T15:45:29","version" => "5.416"},{"date" => "2005-01-20T21:24:25","version" => "5.417"},{"date" => "2005-09-29T19:40:53","version" => "5.418"},{"date" => "2005-12-22T21:52:16","version" => "5.419"},{"date" => "2006-03-17T21:20:12","version" => "5.420"},{"date" => "2007-06-18T20:04:22","version" => "5.420_01"},{"date" => "2007-08-31T18:03:20","version" => "5.420_02"},{"date" => "2007-09-20T21:33:01","version" => "5.421"},{"date" => "2007-09-25T22:31:20","version" => "5.422"},{"date" => "2007-09-27T15:50:17","version" => "5.423"},{"date" => "2007-11-07T15:36:31","version" => "5.424"},{"date" => "2007-11-17T16:20:42","version" => "5.425"},{"date" => "2008-03-18T13:45:38","version" => "5.426"},{"date" => "2008-06-30T18:41:00","version" => "5.426"},{"date" => "2010-04-22T15:31:33","version" => "5.428"},{"date" => "2010-04-30T13:47:59","version" => "5.500"},{"date" => "2011-01-07T15:59:19","version" => "5.500"},{"date" => "2011-02-17T18:37:12","version" => "5.501"},{"date" => "2011-03-08T14:03:11","version" => "5.502"},{"date" => "2012-06-08T13:44:12","version" => "5.503"},{"date" => "2013-01-30T21:01:40","version" => "5.504"},{"date" => "2013-11-14T15:27:15","version" => "5.505"},{"date" => "2015-04-22T17:32:26","version" => "5.506"},{"date" => "2015-09-30T13:21:56","version" => "5.507"},{"date" => "2016-08-29T14:52:28","version" => "5.508"},{"date" => "2017-04-05T18:13:30","version" => "5.508"},{"date" => "2022-07-06T14:20:39","version" => "5.503"},{"date" => "2024-01-02T15:38:07","version" => "5.503"},{"date" => "2024-01-08T18:22:18","version" => "5.503"},{"date" => "2024-01-25T16:28:54","version" => "5.503"},{"date" => "2024-02-06T20:49:02","version" => "5.503"},{"date" => "2024-04-24T15:36:43","version" => "5.515"},{"date" => "2026-02-10T17:09:42","version" => "5.516"},{"date" => "2026-02-11T02:54:45","version" => "5.517"}]},"MT" => {"advisories" => [{"affected_versions" => [">=4.20,<=4.38"],"cves" => ["CVE-2013-0209"],"description" => "lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2013-0209","references" => ["http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt","http://www.movabletype.org/2013/01/movable_type_438_patch.html","http://openwall.com/lists/oss-security/2013/01/22/3","http://www.sec-1.com/blog/?p=402"],"reported" => "2013-01-23","severity" => undef},{"affected_versions" => [">=7,<=7.9.4",">=6,<=6.8.6",">=4,<=5"],"cves" => ["CVE-2022-38078"],"description" => "Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.\n","distribution" => "MT","fixed_versions" => [">=7.9.5",">=6.8.7,<7"],"id" => "CPANSA-MT-2022-38078","references" => ["https://movabletype.org/news/2022/08/mt-795-687-released.html","https://jvn.jp/en/jp/JVN57728859/index.html"],"reported" => "2022-08-24","severity" => "critical"},{"affected_versions" => [">=7,<=7.8.1",">=6,<=6.8.2","<6"],"cves" => ["CVE-2021-20837"],"description" => "Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20837","references" => ["https://jvn.jp/en/jp/JVN41119755/index.html","https://movabletype.org/news/2021/10/mt-782-683-released.html","http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html","http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"],"reported" => "2021-10-26","severity" => "critical"},{"affected_versions" => [">=7,<7.8.0"],"cves" => ["CVE-2021-20814"],"description" => "Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20814","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0"],"cves" => ["CVE-2021-20813"],"description" => "Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20813","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20815"],"description" => "Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20815","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20811"],"description" => "Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20811","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20810"],"description" => "Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20810","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20809"],"description" => "Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20809","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20808"],"description" => "Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20808","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => ["<=1.37"],"cves" => ["CVE-2020-5669"],"description" => "Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5669","references" => ["https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html","https://jvn.jp/en/jp/JVN94245475/index.html"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5577"],"description" => "Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5577","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "high"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5576"],"description" => "Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5576","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "high"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5575"],"description" => "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5575","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "medium"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5574"],"description" => "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5574","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "medium"},{"affected_versions" => [">=7,<7.1.4",">=6,<=6.5.2"],"cves" => ["CVE-2020-5528"],"description" => "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5528","references" => ["https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html","http://jvn.jp/en/jp/JVN94435544/index.html"],"reported" => "2020-02-06","severity" => "medium"},{"affected_versions" => [">=7,<7.1.3",">=6.5.0,<=6.5.1",">=6,<=6.3.9"],"cves" => ["CVE-2019-6025"],"description" => "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2019-6025","references" => ["https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html","http://jvn.jp/en/jp/JVN65280626/index.html"],"reported" => "2019-12-26","severity" => "medium"},{"affected_versions" => ["==6.3.1"],"cves" => ["CVE-2018-0672"],"description" => "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2018-0672","references" => ["http://jvn.jp/en/jp/JVN89550319/index.html"],"reported" => "2018-09-04","severity" => "medium"},{"affected_versions" => [">=6.0.0,<6.1.3",">=6.2.0,<6.2.6","<5.2.13"],"cves" => ["CVE-2016-5742"],"description" => "SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2016-5742","references" => ["https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html","http://www.openwall.com/lists/oss-security/2016/06/22/6","http://www.openwall.com/lists/oss-security/2016/06/22/5","http://www.openwall.com/lists/oss-security/2016/06/22/3","http://www.securitytracker.com/id/1036160"],"reported" => "2017-01-23","severity" => "critical"},{"affected_versions" => ["<5.2.12",">=6.0.0,<=6.0.7"],"cves" => ["CVE-2015-1592"],"description" => "Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2015-1592","references" => ["https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html","http://www.securityfocus.com/bid/72606","http://www.openwall.com/lists/oss-security/2015/02/12/17","http://www.openwall.com/lists/oss-security/2015/02/12/2","https://www.debian.org/security/2015/dsa-3183","http://www.securitytracker.com/id/1031777","https://exchange.xforce.ibmcloud.com/vulnerabilities/100912"],"reported" => "2015-02-19","severity" => undef},{"affected_versions" => ["<5.18",">=5.2.0,<5.2.11",">=6,<6.0.6"],"cves" => ["CVE-2014-9057"],"description" => "SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2014-9057","references" => ["https://movabletype.org/news/2014/12/6.0.6.html","https://movabletype.org/documentation/appendices/release-notes/6.0.6.html","http://secunia.com/advisories/61227","https://www.debian.org/security/2015/dsa-3183"],"reported" => "2014-12-16","severity" => undef},{"affected_versions" => ["<5.2.6"],"cves" => ["CVE-2013-2184"],"description" => "Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2013-2184","references" => ["https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html","http://www.debian.org/security/2015/dsa-3183","http://seclists.org/oss-sec/2013/q2/568","http://seclists.org/oss-sec/2013/q2/560"],"reported" => "2015-03-27","severity" => undef},{"affected_versions" => ["==5.13"],"cves" => ["CVE-2012-1503"],"description" => "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-1503","references" => ["http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html","http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html","http://www.exploit-db.com/exploits/22151","http://osvdb.org/show/osvdb/86729","http://www.securityfocus.com/bid/56160","https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"],"reported" => "2014-08-29","severity" => undef},{"affected_versions" => ["<4.38",">=5,<5.07",">=5.10,<5.13"],"cves" => ["CVE-2012-0320"],"description" => "Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-0320","references" => ["http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html","http://www.movabletype.org/documentation/appendices/release-notes/513.html","http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018","http://jvn.jp/en/jp/JVN20083397/index.html","http://www.securitytracker.com/id?1026738","http://www.securityfocus.com/bid/52138","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-03-03","severity" => undef},{"affected_versions" => ["<4.38",">=5,<5.07",">=5.10,<5.13"],"cves" => ["CVE-2012-0317"],"description" => "Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-0317","references" => ["http://jvn.jp/en/jp/JVN70683217/index.html","http://www.movabletype.org/documentation/appendices/release-notes/513.html","http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html","http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015","http://www.securitytracker.com/id?1026738","http://www.securityfocus.com/bid/52138","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-03-03","severity" => undef},{"affected_versions" => [">=4,<4.36",">=5,<5.05"],"cves" => ["CVE-2011-5085"],"description" => "Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2011-5085","references" => ["http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-04-02","severity" => undef},{"affected_versions" => [">=4,<4.36",">=5,<5.05"],"cves" => ["CVE-2011-5084"],"description" => "Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2011-5084","references" => ["http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-04-02","severity" => undef},{"affected_versions" => [">=5.0,<=5.01"],"cves" => ["CVE-2010-1985"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2010-1985","references" => ["http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html","http://www.movabletype.com/blog/2010/05/movable-type-502.html","http://www.vupen.com/english/advisories/2010/1136","http://secunia.com/advisories/39741","http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html","http://jvn.jp/en/jp/JVN92854093/index.html"],"reported" => "2010-05-19","severity" => undef},{"affected_versions" => ["<4.261"],"cves" => ["CVE-2009-2492"],"description" => "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-2492","references" => ["http://jvn.jp/en/jp/JVN86472161/index.html","http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html","http://www.vupen.com/english/advisories/2009/1668","http://secunia.com/advisories/35534","http://www.securityfocus.com/bid/35885"],"reported" => "2009-07-17","severity" => undef},{"affected_versions" => ["<4.261"],"cves" => ["CVE-2009-2481"],"description" => "mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-2481","references" => ["http://jvn.jp/en/jp/JVN08369659/index.html","http://www.vupen.com/english/advisories/2009/1668","http://www.securityfocus.com/bid/35471","http://secunia.com/advisories/35534","http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/51330"],"reported" => "2009-07-16","severity" => undef},{"affected_versions" => ["<4.24"],"cves" => ["CVE-2009-0752"],"description" => "Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-0752","references" => ["http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html"],"reported" => "2009-03-03","severity" => undef},{"affected_versions" => ["<4.23"],"cves" => ["CVE-2008-5846"],"description" => "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\"\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5846","references" => ["http://www.movabletype.org/mt_423_change_log.html","http://www.securityfocus.com/bid/33133","https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"],"reported" => "2009-01-05","severity" => undef},{"affected_versions" => ["<4.23"],"cves" => ["CVE-2008-5845"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5845","references" => ["http://www.movabletype.org/mt_423_change_log.html","http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html","http://jvn.jp/en/jp/JVN45658190/index.html"],"reported" => "2009-01-05","severity" => undef},{"affected_versions" => [">=3,<=3.38",">=4,<4.23"],"cves" => ["CVE-2008-5808"],"description" => "Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to \"application management.\"\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5808","references" => ["http://secunia.com/advisories/32935","http://www.securityfocus.com/bid/32604","http://jvn.jp/en/jp/JVN02216739/index.html","http://www.movabletype.jp/blog/_movable_type_423.html","http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/47019"],"reported" => "2009-01-02","severity" => undef},{"affected_versions" => [">=7,<=7.7.1"],"cves" => ["CVE-2021-20812"],"description" => "Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20812","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => ["<=7"],"cves" => ["CVE-2022-43660"],"description" => "Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2022-43660","references" => ["https://movabletype.org/news/2022/11/mt-796-688-released.html","https://jvn.jp/en/jp/JVN37014768/index.html"],"reported" => "2022-12-07","severity" => undef}],"main_module" => "","versions" => []},"Mail-Audit" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2005-4536"],"description" => "Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.\n","distribution" => "Mail-Audit","fixed_versions" => [],"id" => "CPANSA-Mail-Audit-2005-4536","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029","http://www.debian.org/security/2006/dsa-960","http://secunia.com/advisories/18652","http://secunia.com/advisories/18656","http://www.securityfocus.com/bid/16434","http://www.vupen.com/english/advisories/2006/0378","https://exchange.xforce.ibmcloud.com/vulnerabilities/24380"],"reported" => "2005-12-31","severity" => undef}],"main_module" => "Mail::Audit","versions" => [{"date" => "2000-03-25T11:22:17","version" => "1.0"},{"date" => "2000-06-17T08:03:59","version" => "1.1"},{"date" => "2000-06-17T10:56:28","version" => "1.2"},{"date" => "2000-06-17T11:13:20","version" => "1.3"},{"date" => "2001-01-04T20:17:04","version" => "1.4"},{"date" => "2001-01-07T14:23:39","version" => "1.5"},{"date" => "2001-01-13T22:45:20","version" => "1.6"},{"date" => "2001-01-27T11:31:56","version" => "1.7"},{"date" => "2001-02-12T16:34:27","version" => "1.8"},{"date" => "2001-03-21T21:35:00","version" => "1.9"},{"date" => "2001-04-23T15:45:51","version" => "1.10"},{"date" => "2001-05-16T23:20:35","version" => "1.11"},{"date" => "2001-12-10T21:02:24","version" => "2.0"},{"date" => "2002-03-04T19:59:38","version" => "2.1"},{"date" => "2006-05-27T01:36:59","version" => "2.200_01"},{"date" => "2006-05-31T01:58:52","version" => "2.200_02"},{"date" => "2006-06-02T02:17:31","version" => "2.200_03"},{"date" => "2006-06-04T20:18:18","version" => "2.200_04"},{"date" => "2006-06-05T03:39:12","version" => "2.200_05"},{"date" => "2006-07-16T21:50:04","version" => "2.201"},{"date" => "2006-07-21T12:18:37","version" => "2.202"},{"date" => "2006-07-22T00:53:55","version" => "2.203"},{"date" => "2006-09-19T11:26:30","version" => "2.210"},{"date" => "2006-09-19T11:38:19","version" => "2.211"},{"date" => "2006-10-31T15:24:49","version" => "2.212"},{"date" => "2007-02-15T17:05:02","version" => "2.213"},{"date" => "2007-02-15T19:32:24","version" => "2.214"},{"date" => "2007-02-19T21:14:15","version" => "2.215"},{"date" => "2007-02-27T01:52:17","version" => "2.216"},{"date" => "2007-03-05T17:16:08","version" => "2.217"},{"date" => "2007-03-06T16:24:21","version" => "2.218"},{"date" => "2007-06-14T22:28:51","version" => "2.219"},{"date" => "2007-07-14T19:04:32","version" => "2.220"},{"date" => "2007-09-17T13:26:24","version" => "2.221"},{"date" => "2007-11-02T03:23:46","version" => "2.222"},{"date" => "2008-04-17T20:32:32","version" => "2.223"},{"date" => "2009-09-18T17:22:37","version" => "2.224"},{"date" => "2009-11-23T19:27:24","version" => "2.225"},{"date" => "2011-11-11T16:37:46","version" => "2.226"},{"date" => "2011-11-14T19:21:44","version" => "2.227"},{"date" => "2013-09-29T01:21:47","version" => "2.228"}]},"MailTools" => {"advisories" => [{"affected_versions" => ["<1.51"],"cves" => ["CVE-2002-1271"],"description" => "The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.\n","distribution" => "MailTools","fixed_versions" => [">=1.51"],"id" => "CPANSA-Mail-Mailer-2002-1271","references" => ["http://www.iss.net/security_center/static/10548.php","http://www.debian.org/security/2003/dsa-386","http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php","http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html","http://www.securityfocus.com/bid/6104","http://marc.info/?l=bugtraq&m=103659723101369&w=2","http://marc.info/?l=bugtraq&m=103679569705086&w=2"],"reported" => "2002-11-12","severity" => undef}],"main_module" => "MailTools","versions" => [{"date" => "1995-10-21T04:25:33","version" => "1.03"},{"date" => "1995-11-21T11:54:38","version" => "1.04"},{"date" => "1996-08-13T09:42:17","version" => "1.06"},{"date" => "1997-01-02T10:39:44","version" => "1.07"},{"date" => "1997-01-07T13:38:49","version" => "1.08"},{"date" => "1997-02-24T09:04:31","version" => "1.09"},{"date" => "1997-11-13T02:23:35","version" => "1.10"},{"date" => "1997-11-16T16:16:12","version" => "1.1001"},{"date" => "1997-11-18T01:49:48","version" => "1.1002"},{"date" => "1997-11-26T02:32:07","version" => "1.1003"},{"date" => "1998-01-03T03:56:45","version" => "1.11"},{"date" => "1998-09-26T14:47:35","version" => "1.12"},{"date" => "1999-03-31T17:45:02","version" => "1.13"},{"date" => "2000-03-29T12:35:40","version" => "1.14"},{"date" => "2000-04-14T10:53:46","version" => "1.1401"},{"date" => "2000-09-04T14:01:06","version" => "1.15"},{"date" => "2001-08-08T09:13:27","version" => "1.16"},{"date" => "2001-08-24T18:19:52","version" => "1.40"},{"date" => "2001-11-14T10:36:58","version" => "1.41"},{"date" => "2001-12-10T18:28:08","version" => "1.42"},{"date" => "2002-02-08T09:41:37","version" => "1.43"},{"date" => "2002-03-23T09:36:15","version" => "1.44"},{"date" => "2002-05-23T08:17:57","version" => "1.45"},{"date" => "2002-05-29T13:09:54","version" => "1.46"},{"date" => "2002-07-05T10:03:43","version" => "1.47"},{"date" => "2002-08-07T21:07:03","version" => "1.48"},{"date" => "2002-08-28T06:38:30","version" => "1.49"},{"date" => "2002-09-03T22:35:45","version" => "1.50"},{"date" => "2002-10-29T13:24:48","version" => "1.51"},{"date" => "2002-11-29T12:50:47","version" => "1.52"},{"date" => "2002-12-09T16:47:38","version" => "1.53"},{"date" => "2003-01-06T07:02:35","version" => "1.54"},{"date" => "2003-01-06T07:07:36","version" => "1.55"},{"date" => "2003-01-06T16:16:54","version" => "1.56"},{"date" => "2003-01-14T08:49:45","version" => "1.57"},{"date" => "2003-01-14T13:45:20","version" => "1.58"},{"date" => "2003-08-13T06:16:07","version" => "1.59"},{"date" => "2003-09-24T07:21:11","version" => "1.60"},{"date" => "2004-03-10T09:55:12","version" => "1.61"},{"date" => "2004-03-24T12:32:28","version" => "1.62"},{"date" => "2004-08-16T15:30:07","version" => "1.63"},{"date" => "2004-08-17T20:26:08","version" => "1.64"},{"date" => "2004-11-24T15:05:58","version" => "1.65"},{"date" => "2005-01-20T09:18:51","version" => "1.66"},{"date" => "2005-03-31T10:07:53","version" => "1.67"},{"date" => "2006-01-05T09:33:09","version" => "1.68"},{"date" => "2006-01-05T10:19:56","version" => "1.70"},{"date" => "2006-01-05T10:22:10","version" => "1.71"},{"date" => "2006-01-17T08:11:53","version" => "1.72"},{"date" => "2006-01-21T08:58:00","version" => "1.73"},{"date" => "2006-02-28T07:44:59","version" => "1.74"},{"date" => "2007-04-10T07:27:15","version" => "1.76"},{"date" => "2007-05-11T12:17:49","version" => "1.77"},{"date" => "2007-06-20T12:42:21","version" => "2.00_01"},{"date" => "2007-07-21T10:31:51","version" => "2.00_02"},{"date" => "2007-09-25T10:30:00","version" => "2.00_03"},{"date" => "2007-11-28T09:50:07","version" => "2.01"},{"date" => "2007-11-30T09:00:20","version" => "2.02"},{"date" => "2008-04-14T09:14:48","version" => "2.03"},{"date" => "2008-07-29T09:46:50","version" => "2.04"},{"date" => "2009-12-18T22:01:23","version" => "2.05"},{"date" => "2010-01-26T09:04:49","version" => "2.06"},{"date" => "2010-10-01T10:39:38","version" => "2.07"},{"date" => "2011-06-01T11:56:43","version" => "2.08"},{"date" => "2012-02-25T13:51:23","version" => "2.09"},{"date" => "2012-08-28T08:28:08","version" => "2.10"},{"date" => "2012-08-29T07:13:34","version" => "2.11"},{"date" => "2012-12-21T11:27:10","version" => "2.12"},{"date" => "2014-01-05T18:36:21","version" => "2.13"},{"date" => "2014-11-21T16:15:46","version" => "2.14"},{"date" => "2016-04-18T12:11:57","version" => "2.15"},{"date" => "2016-04-18T16:00:17","version" => "2.16"},{"date" => "2016-05-11T15:27:31","version" => "2.17"},{"date" => "2016-05-18T21:54:30","version" => "2.18"},{"date" => "2017-08-22T11:37:34","version" => "2.19"},{"date" => "2018-01-23T12:52:56","version" => "2.20"},{"date" => "2019-05-21T14:28:18","version" => "2.21"},{"date" => "2024-11-18T10:23:29","version" => "2.22"}]},"MarpaX-ESLIF" => {"advisories" => [{"affected_versions" => [">=4.0.0,<6.0.23"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"},{"affected_versions" => [">=2.0.10,<4.0.0"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"},{"affected_versions" => [">=1.053,<2.0.10"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"}],"main_module" => "MarpaX::ESLIF","versions" => [{"date" => "2017-03-26T10:57:12","version" => "1.0.43"},{"date" => "2017-03-28T18:31:33","version" => "1.0.47"},{"date" => "2017-03-29T04:21:35","version" => "1.0.48"},{"date" => "2017-03-29T18:37:45","version" => "1.0.49"},{"date" => "2017-04-02T10:33:46","version" => "1.0.50"},{"date" => "2017-04-03T19:05:28","version" => "1.0.51"},{"date" => "2017-04-13T17:35:13","version" => "1.0.52"},{"date" => "2017-04-14T07:43:59","version" => "1.0.53"},{"date" => "2017-04-29T19:13:38","version" => "2.0.1"},{"date" => "2017-05-05T23:23:22","version" => "2.0.3"},{"date" => "2017-05-07T07:40:42","version" => "2.0.4"},{"date" => "2017-05-10T05:42:35","version" => "2.0.5"},{"date" => "2017-05-10T18:16:00","version" => "2.0.6"},{"date" => "2017-05-10T19:36:06","version" => "2.0.7"},{"date" => "2017-05-10T19:56:35","version" => "2.0.8"},{"date" => "2017-05-11T19:06:11","version" => "2.0.9"},{"date" => "2017-05-12T18:52:12","version" => "2.0.10"},{"date" => "2017-05-13T22:39:09","version" => "2.0.11"},{"date" => "2017-05-31T17:51:29","version" => "2.0.12"},{"date" => "2017-05-31T19:34:51","version" => "2.0.13"},{"date" => "2017-06-27T05:59:02","version" => "2.0.14"},{"date" => "2017-08-14T05:56:46","version" => "2.0.15"},{"date" => "2017-08-14T19:28:19","version" => "2.0.16"},{"date" => "2017-10-20T19:44:53","version" => "2.0.17"},{"date" => "2017-10-25T03:57:11","version" => "2.0.18"},{"date" => "2017-10-25T04:49:24","version" => "2.0.19"},{"date" => "2017-10-28T05:10:19","version" => "2.0.20"},{"date" => "2017-10-29T19:48:03","version" => "2.0.21"},{"date" => "2017-10-30T03:49:16","version" => "2.0.22"},{"date" => "2017-11-04T07:23:55","version" => "2.0.23"},{"date" => "2017-12-27T15:06:03","version" => "2.0.30"},{"date" => "2017-12-31T19:08:47","version" => "2.0.31"},{"date" => "2018-01-19T04:10:03","version" => "2.0.32"},{"date" => "2018-01-25T16:13:07","version" => "2.0.33"},{"date" => "2018-01-30T06:38:42","version" => "2.0.34"},{"date" => "2018-02-21T07:14:12","version" => "2.0.36"},{"date" => "2018-02-25T11:50:02","version" => "2.0.37"},{"date" => "2018-02-25T11:59:32","version" => "2.0.38"},{"date" => "2018-03-12T18:34:09","version" => "2.0.39"},{"date" => "2018-03-13T18:06:17","version" => "2.0.40"},{"date" => "2018-03-15T04:09:56","version" => "2.0.41"},{"date" => "2018-03-21T06:39:42","version" => "2.0.42"},{"date" => "2018-04-04T05:39:12","version" => "2.0.43"},{"date" => "2019-04-07T10:41:47","version" => "3.0.1"},{"date" => "2019-04-07T14:13:23","version" => "3.0.2"},{"date" => "2019-04-07T17:44:04","version" => "3.0.3"},{"date" => "2019-04-10T05:00:51","version" => "3.0.4"},{"date" => "2019-04-11T04:06:12","version" => "3.0.5"},{"date" => "2019-04-11T17:28:27","version" => "3.0.6"},{"date" => "2019-04-13T14:07:12","version" => "3.0.7"},{"date" => "2019-04-14T11:09:19","version" => "3.0.8"},{"date" => "2019-04-18T05:23:29","version" => "3.0.9"},{"date" => "2019-05-12T05:55:11","version" => "3.0.10"},{"date" => "2019-06-09T13:40:40","version" => "3.0.11"},{"date" => "2019-06-13T19:54:54","version" => "3.0.12"},{"date" => "2019-07-21T04:54:47","version" => "3.0.13"},{"date" => "2019-07-22T04:57:08","version" => "3.0.14"},{"date" => "2019-08-03T04:52:02","version" => "3.0.15"},{"date" => "2019-08-04T08:28:03","version" => "3.0.16"},{"date" => "2019-08-08T04:53:38","version" => "3.0.17"},{"date" => "2019-08-28T05:42:34","version" => "3.0.18"},{"date" => "2019-10-13T08:57:33","version" => "3.0.19"},{"date" => "2019-11-17T17:16:55","version" => "3.0.27"},{"date" => "2019-11-17T18:55:54","version" => "3.0.28"},{"date" => "2019-11-21T05:15:21","version" => "3.0.29"},{"date" => "2020-02-22T09:35:43","version" => "3.0.30"},{"date" => "2020-03-02T06:30:41","version" => "3.0.31"},{"date" => "2020-03-03T05:55:13","version" => "3.0.32"},{"date" => "2020-08-14T04:24:47","version" => "4.0.1"},{"date" => "2021-02-09T17:59:43","version" => "5.0.2"},{"date" => "2021-02-10T04:34:01","version" => "5.0.3"},{"date" => "2021-02-10T19:53:29","version" => "5.0.4"},{"date" => "2021-02-11T07:57:27","version" => "5.0.5"},{"date" => "2021-02-13T13:28:54","version" => "5.0.6"},{"date" => "2021-02-14T15:08:27","version" => "5.0.7"},{"date" => "2021-12-05T11:06:06","version" => "6.0.1"},{"date" => "2021-12-12T15:19:09","version" => "6.0.2"},{"date" => "2021-12-13T01:55:29","version" => "6.0.3"},{"date" => "2021-12-13T03:36:47","version" => "6.0.4"},{"date" => "2021-12-15T07:27:24","version" => "6.0.5"},{"date" => "2021-12-22T06:41:38","version" => "6.0.6"},{"date" => "2021-12-23T05:42:39","version" => "6.0.7"},{"date" => "2021-12-24T06:34:17","version" => "6.0.8"},{"date" => "2022-01-01T08:41:06","version" => "6.0.9"},{"date" => "2022-01-02T06:02:38","version" => "6.0.10"},{"date" => "2022-01-10T05:16:06","version" => "6.0.11"},{"date" => "2022-01-17T08:02:35","version" => "6.0.12"},{"date" => "2022-01-18T06:17:30","version" => "6.0.13"},{"date" => "2022-02-25T08:38:59","version" => "6.0.14"},{"date" => "2022-03-06T13:53:19","version" => "6.0.15"},{"date" => "2022-03-29T05:40:00","version" => "6.0.16"},{"date" => "2022-05-01T08:08:14","version" => "6.0.17"},{"date" => "2022-05-02T05:46:40","version" => "6.0.18"},{"date" => "2022-05-04T04:41:47","version" => "6.0.19"},{"date" => "2022-05-10T04:49:43","version" => "6.0.20"},{"date" => "2022-05-15T06:21:08","version" => "6.0.21"},{"date" => "2022-05-20T06:08:02","version" => "6.0.22"},{"date" => "2022-06-15T07:10:22","version" => "6.0.23"},{"date" => "2022-06-16T04:18:25","version" => "6.0.24"},{"date" => "2022-08-05T07:14:05","version" => "6.0.25"},{"date" => "2022-09-15T05:20:07","version" => "6.0.26"},{"date" => "2022-09-25T09:36:30","version" => "6.0.27"},{"date" => "2023-01-08T19:11:51","version" => "6.0.28"},{"date" => "2023-01-14T16:31:10","version" => "6.0.29"},{"date" => "2023-02-14T06:31:07","version" => "6.0.30"},{"date" => "2023-02-14T07:31:33","version" => "6.0.31"},{"date" => "2024-02-20T07:12:44","version" => "6.0.33"},{"date" => "2024-02-22T02:15:03","version" => "6.0.33.1"},{"date" => "2024-02-22T07:23:31","version" => "6.0.33.2"},{"date" => "2024-02-23T00:35:01","version" => "6.0.33.3"},{"date" => "2024-03-01T06:11:32","version" => "6.0.33.4"},{"date" => "2024-04-16T04:53:42","version" => "6.0.35.1"}]},"Maypole" => {"advisories" => [{"affected_versions" => [">=2.10"],"cves" => ["CVE-2025-15578"],"description" => "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.","distribution" => "Maypole","fixed_versions" => [],"id" => "CPANSA-Maypole-2025-15578","references" => ["https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Maypole","versions" => [{"date" => "2004-02-11T17:41:55","version" => "1.0"},{"date" => "2004-02-25T10:32:37","version" => "1.1"},{"date" => "2004-03-25T12:42:17","version" => "1.2"},{"date" => "2004-03-26T19:19:58","version" => "1.3"},{"date" => "2004-04-16T17:18:54","version" => "1.4"},{"date" => "2004-06-21T13:43:06","version" => "1.5"},{"date" => "2004-07-16T22:54:54","version" => "1.6"},{"date" => "2004-07-17T19:17:16","version" => "1.7"},{"date" => "2004-10-18T08:10:24","version" => "1.99_01"},{"date" => "2004-10-23T19:10:22","version" => "2.0"},{"date" => "2004-10-24T13:04:49","version" => "2.01"},{"date" => "2004-10-25T12:10:08","version" => "2.02"},{"date" => "2004-10-26T14:17:44","version" => "2.03"},{"date" => "2004-10-28T13:53:40","version" => "2.04"},{"date" => "2004-12-24T04:01:58","version" => "2.05"},{"date" => "2004-12-29T01:41:17","version" => "2.06"},{"date" => "2005-01-24T20:48:15","version" => "2.08"},{"date" => "2005-01-25T23:04:10","version" => "2.09"},{"date" => "2005-07-05T18:37:34","version" => "2.10_pre1"},{"date" => "2005-07-08T19:16:47","version" => "2.10_pre2"},{"date" => "2005-07-08T19:23:54","version" => "2.10_pre2a"},{"date" => "2005-07-12T20:29:09","version" => "2.10_pre3"},{"date" => "2005-07-19T18:29:26","version" => "2.10"},{"date" => "2006-04-14T09:53:11","version" => "2.11_pre1"},{"date" => "2006-04-25T13:31:05","version" => "2.11_pre2"},{"date" => "2006-05-03T15:10:36","version" => "2.11_pre3"},{"date" => "2006-07-17T10:20:10","version" => "2.11_pre4"},{"date" => "2006-07-20T12:14:28","version" => "2.11_pre5"},{"date" => "2006-07-31T19:06:36","version" => "2.11"},{"date" => "2007-06-02T15:03:39","version" => "2.111"},{"date" => "2007-06-22T11:40:46","version" => "2.12"},{"date" => "2007-08-29T13:00:02","version" => "2.121"},{"date" => "2008-04-18T10:27:38","version" => "2.13"}]},"Mite" => {"advisories" => [{"affected_versions" => ["<0.013000"],"cves" => ["CVE-2025-30672"],"description" => "Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the \@INC path similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be  loaded instead of the intended file, potentially leading to arbitrary  code execution.  This affects the Mite distribution itself, and other distributions that contain code generated by Mite.","distribution" => "Mite","fixed_versions" => [">=0.013000"],"id" => "CPANSA-Mite-2025-30672","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/release/TOBYINK/Mite-0.013000/changes","https://perldoc.perl.org/perlrun#PERL_USE_UNSAFE_INC","https://wiki.gentoo.org/wiki/Project:Perl/Dot-In-INC-Removal"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Mite","versions" => [{"date" => "2014-07-29T21:10:24","version" => "v0.0.1"},{"date" => "2022-06-21T17:04:26","version" => "v0.0.2"},{"date" => "2022-06-21T20:35:06","version" => "v0.0.3"},{"date" => "2022-06-22T01:18:18","version" => "v0.0.4"},{"date" => "2022-06-22T12:41:26","version" => "v0.0.5"},{"date" => "2022-06-23T13:34:32","version" => "v0.0.6"},{"date" => "2022-06-23T19:39:49","version" => "v0.0.7"},{"date" => "2022-06-24T12:23:18","version" => "v0.0.8"},{"date" => "2022-06-28T12:54:37","version" => "v0.0.9"},{"date" => "2022-06-28T16:33:12","version" => "0.001000"},{"date" => "2022-06-28T23:23:27","version" => "0.001001"},{"date" => "2022-06-29T00:14:33","version" => "0.001002"},{"date" => "2022-06-29T00:23:14","version" => "0.001003"},{"date" => "2022-06-29T09:48:18","version" => "0.001004"},{"date" => "2022-06-29T10:47:18","version" => "0.001005"},{"date" => "2022-06-29T13:26:40","version" => "0.001006"},{"date" => "2022-06-29T15:01:20","version" => "0.001007"},{"date" => "2022-06-29T17:18:46","version" => "0.001008"},{"date" => "2022-06-29T17:24:52","version" => "0.001009"},{"date" => "2022-06-29T22:02:50","version" => "0.001010"},{"date" => "2022-06-29T23:15:21","version" => "0.001011"},{"date" => "2022-06-30T13:09:55","version" => "0.001012"},{"date" => "2022-06-30T20:52:53","version" => "0.001013"},{"date" => "2022-07-01T16:08:26","version" => "0.002000"},{"date" => "2022-07-01T17:12:53","version" => "0.002001"},{"date" => "2022-07-01T20:55:40","version" => "0.002002"},{"date" => "2022-07-02T19:31:17","version" => "0.002003"},{"date" => "2022-07-02T23:37:00","version" => "0.002004"},{"date" => "2022-07-03T08:50:07","version" => "0.003000"},{"date" => "2022-07-03T11:21:56","version" => "0.003001"},{"date" => "2022-07-04T20:27:47","version" => "0.004000"},{"date" => "2022-07-05T18:08:58","version" => "0.005000"},{"date" => "2022-07-06T13:32:59","version" => "0.005001"},{"date" => "2022-07-07T08:21:36","version" => "0.005002"},{"date" => "2022-07-08T12:14:54","version" => "0.005003"},{"date" => "2022-07-08T21:28:24","version" => "0.005004"},{"date" => "2022-07-09T16:14:35","version" => "0.006000"},{"date" => "2022-07-09T18:08:05","version" => "0.006001"},{"date" => "2022-07-10T10:32:50","version" => "0.006002"},{"date" => "2022-07-10T10:36:37","version" => "0.006003"},{"date" => "2022-07-10T11:56:49","version" => "0.006004"},{"date" => "2022-07-10T16:37:45","version" => "0.006005"},{"date" => "2022-07-10T19:55:04","version" => "0.006006"},{"date" => "2022-07-11T08:10:46","version" => "0.006007"},{"date" => "2022-07-11T13:14:24","version" => "0.006008"},{"date" => "2022-07-11T20:17:03","version" => "0.006009"},{"date" => "2022-07-12T12:19:49","version" => "0.006010"},{"date" => "2022-07-12T13:45:58","version" => "0.006011"},{"date" => "2022-07-13T12:26:42","version" => "0.006012"},{"date" => "2022-07-14T20:44:28","version" => "0.006013"},{"date" => "2022-07-16T23:12:32","version" => "0.007000"},{"date" => "2022-07-17T08:15:25","version" => "0.007001"},{"date" => "2022-07-17T08:57:45","version" => "0.007002"},{"date" => "2022-07-17T11:24:15","version" => "0.007003"},{"date" => "2022-07-20T09:23:13","version" => "0.007004"},{"date" => "2022-07-21T13:07:18","version" => "0.007005"},{"date" => "2022-07-21T20:44:59","version" => "0.007006"},{"date" => "2022-08-01T16:50:24","version" => "0.008000"},{"date" => "2022-08-03T14:18:10","version" => "0.008001"},{"date" => "2022-08-03T16:55:42","version" => "0.008002"},{"date" => "2022-08-04T23:53:31","version" => "0.008003"},{"date" => "2022-08-07T16:16:40","version" => "0.009000"},{"date" => "2022-08-08T12:49:01","version" => "0.009001"},{"date" => "2022-08-08T16:16:56","version" => "0.009002"},{"date" => "2022-08-08T18:19:51","version" => "0.009003"},{"date" => "2022-08-09T18:41:15","version" => "0.010000"},{"date" => "2022-08-09T21:40:29","version" => "0.010001"},{"date" => "2022-08-12T10:21:24","version" => "0.010002"},{"date" => "2022-08-12T15:46:11","version" => "0.010003"},{"date" => "2022-08-13T08:14:34","version" => "0.010004"},{"date" => "2022-08-13T13:06:05","version" => "0.010005"},{"date" => "2022-08-14T13:54:50","version" => "0.010006"},{"date" => "2022-08-14T14:03:09","version" => "0.010007"},{"date" => "2022-08-15T14:16:11","version" => "0.010008"},{"date" => "2022-11-09T15:20:39","version" => "0.011000"},{"date" => "2022-12-12T20:44:49","version" => "0.012000"},{"date" => "2025-03-31T10:59:29","version" => "0.013000"}]},"Module-Load-Conditional" => {"advisories" => [{"affected_versions" => ["<0.66"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Module-Load-Conditional","fixed_versions" => [">=0.66"],"id" => "CPANSA-Module-Load-Conditional-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Module::Load::Conditional","versions" => [{"date" => "2003-05-10T16:59:45","version" => "0.02"},{"date" => "2003-05-31T12:30:25","version" => "0.03"},{"date" => "2003-10-05T15:11:11","version" => "0.04"},{"date" => "2004-05-22T14:34:33","version" => "0.05"},{"date" => "2004-12-03T15:53:27","version" => "0.06"},{"date" => "2005-01-13T18:59:45","version" => "0.07"},{"date" => "2005-01-14T17:32:34","version" => "0.08"},{"date" => "2006-08-01T20:05:30","version" => "0.10"},{"date" => "2006-08-13T13:08:40","version" => "0.12"},{"date" => "2007-01-03T17:38:46","version" => "0.14"},{"date" => "2007-01-25T21:40:29","version" => "0.16"},{"date" => "2007-09-15T14:20:27","version" => "0.18"},{"date" => "2007-10-03T15:27:25","version" => "0.20"},{"date" => "2007-10-15T08:19:21","version" => "0.22"},{"date" => "2008-01-02T15:57:46","version" => "0.24"},{"date" => "2008-02-29T16:01:59","version" => "0.26"},{"date" => "2008-12-17T12:56:57","version" => "0.28"},{"date" => "2009-01-19T15:56:22","version" => "0.30"},{"date" => "2009-10-23T09:16:58","version" => "0.31_01"},{"date" => "2009-10-23T20:58:24","version" => "0.32"},{"date" => "2009-10-29T09:27:23","version" => "0.34"},{"date" => "2010-02-09T14:20:49","version" => "0.36"},{"date" => "2010-04-23T15:03:33","version" => "0.38"},{"date" => "2011-01-07T22:28:54","version" => "0.40"},{"date" => "2011-02-09T15:29:28","version" => "0.42"},{"date" => "2011-02-09T21:54:40","version" => "0.44"},{"date" => "2011-09-07T23:02:16","version" => "0.46"},{"date" => "2012-03-15T13:58:36","version" => "0.48"},{"date" => "2012-04-27T21:29:11","version" => "0.50"},{"date" => "2012-07-29T09:13:49","version" => "0.52"},{"date" => "2012-08-12T08:13:47","version" => "0.54"},{"date" => "2013-08-29T20:32:38","version" => "0.56"},{"date" => "2013-09-01T10:25:33","version" => "0.58"},{"date" => "2014-01-16T12:31:47","version" => "0.60"},{"date" => "2014-01-24T15:55:28","version" => "0.62"},{"date" => "2015-01-17T13:36:11","version" => "0.64"},{"date" => "2016-07-27T07:37:34","version" => "0.66"},{"date" => "2016-07-29T07:05:40","version" => "0.68"},{"date" => "2019-11-10T14:37:30","version" => "0.70"},{"date" => "2020-06-25T07:23:00","version" => "0.72"},{"date" => "2020-08-21T08:09:10","version" => "0.74"}]},"Module-Metadata" => {"advisories" => [{"affected_versions" => ["<1.000015"],"cves" => ["CVE-2013-1437"],"description" => "Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the \$Version value.\n","distribution" => "Module-Metadata","fixed_versions" => [">=1.000015"],"id" => "CPANSA-Module-Metadata-2013-1437","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html","https://metacpan.org/changes/distribution/Module-Metadata","http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html"],"reported" => "2020-01-28","reviewed_by" => [{"date" => "2022-07-11","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => "critical"}],"main_module" => "Module::Metadata","versions" => [{"date" => "2010-07-06T21:16:54","version" => "1.000000"},{"date" => "2010-07-08T23:56:47","version" => "1.000001"},{"date" => "2010-12-10T17:07:09","version" => "1.000002"},{"date" => "2011-01-07T02:35:06","version" => "1.000003"},{"date" => "2011-02-03T07:55:40","version" => "1.000004"},{"date" => "2011-08-03T01:41:05","version" => "1.000005"},{"date" => "2011-08-29T19:48:33","version" => "1.000006"},{"date" => "2011-09-07T16:01:55","version" => "1.000007"},{"date" => "2012-02-08T03:31:54","version" => "1.000008"},{"date" => "2012-02-08T17:34:49","version" => "1.000009"},{"date" => "2012-07-29T19:21:55","version" => "1.000010"},{"date" => "2012-08-16T00:07:05","version" => "1.000010_001"},{"date" => "2012-08-16T00:15:02","version" => "1.000010_002"},{"date" => "2012-08-16T04:54:55","version" => "1.000010_003"},{"date" => "2012-08-16T19:57:31","version" => "1.000011"},{"date" => "2013-05-05T04:59:03","version" => "1.000012"},{"date" => "2013-05-08T23:00:33","version" => "1.000013"},{"date" => "2013-05-09T09:02:22","version" => "1.000014"},{"date" => "2013-08-21T15:46:56","version" => "1.000015"},{"date" => "2013-08-22T05:59:11","version" => "1.000016"},{"date" => "2013-09-11T01:06:02","version" => "1.000017"},{"date" => "2013-09-11T16:28:24","version" => "1.000018"},{"date" => "2013-10-06T16:50:13","version" => "1.000019"},{"date" => "2014-04-27T20:57:08","version" => "1.000020"},{"date" => "2014-04-29T18:29:51","version" => "1.000021"},{"date" => "2014-04-29T22:06:21","version" => "1.000022"},{"date" => "2014-06-02T02:39:20","version" => "1.000023"},{"date" => "2014-06-03T01:54:30","version" => "1.000024"},{"date" => "2015-01-04T18:57:40","version" => "1.000025"},{"date" => "2015-01-17T19:23:52","version" => "1.000026"},{"date" => "2015-04-11T00:23:53","version" => "1.000027"},{"date" => "2015-09-11T04:25:25","version" => "1.000028"},{"date" => "2015-09-11T16:26:57","version" => "1.000029"},{"date" => "2015-11-20T03:05:34","version" => "1.000030"},{"date" => "2015-11-24T03:59:40","version" => "1.000031"},{"date" => "2016-04-23T22:38:13","version" => "1.000032"},{"date" => "2016-07-24T23:34:48","version" => "1.000033"},{"date" => "2018-07-19T20:31:14","version" => "1.000034"},{"date" => "2019-04-18T02:44:48","version" => "1.000035"},{"date" => "2019-04-18T18:27:14","version" => "1.000036"},{"date" => "2019-09-07T18:34:09","version" => "1.000037"},{"date" => "2023-04-28T11:27:07","version" => "1.000038"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "1.000005_01"}]},"Module-Provision" => {"advisories" => [{"affected_versions" => ["<0.42.1"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Module-Provision","fixed_versions" => [">=0.42.1"],"id" => "CPANSA-Module-Provision-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Module::Provision","versions" => [{"date" => "2013-04-14T19:20:34","version" => "v0.3.43"},{"date" => "2013-04-15T12:46:30","version" => "v0.3.44"},{"date" => "2013-04-15T17:33:39","version" => "v0.3.45"},{"date" => "2013-04-21T16:14:43","version" => "v0.4.47"},{"date" => "2013-04-22T15:09:36","version" => "v0.4.51"},{"date" => "2013-04-24T04:13:42","version" => "v0.6.59"},{"date" => "2013-04-24T23:34:41","version" => "v0.7.4"},{"date" => "2013-04-27T01:18:07","version" => "v0.7.6"},{"date" => "2013-04-27T11:36:59","version" => "v0.7.7"},{"date" => "2013-04-30T22:32:47","version" => "v0.8.3"},{"date" => "2013-05-02T18:45:43","version" => "v0.9.5"},{"date" => "2013-05-04T00:14:46","version" => "v0.10.1"},{"date" => "2013-05-04T20:22:41","version" => "v0.11.1"},{"date" => "2013-05-06T15:08:18","version" => "v0.12.1"},{"date" => "2013-05-08T15:51:41","version" => "v0.12.3"},{"date" => "2013-05-09T23:42:20","version" => "v0.12.5"},{"date" => "2013-05-10T19:29:24","version" => "v0.12.6"},{"date" => "2013-05-11T02:15:00","version" => "v0.13.1"},{"date" => "2013-05-11T13:59:50","version" => "v0.14.2"},{"date" => "2013-05-12T18:03:55","version" => "v0.15.3"},{"date" => "2013-05-14T12:49:37","version" => "v0.15.5"},{"date" => "2013-05-15T17:55:40","version" => "v0.15.6"},{"date" => "2013-05-15T20:59:19","version" => "v0.15.7"},{"date" => "2013-05-16T23:02:48","version" => "v0.15.8"},{"date" => "2013-05-19T12:59:15","version" => "v0.15.9"},{"date" => "2013-06-08T17:12:50","version" => "v0.16.1"},{"date" => "2013-07-28T18:42:27","version" => "v0.17.16"},{"date" => "2013-07-29T16:10:28","version" => "v0.17.17"},{"date" => "2013-07-29T23:51:34","version" => "v0.17.18"},{"date" => "2013-07-30T13:06:37","version" => "v0.17.19"},{"date" => "2013-08-07T17:56:55","version" => "v0.18.0"},{"date" => "2013-08-07T17:58:22","version" => "v0.18.1"},{"date" => "2013-08-08T13:39:44","version" => "v0.18.2"},{"date" => "2013-08-10T08:51:08","version" => "v0.18.3"},{"date" => "2013-08-10T21:18:54","version" => "v0.18.4"},{"date" => "2013-08-17T15:47:30","version" => "0.20.1"},{"date" => "2013-08-21T12:36:06","version" => "0.21.1"},{"date" => "2013-08-21T12:56:35","version" => "0.22.1"},{"date" => "2013-09-14T09:38:12","version" => "0.23.1"},{"date" => "2013-09-16T20:23:50","version" => "0.24.1"},{"date" => "2013-11-23T13:38:55","version" => "0.25.1"},{"date" => "2013-11-25T21:30:21","version" => "0.26.1"},{"date" => "2013-12-11T17:25:32","version" => "0.27.1"},{"date" => "2013-12-12T14:23:50","version" => "0.28.1"},{"date" => "2013-12-12T21:54:50","version" => "0.29.1"},{"date" => "2014-01-24T21:05:50","version" => "0.31.2"},{"date" => "2014-05-01T14:42:10","version" => "0.32.1"},{"date" => "2014-05-15T20:55:59","version" => "0.33.1"},{"date" => "2014-05-19T11:47:05","version" => "0.34.1"},{"date" => "2014-10-28T13:51:21","version" => "0.36.1"},{"date" => "2015-02-11T17:52:30","version" => "0.38.1"},{"date" => "2015-02-11T19:03:04","version" => "0.39.1"},{"date" => "2015-06-08T21:47:29","version" => "0.40.1"},{"date" => "2016-04-04T12:15:12","version" => "0.41.1"},{"date" => "2017-05-08T19:30:17","version" => "0.42.1"}]},"Module-ScanDeps" => {"advisories" => [{"affected_versions" => ["<1.36"],"cves" => ["CVE-2024-10224"],"description" => "Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a \"pesky pipe\" (such as passing \"commands|\" as a filename) or by passing arbitrary strings to eval().\n","distribution" => "Module-ScanDeps","fixed_versions" => [">=1.36"],"id" => "CPANSA-Module-ScanDeps-2024-10224","references" => ["https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529","https://www.cve.org/CVERecord?id=CVE-2024-10224","https://www.qualys.com/2024/11/19/needrestart/needrestart.txt","https://lists.debian.org/debian-lts-announce/2024/11/msg00015.html","https://ubuntu.com/security/CVE-2024-10224"],"reported" => "2024-11-19","severity" => undef}],"main_module" => "Module::ScanDeps","versions" => [{"date" => "2002-11-02T02:07:07","version" => "0.01"},{"date" => "2002-11-02T15:56:27","version" => "0.02"},{"date" => "2002-11-03T19:51:24","version" => "0.03"},{"date" => "2002-11-04T12:01:46","version" => "0.10"},{"date" => "2003-01-18T19:35:58","version" => "0.12"},{"date" => "2003-01-18T21:08:58","version" => "0.13"},{"date" => "2003-01-19T15:48:47","version" => "0.14"},{"date" => "2003-02-25T03:23:37","version" => "0.17"},{"date" => "2003-03-20T11:59:13","version" => "0.18"},{"date" => "2003-03-22T13:20:27","version" => "0.19"},{"date" => "2003-07-30T14:59:45","version" => "0.20"},{"date" => "2003-07-30T15:18:11","version" => "0.21"},{"date" => "2003-08-07T18:41:51","version" => "0.22"},{"date" => "2003-08-08T10:19:27","version" => "0.23"},{"date" => "2003-08-10T05:43:06","version" => "0.24"},{"date" => "2003-08-10T15:46:55","version" => "0.25"},{"date" => "2003-08-16T04:48:20","version" => "0.27"},{"date" => "2003-08-17T19:03:59","version" => "0.28"},{"date" => "2003-09-17T09:18:20","version" => "0.29"},{"date" => "2003-09-20T20:36:32","version" => "0.30"},{"date" => "2003-10-17T22:37:35","version" => "0.31"},{"date" => "2003-10-26T10:53:58","version" => "0.32"},{"date" => "2003-12-21T01:21:51","version" => "0.33"},{"date" => "2003-12-30T02:36:30","version" => "0.34"},{"date" => "2003-12-31T12:02:59","version" => "0.35"},{"date" => "2003-12-31T15:33:07","version" => "0.37"},{"date" => "2004-01-08T11:38:10","version" => "0.38"},{"date" => "2004-01-25T16:28:12","version" => "0.39"},{"date" => "2004-02-23T21:14:41","version" => "0.40"},{"date" => "2004-04-18T16:05:29","version" => "0.41"},{"date" => "2004-04-30T20:02:44","version" => "0.42"},{"date" => "2004-06-02T18:05:32","version" => "0.43"},{"date" => "2004-06-08T19:06:29","version" => "0.44"},{"date" => "2004-06-30T08:03:18","version" => "0.45"},{"date" => "2004-07-02T10:35:16","version" => "0.46"},{"date" => "2004-08-30T22:13:57","version" => "0.47"},{"date" => "2004-09-06T20:56:31","version" => "0.48"},{"date" => "2004-09-26T17:45:11","version" => "0.49"},{"date" => "2004-10-03T17:31:23","version" => "0.50"},{"date" => "2005-01-07T20:57:46","version" => "0.51"},{"date" => "2005-12-12T12:05:41","version" => "0.52"},{"date" => "2006-01-09T18:07:40","version" => "0.53"},{"date" => "2006-01-11T03:19:40","version" => "0.54"},{"date" => "2006-02-17T16:39:23","version" => "0.55"},{"date" => "2006-02-20T15:38:03","version" => "0.56"},{"date" => "2006-03-03T19:30:56","version" => "0.57"},{"date" => "2006-04-16T14:54:53","version" => "0.58"},{"date" => "2006-05-03T09:13:49","version" => "0.59"},{"date" => "2006-05-23T15:29:09","version" => "0.60"},{"date" => "2006-06-30T19:12:26","version" => "0.61"},{"date" => "2006-07-16T09:25:37","version" => "0.62"},{"date" => "2006-08-27T17:26:32","version" => "0.63"},{"date" => "2006-09-23T07:46:41","version" => "0.64"},{"date" => "2006-09-24T07:59:07","version" => "0.64"},{"date" => "2006-09-24T09:03:21","version" => "0.66"},{"date" => "2006-10-24T16:12:59","version" => "0.67"},{"date" => "2006-10-25T19:08:27","version" => "0.68"},{"date" => "2006-11-07T18:16:07","version" => "0.69"},{"date" => "2006-11-21T11:00:52","version" => "0.70"},{"date" => "2007-01-04T19:28:34","version" => "0.71"},{"date" => "2007-02-03T10:40:10","version" => "0.72"},{"date" => "2007-03-25T18:35:04","version" => "0.73"},{"date" => "2007-04-14T09:17:51","version" => "0.73_01"},{"date" => "2007-04-30T18:45:05","version" => "0.74"},{"date" => "2007-06-24T17:25:22","version" => "0.75"},{"date" => "2007-07-21T15:40:54","version" => "0.76"},{"date" => "2007-09-20T17:42:07","version" => "0.77"},{"date" => "2007-11-17T04:18:23","version" => "0.78"},{"date" => "2007-11-30T21:08:01","version" => "0.80"},{"date" => "2007-12-07T13:24:35","version" => "0.81"},{"date" => "2008-01-28T16:33:27","version" => "0.82"},{"date" => "2008-03-22T23:35:16","version" => "0.83"},{"date" => "2008-05-13T14:39:03","version" => "0.84"},{"date" => "2008-10-23T13:17:33","version" => "0.86"},{"date" => "2008-10-28T13:10:35","version" => "0.87"},{"date" => "2008-11-02T16:06:00","version" => "0.83"},{"date" => "2008-11-03T21:38:03","version" => "0.83"},{"date" => "2009-05-09T09:09:37","version" => "0.90"},{"date" => "2009-06-22T20:07:07","version" => "0.91"},{"date" => "2009-07-19T08:55:54","version" => "0.92"},{"date" => "2009-07-19T09:51:33","version" => "0.93"},{"date" => "2009-08-10T18:32:02","version" => "0.94"},{"date" => "2009-09-16T09:14:53","version" => "0.95"},{"date" => "2009-11-13T10:36:02","version" => "0.96"},{"date" => "2010-04-10T15:20:47","version" => "0.97"},{"date" => "2010-07-26T19:24:02","version" => "0.98"},{"date" => "2011-02-19T16:00:01","version" => "1.00"},{"date" => "2011-03-26T12:51:17","version" => "1.01"},{"date" => "2011-04-03T19:59:22","version" => "1.02"},{"date" => "2011-07-18T21:29:19","version" => "1.03"},{"date" => "2011-07-21T09:09:46","version" => "1.04"},{"date" => "2011-11-02T18:31:39","version" => "1.05"},{"date" => "2011-11-28T15:50:49","version" => "1.06"},{"date" => "2011-11-29T18:02:00","version" => "1.07"},{"date" => "2012-02-21T16:07:41","version" => "1.08"},{"date" => "2012-09-09T11:14:11","version" => "1.09"},{"date" => "2012-10-20T14:15:34","version" => "1.10"},{"date" => "2013-09-28T10:27:58","version" => "1.11"},{"date" => "2013-12-01T14:49:13","version" => "1.12"},{"date" => "2013-12-21T12:07:54","version" => "1.13"},{"date" => "2014-08-03T11:34:45","version" => "1.14"},{"date" => "2014-08-23T15:39:26","version" => "1.15"},{"date" => "2014-09-28T16:17:32","version" => "1.16"},{"date" => "2014-10-31T11:13:34","version" => "1.17"},{"date" => "2015-01-19T21:56:34","version" => "1.18"},{"date" => "2015-05-27T08:53:42","version" => "1.19"},{"date" => "2015-10-04T13:18:36","version" => "1.20"},{"date" => "2016-04-05T10:11:15","version" => "1.21"},{"date" => "2016-09-17T20:57:48","version" => "1.22"},{"date" => "2016-11-16T19:46:41","version" => "1.23"},{"date" => "2017-06-28T17:13:27","version" => "1.24"},{"date" => "2018-08-17T22:21:56","version" => "1.25"},{"date" => "2018-12-12T17:38:39","version" => "1.26"},{"date" => "2018-12-13T17:16:52","version" => "1.26_001"},{"date" => "2019-01-15T20:08:40","version" => "1.27"},{"date" => "2020-08-06T08:02:24","version" => "1.28"},{"date" => "2020-08-16T12:35:20","version" => "1.29"},{"date" => "2021-01-13T15:02:27","version" => "1.30"},{"date" => "2021-04-21T14:17:01","version" => "1.31"},{"date" => "2023-06-14T09:30:00","version" => "1.31_001"},{"date" => "2023-06-15T11:55:12","version" => "1.31_002"},{"date" => "2023-06-16T09:04:27","version" => "1.31_003"},{"date" => "2023-06-18T10:34:43","version" => "1.31_004"},{"date" => "2023-07-05T15:58:09","version" => "1.32"},{"date" => "2023-08-04T15:50:23","version" => "1.33"},{"date" => "2023-09-24T15:21:05","version" => "1.34"},{"date" => "2023-11-05T12:46:38","version" => "1.35"},{"date" => "2024-11-19T16:12:58","version" => "1.37"}]},"Module-Signature" => {"advisories" => [{"affected_versions" => ["<0.72"],"cves" => ["CVE-2013-2145"],"description" => "The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a \"special unknown cipher\" that references an untrusted module in Digest/.\n","distribution" => "Module-Signature","fixed_versions" => [">=0.72"],"id" => "CPANSA-Module-Signature-2013-01","references" => ["https://metacpan.org/changes/distribution/Module-Signature"],"reported" => "2013-08-19"}],"main_module" => "Module::Signature","versions" => [{"date" => "2002-08-13T14:04:00","version" => "0.02"},{"date" => "2002-08-13T15:48:18","version" => "0.03"},{"date" => "2002-08-14T08:03:45","version" => "0.04"},{"date" => "2002-08-14T09:28:41","version" => "0.05"},{"date" => "2002-10-10T15:22:33","version" => "0.06"},{"date" => "2002-10-11T04:16:01","version" => "0.07"},{"date" => "2002-10-11T19:32:19","version" => "0.08"},{"date" => "2002-10-12T10:33:29","version" => "0.09"},{"date" => "2002-10-12T11:10:21","version" => "0.10"},{"date" => "2002-10-12T19:23:48","version" => "0.11"},{"date" => "2002-10-12T22:55:54","version" => "0.12"},{"date" => "2002-10-13T05:22:45","version" => "0.13"},{"date" => "2002-10-17T06:14:07","version" => "0.14"},{"date" => "2002-10-17T22:01:57","version" => "0.15"},{"date" => "2002-10-28T23:37:00","version" => "0.16"},{"date" => "2002-10-30T07:05:06","version" => "0.17"},{"date" => "2002-11-04T15:08:41","version" => "0.18"},{"date" => "2002-11-04T15:13:45","version" => "0.19"},{"date" => "2002-11-04T15:24:41","version" => "0.20"},{"date" => "2002-11-22T10:28:48","version" => "0.21"},{"date" => "2003-05-15T18:44:28","version" => "0.23"},{"date" => "2003-07-08T02:49:57","version" => "0.24"},{"date" => "2003-07-16T06:31:58","version" => "0.25"},{"date" => "2003-07-17T14:03:19","version" => "0.26"},{"date" => "2003-07-28T14:31:54","version" => "0.27"},{"date" => "2003-07-29T15:30:55","version" => "0.28"},{"date" => "2003-08-08T02:54:01","version" => "0.29"},{"date" => "2003-08-10T13:35:38","version" => "0.30"},{"date" => "2003-08-10T17:17:19","version" => "0.31"},{"date" => "2003-08-11T09:15:13","version" => "0.32"},{"date" => "2003-08-12T04:11:59","version" => "0.33"},{"date" => "2003-08-18T15:32:45","version" => "0.34"},{"date" => "2003-08-27T07:08:31","version" => "0.35"},{"date" => "2003-10-28T04:22:56","version" => "0.36"},{"date" => "2003-11-06T10:55:07","version" => "0.37"},{"date" => "2004-01-01T10:14:15","version" => "0.38"},{"date" => "2004-06-17T15:17:14","version" => "0.39"},{"date" => "2004-07-01T12:18:17","version" => "0.40"},{"date" => "2004-07-04T08:19:11","version" => "0.41"},{"date" => "2004-11-20T06:19:22","version" => "0.42"},{"date" => "2004-12-16T06:45:55","version" => "0.43"},{"date" => "2004-12-16T07:17:30","version" => "0.44"},{"date" => "2005-08-09T04:23:46","version" => "0.45"},{"date" => "2005-08-21T08:16:22","version" => "0.50"},{"date" => "2006-01-01T18:41:57","version" => "0.51"},{"date" => "2006-01-18T16:32:37","version" => "0.52"},{"date" => "2006-01-31T05:02:24","version" => "0.53"},{"date" => "2006-05-11T17:12:46","version" => "0.54"},{"date" => "2006-07-30T01:15:07","version" => "0.55"},{"date" => "2009-11-16T14:59:35","version" => "0.60"},{"date" => "2009-11-18T16:58:07","version" => "0.61"},{"date" => "2010-03-23T21:21:37","version" => "0.62"},{"date" => "2010-03-28T02:49:21","version" => "0.62"},{"date" => "2010-05-08T22:55:43","version" => "0.62"},{"date" => "2010-09-03T19:55:36","version" => "0.65"},{"date" => "2010-09-06T20:58:24","version" => "0.66"},{"date" => "2011-04-17T15:09:22","version" => "0.67"},{"date" => "2011-05-13T09:55:20","version" => "0.68"},{"date" => "2012-11-02T15:20:28","version" => "0.69"},{"date" => "2012-11-28T17:49:21","version" => "0.70"},{"date" => "2013-06-04T10:29:18","version" => "0.71"},{"date" => "2013-06-05T15:21:34","version" => "0.72"},{"date" => "2013-06-05T20:57:10","version" => "0.73"},{"date" => "2015-04-06T18:39:32","version" => "0.74"},{"date" => "2015-04-06T20:58:34","version" => "0.75"},{"date" => "2015-04-08T10:13:11","version" => "0.76"},{"date" => "2015-04-08T11:47:26","version" => "0.77"},{"date" => "2015-04-09T09:00:30","version" => "0.78"},{"date" => "2015-05-18T15:18:02","version" => "0.79"},{"date" => "2016-06-07T06:36:30","version" => "0.80"},{"date" => "2016-09-05T06:41:06","version" => "0.81"},{"date" => "2018-08-26T15:19:13","version" => "0.81"},{"date" => "2018-08-29T08:35:25","version" => "0.83"},{"date" => "2020-06-25T13:01:10","version" => "0.84"},{"date" => "2020-06-25T13:10:23","version" => "0.86"},{"date" => "2020-07-04T07:16:32","version" => "0.87"},{"date" => "2021-12-18T03:39:32","version" => "0.87"},{"date" => "2024-09-14T13:57:16","version" => "0.89"},{"date" => "2024-09-15T22:11:10","version" => "0.89"},{"date" => "2025-06-12T01:04:46","version" => "0.90"},{"date" => "2025-06-12T20:20:16","version" => "0.90"},{"date" => "2025-06-24T15:20:35","version" => "0.91"},{"date" => "2025-06-25T17:30:52","version" => "0.92"},{"date" => "2025-06-27T19:39:37","version" => "0.93"}]},"Mojo-DOM-Role-Analyzer" => {"advisories" => [{"affected_versions" => ["<=0.015"],"cves" => ["CVE-2024-38526"],"description" => "pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.\n","distribution" => "Mojo-DOM-Role-Analyzer","embedded_vulnerability" => {"distributed_version" => undef,"name" => "polyfill.io"},"fixed_versions" => [],"id" => "CPANSA-Mojo-DOM-Role-Analyzer-2024-38526","references" => ["https://github.com/mitmproxy/pdoc/pull/703","https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62","https://sansec.io/research/polyfill-supply-chain-attack","https://github.com/briandfoy/cpan-security-advisory/issues/155","https://github.com/sdondley/Mojo-DOM-Role-Analyzer/issues/10","https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/"],"reported" => "2024-06-26","severity" => undef}],"main_module" => "Mojo::DOM::Role::Analyzer","versions" => [{"date" => "2020-08-04T22:48:59","version" => "0.007"},{"date" => "2020-08-05T13:43:47","version" => "0.008"},{"date" => "2020-08-06T02:47:29","version" => "0.009"},{"date" => "2020-08-08T13:39:18","version" => "0.010"},{"date" => "2020-08-09T13:43:20","version" => "0.011"},{"date" => "2020-08-09T23:37:24","version" => "0.012"},{"date" => "2020-08-12T03:21:57","version" => "0.013"},{"date" => "2020-08-13T21:09:19","version" => "0.014"},{"date" => "2020-08-16T15:39:17","version" => "0.015"}]},"MojoMojo" => {"advisories" => [{"affected_versions" => ["<0.999033"],"cves" => [],"description" => "Anonymous users can delete attachments.\n","distribution" => "MojoMojo","fixed_versions" => [">=0.999033"],"id" => "CPANSA-MojoMojo-2009-01","references" => ["https://metacpan.org/changes/distribution/MojoMojo","https://github.com/mojomojo/mojomojo/commit/a9b9fd4f4f037627d30f3cbaa10abe42a3439637"],"reported" => "2009-08-14"}],"main_module" => "MojoMojo","versions" => [{"date" => "2007-08-29T14:32:52","version" => "0.05"},{"date" => "2007-09-12T21:46:24","version" => "0.05"},{"date" => "2007-09-13T11:28:37","version" => "0.05"},{"date" => "2007-09-18T07:33:43","version" => "0.999004"},{"date" => "2007-09-18T08:02:02","version" => "0.999005"},{"date" => "2007-09-19T20:59:39","version" => "0.999006"},{"date" => "2007-09-23T23:30:59","version" => "0.999007"},{"date" => "2007-11-12T22:25:35","version" => "0.999008"},{"date" => "2008-01-20T23:15:07","version" => "0.999010"},{"date" => "2008-01-23T23:00:05","version" => "0.999011"},{"date" => "2008-02-05T23:20:47","version" => "0.999012"},{"date" => "2008-03-05T00:34:49","version" => "0.999013"},{"date" => "2008-05-02T18:11:49","version" => "0.999014"},{"date" => "2008-05-03T16:10:08","version" => "0.999015"},{"date" => "2008-06-29T13:03:39","version" => "0.999016"},{"date" => "2008-07-09T14:26:56","version" => "0.999017"},{"date" => "2008-07-16T19:26:46","version" => "0.999018"},{"date" => "2008-07-19T21:33:36","version" => "0.999018"},{"date" => "2008-07-29T16:25:08","version" => "0.999018"},{"date" => "2008-11-01T01:04:37","version" => "0.999021"},{"date" => "2008-11-15T09:09:37","version" => "0.999022"},{"date" => "2008-11-23T16:45:05","version" => "0.999023"},{"date" => "2008-12-31T17:53:50","version" => "0.999024"},{"date" => "2009-01-04T22:51:40","version" => "0.999025"},{"date" => "2009-01-07T23:28:15","version" => "0.999026"},{"date" => "2009-01-30T23:29:25","version" => "0.999027"},{"date" => "2009-04-23T10:06:20","version" => "0.999028"},{"date" => "2009-05-09T23:21:10","version" => "0.999029"},{"date" => "2009-07-18T19:39:14","version" => "0.999030"},{"date" => "2009-07-26T19:39:37","version" => "0.999031"},{"date" => "2009-08-02T21:28:51","version" => "0.999032"},{"date" => "2009-08-14T12:50:18","version" => "0.999033"},{"date" => "2009-09-04T18:27:34","version" => "0.999040"},{"date" => "2009-10-26T16:07:25","version" => "0.999041"},{"date" => "2009-12-02T08:22:24","version" => "0.999042"},{"date" => "2010-05-11T22:58:19","version" => "1.00"},{"date" => "2010-05-27T07:44:39","version" => "1.01"},{"date" => "2010-08-30T21:24:41","version" => "1.02"},{"date" => "2011-01-13T12:48:10","version" => "1.03"},{"date" => "2011-03-12T23:37:45","version" => "1.04"},{"date" => "2011-09-14T10:09:05","version" => "1.05"},{"date" => "2012-08-07T10:39:42","version" => "1.06"},{"date" => "2012-11-12T23:30:00","version" => "1.07"},{"date" => "2013-01-06T07:46:41","version" => "1.08"},{"date" => "2013-01-25T16:06:42","version" => "1.09"},{"date" => "2013-05-12T22:59:03","version" => "1.10"},{"date" => "2014-12-25T17:13:24","version" => "1.11"},{"date" => "2017-05-13T13:47:52","version" => "1.12"}]},"Mojolicious" => {"advisories" => [{"affected_versions" => ["<9.31"],"cves" => [],"description" => "Mojo::DOM did not correctly parse <script> tags.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.31"],"id" => "CPANSA-Mojolicious-2022-03","references" => ["https://github.com/mojolicious/mojo/commit/6f195d85db6756022d3599f7d2634975688c9550","https://github.com/mojolicious/mojo/issues/2014","https://github.com/mojolicious/mojo/issues/2015"],"reported" => "2022-12-10","severity" => undef},{"affected_versions" => ["<9.19"],"cves" => [],"description" => "Small sessions could be used as part of a brute-force attack to decode the session secret.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.91"],"id" => "CPANSA-Mojolicious-2021-02","references" => ["https://github.com/mojolicious/mojo/pull/1791"],"reported" => "2021-06-01","severity" => undef},{"affected_versions" => ["<9.11"],"cves" => ["CVE-2021-47208"],"description" => "A bug in format detection can potentially be exploited for a DoS attack.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.11"],"id" => "CPANSA-Mojolicious-2021-01","references" => ["https://github.com/mojolicious/mojo/issues/1736","https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c"],"reported" => "2021-03-16","severity" => undef},{"affected_versions" => [">1.74,<8.65"],"cves" => ["CVE-2020-36829"],"description" => "Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.\n","distribution" => "Mojolicious","fixed_versions" => [">=8.65"],"id" => "CPANSA-Mojolicious-2020-01","references" => ["https://github.com/mojolicious/mojo/pull/1601"],"reported" => "2020-11-10","reviewed_by" => [{"date" => "2022-06-22","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => [">7.83,<7.92"],"cves" => [],"description" => "This release reverts the addition of stream classes (added in 7.83), which have unfortunately resulted in many Mojolicious applications becoming unstable. While there are no known exploits yet, we've chosen to err on the side of cautiousness and will classify this as a security issue.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.92"],"id" => "CPANSA-Mojolicious-2018-04","references" => ["https://github.com/mojolicious/mojo/commit/61f6cbf22c7bf8eb4787bd1014d91ee2416c73e7"],"reported" => "2018-08-09","severity" => "critical"},{"affected_versions" => ["<7.80"],"cves" => [],"description" => "Mojo::UserAgent was not checking peer SSL certificates by default.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.80"],"id" => "CPANSA-Mojolicious-2018-03","references" => ["https://github.com/mojolicious/mojo/pull/1226","https://github.com/mojolicious/mojo/commit/d3cbbad890673612fdbdea63fdd522b516f6104c"],"reported" => "2018-05-19","severity" => "high"},{"affected_versions" => ["<7.78"],"cves" => [],"description" => "GET requests with embedded backslashes can be used to access local files on Windows hosts\n","distribution" => "Mojolicious","fixed_versions" => [">=7.78"],"id" => "CPANSA-Mojolicious-2018-02","references" => ["https://github.com/mojolicious/mojo/pull/1217","https://github.com/mojolicious/mojo/commit/23ebe051d9378f0f122e3c908845fc0c2cae0106"],"reported" => "2018-05-11","severity" => "critical"},{"affected_versions" => ["<7.66"],"cves" => ["CVE-2018-25100"],"description" => "Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.66"],"id" => "CPANSA-Mojolicious-2018-01","references" => ["https://github.com/mojolicious/mojo/pull/1192","https://github.com/mojolicious/mojo/issues/1185","https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149"],"reported" => "2018-02-13","severity" => "minor"},{"affected_versions" => ["<5.76"],"cves" => [],"description" => "Directory traversal on Windows\n","distribution" => "Mojolicious","fixed_versions" => [">=5.76"],"id" => "CPANSA-Mojolicious-2015-01","references" => ["https://github.com/mojolicious/mojo/issues/738","https://github.com/mojolicious/mojo/commit/9ffa38fca73a9ddee91cbc70e0696268d500edde"],"reported" => "2015-02-02","severity" => "critical"},{"affected_versions" => ["<5.48"],"cves" => [],"description" => "Context sensitivity of method param could lead to parameter injection attacks.\n","distribution" => "Mojolicious","fixed_versions" => [">=5.48"],"id" => "CPANSA-Mojolicious-2014-01","references" => ["https://github.com/mojolicious/mojo/commit/a815d4797145f872ef6e9f1270841eda1d410afb"],"reported" => "2014-10-07","severity" => "high"},{"affected_versions" => ["<1.16"],"cves" => ["CVE-2011-1589"],"description" => "Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.16"],"id" => "CPANSA-Mojolicious-2011-02","references" => ["https://github.com/mojolicious/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818","https://www.cvedetails.com/cve/CVE-2011-1589/"],"reported" => "2011-04-05","severity" => "critical"},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2011-1841"],"description" => "Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.12"],"id" => "CPANSA-Mojolicious-2011-01","references" => ["https://exchange.xforce.ibmcloud.com/vulnerabilities/67257","https://www.debian.org/security/2011/dsa-2239","https://github.com/mojolicious/mojo/commit/f6801ef7be8c78092e38f870b19fae3da0899d60"],"reported" => "2011-03-10","severity" => "high"},{"affected_versions" => ["<0.999927"],"cves" => ["CVE-2010-4803"],"description" => "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=0.999927"],"id" => "CPANSA-Mojolicious-2010-4803","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952","http://www.debian.org/security/2011/dsa-2239"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<0.999928"],"cves" => ["CVE-2010-4802"],"description" => "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=0.999928"],"id" => "CPANSA-Mojolicious-2010-4802","references" => ["https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952","https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44","http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://www.debian.org/security/2011/dsa-2239"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2011-1841"],"description" => "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.12"],"id" => "CPANSA-Mojolicious-2011-1841","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html","http://www.debian.org/security/2011/dsa-2239","http://www.securityfocus.com/bid/47713","https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<0.991250"],"cves" => ["CVE-2009-5074"],"description" => "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">0.991250"],"id" => "CPANSA-Mojolicious-2009-5074","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => [">=0.999922"],"cves" => ["CVE-2024-58134"],"description" => "Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.  These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.","distribution" => "Mojolicious","fixed_versions" => [],"id" => "CPANSA-Mojolicious-2024-58134","references" => ["https://github.com/hashcat/hashcat/pull/4090","https://github.com/mojolicious/mojo/pull/1791","https://github.com/mojolicious/mojo/pull/2200","https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802","https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51","https://www.synacktiv.com/publications/baking-mojolicious-cookies","https://www.cve.org/CVERecord?id=CVE-2024-58134"],"reported" => "2025-05-03","severity" => undef},{"affected_versions" => [">=7.28"],"comment" => "Mojolicious will use CryptX if it is installed, but it falls back to the default behavior otherwise","cves" => ["CVE-2024-58135"],"description" => "Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets.  When creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.","distribution" => "Mojolicious","fixed_versions" => [],"id" => "CPANSA-Mojolicious-2024-58135","references" => ["https://github.com/hashcat/hashcat/pull/4090","https://github.com/mojolicious/mojo/pull/2200","https://metacpan.org/release/SRI/Mojolicious-7.28/source/lib/Mojolicious/Command/generate/app.pm#L220","https://metacpan.org/release/SRI/Mojolicious-9.38/source/lib/Mojolicious/Command/Author/generate/app.pm#L202","https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojo/Util.pm#L181","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-05-03","severity" => undef}],"main_module" => "Mojolicious","versions" => [{"date" => "2010-02-11T02:04:14","version" => "0.999920"},{"date" => "2010-02-11T02:55:03","version" => "0.999921"},{"date" => "2010-02-26T18:50:34","version" => "0.999922"},{"date" => "2010-03-08T20:03:52","version" => "0.999923"},{"date" => "2010-03-20T22:56:55","version" => "0.999924"},{"date" => "2010-06-07T22:33:12","version" => "0.999925"},{"date" => "2010-06-11T10:33:01","version" => "0.999926"},{"date" => "2010-08-15T13:48:19","version" => "0.999927"},{"date" => "2010-08-17T17:41:47","version" => "0.999928"},{"date" => "2010-08-17T17:54:45","version" => "0.999929"},{"date" => "2010-10-19T13:57:49","version" => "0.999930"},{"date" => "2010-10-26T04:44:54","version" => "0.999931"},{"date" => "2010-10-30T00:54:42","version" => "0.999932"},{"date" => "2010-10-30T19:46:09","version" => "0.999933"},{"date" => "2010-11-01T00:33:14","version" => "0.999934"},{"date" => "2010-11-03T20:34:11","version" => "0.999935"},{"date" => "2010-11-04T23:48:46","version" => "0.999936"},{"date" => "2010-11-09T20:13:52","version" => "0.999937"},{"date" => "2010-11-09T21:24:17","version" => "0.999938"},{"date" => "2010-11-15T17:56:49","version" => "0.999939"},{"date" => "2010-11-15T23:18:40","version" => "0.999940"},{"date" => "2010-11-19T14:22:51","version" => "0.999941"},{"date" => "2010-12-01T18:57:50","version" => "0.999950"},{"date" => "2010-12-26T14:55:33","version" => "1.0"},{"date" => "2011-01-06T12:00:46","version" => "1.01"},{"date" => "2011-02-14T03:22:27","version" => "1.1"},{"date" => "2011-02-18T17:07:03","version" => "1.11"},{"date" => "2011-03-10T10:05:32","version" => "1.12"},{"date" => "2011-03-14T11:58:23","version" => "1.13"},{"date" => "2011-03-17T13:24:28","version" => "1.14"},{"date" => "2011-03-18T18:31:34","version" => "1.15"},{"date" => "2011-04-15T09:07:17","version" => "1.16"},{"date" => "2011-04-18T21:49:07","version" => "1.17"},{"date" => "2011-04-19T21:03:20","version" => "1.18"},{"date" => "2011-04-19T22:17:44","version" => "1.19"},{"date" => "2011-04-20T10:39:46","version" => "1.20"},{"date" => "2011-04-20T15:29:17","version" => "1.21"},{"date" => "2011-05-02T07:00:00","version" => "1.22"},{"date" => "2011-05-08T17:00:10","version" => "1.31"},{"date" => "2011-05-11T13:29:59","version" => "1.32"},{"date" => "2011-05-20T12:32:57","version" => "1.33"},{"date" => "2011-05-22T13:20:40","version" => "1.34"},{"date" => "2011-06-02T09:03:36","version" => "1.4"},{"date" => "2011-06-03T10:12:43","version" => "1.41"},{"date" => "2011-06-09T14:12:56","version" => "1.42"},{"date" => "2011-06-13T14:05:24","version" => "1.43"},{"date" => "2011-06-18T18:14:22","version" => "1.44"},{"date" => "2011-06-20T00:25:16","version" => "1.45"},{"date" => "2011-06-21T04:56:47","version" => "1.46"},{"date" => "2011-06-22T13:03:42","version" => "1.47"},{"date" => "2011-06-24T12:01:47","version" => "1.48"},{"date" => "2011-06-30T15:18:18","version" => "1.49"},{"date" => "2011-07-01T10:26:00","version" => "1.50"},{"date" => "2011-07-01T13:59:47","version" => "1.51"},{"date" => "2011-07-01T17:48:50","version" => "1.52"},{"date" => "2011-07-02T11:48:49","version" => "1.53"},{"date" => "2011-07-03T18:04:37","version" => "1.54"},{"date" => "2011-07-04T21:23:51","version" => "1.55"},{"date" => "2011-07-05T20:49:36","version" => "1.56"},{"date" => "2011-07-07T02:00:07","version" => "1.57"},{"date" => "2011-07-07T19:52:59","version" => "1.58"},{"date" => "2011-07-08T04:58:56","version" => "1.59"},{"date" => "2011-07-08T20:44:55","version" => "1.60"},{"date" => "2011-07-09T19:36:58","version" => "1.61"},{"date" => "2011-07-10T00:40:32","version" => "1.62"},{"date" => "2011-07-10T03:19:49","version" => "1.63"},{"date" => "2011-07-10T05:51:47","version" => "1.64"},{"date" => "2011-07-25T18:13:25","version" => "1.65"},{"date" => "2011-07-26T23:14:38","version" => "1.66"},{"date" => "2011-07-27T13:57:06","version" => "1.67"},{"date" => "2011-07-29T18:39:20","version" => "1.68"},{"date" => "2011-08-03T14:32:24","version" => "1.69"},{"date" => "2011-08-04T15:34:41","version" => "1.70"},{"date" => "2011-08-05T04:01:50","version" => "1.71"},{"date" => "2011-08-05T20:07:50","version" => "1.72"},{"date" => "2011-08-09T10:07:19","version" => "1.73"},{"date" => "2011-08-09T12:09:49","version" => "1.74"},{"date" => "2011-08-12T13:14:07","version" => "1.75"},{"date" => "2011-08-12T14:54:00","version" => "1.76"},{"date" => "2011-08-14T20:48:58","version" => "1.77"},{"date" => "2011-08-16T13:22:48","version" => "1.78"},{"date" => "2011-08-17T17:43:58","version" => "1.79"},{"date" => "2011-08-17T19:08:11","version" => "1.80"},{"date" => "2011-08-19T02:48:39","version" => "1.81"},{"date" => "2011-08-19T04:55:49","version" => "1.82"},{"date" => "2011-08-19T05:21:15","version" => "1.83"},{"date" => "2011-08-19T18:08:30","version" => "1.84"},{"date" => "2011-08-20T00:19:42","version" => "1.85"},{"date" => "2011-08-21T18:59:13","version" => "1.86"},{"date" => "2011-08-23T00:49:19","version" => "1.87"},{"date" => "2011-08-23T19:20:37","version" => "1.88"},{"date" => "2011-08-23T21:15:42","version" => "1.89"},{"date" => "2011-08-24T19:01:47","version" => "1.90"},{"date" => "2011-08-25T05:54:05","version" => "1.91"},{"date" => "2011-08-26T00:47:54","version" => "1.92"},{"date" => "2011-08-27T09:11:59","version" => "1.93"},{"date" => "2011-08-27T10:52:14","version" => "1.94"},{"date" => "2011-09-01T20:50:35","version" => "1.95"},{"date" => "2011-09-01T22:42:14","version" => "1.96"},{"date" => "2011-09-03T10:32:15","version" => "1.97"},{"date" => "2011-09-14T18:21:20","version" => "1.98"},{"date" => "2011-09-29T08:27:22","version" => "1.99"},{"date" => "2011-10-17T16:25:55","version" => "2.0"},{"date" => "2011-10-19T12:49:44","version" => "2.01"},{"date" => "2011-10-19T23:41:41","version" => "2.02"},{"date" => "2011-10-20T12:24:36","version" => "2.03"},{"date" => "2011-10-21T15:37:59","version" => "2.04"},{"date" => "2011-10-22T16:36:22","version" => "2.05"},{"date" => "2011-10-22T21:44:31","version" => "2.06"},{"date" => "2011-10-23T00:39:23","version" => "2.07"},{"date" => "2011-10-23T01:30:44","version" => "2.08"},{"date" => "2011-10-23T02:13:30","version" => "2.09"},{"date" => "2011-10-25T02:22:41","version" => "2.10"},{"date" => "2011-10-25T18:47:46","version" => "2.11"},{"date" => "2011-10-27T01:54:39","version" => "2.12"},{"date" => "2011-10-27T19:15:21","version" => "2.13"},{"date" => "2011-10-28T20:28:23","version" => "2.14"},{"date" => "2011-10-29T04:29:30","version" => "2.15"},{"date" => "2011-10-29T20:52:07","version" => "2.16"},{"date" => "2011-10-30T00:55:35","version" => "2.17"},{"date" => "2011-10-30T18:03:30","version" => "2.18"},{"date" => "2011-10-31T09:07:02","version" => "2.19"},{"date" => "2011-11-01T00:40:20","version" => "2.20"},{"date" => "2011-11-02T01:29:01","version" => "2.21"},{"date" => "2011-11-03T15:21:43","version" => "2.22"},{"date" => "2011-11-04T18:45:33","version" => "2.23"},{"date" => "2011-11-05T16:16:00","version" => "2.24"},{"date" => "2011-11-08T21:13:48","version" => "2.25"},{"date" => "2011-11-10T16:53:32","version" => "2.26"},{"date" => "2011-11-16T20:59:52","version" => "2.27"},{"date" => "2011-11-17T23:44:36","version" => "2.28"},{"date" => "2011-11-19T20:10:28","version" => "2.29"},{"date" => "2011-11-20T00:19:04","version" => "2.30"},{"date" => "2011-11-20T22:25:03","version" => "2.31"},{"date" => "2011-11-24T10:31:31","version" => "2.32"},{"date" => "2011-11-28T12:32:13","version" => "2.33"},{"date" => "2011-11-28T14:02:31","version" => "2.34"},{"date" => "2011-12-01T14:19:35","version" => "2.35"},{"date" => "2011-12-05T10:52:35","version" => "2.36"},{"date" => "2011-12-10T18:18:16","version" => "2.37"},{"date" => "2011-12-17T12:03:38","version" => "2.38"},{"date" => "2011-12-22T12:31:43","version" => "2.39"},{"date" => "2011-12-24T13:04:21","version" => "2.40"},{"date" => "2011-12-28T16:09:18","version" => "2.41"},{"date" => "2012-01-02T17:15:52","version" => "2.42"},{"date" => "2012-01-08T03:43:27","version" => "2.43"},{"date" => "2012-01-17T23:21:12","version" => "2.44"},{"date" => "2012-01-18T15:23:03","version" => "2.45"},{"date" => "2012-01-25T18:20:48","version" => "2.46"},{"date" => "2012-02-06T16:28:27","version" => "2.47"},{"date" => "2012-02-09T07:04:28","version" => "2.48"},{"date" => "2012-02-13T19:45:00","version" => "2.49"},{"date" => "2012-02-18T01:18:38","version" => "2.50"},{"date" => "2012-02-19T12:32:58","version" => "2.51"},{"date" => "2012-02-24T15:01:33","version" => "2.52"},{"date" => "2012-02-25T05:53:29","version" => "2.53"},{"date" => "2012-02-27T15:31:19","version" => "2.54"},{"date" => "2012-02-27T19:26:41","version" => "2.55"},{"date" => "2012-03-01T21:07:06","version" => "2.56"},{"date" => "2012-03-03T22:01:50","version" => "2.57"},{"date" => "2012-03-09T18:38:46","version" => "2.58"},{"date" => "2012-03-09T19:02:23","version" => "2.59"},{"date" => "2012-03-13T16:50:25","version" => "2.60"},{"date" => "2012-03-14T00:41:48","version" => "2.61"},{"date" => "2012-03-17T09:05:12","version" => "2.62"},{"date" => "2012-03-20T18:39:51","version" => "2.63"},{"date" => "2012-03-21T01:23:59","version" => "2.64"},{"date" => "2012-03-22T22:06:10","version" => "2.65"},{"date" => "2012-03-23T16:16:55","version" => "2.66"},{"date" => "2012-03-24T14:29:35","version" => "2.67"},{"date" => "2012-03-24T14:59:52","version" => "2.68"},{"date" => "2012-03-27T12:53:44","version" => "2.69"},{"date" => "2012-03-30T21:24:44","version" => "2.70"},{"date" => "2012-04-03T01:46:31","version" => "2.71"},{"date" => "2012-04-03T13:16:07","version" => "2.72"},{"date" => "2012-04-03T17:10:05","version" => "2.73"},{"date" => "2012-04-03T22:33:05","version" => "2.74"},{"date" => "2012-04-05T01:57:10","version" => "2.75"},{"date" => "2012-04-05T03:52:05","version" => "2.76"},{"date" => "2012-04-09T12:36:15","version" => "2.77"},{"date" => "2012-04-09T18:54:51","version" => "2.78"},{"date" => "2012-04-10T10:58:23","version" => "2.79"},{"date" => "2012-04-10T14:25:57","version" => "2.80"},{"date" => "2012-04-15T18:49:31","version" => "2.81"},{"date" => "2012-04-16T21:09:32","version" => "2.82"},{"date" => "2012-04-18T18:51:37","version" => "2.83"},{"date" => "2012-04-18T21:29:14","version" => "2.84"},{"date" => "2012-04-19T15:37:54","version" => "2.85"},{"date" => "2012-04-23T12:21:14","version" => "2.86"},{"date" => "2012-04-23T14:19:09","version" => "2.87"},{"date" => "2012-04-24T02:15:58","version" => "2.88"},{"date" => "2012-04-24T20:08:49","version" => "2.89"},{"date" => "2012-04-25T11:35:38","version" => "2.90"},{"date" => "2012-04-26T19:20:37","version" => "2.91"},{"date" => "2012-04-30T16:50:01","version" => "2.92"},{"date" => "2012-05-05T22:00:26","version" => "2.93"},{"date" => "2012-05-10T03:49:57","version" => "2.94"},{"date" => "2012-05-10T20:08:54","version" => "2.95"},{"date" => "2012-05-21T08:26:37","version" => "2.96"},{"date" => "2012-05-28T12:11:13","version" => "2.97"},{"date" => "2012-05-30T18:21:26","version" => "2.98"},{"date" => "2012-06-26T06:45:51","version" => "3.0"},{"date" => "2012-07-01T10:00:07","version" => "3.01"},{"date" => "2012-07-03T19:21:54","version" => "3.02"},{"date" => "2012-07-06T21:17:36","version" => "3.03"},{"date" => "2012-07-07T11:29:24","version" => "3.04"},{"date" => "2012-07-07T21:49:48","version" => "3.05"},{"date" => "2012-07-11T17:27:01","version" => "3.06"},{"date" => "2012-07-13T00:25:44","version" => "3.07"},{"date" => "2012-07-13T21:53:56","version" => "3.08"},{"date" => "2012-07-16T19:46:15","version" => "3.09"},{"date" => "2012-07-16T20:00:50","version" => "3.10"},{"date" => "2012-07-19T01:44:35","version" => "3.11"},{"date" => "2012-07-20T12:30:03","version" => "3.12"},{"date" => "2012-07-24T17:03:04","version" => "3.13"},{"date" => "2012-07-27T11:05:47","version" => "3.14"},{"date" => "2012-07-28T11:32:31","version" => "3.15"},{"date" => "2012-07-31T18:55:11","version" => "3.16"},{"date" => "2012-08-01T00:38:50","version" => "3.17"},{"date" => "2012-08-01T19:15:21","version" => "3.18"},{"date" => "2012-08-02T15:40:34","version" => "3.19"},{"date" => "2012-08-03T23:32:38","version" => "3.20"},{"date" => "2012-08-05T22:32:21","version" => "3.21"},{"date" => "2012-08-06T19:53:03","version" => "3.22"},{"date" => "2012-08-07T03:37:26","version" => "3.23"},{"date" => "2012-08-07T20:56:45","version" => "3.24"},{"date" => "2012-08-08T00:31:31","version" => "3.25"},{"date" => "2012-08-08T04:04:18","version" => "3.26"},{"date" => "2012-08-08T21:18:27","version" => "3.27"},{"date" => "2012-08-10T12:18:38","version" => "3.28"},{"date" => "2012-08-13T13:42:56","version" => "3.29"},{"date" => "2012-08-13T16:14:35","version" => "3.30"},{"date" => "2012-08-15T09:37:25","version" => "3.31"},{"date" => "2012-08-20T12:37:26","version" => "3.32"},{"date" => "2012-08-23T18:34:00","version" => "3.33"},{"date" => "2012-08-24T01:17:41","version" => "3.34"},{"date" => "2012-08-27T22:52:31","version" => "3.35"},{"date" => "2012-08-30T00:59:43","version" => "3.36"},{"date" => "2012-09-04T20:50:40","version" => "3.37"},{"date" => "2012-09-07T00:05:53","version" => "3.38"},{"date" => "2012-09-10T11:58:00","version" => "3.39"},{"date" => "2012-09-11T18:03:47","version" => "3.40"},{"date" => "2012-09-13T18:22:49","version" => "3.41"},{"date" => "2012-09-16T17:29:48","version" => "3.42"},{"date" => "2012-09-22T19:40:59","version" => "3.43"},{"date" => "2012-09-29T11:20:17","version" => "3.44"},{"date" => "2012-10-09T20:39:26","version" => "3.45"},{"date" => "2012-10-10T20:55:33","version" => "3.46"},{"date" => "2012-10-12T23:10:49","version" => "3.47"},{"date" => "2012-10-16T22:51:05","version" => "3.48"},{"date" => "2012-10-19T16:34:25","version" => "3.49"},{"date" => "2012-10-20T01:34:34","version" => "3.50"},{"date" => "2012-10-23T20:23:54","version" => "3.51"},{"date" => "2012-10-26T14:41:25","version" => "3.52"},{"date" => "2012-10-31T02:41:01","version" => "3.53"},{"date" => "2012-11-01T04:36:00","version" => "3.54"},{"date" => "2012-11-08T11:20:15","version" => "3.55"},{"date" => "2012-11-09T20:09:37","version" => "3.56"},{"date" => "2012-11-12T19:47:57","version" => "3.57"},{"date" => "2012-11-19T16:05:13","version" => "3.58"},{"date" => "2012-11-20T19:53:03","version" => "3.59"},{"date" => "2012-11-22T05:12:27","version" => "3.60"},{"date" => "2012-11-25T04:19:47","version" => "3.61"},{"date" => "2012-11-26T00:57:00","version" => "3.62"},{"date" => "2012-11-28T10:17:51","version" => "3.63"},{"date" => "2012-12-01T16:39:26","version" => "3.64"},{"date" => "2012-12-08T22:47:54","version" => "3.65"},{"date" => "2012-12-14T01:03:29","version" => "3.66"},{"date" => "2012-12-14T23:48:00","version" => "3.67"},{"date" => "2012-12-16T00:55:55","version" => "3.68"},{"date" => "2012-12-20T22:47:53","version" => "3.69"},{"date" => "2012-12-23T22:18:59","version" => "3.70"},{"date" => "2013-01-02T11:57:12","version" => "3.71"},{"date" => "2013-01-04T22:16:16","version" => "3.72"},{"date" => "2013-01-06T22:46:48","version" => "3.73"},{"date" => "2013-01-07T18:47:06","version" => "3.74"},{"date" => "2013-01-08T16:15:03","version" => "3.75"},{"date" => "2013-01-10T00:00:19","version" => "3.76"},{"date" => "2013-01-12T00:36:11","version" => "3.77"},{"date" => "2013-01-12T23:47:49","version" => "3.78"},{"date" => "2013-01-13T00:50:13","version" => "3.79"},{"date" => "2013-01-15T05:02:52","version" => "3.80"},{"date" => "2013-01-17T21:32:48","version" => "3.81"},{"date" => "2013-01-18T15:50:23","version" => "3.82"},{"date" => "2013-01-27T15:28:40","version" => "3.83"},{"date" => "2013-01-30T00:32:12","version" => "3.84"},{"date" => "2013-02-13T00:56:23","version" => "3.85"},{"date" => "2013-02-22T02:01:13","version" => "3.86"},{"date" => "2013-02-23T19:36:00","version" => "3.87"},{"date" => "2013-03-03T21:53:52","version" => "3.88"},{"date" => "2013-03-04T16:12:24","version" => "3.89"},{"date" => "2013-03-14T20:08:14","version" => "3.90"},{"date" => "2013-03-17T22:59:42","version" => "3.91"},{"date" => "2013-04-03T19:48:34","version" => "3.92"},{"date" => "2013-04-05T21:46:38","version" => "3.93"},{"date" => "2013-04-08T21:48:55","version" => "3.94"},{"date" => "2013-04-12T03:49:59","version" => "3.95"},{"date" => "2013-04-22T21:34:16","version" => "3.96"},{"date" => "2013-04-25T21:49:41","version" => "3.97"},{"date" => "2013-05-15T20:02:05","version" => "4.0"},{"date" => "2013-05-19T17:24:38","version" => "4.01"},{"date" => "2013-05-20T16:55:00","version" => "4.02"},{"date" => "2013-05-21T05:24:56","version" => "4.03"},{"date" => "2013-05-23T21:25:32","version" => "4.04"},{"date" => "2013-05-24T02:59:59","version" => "4.05"},{"date" => "2013-05-24T14:23:41","version" => "4.06"},{"date" => "2013-05-25T18:07:30","version" => "4.07"},{"date" => "2013-05-30T21:45:51","version" => "4.08"},{"date" => "2013-05-31T02:24:29","version" => "4.09"},{"date" => "2013-06-01T02:09:07","version" => "4.10"},{"date" => "2013-06-03T04:34:37","version" => "4.11"},{"date" => "2013-06-07T01:51:09","version" => "4.12"},{"date" => "2013-06-09T00:25:21","version" => "4.13"},{"date" => "2013-06-10T00:23:12","version" => "4.14"},{"date" => "2013-06-18T08:02:11","version" => "4.15"},{"date" => "2013-06-19T01:27:29","version" => "4.16"},{"date" => "2013-07-04T16:14:27","version" => "4.17"},{"date" => "2013-07-08T09:17:43","version" => "4.18"},{"date" => "2013-07-21T21:47:46","version" => "4.19"},{"date" => "2013-07-28T12:53:38","version" => "4.20"},{"date" => "2013-07-28T20:17:31","version" => "4.21"},{"date" => "2013-07-29T19:13:38","version" => "4.22"},{"date" => "2013-07-31T20:35:17","version" => "4.23"},{"date" => "2013-08-08T21:10:52","version" => "4.24"},{"date" => "2013-08-17T20:16:56","version" => "4.25"},{"date" => "2013-08-18T15:06:51","version" => "4.26"},{"date" => "2013-08-26T15:29:36","version" => "4.27"},{"date" => "2013-08-29T16:11:59","version" => "4.28"},{"date" => "2013-08-31T02:01:44","version" => "4.29"},{"date" => "2013-09-01T21:48:28","version" => "4.30"},{"date" => "2013-09-04T20:09:26","version" => "4.31"},{"date" => "2013-09-06T21:19:59","version" => "4.32"},{"date" => "2013-09-07T20:38:03","version" => "4.33"},{"date" => "2013-09-08T20:58:54","version" => "4.34"},{"date" => "2013-09-10T21:40:13","version" => "4.35"},{"date" => "2013-09-12T21:31:22","version" => "4.36"},{"date" => "2013-09-13T01:32:54","version" => "4.37"},{"date" => "2013-09-16T22:01:40","version" => "4.38"},{"date" => "2013-09-17T04:53:49","version" => "4.39"},{"date" => "2013-09-21T01:15:17","version" => "4.40"},{"date" => "2013-09-21T17:25:38","version" => "4.41"},{"date" => "2013-09-30T07:46:05","version" => "4.42"},{"date" => "2013-10-02T19:16:26","version" => "4.43"},{"date" => "2013-10-04T21:18:14","version" => "4.44"},{"date" => "2013-10-06T15:46:08","version" => "4.45"},{"date" => "2013-10-12T17:11:54","version" => "4.46"},{"date" => "2013-10-14T23:51:30","version" => "4.47"},{"date" => "2013-10-16T05:28:45","version" => "4.48"},{"date" => "2013-10-17T16:53:59","version" => "4.49"},{"date" => "2013-10-23T01:18:55","version" => "4.50"},{"date" => "2013-10-28T17:20:46","version" => "4.51"},{"date" => "2013-10-29T06:27:25","version" => "4.52"},{"date" => "2013-10-30T00:21:27","version" => "4.53"},{"date" => "2013-11-07T00:45:35","version" => "4.54"},{"date" => "2013-11-07T02:38:24","version" => "4.55"},{"date" => "2013-11-10T02:56:56","version" => "4.56"},{"date" => "2013-11-11T20:30:04","version" => "4.57"},{"date" => "2013-11-19T20:46:01","version" => "4.58"},{"date" => "2013-12-04T21:35:49","version" => "4.59"},{"date" => "2013-12-11T16:33:35","version" => "4.60"},{"date" => "2013-12-16T16:59:25","version" => "4.61"},{"date" => "2013-12-17T20:35:36","version" => "4.62"},{"date" => "2013-12-19T22:59:01","version" => "4.63"},{"date" => "2014-01-01T16:20:28","version" => "4.64"},{"date" => "2014-01-02T22:36:45","version" => "4.65"},{"date" => "2014-01-04T21:48:06","version" => "4.66"},{"date" => "2014-01-11T17:20:18","version" => "4.67"},{"date" => "2014-01-21T22:24:03","version" => "4.68"},{"date" => "2014-01-24T04:06:26","version" => "4.69"},{"date" => "2014-01-26T22:08:54","version" => "4.70"},{"date" => "2014-01-28T03:10:15","version" => "4.71"},{"date" => "2014-01-29T21:29:25","version" => "4.72"},{"date" => "2014-02-01T05:20:38","version" => "4.73"},{"date" => "2014-02-02T04:30:05","version" => "4.74"},{"date" => "2014-02-02T06:54:56","version" => "4.75"},{"date" => "2014-02-04T22:41:32","version" => "4.76"},{"date" => "2014-02-06T23:19:13","version" => "4.77"},{"date" => "2014-02-08T23:02:08","version" => "4.78"},{"date" => "2014-02-11T02:49:44","version" => "4.79"},{"date" => "2014-02-13T04:30:43","version" => "4.80"},{"date" => "2014-02-15T03:27:30","version" => "4.81"},{"date" => "2014-02-19T04:11:47","version" => "4.82"},{"date" => "2014-02-19T06:20:46","version" => "4.83"},{"date" => "2014-02-22T22:59:02","version" => "4.84"},{"date" => "2014-02-26T22:48:41","version" => "4.85"},{"date" => "2014-03-03T05:45:32","version" => "4.86"},{"date" => "2014-03-04T07:14:15","version" => "4.87"},{"date" => "2014-03-09T22:42:42","version" => "4.88"},{"date" => "2014-03-13T21:30:57","version" => "4.89"},{"date" => "2014-03-16T21:22:35","version" => "4.90"},{"date" => "2014-03-29T00:05:17","version" => "4.91"},{"date" => "2014-04-08T20:41:54","version" => "4.92"},{"date" => "2014-04-13T02:17:03","version" => "4.93"},{"date" => "2014-04-19T23:39:22","version" => "4.94"},{"date" => "2014-04-27T03:27:43","version" => "4.95"},{"date" => "2014-04-27T20:04:36","version" => "4.96"},{"date" => "2014-04-29T22:12:52","version" => "4.97"},{"date" => "2014-05-09T01:57:34","version" => "4.98"},{"date" => "2014-05-12T00:46:43","version" => "4.99"},{"date" => "2014-05-29T20:15:51","version" => "5.0"},{"date" => "2014-05-30T14:51:14","version" => "5.01"},{"date" => "2014-05-31T21:51:34","version" => "5.02"},{"date" => "2014-06-02T22:07:46","version" => "5.03"},{"date" => "2014-06-03T21:11:50","version" => "5.04"},{"date" => "2014-06-08T21:50:53","version" => "5.05"},{"date" => "2014-06-12T02:08:01","version" => "5.06"},{"date" => "2014-06-13T19:28:04","version" => "5.07"},{"date" => "2014-06-16T23:44:48","version" => "5.08"},{"date" => "2014-06-24T15:02:21","version" => "5.09"},{"date" => "2014-06-28T23:25:12","version" => "5.10"},{"date" => "2014-07-03T04:01:24","version" => "5.11"},{"date" => "2014-07-03T23:06:55","version" => "5.12"},{"date" => "2014-07-13T00:44:29","version" => "5.13"},{"date" => "2014-07-14T22:01:49","version" => "5.14"},{"date" => "2014-07-17T17:58:05","version" => "5.15"},{"date" => "2014-07-21T16:01:56","version" => "5.16"},{"date" => "2014-07-24T12:40:41","version" => "5.17"},{"date" => "2014-07-25T20:25:29","version" => "5.18"},{"date" => "2014-07-26T21:03:13","version" => "5.19"},{"date" => "2014-07-26T23:36:18","version" => "5.20"},{"date" => "2014-07-27T18:48:25","version" => "5.21"},{"date" => "2014-07-30T16:42:35","version" => "5.22"},{"date" => "2014-07-31T21:32:03","version" => "5.23"},{"date" => "2014-08-02T21:56:32","version" => "5.24"},{"date" => "2014-08-07T01:29:20","version" => "5.25"},{"date" => "2014-08-09T21:26:37","version" => "5.26"},{"date" => "2014-08-11T14:26:47","version" => "5.27"},{"date" => "2014-08-13T00:32:33","version" => "5.28"},{"date" => "2014-08-16T12:40:15","version" => "5.29"},{"date" => "2014-08-17T21:49:15","version" => "5.30"},{"date" => "2014-08-19T17:40:27","version" => "5.31"},{"date" => "2014-08-21T18:19:53","version" => "5.32"},{"date" => "2014-08-23T22:25:32","version" => "5.33"},{"date" => "2014-08-29T21:53:02","version" => "5.34"},{"date" => "2014-08-30T21:57:50","version" => "5.35"},{"date" => "2014-09-02T00:20:21","version" => "5.36"},{"date" => "2014-09-03T20:55:45","version" => "5.37"},{"date" => "2014-09-05T21:57:34","version" => "5.38"},{"date" => "2014-09-07T03:18:45","version" => "5.39"},{"date" => "2014-09-12T01:06:33","version" => "5.40"},{"date" => "2014-09-13T21:24:03","version" => "5.41"},{"date" => "2014-09-17T21:54:39","version" => "5.42"},{"date" => "2014-09-22T00:14:24","version" => "5.43"},{"date" => "2014-09-23T00:49:52","version" => "5.44"},{"date" => "2014-09-27T03:21:55","version" => "5.46"},{"date" => "2014-09-27T03:24:38","version" => "5.45"},{"date" => "2014-09-28T03:31:15","version" => "5.47"},{"date" => "2014-10-07T23:08:14","version" => "5.48"},{"date" => "2014-10-10T21:12:14","version" => "5.49"},{"date" => "2014-10-15T22:00:04","version" => "5.50"},{"date" => "2014-10-17T21:48:17","version" => "5.51"},{"date" => "2014-10-18T20:49:34","version" => "5.52"},{"date" => "2014-10-20T23:34:37","version" => "5.53"},{"date" => "2014-10-23T22:51:06","version" => "5.54"},{"date" => "2014-10-29T00:58:34","version" => "5.55"},{"date" => "2014-10-30T00:23:25","version" => "5.56"},{"date" => "2014-11-02T22:52:07","version" => "5.57"},{"date" => "2014-11-07T00:04:47","version" => "5.58"},{"date" => "2014-11-08T00:26:41","version" => "5.59"},{"date" => "2014-11-12T01:31:36","version" => "5.60"},{"date" => "2014-11-15T00:46:43","version" => "5.61"},{"date" => "2014-11-18T18:24:54","version" => "5.62"},{"date" => "2014-11-22T03:52:56","version" => "5.63"},{"date" => "2014-11-23T02:12:00","version" => "5.64"},{"date" => "2014-11-25T03:23:01","version" => "5.65"},{"date" => "2014-11-27T03:13:19","version" => "5.66"},{"date" => "2014-11-27T06:19:49","version" => "5.67"},{"date" => "2014-12-03T04:36:04","version" => "5.68"},{"date" => "2014-12-13T02:19:36","version" => "5.69"},{"date" => "2014-12-18T00:12:31","version" => "5.70"},{"date" => "2015-01-01T22:44:58","version" => "5.71"},{"date" => "2015-01-11T20:02:04","version" => "5.72"},{"date" => "2015-01-23T16:29:22","version" => "5.73"},{"date" => "2015-01-24T13:32:51","version" => "5.74"},{"date" => "2015-01-27T04:08:19","version" => "5.75"},{"date" => "2015-02-02T19:36:16","version" => "5.76"},{"date" => "2015-02-03T02:37:04","version" => "5.77"},{"date" => "2015-02-13T00:21:48","version" => "5.78"},{"date" => "2015-02-13T05:32:50","version" => "5.79"},{"date" => "2015-02-18T05:24:00","version" => "5.80"},{"date" => "2015-02-21T03:30:18","version" => "5.81"},{"date" => "2015-02-23T03:05:04","version" => "5.82"},{"date" => "2015-02-26T22:17:01","version" => "6.0"},{"date" => "2015-03-03T16:12:16","version" => "6.01"},{"date" => "2015-03-10T02:53:22","version" => "6.02"},{"date" => "2015-03-16T04:43:10","version" => "6.03"},{"date" => "2015-03-23T04:42:27","version" => "6.04"},{"date" => "2015-03-25T05:08:15","version" => "6.05"},{"date" => "2015-04-07T00:55:21","version" => "6.06"},{"date" => "2015-04-07T17:38:01","version" => "6.07"},{"date" => "2015-04-09T22:03:46","version" => "6.08"},{"date" => "2015-04-26T05:10:45","version" => "6.09"},{"date" => "2015-04-27T02:01:03","version" => "6.10"},{"date" => "2015-05-16T22:14:01","version" => "6.11"},{"date" => "2015-06-18T21:48:20","version" => "6.12"},{"date" => "2015-08-20T06:09:39","version" => "6.16"},{"date" => "2015-08-22T19:38:51","version" => "6.17"},{"date" => "2015-09-02T17:26:36","version" => "6.18"},{"date" => "2015-09-12T23:37:29","version" => "6.19"},{"date" => "2015-09-16T22:50:30","version" => "6.20"},{"date" => "2015-09-23T01:05:04","version" => "6.21"},{"date" => "2015-09-27T01:03:32","version" => "6.22"},{"date" => "2015-10-07T18:17:26","version" => "6.23"},{"date" => "2015-10-13T22:54:46","version" => "6.24"},{"date" => "2015-10-22T02:49:47","version" => "6.25"},{"date" => "2015-10-29T00:29:07","version" => "6.26"},{"date" => "2015-10-30T00:07:08","version" => "6.27"},{"date" => "2015-11-02T15:17:16","version" => "6.28"},{"date" => "2015-11-12T02:59:43","version" => "6.30"},{"date" => "2015-11-14T19:38:51","version" => "6.31"},{"date" => "2015-11-18T18:16:15","version" => "6.32"},{"date" => "2015-11-22T16:47:00","version" => "6.33"},{"date" => "2016-01-13T20:08:22","version" => "6.40"},{"date" => "2016-01-24T22:01:52","version" => "6.42"},{"date" => "2016-02-01T16:15:40","version" => "6.43"},{"date" => "2016-02-05T22:42:51","version" => "6.44"},{"date" => "2016-02-09T23:29:35","version" => "6.45"},{"date" => "2016-02-14T00:51:10","version" => "6.46"},{"date" => "2016-02-19T23:09:15","version" => "6.47"},{"date" => "2016-02-24T17:07:45","version" => "6.48"},{"date" => "2016-02-26T22:47:33","version" => "6.49"},{"date" => "2016-02-27T00:12:03","version" => "6.50"},{"date" => "2016-02-29T23:03:44","version" => "6.51"},{"date" => "2016-03-02T22:24:28","version" => "6.52"},{"date" => "2016-03-04T00:58:55","version" => "6.53"},{"date" => "2016-03-07T15:09:42","version" => "6.54"},{"date" => "2016-03-08T20:42:43","version" => "6.55"},{"date" => "2016-03-16T02:42:45","version" => "6.56"},{"date" => "2016-03-23T04:23:41","version" => "6.57"},{"date" => "2016-04-10T17:11:22","version" => "6.58"},{"date" => "2016-04-22T18:45:19","version" => "6.59"},{"date" => "2016-04-26T13:16:04","version" => "6.60"},{"date" => "2016-05-02T17:31:34","version" => "6.61"},{"date" => "2016-05-14T21:05:47","version" => "6.62"},{"date" => "2016-06-03T21:10:48","version" => "6.63"},{"date" => "2016-06-09T16:41:51","version" => "6.64"},{"date" => "2016-06-14T16:15:21","version" => "6.65"},{"date" => "2016-06-16T22:35:28","version" => "6.66"},{"date" => "2016-07-19T06:21:07","version" => "7.0"},{"date" => "2016-08-01T18:46:35","version" => "7.01"},{"date" => "2016-08-17T16:34:19","version" => "7.02"},{"date" => "2016-08-17T16:40:11","version" => "7.03"},{"date" => "2016-08-29T13:59:45","version" => "7.04"},{"date" => "2016-08-29T16:44:18","version" => "7.05"},{"date" => "2016-09-17T21:05:37","version" => "7.06"},{"date" => "2016-09-20T12:30:54","version" => "7.07"},{"date" => "2016-09-23T17:19:00","version" => "7.08"},{"date" => "2016-10-23T09:46:35","version" => "7.09"},{"date" => "2016-11-01T19:02:03","version" => "7.10"},{"date" => "2016-11-30T09:23:48","version" => "7.11"},{"date" => "2016-12-20T08:41:05","version" => "7.12"},{"date" => "2016-12-29T19:40:25","version" => "7.13"},{"date" => "2017-01-04T22:58:20","version" => "7.14"},{"date" => "2017-01-10T11:42:59","version" => "7.15"},{"date" => "2017-01-10T23:52:50","version" => "7.16"},{"date" => "2017-01-11T08:35:01","version" => "7.17"},{"date" => "2017-01-11T22:05:10","version" => "7.18"},{"date" => "2017-01-15T16:05:23","version" => "7.19"},{"date" => "2017-01-18T09:38:55","version" => "7.20"},{"date" => "2017-01-22T14:29:35","version" => "7.21"},{"date" => "2017-01-25T23:09:32","version" => "7.22"},{"date" => "2017-01-29T21:43:19","version" => "7.23"},{"date" => "2017-02-05T21:09:47","version" => "7.24"},{"date" => "2017-02-09T22:51:35","version" => "7.25"},{"date" => "2017-02-15T23:08:52","version" => "7.26"},{"date" => "2017-02-27T17:02:21","version" => "7.27"},{"date" => "2017-03-07T21:36:36","version" => "7.28"},{"date" => "2017-03-14T23:27:54","version" => "7.29"},{"date" => "2017-04-06T12:04:02","version" => "7.30"},{"date" => "2017-04-24T07:50:54","version" => "7.31"},{"date" => "2017-05-30T17:08:40","version" => "7.32"},{"date" => "2017-06-05T22:14:35","version" => "7.33"},{"date" => "2017-07-02T22:04:01","version" => "7.34"},{"date" => "2017-07-05T07:50:23","version" => "7.35"},{"date" => "2017-07-10T07:48:45","version" => "7.36"},{"date" => "2017-07-24T07:55:46","version" => "7.37"},{"date" => "2017-08-01T21:56:47","version" => "7.38"},{"date" => "2017-08-03T08:50:10","version" => "7.39"},{"date" => "2017-08-14T08:32:54","version" => "7.40"},{"date" => "2017-08-16T08:19:30","version" => "7.41"},{"date" => "2017-08-17T11:15:42","version" => "7.42"},{"date" => "2017-08-18T08:26:45","version" => "7.43"},{"date" => "2017-09-03T16:04:13","version" => "7.44"},{"date" => "2017-09-07T08:41:40","version" => "7.45"},{"date" => "2017-09-12T12:27:00","version" => "7.46"},{"date" => "2017-10-12T08:26:53","version" => "7.47"},{"date" => "2017-10-21T13:33:01","version" => "7.48"},{"date" => "2017-10-30T13:18:49","version" => "7.49"},{"date" => "2017-10-30T18:18:13","version" => "7.50"},{"date" => "2017-10-31T19:14:43","version" => "7.51"},{"date" => "2017-11-02T22:29:23","version" => "7.52"},{"date" => "2017-11-04T15:24:07","version" => "7.53"},{"date" => "2017-11-04T22:50:30","version" => "7.54"},{"date" => "2017-11-07T10:58:56","version" => "7.55"},{"date" => "2017-11-16T13:33:27","version" => "7.56"},{"date" => "2017-11-18T16:10:38","version" => "7.57"},{"date" => "2017-12-03T22:14:41","version" => "7.58"},{"date" => "2017-12-17T17:58:55","version" => "7.59"},{"date" => "2018-01-03T14:00:44","version" => "7.60"},{"date" => "2018-01-15T15:35:28","version" => "7.61"},{"date" => "2018-02-03T19:53:39","version" => "7.62"},{"date" => "2018-02-06T20:52:51","version" => "7.63"},{"date" => "2018-02-07T10:17:57","version" => "7.64"},{"date" => "2018-02-11T21:55:33","version" => "7.65"},{"date" => "2018-02-14T08:55:35","version" => "7.66"},{"date" => "2018-02-19T23:11:52","version" => "7.67"},{"date" => "2018-02-23T18:44:15","version" => "7.68"},{"date" => "2018-02-24T21:58:41","version" => "7.69"},{"date" => "2018-02-28T23:47:08","version" => "7.70"},{"date" => "2018-03-16T16:41:58","version" => "7.71"},{"date" => "2018-04-02T21:01:43","version" => "7.72"},{"date" => "2018-04-06T14:10:03","version" => "7.73"},{"date" => "2018-04-07T22:15:16","version" => "7.74"},{"date" => "2018-04-10T16:04:41","version" => "7.75"},{"date" => "2018-04-24T16:55:32","version" => "7.76"},{"date" => "2018-05-01T17:18:20","version" => "7.77"},{"date" => "2018-05-11T16:36:16","version" => "7.78"},{"date" => "2018-05-14T22:13:04","version" => "7.79"},{"date" => "2018-05-20T22:46:20","version" => "7.80"},{"date" => "2018-05-21T22:39:30","version" => "7.81"},{"date" => "2018-05-27T21:59:59","version" => "7.82"},{"date" => "2018-06-03T21:10:42","version" => "7.83"},{"date" => "2018-06-06T14:04:49","version" => "7.84"},{"date" => "2018-06-19T15:57:43","version" => "7.85"},{"date" => "2018-07-03T11:30:46","version" => "7.86"},{"date" => "2018-07-04T10:20:11","version" => "7.87"},{"date" => "2018-07-13T11:00:52","version" => "7.88"},{"date" => "2018-08-07T09:38:35","version" => "7.89"},{"date" => "2018-08-08T22:19:36","version" => "7.90"},{"date" => "2018-08-09T08:39:58","version" => "7.91"},{"date" => "2018-08-09T16:52:45","version" => "7.92"},{"date" => "2018-08-12T14:23:08","version" => "7.93"},{"date" => "2018-08-31T12:53:17","version" => "7.94"},{"date" => "2018-09-14T22:17:06","version" => "8.0"},{"date" => "2018-09-25T16:14:07","version" => "8.01"},{"date" => "2018-10-01T21:34:50","version" => "8.02"},{"date" => "2018-10-16T22:41:46","version" => "8.03"},{"date" => "2018-10-21T20:23:27","version" => "8.04"},{"date" => "2018-11-01T17:15:20","version" => "8.05"},{"date" => "2018-11-08T23:31:57","version" => "8.06"},{"date" => "2018-11-18T22:09:07","version" => "8.07"},{"date" => "2018-12-01T18:26:15","version" => "8.08"},{"date" => "2018-12-04T20:59:01","version" => "8.09"},{"date" => "2018-12-20T10:28:28","version" => "8.10"},{"date" => "2019-01-02T18:04:35","version" => "8.11"},{"date" => "2019-02-01T16:34:38","version" => "8.12"},{"date" => "2019-03-21T22:06:21","version" => "8.13"},{"date" => "2019-04-18T19:11:08","version" => "8.14"},{"date" => "2019-04-26T17:54:06","version" => "8.15"},{"date" => "2019-05-19T19:50:45","version" => "8.16"},{"date" => "2019-05-23T20:50:59","version" => "8.17"},{"date" => "2019-06-28T21:29:47","version" => "8.18"},{"date" => "2019-07-08T10:26:46","version" => "8.19"},{"date" => "2019-07-09T21:02:16","version" => "8.20"},{"date" => "2019-07-14T17:08:55","version" => "8.21"},{"date" => "2019-07-17T10:46:26","version" => "8.22"},{"date" => "2019-08-12T22:52:14","version" => "8.23"},{"date" => "2019-09-11T22:33:49","version" => "8.24"},{"date" => "2019-09-29T13:16:15","version" => "8.25"},{"date" => "2019-11-03T15:48:59","version" => "8.26"},{"date" => "2019-12-04T19:48:08","version" => "8.27"},{"date" => "2019-12-26T16:09:10","version" => "8.28"},{"date" => "2019-12-28T16:58:30","version" => "8.29"},{"date" => "2020-01-09T20:35:42","version" => "8.30"},{"date" => "2020-01-14T20:19:13","version" => "8.31"},{"date" => "2020-01-19T14:35:03","version" => "8.32"},{"date" => "2020-02-11T20:25:08","version" => "8.33"},{"date" => "2020-03-16T17:27:27","version" => "8.34"},{"date" => "2020-03-21T15:12:26","version" => "8.35"},{"date" => "2020-04-02T09:05:58","version" => "8.36"},{"date" => "2020-04-19T19:47:37","version" => "8.37"},{"date" => "2020-04-21T19:54:01","version" => "8.38"},{"date" => "2020-04-22T12:49:38","version" => "8.39"},{"date" => "2020-04-23T09:24:25","version" => "8.40"},{"date" => "2020-05-01T13:34:44","version" => "8.41"},{"date" => "2020-05-04T17:15:38","version" => "8.42"},{"date" => "2020-05-21T12:51:12","version" => "8.43"},{"date" => "2020-05-25T19:06:44","version" => "8.50"},{"date" => "2020-05-31T12:29:16","version" => "8.51"},{"date" => "2020-06-03T20:01:13","version" => "8.52"},{"date" => "2020-06-10T18:02:24","version" => "8.53"},{"date" => "2020-06-14T17:42:03","version" => "8.54"},{"date" => "2020-06-18T09:42:34","version" => "8.55"},{"date" => "2020-06-26T20:08:07","version" => "8.56"},{"date" => "2020-07-17T09:08:51","version" => "8.57"},{"date" => "2020-08-10T18:14:24","version" => "8.58"},{"date" => "2020-09-13T16:04:24","version" => "8.59"},{"date" => "2020-09-27T15:50:48","version" => "8.60"},{"date" => "2020-10-02T11:01:53","version" => "8.61"},{"date" => "2020-10-12T09:57:55","version" => "8.62"},{"date" => "2020-10-13T08:18:36","version" => "8.63"},{"date" => "2020-11-06T18:38:59","version" => "8.64"},{"date" => "2020-11-11T19:55:44","version" => "8.65"},{"date" => "2020-11-30T10:42:18","version" => "8.66"},{"date" => "2020-12-05T16:45:53","version" => "8.67"},{"date" => "2020-12-27T23:38:05","version" => "8.68"},{"date" => "2020-12-28T14:38:20","version" => "8.69"},{"date" => "2020-12-30T14:43:19","version" => "8.70"},{"date" => "2021-01-17T17:06:28","version" => "8.71"},{"date" => "2021-01-27T15:33:24","version" => "8.72"},{"date" => "2021-02-06T16:08:52","version" => "8.73"},{"date" => "2021-02-14T18:44:04","version" => "9.0"},{"date" => "2021-02-16T21:32:29","version" => "9.01"},{"date" => "2021-03-01T19:16:02","version" => "9.02"},{"date" => "2021-03-07T18:49:12","version" => "9.03"},{"date" => "2021-03-11T21:04:03","version" => "9.07"},{"date" => "2021-03-12T16:47:37","version" => "9.08"},{"date" => "2021-03-14T18:32:57","version" => "9.09"},{"date" => "2021-03-15T13:26:22","version" => "9.10"},{"date" => "2021-03-20T16:41:03","version" => "9.11"},{"date" => "2021-03-20T21:25:26","version" => "9.12"},{"date" => "2021-03-22T11:33:00","version" => "9.13"},{"date" => "2021-03-23T22:54:21","version" => "9.14"},{"date" => "2021-04-06T09:10:10","version" => "9.15"},{"date" => "2021-04-09T11:31:09","version" => "9.16"},{"date" => "2021-04-13T10:11:02","version" => "9.17"},{"date" => "2021-05-23T14:06:27","version" => "9.18"},{"date" => "2021-06-02T09:14:48","version" => "9.19"},{"date" => "2021-08-09T17:26:54","version" => "9.20"},{"date" => "2021-08-13T19:14:43","version" => "9.21"},{"date" => "2021-10-21T11:53:53","version" => "9.22"},{"date" => "2022-03-25T11:37:40","version" => "9.23"},{"date" => "2022-04-18T18:28:00","version" => "9.24"},{"date" => "2022-04-28T15:21:32","version" => "9.25"},{"date" => "2022-05-23T15:17:22","version" => "9.26"},{"date" => "2022-09-12T11:10:27","version" => "9.27"},{"date" => "2022-10-14T18:55:13","version" => "9.28"},{"date" => "2022-11-11T10:15:54","version" => "9.29"},{"date" => "2022-11-23T11:52:17","version" => "9.30"},{"date" => "2022-12-21T00:36:31","version" => "9.31"},{"date" => "2023-05-08T22:09:51","version" => "9.32"},{"date" => "2023-06-14T19:25:48","version" => "9.33"},{"date" => "2023-09-11T18:34:53","version" => "9.34"},{"date" => "2023-10-27T17:11:42","version" => "9.35"},{"date" => "2024-03-08T22:16:38","version" => "9.36"},{"date" => "2024-05-13T17:48:56","version" => "9.37"},{"date" => "2024-08-17T14:52:48","version" => "9.38"},{"date" => "2024-11-23T14:16:18","version" => "9.39"},{"date" => "2025-05-12T13:09:01","version" => "9.40"},{"date" => "2025-07-03T12:27:43","version" => "9.41"},{"date" => "2025-10-01T14:47:16","version" => "9.42"}]},"Mojolicious-Plugin-CSRF" => {"advisories" => [{"affected_versions" => ["==1.03"],"cves" => ["CVE-2025-40915"],"description" => "Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.  That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.","distribution" => "Mojolicious-Plugin-CSRF","fixed_versions" => [">=1.03"],"id" => "CPANSA-Mojolicious-Plugin-CSRF-2025-40915","references" => ["https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03"],"reported" => "2025-06-11","severity" => undef}],"main_module" => "Mojolicious::Plugin::CSRF","versions" => [{"date" => "2025-05-18T15:33:39","version" => "1.01"},{"date" => "2025-05-18T17:46:33","version" => "1.02"},{"date" => "2025-06-11T01:38:00","version" => "1.03"},{"date" => "2025-06-11T13:31:36","version" => "1.04"},{"date" => "2025-06-13T17:50:34","version" => "1.05"}]},"Mojolicious-Plugin-CaptchaPNG" => {"advisories" => [{"affected_versions" => ["<1.06"],"cves" => ["CVE-2025-40916"],"description" => "Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.  That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.","distribution" => "Mojolicious-Plugin-CaptchaPNG","fixed_versions" => [">=1.06"],"id" => "CPANSA-Mojolicious-Plugin-CaptchaPNG-2025-40916","references" => ["https://metacpan.org/pod/perlfunc#rand","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.04/diff/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.05/lib/Mojolicious/Plugin/CaptchaPNG.pm","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.06/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-06-16","severity" => undef}],"main_module" => "Mojolicious::Plugin::CaptchaPNG","versions" => [{"date" => "2025-02-05T00:29:06","version" => "1.02"},{"date" => "2025-02-05T18:58:16","version" => "1.03"},{"date" => "2025-05-18T17:49:30","version" => "1.04"},{"date" => "2025-06-11T01:40:57","version" => "1.05"},{"date" => "2025-06-11T14:08:11","version" => "1.06"},{"date" => "2025-06-13T17:50:45","version" => "1.07"},{"date" => "2025-06-17T16:49:35","version" => "1.08"}]},"Mojolicious-Plugin-LazyImage" => {"advisories" => [{"affected_versions" => ["<=0.01"],"cves" => ["CVE-2024-38526"],"description" => "pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.\n","distribution" => "Mojolicious-Plugin-LazyImage","embedded_vulnerability" => {"distributed_version" => undef,"name" => "polyfill.io"},"fixed_versions" => [],"id" => "CPANSA-Mojolicious-Plugin-LazyImage-2024-38526","references" => ["https://github.com/mitmproxy/pdoc/pull/703","https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62","https://sansec.io/research/polyfill-supply-chain-attack","https://github.com/briandfoy/cpan-security-advisory/issues/155","https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/"],"reported" => "2024-06-26","severity" => undef}],"main_module" => "Mojolicious::Plugin::LazyImage","versions" => [{"date" => "2017-12-28T10:40:31","version" => "0.01"}]},"Mojolicious-Plugin-OAuth2" => {"advisories" => [{"affected_versions" => ["<1.3"],"cves" => [],"description" => "Param injection in case of several parameters of the same name are present.\n","distribution" => "Mojolicious-Plugin-OAuth2","fixed_versions" => [">=1.3"],"id" => "CPANSA-Mojolicious-Plugin-OAuth2-2014-01","references" => ["https://metacpan.org/changes/distribution/Mojolicious-Plugin-OAuth2","https://github.com/marcusramberg/Mojolicious-Plugin-OAuth2/commit/68315d329059b427e13d486c0e10733f728709aa"],"reported" => "2014-10-07"}],"main_module" => "Mojolicious::Plugin::OAuth2","versions" => [{"date" => "2011-01-08T11:03:42","version" => "0.01"},{"date" => "2011-01-09T18:00:14","version" => "0.02"},{"date" => "2011-04-03T16:00:38","version" => "0.1"},{"date" => "2011-08-01T16:56:18","version" => "0.2"},{"date" => "2011-09-04T19:42:29","version" => "0.3"},{"date" => "2011-09-07T16:59:50","version" => "0.4"},{"date" => "2011-10-19T11:55:32","version" => "0.5"},{"date" => "2012-03-09T21:15:39","version" => "0.6"},{"date" => "2012-05-30T11:49:29","version" => "0.7"},{"date" => "2012-08-23T20:18:41","version" => "0.8"},{"date" => "2013-05-20T05:55:18","version" => "0.9"},{"date" => "2013-11-06T13:24:52","version" => "1.0"},{"date" => "2014-03-13T08:18:10","version" => "1.1"},{"date" => "2014-09-06T13:49:59","version" => "1.2"},{"date" => "2014-10-07T05:49:16","version" => "1.3"},{"date" => "2015-03-01T20:09:19","version" => "1.4"},{"date" => "2015-03-02T07:32:59","version" => "1.5"},{"date" => "2015-03-18T16:40:18","version" => "1.51"},{"date" => "2015-04-06T20:46:39","version" => "1.52"},{"date" => "2015-09-08T07:27:41","version" => "1.53"},{"date" => "2018-08-30T10:48:55","version" => "1.54"},{"date" => "2018-09-08T18:30:54","version" => "1.55"},{"date" => "2018-09-23T22:04:16","version" => "1.56"},{"date" => "2018-09-24T08:55:14","version" => "1.57"},{"date" => "2019-07-03T12:24:11","version" => "1.58"},{"date" => "2021-02-16T23:34:41","version" => "1.59"},{"date" => "2021-10-27T10:37:42","version" => "2.00"},{"date" => "2021-10-28T09:30:06","version" => "2.01"},{"date" => "2022-02-08T09:50:33","version" => "2.02"}]},"Moxy" => {"advisories" => [{"affected_versions" => ["<0.25"],"cves" => [],"description" => "Allowed file schema\n","distribution" => "Moxy","fixed_versions" => [">=0.25"],"id" => "CPANSA-Moxy-2008-01","references" => ["https://metacpan.org/dist/Moxy/changes"],"reported" => "2008-04-09","severity" => undef}],"main_module" => "Moxy","versions" => [{"date" => "2008-01-01T18:30:22","version" => "0.04"},{"date" => "2008-01-02T13:16:19","version" => "0.05"},{"date" => "2008-01-19T02:45:48","version" => "0.06"},{"date" => "2008-01-19T04:46:15","version" => "0.07"},{"date" => "2008-01-19T13:40:32","version" => "0.08"},{"date" => "2008-01-20T07:59:32","version" => "0.20"},{"date" => "2008-01-25T07:34:00","version" => "0.22"},{"date" => "2008-01-26T10:16:38","version" => "0.23"},{"date" => "2008-01-27T06:18:24","version" => "0.24"},{"date" => "2008-04-09T15:15:08","version" => "0.25"},{"date" => "2008-04-20T05:07:40","version" => "0.30"},{"date" => "2008-04-20T11:43:55","version" => "0.31"},{"date" => "2008-04-21T02:33:59","version" => "0.32"},{"date" => "2008-05-13T04:32:15","version" => "0.32"},{"date" => "2008-05-14T04:12:27","version" => "0.32"},{"date" => "2008-06-14T07:29:30","version" => "0.32"},{"date" => "2008-08-14T16:20:15","version" => "0.32"},{"date" => "2008-08-22T09:54:45","version" => "0.32"},{"date" => "2008-10-02T10:14:27","version" => "0.32"},{"date" => "2008-11-07T01:24:33","version" => "0.32"},{"date" => "2008-11-07T01:43:45","version" => "0.32"},{"date" => "2008-11-08T01:14:56","version" => "0.32"},{"date" => "2008-11-19T02:50:08","version" => "0.32"},{"date" => "2009-02-10T11:05:56","version" => "0.32"},{"date" => "2009-02-20T09:48:43","version" => "0.51"},{"date" => "2009-03-24T11:22:16","version" => "0.52"},{"date" => "2009-03-31T06:33:35","version" => "0.53"},{"date" => "2009-04-07T10:51:35","version" => "0.54"},{"date" => "2009-04-08T06:23:07","version" => "0.55"},{"date" => "2009-04-08T08:36:37","version" => "0.56"},{"date" => "2011-01-26T08:17:33","version" => "0.60"},{"date" => "2011-05-18T04:36:44","version" => "0.57"},{"date" => "2011-05-18T04:46:01","version" => "0.60"},{"date" => "2011-05-24T01:35:05","version" => "0.60"},{"date" => "2011-05-27T01:48:35","version" => "0.63"},{"date" => "2012-11-06T05:23:15","version" => "0.70"}]},"Mozilla-CA" => {"advisories" => [{"affected_versions" => ["<20110914"],"cves" => [],"description" => "Google Chrome user alibo encountered an active \"man in the middle\" (MITM) attack on secure SSL connections to Google servers. The fraudulent certificate was mis-issued by DigiNotar, a Dutch Certificate Authority. DigiNotar has reported evidence that other fraudulent certificates were issued and in active use but the full extent of the compromise is not known.\n","distribution" => "Mozilla-CA","fixed_versions" => [">=20110914"],"id" => "CPANSA-Mozilla-CA-2011-34","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=70967","https://www.mozilla.org/en-US/security/advisories/mfsa2011-35/","https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/"],"reported" => undef,"severity" => undef},{"affected_versions" => ["<20240730"],"cves" => ["CVE-2024-39689"],"description" => "ECM GlobalTrust 2000 root certificates have been distrusted\n","distribution" => "Mozilla-CA","fixed_versions" => [">=20240730"],"id" => "CPANSA-Mozilla-CA-2024-39689","references" => ["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI","https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ","https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc","https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"],"reported" => "2024-06-11","severity" => "low"}],"main_module" => "Mozilla::CA","versions" => [{"date" => "2011-01-22T12:13:20","version" => 20110122},{"date" => "2011-01-26T19:10:48","version" => 20110126},{"date" => "2011-02-11T22:42:06","version" => 20110209},{"date" => "2011-03-01T23:13:54","version" => 20110301},{"date" => "2011-04-09T21:15:42","version" => 20110409},{"date" => "2011-09-04T03:48:06","version" => 20110904},{"date" => "2011-09-15T08:01:35","version" => 20110914},{"date" => "2011-10-25T06:46:10","version" => 20111025},{"date" => "2012-01-18T06:52:33","version" => 20120118},{"date" => "2012-03-09T01:57:07","version" => 20120309},{"date" => "2012-08-22T00:27:51","version" => 20120822},{"date" => "2012-08-22T06:39:33","version" => 20120823},{"date" => "2013-01-14T18:34:17","version" => 20130114},{"date" => "2014-12-22T00:25:09","version" => 20141217},{"date" => "2015-08-26T05:56:57","version" => 20150826},{"date" => "2016-01-04T01:19:28","version" => 20160104},{"date" => "2018-03-01T11:34:46","version" => 20180117},{"date" => "2020-05-20T04:53:47","version" => 20200520},{"date" => "2021-10-01T21:38:43","version" => 20211001},{"date" => "2022-11-14T10:45:12","version" => 20221114},{"date" => "2023-08-01T15:43:22","version" => 20230801},{"date" => "2023-08-07T12:10:03","version" => 20230807},{"date" => "2023-08-21T18:15:27","version" => 20230821},{"date" => "2023-12-13T20:18:41","version" => 20231213},{"date" => "2024-03-13T15:19:08","version" => 20240313},{"date" => "2024-07-30T16:10:02","version" => 20240730},{"date" => "2024-09-24T02:19:55","version" => 20240924},{"date" => "2025-02-02T15:34:15","version" => 20250202},{"date" => "2025-06-02T17:39:28","version" => 20250602}]},"MySQL-Admin" => {"advisories" => [{"affected_versions" => ["<0.34"],"cves" => [],"description" => "Unspecified security issues.\n","distribution" => "MySQL-Admin","fixed_versions" => [">=0.34"],"id" => "CPANSA-MySQL-Admin-1-1","references" => ["https://metacpan.org/dist/MySQL-Admin/changes"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.14,<=1.18"],"cves" => ["X-CVE-2014-0001"],"description" => "Affected versions of the package are vulnerable to Cross-site Scripting (XSS) via the editor box.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-X-CVE-2014-0001-bootstrap-markdown-editor","references" => ["https://security.snyk.io/vuln/npm:bootstrap-markdown:20140826","https://cwe.mitre.org/data/definitions/79.html"],"reported" => "2014-08-25","severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-20921"],"description" => "bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-20921-bootstrap-select","references" => ["https://github.com/advisories/GHSA-9r7h-6639-v5mw","https://github.com/snapappointments/bootstrap-select/issues/2199","https://www.npmjs.com/advisories/1522","https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457"],"reported" => "2020-09-30","severity" => "medium"},{"affected_versions" => [">=1.14,<=1.18"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "MySQL::Admin","versions" => [{"date" => "2009-04-05T07:27:17","version" => "0.41"},{"date" => "2009-04-25T12:13:07","version" => "0.42"},{"date" => "2009-05-02T16:39:11","version" => "0.43"},{"date" => "2009-05-06T16:32:16","version" => "0.44"},{"date" => "2009-09-20T10:34:08","version" => "0.47"},{"date" => "2009-09-20T17:52:11","version" => "0.48"},{"date" => "2009-09-20T19:27:03","version" => "0.5"},{"date" => "2009-09-23T13:03:36","version" => "0.51"},{"date" => "2009-09-26T10:35:54","version" => "0.52"},{"date" => "2009-09-28T06:12:57","version" => "0.54"},{"date" => "2009-09-29T10:34:19","version" => "0.55"},{"date" => "2009-09-30T16:13:36","version" => "0.56"},{"date" => "2009-10-03T07:37:25","version" => "0.57"},{"date" => "2009-10-04T06:02:37","version" => "0.58"},{"date" => "2009-10-04T09:07:10","version" => "0.59"},{"date" => "2009-10-05T15:31:56","version" => "0.6"},{"date" => "2009-10-13T13:03:13","version" => "0.61"},{"date" => "2009-10-13T13:28:16","version" => "0.62"},{"date" => "2015-03-22T15:18:03","version" => "0.65"},{"date" => "2015-03-24T07:27:33","version" => "0.66"},{"date" => "2015-03-26T19:31:05","version" => "0.67"},{"date" => "2015-03-30T18:13:38","version" => "0.68"},{"date" => "2015-04-01T20:54:59","version" => "0.69"},{"date" => "2015-04-02T18:13:25","version" => "0.7"},{"date" => "2015-04-02T20:01:04","version" => "0.71"},{"date" => "2015-04-06T19:38:13","version" => "0.72"},{"date" => "2015-04-07T17:24:44","version" => "0.73"},{"date" => "2015-04-09T20:30:39","version" => "0.74"},{"date" => "2015-04-12T19:12:02","version" => "0.75"},{"date" => "2015-04-18T10:10:22","version" => "0.76"},{"date" => "2015-04-23T19:09:21","version" => "0.77"},{"date" => "2015-06-19T21:18:27","version" => "0.79"},{"date" => "2015-06-20T15:56:45","version" => "0.8"},{"date" => "2015-06-21T11:51:26","version" => "0.81"},{"date" => "2015-07-09T20:24:39","version" => "0.84"},{"date" => "2015-07-10T12:25:42","version" => "0.85"},{"date" => "2015-07-11T17:51:30","version" => "0.86"},{"date" => "2015-07-26T19:47:51","version" => "0.87"},{"date" => "2015-10-10T14:46:47","version" => "0.89"},{"date" => "2015-10-31T17:56:24","version" => "0.9"},{"date" => "2015-11-01T11:42:27","version" => "0.91"},{"date" => "2015-11-01T13:05:50","version" => "0.92"},{"date" => "2015-12-27T20:50:17","version" => "0.93"},{"date" => "2016-01-25T20:30:24","version" => "0.94"},{"date" => "2016-01-26T09:59:39","version" => "0.95"},{"date" => "2016-01-26T13:59:30","version" => "0.96"},{"date" => "2016-01-28T09:10:44","version" => "0.97"},{"date" => "2016-02-03T21:51:55","version" => "0.98"},{"date" => "2016-02-06T07:24:22","version" => "0.99"},{"date" => "2016-02-06T10:01:55","version" => 1},{"date" => "2016-02-06T17:43:58","version" => "1.01"},{"date" => "2016-02-14T18:20:01","version" => "1.02"},{"date" => "2016-02-23T12:55:34","version" => "1.03"},{"date" => "2016-02-24T14:56:54","version" => "1.04"},{"date" => "2016-05-15T18:28:42","version" => "1.05"},{"date" => "2016-06-25T20:34:51","version" => "1.06"},{"date" => "2016-06-26T11:54:44","version" => "1.07"},{"date" => "2016-10-26T20:01:37","version" => "1.08"},{"date" => "2016-10-26T20:17:36","version" => "1.09"},{"date" => "2017-01-25T20:32:12","version" => "1.1"},{"date" => "2017-01-26T20:40:27","version" => "1.11"},{"date" => "2017-01-29T19:25:00","version" => "1.12"},{"date" => "2018-06-03T15:06:18","version" => "1.13"},{"date" => "2018-06-10T16:38:09","version" => "1.14"},{"date" => "2018-07-01T19:20:11","version" => "1.15"},{"date" => "2018-07-24T05:59:11","version" => "1.16"},{"date" => "2019-04-22T13:37:27","version" => "1.17"},{"date" => "2019-05-26T14:49:11","version" => "1.18"}]},"Net-CIDR" => {"advisories" => [{"affected_versions" => ["<0.25"],"cves" => ["CVE-2021-4456"],"description" => "addr2cidr may output dotted decimal IP address with leading zeros, that some older tools may interpret as octal values.","distribution" => "Net-CIDR","fixed_versions" => [">=0.25"],"id" => "CPANSA-Net-CIDR-2021-4456","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/svarshavchik/Net-CIDR/pull/4","https://github.com/briandfoy/cpan-security-advisory/issues/199","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28918","https://github.com/advisories/GHSA-pch5-whg9-qr2r","https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/"],"reported" => undef,"severity" => undef}],"main_module" => "Net::CIDR","versions" => [{"date" => "2001-07-10T02:31:15","version" => "0.02"},{"date" => "2001-10-25T03:21:00","version" => "0.03"},{"date" => "2001-11-27T18:09:02","version" => "0.04"},{"date" => "2003-05-01T15:22:27","version" => "0.07"},{"date" => "2003-08-14T05:53:06","version" => "0.08"},{"date" => "2003-11-19T00:25:14","version" => "0.09"},{"date" => "2004-07-19T23:49:07","version" => "0.10"},{"date" => "2005-08-10T01:21:28","version" => "0.11"},{"date" => "2009-01-19T18:52:31","version" => "0.13"},{"date" => "2010-06-27T13:49:06","version" => "0.14"},{"date" => "2012-02-16T13:12:52","version" => "0.15"},{"date" => "2012-10-01T03:17:27","version" => "0.16"},{"date" => "2012-10-21T13:44:40","version" => "0.17"},{"date" => "2015-02-04T02:03:45","version" => "0.18"},{"date" => "2018-06-12T02:13:49","version" => "0.19"},{"date" => "2019-04-17T01:46:50","version" => "0.20"},{"date" => "2021-03-31T01:43:37","version" => "0.21"},{"date" => "2025-03-09T12:42:15","version" => "0.22"},{"date" => "2025-03-10T12:02:04","version" => "0.23"},{"date" => "2025-05-20T11:56:28","version" => "0.24"},{"date" => "2025-05-20T14:24:29","version" => "v0.24.1"},{"date" => "2025-05-24T02:12:05","version" => "0.25"},{"date" => "2025-06-21T02:56:12","version" => "0.26"},{"date" => "2025-08-13T00:00:19","version" => "0.27"}]},"Net-CIDR-Lite" => {"advisories" => [{"affected_versions" => ["<0.22"],"cves" => ["CVE-2021-47154"],"description" => "The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-CIDR-Lite","fixed_versions" => [">=0.22"],"id" => "CPANSA-Net-CIDR-Lite-2021-47154","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc","https://metacpan.org/dist/Net-CIDR-Lite/changes","https://metacpan.org/pod/Net::CIDR::Lite"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::CIDR::Lite","versions" => [{"date" => "2001-10-23T22:54:21","version" => "0.02"},{"date" => "2001-10-24T00:14:02","version" => "0.03"},{"date" => "2001-10-24T00:55:11","version" => "0.04"},{"date" => "2001-10-25T17:20:05","version" => "0.05"},{"date" => "2001-10-31T01:40:19","version" => "0.06"},{"date" => "2001-10-31T23:51:49","version" => "0.07"},{"date" => "2001-11-26T23:12:47","version" => "0.08"},{"date" => "2001-11-27T05:47:30","version" => "0.09"},{"date" => "2001-11-27T18:25:47","version" => "0.10"},{"date" => "2002-04-16T05:44:00","version" => "0.11"},{"date" => "2002-07-15T07:07:02","version" => "0.12"},{"date" => "2002-07-15T09:46:34","version" => "0.13"},{"date" => "2002-07-15T16:31:01","version" => "0.14"},{"date" => "2003-04-16T20:20:04","version" => "0.15"},{"date" => "2005-05-18T19:01:44","version" => "0.16"},{"date" => "2005-05-18T19:43:12","version" => "0.17"},{"date" => "2005-05-21T08:14:32","version" => "0.18"},{"date" => "2006-01-30T19:34:31","version" => "0.19"},{"date" => "2006-02-14T00:58:01","version" => "0.20"},{"date" => "2010-03-26T00:38:30","version" => "0.21"},{"date" => "2021-04-04T21:03:12","version" => "0.22"}]},"Net-CIDR-Set" => {"advisories" => [{"affected_versions" => [">=0.10,<=0.13"],"cves" => ["CVE-2025-40911"],"description" => "Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.  Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.  Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.","distribution" => "Net-CIDR-Set","fixed_versions" => [">=0.14"],"id" => "CPANSA-Net-CIDR-Set-2025-40911","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab003a8a.patch","https://metacpan.org/release/RRWO/Net-CIDR-Set-0.14/changes"],"reported" => "2025-05-27","severity" => undef}],"main_module" => "Net::CIDR::Set","versions" => [{"date" => "2009-01-29T15:06:24","version" => "0.10"},{"date" => "2009-01-29T23:03:08","version" => "0.11"},{"date" => "2014-02-24T13:52:37","version" => "0.13"},{"date" => "2025-05-27T15:18:39","version" => "0.14"},{"date" => "2025-05-27T15:38:17","version" => "0.15"},{"date" => "2025-06-03T12:56:20","version" => "0.16"},{"date" => "2025-08-03T10:40:58","version" => "0.17"},{"date" => "2025-08-03T10:46:20","version" => "0.18"},{"date" => "2025-08-05T12:12:04","version" => "0.19"}]},"Net-DNS" => {"advisories" => [{"affected_versions" => ["<0.63"],"cves" => ["CVE-2007-6341"],"description" => "Allows remote attackers to cause a denial of service (program \"croak\") via a crafted DNS response.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.63"],"id" => "CPANSA-Net-DNS-2008-01","references" => ["https://metacpan.org/changes/distribution/Net-DNS"],"reported" => "2008-02-08"},{"affected_versions" => ["<0.60"],"cves" => ["CVE-2007-3409"],"description" => "Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.60"],"id" => "CPANSA-Net-DNS-2007-3409","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=27285","http://www.net-dns.org/docs/Changes.html","http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:146","http://www.redhat.com/support/errata/RHSA-2007-0674.html","ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc","http://www.novell.com/linux/security/advisories/2007_17_sr.html","http://www.trustix.org/errata/2007/0023/","http://www.ubuntu.com/usn/usn-483-1","http://www.securityfocus.com/bid/24669","http://www.securitytracker.com/id?1018376","http://secunia.com/advisories/25829","http://secunia.com/advisories/26014","http://secunia.com/advisories/26055","http://secunia.com/advisories/26012","http://secunia.com/advisories/26075","http://secunia.com/advisories/26211","http://secunia.com/advisories/26231","http://secunia.com/advisories/26417","http://secunia.com/advisories/26543","http://www.debian.org/security/2008/dsa-1515","http://secunia.com/advisories/29354","http://osvdb.org/37054","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10595","http://www.securityfocus.com/archive/1/473871/100/0/threaded"],"reported" => "2007-06-26","severity" => undef},{"affected_versions" => ["<0.60"],"cves" => ["CVE-2007-3377"],"description" => "Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.60"],"id" => "CPANSA-Net-DNS-2007-3377","references" => ["http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html","http://rt.cpan.org/Public/Bug/Display.html?id=23961","https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458","http://www.net-dns.org/docs/Changes.html","http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm","http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:146","http://www.redhat.com/support/errata/RHSA-2007-0674.html","http://www.redhat.com/support/errata/RHSA-2007-0675.html","ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc","http://www.novell.com/linux/security/advisories/2007_17_sr.html","http://www.trustix.org/errata/2007/0023/","http://www.ubuntu.com/usn/usn-483-1","http://www.securityfocus.com/bid/24669","http://www.securitytracker.com/id?1018377","http://secunia.com/advisories/25829","http://secunia.com/advisories/26014","http://secunia.com/advisories/26055","http://secunia.com/advisories/26012","http://secunia.com/advisories/26075","http://secunia.com/advisories/26211","http://secunia.com/advisories/26231","http://secunia.com/advisories/26417","http://secunia.com/advisories/26508","http://secunia.com/advisories/26543","http://www.debian.org/security/2008/dsa-1515","http://secunia.com/advisories/29354","http://osvdb.org/37053","https://exchange.xforce.ibmcloud.com/vulnerabilities/35112","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9904","http://www.securityfocus.com/archive/1/473871/100/0/threaded"],"reported" => "2007-06-25","severity" => undef}],"main_module" => "Net::DNS","versions" => [{"date" => "1997-02-04T10:03:21","version" => "0.02"},{"date" => "1997-02-05T05:54:07","version" => "0.02"},{"date" => "1997-02-10T16:24:12","version" => "0.03"},{"date" => "1997-02-13T23:50:40","version" => "0.04"},{"date" => "1997-03-28T06:22:18","version" => "0.05"},{"date" => "1997-04-03T06:54:12","version" => "0.06"},{"date" => "1997-04-19T18:07:46","version" => "0.07"},{"date" => "1997-05-13T15:27:34","version" => "0.08"},{"date" => "1997-05-29T22:16:14","version" => "0.09"},{"date" => "1997-06-13T04:35:29","version" => "0.10"},{"date" => "1997-07-06T18:10:05","version" => "0.11"},{"date" => "1997-10-02T05:53:19","version" => "0.12"},{"date" => "2002-02-01T21:32:42","version" => "0.14"},{"date" => "2002-04-11T23:04:19","version" => "0.19"},{"date" => "2002-05-15T00:39:48","version" => "0.20"},{"date" => "2002-06-03T21:44:48","version" => "0.21"},{"date" => "2002-06-06T21:48:08","version" => "0.22"},{"date" => "2002-06-11T22:49:07","version" => "0.23"},{"date" => "2002-07-06T20:17:50","version" => "0.24"},{"date" => "2002-08-01T10:37:46","version" => "0.25"},{"date" => "2002-08-05T20:11:20","version" => "0.26"},{"date" => "2002-08-15T15:55:56","version" => "0.27"},{"date" => "2002-08-21T00:18:55","version" => "0.28"},{"date" => "2002-10-02T06:09:09","version" => "0.29"},{"date" => "2002-11-07T13:19:03","version" => "0.30"},{"date" => "2002-11-18T04:32:09","version" => "0.31"},{"date" => "2003-01-05T21:37:55","version" => "0.32"},{"date" => "2003-01-08T18:31:53","version" => "0.33"},{"date" => "2003-03-06T19:19:53","version" => "0.34"},{"date" => "2003-05-22T02:33:15","version" => "0.34_02"},{"date" => "2003-05-23T01:24:00","version" => "0.34_03"},{"date" => "2003-05-26T07:13:38","version" => "0.35"},{"date" => "2003-05-28T22:24:43","version" => "0.36"},{"date" => "2003-05-28T22:41:56","version" => "0.37"},{"date" => "2003-06-05T23:55:14","version" => "0.38"},{"date" => "2003-06-23T00:19:28","version" => "0.38_01"},{"date" => "2003-07-29T09:34:12","version" => "0.38_02"},{"date" => "2003-08-07T22:35:45","version" => "0.39"},{"date" => "2003-08-12T04:10:01","version" => "0.39_01"},{"date" => "2003-08-28T15:17:51","version" => "0.39_02"},{"date" => "2003-09-01T22:18:39","version" => "0.40"},{"date" => "2003-09-26T22:54:49","version" => "0.40_01"},{"date" => "2003-10-03T15:57:27","version" => "0.41"},{"date" => "2003-10-26T05:42:29","version" => "0.42"},{"date" => "2003-12-01T04:39:24","version" => "0.42_01"},{"date" => "2003-12-11T08:53:09","version" => "0.42_02"},{"date" => "2003-12-12T00:28:17","version" => "0.43"},{"date" => "2003-12-13T01:55:07","version" => "0.44"},{"date" => "2004-01-03T06:49:06","version" => "0.44_01"},{"date" => "2004-01-04T04:51:25","version" => "0.44_02"},{"date" => "2004-01-08T05:56:11","version" => "0.45"},{"date" => "2004-02-10T00:53:47","version" => "0.45_01"},{"date" => "2004-02-21T12:53:34","version" => "0.46"},{"date" => "2004-04-01T07:39:00","version" => "0.47"},{"date" => "2004-05-06T19:18:31","version" => "0.47_01"},{"date" => "2004-08-13T01:11:57","version" => "0.48"},{"date" => "2005-03-07T14:31:55","version" => "0.48_01"},{"date" => "2005-03-14T20:47:20","version" => "0.48_02"},{"date" => "2005-03-22T15:54:51","version" => "0.48_03"},{"date" => "2005-03-29T13:12:16","version" => "0.49"},{"date" => "2005-05-24T08:07:55","version" => "0.49_01"},{"date" => "2005-05-28T07:07:52","version" => "0.49_02"},{"date" => "2005-06-01T20:51:43","version" => "0.49_03"},{"date" => "2005-06-08T14:15:32","version" => "0.50"},{"date" => "2005-06-10T11:00:29","version" => "0.51"},{"date" => "2005-06-14T11:42:54","version" => "0.49_01"},{"date" => "2005-06-22T14:32:45","version" => "0.49_01"},{"date" => "2005-07-01T21:50:47","version" => "0.52"},{"date" => "2005-07-22T12:23:21","version" => "0.53"},{"date" => "2005-07-31T14:40:15","version" => "0.53_01"},{"date" => "2005-10-18T14:39:03","version" => "0.53_02"},{"date" => "2005-12-07T13:15:30","version" => "0.54"},{"date" => "2005-12-14T10:29:42","version" => "0.55"},{"date" => "2006-02-20T15:34:25","version" => "0.56"},{"date" => "2006-02-24T16:21:14","version" => "0.57"},{"date" => "2006-07-04T11:42:41","version" => "0.58"},{"date" => "2006-09-18T19:31:10","version" => "0.59"},{"date" => "2007-06-22T07:31:18","version" => "0.60"},{"date" => "2007-08-01T12:26:55","version" => "0.61"},{"date" => "2007-12-28T19:32:25","version" => "0.62"},{"date" => "2008-02-08T15:49:50","version" => "0.63"},{"date" => "2008-12-30T18:11:35","version" => "0.64"},{"date" => "2009-01-26T18:19:23","version" => "0.65"},{"date" => "2009-12-30T13:58:25","version" => "0.66"},{"date" => "2011-10-25T12:14:24","version" => "0.66_01"},{"date" => "2011-10-27T14:23:38","version" => "0.66_02"},{"date" => "2011-10-28T14:31:06","version" => "0.66_03"},{"date" => "2011-10-28T15:00:15","version" => "0.66_04"},{"date" => "2011-10-31T14:36:02","version" => "0.66_06"},{"date" => "2011-10-31T19:34:01","version" => "0.66_07"},{"date" => "2011-11-02T21:52:59","version" => "0.66_08"},{"date" => "2011-11-07T09:07:56","version" => "0.67"},{"date" => "2012-01-23T13:41:03","version" => "0.67_01"},{"date" => "2012-01-26T10:44:13","version" => "0.67_03"},{"date" => "2012-01-27T08:47:28","version" => "0.67_04"},{"date" => "2012-01-31T21:54:27","version" => "0.68"},{"date" => "2012-01-31T22:11:31","version" => "0.68"},{"date" => "2012-10-29T15:35:55","version" => "0.68_01"},{"date" => "2012-10-31T10:25:57","version" => "0.68_02"},{"date" => "2012-10-31T20:33:53","version" => "0.68_03"},{"date" => "2012-11-12T07:15:13","version" => "0.68_04"},{"date" => "2012-11-12T10:22:31","version" => "0.68_05"},{"date" => "2012-11-19T12:57:25","version" => "0.68_06"},{"date" => "2012-11-21T23:12:34","version" => "0.68_07"},{"date" => "2012-11-23T22:12:01","version" => "0.68_08"},{"date" => "2012-12-04T07:18:08","version" => "0.68_09"},{"date" => "2012-12-05T12:07:43","version" => "0.69"},{"date" => "2012-12-05T14:05:12","version" => "0.69_1"},{"date" => "2012-12-06T11:10:17","version" => "0.70"},{"date" => "2012-12-12T16:04:03","version" => "0.70_1"},{"date" => "2012-12-15T11:18:56","version" => "0.71"},{"date" => "2012-12-24T21:14:23","version" => "0.71_01"},{"date" => "2012-12-28T15:03:57","version" => "0.72"},{"date" => "2013-11-13T15:18:55","version" => "0.72_01"},{"date" => "2013-11-14T16:13:33","version" => "0.72_02"},{"date" => "2013-11-18T10:49:23","version" => "0.72_03"},{"date" => "2013-11-19T21:52:50","version" => "0.72_04"},{"date" => "2013-11-29T13:35:08","version" => "0.73"},{"date" => "2013-12-24T15:21:50","version" => "0.73_1"},{"date" => "2014-01-02T20:32:27","version" => "0.73_2"},{"date" => "2014-01-05T20:31:16","version" => "0.73_3"},{"date" => "2014-01-12T10:25:24","version" => "0.73_4"},{"date" => "2014-01-13T15:59:49","version" => "0.73_5"},{"date" => "2014-01-16T10:23:47","version" => "0.74"},{"date" => "2014-03-03T21:33:39","version" => "0.74_1"},{"date" => "2014-03-10T08:36:19","version" => "0.74_2"},{"date" => "2014-04-03T21:00:45","version" => "0.74_3"},{"date" => "2014-04-30T14:05:59","version" => "0.74_4"},{"date" => "2014-05-05T06:05:46","version" => "0.74_5"},{"date" => "2014-05-06T09:22:01","version" => "0.74_6"},{"date" => "2014-05-08T09:54:21","version" => "0.75"},{"date" => "2014-05-22T20:56:00","version" => "0.75_1"},{"date" => "2014-05-23T22:26:56","version" => "0.76"},{"date" => "2014-05-29T11:26:07","version" => "0.76_1"},{"date" => "2014-06-05T16:04:39","version" => "0.76_2"},{"date" => "2014-06-13T08:31:32","version" => "0.76_3"},{"date" => "2014-06-13T21:57:13","version" => "0.77"},{"date" => "2014-07-02T09:53:03","version" => "0.77_1"},{"date" => "2014-07-09T07:09:44","version" => "0.77_2"},{"date" => "2014-07-10T14:13:33","version" => "0.78"},{"date" => "2014-07-30T21:41:25","version" => "0.78_1"},{"date" => "2014-08-12T22:13:54","version" => "0.78_2"},{"date" => "2014-08-15T14:40:22","version" => "0.78_3"},{"date" => "2014-08-19T13:24:46","version" => "0.78_5"},{"date" => "2014-08-22T22:29:13","version" => "0.79"},{"date" => "2014-09-11T11:42:35","version" => "0.79_1"},{"date" => "2014-09-15T14:51:32","version" => "0.79_2"},{"date" => "2014-09-22T11:51:22","version" => "0.80"},{"date" => "2014-10-20T08:19:15","version" => "0.80_1"},{"date" => "2014-10-24T08:21:15","version" => "0.80_2"},{"date" => "2014-10-29T13:44:16","version" => "0.81"},{"date" => "2015-01-05T10:22:06","version" => "0.81_01"},{"date" => "2015-01-20T14:12:38","version" => "0.82"},{"date" => "2015-02-11T14:26:36","version" => "0.82_01"},{"date" => "2015-02-18T11:05:47","version" => "0.82_02"},{"date" => "2015-02-26T15:48:06","version" => "0.83"},{"date" => "2015-05-27T10:04:50","version" => "1.00_01"},{"date" => "2015-06-11T17:23:10","version" => "1.00_02"},{"date" => "2015-06-15T10:02:08","version" => "1.00_03"},{"date" => "2015-06-23T13:57:29","version" => "1.00_04"},{"date" => "2015-06-26T09:37:11","version" => "1.00_05"},{"date" => "2015-06-29T17:15:06","version" => "1.00_06"},{"date" => "2015-07-01T13:51:22","version" => "1.00_07"},{"date" => "2015-07-02T08:17:44","version" => "1.00_08"},{"date" => "2015-07-06T17:28:32","version" => "1.01"},{"date" => "2015-08-26T20:44:25","version" => "1.01_01"},{"date" => "2015-09-03T06:21:58","version" => "1.01_02"},{"date" => "2015-09-04T20:39:37","version" => "1.01_03"},{"date" => "2015-09-08T08:26:06","version" => "1.01_04"},{"date" => "2015-09-11T11:49:24","version" => "1.01_05"},{"date" => "2015-09-15T18:51:53","version" => "1.01_06"},{"date" => "2015-09-16T10:25:09","version" => "1.02"},{"date" => "2015-09-22T13:39:43","version" => "1.02_01"},{"date" => "2015-10-05T08:30:03","version" => "1.02_02"},{"date" => "2015-10-06T20:39:36","version" => "1.02_03"},{"date" => "2015-10-08T21:24:29","version" => "1.02_04"},{"date" => "2015-10-13T07:30:39","version" => "1.02_05"},{"date" => "2015-10-14T12:44:57","version" => "1.02_06"},{"date" => "2015-10-20T09:59:26","version" => "1.02_07"},{"date" => "2015-10-23T08:32:04","version" => "1.02_08"},{"date" => "2015-10-27T16:07:21","version" => "1.02_09"},{"date" => "2015-11-02T06:00:09","version" => "1.02_10"},{"date" => "2015-11-08T13:49:33","version" => "1.03"},{"date" => "2015-12-01T21:21:55","version" => "1.03_01"},{"date" => "2015-12-02T14:27:42","version" => "1.03_02"},{"date" => "2015-12-02T20:49:07","version" => "1.03_03"},{"date" => "2015-12-08T20:41:10","version" => "1.04"},{"date" => "2016-02-01T16:26:27","version" => "1.04_01"},{"date" => "2016-02-02T08:03:42","version" => "1.04_02"},{"date" => "2016-02-05T12:19:57","version" => "1.04_03"},{"date" => "2016-02-29T12:32:53","version" => "1.04_04"},{"date" => "2016-03-07T21:11:01","version" => "1.05"},{"date" => "2016-03-21T13:15:38","version" => "1.05_01"},{"date" => "2016-03-24T18:45:15","version" => "1.05_02"},{"date" => "2016-04-04T21:53:54","version" => "1.05_03"},{"date" => "2016-04-15T10:11:03","version" => "1.05_04"},{"date" => "2016-04-17T12:05:46","version" => "1.05_05"},{"date" => "2016-05-11T08:58:51","version" => "1.05_06"},{"date" => "2016-05-22T07:54:41","version" => "1.05_07"},{"date" => "2016-05-27T19:12:44","version" => "1.06"},{"date" => "2016-06-22T08:54:06","version" => "1.06_01"},{"date" => "2016-08-24T11:36:13","version" => "1.06_02"},{"date" => "2016-08-25T15:01:31","version" => "1.06_03"},{"date" => "2016-09-17T08:19:30","version" => "1.06_04"},{"date" => "2016-11-12T03:24:33","version" => "1.06_05"},{"date" => "2016-12-23T14:48:42","version" => "1.06_06"},{"date" => "2016-12-29T17:16:20","version" => "1.07"},{"date" => "2017-01-18T21:51:05","version" => "1.07_01"},{"date" => "2017-01-27T10:44:03","version" => "1.07_02"},{"date" => "2017-02-09T10:28:55","version" => "1.07_03"},{"date" => "2017-02-13T10:08:41","version" => "1.07_04"},{"date" => "2017-02-20T11:12:45","version" => "1.08"},{"date" => "2017-03-06T09:33:06","version" => "1.08_02"},{"date" => "2017-03-13T10:02:22","version" => "1.08_03"},{"date" => "2017-03-22T09:48:52","version" => "1.08_04"},{"date" => "2017-03-24T07:00:36","version" => "1.09"},{"date" => "2017-04-19T13:10:57","version" => "1.09_01"},{"date" => "2017-05-05T22:21:10","version" => "1.10"},{"date" => "2017-05-31T09:07:40","version" => "1.10_01"},{"date" => "2017-06-03T20:26:47","version" => "1.10_02"},{"date" => "2017-06-12T12:03:07","version" => "1.10_03"},{"date" => "2017-06-26T12:52:57","version" => "1.11"},{"date" => "2017-07-07T21:50:10","version" => "1.11_01"},{"date" => "2017-07-28T16:17:01","version" => "1.11_02"},{"date" => "2017-08-15T10:33:15","version" => "1.11_03"},{"date" => "2017-08-17T12:48:08","version" => "1.11_04"},{"date" => "2017-08-18T13:15:31","version" => "1.12"},{"date" => "2017-09-12T09:28:26","version" => "1.12_01"},{"date" => "2017-10-06T09:07:45","version" => "1.12_02"},{"date" => "2017-10-10T14:42:38","version" => "1.12_03"},{"date" => "2017-10-18T09:49:20","version" => "1.13"},{"date" => "2017-11-30T11:11:55","version" => "1.13_01"},{"date" => "2017-12-07T10:17:12","version" => "1.13_02"},{"date" => "2017-12-15T12:34:59","version" => "1.14"},{"date" => "2018-01-31T10:11:39","version" => "1.14_01"},{"date" => "2018-02-01T14:14:07","version" => "1.14_02"},{"date" => "2018-02-09T11:42:14","version" => "1.15"},{"date" => "2018-06-11T09:20:56","version" => "1.15_01"},{"date" => "2018-06-14T10:46:39","version" => "1.15_02"},{"date" => "2018-07-03T09:05:15","version" => "1.15_03"},{"date" => "2018-07-06T10:03:02","version" => "1.15_04"},{"date" => "2018-07-16T04:56:07","version" => "1.16"},{"date" => "2018-07-20T16:22:38","version" => "1.16_01"},{"date" => "2018-07-24T15:35:14","version" => "1.16_02"},{"date" => "2018-07-25T07:10:24","version" => "1.17"},{"date" => "2018-09-11T10:24:34","version" => "1.17_01"},{"date" => "2018-09-11T15:32:52","version" => "1.17_02"},{"date" => "2018-09-12T06:15:44","version" => "1.17_03"},{"date" => "2018-09-21T14:49:48","version" => "1.18"},{"date" => "2018-11-08T06:39:55","version" => "1.18_01"},{"date" => "2018-11-15T06:02:14","version" => "1.19"},{"date" => "2018-12-31T12:23:28","version" => "1.19_01"},{"date" => "2019-01-28T09:48:25","version" => "1.19_02"},{"date" => "2019-03-22T08:40:39","version" => "1.19_03"},{"date" => "2019-03-22T14:13:56","version" => "1.20"},{"date" => "2019-07-21T09:20:43","version" => "1.20_01"},{"date" => "2019-07-23T14:51:08","version" => "1.20_02"},{"date" => "2019-08-21T13:49:42","version" => "1.20_03"},{"date" => "2019-08-30T08:37:40","version" => "1.21"},{"date" => "2020-02-02T21:54:31","version" => "1.21_01"},{"date" => "2020-02-13T13:56:48","version" => "1.22"},{"date" => "2020-03-17T09:09:32","version" => "1.22_01"},{"date" => "2020-03-18T14:55:27","version" => "1.23"},{"date" => "2020-05-13T09:04:51","version" => "1.23_01"},{"date" => "2020-05-27T12:47:25","version" => "1.24"},{"date" => "2020-06-19T10:52:05","version" => "1.24_01"},{"date" => "2020-06-23T13:07:04","version" => "1.24_02"},{"date" => "2020-06-26T15:40:24","version" => "1.25"},{"date" => "2020-07-28T12:55:42","version" => "1.25_01"},{"date" => "2020-07-31T08:43:21","version" => "1.25_02"},{"date" => "2020-08-06T15:55:03","version" => "1.26"},{"date" => "2020-08-31T13:51:53","version" => "1.26_01"},{"date" => "2020-09-07T08:02:00","version" => "1.26_02"},{"date" => "2020-09-11T18:53:08","version" => "1.27"},{"date" => "2020-10-08T22:00:15","version" => "1.27_01"},{"date" => "2020-10-16T10:20:24","version" => "1.27_02"},{"date" => "2020-10-19T08:09:59","version" => "1.27_03"},{"date" => "2020-10-23T16:53:49","version" => "1.28"},{"date" => "2020-11-16T16:33:26","version" => "1.28_01"},{"date" => "2020-11-18T13:40:46","version" => "1.29"},{"date" => "2020-12-24T15:37:27","version" => "1.29_01"},{"date" => "2021-03-22T08:38:47","version" => "1.29_02"},{"date" => "2021-03-28T09:38:33","version" => "1.29_03"},{"date" => "2021-03-30T10:06:50","version" => "1.30"},{"date" => "2021-05-02T12:43:26","version" => "1.31"},{"date" => "2021-07-09T09:57:13","version" => "1.31_01"},{"date" => "2021-07-16T14:24:25","version" => "1.32"},{"date" => "2021-08-11T10:07:26","version" => "1.32_01"},{"date" => "2021-12-08T10:42:13","version" => "1.32_02"},{"date" => "2021-12-16T12:22:39","version" => "1.33"},{"date" => "2022-05-21T10:05:03","version" => "1.33_01"},{"date" => "2022-05-30T13:39:34","version" => "1.34"},{"date" => "2022-09-23T13:43:05","version" => "1.34_01"},{"date" => "2022-10-04T13:44:45","version" => "1.34_02"},{"date" => "2022-10-04T20:02:07","version" => "1.35"},{"date" => "2022-12-20T14:45:20","version" => "1.35_01"},{"date" => "2022-12-21T11:28:18","version" => "1.35_02"},{"date" => "2022-12-28T13:12:39","version" => "1.35_03"},{"date" => "2022-12-30T15:53:37","version" => "1.36"},{"date" => "2023-01-30T14:07:07","version" => "1.36_01"},{"date" => "2023-02-20T15:36:17","version" => "1.36_02"},{"date" => "2023-03-06T12:19:36","version" => "1.36_03"},{"date" => "2023-03-13T18:06:16","version" => "1.37"},{"date" => "2023-03-30T19:26:05","version" => "1.37_01"},{"date" => "2023-04-17T12:34:49","version" => "1.37_02"},{"date" => "2023-04-20T12:38:12","version" => "1.37_03"},{"date" => "2023-04-25T20:37:19","version" => "1.37_04"},{"date" => "2023-05-09T10:50:45","version" => "1.38"},{"date" => "2023-05-31T14:12:28","version" => "1.38_01"},{"date" => "2023-06-01T11:46:37","version" => "1.39"},{"date" => "2023-08-23T14:53:17","version" => "1.39_01"},{"date" => "2023-08-25T12:50:35","version" => "1.39_02"},{"date" => "2023-08-30T18:16:07","version" => "1.40"},{"date" => "2023-11-22T08:42:22","version" => "1.40_01"},{"date" => "2023-11-27T13:28:04","version" => "1.41"},{"date" => "2023-12-24T15:48:59","version" => "1.42"},{"date" => "2024-01-04T11:21:08","version" => "1.42_01"},{"date" => "2024-01-08T09:38:46","version" => "1.42_02"},{"date" => "2024-01-10T15:04:01","version" => "1.42_03"},{"date" => "2024-01-17T09:07:40","version" => "1.42_04"},{"date" => "2024-01-25T11:08:34","version" => "1.42_05"},{"date" => "2024-01-26T14:54:33","version" => "1.43"},{"date" => "2024-02-14T09:22:32","version" => "1.43_01"},{"date" => "2024-02-15T13:03:57","version" => "1.44"},{"date" => "2024-04-21T08:24:10","version" => "1.44_01"},{"date" => "2024-05-02T11:03:24","version" => "1.45"},{"date" => "2024-07-26T03:56:44","version" => "1.45_01"},{"date" => "2024-08-12T09:53:41","version" => "1.45_02"},{"date" => "2024-08-19T15:12:15","version" => "1.46"},{"date" => "2024-09-18T20:46:06","version" => "1.47"},{"date" => "2024-11-07T14:13:26","version" => "1.47_01"},{"date" => "2024-11-08T13:27:46","version" => "1.48"},{"date" => "2024-12-16T13:43:49","version" => "1.48_01"},{"date" => "2024-12-18T14:24:48","version" => "1.48_02"},{"date" => "2024-12-27T13:12:51","version" => "1.49"},{"date" => "2025-01-02T16:36:47","version" => "1.49_01"},{"date" => "2025-01-29T09:05:23","version" => "1.49_02"},{"date" => "2025-02-08T16:50:50","version" => "1.49_03"},{"date" => "2025-02-10T13:49:02","version" => "1.49_04"},{"date" => "2025-02-11T15:56:15","version" => "1.49_05"},{"date" => "2025-02-21T08:48:19","version" => "1.50"},{"date" => "2025-07-01T12:01:39","version" => "1.50_01"},{"date" => "2025-07-04T13:49:27","version" => "1.51"},{"date" => "2025-07-18T11:52:46","version" => "1.51_01"},{"date" => "2025-07-19T11:26:47","version" => "1.51_02"},{"date" => "2025-07-22T16:56:24","version" => "1.51_03"},{"date" => "2025-07-28T13:57:39","version" => "1.51_04"},{"date" => "2025-07-29T18:11:00","version" => "1.52"},{"date" => "2025-08-14T12:01:11","version" => "1.52_01"},{"date" => "2025-08-19T09:53:44","version" => "1.52_02"},{"date" => "2025-08-26T09:53:47","version" => "1.52_03"},{"date" => "2025-08-29T12:22:39","version" => "1.53"},{"date" => "2026-01-16T13:17:34","version" => "1.54"}]},"Net-Dropbear" => {"advisories" => [{"affected_versions" => ["<0"],"comment" => "From the author: \"I have reviewed Dropbear's usage of libtomcrypt, and the function in question for CVE-2019-17362, der_decode_utf8_string, is not used in Dropbear. None of the DER parsing from libtomcrypt is used in Dropbear at all, I have confirmed that the flag to include it is not set, and confirmed that the resultant Dropbear.so that is built by Net::Dropbear does not include any of the der_* symbols.\"\n","cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","embedded_vulnerability" => {"affected_versions" => "<0","distributed_version" => "1.8.2","name" => "libtomcrypt"},"fixed_versions" => [">0"],"id" => "CPANSA-Net-Dropbear-2019-17362","references" => ["https://github.com/atrodo/Net-Dropbear/issues/6","https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">0"],"comment" => "embedded library is libtommath","cves" => ["CVE-2025-40913","CVE-2023-36328"],"description" => "Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow.  Net::Dropbear\x{a0}embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2025-40913","references" => ["https://github.com/advisories/GHSA-j3xv-6967-cv88","https://github.com/libtom/libtommath/pull/546","https://metacpan.org/release/ATRODO/Net-Dropbear-0.16/source/dropbear/libtommath/bn_mp_grow.c","https://www.cve.org/CVERecord?id=CVE-2023-36328"],"reported" => "2025-07-16","severity" => undef},{"affected_versions" => [">=0.01,<=0.07"],"cves" => ["CVE-2019-12953"],"description" => "Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-12953-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://matt.ucc.asn.au/dropbear/CHANGES"],"reported" => "2020-12-30","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.10"],"cves" => ["CVE-2019-12953"],"description" => "Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-12953-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://matt.ucc.asn.au/dropbear/CHANGES"],"reported" => "2020-12-30","severity" => "medium"},{"affected_versions" => [">=0.11,<=0.13"],"cves" => ["CVE-2020-36254"],"description" => "scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2020-36254-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff"],"reported" => "2021-02-25","severity" => "high"},{"affected_versions" => [">=0.14"],"cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-17362-libtomcrypt","references" => ["https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">=0.11,<=0.13"],"cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-17362-libtomcrypt","references" => ["https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">=0.01,<=0.10"],"cves" => ["CVE-2016-6129"],"description" => "The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2016-6129-libtomcrypt","references" => ["https://www.op-tee.org/advisories/","https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0","https://bugzilla.redhat.com/show_bug.cgi?id=1370955"],"reported" => "2017-02-13","severity" => "high"}],"main_module" => "Net::Dropbear","versions" => [{"date" => "2015-11-03T18:31:23","version" => "0.01"},{"date" => "2015-11-04T04:17:39","version" => "0.02"},{"date" => "2015-11-05T06:49:56","version" => "0.03"},{"date" => "2015-11-07T03:40:31","version" => "0.04"},{"date" => "2015-11-29T00:37:40","version" => "0.06"},{"date" => "2016-01-02T05:57:50","version" => "0.07"},{"date" => "2016-08-04T05:36:45","version" => "0.08"},{"date" => "2016-08-08T05:56:46","version" => "0.09"},{"date" => "2016-08-10T05:05:32","version" => "0.10"},{"date" => "2020-03-17T04:05:13","version" => "0.11"},{"date" => "2020-03-20T02:33:34","version" => "0.12"},{"date" => "2020-03-21T14:51:53","version" => "0.13"},{"date" => "2021-05-28T04:07:12","version" => "0.14"},{"date" => "2022-07-01T04:48:35","version" => "0.15"},{"date" => "2022-07-08T03:18:20","version" => "0.16"}]},"Net-Dropbox-API" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-58036"],"description" => "Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Net-Dropbox-API","fixed_versions" => [],"id" => "CPANSA-Net-Dropbox-API-2024-58036","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L11","https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L385","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Net::Dropbox::API","versions" => [{"date" => "2010-05-12T02:24:44","version" => "0.02"},{"date" => "2010-05-12T03:47:17","version" => "0.3"},{"date" => "2010-05-12T05:20:22","version" => "0.4"},{"date" => "2010-05-13T01:28:14","version" => "0.5"},{"date" => "2010-05-13T01:45:47","version" => "0.6"},{"date" => "2010-09-29T22:44:37","version" => "0.7"},{"date" => "2010-10-17T21:34:59","version" => "0.9"},{"date" => "2011-02-06T21:28:22","version" => "0.10"},{"date" => "2011-02-20T20:23:48","version" => "1.0"},{"date" => "2011-02-23T03:51:46","version" => "1.1"},{"date" => "2011-03-23T19:59:39","version" => "1.2"},{"date" => "2011-04-08T04:53:20","version" => "1.3"},{"date" => "2011-04-12T19:45:12","version" => "1.4"},{"date" => "2011-05-09T07:49:55","version" => "1.5"},{"date" => "2011-05-16T05:45:53","version" => "1.6"},{"date" => "2011-06-16T01:18:02","version" => "1.6.1"},{"date" => "2011-06-28T00:24:02","version" => "1.7"},{"date" => "2012-03-22T23:54:58","version" => "1.8"},{"date" => "2012-10-23T07:31:36","version" => "1.9"}]},"Net-IP-LPM" => {"advisories" => [{"affected_versions" => [">=1.10"],"cves" => ["CVE-2025-40910"],"description" => "Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.  Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.","distribution" => "Net-IP-LPM","fixed_versions" => [],"id" => "CPANSA-Net-IP-LPM-2025-40910","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/TPODER/Net-IP-LPM-1.10/diff/TPODER/Net-IP-LPM-1.09/lib/Net/IP/LPM.pm","https://security.metacpan.org/patches/N/Net-IP-LPM/1.10/CVE-2025-40910-r1.patch"],"reported" => "2025-06-27","severity" => undef}],"main_module" => "Net::IP::LPM","versions" => [{"date" => "2013-01-05T14:28:16","version" => "0.01_01"},{"date" => "2013-01-07T14:50:26","version" => "0.01_02"},{"date" => "2013-01-09T06:10:47","version" => "0.01_03"},{"date" => "2013-01-12T11:32:07","version" => "0.02"},{"date" => "2013-03-08T12:21:31","version" => "0.02_01"},{"date" => "2013-03-16T21:27:03","version" => "0.03"},{"date" => "2013-08-17T04:37:38","version" => "1.01_01"},{"date" => "2013-08-18T06:59:49","version" => "1.01_02"},{"date" => "2013-08-18T14:53:57","version" => "1.01_04"},{"date" => "2013-08-20T06:13:43","version" => "1.02"},{"date" => "2013-08-20T18:42:21","version" => "1.03"},{"date" => "2013-08-26T07:46:02","version" => "1.04"},{"date" => "2013-10-02T16:49:57","version" => "1.05"},{"date" => "2014-11-16T13:18:40","version" => "1.06"},{"date" => "2014-11-20T07:37:55","version" => "1.07"},{"date" => "2014-12-01T21:14:24","version" => "1.09"},{"date" => "2015-08-03T08:40:34","version" => "1.10"}]},"Net-IPAddress-Util" => {"advisories" => [{"affected_versions" => ["<5.000"],"cves" => ["CVE-2021-47156"],"description" => "The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-IPAddress-Util","fixed_versions" => [">=5.000"],"id" => "CPANSA-Net-IPAddress-Util-2021-47156","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/Net-IPAddress-Util","https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::IPAddress::Util","versions" => [{"date" => "2010-03-21T17:13:19","version" => "0.01"},{"date" => "2010-03-21T21:58:11","version" => "0.02"},{"date" => "2010-03-21T23:54:15","version" => "0.03"},{"date" => "2010-03-22T00:50:40","version" => "0.04"},{"date" => "2010-03-23T11:38:32","version" => "0.05"},{"date" => "2010-03-24T10:42:02","version" => "0.06"},{"date" => "2010-03-25T10:58:12","version" => "0.07"},{"date" => "2010-03-26T11:06:58","version" => "0.08"},{"date" => "2010-03-27T15:38:27","version" => "0.09"},{"date" => "2010-04-29T01:26:36","version" => "0.10"},{"date" => "2011-03-26T22:10:10","version" => "0.11"},{"date" => "2011-03-27T00:22:54","version" => "0.12"},{"date" => "2012-05-30T10:03:21","version" => "1.000"},{"date" => "2012-05-31T10:48:35","version" => "1.001"},{"date" => "2012-06-09T08:44:51","version" => "1.002"},{"date" => "2013-10-29T14:27:36","version" => "2.000"},{"date" => "2013-10-29T14:31:44","version" => "2.000_TRIAL"},{"date" => "2013-10-30T03:01:39","version" => "2.001_TRIAL"},{"date" => "2013-10-30T03:32:06","version" => "2.002_TRIAL"},{"date" => "2013-10-30T11:47:01","version" => "2.003_TRIAL"},{"date" => "2013-10-30T15:53:55","version" => "2.004_TRIAL"},{"date" => "2013-11-01T02:53:47","version" => "1.500"},{"date" => "2013-11-02T02:04:49","version" => "3.000"},{"date" => "2014-04-29T10:09:11","version" => "3.001"},{"date" => "2014-06-10T06:38:16","version" => "3.002"},{"date" => "2014-06-14T21:40:33","version" => "3.003"},{"date" => "2014-09-24T11:29:12","version" => "3.010"},{"date" => "2014-09-24T13:12:04","version" => "3.011"},{"date" => "2014-09-26T05:01:04","version" => "3.012"},{"date" => "2014-09-27T15:52:03","version" => "3.013"},{"date" => "2014-09-27T15:59:49","version" => "3.014"},{"date" => "2014-09-30T03:35:57","version" => "3.015"},{"date" => "2014-09-30T03:47:35","version" => "3.016"},{"date" => "2014-09-30T05:30:38","version" => "3.017"},{"date" => "2014-09-30T06:56:39","version" => "3.018"},{"date" => "2015-01-11T03:59:42","version" => "3.019"},{"date" => "2015-01-11T23:29:32","version" => "3.020"},{"date" => "2015-02-18T06:04:51","version" => "3.021"},{"date" => "2015-03-21T16:22:56","version" => "3.022"},{"date" => "2016-03-30T16:54:57","version" => "3.024"},{"date" => "2016-03-30T23:56:29","version" => "3.025"},{"date" => "2016-04-07T19:36:23","version" => "3.026"},{"date" => "2016-04-13T13:40:55","version" => "3.027"},{"date" => "2017-08-17T16:40:13","version" => "3.028"},{"date" => "2017-08-17T21:11:21","version" => "3.029"},{"date" => "2017-08-18T18:07:20","version" => "3.030"},{"date" => "2017-08-18T19:01:22","version" => "3.031"},{"date" => "2017-08-31T16:41:45","version" => "3.032"},{"date" => "2017-08-31T19:39:56","version" => "3.033"},{"date" => "2017-09-20T19:26:27","version" => "3.034"},{"date" => "2017-09-21T10:14:03","version" => "4.000"},{"date" => "2017-09-22T13:04:11","version" => "4.001"},{"date" => "2017-10-04T18:28:54","version" => "4.002"},{"date" => "2017-10-05T18:08:46","version" => "4.003"},{"date" => "2017-10-05T18:44:53","version" => "4.004"},{"date" => "2021-04-05T18:40:34","version" => "5.000"},{"date" => "2021-04-11T04:34:22","version" => "5.001"}]},"Net-IPv4Addr" => {"advisories" => [{"affected_versions" => [">=0.10"],"cves" => ["CVE-2021-47155"],"description" => "The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-IPv4Addr","fixed_versions" => [],"id" => "CPANSA-Net-IPV4Addr-2021-47155","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/Net-IPAddress-Util","https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::IPv4Addr","versions" => [{"date" => "1999-10-20T01:18:13","version" => "0.07"},{"date" => "1999-12-17T23:08:34","version" => "0.08"},{"date" => "1999-12-17T23:10:21","version" => "0.8"},{"date" => "2000-05-03T20:24:59","version" => "0.09"},{"date" => "2000-08-07T19:39:33","version" => "0.10"}]},"Net-NSCA-Client" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-57854"],"description" => "Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.  Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.  Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.","distribution" => "Net-NSCA-Client","fixed_versions" => [">=0.009002"],"id" => "CPANSA-Net-NSCA-Client-2024-57854","references" => ["https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119","https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Net::NSCA::Client","versions" => [{"date" => "2009-10-02T00:42:02","version" => "0.001"},{"date" => "2009-10-08T21:34:38","version" => "0.002"},{"date" => "2009-10-31T20:52:06","version" => "0.003"},{"date" => "2009-11-01T00:48:01","version" => "0.004"},{"date" => "2009-11-01T06:39:10","version" => "0.005"},{"date" => "2009-11-03T16:07:59","version" => "0.006"},{"date" => "2010-08-25T02:20:41","version" => "0.007"},{"date" => "2010-08-31T02:16:17","version" => "0.008"},{"date" => "2011-05-03T16:19:48","version" => "0.009"},{"date" => "2011-05-06T02:00:18","version" => "0.009001"},{"date" => "2011-10-24T04:44:41","version" => "0.009002"}]},"Net-Netmask" => {"advisories" => [{"affected_versions" => ["<2.0000"],"cves" => ["CVE-2021-29424"],"description" => "The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-Netmask","fixed_versions" => [">=2.0000"],"id" => "CPANSA-Net-Netmask-2021-01","references" => ["https://security.netapp.com/advisory/ntap-20210604-0007/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/","https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/changes/distribution/Net-Netmask#L11-22"],"reported" => "2021-03-29"}],"main_module" => "Net::Netmask","versions" => [{"date" => "1998-06-08T05:38:00","version" => "1.0"},{"date" => "1998-06-08T22:46:00","version" => "1.2"},{"date" => "1998-06-25T17:03:00","version" => "1.3"},{"date" => "1998-11-29T20:50:00","version" => "1.4"},{"date" => "1999-03-28T03:32:00","version" => "1.6"},{"date" => "1999-09-15T17:44:00","version" => "1.7"},{"date" => "1999-09-21T00:53:00","version" => "1.8"},{"date" => "2001-05-16T09:18:57","version" => "1.9"},{"date" => "2001-09-30T06:14:00","version" => "1.9001"},{"date" => "2001-11-12T18:20:00","version" => "1.9002"},{"date" => "2003-05-27T15:36:25","version" => "1.9003"},{"date" => "2003-05-29T03:36:30","version" => "1.9004"},{"date" => "2003-11-29T22:49:00","version" => "1.9005"},{"date" => "2003-12-05T22:02:00","version" => "1.9006"},{"date" => "2004-01-02T23:56:00","version" => "1.9007"},{"date" => "2004-04-06T20:15:00","version" => "1.9008"},{"date" => "2004-04-12T21:05:00","version" => "1.9009"},{"date" => "2004-05-31T19:48:00","version" => "1.9011"},{"date" => "2005-05-19T15:45:00","version" => "1.9012"},{"date" => "2006-09-06T19:27:00","version" => "1.9013"},{"date" => "2006-10-14T01:20:00","version" => "1.9014"},{"date" => "2006-11-30T21:06:00","version" => "1.9015"},{"date" => "2011-03-23T04:41:06","version" => "1.9016"},{"date" => "2013-09-21T01:56:56","version" => "1.9017"},{"date" => "2013-09-27T01:25:15","version" => "1.9018"},{"date" => "2013-10-02T00:42:56","version" => "1.9019"},{"date" => "2014-07-18T00:15:30","version" => "1.9021"},{"date" => "2015-05-05T03:36:33","version" => "1.9022"},{"date" => "2018-06-04T04:39:04","version" => "1.9100"},{"date" => "2018-06-05T01:21:39","version" => "1.9101"},{"date" => "2018-06-18T16:35:20","version" => "1.9102"},{"date" => "2018-06-18T21:31:04","version" => "1.9103"},{"date" => "2018-07-27T04:52:04","version" => "1.9104"},{"date" => "2018-07-27T23:03:36","version" => "1.9104"},{"date" => "2021-03-29T17:24:43","version" => "2.0000"},{"date" => "2021-03-29T19:31:52","version" => "2.0001"},{"date" => "2022-08-31T18:09:46","version" => "2.0002"},{"date" => "2025-05-17T15:27:37","version" => "2.0003"}]},"Net-OAuth" => {"advisories" => [{"affected_versions" => ["<0.29"],"cves" => ["CVE-2025-22376"],"description" => "In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.\n","distribution" => "Net-OAuth","fixed_versions" => [">=0.29"],"id" => "CPANSA-Net-OAuth-2025-22376","references" => ["https://metacpan.org/release/KGRENNAN/Net-OAuth-0.28/source/lib/Net/OAuth/Client.pm#L260","https://metacpan.org/release/RRWO/Net-OAuth-0.29/changes"],"reported" => "2025-01-03","severity" => "high"}],"main_module" => "Net::OAuth","versions" => [{"date" => "2007-09-30T14:22:46","version" => "0.01"},{"date" => "2007-10-02T07:37:48","version" => "0.02"},{"date" => "2007-10-15T01:37:47","version" => "0.03"},{"date" => "2007-10-19T16:49:05","version" => "0.04"},{"date" => "2007-11-19T03:34:37","version" => "0.05"},{"date" => "2008-03-08T00:52:34","version" => "0.06"},{"date" => "2008-06-01T16:10:24","version" => "0.07"},{"date" => "2008-06-02T17:46:32","version" => "0.08"},{"date" => "2008-06-03T03:48:14","version" => "0.09"},{"date" => "2008-06-04T16:32:57","version" => "0.1"},{"date" => "2008-06-04T16:52:05","version" => "0.11"},{"date" => "2008-07-04T23:04:35","version" => "0.12"},{"date" => "2008-11-13T22:55:38","version" => "0.13"},{"date" => "2008-12-13T17:32:02","version" => "0.14"},{"date" => "2009-06-05T01:27:05","version" => "0.15"},{"date" => "2009-06-15T18:40:40","version" => "0.16"},{"date" => "2009-06-25T17:05:32","version" => "0.17"},{"date" => "2009-06-25T17:21:13","version" => "0.18"},{"date" => "2009-06-26T17:37:04","version" => "0.19"},{"date" => "2009-11-13T19:04:23","version" => "0.20"},{"date" => "2010-03-10T23:07:13","version" => "0.21"},{"date" => "2010-03-11T00:25:24","version" => "0.22"},{"date" => "2010-03-18T17:53:01","version" => "0.23"},{"date" => "2010-03-21T03:44:38","version" => "0.24"},{"date" => "2010-03-21T03:53:29","version" => "0.25"},{"date" => "2010-06-16T20:08:26","version" => "0.26"},{"date" => "2010-06-16T20:47:49","version" => "0.27"},{"date" => "2012-01-06T06:08:03","version" => "0.28"},{"date" => "2025-01-03T09:18:44","version" => "0.29"},{"date" => "2025-01-03T09:48:29","version" => "0.30"},{"date" => "2025-04-03T16:00:58","version" => "0.31"}]},"Net-OpenID-Consumer" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "A potential timing attack when checking signatures.\n","distribution" => "Net-OpenID-Consumer","fixed_versions" => [">=1.12"],"id" => "CPANSA-Net-OpenID-Consumer-2010-01","references" => ["https://metacpan.org/changes/distribution/Net-OpenID-Consumer","https://github.com/wrog/Net-OpenID-Consumer/commit/4e82c7e4b6ad4bc40571c5cfcaa58f9365b147a5","http://lists.openid.net/pipermail/openid-security/2010-July/001156.html"],"reported" => "2010-11-06"},{"affected_versions" => ["<0.06"],"cves" => [],"description" => "Incorrect comparison of system openssl status when doing DSA checks.\n","distribution" => "Net-OpenID-Consumer","fixed_versions" => [">=0.06"],"id" => "CPANSA-Net-OpenID-Consumer-2015-05","references" => ["https://metacpan.org/changes/distribution/Net-OpenID-Consumer"],"reported" => "2015-05-26"}],"main_module" => "Net::OpenID::Consumer","versions" => [{"date" => "2005-05-23T03:02:59","version" => "0.02"},{"date" => "2005-05-23T08:05:35","version" => "0.03"},{"date" => "2005-05-25T05:08:25","version" => "0.04"},{"date" => "2005-05-25T06:14:44","version" => "0.05"},{"date" => "2005-05-26T06:18:39","version" => "0.06"},{"date" => "2005-05-26T06:56:30","version" => "0.07"},{"date" => "2005-05-26T07:18:01","version" => "0.08"},{"date" => "2005-06-23T23:50:47","version" => "0.09"},{"date" => "2005-06-27T04:43:01","version" => "0.10"},{"date" => "2005-06-27T21:59:47","version" => "0.11"},{"date" => "2005-07-13T17:57:27","version" => "0.12"},{"date" => "2007-04-16T17:58:45","version" => "0.13"},{"date" => "2007-08-03T22:07:20","version" => "0.14"},{"date" => "2008-10-13T02:30:05","version" => "1.01"},{"date" => "2008-10-14T04:39:07","version" => "1.02"},{"date" => "2008-11-30T02:02:17","version" => "1.03"},{"date" => "2010-02-18T15:32:06","version" => "1.04"},{"date" => "2010-02-18T16:01:19","version" => "1.05"},{"date" => "2010-03-16T17:38:56","version" => "1.06"},{"date" => "2010-11-06T02:24:29","version" => "1.030099_001"},{"date" => "2010-11-07T11:21:33","version" => "1.030099_002"},{"date" => "2010-11-08T22:35:52","version" => "1.030099_003"},{"date" => "2010-12-17T21:57:03","version" => "1.030099_004"},{"date" => "2011-01-01T01:55:09","version" => "1.030099_005"},{"date" => "2011-10-23T01:35:49","version" => "1.030099_006"},{"date" => "2011-10-25T23:10:00","version" => "1.100099_001"},{"date" => "2011-11-02T10:38:05","version" => "1.100099_002"},{"date" => "2011-11-04T23:01:32","version" => "1.11"},{"date" => "2011-11-07T17:16:08","version" => "1.12"},{"date" => "2011-11-15T03:28:36","version" => "1.13"},{"date" => "2013-04-01T13:17:57","version" => "1.14"},{"date" => "2013-09-06T23:47:04","version" => "1.15"},{"date" => "2014-09-15T21:38:12","version" => "1.16"},{"date" => "2016-01-15T11:45:55","version" => "1.17"},{"date" => "2016-02-08T01:40:13","version" => "1.18"}]},"Net-Ping-External" => {"advisories" => [{"affected_versions" => ["<=0.15"],"cves" => ["CVE-2008-7319"],"description" => "The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.\n","distribution" => "Net-Ping-External","fixed_versions" => [],"id" => "CPANSA-Net-Ping-External-2008-7319","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=33230","https://bugs.debian.org/881097","http://www.openwall.com/lists/oss-security/2017/11/07/4","http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch"],"reported" => "2017-11-07","severity" => "critical"}],"main_module" => "Net::Ping::External","versions" => [{"date" => "2001-03-15T21:53:04","version" => "0.01"},{"date" => "2001-03-22T00:15:08","version" => "0.02"},{"date" => "2001-03-23T08:35:49","version" => "0.03"},{"date" => "2001-04-20T17:33:31","version" => "0.04"},{"date" => "2001-04-20T18:43:34","version" => "0.05"},{"date" => "2001-04-26T02:59:41","version" => "0.06"},{"date" => "2001-09-28T02:20:34","version" => "0.07"},{"date" => "2001-09-30T21:39:47","version" => "0.08"},{"date" => "2001-11-10T06:10:33","version" => "0.09"},{"date" => "2001-11-10T16:19:21","version" => "0.10"},{"date" => "2003-02-11T22:41:33","version" => "0.11"},{"date" => "2006-09-07T10:52:21","version" => "0.12_01"},{"date" => "2007-01-31T22:09:41","version" => "0.12_02"},{"date" => "2007-02-08T16:06:46","version" => "0.12"},{"date" => "2008-12-18T20:27:07","version" => "0.13"},{"date" => "2013-10-29T17:05:01","version" => "0.14"},{"date" => "2014-04-12T21:37:12","version" => "0.15"}]},"Net-SNMP" => {"advisories" => [{"affected_versions" => [">=5.1.4,<6.0.0"],"cves" => ["CVE-2008-2292"],"description" => "Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).\n","distribution" => "Net-SNMP","fixed_versions" => [">=6.0.0"],"id" => "CPANSA-Net-SNMP-2008-2292","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694","http://www.securityfocus.com/bid/29212","http://secunia.com/advisories/30187","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html","http://www.vmware.com/security/advisories/VMSA-2008-0013.html","http://secunia.com/advisories/31334","http://secunia.com/advisories/30647","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html","http://secunia.com/advisories/31155","http://secunia.com/advisories/31351","http://security.gentoo.org/glsa/glsa-200808-02.xml","http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1","http://www.mandriva.com/security/advisories?name=MDVSA-2008:118","http://secunia.com/advisories/31467","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html","http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm","http://secunia.com/advisories/31568","http://www.debian.org/security/2008/dsa-1663","http://secunia.com/advisories/30615","http://www.redhat.com/support/errata/RHSA-2008-0529.html","http://secunia.com/advisories/32664","http://www.ubuntu.com/usn/usn-685-1","http://secunia.com/advisories/33003","http://www.vupen.com/english/advisories/2008/2361","http://www.vupen.com/english/advisories/2008/2141/references","http://www.vupen.com/english/advisories/2008/1528/references","http://www.securitytracker.com/id?1020527","https://exchange.xforce.ibmcloud.com/vulnerabilities/42430","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261"],"reported" => "2008-05-18","severity" => undef},{"affected_versions" => ["<=5.2.1.2"],"cves" => ["CVE-2005-2811"],"description" => "Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.\n","distribution" => "Net-SNMP","fixed_versions" => [],"id" => "CPANSA-Net-SNMP-2005-2811","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml"],"reported" => "2005-09-07","severity" => undef},{"affected_versions" => ["<=5.7.3"],"cves" => ["CVE-2014-2285"],"description" => "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.\n","distribution" => "Net-SNMP","fixed_versions" => [],"id" => "CPANSA-Net-SNMP-2014-2285","references" => ["http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html","http://comments.gmane.org/gmane.comp.security.oss.general/12284","https://bugzilla.redhat.com/show_bug.cgi?id=1072778","http://sourceforge.net/p/net-snmp/patches/1275/","http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html","https://bugzilla.redhat.com/show_bug.cgi?id=1072044","http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html","http://secunia.com/advisories/59974","http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml","https://rhn.redhat.com/errata/RHSA-2014-0322.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2014-04-27","severity" => undef}],"main_module" => "Net::SNMP","versions" => [{"date" => "1998-10-14T13:13:11","version" => "1.10"},{"date" => "1998-11-06T14:25:38","version" => "1.20"},{"date" => "1999-03-17T13:51:17","version" => "1.30"},{"date" => "1999-04-26T13:39:02","version" => "1.40"},{"date" => "1999-05-06T16:25:03","version" => "2.00"},{"date" => "1999-08-12T15:23:21","version" => "2.99"},{"date" => "1999-09-09T13:30:41","version" => "3.00"},{"date" => "2000-01-01T18:12:05","version" => "3.01"},{"date" => "2000-05-06T04:35:25","version" => "3.50"},{"date" => "2000-09-09T15:00:00","version" => "3.60"},{"date" => "2001-09-09T13:33:46","version" => "3.65"},{"date" => "2001-11-09T14:14:48","version" => "v4.0.0"},{"date" => "2002-01-01T14:16:29","version" => "v4.0.1"},{"date" => "2002-05-06T12:51:31","version" => "v4.0.2"},{"date" => "2002-09-09T12:55:22","version" => "v4.0.3"},{"date" => "2003-05-06T11:06:55","version" => "v4.1.0"},{"date" => "2003-09-09T12:50:16","version" => "v4.1.1"},{"date" => "2003-09-11T19:19:45","version" => "v4.1.2"},{"date" => "2004-07-20T13:49:08","version" => "v5.0.0"},{"date" => "2004-09-09T17:06:35","version" => "v5.0.1"},{"date" => "2005-07-20T13:58:05","version" => "v5.1.0"},{"date" => "2005-10-20T14:25:07","version" => "v5.2.0"},{"date" => "2009-09-09T15:17:46","version" => "v6.0.0"},{"date" => "2010-09-10T00:15:52","version" => "v6.0.1"}]},"Net-SSLeay" => {"advisories" => [{"affected_versions" => ["<1.25"],"cves" => ["CVE-2005-0106"],"description" => "SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.\n","distribution" => "Net-SSLeay","fixed_versions" => [">=1.25"],"id" => "CPANSA-Net-SSLeay-2005-0106","references" => ["http://secunia.com/advisories/18639","http://www.securityfocus.com/bid/13471","http://www.mandriva.com/security/advisories?name=MDKSA-2006:023","https://usn.ubuntu.com/113-1/"],"reported" => "2005-05-03","severity" => undef}],"main_module" => "Net::SSLeay","versions" => [{"date" => "2007-07-03T14:02:04","version" => "1.31_01"},{"date" => "2007-07-14T20:12:31","version" => "1.31_02"},{"date" => "2007-09-03T21:16:05","version" => "1.32"},{"date" => "2008-02-14T13:43:47","version" => "1.33_01"},{"date" => "2008-07-24T01:16:26","version" => "1.34"},{"date" => "2008-07-24T22:14:14","version" => "1.35"},{"date" => "2010-01-30T21:16:14","version" => "1.36"},{"date" => "2011-09-15T22:28:53","version" => "1.37"},{"date" => "2011-09-16T11:48:42","version" => "1.38"},{"date" => "2011-09-21T06:57:15","version" => "1.39"},{"date" => "2011-09-23T02:41:56","version" => "1.40"},{"date" => "2011-09-24T22:11:30","version" => "1.41"},{"date" => "2011-10-03T06:27:18","version" => "1.42"},{"date" => "2012-02-23T22:42:58","version" => "1.42"},{"date" => "2012-02-24T21:44:59","version" => "1.42"},{"date" => "2012-02-24T22:54:26","version" => "1.42"},{"date" => "2012-04-02T21:16:31","version" => "1.46"},{"date" => "2012-04-04T00:54:15","version" => "1.47"},{"date" => "2012-04-25T07:03:14","version" => "1.48"},{"date" => "2012-09-24T22:12:48","version" => "1.49"},{"date" => "2012-12-12T21:00:17","version" => "1.49"},{"date" => "2012-12-14T05:38:34","version" => "1.49"},{"date" => "2013-01-08T23:13:16","version" => "1.51"},{"date" => "2013-03-22T07:31:43","version" => "1.51"},{"date" => "2013-03-22T22:14:08","version" => "1.53"},{"date" => "2013-06-07T22:33:01","version" => "1.53"},{"date" => "2014-01-07T22:12:16","version" => "1.56"},{"date" => "2014-01-11T21:39:27","version" => "1.56"},{"date" => "2014-01-14T23:29:28","version" => "1.58"},{"date" => "2014-05-09T22:10:47","version" => "1.59"},{"date" => "2014-05-10T21:41:25","version" => "1.60"},{"date" => "2014-05-12T10:07:16","version" => "1.61"},{"date" => "2014-05-18T21:22:05","version" => "1.61"},{"date" => "2014-05-19T10:44:07","version" => "1.63"},{"date" => "2014-06-11T02:56:20","version" => "1.64"},{"date" => "2014-07-14T10:26:12","version" => "1.65"},{"date" => "2014-08-21T01:09:39","version" => "1.66"},{"date" => "2015-01-16T22:22:07","version" => "1.67"},{"date" => "2015-01-24T00:27:20","version" => "1.68"},{"date" => "2015-06-03T21:47:53","version" => "1.68"},{"date" => "2015-06-25T23:10:05","version" => "1.70"},{"date" => "2015-09-18T03:19:23","version" => "1.71"},{"date" => "2015-09-21T21:54:16","version" => "1.72"},{"date" => "2016-04-11T00:17:37","version" => "1.73"},{"date" => "2016-04-11T21:48:54","version" => "1.74"},{"date" => "2016-07-31T01:22:50","version" => "1.75"},{"date" => "2016-07-31T02:53:16","version" => "1.76"},{"date" => "2016-07-31T20:27:29","version" => "1.77"},{"date" => "2016-08-13T08:42:51","version" => "1.78"},{"date" => "2017-01-03T07:57:10","version" => "1.79"},{"date" => "2017-01-04T21:41:24","version" => "1.80"},{"date" => "2017-03-27T21:02:27","version" => "1.81"},{"date" => "2017-10-31T04:50:54","version" => "1.82"},{"date" => "2018-01-16T04:44:04","version" => "1.83"},{"date" => "2018-01-17T03:12:01","version" => "1.84"},{"date" => "2018-03-13T22:28:12","version" => "1.85"},{"date" => "2018-07-04T20:41:16","version" => "1.86_01"},{"date" => "2018-07-06T12:18:38","version" => "1.86_02"},{"date" => "2018-07-19T19:42:35","version" => "1.86_03"},{"date" => "2018-07-30T17:01:10","version" => "1.86_04"},{"date" => "2018-08-23T08:31:09","version" => "1.86_05"},{"date" => "2018-09-29T15:52:57","version" => "1.86_06"},{"date" => "2018-12-13T09:56:46","version" => "1.86_07"},{"date" => "2019-03-12T14:20:11","version" => "1.86_08"},{"date" => "2019-03-12T21:00:55","version" => "1.86_09"},{"date" => "2019-05-05T01:38:23","version" => "1.86_10"},{"date" => "2019-05-08T16:24:16","version" => "1.86_11"},{"date" => "2019-05-10T20:36:42","version" => "1.88"},{"date" => "2020-03-22T13:48:11","version" => "1.89_01"},{"date" => "2020-08-06T23:48:51","version" => "1.89_02"},{"date" => "2020-12-12T16:47:00","version" => "1.89_03"},{"date" => "2021-01-13T19:01:50","version" => "1.89_04"},{"date" => "2021-01-21T00:51:03","version" => "1.89_05"},{"date" => "2021-01-21T19:08:38","version" => "1.90"},{"date" => "2021-10-24T18:14:27","version" => "1.91_01"},{"date" => "2021-12-29T22:30:53","version" => "1.91_02"},{"date" => "2022-01-10T19:21:16","version" => "1.91_03"},{"date" => "2022-01-12T22:47:57","version" => "1.92"},{"date" => "2022-03-20T18:24:35","version" => "1.93_01"},{"date" => "2023-02-23T01:08:20","version" => "1.93_02"},{"date" => "2024-01-02T14:34:40","version" => "1.93_03"},{"date" => "2024-01-05T00:45:35","version" => "1.93_04"},{"date" => "2024-01-06T18:39:23","version" => "1.93_05"},{"date" => "2024-01-08T01:22:27","version" => "1.94"},{"date" => "2026-02-05T17:57:53","version" => "1.95_01"}]},"Net-Server" => {"advisories" => [{"affected_versions" => ["<=0.87"],"cves" => ["CVE-2005-1127"],"description" => "Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.\n","distribution" => "Net-Server","fixed_versions" => [">0.87"],"id" => "CPANSA-Net-Server-2005-1127","references" => ["http://lists.ee.ethz.ch/postgrey/msg00627.html","http://lists.ee.ethz.ch/postgrey/msg00630.html","http://lists.ee.ethz.ch/postgrey/msg00647.html","http://www.osvdb.org/15517","http://secunia.com/advisories/14958","http://www.debian.org/security/2006/dsa-1121","http://www.debian.org/security/2006/dsa-1122","http://secunia.com/advisories/21164","http://secunia.com/advisories/21152","http://secunia.com/advisories/21149","http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml","http://www.securityfocus.com/bid/13193","http://secunia.com/advisories/21452","http://www.mandriva.com/security/advisories?name=MDKSA-2006:131","http://marc.info/?l=full-disclosure&m=111354538331167&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/20108"],"reported" => "2005-05-02","severity" => undef}],"main_module" => "Net::Server","versions" => [{"date" => "2001-03-05T14:48:26","version" => "0.46"},{"date" => "2001-03-08T14:37:30","version" => "0.47"},{"date" => "2001-03-13T16:35:32","version" => "0.52"},{"date" => "2001-03-20T06:55:22","version" => "0.55"},{"date" => "2001-04-09T16:54:28","version" => "0.58"},{"date" => "2001-05-10T15:05:54","version" => "0.63"},{"date" => "2001-07-05T15:19:21","version" => "0.65"},{"date" => "2001-08-23T17:45:28","version" => "0.75"},{"date" => "2001-08-27T16:15:20","version" => "0.77"},{"date" => "2001-10-24T16:30:10","version" => "0.79"},{"date" => "2001-11-14T17:30:01","version" => "0.80"},{"date" => "2001-11-19T20:57:43","version" => "0.81"},{"date" => "2002-02-05T21:55:06","version" => "0.82"},{"date" => "2002-06-20T20:21:27","version" => "0.84"},{"date" => "2003-03-07T15:29:18","version" => "0.85"},{"date" => "2003-11-06T20:11:03","version" => "0.86"},{"date" => "2004-02-15T06:20:34","version" => "0.87"},{"date" => "2005-05-05T01:51:14","version" => "0.88"},{"date" => "2005-06-21T21:24:27","version" => "0.88"},{"date" => "2005-11-23T08:40:11","version" => "0.89"},{"date" => "2005-12-05T21:19:07","version" => "0.90"},{"date" => "2006-03-08T22:27:33","version" => "0.91"},{"date" => "2006-03-22T17:26:29","version" => "0.92"},{"date" => "2006-03-24T20:03:25","version" => "0.93"},{"date" => "2006-07-12T02:54:02","version" => "0.94"},{"date" => "2007-02-03T08:23:04","version" => "0.95"},{"date" => "2007-03-26T15:01:13","version" => "0.96"},{"date" => "2007-07-25T16:29:47","version" => "0.97"},{"date" => "2010-07-13T19:27:21","version" => "0.99"},{"date" => "2011-07-22T12:36:35","version" => "0.99.6.1"},{"date" => "2012-05-30T15:41:07","version" => "2.000"},{"date" => "2012-05-30T21:48:13","version" => "2.001"},{"date" => "2012-05-31T21:43:35","version" => "2.002"},{"date" => "2012-06-06T19:31:21","version" => "2.003"},{"date" => "2012-06-08T17:22:50","version" => "2.004"},{"date" => "2012-06-12T19:40:55","version" => "2.005"},{"date" => "2012-06-20T22:51:22","version" => "2.006"},{"date" => "2013-01-10T07:47:04","version" => "2.007"},{"date" => "2014-05-12T18:22:26","version" => "2.008"},{"date" => "2017-08-10T21:13:01","version" => "2.009"},{"date" => "2021-03-22T15:23:31","version" => "2.010"},{"date" => "2022-12-02T00:35:10","version" => "2.011"},{"date" => "2022-12-02T04:19:54","version" => "2.012"},{"date" => "2022-12-03T01:57:05","version" => "2.013"},{"date" => "2023-03-14T17:16:00","version" => "2.014"},{"date" => "2026-01-22T06:48:54","version" => "2.015"},{"date" => "2026-01-28T01:58:44","version" => "2.016"},{"date" => "2026-02-09T07:04:13","version" => "2.017"},{"date" => "2026-02-18T03:45:06","version" => "2.018"}]},"Net-Server-Coro" => {"advisories" => [{"affected_versions" => ["<1.0"],"cves" => ["CVE-2011-0411"],"description" => "Remaining contents of the read buffer could allow plaintext injection attacks wherein attackers could cause nominally SSL-only commands to be executed by appending them to the end of a STARTTLS.\n","distribution" => "Net-Server-Coro","fixed_versions" => [">=1.0"],"id" => "CPANSA-Net-Server-Coro-2011-0411","references" => ["https://www.itsecdb.com/oval/definition/oval/org.opensuse.security/def/20110411/CVE-2011-0411.html","https://metacpan.org/dist/Net-Server-Coro/changes"],"reported" => "2011-03-16","severity" => undef}],"main_module" => "Net::Server::Coro","versions" => [{"date" => "2008-03-10T20:46:24","version" => "0.2"},{"date" => "2008-10-22T17:26:30","version" => "0.3"},{"date" => "2008-10-22T17:41:55","version" => "0.4"},{"date" => "2009-10-16T03:46:28","version" => "0.5"},{"date" => "2009-10-16T14:56:53","version" => "0.6"},{"date" => "2009-12-16T03:28:15","version" => "0.7"},{"date" => "2010-01-30T16:11:57","version" => "0.8"},{"date" => "2010-11-15T04:56:09","version" => "0.9"},{"date" => "2011-09-05T05:33:01","version" => "1.0"},{"date" => "2011-09-05T05:37:09","version" => "1.1"},{"date" => "2011-10-29T06:29:11","version" => "1.2"},{"date" => "2012-11-12T08:14:39","version" => "1.3"}]},"Net-Xero" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-56370"],"description" => "Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Net::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Net-Xero","fixed_versions" => [],"id" => "CPANSA-Net-Xero-2024-56370","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L58","https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L9","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Net::Xero","versions" => [{"date" => "2015-06-03T14:39:37","version" => "0.14"},{"date" => "2015-06-05T11:37:55","version" => "0.40"},{"date" => "2015-06-05T11:49:29","version" => "0.41"},{"date" => "2015-06-05T12:59:28","version" => "0.42"},{"date" => "2015-06-05T14:09:46","version" => "0.43"},{"date" => "2017-01-12T17:10:29","version" => "0.44"}]},"Nginx-Engine" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.06"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Engine","fixed_versions" => [],"id" => "CPANSA-Nginx-Engine-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=0.07,<=0.12"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Engine","fixed_versions" => [],"id" => "CPANSA-Nginx-Engine-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"}],"main_module" => "Nginx::Engine","versions" => [{"date" => "2010-12-29T03:17:47","version" => "0.01"},{"date" => "2010-12-29T23:10:29","version" => "0.02"},{"date" => "2011-01-01T23:25:22","version" => "0.03"},{"date" => "2011-01-07T17:59:46","version" => "0.04"},{"date" => "2011-01-11T01:02:07","version" => "0.05"},{"date" => "2011-03-13T21:15:24","version" => "0.06"},{"date" => "2011-06-29T23:21:28","version" => "0.07"},{"date" => "2011-06-30T18:47:28","version" => "0.08"},{"date" => "2011-07-03T02:02:40","version" => "0.09"},{"date" => "2011-07-24T01:46:43","version" => "0.10"},{"date" => "2011-08-16T17:05:53","version" => "0.11"},{"date" => "2011-11-23T00:09:16","version" => "0.12"}]},"Nginx-Perl" => {"advisories" => [{"affected_versions" => ["==1.1.9.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.11.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.13.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.14.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.15.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.16.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.17.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=1.1.18.1,<=1.1.18.2"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=1.1.19.2,<=1.1.19.3"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.2.0.4,==1.2.0.5"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.2.1.5"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.2.2.5"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=1.2.6.5,<=1.2.6.6"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=1.2.9.6,<=1.2.9.7"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=1.8.1.8,<=1.8.1.10"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"}],"main_module" => "Nginx::Perl","versions" => [{"date" => "2011-12-22T01:23:05","version" => "1.1.9.1"},{"date" => "2011-12-22T01:59:52","version" => "1.1.11.1"},{"date" => "2012-01-22T03:51:35","version" => "v1.1.13.1"},{"date" => "2012-02-13T18:35:00","version" => "v1.1.14.1"},{"date" => "2012-02-15T22:56:02","version" => "v1.1.15.1"},{"date" => "2012-02-29T17:37:37","version" => "v1.1.16.1"},{"date" => "2012-03-15T15:04:38","version" => "v1.1.17.1"},{"date" => "2012-03-28T14:43:19","version" => "v1.1.18.1"},{"date" => "2012-04-12T13:30:24","version" => "v1.1.18.2"},{"date" => "2012-04-12T13:46:15","version" => "v1.1.19.2"},{"date" => "2012-04-13T01:53:10","version" => "v1.1.19.3"},{"date" => "2012-04-23T14:20:36","version" => "v1.2.0.4"},{"date" => "2012-05-10T23:38:18","version" => "v1.2.0.5"},{"date" => "2012-06-05T14:59:28","version" => "v1.2.1.5"},{"date" => "2012-07-07T14:27:33","version" => "v1.2.2.5"},{"date" => "2013-01-31T00:57:38","version" => "v1.2.2.5"},{"date" => "2013-01-31T06:18:23","version" => "v1.2.6.6"},{"date" => "2013-11-20T01:20:39","version" => "v1.2.6.6"},{"date" => "2013-11-20T02:04:33","version" => "v1.2.9.7"},{"date" => "2016-02-26T21:46:29","version" => "v1.8.1.8"},{"date" => "2016-04-13T19:54:21","version" => "v1.8.1.9"},{"date" => "2016-04-14T00:55:02","version" => "v1.8.1.10"}]},"Otogiri" => {"advisories" => [{"affected_versions" => ["<0.13"],"cves" => [],"description" => "A dependant module SQL::Maker without strict mode is vulnerable to SQL injection.\n","distribution" => "Otogiri","fixed_versions" => [">=0.13"],"id" => "CPANSA-Otogiri-2014-01","references" => ["https://github.com/ytnobody/Otogiri/commit/fac1592b3d153a6871ff1aed8016a6888cff9095","https://metacpan.org/changes/distribution/Otogiri"],"reported" => "2014-07-03"}],"main_module" => "Otogiri","versions" => [{"date" => "2013-10-30T06:45:51","version" => "0.01"},{"date" => "2013-11-08T08:36:50","version" => "0.02"},{"date" => "2013-11-09T05:00:47","version" => "0.03"},{"date" => "2013-12-27T00:15:23","version" => "0.04"},{"date" => "2013-12-28T15:54:15","version" => "0.05"},{"date" => "2014-01-14T09:13:18","version" => "0.06"},{"date" => "2014-02-25T06:25:50","version" => "0.07"},{"date" => "2014-03-18T04:14:12","version" => "0.08"},{"date" => "2014-03-18T05:07:37","version" => "0.09"},{"date" => "2014-05-13T12:58:21","version" => "0.10"},{"date" => "2014-05-30T10:11:18","version" => "0.11"},{"date" => "2014-06-05T08:30:13","version" => "0.12"},{"date" => "2014-07-03T12:40:28","version" => "0.13"},{"date" => "2014-12-18T08:37:33","version" => "0.14"},{"date" => "2015-01-11T04:56:15","version" => "0.15"},{"date" => "2015-11-13T07:18:18","version" => "0.16"},{"date" => "2016-02-02T05:58:26","version" => "0.17"},{"date" => "2017-05-19T01:37:05","version" => "0.18"},{"date" => "2020-01-17T11:12:52","version" => "0.19"},{"date" => "2023-10-15T02:01:31","version" => "0.20"},{"date" => "2023-10-15T02:02:58","version" => "0.21"},{"date" => "2023-12-10T00:23:20","version" => "0.22"},{"date" => "2024-06-08T13:42:18","version" => "0.23"},{"date" => "2025-09-29T08:35:44","version" => "0.24"}]},"PAR" => {"advisories" => [{"affected_versions" => ["<1.003"],"cves" => ["CVE-2011-4114"],"description" => "PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).\n","distribution" => "PAR","fixed_versions" => [">=1.003"],"id" => "CPANSA-PAR-2011-01","references" => ["https://metacpan.org/changes/distribution/PAR","https://rt.cpan.org/Public/Bug/Display.html?id=69560"],"reported" => "2011-07-18"},{"affected_versions" => ["<1.003"],"cves" => ["CVE-2011-5060"],"description" => "The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.\n","distribution" => "PAR","fixed_versions" => [">=1.003"],"id" => "CPANSA-PAR-2011-5060","references" => ["http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog","https://bugzilla.redhat.com/show_bug.cgi?id=753955","https://rt.cpan.org/Public/Bug/Display.html?id=69560","https://exchange.xforce.ibmcloud.com/vulnerabilities/72435"],"reported" => "2012-01-13","severity" => undef}],"main_module" => "PAR","versions" => [{"date" => "2002-10-18T20:38:24","version" => "0.01"},{"date" => "2002-10-18T21:07:35","version" => "0.02"},{"date" => "2002-10-18T22:18:06","version" => "0.03"},{"date" => "2002-10-19T02:46:52","version" => "0.04"},{"date" => "2002-10-19T14:33:26","version" => "0.05"},{"date" => "2002-10-19T15:31:54","version" => "0.06"},{"date" => "2002-10-19T17:38:40","version" => "0.10"},{"date" => "2002-10-19T22:30:34","version" => "0.11"},{"date" => "2002-10-20T13:00:43","version" => "0.12"},{"date" => "2002-10-21T17:29:03","version" => "0.13"},{"date" => "2002-10-27T10:38:32","version" => "0.14"},{"date" => "2002-10-27T17:52:07","version" => "0.15"},{"date" => "2002-11-02T02:20:38","version" => "0.20"},{"date" => "2002-11-02T21:26:48","version" => "0.21"},{"date" => "2002-11-03T13:05:06","version" => "0.22"},{"date" => "2002-11-05T14:36:58","version" => "0.30"},{"date" => "2002-11-05T22:23:36","version" => "0.40"},{"date" => "2002-11-06T12:25:00","version" => "0.41"},{"date" => "2002-11-07T00:48:34","version" => "0.42"},{"date" => "2002-11-07T14:41:31","version" => "0.43"},{"date" => "2002-11-08T15:01:18","version" => "0.44"},{"date" => "2002-11-08T21:01:12","version" => "0.45"},{"date" => "2002-11-09T23:02:45","version" => "0.46"},{"date" => "2002-11-10T06:56:37","version" => "0.47"},{"date" => "2002-11-13T11:32:10","version" => "0.48"},{"date" => "2002-11-23T14:45:40","version" => "0.49"},{"date" => "2002-12-03T01:00:23","version" => "0.50"},{"date" => "2002-12-11T14:30:53","version" => "0.51"},{"date" => "2002-12-17T04:06:52","version" => "0.60"},{"date" => "2002-12-17T11:49:44","version" => "0.61"},{"date" => "2003-01-09T11:16:42","version" => "0.62"},{"date" => "2003-02-06T00:38:33","version" => "0.63"},{"date" => "2003-03-01T15:54:25","version" => "0.64"},{"date" => "2003-03-09T14:31:52","version" => "0.65"},{"date" => "2003-03-19T15:54:32","version" => "0.66"},{"date" => "2003-03-31T19:58:56","version" => "0.66"},{"date" => "2003-05-16T17:35:22","version" => "0.67_89"},{"date" => "2003-05-25T19:09:58","version" => "0.68"},{"date" => "2003-05-31T13:12:53","version" => "0.69"},{"date" => "2003-07-08T15:39:11","version" => "0.69"},{"date" => "2003-07-16T08:20:09","version" => "0.69_91"},{"date" => "2003-07-27T14:13:18","version" => "0.69_93"},{"date" => "2003-07-29T08:21:31","version" => "0.70"},{"date" => "2003-07-30T13:57:01","version" => "0.71"},{"date" => "2003-08-02T13:11:15","version" => "0.72"},{"date" => "2003-08-06T09:16:17","version" => "0.73"},{"date" => "2003-08-25T13:39:35","version" => "0.74"},{"date" => "2003-09-21T10:58:00","version" => "0.75"},{"date" => "2003-10-23T04:45:55","version" => "0.75_99"},{"date" => "2003-10-28T12:21:23","version" => "0.76"},{"date" => "2003-12-11T23:00:26","version" => "0.76_98"},{"date" => "2003-12-28T02:31:29","version" => "0.76_99"},{"date" => "2003-12-31T15:33:24","version" => "0.77"},{"date" => "2004-01-03T17:36:11","version" => "0.77_98"},{"date" => "2004-01-04T20:30:15","version" => "0.77_99"},{"date" => "2004-01-06T21:26:43","version" => "0.78"},{"date" => "2004-01-08T11:35:51","version" => "0.79"},{"date" => "2004-02-15T23:25:34","version" => "0.79_97"},{"date" => "2004-02-27T15:58:33","version" => "0.79_98"},{"date" => "2004-02-27T23:54:39","version" => "0.79_98"},{"date" => "2004-03-03T14:49:47","version" => "0.79_99"},{"date" => "2004-03-16T17:04:25","version" => "0.80"},{"date" => "2004-03-28T14:43:14","version" => "0.80_99"},{"date" => "2004-05-22T19:13:38","version" => "0.81"},{"date" => "2004-05-24T14:59:45","version" => "0.82"},{"date" => "2004-05-29T16:02:03","version" => "0.83"},{"date" => "2004-07-02T10:59:55","version" => "0.85"},{"date" => "2004-08-30T22:49:15","version" => "0.85_01"},{"date" => "2004-12-11T03:49:09","version" => "0.86"},{"date" => "2005-01-30T19:04:55","version" => "0.87"},{"date" => "2005-06-07T09:13:43","version" => "0.88"},{"date" => "2005-06-10T15:49:20","version" => "0.89"},{"date" => "2005-11-25T23:01:00","version" => "0.90"},{"date" => "2006-02-15T09:33:05","version" => "0.91"},{"date" => "2006-03-04T20:16:36","version" => "0.91"},{"date" => "2006-05-19T13:37:12","version" => "0.93"},{"date" => "2006-06-02T10:25:51","version" => "0.93"},{"date" => "2006-06-20T20:44:56","version" => "0.93"},{"date" => "2006-07-22T19:59:13","version" => "0.942"},{"date" => "2006-08-05T11:28:06","version" => "0.950"},{"date" => "2006-08-11T15:51:56","version" => "0.950"},{"date" => "2006-08-12T12:35:34","version" => "0.950"},{"date" => "2006-08-22T14:14:35","version" => "0.952"},{"date" => "2006-09-26T20:18:06","version" => "0.954"},{"date" => "2006-10-03T12:35:05","version" => "0.955"},{"date" => "2006-10-03T12:58:55","version" => "0.956"},{"date" => "2006-10-24T16:42:26","version" => "0.957"},{"date" => "2006-11-11T14:33:23","version" => "0.958"},{"date" => "2006-11-12T11:48:37","version" => "0.959"},{"date" => "2006-11-21T12:02:35","version" => "0.960"},{"date" => "2006-12-01T14:19:55","version" => "0.969_01"},{"date" => "2006-12-03T17:25:33","version" => "0.970"},{"date" => "2007-01-10T17:58:01","version" => "0.970_01"},{"date" => "2007-01-12T11:02:02","version" => "0.971"},{"date" => "2007-01-16T15:23:38","version" => "0.972"},{"date" => "2007-02-03T11:40:25","version" => "0.973"},{"date" => "2007-07-29T11:17:27","version" => "0.976"},{"date" => "2007-12-20T21:17:26","version" => "0.977"},{"date" => "2008-05-13T12:44:22","version" => "0.979"},{"date" => "2008-05-22T11:41:38","version" => "0.980"},{"date" => "2008-08-09T22:17:14","version" => "0.980"},{"date" => "2008-08-10T21:39:41","version" => "0.980"},{"date" => "2008-09-12T15:02:23","version" => "0.983"},{"date" => "2009-01-25T22:31:20","version" => "0.984"},{"date" => "2009-02-02T01:40:36","version" => "0.985_01"},{"date" => "2009-02-19T16:04:27","version" => "0.986"},{"date" => "2009-02-20T14:30:08","version" => "0.987_01"},{"date" => "2009-03-02T14:47:14","version" => "0.988"},{"date" => "2009-03-02T14:56:44","version" => "0.989_01"},{"date" => "2009-03-10T15:11:05","version" => "0.991"},{"date" => "2009-04-05T11:32:48","version" => "0.992"},{"date" => "2009-07-19T16:37:30","version" => "0.993"},{"date" => "2009-07-23T13:08:07","version" => "0.994"},{"date" => "2010-04-10T14:05:52","version" => "1.000"},{"date" => "2010-07-25T09:32:33","version" => "1.001"},{"date" => "2010-07-25T10:07:06","version" => "1.002"},{"date" => "2011-11-28T16:53:29","version" => "1.003"},{"date" => "2011-11-30T22:31:25","version" => "1.004"},{"date" => "2011-12-02T13:53:02","version" => "1.005"},{"date" => "2012-10-14T22:45:17","version" => "1.006"},{"date" => "2012-10-22T21:50:20","version" => "1.007"},{"date" => "2015-01-24T14:11:44","version" => "1.008"},{"date" => "2015-04-22T15:26:50","version" => "1.009"},{"date" => "2015-07-13T10:56:21","version" => "1.010"},{"date" => "2016-09-18T11:33:22","version" => "1.011"},{"date" => "2016-11-25T16:06:43","version" => "1.012"},{"date" => "2016-11-27T16:51:00","version" => "1.013"},{"date" => "2016-12-18T16:36:08","version" => "1.014"},{"date" => "2017-04-13T15:29:12","version" => "1.015"},{"date" => "2019-05-20T18:13:46","version" => "1.016"},{"date" => "2021-01-13T14:51:49","version" => "1.017"},{"date" => "2022-09-28T20:53:07","version" => "1.018"},{"date" => "2023-11-01T13:25:01","version" => "1.019"},{"date" => "2024-03-04T10:49:29","version" => "1.020"},{"date" => "2025-07-31T12:02:34","version" => "1.021"}]},"PAR-Packer" => {"advisories" => [{"affected_versions" => ["<1.011"],"cves" => ["CVE-2011-4114"],"description" => "PAR packed files are extracted to unsafe and predictable temporary directories.\n","distribution" => "PAR-Packer","fixed_versions" => [">=1.011"],"id" => "CPANSA-PAR-Packer-2011-01","references" => ["https://metacpan.org/changes/distribution/PAR-Packer","https://rt.cpan.org/Public/Bug/Display.html?id=69560"],"reported" => "2011-07-18"}],"main_module" => "PAR::Packer","versions" => [{"date" => "2006-12-01T14:20:06","version" => "0.969_01"},{"date" => "2006-12-03T17:36:32","version" => "0.970"},{"date" => "2007-02-03T12:27:07","version" => "0.973"},{"date" => "2007-05-07T18:21:52","version" => "0.975"},{"date" => "2007-07-29T11:50:15","version" => "0.976"},{"date" => "2007-12-20T21:39:30","version" => "0.977"},{"date" => "2008-02-29T18:37:56","version" => "0.978"},{"date" => "2008-05-13T15:45:56","version" => "0.979"},{"date" => "2008-05-14T10:27:09","version" => "0.980"},{"date" => "2008-07-29T15:44:11","version" => "0.982"},{"date" => "2009-03-10T15:55:06","version" => "0.980"},{"date" => "2009-03-21T11:20:02","version" => "0.991"},{"date" => "2009-07-19T16:47:51","version" => "0.992_01"},{"date" => "2009-07-23T13:18:32","version" => "0.992_02"},{"date" => "2009-07-24T18:30:24","version" => "0.992_03"},{"date" => "2009-09-11T07:38:47","version" => "0.992_04"},{"date" => "2009-11-13T09:01:15","version" => "0.992_05"},{"date" => "2009-11-20T13:59:38","version" => "0.992_06"},{"date" => "2009-11-22T13:08:12","version" => "1.000"},{"date" => "2009-11-24T11:16:58","version" => "1.001"},{"date" => "2009-12-17T20:55:25","version" => "1.002"},{"date" => "2010-04-10T17:57:57","version" => "1.003"},{"date" => "2010-04-20T12:10:24","version" => "1.004"},{"date" => "2010-06-05T15:54:54","version" => "1.005"},{"date" => "2010-06-26T11:23:34","version" => "1.006"},{"date" => "2010-09-09T16:42:00","version" => "1.007"},{"date" => "2010-11-21T17:11:43","version" => "1.008"},{"date" => "2011-03-26T13:36:55","version" => "1.009"},{"date" => "2011-07-13T14:10:05","version" => "1.010"},{"date" => "2011-12-01T21:08:37","version" => "1.011"},{"date" => "2011-12-02T17:53:42","version" => "1.012"},{"date" => "2012-02-22T09:58:04","version" => "1.013"},{"date" => "2012-12-21T15:55:13","version" => "1.014"},{"date" => "2013-10-09T12:06:04","version" => "1.015"},{"date" => "2013-11-30T19:03:48","version" => "1.016"},{"date" => "2013-12-03T23:53:51","version" => "1.017"},{"date" => "2014-05-18T16:52:34","version" => "1.018"},{"date" => "2014-07-07T14:25:15","version" => "1.019"},{"date" => "2014-08-24T13:27:57","version" => "1.020"},{"date" => "2014-09-14T13:49:37","version" => "1.021"},{"date" => "2014-09-19T10:07:30","version" => "1.022"},{"date" => "2014-11-02T14:32:42","version" => "1.023"},{"date" => "2014-11-07T09:04:07","version" => "1.024"},{"date" => "2015-01-24T16:52:17","version" => "1.025"},{"date" => "2015-07-19T13:14:40","version" => "1.026"},{"date" => "2015-11-18T16:58:33","version" => "1.027"},{"date" => "2015-11-19T09:05:09","version" => "1.027"},{"date" => "2016-01-12T16:24:46","version" => "1.029"},{"date" => "2016-02-02T14:54:21","version" => "1.029_01"},{"date" => "2016-02-11T14:08:57","version" => "1.029_02"},{"date" => "2016-02-25T08:41:55","version" => "1.029_03"},{"date" => "2016-02-29T08:36:46","version" => "1.029_04"},{"date" => "2016-03-29T08:29:59","version" => "1.030"},{"date" => "2016-04-10T17:15:52","version" => "1.031"},{"date" => "2016-04-29T17:01:57","version" => "1.031_01"},{"date" => "2016-05-07T09:59:28","version" => "1.032"},{"date" => "2016-05-19T09:50:49","version" => "1.033"},{"date" => "2016-07-17T12:38:31","version" => "1.034"},{"date" => "2016-07-23T12:04:14","version" => "1.035"},{"date" => "2016-12-04T17:13:20","version" => "1.035_001"},{"date" => "2016-12-19T19:35:16","version" => "1.035_002"},{"date" => "2016-12-30T11:06:25","version" => "1.036"},{"date" => "2017-03-22T19:29:19","version" => "1.036_001"},{"date" => "2017-05-14T11:54:43","version" => "1.036_002"},{"date" => "2017-05-28T11:33:53","version" => "1.037"},{"date" => "2017-09-27T19:40:44","version" => "1.038"},{"date" => "2017-09-28T05:13:05","version" => "1.039"},{"date" => "2017-10-10T17:00:14","version" => "1.039_001"},{"date" => "2017-10-13T12:05:52","version" => "1.039_002"},{"date" => "2017-10-16T20:46:49","version" => "1.039_003"},{"date" => "2017-10-17T17:07:49","version" => "1.039_004"},{"date" => "2017-10-21T16:09:18","version" => "1.040"},{"date" => "2017-11-08T17:07:11","version" => "1.041"},{"date" => "2018-04-02T21:46:01","version" => "1.042"},{"date" => "2018-04-03T11:26:08","version" => "1.043"},{"date" => "2018-06-06T22:03:32","version" => "1.044"},{"date" => "2018-06-12T19:04:22","version" => "1.045"},{"date" => "2018-08-17T22:20:28","version" => "1.046"},{"date" => "2018-08-19T09:17:57","version" => "1.047"},{"date" => "2019-03-04T09:42:35","version" => "1.047_001"},{"date" => "2019-03-04T15:33:14","version" => "1.047_002"},{"date" => "2019-03-06T17:39:18","version" => "1.047_003"},{"date" => "2019-04-29T11:53:04","version" => "1.048"},{"date" => "2019-05-31T11:58:05","version" => "1.049"},{"date" => "2020-03-08T15:56:09","version" => "1.049_001"},{"date" => "2020-03-08T22:53:16","version" => "1.049_002"},{"date" => "2020-03-08T22:58:32","version" => "1.049_003"},{"date" => "2020-03-10T13:51:31","version" => "1.049_004"},{"date" => "2020-03-18T08:14:29","version" => "1.050"},{"date" => "2020-11-29T22:25:00","version" => "1.051"},{"date" => "2021-01-13T15:44:24","version" => "1.052"},{"date" => "2022-01-25T15:25:10","version" => "1.053"},{"date" => "2022-01-27T11:05:32","version" => "1.054"},{"date" => "2022-07-03T16:27:19","version" => "1.055"},{"date" => "2022-08-31T07:56:09","version" => "1.055_01"},{"date" => "2022-09-05T10:12:07","version" => "1.056"},{"date" => "2022-11-25T09:12:00","version" => "1.056_01"},{"date" => "2022-11-27T15:25:29","version" => "1.056_02"},{"date" => "2022-11-29T11:33:29","version" => "1.057"},{"date" => "2023-05-24T11:53:27","version" => "1.057_001"},{"date" => "2023-06-07T14:56:47","version" => "1.057_002"},{"date" => "2023-06-12T09:14:24","version" => "1.058"},{"date" => "2023-07-20T14:13:30","version" => "1.059"},{"date" => "2023-12-15T14:05:16","version" => "1.061"},{"date" => "2024-03-05T14:01:26","version" => "1.062"},{"date" => "2024-03-10T13:46:23","version" => "1.062_001"},{"date" => "2024-03-11T13:08:45","version" => "1.062_002"},{"date" => "2024-03-15T12:57:23","version" => "1.063"},{"date" => "2024-06-24T09:05:18","version" => "1.063_001"},{"date" => "2025-07-08T11:36:24","version" => "1.064"}]},"PApp" => {"advisories" => [{"affected_versions" => ["<0.11"],"cves" => [],"description" => "Testing for nonexistant access rights always returned true.\n","distribution" => "PApp","fixed_versions" => [">=0.11"],"id" => "CPANSA-PApp-2001-01","references" => ["https://metacpan.org/dist/PApp/changes"],"reported" => "2001-10-27","severity" => undef}],"main_module" => "PApp","versions" => [{"date" => "2000-04-11T19:29:07","version" => "0.02"},{"date" => "2000-04-14T01:33:03","version" => "0.03"},{"date" => "2000-05-11T01:27:39","version" => "0.04"},{"date" => "2000-05-27T20:43:50","version" => "0.05"},{"date" => "2000-06-07T19:56:36","version" => "0.06"},{"date" => "2000-06-09T20:15:48","version" => "0.07"},{"date" => "2000-06-18T21:57:46","version" => "0.08"},{"date" => "2001-02-25T17:23:00","version" => "0.12"},{"date" => "2001-11-30T10:35:30","version" => "0.121"},{"date" => "2001-12-03T18:35:13","version" => "0.122"},{"date" => "2002-04-16T17:20:02","version" => "0.142"},{"date" => "2002-09-27T09:55:48","version" => "0.143"},{"date" => "2002-11-15T19:09:27","version" => "0.2"},{"date" => "2003-11-01T21:22:27","version" => "0.22"},{"date" => "2004-04-24T07:18:03","version" => "0.95"},{"date" => "2004-11-23T17:16:58","version" => 1},{"date" => "2005-09-04T14:32:15","version" => "1.1"},{"date" => "2007-01-06T19:32:19","version" => "1.2"},{"date" => "2008-01-20T12:37:14","version" => "1.4"},{"date" => "2008-01-28T20:07:08","version" => "1.41"},{"date" => "2008-11-26T07:18:45","version" => "1.42"},{"date" => "2008-12-09T17:23:32","version" => "1.43"},{"date" => "2010-01-30T03:08:38","version" => "1.44"},{"date" => "2010-11-21T07:30:21","version" => "1.45"},{"date" => "2013-03-19T12:24:55","version" => "2.0"},{"date" => "2016-02-11T07:21:31","version" => "2.1"},{"date" => "2020-02-17T11:04:59","version" => "2.2"},{"date" => "2023-08-02T22:30:09","version" => "2.3"},{"date" => "2026-01-13T22:30:41","version" => "2.4"}]},"PGObject-Util-DBAdmin" => {"advisories" => [{"affected_versions" => ["<1.6.0"],"cves" => ["CVE-2018-9246"],"description" => "The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.\n","distribution" => "PGObject-Util-DBAdmin","fixed_versions" => [">=1.6.0"],"id" => "CPANSA-PGObject-Util-DBAdmin-2018-01","references" => ["https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"],"reported" => "2018-06-18"}],"main_module" => "PGObject::Util::DBAdmin","versions" => [{"date" => "2014-09-11T11:20:13","version" => "0.01"},{"date" => "2014-09-12T02:45:35","version" => "0.02"},{"date" => "2014-09-13T02:03:16","version" => "0.03"},{"date" => "2014-09-13T14:37:42","version" => "0.04"},{"date" => "2014-09-14T07:48:28","version" => "0.05"},{"date" => "2014-09-17T08:27:06","version" => "0.06"},{"date" => "2015-07-16T14:55:28","version" => "0.07"},{"date" => "2016-02-11T18:01:16","version" => "0.08"},{"date" => "2016-07-18T11:03:07","version" => "0.09"},{"date" => "2016-12-16T21:20:09","version" => "v0.09.0"},{"date" => "2016-12-16T21:36:46","version" => "v0.10.0"},{"date" => "2016-12-16T21:43:21","version" => "v0.100.0"},{"date" => "2018-03-31T14:06:25","version" => "v0.120.0"},{"date" => "2018-05-06T09:28:39","version" => "v0.130.0"},{"date" => "2018-06-05T19:29:29","version" => "v0.130.1"},{"date" => "2019-07-07T08:06:48","version" => "v0.131.0"},{"date" => "2019-07-08T20:46:34","version" => "v1.0.0"},{"date" => "2019-07-09T18:04:14","version" => "v1.0.1"},{"date" => "2019-09-20T06:49:02","version" => "v1.0.2"},{"date" => "2019-09-29T18:24:55","version" => "v1.0.3"},{"date" => "2020-09-21T21:20:33","version" => "v1.1.0"},{"date" => "2020-10-21T20:17:28","version" => "v1.2.0"},{"date" => "2020-10-21T22:24:41","version" => "v1.2.1"},{"date" => "2020-10-23T18:46:24","version" => "v1.2.2"},{"date" => "2020-10-24T07:08:10","version" => "v1.2.3"},{"date" => "2020-10-24T19:58:09","version" => "v1.3.0"},{"date" => "2020-10-25T12:15:26","version" => "v1.4.0"},{"date" => "2021-09-24T12:47:40","version" => "v1.5.0"},{"date" => "2021-11-07T12:22:17","version" => "v1.6.0"},{"date" => "2021-11-07T14:17:22","version" => "v1.6.1"},{"date" => "2024-09-13T19:24:01","version" => "v1.6.2"}]},"POE-Component-IRC" => {"advisories" => [{"affected_versions" => ["<6.32"],"cves" => ["CVE-2010-3438"],"description" => "libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as \\\"some text\\\\rQUIT\\\" to the 'privmsg' handler, which would cause the client to disconnect from the server.\n","distribution" => "POE-Component-IRC","fixed_versions" => [">=6.32"],"id" => "CPANSA-Poe-Component-IRC-2010-3438","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438","https://security-tracker.debian.org/tracker/CVE-2010-3438"],"reported" => "2019-11-12","severity" => "critical"}],"main_module" => "POE::Component::IRC","versions" => [{"date" => "2001-01-14T01:08:55","version" => "1.0"},{"date" => "2001-02-21T23:20:30","version" => "1.0"},{"date" => "2001-03-02T11:10:34","version" => "1.1"},{"date" => "2001-05-24T09:39:58","version" => "1.2"},{"date" => "2001-07-01T00:29:06","version" => "1.3"},{"date" => "2001-07-03T00:23:58","version" => "1.4"},{"date" => "2001-07-05T22:29:01","version" => "1.5"},{"date" => "2001-07-07T02:07:09","version" => "1.6"},{"date" => "2001-07-21T08:09:18","version" => "1.7"},{"date" => "2001-12-11T00:06:53","version" => "1.8"},{"date" => "2001-12-13T07:07:40","version" => "1.9"},{"date" => "2002-02-22T23:26:52","version" => "2.0"},{"date" => "2002-03-05T01:19:43","version" => "2.1"},{"date" => "2002-05-24T20:54:40","version" => "2.2"},{"date" => "2002-09-06T15:29:09","version" => "2.3"},{"date" => "2002-10-10T21:24:56","version" => "2.4"},{"date" => "2002-10-27T19:02:42","version" => "2.5"},{"date" => "2002-12-12T04:30:15","version" => "2.6"},{"date" => "2003-02-02T23:23:52","version" => "2.7"},{"date" => "2003-06-07T23:25:07","version" => "2.8"},{"date" => "2003-07-19T20:38:58","version" => "2.9"},{"date" => "2004-12-31T13:57:37","version" => "3.0"},{"date" => "2005-01-21T12:36:21","version" => "3.1"},{"date" => "2005-02-02T11:58:41","version" => "3.2"},{"date" => "2005-02-02T14:17:25","version" => "3.3"},{"date" => "2005-02-18T15:40:19","version" => "3.4"},{"date" => "2005-02-23T13:35:13","version" => "3.4"},{"date" => "2005-03-01T18:10:05","version" => "3.4"},{"date" => "2005-03-04T17:53:49","version" => "3.4"},{"date" => "2005-03-14T10:31:33","version" => "3.4"},{"date" => "2005-03-21T09:24:00","version" => "3.4"},{"date" => "2005-04-05T09:50:19","version" => "4.0"},{"date" => "2005-04-11T10:31:43","version" => "4.1"},{"date" => "2005-04-14T19:46:49","version" => "4.2"},{"date" => "2005-04-20T08:35:06","version" => "4.3"},{"date" => "2005-04-28T14:23:29","version" => "4.4"},{"date" => "2005-05-22T15:26:46","version" => "4.5"},{"date" => "2005-06-01T14:33:57","version" => "4.6"},{"date" => "2005-06-02T09:53:57","version" => "4.61"},{"date" => "2005-06-02T15:47:47","version" => "4.62"},{"date" => "2005-06-16T21:03:43","version" => "4.63"},{"date" => "2005-07-05T15:28:06","version" => "4.64"},{"date" => "2005-07-13T16:52:52","version" => "4.65"},{"date" => "2005-07-28T17:16:01","version" => "4.66"},{"date" => "2005-08-25T13:31:53","version" => "4.67"},{"date" => "2005-09-02T12:35:28","version" => "4.68"},{"date" => "2005-09-05T11:27:29","version" => "4.69"},{"date" => "2005-09-16T15:59:06","version" => "4.70"},{"date" => "2005-10-13T18:10:10","version" => "4.71"},{"date" => "2005-10-25T18:07:42","version" => "4.72"},{"date" => "2005-10-26T06:43:59","version" => "4.73"},{"date" => "2005-10-26T08:21:25","version" => "4.74"},{"date" => "2005-12-04T17:50:30","version" => "4.75"},{"date" => "2005-12-23T15:22:40","version" => "4.76"},{"date" => "2005-12-26T17:08:35","version" => "4.77"},{"date" => "2006-01-10T22:07:46","version" => "4.78"},{"date" => "2006-01-15T17:09:57","version" => "4.79"},{"date" => "2006-03-16T16:53:54","version" => "4.80"},{"date" => "2006-03-31T16:02:38","version" => "4.81"},{"date" => "2006-04-11T18:38:36","version" => "4.82"},{"date" => "2006-04-11T19:50:58","version" => "4.83"},{"date" => "2006-04-12T13:40:40","version" => "4.84"},{"date" => "2006-04-13T11:43:55","version" => "4.85"},{"date" => "2006-04-27T20:45:17","version" => "4.86"},{"date" => "2006-05-06T16:13:30","version" => "4.87"},{"date" => "2006-05-21T17:09:49","version" => "4.88"},{"date" => "2006-05-22T08:21:25","version" => "4.89"},{"date" => "2006-05-22T12:56:03","version" => "4.90"},{"date" => "2006-06-01T20:15:32","version" => "4.91"},{"date" => "2006-06-11T17:15:17","version" => "4.92"},{"date" => "2006-06-13T18:29:21","version" => "4.93"},{"date" => "2006-07-02T09:10:52","version" => "4.94"},{"date" => "2006-07-05T10:47:35","version" => "4.95"},{"date" => "2006-07-16T13:37:50","version" => "4.96"},{"date" => "2006-07-24T11:55:01","version" => "4.97"},{"date" => "2006-08-18T11:39:13","version" => "4.98"},{"date" => "2006-08-29T16:57:17","version" => "4.99"},{"date" => "2006-09-01T01:32:30","version" => "5.00"},{"date" => "2006-09-07T17:03:08","version" => "5.01"},{"date" => "2006-09-08T15:45:55","version" => "5.02"},{"date" => "2006-09-16T13:33:43","version" => "5.03"},{"date" => "2006-09-25T12:40:35","version" => "5.04"},{"date" => "2006-10-06T14:02:37","version" => "5.05"},{"date" => "2006-10-12T12:29:17","version" => "5.06"},{"date" => "2006-10-17T10:57:25","version" => "5.07"},{"date" => "2006-10-23T12:43:37","version" => "5.08"},{"date" => "2006-10-24T14:15:06","version" => "5.09"},{"date" => "2006-10-24T17:18:06","version" => "5.10"},{"date" => "2006-10-25T15:51:16","version" => "5.11"},{"date" => "2006-11-16T14:01:15","version" => "5.12"},{"date" => "2006-11-19T14:34:09","version" => "5.13"},{"date" => "2006-11-29T11:10:54","version" => "5.14"},{"date" => "2006-12-05T19:42:12","version" => "5.15"},{"date" => "2006-12-06T12:27:38","version" => "5.16"},{"date" => "2006-12-12T23:09:26","version" => "5.17"},{"date" => "2006-12-29T11:08:52","version" => "5.18"},{"date" => "2007-01-31T12:06:39","version" => "5.19"},{"date" => "2007-01-31T17:37:46","version" => "5.20"},{"date" => "2007-02-01T12:39:18","version" => "5.21"},{"date" => "2007-02-02T12:55:07","version" => "5.22"},{"date" => "2007-04-12T15:28:46","version" => "5.23"},{"date" => "2007-04-16T12:51:48","version" => "5.24"},{"date" => "2007-04-29T12:19:32","version" => "5.25"},{"date" => "2007-04-29T14:33:13","version" => "5.26"},{"date" => "2007-05-01T13:21:57","version" => "5.27"},{"date" => "2007-05-01T14:14:27","version" => "5.28"},{"date" => "2007-05-03T12:51:34","version" => "5.29"},{"date" => "2007-05-08T18:38:59","version" => "5.30"},{"date" => "2007-05-18T09:26:43","version" => "5.31_01"},{"date" => "2007-05-31T15:25:34","version" => "5.31_02"},{"date" => "2007-06-01T10:02:23","version" => "5.31_03"},{"date" => "2007-06-05T08:46:20","version" => "5.31_04"},{"date" => "2007-06-11T09:30:57","version" => "5.31_05"},{"date" => "2007-06-12T11:28:18","version" => "5.32"},{"date" => "2007-07-10T17:11:05","version" => "5.33_01"},{"date" => "2007-07-25T10:01:32","version" => "5.34"},{"date" => "2007-11-01T14:32:47","version" => "5.36"},{"date" => "2007-12-05T21:26:00","version" => "5.37_01"},{"date" => "2007-12-06T08:53:09","version" => "5.37_02"},{"date" => "2007-12-06T17:35:01","version" => "5.38"},{"date" => "2007-12-26T11:03:08","version" => "5.40"},{"date" => "2007-12-31T12:44:42","version" => "5.42"},{"date" => "2008-01-01T14:10:56","version" => "5.44"},{"date" => "2008-01-03T15:21:36","version" => "5.46"},{"date" => "2008-01-10T20:32:12","version" => "5.48"},{"date" => "2008-01-13T10:30:41","version" => "5.50"},{"date" => "2008-01-14T08:06:32","version" => "5.52"},{"date" => "2008-01-27T09:43:44","version" => "5.54"},{"date" => "2008-01-31T13:13:54","version" => "5.56"},{"date" => "2008-02-04T08:13:31","version" => "5.58"},{"date" => "2008-02-06T13:54:09","version" => "5.60"},{"date" => "2008-02-07T16:42:54","version" => "5.62"},{"date" => "2008-02-16T08:35:10","version" => "5.64"},{"date" => "2008-02-18T22:11:13","version" => "5.66"},{"date" => "2008-02-20T20:00:00","version" => "5.68"},{"date" => "2008-03-03T10:51:33","version" => "5.70"},{"date" => "2008-03-21T10:56:45","version" => "5.72"},{"date" => "2008-04-02T15:23:28","version" => "5.74"},{"date" => "2008-04-24T15:13:29","version" => "5.76"},{"date" => "2008-05-30T07:16:00","version" => "5.78"},{"date" => "2008-06-12T15:42:21","version" => "5.80"},{"date" => "2008-06-14T08:49:07","version" => "5.82"},{"date" => "2008-06-26T19:16:22","version" => "5.84"},{"date" => "2008-07-22T09:11:40","version" => "5.86"},{"date" => "2008-08-28T15:06:57","version" => "5.88"},{"date" => "2009-01-22T11:04:20","version" => "5.90"},{"date" => "2009-01-27T13:08:53","version" => "5.92"},{"date" => "2009-01-27T21:56:50","version" => "5.94"},{"date" => "2009-01-28T12:02:40","version" => "5.96"},{"date" => "2009-03-02T23:16:08","version" => "5.98"},{"date" => "2009-03-04T23:31:34","version" => "6.00"},{"date" => "2009-03-06T11:07:07","version" => "6.02"},{"date" => "2009-03-07T23:41:08","version" => "6.04"},{"date" => "2009-04-11T09:24:16","version" => "6.05_01"},{"date" => "2009-04-30T12:12:52","version" => "6.06"},{"date" => "2009-05-29T11:58:02","version" => "6.08"},{"date" => "2009-07-09T20:20:10","version" => "6.09_01"},{"date" => "2009-07-10T09:17:48","version" => "6.09_02"},{"date" => "2009-07-10T14:24:17","version" => "6.09_03"},{"date" => "2009-07-12T20:52:44","version" => "6.09_04"},{"date" => "2009-07-16T14:20:12","version" => "6.09_05"},{"date" => "2009-07-17T10:23:41","version" => "6.09_06"},{"date" => "2009-07-21T06:26:37","version" => "6.09_07"},{"date" => "2009-07-27T12:19:55","version" => "6.09_08"},{"date" => "2009-07-29T11:16:27","version" => "6.09_09"},{"date" => "2009-07-30T13:40:56","version" => "6.09_10"},{"date" => "2009-08-07T12:59:58","version" => "6.09_11"},{"date" => "2009-08-14T20:49:04","version" => "6.10"},{"date" => "2009-08-19T09:21:27","version" => "6.11_01"},{"date" => "2009-09-10T09:00:17","version" => "6.12"},{"date" => "2009-09-24T15:13:45","version" => "6.14"},{"date" => "2009-10-11T09:02:32","version" => "6.16"},{"date" => "2009-12-11T19:28:22","version" => "6.18"},{"date" => "2010-01-15T18:42:20","version" => "6.20"},{"date" => "2010-01-20T01:54:34","version" => "6.22"},{"date" => "2010-02-12T02:47:46","version" => "6.24"},{"date" => "2010-03-14T07:34:45","version" => "6.26"},{"date" => "2010-03-14T10:57:17","version" => "6.28"},{"date" => "2010-05-10T14:40:23","version" => "6.30"},{"date" => "2010-05-11T13:45:23","version" => "6.32"},{"date" => "2010-06-21T20:28:42","version" => "6.33"},{"date" => "2010-06-25T18:17:14","version" => "6.34"},{"date" => "2010-06-27T09:33:18","version" => "6.35"},{"date" => "2010-07-26T03:54:08","version" => "6.36"},{"date" => "2010-08-17T23:08:39","version" => "6.37"},{"date" => "2010-09-03T18:33:58","version" => "6.38"},{"date" => "2010-09-04T02:16:21","version" => "6.39"},{"date" => "2010-09-09T06:56:17","version" => "6.40"},{"date" => "2010-09-23T21:34:09","version" => "6.41"},{"date" => "2010-09-25T09:40:47","version" => "6.42"},{"date" => "2010-09-25T21:30:54","version" => "6.43"},{"date" => "2010-09-25T23:35:19","version" => "6.44"},{"date" => "2010-09-26T03:42:36","version" => "6.45"},{"date" => "2010-09-29T04:59:09","version" => "6.46"},{"date" => "2010-10-03T15:29:13","version" => "6.47"},{"date" => "2010-10-03T19:50:31","version" => "6.48"},{"date" => "2010-10-16T19:05:02","version" => "6.49"},{"date" => "2010-11-03T02:06:04","version" => "6.50"},{"date" => "2010-11-05T11:29:30","version" => "6.51"},{"date" => "2010-11-05T17:26:55","version" => "6.52"},{"date" => "2011-03-10T15:39:11","version" => "6.53"},{"date" => "2011-03-10T18:21:18","version" => "6.54"},{"date" => "2011-04-01T18:38:19","version" => "6.55"},{"date" => "2011-04-01T20:05:44","version" => "6.56"},{"date" => "2011-04-02T03:41:42","version" => "6.57"},{"date" => "2011-04-04T17:52:07","version" => "6.58"},{"date" => "2011-04-04T20:23:21","version" => "6.59"},{"date" => "2011-04-15T06:13:37","version" => "6.60"},{"date" => "2011-04-19T17:04:11","version" => "6.61"},{"date" => "2011-05-03T11:00:14","version" => "6.62"},{"date" => "2011-05-15T05:08:04","version" => "6.63"},{"date" => "2011-05-15T10:00:34","version" => "6.64"},{"date" => "2011-05-19T01:55:49","version" => "6.65"},{"date" => "2011-05-19T22:33:07","version" => "6.66"},{"date" => "2011-05-22T16:45:17","version" => "6.67"},{"date" => "2011-05-22T17:02:27","version" => "6.68"},{"date" => "2011-07-29T01:54:20","version" => "6.69"},{"date" => "2011-08-02T03:40:17","version" => "6.70"},{"date" => "2011-09-18T16:08:38","version" => "6.71"},{"date" => "2011-10-07T15:42:11","version" => "6.72"},{"date" => "2011-10-08T04:41:24","version" => "6.73"},{"date" => "2011-10-09T20:16:25","version" => "6.74"},{"date" => "2011-11-13T14:26:23","version" => "6.75"},{"date" => "2011-11-29T03:25:52","version" => "6.76"},{"date" => "2011-12-02T03:56:47","version" => "6.77"},{"date" => "2011-12-07T20:30:42","version" => "6.78"},{"date" => "2012-09-19T13:26:08","version" => "6.79"},{"date" => "2012-09-20T08:55:35","version" => "6.80"},{"date" => "2012-11-23T15:56:03","version" => "6.81"},{"date" => "2013-03-09T22:17:24","version" => "6.82"},{"date" => "2013-05-27T09:43:25","version" => "6.83"},{"date" => "2014-06-17T09:47:20","version" => "6.84"},{"date" => "2014-06-19T09:22:12","version" => "6.85"},{"date" => "2014-06-20T10:14:59","version" => "6.86"},{"date" => "2014-06-21T14:09:46","version" => "6.87"},{"date" => "2014-06-28T12:16:18","version" => "6.88"},{"date" => "2017-09-05T18:14:17","version" => "6.89"},{"date" => "2017-09-05T18:19:13","version" => "6.90"},{"date" => "2021-06-05T12:55:31","version" => "6.91"},{"date" => "2021-06-08T13:32:11","version" => "6.92"},{"date" => "2021-06-15T18:29:10","version" => "6.93"},{"date" => "2025-07-07T00:26:11","version" => "6.94"},{"date" => "2025-07-07T01:32:11","version" => "6.95"}]},"POSIX-2008" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "POSIX::2008's implementation of readlink() and readlinkat(). The underlying syscalls do not add any null terminator byte at the end of the output buffer, but _readlink50c() in 2008.XS also fails to add a null terminator before returning the result string to perl. This results in arbitrary memory contents being visible in the result returned to perl code by readlink() and readlinkat(). At the very least, this causes failures in any downstream code that attempts to access whatever filename (plus the erroneous garbage) was linked to.\n","distribution" => "POSIX-2008","fixed_versions" => [">=0.04"],"id" => "CPANSA-POSIX-2008-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=96644"],"reported" => undef,"severity" => undef},{"affected_versions" => ["<0.24"],"cves" => ["CVE-2024-55564"],"description" => "Fixed potential env buffer overflow in _execve50c()\n","distribution" => "POSIX-2008","fixed_versions" => [">=0.24"],"id" => "CPANSA-POSIX-2008-002","references" => ["https://metacpan.org/release/CGPAN/POSIX-2008-0.24/source/Changes"],"reported" => undef,"severity" => undef}],"main_module" => "POSIX::2008","versions" => [{"date" => "2013-09-13T17:14:53","version" => "0.01"},{"date" => "2013-09-14T16:20:56","version" => "0.02"},{"date" => "2013-09-16T09:32:15","version" => "0.03"},{"date" => "2015-05-25T13:51:17","version" => "0.04"},{"date" => "2017-08-25T20:52:28","version" => "0.05"},{"date" => "2017-08-26T17:21:09","version" => "0.06"},{"date" => "2017-08-27T14:55:54","version" => "0.07"},{"date" => "2017-08-31T18:14:24","version" => "0.08"},{"date" => "2017-09-01T10:14:04","version" => "0.09"},{"date" => "2017-09-02T09:15:21","version" => "0.10"},{"date" => "2017-09-02T13:11:19","version" => "0.11"},{"date" => "2017-09-03T20:02:26","version" => "0.12"},{"date" => "2017-09-08T11:50:51","version" => "0.13"},{"date" => "2017-09-09T18:04:53","version" => "0.14"},{"date" => "2017-09-10T12:50:52","version" => "0.15"},{"date" => "2017-09-15T14:59:53","version" => "0.16"},{"date" => "2023-06-01T13:51:43","version" => "0.18"},{"date" => "2023-07-07T13:52:59","version" => "0.19"},{"date" => "2023-07-08T12:09:34","version" => "0.20_01"},{"date" => "2023-07-09T08:25:58","version" => "0.20_02"},{"date" => "2023-07-11T15:26:35","version" => "0.20_03"},{"date" => "2023-07-12T17:47:09","version" => "0.20_04"},{"date" => "2023-07-13T17:26:29","version" => "0.20_05"},{"date" => "2023-07-14T15:57:30","version" => "0.20"},{"date" => "2023-11-16T19:54:40","version" => "0.21"},{"date" => "2024-01-26T16:30:56","version" => "0.22"},{"date" => "2024-01-27T15:34:00","version" => "0.23"},{"date" => "2024-06-14T12:10:38","version" => "0.24"},{"date" => "2025-07-12T16:48:06","version" => "0.25"},{"date" => "2025-07-25T10:05:43","version" => "0.26"}]},"Parallel-ForkManager" => {"advisories" => [{"affected_versions" => ["<1.0.0"],"cves" => ["CVE-2011-4115"],"description" => "Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.\n","distribution" => "Parallel-ForkManager","fixed_versions" => [">1.0.0"],"id" => "CPANSA-Parallel-ForkManager-2011-4115","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://rt.cpan.org/Public/Bug/Display.html?id=68298"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Parallel::ForkManager","versions" => [{"date" => "2000-10-19T21:52:22","version" => "0.5"},{"date" => "2000-11-30T11:03:55","version" => "0.6"},{"date" => "2001-04-04T11:28:22","version" => "0.7"},{"date" => "2001-05-14T14:34:23","version" => "v0.7.2"},{"date" => "2001-10-24T00:32:21","version" => "v0.7.3"},{"date" => "2002-07-04T21:16:46","version" => "v0.7.4"},{"date" => "2002-12-25T23:14:12","version" => "v0.7.5"},{"date" => "2010-08-15T10:53:20","version" => "0.7.6"},{"date" => "2010-09-27T22:27:36","version" => "0.7.7"},{"date" => "2010-10-25T16:44:43","version" => "0.7.8"},{"date" => "2010-11-01T18:06:12","version" => "0.7.9"},{"date" => "2012-12-23T10:29:10","version" => "v1.0.0"},{"date" => "2012-12-23T19:35:57","version" => "1.01"},{"date" => "2012-12-24T11:30:23","version" => "1.02"},{"date" => "2013-03-06T09:31:14","version" => "1.03"},{"date" => "2013-09-03T06:57:39","version" => "1.04"},{"date" => "2013-09-18T08:58:10","version" => "1.05"},{"date" => "2013-12-24T20:42:36","version" => "1.06"},{"date" => "2014-11-10T07:11:25","version" => "1.07"},{"date" => "2015-01-07T15:27:26","version" => "1.08"},{"date" => "2015-01-08T14:47:12","version" => "1.09"},{"date" => "2015-01-15T15:22:56","version" => "1.10"},{"date" => "2015-01-22T19:09:25","version" => "1.10_1"},{"date" => "2015-01-26T19:32:34","version" => "1.10_2"},{"date" => "2015-01-30T16:16:43","version" => "1.11"},{"date" => "2015-02-23T23:22:38","version" => "1.12"},{"date" => "2015-05-11T22:32:07","version" => "1.13"},{"date" => "2015-05-17T21:19:58","version" => "1.14"},{"date" => "2015-07-08T21:41:39","version" => "1.15"},{"date" => "2015-10-08T22:51:51","version" => "1.16"},{"date" => "2015-11-28T14:50:06","version" => "1.17"},{"date" => "2016-03-29T23:27:09","version" => "1.18"},{"date" => "2016-06-28T23:04:26","version" => "1.19"},{"date" => "2018-07-19T00:48:24","version" => "1.20"},{"date" => "2018-08-23T01:28:34","version" => "2.00"},{"date" => "2018-08-23T23:59:37","version" => "2.01"},{"date" => "2018-10-08T23:21:03","version" => "2.02"},{"date" => "2024-08-24T18:13:26","version" => "2.03"},{"date" => "2025-08-30T16:12:19","version" => "2.04"}]},"PathTools" => {"advisories" => [{"affected_versions" => ["<3.65"],"cves" => ["CVE-2016-1238"],"description" => "Does not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "PathTools","fixed_versions" => [">=3.65"],"id" => "CPANSA-PathTools-2016-02","references" => ["https://metacpan.org/changes/distribution/PathTools"],"reported" => "2016-02-08"},{"affected_versions" => ["<3.62"],"cves" => ["CVE-2015-8607"],"description" => "Does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.\n","distribution" => "PathTools","fixed_versions" => [">=3.62"],"id" => "CPANSA-PathTools-2016-01","references" => ["https://metacpan.org/changes/distribution/PathTools"],"reported" => "2016-01-11"}],"main_module" => "Cwd","versions" => [{"date" => "2004-09-03T03:40:00","version" => "3.00"},{"date" => "2004-09-07T03:39:26","version" => "3.01"},{"date" => "2004-11-19T04:26:35","version" => "3.01_01"},{"date" => "2004-11-29T04:20:10","version" => "3.01_02"},{"date" => "2004-11-30T02:34:46","version" => "3.01_03"},{"date" => "2005-01-10T01:33:05","version" => "3.02"},{"date" => "2005-01-22T03:59:59","version" => "3.03"},{"date" => "2005-02-07T00:28:43","version" => "3.04"},{"date" => "2005-02-28T13:27:37","version" => "3.05"},{"date" => "2005-04-14T02:06:10","version" => "3.06"},{"date" => "2005-05-06T12:50:38","version" => "3.07"},{"date" => "2005-05-28T15:13:27","version" => "3.08"},{"date" => "2005-06-15T23:45:19","version" => "3.09"},{"date" => "2005-08-26T03:29:11","version" => "3.10"},{"date" => "2005-08-28T01:16:38","version" => "3.11"},{"date" => "2005-10-04T03:14:00","version" => "3.12"},{"date" => "2005-11-16T05:58:53","version" => "3.13"},{"date" => "2005-11-18T00:15:37","version" => "3.14"},{"date" => "2005-12-10T04:51:57","version" => "3.14_01"},{"date" => "2005-12-14T05:11:27","version" => "3.14_02"},{"date" => "2005-12-27T20:32:26","version" => "3.15"},{"date" => "2006-01-31T02:52:07","version" => "3.16"},{"date" => "2006-03-03T22:55:18","version" => "3.17"},{"date" => "2006-04-28T03:04:00","version" => "3.18"},{"date" => "2006-07-12T03:43:15","version" => "3.19"},{"date" => "2006-10-05T02:18:51","version" => "3.21"},{"date" => "2006-10-10T02:53:23","version" => "3.22"},{"date" => "2006-10-11T17:13:59","version" => "3.23"},{"date" => "2006-11-20T04:53:56","version" => "3.24"},{"date" => "2007-05-22T02:08:53","version" => "3.25"},{"date" => "2007-10-14T02:15:40","version" => "3.25_01"},{"date" => "2007-12-25T02:34:28","version" => "3.2501"},{"date" => "2008-01-14T12:02:28","version" => "3.26"},{"date" => "2008-01-15T23:27:33","version" => "3.26_01"},{"date" => "2008-01-17T02:21:47","version" => "3.27"},{"date" => "2008-02-12T03:46:01","version" => "3.2701"},{"date" => "2008-07-26T02:19:45","version" => "3.28_01"},{"date" => "2008-10-27T19:27:37","version" => "3.28_02"},{"date" => "2008-10-27T21:16:35","version" => "3.28_03"},{"date" => "2008-10-29T20:11:52","version" => "3.29"},{"date" => "2009-05-07T18:27:46","version" => "3.29_01"},{"date" => "2009-05-10T08:59:46","version" => "3.30"},{"date" => "2009-09-21T12:46:15","version" => "3.30_01"},{"date" => "2009-09-29T06:22:30","version" => "3.30_02"},{"date" => "2009-11-01T14:22:36","version" => "3.31"},{"date" => "2010-07-23T08:10:31","version" => "3.31_02"},{"date" => "2010-09-17T13:24:05","version" => "3.31_03"},{"date" => "2010-09-19T15:53:14","version" => "3.32"},{"date" => "2010-09-20T07:54:00","version" => "3.33"},{"date" => "2011-12-20T07:42:29","version" => "3.39_01"},{"date" => "2013-01-16T06:35:08","version" => "3.40"},{"date" => "2014-05-01T18:34:31","version" => "3.46_01"},{"date" => "2014-05-23T17:00:38","version" => "3.47"},{"date" => "2015-07-11T22:18:08","version" => "3.56_01"},{"date" => "2015-07-16T15:33:27","version" => "3.56_02"},{"date" => "2015-11-09T22:09:25","version" => "3.58_01"},{"date" => "2015-11-13T23:46:00","version" => "3.59"},{"date" => "2015-11-19T02:32:50","version" => "3.60"},{"date" => "2016-01-11T13:49:31","version" => "3.62"},{"date" => "2018-02-18T20:27:27","version" => "3.73"},{"date" => "2018-02-19T08:41:14","version" => "3.74"},{"date" => "2018-08-29T19:53:19","version" => "3.75"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "2.00"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "2.01"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006","version" => "2.02"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "2.04"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.06"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "2.08"},{"date" => "2004-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008003","version" => "2.12"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "2.17"},{"date" => "2004-07-19T00:00:00","dual_lived" => 1,"perl_release" => "5.008005","version" => "2.19"},{"date" => "2009-10-02T00:00:00","dual_lived" => 1,"perl_release" => "5.011000","version" => "3.3002"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "3.34"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "3.35"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "3.36"},{"date" => "2011-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013010","version" => "3.37"},{"date" => "2011-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015006","version" => "3.38"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "3.39_02"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "3.39_03"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "3.41"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "3.44"},{"date" => "2013-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019005","version" => "3.45"},{"date" => "2014-09-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020001","version" => "3.48"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "3.48_01"},{"date" => "2014-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021002","version" => "3.49"},{"date" => "2014-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021004","version" => "3.50"},{"date" => "2014-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021005","version" => "3.51"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "3.54"},{"date" => "2015-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02101","version" => "3.55"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "3.56"},{"date" => "2015-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023002","version" => "3.57"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "3.58"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "3.63"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "3.63_01"},{"date" => "2016-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025002","version" => "3.64"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "3.65"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "3.66"},{"date" => "2017-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025011","version" => "3.67"},{"date" => "2017-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027002","version" => "3.68"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "3.70"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "3.71"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "3.72"},{"date" => "2018-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029005","version" => "3.76"},{"date" => "2019-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029007","version" => "3.77"},{"date" => "2019-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029010","version" => "3.78"},{"date" => "2020-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033004","version" => "3.79"},{"date" => "2020-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033005","version" => "3.80"},{"date" => "2021-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035001","version" => "3.81"},{"date" => "2021-07-23T00:00:00","dual_lived" => 1,"perl_release" => "5.035002","version" => "3.82"},{"date" => "2021-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035007","version" => "3.83"},{"date" => "2022-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.03501","version" => "3.84"},{"date" => "2022-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037001","version" => "3.85"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "3.86"},{"date" => "2022-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037007","version" => "3.88"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037010","version" => "3.89"},{"date" => "2023-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039002","version" => "3.90"},{"date" => "2025-01-18T00:00:00","dual_lived" => 1,"perl_release" => "5.040001","version" => "3.91"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.92"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "3.94"}]},"Perl-Tidy" => {"advisories" => [{"affected_versions" => ["<20170521"],"cves" => ["CVE-2016-10374"],"description" => "perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.","distribution" => "Perl-Tidy","fixed_versions" => [">=20170521"],"id" => "CPANSA-Perl-Tidy-2016-10374","references" => ["https://bugs.debian.org/862667"],"reported" => "2017-05-17","severity" => undef},{"affected_versions" => ["<20140328"],"comment" => "This issue is actually about a temporary file with a a particular, known name (perltidy.TMP), and that expression of the problem was fixed. This does not mean that all similar problems are solved.","cves" => ["CVE-2014-2277"],"description" => "The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.","distribution" => "Perl-Tidy","fixed_versions" => [">=20140328"],"id" => "CPANSA-Perl-Tidy-2014-2277","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130464.html","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html","http://www.openwall.com/lists/oss-security/2014/03/09/1","http://www.securityfocus.com/bid/66139","https://bugzilla.redhat.com/show_bug.cgi?id=1074720","https://exchange.xforce.ibmcloud.com/vulnerabilities/92104","https://github.com/perltidy/perltidy/issues/193"],"reported" => "2017-10-17","severity" => undef}],"main_module" => "Perl::Tidy","versions" => [{"date" => "2002-12-12T04:04:58","version" => 20021130},{"date" => "2003-07-29T01:16:45","version" => 20030726},{"date" => "2003-10-22T19:58:39","version" => 20031021},{"date" => "2006-06-14T19:23:10","version" => 20060614},{"date" => "2006-07-21T13:54:28","version" => 20060719},{"date" => "2007-04-24T16:01:04","version" => 20070424},{"date" => "2007-05-04T17:15:58","version" => 20070504},{"date" => "2007-05-08T20:58:34","version" => 20070508},{"date" => "2007-08-01T17:28:17","version" => 20070801},{"date" => "2007-12-06T18:43:33","version" => 20071205},{"date" => "2009-06-17T12:24:15","version" => 20090616},{"date" => "2010-12-17T01:14:33","version" => 20101217},{"date" => "2012-06-19T22:24:36","version" => 20120619},{"date" => "2012-07-01T21:48:51","version" => 20120701},{"date" => "2012-07-14T14:05:46","version" => 20120714},{"date" => "2012-12-09T14:22:00","version" => 20121207},{"date" => "2013-07-16T23:57:29","version" => 20130717},{"date" => "2013-08-05T23:43:11","version" => 20130805},{"date" => "2013-08-06T00:53:04","version" => 20130806},{"date" => "2013-09-22T14:50:31","version" => 20130922},{"date" => "2014-03-28T12:47:26","version" => 20140328},{"date" => "2014-07-11T12:19:22","version" => 20140711},{"date" => "2015-08-15T01:10:08","version" => 20150815},{"date" => "2016-02-27T16:37:50","version" => 20160301},{"date" => "2016-03-01T16:02:00","version" => 20160302},{"date" => "2017-05-21T15:50:20","version" => 20170521},{"date" => "2017-12-14T14:28:53","version" => 20171214},{"date" => "2017-12-31T15:46:44","version" => 20180101},{"date" => "2018-02-18T19:39:25","version" => 20180219},{"date" => "2018-02-20T11:53:21","version" => 20180220},{"date" => "2018-11-17T01:59:23","version" => 20181117},{"date" => "2018-11-18T04:52:04","version" => 20181118},{"date" => "2018-11-18T05:56:29","version" => 20181119},{"date" => "2018-11-19T15:37:08","version" => 20181120},{"date" => "2019-05-31T14:47:55","version" => 20190601},{"date" => "2019-09-14T23:41:55","version" => 20190915},{"date" => "2019-12-03T14:34:15","version" => 20191203},{"date" => "2020-01-09T23:28:34","version" => 20200110},{"date" => "2020-06-19T13:05:06","version" => 20200619},{"date" => "2020-08-22T13:34:22","version" => 20200822},{"date" => "2020-09-06T21:51:31","version" => 20200907},{"date" => "2020-09-28T23:43:58","version" => 20201001},{"date" => "2020-12-02T23:45:54","version" => 20201202},{"date" => "2020-12-06T22:05:36","version" => 20201207},{"date" => "2021-01-10T15:32:47","version" => 20210111},{"date" => "2021-04-01T13:13:11","version" => 20210402},{"date" => "2021-06-24T14:09:49","version" => 20210625},{"date" => "2021-07-17T13:21:01","version" => 20210717},{"date" => "2021-10-29T12:52:01","version" => 20211029},{"date" => "2022-02-15T14:21:53","version" => 20220215},{"date" => "2022-02-15T16:27:06","version" => 20220216},{"date" => "2022-02-15T16:54:52","version" => 20220217},{"date" => "2022-06-13T12:51:44","version" => 20220613},{"date" => "2022-11-10T13:56:33","version" => 20221111},{"date" => "2022-11-11T13:33:22","version" => 20221112},{"date" => "2023-03-08T15:07:20","version" => 20230309},{"date" => "2023-07-01T13:11:20","version" => 20230701},{"date" => "2023-09-08T13:48:48","version" => 20230909},{"date" => "2023-09-12T21:49:07","version" => 20230912},{"date" => "2024-02-01T13:55:33","version" => 20240202},{"date" => "2024-05-10T13:16:10","version" => 20240511},{"date" => "2024-09-03T13:06:06","version" => 20240903},{"date" => "2025-01-05T01:48:16","version" => 20250105},{"date" => "2025-02-13T14:45:10","version" => 20250214},{"date" => "2025-03-11T23:43:02","version" => 20250311},{"date" => "2025-06-15T13:30:07","version" => 20250616},{"date" => "2025-07-11T13:09:54","version" => 20250711},{"date" => "2025-09-12T13:54:29","version" => 20250912},{"date" => "2026-01-08T14:58:18","version" => 20260109},{"date" => "2026-02-03T14:43:25","version" => 20260204}]},"Perl-Version" => {"advisories" => [{"affected_versions" => ["<1.013"],"cves" => [],"description" => "Insecure dependency File::Slurp is used.\n","distribution" => "Perl-Version","fixed_versions" => [">=1.013"],"id" => "CPANSA-Perl-Version-2014-01","references" => ["https://metacpan.org/changes/distribution/Perl-Version","https://rt.cpan.org/Public/Bug/Display.html?id=92974"],"reported" => "2014-02-12"}],"main_module" => "Perl::Version","versions" => [{"date" => "2007-02-07T19:41:42","version" => "v0.0.1"},{"date" => "2007-02-23T18:03:11","version" => "v0.0.3"},{"date" => "2007-02-24T18:03:42","version" => "v0.0.4"},{"date" => "2007-02-25T12:41:13","version" => "v0.0.5"},{"date" => "2007-02-27T12:46:07","version" => "v0.0.6"},{"date" => "2007-02-28T01:27:59","version" => "v0.0.7"},{"date" => "2007-06-20T16:09:31","version" => "0.0.8"},{"date" => "2007-09-03T14:28:35","version" => "v1.000"},{"date" => "2007-09-07T15:42:58","version" => "v1.001"},{"date" => "2007-09-07T15:58:18","version" => "v1.002"},{"date" => "2007-11-08T12:14:27","version" => "1.003"},{"date" => "2007-11-08T12:24:59","version" => "1.004"},{"date" => "2008-04-03T14:56:16","version" => "1.005"},{"date" => "2008-04-07T19:14:56","version" => "1.006"},{"date" => "2008-04-07T19:27:24","version" => "1.007"},{"date" => "2009-03-07T16:40:03","version" => "1.008"},{"date" => "2009-03-09T16:22:08","version" => "1.009"},{"date" => "2010-09-19T15:37:48","version" => "1.010"},{"date" => "2011-02-21T21:32:17","version" => "1.011"},{"date" => "2014-02-12T20:58:43","version" => "1.013"},{"date" => "2014-02-14T16:08:42","version" => "1.013_01"},{"date" => "2014-02-18T16:42:57","version" => "1.013_02"},{"date" => "2015-11-21T06:05:48","version" => "1.013_03"},{"date" => "2024-01-04T15:11:21","version" => "1.015"},{"date" => "2024-01-05T13:57:01","version" => "1.016"},{"date" => "2024-03-09T01:38:25","version" => "1.017"},{"date" => "2025-01-27T13:08:16","version" => "1.018"},{"date" => "2026-02-24T23:29:53","version" => "1.019"}]},"Perl6-Pugs" => {"advisories" => [{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2015-2325"],"description" => "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2015-2325-libpcre","references" => ["https://bugs.exim.org/show_bug.cgi?id=1591","https://fortiguard.com/zeroday/FG-VD-15-015","http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html","https://www.pcre.org/original/changelog.txt"],"reported" => "2020-01-14","severity" => "high"},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2015-2326"],"description" => "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\".\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2015-2326-libpcre","references" => ["https://bugs.exim.org/show_bug.cgi?id=1592","https://fortiguard.com/zeroday/FG-VD-15-016","http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html","https://www.pcre.org/original/changelog.txt"],"reported" => "2020-01-14","severity" => "medium"},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2015-8382"],"description" => "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2015-8382-libpcre","references" => ["https://bugs.exim.org/show_bug.cgi?id=1537","http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup","http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510","https://bugzilla.redhat.com/show_bug.cgi?id=1187225","http://www.openwall.com/lists/oss-security/2015/08/04/3","http://www.openwall.com/lists/oss-security/2015/11/29/1","http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834","http://www.securityfocus.com/bid/76157","https://bto.bluecoat.com/security-advisory/sa128"],"reported" => "2015-12-02","severity" => undef}],"main_module" => "Perl6::Pugs","versions" => [{"date" => "2005-02-06T19:03:38","version" => "6.0.0"},{"date" => "2005-02-07T00:46:57","version" => "6.0.1"},{"date" => "2005-02-09T04:59:47","version" => "6.0.2"},{"date" => "2005-02-11T19:27:50","version" => "6.0.2"},{"date" => "2005-02-12T04:11:20","version" => "6.0.4"},{"date" => "2005-02-14T18:13:02","version" => "6.0.5"},{"date" => "2005-02-17T18:36:41","version" => "6.0.6"},{"date" => "2005-02-17T18:44:09","version" => "6.0.7"},{"date" => "2005-02-20T19:24:21","version" => "6.0.7"},{"date" => "2005-02-28T04:51:23","version" => "6.0.9"},{"date" => "2005-03-05T03:38:25","version" => "6.0.9"},{"date" => "2005-03-13T20:41:30","version" => "6.0.11"},{"date" => "2005-03-20T17:55:40","version" => "6.0.9"},{"date" => "2005-03-27T07:10:11","version" => "6.0.13"},{"date" => "2005-04-04T04:21:37","version" => "6.0.14"},{"date" => "2005-04-12T19:51:15","version" => "6.2.0"},{"date" => "2005-04-23T22:56:30","version" => "6.2.1"},{"date" => "2005-05-01T16:29:36","version" => "6.2.2"},{"date" => "2005-05-12T17:15:04","version" => "6.2.3"},{"date" => "2005-05-23T21:17:12","version" => "6.2.4"},{"date" => "2005-05-23T21:39:42","version" => "6.2.5"},{"date" => "2005-06-02T03:17:03","version" => "6.2.6"},{"date" => "2005-06-13T12:34:18","version" => "6.2.7"},{"date" => "2005-07-13T16:16:05","version" => "6.2.8"},{"date" => "2005-08-03T19:19:38","version" => "6.2.9"},{"date" => "2005-10-10T01:32:18","version" => "6.2.10"},{"date" => "2006-02-01T21:12:47","version" => "6.2.11"},{"date" => "2006-06-26T20:22:01","version" => "6.2.11"},{"date" => "2006-10-17T12:51:53","version" => "6.2.13"}]},"PerlSpeak" => {"advisories" => [{"affected_versions" => ["<=2.01"],"cves" => ["CVE-2020-10674"],"description" => "PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.","distribution" => "PerlSpeak","fixed_versions" => [">2.01"],"id" => "CPANSA-PerlSpeak-2011-10007","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-10674","https://metacpan.org/source/JKAMPHAUS/PerlSpeak-2.01/Changes","https://rt.cpan.org/Public/Bug/Display.html?id=132173","https://github.com/gitpan/PerlSpeak"],"reported" => "2025-06-05","severity" => undef}],"main_module" => "PerlSpeak","versions" => [{"date" => "2007-01-08T06:32:14","version" => "0.01"},{"date" => "2007-01-09T06:00:00","version" => "0.03"},{"date" => "2007-01-20T19:51:59","version" => "0.50"},{"date" => "2007-01-24T19:12:12","version" => "0.50"},{"date" => "2007-06-18T04:41:45","version" => "1.0"},{"date" => "2007-11-02T15:03:33","version" => "1.50"},{"date" => "2008-01-03T02:33:29","version" => "2.01"}]},"Perlbal" => {"advisories" => [{"affected_versions" => ["<1.70"],"cves" => ["CVE-2008-1652"],"description" => "Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter.  NOTE: some of these details are obtained from third party information.\n","distribution" => "Perlbal","fixed_versions" => [],"id" => "CPANSA-Perlbal-2008-1652","references" => ["http://search.cpan.org/src/BRADFITZ/Perlbal-1.70/CHANGES","http://secunia.com/advisories/29565","http://www.vupen.com/english/advisories/2008/1045/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41540"],"reported" => "2008-04-02","severity" => undef}],"main_module" => "Perlbal","versions" => [{"date" => "2005-07-26T20:21:09","version" => "1.3"},{"date" => "2005-08-17T06:04:13","version" => "1.35"},{"date" => "2005-08-19T17:27:29","version" => "1.36"},{"date" => "2005-10-19T16:57:48","version" => "1.38"},{"date" => "2006-02-06T19:25:44","version" => "1.41"},{"date" => "2006-08-04T04:56:17","version" => "1.42"},{"date" => "2006-08-09T18:09:23","version" => "1.43"},{"date" => "2006-08-10T21:49:57","version" => "1.44"},{"date" => "2006-08-10T23:04:14","version" => "1.45"},{"date" => "2006-08-10T23:55:32","version" => "1.46"},{"date" => "2006-08-15T23:17:40","version" => "1.47"},{"date" => "2006-09-08T20:42:55","version" => "1.50"},{"date" => "2006-10-04T18:55:28","version" => "1.51"},{"date" => "2006-11-13T18:01:56","version" => "1.52"},{"date" => "2006-12-05T09:32:56","version" => "1.53"},{"date" => "2007-02-05T20:00:01","version" => "1.54"},{"date" => "2007-03-21T07:32:33","version" => "1.55"},{"date" => "2007-04-16T21:02:13","version" => "1.56"},{"date" => "2007-04-26T20:37:24","version" => "1.57"},{"date" => "2007-05-11T18:20:57","version" => "1.58"},{"date" => "2007-05-22T17:31:31","version" => "1.59"},{"date" => "2007-10-24T04:09:35","version" => "1.60"},{"date" => "2008-03-09T04:28:27","version" => "1.70"},{"date" => "2008-09-14T00:41:35","version" => "1.71"},{"date" => "2008-09-22T01:40:20","version" => "1.72"},{"date" => "2009-10-05T20:51:59","version" => "1.73"},{"date" => "2010-03-20T07:59:03","version" => "1.74"},{"date" => "2010-04-02T22:32:03","version" => "1.75"},{"date" => "2010-06-18T01:52:54","version" => "1.76"},{"date" => "2011-01-16T05:20:16","version" => "1.77"},{"date" => "2011-01-23T05:33:07","version" => "1.78"},{"date" => "2011-06-15T23:59:19","version" => "1.79"},{"date" => "2012-02-27T07:02:28","version" => "1.80"}]},"Perldoc-Server" => {"advisories" => [{"affected_versions" => [">=0.09,<=0.10"],"cves" => ["CVE-2021-23432"],"description" => "This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()\n","distribution" => "Perldoc-Server","fixed_versions" => [],"id" => "CPANSA-Perldoc-Server-2021-23432-mootools","references" => ["https://snyk.io/vuln/SNYK-JS-MOOTOOLS-1325536"],"reported" => "2021-08-24","severity" => "critical"}],"main_module" => "Perldoc::Server","versions" => [{"date" => "2009-03-30T15:26:20","version" => "0.01"},{"date" => "2009-04-01T08:44:34","version" => "0.02"},{"date" => "2009-04-02T11:01:42","version" => "0.03"},{"date" => "2009-04-04T14:26:15","version" => "0.04"},{"date" => "2009-04-05T12:36:37","version" => "0.05"},{"date" => "2009-09-16T12:05:55","version" => "0.07"},{"date" => "2010-04-24T13:51:16","version" => "0.08"},{"date" => "2010-04-28T20:46:28","version" => "0.09"},{"date" => "2011-11-15T17:52:36","version" => "0.10"}]},"Pinto" => {"advisories" => [{"affected_versions" => ["<0.09995"],"cves" => [],"description" => "Pinto server allowed directory traveral.\n","distribution" => "Pinto","fixed_versions" => [">=0.09995"],"id" => "CPANSA-Pinto-2014-01","references" => ["https://metacpan.org/dist/Pinto/changes","https://github.com/thaljef/Pinto/commit/195d46eb4488a7dec6c39d6eb1c48dc872ab2b3b"],"reported" => "2014-08-19","reviewed_by" => [{"date" => "2022-06-28","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]}],"main_module" => "Pinto","versions" => [{"date" => "2011-07-26T21:17:47","version" => "0.001"},{"date" => "2011-07-27T00:22:00","version" => "0.002"},{"date" => "2011-08-04T06:00:27","version" => "0.003"},{"date" => "2011-08-04T07:24:59","version" => "0.004"},{"date" => "2011-08-04T07:46:03","version" => "0.005"},{"date" => "2011-08-04T07:54:24","version" => "0.006"},{"date" => "2011-08-04T15:07:03","version" => "0.007"},{"date" => "2011-08-09T21:49:02","version" => "0.008"},{"date" => "2011-08-13T00:51:56","version" => "0.009"},{"date" => "2011-08-14T20:32:00","version" => "0.010"},{"date" => "2011-08-15T04:14:45","version" => "0.011"},{"date" => "2011-08-17T16:12:20","version" => "0.012"},{"date" => "2011-08-17T23:14:14","version" => "0.014"},{"date" => "2011-08-18T08:57:36","version" => "0.015"},{"date" => "2011-08-18T09:03:09","version" => "0.016"},{"date" => "2011-08-24T07:53:18","version" => "0.017"},{"date" => "2011-08-24T08:48:57","version" => "0.018"},{"date" => "2011-08-24T11:16:38","version" => "0.019"},{"date" => "2011-08-29T03:46:11","version" => "0.020"},{"date" => "2011-08-30T08:20:49","version" => "0.021"},{"date" => "2011-08-31T08:35:52","version" => "0.022"},{"date" => "2011-08-31T21:22:32","version" => "0.023"},{"date" => "2011-09-01T22:29:05","version" => "0.024"},{"date" => "2011-12-02T11:21:54","version" => "0.025_001"},{"date" => "2011-12-02T12:42:45","version" => "0.025_002"},{"date" => "2011-12-03T12:16:42","version" => "0.025_003"},{"date" => "2011-12-07T15:26:36","version" => "0.025_004"},{"date" => "2011-12-07T20:09:02","version" => "0.026"},{"date" => "2011-12-08T23:27:07","version" => "0.027"},{"date" => "2011-12-12T09:32:39","version" => "0.028"},{"date" => "2011-12-15T08:31:43","version" => "0.029"},{"date" => "2012-01-27T06:05:38","version" => "0.030"},{"date" => "2012-02-28T13:23:36","version" => "0.031"},{"date" => "2012-03-01T18:43:41","version" => "0.032"},{"date" => "2012-03-15T14:00:07","version" => "0.033"},{"date" => "2012-04-05T02:08:20","version" => "0.035"},{"date" => "2012-04-09T07:18:50","version" => "0.036"},{"date" => "2012-04-11T03:02:41","version" => "0.037"},{"date" => "2012-04-17T01:21:11","version" => "0.038"},{"date" => "2012-05-01T20:52:05","version" => "0.040_001"},{"date" => "2012-05-04T23:28:00","version" => "0.040_002"},{"date" => "2012-05-05T04:42:35","version" => "0.040_003"},{"date" => "2012-05-15T18:18:01","version" => "0.041"},{"date" => "2012-05-18T04:59:37","version" => "0.042"},{"date" => "2012-06-19T17:58:05","version" => "0.043"},{"date" => "2012-07-15T08:45:52","version" => "0.044"},{"date" => "2012-07-24T06:18:49","version" => "0.045"},{"date" => "2012-08-13T22:50:28","version" => "0.046"},{"date" => "2012-08-14T00:27:03","version" => "0.047"},{"date" => "2012-08-15T16:28:03","version" => "0.048"},{"date" => "2012-08-15T21:30:01","version" => "0.050"},{"date" => "2012-08-16T01:31:42","version" => "0.051"},{"date" => "2012-09-18T23:20:20","version" => "0.052"},{"date" => "2012-09-20T04:03:53","version" => "0.053"},{"date" => "2012-09-20T05:07:44","version" => "0.054"},{"date" => "2012-09-20T20:40:05","version" => "0.055"},{"date" => "2012-09-27T20:45:51","version" => "0.056"},{"date" => "2012-10-07T21:25:33","version" => "0.057"},{"date" => "2012-10-12T06:19:44","version" => "0.058"},{"date" => "2012-10-20T08:01:03","version" => "0.059"},{"date" => "2012-10-23T21:41:47","version" => "0.060"},{"date" => "2012-10-31T00:23:58","version" => "0.061"},{"date" => "2012-11-08T18:57:09","version" => "0.062"},{"date" => "2012-11-12T20:03:29","version" => "0.063"},{"date" => "2012-11-12T21:58:57","version" => "0.064"},{"date" => "2012-11-14T18:00:34","version" => "0.065"},{"date" => "2013-03-15T23:28:13","version" => "0.065_01"},{"date" => "2013-03-16T06:44:49","version" => "0.065_02"},{"date" => "2013-03-19T22:58:08","version" => "0.065_03"},{"date" => "2013-03-20T23:12:44","version" => "0.065_04"},{"date" => "2013-03-20T23:28:07","version" => "0.065_05"},{"date" => "2013-03-23T07:33:37","version" => "0.065_06"},{"date" => "2013-03-26T23:29:22","version" => "0.066"},{"date" => "2013-03-30T07:51:45","version" => "0.067"},{"date" => "2013-04-05T05:47:08","version" => "0.068"},{"date" => "2013-04-21T16:55:30","version" => "0.079_01"},{"date" => "2013-04-23T07:53:34","version" => "0.079_04"},{"date" => "2013-04-26T17:50:55","version" => "0.080"},{"date" => "2013-04-26T21:00:35","version" => "0.081"},{"date" => "2013-04-29T17:02:33","version" => "0.082"},{"date" => "2013-05-13T21:45:43","version" => "0.083"},{"date" => "2013-05-15T00:34:13","version" => "0.084"},{"date" => "2013-06-16T08:05:08","version" => "0.084_01"},{"date" => "2013-06-17T04:08:49","version" => "0.084_02"},{"date" => "2013-06-17T20:09:55","version" => "0.085"},{"date" => "2013-06-18T10:08:10","version" => "0.086"},{"date" => "2013-06-20T01:50:39","version" => "0.087"},{"date" => "2013-07-09T08:19:39","version" => "0.087_01"},{"date" => "2013-07-21T08:38:23","version" => "0.087_03"},{"date" => "2013-07-27T03:21:44","version" => "0.087_04"},{"date" => "2013-07-30T07:00:31","version" => "0.087_05"},{"date" => "2013-08-15T18:00:31","version" => "0.088"},{"date" => "2013-08-19T20:34:32","version" => "0.089"},{"date" => "2013-08-23T22:02:45","version" => "0.090"},{"date" => "2013-10-25T19:22:19","version" => "0.091"},{"date" => "2013-11-20T19:18:40","version" => "0.092"},{"date" => "2013-12-22T00:41:08","version" => "0.093"},{"date" => "2013-12-22T09:07:09","version" => "0.094"},{"date" => "2013-12-23T07:49:14","version" => "0.095"},{"date" => "2014-01-07T18:57:51","version" => "0.096"},{"date" => "2014-01-08T07:10:26","version" => "0.097"},{"date" => "2014-01-17T20:57:05","version" => "0.097_01"},{"date" => "2014-01-23T08:46:47","version" => "0.097_02"},{"date" => "2014-01-23T22:17:10","version" => "0.097_03"},{"date" => "2014-01-25T23:24:17","version" => "0.097_04"},{"date" => "2014-01-28T01:01:18","version" => "0.098"},{"date" => "2014-01-28T10:07:29","version" => "0.098_01"},{"date" => "2014-01-28T20:44:00","version" => "0.099"},{"date" => "2014-02-01T01:30:41","version" => "0.0991"},{"date" => "2014-02-10T10:11:30","version" => "0.0992"},{"date" => "2014-02-23T22:14:22","version" => "0.0993"},{"date" => "2014-03-02T00:14:38","version" => "0.0994"},{"date" => "2014-03-05T09:16:04","version" => "0.0994_01"},{"date" => "2014-03-16T06:18:21","version" => "0.0994_02"},{"date" => "2014-03-16T07:56:27","version" => "0.0994_03"},{"date" => "2014-03-18T04:44:49","version" => "0.0994_04"},{"date" => "2014-03-19T04:24:14","version" => "0.0995"},{"date" => "2014-03-23T04:23:21","version" => "0.0996"},{"date" => "2014-03-24T04:02:32","version" => "0.0997"},{"date" => "2014-03-31T22:44:44","version" => "0.0998"},{"date" => "2014-04-04T06:05:12","version" => "0.0999"},{"date" => "2014-04-05T12:41:39","version" => "0.09991"},{"date" => "2014-04-23T22:27:50","version" => "0.09992"},{"date" => "2014-04-28T17:43:44","version" => "0.09992_01"},{"date" => "2014-04-29T21:34:32","version" => "0.09992_02"},{"date" => "2014-05-03T01:04:46","version" => "0.09993"},{"date" => "2014-08-20T01:44:36","version" => "0.09995"},{"date" => "2014-11-04T19:15:26","version" => "0.09996"},{"date" => "2015-03-24T08:26:01","version" => "0.09997"},{"date" => "2015-06-10T15:22:03","version" => "0.09998"},{"date" => "2015-06-14T05:30:55","version" => "0.09999"},{"date" => "2015-08-12T08:48:47","version" => "0.11"},{"date" => "2016-07-17T05:04:20","version" => "0.11_01"},{"date" => "2016-07-26T04:18:25","version" => "0.12"},{"date" => "2017-08-06T05:59:13","version" => "0.13"},{"date" => "2017-08-06T07:31:17","version" => "0.14"}]},"PlRPC" => {"advisories" => [{"affected_versions" => ["<=0.2020"],"cves" => ["CVE-2013-7284"],"description" => "The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "PlRPC","fixed_versions" => [],"id" => "CPANSA-PlRPC-2013-7284","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1051108","http://seclists.org/oss-sec/2014/q1/56","http://seclists.org/oss-sec/2014/q1/62","https://bugzilla.redhat.com/show_bug.cgi?id=1030572","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789","https://rt.cpan.org/Public/Bug/Display.html?id=90474"],"reported" => "2014-04-29","severity" => undef}],"main_module" => "Bundle::PlRPC","versions" => [{"date" => "1998-10-28T23:03:06","version" => "0.2001"},{"date" => "1999-01-15T09:26:43","version" => "0.2003"},{"date" => "1999-04-09T21:18:22","version" => "0.2010"},{"date" => "1999-06-21T09:10:10","version" => "0.2004"},{"date" => "1999-06-21T09:26:45","version" => "0.2011"},{"date" => "1999-06-26T16:21:38","version" => "0.2012"},{"date" => "2001-01-23T08:17:41","version" => "0.2013"},{"date" => "2001-01-23T15:57:05","version" => "0.2014"},{"date" => "2001-03-26T13:10:50","version" => "0.2015"},{"date" => "2001-10-01T02:45:21","version" => "0.2016"},{"date" => "2003-06-09T08:55:18","version" => "0.2017"},{"date" => "2004-07-27T07:47:32","version" => "0.2018"},{"date" => "2007-05-22T20:56:36","version" => "0.2018"},{"date" => "2007-06-17T20:00:21","version" => "0.2018"},{"date" => "2012-01-27T16:55:27","version" => "0.2021_01"}]},"Plack" => {"advisories" => [{"affected_versions" => ["<1.0034"],"cves" => [],"description" => "Fixed a possible directory traversal with Plack::App::File on Win32.\n","distribution" => "Plack","fixed_versions" => [">=1.0034"],"id" => "CPANSA-Plack-2015-0202","references" => [],"reported" => "2015-02-02"},{"affected_versions" => ["<1.0031"],"cves" => [],"description" => "Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files\n","distribution" => "Plack","fixed_versions" => [">=1.0031"],"id" => "CPANSA-Plack-2014-0801","references" => ["https://github.com/plack/Plack/pull/446"],"reported" => "2014-08-01"},{"affected_versions" => ["<1.0016"],"cves" => [],"description" => "Fixed directory traversal bug in Plack::App::File on win32 environments\n","distribution" => "Plack","fixed_versions" => [">=1.0016"],"id" => "CPANSA-Plack-2013-0131","references" => [],"reported" => "2013-01-31"}],"main_module" => "Plack","versions" => [{"date" => "2009-10-13T07:21:14","version" => "0.9000"},{"date" => "2009-10-13T07:59:20","version" => "0.9001"},{"date" => "2009-10-14T18:28:32","version" => "0.9002"},{"date" => "2009-10-19T02:19:08","version" => "0.9003"},{"date" => "2009-10-21T05:59:54","version" => "0.9004"},{"date" => "2009-10-22T03:55:53","version" => "0.9005"},{"date" => "2009-10-23T08:22:57","version" => "0.9006"},{"date" => "2009-10-25T00:49:12","version" => "0.9007"},{"date" => "2009-10-27T21:20:52","version" => "0.9008"},{"date" => "2009-11-08T04:51:25","version" => "0.9009"},{"date" => "2009-11-12T07:23:02","version" => "0.9010"},{"date" => "2009-11-12T11:57:16","version" => "0.9011"},{"date" => "2009-11-17T21:48:12","version" => "0.9012"},{"date" => "2009-11-19T02:29:16","version" => "0.9013"},{"date" => "2009-11-21T05:54:55","version" => "0.9014"},{"date" => "2009-11-26T08:39:53","version" => "0.9015"},{"date" => "2009-11-29T07:41:55","version" => "0.9016"},{"date" => "2009-11-29T08:40:10","version" => "0.9017"},{"date" => "2009-12-03T08:52:20","version" => "0.9018"},{"date" => "2009-12-06T06:01:48","version" => "0.9019"},{"date" => "2009-12-07T10:39:46","version" => "0.9020"},{"date" => "2009-12-08T22:32:02","version" => "0.9021"},{"date" => "2009-12-13T19:03:10","version" => "0.9022"},{"date" => "2009-12-17T21:22:18","version" => "0.9023"},{"date" => "2009-12-19T20:28:45","version" => "0.9024"},{"date" => "2009-12-26T01:16:08","version" => "0.9025"},{"date" => "2010-01-01T01:38:39","version" => "0.9026"},{"date" => "2010-01-04T00:36:24","version" => "0.9027"},{"date" => "2010-01-06T02:44:35","version" => "0.9028"},{"date" => "2010-01-08T03:13:27","version" => "0.9029"},{"date" => "2010-01-09T21:17:38","version" => "0.9030"},{"date" => "2010-01-11T19:34:54","version" => "0.9031"},{"date" => "2010-01-29T22:44:12","version" => "0.99_01"},{"date" => "2010-01-31T06:15:25","version" => "0.99_02"},{"date" => "2010-02-04T00:15:09","version" => "0.99_03"},{"date" => "2010-02-06T07:17:08","version" => "0.99_04"},{"date" => "2010-02-10T20:55:18","version" => "0.99_05"},{"date" => "2010-02-23T03:10:40","version" => "0.9910"},{"date" => "2010-02-23T09:58:27","version" => "0.9911"},{"date" => "2010-02-25T09:32:19","version" => "0.9912"},{"date" => "2010-02-26T03:16:42","version" => "0.9913"},{"date" => "2010-03-04T00:07:15","version" => "0.9914"},{"date" => "2010-03-08T09:35:55","version" => "0.9915"},{"date" => "2010-03-12T03:56:59","version" => "0.9916"},{"date" => "2010-03-17T22:41:16","version" => "0.9917"},{"date" => "2010-03-18T05:42:29","version" => "0.9918"},{"date" => "2010-03-18T05:56:03","version" => "0.9919"},{"date" => "2010-03-19T07:05:16","version" => "0.9920"},{"date" => "2010-03-25T22:10:09","version" => "0.99_21"},{"date" => "2010-03-26T02:51:33","version" => "0.99_22"},{"date" => "2010-03-27T08:06:00","version" => "0.99_23"},{"date" => "2010-03-27T20:36:26","version" => "0.99_24"},{"date" => "2010-03-28T02:06:23","version" => "0.9925"},{"date" => "2010-03-28T21:49:52","version" => "0.9926"},{"date" => "2010-03-29T19:51:35","version" => "0.9927"},{"date" => "2010-03-30T00:07:33","version" => "0.9928"},{"date" => "2010-03-31T07:37:38","version" => "0.9929"},{"date" => "2010-04-14T03:22:29","version" => "0.9930"},{"date" => "2010-04-17T06:54:58","version" => "0.9931"},{"date" => "2010-04-19T06:29:10","version" => "0.9932"},{"date" => "2010-04-27T21:35:45","version" => "0.9933"},{"date" => "2010-05-04T22:51:24","version" => "0.9934"},{"date" => "2010-05-05T22:21:08","version" => "0.9935"},{"date" => "2010-05-14T23:01:23","version" => "0.9936"},{"date" => "2010-05-15T06:14:20","version" => "0.9937"},{"date" => "2010-05-24T00:16:59","version" => "0.9938"},{"date" => "2010-07-03T01:04:03","version" => "0.9938"},{"date" => "2010-07-03T06:43:20","version" => "0.9940"},{"date" => "2010-07-09T01:22:49","version" => "0.9941"},{"date" => "2010-07-24T06:46:17","version" => "0.9942"},{"date" => "2010-07-30T20:26:59","version" => "0.9943"},{"date" => "2010-08-09T06:40:55","version" => "0.9944"},{"date" => "2010-08-19T23:32:19","version" => "0.9945"},{"date" => "2010-08-29T05:49:19","version" => "0.9946"},{"date" => "2010-09-09T09:27:05","version" => "0.9947"},{"date" => "2010-09-09T23:04:59","version" => "0.9948"},{"date" => "2010-09-14T19:01:11","version" => "0.9949"},{"date" => "2010-09-30T21:14:53","version" => "0.9950"},{"date" => "2010-10-25T21:19:36","version" => "0.9951"},{"date" => "2010-12-02T22:06:47","version" => "0.9952"},{"date" => "2010-12-03T22:52:23","version" => "0.9953"},{"date" => "2010-12-10T01:48:11","version" => "0.9954"},{"date" => "2010-12-10T02:03:59","version" => "0.9955"},{"date" => "2010-12-10T03:39:26","version" => "0.9956"},{"date" => "2010-12-16T19:33:28","version" => "0.9957"},{"date" => "2010-12-20T23:23:17","version" => "0.9958"},{"date" => "2010-12-21T19:58:23","version" => "0.9959"},{"date" => "2010-12-25T19:18:11","version" => "0.9960"},{"date" => "2011-01-08T05:54:56","version" => "0.9961"},{"date" => "2011-01-09T05:21:23","version" => "0.9962"},{"date" => "2011-01-11T00:51:33","version" => "0.9963"},{"date" => "2011-01-25T00:50:49","version" => "0.9964"},{"date" => "2011-01-25T07:13:52","version" => "0.9965"},{"date" => "2011-01-25T20:03:38","version" => "0.9966"},{"date" => "2011-01-25T22:27:44","version" => "0.9967"},{"date" => "2011-02-10T03:09:10","version" => "0.9968"},{"date" => "2011-02-19T05:56:47","version" => "0.9969"},{"date" => "2011-02-22T16:44:11","version" => "0.9970"},{"date" => "2011-02-23T22:07:39","version" => "0.9971"},{"date" => "2011-02-24T19:57:46","version" => "0.9972"},{"date" => "2011-02-26T17:48:50","version" => "0.9973"},{"date" => "2011-03-04T04:56:59","version" => "0.9974"},{"date" => "2011-03-24T18:38:08","version" => "0.99_75"},{"date" => "2011-04-09T01:29:10","version" => "0.9976"},{"date" => "2011-05-01T19:24:37","version" => "0.9977"},{"date" => "2011-05-04T18:31:01","version" => "0.9978"},{"date" => "2011-05-17T16:59:59","version" => "0.9979"},{"date" => "2011-06-07T03:29:28","version" => "0.9980"},{"date" => "2011-07-19T00:35:19","version" => "0.9981"},{"date" => "2011-07-19T20:14:06","version" => "0.9982"},{"date" => "2011-09-27T17:23:29","version" => "0.9983"},{"date" => "2011-10-03T16:57:23","version" => "0.9984"},{"date" => "2011-10-31T20:17:46","version" => "0.9985"},{"date" => "2012-03-12T18:29:44","version" => "0.9986"},{"date" => "2012-05-10T05:13:38","version" => "0.9987"},{"date" => "2012-05-11T10:27:33","version" => "0.9988"},{"date" => "2012-06-21T20:49:15","version" => "0.9989"},{"date" => "2012-07-18T18:17:16","version" => "0.9990"},{"date" => "2012-07-20T00:30:44","version" => "0.9991"},{"date" => "2012-07-20T02:12:14","version" => "1.0000"},{"date" => "2012-07-26T23:28:35","version" => "1.0001"},{"date" => "2012-08-14T00:09:45","version" => "1.0002"},{"date" => "2012-08-29T20:49:18","version" => "1.0003"},{"date" => "2012-09-20T02:21:25","version" => "1.0004"},{"date" => "2012-10-09T20:37:58","version" => "1.0005"},{"date" => "2012-10-18T23:10:01","version" => "1.0006"},{"date" => "2012-10-21T06:23:22","version" => "1.0007"},{"date" => "2012-10-23T01:54:12","version" => "1.0008"},{"date" => "2012-10-23T07:59:59","version" => "1.0009"},{"date" => "2012-11-02T20:33:36","version" => "1.0010"},{"date" => "2012-11-11T19:09:23","version" => "1.0011"},{"date" => "2012-11-14T20:02:29","version" => "1.0012"},{"date" => "2012-11-15T03:49:43","version" => "1.0013"},{"date" => "2012-12-03T18:30:20","version" => "1.0014"},{"date" => "2013-01-10T23:23:32","version" => "1.0015"},{"date" => "2013-01-31T21:28:36","version" => "1.0016"},{"date" => "2013-02-08T03:43:51","version" => "1.0017"},{"date" => "2013-03-08T18:47:51","version" => "1.0018"},{"date" => "2013-04-02T01:39:27","version" => "1.0019"},{"date" => "2013-04-02T02:39:03","version" => "1.0020"},{"date" => "2013-04-02T18:21:32","version" => "1.0021"},{"date" => "2013-04-02T19:38:30","version" => "1.0022"},{"date" => "2013-04-08T18:14:06","version" => "1.0023"},{"date" => "2013-05-01T17:07:27","version" => "1.0024"},{"date" => "2013-06-12T20:10:31","version" => "1.0025"},{"date" => "2013-06-13T06:01:17","version" => "1.0026"},{"date" => "2013-06-14T04:31:09","version" => "1.0027"},{"date" => "2013-06-15T08:44:43","version" => "1.0028"},{"date" => "2013-08-22T21:06:25","version" => "1.0029"},{"date" => "2013-11-23T07:55:52","version" => "1.0030"},{"date" => "2014-08-01T20:20:15","version" => "1.0031"},{"date" => "2014-10-04T18:14:01","version" => "1.0032"},{"date" => "2014-10-23T20:32:28","version" => "1.0033"},{"date" => "2015-02-02T20:44:19","version" => "1.0034"},{"date" => "2015-04-16T08:09:20","version" => "1.0035"},{"date" => "2015-06-03T19:03:39","version" => "1.0036"},{"date" => "2015-06-19T17:02:08","version" => "1.0037"},{"date" => "2015-11-25T20:37:51","version" => "1.0038"},{"date" => "2015-12-06T11:29:40","version" => "1.0039"},{"date" => "2016-04-01T16:58:21","version" => "1.0040"},{"date" => "2016-09-25T21:25:47","version" => "1.0041"},{"date" => "2016-09-29T05:38:42","version" => "1.0042"},{"date" => "2017-02-22T03:02:05","version" => "1.0043"},{"date" => "2017-04-27T17:48:20","version" => "1.0044"},{"date" => "2017-12-31T20:42:50","version" => "1.0045"},{"date" => "2018-02-10T07:52:31","version" => "1.0046"},{"date" => "2018-02-10T09:25:30","version" => "1.0047"},{"date" => "2020-11-30T00:21:36","version" => "1.0048"},{"date" => "2022-09-01T17:44:48","version" => "1.0049"},{"date" => "2022-09-05T15:48:11","version" => "1.0050"},{"date" => "2024-01-05T23:11:02","version" => "1.0051"},{"date" => "2024-09-30T20:39:33","version" => "1.0052"},{"date" => "2024-12-12T21:11:55","version" => "1.0053"}]},"Plack-Debugger" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Plack::Debugger","versions" => [{"date" => "2014-11-10T19:22:12","version" => "0.01"},{"date" => "2014-11-15T15:51:48","version" => "0.02"},{"date" => "2014-12-28T23:11:51","version" => "0.03"}]},"Plack-Middleware-Bootstrap" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Plack-Middleware-Bootstrap","fixed_versions" => [],"id" => "CPANSA-Plack-Middleware-Bootstrap-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "Plack::Middleware::Bootstrap","versions" => [{"date" => "2014-12-15T08:26:06","version" => "0.01"},{"date" => "2014-12-15T08:49:36","version" => "0.02"},{"date" => "2014-12-15T08:59:55","version" => "0.03"},{"date" => "2014-12-16T01:57:09","version" => "0.04"},{"date" => "2014-12-17T00:20:15","version" => "0.05"},{"date" => "2015-01-13T01:19:47","version" => "0.06"},{"date" => "2015-10-06T07:12:15","version" => "0.07"},{"date" => "2016-06-09T08:34:17","version" => "0.08"}]},"Plack-Middleware-Session" => {"advisories" => [{"affected_versions" => ["<=0.21"],"cves" => [],"description" => "Plack::Middleware::Session::Cookie 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server, when the middleware is enabled without a secret.\n","distribution" => "Plack-Middleware-Session","fixed_versions" => [">0.21"],"id" => "CPANSA-Plack-Middleware-Session-2014-01","references" => ["https://gist.github.com/miyagawa/2b8764af908a0dacd43d","https://metacpan.org/changes/distribution/Plack-Middleware-Session"],"reported" => "2014-08-11","severity" => "critical"},{"affected_versions" => ["<0.35"],"cves" => ["CVE-2025-40923"],"description" => "Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Plack-Middleware-Session","fixed_versions" => [">=0.35"],"id" => "CPANSA-Plack-Middleware-Session-2025-40923","references" => ["https://github.com/plack/Plack-Middleware-Session/commit/1fbfbb355e34e7f4b3906f66cf958cedadd2b9be.patch","https://github.com/plack/Plack-Middleware-Session/pull/52","https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.34/source/lib/Plack/Session/State.pm#L22","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Plack::Middleware::Session","versions" => [{"date" => "2009-12-15T18:59:13","version" => "0.01"},{"date" => "2009-12-19T19:27:38","version" => "0.02"},{"date" => "2010-01-07T22:12:43","version" => "0.03"},{"date" => "2010-01-30T21:46:53","version" => "0.09_01"},{"date" => "2010-01-31T07:17:07","version" => "0.09_02"},{"date" => "2010-02-03T04:46:20","version" => "0.09_03"},{"date" => "2010-02-23T03:16:31","version" => "0.10"},{"date" => "2010-02-27T10:47:17","version" => "0.11"},{"date" => "2010-07-07T22:55:18","version" => "0.12"},{"date" => "2010-12-22T17:00:14","version" => "0.13"},{"date" => "2011-03-29T20:50:06","version" => "0.14"},{"date" => "2012-09-04T21:16:35","version" => "0.15"},{"date" => "2013-02-10T19:43:11","version" => "0.16"},{"date" => "2013-02-11T23:45:49","version" => "0.17"},{"date" => "2013-02-12T10:57:14","version" => "0.17"},{"date" => "2013-06-24T23:09:39","version" => "0.20"},{"date" => "2013-10-12T18:42:26","version" => "0.21"},{"date" => "2014-08-11T17:18:03","version" => "0.22"},{"date" => "2014-08-11T17:23:40","version" => "0.23"},{"date" => "2014-09-05T11:48:57","version" => "0.24"},{"date" => "2014-09-29T03:07:54","version" => "0.25"},{"date" => "2015-02-03T08:17:55","version" => "0.26"},{"date" => "2015-02-14T00:52:35","version" => "0.27"},{"date" => "2015-02-16T16:30:31","version" => "0.28"},{"date" => "2015-02-17T23:57:32","version" => "0.29"},{"date" => "2015-03-02T18:25:56","version" => "0.30"},{"date" => "2019-02-26T19:01:59","version" => "0.31"},{"date" => "2019-02-26T21:36:43","version" => "0.32"},{"date" => "2019-03-09T23:19:27","version" => "0.33"},{"date" => "2024-09-23T16:54:44","version" => "0.34"},{"date" => "2025-07-07T22:51:18","version" => "0.35"},{"date" => "2025-07-23T19:02:02","version" => "0.36"}]},"Plack-Middleware-Session-Simple" => {"advisories" => [{"affected_versions" => ["<0.05"],"cves" => ["CVE-2025-40926"],"description" => "Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.  Plack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923.","distribution" => "Plack-Middleware-Session-Simple","fixed_versions" => [">=0.05"],"id" => "CPANSA-Plack-Middleware-Session-Simple-2025-40926","references" => ["https://github.com/kazeburo/Plack-Middleware-Session-Simple/commit/760bb358b8f53e52cf415888a4ac858fd99bb24e.patch","https://github.com/kazeburo/Plack-Middleware-Session-Simple/pull/4","https://metacpan.org/release/KAZEBURO/Plack-Middleware-Session-Simple-0.04/source/lib/Plack/Middleware/Session/Simple.pm#L43","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://www.cve.org/CVERecord?id=CVE-2025-40923"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Plack::Middleware::Session::Simple","versions" => [{"date" => "2013-10-25T05:18:35","version" => "0.01"},{"date" => "2013-10-27T14:44:57","version" => "0.02"},{"date" => "2014-10-20T14:22:04","version" => "0.03"},{"date" => "2018-03-03T04:50:44","version" => "0.04"},{"date" => "2026-03-08T14:44:02","version" => "0.05"}]},"Plack-Middleware-StaticShared" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "Vulnerability of directory traversal.\n","distribution" => "Plack-Middleware-StaticShared","fixed_versions" => [">=0.04"],"id" => "CPANSA-Plack-Middleware-StaticShared-2012-01","references" => ["https://metacpan.org/dist/Plack-Middleware-StaticShared/changes"],"reported" => "2012-04-26","severity" => undef}],"main_module" => "Plack::Middleware::StaticShared","versions" => [{"date" => "2010-12-03T11:42:11","version" => "0.01"},{"date" => "2011-08-03T00:32:41","version" => "0.02"},{"date" => "2011-08-10T14:36:03","version" => "0.03"},{"date" => "2012-04-26T03:37:11","version" => "0.04"},{"date" => "2013-01-24T10:40:54","version" => "0.05"},{"date" => "2016-06-09T03:53:36","version" => "0.06"}]},"Plack-Middleware-Statsd" => {"advisories" => [{"affected_versions" => ["<0.8.0"],"cves" => [],"description" => "Stats for request methods are only counted for ASCII words, anything else is counted as 'other'. Stats for content types are only counted for well-formed types.","distribution" => "Plack-Middleware-Statsd","fixed_versions" => [">=0.8.0"],"id" => "CPANSA-Plack-Middleware-Statsd-2025-001","references" => ["https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-m5mc-hhfv-6rjf","https://github.com/briandfoy/cpan-security-advisory/issues/198","https://metacpan.org/dist/Plack-Middleware-Statsd/changes"],"reported" => "2025-05-13","severity" => undef}],"main_module" => "Plack::Middleware::Statsd","versions" => [{"date" => "2018-01-31T18:15:11","version" => "v0.1.0"},{"date" => "2018-02-01T14:21:59","version" => "v0.1.1"},{"date" => "2018-02-01T17:21:50","version" => "v0.2.0"},{"date" => "2018-02-05T14:17:24","version" => "v0.2.1"},{"date" => "2018-02-06T11:11:05","version" => "v0.3.0"},{"date" => "2018-02-10T23:24:24","version" => "v0.3.1"},{"date" => "2018-02-10T23:37:02","version" => "v0.3.2"},{"date" => "2018-02-13T15:25:33","version" => "v0.3.3"},{"date" => "2018-03-01T15:40:24","version" => "v0.3.4"},{"date" => "2018-05-31T20:20:12","version" => "v0.3.5"},{"date" => "2018-10-16T21:39:35","version" => "v0.3.6"},{"date" => "2018-10-19T15:07:45","version" => "v0.3.7"},{"date" => "2018-11-30T01:31:20","version" => "v0.3.8"},{"date" => "2018-11-30T16:00:44","version" => "v0.3.9"},{"date" => "2019-12-18T23:46:32","version" => "v0.3.10"},{"date" => "2020-03-21T00:25:26","version" => "v0.4.0"},{"date" => "2020-03-21T17:16:50","version" => "v0.4.1"},{"date" => "2020-03-21T18:28:58","version" => "v0.4.2"},{"date" => "2020-03-23T09:00:09","version" => "v0.4.3"},{"date" => "2020-04-30T13:05:15","version" => "v0.4.4"},{"date" => "2020-05-11T17:29:43","version" => "v0.4.5"},{"date" => "2021-04-21T15:52:11","version" => "v0.4.6"},{"date" => "2021-04-27T15:48:15","version" => "v0.4.7"},{"date" => "2021-06-15T16:04:11","version" => "v0.5.0"},{"date" => "2021-07-03T13:09:16","version" => "v0.5.1"},{"date" => "2022-07-26T15:50:57","version" => "v0.6.0"},{"date" => "2022-09-02T15:06:07","version" => "v0.6.1"},{"date" => "2022-12-11T16:07:55","version" => "v0.6.2"},{"date" => "2023-06-15T18:46:16","version" => "v0.6.3"},{"date" => "2024-07-13T11:52:52","version" => "v0.7.0"},{"date" => "2024-07-20T11:53:49","version" => "v0.7.1"},{"date" => "2025-05-13T12:08:27","version" => "v0.8.0"},{"date" => "2025-08-07T12:10:59","version" => "v0.8.1"},{"date" => "2025-08-16T11:12:13","version" => "v0.8.2"}]},"Plack-Middleware-XSRFBlock" => {"advisories" => [{"affected_versions" => ["<0.0.19"],"cves" => ["CVE-2023-52431"],"description" => "When not using signed cookies, it was possible to bypass XSRFBlock by POSTing an empty form value and an empty cookie\n","distribution" => "Plack-Middleware-XSRFBlock","fixed_versions" => [">=0.0.19"],"id" => "CPANSA-Plack-Middleware-XSRFBlock-20230714-01","references" => ["https://metacpan.org/dist/Plack-Middleware-XSRFBlock/changes","https://metacpan.org/release/DAKKAR/Plack-Middleware-XSRFBlock-0.0.19/source/Changes","https://nvd.nist.gov/vuln/detail/CVE-2023-52431"],"reported" => "2023-07-14","severity" => undef}],"main_module" => "Plack::Middleware::XSRFBlock","versions" => [{"date" => "2013-06-20T11:01:27","version" => "0.0.0_01"},{"date" => "2013-06-21T14:07:31","version" => "0.0.0_02"},{"date" => "2013-06-21T14:48:20","version" => "0.0.0_03"},{"date" => "2013-06-21T15:04:00","version" => "0.0.0_04"},{"date" => "2013-06-23T23:30:14","version" => "0.0.0_05"},{"date" => "2013-10-21T15:36:45","version" => "0.0.1"},{"date" => "2014-03-28T11:34:07","version" => "0.0.2"},{"date" => "2014-06-24T15:02:09","version" => "0.0.3"},{"date" => "2014-07-09T12:44:23","version" => "0.0.4"},{"date" => "2014-07-22T15:29:19","version" => "0.0.5"},{"date" => "2014-08-05T20:48:41","version" => "0.0.6"},{"date" => "2014-08-28T16:51:49","version" => "0.0.7"},{"date" => "2014-09-18T08:03:26","version" => "0.0.8"},{"date" => "2014-10-13T10:16:45","version" => "0.0.9"},{"date" => "2015-07-18T22:04:22","version" => "0.0.10"},{"date" => "2015-09-07T16:45:50","version" => "0.0.11"},{"date" => "2017-07-13T10:36:46","version" => "0.0.12"},{"date" => "2018-07-23T11:02:29","version" => "0.0.13"},{"date" => "2018-07-23T16:19:18","version" => "0.0.14"},{"date" => "2018-07-24T12:45:15","version" => "0.0.15"},{"date" => "2018-07-25T13:24:47","version" => "0.0.16"},{"date" => "2022-10-17T09:58:14","version" => "0.0.17"},{"date" => "2023-07-13T09:16:48","version" => "0.0.18"},{"date" => "2023-07-14T09:17:25","version" => "0.0.19"}]},"Pod-Perldoc" => {"advisories" => [{"affected_versions" => ["<3.26"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Pod-Perldoc","fixed_versions" => [">=3.26"],"id" => "CPANSA-Pod-Perldoc-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Pod::Perldoc","versions" => [{"date" => "2002-11-11T10:33:54","version" => "3.04"},{"date" => "2002-11-12T05:04:50","version" => "3.05"},{"date" => "2002-11-22T10:04:59","version" => "3.06"},{"date" => "2002-12-02T05:24:12","version" => "3.07"},{"date" => "2003-01-19T03:50:24","version" => "3.08"},{"date" => "2003-07-24T14:38:18","version" => "3.09"},{"date" => "2003-09-11T07:02:58","version" => "3.10"},{"date" => "2003-10-12T23:01:05","version" => "3.11"},{"date" => "2003-10-22T01:02:23","version" => "3.12"},{"date" => "2004-04-10T02:26:31","version" => "3.13"},{"date" => "2004-11-30T22:34:04","version" => "3.14"},{"date" => "2007-08-23T12:55:53","version" => "3.14_01"},{"date" => "2007-08-23T18:18:55","version" => "3.14_02"},{"date" => "2007-09-04T13:39:37","version" => "3.14_03"},{"date" => "2008-04-16T14:37:04","version" => "3.14_04"},{"date" => "2008-04-22T18:26:25","version" => "3.14_05"},{"date" => "2008-05-03T00:43:47","version" => "3.14_06"},{"date" => "2008-05-08T14:33:08","version" => "3.14_07"},{"date" => "2008-11-01T15:01:44","version" => "3.15"},{"date" => "2009-09-30T17:29:52","version" => "3.15_01"},{"date" => "2011-11-13T23:32:29","version" => "3.15_08"},{"date" => "2011-11-14T19:38:57","version" => "3.15_09"},{"date" => "2011-11-20T01:58:40","version" => "3.15_10"},{"date" => "2011-11-29T19:10:49","version" => "3.15_11"},{"date" => "2011-12-09T13:03:26","version" => "3.15_12"},{"date" => "2011-12-14T10:17:10","version" => "3.15_13"},{"date" => "2011-12-18T16:08:00","version" => "3.15_14"},{"date" => "2012-01-06T16:47:58","version" => "3.15_15"},{"date" => "2012-03-17T05:02:18","version" => "3.16"},{"date" => "2012-03-18T03:01:03","version" => "3.17"},{"date" => "2013-01-28T04:11:09","version" => "3.18"},{"date" => "2013-01-28T04:33:05","version" => "3.19"},{"date" => "2013-01-29T02:56:49","version" => "3.19_01"},{"date" => "2013-04-27T05:51:04","version" => "3.20"},{"date" => "2013-11-19T17:18:23","version" => "3.21_01"},{"date" => "2014-01-06T02:28:01","version" => "3.21"},{"date" => "2014-01-31T05:43:36","version" => "3.22_01"},{"date" => "2014-02-05T05:17:44","version" => "3.22_02"},{"date" => "2014-02-23T19:09:39","version" => "3.23"},{"date" => "2014-08-16T16:52:05","version" => "3.23_01"},{"date" => "2014-08-19T03:49:18","version" => "3.24"},{"date" => "2014-09-10T03:32:34","version" => "3.24_01"},{"date" => "2015-01-21T03:18:32","version" => "3.24_02"},{"date" => "2015-02-12T03:13:45","version" => "3.25"},{"date" => "2016-01-12T14:43:09","version" => "3.25_02"},{"date" => "2016-07-28T04:44:07","version" => "3.26"},{"date" => "2016-07-30T16:09:06","version" => "3.26_01"},{"date" => "2016-08-02T16:35:03","version" => "3.26_02"},{"date" => "2016-08-03T20:48:54","version" => "3.27"},{"date" => "2016-10-16T02:46:57","version" => "3.27_01"},{"date" => "2017-03-01T22:00:04","version" => "3.27_02"},{"date" => "2017-03-16T01:14:07","version" => "3.28"},{"date" => "2023-12-06T07:21:16","version" => "3.28_01"},{"date" => "2025-02-16T02:15:19","version" => "3.29"},{"date" => "2010-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011005","version" => "3.15_02"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "3.15_03"},{"date" => "2011-06-16T00:00:00","dual_lived" => 1,"perl_release" => "5.014001","version" => "3.15_04"},{"date" => "2011-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015","version" => "3.15_05"},{"date" => "2011-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015001","version" => "3.15_06"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "3.15_07"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "3.25_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "3.25_03"},{"date" => "2017-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027005","version" => "3.2801"}]},"Prima-codecs-win32" => {"advisories" => [{"affected_versions" => [">=1.00,<=1.01"],"cves" => ["CVE-2017-12652"],"description" => "libpng before 1.6.32 does not properly check the length of chunks against the user limit.\n","distribution" => "Prima-codecs-win32","fixed_versions" => [],"id" => "CPANSA-Prima-codecs-win32-2017-12652-libpng","references" => ["https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","http://www.securityfocus.com/bid/109269","https://support.f5.com/csp/article/K88124225","https://support.f5.com/csp/article/K88124225?utm_source=f5support&amp;utm_medium=RSS","https://security.netapp.com/advisory/ntap-20220506-0003/"],"reported" => "2019-07-10","severity" => "critical"}],"main_module" => "Prima::codecs::win32","versions" => [{"date" => "2008-04-19T17:18:34","version" => "1.00"},{"date" => "2008-04-28T19:10:04","version" => "1.01"}]},"Prima-codecs-win64" => {"advisories" => [{"affected_versions" => [">=1.01,<=1.02"],"cves" => ["CVE-2017-12652"],"description" => "libpng before 1.6.32 does not properly check the length of chunks against the user limit.\n","distribution" => "Prima-codecs-win64","fixed_versions" => [],"id" => "CPANSA-Prima-codecs-win64-2017-12652-libpng","references" => ["https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","http://www.securityfocus.com/bid/109269","https://support.f5.com/csp/article/K88124225","https://support.f5.com/csp/article/K88124225?utm_source=f5support&amp;utm_medium=RSS","https://security.netapp.com/advisory/ntap-20220506-0003/"],"reported" => "2019-07-10","severity" => "critical"}],"main_module" => "Prima::codecs::win64","versions" => [{"date" => "2011-03-26T20:49:34","version" => "1.01"},{"date" => "2012-02-07T19:35:40","version" => "1.02"}]},"Proc-Daemon" => {"advisories" => [{"affected_versions" => ["<0.14"],"cves" => ["CVE-2013-7135"],"description" => "The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.\n","distribution" => "Proc-Daemon","fixed_versions" => [],"id" => "CPANSA-Proc-Daemon-2013-7135","references" => ["http://www.openwall.com/lists/oss-security/2014/01/07/7","http://www.openwall.com/lists/oss-security/2013/12/16/5","http://www.openwall.com/lists/oss-security/2013/12/18/2","https://rt.cpan.org/Public/Bug/Display.html?id=91450","http://www.mandriva.com/security/advisories?name=MDVSA-2014:021"],"reported" => "2014-01-28","severity" => undef}],"main_module" => "Proc::Daemon","versions" => [{"date" => "1998-01-27T18:42:37","version" => "0.01"},{"date" => "1999-04-17T19:55:07","version" => "0.02"},{"date" => "2003-06-19T22:58:30","version" => "0.03"},{"date" => "2010-10-23T23:11:32","version" => "0.04"},{"date" => "2010-10-28T20:25:50","version" => "0.05"},{"date" => "2011-01-17T22:14:07","version" => "0.06"},{"date" => "2011-02-17T19:34:32","version" => "0.07"},{"date" => "2011-03-13T17:38:15","version" => "0.08"},{"date" => "2011-03-15T07:05:00","version" => "0.09"},{"date" => "2011-04-01T19:26:32","version" => "0.10"},{"date" => "2011-05-23T14:48:37","version" => "0.11"},{"date" => "2011-05-24T17:12:19","version" => "0.12"},{"date" => "2011-06-01T11:39:51","version" => "0.13"},{"date" => "2011-06-03T09:06:45","version" => "0.14"},{"date" => "2015-01-22T00:22:38","version" => "0.15"},{"date" => "2015-01-23T00:10:30","version" => "0.16"},{"date" => "2015-01-23T23:23:49","version" => "0.17"},{"date" => "2015-01-27T01:03:25","version" => "0.18"},{"date" => "2015-03-22T09:37:55","version" => "0.19"},{"date" => "2015-06-24T04:34:03","version" => "0.20"},{"date" => "2015-08-07T01:52:52","version" => "0.21"},{"date" => "2015-10-29T00:30:34","version" => "0.22"},{"date" => "2016-01-01T18:51:05","version" => "0.23"}]},"Proc-ProcessTable" => {"advisories" => [{"affected_versions" => [">=0.45,<0.47"],"cves" => ["CVE-2011-4363"],"description" => "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.\n","distribution" => "Proc-ProcessTable","fixed_versions" => [">=0.47"],"id" => "CPANSA-Proc-ProcessTable-2011-4363","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500","http://www.osvdb.org/77428","http://www.openwall.com/lists/oss-security/2011/11/30/2","http://www.securityfocus.com/bid/50868","https://rt.cpan.org/Public/Bug/Display.html?id=72862","http://www.openwall.com/lists/oss-security/2011/11/30/3","http://secunia.com/advisories/47015","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"],"reported" => "2012-10-07","severity" => undef}],"main_module" => "Proc::ProcessTable","versions" => [{"date" => "1998-07-23T12:59:39","version" => "0.01"},{"date" => "1998-07-24T12:50:40","version" => "0.02"},{"date" => "1998-07-26T13:18:26","version" => "0.03"},{"date" => "1998-08-15T21:22:20","version" => "0.04"},{"date" => "1998-12-09T23:53:30","version" => "0.05"},{"date" => "1998-12-10T04:51:19","version" => "0.06"},{"date" => "1999-02-05T03:21:51","version" => "0.08"},{"date" => "1999-02-20T04:27:53","version" => "0.09"},{"date" => "1999-02-20T16:36:14","version" => "0.10"},{"date" => "1999-03-07T00:16:52","version" => "0.11"},{"date" => "1999-03-21T16:07:46","version" => "0.12"},{"date" => "1999-05-14T02:10:41","version" => "0.13"},{"date" => "1999-05-16T01:22:45","version" => "0.14"},{"date" => "1999-06-02T02:39:22","version" => "0.15"},{"date" => "1999-08-10T03:45:58","version" => "0.16"},{"date" => "1999-08-19T15:45:19","version" => "0.17"},{"date" => "1999-08-19T17:44:22","version" => "0.18"},{"date" => "1999-09-09T02:45:48","version" => "0.20"},{"date" => "1999-09-10T16:51:02","version" => "0.21"},{"date" => "1999-10-05T12:34:33","version" => "0.22"},{"date" => "1999-11-01T13:55:15","version" => "0.23"},{"date" => "2000-01-20T20:57:35","version" => "0.24"},{"date" => "2000-02-03T16:28:46","version" => "0.25"},{"date" => "2000-02-11T21:56:23","version" => "0.26"},{"date" => "2000-06-29T12:38:46","version" => "0.27"},{"date" => "2000-08-14T09:25:19","version" => "0.28"},{"date" => "2001-01-09T12:47:49","version" => "0.29"},{"date" => "2001-03-08T02:57:16","version" => "0.30"},{"date" => "2001-06-01T12:39:15","version" => "0.31"},{"date" => "2001-08-20T02:41:52","version" => "0.32"},{"date" => "2001-10-16T13:32:04","version" => "0.33"},{"date" => "2002-02-25T03:17:15","version" => "0.34"},{"date" => "2002-07-03T04:31:57","version" => "0.35"},{"date" => "2002-11-08T02:31:59","version" => "0.36"},{"date" => "2002-11-08T14:59:11","version" => "0.37"},{"date" => "2002-12-07T03:33:51","version" => "0.38"},{"date" => "2003-10-03T17:45:51","version" => "0.39"},{"date" => "2005-07-11T01:33:32","version" => "0.40"},{"date" => "2006-07-01T04:27:59","version" => "0.41"},{"date" => "2008-01-26T05:34:53","version" => "0.42"},{"date" => "2008-07-18T04:05:51","version" => "0.43"},{"date" => "2008-07-25T14:29:08","version" => "0.44"},{"date" => "2008-09-08T15:39:40","version" => "0.45"},{"date" => "2012-10-19T13:58:48","version" => "0.46"},{"date" => "2013-02-16T16:06:35","version" => "0.47"},{"date" => "2013-05-26T22:20:21","version" => "0.48"},{"date" => "2013-12-05T23:31:39","version" => "0.49"},{"date" => "2013-12-15T15:47:54","version" => "0.50"},{"date" => "2014-05-17T21:03:43","version" => "0.50_01"},{"date" => "2014-10-17T22:56:58","version" => "0.51"},{"date" => "2015-08-23T10:12:37","version" => "0.52"},{"date" => "2015-08-24T19:36:41","version" => "0.53"},{"date" => "2018-02-01T21:02:36","version" => "0.54"},{"date" => "2018-02-01T21:57:51","version" => "0.55"},{"date" => "2019-02-07T22:38:02","version" => "0.56"},{"date" => "2019-06-14T21:16:11","version" => "0.56_01"},{"date" => "2019-06-15T11:28:52","version" => "0.56_02"},{"date" => "2019-06-15T18:56:51","version" => "0.57"},{"date" => "2019-06-15T19:20:02","version" => "0.58"},{"date" => "2019-06-20T19:35:05","version" => "0.59"},{"date" => "2021-08-14T16:19:38","version" => "0.60"},{"date" => "2021-08-17T22:50:12","version" => "0.61"},{"date" => "2021-08-18T06:57:20","version" => "0.611"},{"date" => "2021-09-08T10:39:21","version" => "0.612"},{"date" => "2021-09-13T14:03:14","version" => "0.62"},{"date" => "2021-09-26T21:58:24","version" => "0.631"},{"date" => "2021-09-26T22:35:32","version" => "0.632"},{"date" => "2021-09-26T23:01:20","version" => "0.633"},{"date" => "2021-09-26T23:04:23","version" => "0.634"},{"date" => "2023-05-08T06:51:59","version" => "0.635"},{"date" => "2023-06-21T06:25:43","version" => "0.636"},{"date" => "2025-07-28T20:23:29","version" => "0.637"}]},"RPC-XML" => {"advisories" => [{"affected_versions" => ["<0.45"],"cves" => [],"description" => "A a potential security hole in the parsing of external entities.\n","distribution" => "RPC-XML","fixed_versions" => [">=0.45"],"id" => "CPANSA-RPC-XML-2002-01","references" => ["https://metacpan.org/dist/RPC-XML/changes"],"reported" => "2002-10-29"}],"main_module" => "RPC::XML","versions" => [{"date" => "2001-06-13T06:30:46","version" => "0.25"},{"date" => "2001-06-27T06:18:37","version" => "0.26"},{"date" => "2001-07-08T23:38:52","version" => "0.27"},{"date" => "2001-10-08T05:10:22","version" => "0.28"},{"date" => "2001-12-03T07:08:58","version" => "0.29"},{"date" => "2002-01-03T09:49:30","version" => "0.30"},{"date" => "2002-01-28T00:48:45","version" => "0.35"},{"date" => "2002-01-29T20:03:48","version" => "0.36"},{"date" => "2002-03-23T06:39:00","version" => "0.37"},{"date" => "2002-05-04T07:56:19","version" => "0.40"},{"date" => "2002-05-22T10:04:14","version" => "0.41"},{"date" => "2002-08-01T08:41:21","version" => "0.42"},{"date" => "2002-08-19T05:56:10","version" => "0.43"},{"date" => "2002-08-31T06:58:58","version" => "0.44"},{"date" => "2002-10-30T05:15:04","version" => "0.45"},{"date" => "2002-12-30T07:51:25","version" => "0.46"},{"date" => "2003-01-27T11:37:20","version" => "0.50"},{"date" => "2003-01-30T09:36:24","version" => "0.51"},{"date" => "2003-02-10T09:48:58","version" => "0.52"},{"date" => "2003-02-25T09:25:51","version" => "0.53"},{"date" => "2004-04-14T12:55:46","version" => "0.54"},{"date" => "2004-11-30T09:27:12","version" => "0.55"},{"date" => "2004-12-09T09:29:34","version" => "0.56"},{"date" => "2004-12-24T11:07:31","version" => "0.57"},{"date" => "2005-05-12T10:47:19","version" => "0.58"},{"date" => "2006-06-30T07:56:12","version" => "0.59"},{"date" => "2008-04-09T17:59:42","version" => "0.60"},{"date" => "2008-09-15T10:19:12","version" => "0.61"},{"date" => "2008-09-19T09:16:21","version" => "0.62"},{"date" => "2008-09-19T09:28:08","version" => "0.63"},{"date" => "2008-09-29T11:24:26","version" => "0.64"},{"date" => "2009-06-17T13:19:54","version" => "0.65"},{"date" => "2009-07-09T14:42:56","version" => "0.66"},{"date" => "2009-07-10T08:34:44","version" => "0.67"},{"date" => "2009-09-03T17:37:20","version" => "0.69"},{"date" => "2009-12-07T06:33:13","version" => "0.70"},{"date" => "2009-12-08T04:11:10","version" => "0.71"},{"date" => "2009-12-14T05:48:11","version" => "0.72"},{"date" => "2010-03-17T05:55:29","version" => "0.73"},{"date" => "2011-01-23T21:08:04","version" => "0.74"},{"date" => "2011-08-14T00:40:40","version" => "0.75"},{"date" => "2011-08-21T19:48:16","version" => "0.76"},{"date" => "2012-09-03T18:58:22","version" => "0.77"},{"date" => "2014-02-07T04:15:00","version" => "0.78"},{"date" => "2015-05-01T16:02:19","version" => "0.79"},{"date" => "2016-05-08T20:17:31","version" => "0.80"},{"date" => "2021-01-06T02:49:51","version" => "0.81"},{"date" => "2021-01-06T18:05:35","version" => "0.82"}]},"RT-Authen-ExternalAuth" => {"advisories" => [{"affected_versions" => ["<0.27"],"cves" => ["CVE-2017-5361"],"description" => "Timing sidechannel vulnerability in password checking.\n","distribution" => "RT-Authen-ExternalAuth","fixed_versions" => [">=0.27"],"id" => "CPANSA-RT-Authen-ExternalAuth-2017-01","references" => ["https://metacpan.org/changes/distribution/RT-Authen-ExternalAuth"],"reported" => "2017-06-15"}],"main_module" => "RT::Authen::ExternalAuth","versions" => [{"date" => "2008-03-13T16:16:36","version" => "0.01"},{"date" => "2008-03-17T13:34:40","version" => "0.02"},{"date" => "2008-03-31T14:55:18","version" => "0.03"},{"date" => "2008-04-03T14:20:36","version" => "0.04"},{"date" => "2008-04-09T08:57:51","version" => "0.05"},{"date" => "2008-10-17T13:22:11","version" => "0.06_01"},{"date" => "2008-10-17T16:41:34","version" => "0.06_02"},{"date" => "2008-10-31T12:08:54","version" => "0.06_02"},{"date" => "2008-11-01T18:23:27","version" => "0.06_02"},{"date" => "2008-11-06T21:16:42","version" => "0.06_02"},{"date" => "2008-12-22T22:08:06","version" => "0.07_02"},{"date" => "2009-01-20T21:09:48","version" => "0.07_02"},{"date" => "2009-01-24T13:52:42","version" => "0.07_02"},{"date" => "2011-02-19T00:43:35","version" => "0.08_01"},{"date" => "2011-04-15T19:46:43","version" => "0.08_02"},{"date" => "2011-05-06T21:08:52","version" => "0.09"},{"date" => "2012-01-23T17:51:41","version" => "0.09_01"},{"date" => "2012-01-26T18:48:51","version" => "0.09_02"},{"date" => "2012-01-27T23:07:12","version" => "0.09_03"},{"date" => "2012-02-17T16:34:10","version" => "0.10"},{"date" => "2012-02-23T16:31:54","version" => "0.10_01"},{"date" => "2012-07-25T08:57:21","version" => "0.11"},{"date" => "2012-07-25T18:36:36","version" => "0.11"},{"date" => "2012-10-26T19:59:54","version" => "0.12"},{"date" => "2013-01-31T19:22:43","version" => "0.13"},{"date" => "2013-05-22T21:28:15","version" => "0.14"},{"date" => "2013-05-23T00:20:43","version" => "0.15"},{"date" => "2013-06-27T19:24:37","version" => "0.16"},{"date" => "2013-07-10T19:43:08","version" => "0.17"},{"date" => "2014-03-07T22:19:49","version" => "0.18"},{"date" => "2014-04-04T17:21:04","version" => "0.19"},{"date" => "2014-04-09T19:34:29","version" => "0.20"},{"date" => "2014-07-02T02:20:30","version" => "0.21"},{"date" => "2014-08-14T04:04:28","version" => "0.22_01"},{"date" => "2014-08-14T17:28:53","version" => "0.23"},{"date" => "2014-09-30T22:04:16","version" => "0.23_01"},{"date" => "2014-10-09T16:24:49","version" => "0.24"},{"date" => "2014-10-16T20:59:29","version" => "0.25"},{"date" => "2016-08-02T16:14:34","version" => "0.26"},{"date" => "2017-06-15T18:44:24","version" => "0.27"}]},"RT-Extension-MobileUI" => {"advisories" => [{"affected_versions" => ["<1.02"],"cves" => ["CVE-2012-2769"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page.\n","distribution" => "RT-Extension-MobileUI","fixed_versions" => [">=1.02"],"id" => "CPANSA-RT-Extension-MobileUI-2012-01","references" => ["https://metacpan.org/changes/distribution/RT-Extension-MobileUI"],"reported" => "2012-05-18"}],"main_module" => "RT::Extension::MobileUI","versions" => [{"date" => "2010-08-05T20:58:09","version" => "0.9"},{"date" => "2010-08-06T15:38:53","version" => "0.91"},{"date" => "2010-08-06T15:58:11","version" => "0.92"},{"date" => "2010-08-06T17:55:08","version" => "0.93"},{"date" => "2010-08-09T13:36:43","version" => "0.94"},{"date" => "2010-08-09T13:44:33","version" => "0.95"},{"date" => "2010-08-26T21:28:07","version" => "0.96"},{"date" => "2010-09-06T18:11:56","version" => "0.96"},{"date" => "2010-10-28T15:50:29","version" => "0.98"},{"date" => "2010-10-29T14:08:08","version" => "0.99"},{"date" => "2010-11-19T18:11:43","version" => "1.00"},{"date" => "2010-12-08T16:36:01","version" => "1.01"},{"date" => "2012-07-25T08:57:33","version" => "1.02"},{"date" => "2012-07-25T18:36:52","version" => "1.02"},{"date" => "2012-08-27T16:42:55","version" => "1.03"},{"date" => "2013-06-12T19:09:14","version" => "1.04"},{"date" => "2013-08-13T18:06:54","version" => "1.05"},{"date" => "2014-04-23T20:25:25","version" => "1.06"},{"date" => "2014-04-23T20:26:56","version" => "1.07"}]},"RTMP-Client" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "TBD\n","distribution" => "RTMP-Client","fixed_versions" => [">=0.04"],"id" => "CPANSA-RTMP-Client-2011-01","references" => ["https://metacpan.org/changes/distribution/RTMP-Client"],"reported" => "2011-12-01"}],"main_module" => "RTMP::Client","versions" => [{"date" => "2011-07-26T08:17:20","version" => "0.01"},{"date" => "2011-07-27T02:09:05","version" => "0.02"},{"date" => "2011-07-27T02:17:06","version" => "0.03"},{"date" => "2011-12-01T08:59:19","version" => "0.04"}]},"Redis-Fast" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.14"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => [">=0.15,<=0.16"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => [">=0.17,<=0.26"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => [">=0.27,<=0.31"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"}],"main_module" => "Redis::Fast","versions" => [{"date" => "2013-10-10T16:48:55","version" => "0.01"},{"date" => "2013-10-13T13:31:18","version" => "0.02"},{"date" => "2013-10-16T12:17:21","version" => "0.03"},{"date" => "2013-12-10T02:59:49","version" => "0.04"},{"date" => "2013-12-20T02:25:52","version" => "0.05"},{"date" => "2014-02-01T02:03:01","version" => "0.06"},{"date" => "2014-05-17T07:23:45","version" => "0.07"},{"date" => "2014-05-31T03:52:00","version" => "0.08"},{"date" => "2014-07-08T15:52:19","version" => "0.09"},{"date" => "2014-07-16T01:00:34","version" => "0.10"},{"date" => "2014-07-16T02:35:51","version" => "0.11"},{"date" => "2014-09-08T16:22:31","version" => "0.12"},{"date" => "2014-10-16T11:25:20","version" => "0.13"},{"date" => "2014-12-07T13:36:56","version" => "0.14"},{"date" => "2015-03-10T14:15:01","version" => "0.15"},{"date" => "2015-03-12T02:37:40","version" => "0.16"},{"date" => "2016-01-23T06:47:00","version" => "0.17"},{"date" => "2016-01-26T13:13:22","version" => "0.18"},{"date" => "2016-12-20T11:37:58","version" => "0.19"},{"date" => "2017-02-25T22:54:41","version" => "0.20"},{"date" => "2018-01-28T01:08:06","version" => "0.21"},{"date" => "2018-08-12T06:30:24","version" => "0.22"},{"date" => "2019-05-29T11:24:31","version" => "0.23"},{"date" => "2019-08-19T22:59:06","version" => "0.24"},{"date" => "2019-08-20T02:35:05","version" => "0.25"},{"date" => "2020-05-02T04:21:12","version" => "0.26"},{"date" => "2020-08-08T22:48:49","version" => "0.27"},{"date" => "2020-11-01T23:10:16","version" => "0.28"},{"date" => "2021-01-17T10:40:10","version" => "0.29"},{"date" => "2021-05-07T13:10:39","version" => "0.30"},{"date" => "2021-07-04T06:57:25","version" => "0.31"},{"date" => "2021-10-16T07:19:44","version" => "0.32"},{"date" => "2021-10-30T11:33:21","version" => "0.33"},{"date" => "2022-06-07T22:23:52","version" => "0.34"},{"date" => "2022-11-19T06:52:56","version" => "0.35"},{"date" => "2023-07-05T20:28:55","version" => "0.36"},{"date" => "2024-03-08T16:30:57","version" => "0.37"}]},"Redis-hiredis" => {"advisories" => [{"affected_versions" => ["==0.9.2,>=0.9.2.1,<0.9.2.8"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => ["==0.10.1"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => ["==0.10.2"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => ["==0.11.0"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"}],"main_module" => "Redis::hiredis","versions" => [{"date" => "2010-08-29T15:04:34","version" => "v0.0.1"},{"date" => "2010-08-31T21:10:48","version" => "v0.0.2"},{"date" => "2010-11-03T03:16:19","version" => "v0.0.3"},{"date" => "2010-12-23T22:44:49","version" => "0.9.2"},{"date" => "2010-12-24T15:19:10","version" => "0.9.2.1"},{"date" => "2011-01-03T14:51:09","version" => "0.9.2.2"},{"date" => "2011-01-09T01:19:16","version" => "0.9.2.3"},{"date" => "2011-02-19T17:57:38","version" => "0.9.2.4"},{"date" => "2011-02-20T02:07:52","version" => "0.9.2.5"},{"date" => "2011-03-01T01:47:19","version" => "0.9.2.6"},{"date" => "2012-04-07T15:01:24","version" => "0.10.1"},{"date" => "2012-06-28T14:54:48","version" => "0.10.2"},{"date" => "2013-04-02T14:14:24","version" => "v0.11.0"}]},"Redland" => {"advisories" => [{"affected_versions" => ["==0.9.13,==0.9.13.2"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==0.9.14.1"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==1.0.5.2,==1.0.5.3"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==1.0.13.1"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef}],"main_module" => "RDF::Redland::World","versions" => [{"date" => "2003-09-04T14:24:10","version" => "v0.9.13"},{"date" => "2003-09-07T19:13:18","version" => "v0.9.13.2"},{"date" => "2003-09-08T18:13:06","version" => "v0.9.14.1"},{"date" => "2006-11-28T06:09:59","version" => "v1.0.5.2"},{"date" => "2006-11-29T06:05:03","version" => "v1.0.5.3"},{"date" => "2006-11-30T19:01:24","version" => "v1.0.5.4"},{"date" => "2011-03-29T11:33:50","version" => "v1.0.13.1"}]},"Resource-Pack-jQuery" => {"advisories" => [{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Resource::Pack::jQuery","versions" => [{"date" => "2010-04-19T20:02:13","version" => "0.01"}]},"SOAP-Lite" => {"advisories" => [{"affected_versions" => ["<1.15"],"cves" => ["CVE-2015-8978"],"description" => "An example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.\n","distribution" => "SOAP-Lite","fixed_versions" => [">=1.15"],"id" => "CPANSA-SOAP-Lite-2015-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite","https://www.securityfocus.com/bid/94487","https://github.com/redhotpenguin/perl-soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124"],"reported" => "2015-07-21"},{"affected_versions" => ["<0.55"],"cves" => ["CVE-2002-1742"],"description" => "Allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger.\n","distribution" => "SOAP-Lite","fixed_versions" => [">=0.55"],"id" => "CPANSA-SOAP-Lite-2002-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite"],"reported" => "2002-04-08","severity" => "high"},{"affected_versions" => ["<0.38"],"cves" => [],"description" => "Security problem on server side (no more details).\n","distribution" => "SOAP-Lite","fixed_versions" => [">=0.38"],"id" => "CPANSA-SOAP-Lite-2000-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite"],"reported" => "2000-10-05"}],"main_module" => "SOAP::Lite","versions" => [{"date" => "2000-09-25T01:49:14","version" => "0.36"},{"date" => "2000-10-06T01:58:32","version" => "0.38"},{"date" => "2000-10-09T04:27:51","version" => "0.39"},{"date" => "2000-10-16T05:12:09","version" => "0.40"},{"date" => "2000-10-31T15:10:52","version" => "0.41"},{"date" => "2000-11-15T15:00:57","version" => "0.42"},{"date" => "2000-11-28T20:43:40","version" => "0.43"},{"date" => "2000-12-13T07:37:47","version" => "0.44"},{"date" => "2001-01-17T17:28:31","version" => "0.45"},{"date" => "2001-02-01T02:23:51","version" => "0.46"},{"date" => "2001-02-22T07:28:20","version" => "0.47"},{"date" => "2001-04-18T19:09:15","version" => "0.50"},{"date" => "2001-07-18T22:39:30","version" => "0.51"},{"date" => "2001-11-21T19:35:24","version" => "0.52"},{"date" => "2002-04-16T05:20:54","version" => "0.55"},{"date" => "2003-10-28T19:27:00","version" => "0.60"},{"date" => "2004-02-26T16:36:26","version" => "0.60"},{"date" => "2005-02-22T01:57:43","version" => "0.65_3"},{"date" => "2005-04-03T09:20:17","version" => "0.65_4"},{"date" => "2005-05-06T17:24:23","version" => "0.65_5"},{"date" => "2005-06-03T19:23:20","version" => "0.65_6"},{"date" => "2005-12-25T08:42:50","version" => "0.66"},{"date" => "2006-01-04T23:14:27","version" => "0.66.1"},{"date" => "2006-01-27T21:43:49","version" => "0.67"},{"date" => "2006-07-06T18:18:56","version" => "0.68"},{"date" => "2006-08-16T14:53:50","version" => "0.69"},{"date" => "2007-10-18T20:54:02","version" => "0.70_01"},{"date" => "2007-11-08T21:30:41","version" => "0.70_02"},{"date" => "2007-11-18T19:00:11","version" => "0.70_03"},{"date" => "2008-01-02T17:06:17","version" => "0.70_04"},{"date" => "2008-02-13T12:28:07","version" => "0.70_05"},{"date" => "2008-02-16T10:37:04","version" => "0.70_06"},{"date" => "2008-02-25T21:44:41","version" => "0.70_07"},{"date" => "2008-02-25T21:50:22","version" => "0.70_08"},{"date" => "2008-02-28T21:58:13","version" => "0.71"},{"date" => "2008-03-29T14:13:41","version" => "0.71.01"},{"date" => "2008-04-14T17:25:25","version" => "0.71.02"},{"date" => "2008-04-17T20:40:23","version" => "v0.71.03"},{"date" => "2008-04-22T06:03:55","version" => "0.71.04"},{"date" => "2008-05-05T21:50:36","version" => "0.710.05"},{"date" => "2008-06-05T18:47:08","version" => "0.710.06"},{"date" => "2008-06-13T20:27:05","version" => "0.710.07"},{"date" => "2008-07-13T20:41:11","version" => "0.710.08"},{"date" => "2009-09-29T21:20:02","version" => "0.710.09"},{"date" => "2009-09-30T18:40:30","version" => "0.710.10"},{"date" => "2010-03-18T20:24:42","version" => "0.711"},{"date" => "2010-06-03T15:41:39","version" => "0.712"},{"date" => "2011-08-16T17:53:28","version" => "0.713"},{"date" => "2011-08-18T19:51:02","version" => "0.714"},{"date" => "2012-07-15T09:37:20","version" => "0.715"},{"date" => "2013-05-11T06:44:04","version" => "0.716"},{"date" => "2013-07-17T06:17:00","version" => "1.0"},{"date" => "2013-07-29T08:26:07","version" => "1.01"},{"date" => "2013-07-30T02:20:34","version" => "1.02"},{"date" => "2013-08-04T17:49:18","version" => "1.03"},{"date" => "2013-08-10T03:46:49","version" => "1.04"},{"date" => "2013-08-19T05:31:17","version" => "1.05"},{"date" => "2013-08-22T04:20:29","version" => "1.06"},{"date" => "2013-11-08T03:09:10","version" => "1.07"},{"date" => "2013-11-08T17:41:10","version" => "1.08"},{"date" => "2014-01-14T21:41:07","version" => "1.09"},{"date" => "2014-01-23T18:53:42","version" => "1.10"},{"date" => "2014-02-22T05:18:14","version" => "1.11"},{"date" => "2014-11-27T07:08:11","version" => "1.12"},{"date" => "2014-12-30T15:58:06","version" => "1.13"},{"date" => "2015-03-25T05:04:34","version" => "1.14"},{"date" => "2015-07-21T18:12:21","version" => "1.15"},{"date" => "2015-07-23T07:34:59","version" => "1.16"},{"date" => "2015-07-31T05:59:50","version" => "1.17"},{"date" => "2015-08-26T04:31:24","version" => "1.18"},{"date" => "2015-08-26T15:38:01","version" => "1.19"},{"date" => "2016-06-09T21:34:36","version" => "1.20"},{"date" => "2017-08-16T05:18:24","version" => "1.22"},{"date" => "2017-12-19T02:30:48","version" => "1.23"},{"date" => "2017-12-19T18:36:52","version" => "1.24"},{"date" => "2017-12-29T18:39:43","version" => "1.25"},{"date" => "2017-12-30T22:19:12","version" => "1.26"},{"date" => "2018-05-14T20:36:08","version" => "1.27"}]},"SVG-Sparkline" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "Invalid data input validation makes it possible to pass arbitrary strings to module loading eval.\n","distribution" => "SVG-Sparkline","fixed_versions" => [">=1.12"],"id" => "CPANSA-SVG-Sparkline-2017-01","references" => ["https://metacpan.org/changes/distribution/SVG-Sparkline","https://github.com/gwadej/svg-sparkline/commit/ca83d6eb56aa86f3ca735866ffa9aa97acc2e708"],"reported" => "2017-05-15"}],"main_module" => "SVG::Sparkline","versions" => [{"date" => "2009-04-02T02:42:59","version" => "0.1.0"},{"date" => "2009-04-03T01:30:19","version" => "0.1.1"},{"date" => "2009-04-05T21:43:08","version" => "0.2.0"},{"date" => "2009-04-18T04:46:33","version" => "0.2.5"},{"date" => "2009-04-21T00:31:44","version" => "0.2.6"},{"date" => "2009-04-27T03:42:24","version" => "0.2.7"},{"date" => "2009-05-06T23:20:05","version" => "0.3"},{"date" => "2009-05-07T22:11:10","version" => "0.31"},{"date" => "2009-10-19T04:12:52","version" => "0.32"},{"date" => "2009-10-21T00:27:30","version" => "0.33"},{"date" => "2010-05-01T04:50:06","version" => "0.34"},{"date" => "2010-10-30T22:01:18","version" => "0.35"},{"date" => "2012-09-04T00:09:32","version" => "0.36"},{"date" => "2013-10-24T14:01:00","version" => 1},{"date" => "2014-09-04T02:01:54","version" => "1.1"},{"date" => "2015-03-03T19:38:44","version" => "1.11"},{"date" => "2017-05-15T01:32:51","version" => "1.12"}]},"SVN-Look" => {"advisories" => [{"affected_versions" => ["<0.40"],"cves" => [],"description" => "Two-arg open with a possibility of running arbitrary commands.\n","distribution" => "SVN-Look","fixed_versions" => [">=0.40"],"id" => "CPANSA-SVN-Look-2014-01","references" => ["https://metacpan.org/changes/distribution/SVN-Look","https://github.com/gnustavo/SVN-Look/commit/b413ac1c397dfc6b2d164fede693f7ff9a94c83c","https://bugs.launchpad.net/ubuntu/+source/libsvn-look-perl/+bug/1323300"],"reported" => "2014-05-31"}],"main_module" => "SVN::Look","versions" => [{"date" => "2008-09-26T03:22:44","version" => "0.08.360"},{"date" => "2008-09-27T22:10:54","version" => "0.09.366"},{"date" => "2008-09-28T03:07:02","version" => "0.10.369"},{"date" => "2008-10-05T03:16:35","version" => "0.11.388"},{"date" => "2008-10-10T02:25:16","version" => "0.12.409"},{"date" => "2008-10-24T00:51:56","version" => "0.12.442"},{"date" => "2008-11-03T10:43:38","version" => "0.12.455"},{"date" => "2008-11-06T03:11:52","version" => "0.13.463"},{"date" => "2009-02-28T02:50:53","version" => "0.14.5"},{"date" => "2009-03-01T12:17:06","version" => "0.14.7"},{"date" => "2009-03-06T01:52:43","version" => "0.14.9"},{"date" => "2009-03-08T02:25:41","version" => "0.14.10"},{"date" => "2009-03-20T01:24:06","version" => "0.14.12"},{"date" => "2009-10-25T01:23:51","version" => "0.15"},{"date" => "2010-02-16T20:16:51","version" => "0.16"},{"date" => "2010-02-24T23:20:51","version" => "0.17"},{"date" => "2010-04-28T11:38:27","version" => "0.18"},{"date" => "2010-12-12T10:35:04","version" => "0.19"},{"date" => "2010-12-12T19:59:46","version" => "0.20"},{"date" => "2011-07-20T20:11:31","version" => "0.21"},{"date" => "2011-07-22T22:31:55","version" => "0.22"},{"date" => "2011-07-27T20:22:58","version" => "0.23"},{"date" => "2011-07-30T21:52:08","version" => "0.24"},{"date" => "2011-08-21T23:31:44","version" => "0.25"},{"date" => "2011-08-27T20:12:39","version" => "0.26"},{"date" => "2011-09-18T02:42:31","version" => "0.27"},{"date" => "2011-10-10T23:18:59","version" => "0.28"},{"date" => "2011-10-13T01:06:12","version" => "0.29"},{"date" => "2011-11-02T21:00:23","version" => "0.30"},{"date" => "2012-02-26T00:04:15","version" => "0.31"},{"date" => "2012-02-26T21:55:01","version" => "0.32"},{"date" => "2012-02-27T23:49:07","version" => "0.33"},{"date" => "2012-03-05T14:37:05","version" => "0.34"},{"date" => "2012-04-22T00:14:50","version" => "0.35"},{"date" => "2012-06-18T17:07:07","version" => "0.36"},{"date" => "2012-06-18T17:34:58","version" => "0.37"},{"date" => "2012-06-19T17:00:40","version" => "0.38"},{"date" => "2013-10-20T23:32:26","version" => "0.39"},{"date" => "2014-06-12T18:05:32","version" => "0.40"},{"date" => "2014-06-14T02:51:53","version" => "0.41"},{"date" => "2020-10-09T01:36:59","version" => "0.42"},{"date" => "2022-05-21T14:32:05","version" => "0.43"}]},"Safe" => {"advisories" => [{"affected_versions" => ["<=2.26"],"cves" => ["CVE-2010-1447"],"description" => "The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.\n","distribution" => "Safe","fixed_versions" => [">=2.27"],"id" => "CPANSA-Safe-2010-1447","references" => ["https://bugs.launchpad.net/bugs/cve/2010-1447","http://www.vupen.com/english/advisories/2010/1167","http://secunia.com/advisories/39845","http://www.postgresql.org/about/news.1203","http://security-tracker.debian.org/tracker/CVE-2010-1447","https://bugzilla.redhat.com/show_bug.cgi?id=588269","http://www.securitytracker.com/id?1023988","http://osvdb.org/64756","http://www.securityfocus.com/bid/40305","http://secunia.com/advisories/40052","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://www.openwall.com/lists/oss-security/2010/05/20/5","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://www.redhat.com/support/errata/RHSA-2010-0457.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:115","http://secunia.com/advisories/40049","http://www.debian.org/security/2011/dsa-2267","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530"],"reported" => "2010-05-19","severity" => undef},{"affected_versions" => ["<2.25"],"cves" => ["CVE-2010-1168"],"description" => "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\"\n","distribution" => "Safe","fixed_versions" => [],"id" => "CPANSA-Safe-2010-1168","references" => ["http://www.openwall.com/lists/oss-security/2010/05/20/5","http://www.redhat.com/support/errata/RHSA-2010-0457.html","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://secunia.com/advisories/40049","http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes","http://www.mandriva.com/security/advisories?name=MDVSA-2010:115","http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","https://bugzilla.redhat.com/show_bug.cgi?id=576508","http://secunia.com/advisories/40052","http://securitytracker.com/id?1024062","http://secunia.com/advisories/42402","http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in","http://www.vupen.com/english/advisories/2010/3075","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"],"reported" => "2010-06-21","severity" => undef},{"affected_versions" => ["<=2.07"],"cves" => ["CVE-2002-1323"],"description" => "Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined \@_ variable, which is not reset between successive calls.\n","distribution" => "Safe","fixed_versions" => [">=2.08"],"id" => "CPANSA-Safe-2002-1323","references" => ["http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5","http://www.securityfocus.com/bid/6111","http://www.debian.org/security/2002/dsa-208","http://www.iss.net/security_center/static/10574.php","http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744","http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html","http://www.redhat.com/support/errata/RHSA-2003-256.html","http://www.redhat.com/support/errata/RHSA-2003-257.html","ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A","ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt","ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt","http://www.osvdb.org/2183","http://www.osvdb.org/3814","http://marc.info/?l=bugtraq&m=104040175522502&w=2","http://marc.info/?l=bugtraq&m=104033126305252&w=2","http://marc.info/?l=bugtraq&m=104005919814869&w=2","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1160"],"reported" => "2002-12-11","severity" => undef}],"main_module" => "Safe","versions" => [{"date" => "1995-08-24T12:36:38","version" => 0},{"date" => "1995-09-01T21:17:14","version" => 0},{"date" => "1996-02-10T20:04:44","version" => "2.01"},{"date" => "2002-10-05T18:38:39","version" => "2.08"},{"date" => "2002-10-06T12:17:23","version" => "2.09"},{"date" => "2004-07-02T13:08:36","version" => "2.11"},{"date" => "2008-01-28T17:33:00","version" => "2.13"},{"date" => "2008-01-30T16:30:34","version" => "2.14"},{"date" => "2008-02-06T12:34:21","version" => "2.15"},{"date" => "2008-03-13T10:54:21","version" => "2.16"},{"date" => "2009-06-28T14:20:14","version" => "2.17"},{"date" => "2009-08-25T07:44:28","version" => "2.19"},{"date" => "2009-11-30T23:33:41","version" => "2.20"},{"date" => "2010-01-14T21:51:28","version" => "2.21"},{"date" => "2010-02-11T21:59:56","version" => "2.22"},{"date" => "2010-02-22T22:45:10","version" => "2.23"},{"date" => "2010-03-06T21:42:25","version" => "2.24"},{"date" => "2010-03-07T21:51:36","version" => "2.25"},{"date" => "2010-03-09T10:56:56","version" => "2.26"},{"date" => "2010-04-29T20:37:15","version" => "2.27"},{"date" => "2010-09-13T13:50:58","version" => "2.28"},{"date" => "2010-10-31T13:20:32","version" => "2.29"},{"date" => "2011-12-07T08:22:34","version" => "2.30"},{"date" => "2012-03-31T15:27:57","version" => "2.32"},{"date" => "2012-04-03T10:12:30","version" => "2.33"},{"date" => "2013-02-21T07:31:30","version" => "2.35"},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "1.00"},{"date" => "1996-10-10T00:00:00","dual_lived" => 1,"perl_release" => "5.00307","version" => "2.06"},{"date" => "2003-11-15T00:00:00","dual_lived" => 1,"perl_release" => "5.006002","version" => "2.10"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.07"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "2.12"},{"date" => "2009-08-22T00:00:00","dual_lived" => 1,"perl_release" => "5.010001","version" => "2.18"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "2.31"},{"date" => "2012-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.016","version" => "2.31_01"},{"date" => "2012-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017001","version" => "2.33_01"},{"date" => "2013-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017008","version" => "2.34"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.36"},{"date" => "2013-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.019002","version" => "2.37"},{"date" => "2014-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021003","version" => "2.38"},{"date" => "2015-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021008","version" => "2.39"},{"date" => "2017-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025012","version" => "2.40"},{"date" => "2019-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031005","version" => "2.41"},{"date" => "2021-01-23T00:00:00","dual_lived" => 1,"perl_release" => "5.032001","version" => "2.41_01"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "2.42"},{"date" => "2020-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033002","version" => "2.43"},{"date" => "2022-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037004","version" => "2.44"},{"date" => "2023-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039002","version" => "2.45"},{"date" => "2024-02-23T00:00:00","dual_lived" => 1,"perl_release" => "5.039008","version" => "2.46"},{"date" => "2024-08-29T00:00:00","dual_lived" => 1,"perl_release" => "5.041003","version" => "2.47"}]},"Search-OpenSearch-Server" => {"advisories" => [{"affected_versions" => ["<0.17"],"cves" => [],"description" => "Arbitrary Perl methods could be called via HTTP like RPC.\n","distribution" => "Search-OpenSearch-Server","fixed_versions" => [">=0.17"],"id" => "CPANSA-Search-OpenSearch-Server-2012-01","references" => ["https://metacpan.org/changes/distribution/Search-OpenSearch-Server","https://github.com/karpet/search-opensearch-server/commit/69d53fde9d70fe12e1f592de482601c43c45a278"],"reported" => "2012-08-31"}],"main_module" => "Search::OpenSearch::Server","versions" => [{"date" => "2010-05-28T03:07:46","version" => "0.01"},{"date" => "2010-05-29T01:11:09","version" => "0.02"},{"date" => "2010-06-23T01:22:53","version" => "0.03"},{"date" => "2010-06-26T21:08:31","version" => "0.04"},{"date" => "2011-01-08T04:05:22","version" => "0.05"},{"date" => "2011-09-26T18:12:08","version" => "0.06"},{"date" => "2011-09-26T18:16:12","version" => "0.07"},{"date" => "2011-09-30T03:15:51","version" => "0.08"},{"date" => "2011-10-23T01:42:30","version" => "0.09"},{"date" => "2012-05-01T02:22:52","version" => "0.10"},{"date" => "2012-07-15T03:32:57","version" => "0.11"},{"date" => "2012-07-27T02:42:45","version" => "0.12"},{"date" => "2012-08-07T01:48:25","version" => "0.13"},{"date" => "2012-08-10T03:10:13","version" => "0.14"},{"date" => "2012-08-21T02:34:37","version" => "0.15"},{"date" => "2012-08-21T17:47:00","version" => "0.16"},{"date" => "2012-09-04T01:54:00","version" => "0.17"},{"date" => "2012-09-12T03:42:03","version" => "0.18"},{"date" => "2012-09-13T14:06:58","version" => "0.19"},{"date" => "2012-09-20T02:21:37","version" => "0.20"},{"date" => "2012-10-15T04:32:38","version" => "0.21"},{"date" => "2012-11-08T03:20:16","version" => "0.22"},{"date" => "2012-11-21T19:01:22","version" => "0.23"},{"date" => "2012-11-26T19:37:12","version" => "0.24"},{"date" => "2012-12-18T19:11:36","version" => "0.25"},{"date" => "2013-01-04T19:08:19","version" => "0.26"},{"date" => "2013-06-14T02:28:09","version" => "0.27"},{"date" => "2014-03-02T22:22:17","version" => "0.28"},{"date" => "2014-04-23T18:20:52","version" => "0.299_01"},{"date" => "2014-04-24T02:56:24","version" => "0.299_02"},{"date" => "2014-06-05T07:29:19","version" => "0.299_03"},{"date" => "2014-06-08T04:57:40","version" => "0.300"},{"date" => "2015-08-14T20:04:12","version" => "0.301"}]},"Sereal-Decoder" => {"advisories" => [{"affected_versions" => [">=4.009_002,<5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.012"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.012,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002_001"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.012"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.012,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002_001"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"}],"main_module" => "Sereal::Decoder","versions" => [{"date" => "2012-09-10T09:44:39","version" => "0.06"},{"date" => "2012-09-11T11:16:49","version" => "0.07"},{"date" => "2012-09-13T15:19:16","version" => "0.08"},{"date" => "2012-09-14T08:13:35","version" => "0.09"},{"date" => "2012-09-17T11:45:59","version" => "0.10"},{"date" => "2012-09-18T11:24:00","version" => "0.11"},{"date" => "2012-10-02T12:58:59","version" => "0.13"},{"date" => "2012-10-17T15:20:23","version" => "0.15"},{"date" => "2012-11-23T06:50:18","version" => "0.19"},{"date" => "2013-01-02T09:01:45","version" => "0.21"},{"date" => "2013-01-08T06:40:29","version" => "0.23"},{"date" => "2013-01-10T07:54:57","version" => "0.24"},{"date" => "2013-01-22T17:04:30","version" => "0.25"},{"date" => "2013-02-09T12:09:15","version" => "0.27"},{"date" => "2013-02-09T15:37:44","version" => "0.28"},{"date" => "2013-02-09T17:24:46","version" => "0.29"},{"date" => "2013-02-13T05:46:48","version" => "0.30"},{"date" => "2013-02-17T14:28:38","version" => "0.31"},{"date" => "2013-03-23T14:41:14","version" => "0.32"},{"date" => "2013-03-23T16:48:31","version" => "0.33"},{"date" => "2013-03-23T18:00:17","version" => "0.34"},{"date" => "2013-04-01T09:59:34","version" => "0.35"},{"date" => "2013-05-07T11:13:38","version" => "0.36"},{"date" => "2013-09-02T05:49:42","version" => "0.37"},{"date" => "2013-10-01T05:50:10","version" => "2.00_01"},{"date" => "2013-10-28T18:31:59","version" => "2.00_02"},{"date" => "2013-12-29T09:43:11","version" => "2.00_03"},{"date" => "2013-12-31T08:30:39","version" => "2.01"},{"date" => "2014-01-06T14:02:01","version" => "2.02"},{"date" => "2014-01-07T19:08:14","version" => "2.03"},{"date" => "2014-03-05T17:32:45","version" => "2.04"},{"date" => "2014-03-09T10:48:14","version" => "2.06"},{"date" => "2014-03-26T17:11:19","version" => "2.07_01"},{"date" => "2014-04-06T15:50:32","version" => "2.070_101"},{"date" => "2014-04-06T16:56:29","version" => "2.070_102"},{"date" => "2014-04-08T22:36:48","version" => "2.070_103"},{"date" => "2014-04-10T20:44:01","version" => "2.08"},{"date" => "2014-04-13T19:24:30","version" => "2.09"},{"date" => "2014-04-13T19:33:58","version" => "2.10"},{"date" => "2014-04-13T21:13:15","version" => "2.11"},{"date" => "2014-05-11T21:48:57","version" => "2.12"},{"date" => "2014-05-29T10:52:41","version" => "3.000_001"},{"date" => "2014-06-01T21:49:26","version" => "3.000_002"},{"date" => "2014-06-01T22:17:01","version" => "3.000_003"},{"date" => "2014-06-03T20:11:57","version" => "3.000_004"},{"date" => "2014-06-04T20:54:19","version" => "3.001"},{"date" => "2014-06-12T19:19:47","version" => "3.001_001"},{"date" => "2014-06-27T14:55:30","version" => "3.001_002"},{"date" => "2014-07-15T11:53:29","version" => "3.001_003"},{"date" => "2014-07-27T17:59:04","version" => "3.001_004"},{"date" => "2014-07-28T10:29:01","version" => "3.001_005"},{"date" => "2014-08-03T20:41:48","version" => "3.001_006"},{"date" => "2014-08-04T19:15:53","version" => "3.001_007"},{"date" => "2014-08-05T16:35:50","version" => "3.001_008"},{"date" => "2014-08-05T20:00:37","version" => "3.001_009"},{"date" => "2014-08-12T18:10:42","version" => "3.001_010"},{"date" => "2014-08-12T18:36:29","version" => "3.001_011"},{"date" => "2014-08-15T12:08:35","version" => "3.001_012"},{"date" => "2014-08-20T09:23:57","version" => "3.002"},{"date" => "2014-09-26T11:40:22","version" => "3.002_001"},{"date" => "2014-10-18T12:06:18","version" => "3.002_002"},{"date" => "2014-10-19T22:06:20","version" => "3.003"},{"date" => "2014-11-23T15:58:21","version" => "3.003_001"},{"date" => "2014-12-21T17:53:23","version" => "3.003_002"},{"date" => "2014-12-26T04:50:12","version" => "3.003_003"},{"date" => "2014-12-26T15:06:03","version" => "3.003_004"},{"date" => "2014-12-27T15:20:21","version" => "3.004"},{"date" => "2015-01-05T14:37:58","version" => "3.005"},{"date" => "2015-01-27T21:39:30","version" => "3.005_001"},{"date" => "2015-11-09T09:32:04","version" => "3.005_002"},{"date" => "2015-11-12T13:57:53","version" => "3.005_003"},{"date" => "2015-11-13T14:55:50","version" => "3.005_004"},{"date" => "2015-11-13T19:57:24","version" => "3.005_005"},{"date" => "2015-11-14T10:41:41","version" => "3.006"},{"date" => "2015-11-16T10:11:19","version" => "3.006_001"},{"date" => "2015-11-16T11:39:40","version" => "3.006_002"},{"date" => "2015-11-18T16:25:19","version" => "3.006_003"},{"date" => "2015-11-18T18:49:44","version" => "3.006_004"},{"date" => "2015-11-20T08:33:23","version" => "3.006_005"},{"date" => "2015-11-21T15:42:08","version" => "3.006_006"},{"date" => "2015-11-25T13:37:19","version" => "3.006_007"},{"date" => "2015-11-26T21:00:53","version" => "3.007"},{"date" => "2015-11-27T20:48:32","version" => "3.008"},{"date" => "2015-11-30T11:07:39","version" => "3.009"},{"date" => "2015-12-06T22:53:40","version" => "3.011"},{"date" => "2015-12-06T23:48:32","version" => "3.012"},{"date" => "2015-12-07T00:07:29","version" => "3.014"},{"date" => "2016-08-30T09:45:18","version" => "3.014_002"},{"date" => "2016-09-01T18:23:21","version" => "3.015"},{"date" => "2017-02-06T10:52:56","version" => "4.001_001"},{"date" => "2017-04-22T11:08:36","version" => "4.001_002"},{"date" => "2017-04-23T09:56:11","version" => "4.001_003"},{"date" => "2017-11-11T09:33:51","version" => "4.002"},{"date" => "2017-11-12T16:10:52","version" => "4.003"},{"date" => "2017-11-12T19:09:55","version" => "4.004"},{"date" => "2018-01-23T20:57:49","version" => "4.005"},{"date" => "2019-04-08T20:03:23","version" => "4.006"},{"date" => "2019-04-09T17:26:43","version" => "4.007"},{"date" => "2020-01-29T17:33:56","version" => "4.007_001"},{"date" => "2020-01-30T06:22:37","version" => "4.008"},{"date" => "2020-01-31T15:51:57","version" => "4.009"},{"date" => "2020-02-02T03:23:18","version" => "4.009_001"},{"date" => "2020-02-02T09:19:30","version" => "4.009_002"},{"date" => "2020-02-02T17:40:26","version" => "4.009_003"},{"date" => "2020-02-04T02:57:02","version" => "4.010"},{"date" => "2020-02-04T05:06:24","version" => "4.011"},{"date" => "2020-06-10T21:07:04","version" => "4.012"},{"date" => "2020-06-11T16:51:45","version" => "4.014"},{"date" => "2020-07-08T07:09:15","version" => "4.015"},{"date" => "2020-07-09T14:12:25","version" => "4.016"},{"date" => "2020-07-09T18:30:34","version" => "4.017"},{"date" => "2020-07-29T09:01:02","version" => "4.017_001"},{"date" => "2020-08-03T10:39:28","version" => "4.018"},{"date" => "2022-02-07T11:58:57","version" => "4.019"},{"date" => "2022-02-17T11:27:44","version" => "4.020"},{"date" => "2022-02-18T04:47:33","version" => "4.021"},{"date" => "2022-02-19T11:23:46","version" => "4.022"},{"date" => "2022-02-20T04:16:56","version" => "4.023"},{"date" => "2022-07-28T11:26:37","version" => "4.024"},{"date" => "2022-07-28T12:22:47","version" => "4.025"},{"date" => "2022-09-01T13:13:13","version" => "5.000_001"},{"date" => "2022-09-02T18:56:25","version" => "5.000_002"},{"date" => "2022-09-03T13:56:39","version" => "5.001"},{"date" => "2023-01-31T14:34:21","version" => "5.001_001"},{"date" => "2023-02-01T08:09:30","version" => "5.001_002"},{"date" => "2023-02-01T10:53:49","version" => "5.001_003"},{"date" => "2023-02-01T11:38:26","version" => "5.002"},{"date" => "2023-02-06T16:44:17","version" => "5.002_001"},{"date" => "2023-02-07T10:26:08","version" => "5.002_002"},{"date" => "2023-02-08T02:39:42","version" => "5.003"},{"date" => "2023-04-19T13:20:25","version" => "5.004"}]},"Sereal-Encoder" => {"advisories" => [{"affected_versions" => [">=4.009_002,<5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.014"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.014,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.014"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.014,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"}],"main_module" => "Sereal::Encoder","versions" => [{"date" => "2012-09-10T09:43:11","version" => "0.06"},{"date" => "2012-09-11T11:17:07","version" => "0.07"},{"date" => "2012-09-13T15:19:40","version" => "0.08"},{"date" => "2012-09-14T08:13:49","version" => "0.09"},{"date" => "2012-09-17T11:44:12","version" => "0.10"},{"date" => "2012-09-18T11:24:11","version" => "0.11"},{"date" => "2012-09-19T06:01:22","version" => "0.12"},{"date" => "2012-10-10T09:14:22","version" => "0.14"},{"date" => "2012-10-17T15:20:00","version" => "0.15"},{"date" => "2012-10-25T09:33:51","version" => "0.16"},{"date" => "2012-10-29T10:58:18","version" => "0.17"},{"date" => "2012-11-14T06:42:06","version" => "0.18"},{"date" => "2012-11-23T14:37:56","version" => "0.20"},{"date" => "2013-01-08T06:40:40","version" => "0.23"},{"date" => "2013-01-22T17:03:02","version" => "0.25"},{"date" => "2013-02-03T11:46:46","version" => "0.26"},{"date" => "2013-02-09T12:09:26","version" => "0.27"},{"date" => "2013-02-09T15:37:48","version" => "0.28"},{"date" => "2013-02-09T17:24:34","version" => "0.29"},{"date" => "2013-02-13T05:46:59","version" => "0.30"},{"date" => "2013-02-17T14:30:05","version" => "0.31"},{"date" => "2013-03-23T14:39:47","version" => "0.32"},{"date" => "2013-03-23T16:47:04","version" => "0.33"},{"date" => "2013-03-23T18:00:05","version" => "0.34"},{"date" => "2013-04-01T09:59:22","version" => "0.35"},{"date" => "2013-05-07T11:13:49","version" => "0.36"},{"date" => "2013-09-02T05:49:19","version" => "0.37"},{"date" => "2013-10-01T05:51:37","version" => "2.00_01"},{"date" => "2013-10-28T18:38:35","version" => "2.00_02"},{"date" => "2013-12-29T09:44:38","version" => "2.00_03"},{"date" => "2013-12-31T08:30:50","version" => "2.01"},{"date" => "2014-01-06T14:01:57","version" => "2.02"},{"date" => "2014-01-07T19:08:26","version" => "2.03"},{"date" => "2014-03-05T17:32:56","version" => "2.04"},{"date" => "2014-03-09T10:48:25","version" => "2.06"},{"date" => "2014-03-26T17:11:30","version" => "2.07_01"},{"date" => "2014-04-06T15:50:20","version" => "2.070_101"},{"date" => "2014-04-06T16:56:18","version" => "2.070_102"},{"date" => "2014-04-08T22:36:36","version" => "2.070_103"},{"date" => "2014-04-10T20:43:50","version" => "2.08"},{"date" => "2014-04-13T19:24:19","version" => "2.09"},{"date" => "2014-04-13T19:33:47","version" => "2.10"},{"date" => "2014-04-13T21:13:04","version" => "2.11"},{"date" => "2014-05-11T21:49:09","version" => "2.12"},{"date" => "2014-05-29T10:52:53","version" => "3.000_001"},{"date" => "2014-06-01T21:49:38","version" => "3.000_002"},{"date" => "2014-06-01T22:17:13","version" => "3.000_003"},{"date" => "2014-06-03T20:12:08","version" => "3.000_004"},{"date" => "2014-06-04T20:54:31","version" => "3.001"},{"date" => "2014-06-12T19:19:59","version" => "3.001_001"},{"date" => "2014-06-27T14:55:41","version" => "3.001_002"},{"date" => "2014-07-15T11:53:41","version" => "3.001_003"},{"date" => "2014-07-27T17:59:16","version" => "3.001_004"},{"date" => "2014-07-28T10:29:12","version" => "3.001_005"},{"date" => "2014-08-03T20:42:00","version" => "3.001_006"},{"date" => "2014-08-04T19:16:04","version" => "3.001_007"},{"date" => "2014-08-05T16:35:53","version" => "3.001_008"},{"date" => "2014-08-05T19:58:59","version" => "3.001_009"},{"date" => "2014-08-12T18:10:53","version" => "3.001_010"},{"date" => "2014-08-12T18:36:41","version" => "3.001_011"},{"date" => "2014-08-15T12:08:46","version" => "3.001_012"},{"date" => "2014-08-20T09:24:08","version" => "3.002"},{"date" => "2014-09-26T11:40:33","version" => "3.002_001"},{"date" => "2014-10-18T12:06:29","version" => "3.002_002"},{"date" => "2014-10-19T22:06:31","version" => "3.003"},{"date" => "2014-11-23T15:58:32","version" => "3.003_001"},{"date" => "2014-12-21T17:53:35","version" => "3.003_002"},{"date" => "2014-12-26T04:50:23","version" => "3.003_003"},{"date" => "2014-12-26T15:06:15","version" => "3.003_004"},{"date" => "2014-12-27T15:20:32","version" => "3.004"},{"date" => "2015-01-05T14:38:10","version" => "3.005"},{"date" => "2015-01-27T21:37:51","version" => "3.005_001"},{"date" => "2015-11-09T09:32:15","version" => "3.005_002"},{"date" => "2015-11-12T13:58:04","version" => "3.005_003"},{"date" => "2015-11-13T14:56:01","version" => "3.005_004"},{"date" => "2015-11-13T19:57:36","version" => "3.005_005"},{"date" => "2015-11-14T10:41:52","version" => "3.006"},{"date" => "2015-11-16T10:11:31","version" => "3.006_001"},{"date" => "2015-11-16T11:39:51","version" => "3.006_002"},{"date" => "2015-11-18T16:25:31","version" => "3.006_003"},{"date" => "2015-11-18T18:49:56","version" => "3.006_004"},{"date" => "2015-11-20T08:33:34","version" => "3.006_005"},{"date" => "2015-11-21T15:42:19","version" => "3.006_006"},{"date" => "2015-11-25T13:35:40","version" => "3.006_007"},{"date" => "2015-11-26T21:01:05","version" => "3.007"},{"date" => "2015-11-27T20:48:43","version" => "3.008"},{"date" => "2015-11-30T11:07:50","version" => "3.009"},{"date" => "2015-12-06T22:53:53","version" => "3.011"},{"date" => "2015-12-06T23:48:43","version" => "3.012"},{"date" => "2015-12-07T00:07:40","version" => "3.014"},{"date" => "2016-08-30T09:43:28","version" => "3.014_002"},{"date" => "2016-09-01T18:23:33","version" => "3.015"},{"date" => "2017-02-06T10:51:16","version" => "4.001_001"},{"date" => "2017-04-22T11:08:48","version" => "4.001_002"},{"date" => "2017-04-23T09:56:23","version" => "4.001_003"},{"date" => "2017-11-11T09:34:03","version" => "4.002"},{"date" => "2017-11-12T16:11:04","version" => "4.003"},{"date" => "2017-11-12T19:10:06","version" => "4.004"},{"date" => "2018-01-23T20:58:01","version" => "4.005"},{"date" => "2019-04-08T20:03:34","version" => "4.006"},{"date" => "2019-04-09T17:26:54","version" => "4.007"},{"date" => "2020-01-29T17:34:08","version" => "4.007_001"},{"date" => "2020-01-30T06:22:49","version" => "4.008"},{"date" => "2020-01-31T15:52:09","version" => "4.009"},{"date" => "2020-02-02T03:23:30","version" => "4.009_001"},{"date" => "2020-02-02T09:19:41","version" => "4.009_002"},{"date" => "2020-02-02T17:38:48","version" => "4.009_003"},{"date" => "2020-02-04T02:57:13","version" => "4.010"},{"date" => "2020-02-04T05:06:35","version" => "4.011"},{"date" => "2020-06-10T21:07:15","version" => "4.012"},{"date" => "2020-06-11T16:51:56","version" => "4.014"},{"date" => "2020-07-08T07:09:27","version" => "4.015"},{"date" => "2020-07-09T14:12:37","version" => "4.016"},{"date" => "2020-07-09T18:30:45","version" => "4.017"},{"date" => "2020-07-29T09:01:13","version" => "4.017_001"},{"date" => "2020-08-03T10:39:39","version" => "4.018"},{"date" => "2022-02-07T11:59:08","version" => "4.019"},{"date" => "2022-02-17T11:27:55","version" => "4.020"},{"date" => "2022-02-18T04:47:44","version" => "4.021"},{"date" => "2022-02-19T11:23:57","version" => "4.022"},{"date" => "2022-02-20T04:17:07","version" => "4.023"},{"date" => "2022-07-28T11:26:48","version" => "4.024"},{"date" => "2022-07-28T12:21:09","version" => "4.025"},{"date" => "2022-09-01T13:13:25","version" => "5.000_001"},{"date" => "2022-09-02T18:56:37","version" => "5.000_002"},{"date" => "2022-09-03T13:56:50","version" => "5.001"},{"date" => "2023-01-31T14:34:32","version" => "5.001_001"},{"date" => "2023-02-01T08:09:41","version" => "5.001_002"},{"date" => "2023-02-01T10:54:00","version" => "5.001_003"},{"date" => "2023-02-01T11:38:37","version" => "5.002"},{"date" => "2023-02-06T16:44:28","version" => "5.002_001"},{"date" => "2023-02-07T10:26:19","version" => "5.002_002"},{"date" => "2023-02-08T02:39:53","version" => "5.003"},{"date" => "2023-04-19T13:20:36","version" => "5.004"}]},"Sidef" => {"advisories" => [{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Sidef","versions" => [{"date" => "2015-06-19T22:56:13","version" => "0.06"},{"date" => "2015-07-07T22:15:05","version" => "0.07"},{"date" => "2015-07-16T17:29:42","version" => "0.08"},{"date" => "2015-07-23T06:30:35","version" => "0.09"},{"date" => "2015-07-24T05:59:07","version" => "0.0900001"},{"date" => "2015-09-07T00:03:50","version" => "0.0900002"},{"date" => "2015-09-16T22:58:56","version" => "0.10"},{"date" => "2015-10-31T07:15:42","version" => "2.10"},{"date" => "2015-11-24T18:52:00","version" => "2.11"},{"date" => "2015-12-10T23:46:41","version" => "2.12"},{"date" => "2015-12-24T09:03:59","version" => "2.13"},{"date" => "2016-01-02T10:53:48","version" => "2.20"},{"date" => "2016-01-14T13:51:33","version" => "2.21"},{"date" => "2016-02-08T03:21:05","version" => "2.22"},{"date" => "2016-03-06T14:33:37","version" => "2.23"},{"date" => "2016-03-24T16:49:45","version" => "2.24"},{"date" => "2016-05-27T20:32:46","version" => "2.25"},{"date" => "2016-06-01T15:48:21","version" => "2.26"},{"date" => "2016-07-29T13:02:29","version" => "2.30"},{"date" => "2016-08-18T22:40:23","version" => "2.300001"},{"date" => "2016-09-08T22:23:21","version" => "2.31"},{"date" => "2016-10-07T19:01:28","version" => "2.32"},{"date" => "2016-11-13T15:40:06","version" => "2.33"},{"date" => "2016-11-17T17:46:34","version" => "2.330001"},{"date" => "2016-12-24T19:58:48","version" => "2.34"},{"date" => "2017-01-30T20:53:41","version" => "2.35"},{"date" => "2017-03-02T08:58:20","version" => "2.36"},{"date" => "2017-04-04T19:53:33","version" => "2.37"},{"date" => "2017-04-22T19:35:52","version" => "3.00"},{"date" => "2017-05-09T22:49:43","version" => "3.01"},{"date" => "2017-06-05T21:56:28","version" => "3.02"},{"date" => "2017-08-27T20:59:15","version" => "3.03"},{"date" => "2017-10-06T01:08:28","version" => "3.04"},{"date" => "2017-11-03T23:04:20","version" => "3.05"},{"date" => "2017-12-08T13:13:05","version" => "3.10"},{"date" => "2018-02-17T11:31:53","version" => "3.15"},{"date" => "2018-05-05T20:49:50","version" => "3.16"},{"date" => "2018-05-30T21:54:08","version" => "3.17"},{"date" => "2018-07-04T20:15:48","version" => "3.18"},{"date" => "2018-07-31T09:11:13","version" => "3.19"},{"date" => "2018-10-13T22:10:15","version" => "3.50"},{"date" => "2019-01-07T00:48:34","version" => "3.60"},{"date" => "2019-03-24T18:15:23","version" => "3.70"},{"date" => "2019-05-18T23:57:28","version" => "3.80"},{"date" => "2019-08-18T09:18:32","version" => "3.85"},{"date" => "2019-12-25T18:38:15","version" => "3.90"},{"date" => "2020-03-22T22:05:56","version" => "3.95"},{"date" => "2020-07-20T16:23:44","version" => "3.96"},{"date" => "2021-01-17T23:11:25","version" => "3.97"},{"date" => "2021-01-18T22:53:11","version" => "v3.97.1"},{"date" => "2021-03-26T16:00:09","version" => "3.98"},{"date" => "2021-09-02T11:47:37","version" => "3.99"},{"date" => "2022-03-27T09:40:38","version" => "22.03"},{"date" => "2022-05-13T08:16:40","version" => "22.05"},{"date" => "2022-07-16T16:52:14","version" => "22.07"},{"date" => "2022-12-01T21:12:53","version" => "22.12"},{"date" => "2023-03-06T12:08:52","version" => "23.03"},{"date" => "2023-05-11T10:10:43","version" => "23.05"},{"date" => "2023-08-29T10:34:43","version" => "23.08"},{"date" => "2023-10-17T05:11:25","version" => "23.10"},{"date" => "2023-11-07T05:18:27","version" => "23.11"},{"date" => "2024-01-06T17:09:42","version" => "24.01"},{"date" => "2024-05-12T07:43:14","version" => "24.05"},{"date" => "2024-11-28T19:18:13","version" => "24.11"},{"date" => "2025-12-21T00:33:44","version" => "25.12"},{"date" => "2026-01-13T18:42:36","version" => "26.01"}]},"Smolder" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-58041"],"description" => "Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions.  Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Smolder::DB::Developer uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Smolder","fixed_versions" => [],"id" => "CPANSA-Smolder-2024-58041","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L221","https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L5","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2026-02-24","severity" => undef}],"main_module" => "Smolder","versions" => [{"date" => "2009-03-30T07:16:46","version" => "1.30"},{"date" => "2009-03-30T08:54:42","version" => "1.31"},{"date" => "2009-03-30T14:21:48","version" => "1.32"},{"date" => "2009-03-30T21:47:26","version" => "1.33"},{"date" => "2009-04-02T13:59:15","version" => "1.34"},{"date" => "2009-04-04T12:02:59","version" => "1.35"},{"date" => "2009-04-08T21:49:00","version" => "1.36"},{"date" => "2009-04-22T01:45:55","version" => "1.37"},{"date" => "2009-04-24T19:18:08","version" => "1.38"},{"date" => "2009-05-08T16:54:22","version" => "1.39"},{"date" => "2009-06-23T03:41:41","version" => "1.40"},{"date" => "2009-12-14T01:28:30","version" => "1.50"},{"date" => "2009-12-16T00:54:47","version" => "1.51"},{"date" => "2013-07-08T12:13:08","version" => "1.52"}]},"SockJS" => {"advisories" => [{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.10"],"cves" => ["CVE-2020-7693"],"description" => "Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7693-sockjs","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-7693"],"reported" => "2020-07-09","severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-7693"],"description" => "Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7693-sockjs","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-7693"],"reported" => "2020-07-09","severity" => undef}],"main_module" => "SockJS","versions" => [{"date" => "2013-04-06T13:37:32","version" => "0.01"},{"date" => "2018-08-26T06:26:34","version" => "0.03"},{"date" => "2018-08-26T12:25:45","version" => "0.04"},{"date" => "2018-08-26T17:55:40","version" => "0.05"},{"date" => "2018-08-26T18:26:38","version" => "0.06"},{"date" => "2018-09-29T11:17:26","version" => "0.07"},{"date" => "2018-12-02T09:25:55","version" => "0.08"},{"date" => "2018-12-02T11:11:31","version" => "0.09"},{"date" => "2018-12-07T12:02:52","version" => "0.10"}]},"Socket" => {"advisories" => [{"affected_versions" => ["<2.026"],"cves" => [],"description" => "The function croak is variadic which expects as a first parameter printf-style format.  Passing arbitrary and string from the caller as a printf format leads to the security problem CWE-134: Use of Externally-Controlled Format String.\n","distribution" => "Socket","fixed_versions" => [">=2.027"],"id" => "CPANSA-Socket-2017-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=122830"],"reported" => "2017-08-17","severity" => undef}],"main_module" => "Socket","versions" => [{"date" => "1995-11-09T22:44:00","version" => "1.3"},{"date" => "1996-06-09T12:32:00","version" => "1.5"},{"date" => "2011-10-25T22:29:20","version" => "1.94_03"},{"date" => "2011-10-26T17:37:31","version" => "1.94_04"},{"date" => "2011-10-27T17:28:25","version" => "1.94_05"},{"date" => "2011-10-30T01:34:45","version" => "1.94_06"},{"date" => "2011-11-22T15:09:56","version" => "1.94_07"},{"date" => "2011-12-01T14:07:01","version" => "1.95"},{"date" => "2011-12-02T23:40:37","version" => "1.95_001"},{"date" => "2011-12-05T19:33:32","version" => "1.95_002"},{"date" => "2011-12-06T23:28:06","version" => "1.95_003"},{"date" => "2011-12-07T16:24:12","version" => "1.95_004"},{"date" => "2011-12-11T00:25:11","version" => "1.96"},{"date" => "2011-12-16T19:47:41","version" => "1.97"},{"date" => "2012-02-07T15:33:00","version" => "1.97_001"},{"date" => "2012-02-12T11:40:21","version" => "1.97_002"},{"date" => "2012-02-16T00:52:35","version" => "1.98"},{"date" => "2012-02-17T00:24:56","version" => "1.98_001"},{"date" => "2012-02-21T23:39:36","version" => "1.99"},{"date" => "2012-03-10T00:09:16","version" => "2.000"},{"date" => "2012-03-27T13:59:43","version" => "2.001"},{"date" => "2012-05-18T16:23:54","version" => "2.001_001"},{"date" => "2012-05-22T15:38:46","version" => "2.001_002"},{"date" => "2012-05-31T15:02:53","version" => "2.001_003"},{"date" => "2012-06-06T10:22:21","version" => "2.002"},{"date" => "2012-08-15T13:14:45","version" => "2.003"},{"date" => "2012-08-15T21:22:04","version" => "2.004"},{"date" => "2012-08-16T21:27:21","version" => "2.005"},{"date" => "2012-08-19T21:49:58","version" => "2.006"},{"date" => "2012-12-16T18:27:03","version" => "2.007"},{"date" => "2012-12-27T15:41:41","version" => "2.008"},{"date" => "2013-01-18T16:13:59","version" => "2.009"},{"date" => "2013-06-24T19:25:09","version" => "2.010"},{"date" => "2013-07-28T18:46:32","version" => "2.011"},{"date" => "2013-09-03T12:23:51","version" => "2.012"},{"date" => "2013-10-28T00:53:02","version" => "2.013"},{"date" => "2014-05-31T23:16:34","version" => "2.014"},{"date" => "2014-08-15T22:38:05","version" => "2.015"},{"date" => "2014-10-08T20:58:19","version" => "2.016"},{"date" => "2015-02-10T12:28:48","version" => "2.017"},{"date" => "2015-02-12T13:45:11","version" => "2.018"},{"date" => "2015-04-27T20:25:03","version" => "2.018_001"},{"date" => "2015-04-29T16:08:52","version" => "2.019"},{"date" => "2015-06-24T13:49:15","version" => "2.020"},{"date" => "2015-11-18T17:15:18","version" => "2.021"},{"date" => "2016-04-16T22:49:32","version" => "2.021_01"},{"date" => "2016-06-06T10:07:12","version" => "2.021_02"},{"date" => "2016-08-01T15:05:16","version" => "2.022"},{"date" => "2016-08-02T13:53:11","version" => "2.023"},{"date" => "2016-08-11T12:52:58","version" => "2.024"},{"date" => "2016-08-26T17:50:04","version" => "2.024_01"},{"date" => "2016-08-26T22:33:20","version" => "2.024_02"},{"date" => "2016-10-04T14:06:42","version" => "2.024_03"},{"date" => "2018-01-09T15:15:51","version" => "2.025"},{"date" => "2018-01-11T23:18:50","version" => "2.026"},{"date" => "2018-01-12T17:00:49","version" => "2.027"},{"date" => "2018-09-05T10:32:16","version" => "2.027_04"},{"date" => "2019-02-20T00:03:23","version" => "2.028"},{"date" => "2019-02-20T19:58:07","version" => "2.029"},{"date" => "2019-02-21T19:41:16","version" => "2.029"},{"date" => "2019-04-14T09:28:49","version" => "2.027_05"},{"date" => "2019-06-15T14:08:34","version" => "2.029_05"},{"date" => "2020-07-06T13:57:06","version" => "2.030"},{"date" => "2021-01-05T15:50:53","version" => "2.031"},{"date" => "2021-06-02T23:32:40","version" => "2.032"},{"date" => "2022-04-29T14:34:23","version" => "2.033"},{"date" => "2022-06-27T09:29:08","version" => "2.034"},{"date" => "2022-07-01T14:22:10","version" => "2.035"},{"date" => "2022-08-19T16:40:53","version" => "2.036"},{"date" => "2023-06-06T11:57:25","version" => "2.037"},{"date" => "2024-04-15T20:15:41","version" => "2.038"},{"date" => "2025-06-25T17:07:24","version" => "2.039"},{"date" => "2025-07-16T11:30:51","version" => "2.040"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.6"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "1.7"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006","version" => "1.72"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.75"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.76"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "1.77"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.78"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "1.81"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "1.79"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.010000","version" => "1.80"},{"date" => "2009-08-22T00:00:00","dual_lived" => 1,"perl_release" => "5.010001","version" => "1.82"},{"date" => "2009-10-02T00:00:00","dual_lived" => 1,"perl_release" => "5.011000","version" => "1.84"},{"date" => "2009-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011001","version" => "1.85"},{"date" => "2010-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011005","version" => "1.86"},{"date" => "2010-04-12T00:00:00","dual_lived" => 1,"perl_release" => "5.012000","version" => "1.87"},{"date" => "2011-01-21T00:00:00","dual_lived" => 1,"perl_release" => "5.012003","version" => "1.87_01"},{"date" => "2010-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013001","version" => "1.88"},{"date" => "2010-06-22T00:00:00","dual_lived" => 1,"perl_release" => "5.013002","version" => "1.89"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "1.90"},{"date" => "2010-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013007","version" => "1.91"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "1.92"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "1.93"},{"date" => "2011-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013010","version" => "1.94"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "1.94_01"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "1.94_02"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "2.006_001"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "2.020_01"},{"date" => "2015-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023004","version" => "2.020_02"},{"date" => "2016-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023009","version" => "2.020_03"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "2.020_04"}]},"Spoon" => {"advisories" => [{"affected_versions" => [">0.24"],"cves" => ["CVE-2012-6143"],"description" => "Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "Spoon","fixed_versions" => [],"id" => "CPANSA-Spoon-Cookie-2012-6143","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=85217","http://www.securityfocus.com/bid/59834","http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84197"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "Spoon","versions" => [{"date" => "2004-03-21T10:04:10","version" => "0.10"},{"date" => "2004-03-23T07:50:48","version" => "0.11"},{"date" => "2004-03-30T16:23:32","version" => "0.12"},{"date" => "2004-05-07T16:21:27","version" => "0.13"},{"date" => "2004-06-02T10:15:14","version" => "0.14"},{"date" => "2004-06-21T17:39:05","version" => "0.15"},{"date" => "2004-06-22T17:43:16","version" => "0.16"},{"date" => "2004-07-20T20:01:22","version" => "0.17"},{"date" => "2004-08-12T05:59:51","version" => "0.18"},{"date" => "2004-12-16T00:12:10","version" => "0.19"},{"date" => "2004-12-18T09:04:38","version" => "0.20"},{"date" => "2005-01-11T16:27:02","version" => "0.21"},{"date" => "2005-04-04T14:49:45","version" => "0.22"},{"date" => "2005-04-07T03:44:14","version" => "0.23"},{"date" => "2006-12-09T23:29:37","version" => "0.24"}]},"Spreadsheet-ParseExcel" => {"advisories" => [{"affected_versions" => ["<0.66"],"cves" => ["CVE-2023-7101"],"description" => "Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type \x{201c}eval\x{201d}. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.\n","distribution" => "Spreadsheet-ParseExcel","fixed_versions" => [">=0.66"],"id" => "CPANSA-Spreadsheet-ParseExcel-2023-7101","references" => ["http://www.openwall.com/lists/oss-security/2023/12/29/4","https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171","https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md","https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc","https://https://metacpan.org/dist/Spreadsheet-ParseExcel","https://https://www.cve.org/CVERecord?id=CVE-2023-7101","https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html"],"reported" => "2023-12-24","severity" => undef}],"main_module" => "Spreadsheet::ParseExcel","versions" => [{"date" => "2000-10-06T00:33:12","version" => "0.06"},{"date" => "2000-11-18T03:01:33","version" => "0.07"},{"date" => "2000-11-24T23:59:57","version" => "0.08"},{"date" => "2000-12-15T02:58:39","version" => "0.09"},{"date" => "2001-01-16T00:27:35","version" => "0.10"},{"date" => "2001-01-31T15:09:13","version" => "0.11"},{"date" => "2001-02-05T11:37:49","version" => "0.12"},{"date" => "2001-02-22T22:35:17","version" => "0.13"},{"date" => "2001-03-06T02:14:24","version" => "0.15"},{"date" => "2001-03-07T21:50:33","version" => "0.16"},{"date" => "2001-03-12T23:08:09","version" => "0.17"},{"date" => "2001-03-17T07:39:42","version" => "0.18"},{"date" => "2001-03-26T11:41:43","version" => "0.19"},{"date" => "2001-03-30T11:22:58","version" => "0.20"},{"date" => "2001-04-11T00:12:29","version" => "0.201"},{"date" => "2001-04-11T00:17:15","version" => "v0.20.1"},{"date" => "2001-04-28T02:18:17","version" => "0.21"},{"date" => "2001-04-29T05:37:04","version" => "v0.21.1"},{"date" => "2001-05-01T07:23:55","version" => "v0.21.2"},{"date" => "2001-05-05T09:46:39","version" => "0.22"},{"date" => "2001-05-15T22:20:34","version" => "v0.22.1"},{"date" => "2001-05-24T22:12:58","version" => "v0.22.2"},{"date" => "2001-06-05T22:21:24","version" => "v0.22.3"},{"date" => "2001-06-21T21:38:06","version" => "0.23"},{"date" => "2001-06-26T03:05:48","version" => "0.2301"},{"date" => "2001-07-05T10:44:34","version" => "0.24"},{"date" => "2001-07-13T10:51:35","version" => "0.2402"},{"date" => "2001-07-24T21:45:07","version" => "0.2403"},{"date" => "2001-12-06T22:01:45","version" => "0.2404"},{"date" => "2002-01-28T22:38:34","version" => "0.2405"},{"date" => "2002-04-07T22:20:17","version" => "0.2406"},{"date" => "2002-04-24T13:05:42","version" => "0.2407"},{"date" => "2002-05-09T15:05:41","version" => "0.25"},{"date" => "2002-06-05T20:57:29","version" => "0.26"},{"date" => "2002-07-13T22:41:34","version" => "0.2601"},{"date" => "2002-07-16T02:07:27","version" => "0.2602"},{"date" => "2004-05-30T01:51:09","version" => "0.2603"},{"date" => "2006-09-11T09:15:23","version" => "0.27_01"},{"date" => "2006-09-12T20:55:36","version" => "0.27_02"},{"date" => "2006-11-02T16:44:10","version" => "0.27_03"},{"date" => "2007-01-03T15:48:01","version" => "0.27"},{"date" => "2007-01-07T17:20:30","version" => "0.28"},{"date" => "2007-03-29T23:21:14","version" => "0.29"},{"date" => "2007-03-31T15:33:28","version" => "0.30"},{"date" => "2007-05-03T02:21:13","version" => "0.31"},{"date" => "2007-05-05T03:56:46","version" => "0.32"},{"date" => "2008-09-07T07:47:07","version" => "0.33"},{"date" => "2008-10-24T00:05:35","version" => "0.40"},{"date" => "2008-10-24T00:18:27","version" => "0.33"},{"date" => "2009-01-01T20:42:10","version" => "0.42"},{"date" => "2009-01-08T02:06:27","version" => "0.43"},{"date" => "2009-01-09T03:37:10","version" => "0.44"},{"date" => "2009-01-14T02:19:46","version" => "0.45"},{"date" => "2009-01-20T00:34:23","version" => "0.46"},{"date" => "2009-01-22T00:39:18","version" => "0.47"},{"date" => "2009-01-23T07:07:04","version" => "0.48"},{"date" => "2009-01-24T01:19:12","version" => "0.49"},{"date" => "2009-08-18T23:30:07","version" => "0.50"},{"date" => "2009-08-19T22:08:26","version" => "0.51"},{"date" => "2009-08-21T18:09:01","version" => "0.52"},{"date" => "2009-08-24T23:06:49","version" => "0.53"},{"date" => "2009-08-25T20:24:31","version" => "0.54"},{"date" => "2009-09-30T06:26:08","version" => "0.55"},{"date" => "2009-12-10T00:23:50","version" => "0.56"},{"date" => "2010-01-24T19:18:56","version" => "0.57"},{"date" => "2010-09-17T18:09:07","version" => "0.58"},{"date" => "2011-04-06T19:13:26","version" => "0.59"},{"date" => "2014-02-26T19:58:52","version" => "0.60"},{"date" => "2014-03-04T18:56:46","version" => "0.61"},{"date" => "2014-03-05T17:16:00","version" => "0.62"},{"date" => "2014-03-07T20:47:21","version" => "0.63"},{"date" => "2014-03-11T17:22:13","version" => "0.64"},{"date" => "2014-03-18T20:47:23","version" => "0.65"},{"date" => "2023-12-29T01:14:58","version" => "0.66"}]},"Spreadsheet-ParseXLSX" => {"advisories" => [{"affected_versions" => ["<0.28"],"cves" => ["CVE-2024-22368"],"description" => "The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.\n","distribution" => "Spreadsheet-ParseXLSX","fixed_versions" => [">=0.28"],"id" => "CPANSA-Spreadsheet-ParseXLSX-2024-22368","references" => ["https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md","https://github.com/briandfoy/cpan-security-advisory/issues/131","https://nvd.nist.gov/vuln/detail/CVE-2024-22368","https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md","https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes","https://github.com/advisories/GHSA-x2hg-844v-frvh"],"reported" => "2024-01-03"},{"affected_versions" => ["<0.30"],"cves" => ["CVE-2024-23525"],"description" => "In default configuration of Spreadsheet::ParseXLSX, whenever we call Spreadsheet::ParseXLSX->new()->parse('user_input_file.xlsx'), we'd be vulnerable for XXE vulnerability if the XLSX file that we are parsing is from user input.\n","distribution" => "Spreadsheet-ParseXLSX","fixed_versions" => [">=0.30"],"id" => "CPANSA-Spreadsheet-ParseXLSX-2024-23525","references" => ["https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes","https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a","https://github.com/briandfoy/cpan-security-advisory/issues/134","https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10","https://github.com/advisories/GHSA-cxjh-j6f8-vrmf","https://nvd.nist.gov/vuln/detail/CVE-2024-23525"],"reported" => "2024-01-17"}],"main_module" => "Spreadsheet::ParseXLSX","versions" => [{"date" => "2013-07-17T02:45:07","version" => "0.01"},{"date" => "2013-07-17T15:14:43","version" => "0.02"},{"date" => "2013-07-26T07:34:38","version" => "0.03"},{"date" => "2013-07-31T18:28:38","version" => "0.04"},{"date" => "2013-07-31T22:15:56","version" => "0.05"},{"date" => "2013-08-29T20:02:30","version" => "0.06"},{"date" => "2013-09-05T18:34:35","version" => "0.07"},{"date" => "2013-09-10T18:21:15","version" => "0.08"},{"date" => "2013-10-09T14:52:49","version" => "0.09"},{"date" => "2013-11-06T18:36:10","version" => "0.10"},{"date" => "2013-11-14T00:30:46","version" => "0.11"},{"date" => "2013-12-09T20:27:26","version" => "0.12"},{"date" => "2014-01-29T21:32:54","version" => "0.13"},{"date" => "2014-04-03T16:56:25","version" => "0.14"},{"date" => "2014-07-05T01:39:06","version" => "0.15"},{"date" => "2014-07-05T18:55:08","version" => "0.16"},{"date" => "2015-03-26T03:38:16","version" => "0.17"},{"date" => "2015-09-19T06:08:07","version" => "0.18"},{"date" => "2015-12-04T07:38:39","version" => "0.19"},{"date" => "2015-12-05T18:45:32","version" => "0.20"},{"date" => "2016-05-23T07:09:47","version" => "0.21"},{"date" => "2016-05-25T05:39:15","version" => "0.22"},{"date" => "2016-05-29T03:01:59","version" => "0.23"},{"date" => "2016-06-25T18:03:32","version" => "0.24"},{"date" => "2016-07-15T02:36:28","version" => "0.25"},{"date" => "2016-08-16T06:35:10","version" => "0.26"},{"date" => "2016-08-16T07:12:41","version" => "0.27"},{"date" => "2024-01-02T13:45:35","version" => "0.28"},{"date" => "2024-01-02T17:49:11","version" => "0.29"},{"date" => "2024-01-17T11:34:43","version" => "0.30"},{"date" => "2024-01-18T11:30:17","version" => "0.31"},{"date" => "2024-03-08T11:04:50","version" => "0.32"},{"date" => "2024-03-08T12:50:37","version" => "0.33"},{"date" => "2024-03-13T10:28:28","version" => "0.34"},{"date" => "2024-03-19T16:22:17","version" => "0.35"},{"date" => "2025-01-24T09:33:40","version" => "0.36"}]},"Squatting" => {"advisories" => [{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Squatting","versions" => [{"date" => "2008-05-13T22:22:58","version" => "0.20"},{"date" => "2008-05-14T06:05:11","version" => "0.21"},{"date" => "2008-06-02T19:48:13","version" => "0.30"},{"date" => "2008-06-06T10:48:50","version" => "0.31"},{"date" => "2008-07-06T17:46:05","version" => "0.40"},{"date" => "2008-07-09T04:13:14","version" => "0.41"},{"date" => "2008-07-25T14:38:30","version" => "0.42"},{"date" => "2008-07-31T02:12:58","version" => "0.50"},{"date" => "2008-08-07T23:35:32","version" => "0.51"},{"date" => "2008-08-09T00:05:02","version" => "0.52"},{"date" => "2009-04-21T18:46:53","version" => "0.60"},{"date" => "2009-08-27T12:18:15","version" => "0.70"},{"date" => "2011-04-27T11:37:19","version" => "0.80"},{"date" => "2011-04-27T21:17:13","version" => "0.81"},{"date" => "2013-08-12T04:12:05","version" => "0.82"},{"date" => "2014-02-20T03:16:20","version" => "0.83"}]},"Starch" => {"advisories" => [{"affected_versions" => ["<=0.14"],"cves" => ["CVE-2025-40925"],"description" => "Starch versions 0.14 and earlier generate session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Starch","fixed_versions" => [],"id" => "CPANSA-Starch-2025-40925","references" => ["https://github.com/bluefeet/Starch/commit/5573449e64e0660f7ee209d1eab5881d4ccbee3b.patch","https://github.com/bluefeet/Starch/pull/5","https://metacpan.org/dist/Starch/source/lib/Starch/Manager.pm"],"reported" => "2025-09-20","severity" => undef}],"main_module" => "Starch","versions" => [{"date" => "2015-07-31T23:11:38","version" => "0.06"},{"date" => "2018-05-17T14:47:29","version" => "0.07"},{"date" => "2018-09-04T01:40:23","version" => "0.08"},{"date" => "2018-09-04T17:20:53","version" => "0.09"},{"date" => "2019-02-14T19:42:01","version" => "0.10"},{"date" => "2019-02-20T15:55:30","version" => "0.11"},{"date" => "2019-03-01T06:11:34","version" => "0.12"},{"date" => "2019-03-23T21:36:38","version" => "0.13"},{"date" => "2019-05-13T02:14:22","version" => "0.14"}]},"Stardust" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Stardust","versions" => [{"date" => "2009-08-28T03:34:38","version" => "0.01"},{"date" => "2009-09-02T08:17:45","version" => "0.02"},{"date" => "2009-09-08T13:01:44","version" => "0.03"},{"date" => "2009-09-08T20:19:12","version" => "0.04"},{"date" => "2009-09-11T02:44:30","version" => "0.05"},{"date" => "2009-09-11T07:03:42","version" => "0.06"},{"date" => "2009-09-11T08:22:34","version" => "0.07"},{"date" => "2011-08-04T18:24:59","version" => "0.08"}]},"Storable" => {"advisories" => [{"affected_versions" => ["<3.05"],"cves" => [],"description" => "Malcrafted storable files or buffers.\n","distribution" => "Storable","fixed_versions" => [">=3.05"],"id" => "CPANSA-Storable-2017-01","references" => ["https://metacpan.org/changes/distribution/Storable","https://cxsecurity.com/issue/WLB-2007120031"],"reported" => "2017-01-29"}],"main_module" => "Storable","versions" => [{"date" => "1995-10-02T10:50:02","version" => "0.1"},{"date" => "1997-01-13T11:42:25","version" => "0.2"},{"date" => "1997-01-13T17:18:01","version" => "0.2"},{"date" => "1997-01-14T15:12:36","version" => "0.3"},{"date" => "1997-01-15T18:25:57","version" => "0.4"},{"date" => "1997-01-22T14:47:23","version" => "0.4"},{"date" => "1997-02-27T15:02:37","version" => "0.4"},{"date" => "1997-02-27T15:38:18","version" => "0.4"},{"date" => "1997-03-25T10:32:00","version" => "0.4"},{"date" => "1997-05-16T09:24:59","version" => "0.4"},{"date" => "1997-06-03T09:38:38","version" => "0.4"},{"date" => "1997-06-10T16:47:47","version" => "0.5"},{"date" => "1997-11-05T10:05:11","version" => "0.5"},{"date" => "1998-01-13T16:59:38","version" => "0.5"},{"date" => "1998-01-20T08:32:03","version" => "0.5"},{"date" => "1998-03-06T20:52:28","version" => "0.5"},{"date" => "1998-03-25T14:10:24","version" => "0.5"},{"date" => "1998-04-08T11:20:48","version" => "0.5"},{"date" => "1998-04-09T16:17:05","version" => "0.5"},{"date" => "1998-04-24T15:29:23","version" => "0.5"},{"date" => "1998-04-30T13:13:58","version" => "0.5"},{"date" => "1998-05-12T07:15:48","version" => "0.5"},{"date" => "1998-06-04T16:19:02","version" => "0.6"},{"date" => "1998-06-12T09:54:35","version" => "0.6"},{"date" => "1998-06-22T09:00:32","version" => "0.6"},{"date" => "1998-07-03T13:53:55","version" => "0.6"},{"date" => "1998-07-21T12:10:39","version" => "0.6"},{"date" => "1999-01-31T18:01:47","version" => "0.6"},{"date" => "1999-07-12T13:05:25","version" => "0.6"},{"date" => "1999-09-02T12:47:03","version" => "0.6"},{"date" => "1999-09-14T20:27:23","version" => "v0.6.5"},{"date" => "1999-10-19T19:33:43","version" => "v0.6.6"},{"date" => "1999-10-20T17:10:19","version" => "v0.6.7"},{"date" => "2000-03-02T22:29:53","version" => "v0.6.9"},{"date" => "2000-03-29T18:00:09","version" => "v0.6.10"},{"date" => "2000-04-02T22:12:47","version" => "v0.6.11"},{"date" => "2000-08-03T22:12:31","version" => "v0.7.0"},{"date" => "2000-08-13T20:17:55","version" => "v0.7.1"},{"date" => "2000-08-14T07:27:17","version" => "v0.7.2"},{"date" => "2000-08-23T23:12:01","version" => "v0.7.4"},{"date" => "2000-09-01T19:44:37","version" => "v1.0.0"},{"date" => "2000-09-17T16:56:12","version" => "v1.0.1"},{"date" => "2000-09-28T21:50:42","version" => "v1.0.2"},{"date" => "2000-09-29T19:55:57","version" => "v1.0.3"},{"date" => "2000-10-23T18:12:41","version" => "v1.0.4"},{"date" => "2000-10-26T17:18:33","version" => "v1.0.5"},{"date" => "2000-11-05T17:30:34","version" => "v1.0.6"},{"date" => "2001-01-03T09:48:40","version" => "v1.0.7"},{"date" => "2001-02-17T12:43:23","version" => "v1.0.10"},{"date" => "2001-03-15T00:30:04","version" => "v1.0.11"},{"date" => "2001-07-01T11:30:39","version" => "v1.0.12"},{"date" => "2001-08-28T21:59:16","version" => "v1.0.13"},{"date" => "2001-12-01T13:48:14","version" => "v1.0.14"},{"date" => "2002-05-18T16:48:08","version" => "2.00"},{"date" => "2002-05-28T20:34:47","version" => "2.02"},{"date" => "2002-06-01T04:35:47","version" => "2.03"},{"date" => "2002-06-08T02:11:56","version" => "2.04"},{"date" => "2002-10-03T03:37:51","version" => "2.05"},{"date" => "2002-11-25T12:34:01","version" => "2.06"},{"date" => "2003-05-05T05:21:16","version" => "2.07"},{"date" => "2003-09-05T20:01:37","version" => "2.08"},{"date" => "2004-01-06T01:47:55","version" => "2.09"},{"date" => "2004-03-01T04:28:16","version" => "2.10"},{"date" => "2004-03-17T15:11:57","version" => "2.11"},{"date" => "2004-03-24T03:24:16","version" => "2.12"},{"date" => "2004-06-28T16:41:47","version" => "2.13"},{"date" => "2005-04-25T02:15:51","version" => "2.14"},{"date" => "2005-05-23T17:21:53","version" => "2.15"},{"date" => "2007-03-31T00:51:12","version" => "2.16"},{"date" => "2007-11-16T20:48:24","version" => "2.17"},{"date" => "2007-11-23T18:18:24","version" => "2.18"},{"date" => "2009-05-18T04:18:09","version" => "2.20"},{"date" => "2009-08-06T05:30:04","version" => "2.21"},{"date" => "2010-11-12T17:12:42","version" => "2.23"},{"date" => "2010-11-12T17:29:29","version" => "2.24"},{"date" => "2010-12-11T06:08:33","version" => "2.25"},{"date" => "2011-07-03T04:04:14","version" => "2.29"},{"date" => "2011-07-12T03:59:06","version" => "2.30"},{"date" => "2012-06-07T01:16:46","version" => "2.35"},{"date" => "2012-09-11T01:30:44","version" => "2.38"},{"date" => "2012-09-11T01:38:57","version" => "2.39"},{"date" => "2013-07-13T16:49:48","version" => "2.45"},{"date" => "2014-07-02T11:09:04","version" => "2.51"},{"date" => "2017-01-29T11:41:00","version" => "3.05"},{"date" => "2017-01-30T14:25:11","version" => "3.05_01"},{"date" => "2017-01-30T18:55:50","version" => "3.05_02"},{"date" => "2017-01-31T01:58:36","version" => "3.05_03"},{"date" => "2017-02-02T11:22:12","version" => "3.05_04"},{"date" => "2017-03-05T10:48:10","version" => "3.05_06"},{"date" => "2017-03-05T12:52:10","version" => "3.05_07"},{"date" => "2017-03-11T07:51:19","version" => "3.05_09"},{"date" => "2017-03-14T09:03:54","version" => "3.05_10"},{"date" => "2017-03-29T20:00:48","version" => "3.05_11"},{"date" => "2017-04-19T07:20:42","version" => "3.05_12"},{"date" => "2017-10-15T12:06:30","version" => "3.05_14"},{"date" => "2017-10-21T09:30:17","version" => "3.05_15"},{"date" => "2017-10-21T16:17:28","version" => "3.05_16"},{"date" => "2018-04-19T08:29:33","version" => "3.06"},{"date" => "2018-04-20T16:11:03","version" => "3.05_17"},{"date" => "2018-04-21T10:08:56","version" => "3.08"},{"date" => "2018-04-21T16:50:30","version" => "3.09"},{"date" => "2018-04-27T17:46:19","version" => "3.11"},{"date" => "2018-09-05T15:12:26","version" => "3.11_01"},{"date" => "2019-03-06T12:42:01","version" => "3.12_03"},{"date" => "2019-03-12T09:31:55","version" => "3.12_04"},{"date" => "2019-04-16T07:32:16","version" => "3.14_04"},{"date" => "2019-04-23T13:29:25","version" => "3.15"},{"date" => "2019-05-05T12:46:33","version" => "3.15_04"},{"date" => "2021-08-25T09:06:32","version" => "3.24_50"},{"date" => "2021-08-30T08:39:08","version" => "3.25"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.015"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.19"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "2.15_02"},{"date" => "2009-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011001","version" => "2.22"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "2.26"},{"date" => "2011-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013011","version" => "2.27"},{"date" => "2011-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015","version" => "2.28"},{"date" => "2011-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015001","version" => "2.31"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "2.32"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "2.33"},{"date" => "2011-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015006","version" => "2.34"},{"date" => "2012-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017001","version" => "2.36"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.37"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "2.40"},{"date" => "2013-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017011","version" => "2.41"},{"date" => "2013-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019","version" => "2.42"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.43"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "2.46"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.47"},{"date" => "2013-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019007","version" => "2.48"},{"date" => "2014-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019011","version" => "2.49"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "2.49_01"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "2.52"},{"date" => "2015-02-21T00:00:00","dual_lived" => 1,"perl_release" => "5.021009","version" => "2.53"},{"date" => "2015-12-13T00:00:00","dual_lived" => 1,"perl_release" => "5.022001","version" => "2.53_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.53_02"},{"date" => "2015-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023001","version" => "2.54"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "2.55"},{"date" => "2016-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023009","version" => "2.56"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "2.56_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "2.57"},{"date" => "2016-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025006","version" => "2.58"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "2.59"},{"date" => "2017-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025009","version" => "2.61"},{"date" => "2017-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02501","version" => "2.62"},{"date" => "2017-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027001","version" => "2.63"},{"date" => "2017-08-21T00:00:00","dual_lived" => 1,"perl_release" => "5.027003","version" => "2.64"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "2.65"},{"date" => "2019-04-19T00:00:00","dual_lived" => 1,"perl_release" => "5.028002","version" => "3.08_01"},{"date" => "2018-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029002","version" => "3.12"},{"date" => "2018-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029003","version" => "3.13"},{"date" => "2018-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.029006","version" => "3.14"},{"date" => "2019-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031001","version" => "3.16"},{"date" => "2019-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031003","version" => "3.17"},{"date" => "2019-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031007","version" => "3.18"},{"date" => "2020-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031009","version" => "3.19"},{"date" => "2020-04-28T00:00:00","dual_lived" => 1,"perl_release" => "5.031011","version" => "3.20"},{"date" => "2020-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.032000","version" => "3.21"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "3.22"},{"date" => "2020-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033003","version" => "3.23"},{"date" => "2021-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035003","version" => "3.24"},{"date" => "2022-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035011","version" => "3.26"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "3.27"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.28"},{"date" => "2023-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037008","version" => "3.29"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037010","version" => "3.31"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038","version" => "3.32"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.33"},{"date" => "2024-08-29T00:00:00","dual_lived" => 1,"perl_release" => "5.041003","version" => "3.34"},{"date" => "2024-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041004","version" => "3.35"},{"date" => "2025-03-21T00:00:00","dual_lived" => 1,"perl_release" => "5.041010","version" => "3.36"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "3.37"}]},"String-Compare-ConstantTime" => {"advisories" => [{"affected_versions" => ["<=0.321"],"cves" => ["CVE-2024-13939"],"description" => "String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.  As stated in the documentation: \"If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents).\"  This is similar to\x{a0}CVE-2020-36829","distribution" => "String-Compare-ConstantTime","fixed_versions" => [],"id" => "CPANSA-String-Compare-ConstantTime-2024-13939","references" => ["https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL"],"reported" => "2025-03-28","severity" => undef}],"main_module" => "String::Compare::ConstantTime","versions" => [{"date" => "2012-07-13T00:08:31","version" => "0.20"},{"date" => "2012-10-10T01:38:04","version" => "0.300"},{"date" => "2014-09-24T03:21:54","version" => "0.310"},{"date" => "2015-10-24T21:53:39","version" => "0.311"},{"date" => "2017-02-14T16:57:07","version" => "0.312"},{"date" => "2018-04-23T16:13:42","version" => "0.320"},{"date" => "2019-06-17T13:33:11","version" => "0.321"}]},"Sub-HandlesVia" => {"advisories" => [{"affected_versions" => ["<0.050002"],"cves" => ["CVE-2025-30673"],"description" => "Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be\x{a0}loaded instead of the intended file, potentially leading to arbitrary\x{a0}code execution.  Sub::HandlesVia uses Mite to produce the affected code section due to\x{a0}CVE-2025-30672","distribution" => "Sub-HandlesVia","fixed_versions" => [">=0.050002"],"id" => "CPANSA-Sub-HandlesVia-2025-30673","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/dist/Sub-HandlesVia/changes#L12","https://metacpan.org/release/TOBYINK/Sub-HandlesVia-0.050001/source/lib/Sub/HandlesVia/Mite.pm#L114"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Sub::HandlesVia","versions" => [{"date" => "2020-01-21T12:20:29","version" => "0.001"},{"date" => "2020-01-21T12:44:10","version" => "0.002"},{"date" => "2020-01-21T21:31:54","version" => "0.003"},{"date" => "2020-01-22T20:46:52","version" => "0.004"},{"date" => "2020-01-23T12:15:51","version" => "0.005"},{"date" => "2020-01-23T12:57:19","version" => "0.006"},{"date" => "2020-01-25T18:32:49","version" => "0.007"},{"date" => "2020-01-26T21:21:53","version" => "0.008_000"},{"date" => "2020-01-26T23:51:45","version" => "0.008_001"},{"date" => "2020-01-27T01:42:52","version" => "0.008_002"},{"date" => "2020-01-27T08:53:01","version" => "0.008_003"},{"date" => "2020-01-27T10:55:08","version" => "0.009"},{"date" => "2020-01-27T14:35:32","version" => "0.010"},{"date" => "2020-01-27T20:50:11","version" => "0.011"},{"date" => "2020-02-02T19:19:39","version" => "0.012"},{"date" => "2020-02-04T23:25:52","version" => "0.013"},{"date" => "2020-08-25T12:50:04","version" => "0.014"},{"date" => "2020-09-12T14:08:39","version" => "0.015"},{"date" => "2020-09-20T16:31:29","version" => "0.016"},{"date" => "2022-06-11T11:23:50","version" => "0.017"},{"date" => "2022-06-11T14:29:41","version" => "0.018"},{"date" => "2022-06-11T16:47:08","version" => "0.019"},{"date" => "2022-06-11T20:23:02","version" => "0.020"},{"date" => "2022-06-12T17:24:14","version" => "0.021"},{"date" => "2022-06-14T16:04:34","version" => "0.022"},{"date" => "2022-06-15T01:20:36","version" => "0.023"},{"date" => "2022-06-15T14:42:36","version" => "0.024"},{"date" => "2022-06-16T10:36:27","version" => "0.025"},{"date" => "2022-06-29T23:39:10","version" => "0.026"},{"date" => "2022-06-30T00:10:02","version" => "0.027"},{"date" => "2022-07-01T23:17:41","version" => "0.028"},{"date" => "2022-07-09T18:26:58","version" => "0.029"},{"date" => "2022-07-09T18:32:11","version" => "0.030"},{"date" => "2022-07-09T19:48:20","version" => "0.031"},{"date" => "2022-07-12T19:15:21","version" => "0.032"},{"date" => "2022-08-05T15:26:32","version" => "0.033"},{"date" => "2022-08-07T14:36:37","version" => "0.034"},{"date" => "2022-08-12T14:45:11","version" => "0.035"},{"date" => "2022-08-26T14:46:58","version" => "0.036"},{"date" => "2022-09-26T08:48:59","version" => "0.037"},{"date" => "2022-10-21T14:29:19","version" => "0.038"},{"date" => "2022-10-26T10:30:49","version" => "0.039"},{"date" => "2022-10-27T12:45:21","version" => "0.040"},{"date" => "2022-10-29T15:58:04","version" => "0.041"},{"date" => "2022-10-30T12:28:45","version" => "0.042"},{"date" => "2022-10-31T11:04:11","version" => "0.043"},{"date" => "2022-10-31T18:24:28","version" => "0.044"},{"date" => "2022-11-08T18:45:23","version" => "0.045"},{"date" => "2022-12-16T16:02:25","version" => "0.046"},{"date" => "2023-04-05T21:51:07","version" => "0.050000"},{"date" => "2025-03-23T18:30:54","version" => "0.050001"},{"date" => "2025-03-31T11:34:28","version" => "0.050002"},{"date" => "2025-07-14T21:33:31","version" => "0.050003"},{"date" => "2025-11-10T17:13:26","version" => "0.050004"},{"date" => "2025-11-10T17:24:14","version" => "0.050005"},{"date" => "2025-11-11T22:25:44","version" => "0.050006"},{"date" => "2025-11-15T20:17:13","version" => "0.050007"},{"date" => "2025-11-21T09:14:26","version" => "0.052000"},{"date" => "2026-01-28T23:06:43","version" => "0.053000"},{"date" => "2026-01-29T09:02:27","version" => "0.053001"},{"date" => "2026-01-30T17:28:28","version" => "0.053002"},{"date" => "2026-01-31T23:44:23","version" => "0.053003"},{"date" => "2026-02-01T23:30:36","version" => "0.053004"},{"date" => "2026-02-04T17:17:58","version" => "0.053005"}]},"Sys-Syslog" => {"advisories" => [{"affected_versions" => ["<0.35"],"cves" => ["CVE-2016-1238"],"description" => "Optional modules loaded from loading optional modules from \".\"\n","distribution" => "Sys-Syslog","fixed_versions" => [">=0.35"],"id" => "CPANSA-Sys-Syslog-2016-1238","references" => ["https://metacpan.org/dist/Sys-Syslog/changes","https://rt.cpan.org/Public/Bug/Display.html?id=116543"],"reported" => "2016-07-27","severity" => "high"}],"main_module" => "Sys::Syslog","versions" => [{"date" => "2005-12-06T22:19:29","version" => "0.09"},{"date" => "2005-12-08T01:10:57","version" => "0.10"},{"date" => "2005-12-27T23:49:31","version" => "0.11"},{"date" => "2006-01-07T04:07:20","version" => "0.12"},{"date" => "2006-01-11T01:03:02","version" => "0.13"},{"date" => "2006-05-25T22:42:27","version" => "0.14"},{"date" => "2006-06-10T23:57:12","version" => "0.15"},{"date" => "2006-06-20T21:26:29","version" => "0.16"},{"date" => "2006-07-23T01:51:16","version" => "0.17"},{"date" => "2006-08-28T22:18:29","version" => "0.18"},{"date" => "2007-09-05T09:39:56","version" => "0.19"},{"date" => "2007-09-05T10:23:25","version" => "0.20"},{"date" => "2007-09-13T23:01:59","version" => "0.21"},{"date" => "2007-11-08T00:58:57","version" => "0.22"},{"date" => "2007-11-12T22:42:29","version" => "0.23"},{"date" => "2007-12-31T17:18:56","version" => "0.24"},{"date" => "2008-06-05T23:16:19","version" => "0.25"},{"date" => "2008-06-15T23:49:12","version" => "0.25"},{"date" => "2008-09-21T17:05:08","version" => "0.27"},{"date" => "2009-03-14T03:24:36","version" => "1.00"},{"date" => "2011-04-16T17:01:20","version" => "0.28"},{"date" => "2011-04-18T14:10:00","version" => "0.29"},{"date" => "2012-08-15T01:27:23","version" => "0.30"},{"date" => "2012-08-18T18:07:17","version" => "0.31"},{"date" => "2012-09-14T12:36:22","version" => "0.32"},{"date" => "2013-05-24T00:13:07","version" => "0.33"},{"date" => "2016-05-05T23:20:00","version" => "0.34"},{"date" => "2016-09-01T16:56:39","version" => "0.35"},{"date" => "2019-10-21T22:41:02","version" => "0.36"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006","version" => "0.01"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "0.02"},{"date" => "2002-07-19T00:00:00","dual_lived" => 1,"perl_release" => "5.008","version" => "0.03"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "0.04"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "0.05"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "0.06"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "0.18_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.33_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "0.34_01"}]},"Tcl" => {"advisories" => [{"affected_versions" => [">=0.89,<=1.27"],"cves" => ["CVE-2007-4772"],"description" => "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.\n","distribution" => "Tcl","fixed_versions" => [],"id" => "CPANSA-Tcl-2007-4772-tcl","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894","http://www.postgresql.org/about/news.905","http://www.securityfocus.com/bid/27163","http://securitytracker.com/id?1019157","http://secunia.com/advisories/28359","http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894","http://www.mandriva.com/security/advisories?name=MDVSA-2008:004","https://issues.rpath.com/browse/RPL-1768","http://www.debian.org/security/2008/dsa-1460","http://www.debian.org/security/2008/dsa-1463","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html","http://www.redhat.com/support/errata/RHSA-2008-0038.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1","http://secunia.com/advisories/28376","http://secunia.com/advisories/28438","http://secunia.com/advisories/28437","http://secunia.com/advisories/28454","http://secunia.com/advisories/28464","http://secunia.com/advisories/28477","http://secunia.com/advisories/28479","http://secunia.com/advisories/28455","http://security.gentoo.org/glsa/glsa-200801-15.xml","http://secunia.com/advisories/28679","http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html","http://secunia.com/advisories/28698","http://www.redhat.com/support/errata/RHSA-2008-0040.html","http://www.redhat.com/support/errata/RHSA-2008-0134.html","http://secunia.com/advisories/29070","http://www.mandriva.com/security/advisories?name=MDVSA-2008:059","http://secunia.com/advisories/29248","http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1","http://secunia.com/advisories/29638","http://www.vmware.com/security/advisories/VMSA-2008-0009.html","http://secunia.com/advisories/30535","http://www.vupen.com/english/advisories/2008/1071/references","http://www.vupen.com/english/advisories/2008/0109","http://www.vupen.com/english/advisories/2008/1744","http://www.vupen.com/english/advisories/2008/0061","http://rhn.redhat.com/errata/RHSA-2013-0122.html","http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/39497","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569","https://usn.ubuntu.com/568-1/","http://www.securityfocus.com/archive/1/493080/100/0/threaded","http://www.securityfocus.com/archive/1/486407/100/0/threaded","http://www.securityfocus.com/archive/1/485864/100/0/threaded"],"reported" => "2008-01-09","severity" => undef},{"affected_versions" => [">=0.89,<=1.27"],"cves" => ["CVE-2007-6067"],"description" => "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states.\n","distribution" => "Tcl","fixed_versions" => [],"id" => "CPANSA-Tcl-2007-6067-tcl","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894","http://www.postgresql.org/about/news.905","http://www.securityfocus.com/bid/27163","http://securitytracker.com/id?1019157","http://secunia.com/advisories/28359","http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894","http://www.mandriva.com/security/advisories?name=MDVSA-2008:004","https://issues.rpath.com/browse/RPL-1768","http://www.debian.org/security/2008/dsa-1460","http://www.debian.org/security/2008/dsa-1463","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html","http://www.redhat.com/support/errata/RHSA-2008-0038.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1","http://secunia.com/advisories/28376","http://secunia.com/advisories/28438","http://secunia.com/advisories/28437","http://secunia.com/advisories/28454","http://secunia.com/advisories/28464","http://secunia.com/advisories/28477","http://secunia.com/advisories/28479","http://secunia.com/advisories/28455","http://security.gentoo.org/glsa/glsa-200801-15.xml","http://secunia.com/advisories/28679","http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html","http://secunia.com/advisories/28698","http://www.redhat.com/support/errata/RHSA-2008-0040.html","http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1","http://secunia.com/advisories/29638","http://www.vupen.com/english/advisories/2008/1071/references","http://www.vupen.com/english/advisories/2008/0109","http://www.vupen.com/english/advisories/2008/0061","http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154","http://rhn.redhat.com/errata/RHSA-2013-0122.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/39498","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235","https://usn.ubuntu.com/568-1/","http://www.securityfocus.com/archive/1/486407/100/0/threaded","http://www.securityfocus.com/archive/1/485864/100/0/threaded"],"reported" => "2008-01-09","severity" => undef}],"main_module" => "Tcl","versions" => [{"date" => "1995-08-20T09:21:54","version" => 0},{"date" => "1997-09-18T16:57:00","version" => 0},{"date" => "2001-03-11T23:23:17","version" => 0},{"date" => "2003-05-18T23:45:54","version" => "0.4"},{"date" => "2003-05-25T20:00:11","version" => "0.5"},{"date" => "2003-06-08T08:07:42","version" => "0.6"},{"date" => "2003-07-02T17:33:44","version" => "0.7"},{"date" => "2003-07-03T16:40:09","version" => "0.71"},{"date" => "2003-08-19T20:32:16","version" => "0.72"},{"date" => "2004-03-28T11:29:19","version" => "0.75"},{"date" => "2004-04-17T07:03:50","version" => "0.76"},{"date" => "2004-04-17T09:34:42","version" => "0.77"},{"date" => "2004-05-02T20:16:01","version" => "0.80"},{"date" => "2004-05-09T19:45:16","version" => "0.81"},{"date" => "2004-09-12T22:11:09","version" => "0.84"},{"date" => "2004-12-31T07:20:14","version" => "0.85"},{"date" => "2005-02-02T17:03:47","version" => "0.87"},{"date" => "2005-08-22T20:31:27","version" => "0.88"},{"date" => "2006-05-23T09:36:56","version" => "0.89"},{"date" => "2006-11-11T09:22:01","version" => "0.90"},{"date" => "2006-11-13T17:53:37","version" => "0.91"},{"date" => "2007-06-07T19:50:54","version" => "0.95"},{"date" => "2008-09-06T21:03:59","version" => "0.97"},{"date" => "2009-11-24T01:24:12","version" => "0.98"},{"date" => "2010-11-02T22:20:55","version" => "0.99"},{"date" => "2010-11-23T20:42:35","version" => "1.00"},{"date" => "2011-02-10T09:28:49","version" => "1.01"},{"date" => "2011-02-11T06:06:07","version" => "1.02"},{"date" => "2013-04-12T06:43:49","version" => "1.02_50"},{"date" => "2016-02-21T18:58:43","version" => "1.03"},{"date" => "2016-03-20T15:25:13","version" => "1.04"},{"date" => "2016-06-28T17:10:13","version" => "1.05"},{"date" => "2018-06-23T13:50:33","version" => "1.06"},{"date" => "2018-06-26T20:55:40","version" => "1.07"},{"date" => "2018-06-27T11:47:10","version" => "1.08"},{"date" => "2018-06-27T13:50:27","version" => "1.09"},{"date" => "2018-06-28T08:02:58","version" => "1.10"},{"date" => "2018-07-13T08:35:58","version" => "1.11"},{"date" => "2018-07-14T08:03:20","version" => "1.12"},{"date" => "2018-07-15T11:36:17","version" => "1.15"},{"date" => "2018-07-15T12:22:05","version" => "1.13"},{"date" => "2018-07-15T16:43:59","version" => "1.16"},{"date" => "2018-07-17T11:29:52","version" => "1.17"},{"date" => "2018-07-18T15:54:30","version" => "1.18"},{"date" => "2018-07-19T16:25:01","version" => "1.19"},{"date" => "2018-07-19T19:14:28","version" => "1.20"},{"date" => "2018-07-20T09:58:37","version" => "1.21"},{"date" => "2018-07-20T18:15:43","version" => "1.22"},{"date" => "2018-07-21T17:34:34","version" => "1.23"},{"date" => "2018-07-23T19:28:49","version" => "1.24"},{"date" => "2018-07-25T16:37:19","version" => "1.25"},{"date" => "2018-08-22T08:49:39","version" => "1.27"},{"date" => "2024-01-02T12:27:15","version" => "1.28"},{"date" => "2024-01-02T14:18:57","version" => "1.29"},{"date" => "2024-01-02T16:00:50","version" => "1.30"},{"date" => "2024-01-03T12:37:05","version" => "1.31"},{"date" => "2024-01-06T15:12:10","version" => "1.32"},{"date" => "2025-01-06T19:58:52","version" => "1.50"},{"date" => "2025-01-07T18:25:32","version" => "1.51_01"},{"date" => "2025-01-26T17:49:05","version" => "1.51"},{"date" => "2025-03-16T09:15:07","version" => "1.51_02"},{"date" => "2025-03-16T09:25:42","version" => "1.52"},{"date" => "2025-03-16T14:25:32","version" => "1.53"}]},"Term-ReadLine-Gnu" => {"advisories" => [{"affected_versions" => ["<1.27"],"comment" => "The presense of affected versions of Term-ReadLine-Gnu suggests that a vulnerable version of the readline linrary is installed on the host system.\n","cves" => ["CVE-2014-2524"],"description" => "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.\n","distribution" => "Term-ReadLine-Gnu","external_vulnerability" => {"distributed_version" => "<=6.3","name" => "readline"},"fixed_versions" => [">=1.27"],"id" => "CPANSA-Term-ReadLine-Gnu-2014-2524","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1077023","http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html","http://seclists.org/oss-sec/2014/q1/579","http://seclists.org/oss-sec/2014/q1/587","https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html","http://www.mandriva.com/security/advisories?name=MDVSA-2014:154","http://advisories.mageia.org/MGASA-2014-0319.html","http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html","http://www.mandriva.com/security/advisories?name=MDVSA-2015:132"],"reported" => "2014-08-20","severity" => undef}],"main_module" => "Term::ReadLine::Gnu","versions" => [{"date" => "1997-02-07T02:03:51","version" => "0.06"},{"date" => "1997-03-26T07:17:23","version" => "0.07"},{"date" => "1997-08-25T15:02:01","version" => "0.09"},{"date" => "1998-03-31T15:49:08","version" => "0.10"},{"date" => "1998-04-17T05:23:29","version" => "1.00"},{"date" => "1998-05-13T15:45:47","version" => "1.01"},{"date" => "1998-09-30T16:10:02","version" => "1.03"},{"date" => "1999-02-22T17:28:32","version" => "1.04"},{"date" => "1999-04-10T16:08:54","version" => "1.05"},{"date" => "1999-05-05T14:55:21","version" => "1.06"},{"date" => "1999-07-19T15:13:19","version" => "1.07"},{"date" => "1999-12-30T13:37:18","version" => "1.08"},{"date" => "2000-04-03T18:05:33","version" => "1.09"},{"date" => "2001-04-22T14:23:37","version" => "1.10"},{"date" => "2001-10-28T04:38:19","version" => "1.11"},{"date" => "2002-03-31T05:54:31","version" => "1.12"},{"date" => "2002-07-28T05:07:18","version" => "1.13"},{"date" => "2003-03-17T03:59:29","version" => "1.14"},{"date" => "2004-10-17T20:00:06","version" => "1.15"},{"date" => "2006-04-02T01:36:28","version" => "1.16"},{"date" => "2008-02-07T15:00:09","version" => "1.17"},{"date" => "2008-02-07T15:52:11","version" => "1.17"},{"date" => "2009-02-27T14:14:29","version" => "1.18"},{"date" => "2009-03-20T17:00:37","version" => "1.19"},{"date" => "2010-05-02T14:26:20","version" => "1.20"},{"date" => "2014-03-01T17:19:57","version" => "1.21"},{"date" => "2014-03-05T14:48:24","version" => "1.22"},{"date" => "2014-03-19T15:53:44","version" => "1.23"},{"date" => "2014-03-23T11:58:51","version" => "1.24"},{"date" => "2014-12-20T13:25:24","version" => "1.25"},{"date" => "2015-01-31T12:30:45","version" => "1.26"},{"date" => "2015-09-06T06:03:05","version" => "1.27"},{"date" => "2015-09-21T13:14:52","version" => "1.28"},{"date" => "2016-02-29T14:06:51","version" => "1.29"},{"date" => "2016-03-01T15:55:22","version" => "1.30"},{"date" => "2016-03-06T00:45:52","version" => "1.31"},{"date" => "2016-06-07T15:25:50","version" => "1.32"},{"date" => "2016-06-09T17:11:29","version" => "1.33"},{"date" => "2016-06-12T14:53:40","version" => "1.34"},{"date" => "2016-11-03T14:36:40","version" => "1.35"},{"date" => "2019-01-14T05:39:06","version" => "1.36"},{"date" => "2020-12-27T03:26:23","version" => "1.37"},{"date" => "2021-02-22T09:48:52","version" => "1.38"},{"date" => "2021-02-22T14:36:24","version" => "1.39"},{"date" => "2021-02-23T07:24:27","version" => "1.40"},{"date" => "2021-05-01T14:45:09","version" => "1.41"},{"date" => "2021-05-07T03:30:02","version" => "1.42"},{"date" => "2022-10-01T08:45:18","version" => "1.43"},{"date" => "2022-11-06T14:03:08","version" => "1.44"},{"date" => "2022-11-27T13:23:27","version" => "1.45"},{"date" => "2023-07-01T09:18:33","version" => "1.46"},{"date" => "2025-07-06T02:25:46","version" => "1.47"}]},"Tk" => {"advisories" => [{"affected_versions" => ["<804.029"],"cves" => ["CVE-2006-4484"],"description" => "Buffer overflow in the LWZReadByte_ function in the GD extension in allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.\n","distribution" => "Tk","fixed_versions" => [">=804.029"],"id" => "CPANSA-Tk-2008-01","references" => ["https://metacpan.org/changes/distribution/Tk"],"reported" => "2008-10-01"},{"affected_versions" => [">804.024,<=804.027"],"cves" => ["CVE-2017-12652"],"description" => "libpng before 1.6.32 does not properly check the length of chunks against the user limit.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2017-12652-libpng","references" => ["https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","http://www.securityfocus.com/bid/109269","https://support.f5.com/csp/article/K88124225","https://support.f5.com/csp/article/K88124225?utm_source=f5support&amp;utm_medium=RSS","https://security.netapp.com/advisory/ntap-20220506-0003/"],"reported" => "2019-07-10","severity" => "critical"},{"affected_versions" => [">804.027_500,<=804.036"],"cves" => ["CVE-2017-12652"],"description" => "libpng before 1.6.32 does not properly check the length of chunks against the user limit.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2017-12652-libpng","references" => ["https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","http://www.securityfocus.com/bid/109269","https://support.f5.com/csp/article/K88124225","https://support.f5.com/csp/article/K88124225?utm_source=f5support&amp;utm_medium=RSS","https://security.netapp.com/advisory/ntap-20220506-0003/"],"reported" => "2019-07-10","severity" => "critical"},{"affected_versions" => [">0"],"cves" => ["CVE-2007-4772"],"description" => "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2007-4772-tcl","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894","http://www.postgresql.org/about/news.905","http://www.securityfocus.com/bid/27163","http://securitytracker.com/id?1019157","http://secunia.com/advisories/28359","http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894","http://www.mandriva.com/security/advisories?name=MDVSA-2008:004","https://issues.rpath.com/browse/RPL-1768","http://www.debian.org/security/2008/dsa-1460","http://www.debian.org/security/2008/dsa-1463","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html","http://www.redhat.com/support/errata/RHSA-2008-0038.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1","http://secunia.com/advisories/28376","http://secunia.com/advisories/28438","http://secunia.com/advisories/28437","http://secunia.com/advisories/28454","http://secunia.com/advisories/28464","http://secunia.com/advisories/28477","http://secunia.com/advisories/28479","http://secunia.com/advisories/28455","http://security.gentoo.org/glsa/glsa-200801-15.xml","http://secunia.com/advisories/28679","http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html","http://secunia.com/advisories/28698","http://www.redhat.com/support/errata/RHSA-2008-0040.html","http://www.redhat.com/support/errata/RHSA-2008-0134.html","http://secunia.com/advisories/29070","http://www.mandriva.com/security/advisories?name=MDVSA-2008:059","http://secunia.com/advisories/29248","http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1","http://secunia.com/advisories/29638","http://www.vmware.com/security/advisories/VMSA-2008-0009.html","http://secunia.com/advisories/30535","http://www.vupen.com/english/advisories/2008/1071/references","http://www.vupen.com/english/advisories/2008/0109","http://www.vupen.com/english/advisories/2008/1744","http://www.vupen.com/english/advisories/2008/0061","http://rhn.redhat.com/errata/RHSA-2013-0122.html","http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/39497","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569","https://usn.ubuntu.com/568-1/","http://www.securityfocus.com/archive/1/493080/100/0/threaded","http://www.securityfocus.com/archive/1/486407/100/0/threaded","http://www.securityfocus.com/archive/1/485864/100/0/threaded"],"reported" => "2008-01-09","severity" => undef},{"affected_versions" => [">0"],"cves" => ["CVE-2007-6067"],"description" => "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2007-6067-tcl","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894","http://www.postgresql.org/about/news.905","http://www.securityfocus.com/bid/27163","http://securitytracker.com/id?1019157","http://secunia.com/advisories/28359","http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894","http://www.mandriva.com/security/advisories?name=MDVSA-2008:004","https://issues.rpath.com/browse/RPL-1768","http://www.debian.org/security/2008/dsa-1460","http://www.debian.org/security/2008/dsa-1463","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html","http://www.redhat.com/support/errata/RHSA-2008-0038.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1","http://secunia.com/advisories/28376","http://secunia.com/advisories/28438","http://secunia.com/advisories/28437","http://secunia.com/advisories/28454","http://secunia.com/advisories/28464","http://secunia.com/advisories/28477","http://secunia.com/advisories/28479","http://secunia.com/advisories/28455","http://security.gentoo.org/glsa/glsa-200801-15.xml","http://secunia.com/advisories/28679","http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html","http://secunia.com/advisories/28698","http://www.redhat.com/support/errata/RHSA-2008-0040.html","http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1","http://secunia.com/advisories/29638","http://www.vupen.com/english/advisories/2008/1071/references","http://www.vupen.com/english/advisories/2008/0109","http://www.vupen.com/english/advisories/2008/0061","http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154","http://rhn.redhat.com/errata/RHSA-2013-0122.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/39498","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235","https://usn.ubuntu.com/568-1/","http://www.securityfocus.com/archive/1/486407/100/0/threaded","http://www.securityfocus.com/archive/1/485864/100/0/threaded"],"reported" => "2008-01-09","severity" => undef}],"main_module" => "Tk","versions" => [{"date" => "1995-08-22T23:03:30","version" => 0},{"date" => "1995-12-19T01:56:04","version" => 0},{"date" => "1996-08-29T00:19:01","version" => 0},{"date" => "1996-09-07T01:08:44","version" => "400.200"},{"date" => "1997-01-08T23:27:30","version" => "400.201"},{"date" => "1997-01-25T12:33:02","version" => "400.202"},{"date" => "1997-05-04T20:05:58","version" => "402.000"},{"date" => "1997-06-14T19:17:26","version" => "402.001"},{"date" => "1997-07-18T17:01:40","version" => "402.002"},{"date" => "1997-10-04T15:32:53","version" => "402.003"},{"date" => "1998-01-25T17:07:27","version" => "402.004"},{"date" => "1998-02-07T21:22:00","version" => "402.003"},{"date" => "1998-02-22T19:34:11","version" => "800.000"},{"date" => "1998-03-02T00:12:00","version" => "800.0_01"},{"date" => "1998-03-09T22:37:37","version" => "800.0_02"},{"date" => "1998-03-17T13:43:00","version" => "402.003"},{"date" => "1998-04-01T04:36:00","version" => "402.003"},{"date" => "1998-04-02T18:32:00","version" => "402.003"},{"date" => "1998-04-05T08:37:23","version" => "800.003"},{"date" => "1998-04-19T17:23:45","version" => "800.004"},{"date" => "1998-05-17T18:07:11","version" => "800.005"},{"date" => "1998-06-14T20:30:35","version" => "800.006"},{"date" => "1998-06-26T16:30:23","version" => "800.007"},{"date" => "1998-07-17T16:47:42","version" => "800.008"},{"date" => "1998-08-08T19:31:23","version" => "800.010"},{"date" => "1998-09-01T17:20:02","version" => "800.011"},{"date" => "1998-11-15T14:28:04","version" => "800.012"},{"date" => "1999-03-16T22:13:10","version" => "800.013"},{"date" => "1999-04-05T20:15:39","version" => "800.014"},{"date" => "1999-07-28T22:10:03","version" => "800.015"},{"date" => "2000-01-08T12:48:56","version" => "800.017"},{"date" => "2000-01-08T12:58:16","version" => "800.0_16"},{"date" => "2000-01-22T19:44:55","version" => "800.018"},{"date" => "2000-03-13T16:39:08","version" => "800.019"},{"date" => "2000-03-27T17:01:22","version" => "800.020"},{"date" => "2000-04-21T13:38:21","version" => "800.021"},{"date" => "2000-05-13T09:48:51","version" => "800.022"},{"date" => "2001-05-15T15:07:21","version" => "800.023"},{"date" => "2001-07-14T21:06:00","version" => "800.012"},{"date" => "2002-03-05T16:38:25","version" => "800.024"},{"date" => "2002-03-17T20:30:42","version" => "800.024"},{"date" => "2002-10-13T17:20:55","version" => "804.0_24"},{"date" => "2003-05-02T01:10:54","version" => "v804.024."},{"date" => "2003-09-08T08:13:16","version" => "800.025"},{"date" => "2003-09-28T18:01:55","version" => "804.025"},{"date" => "2003-10-10T18:24:24","version" => "804.025"},{"date" => "2003-10-20T20:44:44","version" => "804.025"},{"date" => "2003-10-27T08:23:07","version" => "804.025"},{"date" => "2003-11-02T22:28:10","version" => "804.025"},{"date" => "2003-11-16T22:15:42","version" => "804.025"},{"date" => "2003-12-02T21:26:56","version" => "804.025"},{"date" => "2003-12-08T08:01:15","version" => "804.025_"},{"date" => "2003-12-11T08:03:20","version" => "804.025"},{"date" => "2003-12-14T20:22:05","version" => "804.025"},{"date" => "2003-12-19T17:42:32","version" => "804.025"},{"date" => "2003-12-21T21:09:10","version" => "804.025_"},{"date" => "2003-12-23T23:19:20","version" => "804.025"},{"date" => "2004-01-12T21:59:01","version" => "804.025"},{"date" => "2004-02-28T17:33:01","version" => "804.025_"},{"date" => "2004-03-07T20:33:56","version" => "804.025_"},{"date" => "2004-03-19T08:10:49","version" => "804.026"},{"date" => "2004-04-11T19:04:25","version" => "804.026"},{"date" => "2007-02-11T08:49:16","version" => "804.027_500"},{"date" => "2007-09-21T22:57:57","version" => "804.027_501"},{"date" => "2007-12-04T21:03:29","version" => "804.027_502"},{"date" => "2007-12-18T22:01:39","version" => "804.028"},{"date" => "2008-10-01T21:48:52","version" => "804.0285"},{"date" => "2008-11-04T22:27:51","version" => "804.028501"},{"date" => "2010-01-30T17:54:07","version" => "804.028502"},{"date" => "2010-05-13T00:00:04","version" => "804.028503"},{"date" => "2010-05-27T19:25:41","version" => "804.029"},{"date" => "2011-06-13T17:53:20","version" => "804.0295"},{"date" => "2011-10-14T19:22:48","version" => "804.029501"},{"date" => "2011-10-17T21:12:41","version" => "804.029502"},{"date" => "2011-10-20T21:08:12","version" => "804.03"},{"date" => "2013-05-17T22:16:24","version" => "804.030500"},{"date" => "2013-05-18T05:01:41","version" => "804.030501"},{"date" => "2013-05-21T07:30:50","version" => "804.030502"},{"date" => "2013-05-25T12:57:05","version" => "804.031"},{"date" => "2013-11-17T11:24:41","version" => "804.031500"},{"date" => "2013-11-18T20:19:08","version" => "804.031501"},{"date" => "2013-12-01T15:07:28","version" => "804.031502"},{"date" => "2013-12-07T13:00:14","version" => "804.031503"},{"date" => "2014-01-26T17:01:07","version" => "804.032"},{"date" => "2014-11-06T21:01:44","version" => "804.032500"},{"date" => "2015-01-31T10:28:08","version" => "804.032501"},{"date" => "2015-02-21T15:54:08","version" => "804.033"},{"date" => "2017-08-20T09:29:42","version" => "804.033500"},{"date" => "2017-08-26T15:26:56","version" => "804.034"},{"date" => "2020-02-23T16:12:23","version" => "804.034500"},{"date" => "2020-03-19T21:02:47","version" => "804.034501"},{"date" => "2020-03-28T19:28:42","version" => "804.035"},{"date" => "2021-02-07T19:55:40","version" => "804.035501"},{"date" => "2021-02-14T12:53:44","version" => "804.036"}]},"UI-Dialog" => {"advisories" => [{"affected_versions" => ["<1.11"],"cves" => [],"description" => "Allows remote attackers to execute arbitrary commands.\n","distribution" => "UI-Dialog","fixed_versions" => [">=1.11"],"id" => "CPANSA-UI-Dialog-2015-01","references" => ["https://metacpan.org/changes/distribution/UI-Dialog"],"reported" => "2015-10-10"},{"affected_versions" => ["<1.03"],"cves" => [],"description" => "CDialog and Whiptail backends usage of the temp files.\n","distribution" => "UI-Dialog","fixed_versions" => [">=1.03"],"id" => "CPANSA-UI-Dialog-2004-01","references" => ["https://metacpan.org/changes/distribution/UI-Dialog"],"reported" => "2004-02-18"},{"affected_versions" => ["<=1.09"],"cves" => ["CVE-2008-7315"],"description" => "UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.\n","distribution" => "UI-Dialog","fixed_versions" => [">1.09"],"id" => "CPANSA-UI-Dialog-2008-7315","references" => ["https://security-tracker.debian.org/tracker/CVE-2008-7315/","https://rt.cpan.org/Public/Bug/Display.html?id=107364","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448","http://www.securityfocus.com/bid/77031/info","http://www.openwall.com/lists/oss-security/2015/10/08/6"],"reported" => "2017-10-10","severity" => "critical"}],"main_module" => "UI::Dialog","versions" => [{"date" => "2004-01-04T10:51:34","version" => "1.00"},{"date" => "2004-01-13T00:08:39","version" => "1.01"},{"date" => "2004-02-15T11:03:37","version" => "1.02"},{"date" => "2004-02-18T16:52:59","version" => "1.03"},{"date" => "2004-02-22T18:34:25","version" => "1.04"},{"date" => "2004-03-18T02:12:03","version" => "1.05"},{"date" => "2004-03-18T16:01:50","version" => "1.06"},{"date" => "2004-07-21T19:59:51","version" => "1.07"},{"date" => "2004-10-05T00:46:22","version" => "1.08"},{"date" => "2013-08-10T09:39:07","version" => "1.09"},{"date" => "2013-08-10T17:09:57","version" => "1.09"},{"date" => "2013-08-19T17:22:00","version" => "1.09"},{"date" => "2016-01-19T19:05:07","version" => "1.11"},{"date" => "2016-01-22T06:42:45","version" => "1.12"},{"date" => "2016-01-30T21:24:56","version" => "1.13"},{"date" => "2016-02-03T02:10:12","version" => "1.14"},{"date" => "2016-02-09T00:11:17","version" => "1.15"},{"date" => "2016-02-10T02:57:43","version" => "1.16"},{"date" => "2016-02-12T05:25:14","version" => "1.17"},{"date" => "2016-02-13T02:56:26","version" => "1.18"},{"date" => "2016-02-21T23:33:48","version" => "1.19"},{"date" => "2016-03-07T02:15:26","version" => "1.20"},{"date" => "2016-04-02T22:17:32","version" => "1.21"}]},"UR" => {"advisories" => [{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "UR","versions" => [{"date" => "2009-06-07T02:56:12","version" => "0.5"},{"date" => "2009-06-07T14:35:30","version" => "0.6"},{"date" => "2009-06-10T13:02:02","version" => "0.7"},{"date" => "2009-06-17T19:58:14","version" => "0.8"},{"date" => "2009-06-19T21:24:12","version" => "0.9"},{"date" => "2009-07-23T02:44:02","version" => "0.010000"},{"date" => "2009-08-08T02:06:36","version" => "v0.11"},{"date" => "2009-09-10T15:29:51","version" => "v0.12"},{"date" => "2010-07-24T01:13:14","version" => "v0.12"},{"date" => "2010-08-03T20:14:01","version" => "v0.12"},{"date" => "2010-09-28T19:29:58","version" => "v0.16"},{"date" => "2010-11-10T17:12:23","version" => "v0.17"},{"date" => "2010-12-10T15:09:46","version" => "v0.17"},{"date" => "2010-12-24T15:27:18","version" => "v0.17"},{"date" => "2011-01-09T22:52:34","version" => "v0.20.0"},{"date" => "2011-01-11T04:01:49","version" => "0.20"},{"date" => "2011-01-12T02:21:39","version" => "v0.20.0"},{"date" => "2011-01-13T01:06:47","version" => "v0.20.0"},{"date" => "2011-01-13T02:53:43","version" => "v0.21.0"},{"date" => "2011-01-13T03:02:18","version" => "v0.22.0"},{"date" => "2011-01-13T03:17:32","version" => "v0.23.0"},{"date" => "2011-01-15T18:02:04","version" => "v0.24.0"},{"date" => "2011-01-15T18:58:48","version" => "0.25"},{"date" => "2011-01-16T18:14:53","version" => "0.26"},{"date" => "2011-01-23T03:21:45","version" => "0.27"},{"date" => "2011-01-23T21:45:44","version" => "0.28"},{"date" => "2011-03-07T16:47:26","version" => "0.29"},{"date" => "2011-03-07T17:30:00","version" => "0.30"},{"date" => "2011-06-29T18:14:31","version" => "0.32"},{"date" => "2011-06-29T19:29:49","version" => "0.32"},{"date" => "2011-06-30T23:11:11","version" => "0.33"},{"date" => "2011-07-26T17:06:49","version" => "0.34"},{"date" => "2011-10-28T20:35:09","version" => "0.35"},{"date" => "2012-01-05T22:13:28","version" => "0.36"},{"date" => "2012-02-03T20:20:16","version" => "0.37"},{"date" => "2012-03-28T20:41:57","version" => "0.38"},{"date" => "2012-03-29T15:18:49","version" => "0.38"},{"date" => "2013-01-31T02:50:56","version" => "0.39"},{"date" => "2013-01-31T19:53:27","version" => "0.391"},{"date" => "2013-01-31T21:45:49","version" => "0.392"},{"date" => "2013-02-25T17:16:34","version" => "0.40"},{"date" => "2013-03-01T21:36:01","version" => "0.41_01"},{"date" => "2013-03-04T17:41:12","version" => "0.41_02"},{"date" => "2013-03-05T14:57:47","version" => "0.41_03"},{"date" => "2013-03-11T16:47:16","version" => "0.41_04"},{"date" => "2013-03-13T16:00:04","version" => "0.41_05"},{"date" => "2013-03-18T18:11:56","version" => "0.41"},{"date" => "2014-06-26T22:26:14","version" => "0.42_01"},{"date" => "2014-06-27T16:57:25","version" => "0.42_02"},{"date" => "2014-06-30T18:50:27","version" => "0.42_03"},{"date" => "2014-07-03T14:36:23","version" => "0.43"},{"date" => "2015-07-06T14:36:22","version" => "0.44"},{"date" => "2016-09-19T21:06:59","version" => "0.44_01"},{"date" => "2016-09-22T20:09:37","version" => "0.45"},{"date" => "2017-03-24T19:46:02","version" => "0.46"},{"date" => "2018-07-30T00:43:07","version" => "0.46"},{"date" => "2018-08-06T14:29:10","version" => "0.47"}]},"Ukigumo-Agent" => {"advisories" => [{"affected_versions" => [">=0.0.7,<=0.1.8"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Agent","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Agent-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "Ukigumo::Agent","versions" => [{"date" => "2013-03-14T03:40:56","version" => "v0.0.1"},{"date" => "2013-03-14T03:50:26","version" => "v0.0.2"},{"date" => "2013-03-14T03:59:34","version" => "v0.0.3"},{"date" => "2013-03-14T05:53:39","version" => "v0.0.5"},{"date" => "2013-03-14T08:46:38","version" => "v0.0.6"},{"date" => "2013-03-27T03:35:38","version" => "0.0.7"},{"date" => "2013-03-28T02:48:36","version" => "0.0.8"},{"date" => "2013-03-30T13:26:16","version" => "0.0.9"},{"date" => "2013-04-01T01:30:42","version" => "0.0.10"},{"date" => "2013-06-16T02:24:50","version" => "v0.0.11"},{"date" => "2014-03-13T10:54:45","version" => "v0.0.12"},{"date" => "2014-03-17T03:51:33","version" => "v0.0.13"},{"date" => "2014-03-17T04:05:38","version" => "v0.0.14"},{"date" => "2014-03-17T15:33:36","version" => "v0.0.15"},{"date" => "2014-03-19T08:49:23","version" => "v0.0.16"},{"date" => "2014-03-27T23:35:17","version" => "v0.1.0"},{"date" => "2014-03-27T23:36:44","version" => "v0.1.1"},{"date" => "2014-04-05T05:50:05","version" => "v0.1.2"},{"date" => "2014-04-06T14:49:08","version" => "v0.1.3"},{"date" => "2014-04-08T06:56:15","version" => "v0.1.4"},{"date" => "2014-05-01T04:34:16","version" => "v0.1.5"},{"date" => "2014-05-02T03:52:32","version" => "v0.1.6"},{"date" => "2014-06-20T02:38:53","version" => "v0.1.7"},{"date" => "2015-10-22T08:21:09","version" => "v0.1.8"}]},"Ukigumo-Server" => {"advisories" => [{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-7746"],"description" => "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7746-chartjs","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376","https://github.com/chartjs/Chart.js/pull/7920","https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374"],"reported" => "2020-10-29","severity" => "high"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Ukigumo::Server","versions" => [{"date" => "2013-10-03T02:13:43","version" => "0.01"},{"date" => "2013-10-03T16:59:57","version" => "v1.0.0"},{"date" => "2013-11-02T00:26:13","version" => "v1.0.1"},{"date" => "2013-11-02T09:29:47","version" => "v1.0.2"},{"date" => "2014-02-20T10:34:17","version" => "v1.1.0"},{"date" => "2014-03-13T10:42:41","version" => "v2.0.0"},{"date" => "2014-03-13T15:34:35","version" => "v2.0.1"},{"date" => "2014-03-14T14:37:37","version" => "v2.0.2"},{"date" => "2014-03-17T15:24:12","version" => "v2.0.3"},{"date" => "2014-04-05T05:47:09","version" => "v2.1.0"},{"date" => "2014-04-06T14:51:57","version" => "v2.1.1"},{"date" => "2014-04-08T07:09:05","version" => "v2.1.2"},{"date" => "2014-04-30T06:46:48","version" => "v2.1.3"},{"date" => "2015-01-23T12:07:31","version" => "v2.1.4"},{"date" => "2018-07-26T05:25:21","version" => "v2.1.5"}]},"UnQLite" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2026-3257"],"description" => "UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library.  UnQLite for Perl embeds the UnQLite library.  Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.","distribution" => "UnQLite","fixed_versions" => [],"id" => "CPANSA-UnQLite-2026-3257","references" => ["https://metacpan.org/release/TOKUHIROM/UnQLite-0.07/source/Changes","https://unqlite.symisc.net/","https://www.cve.org/CVERecord?id=CVE-2025-3791"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "UnQLite","versions" => [{"date" => "2013-07-03T19:04:57","version" => "0.01"},{"date" => "2013-07-05T06:44:50","version" => "0.02"},{"date" => "2013-07-18T03:14:55","version" => "0.03"},{"date" => "2014-08-30T09:37:46","version" => "0.04"},{"date" => "2014-12-23T22:57:03","version" => "0.05"},{"date" => "2026-02-25T01:20:29","version" => "0.06"},{"date" => "2026-02-28T01:51:39","version" => "0.07"}]},"Valiant" => {"advisories" => [{"affected_versions" => ["<0.002011"],"cves" => [],"description" => "closed potential security issue with deeply nested paramters in the DBIC glue code.  This was a hack that could let someone create a child record if you were allowing find_by_unique rather than find by primary key.\n","distribution" => "Valiant","fixed_versions" => [">=0.002011"],"id" => "CPANSA-Valiant-2024-001","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/175","https://github.com/jjn1056/Valiant/commit/242348776cc01e736397767f11f86cc4055817c4"],"reported" => undef,"severity" => undef}],"main_module" => "Valiant","versions" => [{"date" => "2021-02-25T17:30:04","version" => "0.001001"},{"date" => "2021-02-25T17:57:04","version" => "0.001002"},{"date" => "2021-03-04T15:56:07","version" => "0.001003"},{"date" => "2021-04-07T14:42:08","version" => "0.001004"},{"date" => "2021-04-18T12:44:18","version" => "0.001005"},{"date" => "2021-04-20T01:13:20","version" => "0.001006"},{"date" => "2021-09-07T01:06:25","version" => "0.001007"},{"date" => "2021-09-14T14:58:28","version" => "0.001008"},{"date" => "2021-10-01T17:54:48","version" => "0.001009"},{"date" => "2021-10-26T17:09:00","version" => "0.001010"},{"date" => "2021-11-03T21:55:14","version" => "0.001011"},{"date" => "2022-02-27T23:39:59","version" => "0.001012"},{"date" => "2022-03-03T14:37:57","version" => "0.001013"},{"date" => "2022-03-04T15:43:13","version" => "0.001014"},{"date" => "2022-08-03T23:46:42","version" => "0.001015"},{"date" => "2022-09-11T19:09:30","version" => "0.001016"},{"date" => "2022-12-06T23:57:19","version" => "0.001017"},{"date" => "2023-04-06T18:14:16","version" => "0.001018"},{"date" => "2023-04-08T22:55:02","version" => "0.001019"},{"date" => "2023-04-09T19:34:57","version" => "0.001020"},{"date" => "2023-04-10T21:53:58","version" => "0.001021"},{"date" => "2023-04-18T13:17:26","version" => "0.001022"},{"date" => "2023-07-13T01:06:07","version" => "0.001023"},{"date" => "2023-07-14T12:59:23","version" => "0.001024"},{"date" => "2023-08-02T23:49:48","version" => "0.001025"},{"date" => "2023-08-03T22:50:38","version" => "0.001026"},{"date" => "2023-08-11T22:44:06","version" => "0.002001"},{"date" => "2023-08-27T14:18:29","version" => "0.002002"},{"date" => "2023-10-04T17:28:16","version" => "0.002003"},{"date" => "2024-07-29T19:33:48","version" => "0.002004"},{"date" => "2024-10-02T00:46:07","version" => "0.002005"},{"date" => "2024-11-11T21:41:15","version" => "0.002006"},{"date" => "2024-11-26T18:52:22","version" => "0.002007"},{"date" => "2024-11-29T16:12:40","version" => "0.002008"},{"date" => "2024-12-05T17:37:52","version" => "0.002009"},{"date" => "2024-12-07T15:43:12","version" => "0.002010"},{"date" => "2024-12-07T19:59:50","version" => "0.002011"},{"date" => "2024-12-12T22:53:06","version" => "0.002012"},{"date" => "2025-01-02T02:25:00","version" => "0.002013"},{"date" => "2025-01-02T15:12:36","version" => "0.002014"},{"date" => "2025-01-02T16:14:29","version" => "0.002015"},{"date" => "2025-03-02T16:09:42","version" => "0.002016"},{"date" => "2025-03-10T16:29:26","version" => "0.002017"},{"date" => "2025-06-21T13:56:39","version" => "0.002018"},{"date" => "2025-07-10T15:04:52","version" => "0.002019"}]},"WWW-Mechanize" => {"advisories" => [{"affected_versions" => ["<1.05_03"],"cves" => [],"description" => "find_link() uses eval().\n","distribution" => "WWW-Mechanize","fixed_versions" => [">=1.05_03"],"id" => "CPANSA-WWW-Mechanize-2004-01","references" => ["https://metacpan.org/dist/WWW-Mechanize/changes"],"reported" => "2004-10-31","severity" => undef}],"main_module" => "WWW::Mechanize","versions" => [{"date" => "2002-09-10T21:50:10","version" => "0.30"},{"date" => "2002-09-13T20:19:21","version" => "0.31"},{"date" => "2002-10-24T04:25:30","version" => "0.32"},{"date" => "2003-01-16T16:05:31","version" => "0.33"},{"date" => "2003-01-22T23:57:57","version" => "0.35"},{"date" => "2003-02-04T17:40:03","version" => "0.36"},{"date" => "2003-03-04T21:13:29","version" => "0.37"},{"date" => "2003-03-25T05:52:17","version" => "0.38"},{"date" => "2003-04-02T05:31:16","version" => "0.39"},{"date" => "2003-04-20T02:56:53","version" => "0.40"},{"date" => "2003-05-23T04:29:22","version" => "0.41"},{"date" => "2003-05-27T03:44:25","version" => "0.42"},{"date" => "2003-05-29T14:30:01","version" => "0.43"},{"date" => "2003-06-05T17:16:31","version" => "0.44"},{"date" => "2003-06-17T04:25:04","version" => "0.45"},{"date" => "2003-06-20T16:17:58","version" => "0.46"},{"date" => "2003-06-22T03:54:22","version" => "0.47"},{"date" => "2003-06-22T18:56:42","version" => "0.48"},{"date" => "2003-06-23T19:49:13","version" => "0.49"},{"date" => "2003-06-24T14:54:50","version" => "0.50"},{"date" => "2003-06-30T02:43:06","version" => "0.51"},{"date" => "2003-07-08T23:52:55","version" => "0.52"},{"date" => "2003-07-17T17:26:47","version" => "0.53"},{"date" => "2003-07-20T05:50:27","version" => "0.54"},{"date" => "2003-07-22T17:15:43","version" => "0.55"},{"date" => "2003-07-24T17:25:57","version" => "0.56"},{"date" => "2003-08-01T04:36:32","version" => "0.57"},{"date" => "2003-08-15T04:41:26","version" => "0.58"},{"date" => "2003-09-04T05:33:00","version" => "0.59"},{"date" => "2003-09-23T04:32:57","version" => "0.60"},{"date" => "2003-10-06T23:41:02","version" => "0.61"},{"date" => "2003-10-08T01:55:58","version" => "0.62"},{"date" => "2003-10-13T20:24:52","version" => "0.63"},{"date" => "2003-10-24T04:57:15","version" => "0.64"},{"date" => "2003-11-10T06:19:18","version" => "0.65"},{"date" => "2003-11-13T21:09:41","version" => "0.66"},{"date" => "2003-11-26T05:21:34","version" => "0.69_01"},{"date" => "2003-12-01T05:52:38","version" => "0.70"},{"date" => "2003-12-22T05:53:11","version" => "0.71_01"},{"date" => "2003-12-22T21:01:12","version" => "0.71_02"},{"date" => "2004-01-13T04:45:37","version" => "0.72"},{"date" => "2004-02-29T05:58:51","version" => "0.73_01"},{"date" => "2004-03-03T05:57:51","version" => "0.73_02"},{"date" => "2004-03-21T06:08:45","version" => "0.73_03"},{"date" => "2004-03-23T05:41:11","version" => "0.74"},{"date" => "2004-03-28T04:54:18","version" => "0.75_01"},{"date" => "2004-04-05T05:01:50","version" => "0.75_02"},{"date" => "2004-04-08T03:05:29","version" => "0.76"},{"date" => "2004-04-10T05:55:21","version" => "1.00"},{"date" => "2004-04-14T04:14:17","version" => "1.02"},{"date" => "2004-05-27T20:23:15","version" => "1.03_01"},{"date" => "2004-08-17T04:10:41","version" => "1.03_02"},{"date" => "2004-09-16T04:32:03","version" => "1.04"},{"date" => "2004-10-01T02:18:55","version" => "1.05_01"},{"date" => "2004-10-02T22:08:55","version" => "1.05_02"},{"date" => "2004-11-01T03:25:19","version" => "1.05_03"},{"date" => "2004-11-06T05:39:06","version" => "1.05_04"},{"date" => "2004-12-08T21:25:06","version" => "1.06"},{"date" => "2004-12-24T07:08:27","version" => "1.08"},{"date" => "2005-02-02T05:58:14","version" => "1.10"},{"date" => "2005-02-14T06:21:29","version" => "1.11_01"},{"date" => "2005-02-22T04:05:23","version" => "1.11_02"},{"date" => "2005-02-25T05:50:52","version" => "1.12"},{"date" => "2005-04-12T19:32:06","version" => "1.13_01"},{"date" => "2005-08-30T22:32:23","version" => "1.14"},{"date" => "2005-10-28T22:38:43","version" => "1.16"},{"date" => "2006-01-12T22:26:07","version" => "1.17_01"},{"date" => "2006-02-02T06:32:25","version" => "1.18"},{"date" => "2006-08-08T05:13:01","version" => "1.19_02"},{"date" => "2006-08-19T06:44:58","version" => "1.20"},{"date" => "2006-09-18T22:22:26","version" => "1.21_01"},{"date" => "2006-10-04T18:17:54","version" => "1.21_02"},{"date" => "2006-10-07T06:26:26","version" => "1.21_03"},{"date" => "2006-10-08T02:39:57","version" => "1.21_04"},{"date" => "2007-03-02T06:09:51","version" => "1.22"},{"date" => "2007-05-11T21:01:11","version" => "1.24"},{"date" => "2007-05-16T05:27:55","version" => "1.26"},{"date" => "2007-05-22T19:16:39","version" => "1.29_01"},{"date" => "2007-05-25T02:37:45","version" => "1.30"},{"date" => "2007-09-18T04:39:11","version" => "1.31_01"},{"date" => "2007-10-25T16:59:57","version" => "1.31_02"},{"date" => "2007-10-30T17:09:44","version" => "1.32"},{"date" => "2007-12-10T06:39:14","version" => "1.34"},{"date" => "2008-09-28T04:52:28","version" => "1.49_01"},{"date" => "2008-10-27T04:12:02","version" => "1.50"},{"date" => "2008-11-06T21:12:28","version" => "1.51_01"},{"date" => "2008-11-18T07:34:58","version" => "1.51_02"},{"date" => "2008-11-20T17:07:18","version" => "1.51_03"},{"date" => "2008-11-25T15:56:37","version" => "1.52"},{"date" => "2009-01-12T06:51:13","version" => "1.54"},{"date" => "2009-07-06T17:20:24","version" => "1.55_01"},{"date" => "2009-07-10T22:13:25","version" => "1.56"},{"date" => "2009-07-14T03:40:28","version" => "1.58"},{"date" => "2009-08-17T06:04:34","version" => "1.60"},{"date" => "2010-04-11T04:14:18","version" => "1.62"},{"date" => "2010-07-01T15:49:38","version" => "1.64"},{"date" => "2010-09-10T22:10:32","version" => "1.66"},{"date" => "2011-04-07T05:12:31","version" => "1.67_01"},{"date" => "2011-04-21T15:11:30","version" => "1.68"},{"date" => "2011-08-01T21:49:08","version" => "1.69_01"},{"date" => "2011-08-26T17:52:15","version" => "1.70"},{"date" => "2011-11-25T18:39:23","version" => "1.71"},{"date" => "2012-02-02T23:40:39","version" => "1.72"},{"date" => "2012-03-24T16:20:29","version" => "1.72_01"},{"date" => "2012-04-27T00:35:00","version" => "1.72_02"},{"date" => "2013-08-24T04:33:44","version" => "1.73"},{"date" => "2015-01-24T05:52:57","version" => "1.74"},{"date" => "2015-06-03T03:27:34","version" => "1.75"},{"date" => "2016-07-29T16:21:58","version" => "1.76"},{"date" => "2016-08-05T16:58:03","version" => "1.77"},{"date" => "2016-08-08T13:30:07","version" => "1.78"},{"date" => "2016-09-17T04:05:20","version" => "1.79"},{"date" => "2016-09-25T02:46:39","version" => "1.80"},{"date" => "2016-10-06T12:55:47","version" => "1.81"},{"date" => "2016-10-07T13:50:48","version" => "1.82"},{"date" => "2016-10-14T20:59:34","version" => "1.83"},{"date" => "2017-03-07T18:46:19","version" => "1.84"},{"date" => "2017-06-28T22:11:34","version" => "1.85"},{"date" => "2017-07-04T15:51:05","version" => "1.86"},{"date" => "2018-02-07T22:07:28","version" => "1.87"},{"date" => "2018-03-23T15:41:01","version" => "1.88"},{"date" => "2018-10-18T19:56:43","version" => "1.89"},{"date" => "2018-11-12T18:53:49","version" => "1.90"},{"date" => "2019-01-10T19:04:12","version" => "1.91"},{"date" => "2019-08-24T01:02:55","version" => "1.92"},{"date" => "2019-10-04T21:10:14","version" => "1.93"},{"date" => "2019-10-10T13:15:13","version" => "1.94"},{"date" => "2019-10-28T13:17:10","version" => "1.95"},{"date" => "2020-02-21T02:27:01","version" => "1.96"},{"date" => "2020-05-14T00:48:07","version" => "1.97"},{"date" => "2020-05-25T17:08:10","version" => "1.98"},{"date" => "2020-06-08T15:44:13","version" => "1.99"},{"date" => "2020-06-09T19:17:21","version" => "2.00"},{"date" => "2020-09-18T17:52:29","version" => "2.01"},{"date" => "2020-10-13T13:53:04","version" => "2.02"},{"date" => "2020-11-10T14:49:20","version" => "2.03"},{"date" => "2021-08-06T12:35:04","version" => "2.04"},{"date" => "2021-09-21T14:23:14","version" => "2.05"},{"date" => "2021-10-25T21:00:18","version" => "2.06"},{"date" => "2022-04-29T15:40:57","version" => "2.07"},{"date" => "2022-05-30T17:33:59","version" => "2.08"},{"date" => "2022-06-14T14:22:59","version" => "2.09"},{"date" => "2022-07-04T21:09:58","version" => "2.10"},{"date" => "2022-07-17T17:27:26","version" => "2.11"},{"date" => "2022-07-20T06:47:33","version" => "2.12"},{"date" => "2022-07-29T09:50:42","version" => "2.13"},{"date" => "2022-08-15T19:26:39","version" => "2.14"},{"date" => "2022-08-21T08:24:07","version" => "2.15"},{"date" => "2023-02-11T12:11:44","version" => "2.16"},{"date" => "2023-04-27T15:49:35","version" => "2.17"},{"date" => "2024-01-30T14:34:27","version" => "2.18"},{"date" => "2024-09-16T15:28:35","version" => "2.19"},{"date" => "2025-10-22T19:06:27","version" => "2.20"}]},"WWW-OAuth" => {"advisories" => [{"affected_versions" => ["<=1.000"],"cves" => ["CVE-2025-40905"],"description" => "WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.","distribution" => "WWW-OAuth","fixed_versions" => [">=1.001"],"id" => "CPANSA-WWW-OAuth-2025-40905","references" => ["https://metacpan.org/release/DBOOK/WWW-OAuth-1.000/source/lib/WWW/OAuth.pm#L86","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","http://www.openwall.com/lists/oss-security/2026/02/13/1"],"reported" => "2026-02-13","severity" => undef}],"main_module" => "WWW::OAuth","versions" => [{"date" => "2016-01-31T07:53:39","version" => "0.001"},{"date" => "2016-02-01T04:23:38","version" => "0.002"},{"date" => "2016-05-19T04:37:32","version" => "0.003"},{"date" => "2016-11-23T22:30:34","version" => "0.004"},{"date" => "2016-12-09T03:50:40","version" => "0.005"},{"date" => "2016-12-10T04:46:51","version" => "0.006"},{"date" => "2018-09-17T23:08:53","version" => "1.000"},{"date" => "2025-01-06T09:16:26","version" => "1.001"},{"date" => "2025-01-15T01:57:07","version" => "1.002"},{"date" => "2025-04-25T09:28:55","version" => "1.003"}]},"WWW-ORCID" => {"advisories" => [{"affected_versions" => [">=0.02"],"cves" => ["CVE-2021-3822"],"description" => "jsoneditor is vulnerable to Inefficient Regular Expression Complexity\n","distribution" => "WWW-ORCID","fixed_versions" => [],"id" => "CPANSA-WWW-ORCID-2021-3822-jsoneditor","references" => ["https://github.com/josdejong/jsoneditor/commit/092e386cf49f2a1450625617da8e0137ed067c3e","https://huntr.dev/bounties/1e3ed803-b7ed-42f1-a4ea-c4c75da9de73"],"reported" => "2021-09-27","severity" => "high"}],"main_module" => "WWW::ORCID","versions" => [{"date" => "2013-05-23T15:40:49","version" => "0.01"},{"date" => "2013-05-23T18:36:32","version" => "0.0101"},{"date" => "2015-04-22T12:01:16","version" => "0.0102"},{"date" => "2015-09-01T12:23:38","version" => "0.02"},{"date" => "2017-08-07T13:35:26","version" => "0.02_01"},{"date" => "2017-08-08T08:31:22","version" => "0.0201"},{"date" => "2017-08-08T08:46:24","version" => "0.0201_01"},{"date" => "2017-08-08T09:23:10","version" => "0.03_01"},{"date" => "2017-08-10T07:31:58","version" => "0.03_02"},{"date" => "2017-08-11T14:09:25","version" => "0.03_03"},{"date" => "2017-08-18T13:59:11","version" => "0.04"},{"date" => "2017-08-18T15:12:32","version" => "0.0401"},{"date" => "2019-06-21T12:29:19","version" => "0.0402"}]},"WWW-UsePerl-Server" => {"advisories" => [{"affected_versions" => ["==0.36"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "WWW-UsePerl-Server","fixed_versions" => [],"id" => "CPANSA-WWW-UsePerl-Server-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "WWW::UsePerl::Server","versions" => [{"date" => "2012-05-05T19:00:47","version" => "0.36"}]},"Web-API" => {"advisories" => [{"affected_versions" => ["<=2.8"],"cves" => ["CVE-2024-57868"],"description" => "Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Web::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Web-API","fixed_versions" => [">2.8"],"id" => "CPANSA-Web-API-2024-57868","references" => ["https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L20","https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L348","https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Web::API","versions" => [{"date" => "2013-01-07T00:40:46","version" => "0.4"},{"date" => "2013-01-07T01:20:59","version" => "0.5"},{"date" => "2013-01-12T20:34:30","version" => "0.6"},{"date" => "2013-02-28T02:17:58","version" => "0.7"},{"date" => "2013-03-05T20:49:09","version" => "0.8"},{"date" => "2013-05-06T06:15:17","version" => "0.9"},{"date" => "2013-09-13T19:52:23","version" => "1.0"},{"date" => "2013-09-16T21:17:08","version" => "1.1"},{"date" => "2013-09-24T16:34:33","version" => "1.2"},{"date" => "2013-09-25T21:59:25","version" => "1.3"},{"date" => "2013-10-28T04:52:47","version" => "1.4"},{"date" => "2013-10-30T11:32:40","version" => "1.5"},{"date" => "2013-12-18T00:33:16","version" => "1.6"},{"date" => "2014-03-06T11:15:31","version" => "1.7"},{"date" => "2014-03-27T11:28:58","version" => "1.8"},{"date" => "2014-07-02T15:27:23","version" => "1.9"},{"date" => "2014-11-26T16:03:35","version" => "2.0"},{"date" => "2014-11-27T02:30:18","version" => "2.1"},{"date" => "2014-12-19T01:19:05","version" => "2.2"},{"date" => "2017-05-09T12:30:47","version" => "2.2.1"},{"date" => "2017-05-10T13:33:17","version" => "2.3.0"},{"date" => "2017-06-12T15:35:44","version" => "2.2.2"},{"date" => "2017-10-21T05:34:45","version" => "2.2.3"},{"date" => "2018-12-25T10:23:53","version" => "2.3"},{"date" => "2018-12-25T10:58:10","version" => "2.3.1"},{"date" => "2019-01-07T12:26:54","version" => "2.4.0"},{"date" => "2019-01-15T04:02:07","version" => "2.4.1"},{"date" => "2019-11-18T02:38:25","version" => "2.5"},{"date" => "2019-11-26T05:00:01","version" => "2.6"},{"date" => "2020-05-02T07:58:13","version" => "2.7"},{"date" => "2024-04-09T16:02:08","version" => "2.8"}]},"WebService-Xero" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-52322"],"description" => "WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "WebService-Xero","fixed_versions" => [],"id" => "CPANSA-WebService-Xero-2024-52322","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "WebService::Xero","versions" => [{"date" => "2016-11-29T16:57:37","version" => "0.10"},{"date" => "2016-11-30T16:52:01","version" => "0.11"}]},"Wight-Chart" => {"advisories" => [{"affected_versions" => ["==0.003"],"cves" => ["CVE-2020-7746"],"description" => "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.\n","distribution" => "Wight-Chart","fixed_versions" => [],"id" => "CPANSA-Wight-Chart-2020-7746-chartjs","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376","https://github.com/chartjs/Chart.js/pull/7920","https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374"],"reported" => "2020-10-29","severity" => "high"}],"main_module" => "Wight::Chart","versions" => [{"date" => "2013-08-27T12:23:48","version" => "0.003"}]},"Win32-File-Summary" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2018-12015"],"description" => "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-12015","https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5"],"reported" => "2018-06-12","severity" => "medium"},{"affected_versions" => [">0"],"cves" => ["CVE-2007-4829"],"description" => "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2007-4829","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=29517","https://bugzilla.redhat.com/show_bug.cgi?id=295021","http://rt.cpan.org/Public/Bug/Display.html?id=30380","https://issues.rpath.com/browse/RPL-1716","http://www.securityfocus.com/bid/26355","http://secunia.com/advisories/27539","http://osvdb.org/40410","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-2","http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml","http://secunia.com/advisories/33116","http://www.vupen.com/english/advisories/2007/3755","https://exchange.xforce.ibmcloud.com/vulnerabilities/38285","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"],"reported" => "2007-11-02","severity" => undef},{"affected_versions" => [">0"],"cves" => ["CVE-2016-1238"],"description" => "'(1) cpan/Win32-File-Summary/bin/ptar, (2) cpan/Win32-File-Summary/bin/ptardiff, (3) cpan/Win32-File-Summary/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.'\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=1.00,<=1.10"],"cves" => ["CVE-2016-4570"],"description" => "The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.\n","distribution" => "Win32-File-Summary","fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-4570-mxml","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1334648","http://www.openwall.com/lists/oss-security/2016/05/11/14","http://www.openwall.com/lists/oss-security/2016/05/09/16","http://www.securityfocus.com/bid/90315","https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"],"reported" => "2017-02-03","severity" => "medium"},{"affected_versions" => [">=1.00,<=1.10"],"cves" => ["CVE-2016-4571"],"description" => "The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.\n","distribution" => "Win32-File-Summary","fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-4571-mxml","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1334648","http://www.openwall.com/lists/oss-security/2016/05/11/14","http://www.openwall.com/lists/oss-security/2016/05/09/16","http://www.securityfocus.com/bid/90315","https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"],"reported" => "2017-02-03","severity" => "medium"}],"main_module" => "Win32::File::Summary","versions" => [{"date" => "2005-04-24T18:36:18","version" => "0.01"},{"date" => "2005-04-25T15:18:03","version" => "0.01"},{"date" => "2005-04-30T12:09:11","version" => "0.01"},{"date" => "2005-05-17T09:52:46","version" => "0.01"},{"date" => "2005-08-06T18:10:08","version" => "0.01"},{"date" => "2005-08-24T04:39:30","version" => "0.01"},{"date" => "2006-06-11T14:15:36","version" => "0.01"}]},"Win32-Printer" => {"advisories" => [{"affected_versions" => [">=0.7.0,<=0.7.1"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.8.0,<=0.8.3"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => ["==0.8.4"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.9.0,<=0.9.1"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.7.0,<0.9.0"],"cves" => ["CVE-2016-9601"],"description" => "ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2016-9601-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601","https://bugs.ghostscript.com/show_bug.cgi?id=697457","http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092","https://www.debian.org/security/2017/dsa-3817","https://security.gentoo.org/glsa/201706-24","http://www.securityfocus.com/bid/97095"],"reported" => "2018-04-24","severity" => "medium"},{"affected_versions" => [">=0.9.0,<=0.9.1"],"cves" => ["CVE-2016-9601"],"description" => "ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2016-9601-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601","https://bugs.ghostscript.com/show_bug.cgi?id=697457","http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092","https://www.debian.org/security/2017/dsa-3817","https://security.gentoo.org/glsa/201706-24","http://www.securityfocus.com/bid/97095"],"reported" => "2018-04-24","severity" => "medium"}],"main_module" => "Win32::Printer","versions" => [{"date" => "2003-08-05T07:57:55","version" => "v0.6.1"},{"date" => "2003-08-05T08:26:35","version" => "v0.6.1"},{"date" => "2003-08-14T12:07:09","version" => "v0.6.2"},{"date" => "2003-08-31T16:02:18","version" => "v0.6.3"},{"date" => "2003-09-01T14:26:20","version" => "v0.6.3.1"},{"date" => "2003-09-22T14:05:39","version" => "v0.6.4"},{"date" => "2003-10-12T17:37:04","version" => "v0.6.5"},{"date" => "2003-10-28T13:16:47","version" => "v0.6.6"},{"date" => "2003-11-03T08:07:09","version" => "v0.6.6.1"},{"date" => "2004-01-08T01:49:39","version" => "v0.7.0"},{"date" => "2004-03-11T12:29:29","version" => "v0.7.1"},{"date" => "2004-04-22T13:37:23","version" => "v0.8.0"},{"date" => "2004-06-22T07:26:31","version" => "v0.8.1"},{"date" => "2004-08-09T09:53:52","version" => "v0.8.2"},{"date" => "2004-08-11T12:35:45","version" => "v0.8.3"},{"date" => "2004-11-04T07:45:40","version" => "v0.8.4"},{"date" => "2005-02-07T11:06:58","version" => "v0.9.0"},{"date" => "2008-04-28T07:49:03","version" => "v0.9.1"}]},"XAO-Web" => {"advisories" => [{"affected_versions" => ["<1.84"],"cves" => ["CVE-2020-36827"],"description" => "Embedded HTML in JSON data was not escaped.\n","distribution" => "XAO-Web","fixed_versions" => [">=1.84"],"id" => "CPANSA-XAO-Web-2020-01","references" => ["https://github.com/amaltsev/XAO-Web/commit/20dd1d3bc5b811503f5722a16037b60197fe7ef4","https://metacpan.org/release/AMALTSEV/XAO-Web-1.84/changes"],"reported" => "2020-09-18","severity" => undef}],"main_module" => "XAO::Web","versions" => [{"date" => "2002-01-03T03:05:25","version" => "1.0"},{"date" => "2002-01-04T02:47:11","version" => "1.01"},{"date" => "2002-01-04T03:44:00","version" => "1.02"},{"date" => "2002-03-19T04:56:54","version" => "1.03"},{"date" => "2002-11-09T02:33:07","version" => "1.04"},{"date" => "2003-11-13T02:15:48","version" => "1.05"},{"date" => "2003-11-13T07:09:31","version" => "1.05"},{"date" => "2005-01-14T01:48:49","version" => "1.06"},{"date" => "2005-02-01T03:24:39","version" => "1.07"},{"date" => "2017-04-19T20:26:55","version" => "1.45"},{"date" => "2017-04-20T00:32:26","version" => "1.46"},{"date" => "2017-05-01T19:57:48","version" => "1.47"},{"date" => "2018-07-07T00:42:57","version" => "1.68"},{"date" => "2018-07-07T03:29:38","version" => "1.69"},{"date" => "2018-07-07T16:38:26","version" => "1.70"},{"date" => "2018-07-30T13:35:32","version" => "1.71"},{"date" => "2018-10-20T00:50:11","version" => "1.72"},{"date" => "2018-10-25T19:16:09","version" => "1.73"},{"date" => "2018-10-30T01:27:58","version" => "1.74"},{"date" => "2019-01-10T02:17:29","version" => "1.75"},{"date" => "2019-03-02T17:38:20","version" => "1.76"},{"date" => "2019-04-26T23:13:56","version" => "1.77"},{"date" => "2019-11-20T20:52:59","version" => "1.78"},{"date" => "2019-12-24T02:26:57","version" => "1.79"},{"date" => "2020-01-10T01:19:32","version" => "1.80"},{"date" => "2020-07-21T02:08:41","version" => "1.81"},{"date" => "2020-08-26T22:28:48","version" => "1.82"},{"date" => "2020-08-26T23:19:26","version" => "1.83"},{"date" => "2020-09-18T03:22:46","version" => "1.84"},{"date" => "2020-09-22T23:47:44","version" => "1.85"},{"date" => "2020-09-23T00:51:16","version" => "1.86"},{"date" => "2021-06-08T22:38:04","version" => "1.87"},{"date" => "2022-04-09T02:06:50","version" => "1.88"},{"date" => "2022-07-02T00:05:43","version" => "1.89"},{"date" => "2022-12-08T04:50:55","version" => "1.90"},{"date" => "2023-05-22T21:52:57","version" => "1.91"},{"date" => "2025-04-03T00:49:02","version" => "1.92"},{"date" => "2025-04-03T02:01:24","version" => "1.93"}]},"XML-Atom" => {"advisories" => [{"affected_versions" => ["<0.39"],"cves" => ["CVE-2012-1102"],"description" => "It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.\n","distribution" => "XML-Atom","fixed_versions" => [],"id" => "CPANSA-XML-Atom-2012-1102","references" => ["https://seclists.org/oss-sec/2012/q1/549","https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes"],"reported" => "2021-07-09","severity" => "high"}],"main_module" => "XML::Atom","versions" => [{"date" => "2003-09-08T04:47:09","version" => "0.01"},{"date" => "2003-09-28T23:11:32","version" => "0.02"},{"date" => "2003-12-05T09:20:27","version" => "0.03"},{"date" => "2003-12-15T08:03:04","version" => "0.04"},{"date" => "2003-12-15T17:10:29","version" => "0.041"},{"date" => "2004-01-06T05:04:22","version" => "0.05"},{"date" => "2004-04-24T23:47:03","version" => "0.06"},{"date" => "2004-05-16T01:13:46","version" => "0.07"},{"date" => "2004-06-02T06:05:57","version" => "0.08"},{"date" => "2004-07-30T05:49:54","version" => "0.09"},{"date" => "2005-01-01T00:20:55","version" => "0.10"},{"date" => "2005-02-24T03:19:08","version" => "0.11"},{"date" => "2005-06-07T05:13:21","version" => "0.12"},{"date" => "2005-07-19T21:00:39","version" => "0.12_01"},{"date" => "2005-08-16T21:46:06","version" => "0.12_02"},{"date" => "2005-08-18T07:18:26","version" => "0.13"},{"date" => "2005-09-14T05:38:53","version" => "0.13_01"},{"date" => "2005-10-21T04:55:40","version" => "0.14"},{"date" => "2005-11-01T05:55:40","version" => "0.15"},{"date" => "2005-11-22T21:17:26","version" => "0.16"},{"date" => "2006-02-22T23:24:00","version" => "0.17"},{"date" => "2006-03-16T06:14:49","version" => "0.18"},{"date" => "2006-03-19T05:03:12","version" => "0.19"},{"date" => "2006-04-30T16:49:38","version" => "0.19_01"},{"date" => "2006-07-07T06:39:52","version" => "0.19_03"},{"date" => "2006-07-12T03:44:58","version" => "0.20"},{"date" => "2006-07-12T17:44:49","version" => "0.21"},{"date" => "2006-07-19T10:42:43","version" => "0.21_01"},{"date" => "2006-07-20T08:07:49","version" => "0.21_02"},{"date" => "2006-07-21T10:15:06","version" => "0.21_03"},{"date" => "2006-07-24T20:00:37","version" => "0.22"},{"date" => "2006-08-27T05:53:47","version" => "0.22_01"},{"date" => "2006-08-27T06:42:17","version" => "0.23"},{"date" => "2006-11-25T23:03:57","version" => "0.24"},{"date" => "2006-11-30T23:14:23","version" => "0.25"},{"date" => "2007-04-27T20:57:39","version" => "0.25_01"},{"date" => "2007-06-20T19:23:36","version" => "0.25_02"},{"date" => "2007-09-16T04:24:44","version" => "0.26"},{"date" => "2007-09-16T04:41:58","version" => "0.27"},{"date" => "2007-10-04T20:30:48","version" => "0.27_01"},{"date" => "2007-11-06T21:08:06","version" => "0.28"},{"date" => "2008-10-26T00:27:44","version" => "0.29"},{"date" => "2008-11-12T22:45:37","version" => "0.30"},{"date" => "2008-11-13T21:19:34","version" => "0.31"},{"date" => "2008-11-23T22:07:41","version" => "0.32"},{"date" => "2009-01-07T02:00:59","version" => "0.33"},{"date" => "2009-04-29T17:46:03","version" => "0.34"},{"date" => "2009-05-01T23:42:30","version" => "0.35"},{"date" => "2009-12-21T22:02:23","version" => "0.36"},{"date" => "2009-12-29T02:32:53","version" => "0.37"},{"date" => "2011-05-23T02:57:51","version" => "0.38"},{"date" => "2011-06-21T04:07:51","version" => "0.39"},{"date" => "2011-09-18T19:43:27","version" => "0.40"},{"date" => "2011-09-27T01:44:56","version" => "0.41"},{"date" => "2017-05-12T05:34:02","version" => "0.42"},{"date" => "2021-04-28T20:40:29","version" => "0.43"}]},"XML-DT" => {"advisories" => [{"affected_versions" => ["<0.64"],"cves" => ["CVE-2014-5260"],"description" => "The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.\n","distribution" => "XML-DT","fixed_versions" => [],"id" => "CPANSA-XML-DT-2014-5260","references" => ["http://openwall.com/lists/oss-security/2014/08/15/8","https://metacpan.org/diff/file?target=AMBS/XML-DT-0.64/&source=AMBS/XML-DT-0.63/","https://metacpan.org/source/AMBS/XML-DT-0.66/Changes","https://bugs.debian.org/756566"],"reported" => "2014-08-16","severity" => undef}],"main_module" => "XML::DT","versions" => [{"date" => "1999-07-30T13:04:11","version" => "0.11"},{"date" => "2000-04-07T09:24:55","version" => "0.14"},{"date" => "2000-09-19T17:03:40","version" => "0.15"},{"date" => "2000-10-16T16:21:54","version" => "0.16"},{"date" => "2000-11-30T12:37:27","version" => "0.19"},{"date" => "2002-03-07T17:54:06","version" => "0.20"},{"date" => "2002-05-28T12:35:07","version" => "0.21"},{"date" => "2002-12-20T17:31:58","version" => "0.22"},{"date" => "2002-12-27T09:10:47","version" => "0.23"},{"date" => "2003-02-20T16:16:43","version" => "0.24"},{"date" => "2003-06-17T10:15:16","version" => "v0.24.1"},{"date" => "2003-10-09T08:12:32","version" => "0.25"},{"date" => "2003-10-13T07:47:22","version" => "0.25"},{"date" => "2003-11-14T10:55:50","version" => "0.27"},{"date" => "2003-12-16T14:25:13","version" => "0.28"},{"date" => "2004-01-07T11:38:24","version" => "0.29"},{"date" => "2004-01-22T11:25:21","version" => "0.30"},{"date" => "2004-08-09T17:43:41","version" => "0.31"},{"date" => "2004-09-20T19:15:56","version" => "0.32"},{"date" => "2004-10-03T19:21:18","version" => "0.33"},{"date" => "2004-10-30T14:43:29","version" => "0.34"},{"date" => "2004-11-15T16:39:19","version" => "0.35"},{"date" => "2004-11-19T17:29:05","version" => "0.36"},{"date" => "2004-11-21T16:27:45","version" => "0.37"},{"date" => "2004-12-24T16:34:24","version" => "0.38"},{"date" => "2005-03-22T12:05:18","version" => "0.39"},{"date" => "2005-04-06T08:14:46","version" => "0.40"},{"date" => "2005-07-20T20:28:06","version" => "0.41"},{"date" => "2005-09-18T16:06:11","version" => "0.42"},{"date" => "2006-05-15T09:08:21","version" => "0.43"},{"date" => "2006-05-15T09:33:07","version" => "0.44"},{"date" => "2006-05-16T14:14:36","version" => "0.45"},{"date" => "2006-11-03T09:39:12","version" => "0.46"},{"date" => "2006-11-23T18:14:09","version" => "0.47"},{"date" => "2008-02-20T22:00:02","version" => "0.48"},{"date" => "2008-02-20T22:16:45","version" => "0.49"},{"date" => "2008-02-21T22:02:53","version" => "0.50"},{"date" => "2008-02-22T17:19:12","version" => "0.51"},{"date" => "2008-10-22T09:12:08","version" => "0.52"},{"date" => "2009-01-18T20:10:36","version" => "0.53"},{"date" => "2010-11-19T16:27:23","version" => "0.54"},{"date" => "2011-02-12T22:08:27","version" => "0.55"},{"date" => "2011-02-12T22:09:55","version" => "0.56"},{"date" => "2012-04-07T20:30:58","version" => "0.57"},{"date" => "2012-04-09T10:19:15","version" => "0.58"},{"date" => "2012-06-05T13:37:08","version" => "0.59"},{"date" => "2012-06-25T16:57:54","version" => "0.60"},{"date" => "2012-06-25T17:04:58","version" => "0.61"},{"date" => "2012-06-25T19:02:40","version" => "0.62"},{"date" => "2013-03-25T22:27:48","version" => "0.63"},{"date" => "2014-07-31T19:46:44","version" => "0.64"},{"date" => "2014-08-01T13:00:43","version" => "0.65"},{"date" => "2014-08-15T20:17:39","version" => "0.66"},{"date" => "2015-03-15T18:28:49","version" => "0.67"},{"date" => "2015-09-29T08:06:14","version" => "0.68"},{"date" => "2019-04-22T17:01:30","version" => "0.69"}]},"XML-LibXML" => {"advisories" => [{"affected_versions" => ["<2.0120"],"cves" => ["CVE-2015-3451"],"description" => "The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.\n","distribution" => "XML-LibXML","fixed_versions" => [">=2.0120"],"id" => "CPANSA-XML-LibXML-2015-01","references" => ["https://metacpan.org/changes/distribution/XML-LibXML"],"reported" => "2015-04-23"},{"affected_versions" => ["<2.0129"],"cves" => ["CVE-2017-10672"],"description" => "Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.\n","distribution" => "XML-LibXML","fixed_versions" => [">=2.0129"],"id" => "CPANSA-XML-LibXML-2017-01","references" => ["https://www.debian.org/security/2017/dsa-4042","https://rt.cpan.org/Public/Bug/Display.html?id=122246","https://lists.debian.org/debian-lts-announce/2017/11/msg00017.html"],"reported" => "2015-04-23"}],"main_module" => "XML::LibXML","versions" => [{"date" => "2001-05-18T11:31:21","version" => "0.91"},{"date" => "2001-06-03T07:47:14","version" => "0.92"},{"date" => "2001-06-09T16:52:26","version" => "0.93"},{"date" => "2001-06-10T08:54:23","version" => "0.94"},{"date" => "2001-06-21T10:07:56","version" => "0.96"},{"date" => "2001-06-29T20:39:47","version" => "0.97"},{"date" => "2001-07-20T16:08:25","version" => "0.99"},{"date" => "2001-08-07T10:13:29","version" => "1.00"},{"date" => "2001-11-14T11:39:59","version" => "1.30"},{"date" => "2001-11-25T17:25:52","version" => "1.31"},{"date" => "2002-03-13T14:24:12","version" => "1.40"},{"date" => "2002-05-11T21:07:22","version" => "1.49"},{"date" => "2002-05-20T11:33:20","version" => "1.50"},{"date" => "2002-05-31T16:53:50","version" => "1.51"},{"date" => "2002-06-12T10:16:35","version" => "1.52"},{"date" => "2002-09-14T21:02:38","version" => "1.53"},{"date" => "2002-10-26T15:21:51","version" => "1.54_0"},{"date" => "2002-11-08T10:03:05","version" => "1.54_1"},{"date" => "2002-11-08T18:15:20","version" => "1.54_2"},{"date" => "2002-11-15T20:14:58","version" => "1.54_3"},{"date" => "2003-05-22T23:44:39","version" => "1.54_4"},{"date" => "2003-05-30T18:46:39","version" => "1.54"},{"date" => "2003-08-19T21:15:43","version" => "1.55"},{"date" => "2003-08-25T13:39:01","version" => "1.56"},{"date" => "2004-02-29T16:56:42","version" => "1.57"},{"date" => "2004-03-31T19:49:55","version" => "1.58"},{"date" => "2004-04-04T11:42:03","version" => "1.58_1"},{"date" => "2006-08-02T10:59:49","version" => "1.59"},{"date" => "2006-08-26T18:11:05","version" => "1.60"},{"date" => "2006-09-24T15:43:20","version" => "1.61"},{"date" => "2006-09-25T07:21:39","version" => "1.61"},{"date" => "2006-09-25T07:42:26","version" => "1.61"},{"date" => "2006-09-25T11:38:04","version" => "1.61"},{"date" => "2006-11-18T09:57:51","version" => "1.62"},{"date" => "2006-11-25T09:10:37","version" => "1.62"},{"date" => "2007-04-16T11:46:21","version" => "1.63"},{"date" => "2007-09-09T21:51:03","version" => "1.64"},{"date" => "2007-09-25T16:37:46","version" => "1.65"},{"date" => "2008-01-29T21:10:45","version" => "1.66"},{"date" => "2008-11-04T14:26:16","version" => "1.67"},{"date" => "2008-11-05T13:32:59","version" => "1.68"},{"date" => "2008-11-11T21:00:56","version" => "1.69"},{"date" => "2009-01-23T22:30:52","version" => "1.69_1"},{"date" => "2009-02-06T19:12:24","version" => "1.69_2"},{"date" => "2009-10-07T12:31:25","version" => "1.70"},{"date" => "2011-06-14T17:01:30","version" => "1.71"},{"date" => "2011-06-16T16:40:11","version" => "1.72"},{"date" => "2011-06-18T08:35:40","version" => "1.73"},{"date" => "2011-06-23T12:27:53","version" => "1.74"},{"date" => "2011-06-24T16:02:54","version" => "1.75"},{"date" => "2011-06-30T18:20:41","version" => "1.76"},{"date" => "2011-07-01T19:31:51","version" => "1.77"},{"date" => "2011-07-06T17:27:49","version" => "1.78"},{"date" => "2011-07-08T17:06:33","version" => "1.79"},{"date" => "2011-07-12T20:39:51","version" => "1.80"},{"date" => "2011-07-16T15:36:21","version" => "1.81"},{"date" => "2011-07-20T20:49:05","version" => "1.82"},{"date" => "2011-07-23T11:34:22","version" => "1.83"},{"date" => "2011-07-23T20:17:26","version" => "1.84"},{"date" => "2011-08-24T14:08:28","version" => "1.85"},{"date" => "2011-08-25T08:46:56","version" => "1.86"},{"date" => "2011-08-27T11:07:44","version" => "1.87"},{"date" => "2011-09-21T10:01:23","version" => "1.88"},{"date" => "2011-12-24T07:47:30","version" => "1.89"},{"date" => "2012-01-08T19:01:33","version" => "1.90"},{"date" => "2012-02-21T12:02:10","version" => "1.91"},{"date" => "2012-02-21T17:03:56","version" => "1.92"},{"date" => "2012-02-27T09:18:12","version" => "1.93"},{"date" => "2012-03-03T20:10:26","version" => "1.94"},{"date" => "2012-03-06T08:42:27","version" => "1.95"},{"date" => "2012-03-16T19:05:40","version" => "1.96"},{"date" => "2012-04-30T17:35:11","version" => "1.97"},{"date" => "2012-05-13T18:06:03","version" => "1.98"},{"date" => "2012-05-31T07:25:35","version" => "1.99"},{"date" => "2012-06-19T20:07:27","version" => "2.0000"},{"date" => "2012-06-20T16:53:03","version" => "2.0001"},{"date" => "2012-07-08T15:12:36","version" => "2.0002"},{"date" => "2012-07-27T15:22:53","version" => "2.0003"},{"date" => "2012-08-07T20:06:48","version" => "2.0004"},{"date" => "2012-10-13T11:23:03","version" => "2.0005"},{"date" => "2012-10-13T20:34:57","version" => "2.0006"},{"date" => "2012-10-17T17:05:13","version" => "2.0007"},{"date" => "2012-10-22T10:13:20","version" => "2.0008"},{"date" => "2012-11-01T14:29:13","version" => "2.0009"},{"date" => "2012-11-01T18:16:34","version" => "2.0010"},{"date" => "2012-11-07T22:29:47","version" => "2.0011"},{"date" => "2012-11-09T04:42:04","version" => "2.0012"},{"date" => "2012-12-04T15:46:46","version" => "2.0013"},{"date" => "2012-12-05T09:13:26","version" => "2.0014"},{"date" => "2013-04-12T23:35:55","version" => "2.0015"},{"date" => "2013-04-13T19:39:51","version" => "2.0016"},{"date" => "2013-05-09T08:07:47","version" => "2.0017"},{"date" => "2013-05-13T10:44:19","version" => "2.0018"},{"date" => "2013-07-01T08:08:50","version" => "2.0019"},{"date" => "2013-08-14T05:27:26","version" => "2.0100"},{"date" => "2013-08-15T05:34:30","version" => "2.0101"},{"date" => "2013-08-19T12:18:31","version" => "2.0102"},{"date" => "2013-08-22T05:35:19","version" => "2.0103"},{"date" => "2013-08-30T09:38:04","version" => "2.0104"},{"date" => "2013-09-07T17:24:00","version" => "2.0105"},{"date" => "2013-09-17T16:14:51","version" => "2.0106"},{"date" => "2013-10-31T07:16:02","version" => "2.0107"},{"date" => "2013-12-17T09:10:53","version" => "2.0108"},{"date" => "2014-01-31T08:01:23","version" => "2.0109"},{"date" => "2014-02-01T14:14:02","version" => "2.0110"},{"date" => "2014-03-05T15:31:25","version" => "2.0111"},{"date" => "2014-03-13T18:19:10","version" => "2.0112"},{"date" => "2014-03-14T12:15:54","version" => "2.0113"},{"date" => "2014-04-03T13:01:06","version" => "2.0114"},{"date" => "2014-04-03T13:15:41","version" => "2.0115"},{"date" => "2014-04-12T08:10:37","version" => "2.0116"},{"date" => "2014-10-26T16:31:29","version" => "2.0117"},{"date" => "2015-02-05T10:57:03","version" => "2.0118"},{"date" => "2015-04-23T07:14:45","version" => "2.0119"},{"date" => "2015-05-01T09:50:18","version" => "2.0120"},{"date" => "2015-05-03T12:08:06","version" => "2.0121"},{"date" => "2015-09-01T09:02:29","version" => "2.0122"},{"date" => "2015-12-06T13:19:22","version" => "2.0123"},{"date" => "2016-02-27T11:21:08","version" => "2.0124"},{"date" => "2016-05-30T09:24:51","version" => "2.0125"},{"date" => "2016-06-24T16:21:00","version" => "2.0126"},{"date" => "2016-07-22T17:40:51","version" => "2.0127"},{"date" => "2016-07-24T09:15:48","version" => "2.0128"},{"date" => "2017-03-14T13:37:23","version" => "2.0129"},{"date" => "2017-10-18T08:45:49","version" => "2.0130"},{"date" => "2017-10-24T08:57:20","version" => "2.0131"},{"date" => "2017-10-28T17:58:34","version" => "2.0132"},{"date" => "2019-02-02T11:11:30","version" => "2.0133"},{"date" => "2019-02-10T15:02:55","version" => "2.0134"},{"date" => "2019-03-23T08:54:34","version" => "2.0200"},{"date" => "2019-05-25T17:46:46","version" => "2.0201"},{"date" => "2020-01-13T09:16:50","version" => "2.0202"},{"date" => "2020-03-11T06:48:19","version" => "2.0203"},{"date" => "2020-03-17T16:33:17","version" => "2.0204"},{"date" => "2020-05-08T11:36:06","version" => "2.0205"},{"date" => "2020-09-15T08:06:58","version" => "2.0206"},{"date" => "2021-04-17T08:16:22","version" => "2.0207"},{"date" => "2022-09-30T03:29:15","version" => "2.0208"},{"date" => "2023-07-15T06:04:39","version" => "2.0209"},{"date" => "2024-01-24T15:19:39","version" => "2.0210"}]},"XML-Sig" => {"advisories" => [{"affected_versions" => [">=0.27,<=0.67"],"cves" => ["CVE-2025-40934"],"description" => "XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.  An attacker can remove the signature from the XML document to make it pass the verification check.  XML-Sig is a Perl module to validate signatures on XML files.\x{a0} An unsigned XML file should return an error message.\x{a0} The affected versions return true when attempting to validate an XML file that contains no signatures.","distribution" => "XML-Sig","fixed_versions" => [">=0.68"],"id" => "CPANSA-XML-Sig-2025-40934","references" => ["https://github.com/perl-net-saml2/perl-XML-Sig/issues/63","https://github.com/perl-net-saml2/perl-XML-Sig/pull/64"],"reported" => "2025-11-26","severity" => undef}],"main_module" => "XML::Sig","versions" => [{"date" => "2009-10-28T23:54:04","version" => "0.1"},{"date" => "2009-10-29T05:20:59","version" => "0.2"},{"date" => "2009-11-20T04:35:13","version" => "0.2.1"},{"date" => "2009-11-20T05:09:41","version" => "0.21"},{"date" => "2009-12-08T18:00:44","version" => "0.22"},{"date" => "2020-06-27T03:58:29","version" => "0.27"},{"date" => "2020-06-27T14:35:14","version" => "0.28"},{"date" => "2020-11-29T23:46:03","version" => "0.29"},{"date" => "2020-11-30T03:29:19","version" => "0.30"},{"date" => "2020-12-02T22:36:05","version" => "0.31"},{"date" => "2020-12-03T01:18:15","version" => "0.32"},{"date" => "2020-12-07T00:59:38","version" => "0.33"},{"date" => "2020-12-07T02:29:37","version" => "0.34"},{"date" => "2021-01-08T01:28:22","version" => "0.35"},{"date" => "2021-01-08T11:50:22","version" => "0.36"},{"date" => "2021-01-10T02:50:59","version" => "0.37"},{"date" => "2021-01-10T15:27:25","version" => "0.38"},{"date" => "2021-01-13T00:29:13","version" => "0.39"},{"date" => "2021-03-13T02:24:22","version" => "0.40"},{"date" => "2021-03-13T13:33:53","version" => "0.41"},{"date" => "2021-03-15T00:03:02","version" => "0.42"},{"date" => "2021-03-15T01:18:04","version" => "0.43"},{"date" => "2021-03-20T14:15:36","version" => "0.44"},{"date" => "2021-03-20T21:28:09","version" => "0.45"},{"date" => "2021-03-27T16:02:51","version" => "0.46"},{"date" => "2021-03-28T14:31:07","version" => "0.47"},{"date" => "2021-04-10T00:47:31","version" => "0.48"},{"date" => "2021-04-10T13:01:06","version" => "0.49"},{"date" => "2021-04-18T22:43:29","version" => "0.50"},{"date" => "2021-07-03T22:46:09","version" => "0.51"},{"date" => "2021-11-27T19:48:18","version" => "0.52"},{"date" => "2021-11-28T15:08:21","version" => "0.53"},{"date" => "2021-12-05T17:16:00","version" => "0.54"},{"date" => "2021-12-07T22:14:01","version" => "0.55"},{"date" => "2022-03-16T00:06:40","version" => "0.56"},{"date" => "2022-04-15T22:57:47","version" => "0.57"},{"date" => "2022-07-19T00:46:35","version" => "0.58"},{"date" => "2022-11-25T02:26:53","version" => "0.59"},{"date" => "2023-03-13T00:29:05","version" => "0.60"},{"date" => "2023-03-13T00:44:20","version" => "0.61"},{"date" => "2023-03-18T23:22:43","version" => "0.62"},{"date" => "2023-03-19T12:59:49","version" => "0.63"},{"date" => "2023-06-26T22:04:31","version" => "0.64"},{"date" => "2023-11-21T22:39:12","version" => "0.65"},{"date" => "2025-05-09T00:13:19","version" => "0.66"},{"date" => "2025-11-07T22:27:16","version" => "0.67"},{"date" => "2025-11-26T22:29:54","version" => "0.68"},{"date" => "2026-01-11T00:19:14","version" => "0.69"}]},"XML-Simple" => {"advisories" => [{"affected_versions" => ["<2.25"],"cves" => [],"description" => "The No. 4 item on the OWASP top 10 is external XML entities. When using XML::Parser, XML::Simple is currently vulnerable by default.\n","distribution" => "XML-Simple","fixed_versions" => [">=2.25"],"id" => "CPANSA-XML-Simple-2018-01","references" => ["https://metacpan.org/dist/XML-Simple/changes","https://github.com/grantm/xml-simple/pull/8"],"reported" => "2018-02-18","severity" => undef}],"main_module" => "XML::Simple","versions" => [{"date" => "1999-11-29T02:30:19","version" => "1.00"},{"date" => "1999-12-01T11:02:42","version" => "1.01"},{"date" => "2000-03-05T20:58:37","version" => "1.03"},{"date" => "2000-04-03T04:12:07","version" => "1.04"},{"date" => "2000-08-30T23:40:57","version" => "1.05"},{"date" => "2001-11-19T22:04:26","version" => "1.06"},{"date" => "2002-02-05T22:46:39","version" => "1.07"},{"date" => "2002-02-09T22:43:03","version" => "1.08"},{"date" => "2002-02-14T22:13:24","version" => "1.08_01"},{"date" => "2002-12-08T08:23:26","version" => "2.00"},{"date" => "2002-12-11T09:56:59","version" => "2.01"},{"date" => "2002-12-15T08:21:09","version" => "2.02"},{"date" => "2003-01-20T07:54:05","version" => "2.03"},{"date" => "2003-04-10T10:25:56","version" => "2.04"},{"date" => "2003-04-16T10:22:00","version" => "2.05"},{"date" => "2003-05-18T08:50:04","version" => "2.06"},{"date" => "2003-05-20T08:53:19","version" => "2.07"},{"date" => "2003-06-13T10:31:53","version" => "2.08"},{"date" => "2003-09-09T09:43:24","version" => "2.09"},{"date" => "2004-02-29T10:18:06","version" => "2.10"},{"date" => "2004-03-02T08:29:33","version" => "2.11"},{"date" => "2004-04-05T09:29:23","version" => "2.12"},{"date" => "2004-11-17T09:06:18","version" => "2.13"},{"date" => "2005-01-29T05:16:40","version" => "2.14"},{"date" => "2006-10-03T01:33:47","version" => "2.15"},{"date" => "2006-10-30T08:33:07","version" => "2.16"},{"date" => "2007-08-02T10:47:38","version" => "2.17"},{"date" => "2007-08-15T10:39:25","version" => "2.18"},{"date" => "2012-06-17T11:28:59","version" => "2.19_01"},{"date" => "2012-06-19T08:34:33","version" => "2.19_02"},{"date" => "2012-06-20T10:01:37","version" => "2.20"},{"date" => "2015-12-04T03:35:12","version" => "2.21"},{"date" => "2015-12-04T22:08:47","version" => "2.22"},{"date" => "2017-04-17T03:49:52","version" => "2.23"},{"date" => "2017-04-17T04:12:48","version" => "2.24"},{"date" => "2018-03-18T03:19:24","version" => "2.25"}]},"XML-Twig" => {"advisories" => [{"affected_versions" => ["<1.39"],"cves" => ["CVE-2016-9180"],"description" => "perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.\n","distribution" => "XML-Twig","fixed_versions" => [">=1.39"],"id" => "CPANSA-XML-Twig-2016-9180","references" => ["http://www.securityfocus.com/bid/94219","http://www.openwall.com/lists/oss-security/2016/11/04/2","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00033.html","https://rt.cpan.org/Public/Bug/Display.html?id=118097"],"reported" => "2016-12-22","severity" => "critical"}],"main_module" => "XML::Twig","versions" => [{"date" => "1999-10-05T22:25:47","version" => "1.6"},{"date" => "1999-12-07T16:53:28","version" => "1.7"},{"date" => "1999-12-17T17:03:18","version" => "1.8"},{"date" => "2000-02-18T00:39:24","version" => "1.9"},{"date" => "2000-03-24T23:22:37","version" => "1.10"},{"date" => "2000-06-05T19:27:48","version" => "2.00"},{"date" => "2000-08-18T12:10:46","version" => "2.01"},{"date" => "2001-01-16T09:14:14","version" => "2.02"},{"date" => "2002-01-09T16:33:44","version" => "3.00"},{"date" => "2002-01-09T17:01:53","version" => "3.01"},{"date" => "2002-01-16T14:11:04","version" => "3.02"},{"date" => "2002-03-26T14:40:14","version" => "3.03"},{"date" => "2002-04-02T04:57:42","version" => "3.04"},{"date" => "2002-07-09T16:02:36","version" => "3.05"},{"date" => "2002-09-17T17:07:34","version" => "3.06"},{"date" => "2002-09-17T20:03:49","version" => "3.07"},{"date" => "2002-09-17T21:57:09","version" => "3.08"},{"date" => "2002-11-11T07:42:10","version" => "3.09"},{"date" => "2003-06-09T19:35:52","version" => "3.10"},{"date" => "2003-09-24T13:23:47","version" => "3.11"},{"date" => "2004-01-29T15:20:30","version" => "3.12"},{"date" => "2004-02-02T07:13:15","version" => "3.13"},{"date" => "2004-03-17T15:39:18","version" => "3.14"},{"date" => "2004-04-05T08:30:51","version" => "3.15"},{"date" => "2005-02-11T17:51:59","version" => "3.16"},{"date" => "2005-03-16T14:06:47","version" => "3.17"},{"date" => "2005-08-08T12:22:25","version" => "3.18"},{"date" => "2005-08-10T16:22:28","version" => "3.19"},{"date" => "2005-08-11T13:51:56","version" => "3.20"},{"date" => "2005-08-12T12:59:54","version" => "3.21"},{"date" => "2005-10-14T16:27:05","version" => "3.22"},{"date" => "2006-01-23T14:26:19","version" => "3.23"},{"date" => "2006-05-09T08:56:08","version" => "3.24"},{"date" => "2006-05-10T11:07:37","version" => "3.25"},{"date" => "2006-07-01T11:18:04","version" => "3.26"},{"date" => "2007-01-05T17:23:58","version" => "3.28"},{"date" => "2007-01-22T09:42:28","version" => "3.29"},{"date" => "2007-11-06T14:49:35","version" => "3.30"},{"date" => "2007-11-07T19:29:27","version" => "3.31"},{"date" => "2007-11-13T20:40:13","version" => "3.32"},{"date" => "2010-01-15T17:14:59","version" => "3.33"},{"date" => "2010-01-18T19:31:16","version" => "3.34"},{"date" => "2010-05-16T05:25:45","version" => "3.35"},{"date" => "2010-10-07T09:55:43","version" => "3.36"},{"date" => "2010-10-10T05:53:41","version" => "3.37"},{"date" => "2011-02-27T06:57:30","version" => "3.38"},{"date" => "2011-09-22T01:30:24","version" => "3.39"},{"date" => "2012-05-10T10:44:35","version" => "3.40"},{"date" => "2012-08-08T20:31:00","version" => "3.41"},{"date" => "2012-11-08T12:28:17","version" => "3.42"},{"date" => "2013-05-13T08:47:04","version" => "3.44"},{"date" => "2014-03-01T08:34:52","version" => "3.45"},{"date" => "2014-03-05T11:25:33","version" => "3.46"},{"date" => "2014-03-29T10:30:09","version" => "3.47"},{"date" => "2014-03-30T09:01:59","version" => "3.48"},{"date" => "2015-04-12T09:17:47","version" => "3.49"},{"date" => "2016-11-22T15:01:43","version" => "3.50"},{"date" => "2016-11-23T12:34:37","version" => "3.51"},{"date" => "2016-11-23T17:21:16","version" => "3.52"},{"date" => "2024-12-13T15:34:19","version" => "3.53"},{"date" => "2025-06-11T09:49:17","version" => "3.54"}]},"YAML" => {"advisories" => [{"affected_versions" => ["<1.28"],"cves" => [],"description" => "Loading globs is easily exploitable.\n","distribution" => "YAML","fixed_versions" => [">=1.28"],"id" => "CPANSA-YAML-2019-01","references" => ["https://github.com/ingydotnet/yaml-pm/issues/212"],"reported" => "2019-04-27","severity" => undef},{"affected_versions" => ["<1.25"],"cves" => [],"description" => "YAML loader can run DESTROY method of object created with perl/* tag.\n","distribution" => "YAML","fixed_versions" => [">=1.25"],"id" => "CPANSA-YAML-2017-01","references" => ["https://github.com/ingydotnet/yaml-pm/issues/176"],"reported" => "2017-05-10","severity" => undef}],"main_module" => "YAML","versions" => [{"date" => "2001-12-19T10:33:57","version" => "0.25"},{"date" => "2002-01-10T06:33:41","version" => "0.26"},{"date" => "2002-01-15T22:34:34","version" => "0.30"},{"date" => "2002-06-25T06:25:48","version" => "0.35"},{"date" => "2004-01-20T09:22:57","version" => "0.49_01"},{"date" => "2005-01-31T06:49:59","version" => "0.36"},{"date" => "2005-03-31T02:57:10","version" => "0.37"},{"date" => "2005-03-31T10:16:09","version" => "0.38"},{"date" => "2005-04-12T22:41:53","version" => "0.39"},{"date" => "2005-04-25T19:42:26","version" => "0.39"},{"date" => "2005-12-25T19:27:42","version" => "0.49_70"},{"date" => "2006-01-10T05:55:16","version" => "0.50"},{"date" => "2006-01-14T19:47:39","version" => "0.50"},{"date" => "2006-01-18T23:03:28","version" => "0.52"},{"date" => "2006-01-19T19:13:35","version" => "0.53"},{"date" => "2006-01-30T02:22:33","version" => "0.54"},{"date" => "2006-01-30T03:11:55","version" => "0.55"},{"date" => "2006-01-30T18:41:21","version" => "0.56"},{"date" => "2006-02-02T07:36:12","version" => "0.56"},{"date" => "2006-02-14T21:21:22","version" => "0.58"},{"date" => "2006-07-01T05:16:14","version" => "0.60"},{"date" => "2006-07-02T20:36:06","version" => "0.61"},{"date" => "2006-07-03T22:52:48","version" => "0.62"},{"date" => "2007-06-20T23:18:21","version" => "0.63"},{"date" => "2007-06-21T23:29:30","version" => "0.64"},{"date" => "2007-06-22T00:58:23","version" => "0.65"},{"date" => "2007-09-27T09:16:07","version" => "0.66"},{"date" => "2008-12-01T10:57:39","version" => "0.67"},{"date" => "2008-12-04T09:07:34","version" => "0.68"},{"date" => "2009-08-10T05:19:57","version" => "0.69_01"},{"date" => "2009-08-10T12:44:33","version" => "0.69_02"},{"date" => "2009-08-10T17:23:08","version" => "0.70"},{"date" => "2010-01-03T01:52:05","version" => "0.71"},{"date" => "2010-09-01T02:04:50","version" => "0.72"},{"date" => "2011-04-19T10:57:00","version" => "0.73"},{"date" => "2011-09-25T20:06:34","version" => "0.74"},{"date" => "2011-09-26T22:47:06","version" => "0.75"},{"date" => "2011-09-28T10:06:35","version" => "0.76"},{"date" => "2011-09-29T16:29:20","version" => "0.77"},{"date" => "2012-01-02T07:55:05","version" => "0.78"},{"date" => "2012-02-09T01:26:43","version" => "0.79"},{"date" => "2012-02-10T20:57:18","version" => "0.80"},{"date" => "2012-04-19T18:04:48","version" => "0.81"},{"date" => "2012-07-12T18:51:27","version" => "0.82"},{"date" => "2012-07-13T15:45:29","version" => "0.83"},{"date" => "2012-07-13T18:19:24","version" => "0.84"},{"date" => "2013-11-24T15:44:47","version" => "0.85"},{"date" => "2013-11-26T16:43:45","version" => "0.86"},{"date" => "2013-12-01T05:53:16","version" => "0.87"},{"date" => "2013-12-03T05:30:33","version" => "0.88"},{"date" => "2014-02-08T22:12:24","version" => "0.89"},{"date" => "2014-02-10T16:45:22","version" => "0.90"},{"date" => "2014-05-27T21:16:01","version" => "0.91"},{"date" => "2014-05-29T03:07:13","version" => "0.92"},{"date" => "2014-06-14T05:33:25","version" => "0.93"},{"date" => "2014-06-14T17:34:58","version" => "0.94"},{"date" => "2014-06-20T19:10:04","version" => "0.95"},{"date" => "2014-07-14T05:59:12","version" => "0.96"},{"date" => "2014-07-17T06:38:34","version" => "0.97"},{"date" => "2014-07-30T19:33:24","version" => "0.98"},{"date" => "2014-08-07T00:57:08","version" => "0.99"},{"date" => "2014-08-07T07:36:47","version" => "1.00"},{"date" => "2014-08-07T21:49:48","version" => "1.01"},{"date" => "2014-08-16T04:11:27","version" => "1.02"},{"date" => "2014-08-16T10:33:26","version" => "1.03"},{"date" => "2014-08-16T15:30:43","version" => "1.04"},{"date" => "2014-08-16T20:04:31","version" => "1.05"},{"date" => "2014-08-16T23:51:52","version" => "1.06"},{"date" => "2014-08-18T15:40:59","version" => "1.07"},{"date" => "2014-08-18T17:23:04","version" => "1.08"},{"date" => "2014-08-19T23:42:23","version" => "1.09"},{"date" => "2014-08-29T05:54:45","version" => "1.10"},{"date" => "2014-08-30T03:10:03","version" => "1.11"},{"date" => "2014-09-22T15:25:30","version" => "1.12"},{"date" => "2014-10-11T16:07:22","version" => "1.13"},{"date" => "2015-01-17T23:33:39","version" => "1.14"},{"date" => "2015-04-18T15:04:42","version" => "1.15"},{"date" => "2016-07-03T17:53:34","version" => "1.16"},{"date" => "2016-07-05T20:04:45","version" => "1.16_001"},{"date" => "2016-07-05T20:10:01","version" => "1.16_002"},{"date" => "2016-07-05T20:21:25","version" => "1.17"},{"date" => "2016-07-08T14:53:24","version" => "1.18"},{"date" => "2016-11-11T22:44:07","version" => "1.18_001"},{"date" => "2016-11-18T18:46:59","version" => "1.19"},{"date" => "2016-11-27T20:27:37","version" => "1.19_001"},{"date" => "2016-12-02T21:21:40","version" => "1.20"},{"date" => "2016-12-02T22:00:08","version" => "1.20_001"},{"date" => "2016-12-07T21:17:58","version" => "1.20_002"},{"date" => "2016-12-23T20:20:06","version" => "1.21"},{"date" => "2017-02-14T22:24:38","version" => "1.22"},{"date" => "2017-02-19T21:08:48","version" => "1.23"},{"date" => "2017-05-12T15:06:03","version" => "1.23_001"},{"date" => "2017-05-14T13:15:34","version" => "1.23_002"},{"date" => "2017-10-29T22:09:18","version" => "1.23_003"},{"date" => "2017-10-30T19:33:07","version" => "1.24"},{"date" => "2018-05-06T19:10:48","version" => "1.24_001"},{"date" => "2018-05-10T16:22:16","version" => "1.24_002"},{"date" => "2018-05-11T17:59:33","version" => "1.25"},{"date" => "2018-05-12T11:43:38","version" => "1.25_001"},{"date" => "2018-05-17T13:00:07","version" => "1.25_002"},{"date" => "2018-05-18T19:58:16","version" => "1.26"},{"date" => "2018-10-18T19:46:23","version" => "1.26_001"},{"date" => "2018-11-03T13:02:53","version" => "1.27"},{"date" => "2019-04-27T13:41:56","version" => "1.27_001"},{"date" => "2019-04-28T09:46:43","version" => "1.28"},{"date" => "2019-05-05T11:31:39","version" => "1.28_001"},{"date" => "2019-05-11T08:28:01","version" => "1.29"},{"date" => "2020-01-27T22:10:33","version" => "1.30"},{"date" => "2023-12-27T15:11:23","version" => "1.31"}]},"YAML-LibYAML" => {"advisories" => [{"affected_versions" => ["<0.69"],"cves" => [],"description" => "Need SafeLoad and SafeDump analog to python\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.69"],"id" => "CPANSA-YAML-LibYAML-2016-01","references" => ["https://github.com/ingydotnet/yaml-libyaml-pm/issues/45"],"reported" => "2016-03-10","severity" => undef},{"affected_versions" => ["<0.53"],"cves" => ["CVE-2014-9130"],"description" => "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.54"],"id" => "CPANSA-YAML-LibYAML-2014-9130","references" => ["http://www.openwall.com/lists/oss-security/2014/11/29/3","http://www.openwall.com/lists/oss-security/2014/11/28/8","https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2","http://www.securityfocus.com/bid/71349","http://secunia.com/advisories/59947","https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure","http://secunia.com/advisories/60944","http://www.openwall.com/lists/oss-security/2014/11/28/1","http://linux.oracle.com/errata/ELSA-2015-0100.html","http://secunia.com/advisories/62723","http://secunia.com/advisories/62705","http://secunia.com/advisories/62774","http://www.ubuntu.com/usn/USN-2461-2","http://www.ubuntu.com/usn/USN-2461-3","http://www.ubuntu.com/usn/USN-2461-1","http://rhn.redhat.com/errata/RHSA-2015-0100.html","http://www.debian.org/security/2014/dsa-3103","http://rhn.redhat.com/errata/RHSA-2015-0112.html","http://www.debian.org/security/2014/dsa-3102","http://www.debian.org/security/2014/dsa-3115","http://rhn.redhat.com/errata/RHSA-2015-0260.html","http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html","http://www.mandriva.com/security/advisories?name=MDVSA-2015:060","http://www.mandriva.com/security/advisories?name=MDVSA-2014:242","http://advisories.mageia.org/MGASA-2014-0508.html","http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html","http://secunia.com/advisories/62176","http://secunia.com/advisories/62174","http://secunia.com/advisories/62164","https://exchange.xforce.ibmcloud.com/vulnerabilities/99047","https://puppet.com/security/cve/cve-2014-9130"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">0.38,<0.57"],"cves" => ["CVE-2012-1152"],"description" => "Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.57"],"id" => "CPANSA-YAML-LibYAML-2012-1152","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=801738","https://rt.cpan.org/Public/Bug/Display.html?id=46507","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077023.html","http://www.openwall.com/lists/oss-security/2012/03/10/4","http://www.openwall.com/lists/oss-security/2012/03/09/6","http://www.debian.org/security/2012/dsa-2432","http://www.securityfocus.com/bid/52381","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077782.html","https://rt.cpan.org/Public/Bug/Display.html?id=75365","http://secunia.com/advisories/48317","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077004.html","http://lists.opensuse.org/opensuse-updates/2012-08/msg00029.html","http://secunia.com/advisories/50277","http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/73856"],"reported" => "2012-09-09","severity" => undef},{"affected_versions" => ["<0.903.0"],"cves" => ["CVE-2025-40908"],"description" => "YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.903.0"],"id" => "CPANSA-YAML-LibYAML-2025-001","references" => ["https://www.cve.org/CVERecord?id=CVE-2025-40908","https://github.com/ingydotnet/yaml-libyaml-pm/issues/120","https://github.com/ingydotnet/yaml-libyaml-pm/pull/121","https://github.com/ingydotnet/yaml-libyaml-pm/pull/122"],"reported" => "2025-06-01","severity" => "critical"}],"main_module" => "YAML::LibYAML","versions" => [{"date" => "2007-05-11T21:37:19","version" => "0.01"},{"date" => "2007-05-15T06:37:59","version" => "0.02"},{"date" => "2007-05-19T22:23:53","version" => "0.03"},{"date" => "2007-05-21T05:19:05","version" => "0.04"},{"date" => "2007-05-21T07:45:35","version" => "0.05"},{"date" => "2007-05-23T06:56:11","version" => "0.06"},{"date" => "2007-05-23T07:10:14","version" => "0.07"},{"date" => "2007-05-26T04:58:43","version" => "0.08"},{"date" => "2007-05-28T07:47:31","version" => "0.09"},{"date" => "2007-05-28T10:30:28","version" => "0.10"},{"date" => "2007-05-30T00:30:09","version" => "0.11"},{"date" => "2007-05-30T08:13:24","version" => "0.12"},{"date" => "2007-05-30T09:38:37","version" => "0.14"},{"date" => "2007-05-31T07:48:16","version" => "0.15"},{"date" => "2007-05-31T21:05:50","version" => "0.16"},{"date" => "2007-06-07T02:55:10","version" => "0.17"},{"date" => "2007-06-18T01:35:48","version" => "0.18"},{"date" => "2007-06-18T08:06:43","version" => "0.19"},{"date" => "2007-06-18T23:34:20","version" => "0.20"},{"date" => "2007-06-21T23:27:47","version" => "0.21"},{"date" => "2007-06-22T07:42:47","version" => "0.22"},{"date" => "2007-06-23T01:17:58","version" => "0.23"},{"date" => "2007-06-24T18:37:51","version" => "0.24"},{"date" => "2007-06-25T01:40:09","version" => "0.25"},{"date" => "2007-06-26T21:00:04","version" => "0.26"},{"date" => "2008-06-07T05:37:26","version" => "0.27"},{"date" => "2008-11-12T07:09:30","version" => "0.29"},{"date" => "2009-01-11T11:00:54","version" => "0.30"},{"date" => "2009-01-12T09:26:53","version" => "0.31"},{"date" => "2009-01-12T09:34:50","version" => "0.32"},{"date" => "2010-04-15T01:01:10","version" => "0.33"},{"date" => "2010-09-23T22:43:36","version" => "0.34"},{"date" => "2011-04-03T16:41:03","version" => "0.35"},{"date" => "2011-09-29T18:10:52","version" => "0.37"},{"date" => "2012-01-04T06:58:09","version" => "0.38"},{"date" => "2013-02-12T02:09:38","version" => "0.39"},{"date" => "2013-03-12T18:07:29","version" => "0.40"},{"date" => "2013-03-13T17:36:09","version" => "0.41"},{"date" => "2014-07-11T22:30:03","version" => "0.42"},{"date" => "2014-07-12T17:05:47","version" => "0.43"},{"date" => "2014-07-13T22:24:47","version" => "0.44"},{"date" => "2014-08-04T08:23:39","version" => "0.45"},{"date" => "2014-08-05T17:33:54","version" => "0.46"},{"date" => "2014-08-09T07:30:51","version" => "0.47"},{"date" => "2014-08-16T04:07:46","version" => "0.48"},{"date" => "2014-08-16T14:31:04","version" => "0.49"},{"date" => "2014-08-16T19:58:18","version" => "0.50"},{"date" => "2014-08-16T21:29:48","version" => "0.51"},{"date" => "2014-08-23T04:04:49","version" => "0.52"},{"date" => "2014-11-28T17:22:06","version" => "0.53"},{"date" => "2014-11-29T19:48:26","version" => "0.54"},{"date" => "2014-12-23T01:27:43","version" => "0.55"},{"date" => "2015-01-16T03:23:05","version" => "0.56"},{"date" => "2015-01-16T04:06:00","version" => "0.57"},{"date" => "2015-01-21T05:02:46","version" => "0.58"},{"date" => "2015-01-26T23:05:30","version" => "0.59"},{"date" => "2016-02-09T19:36:50","version" => "0.60"},{"date" => "2016-02-20T18:05:06","version" => "0.61"},{"date" => "2016-02-22T15:47:18","version" => "0.62"},{"date" => "2016-07-03T17:33:17","version" => "0.62_001"},{"date" => "2016-07-03T17:40:25","version" => "0.62_002"},{"date" => "2016-07-08T14:41:45","version" => "0.63"},{"date" => "2016-09-08T09:56:51","version" => "0.71"},{"date" => "2016-09-13T14:44:45","version" => "0.73"},{"date" => "2017-01-03T04:10:44","version" => "0.63_001"},{"date" => "2017-04-03T18:56:26","version" => "0.63_002"},{"date" => "2017-04-07T18:32:36","version" => "0.64"},{"date" => "2017-05-18T21:10:50","version" => "0.65"},{"date" => "2017-08-13T11:49:59","version" => "0.65_001"},{"date" => "2017-08-17T18:07:26","version" => "0.66"},{"date" => "2017-11-10T21:07:40","version" => "0.66_001"},{"date" => "2017-11-14T20:03:09","version" => "0.66_002"},{"date" => "2017-11-15T18:00:42","version" => "0.67"},{"date" => "2017-12-16T21:50:01","version" => "0.67_001"},{"date" => "2017-12-18T19:01:27","version" => "0.68"},{"date" => "2017-12-20T18:38:40","version" => "0.68_001"},{"date" => "2017-12-22T11:40:39","version" => "0.68_002"},{"date" => "2017-12-26T17:37:54","version" => "0.69"},{"date" => "2018-06-07T20:16:52","version" => "0.69_001"},{"date" => "2018-06-09T19:53:37","version" => "0.70"},{"date" => "2018-06-27T17:14:44","version" => "0.70_001"},{"date" => "2018-07-08T15:04:37","version" => "0.72"},{"date" => "2018-08-31T15:38:28","version" => "0.72_01"},{"date" => "2018-09-01T01:07:45","version" => "0.74"},{"date" => "2018-10-14T14:09:48","version" => "0.74_001"},{"date" => "2018-11-03T13:17:49","version" => "0.75"},{"date" => "2018-12-16T17:28:49","version" => "0.75_001"},{"date" => "2018-12-30T19:11:20","version" => "0.76"},{"date" => "2019-03-13T18:47:41","version" => "0.76_001"},{"date" => "2019-04-15T20:56:14","version" => "0.77"},{"date" => "2019-05-15T18:20:47","version" => "0.77_001"},{"date" => "2019-05-18T16:36:19","version" => "0.78"},{"date" => "2019-05-30T16:01:02","version" => "0.78_001"},{"date" => "2019-06-10T11:10:47","version" => "0.78_002"},{"date" => "2019-06-11T19:36:40","version" => "0.79"},{"date" => "2019-08-21T16:49:31","version" => "0.79_001"},{"date" => "2019-08-22T11:18:19","version" => "0.80"},{"date" => "2020-01-27T22:06:22","version" => "0.81"},{"date" => "2020-05-02T18:40:13","version" => "0.82"},{"date" => "2021-05-02T00:16:51","version" => "0.82_001"},{"date" => "2021-05-08T21:52:55","version" => "0.83"},{"date" => "2022-09-03T19:20:07","version" => "0.84"},{"date" => "2022-09-09T15:31:45","version" => "0.84_001"},{"date" => "2022-09-09T18:12:56","version" => "0.84_002"},{"date" => "2022-09-09T19:01:06","version" => "0.84_003"},{"date" => "2022-09-12T12:21:48","version" => "0.85"},{"date" => "2023-01-26T02:35:03","version" => "0.86"},{"date" => "2023-05-04T10:47:26","version" => "0.86_001"},{"date" => "2023-05-04T19:38:30","version" => "0.87"},{"date" => "2023-05-12T12:28:46","version" => "0.88"},{"date" => "2024-01-24T21:55:26","version" => "0.88_001"},{"date" => "2024-01-27T00:45:43","version" => "0.89"},{"date" => "2024-05-26T13:07:57","version" => "0.89_001"},{"date" => "2024-09-06T21:47:43","version" => "0.90"},{"date" => "2024-09-06T22:09:50","version" => "v0.901.0"},{"date" => "2024-09-09T20:42:09","version" => "v0.901.1"},{"date" => "2024-09-20T19:48:00","version" => "v0.902.0"},{"date" => "2025-01-12T21:19:33","version" => "v0.902.1"},{"date" => "2025-01-26T01:28:39","version" => "v0.902.2"},{"date" => "2025-01-26T15:02:24","version" => "v0.902.3"},{"date" => "2025-02-02T22:21:19","version" => "v0.902.4"},{"date" => "2025-02-02T23:15:49","version" => "v0.903.0"},{"date" => "2025-05-01T14:17:45","version" => "v0.903.1"},{"date" => "2025-05-03T08:45:21","version" => "v0.903.2"},{"date" => "2025-05-03T16:35:27","version" => "v0.903.3"},{"date" => "2025-05-03T19:49:05","version" => "v0.903.4"},{"date" => "2025-05-08T12:21:43","version" => "v0.904.0"}]},"YAML-Syck" => {"advisories" => [{"affected_versions" => ["<1.36"],"cves" => ["CVE-2025-11683"],"description" => "YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure  Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read  The issue is seen with complex YAML files with a hash of all keys and empty values.\x{a0}There is no indication that the issue leads to accessing memory outside that allocated to the module.","distribution" => "YAML-Syck","fixed_versions" => [">=1.36"],"id" => "CPANSA-YAML-Syck-2025-11683","references" => ["https://github.com/cpan-authors/YAML-Syck/pull/65","https://metacpan.org/dist/YAML-Syck/changes"],"reported" => "2025-10-16","severity" => undef},{"affected_versions" => [">0"],"cves" => ["CVE-2026-4177"],"description" => "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.  The heap overflow occurs when class names exceed the initial 512-byte allocation.  The base64 decoder could read past the buffer end on trailing newlines.  strtok mutated n->type_id in place, corrupting shared node data.  A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.","distribution" => "YAML-Syck","fixed_versions" => [],"id" => "CPANSA-YAML-Syck-2026-4177","references" => ["https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch","https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21","http://www.openwall.com/lists/oss-security/2026/03/16/6"],"reported" => "2026-03-16","severity" => undef}],"main_module" => "YAML::Syck","versions" => [{"date" => "2005-12-25T17:59:15","version" => "0.01"},{"date" => "2005-12-26T12:10:56","version" => "0.02"},{"date" => "2005-12-27T15:53:07","version" => "0.03"},{"date" => "2005-12-28T12:16:03","version" => "0.04"},{"date" => "2006-01-08T15:54:21","version" => "0.05"},{"date" => "2006-01-08T16:03:43","version" => "0.06"},{"date" => "2006-01-08T16:25:54","version" => "0.07"},{"date" => "2006-01-08T16:38:52","version" => "0.08"},{"date" => "2006-01-08T16:42:46","version" => "0.09"},{"date" => "2006-01-08T17:13:31","version" => "0.10"},{"date" => "2006-01-08T17:22:15","version" => "0.11"},{"date" => "2006-01-09T04:57:24","version" => "0.12"},{"date" => "2006-01-09T05:44:42","version" => "0.13"},{"date" => "2006-01-09T16:03:57","version" => "0.14"},{"date" => "2006-01-10T10:57:02","version" => "0.15"},{"date" => "2006-01-10T11:57:08","version" => "0.16"},{"date" => "2006-01-10T12:28:26","version" => "0.17"},{"date" => "2006-01-10T12:49:52","version" => "0.18"},{"date" => "2006-01-10T15:52:23","version" => "0.19"},{"date" => "2006-01-11T11:18:16","version" => "0.20"},{"date" => "2006-01-11T12:36:14","version" => "0.21"},{"date" => "2006-01-11T18:44:14","version" => "0.22"},{"date" => "2006-01-14T11:44:53","version" => "0.23"},{"date" => "2006-01-14T12:21:56","version" => "0.24"},{"date" => "2006-01-15T07:45:04","version" => "0.25"},{"date" => "2006-01-15T18:03:09","version" => "0.26"},{"date" => "2006-01-15T19:16:11","version" => "0.27"},{"date" => "2006-01-16T09:58:39","version" => "0.28"},{"date" => "2006-02-05T03:50:47","version" => "0.29"},{"date" => "2006-02-06T12:54:49","version" => "0.30"},{"date" => "2006-02-10T19:25:13","version" => "0.31"},{"date" => "2006-02-11T11:00:16","version" => "0.32"},{"date" => "2006-02-15T11:53:00","version" => "0.33"},{"date" => "2006-03-06T23:28:23","version" => "0.34"},{"date" => "2006-03-09T13:11:32","version" => "0.35"},{"date" => "2006-03-10T10:27:01","version" => "0.36"},{"date" => "2006-03-14T01:19:25","version" => "0.37"},{"date" => "2006-03-14T12:44:44","version" => "0.38"},{"date" => "2006-03-31T07:32:11","version" => "0.40"},{"date" => "2006-04-01T05:50:05","version" => "0.41"},{"date" => "2006-04-25T13:07:17","version" => "0.42"},{"date" => "2006-04-29T15:26:40","version" => "0.43"},{"date" => "2006-05-03T18:04:03","version" => "0.43"},{"date" => "2006-05-27T03:30:37","version" => "0.45"},{"date" => "2006-06-24T22:55:59","version" => "0.46_01"},{"date" => "2006-07-01T05:26:06","version" => "0.60"},{"date" => "2006-07-01T14:03:38","version" => "0.61"},{"date" => "2006-07-12T06:56:58","version" => "0.62"},{"date" => "2006-07-20T19:19:13","version" => "0.63"},{"date" => "2006-07-23T00:30:37","version" => "0.64"},{"date" => "2006-07-29T16:47:56","version" => "0.65"},{"date" => "2006-07-29T23:27:40","version" => "0.66"},{"date" => "2006-07-30T01:00:36","version" => "0.67"},{"date" => "2006-10-02T12:49:23","version" => "0.70"},{"date" => "2006-10-03T15:25:46","version" => "0.70"},{"date" => "2006-11-26T00:07:30","version" => "0.72"},{"date" => "2007-01-25T19:36:14","version" => "0.80"},{"date" => "2007-01-25T23:07:09","version" => "0.81"},{"date" => "2007-01-25T23:22:51","version" => "0.82"},{"date" => "2007-04-01T16:57:59","version" => "0.84"},{"date" => "2007-04-20T14:49:50","version" => "0.85"},{"date" => "2007-06-16T13:17:35","version" => "0.86"},{"date" => "2007-06-16T16:51:23","version" => "0.86"},{"date" => "2007-06-16T20:33:56","version" => "0.86"},{"date" => "2007-06-21T19:55:23","version" => "0.86"},{"date" => "2007-06-23T02:21:39","version" => "0.86"},{"date" => "2007-07-10T01:11:34","version" => "0.86"},{"date" => "2007-08-03T17:35:53","version" => "0.86"},{"date" => "2007-08-07T17:25:31","version" => "0.86"},{"date" => "2007-09-02T16:30:10","version" => "0.86"},{"date" => "2007-10-13T13:58:17","version" => "0.86"},{"date" => "2007-10-22T18:08:48","version" => "0.86"},{"date" => "2007-12-09T21:14:09","version" => "0.86"},{"date" => "2008-01-18T17:50:22","version" => "0.86"},{"date" => "2008-02-16T12:20:10","version" => "0.86"},{"date" => "2008-02-16T13:04:46","version" => "0.86"},{"date" => "2008-02-16T16:13:51","version" => "0.86"},{"date" => "2008-06-09T02:50:39","version" => "0.86"},{"date" => "2009-04-25T03:38:49","version" => "0.86"},{"date" => "2009-04-25T03:41:41","version" => "0.86"},{"date" => "2010-05-20T10:41:25","version" => "1.07_01"},{"date" => "2010-05-23T17:10:30","version" => "1.08"},{"date" => "2010-05-23T17:48:37","version" => "1.08_01"},{"date" => "2010-05-29T22:54:14","version" => "1.09"},{"date" => "2010-06-06T21:44:15","version" => "1.10"},{"date" => "2010-07-16T11:41:50","version" => "1.10_01"},{"date" => "2010-07-19T17:41:06","version" => "1.10_01"},{"date" => "2010-07-19T22:34:01","version" => "1.10_01"},{"date" => "2010-07-19T23:55:46","version" => "1.10_01"},{"date" => "2010-07-28T06:23:27","version" => "1.10_01"},{"date" => "2010-07-29T21:34:27","version" => "1.10_06"},{"date" => "2010-07-29T22:07:40","version" => "1.10_07"},{"date" => "2010-08-03T15:06:07","version" => "1.11"},{"date" => "2010-08-04T17:28:29","version" => "1.12"},{"date" => "2010-08-26T18:14:47","version" => "1.13"},{"date" => "2010-08-26T20:39:52","version" => "1.14"},{"date" => "2010-09-23T12:20:14","version" => "1.15"},{"date" => "2010-11-21T14:40:01","version" => "1.16"},{"date" => "2010-11-21T16:43:16","version" => "1.17"},{"date" => "2011-11-03T07:09:03","version" => "1.17_01"},{"date" => "2011-11-05T19:16:14","version" => "1.17_01"},{"date" => "2011-11-08T06:51:54","version" => "1.17_01"},{"date" => "2012-02-11T09:48:37","version" => "1.20_01"},{"date" => "2012-02-15T04:54:29","version" => "1.20"},{"date" => "2012-08-22T21:49:37","version" => "1.21_01"},{"date" => "2012-09-21T03:45:26","version" => "1.21"},{"date" => "2012-11-28T00:21:05","version" => "1.22_01"},{"date" => "2012-12-04T23:06:27","version" => "1.22"},{"date" => "2013-02-21T20:13:43","version" => "1.23_01"},{"date" => "2013-02-26T19:19:43","version" => "1.23"},{"date" => "2013-03-02T07:57:56","version" => "1.24_01"},{"date" => "2013-03-02T08:54:34","version" => "1.24_02"},{"date" => "2013-03-07T16:44:31","version" => "1.24"},{"date" => "2013-03-11T04:31:15","version" => "1.25"},{"date" => "2013-05-21T03:09:18","version" => "1.26"},{"date" => "2013-05-21T04:14:10","version" => "1.27"},{"date" => "2014-06-11T19:33:47","version" => "1.28_01"},{"date" => "2014-12-11T07:31:36","version" => "1.28"},{"date" => "2014-12-14T08:32:24","version" => "1.29_01"},{"date" => "2014-12-15T15:58:26","version" => "1.29"},{"date" => "2017-04-18T00:21:57","version" => "1.30_01"},{"date" => "2017-04-20T05:05:41","version" => "1.30"},{"date" => "2018-10-25T19:22:24","version" => "1.31"},{"date" => "2020-01-27T22:19:52","version" => "1.32"},{"date" => "2020-10-26T19:35:28","version" => "1.33"},{"date" => "2020-10-26T20:20:42","version" => "1.34"},{"date" => "2025-10-09T22:46:16","version" => "1.35"},{"date" => "2025-10-10T04:58:28","version" => "1.36"},{"date" => "2026-03-16T17:06:51","version" => "1.37_01"}]},"YATT-Lite" => {"advisories" => [{"affected_versions" => [">=0,<=0.101_102"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "YATT::Lite","versions" => [{"date" => "2013-05-15T03:12:13","version" => "0.0_4"},{"date" => "2013-05-16T06:28:33","version" => "0.0_5"},{"date" => "2013-05-17T07:24:55","version" => "0.0_6"},{"date" => "2013-05-18T02:10:28","version" => "v0.0.6"},{"date" => "2013-06-18T09:57:42","version" => "0.0_7"},{"date" => "2013-06-20T06:09:54","version" => "v0.0.7"},{"date" => "2013-08-25T12:22:03","version" => "0.0_8"},{"date" => "2014-05-13T03:27:34","version" => "v0.0.8"},{"date" => "2014-05-14T13:17:13","version" => "0.0_9"},{"date" => "2014-05-26T13:31:04","version" => "v0.0.9"},{"date" => "2015-04-09T03:34:39","version" => "v0.0.9_001"},{"date" => "2015-04-09T06:01:16","version" => "v0.0.9_002"},{"date" => "2015-04-28T03:29:18","version" => "0.100"},{"date" => "2015-09-03T05:45:15","version" => "0.100_001"},{"date" => "2015-10-31T05:31:03","version" => "0.100_002"},{"date" => "2015-11-05T07:30:33","version" => "0.100_003"},{"date" => "2016-05-24T00:35:40","version" => "0.101"},{"date" => "2017-06-17T00:04:00","version" => "0.101_001"},{"date" => "2020-10-15T11:00:17","version" => "0.101_100"},{"date" => "2020-10-17T07:22:36","version" => "0.101_101"},{"date" => "2020-10-17T10:33:49","version" => "0.101_102"},{"date" => "2023-12-05T06:59:47","version" => "0.101_103"},{"date" => "2024-08-16T05:04:15","version" => "0.110"},{"date" => "2024-11-29T09:35:12","version" => "0.120"},{"date" => "2024-12-10T07:10:28","version" => "0.121"},{"date" => "2025-03-20T02:36:40","version" => "0.122"},{"date" => "2025-03-29T07:49:37","version" => "0.123"},{"date" => "2025-05-17T08:02:02","version" => "0.130"},{"date" => "2025-05-18T12:55:44","version" => "0.131"}]},"Yancy" => {"advisories" => [{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["X-CVE-2018-vue-001"],"description" => "Regular Expression Denial of Service.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-X-CVE-2018-vue-001-vue","references" => ["https://security.snyk.io/vuln/npm:vue:20180222"],"reported" => "2018-02-21","severity" => undef}],"main_module" => "Yancy","versions" => [{"date" => "2017-12-03T00:52:00","version" => "0.001"},{"date" => "2017-12-03T02:48:33","version" => "0.002"},{"date" => "2017-12-05T19:18:06","version" => "0.003"},{"date" => "2017-12-05T20:50:34","version" => "0.004"},{"date" => "2017-12-12T21:48:00","version" => "0.005"},{"date" => "2017-12-15T17:07:32","version" => "0.006"},{"date" => "2017-12-17T00:34:29","version" => "0.007"},{"date" => "2017-12-18T00:39:37","version" => "0.008"},{"date" => "2018-01-07T22:33:53","version" => "0.009"},{"date" => "2018-01-12T22:59:55","version" => "0.010"},{"date" => "2018-01-13T18:49:01","version" => "0.011"},{"date" => "2018-01-29T18:51:02","version" => "0.012"},{"date" => "2018-02-08T05:23:07","version" => "0.013"},{"date" => "2018-02-09T20:51:30","version" => "0.014"},{"date" => "2018-02-12T18:53:07","version" => "0.015"},{"date" => "2018-02-17T04:34:18","version" => "0.016"},{"date" => "2018-02-18T04:27:50","version" => "0.017"},{"date" => "2018-02-22T00:11:09","version" => "0.018"},{"date" => "2018-02-24T05:26:49","version" => "0.019"},{"date" => "2018-02-25T20:44:25","version" => "0.020"},{"date" => "2018-03-02T18:40:59","version" => "0.021"},{"date" => "2018-03-06T21:58:19","version" => "0.022"},{"date" => "2018-03-11T01:00:16","version" => "0.023"},{"date" => "2018-03-15T05:22:49","version" => "1.000"},{"date" => "2018-03-15T19:57:00","version" => "1.001"},{"date" => "2018-03-18T21:57:03","version" => "1.002"},{"date" => "2018-03-28T21:27:52","version" => "1.003"},{"date" => "2018-03-30T18:25:45","version" => "1.004"},{"date" => "2018-05-19T02:53:00","version" => "1.005"},{"date" => "2018-08-12T06:09:06","version" => "1.006"},{"date" => "2018-08-12T20:27:15","version" => "1.007"},{"date" => "2018-09-11T01:20:18","version" => "1.008"},{"date" => "2018-10-22T01:51:24","version" => "1.009"},{"date" => "2018-10-25T00:25:17","version" => "1.010"},{"date" => "2018-10-27T05:32:05","version" => "1.011"},{"date" => "2018-10-30T03:33:36","version" => "1.012"},{"date" => "2018-11-09T17:33:11","version" => "1.013"},{"date" => "2018-11-09T22:02:05","version" => "1.014"},{"date" => "2018-11-25T04:56:36","version" => "1.015"},{"date" => "2018-12-07T04:54:02","version" => "1.016"},{"date" => "2018-12-09T23:45:29","version" => "1.017"},{"date" => "2018-12-18T04:40:44","version" => "1.018"},{"date" => "2018-12-31T00:38:59","version" => "1.019"},{"date" => "2019-01-02T01:03:29","version" => "1.020"},{"date" => "2019-01-09T05:55:47","version" => "1.021"},{"date" => "2019-01-13T19:30:57","version" => "1.022"},{"date" => "2019-02-15T02:25:28","version" => "1.023"},{"date" => "2019-04-26T14:56:12","version" => "1.024"},{"date" => "2019-05-06T04:11:41","version" => "1.025"},{"date" => "2019-05-17T06:27:23","version" => "1.026"},{"date" => "2019-06-02T06:06:08","version" => "1.027"},{"date" => "2019-06-04T17:15:26","version" => "1.028"},{"date" => "2019-06-06T05:25:24","version" => "1.029"},{"date" => "2019-06-07T02:08:14","version" => "1.030"},{"date" => "2019-06-07T02:27:03","version" => "1.031"},{"date" => "2019-06-14T03:39:20","version" => "1.032"},{"date" => "2019-06-20T02:48:25","version" => "1.033"},{"date" => "2019-06-24T00:57:16","version" => "1.034"},{"date" => "2019-07-01T03:16:03","version" => "1.035"},{"date" => "2019-07-06T23:50:11","version" => "1.036"},{"date" => "2019-07-27T00:50:49","version" => "1.037"},{"date" => "2019-07-30T04:27:18","version" => "1.038"},{"date" => "2019-08-10T23:39:44","version" => "1.039"},{"date" => "2019-09-14T04:17:35","version" => "1.040"},{"date" => "2019-10-12T23:55:02","version" => "1.041"},{"date" => "2019-11-24T08:24:08","version" => "1.042"},{"date" => "2019-12-05T23:08:45","version" => "1.043"},{"date" => "2019-12-06T03:51:58","version" => "1.044"},{"date" => "2019-12-17T04:40:46","version" => "1.045"},{"date" => "2020-03-29T18:00:56","version" => "1.046"},{"date" => "2020-04-01T03:02:07","version" => "1.047"},{"date" => "2020-04-06T02:30:40","version" => "1.048"},{"date" => "2020-04-07T04:31:26","version" => "1.049"},{"date" => "2020-04-08T04:28:36","version" => "1.050"},{"date" => "2020-04-11T05:13:41","version" => "1.051"},{"date" => "2020-04-14T04:57:48","version" => "1.052"},{"date" => "2020-04-15T04:01:57","version" => "1.053"},{"date" => "2020-04-19T21:32:12","version" => "1.054"},{"date" => "2020-04-25T02:06:45","version" => "1.055"},{"date" => "2020-04-26T19:33:14","version" => "1.056"},{"date" => "2020-05-31T02:45:58","version" => "1.057"},{"date" => "2020-06-03T20:37:49","version" => "1.058"},{"date" => "2020-06-06T23:00:04","version" => "1.059"},{"date" => "2020-06-07T21:49:37","version" => "1.060"},{"date" => "2020-06-10T15:54:16","version" => "1.061"},{"date" => "2020-06-17T01:02:58","version" => "1.062"},{"date" => "2020-06-25T02:56:34","version" => "1.063"},{"date" => "2020-06-26T05:04:42","version" => "1.064"},{"date" => "2020-07-30T03:14:01","version" => "1.065"},{"date" => "2020-08-08T00:49:06","version" => "1.066"},{"date" => "2020-11-16T04:55:02","version" => "1.067"},{"date" => "2020-12-19T22:43:03","version" => "1.068"},{"date" => "2021-03-04T15:49:34","version" => "1.069"},{"date" => "2021-05-09T01:57:45","version" => "1.070"},{"date" => "2021-05-24T17:07:54","version" => "1.071"},{"date" => "2021-05-26T04:38:25","version" => "1.072"},{"date" => "2021-06-07T16:41:34","version" => "1.073"},{"date" => "2021-06-18T17:57:53","version" => "1.074"},{"date" => "2021-08-07T20:15:50","version" => "1.075"},{"date" => "2021-08-11T18:10:15","version" => "1.076"},{"date" => "2021-09-06T02:25:08","version" => "1.077"},{"date" => "2021-10-17T17:04:53","version" => "1.078"},{"date" => "2021-10-24T20:02:37","version" => "1.079"},{"date" => "2021-10-25T00:42:07","version" => "1.080"},{"date" => "2021-10-26T14:34:15","version" => "1.081"},{"date" => "2021-10-29T22:45:47","version" => "1.082"},{"date" => "2021-10-31T20:56:53","version" => "1.083"},{"date" => "2021-11-03T17:00:00","version" => "1.084"},{"date" => "2021-12-04T04:58:21","version" => "1.085"},{"date" => "2021-12-12T01:08:52","version" => "1.086"},{"date" => "2021-12-14T22:11:27","version" => "1.087"},{"date" => "2021-12-19T02:26:57","version" => "1.088"}]},"Yote" => {"advisories" => [{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Yote","versions" => [{"date" => "2012-01-22T10:43:15","version" => "0.03"},{"date" => "2012-01-29T07:46:40","version" => "0.05"},{"date" => "2012-02-01T08:18:26","version" => "0.06"},{"date" => "2012-02-11T16:40:05","version" => "0.070"},{"date" => "2012-02-12T16:46:56","version" => "0.071"},{"date" => "2012-02-12T20:11:04","version" => "0.073"},{"date" => "2012-02-16T08:01:45","version" => "0.075"},{"date" => "2012-02-25T06:16:49","version" => "0.076"},{"date" => "2012-03-07T15:53:55","version" => "0.077"},{"date" => "2012-03-13T15:45:53","version" => "0.078"},{"date" => "2012-03-14T01:40:01","version" => "0.079"},{"date" => "2012-03-17T04:58:12","version" => "0.080"},{"date" => "2012-03-21T01:00:10","version" => "0.081"},{"date" => "2012-03-23T15:29:25","version" => "0.082"},{"date" => "2012-03-29T16:10:50","version" => "0.083"},{"date" => "2012-04-03T03:36:11","version" => "0.084"},{"date" => "2012-04-07T01:57:35","version" => "0.085"},{"date" => "2012-04-17T14:58:33","version" => "0.086"},{"date" => "2012-04-23T00:34:04","version" => "0.087"},{"date" => "2012-05-09T15:44:27","version" => "0.088"},{"date" => "2012-06-17T16:41:27","version" => "0.89"},{"date" => "2012-07-07T18:21:53","version" => "0.090"},{"date" => "2012-12-07T23:08:36","version" => "0.092"},{"date" => "2012-12-12T00:15:28","version" => "0.093"},{"date" => "2012-12-15T03:00:06","version" => "0.094"},{"date" => "2012-12-21T15:03:35","version" => "0.095"},{"date" => "2012-12-21T15:10:23","version" => "0.094"},{"date" => "2012-12-21T16:41:46","version" => "0.097"},{"date" => "2013-02-26T16:07:02","version" => "0.097"},{"date" => "2013-02-26T22:00:08","version" => "0.097"},{"date" => "2013-04-11T09:00:27","version" => "0.097"},{"date" => "2013-04-13T18:08:08","version" => "0.097"},{"date" => "2013-04-24T05:02:26","version" => "0.0975"},{"date" => "2013-04-24T20:50:26","version" => "0.0975"},{"date" => "2013-04-24T21:06:41","version" => "0.0976"},{"date" => "2013-04-24T23:55:23","version" => "0.0977"},{"date" => "2013-04-27T00:36:29","version" => "0.0978"},{"date" => "2013-04-27T01:37:31","version" => "0.0979"},{"date" => "2013-04-27T20:40:51","version" => "0.0980"},{"date" => "2013-05-02T02:22:35","version" => "0.0981"},{"date" => "2013-05-02T22:58:43","version" => "0.0982"},{"date" => "2013-05-06T15:52:27","version" => "0.0983"},{"date" => "2013-05-06T18:20:49","version" => "0.0984"},{"date" => "2013-05-11T01:05:36","version" => "0.0985"},{"date" => "2013-05-13T19:58:35","version" => "0.0986"},{"date" => "2013-05-13T23:31:05","version" => "0.0987"},{"date" => "2013-05-14T23:16:07","version" => "0.0988"},{"date" => "2013-05-19T19:40:20","version" => "0.0989"},{"date" => "2013-05-20T20:35:57","version" => "0.0990"},{"date" => "2013-05-21T01:32:16","version" => "0.0991"},{"date" => "2013-05-26T05:36:04","version" => "0.0992"},{"date" => "2013-06-04T05:13:09","version" => "0.0993"},{"date" => "2013-06-09T19:10:13","version" => "0.0994"},{"date" => "2013-06-09T21:09:39","version" => "0.0995"},{"date" => "2013-06-13T17:22:45","version" => "0.0996"},{"date" => "2013-06-19T23:18:28","version" => "0.1000"},{"date" => "2013-06-20T01:15:43","version" => "0.1001"},{"date" => "2013-07-08T18:51:52","version" => "0.1002"},{"date" => "2013-07-11T04:25:50","version" => "0.1003"},{"date" => "2013-07-25T05:35:23","version" => "0.1004"},{"date" => "2013-07-25T06:10:27","version" => "0.1005"},{"date" => "2013-09-10T03:54:55","version" => "0.1007"},{"date" => "2013-09-18T07:11:47","version" => "0.1008"},{"date" => "2013-10-13T04:31:17","version" => "0.1010"},{"date" => "2013-11-20T01:45:12","version" => "0.1011"},{"date" => "2013-11-28T06:46:16","version" => "0.1012"},{"date" => "2013-11-28T07:09:28","version" => "0.1013"},{"date" => "2013-12-26T03:28:50","version" => "0.1014"},{"date" => "2013-12-26T08:20:18","version" => "0.1015"},{"date" => "2013-12-28T19:05:21","version" => "0.1016"},{"date" => "2014-01-03T05:59:02","version" => "0.1017"},{"date" => "2014-01-03T06:25:40","version" => "0.1018"},{"date" => "2014-01-07T06:55:43","version" => "0.1019"},{"date" => "2014-02-07T05:56:36","version" => "0.1020"},{"date" => "2014-02-08T04:50:07","version" => "0.1021"},{"date" => "2014-02-20T17:39:10","version" => "0.1022"},{"date" => "2014-03-19T17:10:59","version" => "0.2"},{"date" => "2014-04-05T15:46:56","version" => "0.201"},{"date" => "2014-04-09T05:41:25","version" => "0.202"},{"date" => "2014-04-09T06:26:12","version" => "0.203"},{"date" => "2014-04-16T05:15:00","version" => "0.204"},{"date" => "2014-04-16T06:14:50","version" => "0.205"},{"date" => "2014-04-17T16:14:50","version" => "0.206"},{"date" => "2014-04-19T05:22:53","version" => "0.207"},{"date" => "2014-04-26T00:43:56","version" => "0.208"},{"date" => "2014-04-26T20:08:07","version" => "0.209"},{"date" => "2014-04-28T06:20:54","version" => "0.210"},{"date" => "2014-05-01T07:40:34","version" => "0.211"},{"date" => "2014-05-01T21:51:37","version" => "0.212"},{"date" => "2014-05-02T05:53:29","version" => "0.213"},{"date" => "2014-06-01T08:43:50","version" => "0.214"},{"date" => "2014-07-14T21:20:42","version" => "0.215"},{"date" => "2014-07-28T02:56:15","version" => "0.217"},{"date" => "2014-08-02T03:52:23","version" => "0.218"},{"date" => "2014-08-15T07:05:20","version" => "0.219"},{"date" => "2014-08-16T00:26:35","version" => "0.220"},{"date" => "2014-08-16T21:00:03","version" => "0.221"},{"date" => "2014-08-16T21:07:56","version" => "0.222"},{"date" => "2014-08-17T05:44:33","version" => "0.223"},{"date" => "2014-08-20T06:51:52","version" => "0.224"},{"date" => "2014-08-23T02:39:34","version" => "0.225"},{"date" => "2014-09-04T04:16:58","version" => "0.226"},{"date" => "2014-09-14T04:58:03","version" => "0.228"},{"date" => "2014-09-28T21:11:57","version" => "0.230"},{"date" => "2014-12-09T18:14:17","version" => "0.231"},{"date" => "2015-03-29T20:00:25","version" => "0.300"},{"date" => "2015-04-06T04:00:18","version" => "0.302"},{"date" => "2015-04-06T17:37:33","version" => "0.303"},{"date" => "2015-04-07T05:21:56","version" => "0.304"},{"date" => "2015-04-07T16:52:31","version" => "0.306"},{"date" => "2015-04-07T18:12:24","version" => "0.307"},{"date" => "2015-05-26T21:43:52","version" => "0.308"},{"date" => "2015-05-26T21:48:26","version" => "0.309"},{"date" => "2015-05-26T22:35:35","version" => "0.310"},{"date" => "2015-08-19T01:10:26","version" => "0.311"},{"date" => "2015-09-04T16:15:30","version" => "0.312"},{"date" => "2015-10-11T03:06:17","version" => "1.0"},{"date" => "2015-11-03T00:30:41","version" => "1.1"},{"date" => "2015-12-09T07:17:54","version" => "1.2"},{"date" => "2016-03-09T19:59:10","version" => "1.3"},{"date" => "2016-03-09T20:02:02","version" => "1.02"},{"date" => "2016-03-09T23:15:18","version" => "1.31"},{"date" => "2016-05-01T19:53:03","version" => "1.32"},{"date" => "2016-05-03T02:00:18","version" => "1.33"},{"date" => "2016-05-05T15:33:14","version" => "1.34"},{"date" => "2016-05-06T19:58:06","version" => "1.35"},{"date" => "2016-05-06T20:45:29","version" => "1.36"},{"date" => "2016-05-07T17:30:07","version" => "1.37"},{"date" => "2016-05-10T23:16:25","version" => "1.38"},{"date" => "2016-05-11T23:57:21","version" => "1.39"},{"date" => "2016-05-31T18:50:56","version" => "1.40"},{"date" => "2016-09-01T16:14:07","version" => "1.41"},{"date" => "2016-11-21T18:59:45","version" => "1.43"},{"date" => "2016-12-01T07:11:37","version" => "1.44"},{"date" => "2016-12-21T19:44:12","version" => "1.45"},{"date" => "2017-04-08T21:01:47","version" => "2.0"},{"date" => "2017-08-16T23:30:57","version" => "2.01"},{"date" => "2017-09-20T19:01:58","version" => "2.02"},{"date" => "2018-03-25T03:31:35","version" => "3.0"}]},"Yukki" => {"advisories" => [{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41182"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41182-jqueryui","references" => ["https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc","https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41183"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41183-jqueryui","references" => ["https://bugs.jqueryui.com/ticket/15284","https://github.com/jquery/jquery-ui/pull/1953","https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-001","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41184"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41184-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280","https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-core-2022-001","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.112770"],"cves" => ["CVE-2021-41182"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41182-jqueryui","references" => ["https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc","https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.112770"],"cves" => ["CVE-2021-41183"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41183-jqueryui","references" => ["https://bugs.jqueryui.com/ticket/15284","https://github.com/jquery/jquery-ui/pull/1953","https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-001","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.112770"],"cves" => ["CVE-2021-41184"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41184-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280","https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-core-2022-001","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.0.121700,<=0.140290"],"cves" => ["CVE-2021-41182"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41182-jqueryui","references" => ["https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc","https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.0.121700,<=0.140290"],"cves" => ["CVE-2021-41183"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41183-jqueryui","references" => ["https://bugs.jqueryui.com/ticket/15284","https://github.com/jquery/jquery-ui/pull/1953","https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-001","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.0.121700,<=0.140290"],"cves" => ["CVE-2021-41184"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41184-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280","https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-core-2022-001","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2016-4566"],"description" => "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2016-4566-plupload","references" => ["http://www.plupload.com/punbb/viewtopic.php?pid=28690","https://wordpress.org/news/2016/05/wordpress-4-5-2/","http://www.openwall.com/lists/oss-security/2016/05/07/2","https://codex.wordpress.org/Version_4.5.2","https://core.trac.wordpress.org/changeset/37382/","https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e","https://wpvulndb.com/vulnerabilities/8489","http://www.securitytracker.com/id/1035818"],"reported" => "2016-05-22","severity" => "medium"},{"affected_versions" => ["<=0.140290"],"cves" => ["CVE-2016-4566"],"description" => "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2016-4566-plupload","references" => ["http://www.plupload.com/punbb/viewtopic.php?pid=28690","https://wordpress.org/news/2016/05/wordpress-4-5-2/","http://www.openwall.com/lists/oss-security/2016/05/07/2","https://codex.wordpress.org/Version_4.5.2","https://core.trac.wordpress.org/changeset/37382/","https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e","https://wpvulndb.com/vulnerabilities/8489","http://www.securitytracker.com/id/1035818"],"reported" => "2016-05-22","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.111160"],"cves" => ["CVE-2016-4566"],"description" => "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2016-4566-plupload","references" => ["http://www.plupload.com/punbb/viewtopic.php?pid=28690","https://wordpress.org/news/2016/05/wordpress-4-5-2/","http://www.openwall.com/lists/oss-security/2016/05/07/2","https://codex.wordpress.org/Version_4.5.2","https://core.trac.wordpress.org/changeset/37382/","https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e","https://wpvulndb.com/vulnerabilities/8489","http://www.securitytracker.com/id/1035818"],"reported" => "2016-05-22","severity" => "medium"},{"affected_versions" => [">=0.111280,<=0.112770"],"cves" => ["CVE-2016-4566"],"description" => "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2016-4566-plupload","references" => ["http://www.plupload.com/punbb/viewtopic.php?pid=28690","https://wordpress.org/news/2016/05/wordpress-4-5-2/","http://www.openwall.com/lists/oss-security/2016/05/07/2","https://codex.wordpress.org/Version_4.5.2","https://core.trac.wordpress.org/changeset/37382/","https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e","https://wpvulndb.com/vulnerabilities/8489","http://www.securitytracker.com/id/1035818"],"reported" => "2016-05-22","severity" => "medium"},{"affected_versions" => [">=0.121700,<=0.140290"],"cves" => ["CVE-2016-4566"],"description" => "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2016-4566-plupload","references" => ["http://www.plupload.com/punbb/viewtopic.php?pid=28690","https://wordpress.org/news/2016/05/wordpress-4-5-2/","http://www.openwall.com/lists/oss-security/2016/05/07/2","https://codex.wordpress.org/Version_4.5.2","https://core.trac.wordpress.org/changeset/37382/","https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e","https://wpvulndb.com/vulnerabilities/8489","http://www.securitytracker.com/id/1035818"],"reported" => "2016-05-22","severity" => "medium"}],"main_module" => "Yukki","versions" => [{"date" => "2011-03-24T04:47:01","version" => "0.110830"},{"date" => "2011-03-25T05:35:01","version" => "0.110840"},{"date" => "2011-03-26T04:25:48","version" => "0.110850"},{"date" => "2011-03-29T03:08:58","version" => "0.110880"},{"date" => "2011-03-31T22:33:47","version" => "0.110900"},{"date" => "2011-04-16T02:29:38","version" => "0.111060"},{"date" => "2011-04-26T03:12:19","version" => "0.111160"},{"date" => "2011-05-08T01:46:50","version" => "0.111280"},{"date" => "2011-06-15T01:52:19","version" => "0.111660"},{"date" => "2011-06-21T03:20:58","version" => "0.111720"},{"date" => "2011-07-02T20:55:01","version" => "0.111830"},{"date" => "2011-10-04T19:30:44","version" => "0.112770"},{"date" => "2012-06-18T04:45:34","version" => "0.121700"},{"date" => "2012-06-27T02:33:18","version" => "0.121790"},{"date" => "2013-08-04T02:04:00","version" => "0.132160"},{"date" => "2014-01-29T14:29:25","version" => "0.140290"},{"date" => "2017-07-19T16:04:21","version" => "0.99_01"},{"date" => "2017-07-20T18:43:41","version" => "0.990_001"},{"date" => "2017-07-21T00:30:50","version" => "0.990_002"},{"date" => "2017-07-23T04:49:37","version" => "0.991_001"},{"date" => "2017-08-04T04:09:29","version" => "0.991_002"},{"date" => "2017-08-11T00:22:44","version" => "0.991_003"},{"date" => "2017-08-13T02:54:57","version" => "0.991_004"},{"date" => "2017-08-18T18:47:13","version" => "0.991_005"},{"date" => "2017-11-09T02:48:59","version" => "0.991_006"},{"date" => "2026-01-31T18:55:04","version" => "0.991_007"}]},"Zabbix-Reporter" => {"advisories" => [{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Zabbix::Reporter","versions" => [{"date" => "2013-03-27T23:01:45","version" => "0.01"},{"date" => "2013-03-29T20:06:46","version" => "0.02"},{"date" => "2013-05-05T11:26:24","version" => "0.03"},{"date" => "2013-05-13T20:38:47","version" => "0.04"},{"date" => "2013-05-21T19:59:56","version" => "0.05"},{"date" => "2013-06-16T12:55:56","version" => "0.06"},{"date" => "2013-09-08T21:14:34","version" => "0.07"}]},"Zonemaster-Backend" => {"advisories" => [{"affected_versions" => ["<7.0.0"],"cves" => [],"description" => "When running the API behind a reverse proxy on the same machine (like it is using the configuration example provided by the GUI) the remote ip might always be localhost even if the query was done from elsewher\n","distribution" => "Zonemaster-Backend","fixed_versions" => [">=7.0.0"],"id" => "CPANSA-Zonemaster-Backend-2021-001","references" => ["https://github.com/zonemaster/zonemaster-backend/issues/838","https://metacpan.org/dist/Zonemaster-Backend/changes"],"reported" => "2021-08-05","severity" => undef},{"affected_versions" => ["<1.0.1"],"cves" => [],"description" => "Potential SQL injection.\n","distribution" => "Zonemaster-Backend","fixed_versions" => [">=1.0.1"],"id" => "CPANSA-Zonemaster-Backend-2015-001","references" => ["https://github.com/zonemaster/zonemaster-backend/issues/25","https://metacpan.org/dist/Zonemaster-Backend/changes"],"reported" => "2015-01-28","severity" => undef}],"main_module" => "Zonemaster::Backend","versions" => [{"date" => "2017-11-02T13:57:24","version" => "2.0.0"},{"date" => "2018-01-12T17:25:15","version" => "2.0.1"},{"date" => "2018-02-23T13:09:41","version" => "2.0.2"},{"date" => "2018-06-25T08:43:15","version" => "2.1.0"},{"date" => "2019-05-24T07:07:47","version" => "4.0.0"},{"date" => "2019-05-31T16:42:26","version" => "4.0.1"},{"date" => "2020-05-01T14:49:55","version" => "5.0.0"},{"date" => "2020-05-15T12:59:00","version" => "5.0.1"},{"date" => "2020-05-22T07:31:56","version" => "5.0.2"},{"date" => "2020-11-09T09:49:51","version" => "6.0.0"},{"date" => "2020-11-10T10:02:13","version" => "6.0.1"},{"date" => "2020-11-18T09:08:50","version" => "6.0.2"},{"date" => "2021-02-09T11:02:57","version" => "6.1.0"},{"date" => "2021-05-31T20:39:03","version" => "6.2.0"},{"date" => "2021-09-18T14:05:03","version" => "7.0.0"},{"date" => "2021-12-06T00:20:51","version" => "8.0.0"},{"date" => "2021-12-20T10:08:13","version" => "8.1.0"},{"date" => "2022-06-10T11:39:25","version" => "9.0.0"},{"date" => "2022-07-08T08:40:31","version" => "9.0.1"},{"date" => "2022-12-19T09:29:40","version" => "10.0.0"},{"date" => "2023-01-31T16:06:19","version" => "10.0.1"},{"date" => "2023-03-01T17:37:05","version" => "10.0.2"},{"date" => "2023-06-21T16:14:40","version" => "11.0.0"},{"date" => "2023-08-08T02:40:32","version" => "11.0.1"},{"date" => "2023-09-08T09:18:30","version" => "11.0.2"},{"date" => "2024-03-18T15:59:50","version" => "11.1.0"},{"date" => "2024-03-28T10:49:24","version" => "11.1.1"},{"date" => "2024-07-01T15:45:21","version" => "11.2.0"},{"date" => "2024-12-09T13:52:41","version" => "11.3.0"},{"date" => "2025-03-04T21:47:49","version" => "11.4.0"},{"date" => "2025-06-26T17:21:54","version" => "11.5.0"},{"date" => "2025-12-19T11:15:27","version" => "12.0.0"}]},"Zonemaster-GUI" => {"advisories" => [{"affected_versions" => [">=1.0.7,<=1.0.11"],"cves" => ["CVE-2020-7676"],"description" => "angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"<option>\" elements in \"<select>\" ones changes parsing behavior, leading to possibly unsanitizing code.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-7676-angular","references" => ["https://github.com/angular/angular.js/pull/17028","https://snyk.io/vuln/SNYK-JS-ANGULAR-570058","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1\@%3Cozone-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a\@%3Cozone-issues.hadoop.apache.org%3E"],"reported" => "2020-06-08","severity" => "medium"},{"affected_versions" => [">=1.0.7,<1.0.11"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Zonemaster::GUI","versions" => [{"date" => "2016-10-17T13:50:05","version" => "v1.0.7"},{"date" => "2016-10-17T14:35:43","version" => "v1.0.7"},{"date" => "2017-11-02T14:09:33","version" => "1.0.8"},{"date" => "2018-01-12T17:25:49","version" => "1.0.9"},{"date" => "2018-01-26T11:37:00","version" => "1.0.10"},{"date" => "2018-02-23T13:11:09","version" => "1.0.11"}]},"cppAdaptive1" => {"advisories" => [{"affected_versions" => ["==0.01"],"cves" => ["CVE-2019-7317"],"description" => "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.\n","distribution" => "cppAdaptive1","fixed_versions" => [],"id" => "CPANSA-cppAdaptive1-2019-7317-libpng","references" => ["https://github.com/glennrp/libpng/issues/275","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","https://seclists.org/bugtraq/2019/Apr/30","http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","https://www.debian.org/security/2019/dsa-4435","https://seclists.org/bugtraq/2019/Apr/36","https://usn.ubuntu.com/3962-1/","https://usn.ubuntu.com/3991-1/","https://seclists.org/bugtraq/2019/May/56","https://seclists.org/bugtraq/2019/May/59","https://www.debian.org/security/2019/dsa-4448","https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","https://access.redhat.com/errata/RHSA-2019:1265","https://access.redhat.com/errata/RHSA-2019:1269","https://access.redhat.com/errata/RHSA-2019:1267","https://www.debian.org/security/2019/dsa-4451","https://seclists.org/bugtraq/2019/May/67","https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","https://usn.ubuntu.com/3997-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","https://access.redhat.com/errata/RHSA-2019:1310","https://access.redhat.com/errata/RHSA-2019:1309","https://access.redhat.com/errata/RHSA-2019:1308","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","http://www.securityfocus.com/bid/108098","https://security.netapp.com/advisory/ntap-20190719-0005/","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/","https://security.gentoo.org/glsa/201908-02","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"reported" => "2019-02-04","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "cppAdaptive1","fixed_versions" => [],"id" => "CPANSA-cppAdaptive1-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "cppAdaptive1","versions" => [{"date" => "2017-08-15T00:25:43","version" => "0.01"}]},"cppAdaptive2" => {"advisories" => [{"affected_versions" => [">=0.01,<=3.0.3"],"cves" => ["CVE-2019-7317"],"description" => "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.\n","distribution" => "cppAdaptive2","fixed_versions" => [],"id" => "CPANSA-cppAdaptive2-2019-7317-libpng","references" => ["https://github.com/glennrp/libpng/issues/275","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","https://seclists.org/bugtraq/2019/Apr/30","http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","https://www.debian.org/security/2019/dsa-4435","https://seclists.org/bugtraq/2019/Apr/36","https://usn.ubuntu.com/3962-1/","https://usn.ubuntu.com/3991-1/","https://seclists.org/bugtraq/2019/May/56","https://seclists.org/bugtraq/2019/May/59","https://www.debian.org/security/2019/dsa-4448","https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","https://access.redhat.com/errata/RHSA-2019:1265","https://access.redhat.com/errata/RHSA-2019:1269","https://access.redhat.com/errata/RHSA-2019:1267","https://www.debian.org/security/2019/dsa-4451","https://seclists.org/bugtraq/2019/May/67","https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","https://usn.ubuntu.com/3997-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","https://access.redhat.com/errata/RHSA-2019:1310","https://access.redhat.com/errata/RHSA-2019:1309","https://access.redhat.com/errata/RHSA-2019:1308","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","http://www.securityfocus.com/bid/108098","https://security.netapp.com/advisory/ntap-20190719-0005/","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/","https://security.gentoo.org/glsa/201908-02","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"reported" => "2019-02-04","severity" => "medium"},{"affected_versions" => [">=0.01,<=3.0.3"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "cppAdaptive2","fixed_versions" => [],"id" => "CPANSA-cppAdaptive2-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "cppAdaptive2","versions" => [{"date" => "2018-05-30T06:24:48","version" => "0.01"},{"date" => "2018-06-04T20:54:37","version" => "v0.2.0"},{"date" => "2018-06-05T05:02:05","version" => "v1.0.0"},{"date" => "2018-06-05T15:49:02","version" => "v2.0.0"},{"date" => "2018-06-05T18:41:34","version" => "v2.0.1"},{"date" => "2018-06-06T17:15:24","version" => "v2.0.2"},{"date" => "2018-06-10T16:13:47","version" => "v3.0.0"},{"date" => "2018-06-10T18:17:00","version" => "v3.0.1"},{"date" => "2018-06-10T20:01:07","version" => "v3.0.2"},{"date" => "2018-06-11T04:59:40","version" => "v3.0.3"}]},"eperl" => {"advisories" => [{"affected_versions" => ["<=2.2.14"],"cves" => ["CVE-2001-0733"],"description" => "The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.\n","distribution" => "eperl","fixed_versions" => [],"id" => "CPANSA-ePerl-2001-0733","references" => ["http://www.securityfocus.com/archive/1/192711","http://www.securityfocus.com/bid/2912","https://exchange.xforce.ibmcloud.com/vulnerabilities/6743"],"reported" => "2001-10-18","severity" => undef}],"main_module" => "Parse::ePerl","versions" => [{"date" => "1996-09-08T09:22:26","version" => "1.4"},{"date" => "1997-01-20T06:55:18","version" => "v2.0.3"},{"date" => "1997-03-25T09:19:29","version" => "2.1"},{"date" => "1997-04-03T12:24:29","version" => "2.1"},{"date" => "1997-04-05T08:04:08","version" => "2.1"},{"date" => "1997-04-18T16:36:34","version" => "2.1"},{"date" => "1997-04-27T15:20:23","version" => "v2.1.0"},{"date" => "1997-05-04T20:06:49","version" => "v2.1.1"},{"date" => "1997-05-29T10:26:35","version" => "2.2"},{"date" => "1997-05-30T06:24:00","version" => "v2.1.2"},{"date" => "1997-05-30T16:53:19","version" => "2.2"},{"date" => "1997-06-06T07:37:49","version" => "2.2"},{"date" => "1997-06-28T15:59:18","version" => "2.2"},{"date" => "1997-07-19T08:23:43","version" => "v2.2.0"},{"date" => "1997-08-14T15:16:02","version" => "v2.2.2"},{"date" => "1997-08-21T15:44:18","version" => "v2.2.3"},{"date" => "1997-09-01T14:16:42","version" => "v2.2.4"},{"date" => "1997-09-03T10:33:40","version" => "v2.2.5"},{"date" => "1997-10-28T13:28:21","version" => "v2.2.6"},{"date" => "1997-11-17T16:37:11","version" => "v2.2.8"},{"date" => "1998-01-02T11:42:11","version" => "v2.2.12"},{"date" => "1998-07-10T09:22:54","version" => "v2.2.13"}]},"libapreq2" => {"advisories" => [{"affected_versions" => ["<2.07"],"cves" => ["CVE-2006-0042"],"description" => "Unspecified vulnerability in apreq_parse_headers and apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.\n","distribution" => "libapreq2","fixed_versions" => [">=2.07"],"id" => "CPANSA-libapreq2-2006-01","references" => ["https://metacpan.org/changes/distribution/libapreq2"],"reported" => "2007-04-17"}],"main_module" => "Apache2::Cookie","versions" => [{"date" => "2003-11-11T01:28:48","version" => "2.01_03"},{"date" => "2003-11-16T04:16:12","version" => "2.02_02"},{"date" => "2004-06-12T14:52:49","version" => "2.03_04"},{"date" => "2004-08-30T16:13:45","version" => "2.04_03"},{"date" => "2005-05-04T23:38:05","version" => "2.05"},{"date" => "2005-07-20T17:10:48","version" => "2.06"},{"date" => "2006-02-12T18:10:47","version" => "2.07"},{"date" => "2006-08-09T04:54:07","version" => "2.08"},{"date" => "2009-03-13T22:47:11","version" => "2.12"},{"date" => "2010-12-02T18:41:57","version" => "2.13"},{"date" => "2021-02-23T13:26:47","version" => "2.15"},{"date" => "2021-03-22T17:59:11","version" => "2.16"}]},"libwww-perl" => {"advisories" => [{"affected_versions" => ["<6.28"],"cves" => [],"description" => "LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command\n","distribution" => "libwww-perl","fixed_versions" => [">=6.27"],"id" => "CPANSA-libwww-perl-2017-01","references" => ["https://github.com/libwww-perl/libwww-perl/pull/270"],"reported" => "2017-11-06","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]},{"affected_versions" => ["<6.00"],"cves" => ["CVE-2011-0633"],"description" => "The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.\n","distribution" => "libwww-perl","fixed_versions" => [">=6.00"],"id" => "CPANSA-libwww-perl-2011-01","references" => ["http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html","http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html"],"reported" => "2011-01-20"},{"affected_versions" => ["<5.835"],"cves" => ["CVE-2010-2253"],"description" => "lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.\n","distribution" => "libwww-perl","fixed_versions" => [">=5.835"],"id" => "CPANSA-libwww-perl-2010-01","references" => ["http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html","http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html"],"reported" => "2010-07-06"},{"affected_versions" => ["<5.51"],"cves" => [],"description" => "If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for \"http_proxy\" permits \"HTTP_PROXY\" to be found, but this can be trivially set by the web client using the \"Proxy:\" header.\n","distribution" => "libwww-perl","fixed_versions" => [">=5.51"],"id" => "CPANSA-libwww-perl-2001-01","reported" => "2001-03-14"},{"affected_versions" => ["<0.04"],"cves" => [],"description" => "There is a security hole with the implementation of getBasicCredentials().\n","distribution" => "libwww-perl","fixed_versions" => [">=0.04"],"id" => "CPANSA-libwww-perl-1995-01","references" => ["https://metacpan.org/dist/libwww-perl/changes"],"reported" => "1995-09-06"}],"main_module" => "LWP","versions" => [{"date" => "1995-09-16T13:51:35","version" => 5},{"date" => "1995-11-06T14:29:13","version" => 5},{"date" => "1996-05-09T22:43:16","version" => 5},{"date" => "1996-05-26T14:01:51","version" => "5.00"},{"date" => "1996-08-02T16:38:58","version" => "5.01"},{"date" => "1996-09-11T16:19:57","version" => "5.02"},{"date" => "1996-09-30T22:58:37","version" => "5.03"},{"date" => "1996-10-22T10:39:33","version" => "5.04"},{"date" => "1996-12-04T23:36:17","version" => "5.05"},{"date" => "1997-01-27T23:53:38","version" => "5.06"},{"date" => "1997-02-11T14:20:18","version" => "5.07"},{"date" => "1997-04-05T13:10:16","version" => "5.08"},{"date" => "1997-06-10T11:07:01","version" => "5.09"},{"date" => "1997-06-20T10:51:10","version" => "5.10"},{"date" => "1997-08-06T08:41:11","version" => "5.11"},{"date" => "1997-09-05T09:38:58","version" => "5.12"},{"date" => "1997-09-20T12:50:59","version" => "5.13"},{"date" => "1997-10-12T20:55:32","version" => "5.14"},{"date" => "1997-11-06T20:23:06","version" => "5.15"},{"date" => "1997-12-12T17:44:29","version" => "5.18"},{"date" => "1997-12-16T22:25:00","version" => "5.18_03"},{"date" => "1997-12-17T10:08:54","version" => "5.18_04"},{"date" => "1998-01-20T18:16:51","version" => "5.18_05"},{"date" => "1998-01-26T23:55:39","version" => "5.19"},{"date" => "1998-02-12T23:43:23","version" => "5.20"},{"date" => "1998-03-12T18:39:08","version" => "5.21"},{"date" => "1998-03-24T19:42:54","version" => "5.22"},{"date" => "1998-03-31T22:25:14","version" => "5.30"},{"date" => "1998-04-10T15:07:10","version" => "5.31"},{"date" => "1998-04-17T05:23:45","version" => "5.32"},{"date" => "1998-05-07T15:10:00","version" => "5.33"},{"date" => "1998-07-07T16:06:51","version" => "5.34"},{"date" => "1998-07-09T23:05:12","version" => "5.35"},{"date" => "1998-08-04T15:15:44","version" => "5.36"},{"date" => "1998-10-12T17:42:28","version" => "5.40_01"},{"date" => "1998-11-19T22:17:29","version" => "5.41"},{"date" => "1999-03-20T07:52:48","version" => "5.42"},{"date" => "1999-05-09T19:26:17","version" => "5.43"},{"date" => "1999-06-25T20:34:40","version" => "5.44"},{"date" => "1999-09-20T13:36:22","version" => "5.45"},{"date" => "1999-10-28T12:30:45","version" => "5.46"},{"date" => "1999-11-16T14:59:58","version" => "5.47"},{"date" => "2000-04-09T19:45:32","version" => "5.48"},{"date" => "2001-01-01T06:35:20","version" => "5.49"},{"date" => "2001-01-12T20:58:43","version" => "5.50"},{"date" => "2001-03-14T21:33:03","version" => "5.51"},{"date" => "2001-03-29T21:39:12","version" => "5.52"},{"date" => "2001-04-10T23:15:00","version" => "5.53"},{"date" => "2001-04-19T06:13:35","version" => "5.53_90"},{"date" => "2001-04-21T05:02:13","version" => "5.53_91"},{"date" => "2001-04-25T17:37:11","version" => "5.53_92"},{"date" => "2001-04-29T06:28:31","version" => "5.53_93"},{"date" => "2001-05-05T13:57:20","version" => "5.53_94"},{"date" => "2001-08-07T00:46:18","version" => "5.53_95"},{"date" => "2001-08-28T05:59:46","version" => "5.53_96"},{"date" => "2001-09-20T00:33:20","version" => "5.53_97"},{"date" => "2001-10-26T23:30:57","version" => "5.60"},{"date" => "2001-11-17T02:56:46","version" => "5.61"},{"date" => "2001-11-21T19:00:47","version" => "5.62"},{"date" => "2001-12-14T21:01:09","version" => "5.63"},{"date" => "2002-02-09T18:54:35","version" => "5.64"},{"date" => "2002-05-31T20:59:15","version" => "5.65"},{"date" => "2002-12-20T19:28:34","version" => "5.66"},{"date" => "2003-01-01T16:53:11","version" => "5.67"},{"date" => "2003-01-03T05:04:44","version" => "5.68"},{"date" => "2003-01-24T16:55:35","version" => "5.69"},{"date" => "2003-10-13T20:56:35","version" => "5.70"},{"date" => "2003-10-14T19:12:56","version" => "5.71"},{"date" => "2003-10-15T19:53:47","version" => "5.72"},{"date" => "2003-10-19T20:04:40","version" => "5.73"},{"date" => "2003-10-23T19:26:57","version" => "5.74"},{"date" => "2003-10-26T22:10:48","version" => "5.75"},{"date" => "2003-11-21T19:33:09","version" => "5.76"},{"date" => "2004-04-06T13:41:45","version" => "5.77"},{"date" => "2004-04-07T11:13:36","version" => "5.78"},{"date" => "2004-04-13T08:09:08","version" => "5.79"},{"date" => "2004-06-16T10:43:42","version" => "5.800"},{"date" => "2004-11-12T18:32:17","version" => "5.801"},{"date" => "2004-11-30T13:06:01","version" => "5.802"},{"date" => "2004-12-11T15:48:30","version" => "5.803"},{"date" => "2005-12-06T09:36:12","version" => "5.804"},{"date" => "2005-12-08T12:29:02","version" => "5.805"},{"date" => "2007-07-19T21:31:44","version" => "5.806"},{"date" => "2007-07-31T13:14:54","version" => "5.807"},{"date" => "2007-08-05T13:29:17","version" => "5.808"},{"date" => "2008-04-08T11:47:19","version" => "5.810"},{"date" => "2008-04-14T08:28:19","version" => "5.811"},{"date" => "2008-04-16T10:32:51","version" => "5.812"},{"date" => "2008-06-17T20:37:17","version" => "5.813"},{"date" => "2008-07-25T09:09:53","version" => "5.814"},{"date" => "2008-09-24T18:10:11","version" => "5.815"},{"date" => "2008-09-29T09:27:09","version" => "5.816"},{"date" => "2008-10-10T21:31:27","version" => "5.817"},{"date" => "2008-10-16T10:32:24","version" => "5.818"},{"date" => "2008-10-20T11:43:37","version" => "5.819"},{"date" => "2008-11-05T18:07:29","version" => "5.820"},{"date" => "2008-11-25T00:16:49","version" => "5.821"},{"date" => "2008-12-05T19:18:40","version" => "5.822"},{"date" => "2009-01-12T16:50:02","version" => "5.823"},{"date" => "2009-02-13T14:12:29","version" => "5.824"},{"date" => "2009-02-16T10:00:35","version" => "5.825"},{"date" => "2009-04-24T20:42:45","version" => "5.826"},{"date" => "2009-06-15T19:36:37","version" => "5.827"},{"date" => "2009-06-25T19:44:55","version" => "5.828"},{"date" => "2009-07-08T20:03:11","version" => "5.829"},{"date" => "2009-07-26T19:39:49","version" => "5.830"},{"date" => "2009-08-13T20:53:34","version" => "5.831"},{"date" => "2009-09-21T18:24:41","version" => "5.832"},{"date" => "2009-10-06T21:23:39","version" => "5.833"},{"date" => "2009-11-21T13:09:14","version" => "5.834"},{"date" => "2010-05-05T21:13:47","version" => "5.835"},{"date" => "2010-05-13T07:34:58","version" => "5.836"},{"date" => "2010-09-20T21:24:38","version" => "5.837"},{"date" => "2010-11-04T15:16:35","version" => "5.837"},{"date" => "2011-03-08T19:25:05","version" => "6.00"},{"date" => "2011-03-09T23:30:57","version" => "6.01"},{"date" => "2011-03-27T11:35:01","version" => "6.02"},{"date" => "2011-10-15T13:38:28","version" => "6.03"},{"date" => "2012-02-18T22:13:13","version" => "6.04"},{"date" => "2013-03-11T21:47:56","version" => "6.05"},{"date" => "2014-04-16T18:38:49","version" => "6.06"},{"date" => "2014-07-02T05:10:47","version" => "6.07"},{"date" => "2014-07-25T03:19:43","version" => "6.08"},{"date" => "2015-02-10T02:58:40","version" => "6.09"},{"date" => "2015-02-12T17:40:48","version" => "6.10"},{"date" => "2015-02-13T21:38:49","version" => "6.11"},{"date" => "2015-02-14T00:16:15","version" => "6.12"},{"date" => "2015-02-14T18:45:12","version" => "6.13"},{"date" => "2015-11-25T20:23:47","version" => "6.14_001"},{"date" => "2015-12-05T06:01:09","version" => "6.15"},{"date" => "2016-01-05T00:29:20","version" => "6.15_001"},{"date" => "2016-01-14T01:52:18","version" => "6.15_002"},{"date" => "2016-01-14T02:01:20","version" => "6.15_003"},{"date" => "2016-02-13T06:18:45","version" => "6.15_004"},{"date" => "2017-01-18T14:22:22","version" => "6.16"},{"date" => "2017-01-31T19:39:10","version" => "6.17"},{"date" => "2017-02-03T20:31:54","version" => "6.18"},{"date" => "2017-02-14T19:56:20","version" => "6.19"},{"date" => "2017-02-21T15:19:06","version" => "6.20"},{"date" => "2017-02-21T20:38:03","version" => "6.21"},{"date" => "2017-03-01T15:27:43","version" => "6.22"},{"date" => "2017-03-07T03:49:52","version" => "6.23"},{"date" => "2017-03-14T16:36:38","version" => "6.24"},{"date" => "2017-04-03T17:20:06","version" => "6.25"},{"date" => "2017-04-12T15:36:20","version" => "6.26"},{"date" => "2017-09-21T22:32:37","version" => "6.27"},{"date" => "2017-11-06T15:43:47","version" => "6.28"},{"date" => "2017-11-06T20:34:56","version" => "6.29"},{"date" => "2017-12-08T01:57:23","version" => "6.30"},{"date" => "2017-12-11T01:57:47","version" => "6.31"},{"date" => "2018-02-20T19:41:40","version" => "6.32"},{"date" => "2018-02-27T04:04:55","version" => "6.33"},{"date" => "2018-06-05T18:50:45","version" => "6.34"},{"date" => "2018-07-16T04:51:16","version" => "6.35"},{"date" => "2018-10-10T02:21:49","version" => "6.36"},{"date" => "2019-03-06T20:51:05","version" => "6.37"},{"date" => "2019-03-25T19:00:53","version" => "6.38"},{"date" => "2019-05-06T14:19:25","version" => "6.39"},{"date" => "2019-10-24T13:08:25","version" => "6.40"},{"date" => "2019-10-28T14:45:05","version" => "6.41"},{"date" => "2019-11-20T17:41:59","version" => "6.42"},{"date" => "2019-11-26T13:56:02","version" => "6.43"},{"date" => "2020-04-14T19:39:37","version" => "6.44"},{"date" => "2020-06-08T14:52:52","version" => "6.45"},{"date" => "2020-06-23T21:20:14","version" => "6.46"},{"date" => "2020-08-18T15:28:34","version" => "6.47"},{"date" => "2020-09-20T15:26:52","version" => "6.48"},{"date" => "2020-09-24T00:29:49","version" => "6.49"},{"date" => "2020-12-16T18:36:35","version" => "6.50"},{"date" => "2020-12-29T22:09:46","version" => "6.51"},{"date" => "2021-01-07T21:58:27","version" => "6.52"},{"date" => "2021-03-07T16:55:35","version" => "6.53"},{"date" => "2021-05-06T17:55:38","version" => "6.54"},{"date" => "2021-06-17T13:58:40","version" => "6.55"},{"date" => "2021-08-17T13:58:19","version" => "6.56"},{"date" => "2021-09-20T20:29:02","version" => "6.57"},{"date" => "2021-10-25T20:44:12","version" => "6.58"},{"date" => "2021-12-02T21:20:00","version" => "6.59"},{"date" => "2021-12-17T22:33:53","version" => "6.60"},{"date" => "2022-01-21T21:44:31","version" => "6.61"},{"date" => "2022-04-05T01:05:20","version" => "6.62"},{"date" => "2022-04-25T15:25:43","version" => "6.63"},{"date" => "2022-04-26T13:17:45","version" => "6.64"},{"date" => "2022-05-09T18:42:27","version" => "6.65"},{"date" => "2022-05-18T16:57:21","version" => "6.66"},{"date" => "2022-06-14T20:24:12","version" => "6.67"},{"date" => "2023-02-27T19:20:03","version" => "6.68"},{"date" => "2023-04-29T13:15:34","version" => "6.69"},{"date" => "2023-04-30T13:26:14","version" => "6.70"},{"date" => "2023-06-20T19:46:00","version" => "6.71"},{"date" => "2023-07-17T22:02:15","version" => "6.72"},{"date" => "2024-01-13T20:26:02","version" => "6.73"},{"date" => "2024-01-22T17:49:13","version" => "6.74"},{"date" => "2024-01-24T14:30:24","version" => "6.75"},{"date" => "2024-01-25T18:33:12","version" => "6.76"},{"date" => "2024-03-11T00:58:25","version" => "6.77"},{"date" => "2025-02-20T00:44:17","version" => "6.78"},{"date" => "2025-06-27T22:44:59","version" => "6.79"},{"date" => "2025-09-11T22:58:55","version" => "6.80"},{"date" => "2025-10-22T17:05:45","version" => "6.81"}]},"mod_perl" => {"advisories" => [{"affected_versions" => ["<1.31"],"cves" => ["CVE-2009-0796"],"description" => "XSS in Apache::Status.\n","distribution" => "mod_perl","fixed_versions" => [">=1.31"],"id" => "CPANSA-mod_perl-2009-01","references" => ["https://metacpan.org/changes/distribution/mod_perl"],"reported" => "2009-05-11"},{"affected_versions" => ["<1.30"],"cves" => ["CVE-2007-1349"],"description" => "Unescaped variable interpolation in Apache::PerlRun regular expression could cause regex engine tampering.\n","distribution" => "mod_perl","fixed_versions" => [">=1.30"],"id" => "CPANSA-mod_perl-2007-01","references" => ["https://metacpan.org/changes/distribution/mod_perl"],"reported" => "2007-03-29"},{"affected_versions" => [">=2.0,<=2.0.10"],"cves" => ["CVE-2011-2767"],"description" => "mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.\n","distribution" => "mod_perl","fixed_versions" => [],"id" => "CPANSA-mod_perl-2011-2767","references" => ["https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E","https://bugs.debian.org/644169","https://lists.debian.org/debian-lts-announce/2018/09/msg00018.html","https://access.redhat.com/errata/RHSA-2018:2737","https://access.redhat.com/errata/RHSA-2018:2826","https://access.redhat.com/errata/RHSA-2018:2825","http://www.securityfocus.com/bid/105195","https://usn.ubuntu.com/3825-1/","https://usn.ubuntu.com/3825-2/","https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d\@%3Cmodperl-cvs.perl.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.html"],"reported" => "2018-08-26","severity" => "critical"}],"main_module" => "mod_perl2","versions" => [{"date" => "1996-05-21T02:07:05","version" => "0.60"},{"date" => "1996-05-21T20:51:37","version" => "0.60"},{"date" => "1996-06-18T19:41:55","version" => "0.60"},{"date" => "1996-06-25T15:49:56","version" => "0.60"},{"date" => "1996-07-14T23:39:07","version" => "0.70"},{"date" => "1996-07-26T20:39:23","version" => "0.76"},{"date" => "1996-09-08T22:13:32","version" => "0.81"},{"date" => "1996-10-04T15:50:31","version" => "0.83_02"},{"date" => "1996-10-09T07:10:24","version" => "0.83_03"},{"date" => "1996-10-14T03:46:54","version" => "0.83_04"},{"date" => "1996-10-15T13:34:22","version" => "0.83_05"},{"date" => "1996-10-17T03:48:27","version" => "0.83_06"},{"date" => "1996-10-18T22:18:01","version" => "0.83_07"},{"date" => "1996-10-21T01:37:29","version" => "0.83_09"},{"date" => "1996-10-25T14:09:06","version" => "0.83_10"},{"date" => "1996-10-28T00:01:00","version" => "0.84"},{"date" => "1996-11-13T05:39:14","version" => "0.85"},{"date" => "1996-11-14T07:21:01","version" => "0.85_01"},{"date" => "1996-11-27T17:19:02","version" => "0.85_02"},{"date" => "1996-12-05T03:37:12","version" => "0.85_03"},{"date" => "1996-12-10T23:17:33","version" => "0.85_04"},{"date" => "1996-12-17T13:31:40","version" => "0.85_06"},{"date" => "1996-12-19T14:32:44","version" => "0.86"},{"date" => "1996-12-24T04:19:35","version" => "0.87"},{"date" => "1996-12-24T20:41:28","version" => "0.88"},{"date" => "1996-12-31T04:43:25","version" => "0.89"},{"date" => "1996-12-31T07:52:56","version" => "0.90"},{"date" => "1997-01-20T10:04:20","version" => "0.90_01"},{"date" => "1997-01-23T00:58:22","version" => "0.91"},{"date" => "1997-01-23T15:56:19","version" => "0.92"},{"date" => "1997-01-28T02:37:30","version" => "0.93"},{"date" => "1997-03-05T03:19:32","version" => "0.93_01"},{"date" => "1997-03-10T12:07:39","version" => "0.94"},{"date" => "1997-03-23T18:53:46","version" => "0.95"},{"date" => "1997-03-23T18:54:02","version" => "0.95_02"},{"date" => "1997-04-01T04:44:44","version" => "0.95_03"},{"date" => "1997-04-02T01:35:22","version" => "0.95_04"},{"date" => "1997-04-02T03:20:37","version" => "0.95_05"},{"date" => "1997-04-02T04:42:28","version" => "0.95_06"},{"date" => "1997-04-04T05:33:39","version" => "0.96"},{"date" => "1997-04-16T03:54:02","version" => "0.97"},{"date" => "1997-04-23T03:29:01","version" => "0.97_01"},{"date" => "1997-04-30T03:56:50","version" => "0.97_02"},{"date" => "1997-05-02T19:58:12","version" => "0.98"},{"date" => "1997-05-19T22:59:20","version" => "0.98_03"},{"date" => "1997-05-23T00:24:28","version" => "0.98_05"},{"date" => "1997-05-30T02:07:03","version" => "0.98_08"},{"date" => "1997-06-02T00:05:45","version" => "0.98_09"},{"date" => "1997-06-03T03:15:48","version" => "0.98_10"},{"date" => "1997-06-04T01:54:46","version" => "0.98_11"},{"date" => "1997-06-06T01:14:09","version" => "0.98_12"},{"date" => "1997-06-12T00:36:43","version" => "0.99"},{"date" => "1997-06-30T03:04:22","version" => "1.00"},{"date" => "1997-07-08T06:20:15","version" => "1.00"},{"date" => "1997-07-30T20:57:59","version" => "1.00"},{"date" => "1997-08-25T22:00:29","version" => "0.85_05"},{"date" => "1997-09-16T01:09:06","version" => "1.00_02"},{"date" => "1997-09-21T21:40:32","version" => "1.00_03"},{"date" => "1997-10-17T00:04:35","version" => "1.01"},{"date" => "1997-10-17T15:40:45","version" => "1.02"},{"date" => "1997-10-24T04:02:30","version" => "1.03"},{"date" => "1997-10-31T03:59:22","version" => "1.04"},{"date" => "1997-11-07T04:32:07","version" => "1.05"},{"date" => "1997-11-26T02:09:01","version" => "1.07"},{"date" => "1997-12-02T21:34:03","version" => "1.07_01"},{"date" => "1997-12-22T09:29:56","version" => "1.07_02"},{"date" => "1998-01-08T10:21:31","version" => "1.07_03"},{"date" => "1998-01-28T02:10:28","version" => "1.07_03"},{"date" => "1998-01-29T00:47:52","version" => "1.07_03"},{"date" => "1998-02-10T11:04:03","version" => "1.07_04"},{"date" => "1998-02-12T15:08:20","version" => "1.07_04"},{"date" => "1998-02-20T03:43:49","version" => "1.08"},{"date" => "1998-03-07T01:06:09","version" => "1.08"},{"date" => "1998-03-19T07:39:18","version" => "1.09"},{"date" => "1998-03-21T04:14:02","version" => "1.10"},{"date" => "1998-03-27T16:52:20","version" => "1.10"},{"date" => "1998-04-21T14:43:05","version" => "1.11"},{"date" => "1998-04-24T18:58:30","version" => "1.11"},{"date" => "1998-06-09T16:51:19","version" => "1.11"},{"date" => "1998-06-14T19:21:25","version" => "1.12"},{"date" => "1998-07-14T01:13:07","version" => "1.13"},{"date" => "1998-07-19T00:19:20","version" => "1.14"},{"date" => "1998-07-24T13:52:53","version" => "1.15"},{"date" => "1998-07-24T15:59:13","version" => "1.15"},{"date" => "1998-09-20T00:02:57","version" => "1.15_01"},{"date" => "1998-10-02T23:10:02","version" => "1.16"},{"date" => "1998-10-28T18:16:45","version" => "1.16"},{"date" => "1998-11-24T23:54:59","version" => "1.16_01"},{"date" => "1998-12-01T00:01:25","version" => "1.16_02"},{"date" => "1999-01-28T06:27:45","version" => "1.18"},{"date" => "1999-06-11T17:22:35","version" => "1.20"},{"date" => "1999-07-02T23:43:56","version" => "1.21"},{"date" => "2000-03-06T01:32:31","version" => "1.21_01"},{"date" => "2000-03-07T07:56:53","version" => "1.21_02"},{"date" => "2000-03-15T10:25:52","version" => "1.21_03"},{"date" => "2000-03-23T06:51:53","version" => "1.22"},{"date" => "2000-04-21T06:51:47","version" => "1.23"},{"date" => "2000-05-17T05:44:34","version" => "1.24"},{"date" => "2000-10-10T16:44:39","version" => "1.24_01"},{"date" => "2001-01-30T04:33:45","version" => "1.25"},{"date" => "2001-07-06T21:27:16","version" => "1.25_01"},{"date" => "2001-07-12T02:23:32","version" => "1.26"},{"date" => "2002-04-07T04:58:26","version" => "1.99_01"},{"date" => "2002-06-02T03:05:50","version" => "1.27"},{"date" => "2002-06-02T03:27:13","version" => "1.99_02"},{"date" => "2002-06-15T23:59:37","version" => "1.99_03"},{"date" => "2002-06-21T22:45:41","version" => "1.99_04"},{"date" => "2002-08-20T16:54:13","version" => "1.99_05"},{"date" => "2002-09-27T15:19:03","version" => "1.99_06"},{"date" => "2002-09-27T19:41:50","version" => "1.99_07"},{"date" => "2003-01-11T04:22:19","version" => "1.99_08"},{"date" => "2003-04-28T02:36:59","version" => "1.99_09"},{"date" => "2003-07-03T03:32:20","version" => "1.28"},{"date" => "2003-09-29T17:11:24","version" => "1.99_10"},{"date" => "2003-10-08T04:54:22","version" => "1.29"},{"date" => "2003-11-10T21:04:15","version" => "1.99_11"},{"date" => "2003-12-22T19:56:22","version" => "1.99_12"},{"date" => "2004-03-09T00:29:43","version" => "1.99_13"},{"date" => "2004-05-21T18:02:49","version" => "1.99_14"},{"date" => "2004-08-20T18:35:12","version" => "1.99_15"},{"date" => "2004-08-23T05:59:47","version" => "1.99_16"},{"date" => "2004-10-22T21:38:19","version" => "1.99_17"},{"date" => "2004-12-12T23:22:37","version" => "v2.0.0"},{"date" => "2004-12-23T23:38:49","version" => "v2.0.0"},{"date" => "2005-01-06T01:27:43","version" => "v2.0.0"},{"date" => "2005-01-22T08:55:19","version" => "v2.0.0"},{"date" => "2005-04-14T13:19:23","version" => "v2.0.0"},{"date" => "2005-05-04T02:48:58","version" => "v2.0.0"},{"date" => "2005-05-20T05:12:45","version" => "v2.0.0"},{"date" => "2005-06-17T21:05:23","version" => "v2.0.1"},{"date" => "2005-10-21T01:27:23","version" => "v2.0.2"},{"date" => "2006-11-29T08:29:30","version" => "v2.0.3"},{"date" => "2007-03-30T06:19:02","version" => "1.30"},{"date" => "2008-04-17T06:32:36","version" => "v2.0.4"},{"date" => "2009-05-13T02:29:50","version" => "1.31"},{"date" => "2011-02-07T23:31:36","version" => "v2.0.5"},{"date" => "2012-04-25T15:31:27","version" => "v2.0.6"},{"date" => "2012-06-06T02:40:24","version" => "v2.0.7"},{"date" => "2013-04-18T02:15:56","version" => "2.0.8"},{"date" => "2015-06-18T21:16:34","version" => "2.0.9"},{"date" => "2016-10-27T21:16:36","version" => "2.0.10"},{"date" => "2019-10-05T11:36:44","version" => "2.0.11"},{"date" => "2022-01-30T13:36:21","version" => "2.0.12"},{"date" => "2023-10-21T10:32:29","version" => "2.0.13"}]},"perl" => {"advisories" => [{"affected_versions" => ["<1.13"],"cves" => ["CVE-2011-2728"],"description" => "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.\n","distribution" => "perl","fixed_versions" => [">=1.13"],"id" => "CPANSA-File-Glob-2011-2728","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html","http://www.securityfocus.com/bid/49858","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77","http://secunia.com/advisories/46172","https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1","https://bugzilla.redhat.com/show_bug.cgi?id=742987"],"reported" => "2012-12-21","severity" => undef},{"affected_versions" => ["<5.24.1"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "perl","fixed_versions" => [">=5.24.1"],"id" => "CPANSA-ExtUtils-ParseXS-2016-1238","references" => ["https://perldoc.perl.org/5.24.1/perldelta","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=5.22.0,<5.24.0"],"cves" => ["CVE-2016-6185"],"description" => "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2016-6185","references" => ["https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/","https://github.com/Perl/perl5/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/","http://www.openwall.com/lists/oss-security/2016/07/07/1","http://www.openwall.com/lists/oss-security/2016/07/08/5","https://rt.cpan.org/Public/Bug/Display.html?id=115808","http://www.debian.org/security/2016/dsa-3628","http://www.securitytracker.com/id/1036260","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.securityfocus.com/bid/91685","https://security.gentoo.org/glsa/201701-75","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/","https://github.com/Perl/perl5/blob/blead/pod/perl5260delta.pod"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=5.005,<5.24.0"],"cves" => ["CVE-2015-8608"],"description" => "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2015-8608","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=126755","https://github.com/Perl/perl5/issues/15067","https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2017-02-07","severity" => "critical"},{"affected_versions" => ["<5.14.2"],"cves" => ["CVE-2011-2728"],"description" => "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.\n","distribution" => "perl","fixed_versions" => [">=5.14.2"],"id" => "CPANSA-perl-2011-2728","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html","http://www.securityfocus.com/bid/49858","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77","http://secunia.com/advisories/46172","https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1","https://bugzilla.redhat.com/show_bug.cgi?id=742987"],"reported" => "2012-12-21","severity" => undef},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-12723"],"description" => "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-12723","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://github.com/Perl/perl5/issues/16947","https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a","https://github.com/Perl/perl5/issues/17743","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-10878"],"description" => "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-10878","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c","https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-10543"],"description" => "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-10543","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => [">=5.22.0,<5.24.4",">=5.26.0,<5.28.2"],"cves" => ["CVE-2018-6798"],"description" => "An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.\n","distribution" => "perl","fixed_versions" => [">=5.28.0"],"id" => "CPANSA-perl-2018-6798","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=132063","http://www.securitytracker.com/id/1040681","https://access.redhat.com/errata/RHSA-2018:1192","https://usn.ubuntu.com/3625-1/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta","https://github.com/Perl/perl5/issues/16143"],"reported" => "2018-04-17","severity" => "high"},{"affected_versions" => [">=5.18.0,<5.24.4",">=5.26.0,<5.26.2"],"cves" => ["CVE-2018-6797"],"description" => "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.\n","distribution" => "perl","fixed_versions" => [">=5.28.0"],"id" => "CPANSA-perl-2018-6797","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=132227","http://www.securitytracker.com/id/1040681","https://access.redhat.com/errata/RHSA-2018:1192","https://usn.ubuntu.com/3625-1/","http://www.securitytracker.com/id/1042004","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta"],"reported" => "2018-04-17","severity" => "critical"},{"affected_versions" => ["<5.24.4",">=5.26.0,<5.26.2"],"cves" => ["CVE-2018-6913"],"description" => "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.\n","distribution" => "perl","fixed_versions" => [">=5.26.2"],"id" => "CPANSA-perl-2018-6913","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=131844","https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html","http://www.securitytracker.com/id/1040681","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/","http://www.securityfocus.com/bid/103953","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta","https://github.com/Perl/perl5/issues/16098"],"reported" => "2018-04-17","severity" => "critical"},{"affected_versions" => ["<5.26.3"],"cves" => ["CVE-2018-18314"],"description" => "Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.26.3"],"id" => "CPANSA-perl-2018-18314","references" => ["https://www.debian.org/security/2018/dsa-4347","https://rt.perl.org/Ticket/Display.html?id=131649","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f","https://bugzilla.redhat.com/show_bug.cgi?id=1646751","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106145","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["<5.26.3"],"cves" => ["CVE-2018-18313"],"description" => "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.\n","distribution" => "perl","fixed_versions" => [">=5.26.3"],"id" => "CPANSA-perl-2018-18313","references" => ["https://www.debian.org/security/2018/dsa-4347","https://usn.ubuntu.com/3834-2/","https://rt.perl.org/Ticket/Display.html?id=133192","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62","https://bugzilla.redhat.com/show_bug.cgi?id=1646738","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://support.apple.com/kb/HT209600","https://seclists.org/bugtraq/2019/Mar/42","http://seclists.org/fulldisclosure/2019/Mar/49","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["==5.28.0","<5.26.3"],"cves" => ["CVE-2018-18312"],"description" => "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.28.1"],"id" => "CPANSA-perl-2018-18312","references" => ["https://www.debian.org/security/2018/dsa-4347","https://rt.perl.org/Public/Bug/Display.html?id=133423","https://metacpan.org/changes/release/SHAY/perl-5.28.1","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://bugzilla.redhat.com/show_bug.cgi?id=1646734","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106179","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5281delta","https://perldoc.perl.org/perl5263delta"],"reported" => "2018-12-05","severity" => "critical"},{"affected_versions" => ["<5.26.3","==5.28.0"],"cves" => ["CVE-2018-18311"],"description" => "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.28.1"],"id" => "CPANSA-perl-2018-18311","references" => ["https://www.debian.org/security/2018/dsa-4347","https://usn.ubuntu.com/3834-2/","https://rt.perl.org/Ticket/Display.html?id=133204","https://metacpan.org/changes/release/SHAY/perl-5.28.1","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html","https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be","https://bugzilla.redhat.com/show_bug.cgi?id=1646730","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106145","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://access.redhat.com/errata/RHSA-2019:0109","https://security.netapp.com/advisory/ntap-20190221-0003/","https://support.apple.com/kb/HT209600","https://seclists.org/bugtraq/2019/Mar/42","http://seclists.org/fulldisclosure/2019/Mar/49","https://kc.mcafee.com/corporate/index?page=content&id=SB10278","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:1790","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:1942","https://access.redhat.com/errata/RHSA-2019:2400","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5281delta","https://perldoc.perl.org/perl5263delta"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["==5.26.0",">=5.20.0,<5.24.3"],"cves" => ["CVE-2017-12883"],"description" => "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\\\N{U+...}' escape.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12883","references" => ["https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1","https://bugzilla.redhat.com/show_bug.cgi?id=1492093","http://www.securityfocus.com/bid/100852","http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch","https://rt.perl.org/Public/Bug/Display.html?id=131598","http://www.debian.org/security/2017/dsa-3982","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://github.com/Perl/perl5/issues/16025","https://perldoc.perl.org/perl5243delta","https://perldoc.perl.org/perl5280delta","https://perldoc.perl.org/perl5261delta"],"reported" => "2017-09-19","severity" => "critical"},{"affected_versions" => [">=5.18.0,<5.24.3","==5.26.0"],"cves" => ["CVE-2017-12837"],"description" => "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\\\\N{}' escape and the case-insensitive modifier.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12837","references" => ["https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5","https://bugzilla.redhat.com/show_bug.cgi?id=1492091","http://www.securityfocus.com/bid/100860","https://rt.perl.org/Public/Bug/Display.html?id=131582","http://www.debian.org/security/2017/dsa-3982","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://github.com/Perl/perl5/issues/16021","https://perldoc.perl.org/perl5243delta","https://perldoc.perl.org/perl5261delta","https://perldoc.perl.org/perl5280delta"],"reported" => "2017-09-19","severity" => "high"},{"affected_versions" => ["<5.24.0"],"cves" => ["CVE-2015-8853"],"description" => "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\"\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2015-8853","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html","http://www.openwall.com/lists/oss-security/2016/04/20/7","https://bugzilla.redhat.com/show_bug.cgi?id=1329106","https://rt.perl.org/Public/Bug/Display.html?id=123562","http://www.openwall.com/lists/oss-security/2016/04/20/5","http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securityfocus.com/bid/86707","https://security.gentoo.org/glsa/201701-75","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/"],"reported" => "2016-05-25","severity" => "high"},{"affected_versions" => ["<5.18.0"],"cves" => ["CVE-2013-1667"],"description" => "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2013-1667","references" => ["http://www.securityfocus.com/bid/58311","http://perl5.git.perl.org/perl.git/commitdiff/d59e31f","http://perl5.git.perl.org/perl.git/commitdiff/9d83adc","http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html","http://www.debian.org/security/2013/dsa-2641","http://secunia.com/advisories/52499","http://secunia.com/advisories/52472","https://bugzilla.redhat.com/show_bug.cgi?id=912276","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296","http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5","http://osvdb.org/90892","http://www.ubuntu.com/usn/USN-1770-1","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html","http://marc.info/?l=bugtraq&m=137891988921058&w=2","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/82598","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"],"reported" => "2013-03-14","severity" => undef},{"affected_versions" => [">=5.10.0,<5.12.0"],"cves" => ["CVE-2011-0761"],"description" => "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.\n","distribution" => "perl","fixed_versions" => [">=5.12.0"],"id" => "CPANSA-perl-2011-0761","references" => ["http://www.securityfocus.com/bid/47766","http://securitytracker.com/id?1025507","http://www.toucan-system.com/advisories/tssa-2011-03.txt","http://securityreason.com/securityalert/8248","https://exchange.xforce.ibmcloud.com/vulnerabilities/67355","http://www.securityfocus.com/archive/1/517916/100/0/threaded"],"reported" => "2011-05-13","severity" => undef},{"affected_versions" => ["<=5.14.0"],"cves" => ["CVE-2010-4777"],"description" => "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.\n","distribution" => "perl","fixed_versions" => [">5.14.0"],"id" => "CPANSA-perl-2010-4777","references" => ["http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html","https://bugzilla.redhat.com/show_bug.cgi?id=694166","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836","https://rt.perl.org/Public/Bug/Display.html?id=76538","https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html","http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html","http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"],"reported" => "2014-02-10","severity" => undef},{"affected_versions" => ["<5.10.0"],"cves" => ["CVE-2010-1158"],"description" => "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.\n","distribution" => "perl","fixed_versions" => [">=5.10.0"],"id" => "CPANSA-perl-2010-1158","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=313565","http://www.openwall.com/lists/oss-security/2010/04/14/3","http://perldoc.perl.org/perl5100delta.html","http://www.openwall.com/lists/oss-security/2010/04/08/9","https://bugzilla.redhat.com/show_bug.cgi?id=580605","http://secunia.com/advisories/55314"],"reported" => "2010-04-20","severity" => undef},{"affected_versions" => ["<=5.10.1"],"cves" => ["CVE-2009-3626"],"description" => "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.\n","distribution" => "perl","fixed_versions" => [">5.10.1"],"id" => "CPANSA-perl-2009-3626","references" => ["http://securitytracker.com/id?1023077","http://www.vupen.com/english/advisories/2009/3023","http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4","http://www.securityfocus.com/bid/36812","https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225","http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/","http://www.osvdb.org/59283","http://www.openwall.com/lists/oss-security/2009/10/23/8","http://secunia.com/advisories/37144","http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973","https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"],"reported" => "2009-10-29","severity" => undef},{"affected_versions" => ["<=5.8.8"],"cves" => ["CVE-2008-1927"],"description" => "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.  NOTE: this issue might only be present on certain operating systems.\n","distribution" => "perl","fixed_versions" => [">5.8.8"],"id" => "CPANSA-perl-2008-1927","references" => ["http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792","http://www.debian.org/security/2008/dsa-1556","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html","http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml","http://www.securityfocus.com/bid/28928","http://secunia.com/advisories/29948","http://secunia.com/advisories/30025","http://secunia.com/advisories/30326","http://www.securitytracker.com/id?1020253","http://www.redhat.com/support/errata/RHSA-2008-0522.html","http://secunia.com/advisories/30624","http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm","http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://secunia.com/advisories/31467","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","http://secunia.com/advisories/31604","http://secunia.com/advisories/31208","http://secunia.com/advisories/31328","http://www.vmware.com/security/advisories/VMSA-2008-0013.html","http://www.redhat.com/support/errata/RHSA-2008-0532.html","http://secunia.com/advisories/31687","http://osvdb.org/44588","http://www.mandriva.com/security/advisories?name=MDVSA-2008:100","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html","http://secunia.com/advisories/33937","http://support.apple.com/kb/HT3438","http://www.vupen.com/english/advisories/2009/0422","http://www.vupen.com/english/advisories/2008/2361","http://www.vupen.com/english/advisories/2008/2424","http://www.vupen.com/english/advisories/2008/2265/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41996","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-04-24","severity" => undef},{"affected_versions" => ["<5.10.0"],"cves" => ["CVE-2005-3962"],"description" => "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.\n","distribution" => "perl","fixed_versions" => [">=5.10.1"],"id" => "CPANSA-perl-2005-3962","references" => ["http://www.dyadsecurity.com/perl-0002.html","http://www.kb.cert.org/vuls/id/948385","http://www.securityfocus.com/bid/15629","http://secunia.com/advisories/17802","http://secunia.com/advisories/17844","http://secunia.com/advisories/17762","http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html","http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml","http://www.trustix.org/errata/2005/0070","http://secunia.com/advisories/17941","http://secunia.com/advisories/17952","http://www.redhat.com/support/errata/RHSA-2005-880.html","http://www.novell.com/linux/security/advisories/2005_71_perl.html","http://secunia.com/advisories/18183","http://secunia.com/advisories/18187","http://www.redhat.com/support/errata/RHSA-2005-881.html","http://secunia.com/advisories/18075","http://www.openbsd.org/errata37.html#perl","http://secunia.com/advisories/18295","ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch","http://www.osvdb.org/21345","http://www.osvdb.org/22255","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://secunia.com/advisories/18517","http://secunia.com/advisories/17993","https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1","http://secunia.com/advisories/19041","http://www.debian.org/security/2006/dsa-943","http://secunia.com/advisories/18413","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm","http://www.novell.com/linux/security/advisories/2005_29_sr.html","http://secunia.com/advisories/20894","http://docs.info.apple.com/article.html?artnum=304829","http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html","http://www.us-cert.gov/cas/techalerts/TA06-333A.html","http://secunia.com/advisories/23155","http://www.mandriva.com/security/advisories?name=MDKSA-2005:225","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://secunia.com/advisories/31208","http://www.vupen.com/english/advisories/2006/2613","http://www.vupen.com/english/advisories/2006/0771","http://www.vupen.com/english/advisories/2006/4750","ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch","http://www.vupen.com/english/advisories/2005/2688","http://marc.info/?l=full-disclosure&m=113342788118630&w=2","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598","https://usn.ubuntu.com/222-1/","http://www.securityfocus.com/archive/1/438726/100/0/threaded","http://www.securityfocus.com/archive/1/418333/100/0/threaded"],"reported" => "2005-12-01","severity" => undef},{"affected_versions" => ["==5.8.0"],"cves" => ["CVE-2005-0156"],"description" => "Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.\n","distribution" => "perl","fixed_versions" => [">=5.8.1"],"id" => "CPANSA-perl-2005-0156","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://www.trustix.org/errata/2005/0003/","http://www.securityfocus.com/bid/12426","http://secunia.com/advisories/14120","http://fedoranews.org/updates/FEDORA--.shtml","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://www.mandriva.com/security/advisories?name=MDKSA-2005:031","http://secunia.com/advisories/55314","http://marc.info/?l=bugtraq&m=110737149402683&w=2","http://marc.info/?l=full-disclosure&m=110779721503111&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/19208","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803","http://www.digitalmunition.com/DMA[2005-0131b].txt"],"reported" => "2005-02-07","severity" => undef},{"affected_versions" => ["==5.8.0"],"cves" => ["CVE-2005-0155"],"description" => "The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.\n","distribution" => "perl","fixed_versions" => [">=5.8.1"],"id" => "CPANSA-perl-2005-0155","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://www.trustix.org/errata/2005/0003/","http://www.securityfocus.com/bid/12426","http://secunia.com/advisories/14120","http://fedoranews.org/updates/FEDORA--.shtml","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm","http://secunia.com/advisories/21646","http://www.mandriva.com/security/advisories?name=MDKSA-2005:031","http://marc.info/?l=bugtraq&m=110737149402683&w=2","http://marc.info/?l=full-disclosure&m=110779723332339&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/19207","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404","http://www.digitalmunition.com/DMA[2005-0131a].txt"],"reported" => "2005-05-02","severity" => undef},{"affected_versions" => ["<=5.8.8"],"cves" => ["CVE-2007-5116"],"description" => "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.\n","distribution" => "perl","fixed_versions" => [">5.8.8"],"id" => "CPANSA-perl-2007-5116","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=323571","http://www.mandriva.com/security/advisories?name=MDKSA-2007:207","http://www.redhat.com/support/errata/RHSA-2007-0966.html","http://www.redhat.com/support/errata/RHSA-2007-1011.html","http://www.securityfocus.com/bid/26350","http://secunia.com/advisories/27531","http://secunia.com/advisories/27546","https://bugzilla.redhat.com/show_bug.cgi?id=378131","https://issues.rpath.com/browse/RPL-1813","http://www.debian.org/security/2007/dsa-1400","http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml","http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html","http://www.novell.com/linux/security/advisories/2007_24_sr.html","http://www.ubuntu.com/usn/usn-552-1","http://securitytracker.com/id?1018899","http://secunia.com/advisories/27479","http://secunia.com/advisories/27515","http://secunia.com/advisories/27548","http://secunia.com/advisories/27613","http://secunia.com/advisories/27570","http://secunia.com/advisories/27936","http://docs.info.apple.com/article.html?artnum=307179","ftp://aix.software.ibm.com/aix/efixes/security/README","http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220","http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28167","http://lists.vmware.com/pipermail/security-announce/2008/000002.html","http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm","http://secunia.com/advisories/28368","http://secunia.com/advisories/28387","http://secunia.com/advisories/27756","http://www.vmware.com/security/advisories/VMSA-2008-0001.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1","http://secunia.com/advisories/28993","http://secunia.com/advisories/29074","http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1","http://secunia.com/advisories/31208","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2008/0064","http://www.vupen.com/english/advisories/2008/0641","http://www.vupen.com/english/advisories/2007/3724","http://www.vupen.com/english/advisories/2007/4255","http://marc.info/?l=bugtraq&m=120352263023774&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/38270","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669","http://www.securityfocus.com/archive/1/486859/100/0/threaded","http://www.securityfocus.com/archive/1/485936/100/0/threaded","http://www.securityfocus.com/archive/1/483584/100/0/threaded","http://www.securityfocus.com/archive/1/483563/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => ["<5.16.0"],"cves" => ["CVE-2012-5195"],"description" => "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.\n","distribution" => "perl","fixed_versions" => [">=5.16.0"],"id" => "CPANSA-perl-2012-5195","references" => ["http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44","http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html","http://www.securityfocus.com/bid/56287","http://www.openwall.com/lists/oss-security/2012/10/27/1","http://secunia.com/advisories/51457","http://www.openwall.com/lists/oss-security/2012/10/26/2","http://www.ubuntu.com/usn/USN-1643-1","http://www.debian.org/security/2012/dsa-2586","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://secunia.com/advisories/55314","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673"],"reported" => "2012-12-18","severity" => undef},{"affected_versions" => ["<5.22.1"],"cves" => ["CVE-2016-2381"],"description" => "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.\n","distribution" => "perl","fixed_versions" => [">=5.22.1"],"id" => "CPANSA-perl-2016-2381","references" => ["http://www.gossamer-threads.com/lists/perl/porters/326387","http://www.debian.org/security/2016/dsa-3501","http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.securityfocus.com/bid/83802","http://www.ubuntu.com/usn/USN-2916-1","http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html","https://security.gentoo.org/glsa/201701-75","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2016-04-08","severity" => "high"},{"affected_versions" => ["==5.8.1"],"cves" => ["CVE-2003-0900"],"description" => "Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.\n","distribution" => "perl","fixed_versions" => [">5.8.1"],"id" => "CPANSA-perl-2003-0900","references" => ["https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711"],"reported" => "2003-12-31","severity" => undef},{"affected_versions" => ["<5.20.0"],"cves" => ["CVE-2013-7422"],"description" => "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.\n","distribution" => "perl","fixed_versions" => [">=5.20"],"id" => "CPANSA-perl-2013-7422","references" => ["http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html","https://support.apple.com/kb/HT205031","http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06","http://www.securityfocus.com/bid/75704","http://www.ubuntu.com/usn/USN-2916-1","https://security.gentoo.org/glsa/201507-11"],"reported" => "2015-08-16","severity" => undef},{"affected_versions" => ["<5.22.2"],"cves" => ["CVE-2015-8608"],"description" => "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.\n","distribution" => "perl","fixed_versions" => [">=5.22.2"],"id" => "CPANSA-perl-2015-8608","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=126755","https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2017-02-07","severity" => "critical"},{"affected_versions" => ["<5.14.0"],"cves" => ["CVE-2011-1487"],"description" => "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.\n","distribution" => "perl","fixed_versions" => [">=5.14.0"],"id" => "CPANSA-perl-2011-1487","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=692844","http://openwall.com/lists/oss-security/2011/04/01/3","http://openwall.com/lists/oss-security/2011/04/04/35","https://bugzilla.redhat.com/show_bug.cgi?id=692898","http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336","http://secunia.com/advisories/43921","http://www.securityfocus.com/bid/47124","http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99","http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html","http://secunia.com/advisories/44168","http://www.debian.org/security/2011/dsa-2265","http://www.mandriva.com/security/advisories?name=MDVSA-2011:091","http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"],"reported" => "2011-04-11","severity" => undef},{"affected_versions" => ["<5.4.4"],"cves" => ["CVE-1999-1386"],"description" => "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.\n","distribution" => "perl","fixed_versions" => [">5.4.4"],"id" => "CPANSA-perl-1999-1386","references" => ["http://www.redhat.com/support/errata/rh50-errata-general.html#perl","http://www.iss.net/security_center/static/7243.php","http://marc.info/?l=bugtraq&m=88932165406213&w=2"],"reported" => "1999-12-31","severity" => undef},{"affected_versions" => [">=5.24.0,<5.24.3","==5.26.0"],"cves" => ["CVE-2017-12814"],"description" => "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12814","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=131665","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","http://www.securityfocus.com/bid/101051","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5243delta","https://github.com/Perl/perl5/issues/16051","https://perldoc.perl.org/perl5261delta","https://perldoc.perl.org/perl5280delta"],"reported" => "2017-09-28","severity" => "critical"},{"affected_versions" => ["==5.34.0"],"cves" => ["CVE-2022-48522"],"description" => "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.\n","distribution" => "perl","fixed_versions" => [">=5.34.1"],"id" => "CPANSA-perl-2022-48522","references" => ["https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48522","https://security.netapp.com/advisory/ntap-20230915-0008/","https://ubuntu.com/security/CVE-2022-48522"],"reported" => "2023-08-22","severity" => undef},{"affected_versions" => [">=5.30.0,<5.34.3",">=5.36.0,<5.36.3","==5.38.0"],"cves" => ["CVE-2023-47038"],"description" => "A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one attacker controlled byte buffer overflow in a heap allocated buffer\n","distribution" => "perl","fixed_versions" => ["==5.34.3","==5.36.3","==5.38.1"],"id" => "CPANSA-perl-2023-47038","references" => ["https://perldoc.perl.org/perl5342delta","https://perldoc.perl.org/perl5363delta","https://perldoc.perl.org/perl5381delta","https://perldoc.perl.org/perl5382delta","https://perldoc.perl.org/perl5400delta"],"reported" => "2023-10-30","severity" => undef},{"affected_versions" => ["<5.34.2",">=5.36.0,<5.36.3","==5.38.0"],"cves" => ["CVE-2023-47039"],"description" => "Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory.\n\nAn attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.\n","distribution" => "perl","fixed_versions" => [">=5.38.1"],"id" => "CPANSA-perl-2023-47039","references" => ["https://github.com/ycdxsb/WindowsPrivilegeEscalation","https://perldoc.perl.org/perl5342delta","https://perldoc.perl.org/perl5363delta","https://perldoc.perl.org/perl5381delta","https://perldoc.perl.org/perl5382delta","https://perldoc.perl.org/perl5400delta"],"reported" => "2023-10-30","severity" => undef},{"affected_versions" => ["<5.34.3",">=5.36.0,<5.36.3",">=5.38.0,<5.38.2"],"cves" => ["CVE-2023-47100"],"description" => "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.\n","distribution" => "perl","fixed_versions" => [">=5.38.2"],"id" => "CPANSA-perl-2023-47100","references" => ["https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3","https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010","https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"],"reported" => undef,"severity" => undef},{"affected_versions" => [">0,<5.38.4",">=5.40.0,<5.40.2"],"cves" => ["CVE-2024-56406"],"description" => "A heap buffer overflow vulnerability was discovered in Perl.   When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.  \x{a0} \x{a0}\$ perl -e '\$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;'  \x{a0} \x{a0}Segmentation fault (core dumped)  It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.","distribution" => "perl","fixed_versions" => [">=5.40.1",">=5.38.4,<5.40.0"],"id" => "CPANSA-perl-2024-56406","references" => ["https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch","https://metacpan.org/release/SHAY/perl-5.38.4/changes","https://metacpan.org/release/SHAY/perl-5.40.2/changes","http://www.openwall.com/lists/oss-security/2025/04/13/3","http://www.openwall.com/lists/oss-security/2025/04/13/4"],"reported" => "2025-04-13","severity" => undef},{"affected_versions" => [">=5.16.3,<5.38.5",">=5.40.0,<5.40.3",">=5.41.0,<5.41.13"],"cves" => ["CVE-2025-40909"],"description" => "Perl threads have a working directory race condition where file operations may target unintended paths.  If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\x{a0}that handle for the new thread, which is visible from any third (or\x{a0}more) thread already running.   This may lead to unintended operations\x{a0}such as loading code or accessing files from unexpected locations,\x{a0}which a local attacker may be able to exploit.  The bug was introduced in commit\x{a0}11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6","distribution" => "perl","fixed_versions" => [">=5.41.13",">=5.38.5,<5.40.0",">=5.40.3"],"id" => "CPANSA-perl-2025-40909","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226","https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e","https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch","https://github.com/Perl/perl5/issues/10387","https://github.com/Perl/perl5/issues/23010","https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads","https://www.openwall.com/lists/oss-security/2025/05/22/2","http://www.openwall.com/lists/oss-security/2025/05/23/1","http://www.openwall.com/lists/oss-security/2025/05/30/4"],"reported" => "2025-05-30","severity" => undef},{"affected_versions" => [">=4.0,<5.4.0"],"cves" => ["CVE-1999-0034"],"description" => "Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-1999-0034","references" => ["https://exchange.xforce.ibmcloud.com/vulnerabilities/448","https://www.cpan.org/src/5.0/CA-97.17.sperl"],"reported" => "1997-05-29","severity" => undef},{"affected_versions" => [">=4.0,<5.6.0"],"cves" => ["CVE-1999-0462"],"description" => "suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-1999-0462","references" => ["http://www.securityfocus.com/bid/339"],"reported" => "1999-03-17","severity" => undef},{"affected_versions" => ["<5.6.1"],"cves" => ["CVE-2000-0703"],"description" => "suidperl (aka sperl) does not properly cleanse the escape sequence \"~!\" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the \"interactive\" environmental variable and calling suidperl with a filename that contains the escape sequence.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-2000-0703","references" => ["http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html","http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt","http://www.securityfocus.com/bid/1547","http://www.novell.com/linux/security/advisories/suse_security_announce_59.html","http://www.redhat.com/support/errata/RHSA-2000-048.html","http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html","https://www.cpan.org/src/5.0/sperl-2000-08-05/sperl-2000-08-05.txt"],"reported" => "2000-10-20","severity" => undef}],"main_module" => "perl","versions" => [{"date" => "1996-02-03T07:48:14","version" => "5.002"},{"date" => "1996-08-08T23:13:50","version" => "5.003_02"},{"date" => "1996-08-10T19:07:27","version" => "5.003_02"},{"date" => "1996-08-28T16:43:47","version" => "5.003_03"},{"date" => "1996-09-02T23:25:30","version" => "5.003_04"},{"date" => "1996-09-12T20:10:42","version" => "5.003_05"},{"date" => "1996-10-08T21:59:27","version" => "5.003_06"},{"date" => "1996-10-11T03:39:44","version" => "5.003_07"},{"date" => "1996-11-19T07:27:23","version" => "5.003_08"},{"date" => "1996-11-26T09:46:17","version" => "5.003_09"},{"date" => "1996-11-30T01:22:23","version" => "5.003_10"},{"date" => "1996-12-06T09:08:18","version" => "5.003_11"},{"date" => "1996-12-19T04:59:47","version" => "5.003_12"},{"date" => "1996-12-20T02:59:16","version" => "5.003_13"},{"date" => "1996-12-23T22:09:26","version" => "5.003_15"},{"date" => "1996-12-24T23:22:02","version" => "5.003_16"},{"date" => "1996-12-27T20:20:05","version" => "5.003_17"},{"date" => "1996-12-31T21:35:40","version" => "5.003_18"},{"date" => "1997-01-04T06:02:28","version" => "5.003_19"},{"date" => "1997-01-08T02:15:49","version" => "5.003_20"},{"date" => "1997-01-15T23:12:15","version" => "5.003_21"},{"date" => "1997-01-16T20:04:16","version" => "5.003_22"},{"date" => "1997-01-25T10:04:29","version" => "5.003_23"},{"date" => "1997-01-29T06:05:11","version" => "5.003_24"},{"date" => "1997-02-04T05:41:02","version" => "5.003_25"},{"date" => "1997-02-10T19:37:44","version" => "5.003_26"},{"date" => "1997-02-18T01:13:23","version" => "5.003_27"},{"date" => "1997-02-21T17:17:57","version" => "5.003_28"},{"date" => "1997-02-25T03:29:59","version" => "5.003_90"},{"date" => "1997-03-01T08:08:54","version" => "5.003_91"},{"date" => "1997-03-06T18:24:17","version" => "5.003_92"},{"date" => "1997-03-10T12:06:55","version" => "5.003_93"},{"date" => "1997-03-22T05:43:00","version" => "5.003_94"},{"date" => "1997-03-25T19:52:24","version" => "5.003_95"},{"date" => "1997-04-01T00:50:13","version" => "5.003_96"},{"date" => "1997-04-03T00:50:37","version" => "5.003_97"},{"date" => "1997-04-24T00:56:53","version" => "5.003_97"},{"date" => "1997-04-25T03:44:34","version" => "5.003_97"},{"date" => "1997-04-28T20:33:01","version" => "5.003_97"},{"date" => "1997-04-30T15:40:09","version" => "5.003_98"},{"date" => "1997-05-01T18:40:08","version" => "5.003_99"},{"date" => "1997-05-09T05:37:58","version" => "5.003_99"},{"date" => "1997-05-15T22:54:01","version" => "5.004"},{"date" => "1997-06-13T15:08:00","version" => "5.004_01"},{"date" => "1997-08-07T20:07:25","version" => "5.004_02"},{"date" => "1997-09-05T17:46:00","version" => "5.004_03"},{"date" => "1997-09-05T18:13:00","version" => "5.004"},{"date" => "1997-09-19T18:22:20","version" => "5.004"},{"date" => "1997-09-23T06:21:18","version" => "5.004"},{"date" => "1997-10-02T16:49:00","version" => "5.004_51"},{"date" => "1997-10-09T23:16:38","version" => "5.004"},{"date" => "1997-10-14T19:19:40","version" => "5.004"},{"date" => "1997-10-15T16:17:00","version" => "5.004_52"},{"date" => "1997-10-15T16:28:24","version" => "5.004_04"},{"date" => "1997-10-16T16:24:00","version" => "5.004_53"},{"date" => "1997-11-14T17:04:00","version" => "5.004_54"},{"date" => "1997-11-25T17:17:00","version" => "5.004_55"},{"date" => "1997-12-18T16:20:00","version" => "5.004_56"},{"date" => "1998-02-03T15:06:00","version" => "5.004_57"},{"date" => "1998-02-06T17:25:00","version" => "5.004_58"},{"date" => "1998-02-13T16:42:00","version" => "5.004_59"},{"date" => "1998-02-20T17:42:00","version" => "5.004_60"},{"date" => "1998-02-27T17:55:00","version" => "5.004_61"},{"date" => "1998-03-04T19:46:42","version" => "5.004"},{"date" => "1998-03-06T15:27:00","version" => "5.004_62"},{"date" => "1998-03-17T15:29:00","version" => "5.004_63"},{"date" => "1998-04-03T15:44:00","version" => "5.004_64"},{"date" => "1998-05-01T23:37:24","version" => "5.004_04"},{"date" => "1998-05-15T15:57:00","version" => "5.004_65"},{"date" => "1998-05-15T23:46:53","version" => "5.004_04"},{"date" => "1998-05-19T23:51:10","version" => "5.004_04"},{"date" => "1998-05-29T15:23:00","version" => "5.004_66"},{"date" => "1998-06-15T11:47:27","version" => "5.004_67"},{"date" => "1998-06-23T11:50:59","version" => "5.004_68"},{"date" => "1998-06-29T09:42:04","version" => "5.004_69"},{"date" => "1998-07-06T08:22:24","version" => "5.004_70"},{"date" => "1998-07-09T13:47:36","version" => "5.004_71"},{"date" => "1998-07-12T13:32:41","version" => "5.004_72"},{"date" => "1998-07-13T09:17:14","version" => "5.004_73"},{"date" => "1998-07-14T10:31:15","version" => "5.004_74"},{"date" => "1998-07-15T11:29:51","version" => "5.005"},{"date" => "1998-07-21T05:16:24","version" => "5.004_05"},{"date" => "1998-07-21T11:36:27","version" => "5.005"},{"date" => "1998-07-23T00:55:19","version" => "5.005"},{"date" => "1998-07-26T06:20:30","version" => "5.005_50"},{"date" => "1998-07-27T00:16:22","version" => "5.005_01"},{"date" => "1998-08-02T10:32:29","version" => "5.005_02"},{"date" => "1998-08-05T10:49:59","version" => "5.005_02"},{"date" => "1998-08-08T05:46:05","version" => "5.005_02"},{"date" => "1998-08-10T08:33:23","version" => "5.005_51"},{"date" => "1998-09-25T11:59:38","version" => "5.005_52"},{"date" => "1998-10-09T17:05:49","version" => "5.004_05"},{"date" => "1998-10-31T12:32:20","version" => "5.005_53"},{"date" => "1998-11-22T23:06:16","version" => "5.004_05"},{"date" => "1998-11-30T03:26:39","version" => "5.005_03"},{"date" => "1998-11-30T04:29:11","version" => "5.005_54"},{"date" => "1998-12-03T17:22:19","version" => "5.004_05"},{"date" => "1999-01-03T20:44:49","version" => "5.005_03"},{"date" => "1999-01-17T18:28:14","version" => "5.005_03"},{"date" => "1999-01-26T04:39:36","version" => "5.005_03"},{"date" => "1999-01-29T05:03:44","version" => "5.005_03"},{"date" => "1999-02-16T07:11:42","version" => "5.005_55"},{"date" => "1999-03-01T05:38:00","version" => "5.005_56"},{"date" => "1999-03-05T02:22:53","version" => "5.005_03"},{"date" => "1999-03-29T00:50:43","version" => "5.005_03"},{"date" => "1999-04-27T00:23:40","version" => "5.004_05"},{"date" => "1999-04-29T20:04:24","version" => "5.004_05"},{"date" => "1999-05-25T10:36:40","version" => "5.005_57"},{"date" => "1999-07-27T11:00:38","version" => "5.005_58"},{"date" => "1999-08-02T08:52:25","version" => "5.005_59"},{"date" => "1999-08-02T21:13:44","version" => "5.005_60"},{"date" => "1999-08-22T20:40:16","version" => "5.005_61"},{"date" => "1999-10-15T10:36:17","version" => "5.005_62"},{"date" => "1999-12-09T11:38:49","version" => "5.005_63"},{"date" => "2000-02-02T13:06:00","version" => "v5.5.640"},{"date" => "2000-02-08T08:37:47","version" => "v5.5.650"},{"date" => "2000-02-22T11:41:34","version" => "v5.5.660"},{"date" => "2000-03-01T07:34:59","version" => "v5.5.670"},{"date" => "2000-03-23T06:06:13","version" => "v5.6.0"},{"date" => "2000-09-02T18:07:32","version" => "v5.7.0"},{"date" => "2000-12-18T10:12:29","version" => "v5.6.1"},{"date" => "2001-01-31T16:18:51","version" => "v5.6.1"},{"date" => "2001-03-19T09:36:57","version" => "v5.6.1"},{"date" => "2001-04-09T04:47:17","version" => "v5.6.1"},{"date" => "2001-04-10T02:54:00","version" => "v5.7.1"},{"date" => "2001-07-13T14:50:55","version" => "v5.7.2"},{"date" => "2002-03-05T05:00:31","version" => "v5.7.3"},{"date" => "2002-06-01T19:09:00","version" => "v5.8.0"},{"date" => "2002-06-21T14:56:35","version" => "v5.8.0"},{"date" => "2002-07-14T00:26:18","version" => "v5.8.0"},{"date" => "2002-07-18T23:32:56","version" => "v5.8.0"},{"date" => "2003-07-10T06:52:39","version" => "v5.8.1"},{"date" => "2003-07-11T12:23:20","version" => "v5.8.1"},{"date" => "2003-07-30T20:28:59","version" => "v5.8.1"},{"date" => "2003-08-01T15:49:36","version" => "v5.8.1"},{"date" => "2003-09-22T09:14:19","version" => "v5.8.1"},{"date" => "2003-09-25T11:49:06","version" => "v5.8.1"},{"date" => "2003-10-27T02:59:51","version" => "5.009"},{"date" => "2003-10-27T23:40:16","version" => "5.008001"},{"date" => "2003-11-03T09:03:41","version" => "5.008001"},{"date" => "2003-11-05T23:34:05","version" => "5.008001"},{"date" => "2003-11-08T15:53:25","version" => "v5.6.2"},{"date" => "2003-11-15T12:53:43","version" => "v5.6.2"},{"date" => "2003-12-05T16:42:45","version" => "5.005_03"},{"date" => "2004-01-07T14:40:01","version" => "5.008001"},{"date" => "2004-01-14T19:03:21","version" => "5.008003"},{"date" => "2004-01-20T21:48:04","version" => "5.005_03"},{"date" => "2004-01-27T21:18:43","version" => "5.005_03"},{"date" => "2004-02-04T22:55:06","version" => "5.005_04"},{"date" => "2004-02-18T14:20:15","version" => "5.005"},{"date" => "2004-02-23T14:02:10","version" => "5.005"},{"date" => "2004-03-16T19:35:25","version" => "5.009001"},{"date" => "2004-04-05T21:27:48","version" => "5.008003"},{"date" => "2004-04-15T22:59:51","version" => "5.008003"},{"date" => "2004-04-21T23:03:10","version" => "5.008003"},{"date" => "2004-07-06T21:41:21","version" => "5.008005"},{"date" => "2004-07-08T21:55:05","version" => "5.008005"},{"date" => "2004-07-19T21:56:20","version" => "5.008005"},{"date" => "2004-11-11T19:56:33","version" => "5.008006"},{"date" => "2004-11-27T23:56:17","version" => "5.008006"},{"date" => "2005-04-01T09:53:24","version" => "5.009002"},{"date" => "2005-05-18T16:35:37","version" => "5.008007"},{"date" => "2005-05-30T22:19:23","version" => "5.008007"},{"date" => "2006-01-20T10:09:18","version" => "5.008008"},{"date" => "2006-01-28T11:11:38","version" => "5.009003"},{"date" => "2006-02-01T00:00:59","version" => "5.008008"},{"date" => "2006-08-15T13:48:30","version" => "5.009004"},{"date" => "2007-07-07T16:13:57","version" => "5.009005"},{"date" => "2007-11-17T15:31:20","version" => "5.009005"},{"date" => "2007-11-25T18:22:18","version" => "5.010000"},{"date" => "2007-12-18T17:41:41","version" => "5.010000"},{"date" => "2008-11-10T23:14:59","version" => "5.008009"},{"date" => "2008-12-06T22:50:35","version" => "5.008009"},{"date" => "2008-12-14T23:08:28","version" => "5.008009"},{"date" => "2009-08-06T16:11:03","version" => "5.010001"},{"date" => "2009-08-18T23:45:03","version" => "5.010001"},{"date" => "2009-08-23T14:21:38","version" => "5.010001"},{"date" => "2009-10-02T20:51:46","version" => "5.011000"},{"date" => "2009-10-20T17:51:38","version" => "5.011001"},{"date" => "2009-11-20T07:20:52","version" => "5.011002"},{"date" => "2009-12-21T04:49:14","version" => "5.011003"},{"date" => "2010-01-20T16:48:28","version" => "5.011004"},{"date" => "2010-02-21T00:45:26","version" => "5.011005"},{"date" => "2010-03-21T20:41:11","version" => "5.012000"},{"date" => "2010-03-29T18:29:49","version" => "5.012000"},{"date" => "2010-04-01T02:38:12","version" => "5.012000"},{"date" => "2010-04-03T02:40:48","version" => "5.012000"},{"date" => "2010-04-07T05:39:46","version" => "5.012000"},{"date" => "2010-04-10T03:46:04","version" => "5.012000"},{"date" => "2010-04-12T22:38:37","version" => "5.012000"},{"date" => "2010-04-20T20:06:02","version" => "5.013000"},{"date" => "2010-05-10T02:43:48","version" => "5.012001"},{"date" => "2010-05-13T22:31:41","version" => "5.012001"},{"date" => "2010-05-16T22:40:16","version" => "5.012001"},{"date" => "2010-05-20T14:03:45","version" => "5.013001"},{"date" => "2010-06-22T21:39:26","version" => "5.013002"},{"date" => "2010-07-20T10:23:23","version" => "5.013003"},{"date" => "2010-08-20T15:39:07","version" => "5.013004"},{"date" => "2010-08-31T16:48:01","version" => "5.012002"},{"date" => "2010-09-07T01:41:31","version" => "5.012002"},{"date" => "2010-09-19T21:22:47","version" => "5.013005"},{"date" => "2010-10-21T01:41:01","version" => "5.013006"},{"date" => "2010-11-21T01:14:06","version" => "5.013007"},{"date" => "2010-12-19T23:06:25","version" => "5.013008"},{"date" => "2011-01-10T02:12:53","version" => "5.012003"},{"date" => "2011-01-15T04:05:30","version" => "5.012003"},{"date" => "2011-01-18T02:13:17","version" => "5.012003"},{"date" => "2011-01-21T01:42:07","version" => "5.013009"},{"date" => "2011-01-22T03:35:35","version" => "5.012003"},{"date" => "2011-02-20T19:18:02","version" => "5.013010"},{"date" => "2011-03-20T19:49:16","version" => "5.013011"},{"date" => "2011-04-20T11:53:32","version" => "5.014000"},{"date" => "2011-05-04T16:42:27","version" => "5.014000"},{"date" => "2011-05-11T15:49:42","version" => "5.014000"},{"date" => "2011-05-14T20:34:05","version" => "5.014000"},{"date" => "2011-06-08T13:19:36","version" => "5.012004"},{"date" => "2011-06-09T23:48:04","version" => "5.014001"},{"date" => "2011-06-15T17:00:36","version" => "5.012004"},{"date" => "2011-06-17T02:42:01","version" => "5.014001"},{"date" => "2011-06-20T10:41:26","version" => "5.012004"},{"date" => "2011-06-20T23:26:37","version" => "5.015000"},{"date" => "2011-07-20T21:15:08","version" => "5.015001"},{"date" => "2011-08-21T00:05:23","version" => "5.015002"},{"date" => "2011-09-19T11:23:55","version" => "5.014002"},{"date" => "2011-09-21T03:05:05","version" => "5.015003"},{"date" => "2011-09-26T14:56:49","version" => "5.014002"},{"date" => "2011-10-20T21:17:45","version" => "5.015004"},{"date" => "2011-11-20T20:41:00","version" => "5.015005"},{"date" => "2011-12-20T17:55:58","version" => "5.015006"},{"date" => "2012-01-20T20:08:28","version" => "5.015007"},{"date" => "2012-02-20T22:38:13","version" => "5.015008"},{"date" => "2012-03-20T19:16:38","version" => "5.015009"},{"date" => "2012-05-11T03:41:02","version" => "5.016000"},{"date" => "2012-05-15T02:51:48","version" => "5.016000"},{"date" => "2012-05-16T03:22:59","version" => "5.016000"},{"date" => "2012-05-20T22:51:12","version" => "5.016000"},{"date" => "2012-05-26T16:24:02","version" => "5.017000"},{"date" => "2012-06-20T17:35:18","version" => "5.017001"},{"date" => "2012-07-20T14:27:59","version" => "5.017002"},{"date" => "2012-08-03T18:59:23","version" => "5.016001"},{"date" => "2012-08-08T22:30:11","version" => "5.016001"},{"date" => "2012-08-20T14:12:02","version" => "5.017003"},{"date" => "2012-09-20T00:39:08","version" => "5.017004"},{"date" => "2012-09-26T22:15:57","version" => "5.014003"},{"date" => "2012-10-10T19:46:29","version" => "5.014003"},{"date" => "2012-10-12T20:25:20","version" => "5.014003"},{"date" => "2012-10-20T16:31:11","version" => "5.017005"},{"date" => "2012-10-27T01:23:09","version" => "5.016002"},{"date" => "2012-11-01T13:44:07","version" => "5.016002"},{"date" => "2012-11-03T17:27:59","version" => "5.012005"},{"date" => "2012-11-08T21:12:17","version" => "5.012005"},{"date" => "2012-11-10T14:02:17","version" => "5.012005"},{"date" => "2012-11-21T00:08:12","version" => "5.017006"},{"date" => "2012-12-18T21:50:28","version" => "5.017007"},{"date" => "2013-01-20T18:48:45","version" => "5.017008"},{"date" => "2013-02-20T22:21:02","version" => "5.017009"},{"date" => "2013-03-05T17:03:49","version" => "5.014004"},{"date" => "2013-03-07T16:03:14","version" => "5.016003"},{"date" => "2013-03-07T19:52:52","version" => "5.014004"},{"date" => "2013-03-10T23:47:40","version" => "5.014004"},{"date" => "2013-03-11T21:08:33","version" => "5.016003"},{"date" => "2013-03-21T23:11:03","version" => "5.017010"},{"date" => "2013-04-21T00:52:16","version" => "5.017011"},{"date" => "2013-05-11T12:29:53","version" => "5.018000"},{"date" => "2013-05-12T23:14:51","version" => "5.018000"},{"date" => "2013-05-14T01:32:05","version" => "5.018000"},{"date" => "2013-05-16T02:53:44","version" => "5.018000"},{"date" => "2013-05-18T13:33:49","version" => "5.018000"},{"date" => "2013-05-20T13:12:38","version" => "5.019000"},{"date" => "2013-06-21T01:24:18","version" => "5.019001"},{"date" => "2013-07-22T05:59:35","version" => "5.019002"},{"date" => "2013-08-02T03:09:02","version" => "5.018001"},{"date" => "2013-08-04T12:34:33","version" => "5.018001"},{"date" => "2013-08-09T02:28:00","version" => "5.018001"},{"date" => "2013-08-12T14:31:08","version" => "5.018001"},{"date" => "2013-08-20T16:09:42","version" => "5.019003"},{"date" => "2013-09-20T15:58:20","version" => "5.019004"},{"date" => "2013-10-20T13:25:55","version" => "5.019005"},{"date" => "2013-11-20T20:37:20","version" => "5.019006"},{"date" => "2013-12-02T22:36:49","version" => "5.018002"},{"date" => "2013-12-07T13:55:43","version" => "5.018002"},{"date" => "2013-12-19T21:27:42","version" => "5.018002"},{"date" => "2013-12-20T20:55:37","version" => "5.019007"},{"date" => "2013-12-22T03:30:43","version" => "5.018002"},{"date" => "2014-01-07T01:52:57","version" => "5.018002"},{"date" => "2014-01-20T21:59:04","version" => "5.019008"},{"date" => "2014-02-20T04:24:45","version" => "5.019009"},{"date" => "2014-03-20T20:40:26","version" => "5.019010"},{"date" => "2014-04-20T15:47:12","version" => "5.019011"},{"date" => "2014-05-17T00:16:49","version" => "5.020000"},{"date" => "2014-05-27T01:35:13","version" => "5.020000"},{"date" => "2014-05-27T14:32:18","version" => "5.021000"},{"date" => "2014-06-20T15:31:10","version" => "5.021001"},{"date" => "2014-07-20T13:48:02","version" => "5.021002"},{"date" => "2014-08-21T02:26:13","version" => "5.021003"},{"date" => "2014-08-25T18:10:32","version" => "5.020001"},{"date" => "2014-09-07T17:01:11","version" => "5.020001"},{"date" => "2014-09-14T13:11:14","version" => "5.020001"},{"date" => "2014-09-17T20:29:53","version" => "5.018003"},{"date" => "2014-09-20T13:33:14","version" => "5.021004"},{"date" => "2014-09-27T12:54:08","version" => "5.018003"},{"date" => "2014-10-01T13:22:50","version" => "5.018003"},{"date" => "2014-10-02T00:48:31","version" => "5.018004"},{"date" => "2014-10-20T16:54:20","version" => "5.021005"},{"date" => "2014-11-20T23:39:06","version" => "5.021006"},{"date" => "2014-12-20T17:34:57","version" => "5.021007"},{"date" => "2015-01-20T20:20:05","version" => "5.021008"},{"date" => "2015-02-01T03:07:56","version" => "5.020002"},{"date" => "2015-02-14T18:26:43","version" => "5.020002"},{"date" => "2015-02-21T05:27:09","version" => "5.021009"},{"date" => "2015-03-20T18:30:20","version" => "5.021010"},{"date" => "2015-04-20T21:28:37","version" => "5.021011"},{"date" => "2015-05-19T14:12:19","version" => "5.022000"},{"date" => "2015-05-21T23:03:22","version" => "5.022000"},{"date" => "2015-06-01T17:51:59","version" => "5.022000"},{"date" => "2015-06-20T20:22:32","version" => "5.023000"},{"date" => "2015-07-20T19:26:31","version" => "5.023001"},{"date" => "2015-08-20T15:36:45","version" => "5.023002"},{"date" => "2015-08-22T22:12:34","version" => "5.020003"},{"date" => "2015-08-29T22:02:43","version" => "5.020003"},{"date" => "2015-09-12T19:09:14","version" => "5.020003"},{"date" => "2015-09-21T02:47:16","version" => "5.023003"},{"date" => "2015-10-20T22:17:48","version" => "5.023004"},{"date" => "2015-10-31T18:42:58","version" => "5.022001"},{"date" => "2015-11-15T15:15:03","version" => "5.022001"},{"date" => "2015-11-20T17:09:38","version" => "5.023005"},{"date" => "2015-12-02T22:07:35","version" => "5.022001"},{"date" => "2015-12-08T21:34:05","version" => "5.022001"},{"date" => "2015-12-13T19:48:31","version" => "5.022001"},{"date" => "2015-12-21T22:40:27","version" => "5.023006"},{"date" => "2016-01-20T21:52:22","version" => "5.023007"},{"date" => "2016-02-20T21:56:31","version" => "5.023008"},{"date" => "2016-03-20T16:45:40","version" => "5.023009"},{"date" => "2016-04-10T17:29:04","version" => "5.022002"},{"date" => "2016-04-14T03:27:48","version" => "5.024000"},{"date" => "2016-04-23T20:56:14","version" => "5.024000"},{"date" => "2016-04-27T01:02:55","version" => "5.024000"},{"date" => "2016-04-29T21:39:25","version" => "5.022002"},{"date" => "2016-05-02T14:41:03","version" => "5.024000"},{"date" => "2016-05-04T22:27:57","version" => "5.024000"},{"date" => "2016-05-09T11:35:29","version" => "5.024000"},{"date" => "2016-05-09T12:02:53","version" => "5.025000"},{"date" => "2016-05-20T21:33:43","version" => "5.025001"},{"date" => "2016-06-20T21:02:44","version" => "5.025002"},{"date" => "2016-07-17T22:27:32","version" => "5.022003"},{"date" => "2016-07-17T22:29:08","version" => "5.024001"},{"date" => "2016-07-20T16:22:41","version" => "5.025003"},{"date" => "2016-07-25T12:58:33","version" => "5.022003"},{"date" => "2016-07-25T13:01:21","version" => "5.024001"},{"date" => "2016-08-11T23:47:40","version" => "5.022003"},{"date" => "2016-08-11T23:50:29","version" => "5.024001"},{"date" => "2016-08-20T20:25:19","version" => "5.025004"},{"date" => "2016-09-20T17:45:06","version" => "5.025005"},{"date" => "2016-10-12T21:39:57","version" => "5.022003"},{"date" => "2016-10-12T21:40:57","version" => "5.024001"},{"date" => "2016-10-20T15:44:55","version" => "5.025006"},{"date" => "2016-11-20T21:20:07","version" => "5.025007"},{"date" => "2016-12-20T19:14:33","version" => "5.025008"},{"date" => "2017-01-02T18:54:51","version" => "5.022003"},{"date" => "2017-01-02T18:57:38","version" => "5.024001"},{"date" => "2017-01-14T20:04:05","version" => "5.022003"},{"date" => "2017-01-14T20:04:30","version" => "5.024001"},{"date" => "2017-01-20T15:25:43","version" => "5.025009"},{"date" => "2017-02-20T21:21:01","version" => "5.025010"},{"date" => "2017-03-20T20:56:49","version" => "5.025011"},{"date" => "2017-04-20T19:32:05","version" => "5.025012"},{"date" => "2017-05-11T17:07:17","version" => "5.026000"},{"date" => "2017-05-23T23:19:34","version" => "5.026000"},{"date" => "2017-05-30T19:42:51","version" => "5.026000"},{"date" => "2017-05-31T21:11:57","version" => "5.027000"},{"date" => "2017-06-20T06:39:54","version" => "5.027001"},{"date" => "2017-07-01T21:50:24","version" => "5.022004"},{"date" => "2017-07-01T21:50:55","version" => "5.024002"},{"date" => "2017-07-15T17:26:52","version" => "5.022004"},{"date" => "2017-07-15T17:29:00","version" => "5.024002"},{"date" => "2017-07-20T19:28:36","version" => "5.027002"},{"date" => "2017-08-21T20:43:51","version" => "5.027003"},{"date" => "2017-09-10T15:37:08","version" => "5.024003"},{"date" => "2017-09-10T15:38:22","version" => "5.026001"},{"date" => "2017-09-20T21:44:22","version" => "5.027004"},{"date" => "2017-09-22T21:29:50","version" => "5.024003"},{"date" => "2017-09-22T21:30:56","version" => "5.026001"},{"date" => "2017-10-20T22:08:15","version" => "5.027005"},{"date" => "2017-11-20T22:39:31","version" => "5.027006"},{"date" => "2017-12-20T22:58:25","version" => "5.027007"},{"date" => "2018-01-20T03:17:50","version" => "5.027008"},{"date" => "2018-02-20T20:46:45","version" => "5.027009"},{"date" => "2018-03-20T21:08:53","version" => "5.027010"},{"date" => "2018-03-24T19:33:50","version" => "5.024004"},{"date" => "2018-03-24T19:37:40","version" => "5.026002"},{"date" => "2018-04-14T11:25:22","version" => "5.024004"},{"date" => "2018-04-14T11:27:18","version" => "5.026002"},{"date" => "2018-04-20T15:10:52","version" => "5.027011"},{"date" => "2018-05-21T13:12:00","version" => "5.028000"},{"date" => "2018-06-06T12:34:00","version" => "5.028000"},{"date" => "2018-06-18T22:47:34","version" => "5.028000"},{"date" => "2018-06-19T20:45:05","version" => "5.028000"},{"date" => "2018-06-23T02:05:28","version" => "5.028000"},{"date" => "2018-06-26T21:25:53","version" => "5.029000"},{"date" => "2018-07-20T15:13:07","version" => "5.029001"},{"date" => "2018-08-20T21:04:27","version" => "5.029002"},{"date" => "2018-09-21T02:58:51","version" => "5.029003"},{"date" => "2018-10-20T14:20:56","version" => "5.029004"},{"date" => "2018-11-20T22:03:07","version" => "5.029005"},{"date" => "2018-11-29T19:03:17","version" => "5.026003"},{"date" => "2018-11-29T19:03:28","version" => "5.028001"},{"date" => "2018-11-30T22:02:29","version" => "5.026003"},{"date" => "2018-11-30T22:03:06","version" => "5.028001"},{"date" => "2018-12-18T12:26:18","version" => "5.029006"},{"date" => "2019-01-20T02:16:52","version" => "5.029007"},{"date" => "2019-02-21T05:30:00","version" => "5.029008"},{"date" => "2019-03-21T11:49:45","version" => "5.029009"},{"date" => "2019-04-05T19:46:23","version" => "5.028002"},{"date" => "2019-04-19T15:07:44","version" => "5.028002"},{"date" => "2019-04-20T18:11:45","version" => "5.029010"},{"date" => "2019-05-11T22:58:31","version" => "5.030000"},{"date" => "2019-05-17T20:44:42","version" => "5.030000"},{"date" => "2019-05-22T09:35:50","version" => "5.030000"},{"date" => "2019-05-24T19:28:47","version" => "5.031000"},{"date" => "2019-06-20T20:19:01","version" => "5.031001"},{"date" => "2019-07-20T17:01:20","version" => "5.031002"},{"date" => "2019-08-20T14:02:01","version" => "5.031003"},{"date" => "2019-09-20T21:27:31","version" => "5.031004"},{"date" => "2019-10-20T14:29:11","version" => "5.031005"},{"date" => "2019-10-27T16:29:27","version" => "5.030001"},{"date" => "2019-11-10T14:14:00","version" => "5.030001"},{"date" => "2019-11-20T22:14:49","version" => "5.031006"},{"date" => "2019-12-21T03:38:57","version" => "5.031007"},{"date" => "2020-01-20T17:17:53","version" => "5.031008"},{"date" => "2020-02-20T23:03:22","version" => "5.031009"},{"date" => "2020-02-29T19:25:07","version" => "5.030002"},{"date" => "2020-03-14T17:04:56","version" => "5.030002"},{"date" => "2020-03-20T20:08:58","version" => "5.031010"},{"date" => "2020-04-28T19:49:59","version" => "5.031011"},{"date" => "2020-05-30T18:47:47","version" => "5.032000"},{"date" => "2020-06-01T19:17:48","version" => "5.028003"},{"date" => "2020-06-01T19:19:30","version" => "5.028003"},{"date" => "2020-06-01T19:19:54","version" => "5.030003"},{"date" => "2020-06-01T19:21:31","version" => "5.030003"},{"date" => "2020-06-07T21:13:05","version" => "5.032000"},{"date" => "2020-06-20T20:38:54","version" => "5.032000"},{"date" => "2020-07-17T19:38:54","version" => "5.033000"},{"date" => "2020-08-20T20:36:01","version" => "5.033001"},{"date" => "2020-09-20T16:29:59","version" => "5.033002"},{"date" => "2020-10-20T21:30:28","version" => "5.033003"},{"date" => "2020-11-20T13:32:10","version" => "5.033004"},{"date" => "2020-12-20T14:00:43","version" => "5.033005"},{"date" => "2021-01-09T16:48:26","version" => "5.032001"},{"date" => "2021-01-21T01:34:41","version" => "5.033006"},{"date" => "2021-01-23T14:56:24","version" => "5.032001"},{"date" => "2021-02-20T09:58:24","version" => "5.033007"},{"date" => "2021-03-21T00:55:24","version" => "5.033008"},{"date" => "2021-04-20T23:37:29","version" => "5.033009"},{"date" => "2021-05-04T23:24:07","version" => "5.034000"},{"date" => "2021-05-15T14:56:00","version" => "5.034000"},{"date" => "2021-05-20T20:07:59","version" => "5.034000"},{"date" => "2021-05-21T02:06:41","version" => "5.035000"},{"date" => "2021-06-20T12:39:44","version" => "5.035001"},{"date" => "2021-07-23T12:53:17","version" => "5.035002"},{"date" => "2021-08-21T03:17:40","version" => "5.035003"},{"date" => "2021-09-20T19:46:41","version" => "5.035004"},{"date" => "2021-10-21T19:32:21","version" => "5.035005"},{"date" => "2021-11-21T00:22:09","version" => "5.035006"},{"date" => "2021-12-20T23:35:42","version" => "5.035007"},{"date" => "2022-01-20T22:39:08","version" => "5.035008"},{"date" => "2022-02-20T12:32:59","version" => "5.035009"},{"date" => "2022-02-27T14:18:13","version" => "5.034001"},{"date" => "2022-03-06T17:23:15","version" => "5.034001"},{"date" => "2022-03-13T08:40:18","version" => "5.034001"},{"date" => "2022-03-20T18:33:42","version" => "5.035010"},{"date" => "2022-04-20T20:33:20","version" => "5.035011"},{"date" => "2022-05-21T00:12:21","version" => "5.036000"},{"date" => "2022-05-22T19:36:07","version" => "5.036000"},{"date" => "2022-05-28T00:26:10","version" => "5.036000"},{"date" => "2022-05-28T02:33:40","version" => "5.037000"},{"date" => "2022-06-20T18:57:04","version" => "5.037001"},{"date" => "2022-07-21T01:37:24","version" => "5.037002"},{"date" => "2022-08-20T18:57:47","version" => "5.037003"},{"date" => "2022-09-21T00:25:19","version" => "5.037004"},{"date" => "2022-10-20T17:33:58","version" => "5.037005"},{"date" => "2022-11-20T11:56:16","version" => "5.037006"},{"date" => "2022-12-20T17:14:30","version" => "5.037007"},{"date" => "2023-01-20T15:20:59","version" => "5.037008"},{"date" => "2023-02-20T20:45:20","version" => "5.037009"},{"date" => "2023-03-21T08:16:37","version" => "5.037010"},{"date" => "2023-04-10T20:07:53","version" => "5.036001"},{"date" => "2023-04-11T19:50:09","version" => "5.036001"},{"date" => "2023-04-16T15:35:15","version" => "5.036001"},{"date" => "2023-04-20T19:05:36","version" => "5.037011"},{"date" => "2023-04-23T15:22:26","version" => "5.036001"},{"date" => "2023-06-16T02:09:05","version" => "5.038000"},{"date" => "2023-06-23T21:17:27","version" => "5.038000"},{"date" => "2023-07-02T23:00:28","version" => "5.038000"},{"date" => "2023-07-20T19:09:13","version" => "5.039001"},{"date" => "2023-08-20T22:46:17","version" => "5.039002"},{"date" => "2023-09-20T16:12:58","version" => "5.039003"},{"date" => "2023-10-25T19:15:57","version" => "5.039004"},{"date" => "2023-11-20T02:49:43","version" => "5.039005"},{"date" => "2023-11-25T15:19:49","version" => "5.034002"},{"date" => "2023-11-25T15:20:11","version" => "5.036002"},{"date" => "2023-11-25T15:21:49","version" => "5.038001"},{"date" => "2023-11-25T15:58:49","version" => "5.034002"},{"date" => "2023-11-25T15:59:01","version" => "5.036002"},{"date" => "2023-11-25T15:59:13","version" => "5.038001"},{"date" => "2023-11-29T13:10:30","version" => "5.034003"},{"date" => "2023-11-29T16:08:59","version" => "5.036003"},{"date" => "2023-11-29T16:10:36","version" => "5.038002"},{"date" => "2023-12-30T21:59:20","version" => "5.039006"},{"date" => "2024-01-20T12:44:12","version" => "5.039007"},{"date" => "2024-02-23T14:25:56","version" => "5.039008"},{"date" => "2024-03-20T16:26:28","version" => "5.039009"},{"date" => "2024-04-27T19:22:49","version" => "5.039010"},{"date" => "2024-05-24T20:45:21","version" => "5.040000"},{"date" => "2024-06-04T21:47:57","version" => "5.040000"},{"date" => "2024-06-09T20:45:37","version" => "5.040000"},{"date" => "2024-07-02T14:28:09","version" => "5.041001"},{"date" => "2024-07-20T20:54:48","version" => "5.041002"},{"date" => "2024-08-29T13:23:40","version" => "5.041003"},{"date" => "2024-09-20T11:18:14","version" => "5.041004"},{"date" => "2024-10-20T20:49:26","version" => "5.041005"},{"date" => "2024-11-20T08:29:25","version" => "5.041006"},{"date" => "2024-12-20T14:31:24","version" => "5.041007"},{"date" => "2025-01-05T20:28:54","version" => "5.038003"},{"date" => "2025-01-05T20:32:07","version" => "5.040001"},{"date" => "2025-01-18T19:43:21","version" => "5.038003"},{"date" => "2025-01-18T19:48:20","version" => "5.040001"},{"date" => "2025-01-20T21:30:07","version" => "5.041008"},{"date" => "2025-02-24T08:19:26","version" => "5.041009"},{"date" => "2025-03-21T12:49:33","version" => "5.041010"},{"date" => "2025-04-13T13:05:54","version" => "5.038004"},{"date" => "2025-04-13T13:06:16","version" => "5.038004"},{"date" => "2025-04-13T13:06:38","version" => "5.040002"},{"date" => "2025-04-13T13:07:01","version" => "5.040002"},{"date" => "2025-04-21T01:51:01","version" => "5.041011"},{"date" => "2025-04-21T22:49:29","version" => "5.041012"},{"date" => "2025-05-28T22:19:58","version" => "5.041013"},{"date" => "2025-06-25T05:03:48","version" => "5.042000"},{"date" => "2025-06-28T06:28:22","version" => "5.042000"},{"date" => "2025-07-01T20:32:04","version" => "5.042000"},{"date" => "2025-07-03T15:23:01","version" => "5.042000"},{"date" => "2025-07-20T21:38:33","version" => "5.043001"},{"date" => "2025-07-21T20:15:44","version" => "5.038005"},{"date" => "2025-07-21T20:16:11","version" => "5.040003"},{"date" => "2025-08-03T10:10:35","version" => "5.038005"},{"date" => "2025-08-03T10:12:20","version" => "5.040003"},{"date" => "2025-08-20T19:40:22","version" => "5.043002"},{"date" => "2025-09-23T06:27:34","version" => "5.043003"},{"date" => "2025-10-23T15:35:36","version" => "5.043004"},{"date" => "2025-11-20T05:48:21","version" => "5.043005"},{"date" => "2025-12-20T17:47:41","version" => "5.043006"},{"date" => "2026-01-19T18:04:21","version" => "5.043007"},{"date" => "2026-02-20T22:33:36","version" => "5.043008"},{"date" => "2026-02-22T12:07:04","version" => "5.042001"},{"date" => "2026-03-08T18:47:44","version" => "5.042001"}]},"perl-ldap" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2020-16093"],"description" => "In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.\n","distribution" => "perl-ldap","fixed_versions" => [],"id" => "CPANSA-Net-LDAPS-2020-16093","references" => ["https://lemonldap-ng.org/download","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250","https://rt.cpan.org/Ticket/Display.html?id=131045"],"reported" => "2022-07-18","severity" => undef}],"main_module" => "Net::LDAP","versions" => [{"date" => "1998-10-31T01:14:57","version" => "1.08"},{"date" => "1998-10-31T01:19:38","version" => "0.08"},{"date" => "1998-12-23T01:16:35","version" => "0.09"},{"date" => "1999-03-18T02:58:45","version" => "0.10"},{"date" => "1999-04-18T22:10:20","version" => "0.11"},{"date" => "1999-06-28T02:40:38","version" => "0.12"},{"date" => "1999-08-15T23:27:41","version" => "0.13"},{"date" => "2000-02-14T10:34:19","version" => "0.14"},{"date" => "2000-03-22T10:46:21","version" => "0.15"},{"date" => "2000-04-27T17:02:43","version" => "0.16"},{"date" => "2000-05-12T10:16:37","version" => "0.17"},{"date" => "2000-05-22T14:53:07","version" => "0.18"},{"date" => "2000-06-08T08:30:48","version" => "0.19"},{"date" => "2000-08-03T17:07:52","version" => "0.20"},{"date" => "2000-09-12T09:32:12","version" => "0.21"},{"date" => "2000-09-14T19:08:19","version" => "0.22"},{"date" => "2001-04-19T23:25:47","version" => "0.23"},{"date" => "2001-07-17T13:01:04","version" => "0.24"},{"date" => "2001-08-25T08:15:47","version" => "0.2401"},{"date" => "2001-10-29T17:35:12","version" => "0.25"},{"date" => "2002-05-28T07:49:00","version" => "0.251"},{"date" => "2002-07-18T13:13:03","version" => "0.26"},{"date" => "2003-01-27T14:48:49","version" => "0.27"},{"date" => "2003-01-27T18:26:51","version" => "0.2701"},{"date" => "2003-05-19T22:40:30","version" => "0.28"},{"date" => "2003-06-24T10:21:09","version" => "0.29"},{"date" => "2003-10-17T21:42:36","version" => "0.30"},{"date" => "2004-01-01T10:47:23","version" => "0.31"},{"date" => "2004-07-01T15:59:03","version" => "0.32"},{"date" => "2004-07-14T21:00:39","version" => "0.3201"},{"date" => "2004-07-19T18:24:58","version" => "0.3202"},{"date" => "2005-04-25T23:02:59","version" => "0.33"},{"date" => "2007-02-10T23:53:48","version" => "0.34"},{"date" => "2008-03-30T18:58:37","version" => "0.35"},{"date" => "2008-04-21T15:21:03","version" => "0.36"},{"date" => "2008-08-28T13:02:29","version" => "0.37"},{"date" => "2008-09-21T14:28:08","version" => "0.38"},{"date" => "2008-10-27T20:10:12","version" => "0.39"},{"date" => "2010-03-12T03:03:48","version" => "0.40"},{"date" => "2010-03-24T20:01:45","version" => "0.4001"},{"date" => "2011-09-03T12:44:01","version" => "0.41"},{"date" => "2011-09-03T12:48:31","version" => "0.42"},{"date" => "2011-09-03T17:55:11","version" => "0.43"},{"date" => "2012-01-29T09:55:22","version" => "0.44"},{"date" => "2012-09-05T09:46:44","version" => "0.45"},{"date" => "2012-09-05T16:17:53","version" => "0.46"},{"date" => "2012-09-16T10:06:08","version" => "0.47"},{"date" => "2012-09-20T08:58:48","version" => "0.48"},{"date" => "2012-10-06T08:15:30","version" => "0.49"},{"date" => "2012-11-17T17:10:16","version" => "0.50_01"},{"date" => "2012-11-24T12:11:37","version" => "0.50"},{"date" => "2012-12-01T13:39:38","version" => "0.51"},{"date" => "2013-01-01T13:03:26","version" => "0.52"},{"date" => "2013-01-26T17:43:28","version" => "0.53"},{"date" => "2013-03-29T11:25:51","version" => "0.54"},{"date" => "2013-04-23T09:38:16","version" => "0.55"},{"date" => "2013-06-08T11:31:48","version" => "0.56"},{"date" => "2013-07-21T17:04:36","version" => "0.57"},{"date" => "2013-12-23T16:50:28","version" => "0.58"},{"date" => "2014-03-04T17:17:26","version" => "0.59"},{"date" => "2014-03-08T13:14:49","version" => "0.60"},{"date" => "2014-03-29T16:44:29","version" => "0.61"},{"date" => "2014-04-06T09:39:40","version" => "0.62"},{"date" => "2014-06-01T10:58:37","version" => "0.63"},{"date" => "2014-06-19T15:59:40","version" => "0.64"},{"date" => "2015-04-06T18:02:34","version" => "0.65"},{"date" => "2019-04-16T09:42:54","version" => "0.66"},{"date" => "2020-12-26T14:37:52","version" => "0.67"},{"date" => "2021-01-03T17:37:50","version" => "0.68"}]},"urxvt-bgdsl" => {"advisories" => [{"affected_versions" => [">=9.25,<=9.26"],"cves" => ["CVE-2022-4170"],"description" => "The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.\n","distribution" => "urxvt-bgdsl","fixed_versions" => [">=9.29"],"id" => "CPANSA-urxvt-bgdsl-2022-4170","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=2151597","https://www.openwall.com/lists/oss-security/2022/12/05/1"],"reported" => "2022-12-09","severity" => undef}],"main_module" => "","versions" => []}},"meta" => {"commit" => "0d05b0bcff541d0e5a25d50cd664f22548fea57f","date" => "Wed Mar 18 13:36:02 2026","epoch" => 1773840962,"generator" => "util/generate","repo" => "https://github.com/briandfoy/cpan-security-advisory.git"},"module2dist" => {"APR" => "mod_perl","APR::Base64" => "mod_perl","APR::Brigade" => "mod_perl","APR::Bucket" => "mod_perl","APR::BucketAlloc" => "mod_perl","APR::BucketType" => "mod_perl","APR::Const" => "mod_perl","APR::Date" => "mod_perl","APR::Error" => "mod_perl","APR::Finfo" => "mod_perl","APR::FunctionTable" => "mod_perl","APR::IpSubnet" => "mod_perl","APR::OS" => "mod_perl","APR::PerlIO" => "mod_perl","APR::Pool" => "mod_perl","APR::Request" => "libapreq2","APR::Request::Apache2" => "libapreq2","APR::Request::CGI" => "libapreq2","APR::Request::Cookie" => "libapreq2","APR::Request::Error" => "libapreq2","APR::Request::Param" => "libapreq2","APR::SockAddr" => "mod_perl","APR::Socket" => "mod_perl","APR::Status" => "mod_perl","APR::String" => "mod_perl","APR::Table" => "mod_perl","APR::ThreadMutex" => "mod_perl","APR::ThreadRWLock" => "mod_perl","APR::URI" => "mod_perl","APR::UUID" => "mod_perl","APR::Util" => "mod_perl","APR::XSLoader" => "mod_perl","Agni" => "PApp","Agni::Callback" => "PApp","Alien::FreeImage" => "Alien-FreeImage","Alien::GCrypt" => "Alien-GCrypt","Alien::OTR" => "Alien-OTR","Alien::PCRE2" => "Alien-PCRE2","Alien::SVN" => "Alien-SVN","Amiga::ARexx" => "perl","Amiga::ARexx::Msg" => "perl","Amiga::Exec" => "perl","Amon2::Auth::Site::LINE" => "Amon2-Auth-Site-LINE","AnyDBM_File" => "perl","Apache" => "mod_perl","Apache2::Access" => "mod_perl","Apache2::AuthAny" => "Apache2-AuthAny","Apache2::AuthAny::AuthUtil" => "Apache2-AuthAny","Apache2::AuthAny::AuthenHandler" => "Apache2-AuthAny","Apache2::AuthAny::AuthzHandler" => "Apache2-AuthAny","Apache2::AuthAny::Cookie" => "Apache2-AuthAny","Apache2::AuthAny::DB" => "Apache2-AuthAny","Apache2::AuthAny::FixupHandler" => "Apache2-AuthAny","Apache2::AuthAny::MapToStorageHandler" => "Apache2-AuthAny","Apache2::AuthAny::RequestConfig" => "Apache2-AuthAny","Apache2::Build" => "mod_perl","Apache2::CmdParms" => "mod_perl","Apache2::Command" => "mod_perl","Apache2::Connection" => "mod_perl","Apache2::ConnectionUtil" => "mod_perl","Apache2::ConstantsTable" => "mod_perl","Apache2::Cookie" => "libapreq2","Apache2::Directive" => "mod_perl","Apache2::Filter" => "mod_perl","Apache2::FilterRec" => "mod_perl","Apache2::FunctionTable" => "mod_perl","Apache2::HookRun" => "mod_perl","Apache2::Log" => "mod_perl","Apache2::MPM" => "mod_perl","Apache2::Module" => "mod_perl","Apache2::ParseSource" => "mod_perl","Apache2::ParseSource::Scan" => "mod_perl","Apache2::PerlSections" => "mod_perl","Apache2::PerlSections::Dump" => "mod_perl","Apache2::Process" => "mod_perl","Apache2::Provider" => "mod_perl","Apache2::Request" => "libapreq2","Apache2::RequestIO" => "mod_perl","Apache2::RequestRec" => "mod_perl","Apache2::RequestUtil" => "mod_perl","Apache2::Resource" => "mod_perl","Apache2::Response" => "mod_perl","Apache2::ServerRec" => "mod_perl","Apache2::ServerUtil" => "mod_perl","Apache2::SourceTables" => "mod_perl","Apache2::Status" => "mod_perl","Apache2::Status::_version" => "mod_perl","Apache2::StructureTable" => "mod_perl","Apache2::SubProcess" => "mod_perl","Apache2::SubRequest" => "mod_perl","Apache2::URI" => "mod_perl","Apache2::Upload" => "libapreq2","Apache2::Util" => "mod_perl","Apache2::XSLoader" => "mod_perl","Apache2::compat" => "mod_perl","Apache2::porting" => "mod_perl","Apache::ASP" => "Apache-ASP","Apache::ASP::ApacheCommon" => "Apache-ASP","Apache::ASP::Application" => "Apache-ASP","Apache::ASP::CGI" => "Apache-ASP","Apache::ASP::CGI::Table" => "Apache-ASP","Apache::ASP::CGI::Test" => "Apache-ASP","Apache::ASP::Collection" => "Apache-ASP","Apache::ASP::CollectionItem" => "Apache-ASP","Apache::ASP::Date" => "Apache-ASP","Apache::ASP::GlobalASA" => "Apache-ASP","Apache::ASP::Lang::PerlScript" => "Apache-ASP","Apache::ASP::Load" => "Apache-ASP","Apache::ASP::Request" => "Apache-ASP","Apache::ASP::Response" => "Apache-ASP","Apache::ASP::STDERR" => "Apache-ASP","Apache::ASP::Server" => "Apache-ASP","Apache::ASP::Session" => "Apache-ASP","Apache::ASP::State" => "Apache-ASP","Apache::App" => "App-Context","Apache::AuthCAS" => "Apache-AuthCAS","Apache::Connection" => "mod_perl","Apache::Constants" => "mod_perl","Apache::Constants::Exports" => "mod_perl","Apache::Debug" => "mod_perl","Apache::EP" => "HTML-EP","Apache::ExtUtils" => "mod_perl","Apache::FakeRequest" => "mod_perl","Apache::File" => "mod_perl","Apache::Framework::App" => "App-Context","Apache::Include" => "mod_perl","Apache::Leak" => "mod_perl","Apache::Log" => "mod_perl","Apache::MP3" => "Apache-MP3","Apache::MP3::L10N" => "Apache-MP3","Apache::MP3::L10N::Aliases" => "Apache-MP3","Apache::MP3::L10N::RightToLeft" => "Apache-MP3","Apache::MP3::L10N::ar" => "Apache-MP3","Apache::MP3::L10N::ca" => "Apache-MP3","Apache::MP3::L10N::cs" => "Apache-MP3","Apache::MP3::L10N::de" => "Apache-MP3","Apache::MP3::L10N::en" => "Apache-MP3","Apache::MP3::L10N::es" => "Apache-MP3","Apache::MP3::L10N::fa" => "Apache-MP3","Apache::MP3::L10N::fi" => "Apache-MP3","Apache::MP3::L10N::fr" => "Apache-MP3","Apache::MP3::L10N::ga" => "Apache-MP3","Apache::MP3::L10N::he" => "Apache-MP3","Apache::MP3::L10N::hr" => "Apache-MP3","Apache::MP3::L10N::is" => "Apache-MP3","Apache::MP3::L10N::it" => "Apache-MP3","Apache::MP3::L10N::ja" => "Apache-MP3","Apache::MP3::L10N::ko" => "Apache-MP3","Apache::MP3::L10N::ms" => "Apache-MP3","Apache::MP3::L10N::nb" => "Apache-MP3","Apache::MP3::L10N::nb_no" => "Apache-MP3","Apache::MP3::L10N::nl" => "Apache-MP3","Apache::MP3::L10N::nl_be" => "Apache-MP3","Apache::MP3::L10N::nl_nl" => "Apache-MP3","Apache::MP3::L10N::nn" => "Apache-MP3","Apache::MP3::L10N::nn_no" => "Apache-MP3","Apache::MP3::L10N::no" => "Apache-MP3","Apache::MP3::L10N::no_no" => "Apache-MP3","Apache::MP3::L10N::pl" => "Apache-MP3","Apache::MP3::L10N::ru" => "Apache-MP3","Apache::MP3::L10N::sh" => "Apache-MP3","Apache::MP3::L10N::sk" => "Apache-MP3","Apache::MP3::L10N::sl" => "Apache-MP3","Apache::MP3::L10N::sr" => "Apache-MP3","Apache::MP3::L10N::tr" => "Apache-MP3","Apache::MP3::L10N::uk" => "Apache-MP3","Apache::MP3::L10N::x_marklar" => "Apache-MP3","Apache::MP3::L10N::zh_cn" => "Apache-MP3","Apache::MP3::L10N::zh_tw" => "Apache-MP3","Apache::MP3::Playlist" => "Apache-MP3","Apache::MP3::Resample" => "Apache-MP3","Apache::MP3::Sorted" => "Apache-MP3","Apache::MVC" => "Maypole","Apache::ModuleConfig" => "mod_perl","Apache::Opcode" => "mod_perl","Apache::Options" => "mod_perl","Apache::PerlRun" => "mod_perl","Apache::PerlRunXS" => "mod_perl","Apache::PerlSections" => "mod_perl","Apache::RPC::Server" => "RPC-XML","Apache::RPC::Status" => "RPC-XML","Apache::ReadConfig" => "mod_perl","Apache::RedirectLogFix" => "mod_perl","Apache::Registry" => "mod_perl","Apache::RegistryBB" => "mod_perl","Apache::RegistryLoader" => "mod_perl","Apache::RegistryNG" => "mod_perl","Apache::Resource" => "mod_perl","Apache::SIG" => "mod_perl","Apache::SOAP" => "SOAP-Lite","Apache::Server" => "mod_perl","Apache::Session" => "Apache-Session","Apache::Session::Browseable" => "Apache-Session-Browseable","Apache::Session::Browseable::Cassandra" => "Apache-Session-Browseable","Apache::Session::Browseable::DBI" => "Apache-Session-Browseable","Apache::Session::Browseable::File" => "Apache-Session-Browseable","Apache::Session::Browseable::Informix" => "Apache-Session-Browseable","Apache::Session::Browseable::LDAP" => "Apache-Session-Browseable","Apache::Session::Browseable::MySQL" => "Apache-Session-Browseable","Apache::Session::Browseable::MySQLJSON" => "Apache-Session-Browseable","Apache::Session::Browseable::Oracle" => "Apache-Session-Browseable","Apache::Session::Browseable::Patroni" => "Apache-Session-Browseable","Apache::Session::Browseable::PgHstore" => "Apache-Session-Browseable","Apache::Session::Browseable::PgJSON" => "Apache-Session-Browseable","Apache::Session::Browseable::Postgres" => "Apache-Session-Browseable","Apache::Session::Browseable::Redis" => "Apache-Session-Browseable","Apache::Session::Browseable::SQLite" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Cassandra" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::DBI" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::File" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Informix" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::LDAP" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::MySQL" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Oracle" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Patroni" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Postgres" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Redis" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::SQLite" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Sybase" => "Apache-Session-Browseable","Apache::Session::Browseable::Sybase" => "Apache-Session-Browseable","Apache::Session::DBI" => "Apache-Session","Apache::Session::DBIStore" => "Apache-Session","Apache::Session::DB_File" => "Apache-Session","Apache::Session::Daemon" => "Apache-Session","Apache::Session::DaemonLocker" => "Apache-Session","Apache::Session::Embperl" => "Apache-Session","Apache::Session::File" => "Apache-Session","Apache::Session::FileStore" => "Apache-Session","Apache::Session::Flex" => "Apache-Session","Apache::Session::Generate::MD5" => "Apache-Session","Apache::Session::Generate::ModUniqueId" => "Apache-Session","Apache::Session::Generate::ModUsertrack" => "Apache-Session","Apache::Session::Generate::SHA256" => "Apache-Session-Browseable","Apache::Session::IPC" => "Apache-Session","Apache::Session::Informix" => "Apache-Session","Apache::Session::LDAP" => "Apache-Session-LDAP","Apache::Session::Lock::File" => "Apache-Session","Apache::Session::Lock::MySQL" => "Apache-Session","Apache::Session::Lock::Null" => "Apache-Session","Apache::Session::Lock::Semaphore" => "Apache-Session","Apache::Session::Lock::Sybase" => "Apache-Session","Apache::Session::MemoryStore" => "Apache-Session","Apache::Session::MySQL" => "Apache-Session","Apache::Session::MySQL::NoLock" => "Apache-Session","Apache::Session::NullLocker" => "Apache-Session","Apache::Session::Oracle" => "Apache-Session","Apache::Session::PosixFileLocker" => "Apache-Session","Apache::Session::Postgres" => "Apache-Session","Apache::Session::Serialize::Base64" => "Apache-Session","Apache::Session::Serialize::Hstore" => "Apache-Session-Browseable","Apache::Session::Serialize::JSON" => "Apache-Session-Browseable","Apache::Session::Serialize::Storable" => "Apache-Session","Apache::Session::Serialize::Sybase" => "Apache-Session","Apache::Session::Serialize::UUEncode" => "Apache-Session","Apache::Session::SingleThread" => "Apache-Session","Apache::Session::Store::DBI" => "Apache-Session","Apache::Session::Store::DB_File" => "Apache-Session","Apache::Session::Store::File" => "Apache-Session","Apache::Session::Store::Informix" => "Apache-Session","Apache::Session::Store::LDAP" => "Apache-Session-LDAP","Apache::Session::Store::MySQL" => "Apache-Session","Apache::Session::Store::Oracle" => "Apache-Session","Apache::Session::Store::Postgres" => "Apache-Session","Apache::Session::Store::Sybase" => "Apache-Session","Apache::Session::Sybase" => "Apache-Session","Apache::Session::SysVSemaphoreLocker" => "Apache-Session","Apache::Session::Tree" => "Apache-Session","Apache::Session::TreeStore" => "Apache-Session","Apache::Session::Win32" => "Apache-Session","Apache::SessionX" => "Apache-SessionX","Apache::SessionX::Generate::MD5" => "Apache-SessionX","Apache::SessionX::Manager" => "Apache-SessionX","Apache::SessionX::Store::File" => "Apache-SessionX","Apache::StatINC" => "mod_perl","Apache::Status" => "mod_perl","Apache::Symbol" => "mod_perl","Apache::Symdump" => "mod_perl","Apache::Table" => "mod_perl","Apache::TiedSession" => "Apache-Session","Apache::URI" => "mod_perl","Apache::Util" => "mod_perl","Apache::Wyrd" => "Apache-Wyrd","Apache::Wyrd::Attribute" => "Apache-Wyrd","Apache::Wyrd::Bot" => "Apache-Wyrd","Apache::Wyrd::BrowserSwitch" => "Apache-Wyrd","Apache::Wyrd::CGICond" => "Apache-Wyrd","Apache::Wyrd::CGISetter" => "Apache-Wyrd","Apache::Wyrd::Chart" => "Apache-Wyrd","Apache::Wyrd::Cookie" => "Apache-Wyrd","Apache::Wyrd::DBL" => "Apache-Wyrd","Apache::Wyrd::Datum" => "Apache-Wyrd","Apache::Wyrd::Datum::Blob" => "Apache-Wyrd","Apache::Wyrd::Datum::Char" => "Apache-Wyrd","Apache::Wyrd::Datum::Enum" => "Apache-Wyrd","Apache::Wyrd::Datum::Integer" => "Apache-Wyrd","Apache::Wyrd::Datum::Null" => "Apache-Wyrd","Apache::Wyrd::Datum::Set" => "Apache-Wyrd","Apache::Wyrd::Datum::Text" => "Apache-Wyrd","Apache::Wyrd::Datum::Varchar" => "Apache-Wyrd","Apache::Wyrd::Debug" => "Apache-Wyrd","Apache::Wyrd::Defaults" => "Apache-Wyrd","Apache::Wyrd::ErrField" => "Apache-Wyrd","Apache::Wyrd::ErrTag" => "Apache-Wyrd","Apache::Wyrd::FileSize" => "Apache-Wyrd","Apache::Wyrd::Form" => "Apache-Wyrd","Apache::Wyrd::Form::Preload" => "Apache-Wyrd","Apache::Wyrd::Form::Template" => "Apache-Wyrd","Apache::Wyrd::Form::View" => "Apache-Wyrd","Apache::Wyrd::Handler" => "Apache-Wyrd","Apache::Wyrd::Input" => "Apache-Wyrd","Apache::Wyrd::Input::Complex" => "Apache-Wyrd","Apache::Wyrd::Input::Condenser" => "Apache-Wyrd","Apache::Wyrd::Input::Opt" => "Apache-Wyrd","Apache::Wyrd::Input::Set" => "Apache-Wyrd","Apache::Wyrd::Input::URLInput" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Columnize" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Dater" => "Apache-Wyrd","Apache::Wyrd::Interfaces::GetUser" => "Apache-Wyrd","Apache::Wyrd::Interfaces::IndexUser" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Indexable" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Mother" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Setter" => "Apache-Wyrd","Apache::Wyrd::Interfaces::SmartInput" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Stealth" => "Apache-Wyrd","Apache::Wyrd::Lattice" => "Apache-Wyrd","Apache::Wyrd::Lib" => "Apache-Wyrd","Apache::Wyrd::LogDump" => "Apache-Wyrd","Apache::Wyrd::Lookup" => "Apache-Wyrd","Apache::Wyrd::Loop" => "Apache-Wyrd","Apache::Wyrd::MySQLForm" => "Apache-Wyrd","Apache::Wyrd::Number" => "Apache-Wyrd","Apache::Wyrd::Query" => "Apache-Wyrd","Apache::Wyrd::Redirect" => "Apache-Wyrd","Apache::Wyrd::Request" => "Apache-Wyrd","Apache::Wyrd::SQLForm" => "Apache-Wyrd","Apache::Wyrd::Services::Auth" => "Apache-Wyrd","Apache::Wyrd::Services::CodeRing" => "Apache-Wyrd","Apache::Wyrd::Services::FileCache" => "Apache-Wyrd","Apache::Wyrd::Services::Index" => "Apache-Wyrd","Apache::Wyrd::Services::Key" => "Apache-Wyrd","Apache::Wyrd::Services::LoginServer" => "Apache-Wyrd","Apache::Wyrd::Services::MetaTable" => "Apache-Wyrd","Apache::Wyrd::Services::MySQLIndex" => "Apache-Wyrd","Apache::Wyrd::Services::PreAuth" => "Apache-Wyrd","Apache::Wyrd::Services::SAK" => "Apache-Wyrd","Apache::Wyrd::Services::SearchParser" => "Apache-Wyrd","Apache::Wyrd::Services::TicketPad" => "Apache-Wyrd","Apache::Wyrd::Services::Tree" => "Apache-Wyrd","Apache::Wyrd::ShowParams" => "Apache-Wyrd","Apache::Wyrd::Site::GDButton" => "Apache-Wyrd","Apache::Wyrd::Site::Index" => "Apache-Wyrd","Apache::Wyrd::Site::IndexBot" => "Apache-Wyrd","Apache::Wyrd::Site::Login" => "Apache-Wyrd","Apache::Wyrd::Site::MySQLIndex" => "Apache-Wyrd","Apache::Wyrd::Site::MySQLIndexBot" => "Apache-Wyrd","Apache::Wyrd::Site::NavPull" => "Apache-Wyrd","Apache::Wyrd::Site::Page" => "Apache-Wyrd","Apache::Wyrd::Site::Pull" => "Apache-Wyrd","Apache::Wyrd::Site::SearchResults" => "Apache-Wyrd","Apache::Wyrd::Site::TagPull" => "Apache-Wyrd","Apache::Wyrd::Site::Widget" => "Apache-Wyrd","Apache::Wyrd::Site::WidgetControl" => "Apache-Wyrd","Apache::Wyrd::Site::WidgetIndex" => "Apache-Wyrd","Apache::Wyrd::Template" => "Apache-Wyrd","Apache::Wyrd::User" => "Apache-Wyrd","Apache::Wyrd::Var" => "Apache-Wyrd","Apache::Wyrd::Version" => "Apache-Wyrd","Apache::Wyrd::View" => "Apache-Wyrd","Apache::XAO" => "XAO-Web","Apache::XMLRPC::Lite" => "SOAP-Lite","Apache::ePerl" => "eperl","Apache::fork" => "mod_perl","Apache::httpd_conf" => "mod_perl","Apache::src" => "mod_perl","Apache::testold" => "mod_perl","App" => "App-Context","App::Authentication" => "App-Context","App::Authentication::Htpasswd" => "App-Context","App::Authorization" => "App-Context","App::CallDispatcher" => "App-Context","App::CallDispatcher::HTTPSimple" => "App-Context","App::Conf" => "App-Context","App::Conf::File" => "App-Context","App::Context" => "App-Context","App::Context::ClusterController" => "App-Context","App::Context::ClusterNode" => "App-Context","App::Context::Cmd" => "App-Context","App::Context::HTTP" => "App-Context","App::Context::ModPerl" => "App-Context","App::Context::NetServer" => "App-Context","App::Context::POE" => "App-Context","App::Context::POE::ClusterController" => "App-Context","App::Context::POE::ClusterNode" => "App-Context","App::Context::POE::Server" => "App-Context","App::Context::Server" => "App-Context","App::Cpan" => "CPAN","App::Documentation" => "App-Context","App::Exceptions" => "App-Context","App::Genpass" => "App-Genpass","App::Github::Email" => "App-Github-Email","App::LogChannel" => "App-Context","App::MessageDispatcher" => "App-Context","App::Netdisco" => "App-Netdisco","App::Netdisco::AnyEvent::Nbtstat" => "App-Netdisco","App::Netdisco::Backend::Job" => "App-Netdisco","App::Netdisco::Backend::Role::Manager" => "App-Netdisco","App::Netdisco::Backend::Role::Poller" => "App-Netdisco","App::Netdisco::Backend::Role::Scheduler" => "App-Netdisco","App::Netdisco::Builder" => "App-Netdisco","App::Netdisco::Configuration" => "App-Netdisco","App::Netdisco::DB" => "App-Netdisco","App::Netdisco::DB::ExplicitLocking" => "App-Netdisco","App::Netdisco::DB::Result" => "App-Netdisco","App::Netdisco::DB::Result::AccessControlList" => "App-Netdisco","App::Netdisco::DB::Result::Admin" => "App-Netdisco","App::Netdisco::DB::Result::Community" => "App-Netdisco","App::Netdisco::DB::Result::Device" => "App-Netdisco","App::Netdisco::DB::Result::DeviceBrowser" => "App-Netdisco","App::Netdisco::DB::Result::DeviceIp" => "App-Netdisco","App::Netdisco::DB::Result::DeviceModule" => "App-Netdisco","App::Netdisco::DB::Result::DevicePort" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortLog" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortPower" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortProperties" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortSsid" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortVlan" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortWireless" => "App-Netdisco","App::Netdisco::DB::Result::DevicePower" => "App-Netdisco","App::Netdisco::DB::Result::DeviceSkip" => "App-Netdisco","App::Netdisco::DB::Result::DeviceVlan" => "App-Netdisco","App::Netdisco::DB::Result::Enterprise" => "App-Netdisco","App::Netdisco::DB::Result::Log" => "App-Netdisco","App::Netdisco::DB::Result::Manufacturer" => "App-Netdisco","App::Netdisco::DB::Result::NetmapPositions" => "App-Netdisco","App::Netdisco::DB::Result::Node" => "App-Netdisco","App::Netdisco::DB::Result::NodeIp" => "App-Netdisco","App::Netdisco::DB::Result::NodeMonitor" => "App-Netdisco","App::Netdisco::DB::Result::NodeNbt" => "App-Netdisco","App::Netdisco::DB::Result::NodeWireless" => "App-Netdisco","App::Netdisco::DB::Result::Oui" => "App-Netdisco","App::Netdisco::DB::Result::PortCtlRole" => "App-Netdisco","App::Netdisco::DB::Result::Process" => "App-Netdisco","App::Netdisco::DB::Result::Product" => "App-Netdisco","App::Netdisco::DB::Result::SNMPFilter" => "App-Netdisco","App::Netdisco::DB::Result::SNMPObject" => "App-Netdisco","App::Netdisco::DB::Result::Session" => "App-Netdisco","App::Netdisco::DB::Result::Statistics" => "App-Netdisco","App::Netdisco::DB::Result::Subnet" => "App-Netdisco","App::Netdisco::DB::Result::Topology" => "App-Netdisco","App::Netdisco::DB::Result::User" => "App-Netdisco","App::Netdisco::DB::Result::UserLog" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ACLEntriesWithDNS" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ActiveNode" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ActiveNodeWithAge" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ApRadioChannelPower" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::CidrIps" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DeviceDnsMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DeviceLinks" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePlatforms" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePoeStatus" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePortSpeed" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DuplexMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::FilteredSNMPObject" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::GenericReport" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::LastNode" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeIp4" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeIp6" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeMonitor" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeWithAge" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodesDiscovered" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::OrphanedDevices" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PollerPerformance" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortMacs" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortUtilization" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortVLANMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::SlowDevices" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::SubnetUtilization" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::TastyJobs" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UnDirEdgesAgg" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UndiscoveredNeighbors" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UserRole" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::WalkJobs" => "App-Netdisco","App::Netdisco::DB::ResultSet" => "App-Netdisco","App::Netdisco::DB::ResultSet::Admin" => "App-Netdisco","App::Netdisco::DB::ResultSet::Device" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceBrowser" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceModule" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePort" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePortLog" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePortSsid" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePower" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceSkip" => "App-Netdisco","App::Netdisco::DB::ResultSet::Node" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeIp" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeNbt" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeWireless" => "App-Netdisco","App::Netdisco::DB::ResultSet::PortCtlRole" => "App-Netdisco","App::Netdisco::DB::ResultSet::Subnet" => "App-Netdisco","App::Netdisco::DB::SchemaVersioned" => "App-Netdisco","App::Netdisco::DB::SetOperations" => "App-Netdisco","App::Netdisco::Environment" => "App-Netdisco","App::Netdisco::GenericDB" => "App-Netdisco","App::Netdisco::GenericDB::Result::Virtual::GenericReport" => "App-Netdisco","App::Netdisco::JobQueue" => "App-Netdisco","App::Netdisco::JobQueue::PostgreSQL" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ACE" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ASA" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ASAContext" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Aruba" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ArubaCX" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ArubaCont" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::BigIP" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::CPVSX" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Clavister" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::EOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FTD" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FortiOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FreeBSD" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::GAIAEmbedded" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXE" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXEMac" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXR" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Linux" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::NXOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::OS10" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::PaloAlto" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::VOSS" => "App-Netdisco","App::Netdisco::Transport::Python" => "App-Netdisco","App::Netdisco::Transport::SNMP" => "App-Netdisco","App::Netdisco::Transport::SSH" => "App-Netdisco","App::Netdisco::Util::CustomFields" => "App-Netdisco","App::Netdisco::Util::DNS" => "App-Netdisco","App::Netdisco::Util::Device" => "App-Netdisco","App::Netdisco::Util::DeviceAuth" => "App-Netdisco","App::Netdisco::Util::ExpandParams" => "App-Netdisco","App::Netdisco::Util::FastResolver" => "App-Netdisco","App::Netdisco::Util::Graph" => "App-Netdisco","App::Netdisco::Util::MCE" => "App-Netdisco","App::Netdisco::Util::Nbtstat" => "App-Netdisco","App::Netdisco::Util::Node" => "App-Netdisco","App::Netdisco::Util::NodeMonitor" => "App-Netdisco","App::Netdisco::Util::Noop" => "App-Netdisco","App::Netdisco::Util::Permission" => "App-Netdisco","App::Netdisco::Util::Port" => "App-Netdisco","App::Netdisco::Util::PortAccessEntity" => "App-Netdisco","App::Netdisco::Util::PortMAC" => "App-Netdisco","App::Netdisco::Util::Python" => "App-Netdisco","App::Netdisco::Util::SNMP" => "App-Netdisco","App::Netdisco::Util::Snapshot" => "App-Netdisco","App::Netdisco::Util::Statistics" => "App-Netdisco","App::Netdisco::Util::Web" => "App-Netdisco","App::Netdisco::Util::Worker" => "App-Netdisco","App::Netdisco::Web" => "App-Netdisco","App::Netdisco::Web::API::Objects" => "App-Netdisco","App::Netdisco::Web::API::Queue" => "App-Netdisco","App::Netdisco::Web::AdminTask" => "App-Netdisco","App::Netdisco::Web::Auth::Provider::DBIC" => "App-Netdisco","App::Netdisco::Web::AuthN" => "App-Netdisco","App::Netdisco::Web::CustomFields" => "App-Netdisco","App::Netdisco::Web::Device" => "App-Netdisco","App::Netdisco::Web::GenericReport" => "App-Netdisco","App::Netdisco::Web::Password" => "App-Netdisco","App::Netdisco::Web::Plugin" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::DuplicateDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::JobQueue" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::NodeMonitor" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::OrphanedDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PollerPerformance" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PortCtlRole" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PseudoDevice" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::RolePermissionsEditor" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::SlowDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::TimedOutDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::Topology" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::UndiscoveredNeighbors" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::UserLog" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::Users" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Addresses" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Details" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Modules" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Neighbors" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Ports" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::SNMP" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Vlans" => "App-Netdisco","App::Netdisco::Web::Plugin::Inventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApChannelDist" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApClients" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApRadioChannelPower" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceAddrNoDNS" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceByLocation" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceDnsMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DevicePoeStatus" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DuplexMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::HalfDuplex" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::InventoryByModelByOS" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::IpInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ModuleInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::Netbios" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodeMultiIPs" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodeVendor" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodesDiscovered" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortAdminDown" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortBlocking" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortLog" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortMultiNodes" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortSsid" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortUtilization" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortVLANMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::SsidInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::SubnetUtilization" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::VlanInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Device" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Node" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Port" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::VLAN" => "App-Netdisco","App::Netdisco::Web::PortControl" => "App-Netdisco","App::Netdisco::Web::Report" => "App-Netdisco","App::Netdisco::Web::Search" => "App-Netdisco","App::Netdisco::Web::Static" => "App-Netdisco","App::Netdisco::Web::Statistics" => "App-Netdisco","App::Netdisco::Web::TypeAhead" => "App-Netdisco","App::Netdisco::Worker::Loader" => "App-Netdisco","App::Netdisco::Worker::Plugin" => "App-Netdisco","App::Netdisco::Worker::Plugin::AddPseudoDevice" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Nodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Subnets" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::Contact" => "App-Netdisco","App::Netdisco::Worker::Plugin::Delete" => "App-Netdisco","App::Netdisco::Worker::Plugin::Delete::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::CanonicalIP" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Entities" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Neighbors" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Neighbors::DOCSIS" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::NextHopNeighbors" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::PortPower" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::PortProperties" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Properties" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Properties::Tags" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::VLANs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Wireless" => "App-Netdisco","App::Netdisco::Worker::Plugin::DiscoverAll" => "App-Netdisco","App::Netdisco::Worker::Plugin::DumpConfig" => "App-Netdisco","App::Netdisco::Worker::Plugin::DumpInfoCache" => "App-Netdisco","App::Netdisco::Worker::Plugin::Expire" => "App-Netdisco","App::Netdisco::Worker::Plugin::ExpireNodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::GetAPIKey" => "App-Netdisco","App::Netdisco::Worker::Plugin::Graph" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook::Exec" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook::HTTP" => "App-Netdisco","App::Netdisco::Worker::Plugin::Internal::BackendFQDN" => "App-Netdisco","App::Netdisco::Worker::Plugin::Internal::SNMPFastDiscover" => "App-Netdisco","App::Netdisco::Worker::Plugin::Linter" => "App-Netdisco","App::Netdisco::Worker::Plugin::LoadMIBs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Location" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::InterfacesStatus" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::Nodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::PortAccessEntity" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::WirelessNodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::MakeRancidConf" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtstat" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtstat::Core" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::NodeMonitor" => "App-Netdisco","App::Netdisco::Worker::Plugin::PingSweep" => "App-Netdisco","App::Netdisco::Worker::Plugin::PortControl" => "App-Netdisco","App::Netdisco::Worker::Plugin::PortName" => "App-Netdisco","App::Netdisco::Worker::Plugin::Power" => "App-Netdisco","App::Netdisco::Worker::Plugin::PrimeSkiplist" => "App-Netdisco","App::Netdisco::Worker::Plugin::Psql" => "App-Netdisco","App::Netdisco::Worker::Plugin::PythonShim" => "App-Netdisco","App::Netdisco::Worker::Plugin::Renumber" => "App-Netdisco","App::Netdisco::Worker::Plugin::Scheduler" => "App-Netdisco","App::Netdisco::Worker::Plugin::Show" => "App-Netdisco","App::Netdisco::Worker::Plugin::Snapshot" => "App-Netdisco","App::Netdisco::Worker::Plugin::Stats" => "App-Netdisco","App::Netdisco::Worker::Plugin::TastyJobs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Vlan" => "App-Netdisco","App::Netdisco::Worker::Plugin::Vlan::Core" => "App-Netdisco","App::Netdisco::Worker::Runner" => "App-Netdisco","App::Netdisco::Worker::Status" => "App-Netdisco","App::Packer::Backend::PAR" => "PAR","App::Packer::PAR" => "PAR-Packer","App::Packer::Temp" => "PAR","App::Pinto" => "Pinto","App::Pinto::Command" => "Pinto","App::Pinto::Command::add" => "Pinto","App::Pinto::Command::clean" => "Pinto","App::Pinto::Command::copy" => "Pinto","App::Pinto::Command::default" => "Pinto","App::Pinto::Command::delete" => "Pinto","App::Pinto::Command::diff" => "Pinto","App::Pinto::Command::help" => "Pinto","App::Pinto::Command::init" => "Pinto","App::Pinto::Command::install" => "Pinto","App::Pinto::Command::kill" => "Pinto","App::Pinto::Command::list" => "Pinto","App::Pinto::Command::lock" => "Pinto","App::Pinto::Command::log" => "Pinto","App::Pinto::Command::look" => "Pinto","App::Pinto::Command::manual" => "Pinto","App::Pinto::Command::merge" => "Pinto","App::Pinto::Command::migrate" => "Pinto","App::Pinto::Command::new" => "Pinto","App::Pinto::Command::nop" => "Pinto","App::Pinto::Command::pin" => "Pinto","App::Pinto::Command::props" => "Pinto","App::Pinto::Command::pull" => "Pinto","App::Pinto::Command::register" => "Pinto","App::Pinto::Command::rename" => "Pinto","App::Pinto::Command::reset" => "Pinto","App::Pinto::Command::revert" => "Pinto","App::Pinto::Command::roots" => "Pinto","App::Pinto::Command::stacks" => "Pinto","App::Pinto::Command::statistics" => "Pinto","App::Pinto::Command::thanks" => "Pinto","App::Pinto::Command::unlock" => "Pinto","App::Pinto::Command::unpin" => "Pinto","App::Pinto::Command::unregister" => "Pinto","App::Pinto::Command::update" => "Pinto","App::Pinto::Command::verify" => "Pinto","App::Reference" => "App-Context","App::Request" => "App-Context","App::Request::CGI" => "App-Context","App::ResourceLocker" => "App-Context","App::ResourceLocker::IPCLocker" => "App-Context","App::ResourceLocker::IPCSemaphore" => "App-Context","App::Response" => "App-Context","App::Security" => "App-Context","App::Serializer" => "App-Context","App::Serializer::Html" => "App-Context","App::Serializer::Ini" => "App-Context","App::Serializer::Json" => "App-Context","App::Serializer::OneLine" => "App-Context","App::Serializer::Perl" => "App-Context","App::Serializer::Properties" => "App-Context","App::Serializer::Scalar" => "App-Context","App::Serializer::Storable" => "App-Context","App::Serializer::TextArray" => "App-Context","App::Serializer::XMLDumper" => "App-Context","App::Serializer::XMLSimple" => "App-Context","App::Serializer::Xml" => "App-Context","App::Serializer::Yaml" => "App-Context","App::Service" => "App-Context","App::Session" => "App-Context","App::Session::Cookie" => "App-Context","App::Session::HTMLHidden" => "App-Context","App::SessionObject" => "App-Context","App::SharedDatastore" => "App-Context","App::UserAgent" => "App-Context","App::ValueDomain" => "App-Context","App::cpanminus" => "App-cpanminus","App::japerl" => "App-japerl","App::perlall" => "App-perlall","App::revealup" => "App-revealup","App::revealup::base" => "App-revealup","App::revealup::builder" => "App-revealup","App::revealup::cli" => "App-revealup","App::revealup::cli::export" => "App-revealup","App::revealup::cli::export::html" => "App-revealup","App::revealup::cli::export::theme" => "App-revealup","App::revealup::cli::serve" => "App-revealup","App::revealup::cli::server" => "App-revealup","App::revealup::cli::theme" => "App-revealup","App::revealup::util" => "App-revealup","Archive::Tar" => "Archive-Tar","Archive::Tar::Constant" => "Archive-Tar","Archive::Tar::File" => "Archive-Tar","Archive::Tar::Std" => "Archive-Tar","Archive::Tar::Std::_io" => "Archive-Tar","Archive::Tar::Win32" => "Archive-Tar","Archive::Tar::_io" => "Archive-Tar","Archive::Unzip::Burst" => "Archive-Unzip-Burst","Archive::Zip" => "Archive-Zip","Archive::Zip::Archive" => "Archive-Zip","Archive::Zip::BufferedFileHandle" => "Archive-Zip","Archive::Zip::DirectoryMember" => "Archive-Zip","Archive::Zip::FileMember" => "Archive-Zip","Archive::Zip::Member" => "Archive-Zip","Archive::Zip::MemberRead" => "Archive-Zip","Archive::Zip::MockFileHandle" => "Archive-Zip","Archive::Zip::NewFileMember" => "Archive-Zip","Archive::Zip::StringMember" => "Archive-Zip","Archive::Zip::Tree" => "Archive-Zip","Archive::Zip::ZipFileMember" => "Archive-Zip","Authen::DigestMD5" => "Authen-DigestMD5","Authen::DigestMD5::Packet" => "Authen-DigestMD5","Authen::DigestMD5::Request" => "Authen-DigestMD5","Authen::DigestMD5::Response" => "Authen-DigestMD5","Authen::SASL" => "Authen-SASL","Authen::SASL::CRAM_MD5" => "Authen-SASL","Authen::SASL::EXTERNAL" => "Authen-SASL","Authen::SASL::Perl" => "Authen-SASL","Authen::SASL::Perl::ANONYMOUS" => "Authen-SASL","Authen::SASL::Perl::CRAM_MD5" => "Authen-SASL","Authen::SASL::Perl::DIGEST_MD5" => "Authen-SASL","Authen::SASL::Perl::EXTERNAL" => "Authen-SASL","Authen::SASL::Perl::GSSAPI" => "Authen-SASL","Authen::SASL::Perl::LOGIN" => "Authen-SASL","Authen::SASL::Perl::Layer" => "Authen-SASL","Authen::SASL::Perl::OAUTHBEARER" => "Authen-SASL","Authen::SASL::Perl::PLAIN" => "Authen-SASL","Authen::SASL::Perl::XOAUTH2" => "Authen-SASL","Axis" => "perl","B" => "perl","B::Concise" => "perl","B::Deparse" => "perl","B::Lint::Plugin::Test" => "perl","B::OBJECT" => "perl","B::Op_private" => "perl","B::Section" => "perl","B::Showlex" => "perl","B::Terse" => "perl","B::Xref" => "perl","BSON::XS" => "BSON-XS","Batch::Batchrun" => "Batch-Batchrun","Batch::Batchrun::BuildFile" => "Batch-Batchrun","Batch::Batchrun::Dbfunctions" => "Batch-Batchrun","Batch::Batchrun::Extract" => "Batch-Batchrun","Batch::Batchrun::Initialize" => "Batch-Batchrun","Batch::Batchrun::Load" => "Batch-Batchrun","Batch::Batchrun::Mail" => "Batch-Batchrun","Batch::Batchrun::ProcessSteps" => "Batch-Batchrun","Batch::Batchrun::Pwlookup" => "Batch-Batchrun","Batch::Batchrun::Retain" => "Batch-Batchrun","Batch::Batchrun::TableFunctions" => "Batch-Batchrun","BeerDB" => "Maypole","BeerDB::Base" => "Maypole","BeerDB::Beer" => "Maypole","BeerDB::Brewery" => "Maypole","BeerDB::Drinker" => "Maypole","Benchmark" => "perl","Bio::DB::GFF::Aggregator::match_gap" => "GBrowse","Bio::DB::GFF::Aggregator::reftranscript" => "GBrowse","Bio::DB::GFF::Aggregator::waba_alignment" => "GBrowse","Bio::DB::GFF::Aggregator::wormbase_gene" => "GBrowse","Bio::DB::SeqFeature::Store::Alias" => "GBrowse","Bio::DB::SeqFeature::Store::Alias::Iterator" => "GBrowse","Bio::DB::SeqFeature::Store::Alias::Segment" => "GBrowse","Bio::DB::SeqFeature::Store::BedLoader" => "GBrowse","Bio::DB::Tagger" => "GBrowse","Bio::DB::Tagger::Iterator" => "GBrowse","Bio::DB::Tagger::Tag" => "GBrowse","Bio::DB::Tagger::mysql" => "GBrowse","Bio::Graphics::Browser2" => "GBrowse","Bio::Graphics::Browser2::Action" => "GBrowse","Bio::Graphics::Browser2::AdminTracks" => "GBrowse","Bio::Graphics::Browser2::AuthorizedFeatureFile" => "GBrowse","Bio::Graphics::Browser2::CAlign" => "GBrowse","Bio::Graphics::Browser2::CachedTrack" => "GBrowse","Bio::Graphics::Browser2::DataBase" => "GBrowse","Bio::Graphics::Browser2::DataLoader" => "GBrowse","Bio::Graphics::Browser2::DataLoader::archive" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bam" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bed" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bigbed" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bigwig" => "GBrowse","Bio::Graphics::Browser2::DataLoader::featurefile" => "GBrowse","Bio::Graphics::Browser2::DataLoader::generic" => "GBrowse","Bio::Graphics::Browser2::DataLoader::gff" => "GBrowse","Bio::Graphics::Browser2::DataLoader::gff3" => "GBrowse","Bio::Graphics::Browser2::DataLoader::sam" => "GBrowse","Bio::Graphics::Browser2::DataLoader::useq" => "GBrowse","Bio::Graphics::Browser2::DataLoader::wig2bigwig" => "GBrowse","Bio::Graphics::Browser2::DataLoader::wiggle" => "GBrowse","Bio::Graphics::Browser2::DataSource" => "GBrowse","Bio::Graphics::Browser2::ExternalData" => "GBrowse","Bio::Graphics::Browser2::GFFhelper" => "GBrowse","Bio::Graphics::Browser2::I18n" => "GBrowse","Bio::Graphics::Browser2::Markup" => "GBrowse","Bio::Graphics::Browser2::MetaDB" => "GBrowse","Bio::Graphics::Browser2::MetaSegment" => "GBrowse","Bio::Graphics::Browser2::MetaSegment::Iterator" => "GBrowse","Bio::Graphics::Browser2::OptionPick" => "GBrowse","Bio::Graphics::Browser2::PadAlignment" => "GBrowse","Bio::Graphics::Browser2::Plugin" => "GBrowse","Bio::Graphics::Browser2::Plugin::AuthPlugin" => "GBrowse","Bio::Graphics::Browser2::PluginSet" => "GBrowse","Bio::Graphics::Browser2::Realign" => "GBrowse","Bio::Graphics::Browser2::Region" => "GBrowse","Bio::Graphics::Browser2::RegionSearch" => "GBrowse","Bio::Graphics::Browser2::RemoteSet" => "GBrowse","Bio::Graphics::Browser2::Render" => "GBrowse","Bio::Graphics::Browser2::Render::HTML" => "GBrowse","Bio::Graphics::Browser2::Render::HTML::TrackListing" => "GBrowse","Bio::Graphics::Browser2::Render::HTML::TrackListing::Categories" => "GBrowse","Bio::Graphics::Browser2::Render::Login" => "GBrowse","Bio::Graphics::Browser2::Render::Slave" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::AWS_Balancer" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::StagingServer" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::Status" => "GBrowse","Bio::Graphics::Browser2::Render::SnapshotManager" => "GBrowse","Bio::Graphics::Browser2::Render::TrackConfig" => "GBrowse","Bio::Graphics::Browser2::RenderPanels" => "GBrowse","Bio::Graphics::Browser2::SendMail" => "GBrowse","Bio::Graphics::Browser2::Session" => "GBrowse","Bio::Graphics::Browser2::Shellwords" => "GBrowse","Bio::Graphics::Browser2::SubtrackTable" => "GBrowse","Bio::Graphics::Browser2::TrackDumper" => "GBrowse","Bio::Graphics::Browser2::TrackDumper::RichSeqMaker" => "GBrowse","Bio::Graphics::Browser2::UserConf" => "GBrowse","Bio::Graphics::Browser2::UserDB" => "GBrowse","Bio::Graphics::Browser2::UserTracks" => "GBrowse","Bio::Graphics::Browser2::UserTracks::Database" => "GBrowse","Bio::Graphics::Browser2::UserTracks::Filesystem" => "GBrowse","Bio::Graphics::Browser2::Util" => "GBrowse","Bio::Graphics::GBrowseFeature" => "GBrowse","Bio::Graphics::Karyotype" => "GBrowse","Bio::Graphics::Wiggle::Loader::Nosample" => "GBrowse","Boost::Graph" => "Boost-Graph","Boost::Graph::Directed" => "Boost-Graph","Boost::Graph::Undirected" => "Boost-Graph","Bundle::Apache" => "mod_perl","Bundle::Apache2" => "mod_perl","Bundle::Apache::ASP" => "Apache-ASP","Bundle::Apache::ASP::Extra" => "Apache-ASP","Bundle::DBD::Pg" => "DBD-Pg","Bundle::DBD::mysql" => "DBD-mysql","Bundle::DBI" => "DBI","Bundle::HTML::EP" => "HTML-EP","Bundle::Image::Info::Everything" => "Image-Info","Bundle::Image::Info::PNG" => "Image-Info","Bundle::Image::Info::SVG" => "Image-Info","Bundle::Image::Info::XBM" => "Image-Info","Bundle::Image::Info::XPM" => "Image-Info","Bundle::LWP" => "libwww-perl","Bundle::Net::LDAP" => "perl-ldap","Bundle::PlRPC" => "PlRPC","CBC" => "Crypt-CBC","CBOR::XS" => "CBOR-XS","CGI" => "CGI","CGI::Application" => "CGI-Application","CGI::Application::Dispatch" => "CGI-Application-Dispatch","CGI::Application::Dispatch::PSGI" => "CGI-Application-Dispatch","CGI::Application::Dispatch::Regexp" => "CGI-Application-Dispatch","CGI::Application::Mailform" => "CGI-Application","CGI::Application::Plugin::AutoRunmode" => "CGI-Application-Plugin-AutoRunmode","CGI::Application::Plugin::AutoRunmode::FileDelegate" => "CGI-Application-Plugin-AutoRunmode","CGI::Application::Plugin::CAPTCHA" => "CGI-Application-Plugin-CAPTCHA","CGI::Application::Plugin::RunmodeDeclare" => "CGI-Application-Plugin-RunmodeDeclare","CGI::Carp" => "CGI","CGI::Cookie" => "CGI","CGI::File::Temp" => "CGI","CGI::HTML::Functions" => "CGI","CGI::Maypole" => "Maypole","CGI::MultipartBuffer" => "CGI","CGI::Pretty" => "CGI","CGI::Push" => "CGI","CGI::Session" => "CGI-Session","CGI::Session::BluePrint" => "CGI-Session","CGI::Session::CookBook" => "CGI-Session","CGI::Session::DB_File" => "CGI-Session","CGI::Session::Driver" => "CGI-Session","CGI::Session::Driver::DBI" => "CGI-Session","CGI::Session::Driver::db_file" => "CGI-Session","CGI::Session::Driver::file" => "CGI-Session","CGI::Session::Driver::mysql" => "CGI-Session","CGI::Session::Driver::postgresql" => "CGI-Session","CGI::Session::Driver::sqlite" => "CGI-Session","CGI::Session::ErrorHandler" => "CGI-Session","CGI::Session::Example" => "CGI-Session","CGI::Session::File" => "CGI-Session","CGI::Session::ID::SHA1" => "CGI-Session","CGI::Session::ID::incr" => "CGI-Session","CGI::Session::ID::md5" => "CGI-Session","CGI::Session::ID::static" => "CGI-Session","CGI::Session::MySQL" => "CGI-Session","CGI::Session::PostgreSQL" => "CGI-Session","CGI::Session::Query" => "CGI-Session","CGI::Session::Serialize::default" => "CGI-Session","CGI::Session::Serialize::freezethaw" => "CGI-Session","CGI::Session::Serialize::json" => "CGI-Session","CGI::Session::Serialize::storable" => "CGI-Session","CGI::Session::Test::Default" => "CGI-Session","CGI::Session::Test::SimpleObjectClass" => "CGI-Session","CGI::Session::Tutorial" => "CGI-Session","CGI::Simple" => "CGI-Simple","CGI::Simple::Cookie" => "CGI-Simple","CGI::Simple::Standard" => "CGI-Simple","CGI::Simple::Util" => "CGI-Simple","CGI::Toggle" => "GBrowse","CGI::Untaint::Maypole" => "Maypole","CGI::Util" => "CGI","CGI::apacheSSI" => "CGI-apacheSSI","CGI::apacheSSI::Gmt" => "CGI-apacheSSI","CGI::apacheSSI::LMOD" => "CGI-apacheSSI","CGI::apacheSSI::Local" => "CGI-apacheSSI","CGI::mod_perl" => "mod_perl","CPAN" => "CPAN","CPAN::Admin" => "CPAN","CPAN::Author" => "CPAN","CPAN::Bundle" => "CPAN","CPAN::CacheMgr" => "CPAN","CPAN::Checksums" => "CPAN-Checksums","CPAN::Complete" => "CPAN","CPAN::Debug" => "CPAN","CPAN::DeferredCode" => "CPAN","CPAN::Distribution" => "CPAN","CPAN::Distroprefs" => "CPAN","CPAN::Distroprefs::Iterator" => "CPAN","CPAN::Distroprefs::Pref" => "CPAN","CPAN::Distroprefs::Result" => "CPAN","CPAN::Distroprefs::Result::Error" => "CPAN","CPAN::Distroprefs::Result::Fatal" => "CPAN","CPAN::Distroprefs::Result::Success" => "CPAN","CPAN::Distroprefs::Result::Warning" => "CPAN","CPAN::Distrostatus" => "CPAN","CPAN::Eval" => "CPAN","CPAN::Exception::RecursiveDependency" => "CPAN","CPAN::Exception::RecursiveDependency::na" => "CPAN","CPAN::Exception::blocked_urllist" => "CPAN","CPAN::Exception::yaml_not_installed" => "CPAN","CPAN::Exception::yaml_process_error" => "CPAN","CPAN::FTP" => "CPAN","CPAN::FTP::netrc" => "CPAN","CPAN::FirstTime" => "CPAN","CPAN::HTTP::Client" => "CPAN","CPAN::HTTP::Credentials" => "CPAN","CPAN::HandleConfig" => "CPAN","CPAN::Index" => "CPAN","CPAN::InfoObj" => "CPAN","CPAN::Kwalify" => "CPAN","CPAN::LWP::UserAgent" => "CPAN","CPAN::Mirrored::By" => "CPAN","CPAN::Mirrors" => "CPAN","CPAN::Module" => "CPAN","CPAN::Nox" => "CPAN","CPAN::Plugin" => "CPAN","CPAN::Plugin::Specfile" => "CPAN","CPAN::Prompt" => "CPAN","CPAN::Queue" => "CPAN","CPAN::Queue::Item" => "CPAN","CPAN::Shell" => "CPAN","CPAN::Tarzip" => "CPAN","CPAN::URL" => "CPAN","CPAN::Version" => "CPAN","Capture::Tiny" => "Capture-Tiny","Catalyst" => "Catalyst-Runtime","Catalyst::Action" => "Catalyst-Runtime","Catalyst::Action::Deserialize" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::Callback" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::JSON" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::JSON::XS" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::View" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::XML::Simple" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::YAML" => "Catalyst-Action-REST","Catalyst::Action::DeserializeMultiPart" => "Catalyst-Action-REST","Catalyst::Action::REST" => "Catalyst-Action-REST","Catalyst::Action::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Action::Serialize" => "Catalyst-Action-REST","Catalyst::Action::Serialize::Callback" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSON" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSON::XS" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSONP" => "Catalyst-Action-REST","Catalyst::Action::Serialize::View" => "Catalyst-Action-REST","Catalyst::Action::Serialize::XML::Simple" => "Catalyst-Action-REST","Catalyst::Action::Serialize::YAML" => "Catalyst-Action-REST","Catalyst::Action::Serialize::YAML::HTML" => "Catalyst-Action-REST","Catalyst::Action::SerializeBase" => "Catalyst-Action-REST","Catalyst::ActionChain" => "Catalyst-Runtime","Catalyst::ActionContainer" => "Catalyst-Runtime","Catalyst::ActionRole::ConsumesContent" => "Catalyst-Runtime","Catalyst::ActionRole::HTTPMethods" => "Catalyst-Runtime","Catalyst::ActionRole::QueryMatching" => "Catalyst-Runtime","Catalyst::ActionRole::Scheme" => "Catalyst-Runtime","Catalyst::Authentication::Credential::HTTP" => "Catalyst-Authentication-Credential-HTTP","Catalyst::Authentication::Credential::HTTP::Nonce" => "Catalyst-Authentication-Credential-HTTP","Catalyst::Authentication::Store::LDAP" => "Catalyst-Authentication-Store-LDAP","Catalyst::Authentication::Store::LDAP::Backend" => "Catalyst-Authentication-Store-LDAP","Catalyst::Authentication::Store::LDAP::User" => "Catalyst-Authentication-Store-LDAP","Catalyst::Base" => "Catalyst-Runtime","Catalyst::ClassData" => "Catalyst-Runtime","Catalyst::Component" => "Catalyst-Runtime","Catalyst::Component::ApplicationAttribute" => "Catalyst-Runtime","Catalyst::Component::ContextClosure" => "Catalyst-Runtime","Catalyst::Controller" => "Catalyst-Runtime","Catalyst::Controller::Combine" => "Catalyst-Controller-Combine","Catalyst::Controller::REST" => "Catalyst-Action-REST","Catalyst::DispatchType" => "Catalyst-Runtime","Catalyst::DispatchType::Chained" => "Catalyst-Runtime","Catalyst::DispatchType::Default" => "Catalyst-Runtime","Catalyst::DispatchType::Index" => "Catalyst-Runtime","Catalyst::DispatchType::Path" => "Catalyst-Runtime","Catalyst::Dispatcher" => "Catalyst-Runtime","Catalyst::Engine" => "Catalyst-Runtime","Catalyst::Engine::CGI" => "Catalyst-Runtime","Catalyst::Engine::FastCGI" => "Catalyst-Runtime","Catalyst::Engine::HTTP" => "Catalyst-Runtime","Catalyst::Engine::HTTP::Restarter" => "Catalyst-Runtime","Catalyst::Engine::HTTP::Restarter::Watcher" => "Catalyst-Runtime","Catalyst::EngineLoader" => "Catalyst-Runtime","Catalyst::Exception" => "Catalyst-Runtime","Catalyst::Exception::Base" => "Catalyst-Runtime","Catalyst::Exception::Basic" => "Catalyst-Runtime","Catalyst::Exception::Detach" => "Catalyst-Runtime","Catalyst::Exception::Go" => "Catalyst-Runtime","Catalyst::Exception::Interface" => "Catalyst-Runtime","Catalyst::Helper::Controller::Combine" => "Catalyst-Controller-Combine","Catalyst::Log" => "Catalyst-Runtime","Catalyst::Middleware::Stash" => "Catalyst-Runtime","Catalyst::Model" => "Catalyst-Runtime","Catalyst::Plugin::Session" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::State" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Store" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Store::Dummy" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Test::Store" => "Catalyst-Plugin-Session","Catalyst::Plugin::Static" => "Catalyst-Plugin-Static","Catalyst::Plugin::Static::Simple" => "Catalyst-Plugin-Static-Simple","Catalyst::Plugin::Unicode::Encoding" => "Catalyst-Runtime","Catalyst::Request" => "Catalyst-Runtime","Catalyst::Request::PartData" => "Catalyst-Runtime","Catalyst::Request::REST" => "Catalyst-Action-REST","Catalyst::Request::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Request::Upload" => "Catalyst-Runtime","Catalyst::Response" => "Catalyst-Runtime","Catalyst::Response::Writer" => "Catalyst-Runtime","Catalyst::Runtime" => "Catalyst-Runtime","Catalyst::Script::CGI" => "Catalyst-Runtime","Catalyst::Script::Create" => "Catalyst-Runtime","Catalyst::Script::FastCGI" => "Catalyst-Runtime","Catalyst::Script::Server" => "Catalyst-Runtime","Catalyst::Script::Test" => "Catalyst-Runtime","Catalyst::ScriptRole" => "Catalyst-Runtime","Catalyst::ScriptRunner" => "Catalyst-Runtime","Catalyst::Stats" => "Catalyst-Runtime","Catalyst::Test" => "Catalyst-Runtime","Catalyst::TraitFor::Request::REST" => "Catalyst-Action-REST","Catalyst::TraitFor::Request::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Utils" => "Catalyst-Runtime","Catalyst::View" => "Catalyst-Runtime","CatalystX::Controller::OpenSearch" => "Search-OpenSearch-Server","Chat::Controllers" => "Squatting","Chat::Views" => "Squatting","Class::Struct" => "perl","Class::Struct::Tie_ISA" => "perl","Clipboard" => "Clipboard","Clipboard::MacPasteboard" => "Clipboard","Clipboard::Pb" => "Clipboard","Clipboard::WaylandClipboard" => "Clipboard","Clipboard::Win32" => "Clipboard","Clipboard::Xclip" => "Clipboard","Clipboard::Xsel" => "Clipboard","Cmd::Dwarf" => "Cmd-Dwarf","Command" => "UR","Command::Common" => "UR","Command::DynamicSubCommands" => "UR","Command::Shell" => "UR","Command::SubCommandFactory" => "UR","Command::Test" => "UR","Command::Test::Echo" => "UR","Command::Test::Tree1" => "UR","Command::Test::Tree1::Echo1" => "UR","Command::Test::Tree1::Echo2" => "UR","Command::Tree" => "UR","Command::V1" => "UR","Command::V2" => "UR","Compress::LZ4" => "Compress-LZ4","Compress::Raw::Bunzip2" => "Compress-Raw-Bzip2","Compress::Raw::Bzip2" => "Compress-Raw-Bzip2","Compress::Raw::Zlib" => "Compress-Raw-Zlib","Compress::Zlib" => "IO-Compress","Concierge::Sessions" => "Concierge-Sessions","Concierge::Sessions::Base" => "Concierge-Sessions","Concierge::Sessions::File" => "Concierge-Sessions","Concierge::Sessions::SQLite" => "Concierge-Sessions","Concierge::Sessions::Session" => "Concierge-Sessions","Config::Extensions" => "perl","Config::IniFiles" => "Config-IniFiles","Config::Model" => "Config-Model","Config::Model::Annotation" => "Config-Model","Config::Model::AnyId" => "Config-Model","Config::Model::AnyThing" => "Config-Model","Config::Model::Backend::Any" => "Config-Model","Config::Model::Backend::CdsFile" => "Config-Model","Config::Model::Backend::Fstab" => "Config-Model","Config::Model::Backend::IniFile" => "Config-Model","Config::Model::Backend::Json" => "Config-Model","Config::Model::Backend::PerlFile" => "Config-Model","Config::Model::Backend::PlainFile" => "Config-Model","Config::Model::Backend::ShellVar" => "Config-Model","Config::Model::BackendMgr" => "Config-Model","Config::Model::BackendTrackOrder" => "Config-Model","Config::Model::CheckList" => "Config-Model","Config::Model::DeprecatedHandle" => "Config-Model","Config::Model::Describe" => "Config-Model","Config::Model::DumpAsData" => "Config-Model","Config::Model::Dumper" => "Config-Model","Config::Model::Exception" => "Config-Model","Config::Model::Exception::AncestorClass" => "Config-Model","Config::Model::Exception::Any" => "Config-Model","Config::Model::Exception::ConfigFile" => "Config-Model","Config::Model::Exception::ConfigFile::Missing" => "Config-Model","Config::Model::Exception::Fatal" => "Config-Model","Config::Model::Exception::Formula" => "Config-Model","Config::Model::Exception::Internal" => "Config-Model","Config::Model::Exception::Load" => "Config-Model","Config::Model::Exception::LoadData" => "Config-Model","Config::Model::Exception::Model" => "Config-Model","Config::Model::Exception::ModelDeclaration" => "Config-Model","Config::Model::Exception::ObsoleteElement" => "Config-Model","Config::Model::Exception::Syntax" => "Config-Model","Config::Model::Exception::UnavailableElement" => "Config-Model","Config::Model::Exception::UnknownElement" => "Config-Model","Config::Model::Exception::UnknownId" => "Config-Model","Config::Model::Exception::User" => "Config-Model","Config::Model::Exception::WarpError" => "Config-Model","Config::Model::Exception::WrongType" => "Config-Model","Config::Model::Exception::WrongValue" => "Config-Model","Config::Model::FuseUI" => "Config-Model","Config::Model::HashId" => "Config-Model","Config::Model::IdElementReference" => "Config-Model","Config::Model::Instance" => "Config-Model","Config::Model::Iterator" => "Config-Model","Config::Model::ListId" => "Config-Model","Config::Model::Lister" => "Config-Model","Config::Model::Loader" => "Config-Model","Config::Model::Node" => "Config-Model","Config::Model::ObjTreeScanner" => "Config-Model","Config::Model::Report" => "Config-Model","Config::Model::Role::ComputeFunction" => "Config-Model","Config::Model::Role::Constants" => "Config-Model","Config::Model::Role::FileHandler" => "Config-Model","Config::Model::Role::Grab" => "Config-Model","Config::Model::Role::HelpAsText" => "Config-Model","Config::Model::Role::NodeLoader" => "Config-Model","Config::Model::Role::Utils" => "Config-Model","Config::Model::Role::WarpMaster" => "Config-Model","Config::Model::SearchElement" => "Config-Model","Config::Model::SimpleUI" => "Config-Model","Config::Model::TermUI" => "Config-Model","Config::Model::TreeSearcher" => "Config-Model","Config::Model::TypeConstraints" => "Config-Model","Config::Model::Utils::GenClassPod" => "Config-Model","Config::Model::Value" => "Config-Model","Config::Model::Value::LayeredInclude" => "Config-Model","Config::Model::Value::Update" => "Config-Model","Config::Model::Value::UpdateFromFile" => "Config-Model","Config::Model::ValueComputer" => "Config-Model","Config::Model::WarpedNode" => "Config-Model","Config::Model::Warper" => "Config-Model","Convert::ASN1" => "Convert-ASN1","Convert::UUlib" => "Convert-UUlib","CouchWiki" => "Squatting","CouchWiki::Controllers" => "Squatting","CouchWiki::Models" => "Squatting","CouchWiki::Views" => "Squatting","Counter::Controllers" => "Squatting","Cpanel::JSON::XS" => "Cpanel-JSON-XS","Cpanel::JSON::XS::Type" => "Cpanel-JSON-XS","Crypt::AuthEnc" => "CryptX","Crypt::AuthEnc::CCM" => "CryptX","Crypt::AuthEnc::ChaCha20Poly1305" => "CryptX","Crypt::AuthEnc::EAX" => "CryptX","Crypt::AuthEnc::GCM" => "CryptX","Crypt::AuthEnc::OCB" => "CryptX","Crypt::CBC" => "Crypt-CBC","Crypt::CBC::PBKDF" => "Crypt-CBC","Crypt::CBC::PBKDF::none" => "Crypt-CBC","Crypt::CBC::PBKDF::opensslv1" => "Crypt-CBC","Crypt::CBC::PBKDF::opensslv2" => "Crypt-CBC","Crypt::CBC::PBKDF::pbkdf2" => "Crypt-CBC","Crypt::CBC::PBKDF::randomiv" => "Crypt-CBC","Crypt::Checksum" => "CryptX","Crypt::Checksum::Adler32" => "CryptX","Crypt::Checksum::CRC32" => "CryptX","Crypt::Cipher" => "CryptX","Crypt::Cipher::AES" => "CryptX","Crypt::Cipher::Anubis" => "CryptX","Crypt::Cipher::Blowfish" => "CryptX","Crypt::Cipher::CAST5" => "CryptX","Crypt::Cipher::Camellia" => "CryptX","Crypt::Cipher::DES" => "CryptX","Crypt::Cipher::DES_EDE" => "CryptX","Crypt::Cipher::IDEA" => "CryptX","Crypt::Cipher::KASUMI" => "CryptX","Crypt::Cipher::Khazad" => "CryptX","Crypt::Cipher::MULTI2" => "CryptX","Crypt::Cipher::Noekeon" => "CryptX","Crypt::Cipher::RC2" => "CryptX","Crypt::Cipher::RC5" => "CryptX","Crypt::Cipher::RC6" => "CryptX","Crypt::Cipher::SAFERP" => "CryptX","Crypt::Cipher::SAFER_K128" => "CryptX","Crypt::Cipher::SAFER_K64" => "CryptX","Crypt::Cipher::SAFER_SK128" => "CryptX","Crypt::Cipher::SAFER_SK64" => "CryptX","Crypt::Cipher::SEED" => "CryptX","Crypt::Cipher::Serpent" => "CryptX","Crypt::Cipher::Skipjack" => "CryptX","Crypt::Cipher::Twofish" => "CryptX","Crypt::Cipher::XTEA" => "CryptX","Crypt::DSA" => "Crypt-DSA","Crypt::DSA::Key" => "Crypt-DSA","Crypt::DSA::Key::PEM" => "Crypt-DSA","Crypt::DSA::Key::SSH2" => "Crypt-DSA","Crypt::DSA::KeyChain" => "Crypt-DSA","Crypt::DSA::Signature" => "Crypt-DSA","Crypt::DSA::Util" => "Crypt-DSA","Crypt::Digest" => "CryptX","Crypt::Digest::BLAKE2b_160" => "CryptX","Crypt::Digest::BLAKE2b_256" => "CryptX","Crypt::Digest::BLAKE2b_384" => "CryptX","Crypt::Digest::BLAKE2b_512" => "CryptX","Crypt::Digest::BLAKE2s_128" => "CryptX","Crypt::Digest::BLAKE2s_160" => "CryptX","Crypt::Digest::BLAKE2s_224" => "CryptX","Crypt::Digest::BLAKE2s_256" => "CryptX","Crypt::Digest::CHAES" => "CryptX","Crypt::Digest::Keccak224" => "CryptX","Crypt::Digest::Keccak256" => "CryptX","Crypt::Digest::Keccak384" => "CryptX","Crypt::Digest::Keccak512" => "CryptX","Crypt::Digest::MD2" => "CryptX","Crypt::Digest::MD4" => "CryptX","Crypt::Digest::MD5" => "CryptX","Crypt::Digest::RIPEMD128" => "CryptX","Crypt::Digest::RIPEMD160" => "CryptX","Crypt::Digest::RIPEMD256" => "CryptX","Crypt::Digest::RIPEMD320" => "CryptX","Crypt::Digest::SHA1" => "CryptX","Crypt::Digest::SHA224" => "CryptX","Crypt::Digest::SHA256" => "CryptX","Crypt::Digest::SHA384" => "CryptX","Crypt::Digest::SHA3_224" => "CryptX","Crypt::Digest::SHA3_256" => "CryptX","Crypt::Digest::SHA3_384" => "CryptX","Crypt::Digest::SHA3_512" => "CryptX","Crypt::Digest::SHA512" => "CryptX","Crypt::Digest::SHA512_224" => "CryptX","Crypt::Digest::SHA512_256" => "CryptX","Crypt::Digest::SHAKE" => "CryptX","Crypt::Digest::Tiger192" => "CryptX","Crypt::Digest::Whirlpool" => "CryptX","Crypt::JWT" => "Crypt-JWT","Crypt::KeyDerivation" => "CryptX","Crypt::KeyWrap" => "Crypt-JWT","Crypt::Mac" => "CryptX","Crypt::Mac::BLAKE2b" => "CryptX","Crypt::Mac::BLAKE2s" => "CryptX","Crypt::Mac::F9" => "CryptX","Crypt::Mac::HMAC" => "CryptX","Crypt::Mac::OMAC" => "CryptX","Crypt::Mac::PMAC" => "CryptX","Crypt::Mac::Pelican" => "CryptX","Crypt::Mac::Poly1305" => "CryptX","Crypt::Mac::XCBC" => "CryptX","Crypt::Misc" => "CryptX","Crypt::Mode" => "CryptX","Crypt::Mode::CBC" => "CryptX","Crypt::Mode::CFB" => "CryptX","Crypt::Mode::CTR" => "CryptX","Crypt::Mode::ECB" => "CryptX","Crypt::Mode::OFB" => "CryptX","Crypt::NaCl::Sodium" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::aead" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::auth" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::box" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::generichash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::hash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::onetimeauth" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::pwhash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::scalarmult" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::secretbox" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::shorthash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::sign" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::stream" => "Crypt-NaCl-Sodium","Crypt::OpenSSL::DSA" => "Crypt-OpenSSL-DSA","Crypt::OpenSSL::RSA" => "Crypt-OpenSSL-RSA","Crypt::PK" => "CryptX","Crypt::PK::DH" => "CryptX","Crypt::PK::DSA" => "CryptX","Crypt::PK::ECC" => "CryptX","Crypt::PK::Ed25519" => "CryptX","Crypt::PK::RSA" => "CryptX","Crypt::PK::X25519" => "CryptX","Crypt::PRNG" => "CryptX","Crypt::PRNG::ChaCha20" => "CryptX","Crypt::PRNG::Fortuna" => "CryptX","Crypt::PRNG::RC4" => "CryptX","Crypt::PRNG::Sober128" => "CryptX","Crypt::PRNG::Yarrow" => "CryptX","Crypt::Passwd::XS" => "Crypt-Passwd-XS","Crypt::Perl" => "Crypt-Perl","Crypt::Perl::ASN1" => "Crypt-Perl","Crypt::Perl::ASN1::BitString" => "Crypt-Perl","Crypt::Perl::ASN1::Encodee" => "Crypt-Perl","Crypt::Perl::ASN1::Signatures" => "Crypt-Perl","Crypt::Perl::BigInt" => "Crypt-Perl","Crypt::Perl::ECDSA" => "Crypt-Perl","Crypt::Perl::ECDSA::Deterministic" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::Curve" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::CurvesDB" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::DB" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::FieldElement" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::Point" => "Crypt-Perl","Crypt::Perl::ECDSA::ECParameters" => "Crypt-Perl","Crypt::Perl::ECDSA::EncodedPoint" => "Crypt-Perl","Crypt::Perl::ECDSA::Generate" => "Crypt-Perl","Crypt::Perl::ECDSA::KeyBase" => "Crypt-Perl","Crypt::Perl::ECDSA::Math" => "Crypt-Perl","Crypt::Perl::ECDSA::NIST" => "Crypt-Perl","Crypt::Perl::ECDSA::Parse" => "Crypt-Perl","Crypt::Perl::ECDSA::PrivateKey" => "Crypt-Perl","Crypt::Perl::ECDSA::PublicKey" => "Crypt-Perl","Crypt::Perl::ECDSA::Utils" => "Crypt-Perl","Crypt::Perl::Ed25519" => "Crypt-Perl","Crypt::Perl::Ed25519::KeyBase" => "Crypt-Perl","Crypt::Perl::Ed25519::Math" => "Crypt-Perl","Crypt::Perl::Ed25519::Parse" => "Crypt-Perl","Crypt::Perl::Ed25519::PrivateKey" => "Crypt-Perl","Crypt::Perl::Ed25519::PublicKey" => "Crypt-Perl","Crypt::Perl::JWK" => "Crypt-Perl","Crypt::Perl::KeyBase" => "Crypt-Perl","Crypt::Perl::Math" => "Crypt-Perl","Crypt::Perl::PK" => "Crypt-Perl","Crypt::Perl::PKCS10" => "Crypt-Perl","Crypt::Perl::PKCS10::ASN1" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute::challengePassword" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute::extensionRequest" => "Crypt-Perl","Crypt::Perl::PKCS10::Attributes" => "Crypt-Perl","Crypt::Perl::PKCS8" => "Crypt-Perl","Crypt::Perl::RNG" => "Crypt-Perl","Crypt::Perl::RSA" => "Crypt-Perl","Crypt::Perl::RSA::Generate" => "Crypt-Perl","Crypt::Perl::RSA::KeyBase" => "Crypt-Perl","Crypt::Perl::RSA::PKCS1_v1_5" => "Crypt-Perl","Crypt::Perl::RSA::Parse" => "Crypt-Perl","Crypt::Perl::RSA::PrivateKey" => "Crypt-Perl","Crypt::Perl::RSA::PublicKey" => "Crypt-Perl","Crypt::Perl::RSA::Template" => "Crypt-Perl","Crypt::Perl::ToDER" => "Crypt-Perl","Crypt::Perl::X" => "Crypt-Perl","Crypt::Perl::X509::Extension" => "Crypt-Perl","Crypt::Perl::X509::Extension::acmeValidation_v1" => "Crypt-Perl","Crypt::Perl::X509::Extension::authorityInfoAccess" => "Crypt-Perl","Crypt::Perl::X509::Extension::authorityKeyIdentifier" => "Crypt-Perl","Crypt::Perl::X509::Extension::basicConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::cRLDistributionPoints" => "Crypt-Perl","Crypt::Perl::X509::Extension::certificatePolicies" => "Crypt-Perl","Crypt::Perl::X509::Extension::ct_precert_poison" => "Crypt-Perl","Crypt::Perl::X509::Extension::ct_precert_scts" => "Crypt-Perl","Crypt::Perl::X509::Extension::extKeyUsage" => "Crypt-Perl","Crypt::Perl::X509::Extension::freshestCRL" => "Crypt-Perl","Crypt::Perl::X509::Extension::inhibitAnyPolicy" => "Crypt-Perl","Crypt::Perl::X509::Extension::issuerAltName" => "Crypt-Perl","Crypt::Perl::X509::Extension::keyUsage" => "Crypt-Perl","Crypt::Perl::X509::Extension::nameConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::noCheck" => "Crypt-Perl","Crypt::Perl::X509::Extension::policyConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::policyMappings" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectAltName" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectDirectoryAttributes" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectInfoAccess" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectKeyIdentifier" => "Crypt-Perl","Crypt::Perl::X509::Extension::tlsFeature" => "Crypt-Perl","Crypt::Perl::X509::Extensions" => "Crypt-Perl","Crypt::Perl::X509::GeneralName" => "Crypt-Perl","Crypt::Perl::X509::GeneralNames" => "Crypt-Perl","Crypt::Perl::X509::InfoAccessBase" => "Crypt-Perl","Crypt::Perl::X509::Name" => "Crypt-Perl","Crypt::Perl::X509::RelativeDistinguishedName" => "Crypt-Perl","Crypt::Perl::X509::SCT" => "Crypt-Perl","Crypt::Perl::X509v3" => "Crypt-Perl","Crypt::Perl::X::ASN1::Decode" => "Crypt-Perl","Crypt::Perl::X::ASN1::Encode" => "Crypt-Perl","Crypt::Perl::X::ASN1::Find" => "Crypt-Perl","Crypt::Perl::X::ASN1::Prepare" => "Crypt-Perl","Crypt::Perl::X::Base" => "Crypt-Perl","Crypt::Perl::X::ECDSA::CharacteristicTwoUnsupported" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForNISTName" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForName" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForOID" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForParameters" => "Crypt-Perl","Crypt::Perl::X::Generic" => "Crypt-Perl","Crypt::Perl::X::InvalidJWK" => "Crypt-Perl","Crypt::Perl::X::TooLongToSign" => "Crypt-Perl","Crypt::Perl::X::UnknownHash" => "Crypt-Perl","Crypt::Perl::X::UnknownJWKkty" => "Crypt-Perl","Crypt::Primes" => "Crypt-Primes","Crypt::Random" => "Crypt-Random","Crypt::Random::Generator" => "Crypt-Random","Crypt::Random::Provider::File" => "Crypt-Random","Crypt::Random::Provider::Win32API" => "Crypt-Random","Crypt::Random::Provider::devrandom" => "Crypt-Random","Crypt::Random::Provider::devurandom" => "Crypt-Random","Crypt::Random::Provider::egd" => "Crypt-Random","Crypt::Random::Provider::rand" => "Crypt-Random","Crypt::Random::Source" => "Crypt-Random-Source","Crypt::Random::Source::Base" => "Crypt-Random-Source","Crypt::Random::Source::Base::File" => "Crypt-Random-Source","Crypt::Random::Source::Base::Handle" => "Crypt-Random-Source","Crypt::Random::Source::Base::Proc" => "Crypt-Random-Source","Crypt::Random::Source::Base::RandomDevice" => "Crypt-Random-Source","Crypt::Random::Source::Factory" => "Crypt-Random-Source","Crypt::Random::Source::Strong" => "Crypt-Random-Source","Crypt::Random::Source::Strong::devrandom" => "Crypt-Random-Source","Crypt::Random::Source::Weak" => "Crypt-Random-Source","Crypt::Random::Source::Weak::devurandom" => "Crypt-Random-Source","Crypt::RandomEncryption" => "Crypt-RandomEncryption","Crypt::Salt" => "Crypt-Salt","Crypt::Sodium::XS" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Base" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Base64" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Core" => "Crypt-Sodium-XS","Crypt::Sodium::XS::MemVault" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::Base" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::aead" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::auth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::box" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::curve25519" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::generichash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::hash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::hkdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::ipcrypt" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::kdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::kx" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::onetimeauth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::pwhash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::scalarmult" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::secretbox" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::secretstream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::shorthash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::sign" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::stream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::ProtMem" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Util" => "Crypt-Sodium-XS","Crypt::Sodium::XS::aead" => "Crypt-Sodium-XS","Crypt::Sodium::XS::auth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::box" => "Crypt-Sodium-XS","Crypt::Sodium::XS::curve25519" => "Crypt-Sodium-XS","Crypt::Sodium::XS::generichash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::hash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::hkdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::ipcrypt" => "Crypt-Sodium-XS","Crypt::Sodium::XS::kdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::kx" => "Crypt-Sodium-XS","Crypt::Sodium::XS::onetimeauth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::pwhash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::scalarmult" => "Crypt-Sodium-XS","Crypt::Sodium::XS::secretbox" => "Crypt-Sodium-XS","Crypt::Sodium::XS::secretstream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::shorthash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::sign" => "Crypt-Sodium-XS","Crypt::Sodium::XS::stream" => "Crypt-Sodium-XS","Crypt::Stream::ChaCha" => "CryptX","Crypt::Stream::RC4" => "CryptX","Crypt::Stream::Rabbit" => "CryptX","Crypt::Stream::Salsa20" => "CryptX","Crypt::Stream::Sober128" => "CryptX","Crypt::Stream::Sosemanuk" => "CryptX","Crypt::SysRandom::XS" => "Crypt-SysRandom-XS","Crypt::URandom" => "Crypt-URandom","CryptX" => "CryptX","Cwd" => "PathTools","DBD::DBM" => "DBI","DBD::DBM::Statement" => "DBI","DBD::DBM::Table" => "DBI","DBD::DBM::db" => "DBI","DBD::DBM::dr" => "DBI","DBD::DBM::st" => "DBI","DBD::ExampleP" => "DBI","DBD::ExampleP::db" => "DBI","DBD::ExampleP::dr" => "DBI","DBD::ExampleP::st" => "DBI","DBD::File" => "DBI","DBD::File::DataSource::File" => "DBI","DBD::File::DataSource::Stream" => "DBI","DBD::File::Statement" => "DBI","DBD::File::Table" => "DBI","DBD::File::TableSource::FileSystem" => "DBI","DBD::File::db" => "DBI","DBD::File::dr" => "DBI","DBD::File::st" => "DBI","DBD::Gofer" => "DBI","DBD::Gofer::Policy::Base" => "DBI","DBD::Gofer::Policy::classic" => "DBI","DBD::Gofer::Policy::pedantic" => "DBI","DBD::Gofer::Policy::rush" => "DBI","DBD::Gofer::Transport::Base" => "DBI","DBD::Gofer::Transport::corostream" => "DBI","DBD::Gofer::Transport::null" => "DBI","DBD::Gofer::Transport::pipeone" => "DBI","DBD::Gofer::Transport::stream" => "DBI","DBD::Gofer::db" => "DBI","DBD::Gofer::dr" => "DBI","DBD::Gofer::st" => "DBI","DBD::MariaDB" => "DBD-MariaDB","DBD::Mem" => "DBI","DBD::Mem::DataSource" => "DBI","DBD::Mem::Statement" => "DBI","DBD::Mem::Table" => "DBI","DBD::Mem::db" => "DBI","DBD::Mem::dr" => "DBI","DBD::Mem::st" => "DBI","DBD::NullP" => "DBI","DBD::NullP::db" => "DBI","DBD::NullP::dr" => "DBI","DBD::NullP::st" => "DBI","DBD::Pg" => "DBD-Pg","DBD::Proxy" => "DBI","DBD::Proxy::RPC::PlClient" => "DBI","DBD::Proxy::db" => "DBI","DBD::Proxy::dr" => "DBI","DBD::Proxy::st" => "DBI","DBD::SQLite" => "DBD-SQLite","DBD::SQLite::Constants" => "DBD-SQLite","DBD::SQLite::GetInfo" => "DBD-SQLite","DBD::SQLite::VirtualTable" => "DBD-SQLite","DBD::SQLite::VirtualTable::Cursor" => "DBD-SQLite","DBD::SQLite::VirtualTable::FileContent" => "DBD-SQLite","DBD::SQLite::VirtualTable::FileContent::Cursor" => "DBD-SQLite","DBD::SQLite::VirtualTable::PerlData" => "DBD-SQLite","DBD::SQLite::VirtualTable::PerlData::Cursor" => "DBD-SQLite","DBD::Sponge" => "DBI","DBD::Sponge::db" => "DBI","DBD::Sponge::dr" => "DBI","DBD::Sponge::st" => "DBI","DBD::mysql" => "DBD-mysql","DBD::mysql::GetInfo" => "DBD-mysql","DBD::mysql::db" => "DBD-mysql","DBD::mysql::dr" => "DBD-mysql","DBD::mysql::st" => "DBD-mysql","DBD::mysqlPP" => "DBD-mysqlPP","DBD::mysqlPP::db" => "DBD-mysqlPP","DBD::mysqlPP::dr" => "DBD-mysqlPP","DBD::mysqlPP::st" => "DBD-mysqlPP","DBDI" => "DBI","DBI" => "DBI","DBI::Const::GetInfo::ANSI" => "DBI","DBI::Const::GetInfo::ODBC" => "DBI","DBI::Const::GetInfoReturn" => "DBI","DBI::Const::GetInfoType" => "DBI","DBI::DBD" => "DBI","DBI::DBD::Metadata" => "DBI","DBI::DBD::SqlEngine" => "DBI","DBI::DBD::SqlEngine::DataSource" => "DBI","DBI::DBD::SqlEngine::Statement" => "DBI","DBI::DBD::SqlEngine::Table" => "DBI","DBI::DBD::SqlEngine::TableSource" => "DBI","DBI::DBD::SqlEngine::TieMeta" => "DBI","DBI::DBD::SqlEngine::TieTables" => "DBI","DBI::DBD::SqlEngine::db" => "DBI","DBI::DBD::SqlEngine::dr" => "DBI","DBI::DBD::SqlEngine::st" => "DBI","DBI::FAQ" => "DBI","DBI::Gofer::Execute" => "DBI","DBI::Gofer::Request" => "DBI","DBI::Gofer::Response" => "DBI","DBI::Gofer::Serializer::Base" => "DBI","DBI::Gofer::Serializer::DataDumper" => "DBI","DBI::Gofer::Serializer::Storable" => "DBI","DBI::Gofer::Transport::Base" => "DBI","DBI::Gofer::Transport::pipeone" => "DBI","DBI::Gofer::Transport::stream" => "DBI","DBI::Library" => "MySQL-Admin","DBI::Library::Database" => "MySQL-Admin","DBI::Library::Database::db" => "MySQL-Admin","DBI::Library::Database::st" => "MySQL-Admin","DBI::Library::db" => "MySQL-Admin","DBI::Library::st" => "MySQL-Admin","DBI::Profile" => "DBI","DBI::ProfileData" => "DBI","DBI::ProfileDumper" => "DBI","DBI::ProfileDumper::Apache" => "DBI","DBI::ProfileSubs" => "DBI","DBI::ProxyServer" => "DBI","DBI::ProxyServer::db" => "DBI","DBI::ProxyServer::dr" => "DBI","DBI::ProxyServer::st" => "DBI","DBI::SQL::Nano" => "DBI","DBI::SQL::Nano::Statement_" => "DBI","DBI::SQL::Nano::Table_" => "DBI","DBI::Util::CacheMemory" => "DBI","DBI::Util::_accessor" => "DBI","DBI::common" => "DBI","DBIx::Class::EncodedColumn" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt::Eksblowfish::Bcrypt" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt::OpenPGP" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Digest" => "DBIx-Class-EncodedColumn","DBIx::Class::Valiant" => "Valiant","DBIx::Class::Valiant::Result" => "Valiant","DBIx::Class::Valiant::Result::HTML::FormFields" => "Valiant","DBIx::Class::Valiant::ResultSet" => "Valiant","DBIx::Class::Valiant::Util::Exception" => "Valiant","DBIx::Class::Valiant::Util::Exception::BadParameterFK" => "Valiant","DBIx::Class::Valiant::Util::Exception::BadParameters" => "Valiant","DBIx::Class::Valiant::Util::Exception::TooManyRows" => "Valiant","DBIx::Class::Valiant::Validates" => "Valiant","DBIx::Class::Valiant::Validator::Result" => "Valiant","DBIx::Class::Valiant::Validator::ResultSet" => "Valiant","DBIx::Class::Valiant::Validator::SetSize" => "Valiant","DBIx::Custom" => "DBIx-Custom","DBIx::Custom::Mapper" => "DBIx-Custom","DBIx::Custom::Model" => "DBIx-Custom","DBIx::Custom::NotExists" => "DBIx-Custom","DBIx::Custom::Order" => "DBIx-Custom","DBIx::Custom::Query" => "DBIx-Custom","DBIx::Custom::Result" => "DBIx-Custom","DBIx::Custom::Util" => "DBIx-Custom","DBIx::Custom::Where" => "DBIx-Custom","DBIx::Otogiri" => "Otogiri","DBIx::Otogiri::Iterator" => "Otogiri","DBM_Filter" => "perl","DBM_Filter::compress" => "perl","DBM_Filter::encode" => "perl","DBM_Filter::int32" => "perl","DBM_Filter::null" => "perl","DBM_Filter::utf8" => "perl","Dancer" => "Dancer","Dancer2" => "Dancer2","Dancer2::CLI" => "Dancer2","Dancer2::CLI::Command::gen" => "Dancer2","Dancer2::CLI::Command::version" => "Dancer2","Dancer2::CLI::Gen" => "Dancer2","Dancer2::CLI::Version" => "Dancer2","Dancer2::ConfigReader" => "Dancer2","Dancer2::ConfigReader::Config::Any" => "Dancer2","Dancer2::ConfigUtils" => "Dancer2","Dancer2::Core" => "Dancer2","Dancer2::Core::App" => "Dancer2","Dancer2::Core::Cookie" => "Dancer2","Dancer2::Core::DSL" => "Dancer2","Dancer2::Core::Dispatcher" => "Dancer2","Dancer2::Core::Error" => "Dancer2","Dancer2::Core::Factory" => "Dancer2","Dancer2::Core::HTTP" => "Dancer2","Dancer2::Core::Hook" => "Dancer2","Dancer2::Core::MIME" => "Dancer2","Dancer2::Core::Request" => "Dancer2","Dancer2::Core::Request::Upload" => "Dancer2","Dancer2::Core::Response" => "Dancer2","Dancer2::Core::Response::Delayed" => "Dancer2","Dancer2::Core::Role::ConfigReader" => "Dancer2","Dancer2::Core::Role::DSL" => "Dancer2","Dancer2::Core::Role::Engine" => "Dancer2","Dancer2::Core::Role::Handler" => "Dancer2","Dancer2::Core::Role::HasConfig" => "Dancer2","Dancer2::Core::Role::HasEnvironment" => "Dancer2","Dancer2::Core::Role::HasLocation" => "Dancer2","Dancer2::Core::Role::Hookable" => "Dancer2","Dancer2::Core::Role::Logger" => "Dancer2","Dancer2::Core::Role::Serializer" => "Dancer2","Dancer2::Core::Role::SessionFactory" => "Dancer2","Dancer2::Core::Role::SessionFactory::File" => "Dancer2","Dancer2::Core::Role::StandardResponses" => "Dancer2","Dancer2::Core::Role::Template" => "Dancer2","Dancer2::Core::Route" => "Dancer2","Dancer2::Core::Runner" => "Dancer2","Dancer2::Core::Session" => "Dancer2","Dancer2::Core::Time" => "Dancer2","Dancer2::Core::Types" => "Dancer2","Dancer2::FileUtils" => "Dancer2","Dancer2::Handler::AutoPage" => "Dancer2","Dancer2::Handler::File" => "Dancer2","Dancer2::Logger::Capture" => "Dancer2","Dancer2::Logger::Capture::Trap" => "Dancer2","Dancer2::Logger::Console" => "Dancer2","Dancer2::Logger::Diag" => "Dancer2","Dancer2::Logger::File" => "Dancer2","Dancer2::Logger::Note" => "Dancer2","Dancer2::Logger::Null" => "Dancer2","Dancer2::Plugin" => "Dancer2","Dancer2::Serializer::Dumper" => "Dancer2","Dancer2::Serializer::JSON" => "Dancer2","Dancer2::Serializer::Mutable" => "Dancer2","Dancer2::Serializer::YAML" => "Dancer2","Dancer2::Session::Simple" => "Dancer2","Dancer2::Session::YAML" => "Dancer2","Dancer2::Template::Implementation::ForkedTiny" => "Dancer2","Dancer2::Template::TemplateToolkit" => "Dancer2","Dancer2::Template::Tiny" => "Dancer2","Dancer2::Test" => "Dancer2","Dancer::App" => "Dancer","Dancer::Config" => "Dancer","Dancer::Config::Object" => "Dancer","Dancer::Continuation" => "Dancer","Dancer::Continuation::Halted" => "Dancer","Dancer::Continuation::Route" => "Dancer","Dancer::Continuation::Route::ErrorSent" => "Dancer","Dancer::Continuation::Route::FileSent" => "Dancer","Dancer::Continuation::Route::Forwarded" => "Dancer","Dancer::Continuation::Route::Passed" => "Dancer","Dancer::Continuation::Route::Templated" => "Dancer","Dancer::Cookie" => "Dancer","Dancer::Cookies" => "Dancer","Dancer::Deprecation" => "Dancer","Dancer::Engine" => "Dancer","Dancer::Error" => "Dancer","Dancer::Exception" => "Dancer","Dancer::Exception::Base" => "Dancer","Dancer::Exceptions" => "Dancer","Dancer::Factory::Hook" => "Dancer","Dancer::FileUtils" => "Dancer","Dancer::GetOpt" => "Dancer","Dancer::HTTP" => "Dancer","Dancer::Handler" => "Dancer","Dancer::Handler::Debug" => "Dancer","Dancer::Handler::PSGI" => "Dancer","Dancer::Handler::Standalone" => "Dancer","Dancer::Hook" => "Dancer","Dancer::Hook::Properties" => "Dancer","Dancer::Logger" => "Dancer","Dancer::Logger::Abstract" => "Dancer","Dancer::Logger::Capture" => "Dancer","Dancer::Logger::Capture::Trap" => "Dancer","Dancer::Logger::Console" => "Dancer","Dancer::Logger::Diag" => "Dancer","Dancer::Logger::File" => "Dancer","Dancer::Logger::Note" => "Dancer","Dancer::Logger::Null" => "Dancer","Dancer::MIME" => "Dancer","Dancer::ModuleLoader" => "Dancer","Dancer::Object" => "Dancer","Dancer::Object::Singleton" => "Dancer","Dancer::Plugin" => "Dancer","Dancer::Plugin::Ajax" => "Dancer","Dancer::Renderer" => "Dancer","Dancer::Request" => "Dancer","Dancer::Request::Upload" => "Dancer","Dancer::Response" => "Dancer","Dancer::Route" => "Dancer","Dancer::Route::Cache" => "Dancer","Dancer::Route::Registry" => "Dancer","Dancer::Serializer" => "Dancer","Dancer::Serializer::Abstract" => "Dancer","Dancer::Serializer::Dumper" => "Dancer","Dancer::Serializer::JSON" => "Dancer","Dancer::Serializer::JSONP" => "Dancer","Dancer::Serializer::Mutable" => "Dancer","Dancer::Serializer::XML" => "Dancer","Dancer::Serializer::YAML" => "Dancer","Dancer::Session" => "Dancer","Dancer::Session::Abstract" => "Dancer","Dancer::Session::Simple" => "Dancer","Dancer::Session::YAML" => "Dancer","Dancer::SharedData" => "Dancer","Dancer::Template" => "Dancer","Dancer::Template::Abstract" => "Dancer","Dancer::Template::NetdiscoTemplateToolkit" => "App-Netdisco","Dancer::Template::Simple" => "Dancer","Dancer::Template::TemplateToolkit" => "Dancer","Dancer::Test" => "Dancer","Dancer::Timer" => "Dancer","Data::BytesLocker" => "Crypt-NaCl-Sodium","Data::Dumper" => "Data-Dumper","Data::Entropy" => "Data-Entropy","Data::Entropy::Algorithms" => "Data-Entropy","Data::Entropy::RawSource::CryptCounter" => "Data-Entropy","Data::Entropy::RawSource::Local" => "Data-Entropy","Data::Entropy::RawSource::RandomOrg" => "Data-Entropy","Data::Entropy::RawSource::RandomnumbersInfo" => "Data-Entropy","Data::Entropy::Source" => "Data-Entropy","Data::FormValidator" => "Data-FormValidator","Data::FormValidator::Constraints" => "Data-FormValidator","Data::FormValidator::Constraints::Dates" => "Data-FormValidator","Data::FormValidator::Constraints::RegexpCommon" => "Data-FormValidator","Data::FormValidator::Constraints::Upload" => "Data-FormValidator","Data::FormValidator::ConstraintsFactory" => "Data-FormValidator","Data::FormValidator::Filters" => "Data-FormValidator","Data::FormValidator::Results" => "Data-FormValidator","Data::UUID" => "Data-UUID","Data::Validate::IP" => "Data-Validate-IP","DemoASP" => "Apache-ASP","Devel::PPPort" => "Devel-PPPort","Devel::PatchPerl::Plugin::Asan" => "App-perlall","Devel::PatchPerl::Plugin::Compiler" => "App-perlall","Devel::PatchPerl::Plugin::General" => "App-perlall","Devel::Peek" => "perl","Devel::StackTrace" => "Devel-StackTrace","Devel::StackTrace::Frame" => "Devel-StackTrace","Devel::callsfrom" => "UR","Dezi" => "Dezi","Dezi::Config" => "Dezi","Dezi::Server" => "Dezi","Dezi::Server::About" => "Dezi","Digest" => "Digest","Digest::MD5" => "Digest-MD5","Digest::SHA" => "Digest-SHA","Digest::base" => "Digest","Digest::file" => "Digest","DirHandle" => "perl","Dpkg" => "Dpkg","Dpkg::Arch" => "Dpkg","Dpkg::Archive::Ar" => "Dpkg","Dpkg::Build::Env" => "Dpkg","Dpkg::Build::Info" => "Dpkg","Dpkg::Build::Types" => "Dpkg","Dpkg::BuildAPI" => "Dpkg","Dpkg::BuildDriver" => "Dpkg","Dpkg::BuildDriver::DebianRules" => "Dpkg","Dpkg::BuildEnv" => "Dpkg","Dpkg::BuildFlags" => "Dpkg","Dpkg::BuildInfo" => "Dpkg","Dpkg::BuildOptions" => "Dpkg","Dpkg::BuildProfiles" => "Dpkg","Dpkg::BuildTree" => "Dpkg","Dpkg::BuildTypes" => "Dpkg","Dpkg::Changelog" => "Dpkg","Dpkg::Changelog::Debian" => "Dpkg","Dpkg::Changelog::Entry" => "Dpkg","Dpkg::Changelog::Entry::Debian" => "Dpkg","Dpkg::Changelog::Parse" => "Dpkg","Dpkg::Checksums" => "Dpkg","Dpkg::Compression" => "Dpkg","Dpkg::Compression::FileHandle" => "Dpkg","Dpkg::Compression::Process" => "Dpkg","Dpkg::Conf" => "Dpkg","Dpkg::Control" => "Dpkg","Dpkg::Control::Changelog" => "Dpkg","Dpkg::Control::Fields" => "Dpkg","Dpkg::Control::FieldsCore" => "Dpkg","Dpkg::Control::Hash" => "Dpkg","Dpkg::Control::HashCore" => "Dpkg","Dpkg::Control::HashCore::Tie" => "Dpkg","Dpkg::Control::Info" => "Dpkg","Dpkg::Control::Tests" => "Dpkg","Dpkg::Control::Tests::Entry" => "Dpkg","Dpkg::Control::Types" => "Dpkg","Dpkg::Deps" => "Dpkg","Dpkg::Deps::AND" => "Dpkg","Dpkg::Deps::KnownFacts" => "Dpkg","Dpkg::Deps::Multiple" => "Dpkg","Dpkg::Deps::OR" => "Dpkg","Dpkg::Deps::Simple" => "Dpkg","Dpkg::Deps::Union" => "Dpkg","Dpkg::Dist::Files" => "Dpkg","Dpkg::Email::Address" => "Dpkg","Dpkg::Email::AddressList" => "Dpkg","Dpkg::ErrorHandling" => "Dpkg","Dpkg::Exit" => "Dpkg","Dpkg::File" => "Dpkg","Dpkg::Getopt" => "Dpkg","Dpkg::Gettext" => "Dpkg","Dpkg::IPC" => "Dpkg","Dpkg::Index" => "Dpkg","Dpkg::Interface::Storable" => "Dpkg","Dpkg::Lock" => "Dpkg","Dpkg::OpenPGP" => "Dpkg","Dpkg::OpenPGP::Backend" => "Dpkg","Dpkg::OpenPGP::Backend::GnuPG" => "Dpkg","Dpkg::OpenPGP::Backend::SOP" => "Dpkg","Dpkg::OpenPGP::Backend::Sequoia" => "Dpkg","Dpkg::OpenPGP::ErrorCodes" => "Dpkg","Dpkg::OpenPGP::KeyHandle" => "Dpkg","Dpkg::Package" => "Dpkg","Dpkg::Path" => "Dpkg","Dpkg::Shlibs" => "Dpkg","Dpkg::Shlibs::Cppfilt" => "Dpkg","Dpkg::Shlibs::Objdump" => "Dpkg","Dpkg::Shlibs::Objdump::Object" => "Dpkg","Dpkg::Shlibs::Symbol" => "Dpkg","Dpkg::Shlibs::SymbolFile" => "Dpkg","Dpkg::Source::Archive" => "Dpkg","Dpkg::Source::BinaryFiles" => "Dpkg","Dpkg::Source::Format" => "Dpkg","Dpkg::Source::Functions" => "Dpkg","Dpkg::Source::Package" => "Dpkg","Dpkg::Source::Package::V1" => "Dpkg","Dpkg::Source::Package::V2" => "Dpkg","Dpkg::Source::Package::V3::Bzr" => "Dpkg","Dpkg::Source::Package::V3::Custom" => "Dpkg","Dpkg::Source::Package::V3::Git" => "Dpkg","Dpkg::Source::Package::V3::Native" => "Dpkg","Dpkg::Source::Package::V3::Quilt" => "Dpkg","Dpkg::Source::Patch" => "Dpkg","Dpkg::Source::Quilt" => "Dpkg","Dpkg::Substvars" => "Dpkg","Dpkg::SysInfo" => "Dpkg","Dpkg::Vars" => "Dpkg","Dpkg::Vendor" => "Dpkg","Dpkg::Vendor::Debian" => "Dpkg","Dpkg::Vendor::Default" => "Dpkg","Dpkg::Vendor::Devuan" => "Dpkg","Dpkg::Vendor::PureOS" => "Dpkg","Dpkg::Vendor::Ubuntu" => "Dpkg","Dpkg::Version" => "Dpkg","Dwarf" => "Cmd-Dwarf","EV::Hiredis" => "EV-Hiredis","Elive" => "Elive","Elive::Connection" => "Elive","Elive::Connection::SDK" => "Elive","Elive::DAO" => "Elive","Elive::DAO::Array" => "Elive","Elive::DAO::Singleton" => "Elive","Elive::DAO::_Base" => "Elive","Elive::Entity" => "Elive","Elive::Entity::Group" => "Elive","Elive::Entity::Group::Members" => "Elive","Elive::Entity::InvitedGuest" => "Elive","Elive::Entity::Meeting" => "Elive","Elive::Entity::MeetingParameters" => "Elive","Elive::Entity::Participant" => "Elive","Elive::Entity::ParticipantList" => "Elive","Elive::Entity::Participants" => "Elive","Elive::Entity::Preload" => "Elive","Elive::Entity::Preloads" => "Elive","Elive::Entity::Recording" => "Elive","Elive::Entity::Report" => "Elive","Elive::Entity::Role" => "Elive","Elive::Entity::ServerDetails" => "Elive","Elive::Entity::ServerParameters" => "Elive","Elive::Entity::Session" => "Elive","Elive::Entity::User" => "Elive","Elive::Util" => "Elive","Elive::Util::Type" => "Elive","Elive::View::Session" => "Elive","Email::Address" => "Email-Address","Email::MIME" => "Email-MIME","Email::MIME::Creator" => "Email-MIME","Email::MIME::Encode" => "Email-MIME","Email::MIME::Header" => "Email-MIME","Email::MIME::Header::AddressList" => "Email-MIME","Email::MIME::Modifier" => "Email-MIME","EnableModule" => "perl","Encode" => "Encode","Encode::Alias" => "Encode","Encode::Byte" => "Encode","Encode::CJKConstants" => "Encode","Encode::CN" => "Encode","Encode::CN::HZ" => "Encode","Encode::Config" => "Encode","Encode::EBCDIC" => "Encode","Encode::Encoder" => "Encode","Encode::Encoding" => "Encode","Encode::GSM0338" => "Encode","Encode::Guess" => "Encode","Encode::Internal" => "Encode","Encode::JP" => "Encode","Encode::JP::H2Z" => "Encode","Encode::JP::JIS7" => "Encode","Encode::KR" => "Encode","Encode::KR::2022_KR" => "Encode","Encode::MIME::Header" => "Encode","Encode::MIME::Header::ISO_2022_JP" => "Encode","Encode::MIME::Name" => "Encode","Encode::Symbol" => "Encode","Encode::TW" => "Encode","Encode::UTF_EBCDIC" => "Encode","Encode::Unicode" => "Encode","Encode::Unicode::UTF7" => "Encode","Encode::XS" => "Encode","Encode::utf8" => "Encode","English" => "perl","Example::Controllers" => "Squatting","Example::Views" => "Squatting","ExtUtils::Command" => "ExtUtils-MakeMaker","ExtUtils::Command::MM" => "ExtUtils-MakeMaker","ExtUtils::Embed" => "perl","ExtUtils::Liblist" => "ExtUtils-MakeMaker","ExtUtils::Liblist::Kid" => "ExtUtils-MakeMaker","ExtUtils::MM" => "ExtUtils-MakeMaker","ExtUtils::MM_AIX" => "ExtUtils-MakeMaker","ExtUtils::MM_Any" => "ExtUtils-MakeMaker","ExtUtils::MM_BeOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Cygwin" => "ExtUtils-MakeMaker","ExtUtils::MM_DOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Darwin" => "ExtUtils-MakeMaker","ExtUtils::MM_MacOS" => "ExtUtils-MakeMaker","ExtUtils::MM_NW5" => "ExtUtils-MakeMaker","ExtUtils::MM_OS2" => "ExtUtils-MakeMaker","ExtUtils::MM_OS390" => "ExtUtils-MakeMaker","ExtUtils::MM_QNX" => "ExtUtils-MakeMaker","ExtUtils::MM_UWIN" => "ExtUtils-MakeMaker","ExtUtils::MM_Unix" => "ExtUtils-MakeMaker","ExtUtils::MM_VMS" => "ExtUtils-MakeMaker","ExtUtils::MM_VOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Win32" => "ExtUtils-MakeMaker","ExtUtils::MM_Win95" => "ExtUtils-MakeMaker","ExtUtils::MY" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::Config" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::Locale" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::_version" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::charstar" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version::regex" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version::vpp" => "ExtUtils-MakeMaker","ExtUtils::Miniperl" => "perl","ExtUtils::Mkbootstrap" => "ExtUtils-MakeMaker","ExtUtils::Mksymlists" => "ExtUtils-MakeMaker","ExtUtils::ParseXS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Constants" => "ExtUtils-ParseXS","ExtUtils::ParseXS::CountLines" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Eval" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ALIAS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ALIAS_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ATTRS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::BOOT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CASE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CLEANUP" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CODE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_ARGS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_POD" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_code" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_postamble" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::EXPORT_XSUB_SYMBOLS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::FALLBACK" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INCLUDE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INCLUDE_COMMAND" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INIT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INPUT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INPUT_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INTERFACE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INTERFACE_MACRO" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::IO_Param" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::MODULE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::NOT_IMPLEMENTED_YET" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OUTPUT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OUTPUT_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OVERLOAD" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::POSTCALL" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PPCODE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PREINIT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PROTOTYPE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PROTOTYPES" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Param" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Params" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::REQUIRE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ReturnType" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::SCOPE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Sig" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::TYPEMAP" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::VERSIONCHECK" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::XS_file" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::autocall" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::boot_xsub" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::cleanup_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::code_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::codeblock" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::cpp_scope" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::enable" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::global_cpp_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::init_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::input_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::keyline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::keylines" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::multiline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::multiline_merged" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::oneline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::output_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::pre_boot" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::preamble" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xbody" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xsub" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xsub_decl" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Utilities" => "ExtUtils-ParseXS","ExtUtils::Typemaps" => "ExtUtils-ParseXS","ExtUtils::Typemaps::Cmd" => "ExtUtils-ParseXS","ExtUtils::Typemaps::InputMap" => "ExtUtils-ParseXS","ExtUtils::Typemaps::OutputMap" => "ExtUtils-ParseXS","ExtUtils::Typemaps::Type" => "ExtUtils-ParseXS","ExtUtils::XSSymSet" => "perl","ExtUtils::testlib" => "ExtUtils-MakeMaker","FCGI" => "FCGI","FCGI::Stream" => "FCGI","Fake::Encode" => "Fake-Encode","Fake::Our" => "Fake-Our","FakeHomol" => "GBrowse","Fcntl" => "perl","Fh" => "CGI","File::Basename" => "perl","File::Compare" => "perl","File::Copy" => "perl","File::DataClass" => "File-DataClass","File::DataClass::Cache" => "File-DataClass","File::DataClass::Constants" => "File-DataClass","File::DataClass::Exception" => "File-DataClass","File::DataClass::Functions" => "File-DataClass","File::DataClass::IO" => "File-DataClass","File::DataClass::List" => "File-DataClass","File::DataClass::Result" => "File-DataClass","File::DataClass::ResultSet" => "File-DataClass","File::DataClass::ResultSource" => "File-DataClass","File::DataClass::Schema" => "File-DataClass","File::DataClass::Storage" => "File-DataClass","File::DataClass::Storage::Any" => "File-DataClass","File::DataClass::Storage::JSON" => "File-DataClass","File::DataClass::Types" => "File-DataClass","File::DosGlob" => "perl","File::Find" => "perl","File::Find::Rule" => "File-Find-Rule","File::Find::Rule::Test::ATeam" => "File-Find-Rule","File::Glob" => "perl","File::GlobMapper" => "IO-Compress","File::KeePass" => "File-KeePass","File::Path" => "File-Path","File::RandomAccess" => "Image-ExifTool","File::Slurp" => "File-Slurp","File::Spec" => "PathTools","File::Spec::AmigaOS" => "PathTools","File::Spec::Cygwin" => "PathTools","File::Spec::Epoc" => "PathTools","File::Spec::Functions" => "PathTools","File::Spec::Mac" => "PathTools","File::Spec::OS2" => "PathTools","File::Spec::Unix" => "PathTools","File::Spec::VMS" => "PathTools","File::Spec::Win32" => "PathTools","File::Temp" => "File-Temp","File::stat" => "perl","FileCache" => "perl","FileHandle" => "perl","FileSlurp_12" => "File-Slurp","Filesys::SmbClientParser" => "Filesys-SmbClientParser","FindExt" => "perl","GD" => "GD","GD::Group" => "GD","GD::Image" => "GD","GD::Polygon" => "GD","GD::Polyline" => "GD","GD::Simple" => "GD","GDBM_File" => "perl","GPIB" => "GPIB","GPIB::hp33120a" => "GPIB","GPIB::hp3585a" => "GPIB","GPIB::hp59306a" => "GPIB","GPIB::hpe3631a" => "GPIB","GPIB::hpserial" => "GPIB","GPIB::llp" => "GPIB","GPIB::ni" => "GPIB","GPIB::rmt" => "GPIB","Galileo" => "Galileo","Galileo::Admin" => "Galileo","Galileo::Command::dump" => "Galileo","Galileo::Command::setup" => "Galileo","Galileo::DB::Deploy" => "Galileo","Galileo::DB::Schema" => "Galileo","Galileo::DB::Schema::Result::Menu" => "Galileo","Galileo::DB::Schema::Result::Page" => "Galileo","Galileo::DB::Schema::Result::User" => "Galileo","Galileo::File" => "Galileo","Galileo::Menu" => "Galileo","Galileo::Page" => "Galileo","Galileo::Plugin::Deploy" => "Galileo","Galileo::Plugin::Modal" => "Galileo","Galileo::User" => "Galileo","Getopt::Std" => "perl","Git::Raw" => "Git-Raw","Git::Raw::AnnotatedCommit" => "Git-Raw","Git::Raw::Blame" => "Git-Raw","Git::Raw::Blame::Hunk" => "Git-Raw","Git::Raw::Blob" => "Git-Raw","Git::Raw::Branch" => "Git-Raw","Git::Raw::Cert" => "Git-Raw","Git::Raw::Cert::HostKey" => "Git-Raw","Git::Raw::Cert::X509" => "Git-Raw","Git::Raw::Commit" => "Git-Raw","Git::Raw::Config" => "Git-Raw","Git::Raw::Cred" => "Git-Raw","Git::Raw::Diff" => "Git-Raw","Git::Raw::Diff::Delta" => "Git-Raw","Git::Raw::Diff::File" => "Git-Raw","Git::Raw::Diff::Hunk" => "Git-Raw","Git::Raw::Diff::Stats" => "Git-Raw","Git::Raw::Error" => "Git-Raw","Git::Raw::Error::Category" => "Git-Raw","Git::Raw::Filter" => "Git-Raw","Git::Raw::Filter::List" => "Git-Raw","Git::Raw::Filter::Source" => "Git-Raw","Git::Raw::Graph" => "Git-Raw","Git::Raw::Index" => "Git-Raw","Git::Raw::Index::Conflict" => "Git-Raw","Git::Raw::Index::Entry" => "Git-Raw","Git::Raw::Indexer" => "Git-Raw","Git::Raw::Mempack" => "Git-Raw","Git::Raw::Merge::File::Result" => "Git-Raw","Git::Raw::Note" => "Git-Raw","Git::Raw::Object" => "Git-Raw","Git::Raw::Odb" => "Git-Raw","Git::Raw::Odb::Backend" => "Git-Raw","Git::Raw::Odb::Backend::Loose" => "Git-Raw","Git::Raw::Odb::Backend::OnePack" => "Git-Raw","Git::Raw::Odb::Backend::Pack" => "Git-Raw","Git::Raw::Odb::Object" => "Git-Raw","Git::Raw::Packbuilder" => "Git-Raw","Git::Raw::Patch" => "Git-Raw","Git::Raw::PathSpec" => "Git-Raw","Git::Raw::PathSpec::MatchList" => "Git-Raw","Git::Raw::Rebase" => "Git-Raw","Git::Raw::Rebase::Operation" => "Git-Raw","Git::Raw::RefSpec" => "Git-Raw","Git::Raw::Reference" => "Git-Raw","Git::Raw::Reflog" => "Git-Raw","Git::Raw::Reflog::Entry" => "Git-Raw","Git::Raw::Remote" => "Git-Raw","Git::Raw::Repository" => "Git-Raw","Git::Raw::Signature" => "Git-Raw","Git::Raw::Stash" => "Git-Raw","Git::Raw::Stash::Progress" => "Git-Raw","Git::Raw::Submodule" => "Git-Raw","Git::Raw::Tag" => "Git-Raw","Git::Raw::TransferProgress" => "Git-Raw","Git::Raw::Tree" => "Git-Raw","Git::Raw::Tree::Builder" => "Git-Raw","Git::Raw::Tree::Entry" => "Git-Raw","Git::Raw::Walker" => "Git-Raw","Git::Raw::Worktree" => "Git-Raw","Git::XS" => "Git-XS","GitLab::API::v4" => "GitLab-API-v4","GitLab::API::v4::Config" => "GitLab-API-v4","GitLab::API::v4::Constants" => "GitLab-API-v4","GitLab::API::v4::Mock" => "GitLab-API-v4","GitLab::API::v4::Mock::Engine" => "GitLab-API-v4","GitLab::API::v4::Mock::RESTClient" => "GitLab-API-v4","GitLab::API::v4::Paginator" => "GitLab-API-v4","GitLab::API::v4::RESTClient" => "GitLab-API-v4","GitLab::API::v4::WWWClient" => "GitLab-API-v4","GitUtils" => "perl","Graphics::ColorNames" => "Graphics-ColorNames","Graphics::ColorNames::X" => "Graphics-ColorNames","Guess::Controllers" => "Squatting","HTML::EP" => "HTML-EP","HTML::EP::CGIEncryptForm" => "HTML-EP","HTML::EP::EditTable" => "HTML-EP","HTML::EP::Examples::Admin" => "HTML-EP","HTML::EP::Examples::Glimpse" => "HTML-EP","HTML::EP::Examples::POP3Client" => "HTML-EP","HTML::EP::Install" => "HTML-EP","HTML::EP::Locale" => "HTML-EP","HTML::EP::Parser" => "HTML-EP","HTML::EP::Session" => "HTML-EP","HTML::EP::Session::Cookie" => "HTML-EP","HTML::EP::Session::DBI" => "HTML-EP","HTML::EP::Session::DBIq" => "HTML-EP","HTML::EP::Session::Dumper" => "HTML-EP","HTML::EP::Shop" => "HTML-EP","HTML::EP::Tokens" => "HTML-EP","HTML::Editor" => "MySQL-Admin","HTML::Editor::Markdown" => "MySQL-Admin","HTML::Entities" => "HTML-Parser","HTML::Filter" => "HTML-Parser","HTML::HeadParser" => "HTML-Parser","HTML::LinkExtor" => "HTML-Parser","HTML::Menu::Pages" => "MySQL-Admin","HTML::Parser" => "HTML-Parser","HTML::Perlinfo" => "HTML-Perlinfo","HTML::Perlinfo::Apache" => "HTML-Perlinfo","HTML::Perlinfo::Base" => "HTML-Perlinfo","HTML::Perlinfo::Common" => "HTML-Perlinfo","HTML::Perlinfo::General" => "HTML-Perlinfo","HTML::Perlinfo::Loaded" => "HTML-Perlinfo","HTML::Perlinfo::Modules" => "HTML-Perlinfo","HTML::Perlinfo::_version" => "HTML-Perlinfo","HTML::PullParser" => "HTML-Parser","HTML::Scrubber" => "HTML-Scrubber","HTML::StripScripts" => "HTML-StripScripts","HTML::Template::Pro" => "HTML-Template-Pro","HTML::Template::Pro::WrapAssociate" => "HTML-Template-Pro","HTML::TokeParser" => "HTML-Parser","HTTP::Body" => "HTTP-Body","HTTP::Body::MultiPart" => "HTTP-Body","HTTP::Body::OctetStream" => "HTTP-Body","HTTP::Body::UrlEncoded" => "HTTP-Body","HTTP::Body::XForms" => "HTTP-Body","HTTP::Body::XFormsMultipart" => "HTTP-Body","HTTP::Daemon" => "HTTP-Daemon","HTTP::Daemon::ClientConn" => "HTTP-Daemon","HTTP::Message::PSGI" => "Plack","HTTP::Server::PSGI" => "Plack","HTTP::Session2" => "HTTP-Session2","HTTP::Session2::Base" => "HTTP-Session2","HTTP::Session2::ClientStore" => "HTTP-Session2","HTTP::Session2::ClientStore2" => "HTTP-Session2","HTTP::Session2::Expired" => "HTTP-Session2","HTTP::Session2::Random" => "HTTP-Session2","HTTP::Session2::ServerStore" => "HTTP-Session2","HTTP::Tiny" => "HTTP-Tiny","HTTP::Tiny::NoProxy" => "Dancer","HTTPAuth" => "Squatting","HTTPAuth::Controllers" => "Squatting","HTTPAuth::Views" => "Squatting","Haiku" => "perl","HarfBuzz::Shaper" => "HarfBuzz-Shaper","Hash::Util" => "perl","Hash::Util::FieldHash" => "perl","HeaderParser" => "perl","I18N::LangTags" => "perl","I18N::LangTags::Detect" => "perl","I18N::LangTags::List" => "perl","I18N::Langinfo" => "perl","IO::Compress" => "IO-Compress","IO::Compress::Adapter::Bzip2" => "IO-Compress","IO::Compress::Adapter::Deflate" => "IO-Compress","IO::Compress::Adapter::Identity" => "IO-Compress","IO::Compress::Base" => "IO-Compress","IO::Compress::Base::Common" => "IO-Compress","IO::Compress::Brotli" => "IO-Compress-Brotli","IO::Compress::Bzip2" => "IO-Compress","IO::Compress::Deflate" => "IO-Compress","IO::Compress::Gzip" => "IO-Compress","IO::Compress::Gzip::Constants" => "IO-Compress","IO::Compress::RawDeflate" => "IO-Compress","IO::Compress::Zip" => "IO-Compress","IO::Compress::Zip::Constants" => "IO-Compress","IO::Compress::Zlib::Constants" => "IO-Compress","IO::Compress::Zlib::Extra" => "IO-Compress","IO::Socket::SSL" => "IO-Socket-SSL","IO::Socket::SSL::Intercept" => "IO-Socket-SSL","IO::Socket::SSL::OCSP_Cache" => "IO-Socket-SSL","IO::Socket::SSL::OCSP_Resolver" => "IO-Socket-SSL","IO::Socket::SSL::PublicSuffix" => "IO-Socket-SSL","IO::Socket::SSL::SSL_Context" => "IO-Socket-SSL","IO::Socket::SSL::SSL_HANDLE" => "IO-Socket-SSL","IO::Socket::SSL::Session_Cache" => "IO-Socket-SSL","IO::Socket::SSL::Trace" => "IO-Socket-SSL","IO::Socket::SSL::Utils" => "IO-Socket-SSL","IO::Uncompress::Adapter::Bunzip2" => "IO-Compress","IO::Uncompress::Adapter::Identity" => "IO-Compress","IO::Uncompress::Adapter::Inflate" => "IO-Compress","IO::Uncompress::AnyInflate" => "IO-Compress","IO::Uncompress::AnyUncompress" => "IO-Compress","IO::Uncompress::Base" => "IO-Compress","IO::Uncompress::Brotli" => "IO-Compress-Brotli","IO::Uncompress::Bunzip2" => "IO-Compress","IO::Uncompress::Gunzip" => "IO-Compress","IO::Uncompress::Inflate" => "IO-Compress","IO::Uncompress::RawInflate" => "IO-Compress","IO::Uncompress::Unzip" => "IO-Compress","IPC::Cmd" => "IPC-Cmd","IPC::Cmd::System" => "IPC-Cmd","IPC::Open2" => "perl","IPC::Open3" => "perl","IPC::Run" => "IPC-Run","IPC::Run::Debug" => "IPC-Run","IPC::Run::IO" => "IPC-Run","IPC::Run::Timer" => "IPC-Run","IPC::Run::Win32Helper" => "IPC-Run","IPC::Run::Win32IO" => "IPC-Run","IPC::Run::Win32Process" => "IPC-Run","IPC::Run::Win32Pump" => "IPC-Run","IPTables::Parse" => "IPTables-Parse","Image::ExifTool" => "Image-ExifTool","Image::ExifTool::7Z" => "Image-ExifTool","Image::ExifTool::AAC" => "Image-ExifTool","Image::ExifTool::AES" => "Image-ExifTool","Image::ExifTool::AFCP" => "Image-ExifTool","Image::ExifTool::AIFF" => "Image-ExifTool","Image::ExifTool::APE" => "Image-ExifTool","Image::ExifTool::APP12" => "Image-ExifTool","Image::ExifTool::ASF" => "Image-ExifTool","Image::ExifTool::Apple" => "Image-ExifTool","Image::ExifTool::Audible" => "Image-ExifTool","Image::ExifTool::BMP" => "Image-ExifTool","Image::ExifTool::BPG" => "Image-ExifTool","Image::ExifTool::BZZ" => "Image-ExifTool","Image::ExifTool::BigTIFF" => "Image-ExifTool","Image::ExifTool::BuildTagLookup" => "Image-ExifTool","Image::ExifTool::CBOR" => "Image-ExifTool","Image::ExifTool::Canon" => "Image-ExifTool","Image::ExifTool::CanonCustom" => "Image-ExifTool","Image::ExifTool::CanonRaw" => "Image-ExifTool","Image::ExifTool::CanonVRD" => "Image-ExifTool","Image::ExifTool::CaptureOne" => "Image-ExifTool","Image::ExifTool::Casio" => "Image-ExifTool","Image::ExifTool::Charset" => "Image-ExifTool","Image::ExifTool::DICOM" => "Image-ExifTool","Image::ExifTool::DJI" => "Image-ExifTool","Image::ExifTool::DNG" => "Image-ExifTool","Image::ExifTool::DPX" => "Image-ExifTool","Image::ExifTool::DSF" => "Image-ExifTool","Image::ExifTool::DV" => "Image-ExifTool","Image::ExifTool::DarwinCore" => "Image-ExifTool","Image::ExifTool::DjVu" => "Image-ExifTool","Image::ExifTool::EXE" => "Image-ExifTool","Image::ExifTool::Exif" => "Image-ExifTool","Image::ExifTool::FITS" => "Image-ExifTool","Image::ExifTool::FLAC" => "Image-ExifTool","Image::ExifTool::FLIF" => "Image-ExifTool","Image::ExifTool::FLIR" => "Image-ExifTool","Image::ExifTool::Fixup" => "Image-ExifTool","Image::ExifTool::Flash" => "Image-ExifTool","Image::ExifTool::FlashPix" => "Image-ExifTool","Image::ExifTool::Font" => "Image-ExifTool","Image::ExifTool::FotoStation" => "Image-ExifTool","Image::ExifTool::FujiFilm" => "Image-ExifTool","Image::ExifTool::GE" => "Image-ExifTool","Image::ExifTool::GIF" => "Image-ExifTool","Image::ExifTool::GIMP" => "Image-ExifTool","Image::ExifTool::GM" => "Image-ExifTool","Image::ExifTool::GPS" => "Image-ExifTool","Image::ExifTool::GeoTiff" => "Image-ExifTool","Image::ExifTool::Geolocation" => "Image-ExifTool","Image::ExifTool::Geotag" => "Image-ExifTool","Image::ExifTool::GoPro" => "Image-ExifTool","Image::ExifTool::Google" => "Image-ExifTool","Image::ExifTool::H264" => "Image-ExifTool","Image::ExifTool::HP" => "Image-ExifTool","Image::ExifTool::HTML" => "Image-ExifTool","Image::ExifTool::HtmlDump" => "Image-ExifTool","Image::ExifTool::ICC_Profile" => "Image-ExifTool","Image::ExifTool::ICO" => "Image-ExifTool","Image::ExifTool::ID3" => "Image-ExifTool","Image::ExifTool::IPTC" => "Image-ExifTool","Image::ExifTool::ISO" => "Image-ExifTool","Image::ExifTool::ITC" => "Image-ExifTool","Image::ExifTool::Import" => "Image-ExifTool","Image::ExifTool::InDesign" => "Image-ExifTool","Image::ExifTool::InfiRay" => "Image-ExifTool","Image::ExifTool::JPEG" => "Image-ExifTool","Image::ExifTool::JPEGDigest" => "Image-ExifTool","Image::ExifTool::JSON" => "Image-ExifTool","Image::ExifTool::JVC" => "Image-ExifTool","Image::ExifTool::Jpeg2000" => "Image-ExifTool","Image::ExifTool::Kandao" => "Image-ExifTool","Image::ExifTool::Kodak" => "Image-ExifTool","Image::ExifTool::KyoceraRaw" => "Image-ExifTool","Image::ExifTool::LIF" => "Image-ExifTool","Image::ExifTool::LNK" => "Image-ExifTool","Image::ExifTool::Lang::cs" => "Image-ExifTool","Image::ExifTool::Lang::de" => "Image-ExifTool","Image::ExifTool::Lang::en_ca" => "Image-ExifTool","Image::ExifTool::Lang::en_gb" => "Image-ExifTool","Image::ExifTool::Lang::es" => "Image-ExifTool","Image::ExifTool::Lang::fi" => "Image-ExifTool","Image::ExifTool::Lang::fr" => "Image-ExifTool","Image::ExifTool::Lang::it" => "Image-ExifTool","Image::ExifTool::Lang::ja" => "Image-ExifTool","Image::ExifTool::Lang::ko" => "Image-ExifTool","Image::ExifTool::Lang::nl" => "Image-ExifTool","Image::ExifTool::Lang::pl" => "Image-ExifTool","Image::ExifTool::Lang::ru" => "Image-ExifTool","Image::ExifTool::Lang::sk" => "Image-ExifTool","Image::ExifTool::Lang::sv" => "Image-ExifTool","Image::ExifTool::Lang::tr" => "Image-ExifTool","Image::ExifTool::Lang::zh_cn" => "Image-ExifTool","Image::ExifTool::Lang::zh_tw" => "Image-ExifTool","Image::ExifTool::Leaf" => "Image-ExifTool","Image::ExifTool::LigoGPS" => "Image-ExifTool","Image::ExifTool::Lytro" => "Image-ExifTool","Image::ExifTool::M2TS" => "Image-ExifTool","Image::ExifTool::MIE" => "Image-ExifTool","Image::ExifTool::MIFF" => "Image-ExifTool","Image::ExifTool::MISB" => "Image-ExifTool","Image::ExifTool::MNG" => "Image-ExifTool","Image::ExifTool::MOI" => "Image-ExifTool","Image::ExifTool::MPC" => "Image-ExifTool","Image::ExifTool::MPEG" => "Image-ExifTool","Image::ExifTool::MPF" => "Image-ExifTool","Image::ExifTool::MRC" => "Image-ExifTool","Image::ExifTool::MWG" => "Image-ExifTool","Image::ExifTool::MXF" => "Image-ExifTool","Image::ExifTool::MacOS" => "Image-ExifTool","Image::ExifTool::MakerNotes" => "Image-ExifTool","Image::ExifTool::Matroska" => "Image-ExifTool","Image::ExifTool::Microsoft" => "Image-ExifTool","Image::ExifTool::Minolta" => "Image-ExifTool","Image::ExifTool::MinoltaRaw" => "Image-ExifTool","Image::ExifTool::Motorola" => "Image-ExifTool","Image::ExifTool::Nikon" => "Image-ExifTool","Image::ExifTool::NikonCapture" => "Image-ExifTool","Image::ExifTool::NikonCustom" => "Image-ExifTool","Image::ExifTool::NikonSettings" => "Image-ExifTool","Image::ExifTool::Nintendo" => "Image-ExifTool","Image::ExifTool::OOXML" => "Image-ExifTool","Image::ExifTool::Ogg" => "Image-ExifTool","Image::ExifTool::Olympus" => "Image-ExifTool","Image::ExifTool::OpenEXR" => "Image-ExifTool","Image::ExifTool::Opus" => "Image-ExifTool","Image::ExifTool::Other" => "Image-ExifTool","Image::ExifTool::PCAP" => "Image-ExifTool","Image::ExifTool::PCX" => "Image-ExifTool","Image::ExifTool::PDF" => "Image-ExifTool","Image::ExifTool::PGF" => "Image-ExifTool","Image::ExifTool::PICT" => "Image-ExifTool","Image::ExifTool::PLIST" => "Image-ExifTool","Image::ExifTool::PLUS" => "Image-ExifTool","Image::ExifTool::PNG" => "Image-ExifTool","Image::ExifTool::PPM" => "Image-ExifTool","Image::ExifTool::PSP" => "Image-ExifTool","Image::ExifTool::Palm" => "Image-ExifTool","Image::ExifTool::Panasonic" => "Image-ExifTool","Image::ExifTool::PanasonicRaw" => "Image-ExifTool","Image::ExifTool::Parrot" => "Image-ExifTool","Image::ExifTool::Pentax" => "Image-ExifTool","Image::ExifTool::PhaseOne" => "Image-ExifTool","Image::ExifTool::PhotoCD" => "Image-ExifTool","Image::ExifTool::PhotoMechanic" => "Image-ExifTool","Image::ExifTool::Photoshop" => "Image-ExifTool","Image::ExifTool::Plot" => "Image-ExifTool","Image::ExifTool::PostScript" => "Image-ExifTool","Image::ExifTool::PrintIM" => "Image-ExifTool","Image::ExifTool::Protobuf" => "Image-ExifTool","Image::ExifTool::Qualcomm" => "Image-ExifTool","Image::ExifTool::QuickTime" => "Image-ExifTool","Image::ExifTool::RIFF" => "Image-ExifTool","Image::ExifTool::RSRC" => "Image-ExifTool","Image::ExifTool::RTF" => "Image-ExifTool","Image::ExifTool::Radiance" => "Image-ExifTool","Image::ExifTool::Rawzor" => "Image-ExifTool","Image::ExifTool::Real" => "Image-ExifTool","Image::ExifTool::Reconyx" => "Image-ExifTool","Image::ExifTool::Red" => "Image-ExifTool","Image::ExifTool::Ricoh" => "Image-ExifTool","Image::ExifTool::Samsung" => "Image-ExifTool","Image::ExifTool::Sanyo" => "Image-ExifTool","Image::ExifTool::Scalado" => "Image-ExifTool","Image::ExifTool::Shortcuts" => "Image-ExifTool","Image::ExifTool::Sigma" => "Image-ExifTool","Image::ExifTool::SigmaRaw" => "Image-ExifTool","Image::ExifTool::Sony" => "Image-ExifTool","Image::ExifTool::SonyIDC" => "Image-ExifTool","Image::ExifTool::Stim" => "Image-ExifTool","Image::ExifTool::TNEF" => "Image-ExifTool","Image::ExifTool::TagInfoXML" => "Image-ExifTool","Image::ExifTool::TagLookup" => "Image-ExifTool","Image::ExifTool::Text" => "Image-ExifTool","Image::ExifTool::Theora" => "Image-ExifTool","Image::ExifTool::Torrent" => "Image-ExifTool","Image::ExifTool::Trailer" => "Image-ExifTool","Image::ExifTool::Unknown" => "Image-ExifTool","Image::ExifTool::VCard" => "Image-ExifTool","Image::ExifTool::Validate" => "Image-ExifTool","Image::ExifTool::Vorbis" => "Image-ExifTool","Image::ExifTool::WPG" => "Image-ExifTool","Image::ExifTool::WTV" => "Image-ExifTool","Image::ExifTool::WavPack" => "Image-ExifTool","Image::ExifTool::XISF" => "Image-ExifTool","Image::ExifTool::XMP" => "Image-ExifTool","Image::ExifTool::ZIP" => "Image-ExifTool","Image::ExifTool::ZISRAW" => "Image-ExifTool","Image::ExifTool::iWork" => "Image-ExifTool","Image::Info" => "Image-Info","Image::Info::AVIF" => "Image-Info","Image::Info::BMP" => "Image-Info","Image::Info::GIF" => "Image-Info","Image::Info::ICO" => "Image-Info","Image::Info::JPEG" => "Image-Info","Image::Info::PNG" => "Image-Info","Image::Info::PPM" => "Image-Info","Image::Info::Result" => "Image-Info","Image::Info::SVG" => "Image-Info","Image::Info::SVG::XMLLibXMLReader" => "Image-Info","Image::Info::SVG::XMLSimple" => "Image-Info","Image::Info::TIFF" => "Image-Info","Image::Info::WBMP" => "Image-Info","Image::Info::WEBP" => "Image-Info","Image::Info::XBM" => "Image-Info","Image::Info::XPM" => "Image-Info","Image::PNG::Simple" => "Image-PNG-Simple","Image::TIFF" => "Image-Info","Image::TIFF::Rational" => "Image-Info","Imager" => "Imager","Imager::Color" => "Imager","Imager::Color::Float" => "Imager","Imager::Color::Table" => "Imager","Imager::CountColor" => "Imager","Imager::Expr" => "Imager","Imager::Expr::Assem" => "Imager","Imager::Expr::Infix" => "Imager","Imager::Expr::Postfix" => "Imager","Imager::ExtUtils" => "Imager","Imager::FORMATS" => "Imager","Imager::File::CUR" => "Imager","Imager::File::ICO" => "Imager","Imager::File::SGI" => "Imager","Imager::Fill" => "Imager","Imager::Filter::DynTest" => "Imager","Imager::Filter::Flines" => "Imager","Imager::Filter::Mandelbrot" => "Imager","Imager::Font" => "Imager","Imager::Font::BBox" => "Imager","Imager::Font::FreeType2" => "Imager","Imager::Font::Image" => "Imager","Imager::Font::Test" => "Imager","Imager::Font::Truetype" => "Imager","Imager::Font::Type1" => "Imager","Imager::Font::Wrap" => "Imager","Imager::Fountain" => "Imager","Imager::IO" => "Imager","Imager::Matrix2d" => "Imager","Imager::Preprocess" => "Imager","Imager::Probe" => "Imager","Imager::Regops" => "Imager","Imager::Test" => "Imager","Imager::Test::OverUtf8" => "Imager","Imager::Transform" => "Imager","Imager::TrimColorList" => "Imager","Inline::Pugs" => "Perl6-Pugs","JNI" => "perl","JPL::AutoLoader" => "perl","JPL::Class" => "perl","JPL::Compile" => "perl","JS::jQuery" => "JS-jQuery","JSON::SIMD" => "JSON-SIMD","JSON::Syck" => "YAML-Syck","JSON::XS" => "JSON-XS","JavaScript::Duktape" => "JavaScript-Duktape","JavaScript::Duktape::Bool" => "JavaScript-Duktape","JavaScript::Duktape::Buffer" => "JavaScript-Duktape","JavaScript::Duktape::Data" => "JavaScript-Duktape","JavaScript::Duktape::Function" => "JavaScript-Duktape","JavaScript::Duktape::NULL" => "JavaScript-Duktape","JavaScript::Duktape::Object" => "JavaScript-Duktape","JavaScript::Duktape::Util" => "JavaScript-Duktape","JavaScript::Duktape::Vm" => "JavaScript-Duktape","JavaScript::Duktape::XS" => "JavaScript-Duktape-XS","Jifty" => "Jifty","Jifty::API" => "Jifty","Jifty::Action" => "Jifty","Jifty::Action::AboutMe" => "Jifty","Jifty::Action::Autocomplete" => "Jifty","Jifty::Action::Record" => "Jifty","Jifty::Action::Record::Bulk" => "Jifty","Jifty::Action::Record::Create" => "Jifty","Jifty::Action::Record::Delete" => "Jifty","Jifty::Action::Record::Execute" => "Jifty","Jifty::Action::Record::Search" => "Jifty","Jifty::Action::Record::Update" => "Jifty","Jifty::Action::Redirect" => "Jifty","Jifty::Bootstrap" => "Jifty","Jifty::CAS" => "Jifty","Jifty::CAS::Blob" => "Jifty","Jifty::CAS::Store" => "Jifty","Jifty::CAS::Store::LocalFile" => "Jifty","Jifty::CAS::Store::Memcached" => "Jifty","Jifty::CAS::Store::Memory" => "Jifty","Jifty::CAS::Store::Nested" => "Jifty","Jifty::ClassLoader" => "Jifty","Jifty::Client" => "Jifty","Jifty::Collection" => "Jifty","Jifty::Config" => "Jifty","Jifty::Continuation" => "Jifty","Jifty::CurrentUser" => "Jifty","Jifty::DBI" => "Jifty-DBI","Jifty::DBI::Collection" => "Jifty-DBI","Jifty::DBI::Collection::Union" => "Jifty-DBI","Jifty::DBI::Collection::Unique" => "Jifty-DBI","Jifty::DBI::Column" => "Jifty-DBI","Jifty::DBI::Filter" => "Jifty-DBI","Jifty::DBI::Filter::Boolean" => "Jifty-DBI","Jifty::DBI::Filter::Date" => "Jifty-DBI","Jifty::DBI::Filter::DateTime" => "Jifty-DBI","Jifty::DBI::Filter::Duration" => "Jifty-DBI","Jifty::DBI::Filter::SaltHash" => "Jifty-DBI","Jifty::DBI::Filter::Storable" => "Jifty-DBI","Jifty::DBI::Filter::Time" => "Jifty-DBI","Jifty::DBI::Filter::Truncate" => "Jifty-DBI","Jifty::DBI::Filter::URI" => "Jifty-DBI","Jifty::DBI::Filter::YAML" => "Jifty-DBI","Jifty::DBI::Filter::base64" => "Jifty-DBI","Jifty::DBI::Filter::utf8" => "Jifty-DBI","Jifty::DBI::Handle" => "Jifty-DBI","Jifty::DBI::Handle::Informix" => "Jifty-DBI","Jifty::DBI::Handle::ODBC" => "Jifty-DBI","Jifty::DBI::Handle::Oracle" => "Jifty-DBI","Jifty::DBI::Handle::Pg" => "Jifty-DBI","Jifty::DBI::Handle::SQLite" => "Jifty-DBI","Jifty::DBI::Handle::Sybase" => "Jifty-DBI","Jifty::DBI::Handle::mysql" => "Jifty-DBI","Jifty::DBI::Handle::mysqlPP" => "Jifty-DBI","Jifty::DBI::HasFilters" => "Jifty-DBI","Jifty::DBI::Record" => "Jifty-DBI","Jifty::DBI::Record::Cachable" => "Jifty-DBI","Jifty::DBI::Record::Memcached" => "Jifty-DBI","Jifty::DBI::Record::Plugin" => "Jifty-DBI","Jifty::DBI::Schema" => "Jifty-DBI","Jifty::DBI::SchemaGenerator" => "Jifty-DBI","Jifty::DateTime" => "Jifty","Jifty::Dispatcher" => "Jifty","Jifty::Everything" => "Jifty","Jifty::Filter::DateTime" => "Jifty","Jifty::Filter::JSON" => "Jifty","Jifty::Handle" => "Jifty","Jifty::Handler" => "Jifty","Jifty::I18N" => "Jifty","Jifty::I18N::en" => "Jifty","Jifty::JSON" => "Jifty","Jifty::LetMe" => "Jifty","Jifty::Logger" => "Jifty","Jifty::Model::Metadata" => "Jifty","Jifty::Model::Session" => "Jifty","Jifty::Model::SessionCollection" => "Jifty","Jifty::Module::Pluggable" => "Jifty","Jifty::Notification" => "Jifty","Jifty::Object" => "Jifty","Jifty::Param" => "Jifty","Jifty::Param::Schema" => "Jifty","Jifty::Plugin" => "Jifty","Jifty::Plugin::ActorMetadata" => "Jifty","Jifty::Plugin::ActorMetadata::Mixin::Model::ActorMetadata" => "Jifty","Jifty::Plugin::AdminUI" => "Jifty","Jifty::Plugin::AdminUI::Dispatcher" => "Jifty","Jifty::Plugin::AdminUI::View" => "Jifty","Jifty::Plugin::Authentication::Password" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ConfirmEmail" => "Jifty","Jifty::Plugin::Authentication::Password::Action::GeneratePasswordToken" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Login" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Logout" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ResendConfirmation" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ResetLostPassword" => "Jifty","Jifty::Plugin::Authentication::Password::Action::SendAccountConfirmation" => "Jifty","Jifty::Plugin::Authentication::Password::Action::SendPasswordReminder" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Signup" => "Jifty","Jifty::Plugin::Authentication::Password::Dispatcher" => "Jifty","Jifty::Plugin::Authentication::Password::Mixin::Model::User" => "Jifty","Jifty::Plugin::Authentication::Password::Notification::ConfirmEmail" => "Jifty","Jifty::Plugin::Authentication::Password::Notification::ConfirmLostPassword" => "Jifty","Jifty::Plugin::Authentication::Password::View" => "Jifty","Jifty::Plugin::CSSQuery" => "Jifty","Jifty::Plugin::ClassLoader" => "Jifty","Jifty::Plugin::Compat" => "Jifty","Jifty::Plugin::Compat::Apache" => "Jifty","Jifty::Plugin::Compat::CGI" => "Jifty","Jifty::Plugin::CompressedCSSandJS" => "Jifty","Jifty::Plugin::CompressedCSSandJS::Dispatcher" => "Jifty","Jifty::Plugin::Config" => "Jifty","Jifty::Plugin::Config::Action::AddConfig" => "Jifty","Jifty::Plugin::Config::Action::Config" => "Jifty","Jifty::Plugin::Config::Action::Restart" => "Jifty","Jifty::Plugin::Config::Dispatcher" => "Jifty","Jifty::Plugin::Config::View" => "Jifty","Jifty::Plugin::Deflater" => "Jifty","Jifty::Plugin::ErrorTemplates" => "Jifty","Jifty::Plugin::ErrorTemplates::View" => "Jifty","Jifty::Plugin::Halo" => "Jifty","Jifty::Plugin::Halo::Mason" => "Jifty","Jifty::Plugin::I18N" => "Jifty","Jifty::Plugin::I18N::Action::SetLang" => "Jifty","Jifty::Plugin::IEFixes" => "Jifty","Jifty::Plugin::LetMe" => "Jifty","Jifty::Plugin::LetMe::Dispatcher" => "Jifty","Jifty::Plugin::OnlineDocs" => "Jifty","Jifty::Plugin::OnlineDocs::Dispatcher" => "Jifty","Jifty::Plugin::Prototypism" => "Jifty","Jifty::Plugin::PubSub" => "Jifty","Jifty::Plugin::PubSub::Bus" => "Jifty","Jifty::Plugin::PubSub::Connection" => "Jifty","Jifty::Plugin::PubSub::Subscriptions" => "Jifty","Jifty::Plugin::REST" => "Jifty","Jifty::Plugin::REST::Dispatcher" => "Jifty","Jifty::Plugin::RPC" => "Jifty","Jifty::Plugin::RequestInspector" => "Jifty","Jifty::Plugin::RequestInspector::Model::Request" => "Jifty","Jifty::Plugin::RequestInspector::View" => "Jifty","Jifty::Plugin::SQLQueries" => "Jifty","Jifty::Plugin::SQLQueries::View" => "Jifty","Jifty::Plugin::SetupWizard" => "Jifty","Jifty::Plugin::SetupWizard::Action::TestDatabaseConnectivity" => "Jifty","Jifty::Plugin::SetupWizard::View" => "Jifty","Jifty::Plugin::SinglePage" => "Jifty","Jifty::Plugin::SinglePage::Dispatcher" => "Jifty","Jifty::Plugin::SkeletonApp" => "Jifty","Jifty::Plugin::SkeletonApp::Dispatcher" => "Jifty","Jifty::Plugin::SkeletonApp::View" => "Jifty","Jifty::Plugin::TestServerWarnings" => "Jifty","Jifty::Plugin::TestServerWarnings::Appender" => "Jifty","Jifty::Plugin::TestServerWarnings::View" => "Jifty","Jifty::Plugin::User" => "Jifty","Jifty::Plugin::User::Mixin::Model::User" => "Jifty","Jifty::Plugin::ViewDeclarePage" => "Jifty","Jifty::Plugin::ViewDeclarePage::Page" => "Jifty","Jifty::Record" => "Jifty","Jifty::Request" => "Jifty","Jifty::Request::Action" => "Jifty","Jifty::Request::Fragment" => "Jifty","Jifty::Request::Mapper" => "Jifty","Jifty::Request::StateVariable" => "Jifty","Jifty::Response" => "Jifty","Jifty::Result" => "Jifty","Jifty::RightsFrom" => "Jifty","Jifty::Schema" => "Jifty","Jifty::Script" => "Jifty","Jifty::Script::Action" => "Jifty","Jifty::Script::Adopt" => "Jifty","Jifty::Script::App" => "Jifty","Jifty::Script::Env" => "Jifty","Jifty::Script::FastCGI" => "Jifty","Jifty::Script::Help" => "Jifty","Jifty::Script::ModPerl2" => "Jifty","Jifty::Script::Model" => "Jifty","Jifty::Script::Plugin" => "Jifty","Jifty::Script::Po" => "Jifty","Jifty::Script::Schema" => "Jifty","Jifty::Script::Script" => "Jifty","Jifty::Script::Server" => "Jifty","Jifty::Script::WriteCCJS" => "Jifty","Jifty::Server" => "Jifty","Jifty::Server::Fork" => "Jifty","Jifty::Server::Fork::NetServer" => "Jifty","Jifty::Server::Prefork" => "Jifty","Jifty::Server::Prefork::NetServer" => "Jifty","Jifty::Test" => "Jifty","Jifty::Test::Dist" => "Jifty","Jifty::Test::Email" => "Jifty","Jifty::Test::WWW::Declare" => "Jifty","Jifty::Test::WWW::Mechanize" => "Jifty","Jifty::Test::WWW::Selenium" => "Jifty","Jifty::Test::WWW::WebDriver" => "Jifty","Jifty::TestServer" => "Jifty","Jifty::TestServer::Apache" => "Jifty","Jifty::TestServer::Inline" => "Jifty","Jifty::Upgrade" => "Jifty","Jifty::Upgrade::Internal" => "Jifty","Jifty::Util" => "Jifty","Jifty::View" => "Jifty","Jifty::View::Declare" => "Jifty","Jifty::View::Declare::BaseClass" => "Jifty","Jifty::View::Declare::CRUD" => "Jifty","Jifty::View::Declare::CoreTemplates" => "Jifty","Jifty::View::Declare::Handler" => "Jifty","Jifty::View::Declare::Helpers" => "Jifty","Jifty::View::Declare::Page" => "Jifty","Jifty::View::Mason::Halo" => "Jifty","Jifty::View::Mason::Handler" => "Jifty","Jifty::View::Mason::Request" => "Jifty","Jifty::View::Static::Handler" => "Jifty","Jifty::Web" => "Jifty","Jifty::Web::FileUpload" => "Jifty","Jifty::Web::Form" => "Jifty","Jifty::Web::Form::Clickable" => "Jifty","Jifty::Web::Form::Element" => "Jifty","Jifty::Web::Form::Field" => "Jifty","Jifty::Web::Form::Field::Button" => "Jifty","Jifty::Web::Form::Field::Checkbox" => "Jifty","Jifty::Web::Form::Field::Checkboxes" => "Jifty","Jifty::Web::Form::Field::Collection" => "Jifty","Jifty::Web::Form::Field::Combobox" => "Jifty","Jifty::Web::Form::Field::Date" => "Jifty","Jifty::Web::Form::Field::DateTime" => "Jifty","Jifty::Web::Form::Field::Hidden" => "Jifty","Jifty::Web::Form::Field::InlineButton" => "Jifty","Jifty::Web::Form::Field::OrderedList" => "Jifty","Jifty::Web::Form::Field::Password" => "Jifty","Jifty::Web::Form::Field::Radio" => "Jifty","Jifty::Web::Form::Field::ResetButton" => "Jifty","Jifty::Web::Form::Field::Select" => "Jifty","Jifty::Web::Form::Field::Text" => "Jifty","Jifty::Web::Form::Field::Textarea" => "Jifty","Jifty::Web::Form::Field::Time" => "Jifty","Jifty::Web::Form::Field::Unrendered" => "Jifty","Jifty::Web::Form::Field::Upload" => "Jifty","Jifty::Web::Form::Field::Uploads" => "Jifty","Jifty::Web::Form::Link" => "Jifty","Jifty::Web::Menu" => "Jifty","Jifty::Web::PageRegion" => "Jifty","Jifty::Web::Session" => "Jifty","Jifty::Web::Session::ApacheSession" => "Jifty","Jifty::Web::Session::ClientSide" => "Jifty","Jifty::Web::Session::JDBI" => "Jifty","Jifty::Web::Session::None" => "Jifty","Jifty::YAML" => "Jifty","Kelp" => "Kelp","Kelp::Base" => "Kelp","Kelp::Context" => "Kelp","Kelp::Exception" => "Kelp","Kelp::Generator" => "Kelp","Kelp::Less" => "Kelp","Kelp::Middleware" => "Kelp","Kelp::Module" => "Kelp","Kelp::Module::Config" => "Kelp","Kelp::Module::Config::Less" => "Kelp","Kelp::Module::Config::Null" => "Kelp","Kelp::Module::Config::Sandbox" => "Kelp","Kelp::Module::Encoder" => "Kelp","Kelp::Module::JSON" => "Kelp","Kelp::Module::Logger" => "Kelp","Kelp::Module::Logger::Simple" => "Kelp","Kelp::Module::Null" => "Kelp","Kelp::Module::Routes" => "Kelp","Kelp::Module::Template" => "Kelp","Kelp::Module::Template::Null" => "Kelp","Kelp::Request" => "Kelp","Kelp::Response" => "Kelp","Kelp::Routes" => "Kelp","Kelp::Routes::Controller" => "Kelp","Kelp::Routes::Location" => "Kelp","Kelp::Routes::Pattern" => "Kelp","Kelp::Template" => "Kelp","Kelp::Test" => "Kelp","Kelp::Test::CookieJar" => "Kelp","Kelp::Util" => "Kelp","Kossy" => "Kossy","Kossy::Assets" => "Kossy","Kossy::BodyParser" => "Kossy","Kossy::BodyParser::JSON" => "Kossy","Kossy::BodyParser::MultiPart" => "Kossy","Kossy::BodyParser::OctetStream" => "Kossy","Kossy::BodyParser::UrlEncoded" => "Kossy","Kossy::Connection" => "Kossy","Kossy::Exception" => "Kossy","Kossy::Request" => "Kossy","Kossy::Response" => "Kossy","Kwid::AST" => "Perl6-Pugs","Kwid::Base" => "Perl6-Pugs","Kwid::HTML" => "Perl6-Pugs","Kwid::Loader" => "Perl6-Pugs","Kwid::Parser" => "Perl6-Pugs","LRUCache" => "GBrowse","LWP" => "libwww-perl","LWP::Authen::Basic" => "libwww-perl","LWP::Authen::Digest" => "libwww-perl","LWP::Authen::Ntlm" => "libwww-perl","LWP::ConnCache" => "libwww-perl","LWP::Debug" => "libwww-perl","LWP::Debug::TraceHTTP" => "libwww-perl","LWP::DebugFile" => "libwww-perl","LWP::MemberMixin" => "libwww-perl","LWP::Protocol" => "libwww-perl","LWP::Protocol::Net::Curl" => "LWP-Protocol-Net-Curl","LWP::Protocol::cpan" => "libwww-perl","LWP::Protocol::data" => "libwww-perl","LWP::Protocol::file" => "libwww-perl","LWP::Protocol::ftp" => "libwww-perl","LWP::Protocol::gopher" => "libwww-perl","LWP::Protocol::http" => "libwww-perl","LWP::Protocol::https" => "LWP-Protocol-https","LWP::Protocol::https::Socket" => "LWP-Protocol-https","LWP::Protocol::ldap" => "perl-ldap","LWP::Protocol::ldapi" => "perl-ldap","LWP::Protocol::ldaps" => "perl-ldap","LWP::Protocol::loopback" => "libwww-perl","LWP::Protocol::mailto" => "libwww-perl","LWP::Protocol::nntp" => "libwww-perl","LWP::Protocol::nogo" => "libwww-perl","LWP::RobotUA" => "libwww-perl","LWP::Simple" => "libwww-perl","LWP::UserAgent" => "libwww-perl","LWP::UserAgent::AtomClient" => "XML-Atom","Legacy::DB::SyntenyBlock" => "GBrowse","Legacy::DB::SyntenyIO" => "GBrowse","Legacy::Graphics::Browser" => "GBrowse","Legacy::Graphics::Browser::I18n" => "GBrowse","Legacy::Graphics::Browser::PageSettings" => "GBrowse","Legacy::Graphics::Browser::Synteny" => "GBrowse","Legacy::Graphics::Browser::Util" => "GBrowse","Legacy::Graphics::BrowserConfig" => "GBrowse","Lemonldap::NG::Common" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Generate::SHA256" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Lock" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::SOAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Serialize::JSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Store" => "Lemonldap-NG-Common","Lemonldap::NG::Common::AuditLogger::UserLoggerCompat" => "Lemonldap-NG-Common","Lemonldap::NG::Common::AuditLogger::UserLoggerJSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Cli" => "Lemonldap-NG-Common","Lemonldap::NG::Common::CliSessions" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Combination::Parser" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::AccessLib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::CDBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::File" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::JSONFile" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::LDAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Local" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::MongoDB" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Overlay" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Patroni" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::RDBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::SOAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::YAMLFile" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::_DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Compact" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::DefaultValues" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::RESTServer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::ReConstants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::SAML::Metadata" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Serializer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Wrapper" => "Lemonldap-NG-Common","Lemonldap::NG::Common::CrowdSec" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Crypto" => "Lemonldap-NG-Common","Lemonldap::NG::Common::EmailAddress" => "Lemonldap-NG-Common","Lemonldap::NG::Common::EmailTransport" => "Lemonldap-NG-Common","Lemonldap::NG::Common::FormEncode" => "Lemonldap-NG-Common","Lemonldap::NG::Common::IPv6" => "Lemonldap-NG-Common","Lemonldap::NG::Common::JWT" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Languages" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Lib::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Apache2" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Dispatch" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Log4perl" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Loki" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::MessageBroker" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Null" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Sentry" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Std" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Syslog" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::_Duplicate" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::MQTT" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::NoBroker" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Pg" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Redis" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Web" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Module" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::File" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::JSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::LDAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::XML" => "Lemonldap-NG-Common","Lemonldap::NG::Common::OpenIDConnect::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::OpenIDConnect::Metadata" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Cli::Lib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Request" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Router" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::SOAPServer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::SOAPService" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Regexp" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Safelib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session::Purge" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::TOTP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::UserAgent" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Util" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Util::Crypto" => "Lemonldap-NG-Common","Lemonldap::NG::DBI::Failed" => "Lemonldap-NG-Common","Lemonldap::NG::Handler" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::FCGIClient" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Menu" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Request" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::PSGI" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::Status" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::StatusConstants" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Init" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::MsgActions" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Reload" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Run" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::SharedVariables" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Router" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Try" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Nginx" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Traefik" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Manager" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::2ndFA" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::2F" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Common" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::History" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Menu::App" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Menu::Cat" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Misc" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::CasApp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::OidcRp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::SamlSp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Attributes" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::Attributes" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::CTrees" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::OpenApi" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::PortalConstants" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::Tree" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli::Lib" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli::Request" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Diff" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Parser" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Tests" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Zero" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Notifications" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Plugin" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Sessions" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Viewer" => "Lemonldap-NG-Manager","Lemonldap::NG::Portal" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Engines::Default" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Ext2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Mail2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Okta" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Password" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Generic" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Password" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::TOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Yubikey" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::TOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::UTOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Yubikey" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Apache" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Facebook" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::GPG" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::GitHub" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Kerberos" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::LinkedIn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::PAM" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Proxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::SSL" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Twitter" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::WebID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::_Ajax" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::_WebForm" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CDC" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::ReCaptcha" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::ReCaptcha3" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::SecurityImage" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::Get" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::JitsiMeetTokens" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::2fDevices" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Captcha" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Code2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Combination::UserLogger" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CrowdSec" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CrowdSecFilter" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CustomModule" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Key" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::LazyLoadedConfiguration" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Net::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Notifications::JSON" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Notifications::XML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OIDCTokenExchange" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Okta" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OneTimeToken" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenID::SREG" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenID::Server" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OtherSessions" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OverConf" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::RESTProxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SMTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SOAPProxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Wrapper" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::_tokenRule" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Auth" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Constants" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Display" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Init" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Issuer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Menu" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Plugin" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Plugins" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Process" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Request" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Run" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::SecondFactor" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::UserDB" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::MenuTab" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AdaptativeAuthenticationLevel" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AdminLogout" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AuthOidcPkce" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AutoSignin" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::BasePasswordPolicy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::BruteForceProtection" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CDA" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CertificateResetByMail" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckDevOps" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckEntropy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckHIBP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckState" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckUser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::ContextSwitching" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CrowdSec" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CrowdSecAgent" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::DecryptValue" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::FindUser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::ForceAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::GlobalLogout" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::GrantSession" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::History" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Impersonation" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::InitializePasswordReset" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::LocationDetect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::MailPasswordReset" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::NewLocationWarning" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Notifications" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OIDCInternalTokenExchange" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OIDCNativeSso" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OidcOfflineTokens" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::PublicNotifications" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::PublicPages" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::RESTServer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Refresh" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Register" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::RememberAuthChoice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SOAPServer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SamlFederation" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SingleSession" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Status" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::StayConnected" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::TrustedBrowser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Upgrade" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::WebCron" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Facebook" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Proxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::WebID" => "Lemonldap-NG-Portal","Lemonldap::NG::SSOaaS::Apache::Client" => "Lemonldap-NG-Handler","Linux::Statm::Tiny" => "Linux-Statm-Tiny","Linux::Statm::Tiny::Mite" => "Linux-Statm-Tiny","Locale::Maketext" => "Locale-Maketext","Locale::Maketext::Guts" => "Locale-Maketext","Locale::Maketext::GutsLoader" => "Locale-Maketext","Log::Any" => "Log-Any","Log::Any::Adapter" => "Log-Any","Log::Any::Adapter::Base" => "Log-Any","Log::Any::Adapter::Capture" => "Log-Any","Log::Any::Adapter::Core" => "Log-Any","Log::Any::Adapter::File" => "Log-Any","Log::Any::Adapter::Multiplex" => "Log-Any","Log::Any::Adapter::Null" => "Log-Any","Log::Any::Adapter::Stderr" => "Log-Any","Log::Any::Adapter::Stdout" => "Log-Any","Log::Any::Adapter::Syslog" => "Log-Any","Log::Any::Adapter::Test" => "Log-Any","Log::Any::Adapter::Util" => "Log-Any","Log::Any::Manager" => "Log-Any","Log::Any::Proxy" => "Log-Any","Log::Any::Proxy::Null" => "Log-Any","Log::Any::Proxy::Test" => "Log-Any","Log::Any::Proxy::WithStackTrace" => "Log-Any","Log::Any::Test" => "Log-Any","MARC::File::XML" => "MARC-File-XML","MDK::Common" => "MDK-Common","MDK::Common::DataStructure" => "MDK-Common","MDK::Common::File" => "MDK-Common","MDK::Common::Func" => "MDK-Common","MDK::Common::Math" => "MDK-Common","MDK::Common::String" => "MDK-Common","MDK::Common::System" => "MDK-Common","MDK::Common::Various" => "MDK-Common","MHonArc::Char" => "MHonArc","MHonArc::Char::JP" => "MHonArc","MHonArc::Char::KR" => "MHonArc","MHonArc::CharEnt" => "MHonArc","MHonArc::CharEnt::AppleArabic" => "MHonArc","MHonArc::CharEnt::AppleCenteuro" => "MHonArc","MHonArc::CharEnt::AppleCroatian" => "MHonArc","MHonArc::CharEnt::AppleCyrillic" => "MHonArc","MHonArc::CharEnt::AppleGreek" => "MHonArc","MHonArc::CharEnt::AppleHebrew" => "MHonArc","MHonArc::CharEnt::AppleIceland" => "MHonArc","MHonArc::CharEnt::AppleRoman" => "MHonArc","MHonArc::CharEnt::AppleRomanian" => "MHonArc","MHonArc::CharEnt::AppleThai" => "MHonArc","MHonArc::CharEnt::AppleTurkish" => "MHonArc","MHonArc::CharEnt::BIG5_ETEN" => "MHonArc","MHonArc::CharEnt::BIG5_HKSCS" => "MHonArc","MHonArc::CharEnt::CP1250" => "MHonArc","MHonArc::CharEnt::CP1251" => "MHonArc","MHonArc::CharEnt::CP1252" => "MHonArc","MHonArc::CharEnt::CP1253" => "MHonArc","MHonArc::CharEnt::CP1254" => "MHonArc","MHonArc::CharEnt::CP1255" => "MHonArc","MHonArc::CharEnt::CP1256" => "MHonArc","MHonArc::CharEnt::CP1257" => "MHonArc","MHonArc::CharEnt::CP1258" => "MHonArc","MHonArc::CharEnt::CP866" => "MHonArc","MHonArc::CharEnt::CP932" => "MHonArc","MHonArc::CharEnt::CP936" => "MHonArc","MHonArc::CharEnt::CP949" => "MHonArc","MHonArc::CharEnt::CP950" => "MHonArc","MHonArc::CharEnt::EUC_JP" => "MHonArc","MHonArc::CharEnt::GB2312" => "MHonArc","MHonArc::CharEnt::GOST19768_87" => "MHonArc","MHonArc::CharEnt::HP_ROMAN8" => "MHonArc","MHonArc::CharEnt::ISO8859_1" => "MHonArc","MHonArc::CharEnt::ISO8859_10" => "MHonArc","MHonArc::CharEnt::ISO8859_11" => "MHonArc","MHonArc::CharEnt::ISO8859_13" => "MHonArc","MHonArc::CharEnt::ISO8859_14" => "MHonArc","MHonArc::CharEnt::ISO8859_15" => "MHonArc","MHonArc::CharEnt::ISO8859_16" => "MHonArc","MHonArc::CharEnt::ISO8859_2" => "MHonArc","MHonArc::CharEnt::ISO8859_3" => "MHonArc","MHonArc::CharEnt::ISO8859_4" => "MHonArc","MHonArc::CharEnt::ISO8859_5" => "MHonArc","MHonArc::CharEnt::ISO8859_6" => "MHonArc","MHonArc::CharEnt::ISO8859_7" => "MHonArc","MHonArc::CharEnt::ISO8859_8" => "MHonArc","MHonArc::CharEnt::ISO8859_9" => "MHonArc","MHonArc::CharEnt::KOI8_A" => "MHonArc","MHonArc::CharEnt::KOI8_B" => "MHonArc","MHonArc::CharEnt::KOI8_E" => "MHonArc","MHonArc::CharEnt::KOI8_F" => "MHonArc","MHonArc::CharEnt::KOI8_R" => "MHonArc","MHonArc::CharEnt::KOI8_U" => "MHonArc","MHonArc::CharEnt::KOI_0" => "MHonArc","MHonArc::CharEnt::KOI_7" => "MHonArc","MHonArc::CharEnt::VISCII" => "MHonArc","MHonArc::CharMaps" => "MHonArc","MHonArc::Encode" => "MHonArc","MHonArc::RFC822" => "MHonArc","MHonArc::UTF8" => "MHonArc","MHonArc::UTF8::AppleArabic" => "MHonArc","MHonArc::UTF8::AppleCenteuro" => "MHonArc","MHonArc::UTF8::AppleCroatian" => "MHonArc","MHonArc::UTF8::AppleCyrillic" => "MHonArc","MHonArc::UTF8::AppleGreek" => "MHonArc","MHonArc::UTF8::AppleHebrew" => "MHonArc","MHonArc::UTF8::AppleIceland" => "MHonArc","MHonArc::UTF8::AppleRoman" => "MHonArc","MHonArc::UTF8::AppleRomanian" => "MHonArc","MHonArc::UTF8::AppleThai" => "MHonArc","MHonArc::UTF8::AppleTurkish" => "MHonArc","MHonArc::UTF8::BIG5_ETEN" => "MHonArc","MHonArc::UTF8::BIG5_HKSCS" => "MHonArc","MHonArc::UTF8::CP1250" => "MHonArc","MHonArc::UTF8::CP1251" => "MHonArc","MHonArc::UTF8::CP1252" => "MHonArc","MHonArc::UTF8::CP1253" => "MHonArc","MHonArc::UTF8::CP1254" => "MHonArc","MHonArc::UTF8::CP1255" => "MHonArc","MHonArc::UTF8::CP1256" => "MHonArc","MHonArc::UTF8::CP1257" => "MHonArc","MHonArc::UTF8::CP1258" => "MHonArc","MHonArc::UTF8::CP866" => "MHonArc","MHonArc::UTF8::CP932" => "MHonArc","MHonArc::UTF8::CP936" => "MHonArc","MHonArc::UTF8::CP949" => "MHonArc","MHonArc::UTF8::CP950" => "MHonArc","MHonArc::UTF8::EUC_JP" => "MHonArc","MHonArc::UTF8::Encode" => "MHonArc","MHonArc::UTF8::GB2312" => "MHonArc","MHonArc::UTF8::GOST19768_87" => "MHonArc","MHonArc::UTF8::HP_ROMAN8" => "MHonArc","MHonArc::UTF8::ISO8859_1" => "MHonArc","MHonArc::UTF8::ISO8859_10" => "MHonArc","MHonArc::UTF8::ISO8859_11" => "MHonArc","MHonArc::UTF8::ISO8859_13" => "MHonArc","MHonArc::UTF8::ISO8859_14" => "MHonArc","MHonArc::UTF8::ISO8859_15" => "MHonArc","MHonArc::UTF8::ISO8859_16" => "MHonArc","MHonArc::UTF8::ISO8859_2" => "MHonArc","MHonArc::UTF8::ISO8859_3" => "MHonArc","MHonArc::UTF8::ISO8859_4" => "MHonArc","MHonArc::UTF8::ISO8859_5" => "MHonArc","MHonArc::UTF8::ISO8859_6" => "MHonArc","MHonArc::UTF8::ISO8859_7" => "MHonArc","MHonArc::UTF8::ISO8859_8" => "MHonArc","MHonArc::UTF8::ISO8859_9" => "MHonArc","MHonArc::UTF8::KOI8_A" => "MHonArc","MHonArc::UTF8::KOI8_B" => "MHonArc","MHonArc::UTF8::KOI8_E" => "MHonArc","MHonArc::UTF8::KOI8_F" => "MHonArc","MHonArc::UTF8::KOI8_R" => "MHonArc","MHonArc::UTF8::KOI8_U" => "MHonArc","MHonArc::UTF8::KOI_0" => "MHonArc","MHonArc::UTF8::KOI_7" => "MHonArc","MHonArc::UTF8::MapUTF8" => "MHonArc","MHonArc::UTF8::MhaEncode" => "MHonArc","MHonArc::UTF8::VISCII" => "MHonArc","MIME::Body" => "MIME-tools","MIME::Body::File" => "MIME-tools","MIME::Body::InCore" => "MIME-tools","MIME::Body::Scalar" => "MIME-tools","MIME::Decoder" => "MIME-tools","MIME::Decoder::Base64" => "MIME-tools","MIME::Decoder::BinHex" => "MIME-tools","MIME::Decoder::Binary" => "MIME-tools","MIME::Decoder::Gzip64" => "MIME-tools","MIME::Decoder::NBit" => "MIME-tools","MIME::Decoder::QuotedPrint" => "MIME-tools","MIME::Decoder::UU" => "MIME-tools","MIME::Entity" => "MIME-tools","MIME::Field::ConTraEnc" => "MIME-tools","MIME::Field::ContDisp" => "MIME-tools","MIME::Field::ContType" => "MIME-tools","MIME::Field::ParamVal" => "MIME-tools","MIME::Head" => "MIME-tools","MIME::Parser" => "MIME-tools","MIME::Parser::FileInto" => "MIME-tools","MIME::Parser::FileUnder" => "MIME-tools","MIME::Parser::Filer" => "MIME-tools","MIME::Parser::InnerFile" => "MIME-tools","MIME::Parser::Reader" => "MIME-tools","MIME::Parser::Results" => "MIME-tools","MIME::ToolUtils" => "MIME-tools","MIME::Tools" => "MIME-tools","MIME::WordDecoder" => "MIME-tools","MIME::WordDecoder::ISO_8859" => "MIME-tools","MIME::WordDecoder::US_ASCII" => "MIME-tools","MIME::WordDecoder::UTF_8" => "MIME-tools","MIME::Words" => "MIME-tools","MM" => "ExtUtils-MakeMaker","MY" => "ExtUtils-MakeMaker","Mail::Address" => "MailTools","Mail::Audit" => "Mail-Audit","Mail::Audit::KillDups" => "Mail-Audit","Mail::Audit::MAPS" => "Mail-Audit","Mail::Audit::MailInternet" => "Mail-Audit","Mail::Audit::MimeEntity" => "Mail-Audit","Mail::Audit::Util::Tempdir" => "Mail-Audit","Mail::Audit::Vacation" => "Mail-Audit","Mail::Cap" => "MailTools","Mail::Field" => "MailTools","Mail::Field::AddrList" => "MailTools","Mail::Field::Date" => "MailTools","Mail::Field::Generic" => "MailTools","Mail::Filter" => "MailTools","Mail::Header" => "MailTools","Mail::Internet" => "MailTools","Mail::Mailer" => "MailTools","Mail::Mailer::qmail" => "MailTools","Mail::Mailer::rfc822" => "MailTools","Mail::Mailer::sendmail" => "MailTools","Mail::Mailer::smtp" => "MailTools","Mail::Mailer::smtp::pipe" => "MailTools","Mail::Mailer::smtps" => "MailTools","Mail::Mailer::smtps::pipe" => "MailTools","Mail::Mailer::testfile" => "MailTools","Mail::Mailer::testfile::pipe" => "MailTools","Mail::Send" => "MailTools","Mail::Util" => "MailTools","MailTools" => "MailTools","Maintainers" => "perl","MarpaX::ESLIF" => "MarpaX-ESLIF","MarpaX::ESLIF::Base" => "MarpaX-ESLIF","MarpaX::ESLIF::Event::Type" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Rule::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Symbol::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Decoder" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Decoder::RecognizerInterface" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Encoder" => "MarpaX-ESLIF","MarpaX::ESLIF::Logger::Level" => "MarpaX-ESLIF","MarpaX::ESLIF::Recognizer" => "MarpaX-ESLIF","MarpaX::ESLIF::RegexCallout" => "MarpaX-ESLIF","MarpaX::ESLIF::Rule::PropertyBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::String" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::EventBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::PropertyBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::Type" => "MarpaX-ESLIF","MarpaX::ESLIF::Value" => "MarpaX-ESLIF","MarpaX::ESLIF::Value::Type" => "MarpaX-ESLIF","Math::BigInt::LTM" => "CryptX","Maypole" => "Maypole","Maypole::Application" => "Maypole","Maypole::CLI" => "Maypole","Maypole::Config" => "Maypole","Maypole::Constants" => "Maypole","Maypole::Headers" => "Maypole","Maypole::Model::Base" => "Maypole","Maypole::Model::CDBI" => "Maypole","Maypole::Model::CDBI::AsForm" => "Maypole","Maypole::Model::CDBI::Base" => "Maypole","Maypole::Model::CDBI::DFV" => "Maypole","Maypole::Model::CDBI::FromCGI" => "Maypole","Maypole::Model::CDBI::Plain" => "Maypole","Maypole::Session" => "Maypole","Maypole::View::Base" => "Maypole","Maypole::View::TT" => "Maypole","MicroWiki::Controllers" => "Squatting","MicroWiki::Views" => "Squatting","Mite" => "Mite","Mite::App" => "Mite","Mite::App::Command" => "Mite","Mite::App::Command::clean" => "Mite","Mite::App::Command::compile" => "Mite","Mite::App::Command::exec" => "Mite","Mite::App::Command::init" => "Mite","Mite::App::Command::preview" => "Mite","Mite::Attribute" => "Mite","Mite::Attribute::SHV::CodeGen" => "Mite","Mite::Class" => "Mite","Mite::Compiled" => "Mite","Mite::Config" => "Mite","Mite::MakeMaker" => "Mite","Mite::Miteception" => "Mite","Mite::ModuleBuild" => "Mite","Mite::Package" => "Mite","Mite::Project" => "Mite","Mite::Role" => "Mite","Mite::Role::Tiny" => "Mite","Mite::Shim" => "Mite","Mite::Signature" => "Mite","Mite::Signature::Compiler" => "Mite","Mite::Source" => "Mite","Mite::Trait::HasAttributes" => "Mite","Mite::Trait::HasConstructor" => "Mite","Mite::Trait::HasDestructor" => "Mite","Mite::Trait::HasMOP" => "Mite","Mite::Trait::HasMethods" => "Mite","Mite::Trait::HasRequiredMethods" => "Mite","Mite::Trait::HasRoles" => "Mite","Mite::Trait::HasSuperclasses" => "Mite","Mite::Types" => "Mite","ModPerl::BuildMM" => "mod_perl","ModPerl::BuildOptions" => "mod_perl","ModPerl::CScan" => "mod_perl","ModPerl::Code" => "mod_perl","ModPerl::Config" => "mod_perl","ModPerl::FunctionMap" => "mod_perl","ModPerl::FunctionTable" => "mod_perl","ModPerl::Global" => "mod_perl","ModPerl::InterpPool" => "mod_perl","ModPerl::Interpreter" => "mod_perl","ModPerl::MM" => "mod_perl","ModPerl::Manifest" => "mod_perl","ModPerl::MapBase" => "mod_perl","ModPerl::MapUtil" => "mod_perl","ModPerl::MethodLookup" => "mod_perl","ModPerl::ParseSource" => "mod_perl","ModPerl::PerlRun" => "mod_perl","ModPerl::PerlRunPrefork" => "mod_perl","ModPerl::Registry" => "mod_perl","ModPerl::RegistryBB" => "mod_perl","ModPerl::RegistryCooker" => "mod_perl","ModPerl::RegistryLoader" => "mod_perl","ModPerl::RegistryPrefork" => "mod_perl","ModPerl::StructureMap" => "mod_perl","ModPerl::TestConfig" => "mod_perl","ModPerl::TestReport" => "mod_perl","ModPerl::TestRun" => "mod_perl","ModPerl::TiPool" => "mod_perl","ModPerl::TiPoolConfig" => "mod_perl","ModPerl::TypeMap" => "mod_perl","ModPerl::Util" => "mod_perl","ModPerl::WrapXS" => "mod_perl","Module::Load::Conditional" => "Module-Load-Conditional","Module::Metadata" => "Module-Metadata","Module::Provision" => "Module-Provision","Module::Provision::Base" => "Module-Provision","Module::Provision::Config" => "Module-Provision","Module::Provision::MetaData" => "Module-Provision","Module::Provision::TraitFor::AddingFiles" => "Module-Provision","Module::Provision::TraitFor::Badges" => "Module-Provision","Module::Provision::TraitFor::CPANDistributions" => "Module-Provision","Module::Provision::TraitFor::CreatingDistributions" => "Module-Provision","Module::Provision::TraitFor::EnvControl" => "Module-Provision","Module::Provision::TraitFor::PrereqDifferences" => "Module-Provision","Module::Provision::TraitFor::Rendering" => "Module-Provision","Module::Provision::TraitFor::UpdatingContent" => "Module-Provision","Module::Provision::TraitFor::VCS" => "Module-Provision","Module::ScanDeps" => "Module-ScanDeps","Module::Signature" => "Module-Signature","Mojo" => "Mojolicious","Mojo::Asset" => "Mojolicious","Mojo::Asset::File" => "Mojolicious","Mojo::Asset::Memory" => "Mojolicious","Mojo::Base" => "Mojolicious","Mojo::BaseUtil" => "Mojolicious","Mojo::ByteStream" => "Mojolicious","Mojo::Cache" => "Mojolicious","Mojo::Collection" => "Mojolicious","Mojo::Collection::Role::Extra" => "Mojo-DOM-Role-Analyzer","Mojo::Content" => "Mojolicious","Mojo::Content::MultiPart" => "Mojolicious","Mojo::Content::Single" => "Mojolicious","Mojo::Cookie" => "Mojolicious","Mojo::Cookie::Request" => "Mojolicious","Mojo::Cookie::Response" => "Mojolicious","Mojo::DOM" => "Mojolicious","Mojo::DOM::CSS" => "Mojolicious","Mojo::DOM::HTML" => "Mojolicious","Mojo::DOM::Role::Analyzer" => "Mojo-DOM-Role-Analyzer","Mojo::Date" => "Mojolicious","Mojo::DynamicMethods" => "Mojolicious","Mojo::EventEmitter" => "Mojolicious","Mojo::Exception" => "Mojolicious","Mojo::Exception::_Guard" => "Mojolicious","Mojo::File" => "Mojolicious","Mojo::Headers" => "Mojolicious","Mojo::HelloWorld" => "Mojolicious","Mojo::Home" => "Mojolicious","Mojo::IOLoop" => "Mojolicious","Mojo::IOLoop::Client" => "Mojolicious","Mojo::IOLoop::Server" => "Mojolicious","Mojo::IOLoop::Stream" => "Mojolicious","Mojo::IOLoop::Subprocess" => "Mojolicious","Mojo::IOLoop::TLS" => "Mojolicious","Mojo::JSON" => "Mojolicious","Mojo::JSON::Pointer" => "Mojolicious","Mojo::Loader" => "Mojolicious","Mojo::Log" => "Mojolicious","Mojo::Message" => "Mojolicious","Mojo::Message::Request" => "Mojolicious","Mojo::Message::Response" => "Mojolicious","Mojo::Parameters" => "Mojolicious","Mojo::Path" => "Mojolicious","Mojo::Promise" => "Mojolicious","Mojo::Reactor" => "Mojolicious","Mojo::Reactor::EV" => "Mojolicious","Mojo::Reactor::Poll" => "Mojolicious","Mojo::SSE" => "Mojolicious","Mojo::Server" => "Mojolicious","Mojo::Server::CGI" => "Mojolicious","Mojo::Server::Daemon" => "Mojolicious","Mojo::Server::Hypnotoad" => "Mojolicious","Mojo::Server::Morbo" => "Mojolicious","Mojo::Server::Morbo::Backend" => "Mojolicious","Mojo::Server::Morbo::Backend::Poll" => "Mojolicious","Mojo::Server::PSGI" => "Mojolicious","Mojo::Server::PSGI::_IO" => "Mojolicious","Mojo::Server::Prefork" => "Mojolicious","Mojo::Template" => "Mojolicious","Mojo::Transaction" => "Mojolicious","Mojo::Transaction::HTTP" => "Mojolicious","Mojo::Transaction::WebSocket" => "Mojolicious","Mojo::URL" => "Mojolicious","Mojo::Upload" => "Mojolicious","Mojo::UserAgent" => "Mojolicious","Mojo::UserAgent::CookieJar" => "Mojolicious","Mojo::UserAgent::Proxy" => "Mojolicious","Mojo::UserAgent::Server" => "Mojolicious","Mojo::UserAgent::Transactor" => "Mojolicious","Mojo::Util" => "Mojolicious","Mojo::WebSocket" => "Mojolicious","MojoMojo" => "MojoMojo","MojoMojo::Controller::Admin" => "MojoMojo","MojoMojo::Controller::Attachment" => "MojoMojo","MojoMojo::Controller::Comment" => "MojoMojo","MojoMojo::Controller::Export" => "MojoMojo","MojoMojo::Controller::Gallery" => "MojoMojo","MojoMojo::Controller::Image" => "MojoMojo","MojoMojo::Controller::JSON" => "MojoMojo","MojoMojo::Controller::Journal" => "MojoMojo","MojoMojo::Controller::Jsrpc" => "MojoMojo","MojoMojo::Controller::Page" => "MojoMojo","MojoMojo::Controller::PageAdmin" => "MojoMojo","MojoMojo::Controller::Root" => "MojoMojo","MojoMojo::Controller::Tag" => "MojoMojo","MojoMojo::Controller::User" => "MojoMojo","MojoMojo::Declaw" => "MojoMojo","MojoMojo::Extension" => "MojoMojo","MojoMojo::Extensions::Counter" => "MojoMojo","MojoMojo::Formatter" => "MojoMojo","MojoMojo::Formatter::Amazon" => "MojoMojo","MojoMojo::Formatter::CPANHyperlink" => "MojoMojo","MojoMojo::Formatter::Comment" => "MojoMojo","MojoMojo::Formatter::Defang" => "MojoMojo","MojoMojo::Formatter::Dir" => "MojoMojo","MojoMojo::Formatter::DocBook" => "MojoMojo","MojoMojo::Formatter::DocBook::Colorize" => "MojoMojo","MojoMojo::Formatter::Emote" => "MojoMojo","MojoMojo::Formatter::File" => "MojoMojo","MojoMojo::Formatter::File::DocBook" => "MojoMojo","MojoMojo::Formatter::File::Image" => "MojoMojo","MojoMojo::Formatter::File::Pod" => "MojoMojo","MojoMojo::Formatter::File::Test" => "MojoMojo","MojoMojo::Formatter::File::Text" => "MojoMojo","MojoMojo::Formatter::Gist" => "MojoMojo","MojoMojo::Formatter::GoogleCalendar" => "MojoMojo","MojoMojo::Formatter::GoogleSearch" => "MojoMojo","MojoMojo::Formatter::IDLink" => "MojoMojo","MojoMojo::Formatter::IRCLog" => "MojoMojo","MojoMojo::Formatter::Include" => "MojoMojo","MojoMojo::Formatter::Main" => "MojoMojo","MojoMojo::Formatter::Markdown" => "MojoMojo","MojoMojo::Formatter::Pod" => "MojoMojo","MojoMojo::Formatter::Pod::Simple::HTML" => "MojoMojo","MojoMojo::Formatter::RSS" => "MojoMojo","MojoMojo::Formatter::Redirect" => "MojoMojo","MojoMojo::Formatter::SyntaxHighlight" => "MojoMojo","MojoMojo::Formatter::TOC" => "MojoMojo","MojoMojo::Formatter::Text" => "MojoMojo","MojoMojo::Formatter::Textile" => "MojoMojo","MojoMojo::Formatter::Wiki" => "MojoMojo","MojoMojo::Formatter::WikipediaLink" => "MojoMojo","MojoMojo::Formatter::YouTube" => "MojoMojo","MojoMojo::I18N" => "MojoMojo","MojoMojo::Model::DBIC" => "MojoMojo","MojoMojo::Model::Search" => "MojoMojo","MojoMojo::Model::Themes" => "MojoMojo","MojoMojo::Schema" => "MojoMojo","MojoMojo::Schema::Base::Result" => "MojoMojo","MojoMojo::Schema::Base::ResultSet" => "MojoMojo","MojoMojo::Schema::Result::Attachment" => "MojoMojo","MojoMojo::Schema::Result::Comment" => "MojoMojo","MojoMojo::Schema::Result::Content" => "MojoMojo","MojoMojo::Schema::Result::Entry" => "MojoMojo","MojoMojo::Schema::Result::Journal" => "MojoMojo","MojoMojo::Schema::Result::Link" => "MojoMojo","MojoMojo::Schema::Result::Page" => "MojoMojo","MojoMojo::Schema::Result::PageVersion" => "MojoMojo","MojoMojo::Schema::Result::PathPermissions" => "MojoMojo","MojoMojo::Schema::Result::Person" => "MojoMojo","MojoMojo::Schema::Result::Photo" => "MojoMojo","MojoMojo::Schema::Result::Preference" => "MojoMojo","MojoMojo::Schema::Result::Role" => "MojoMojo","MojoMojo::Schema::Result::RoleMember" => "MojoMojo","MojoMojo::Schema::Result::RolePrivilege" => "MojoMojo","MojoMojo::Schema::Result::Tag" => "MojoMojo","MojoMojo::Schema::Result::WantedPage" => "MojoMojo","MojoMojo::Schema::ResultSet::Attachment" => "MojoMojo","MojoMojo::Schema::ResultSet::Content" => "MojoMojo","MojoMojo::Schema::ResultSet::Page" => "MojoMojo","MojoMojo::Schema::ResultSet::Person" => "MojoMojo","MojoMojo::Schema::ResultSet::Role" => "MojoMojo","MojoMojo::Schema::ResultSet::Tag" => "MojoMojo","MojoMojo::View::Email" => "MojoMojo","MojoMojo::View::JSON" => "MojoMojo","MojoMojo::View::TT" => "MojoMojo","MojoMojo::WordDiff" => "MojoMojo","Mojolicious" => "Mojolicious","Mojolicious::Command" => "Mojolicious","Mojolicious::Command::Author::cpanify" => "Mojolicious","Mojolicious::Command::Author::generate" => "Mojolicious","Mojolicious::Command::Author::generate::app" => "Mojolicious","Mojolicious::Command::Author::generate::dockerfile" => "Mojolicious","Mojolicious::Command::Author::generate::lite_app" => "Mojolicious","Mojolicious::Command::Author::generate::makefile" => "Mojolicious","Mojolicious::Command::Author::generate::plugin" => "Mojolicious","Mojolicious::Command::Author::inflate" => "Mojolicious","Mojolicious::Command::cgi" => "Mojolicious","Mojolicious::Command::cpanify" => "Mojolicious","Mojolicious::Command::daemon" => "Mojolicious","Mojolicious::Command::eval" => "Mojolicious","Mojolicious::Command::generate" => "Mojolicious","Mojolicious::Command::generate::app" => "Mojolicious","Mojolicious::Command::generate::lite_app" => "Mojolicious","Mojolicious::Command::generate::makefile" => "Mojolicious","Mojolicious::Command::generate::plugin" => "Mojolicious","Mojolicious::Command::get" => "Mojolicious","Mojolicious::Command::inflate" => "Mojolicious","Mojolicious::Command::prefork" => "Mojolicious","Mojolicious::Command::psgi" => "Mojolicious","Mojolicious::Command::routes" => "Mojolicious","Mojolicious::Command::test" => "Mojolicious","Mojolicious::Command::version" => "Mojolicious","Mojolicious::Commands" => "Mojolicious","Mojolicious::Controller" => "Mojolicious","Mojolicious::Lite" => "Mojolicious","Mojolicious::Plugin" => "Mojolicious","Mojolicious::Plugin::CSRF" => "Mojolicious-Plugin-CSRF","Mojolicious::Plugin::CSRF::Base" => "Mojolicious-Plugin-CSRF","Mojolicious::Plugin::CaptchaPNG" => "Mojolicious-Plugin-CaptchaPNG","Mojolicious::Plugin::Config" => "Mojolicious","Mojolicious::Plugin::Config::Sandbox" => "Mojolicious","Mojolicious::Plugin::DefaultHelpers" => "Mojolicious","Mojolicious::Plugin::EPLRenderer" => "Mojolicious","Mojolicious::Plugin::EPRenderer" => "Mojolicious","Mojolicious::Plugin::HeaderCondition" => "Mojolicious","Mojolicious::Plugin::JSONConfig" => "Mojolicious","Mojolicious::Plugin::Mount" => "Mojolicious","Mojolicious::Plugin::NotYAMLConfig" => "Mojolicious","Mojolicious::Plugin::OAuth2" => "Mojolicious-Plugin-OAuth2","Mojolicious::Plugin::OAuth2::Mock" => "Mojolicious-Plugin-OAuth2","Mojolicious::Plugin::PODRenderer" => "Mojolicious","Mojolicious::Plugin::TagHelpers" => "Mojolicious","Mojolicious::Plugin::Yancy" => "Yancy","Mojolicious::Plugins" => "Mojolicious","Mojolicious::Renderer" => "Mojolicious","Mojolicious::Routes" => "Mojolicious","Mojolicious::Routes::Match" => "Mojolicious","Mojolicious::Routes::Pattern" => "Mojolicious","Mojolicious::Routes::Route" => "Mojolicious","Mojolicious::Sessions" => "Mojolicious","Mojolicious::Static" => "Mojolicious","Mojolicious::Types" => "Mojolicious","Mojolicious::Validator" => "Mojolicious","Mojolicious::Validator::Validation" => "Mojolicious","Moped::Msg" => "perl","Moxy" => "Moxy","Moxy::Attribute::CarrierHook" => "Moxy","Moxy::Component::Context" => "Moxy","Moxy::Plugin" => "Moxy","Moxy::Plugin::AuthorizationCutter" => "Moxy","Moxy::Plugin::Bookmark" => "Moxy","Moxy::Plugin::ControlPanel" => "Moxy","Moxy::Plugin::CookieCutter" => "Moxy","Moxy::Plugin::DisableTableTag" => "Moxy","Moxy::Plugin::DisplayWidth" => "Moxy","Moxy::Plugin::FlashUseImgTag" => "Moxy","Moxy::Plugin::GPS" => "Moxy","Moxy::Plugin::GPS::AirHPhone" => "Moxy","Moxy::Plugin::GPS::DoCoMo" => "Moxy","Moxy::Plugin::GPS::EZweb" => "Moxy","Moxy::Plugin::GPS::ThirdForce" => "Moxy","Moxy::Plugin::HTTPHeader" => "Moxy","Moxy::Plugin::Hosts" => "Moxy","Moxy::Plugin::LocationBar" => "Moxy","Moxy::Plugin::OpenSocial" => "Moxy","Moxy::Plugin::Pictogram" => "Moxy","Moxy::Plugin::QRCode" => "Moxy","Moxy::Plugin::RefererCutter" => "Moxy","Moxy::Plugin::RelativeLocation" => "Moxy","Moxy::Plugin::ResponseTime" => "Moxy","Moxy::Plugin::Scrubber" => "Moxy","Moxy::Plugin::ShowHTMLSource" => "Moxy","Moxy::Plugin::ShowHTTPHeaders" => "Moxy","Moxy::Plugin::Status::401" => "Moxy","Moxy::Plugin::Status::404" => "Moxy","Moxy::Plugin::Status::500" => "Moxy","Moxy::Plugin::StripScripts" => "Moxy","Moxy::Plugin::UserAgentSwitcher" => "Moxy","Moxy::Plugin::UserID" => "Moxy","Moxy::Plugin::XMLisHTML" => "Moxy","Moxy::Request" => "Moxy","Moxy::Session::State::BasicAuth" => "Moxy","Moxy::Util" => "Moxy","Mozilla::CA" => "Mozilla-CA","My::Chat" => "SOAP-Lite","My::Examples" => "SOAP-Lite","My::Parameters" => "SOAP-Lite","My::PersistentIterator" => "SOAP-Lite","My::PingPong" => "SOAP-Lite","My::SessionIterator" => "SOAP-Lite","My::TAP::Parser::Iterator::Process::LSF" => "UR","My::TAP::Parser::IteratorFactory::LSF" => "UR","My::TAP::Parser::Multiplexer" => "UR","My::TAP::Parser::Scheduler" => "UR","My::TAP::Parser::Timer" => "UR","MyFeatureFileLoader" => "GBrowse","MySQL::Admin" => "MySQL-Admin","MySQL::Admin::Actions" => "MySQL-Admin","MySQL::Admin::Config" => "MySQL-Admin","MySQL::Admin::Documentation" => "MySQL-Admin","MySQL::Admin::GUI" => "MySQL-Admin","MySQL::Admin::Session" => "MySQL-Admin","MySQL::Admin::Settings" => "MySQL-Admin","MySQL::Admin::Translate" => "MySQL-Admin","MySession" => "App-Netdisco","MyStripScripts" => "HTML-StripScripts","MyTestModule" => "perl","Mysql" => "DBD-mysql","Mysql::Statement" => "DBD-mysql","Mysql::db" => "DBD-mysql","Mysql::dr" => "DBD-mysql","Mysql::st" => "DBD-mysql","NDBM_File" => "perl","Net::CIDR" => "Net-CIDR","Net::CIDR::Lite" => "Net-CIDR-Lite","Net::CIDR::Lite::Span" => "Net-CIDR-Lite","Net::CIDR::Set" => "Net-CIDR-Set","Net::CIDR::Set::IPv4" => "Net-CIDR-Set","Net::CIDR::Set::IPv6" => "Net-CIDR-Set","Net::DNS" => "Net-DNS","Net::DNS::Domain" => "Net-DNS","Net::DNS::DomainName" => "Net-DNS","Net::DNS::DomainName1035" => "Net-DNS","Net::DNS::DomainName2535" => "Net-DNS","Net::DNS::Header" => "Net-DNS","Net::DNS::Mailbox" => "Net-DNS","Net::DNS::Mailbox1035" => "Net-DNS","Net::DNS::Mailbox2535" => "Net-DNS","Net::DNS::Nameserver" => "Net-DNS","Net::DNS::Packet" => "Net-DNS","Net::DNS::Parameters" => "Net-DNS","Net::DNS::Question" => "Net-DNS","Net::DNS::RR" => "Net-DNS","Net::DNS::RR::A" => "Net-DNS","Net::DNS::RR::AAAA" => "Net-DNS","Net::DNS::RR::AFSDB" => "Net-DNS","Net::DNS::RR::AMTRELAY" => "Net-DNS","Net::DNS::RR::APL" => "Net-DNS","Net::DNS::RR::APL::Item" => "Net-DNS","Net::DNS::RR::CAA" => "Net-DNS","Net::DNS::RR::CDNSKEY" => "Net-DNS","Net::DNS::RR::CDS" => "Net-DNS","Net::DNS::RR::CERT" => "Net-DNS","Net::DNS::RR::CNAME" => "Net-DNS","Net::DNS::RR::CSYNC" => "Net-DNS","Net::DNS::RR::DELEG" => "Net-DNS","Net::DNS::RR::DELEGI" => "Net-DNS","Net::DNS::RR::DHCID" => "Net-DNS","Net::DNS::RR::DLV" => "Net-DNS","Net::DNS::RR::DNAME" => "Net-DNS","Net::DNS::RR::DNSKEY" => "Net-DNS","Net::DNS::RR::DS" => "Net-DNS","Net::DNS::RR::DSYNC" => "Net-DNS","Net::DNS::RR::EUI48" => "Net-DNS","Net::DNS::RR::EUI64" => "Net-DNS","Net::DNS::RR::GPOS" => "Net-DNS","Net::DNS::RR::HINFO" => "Net-DNS","Net::DNS::RR::HIP" => "Net-DNS","Net::DNS::RR::HTTPS" => "Net-DNS","Net::DNS::RR::IPSECKEY" => "Net-DNS","Net::DNS::RR::ISDN" => "Net-DNS","Net::DNS::RR::KEY" => "Net-DNS","Net::DNS::RR::KX" => "Net-DNS","Net::DNS::RR::L32" => "Net-DNS","Net::DNS::RR::L64" => "Net-DNS","Net::DNS::RR::LOC" => "Net-DNS","Net::DNS::RR::LP" => "Net-DNS","Net::DNS::RR::MB" => "Net-DNS","Net::DNS::RR::MG" => "Net-DNS","Net::DNS::RR::MINFO" => "Net-DNS","Net::DNS::RR::MR" => "Net-DNS","Net::DNS::RR::MX" => "Net-DNS","Net::DNS::RR::NAPTR" => "Net-DNS","Net::DNS::RR::NID" => "Net-DNS","Net::DNS::RR::NS" => "Net-DNS","Net::DNS::RR::NSEC" => "Net-DNS","Net::DNS::RR::NSEC3" => "Net-DNS","Net::DNS::RR::NSEC3PARAM" => "Net-DNS","Net::DNS::RR::NULL" => "Net-DNS","Net::DNS::RR::OPENPGPKEY" => "Net-DNS","Net::DNS::RR::OPT" => "Net-DNS","Net::DNS::RR::OPT::CHAIN" => "Net-DNS","Net::DNS::RR::OPT::CLIENT_SUBNET" => "Net-DNS","Net::DNS::RR::OPT::COOKIE" => "Net-DNS","Net::DNS::RR::OPT::DAU" => "Net-DNS","Net::DNS::RR::OPT::DHU" => "Net-DNS","Net::DNS::RR::OPT::EXPIRE" => "Net-DNS","Net::DNS::RR::OPT::EXTENDED_ERROR" => "Net-DNS","Net::DNS::RR::OPT::KEY_TAG" => "Net-DNS","Net::DNS::RR::OPT::N3U" => "Net-DNS","Net::DNS::RR::OPT::NSID" => "Net-DNS","Net::DNS::RR::OPT::PADDING" => "Net-DNS","Net::DNS::RR::OPT::REPORT_CHANNEL" => "Net-DNS","Net::DNS::RR::OPT::TCP_KEEPALIVE" => "Net-DNS","Net::DNS::RR::OPT::ZONEVERSION" => "Net-DNS","Net::DNS::RR::PTR" => "Net-DNS","Net::DNS::RR::PX" => "Net-DNS","Net::DNS::RR::RESINFO" => "Net-DNS","Net::DNS::RR::RP" => "Net-DNS","Net::DNS::RR::RRSIG" => "Net-DNS","Net::DNS::RR::RT" => "Net-DNS","Net::DNS::RR::SIG" => "Net-DNS","Net::DNS::RR::SMIMEA" => "Net-DNS","Net::DNS::RR::SOA" => "Net-DNS","Net::DNS::RR::SPF" => "Net-DNS","Net::DNS::RR::SRV" => "Net-DNS","Net::DNS::RR::SSHFP" => "Net-DNS","Net::DNS::RR::SVCB" => "Net-DNS","Net::DNS::RR::TKEY" => "Net-DNS","Net::DNS::RR::TLSA" => "Net-DNS","Net::DNS::RR::TSIG" => "Net-DNS","Net::DNS::RR::TXT" => "Net-DNS","Net::DNS::RR::URI" => "Net-DNS","Net::DNS::RR::X25" => "Net-DNS","Net::DNS::RR::ZONEMD" => "Net-DNS","Net::DNS::Resolver" => "Net-DNS","Net::DNS::Resolver::Base" => "Net-DNS","Net::DNS::Resolver::MSWin32" => "Net-DNS","Net::DNS::Resolver::Recurse" => "Net-DNS","Net::DNS::Resolver::UNIX" => "Net-DNS","Net::DNS::Resolver::android" => "Net-DNS","Net::DNS::Resolver::cygwin" => "Net-DNS","Net::DNS::Resolver::os2" => "Net-DNS","Net::DNS::Resolver::os390" => "Net-DNS","Net::DNS::Text" => "Net-DNS","Net::DNS::Update" => "Net-DNS","Net::DNS::ZoneFile" => "Net-DNS","Net::DNS::ZoneFile::Generator" => "Net-DNS","Net::DNS::ZoneFile::Text" => "Net-DNS","Net::Dropbear" => "Net-Dropbear","Net::Dropbear::SSH" => "Net-Dropbear","Net::Dropbear::SSHd" => "Net-Dropbear","Net::Dropbear::XS" => "Net-Dropbear","Net::Dropbear::XS::AuthState" => "Net-Dropbear","Net::Dropbear::XS::SessionAccept" => "Net-Dropbear","Net::Dropbox::API" => "Net-Dropbox-API","Net::EasyTCP" => "EasyTCP","Net::IP::LPM" => "Net-IP-LPM","Net::IPAddress::Util" => "Net-IPAddress-Util","Net::IPAddress::Util::Collection" => "Net-IPAddress-Util","Net::IPAddress::Util::Collection::Tie" => "Net-IPAddress-Util","Net::IPAddress::Util::Range" => "Net-IPAddress-Util","Net::IPv4Addr" => "Net-IPv4Addr","Net::LDAP" => "perl-ldap","Net::LDAP::ASN" => "perl-ldap","Net::LDAP::Bind" => "perl-ldap","Net::LDAP::Constant" => "perl-ldap","Net::LDAP::Control" => "perl-ldap","Net::LDAP::Control::Assertion" => "perl-ldap","Net::LDAP::Control::DontUseCopy" => "perl-ldap","Net::LDAP::Control::EntryChange" => "perl-ldap","Net::LDAP::Control::ManageDsaIT" => "perl-ldap","Net::LDAP::Control::MatchedValues" => "perl-ldap","Net::LDAP::Control::NoOp" => "perl-ldap","Net::LDAP::Control::Paged" => "perl-ldap","Net::LDAP::Control::PasswordPolicy" => "perl-ldap","Net::LDAP::Control::PersistentSearch" => "perl-ldap","Net::LDAP::Control::PostRead" => "perl-ldap","Net::LDAP::Control::PreRead" => "perl-ldap","Net::LDAP::Control::ProxyAuth" => "perl-ldap","Net::LDAP::Control::Relax" => "perl-ldap","Net::LDAP::Control::Sort" => "perl-ldap","Net::LDAP::Control::SortResult" => "perl-ldap","Net::LDAP::Control::Subentries" => "perl-ldap","Net::LDAP::Control::SyncDone" => "perl-ldap","Net::LDAP::Control::SyncRequest" => "perl-ldap","Net::LDAP::Control::SyncState" => "perl-ldap","Net::LDAP::Control::TreeDelete" => "perl-ldap","Net::LDAP::Control::VLV" => "perl-ldap","Net::LDAP::Control::VLVResponse" => "perl-ldap","Net::LDAP::DSML" => "perl-ldap","Net::LDAP::DSML::output" => "perl-ldap","Net::LDAP::DSML::pp" => "perl-ldap","Net::LDAP::Entry" => "perl-ldap","Net::LDAP::Extension" => "perl-ldap","Net::LDAP::Extension::Cancel" => "perl-ldap","Net::LDAP::Extension::Refresh" => "perl-ldap","Net::LDAP::Extension::SetPassword" => "perl-ldap","Net::LDAP::Extension::WhoAmI" => "perl-ldap","Net::LDAP::Extra" => "perl-ldap","Net::LDAP::Extra::AD" => "perl-ldap","Net::LDAP::Extra::eDirectory" => "perl-ldap","Net::LDAP::Filter" => "perl-ldap","Net::LDAP::FilterList" => "perl-ldap","Net::LDAP::FilterMatch" => "perl-ldap","Net::LDAP::Intermediate" => "perl-ldap","Net::LDAP::Intermediate::SyncInfo" => "perl-ldap","Net::LDAP::LDIF" => "perl-ldap","Net::LDAP::Message" => "perl-ldap","Net::LDAP::Message::Dummy" => "perl-ldap","Net::LDAP::Reference" => "perl-ldap","Net::LDAP::RootDSE" => "perl-ldap","Net::LDAP::Schema" => "perl-ldap","Net::LDAP::Search" => "perl-ldap","Net::LDAP::Util" => "perl-ldap","Net::LDAPI" => "perl-ldap","Net::LDAPS" => "perl-ldap","Net::NSCA::Client" => "Net-NSCA-Client","Net::NSCA::Client::Connection" => "Net-NSCA-Client","Net::NSCA::Client::Connection::TLS" => "Net-NSCA-Client","Net::NSCA::Client::DataPacket" => "Net-NSCA-Client","Net::NSCA::Client::InitialPacket" => "Net-NSCA-Client","Net::NSCA::Client::Library" => "Net-NSCA-Client","Net::NSCA::Client::ServerConfig" => "Net-NSCA-Client","Net::NSCA::Client::Utils" => "Net-NSCA-Client","Net::Netmask" => "Net-Netmask","Net::OAuth" => "Net-OAuth","Net::OAuth::AccessToken" => "Net-OAuth","Net::OAuth::AccessTokenRequest" => "Net-OAuth","Net::OAuth::AccessTokenResponse" => "Net-OAuth","Net::OAuth::Client" => "Net-OAuth","Net::OAuth::ConsumerRequest" => "Net-OAuth","Net::OAuth::Message" => "Net-OAuth","Net::OAuth::ProtectedResourceRequest" => "Net-OAuth","Net::OAuth::Request" => "Net-OAuth","Net::OAuth::RequestTokenRequest" => "Net-OAuth","Net::OAuth::RequestTokenResponse" => "Net-OAuth","Net::OAuth::Response" => "Net-OAuth","Net::OAuth::SignatureMethod::HMAC_SHA1" => "Net-OAuth","Net::OAuth::SignatureMethod::HMAC_SHA256" => "Net-OAuth","Net::OAuth::SignatureMethod::PLAINTEXT" => "Net-OAuth","Net::OAuth::SignatureMethod::RSA_SHA1" => "Net-OAuth","Net::OAuth::UserAuthRequest" => "Net-OAuth","Net::OAuth::UserAuthResponse" => "Net-OAuth","Net::OAuth::V1_0A::AccessTokenRequest" => "Net-OAuth","Net::OAuth::V1_0A::RequestTokenRequest" => "Net-OAuth","Net::OAuth::V1_0A::RequestTokenResponse" => "Net-OAuth","Net::OAuth::V1_0A::UserAuthResponse" => "Net-OAuth","Net::OAuth::XauthAccessTokenRequest" => "Net-OAuth","Net::OAuth::YahooAccessTokenRefreshRequest" => "Net-OAuth","Net::OpenID::Association" => "Net-OpenID-Consumer","Net::OpenID::ClaimedIdentity" => "Net-OpenID-Consumer","Net::OpenID::Consumer" => "Net-OpenID-Consumer","Net::OpenID::VerifiedIdentity" => "Net-OpenID-Consumer","Net::Ping::External" => "Net-Ping-External","Net::SNMP" => "Net-SNMP","Net::SNMP::Dispatcher" => "Net-SNMP","Net::SNMP::Message" => "Net-SNMP","Net::SNMP::MessageProcessing" => "Net-SNMP","Net::SNMP::PDU" => "Net-SNMP","Net::SNMP::Security" => "Net-SNMP","Net::SNMP::Security::Community" => "Net-SNMP","Net::SNMP::Security::USM" => "Net-SNMP","Net::SNMP::Transport" => "Net-SNMP","Net::SNMP::Transport::IPv4" => "Net-SNMP","Net::SNMP::Transport::IPv4::TCP" => "Net-SNMP","Net::SNMP::Transport::IPv4::UDP" => "Net-SNMP","Net::SNMP::Transport::IPv6" => "Net-SNMP","Net::SNMP::Transport::IPv6::TCP" => "Net-SNMP","Net::SNMP::Transport::IPv6::UDP" => "Net-SNMP","Net::SNMP::Transport::TCP" => "Net-SNMP","Net::SNMP::Transport::TCP6" => "Net-SNMP","Net::SNMP::Transport::UDP" => "Net-SNMP","Net::SNMP::Transport::UDP6" => "Net-SNMP","Net::SSLeay" => "Net-SSLeay","Net::SSLeay::Handle" => "Net-SSLeay","Net::Server" => "Net-Server","Net::Server::Coro" => "Net-Server-Coro","Net::Server::Daemonize" => "Net-Server","Net::Server::Fork" => "Net-Server","Net::Server::HTTP" => "Net-Server","Net::Server::INET" => "Net-Server","Net::Server::INET::Handle" => "Net-Server","Net::Server::IP" => "Net-Server","Net::Server::Log::Log::Log4perl" => "Net-Server","Net::Server::Log::Sys::Syslog" => "Net-Server","Net::Server::MultiType" => "Net-Server","Net::Server::Multiplex" => "Net-Server","Net::Server::Multiplex::MUX" => "Net-Server","Net::Server::PSGI" => "Net-Server","Net::Server::PreFork" => "Net-Server","Net::Server::PreForkSimple" => "Net-Server","Net::Server::Proto" => "Net-Server","Net::Server::Proto::Coro" => "Net-Server-Coro","Net::Server::Proto::Coro::FH" => "Net-Server-Coro","Net::Server::Proto::SSL" => "Net-Server","Net::Server::Proto::SSLEAY" => "Net-Server","Net::Server::Proto::TCP" => "Net-Server","Net::Server::Proto::UDP" => "Net-Server","Net::Server::Proto::UNIX" => "Net-Server","Net::Server::Proto::UNIXDGRAM" => "Net-Server","Net::Server::SIG" => "Net-Server","Net::Server::Single" => "Net-Server","Net::Server::Thread" => "Net-Server","Net::Server::TiedHandle" => "Net-Server","Net::Xero" => "Net-Xero","Net::hostent" => "perl","Net::netent" => "perl","Net::protoent" => "perl","Net::servent" => "perl","Nginx" => "Nginx-Perl","Nginx::Perl" => "Nginx-Perl","Nginx::Test" => "Nginx-Perl","Nginx::Test::Child" => "Nginx-Perl","NginxPerlTest" => "Nginx-Perl","O" => "perl","ODBM_File" => "perl","OS2::DLL" => "perl","OS2::DLL::dll" => "perl","OS2::ExtAttr" => "perl","OS2::PrfDB" => "perl","OS2::PrfDB::Hini" => "perl","OS2::PrfDB::Sub" => "perl","OS2::Process" => "perl","OS2::REXX" => "perl","OS2::REXX::_ARRAY" => "perl","OS2::REXX::_HASH" => "perl","OS2::REXX::_SCALAR" => "perl","OS2::localMorphPM" => "perl","Opcode" => "perl","OptreeCheck" => "perl","Otogiri" => "Otogiri","OverloadedClass" => "CGI-Session","OverloadedObjectClass" => "CGI-Session","PAR" => "PAR","PAR::Filter" => "PAR-Packer","PAR::Filter::Bleach" => "PAR-Packer","PAR::Filter::Bytecode" => "PAR-Packer","PAR::Filter::Obfuscate" => "PAR-Packer","PAR::Filter::PatchContent" => "PAR-Packer","PAR::Filter::PodStrip" => "PAR-Packer","PAR::Heavy" => "PAR","PAR::Packer" => "PAR-Packer","PAR::SetupProgname" => "PAR","PAR::SetupTemp" => "PAR","PAR::StrippedPARL::Base" => "PAR-Packer","PApp" => "PApp","PApp::Admin" => "PApp","PApp::Application" => "PApp","PApp::Application::Agni" => "PApp","PApp::CGI" => "PApp","PApp::CGI::Connection" => "PApp","PApp::CGI::Request" => "PApp","PApp::Callback" => "PApp","PApp::Callback::Function" => "PApp","PApp::Config" => "PApp","PApp::DataRef" => "PApp","PApp::DataRef::Base" => "PApp","PApp::DataRef::DB_row" => "PApp","PApp::DataRef::Hash::Proxy" => "PApp","PApp::DataRef::Scalar" => "PApp","PApp::DataRef::Scalar::Proxy" => "PApp","PApp::ECMAScript" => "PApp","PApp::ECMAScript::Layer" => "PApp","PApp::EditForm" => "PApp","PApp::Env" => "PApp","PApp::Event" => "PApp","PApp::Exception" => "PApp","PApp::FormBuffer" => "PApp","PApp::HTML" => "PApp","PApp::I18n" => "PApp","PApp::I18n::PO_Reader" => "PApp","PApp::I18n::PO_Writer" => "PApp","PApp::Lock" => "PApp","PApp::Log" => "PApp","PApp::MimeType" => "PApp","PApp::PCode" => "PApp","PApp::Prefs" => "PApp","PApp::Preprocessor" => "PApp","PApp::Recode" => "PApp","PApp::SCGI" => "PApp","PApp::SCGI::PApp" => "PApp","PApp::SCGI::Worker" => "PApp","PApp::Session" => "PApp","PApp::Storable" => "PApp","PApp::User" => "PApp","PApp::UserObs" => "PApp","PApp::Util" => "PApp","PApp::XBox" => "PApp","PApp::XML" => "PApp","PApp::XML::Pod2xml" => "PApp","PApp::XML::Template" => "PApp","PApp::XPCSE" => "PApp","PApp::XSLT" => "PApp","PApp::XSLT::LibXSLT" => "PApp","PApp::XSLT::Sablotron" => "PApp","PGObject::Util::DBAdmin" => "PGObject-Util-DBAdmin","PODServer" => "Squatting","PODServer::Controllers" => "Squatting","PODServer::Views" => "Squatting","POE::Component::IRC" => "POE-Component-IRC","POE::Component::IRC::Common" => "POE-Component-IRC","POE::Component::IRC::Constants" => "POE-Component-IRC","POE::Component::IRC::Plugin" => "POE-Component-IRC","POE::Component::IRC::Plugin::AutoJoin" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotAddressed" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotCommand" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotTraffic" => "POE-Component-IRC","POE::Component::IRC::Plugin::CTCP" => "POE-Component-IRC","POE::Component::IRC::Plugin::Connector" => "POE-Component-IRC","POE::Component::IRC::Plugin::Console" => "POE-Component-IRC","POE::Component::IRC::Plugin::CycleEmpty" => "POE-Component-IRC","POE::Component::IRC::Plugin::DCC" => "POE-Component-IRC","POE::Component::IRC::Plugin::FollowTail" => "POE-Component-IRC","POE::Component::IRC::Plugin::ISupport" => "POE-Component-IRC","POE::Component::IRC::Plugin::Logger" => "POE-Component-IRC","POE::Component::IRC::Plugin::NickReclaim" => "POE-Component-IRC","POE::Component::IRC::Plugin::NickServID" => "POE-Component-IRC","POE::Component::IRC::Plugin::PlugMan" => "POE-Component-IRC","POE::Component::IRC::Plugin::Proxy" => "POE-Component-IRC","POE::Component::IRC::Plugin::Whois" => "POE-Component-IRC","POE::Component::IRC::Qnet" => "POE-Component-IRC","POE::Component::IRC::Qnet::State" => "POE-Component-IRC","POE::Component::IRC::State" => "POE-Component-IRC","POE::Filter::IRC" => "POE-Component-IRC","POE::Filter::IRC::Compat" => "POE-Component-IRC","POSIX" => "perl","POSIX::2008" => "POSIX-2008","POSIX::SigAction" => "perl","POSIX::SigRt" => "perl","POSIX::SigSet" => "perl","PalImg" => "Perlbal","PaletteModify" => "Perlbal","Parallel::ForkManager" => "Parallel-ForkManager","Parallel::ForkManager::Child" => "Parallel-ForkManager","Parse::ePerl" => "eperl","Perl6::MakeMaker" => "Perl6-Pugs","Perl6::Pugs" => "Perl6-Pugs","Perl6::Pugs::Config" => "Perl6-Pugs","Perl6::Pugs::Config::MiniYAML" => "Perl6-Pugs","Perl::Tidy" => "Perl-Tidy","Perl::Tidy::Debugger" => "Perl-Tidy","Perl::Tidy::DevNull" => "Perl-Tidy","Perl::Tidy::Diagnostics" => "Perl-Tidy","Perl::Tidy::FileWriter" => "Perl-Tidy","Perl::Tidy::Formatter" => "Perl-Tidy","Perl::Tidy::HtmlWriter" => "Perl-Tidy","Perl::Tidy::IOScalar" => "Perl-Tidy","Perl::Tidy::IOScalarArray" => "Perl-Tidy","Perl::Tidy::IndentationItem" => "Perl-Tidy","Perl::Tidy::LineBuffer" => "Perl-Tidy","Perl::Tidy::LineSink" => "Perl-Tidy","Perl::Tidy::LineSource" => "Perl-Tidy","Perl::Tidy::Logger" => "Perl-Tidy","Perl::Tidy::Tokenizer" => "Perl-Tidy","Perl::Tidy::VerticalAligner" => "Perl-Tidy","Perl::Tidy::VerticalAligner::Alignment" => "Perl-Tidy","Perl::Tidy::VerticalAligner::Line" => "Perl-Tidy","Perl::Version" => "Perl-Version","PerlIO" => "perl","PerlIO::encoding" => "perl","PerlIO::mmap" => "perl","PerlIO::scalar" => "perl","PerlIO::via" => "perl","PerlTmp" => "Batch-Batchrun","Perlbal" => "Perlbal","Perlbal::AIO" => "Perlbal","Perlbal::BackendHTTP" => "Perlbal","Perlbal::Cache" => "Perlbal","Perlbal::ChunkedUploadState" => "Perlbal","Perlbal::ClientHTTP" => "Perlbal","Perlbal::ClientHTTPBase" => "Perlbal","Perlbal::ClientManage" => "Perlbal","Perlbal::ClientProxy" => "Perlbal","Perlbal::CommandContext" => "Perlbal","Perlbal::Fields" => "Perlbal","Perlbal::HTTPHeaders" => "Perlbal","Perlbal::ManageCommand" => "Perlbal","Perlbal::Plugin::AccessControl" => "Perlbal","Perlbal::Plugin::AutoRemoveLeadingDir" => "Perlbal","Perlbal::Plugin::Cgilike" => "Perlbal","Perlbal::Plugin::Cgilike::Request" => "Perlbal","Perlbal::Plugin::EchoService" => "Perlbal","Perlbal::Plugin::EchoService::Client" => "Perlbal","Perlbal::Plugin::FlvStreaming" => "Perlbal","Perlbal::Plugin::Highpri" => "Perlbal","Perlbal::Plugin::Include" => "Perlbal","Perlbal::Plugin::LazyCDN" => "Perlbal","Perlbal::Plugin::MaxContentLength" => "Perlbal","Perlbal::Plugin::NotModified" => "Perlbal","Perlbal::Plugin::Palimg" => "Perlbal","Perlbal::Plugin::Queues" => "Perlbal","Perlbal::Plugin::Redirect" => "Perlbal","Perlbal::Plugin::Stats" => "Perlbal","Perlbal::Plugin::Stats::Storage" => "Perlbal","Perlbal::Plugin::Throttle" => "Perlbal","Perlbal::Plugin::Throttle::Store" => "Perlbal","Perlbal::Plugin::Throttle::Store::Memcached" => "Perlbal","Perlbal::Plugin::Throttle::Store::Memory" => "Perlbal","Perlbal::Plugin::Vhosts" => "Perlbal","Perlbal::Plugin::Vpaths" => "Perlbal","Perlbal::Plugin::XFFExtras" => "Perlbal","Perlbal::Pool" => "Perlbal","Perlbal::ReproxyManager" => "Perlbal","Perlbal::Service" => "Perlbal","Perlbal::Socket" => "Perlbal","Perlbal::SocketSSL" => "Perlbal","Perlbal::SocketSSL2" => "Perlbal","Perlbal::TCPListener" => "Perlbal","Perlbal::Test" => "Perlbal","Perlbal::Test::WebClient" => "Perlbal","Perlbal::Test::WebServer" => "Perlbal","Perlbal::UploadListener" => "Perlbal","Perlbal::Util" => "Perlbal","Perldoc::Server" => "Perldoc-Server","Perldoc::Server::Controller::Ajax" => "Perldoc-Server","Perldoc::Server::Controller::Ajax::PerlSyntax" => "Perldoc-Server","Perldoc::Server::Controller::Functions" => "Perldoc-Server","Perldoc::Server::Controller::Index" => "Perldoc-Server","Perldoc::Server::Controller::Index::Modules" => "Perldoc-Server","Perldoc::Server::Controller::Root" => "Perldoc-Server","Perldoc::Server::Controller::Search" => "Perldoc-Server","Perldoc::Server::Controller::Source" => "Perldoc-Server","Perldoc::Server::Controller::View" => "Perldoc-Server","Perldoc::Server::Convert::html" => "Perldoc-Server","Perldoc::Server::Model::Index" => "Perldoc-Server","Perldoc::Server::Model::PerlFunc" => "Perldoc-Server","Perldoc::Server::Model::Pod" => "Perldoc-Server","Perldoc::Server::Model::Section" => "Perldoc-Server","Perldoc::Server::View::Function" => "Perldoc-Server","Perldoc::Server::View::OpenThoughtTT" => "Perldoc-Server","Perldoc::Server::View::Pod2HTML" => "Perldoc-Server","Perldoc::Server::View::Pod2Source" => "Perldoc-Server","Perldoc::Server::View::TT" => "Perldoc-Server","PhonyClipboard" => "Clipboard","Pinto" => "Pinto","Pinto::Action" => "Pinto","Pinto::Action::Add" => "Pinto","Pinto::Action::Clean" => "Pinto","Pinto::Action::Copy" => "Pinto","Pinto::Action::Default" => "Pinto","Pinto::Action::Delete" => "Pinto","Pinto::Action::Diff" => "Pinto","Pinto::Action::Install" => "Pinto","Pinto::Action::Kill" => "Pinto","Pinto::Action::List" => "Pinto","Pinto::Action::Lock" => "Pinto","Pinto::Action::Log" => "Pinto","Pinto::Action::Look" => "Pinto","Pinto::Action::Merge" => "Pinto","Pinto::Action::New" => "Pinto","Pinto::Action::Nop" => "Pinto","Pinto::Action::Pin" => "Pinto","Pinto::Action::Props" => "Pinto","Pinto::Action::Pull" => "Pinto","Pinto::Action::Register" => "Pinto","Pinto::Action::Rename" => "Pinto","Pinto::Action::Reset" => "Pinto","Pinto::Action::Revert" => "Pinto","Pinto::Action::Roots" => "Pinto","Pinto::Action::Stacks" => "Pinto","Pinto::Action::Statistics" => "Pinto","Pinto::Action::Unlock" => "Pinto","Pinto::Action::Unpin" => "Pinto","Pinto::Action::Unregister" => "Pinto","Pinto::Action::Update" => "Pinto","Pinto::Action::Verify" => "Pinto","Pinto::ArchiveUnpacker" => "Pinto","Pinto::Chrome" => "Pinto","Pinto::Chrome::Net" => "Pinto","Pinto::Chrome::Term" => "Pinto","Pinto::CommitMessage" => "Pinto","Pinto::Config" => "Pinto","Pinto::Constants" => "Pinto","Pinto::Database" => "Pinto","Pinto::Difference" => "Pinto","Pinto::DifferenceEntry" => "Pinto","Pinto::DistributionSpec" => "Pinto","Pinto::Editor" => "Pinto","Pinto::Editor::Clip" => "Pinto","Pinto::Editor::Edit" => "Pinto","Pinto::Exception" => "Pinto","Pinto::Globals" => "Pinto","Pinto::IndexCache" => "Pinto","Pinto::IndexReader" => "Pinto","Pinto::IndexWriter" => "Pinto","Pinto::Initializer" => "Pinto","Pinto::Locator" => "Pinto","Pinto::Locator::Mirror" => "Pinto","Pinto::Locator::Multiplex" => "Pinto","Pinto::Locator::Stratopan" => "Pinto","Pinto::Locker" => "Pinto","Pinto::Manual" => "Pinto","Pinto::Manual::Installing" => "Pinto","Pinto::Manual::Introduction" => "Pinto","Pinto::Manual::QuickStart" => "Pinto","Pinto::Manual::Thanks" => "Pinto","Pinto::Manual::Tutorial" => "Pinto","Pinto::Migrator" => "Pinto","Pinto::ModlistWriter" => "Pinto","Pinto::PackageExtractor" => "Pinto","Pinto::PackageSpec" => "Pinto","Pinto::PrerequisiteWalker" => "Pinto","Pinto::Remote" => "Pinto","Pinto::Remote::Action" => "Pinto","Pinto::Remote::Action::Add" => "Pinto","Pinto::Remote::Action::Install" => "Pinto","Pinto::Remote::Result" => "Pinto","Pinto::Repository" => "Pinto","Pinto::Result" => "Pinto","Pinto::RevisionWalker" => "Pinto","Pinto::Role::Committable" => "Pinto","Pinto::Role::FileFetcher" => "Pinto","Pinto::Role::Installer" => "Pinto","Pinto::Role::PauseConfig" => "Pinto","Pinto::Role::Plated" => "Pinto","Pinto::Role::Puller" => "Pinto","Pinto::Role::Schema::Result" => "Pinto","Pinto::Role::Transactional" => "Pinto","Pinto::Role::UserAgent" => "Pinto","Pinto::Schema" => "Pinto","Pinto::Schema::Result::Ancestry" => "Pinto","Pinto::Schema::Result::Distribution" => "Pinto","Pinto::Schema::Result::Package" => "Pinto","Pinto::Schema::Result::Prerequisite" => "Pinto","Pinto::Schema::Result::Registration" => "Pinto","Pinto::Schema::Result::RegistrationChange" => "Pinto","Pinto::Schema::Result::Revision" => "Pinto","Pinto::Schema::Result::Stack" => "Pinto","Pinto::Schema::ResultSet::Distribution" => "Pinto","Pinto::Schema::ResultSet::Package" => "Pinto","Pinto::Schema::ResultSet::Registration" => "Pinto","Pinto::Server" => "Pinto","Pinto::Server::Responder" => "Pinto","Pinto::Server::Responder::Action" => "Pinto","Pinto::Server::Responder::File" => "Pinto","Pinto::Server::Router" => "Pinto","Pinto::Shell" => "Pinto","Pinto::SpecFactory" => "Pinto","Pinto::Statistics" => "Pinto","Pinto::Store" => "Pinto","Pinto::Target" => "Pinto","Pinto::Target::Distribution" => "Pinto","Pinto::Target::Package" => "Pinto","Pinto::Types" => "Pinto","Pinto::Util" => "Pinto","Plack" => "Plack","Plack::App::CGIBin" => "Plack","Plack::App::Cascade" => "Plack","Plack::App::Debugger" => "Plack-Debugger","Plack::App::Directory" => "Plack","Plack::App::File" => "Plack","Plack::App::PSGIBin" => "Plack","Plack::App::URLMap" => "Plack","Plack::App::WrapCGI" => "Plack","Plack::App::XAO" => "XAO-Web","Plack::Builder" => "Plack","Plack::Component" => "Plack","Plack::Debugger" => "Plack-Debugger","Plack::Debugger::Panel" => "Plack-Debugger","Plack::Debugger::Panel::AJAX" => "Plack-Debugger","Plack::Debugger::Panel::Environment" => "Plack-Debugger","Plack::Debugger::Panel::Memory" => "Plack-Debugger","Plack::Debugger::Panel::ModuleVersions" => "Plack-Debugger","Plack::Debugger::Panel::Parameters" => "Plack-Debugger","Plack::Debugger::Panel::PerlConfig" => "Plack-Debugger","Plack::Debugger::Panel::PlackRequest" => "Plack-Debugger","Plack::Debugger::Panel::PlackResponse" => "Plack-Debugger","Plack::Debugger::Panel::Timer" => "Plack-Debugger","Plack::Debugger::Panel::Warnings" => "Plack-Debugger","Plack::Debugger::Storage" => "Plack-Debugger","Plack::HTTPParser" => "Plack","Plack::HTTPParser::PP" => "Plack","Plack::Handler" => "Plack","Plack::Handler::Apache1" => "Plack","Plack::Handler::Apache2" => "Plack","Plack::Handler::Apache2::Registry" => "Plack","Plack::Handler::CGI" => "Plack","Plack::Handler::CGI::Writer" => "Plack","Plack::Handler::FCGI" => "Plack","Plack::Handler::HTTP::Server::PSGI" => "Plack","Plack::Handler::Standalone" => "Plack","Plack::LWPish" => "Plack","Plack::Loader" => "Plack","Plack::Loader::Delayed" => "Plack","Plack::Loader::Restarter" => "Plack","Plack::Loader::Shotgun" => "Plack","Plack::MIME" => "Plack","Plack::Middleware" => "Plack","Plack::Middleware::AccessLog" => "Plack","Plack::Middleware::AccessLog::Timed" => "Plack","Plack::Middleware::Auth::Basic" => "Plack","Plack::Middleware::Auth::LemonldapNG" => "Lemonldap-NG-Handler","Plack::Middleware::Bootstrap" => "Plack-Middleware-Bootstrap","Plack::Middleware::BufferedStreaming" => "Plack","Plack::Middleware::Chunked" => "Plack","Plack::Middleware::Conditional" => "Plack","Plack::Middleware::ConditionalGET" => "Plack","Plack::Middleware::ContentLength" => "Plack","Plack::Middleware::ContentMD5" => "Plack","Plack::Middleware::Debugger::Collector" => "Plack-Debugger","Plack::Middleware::Debugger::Injector" => "Plack-Debugger","Plack::Middleware::ErrorDocument" => "Plack","Plack::Middleware::HTTPExceptions" => "Plack","Plack::Middleware::Head" => "Plack","Plack::Middleware::IIS6ScriptNameFix" => "Plack","Plack::Middleware::IIS7KeepAliveFix" => "Plack","Plack::Middleware::JSONP" => "Plack","Plack::Middleware::LighttpdScriptNameFix" => "Plack","Plack::Middleware::Lint" => "Plack","Plack::Middleware::Log4perl" => "Plack","Plack::Middleware::LogDispatch" => "Plack","Plack::Middleware::NullLogger" => "Plack","Plack::Middleware::RearrangeHeaders" => "Plack","Plack::Middleware::Recursive" => "Plack","Plack::Middleware::Refresh" => "Plack","Plack::Middleware::Runtime" => "Plack","Plack::Middleware::Session" => "Plack-Middleware-Session","Plack::Middleware::Session::Cookie" => "Plack-Middleware-Session","Plack::Middleware::Session::Simple" => "Plack-Middleware-Session-Simple","Plack::Middleware::Session::Simple::Session" => "Plack-Middleware-Session-Simple","Plack::Middleware::SimpleContentFilter" => "Plack","Plack::Middleware::SimpleLogger" => "Plack","Plack::Middleware::StackTrace" => "Plack","Plack::Middleware::Static" => "Plack","Plack::Middleware::StaticShared" => "Plack-Middleware-StaticShared","Plack::Middleware::Statsd" => "Plack-Middleware-Statsd","Plack::Middleware::Writer" => "Plack","Plack::Middleware::XFramework" => "Plack","Plack::Middleware::XSRFBlock" => "Plack-Middleware-XSRFBlock","Plack::Middleware::XSendfile" => "Plack","Plack::Recursive::ForwardRequest" => "Plack","Plack::Request" => "Plack","Plack::Request::Upload" => "Plack","Plack::Response" => "Plack","Plack::Runner" => "Plack","Plack::Server" => "Plack","Plack::Server::Apache1" => "Plack","Plack::Server::Apache2" => "Plack","Plack::Server::CGI" => "Plack","Plack::Server::FCGI" => "Plack","Plack::Server::ServerSimple" => "Plack","Plack::Server::Standalone" => "Plack","Plack::Server::Standalone::Prefork" => "Plack","Plack::Session" => "Plack-Middleware-Session","Plack::Session::Cleanup" => "Plack-Middleware-Session","Plack::Session::State" => "Plack-Middleware-Session","Plack::Session::State::Cookie" => "Plack-Middleware-Session","Plack::Session::Store" => "Plack-Middleware-Session","Plack::Session::Store::Cache" => "Plack-Middleware-Session","Plack::Session::Store::DBI" => "Plack-Middleware-Session","Plack::Session::Store::File" => "Plack-Middleware-Session","Plack::Session::Store::Null" => "Plack-Middleware-Session","Plack::TempBuffer" => "Plack","Plack::TempBuffer::Auto" => "Plack","Plack::TempBuffer::File" => "Plack","Plack::TempBuffer::PerlIO" => "Plack","Plack::Test" => "Plack","Plack::Test::Debugger" => "Plack-Debugger","Plack::Test::Debugger::ResultGenerator" => "Plack-Debugger","Plack::Test::MockHTTP" => "Plack","Plack::Test::MockHTTP::WithCleanupHandlers" => "Plack-Debugger","Plack::Test::Server" => "Plack","Plack::Test::Suite" => "Plack","Plack::Util" => "Plack","Plack::Util::Accessor" => "Plack","Plack::Util::IOWithPath" => "Plack","Plack::Util::Prototype" => "Plack","Pod::Html" => "perl","Pod::Html::Util" => "perl","Pod::Perldoc" => "Pod-Perldoc","Pod::Perldoc::BaseTo" => "Pod-Perldoc","Pod::Perldoc::GetOptsOO" => "Pod-Perldoc","Pod::Perldoc::ToANSI" => "Pod-Perldoc","Pod::Perldoc::ToChecker" => "Pod-Perldoc","Pod::Perldoc::ToMan" => "Pod-Perldoc","Pod::Perldoc::ToNroff" => "Pod-Perldoc","Pod::Perldoc::ToPod" => "Pod-Perldoc","Pod::Perldoc::ToRtf" => "Pod-Perldoc","Pod::Perldoc::ToTerm" => "Pod-Perldoc","Pod::Perldoc::ToText" => "Pod-Perldoc","Pod::Perldoc::ToTk" => "Pod-Perldoc","Pod::Perldoc::ToXml" => "Pod-Perldoc","Pod::Simple::XHTML::LocalPodLinks" => "perl","Porting::updateAUTHORS" => "perl","Proc::Daemon" => "Proc-Daemon","Proc::Killall" => "Proc-ProcessTable","Proc::Killfam" => "Proc-ProcessTable","Proc::ProcessTable" => "Proc-ProcessTable","Proc::ProcessTable::Process" => "Proc-ProcessTable","Pugs::MakeMaker" => "Perl6-Pugs","PugsConfig" => "Perl6-Pugs","RDF::Redland" => "Redland","RDF::Redland::BlankNode" => "Redland","RDF::Redland::CORE" => "Redland","RDF::Redland::COREc" => "Redland","RDF::Redland::Iterator" => "Redland","RDF::Redland::LiteralNode" => "Redland","RDF::Redland::Model" => "Redland","RDF::Redland::Node" => "Redland","RDF::Redland::Parser" => "Redland","RDF::Redland::Query" => "Redland","RDF::Redland::QueryResults" => "Redland","RDF::Redland::RSS" => "Redland","RDF::Redland::RSS::Node" => "Redland","RDF::Redland::Serializer" => "Redland","RDF::Redland::Statement" => "Redland","RDF::Redland::Storage" => "Redland","RDF::Redland::Stream" => "Redland","RDF::Redland::URI" => "Redland","RDF::Redland::URINode" => "Redland","RDF::Redland::World" => "Redland","RDF::Redland::XMLLiteralNode" => "Redland","RPC::PlClient" => "PlRPC","RPC::PlClient::Comm" => "PlRPC","RPC::PlClient::Object" => "PlRPC","RPC::PlServer" => "PlRPC","RPC::PlServer::Comm" => "PlRPC","RPC::PlServer::Test" => "PlRPC","RPC::XML" => "RPC-XML","RPC::XML::Client" => "RPC-XML","RPC::XML::Function" => "RPC-XML","RPC::XML::Method" => "RPC-XML","RPC::XML::Parser" => "RPC-XML","RPC::XML::Parser::XMLLibXML" => "RPC-XML","RPC::XML::Parser::XMLParser" => "RPC-XML","RPC::XML::ParserFactory" => "RPC-XML","RPC::XML::Procedure" => "RPC-XML","RPC::XML::Server" => "RPC-XML","RPC::XML::array" => "RPC-XML","RPC::XML::base64" => "RPC-XML","RPC::XML::boolean" => "RPC-XML","RPC::XML::datatype" => "RPC-XML","RPC::XML::datetime_iso8601" => "RPC-XML","RPC::XML::double" => "RPC-XML","RPC::XML::fault" => "RPC-XML","RPC::XML::i4" => "RPC-XML","RPC::XML::i8" => "RPC-XML","RPC::XML::int" => "RPC-XML","RPC::XML::nil" => "RPC-XML","RPC::XML::request" => "RPC-XML","RPC::XML::response" => "RPC-XML","RPC::XML::simple_type" => "RPC-XML","RPC::XML::string" => "RPC-XML","RPC::XML::struct" => "RPC-XML","RT::Authen::ExternalAuth" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::DBI" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::DBI::Cookie" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::LDAP" => "RT-Authen-ExternalAuth","RT::Extension::MobileUI" => "RT-Extension-MobileUI","RTMP::Client" => "RTMP-Client","Redis::Fast" => "Redis-Fast","Redis::Fast::Hash" => "Redis-Fast","Redis::Fast::List" => "Redis-Fast","Redis::Fast::Sentinel" => "Redis-Fast","Redis::hiredis" => "Redis-hiredis","Resource::Pack::jQuery" => "Resource-Pack-jQuery","SDBM_File" => "perl","SOAP::Apache" => "SOAP-Lite","SOAP::Cloneable" => "SOAP-Lite","SOAP::Constants" => "SOAP-Lite","SOAP::Custom::XML::Data" => "SOAP-Lite","SOAP::Custom::XML::Deserializer" => "SOAP-Lite","SOAP::Data" => "SOAP-Lite","SOAP::Deserializer" => "SOAP-Lite","SOAP::Fault" => "SOAP-Lite","SOAP::Header" => "SOAP-Lite","SOAP::Lite" => "SOAP-Lite","SOAP::Lite::COM" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchema1999" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchema2001" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchemaSOAP1_1" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchemaSOAP1_2" => "SOAP-Lite","SOAP::Lite::Packager" => "SOAP-Lite","SOAP::Lite::Packager::DIME" => "SOAP-Lite","SOAP::Lite::Packager::MIME" => "SOAP-Lite","SOAP::Lite::Utils" => "SOAP-Lite","SOAP::MIMEParser" => "SOAP-Lite","SOAP::Packager" => "SOAP-Lite","SOAP::Packager::DIME" => "SOAP-Lite","SOAP::Packager::MIME" => "SOAP-Lite","SOAP::SOM" => "SOAP-Lite","SOAP::Schema" => "SOAP-Lite","SOAP::Schema::Deserializer" => "SOAP-Lite","SOAP::Schema::WSDL" => "SOAP-Lite","SOAP::Server" => "SOAP-Lite","SOAP::Server::Object" => "SOAP-Lite","SOAP::Server::Parameters" => "SOAP-Lite","SOAP::Test" => "SOAP-Lite","SOAP::Test::Server" => "SOAP-Lite","SOAP::Trace" => "SOAP-Lite","SOAP::Transport" => "SOAP-Lite","SOAP::Transport::HTTP" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon::ForkAfterProcessing" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon::ForkOnAccept" => "SOAP-Lite","SOAP::Transport::HTTP::FCGI" => "SOAP-Lite","SOAP::Transport::IO" => "SOAP-Lite","SOAP::Transport::IO::Server" => "SOAP-Lite","SOAP::Transport::LOCAL" => "SOAP-Lite","SOAP::Transport::LOCAL::Client" => "SOAP-Lite","SOAP::Transport::LOOPBACK" => "SOAP-Lite","SOAP::Transport::LOOPBACK::Client" => "SOAP-Lite","SOAP::Transport::MAILTO" => "SOAP-Lite","SOAP::Transport::MAILTO::Client" => "SOAP-Lite","SOAP::Transport::POP3" => "SOAP-Lite","SOAP::Transport::POP3::Server" => "SOAP-Lite","SOAP::Transport::TCP" => "SOAP-Lite","SOAP::Transport::TCP::Client" => "SOAP-Lite","SOAP::Transport::TCP::Server" => "SOAP-Lite","SOAP::Utils" => "SOAP-Lite","SOAP::XMLSchema1999::Deserializer" => "SOAP-Lite","SOAP::XMLSchema1999::Serializer" => "SOAP-Lite","SOAP::XMLSchema2001::Deserializer" => "SOAP-Lite","SOAP::XMLSchema2001::Serializer" => "SOAP-Lite","SOAP::XMLSchema::Serializer" => "SOAP-Lite","SOAP::XMLSchemaApacheSOAP::Deserializer" => "SOAP-Lite","SOAP::XMLSchemaSOAP1_1::Deserializer" => "SOAP-Lite","SOAP::XMLSchemaSOAP1_2::Deserializer" => "SOAP-Lite","SSL_Context" => "IO-Socket-SSL","SSL_HANDLE" => "IO-Socket-SSL","SSL_SSL" => "IO-Socket-SSL","SVG::Sparkline" => "SVG-Sparkline","SVG::Sparkline::Area" => "SVG-Sparkline","SVG::Sparkline::Bar" => "SVG-Sparkline","SVG::Sparkline::Line" => "SVG-Sparkline","SVG::Sparkline::RangeArea" => "SVG-Sparkline","SVG::Sparkline::RangeBar" => "SVG-Sparkline","SVG::Sparkline::Utils" => "SVG-Sparkline","SVG::Sparkline::Whisker" => "SVG-Sparkline","SVN::Base" => "Alien-SVN","SVN::Client" => "Alien-SVN","SVN::Core" => "Alien-SVN","SVN::Delta" => "Alien-SVN","SVN::Fs" => "Alien-SVN","SVN::Look" => "SVN-Look","SVN::Ra" => "Alien-SVN","SVN::Repos" => "Alien-SVN","SVN::Wc" => "Alien-SVN","Safe" => "Safe","Search::OpenSearch::Result" => "Search-OpenSearch-Server","Search::OpenSearch::Server" => "Search-OpenSearch-Server","Search::OpenSearch::Server::Catalyst" => "Search-OpenSearch-Server","Search::OpenSearch::Server::Plack" => "Search-OpenSearch-Server","SelectSaver" => "perl","Sereal::Decoder" => "Sereal-Decoder","Sereal::Decoder::Constants" => "Sereal-Decoder","Sereal::Encoder" => "Sereal-Encoder","Sereal::Encoder::Constants" => "Sereal-Encoder","Sereal::Performance" => "Sereal-Decoder","Sidef" => "Sidef","Sidef::Deparse::Perl" => "Sidef","Sidef::Deparse::Sidef" => "Sidef","Sidef::Math::Math" => "Sidef","Sidef::Module::Func" => "Sidef","Sidef::Module::OO" => "Sidef","Sidef::Object::Convert" => "Sidef","Sidef::Object::Enumerator" => "Sidef","Sidef::Object::Lazy" => "Sidef","Sidef::Object::LazyMethod" => "Sidef","Sidef::Object::Object" => "Sidef","Sidef::Optimizer" => "Sidef","Sidef::Parser" => "Sidef","Sidef::Perl::Perl" => "Sidef","Sidef::Sys::Sig" => "Sidef","Sidef::Sys::Sys" => "Sidef","Sidef::Time::Date" => "Sidef","Sidef::Time::Gmtime" => "Sidef","Sidef::Time::Localtime" => "Sidef","Sidef::Time::Time" => "Sidef","Sidef::Types::Array::Array" => "Sidef","Sidef::Types::Array::Matrix" => "Sidef","Sidef::Types::Array::Pair" => "Sidef","Sidef::Types::Array::Vector" => "Sidef","Sidef::Types::Block::Block" => "Sidef","Sidef::Types::Block::Fork" => "Sidef","Sidef::Types::Block::Try" => "Sidef","Sidef::Types::Bool::Bool" => "Sidef","Sidef::Types::Glob::Backtick" => "Sidef","Sidef::Types::Glob::Dir" => "Sidef","Sidef::Types::Glob::DirHandle" => "Sidef","Sidef::Types::Glob::File" => "Sidef","Sidef::Types::Glob::FileHandle" => "Sidef","Sidef::Types::Glob::Pipe" => "Sidef","Sidef::Types::Glob::Socket" => "Sidef","Sidef::Types::Glob::SocketHandle" => "Sidef","Sidef::Types::Glob::Stat" => "Sidef","Sidef::Types::Hash::Hash" => "Sidef","Sidef::Types::Null::Null" => "Sidef","Sidef::Types::Number::Complex" => "Sidef","Sidef::Types::Number::Fraction" => "Sidef","Sidef::Types::Number::Gauss" => "Sidef","Sidef::Types::Number::Mod" => "Sidef","Sidef::Types::Number::Number" => "Sidef","Sidef::Types::Number::Polynomial" => "Sidef","Sidef::Types::Number::PolynomialMod" => "Sidef","Sidef::Types::Number::Quadratic" => "Sidef","Sidef::Types::Number::Quaternion" => "Sidef","Sidef::Types::Perl::Perl" => "Sidef","Sidef::Types::Range::Range" => "Sidef","Sidef::Types::Range::RangeNumber" => "Sidef","Sidef::Types::Range::RangeString" => "Sidef","Sidef::Types::Regex::Match" => "Sidef","Sidef::Types::Regex::Regex" => "Sidef","Sidef::Types::Set::Bag" => "Sidef","Sidef::Types::Set::Set" => "Sidef","Sidef::Types::String::String" => "Sidef","Sidef::Variable::GetOpt" => "Sidef","Sidef::Variable::NamedParam" => "Sidef","SimpleObjectClass" => "CGI-Session","Smolder" => "Smolder","Smolder::AuthHandler" => "Smolder","Smolder::AuthInfo" => "Smolder","Smolder::Build" => "Smolder","Smolder::Conf" => "Smolder","Smolder::Constraints" => "Smolder","Smolder::Control" => "Smolder","Smolder::Control::Admin" => "Smolder","Smolder::Control::Admin::Developers" => "Smolder","Smolder::Control::Admin::Projects" => "Smolder","Smolder::Control::Developer" => "Smolder","Smolder::Control::Developer::Prefs" => "Smolder","Smolder::Control::Graphs" => "Smolder","Smolder::Control::Projects" => "Smolder","Smolder::Control::Public" => "Smolder","Smolder::Control::Public::Auth" => "Smolder","Smolder::DB" => "Smolder","Smolder::DB::Developer" => "Smolder","Smolder::DB::Preference" => "Smolder","Smolder::DB::Project" => "Smolder","Smolder::DB::ProjectDeveloper" => "Smolder","Smolder::DB::SmokeReport" => "Smolder","Smolder::DB::TestFile" => "Smolder","Smolder::DB::TestFileComment" => "Smolder","Smolder::DB::TestFileResult" => "Smolder","Smolder::Debug" => "Smolder","Smolder::Dispatch" => "Smolder","Smolder::Email" => "Smolder","Smolder::Manual" => "Smolder","Smolder::Mech" => "Smolder","Smolder::Redirect" => "Smolder","Smolder::Server" => "Smolder","Smolder::Server::Control" => "Smolder","Smolder::Server::PreFork" => "Smolder","Smolder::TAPHTMLMatrix" => "Smolder","Smolder::TestData" => "Smolder","Smolder::TestScript" => "Smolder","Smolder::Upgrade" => "Smolder","Smolder::Upgrade::V0_1" => "Smolder","Smolder::Upgrade::V0_3" => "Smolder","Smolder::Upgrade::V1_1" => "Smolder","Smolder::Upgrade::V1_21" => "Smolder","Smolder::Upgrade::V1_24" => "Smolder","Smolder::Upgrade::V1_30" => "Smolder","Smolder::Upgrade::V1_37" => "Smolder","Smolder::Upgrade::V1_50" => "Smolder","Smolder::Util" => "Smolder","SockJS" => "SockJS","SockJS::Connection" => "SockJS","SockJS::Exception" => "SockJS","SockJS::Handle" => "SockJS","SockJS::Middleware::Cache" => "SockJS","SockJS::Middleware::Cors" => "SockJS","SockJS::Middleware::Http10" => "SockJS","SockJS::Middleware::JSessionID" => "SockJS","SockJS::Session" => "SockJS","SockJS::Transport" => "SockJS","SockJS::Transport::Base" => "SockJS","SockJS::Transport::EventSource" => "SockJS","SockJS::Transport::HtmlFile" => "SockJS","SockJS::Transport::JSONPPolling" => "SockJS","SockJS::Transport::JSONPSend" => "SockJS","SockJS::Transport::WebSocket" => "SockJS","SockJS::Transport::XHRPolling" => "SockJS","SockJS::Transport::XHRSend" => "SockJS","SockJS::Transport::XHRStreaming" => "SockJS","Socket" => "Socket","Spoon" => "Spoon","Spoon::Base" => "Spoon","Spoon::CGI" => "Spoon","Spoon::Command" => "Spoon","Spoon::Config" => "Spoon","Spoon::ContentObject" => "Spoon","Spoon::Cookie" => "Spoon","Spoon::DataObject" => "Spoon","Spoon::Formatter" => "Spoon","Spoon::Formatter::Block" => "Spoon","Spoon::Formatter::Container" => "Spoon","Spoon::Formatter::Phrase" => "Spoon","Spoon::Formatter::Wafl" => "Spoon","Spoon::Headers" => "Spoon","Spoon::Hook" => "Spoon","Spoon::Hooked" => "Spoon","Spoon::Hooks" => "Spoon","Spoon::Hub" => "Spoon","Spoon::IndexList" => "Spoon","Spoon::Installer" => "Spoon","Spoon::Lookup" => "Spoon","Spoon::MetadataObject" => "Spoon","Spoon::Plugin" => "Spoon","Spoon::Registry" => "Spoon","Spoon::Template" => "Spoon","Spoon::Template::TT2" => "Spoon","Spoon::Trace" => "Spoon","Spoon::Utils" => "Spoon","Spreadsheet::ParseExcel" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Cell" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Dump" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtDefault" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtJapan" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtJapan2" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtUnicode" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Font" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Format" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser::Workbook" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser::Worksheet" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Utility" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Workbook" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Worksheet" => "Spreadsheet-ParseExcel","Spreadsheet::ParseXLSX" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Cell" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor::Agile" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor::Standard" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Worksheet" => "Spreadsheet-ParseXLSX","Squatting" => "Squatting","Squatting::Controller" => "Squatting","Squatting::H" => "Squatting","Squatting::Log" => "Squatting","Squatting::Mapper" => "Squatting","Squatting::On::CGI" => "Squatting","Squatting::On::Catalyst" => "Squatting","Squatting::On::Continuity" => "Squatting","Squatting::On::Jifty" => "Squatting","Squatting::On::MP13" => "Squatting","Squatting::On::MP20" => "Squatting","Squatting::Q" => "Squatting","Squatting::View" => "Squatting","Squatting::With::AccessTrace" => "Squatting","Squatting::With::Coro::Debug" => "Squatting","Squatting::With::Log" => "Squatting","Squatting::With::MockRequest" => "Squatting","Squatting::With::Mount" => "Squatting","Squatting::With::PerHostConfig" => "Squatting","Starch" => "Starch","Starch::Factory" => "Starch","Starch::Manager" => "Starch","Starch::Plugin::AlwaysLoad" => "Starch","Starch::Plugin::Bundle" => "Starch","Starch::Plugin::CookieArgs" => "Starch","Starch::Plugin::CookieArgs::Manager" => "Starch","Starch::Plugin::CookieArgs::State" => "Starch","Starch::Plugin::DisableStore" => "Starch","Starch::Plugin::ForManager" => "Starch","Starch::Plugin::ForState" => "Starch","Starch::Plugin::ForStore" => "Starch","Starch::Plugin::LogStoreExceptions" => "Starch","Starch::Plugin::RenewExpiration" => "Starch","Starch::Plugin::RenewExpiration::Manager" => "Starch","Starch::Plugin::RenewExpiration::State" => "Starch","Starch::Plugin::ThrottleStore" => "Starch","Starch::Plugin::Trace" => "Starch","Starch::Plugin::Trace::Manager" => "Starch","Starch::Plugin::Trace::State" => "Starch","Starch::Plugin::Trace::Store" => "Starch","Starch::Role::Log" => "Starch","Starch::State" => "Starch","Starch::Store" => "Starch","Starch::Store::Layered" => "Starch","Starch::Store::Memory" => "Starch","Starch::Util" => "Starch","Stardust" => "Stardust","Stardust::Controllers" => "Stardust","Stardust::Demo" => "Stardust","Stardust::Demo::Controllers" => "Stardust","Stardust::Demo::Views" => "Stardust","Storable" => "Storable","String::Compare::ConstantTime" => "String-Compare-ConstantTime","Sub::HandlesVia" => "Sub-HandlesVia","Sub::HandlesVia::CodeGenerator" => "Sub-HandlesVia","Sub::HandlesVia::Declare" => "Sub-HandlesVia","Sub::HandlesVia::Handler" => "Sub-HandlesVia","Sub::HandlesVia::Handler::CodeRef" => "Sub-HandlesVia","Sub::HandlesVia::Handler::Traditional" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Array" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Blessed" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Bool" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Code" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Counter" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Enum" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Hash" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Number" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Scalar" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::String" => "Sub-HandlesVia","Sub::HandlesVia::Mite" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mite" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moo" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose::PackageTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose::RoleTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse::PackageTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse::RoleTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::ObjectPad" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Plain" => "Sub-HandlesVia","Symbol" => "perl","Sys::Hostname" => "perl","Sys::Syslog" => "Sys-Syslog","Sys::Syslog::Win32" => "Sys-Syslog","Tcl" => "Tcl","Tcl::Cmdbase" => "Tcl","Tcl::Code" => "Tcl","Tcl::List" => "Tcl","Tcl::Var" => "Tcl","Template::Declare::Exception" => "Jifty","Template::Quick" => "MySQL-Admin","Term::ReadLine::Gnu" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::AU" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::Var" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::XS" => "Term-ReadLine-Gnu","Test::Dpkg" => "Dpkg","Test::Mojo" => "Mojolicious","Test::Simply" => "Fake-Our","Test::Starch" => "Starch","TestChunks" => "Perl6-Pugs","Testing" => "perl","Text::SmartyPants" => "MojoMojo","Text::Wikispaces2Markdown" => "MojoMojo","Thread" => "perl","Thread::Signal" => "perl","Thread::Specific" => "perl","Tie::Array" => "perl","Tie::ExtraHash" => "perl","Tie::Handle" => "perl","Tie::Hash" => "perl","Tie::Hash::NamedCapture" => "perl","Tie::Memoize" => "perl","Tie::Scalar" => "perl","Tie::StdArray" => "perl","Tie::StdHandle" => "perl","Tie::StdHash" => "perl","Tie::StdScalar" => "perl","Tie::SubstrHash" => "perl","Tie::Watch" => "Tk","Time::gmtime" => "perl","Time::localtime" => "perl","Time::tm" => "perl","Tk" => "Tk","Tk::Adjuster" => "Tk","Tk::Adjuster::Item" => "Tk","Tk::After" => "Tk","Tk::Animation" => "Tk","Tk::Balloon" => "Tk","Tk::Bitmap" => "Tk","Tk::BrowseEntry" => "Tk","Tk::Button" => "Tk","Tk::Canvas" => "Tk","Tk::Checkbutton" => "Tk","Tk::Clipboard" => "Tk","Tk::CmdLine" => "Tk","Tk::ColorDialog" => "Tk","Tk::ColorEditor" => "Tk","Tk::ColorSelect" => "Tk","Tk::Compound" => "Tk","Tk::Configure" => "Tk","Tk::Derived" => "Tk","Tk::Dialog" => "Tk","Tk::DialogBox" => "Tk","Tk::DirTree" => "Tk","Tk::DirTreeDialog" => "Tk","Tk::Dirlist" => "Tk","Tk::DragDrop" => "Tk","Tk::DragDrop::Common" => "Tk","Tk::DragDrop::Local" => "Tk","Tk::DragDrop::Rect" => "Tk","Tk::DragDrop::SunConst" => "Tk","Tk::DragDrop::SunDrop" => "Tk","Tk::DragDrop::SunSite" => "Tk","Tk::DragDrop::Win32Drop" => "Tk","Tk::DragDrop::Win32Site" => "Tk","Tk::DragDrop::XDNDDrop" => "Tk","Tk::DragDrop::XDNDSite" => "Tk","Tk::DropSite" => "Tk","Tk::DummyEncode" => "Tk","Tk::DummyEncode::iso8859_1" => "Tk","Tk::English" => "Tk","Tk::Entry" => "Tk","Tk::ErrorDialog" => "Tk","Tk::Event" => "Tk","Tk::Event::IO" => "Tk","Tk::FBox" => "Tk","Tk::FileSelect" => "Tk","Tk::FloatEntry" => "Tk","Tk::Font" => "Tk","Tk::Frame" => "Tk","Tk::HList" => "Tk","Tk::IO" => "Tk","Tk::IconList" => "Tk","Tk::Image" => "Tk","Tk::InputO" => "Tk","Tk::ItemStyle" => "Tk","Tk::JPEG" => "Tk","Tk::LabEntry" => "Tk","Tk::LabFrame" => "Tk","Tk::LabRadiobutton" => "Tk","Tk::Label" => "Tk","Tk::LabeledEntryLabeledRadiobutton" => "Tk","Tk::Labelframe" => "Tk","Tk::Listbox" => "Tk","Tk::MMtry" => "Tk","Tk::MMutil" => "Tk","Tk::MainWindow" => "Tk","Tk::MakeDepend" => "Tk","Tk::Menu" => "Tk","Tk::Menu::Button" => "Tk","Tk::Menu::Cascade" => "Tk","Tk::Menu::Checkbutton" => "Tk","Tk::Menu::Item" => "Tk","Tk::Menu::Radiobutton" => "Tk","Tk::Menu::Separator" => "Tk","Tk::Menubar" => "Tk","Tk::Menubutton" => "Tk","Tk::Message" => "Tk","Tk::MsgBox" => "Tk","Tk::Mwm" => "Tk","Tk::NBFrame" => "Tk","Tk::NoteBook" => "Tk","Tk::Optionmenu" => "Tk","Tk::PNG" => "Tk","Tk::Pane" => "Tk","Tk::Panedwindow" => "Tk","Tk::Photo" => "Tk","Tk::Pixmap" => "Tk","Tk::Pretty" => "Tk","Tk::ProgressBar" => "Tk","Tk::ROText" => "Tk","Tk::Radiobutton" => "Tk","Tk::Region" => "Tk","Tk::Reindex" => "Tk","Tk::ReindexedROText" => "Tk","Tk::ReindexedText" => "Tk","Tk::Scale" => "Tk","Tk::Scrollbar" => "Tk","Tk::Spinbox" => "Tk","Tk::Stats" => "Tk","Tk::Stdio" => "PAR","Tk::Stdio::Handle" => "PAR","Tk::Submethods" => "Tk","Tk::TList" => "Tk","Tk::Table" => "Tk","Tk::Text" => "Tk","Tk::Text::Tag" => "Tk","Tk::TextEdit" => "Tk","Tk::TextList" => "Tk","Tk::TextUndo" => "Tk","Tk::Tiler" => "Tk","Tk::TixGrid" => "Tk","Tk::Toplevel" => "Tk","Tk::Trace" => "Tk","Tk::Tree" => "Tk","Tk::Widget" => "Tk","Tk::WinPhoto" => "Tk","Tk::Wm" => "Tk","Tk::X" => "Tk","Tk::X11Font" => "Tk","Tk::Xlib" => "Tk","Tk::Xrm" => "Tk","Tk::install" => "Tk","Tk::widgets" => "Tk","U64" => "IO-Compress","UDDI::Constants" => "SOAP-Lite","UI::Dialog" => "UI-Dialog","UI::Dialog::Backend" => "UI-Dialog","UI::Dialog::Backend::ASCII" => "UI-Dialog","UI::Dialog::Backend::CDialog" => "UI-Dialog","UI::Dialog::Backend::GDialog" => "UI-Dialog","UI::Dialog::Backend::KDialog" => "UI-Dialog","UI::Dialog::Backend::Nautilus" => "UI-Dialog","UI::Dialog::Backend::NotifySend" => "UI-Dialog","UI::Dialog::Backend::Whiptail" => "UI-Dialog","UI::Dialog::Backend::XDialog" => "UI-Dialog","UI::Dialog::Backend::XOSD" => "UI-Dialog","UI::Dialog::Backend::Zenity" => "UI-Dialog","UI::Dialog::Console" => "UI-Dialog","UI::Dialog::GNOME" => "UI-Dialog","UI::Dialog::Gauged" => "UI-Dialog","UI::Dialog::KDE" => "UI-Dialog","UI::Dialog::Screen::Druid" => "UI-Dialog","UI::Dialog::Screen::Menu" => "UI-Dialog","UNIVERSAL" => "perl","UR" => "UR","UR::All" => "UR","UR::AttributeHandlers" => "UR","UR::BoolExpr" => "UR","UR::BoolExpr::BxParser" => "UR","UR::BoolExpr::BxParser::Yapp::Driver" => "UR","UR::BoolExpr::Parser::ParseYappDriver" => "UR","UR::BoolExpr::Template" => "UR","UR::BoolExpr::Template::And" => "UR","UR::BoolExpr::Template::Composite" => "UR","UR::BoolExpr::Template::Or" => "UR","UR::BoolExpr::Template::PropertyComparison" => "UR","UR::BoolExpr::Template::PropertyComparison::Between" => "UR","UR::BoolExpr::Template::PropertyComparison::Equals" => "UR","UR::BoolExpr::Template::PropertyComparison::False" => "UR","UR::BoolExpr::Template::PropertyComparison::GreaterOrEqual" => "UR","UR::BoolExpr::Template::PropertyComparison::GreaterThan" => "UR","UR::BoolExpr::Template::PropertyComparison::In" => "UR","UR::BoolExpr::Template::PropertyComparison::Isa" => "UR","UR::BoolExpr::Template::PropertyComparison::LessOrEqual" => "UR","UR::BoolExpr::Template::PropertyComparison::LessThan" => "UR","UR::BoolExpr::Template::PropertyComparison::Like" => "UR","UR::BoolExpr::Template::PropertyComparison::Matches" => "UR","UR::BoolExpr::Template::PropertyComparison::NotBetween" => "UR","UR::BoolExpr::Template::PropertyComparison::NotEquals" => "UR","UR::BoolExpr::Template::PropertyComparison::NotIn" => "UR","UR::BoolExpr::Template::PropertyComparison::NotLike" => "UR","UR::BoolExpr::Template::PropertyComparison::True" => "UR","UR::BoolExpr::Util" => "UR","UR::BoolExpr::Util::clonedThing" => "UR","UR::Change" => "UR","UR::Context" => "UR","UR::Context::AutoUnloadPool" => "UR","UR::Context::DefaultRoot" => "UR","UR::Context::LoadingIterator" => "UR","UR::Context::ObjectFabricator" => "UR","UR::Context::Process" => "UR","UR::Context::Root" => "UR","UR::Context::Transaction" => "UR","UR::DBI" => "UR","UR::DBI::Report" => "UR","UR::DBI::db" => "UR","UR::DBI::st" => "UR","UR::DataSource" => "UR","UR::DataSource::CSV" => "UR","UR::DataSource::Code" => "UR","UR::DataSource::Default" => "UR","UR::DataSource::File" => "UR","UR::DataSource::FileMux" => "UR","UR::DataSource::Filesystem" => "UR","UR::DataSource::Meta" => "UR","UR::DataSource::MySQL" => "UR","UR::DataSource::Oracle" => "UR","UR::DataSource::Pg" => "UR","UR::DataSource::Pg::Operator::False" => "UR","UR::DataSource::Pg::Operator::True" => "UR","UR::DataSource::QueryPlan" => "UR","UR::DataSource::RDBMS" => "UR","UR::DataSource::RDBMS::BitmapIndex" => "UR","UR::DataSource::RDBMS::Entity" => "UR","UR::DataSource::RDBMS::FkConstraint" => "UR","UR::DataSource::RDBMS::FkConstraintColumn" => "UR","UR::DataSource::RDBMS::Operator::Between" => "UR","UR::DataSource::RDBMS::Operator::Equals" => "UR","UR::DataSource::RDBMS::Operator::False" => "UR","UR::DataSource::RDBMS::Operator::GreaterOrEqual" => "UR","UR::DataSource::RDBMS::Operator::GreaterThan" => "UR","UR::DataSource::RDBMS::Operator::In" => "UR","UR::DataSource::RDBMS::Operator::LessOrEqual" => "UR","UR::DataSource::RDBMS::Operator::LessThan" => "UR","UR::DataSource::RDBMS::Operator::Like" => "UR","UR::DataSource::RDBMS::Operator::NotBetween" => "UR","UR::DataSource::RDBMS::Operator::NotEquals" => "UR","UR::DataSource::RDBMS::Operator::NotIn" => "UR","UR::DataSource::RDBMS::Operator::NotLike" => "UR","UR::DataSource::RDBMS::Operator::True" => "UR","UR::DataSource::RDBMS::PkConstraintColumn" => "UR","UR::DataSource::RDBMS::Table" => "UR","UR::DataSource::RDBMS::Table::View::Default::Text" => "UR","UR::DataSource::RDBMS::TableColumn" => "UR","UR::DataSource::RDBMS::TableColumn::View::Default::Text" => "UR","UR::DataSource::RDBMS::UniqueConstraintColumn" => "UR","UR::DataSource::RDBMSRetriableOperations" => "UR","UR::DataSource::SQLite" => "UR","UR::DataSource::ValueDomain" => "UR","UR::Debug" => "UR","UR::DeletedRef" => "UR","UR::Doc::Pod2Html" => "UR","UR::Doc::Section" => "UR","UR::Doc::Writer" => "UR","UR::Doc::Writer::Html" => "UR","UR::Doc::Writer::Pod" => "UR","UR::Env::UR_COMMAND_DUMP_DEBUG_MESSAGES" => "UR","UR::Env::UR_COMMAND_DUMP_STATUS_MESSAGES" => "UR","UR::Env::UR_CONTEXT_BASE" => "UR","UR::Env::UR_CONTEXT_CACHE_SIZE_HIGHWATER" => "UR","UR::Env::UR_CONTEXT_CACHE_SIZE_LOWWATER" => "UR","UR::Env::UR_CONTEXT_LIBS" => "UR","UR::Env::UR_CONTEXT_MONITOR_QUERY" => "UR","UR::Env::UR_CONTEXT_ROOT" => "UR","UR::Env::UR_DBI_DUMP_STACK_ON_CONNECT" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_CALLSTACK" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_IF" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_MATCH" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_SLOW" => "UR","UR::Env::UR_DBI_MONITOR_DML" => "UR","UR::Env::UR_DBI_MONITOR_EVERY_FETCH" => "UR","UR::Env::UR_DBI_MONITOR_SQL" => "UR","UR::Env::UR_DBI_NO_COMMIT" => "UR","UR::Env::UR_DBI_SUMMARIZE_SQL" => "UR","UR::Env::UR_DEBUG_OBJECT_PRUNING" => "UR","UR::Env::UR_DEBUG_OBJECT_RELEASE" => "UR","UR::Env::UR_DUMP_DEBUG_MESSAGES" => "UR","UR::Env::UR_DUMP_STATUS_MESSAGES" => "UR","UR::Env::UR_IGNORE" => "UR","UR::Env::UR_MOOSE" => "UR","UR::Env::UR_NO_REQUIRE_USER_VERIFY" => "UR","UR::Env::UR_NR_CPU" => "UR","UR::Env::UR_RUN_LONG_TESTS" => "UR","UR::Env::UR_STACK_DUMP_ON_DIE" => "UR","UR::Env::UR_STACK_DUMP_ON_WARN" => "UR","UR::Env::UR_TEST_QUIET" => "UR","UR::Env::UR_USED_MODS" => "UR","UR::Env::UR_USE_ANY" => "UR","UR::Env::UR_USE_DUMMY_AUTOGENERATED_IDS" => "UR","UR::Exit" => "UR","UR::Iterator" => "UR","UR::ModuleBase" => "UR","UR::ModuleBase::Message" => "UR","UR::ModuleBuild" => "UR","UR::ModuleConfig" => "UR","UR::ModuleLoader" => "UR","UR::Moose" => "UR","UR::Namespace" => "UR","UR::Namespace::Command" => "UR","UR::Namespace::Command::Base" => "UR","UR::Namespace::Command::Define" => "UR","UR::Namespace::Command::Define::Class" => "UR","UR::Namespace::Command::Define::Datasource" => "UR","UR::Namespace::Command::Define::Datasource::File" => "UR","UR::Namespace::Command::Define::Datasource::Mysql" => "UR","UR::Namespace::Command::Define::Datasource::Oracle" => "UR","UR::Namespace::Command::Define::Datasource::Pg" => "UR","UR::Namespace::Command::Define::Datasource::Rdbms" => "UR","UR::Namespace::Command::Define::Datasource::RdbmsWithAuth" => "UR","UR::Namespace::Command::Define::Datasource::Sqlite" => "UR","UR::Namespace::Command::Define::Db" => "UR","UR::Namespace::Command::Define::Namespace" => "UR","UR::Namespace::Command::Describe" => "UR","UR::Namespace::Command::Init" => "UR","UR::Namespace::Command::List" => "UR","UR::Namespace::Command::List::Classes" => "UR","UR::Namespace::Command::List::Modules" => "UR","UR::Namespace::Command::List::Objects" => "UR","UR::Namespace::Command::Old" => "UR","UR::Namespace::Command::Old::DiffRewrite" => "UR","UR::Namespace::Command::Old::DiffUpdate" => "UR","UR::Namespace::Command::Old::ExportDbicClasses" => "UR","UR::Namespace::Command::Old::Info" => "UR","UR::Namespace::Command::Old::Redescribe" => "UR","UR::Namespace::Command::RunsOnModulesInTree" => "UR","UR::Namespace::Command::Show" => "UR","UR::Namespace::Command::Show::Properties" => "UR","UR::Namespace::Command::Show::Schema" => "UR","UR::Namespace::Command::Show::Subclasses" => "UR","UR::Namespace::Command::Sys" => "UR","UR::Namespace::Command::Sys::ClassBrowser" => "UR","UR::Namespace::Command::Sys::ClassBrowser::TreeItem" => "UR","UR::Namespace::Command::Test" => "UR","UR::Namespace::Command::Test::Callcount" => "UR","UR::Namespace::Command::Test::Callcount::List" => "UR","UR::Namespace::Command::Test::Compile" => "UR","UR::Namespace::Command::Test::Eval" => "UR","UR::Namespace::Command::Test::Run" => "UR","UR::Namespace::Command::Test::TrackObjectRelease" => "UR","UR::Namespace::Command::Test::Use" => "UR","UR::Namespace::Command::Test::Window" => "UR","UR::Namespace::Command::Test::Window::Tk" => "UR","UR::Namespace::Command::Update" => "UR","UR::Namespace::Command::Update::ClassDiagram" => "UR","UR::Namespace::Command::Update::ClassesFromDb" => "UR","UR::Namespace::Command::Update::Doc" => "UR","UR::Namespace::Command::Update::Pod" => "UR","UR::Namespace::Command::Update::RenameClass" => "UR","UR::Namespace::Command::Update::RewriteClassHeader" => "UR","UR::Namespace::Command::Update::SchemaDiagram" => "UR","UR::Namespace::Command::Update::TabCompletionSpec" => "UR","UR::Object" => "UR","UR::Object::Accessorized" => "UR","UR::Object::Command::FetchAndDo" => "UR","UR::Object::Command::List" => "UR","UR::Object::Command::List::Csv" => "UR","UR::Object::Command::List::Html" => "UR","UR::Object::Command::List::Newtext" => "UR","UR::Object::Command::List::Pretty" => "UR","UR::Object::Command::List::Style" => "UR","UR::Object::Command::List::Text" => "UR","UR::Object::Command::List::Tsv" => "UR","UR::Object::Command::List::Xml" => "UR","UR::Object::Ghost" => "UR","UR::Object::Index" => "UR","UR::Object::Iterator" => "UR","UR::Object::Join" => "UR","UR::Object::Property" => "UR","UR::Object::Property::View::Default::Text" => "UR","UR::Object::Property::View::DescriptionLineItem::Text" => "UR","UR::Object::Property::View::ReferenceDescription::Text" => "UR","UR::Object::Set" => "UR","UR::Object::Set::View::Default::Html" => "UR","UR::Object::Set::View::Default::Json" => "UR","UR::Object::Set::View::Default::Text" => "UR","UR::Object::Set::View::Default::Xml" => "UR","UR::Object::Tag" => "UR","UR::Object::Type" => "UR","UR::Object::Type::AccessorWriter" => "UR","UR::Object::Type::AccessorWriter::Product" => "UR","UR::Object::Type::AccessorWriter::Sum" => "UR","UR::Object::Type::Initializer" => "UR","UR::Object::Type::ModuleWriter" => "UR","UR::Object::Type::View::AvailableViews::Json" => "UR","UR::Object::Type::View::AvailableViews::Xml" => "UR","UR::Object::Type::View::Default::Text" => "UR","UR::Object::Type::View::Default::Umlet" => "UR","UR::Object::Type::View::Default::Xml" => "UR","UR::Object::Umlet" => "UR","UR::Object::Umlet::Class" => "UR","UR::Object::Umlet::Diagram" => "UR","UR::Object::Umlet::Other" => "UR","UR::Object::Umlet::PictureElement" => "UR","UR::Object::Umlet::Relation" => "UR","UR::Object::Value" => "UR","UR::Object::View" => "UR","UR::Object::View::Aspect" => "UR","UR::Object::View::Default::Gtk" => "UR","UR::Object::View::Default::Gtk2" => "UR","UR::Object::View::Default::Html" => "UR","UR::Object::View::Default::Json" => "UR","UR::Object::View::Default::Text" => "UR","UR::Object::View::Default::Xml" => "UR","UR::Object::View::Default::Xsl" => "UR","UR::Object::View::Lister::Text" => "UR","UR::Object::View::Static::Html" => "UR","UR::Object::View::Toolkit" => "UR","UR::Object::View::Toolkit::Text" => "UR","UR::Object::View::Toolkit::Umlet" => "UR","UR::Observer" => "UR","UR::Role" => "UR","UR::Role::Instance" => "UR","UR::Role::MethodModifier" => "UR","UR::Role::MethodModifier::After" => "UR","UR::Role::MethodModifier::Around" => "UR","UR::Role::MethodModifier::Before" => "UR","UR::Role::Param" => "UR","UR::Role::Prototype" => "UR","UR::Role::PrototypeWithParams" => "UR","UR::Service::JsonRpcServer" => "UR","UR::Service::RPC::Executer" => "UR","UR::Service::RPC::Message" => "UR","UR::Service::RPC::Server" => "UR","UR::Service::RPC::TcpConnectionListener" => "UR","UR::Service::UrlRouter" => "UR","UR::Service::WebServer" => "UR","UR::Service::WebServer::Server" => "UR","UR::Service::XMLCommandExecutor" => "UR","UR::Singleton" => "UR","UR::Time" => "UR","UR::Util" => "UR","UR::Util::ArrayRefIterator" => "UR","UR::Value" => "UR","UR::Value::ARRAY" => "UR","UR::Value::Blob" => "UR","UR::Value::Boolean" => "UR","UR::Value::Boolean::View::Default::Text" => "UR","UR::Value::CODE" => "UR","UR::Value::CSV" => "UR","UR::Value::DateTime" => "UR","UR::Value::Decimal" => "UR","UR::Value::DirectoryPath" => "UR","UR::Value::FOF" => "UR","UR::Value::FilePath" => "UR","UR::Value::FilesystemPath" => "UR","UR::Value::Float" => "UR","UR::Value::GLOB" => "UR","UR::Value::HASH" => "UR","UR::Value::Integer" => "UR","UR::Value::Iterator" => "UR","UR::Value::JSON" => "UR","UR::Value::Number" => "UR","UR::Value::PerlReference" => "UR","UR::Value::REF" => "UR","UR::Value::SCALAR" => "UR","UR::Value::Set" => "UR","UR::Value::SloppyPrimitive" => "UR","UR::Value::String" => "UR","UR::Value::Text" => "UR","UR::Value::Timestamp" => "UR","UR::Value::Type" => "UR","UR::Value::URL" => "UR","UR::Value::View::Default::Html" => "UR","UR::Value::View::Default::Json" => "UR","UR::Value::View::Default::Text" => "UR","UR::Value::View::Default::Xml" => "UR","UR::Vocabulary" => "UR","URI::jabber" => "SOAP-Lite","UTF_8" => "Squatting","UTF_8::Controllers" => "Squatting","UTF_8::Views" => "Squatting","Ukigumo::Agent" => "Ukigumo-Agent","Ukigumo::Agent::Cleaner" => "Ukigumo-Agent","Ukigumo::Agent::Dispatcher" => "Ukigumo-Agent","Ukigumo::Agent::Logger" => "Ukigumo-Agent","Ukigumo::Agent::Manager" => "Ukigumo-Agent","Ukigumo::Agent::View" => "Ukigumo-Agent","Ukigumo::Server" => "Ukigumo-Server","Ukigumo::Server::API" => "Ukigumo-Server","Ukigumo::Server::API::Dispatcher" => "Ukigumo-Server","Ukigumo::Server::Command::Branch" => "Ukigumo-Server","Ukigumo::Server::Command::Docs" => "Ukigumo-Server","Ukigumo::Server::Command::Report" => "Ukigumo-Server","Ukigumo::Server::DB" => "Ukigumo-Server","Ukigumo::Server::DB::Schema" => "Ukigumo-Server","Ukigumo::Server::L10N" => "Ukigumo-Server","Ukigumo::Server::Launcher" => "Ukigumo-Server","Ukigumo::Server::Schema" => "Ukigumo-Server","Ukigumo::Server::Util" => "Ukigumo-Server","Ukigumo::Server::Web" => "Ukigumo-Server","Ukigumo::Server::Web::Dispatcher" => "Ukigumo-Server","Ukigumo::Server::Web::ViewFunctions" => "Ukigumo-Server","UnQLite" => "UnQLite","UnQLite::Cursor" => "UnQLite","UniCodePoints" => "Squatting","UniCodePoints::Controllers" => "Squatting","UniCodePoints::Views" => "Squatting","Unicode::UCD" => "perl","UnicodeCD" => "perl","User::grent" => "perl","User::pwent" => "perl","VMS::DCLsym" => "perl","VMS::Filespec" => "perl","VMS::Stdio" => "perl","Valiant" => "Valiant","Valiant::Error" => "Valiant","Valiant::Errors" => "Valiant","Valiant::Filter" => "Valiant","Valiant::Filter::Collapse" => "Valiant","Valiant::Filter::Collection" => "Valiant","Valiant::Filter::Each" => "Valiant","Valiant::Filter::Flatten" => "Valiant","Valiant::Filter::HtmlEscape" => "Valiant","Valiant::Filter::Lower" => "Valiant","Valiant::Filter::Numberize" => "Valiant","Valiant::Filter::Template" => "Valiant","Valiant::Filter::Title" => "Valiant","Valiant::Filter::ToArray" => "Valiant","Valiant::Filter::Trim" => "Valiant","Valiant::Filter::UcFirst" => "Valiant","Valiant::Filter::Upper" => "Valiant","Valiant::Filter::With" => "Valiant","Valiant::Filterable" => "Valiant","Valiant::Filters" => "Valiant","Valiant::HTML::BaseComponent" => "Valiant","Valiant::HTML::Component" => "Valiant","Valiant::HTML::Components" => "Valiant","Valiant::HTML::ContentComponent" => "Valiant","Valiant::HTML::Form" => "Valiant","Valiant::HTML::FormBuilder" => "Valiant","Valiant::HTML::FormBuilder::Checkbox" => "Valiant","Valiant::HTML::FormBuilder::DefaultModel" => "Valiant","Valiant::HTML::FormBuilder::Model" => "Valiant","Valiant::HTML::FormBuilder::Model::TextField" => "Valiant","Valiant::HTML::FormBuilder::Proxy" => "Valiant","Valiant::HTML::FormBuilder::RadioButton" => "Valiant","Valiant::HTML::FormBuilder::Renderer::TextField" => "Valiant","Valiant::HTML::FormTags" => "Valiant","Valiant::HTML::PagerBuilder" => "Valiant","Valiant::HTML::SafeString" => "Valiant","Valiant::HTML::Tag" => "Valiant","Valiant::HTML::TagBuilder" => "Valiant","Valiant::HTML::Util::Collection" => "Valiant","Valiant::HTML::Util::Collection::HashItem" => "Valiant","Valiant::HTML::Util::Collection::Item" => "Valiant","Valiant::HTML::Util::Form" => "Valiant","Valiant::HTML::Util::Form::FormObject" => "Valiant","Valiant::HTML::Util::FormTags" => "Valiant","Valiant::HTML::Util::Pager" => "Valiant","Valiant::HTML::Util::TagBuilder" => "Valiant","Valiant::HTML::Util::TagBuilder::_tags" => "Valiant","Valiant::HTML::Util::View" => "Valiant","Valiant::I18N" => "Valiant","Valiant::I18N::Tag" => "Valiant","Valiant::JSON::JSONBuilder" => "Valiant","Valiant::JSON::Util" => "Valiant","Valiant::Name" => "Valiant","Valiant::Naming" => "Valiant","Valiant::NestedError" => "Valiant","Valiant::Proxy" => "Valiant","Valiant::Proxy::Array" => "Valiant","Valiant::Proxy::Hash" => "Valiant","Valiant::Proxy::Object" => "Valiant","Valiant::Translation" => "Valiant","Valiant::Util" => "Valiant","Valiant::Util::Ancestors" => "Valiant","Valiant::Util::Exception" => "Valiant","Valiant::Util::Exception::General" => "Valiant","Valiant::Util::Exception::InvalidFilterArgs" => "Valiant","Valiant::Util::Exception::InvalidValidatorArgs" => "Valiant","Valiant::Util::Exception::MissingCountKey" => "Valiant","Valiant::Util::Exception::MissingMethod" => "Valiant","Valiant::Util::Exception::NameNotFilter" => "Valiant","Valiant::Util::Exception::NameNotValidator" => "Valiant","Valiant::Util::Exception::Strict" => "Valiant","Valiant::Util::Exception::UnexpectedUseModuleError" => "Valiant","Valiant::Validates" => "Valiant","Valiant::Validations" => "Valiant","Valiant::Validator" => "Valiant","Valiant::Validator::Absence" => "Valiant","Valiant::Validator::Array" => "Valiant","Valiant::Validator::Boolean" => "Valiant","Valiant::Validator::Check" => "Valiant","Valiant::Validator::Collection" => "Valiant","Valiant::Validator::Confirmation" => "Valiant","Valiant::Validator::Date" => "Valiant","Valiant::Validator::Each" => "Valiant","Valiant::Validator::Exclusion" => "Valiant","Valiant::Validator::Format" => "Valiant","Valiant::Validator::Hash" => "Valiant","Valiant::Validator::Inclusion" => "Valiant","Valiant::Validator::Length" => "Valiant","Valiant::Validator::Numericality" => "Valiant","Valiant::Validator::Object" => "Valiant","Valiant::Validator::OnlyOf" => "Valiant","Valiant::Validator::Presence" => "Valiant","Valiant::Validator::Scalar" => "Valiant","Valiant::Validator::Unique" => "Valiant","Valiant::Validator::With" => "Valiant","WWW::Mechanize" => "WWW-Mechanize","WWW::Mechanize::Image" => "WWW-Mechanize","WWW::Mechanize::Link" => "WWW-Mechanize","WWW::OAuth" => "WWW-OAuth","WWW::OAuth::Request" => "WWW-OAuth","WWW::OAuth::Request::Basic" => "WWW-OAuth","WWW::OAuth::Request::HTTP_Request" => "WWW-OAuth","WWW::OAuth::Request::Mojo" => "WWW-OAuth","WWW::OAuth::Util" => "WWW-OAuth","WWW::ORCID" => "WWW-ORCID","WWW::ORCID::API" => "WWW-ORCID","WWW::ORCID::API::Common" => "WWW-ORCID","WWW::ORCID::API::Pub" => "WWW-ORCID","WWW::ORCID::API::v2_0" => "WWW-ORCID","WWW::ORCID::API::v2_0_public" => "WWW-ORCID","WWW::ORCID::Base" => "WWW-ORCID","WWW::ORCID::MemberAPI" => "WWW-ORCID","WWW::ORCID::Transport" => "WWW-ORCID","WWW::ORCID::Transport::HTTP::Tiny" => "WWW-ORCID","WWW::ORCID::Transport::LWP" => "WWW-ORCID","WWW::UsePerl::Server" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Controller::Root" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Model::DB" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Comment" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Journal" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Story" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::User" => "WWW-UsePerl-Server","WWW::UsePerl::Server::View::TT" => "WWW-UsePerl-Server","Web::API" => "Web-API","WebService::Xero" => "WebService-Xero","WebService::Xero::Agent" => "WebService-Xero","WebService::Xero::Agent::PrivateApplication" => "WebService-Xero","WebService::Xero::Agent::PublicApplication" => "WebService-Xero","WebService::Xero::Contact" => "WebService-Xero","WebService::Xero::Invoice" => "WebService-Xero","WebService::Xero::Item" => "WebService-Xero","WebService::Xero::Organisation" => "WebService-Xero","WidgetDemo" => "Tk","Wight::Chart" => "Wight-Chart","Wight::Chart::ChartJS" => "Wight-Chart","Wight::Chart::Google" => "Wight-Chart","Win32::File::Summary" => "Win32-File-Summary","Win32::Printer" => "Win32-Printer","Win32::Printer::Direct" => "Win32-Printer","Win32::Printer::Enum" => "Win32-Printer","Win32CORE" => "perl","X509_Certificate" => "IO-Socket-SSL","XAO::DO::CGI" => "XAO-Web","XAO::DO::Context" => "XAO-Web","XAO::DO::Web::Action" => "XAO-Web","XAO::DO::Web::Benchmark" => "XAO-Web","XAO::DO::Web::CgiParam" => "XAO-Web","XAO::DO::Web::Clipboard" => "XAO-Web","XAO::DO::Web::Condition" => "XAO-Web","XAO::DO::Web::Config" => "XAO-Web","XAO::DO::Web::Cookie" => "XAO-Web","XAO::DO::Web::Date" => "XAO-Web","XAO::DO::Web::Debug" => "XAO-Web","XAO::DO::Web::Default" => "XAO-Web","XAO::DO::Web::FS" => "XAO-Web","XAO::DO::Web::FilloutForm" => "XAO-Web","XAO::DO::Web::Footer" => "XAO-Web","XAO::DO::Web::Header" => "XAO-Web","XAO::DO::Web::IdentifyAgent" => "XAO-Web","XAO::DO::Web::IdentifyUser" => "XAO-Web","XAO::DO::Web::Mailer" => "XAO-Web","XAO::DO::Web::Math" => "XAO-Web","XAO::DO::Web::MenuBuilder" => "XAO-Web","XAO::DO::Web::MultiPageNav" => "XAO-Web","XAO::DO::Web::Page" => "XAO-Web","XAO::DO::Web::Redirect" => "XAO-Web","XAO::DO::Web::Search" => "XAO-Web","XAO::DO::Web::SetArg" => "XAO-Web","XAO::DO::Web::Styler" => "XAO-Web","XAO::DO::Web::TextTable" => "XAO-Web","XAO::DO::Web::URL" => "XAO-Web","XAO::DO::Web::Utility" => "XAO-Web","XAO::PageSupport" => "XAO-Web","XAO::PluginUtils" => "XAO-Web","XAO::PreLoad" => "XAO-Web","XAO::Templates" => "XAO-Web","XAO::Web" => "XAO-Web","XAO::testcases::Web::base" => "XAO-Web","XML::Atom" => "XML-Atom","XML::Atom::Base" => "XML-Atom","XML::Atom::Category" => "XML-Atom","XML::Atom::Client" => "XML-Atom","XML::Atom::Content" => "XML-Atom","XML::Atom::Entry" => "XML-Atom","XML::Atom::ErrorHandler" => "XML-Atom","XML::Atom::Feed" => "XML-Atom","XML::Atom::Link" => "XML-Atom","XML::Atom::Namespace" => "XML-Atom","XML::Atom::Person" => "XML-Atom","XML::Atom::Server" => "XML-Atom","XML::Atom::Thing" => "XML-Atom","XML::Atom::Util" => "XML-Atom","XML::DT" => "XML-DT","XML::LibXML" => "XML-LibXML","XML::LibXML::Attr" => "XML-LibXML","XML::LibXML::AttributeHash" => "XML-LibXML","XML::LibXML::Boolean" => "XML-LibXML","XML::LibXML::CDATASection" => "XML-LibXML","XML::LibXML::Comment" => "XML-LibXML","XML::LibXML::Common" => "XML-LibXML","XML::LibXML::Devel" => "XML-LibXML","XML::LibXML::Document" => "XML-LibXML","XML::LibXML::DocumentFragment" => "XML-LibXML","XML::LibXML::Dtd" => "XML-LibXML","XML::LibXML::Element" => "XML-LibXML","XML::LibXML::ErrNo" => "XML-LibXML","XML::LibXML::Error" => "XML-LibXML","XML::LibXML::InputCallback" => "XML-LibXML","XML::LibXML::Literal" => "XML-LibXML","XML::LibXML::NamedNodeMap" => "XML-LibXML","XML::LibXML::Namespace" => "XML-LibXML","XML::LibXML::Node" => "XML-LibXML","XML::LibXML::NodeList" => "XML-LibXML","XML::LibXML::Number" => "XML-LibXML","XML::LibXML::PI" => "XML-LibXML","XML::LibXML::Pattern" => "XML-LibXML","XML::LibXML::Reader" => "XML-LibXML","XML::LibXML::RegExp" => "XML-LibXML","XML::LibXML::RelaxNG" => "XML-LibXML","XML::LibXML::SAX" => "XML-LibXML","XML::LibXML::SAX::AttributeNode" => "XML-LibXML","XML::LibXML::SAX::Builder" => "XML-LibXML","XML::LibXML::SAX::Generator" => "XML-LibXML","XML::LibXML::SAX::Parser" => "XML-LibXML","XML::LibXML::Schema" => "XML-LibXML","XML::LibXML::Text" => "XML-LibXML","XML::LibXML::XPathContext" => "XML-LibXML","XML::LibXML::XPathExpression" => "XML-LibXML","XML::LibXML::_SAXParser" => "XML-LibXML","XML::Sig" => "XML-Sig","XML::Simple" => "XML-Simple","XML::Twig" => "XML-Twig","XML::Twig::Elt" => "XML-Twig","XML::Twig::Entity" => "XML-Twig","XML::Twig::Entity_list" => "XML-Twig","XML::Twig::Notation" => "XML-Twig","XML::Twig::Notation_list" => "XML-Twig","XML::Twig::XPath" => "XML-Twig","XML::Twig::XPath::Attribute" => "XML-Twig","XML::Twig::XPath::Elt" => "XML-Twig","XML::Twig::XPath::Namespace" => "XML-Twig","XS::APItest" => "perl","XS::Typemap" => "perl","YAML" => "YAML","YAML::Any" => "YAML","YAML::Dumper" => "YAML","YAML::Dumper::Base" => "YAML","YAML::Dumper::Syck" => "YAML-Syck","YAML::Error" => "YAML","YAML::LibYAML" => "YAML-LibYAML","YAML::Loader" => "YAML","YAML::Loader::Base" => "YAML","YAML::Loader::Syck" => "YAML-Syck","YAML::Marshall" => "YAML","YAML::Mo" => "YAML","YAML::Node" => "YAML","YAML::Syck" => "YAML-Syck","YAML::Tag" => "YAML","YAML::Type::blessed" => "YAML","YAML::Type::code" => "YAML","YAML::Type::glob" => "YAML","YAML::Type::ref" => "YAML","YAML::Type::regexp" => "YAML","YAML::Type::undef" => "YAML","YAML::Types" => "YAML","YAML::Warning" => "YAML","YAML::XS" => "YAML-LibYAML","YAML::XS::LibYAML" => "YAML-LibYAML","YATT::Lite" => "YATT-Lite","YATT::Lite::Breakpoint" => "YATT-Lite","YATT::Lite::CGen" => "YATT-Lite","YATT::Lite::CGen::ArgMacro" => "YATT-Lite","YATT::Lite::CGen::Perl" => "YATT-Lite","YATT::Lite::Connection" => "YATT-Lite","YATT::Lite::Constants" => "YATT-Lite","YATT::Lite::Core" => "YATT-Lite","YATT::Lite::Entities" => "YATT-Lite","YATT::Lite::Error" => "YATT-Lite","YATT::Lite::Factory" => "YATT-Lite","YATT::Lite::Inc" => "YATT-Lite","YATT::Lite::Inspector" => "YATT-Lite","YATT::Lite::LRXML" => "YATT-Lite","YATT::Lite::LRXML::AltTree" => "YATT-Lite","YATT::Lite::LRXML::FormatEntpath" => "YATT-Lite","YATT::Lite::LRXML::ParseBody" => "YATT-Lite","YATT::Lite::LRXML::ParseEntpath" => "YATT-Lite","YATT::Lite::LanguageServer" => "YATT-Lite","YATT::Lite::LanguageServer::Generic" => "YATT-Lite","YATT::Lite::LanguageServer::Protocol" => "YATT-Lite","YATT::Lite::LanguageServer::Spec2Types" => "YATT-Lite","YATT::Lite::LanguageServer::SpecParser" => "YATT-Lite","YATT::Lite::MFields" => "YATT-Lite","YATT::Lite::MFields::Decl" => "YATT-Lite","YATT::Lite::Macro" => "YATT-Lite","YATT::Lite::NSBuilder" => "YATT-Lite","YATT::Lite::Object" => "YATT-Lite","YATT::Lite::PSGIEnv" => "YATT-Lite","YATT::Lite::Partial" => "YATT-Lite","YATT::Lite::Partial::AppPath" => "YATT-Lite","YATT::Lite::Partial::ErrorReporter" => "YATT-Lite","YATT::Lite::Partial::Gettext" => "YATT-Lite","YATT::Lite::Partial::MarkAfterNew" => "YATT-Lite","YATT::Lite::RegexpNames" => "YATT-Lite","YATT::Lite::Test::TestFCGI" => "YATT-Lite","YATT::Lite::Test::TestUtil" => "YATT-Lite","YATT::Lite::Test::XHFTest" => "YATT-Lite","YATT::Lite::Test::XHFTest2" => "YATT-Lite","YATT::Lite::Test::XHFTest::Item" => "YATT-Lite","YATT::Lite::Types" => "YATT-Lite","YATT::Lite::Types::TypeDesc" => "YATT-Lite","YATT::Lite::Util" => "YATT-Lite","YATT::Lite::Util::AllowRedundantSprintf" => "YATT-Lite","YATT::Lite::Util::AsBase" => "YATT-Lite","YATT::Lite::Util::CGICompat" => "YATT-Lite","YATT::Lite::Util::CmdLine" => "YATT-Lite","YATT::Lite::Util::CycleDetector" => "YATT-Lite","YATT::Lite::Util::Enum" => "YATT-Lite","YATT::Lite::Util::File" => "YATT-Lite","YATT::Lite::Util::FindMethods" => "YATT-Lite","YATT::Lite::VFS" => "YATT-Lite","YATT::Lite::VarMaker" => "YATT-Lite","YATT::Lite::VarTypes" => "YATT-Lite","YATT::Lite::VarTypes::t_delegate" => "YATT-Lite","YATT::Lite::VarTypes::t_html" => "YATT-Lite","YATT::Lite::Walker" => "YATT-Lite","YATT::Lite::WebMVC0::Connection" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema::DBIC" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema::DBIC::DBIC_SCHEMA" => "YATT-Lite","YATT::Lite::WebMVC0::DirApp" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::LangSwitch" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session2" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session3" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp::CGI" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp::FCGI" => "YATT-Lite","YATT::Lite::WebMVC0::SubRoutes" => "YATT-Lite","YATT::Lite::XHF" => "YATT-Lite","YATT::Lite::XHF::Dumper" => "YATT-Lite","YATT::Lite::XHF::StoreDir" => "YATT-Lite","Yancy" => "Yancy","Yancy::Backend" => "Yancy","Yancy::Backend::Dbic" => "Yancy","Yancy::Backend::Memory" => "Yancy","Yancy::Backend::MojoDB" => "Yancy","Yancy::Backend::Mysql" => "Yancy","Yancy::Backend::Pg" => "Yancy","Yancy::Backend::Role::DBI" => "Yancy","Yancy::Backend::Role::MojoAsync" => "Yancy","Yancy::Backend::Role::Relational" => "Yancy","Yancy::Backend::Role::Sync" => "Yancy","Yancy::Backend::Sqlite" => "Yancy","Yancy::Command::backend" => "Yancy","Yancy::Command::backend::copy" => "Yancy","Yancy::Controller::Yancy" => "Yancy","Yancy::Controller::Yancy::API" => "Yancy","Yancy::Controller::Yancy::MultiTenant" => "Yancy","Yancy::I18N" => "Yancy","Yancy::I18N::en" => "Yancy","Yancy::Model" => "Yancy","Yancy::Model::Item" => "Yancy","Yancy::Model::Schema" => "Yancy","Yancy::Plugin::Auth" => "Yancy","Yancy::Plugin::Auth::Basic" => "Yancy","Yancy::Plugin::Auth::Github" => "Yancy","Yancy::Plugin::Auth::OAuth2" => "Yancy","Yancy::Plugin::Auth::Password" => "Yancy","Yancy::Plugin::Auth::Role::RequireUser" => "Yancy","Yancy::Plugin::Auth::Token" => "Yancy","Yancy::Plugin::Editor" => "Yancy","Yancy::Plugin::File" => "Yancy","Yancy::Plugin::Form" => "Yancy","Yancy::Plugin::Form::Bootstrap4" => "Yancy","Yancy::Plugin::Roles" => "Yancy","Yancy::Util" => "Yancy","Yote" => "Yote","Yote::Array" => "Yote","Yote::ArrayGatekeeper" => "Yote","Yote::BigHash" => "Yote","Yote::Hash" => "Yote","Yote::Obj" => "Yote","Yote::ObjStore" => "Yote","Yote::YoteDB" => "Yote","Yukki" => "Yukki","Yukki::Error" => "Yukki","Yukki::Error::Fixup" => "Yukki","Yukki::Model" => "Yukki","Yukki::Model::File" => "Yukki","Yukki::Model::FilePreview" => "Yukki","Yukki::Model::Repository" => "Yukki","Yukki::Model::User" => "Yukki","Yukki::Role::App" => "Yukki","Yukki::Settings" => "Yukki","Yukki::Settings::Anonymous" => "Yukki","Yukki::Settings::Repository" => "Yukki","Yukki::Types" => "Yukki","Yukki::Web" => "Yukki","Yukki::Web::Context" => "Yukki","Yukki::Web::Controller" => "Yukki","Yukki::Web::Controller::Attachment" => "Yukki","Yukki::Web::Controller::Login" => "Yukki","Yukki::Web::Controller::Page" => "Yukki","Yukki::Web::Controller::Redirect" => "Yukki","Yukki::Web::Plugin" => "Yukki","Yukki::Web::Plugin::Attachment" => "Yukki","Yukki::Web::Plugin::Role::FormatHelper" => "Yukki","Yukki::Web::Plugin::Role::Formatter" => "Yukki","Yukki::Web::Plugin::Spreadsheet" => "Yukki","Yukki::Web::Plugin::SyntaxHighlight" => "Yukki","Yukki::Web::Plugin::Viewer" => "Yukki","Yukki::Web::Plugin::YukkiText" => "Yukki","Yukki::Web::Request" => "Yukki","Yukki::Web::Response" => "Yukki","Yukki::Web::Router" => "Yukki","Yukki::Web::Router::Route" => "Yukki","Yukki::Web::Router::Route::Match" => "Yukki","Yukki::Web::Settings" => "Yukki","Yukki::Web::View" => "Yukki","Yukki::Web::View::Attachment" => "Yukki","Yukki::Web::View::Login" => "Yukki","Yukki::Web::View::Page" => "Yukki","Zabbix::Reporter" => "Zabbix-Reporter","Zabbix::Reporter::Cmd" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command::actions" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command::list" => "Zabbix-Reporter","Zabbix::Reporter::Web" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::Demo" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::History" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::List" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::Selftest" => "Zabbix-Reporter","Zlib::OldDeflate" => "IO-Compress","Zlib::OldInflate" => "IO-Compress","Zonemaster::Backend" => "Zonemaster-Backend","Zonemaster::Backend::Config" => "Zonemaster-Backend","Zonemaster::Backend::Config::DCPlugin" => "Zonemaster-Backend","Zonemaster::Backend::DB" => "Zonemaster-Backend","Zonemaster::Backend::DB::MySQL" => "Zonemaster-Backend","Zonemaster::Backend::DB::PostgreSQL" => "Zonemaster-Backend","Zonemaster::Backend::DB::SQLite" => "Zonemaster-Backend","Zonemaster::Backend::Error" => "Zonemaster-Backend","Zonemaster::Backend::Error::Conflict" => "Zonemaster-Backend","Zonemaster::Backend::Error::Internal" => "Zonemaster-Backend","Zonemaster::Backend::Error::JsonError" => "Zonemaster-Backend","Zonemaster::Backend::Error::PermissionDenied" => "Zonemaster-Backend","Zonemaster::Backend::Error::ResourceNotFound" => "Zonemaster-Backend","Zonemaster::Backend::Log" => "Zonemaster-Backend","Zonemaster::Backend::Metrics" => "Zonemaster-Backend","Zonemaster::Backend::RPCAPI" => "Zonemaster-Backend","Zonemaster::Backend::TestAgent" => "Zonemaster-Backend","Zonemaster::Backend::Translator" => "Zonemaster-Backend","Zonemaster::Backend::Validator" => "Zonemaster-Backend","above" => "UR","arybase" => "perl","attributes" => "perl","attrs" => "perl","back_tick_a_command" => "PAR","blib" => "perl","builtin" => "perl","bytes" => "perl","charnames" => "perl","class_name" => "UR","cppAdaptive1" => "cppAdaptive1","cppAdaptive2" => "cppAdaptive2","cppAdaptive2::Inline" => "cppAdaptive2","deprecate" => "perl","diagnostics" => "perl","encoding" => "Encode","feature" => "perl","filetest" => "perl","for" => "perl","in" => "perl","integer" => "perl","java::lang::String" => "perl","less" => "perl","locale" => "perl","mod_perl" => "mod_perl","mod_perl2" => "mod_perl","mro" => "perl","of" => "perl","ojo" => "Mojolicious","open" => "perl","ops" => "perl","overload" => "perl","overload::numbers" => "perl","overloading" => "perl","pipe_a_command" => "PAR","pp" => "PAR-Packer","prior_to_test" => "PAR","pugs" => "Perl6-Pugs","re" => "perl","remove_file_and_try_executable_again" => "PAR","sigtrap" => "perl","site" => "Apache-ASP","sort" => "perl","source::encoding" => "perl","strict" => "perl","subs" => "perl","t::BHK" => "perl","t::Markers" => "perl","test_in_further_subdir" => "PAR","testcases::base" => "XAO-Web","testcases::requires" => "XAO-Web","utf8" => "perl","vars" => "perl","vmsish" => "perl","warnings" => "perl","warnings::register" => "perl","yaml_mapping" => "YAML","yaml_scalar" => "YAML","yaml_sequence" => "YAML"}}
 }
 
 __PACKAGE__;
diff --git a/Kernel/cpan-lib/CPANSA/DB.pm b/Kernel/cpan-lib/CPANSA/DB.pm
index 28ca41105..be3e92081 100644
--- a/Kernel/cpan-lib/CPANSA/DB.pm
+++ b/Kernel/cpan-lib/CPANSA/DB.pm
@@ -1,5 +1,5 @@
-# created by util/generate at Wed Mar 11 13:03:16 2026
-# https://github.com/briandfoy/cpan-security-advisory.git a9f8afbc36f0047a2a60bd8a66160f7ac2facb25
+# created by util/generate at Wed Mar 18 13:36:03 2026
+# https://github.com/briandfoy/cpan-security-advisory.git 0d05b0bcff541d0e5a25d50cd664f22548fea57f
 
 =encoding utf8
 
@@ -82,10 +82,10 @@ package CPANSA::DB;
 use strict;
 use warnings;
 
-our $VERSION = '20260311.002';
+our $VERSION = '20260318.001';
 
 sub db {
-	{"dists" => {"ActivePerl" => {"advisories" => [{"affected_versions" => ["==5.16.1.1601"],"cves" => ["CVE-2012-5377"],"description" => "Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\\Perl\\Site\\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2012-5377","references" => ["https://www.htbridge.com/advisory/HTB23108","http://osvdb.org/86177"],"reported" => "2012-10-11","severity" => undef},{"affected_versions" => ["==5.8.8.817"],"cves" => ["CVE-2006-2856"],"description" => "ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with \"Users\" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2006-2856","references" => ["http://secunia.com/advisories/20328","http://www.securityfocus.com/bid/18269","http://www.osvdb.org/25974","http://www.vupen.com/english/advisories/2006/2140","https://exchange.xforce.ibmcloud.com/vulnerabilities/26915"],"reported" => "2006-06-06","severity" => undef},{"affected_versions" => ["<=5.8.1"],"cves" => ["CVE-2004-2286"],"description" => "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-2286","references" => ["http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html","http://www.securityfocus.com/bid/10380","https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"],"reported" => "2004-12-31","severity" => undef},{"affected_versions" => ["<5.10"],"cves" => ["CVE-2004-2022"],"description" => "ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow.  NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-2022","references" => ["http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt","http://www.perlmonks.org/index.pl?node_id=354145","http://www.securityfocus.com/bid/10375","http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html","http://marc.info/?l=full-disclosure&m=108489112131099&w=2","http://marc.info/?l=full-disclosure&m=108482796105922&w=2","http://marc.info/?l=full-disclosure&m=108483058514596&w=2","http://marc.info/?l=bugtraq&m=108489894009025&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/16169"],"reported" => "2004-12-31","severity" => undef},{"affected_versions" => [],"cves" => ["CVE-2004-0377"],"description" => "Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-0377","references" => ["http://www.kb.cert.org/vuls/id/722414","http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html","http://public.activestate.com/cgi-bin/perlbrowse?patch=22552","http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities","http://marc.info/?l=bugtraq&m=108118694327979&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/15732"],"reported" => "2004-05-04","severity" => undef},{"affected_versions" => ["<=5.6.1.629"],"cves" => ["CVE-2001-0815"],"description" => "Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2001-0815","references" => ["http://bugs.activestate.com/show_bug.cgi?id=18062","http://www.securityfocus.com/bid/3526","http://www.osvdb.org/678","http://marc.info/?l=bugtraq&m=100583978302585&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/7539"],"reported" => "2001-12-06","severity" => undef}],"main_module" => "","versions" => []},"Alien-FreeImage" => {"advisories" => [{"affected_versions" => [">=0.001,<=0.011"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Alien-FreeImage","fixed_versions" => [],"id" => "CPANSA-Alien-FreeImage-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=1.000_1,<=1.001"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Alien-FreeImage","fixed_versions" => [],"id" => "CPANSA-Alien-FreeImage-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef}],"main_module" => "Alien::FreeImage","versions" => [{"date" => "2014-11-27T21:33:19","version" => "0.001"},{"date" => "2014-11-27T23:23:17","version" => "0.002"},{"date" => "2014-11-28T06:50:21","version" => "0.003"},{"date" => "2014-11-28T08:16:43","version" => "0.004"},{"date" => "2014-11-28T09:42:55","version" => "0.005"},{"date" => "2014-11-29T17:54:12","version" => "0.006"},{"date" => "2014-11-29T22:00:16","version" => "0.007"},{"date" => "2014-11-29T22:04:22","version" => "0.008"},{"date" => "2014-11-30T21:50:53","version" => "0.009"},{"date" => "2014-12-08T22:22:02","version" => "0.010"},{"date" => "2014-12-09T21:26:56","version" => "0.011"},{"date" => "2017-06-25T21:05:55","version" => "1.000_1"},{"date" => "2017-06-26T17:54:11","version" => "1.000_2"},{"date" => "2017-06-27T08:30:16","version" => "1.000_3"},{"date" => "2017-07-11T11:46:10","version" => "1.001"}]},"Alien-GCrypt" => {"advisories" => [{"affected_versions" => [">=1.6.2.0,<=1.6.2.1"],"cves" => ["CVE-2018-0495"],"description" => "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.\n","distribution" => "Alien-GCrypt","fixed_versions" => [],"id" => "CPANSA-Alien-GCrypt-2018-0495-libgcrypt","references" => ["https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://dev.gnupg.org/T4011","https://www.debian.org/security/2018/dsa-4231","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3689-1/","http://www.securitytracker.com/id/1041147","http://www.securitytracker.com/id/1041144","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3692-1/","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237"],"reported" => "2018-06-13","severity" => "medium"},{"affected_versions" => ["==1.6.5.0"],"cves" => ["CVE-2018-0495"],"description" => "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.\n","distribution" => "Alien-GCrypt","fixed_versions" => [],"id" => "CPANSA-Alien-GCrypt-2018-0495-libgcrypt","references" => ["https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://dev.gnupg.org/T4011","https://www.debian.org/security/2018/dsa-4231","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3689-1/","http://www.securitytracker.com/id/1041147","http://www.securitytracker.com/id/1041144","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3692-1/","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237"],"reported" => "2018-06-13","severity" => "medium"}],"main_module" => "Alien::GCrypt","versions" => [{"date" => "2014-11-19T00:20:20","version" => "1.6.2.0"},{"date" => "2014-11-21T22:25:49","version" => "1.6.2.1"},{"date" => "2016-03-11T00:00:36","version" => "1.6.5.0"}]},"Alien-OTR" => {"advisories" => [{"affected_versions" => [">=4.0.0.0,<=4.0.0.1"],"cves" => ["CVE-2016-2851"],"description" => "Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.\n","distribution" => "Alien-OTR","fixed_versions" => [],"id" => "CPANSA-Alien-OTR-2016-2851-libotr","references" => ["https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/","http://www.debian.org/security/2016/dsa-3512","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html","https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html","http://seclists.org/fulldisclosure/2016/Mar/21","http://www.securityfocus.com/bid/84285","http://www.ubuntu.com/usn/USN-2926-1","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html","https://security.gentoo.org/glsa/201701-10","https://www.exploit-db.com/exploits/39550/","http://www.securityfocus.com/archive/1/537745/100/0/threaded"],"reported" => "2016-04-07","severity" => "critical"},{"affected_versions" => ["==4.1.0.0"],"cves" => ["CVE-2016-2851"],"description" => "Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.\n","distribution" => "Alien-OTR","fixed_versions" => [],"id" => "CPANSA-Alien-OTR-2016-2851-libotr","references" => ["https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/","http://www.debian.org/security/2016/dsa-3512","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html","https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html","http://seclists.org/fulldisclosure/2016/Mar/21","http://www.securityfocus.com/bid/84285","http://www.ubuntu.com/usn/USN-2926-1","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html","https://security.gentoo.org/glsa/201701-10","https://www.exploit-db.com/exploits/39550/","http://www.securityfocus.com/archive/1/537745/100/0/threaded"],"reported" => "2016-04-07","severity" => "critical"}],"main_module" => "Alien::OTR","versions" => [{"date" => "2014-02-04T00:25:37","version" => "4.0.0.0"},{"date" => "2014-06-16T00:29:25","version" => "4.0.0.1"},{"date" => "2014-11-19T00:30:34","version" => "4.1.0.0"},{"date" => "2016-03-10T23:38:55","version" => "4.1.1.0"}]},"Alien-PCRE2" => {"advisories" => [{"affected_versions" => ["<0.016000"],"comment" => "This Alien module fetches libpcre2 sources from the network. It tries to get the latest unless you set environment variables to get a different version.\n","cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "Alien-PCRE2","fixed_versions" => [">=0.016000"],"id" => "CPANSA-Alien-PCRE2-2019-20454","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"}],"main_module" => "Alien::PCRE2","versions" => [{"date" => "2017-06-30T23:18:21","version" => "0.001000"},{"date" => "2017-07-01T02:48:02","version" => "0.002000"},{"date" => "2017-07-02T04:51:35","version" => "0.003000"},{"date" => "2017-07-02T06:53:29","version" => "0.004000"},{"date" => "2017-07-02T09:21:41","version" => "0.005000"},{"date" => "2017-07-03T01:03:23","version" => "0.006000"},{"date" => "2017-07-12T17:40:07","version" => "0.007000"},{"date" => "2017-07-13T07:43:28","version" => "0.008000"},{"date" => "2017-07-15T10:31:20","version" => "0.009000"},{"date" => "2017-07-17T04:44:54","version" => "0.010000"},{"date" => "2017-07-18T18:30:06","version" => "0.011000"},{"date" => "2017-07-19T05:07:21","version" => "0.012000"},{"date" => "2017-07-23T04:43:01","version" => "0.013000"},{"date" => "2017-11-01T02:50:14","version" => "0.014000"},{"date" => "2017-11-08T00:42:33","version" => "0.015000"},{"date" => "2022-05-08T20:22:53","version" => "0.016000"},{"date" => "2023-02-04T00:21:59","version" => "0.017000"}]},"Alien-SVN" => {"advisories" => [{"affected_versions" => [">=1.4.5.0,<=1.4.5.3"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.4.6.0,<=1.4.6.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.6.12.0,<=1.6.12.1"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.7.3.0,<=1.17.3.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.7.17.0,<=1.17.1.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => ["==1.7.19.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-subversion","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2018-11782"],"description" => "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2018-11782-subversion","references" => ["http://subversion.apache.org/security/CVE-2018-11782-advisory.txt"],"reported" => "2019-09-26","severity" => "medium"},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2019-0203"],"description" => "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2019-0203-subversion","references" => ["http://subversion.apache.org/security/CVE-2019-0203-advisory.txt"],"reported" => "2019-09-26","severity" => "high"},{"affected_versions" => [">=1.4.5.0,<=1.4.5.3"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => ["==1.4.6.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.6.12.0,<=1.6.12.1"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.7.17.0,<=1.7.17.1"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => ["==1.7.19.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.7.3.0,<=1.7.3.1"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2015-3187"],"description" => "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2015-3187-svn","references" => ["http://www.securitytracker.com/id/1033215","http://subversion.apache.org/security/CVE-2015-3187-advisory.txt","http://www.debian.org/security/2015/dsa-3331","http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html","http://rhn.redhat.com/errata/RHSA-2015-1633.html","https://support.apple.com/HT206172","http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html","http://www.securityfocus.com/bid/76273","http://rhn.redhat.com/errata/RHSA-2015-1742.html","http://www.ubuntu.com/usn/USN-2721-1","https://security.gentoo.org/glsa/201610-05"],"reported" => "2015-08-12","severity" => undef}],"main_module" => "Alien::SVN","versions" => [{"date" => "2007-09-12T10:21:02","version" => "1.4.5.0"},{"date" => "2007-09-21T01:13:48","version" => "1.4.5.1"},{"date" => "2007-09-21T11:45:13","version" => "1.4.5.2"},{"date" => "2007-12-26T09:04:20","version" => "1.4.5.3"},{"date" => "2007-12-27T05:34:26","version" => "1.4.6.0"},{"date" => "2010-08-18T07:45:18","version" => "v1.6.12.0"},{"date" => "2011-02-23T00:51:22","version" => "v1.6.12.1"},{"date" => "2012-03-02T00:57:20","version" => "v1.7.3.0"},{"date" => "2012-03-18T22:14:33","version" => "v1.7.3.1"},{"date" => "2014-06-12T04:08:38","version" => "v1.7.17.0"},{"date" => "2014-06-12T17:19:44","version" => "v1.7.17.1"},{"date" => "2015-01-12T23:26:41","version" => "v1.7.19.0"},{"date" => "2015-01-13T00:12:19","version" => "v1.8.11.0"}]},"Amon2-Auth-Site-LINE" => {"advisories" => [{"affected_versions" => ["<0.05"],"cves" => ["CVE-2024-57835"],"description" => "Amon2::Auth::Site::LINE uses the String::Random module\x{a0}to generate nonce values.\x{a0}String::Random\x{a0}defaults to Perl's built-in predictable\x{a0}random number generator,\x{a0}the rand() function, which is not cryptographically secure\n","distribution" => "Amon2-Auth-Site-LINE","fixed_versions" => [">=0.05"],"id" => "CPANSA-Amon2-Auth-Site-LINE-2024-57835","references" => ["https://metacpan.org/release/SHLOMIF/String-Random-0.32/source/lib/String/Random.pm#L377","https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L235","https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L255","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://jvndb.jvn.jp/ja/contents/2025/JVNDB-2025-003449.html"],"reported" => "2025-04-05","severity" => "moderate"}],"main_module" => "Amon2::Auth::Site::LINE","versions" => [{"date" => "2020-11-21T06:34:32","version" => "0.01"},{"date" => "2020-11-23T00:05:03","version" => "0.02"},{"date" => "2020-11-25T01:33:35","version" => "0.03"},{"date" => "2020-11-26T07:04:40","version" => "0.04"},{"date" => "2025-05-20T12:14:56","version" => "0.05"}]},"Apache-ASP" => {"advisories" => [{"affected_versions" => ["<1.95"],"cves" => [],"description" => "A bug would allow a malicious user possible writing of files in the same directory as the source.asp script.\n","distribution" => "Apache-ASP","fixed_versions" => [">=1.95"],"id" => "CPANSA-Apache-ASP-2000-01","references" => ["https://metacpan.org/release/CHAMAS/Apache-ASP-2.63/source/README"],"reported" => "2000-07-10","severity" => undef}],"main_module" => "Apache::ASP","versions" => [{"date" => "1998-06-24T02:10:51","version" => "0.01"},{"date" => "1998-07-11T01:48:14","version" => "0.02"},{"date" => "1998-09-14T11:13:32","version" => "0.03"},{"date" => "1998-10-12T07:50:56","version" => "0.04"},{"date" => "1998-10-18T21:29:19","version" => "0.05"},{"date" => "1999-02-06T06:04:50","version" => "0.08"},{"date" => "1999-04-22T08:30:57","version" => "0.09"},{"date" => "1999-06-24T20:04:52","version" => "0.11"},{"date" => "1999-07-02T07:05:05","version" => "0.12"},{"date" => "1999-07-29T10:58:20","version" => "0.14"},{"date" => "1999-08-25T02:02:31","version" => "0.15"},{"date" => "1999-09-22T20:54:01","version" => "0.16"},{"date" => "1999-11-16T04:44:48","version" => "0.17"},{"date" => "2000-02-04T02:14:14","version" => "0.18"},{"date" => "2000-07-03T13:08:54","version" => "1.91"},{"date" => "2000-07-03T22:43:45","version" => "1.93"},{"date" => "2000-07-11T01:44:02","version" => "1.95"},{"date" => "2000-07-16T07:17:39","version" => "2.00"},{"date" => "2000-07-22T23:31:36","version" => "2.01"},{"date" => "2000-08-02T00:11:15","version" => "2.03"},{"date" => "2000-11-26T19:15:48","version" => "2.07"},{"date" => "2001-01-31T04:03:17","version" => "2.09"},{"date" => "2001-05-30T01:37:39","version" => "2.11"},{"date" => "2001-06-12T00:41:33","version" => "2.15"},{"date" => "2001-06-18T02:35:48","version" => "2.17"},{"date" => "2001-07-11T05:27:22","version" => "2.19"},{"date" => "2001-08-05T23:01:50","version" => "2.21"},{"date" => "2001-10-11T07:54:39","version" => "2.23"},{"date" => "2001-10-11T23:34:01","version" => "2.25"},{"date" => "2001-11-01T01:11:12","version" => "2.27"},{"date" => "2001-11-19T21:41:12","version" => "2.29"},{"date" => "2002-01-22T09:52:49","version" => "2.31"},{"date" => "2002-04-30T09:12:20","version" => "2.33"},{"date" => "2002-05-30T19:47:22","version" => "2.35"},{"date" => "2002-07-03T21:11:15","version" => "2.37"},{"date" => "2002-09-12T08:16:20","version" => "2.39"},{"date" => "2002-09-30T06:35:47","version" => "2.41"},{"date" => "2002-10-14T04:01:36","version" => "2.45"},{"date" => "2002-11-07T02:03:41","version" => "2.47"},{"date" => "2002-11-11T07:15:21","version" => "2.49"},{"date" => "2003-02-10T21:11:34","version" => "2.51"},{"date" => "2003-04-10T16:27:14","version" => "2.53"},{"date" => "2003-08-10T07:39:57","version" => "2.55"},{"date" => "2004-01-29T08:30:48","version" => "2.57"},{"date" => "2005-05-24T05:52:39","version" => "2.59"},{"date" => "2008-05-25T23:07:57","version" => "2.61"},{"date" => "2011-10-02T19:18:10","version" => "2.62"},{"date" => "2012-02-13T23:15:04","version" => "2.62"},{"date" => "2018-03-15T05:28:37","version" => "2.63"}]},"Apache-AuthCAS" => {"advisories" => [{"affected_versions" => ["<0.5"],"cves" => ["CVE-2007-6342"],"description" => "A tainted cookie could be sent by a malicious user and it would be used in an SQL query without protection against SQL injection.\n","distribution" => "Apache-AuthCAS","fixed_versions" => [">=0.5"],"id" => "CPANSA-Apache-AuthCAS-2007-01","references" => ["https://metacpan.org/changes/distribution/Apache-AuthCAS","https://cxsecurity.com/issue/WLB-2007120031"],"reported" => "2007-12-13","severity" => "high"}],"main_module" => "Apache::AuthCAS","versions" => [{"date" => "2004-09-15T19:17:43","version" => "0.1"},{"date" => "2004-09-15T20:11:40","version" => "0.2"},{"date" => "2004-10-05T22:51:50","version" => "0.3"},{"date" => "2004-10-13T00:45:52","version" => "0.4"},{"date" => "2008-03-23T23:03:16","version" => "0.5"}]},"Apache-AuthenHook" => {"advisories" => [{"affected_versions" => [">=2.00_04"],"cves" => ["CVE-2010-3845"],"description" => "libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.\n","distribution" => "Apache-AuthenHook","fixed_versions" => [],"id" => "CPANSA-Apache-AuthenHook-2010-3845","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=62040","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712","http://seclists.org/oss-sec/2010/q4/63"],"reported" => "2017-08-08","severity" => "critical"}],"main_module" => "Apache::AuthenHook","versions" => [{"date" => "2003-06-20T19:05:21","version" => "2.00_01"},{"date" => "2004-04-06T01:20:10","version" => "2.00_03"},{"date" => "2005-04-14T12:57:55","version" => "2.00_04"}]},"Apache-MP3" => {"advisories" => [{"affected_versions" => ["<2.15"],"cves" => [],"description" => "A security bug allowed people to bypass the AllowDownload setting.\n","distribution" => "Apache-MP3","fixed_versions" => [">=2.15"],"id" => "CPANSA-Apache-MP3-2001-01","references" => ["https://metacpan.org/dist/Apache-MP3/changes"],"reported" => "2001-01-01","severity" => undef}],"main_module" => "Apache::MP3","versions" => [{"date" => "2000-03-20T13:00:07","version" => "1.00"},{"date" => "2000-05-27T04:19:21","version" => "2.00"},{"date" => "2000-05-27T04:34:42","version" => "2.01"},{"date" => "2000-05-28T16:17:59","version" => "2.02"},{"date" => "2000-08-23T13:46:23","version" => "2.04"},{"date" => "2000-08-25T14:45:54","version" => "2.05"},{"date" => "2000-08-26T03:41:07","version" => "2.06"},{"date" => "2000-08-31T20:28:28","version" => "2.08"},{"date" => "2000-09-03T18:31:17","version" => "2.10"},{"date" => "2000-09-09T22:12:04","version" => "2.11"},{"date" => "2000-11-21T22:15:07","version" => "2.12"},{"date" => "2000-12-31T04:29:03","version" => "2.14"},{"date" => "2001-01-02T03:37:33","version" => "2.15"},{"date" => "2001-05-01T02:43:47","version" => "2.16"},{"date" => "2001-06-10T22:02:46","version" => "2.18"},{"date" => "2001-07-17T01:39:59","version" => "2.19"},{"date" => "2001-09-26T01:14:42","version" => "2.20"},{"date" => "2002-01-06T20:38:33","version" => "2.22"},{"date" => "2002-05-31T01:12:04","version" => "2.26"},{"date" => "2002-08-16T04:18:25","version" => "3.00"},{"date" => "2002-08-18T17:41:46","version" => "3.01"},{"date" => "2002-10-14T03:26:03","version" => "3.03"},{"date" => "2003-02-15T00:51:19","version" => "3.04"},{"date" => "2003-10-06T14:12:34","version" => "3.05"},{"date" => "2006-04-15T01:26:38","version" => "4.00"}]},"Apache-Session" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40931"],"description" => "Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.  Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache-Session","fixed_versions" => [],"id" => "CPANSA-Apache-Session-2025-40931","references" => ["https://metacpan.org/dist/Apache-Session/source/lib/Apache/Session/Generate/MD5.pm#L27","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Apache::Session","versions" => [{"date" => "1998-05-20T21:03:28","version" => "0.10"},{"date" => "1998-06-26T23:12:16","version" => "0.12"},{"date" => "1998-07-08T11:14:44","version" => "0.13"},{"date" => "1998-07-20T07:21:32","version" => "0.14"},{"date" => "1998-09-15T21:29:50","version" => "0.16"},{"date" => "1998-09-29T05:20:47","version" => "v0.16.1"},{"date" => "1998-11-14T20:39:57","version" => "0.17"},{"date" => "1998-12-09T18:17:21","version" => "v0.17.1"},{"date" => "1999-01-28T19:45:49","version" => "v0.99.0"},{"date" => "1999-02-14T21:44:23","version" => "v0.99.3"},{"date" => "1999-02-16T05:47:59","version" => "v0.99.5"},{"date" => "1999-03-01T05:57:39","version" => "v0.99.6"},{"date" => "1999-03-03T23:57:45","version" => "v0.99.7"},{"date" => "1999-04-05T04:51:55","version" => "v0.99.8"},{"date" => "1999-08-16T02:06:04","version" => "1.00"},{"date" => "1999-09-12T04:35:00","version" => "1.03"},{"date" => "2000-05-26T16:31:41","version" => "1.50"},{"date" => "2000-05-26T22:31:44","version" => "1.51"},{"date" => "2000-07-24T03:48:07","version" => "1.52"},{"date" => "2000-09-01T22:43:07","version" => "1.53"},{"date" => "2001-10-11T18:37:18","version" => "1.54"},{"date" => "2004-02-24T19:58:32","version" => "1.6"},{"date" => "2004-09-01T18:55:04","version" => "1.70_01"},{"date" => "2005-10-06T22:17:32","version" => "1.80"},{"date" => "2006-05-23T16:03:15","version" => "1.81"},{"date" => "2007-02-12T17:53:50","version" => "1.81_01"},{"date" => "2007-02-21T13:35:35","version" => "1.82"},{"date" => "2007-03-10T11:45:09","version" => "1.82_01"},{"date" => "2007-03-11T15:30:47","version" => "1.82_02"},{"date" => "2007-03-12T22:00:28","version" => "1.82_03"},{"date" => "2007-04-27T20:08:58","version" => "1.82_04"},{"date" => "2007-05-14T09:03:50","version" => "1.82_05"},{"date" => "2007-05-25T11:28:49","version" => "1.83"},{"date" => "2007-08-03T21:02:51","version" => "1.83_01"},{"date" => "2007-10-02T12:53:28","version" => "1.84"},{"date" => "2007-11-26T22:09:17","version" => "1.84_01"},{"date" => "2007-12-21T22:28:51","version" => "1.85"},{"date" => "2008-01-24T15:00:36","version" => "1.85_01"},{"date" => "2008-02-01T12:14:19","version" => "1.86"},{"date" => "2008-06-20T09:48:31","version" => "1.86_01"},{"date" => "2008-06-27T20:54:45","version" => "1.86_02"},{"date" => "2008-08-03T11:34:12","version" => "1.86_03"},{"date" => "2008-08-08T09:28:24","version" => "1.87"},{"date" => "2008-12-20T21:04:01","version" => "1.88"},{"date" => "2010-09-21T22:56:17","version" => "1.89"},{"date" => "2013-01-27T13:38:31","version" => "1.90"},{"date" => "2014-01-06T22:44:40","version" => "1.91"},{"date" => "2014-03-08T23:03:33","version" => "1.92"},{"date" => "2014-04-12T19:35:25","version" => "1.93"},{"date" => "2020-09-18T22:00:45","version" => "1.94"}]},"Apache-Session-Browseable" => {"advisories" => [{"affected_versions" => ["<1.3.6"],"cves" => ["CVE-2020-36659"],"description" => "In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n","distribution" => "Apache-Session-Browseable","fixed_versions" => [">=1.3.6"],"id" => "CPANSA-Apache-Session-Browseable-2020-36659","references" => ["https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f","https://lists.debian.org/debian-lts-announce/2023/01/msg00025.html"],"reported" => "2023-01-27","severity" => undef}],"main_module" => "Apache::Session::Browseable","versions" => [{"date" => "2009-10-31T08:09:42","version" => "0.1"},{"date" => "2009-11-01T09:10:13","version" => "0.2"},{"date" => "2009-11-01T16:21:16","version" => "0.3"},{"date" => "2010-08-16T15:26:19","version" => "0.4"},{"date" => "2010-12-06T21:08:25","version" => "0.5"},{"date" => "2010-12-08T15:45:21","version" => "0.6"},{"date" => "2012-06-24T07:14:37","version" => "0.7"},{"date" => "2012-10-13T16:15:41","version" => "0.8"},{"date" => "2013-02-28T06:05:09","version" => "0.9"},{"date" => "2013-08-28T04:42:23","version" => "1.0"},{"date" => "2013-08-30T04:47:02","version" => "1.0"},{"date" => "2013-10-20T05:39:14","version" => "v1.0.2"},{"date" => "2015-06-12T15:56:45","version" => "1.1"},{"date" => "2016-03-09T05:31:13","version" => "1.2"},{"date" => "2016-03-10T06:30:41","version" => "v1.2.1"},{"date" => "2016-04-01T11:34:51","version" => "v1.2.2"},{"date" => "2016-06-07T13:59:19","version" => "v1.2.3"},{"date" => "2017-02-19T07:34:18","version" => "v1.2.4"},{"date" => "2017-04-04T05:18:26","version" => "v1.2.5"},{"date" => "2017-09-12T09:35:30","version" => "v1.2.5"},{"date" => "2017-10-03T05:00:07","version" => "v1.2.7"},{"date" => "2017-10-03T10:42:35","version" => "v1.2.8"},{"date" => "2019-02-08T06:29:20","version" => "v1.2.9"},{"date" => "2019-02-08T09:31:22","version" => "v1.3.0"},{"date" => "2019-05-04T10:55:48","version" => "v1.3.1"},{"date" => "2019-07-04T18:30:30","version" => "v1.3.2"},{"date" => "2019-09-19T20:44:43","version" => "v1.3.3"},{"date" => "2019-11-20T19:43:04","version" => "v1.3.4"},{"date" => "2020-01-21T10:20:26","version" => "v1.3.5"},{"date" => "2020-09-04T13:23:31","version" => "v1.3.6"},{"date" => "2020-09-04T13:39:40","version" => "v1.3.7"},{"date" => "2020-09-06T21:03:06","version" => "v1.3.8"},{"date" => "2021-08-10T04:44:06","version" => "v1.3.9"},{"date" => "2022-03-08T13:51:31","version" => "v1.3.10"},{"date" => "2022-09-26T16:41:24","version" => "v1.3.11"},{"date" => "2023-07-06T10:43:25","version" => "v1.3.12"},{"date" => "2023-07-06T11:38:32","version" => "v1.3.13"},{"date" => "2024-12-19T07:59:19","version" => "v1.3.13"},{"date" => "2025-04-10T19:24:48","version" => "v1.3.15"},{"date" => "2025-04-12T10:31:56","version" => "v1.3.16"},{"date" => "2025-06-18T12:49:41","version" => "v1.3.17"},{"date" => "2025-09-23T10:46:46","version" => "v1.3.18"}]},"Apache-Session-LDAP" => {"advisories" => [{"affected_versions" => ["<0.5"],"cves" => ["CVE-2020-36658"],"description" => "In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n","distribution" => "Apache-Session-LDAP","fixed_versions" => [">=0.5"],"id" => "CPANSA-Apache-Session-LDAP-2020-36658","references" => ["https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f","https://lists.debian.org/debian-lts-announce/2023/01/msg00024.html"],"reported" => "2023-01-27","severity" => undef}],"main_module" => "Apache::Session::LDAP","versions" => [{"date" => "2009-04-18T17:09:10","version" => "0.01"},{"date" => "2009-04-18T19:43:50","version" => "0.02"},{"date" => "2010-12-08T15:30:51","version" => "0.1"},{"date" => "2012-06-26T04:22:47","version" => "0.2"},{"date" => "2014-10-24T12:21:07","version" => "0.2"},{"date" => "2015-06-12T15:47:40","version" => "0.4"},{"date" => "2020-09-06T13:13:20","version" => "0.2"}]},"Apache-SessionX" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40932"],"description" => "Apache::SessionX versions through 2.01 for Perl create insecure session id.  Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache-SessionX","fixed_versions" => [],"id" => "CPANSA-Apache-SessionX-2005-01","references" => ["https://metacpan.org/release/GRICHTER/Apache-SessionX-2.01/source/SessionX/Generate/MD5.pm#L29","https://metacpan.org/changes/distribution/Apache-SessionX"],"reported" => "2005-11-15","severity" => undef}],"main_module" => "Apache::SessionX","versions" => [{"date" => "2001-11-20T15:36:53","version" => "2.00"},{"date" => "2003-03-02T14:18:57","version" => "2.00"},{"date" => "2005-11-15T05:21:49","version" => "2.01"}]},"Apache-Wyrd" => {"advisories" => [{"affected_versions" => ["<0.97"],"cves" => [],"description" => "User-submitted data cab be executed if it is displayed on a page, if the data contains a string that can be interpreted as a Wyrd.\n","distribution" => "Apache-Wyrd","fixed_versions" => [">=0.97"],"id" => "CPANSA-Apache-Wyrd-2008-01","references" => ["https://metacpan.org/dist/Apache-Wyrd/changes"],"reported" => "2008-04-14","severity" => undef}],"main_module" => "Apache::Wyrd","versions" => [{"date" => "2004-03-17T21:36:52","version" => "0.8"},{"date" => "2004-03-18T22:52:04","version" => "0.81"},{"date" => "2004-03-25T23:52:49","version" => "0.82"},{"date" => "2004-08-19T15:42:55","version" => "0.83"},{"date" => "2004-09-03T19:44:01","version" => "0.84"},{"date" => "2004-09-22T16:08:23","version" => "0.85"},{"date" => "2004-09-23T02:04:43","version" => "0.86"},{"date" => "2004-10-31T20:59:42","version" => "0.87"},{"date" => "2004-12-16T20:56:33","version" => "0.90"},{"date" => "2005-01-09T21:52:49","version" => "0.91"},{"date" => "2005-01-13T17:42:18","version" => "0.92"},{"date" => "2005-03-25T21:22:56","version" => "0.93"},{"date" => "2006-10-22T22:57:04","version" => "0.94"},{"date" => "2007-04-30T23:02:05","version" => "0.95"},{"date" => "2007-05-01T15:20:02","version" => "0.96"},{"date" => "2008-04-14T18:49:14","version" => "0.97"},{"date" => "2008-04-15T21:32:47","version" => "0.98"}]},"Apache2-AuthAny" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40933"],"description" => "Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely.  Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache2-AuthAny","fixed_versions" => [],"id" => "CPANSA-Apache2-AuthAny-2025-40933","references" => ["https://metacpan.org/release/KGOLDOV/Apache2-AuthAny-0.201/source/lib/Apache2/AuthAny/Cookie.pm"],"reported" => "2025-09-17","severity" => undef}],"main_module" => "Apache2::AuthAny","versions" => [{"date" => "2011-05-09T22:32:29","version" => "0.20"},{"date" => "2011-05-16T18:32:03","version" => "0.201"}]},"App-Context" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.968"],"cves" => ["CVE-2012-6141"],"description" => "The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.\n","distribution" => "App-Context","fixed_versions" => [">0.968"],"id" => "CPANSA-App-Context-2012-6141","references" => ["http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84198"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "App::Context","versions" => [{"date" => "2002-10-10T21:31:39","version" => "0.01"},{"date" => "2004-09-02T21:17:44","version" => "0.90"},{"date" => "2005-01-07T14:02:06","version" => "0.93"},{"date" => "2005-08-09T20:05:02","version" => "0.95"},{"date" => "2006-03-10T04:24:13","version" => "0.96"},{"date" => "2006-03-12T01:30:11","version" => "0.962"},{"date" => "2006-07-25T02:30:21","version" => "0.963"},{"date" => "2006-09-04T19:41:12","version" => "0.964"},{"date" => "2007-04-17T13:33:24","version" => "0.965"},{"date" => "2008-02-27T03:13:41","version" => "0.966"},{"date" => "2008-02-27T14:19:23","version" => "0.9661"},{"date" => "2009-09-11T14:31:52","version" => "0.967"},{"date" => "2010-06-09T21:33:19","version" => "0.968"}]},"App-Genpass" => {"advisories" => [{"affected_versions" => ["<0.2400"],"cves" => [],"description" => "App-genpass before v0.2400 generated passwords using build in rand()\n","distribution" => "App-Genpass","fixed_versions" => [">=0.2400"],"id" => "CPANSA-App-Genpass-2024-001","references" => ["https://metacpan.org/dist/App-Genpass/changes","https://github.com/xsawyerx/app-genpass/pull/5","https://github.com/briandfoy/cpan-security-advisory/issues/178"],"reported" => undef,"severity" => undef}],"main_module" => "App::Genpass","versions" => [{"date" => "2009-12-14T22:15:31","version" => "0.03"},{"date" => "2010-01-01T18:06:50","version" => "0.04"},{"date" => "2010-01-02T07:45:49","version" => "0.05"},{"date" => "2010-05-28T21:46:01","version" => "0.06"},{"date" => "2010-05-29T21:37:11","version" => "0.07"},{"date" => "2010-05-30T08:35:54","version" => "0.08"},{"date" => "2010-05-31T18:39:55","version" => "0.09"},{"date" => "2010-06-07T10:16:54","version" => "0.10"},{"date" => "2010-07-16T21:15:53","version" => "0.11"},{"date" => "2010-07-16T22:36:16","version" => "1.00"},{"date" => "2010-07-18T15:20:18","version" => "1.01"},{"date" => "2011-02-17T10:52:08","version" => "2.00"},{"date" => "2011-03-10T12:26:49","version" => "2.01"},{"date" => "2011-08-03T11:58:46","version" => "2.02"},{"date" => "2011-08-03T16:05:37","version" => "2.03"},{"date" => "2011-08-06T07:36:59","version" => "2.04"},{"date" => "2011-08-08T12:51:57","version" => "2.10"},{"date" => "2011-11-27T17:45:15","version" => "2.20"},{"date" => "2012-03-26T19:55:19","version" => "2.30"},{"date" => "2012-06-26T08:16:36","version" => "2.31"},{"date" => "2012-06-30T23:12:23","version" => "2.32"},{"date" => "2012-11-20T08:48:46","version" => "2.33"},{"date" => "2014-08-04T20:00:26","version" => "2.34"},{"date" => "2016-10-12T08:56:56","version" => "2.400"},{"date" => "2016-10-14T21:27:13","version" => "2.401"}]},"App-Github-Email" => {"advisories" => [{"affected_versions" => ["<0.3.3"],"cves" => ["CVE-2015-7686"],"description" => "Insecure dependency on Email::Address.\n","distribution" => "App-Github-Email","fixed_versions" => [">=0.3.3"],"id" => "CPANSA-App-Github-Email-2018-01","references" => ["https://metacpan.org/changes/distribution/App-Github-Email","https://github.com/faraco/App-Github-Email/commit/b7f052280d1c8ae97bdefc106ca3cbba4aea7213"],"reported" => "2018-01-20"}],"main_module" => "App::Github::Email","versions" => [{"date" => "2017-01-16T08:03:02","version" => "0.0.1"},{"date" => "2017-01-16T12:56:51","version" => "0.0.2"},{"date" => "2017-01-16T17:38:16","version" => "0.0.3"},{"date" => "2017-03-11T10:45:23","version" => "0.0.4"},{"date" => "2017-04-05T11:19:02","version" => "0.0.5"},{"date" => "2017-04-15T17:35:18","version" => "0.0.6"},{"date" => "2017-05-19T05:05:24","version" => "0.0.7"},{"date" => "2017-12-18T14:11:19","version" => "0.1.0"},{"date" => "2017-12-21T08:24:12","version" => "0.1.1"},{"date" => "2018-01-15T03:18:05","version" => "0.2.0"},{"date" => "2018-01-20T12:55:34","version" => "0.2.1"},{"date" => "2018-08-30T16:07:18","version" => "0.3.1"},{"date" => "2018-08-30T16:13:54","version" => "0.3.2"},{"date" => "2018-08-31T03:49:31","version" => "0.3.3"}]},"App-Netdisco" => {"advisories" => [{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=2.028008,<=2.052002"],"cves" => ["CVE-2022-24785"],"description" => "Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2022-24785-momentjs","references" => ["https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5","https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4","https://www.tenable.com/security/tns-2022-09","https://security.netapp.com/advisory/ntap-20220513-0006/"],"reported" => "2022-04-04","severity" => "high"}],"main_module" => "App::Netdisco","versions" => [{"date" => "2012-12-20T21:16:29","version" => "2.00_011"},{"date" => "2012-12-21T08:21:35","version" => "2.00_012"},{"date" => "2013-01-05T16:14:21","version" => "2.00_012"},{"date" => "2013-01-06T01:16:03","version" => "2.00_012"},{"date" => "2013-01-06T02:03:22","version" => "2.00_012"},{"date" => "2013-01-14T22:16:29","version" => "2.00_012"},{"date" => "2013-01-30T13:23:14","version" => "2.004002"},{"date" => "2013-02-09T22:37:41","version" => "2.005000_001"},{"date" => "2013-02-10T21:39:04","version" => "2.005000_001"},{"date" => "2013-03-05T23:03:41","version" => "2.005000_003"},{"date" => "2013-03-05T23:21:44","version" => "2.005000_004"},{"date" => "2013-03-07T21:52:05","version" => "2.006000"},{"date" => "2013-03-17T14:50:06","version" => "2.007000_001"},{"date" => "2013-06-03T19:54:38","version" => "2.007000_002"},{"date" => "2013-06-08T20:22:28","version" => "2.007000_003"},{"date" => "2013-06-09T10:31:46","version" => "2.007000_004"},{"date" => "2013-06-09T13:10:45","version" => "2.007000_005"},{"date" => "2013-06-09T14:45:42","version" => "2.008000"},{"date" => "2013-06-11T12:39:12","version" => "2.008001"},{"date" => "2013-06-11T21:55:59","version" => "2.008002"},{"date" => "2013-06-16T17:29:20","version" => "2.009000_001"},{"date" => "2013-06-17T07:18:07","version" => "2.010000"},{"date" => "2013-06-17T22:10:21","version" => "2.010001_001"},{"date" => "2013-06-20T12:55:28","version" => "2.010001_002"},{"date" => "2013-06-20T12:58:16","version" => "2.010001_003"},{"date" => "2013-07-23T23:02:00","version" => "2.010002"},{"date" => "2013-07-24T22:50:05","version" => "2.010004"},{"date" => "2013-07-29T07:04:27","version" => "2.011000"},{"date" => "2013-08-06T17:37:28","version" => "2.012000"},{"date" => "2013-08-06T17:42:25","version" => "2.012001"},{"date" => "2013-08-07T09:06:31","version" => "2.012002"},{"date" => "2013-08-16T16:28:13","version" => "2.012003_001"},{"date" => "2013-08-16T16:48:37","version" => "2.012004"},{"date" => "2013-08-16T16:51:08","version" => "2.012005"},{"date" => "2013-08-23T05:52:12","version" => "2.012006"},{"date" => "2013-08-23T10:29:04","version" => "2.013000"},{"date" => "2013-08-23T11:34:38","version" => "2.013001"},{"date" => "2013-08-26T21:44:14","version" => "2.014000"},{"date" => "2013-09-05T23:57:20","version" => "2.015000"},{"date" => "2013-09-10T22:33:43","version" => "2.016000"},{"date" => "2013-09-11T21:38:31","version" => "2.016001"},{"date" => "2013-09-11T22:15:54","version" => "2.016002"},{"date" => "2013-09-12T07:28:46","version" => "2.016003"},{"date" => "2013-09-23T19:49:48","version" => "2.017000"},{"date" => "2013-10-06T22:38:36","version" => "2.017001_001"},{"date" => "2013-10-07T20:55:41","version" => "2.017001_002"},{"date" => "2013-10-07T22:36:36","version" => "2.017001_003"},{"date" => "2013-10-08T10:28:21","version" => "2.018000"},{"date" => "2013-10-16T22:57:00","version" => "2.018000_001"},{"date" => "2013-10-22T12:44:58","version" => "2.018000_002"},{"date" => "2013-10-22T13:19:30","version" => "2.019000"},{"date" => "2013-10-22T14:41:32","version" => "2.019001"},{"date" => "2013-10-24T04:57:13","version" => "2.019002"},{"date" => "2013-10-27T03:07:39","version" => "2.019003"},{"date" => "2013-12-08T19:46:22","version" => "2.020000"},{"date" => "2013-12-08T21:49:04","version" => "2.020001"},{"date" => "2013-12-11T15:59:18","version" => "2.020002"},{"date" => "2013-12-29T21:34:57","version" => "2.020003_001"},{"date" => "2014-01-01T23:33:18","version" => "2.020003_002"},{"date" => "2014-01-06T20:49:38","version" => "2.020003_003"},{"date" => "2014-01-12T17:36:59","version" => "2.021000"},{"date" => "2014-01-13T00:42:23","version" => "2.021000_001"},{"date" => "2014-01-13T14:02:33","version" => "2.021000_002"},{"date" => "2014-01-13T18:50:36","version" => "2.021000_004"},{"date" => "2014-01-26T13:49:10","version" => "2.022000"},{"date" => "2014-02-10T21:24:32","version" => "2.023000"},{"date" => "2014-02-14T19:41:51","version" => "2.023001"},{"date" => "2014-02-17T13:23:06","version" => "2.023002"},{"date" => "2014-02-22T19:18:19","version" => "2.024000"},{"date" => "2014-02-25T22:36:15","version" => "2.024001"},{"date" => "2014-02-27T17:39:32","version" => "2.024002"},{"date" => "2014-02-27T17:52:08","version" => "2.024003"},{"date" => "2014-03-02T23:30:02","version" => "2.024003_001"},{"date" => "2014-03-04T22:23:50","version" => "2.024004"},{"date" => "2014-03-28T07:32:33","version" => "2.025000_001"},{"date" => "2014-04-08T18:51:46","version" => "2.025001"},{"date" => "2014-04-10T20:17:35","version" => "2.026000"},{"date" => "2014-04-17T06:01:16","version" => "2.026001_001"},{"date" => "2014-04-18T22:35:47","version" => "2.026001_002"},{"date" => "2014-04-20T22:48:43","version" => "2.026001_003"},{"date" => "2014-04-28T21:01:11","version" => "2.026001_004"},{"date" => "2014-05-03T07:27:54","version" => "2.027001"},{"date" => "2014-05-04T09:01:14","version" => "2.027002"},{"date" => "2014-05-15T07:12:35","version" => "2.027003"},{"date" => "2014-05-15T15:55:07","version" => "2.027004"},{"date" => "2014-05-21T20:21:35","version" => "2.027005_001"},{"date" => "2014-05-27T06:05:59","version" => "2.027006"},{"date" => "2014-05-27T09:45:15","version" => "2.027007"},{"date" => "2014-06-23T12:59:01","version" => "2.027008_001"},{"date" => "2014-07-02T08:20:20","version" => "2.028000"},{"date" => "2014-07-13T17:55:04","version" => "2.028001"},{"date" => "2014-07-13T20:59:54","version" => "2.028002_001"},{"date" => "2014-07-15T16:10:41","version" => "2.028003"},{"date" => "2014-07-16T07:05:29","version" => "2.028004"},{"date" => "2014-07-17T13:25:34","version" => "2.028005"},{"date" => "2014-07-21T08:09:06","version" => "2.028006"},{"date" => "2014-07-22T07:01:44","version" => "2.028008"},{"date" => "2014-07-22T21:40:24","version" => "2.028010"},{"date" => "2014-07-22T21:49:10","version" => "2.028011"},{"date" => "2014-07-22T22:21:11","version" => "2.028012"},{"date" => "2014-07-30T23:57:34","version" => "2.028013"},{"date" => "2014-08-08T06:35:55","version" => "2.029000_001"},{"date" => "2014-08-08T21:43:46","version" => "2.029000_002"},{"date" => "2014-08-10T20:21:10","version" => "2.029001"},{"date" => "2014-08-10T20:37:39","version" => "2.029002"},{"date" => "2014-08-11T15:14:59","version" => "2.029003"},{"date" => "2014-08-11T21:04:08","version" => "2.029004"},{"date" => "2014-08-13T10:48:53","version" => "2.029005"},{"date" => "2014-08-25T16:24:00","version" => "2.029006"},{"date" => "2014-09-12T13:09:36","version" => "2.029007"},{"date" => "2014-09-23T19:32:12","version" => "2.029008"},{"date" => "2014-09-27T10:37:24","version" => "2.029009"},{"date" => "2014-10-07T07:39:18","version" => "2.029010"},{"date" => "2014-10-07T17:50:07","version" => "2.029011"},{"date" => "2014-10-09T16:01:27","version" => "2.029012"},{"date" => "2014-11-14T00:16:10","version" => "2.029013_001"},{"date" => "2014-11-14T23:58:24","version" => "2.029013_002"},{"date" => "2014-11-20T08:04:38","version" => "2.029014"},{"date" => "2015-01-08T11:10:55","version" => "2.030000"},{"date" => "2015-02-04T15:28:08","version" => "2.031000"},{"date" => "2015-02-04T18:45:47","version" => "2.031001"},{"date" => "2015-02-04T19:01:00","version" => "2.031002"},{"date" => "2015-02-04T22:47:46","version" => "2.031003"},{"date" => "2015-02-05T14:19:47","version" => "2.031004"},{"date" => "2015-02-06T10:20:08","version" => "2.031005"},{"date" => "2015-02-15T15:40:46","version" => "2.031006"},{"date" => "2015-02-19T08:51:44","version" => "2.031007"},{"date" => "2015-02-22T09:43:23","version" => "2.031008"},{"date" => "2015-02-25T21:21:31","version" => "2.031009"},{"date" => "2015-02-25T22:12:31","version" => "2.031010"},{"date" => "2015-02-27T08:35:31","version" => "2.031011"},{"date" => "2015-02-28T11:59:22","version" => "2.031012"},{"date" => "2015-03-07T17:12:38","version" => "2.032000_001"},{"date" => "2015-03-24T22:46:31","version" => "2.032001"},{"date" => "2015-04-03T19:21:56","version" => "2.032002"},{"date" => "2015-05-05T19:42:05","version" => "2.032003"},{"date" => "2015-05-17T21:09:24","version" => "2.032004"},{"date" => "2015-05-18T09:25:35","version" => "2.032005"},{"date" => "2015-07-19T11:40:08","version" => "2.032006"},{"date" => "2015-07-30T16:33:06","version" => "2.032007"},{"date" => "2015-08-26T11:27:02","version" => "2.033000"},{"date" => "2015-08-27T14:50:17","version" => "2.033001"},{"date" => "2015-09-29T08:56:31","version" => "2.033002"},{"date" => "2015-10-13T21:37:21","version" => "2.033003"},{"date" => "2015-11-16T21:41:13","version" => "2.033004"},{"date" => "2016-02-02T09:11:15","version" => "2.033005"},{"date" => "2016-03-20T13:17:57","version" => "2.033005"},{"date" => "2016-10-03T15:58:17","version" => "2.034000"},{"date" => "2016-11-20T17:51:25","version" => "2.034001"},{"date" => "2017-01-06T14:35:56","version" => "2.034002"},{"date" => "2017-04-19T20:59:13","version" => "2.035000"},{"date" => "2017-04-19T21:18:39","version" => "2.035001"},{"date" => "2017-04-24T11:50:12","version" => "2.035002"},{"date" => "2017-04-24T13:44:38","version" => "2.035003"},{"date" => "2017-04-25T09:54:37","version" => "2.035004"},{"date" => "2017-04-29T08:13:48","version" => "2.035005"},{"date" => "2017-04-29T08:31:09","version" => "2.035006"},{"date" => "2017-05-17T06:44:07","version" => "2.035999_001"},{"date" => "2017-05-27T14:50:21","version" => "2.035999_002"},{"date" => "2017-05-29T16:22:27","version" => "2.035999_003"},{"date" => "2017-05-30T10:40:20","version" => "2.035999_004"},{"date" => "2017-05-30T11:05:45","version" => "2.035999_005"},{"date" => "2017-05-30T15:03:49","version" => "2.035999_006"},{"date" => "2017-05-30T20:27:22","version" => "2.035999_007"},{"date" => "2017-06-13T06:23:11","version" => "2.035999_008"},{"date" => "2017-06-18T22:37:11","version" => "2.035999_009"},{"date" => "2017-06-19T17:50:27","version" => "2.035999_010"},{"date" => "2017-06-22T07:36:42","version" => "2.036000"},{"date" => "2017-06-22T11:25:23","version" => "2.036001"},{"date" => "2017-06-26T18:58:33","version" => "2.036002"},{"date" => "2017-06-28T15:44:41","version" => "2.036003"},{"date" => "2017-07-02T08:56:33","version" => "2.036004"},{"date" => "2017-07-05T05:07:47","version" => "2.036005"},{"date" => "2017-07-09T13:28:10","version" => "2.036006"},{"date" => "2017-07-12T06:01:03","version" => "2.036007"},{"date" => "2017-07-14T12:52:34","version" => "2.036008"},{"date" => "2017-08-01T09:30:17","version" => "2.036009"},{"date" => "2017-10-08T13:22:48","version" => "2.036010"},{"date" => "2017-10-09T07:01:31","version" => "2.036011"},{"date" => "2017-10-11T17:33:31","version" => "2.036012_001"},{"date" => "2017-11-19T13:49:04","version" => "2.036012_002"},{"date" => "2017-11-28T21:49:40","version" => "2.036012_003"},{"date" => "2017-12-14T21:49:14","version" => "2.037000"},{"date" => "2017-12-14T21:57:42","version" => "2.037001"},{"date" => "2017-12-17T20:22:25","version" => "2.037002"},{"date" => "2017-12-18T17:35:24","version" => "2.037003"},{"date" => "2017-12-21T20:06:32","version" => "2.037004"},{"date" => "2017-12-22T23:46:44","version" => "2.037005"},{"date" => "2017-12-31T09:54:24","version" => "2.038000"},{"date" => "2018-01-02T13:10:42","version" => "2.038001"},{"date" => "2018-01-02T22:07:51","version" => "2.038002_001"},{"date" => "2018-01-04T20:21:13","version" => "2.038002_002"},{"date" => "2018-01-04T22:38:07","version" => "2.038002_003"},{"date" => "2018-01-04T22:53:29","version" => "2.038003"},{"date" => "2018-01-05T17:43:24","version" => "2.038004"},{"date" => "2018-01-05T20:22:23","version" => "2.038005"},{"date" => "2018-01-08T14:14:33","version" => "2.038006"},{"date" => "2018-01-09T09:57:13","version" => "2.038007"},{"date" => "2018-01-09T15:38:57","version" => "2.038008"},{"date" => "2018-01-10T01:16:32","version" => "2.038009"},{"date" => "2018-01-15T11:34:50","version" => "2.038028"},{"date" => "2018-01-23T22:56:08","version" => "2.038031"},{"date" => "2018-01-28T20:04:09","version" => "2.038032"},{"date" => "2018-01-31T15:06:37","version" => "2.038033"},{"date" => "2018-01-31T20:00:58","version" => "2.038034"},{"date" => "2018-02-02T14:54:43","version" => "2.039000"},{"date" => "2018-02-02T18:35:11","version" => "2.039001"},{"date" => "2018-02-07T23:03:50","version" => "2.039002"},{"date" => "2018-02-12T21:11:07","version" => "2.039003"},{"date" => "2018-02-15T08:29:55","version" => "2.039004"},{"date" => "2018-02-15T19:55:25","version" => "2.039005"},{"date" => "2018-02-15T20:17:31","version" => "2.039006"},{"date" => "2018-02-16T08:23:49","version" => "2.039007"},{"date" => "2018-02-22T22:06:19","version" => "2.039008"},{"date" => "2018-02-22T22:23:38","version" => "2.039009"},{"date" => "2018-02-22T22:52:04","version" => "2.039010"},{"date" => "2018-02-25T09:28:46","version" => "2.039011"},{"date" => "2018-03-02T13:12:05","version" => "2.039012"},{"date" => "2018-03-02T14:18:44","version" => "2.039013"},{"date" => "2018-03-04T09:58:06","version" => "2.039014"},{"date" => "2018-03-05T23:01:48","version" => "2.039015"},{"date" => "2018-03-19T23:12:52","version" => "2.039016"},{"date" => "2018-03-20T10:12:42","version" => "2.039017"},{"date" => "2018-03-22T21:46:51","version" => "2.039018"},{"date" => "2018-03-23T09:55:03","version" => "2.039019"},{"date" => "2018-03-26T21:59:24","version" => "2.039020"},{"date" => "2018-04-10T20:47:57","version" => "2.039021"},{"date" => "2018-04-18T21:24:35","version" => "2.039022"},{"date" => "2018-04-19T07:27:07","version" => "2.039023"},{"date" => "2018-04-22T17:54:24","version" => "2.039024"},{"date" => "2018-04-27T12:27:18","version" => "2.039025"},{"date" => "2018-04-28T12:11:41","version" => "2.039026"},{"date" => "2018-04-28T21:16:54","version" => "2.039027"},{"date" => "2018-05-05T15:29:52","version" => "2.039028"},{"date" => "2018-05-09T05:55:14","version" => "2.039029"},{"date" => "2018-05-09T06:00:13","version" => "2.039030"},{"date" => "2018-06-17T20:58:47","version" => "2.039031"},{"date" => "2018-10-19T14:38:26","version" => "2.039032"},{"date" => "2018-10-19T20:36:53","version" => "2.039033"},{"date" => "2018-12-28T17:07:03","version" => "2.040000"},{"date" => "2018-12-30T10:53:04","version" => "2.040001"},{"date" => "2018-12-30T10:59:07","version" => "2.040002"},{"date" => "2019-01-18T07:10:03","version" => "2.040003"},{"date" => "2019-03-03T14:56:07","version" => "2.040004"},{"date" => "2019-03-04T10:02:25","version" => "2.040005"},{"date" => "2019-03-04T12:04:34","version" => "2.040006"},{"date" => "2019-03-06T18:44:33","version" => "2.040007"},{"date" => "2019-03-12T19:59:49","version" => "2.041000"},{"date" => "2019-03-15T05:34:08","version" => "2.041001"},{"date" => "2019-03-17T09:37:27","version" => "2.041002"},{"date" => "2019-03-17T20:32:01","version" => "2.042000"},{"date" => "2019-03-18T21:28:43","version" => "2.042001"},{"date" => "2019-03-20T12:26:14","version" => "2.042002"},{"date" => "2019-03-21T16:19:51","version" => "2.042003"},{"date" => "2019-03-28T23:00:19","version" => "2.042004"},{"date" => "2019-04-03T13:56:55","version" => "2.042005"},{"date" => "2019-04-16T16:48:15","version" => "2.042006"},{"date" => "2019-04-28T19:57:19","version" => "2.042007"},{"date" => "2019-04-30T10:51:06","version" => "2.042008"},{"date" => "2019-05-30T06:13:10","version" => "2.042009"},{"date" => "2019-06-02T06:55:13","version" => "2.042010"},{"date" => "2019-09-03T19:27:26","version" => "2.043000"},{"date" => "2019-09-04T12:36:05","version" => "2.043001"},{"date" => "2019-09-23T13:58:04","version" => "2.044000"},{"date" => "2019-09-26T14:01:50","version" => "2.044001"},{"date" => "2019-10-01T09:43:52","version" => "2.044002"},{"date" => "2019-10-15T17:57:05","version" => "2.044003"},{"date" => "2019-10-30T19:52:42","version" => "2.044004"},{"date" => "2020-01-19T15:31:55","version" => "2.044005"},{"date" => "2020-01-22T21:20:09","version" => "2.044006"},{"date" => "2020-01-22T21:25:34","version" => "2.044007"},{"date" => "2020-01-23T18:44:49","version" => "2.044008"},{"date" => "2020-01-23T18:48:48","version" => "2.044009"},{"date" => "2020-01-25T18:09:41","version" => "2.044010"},{"date" => "2020-01-26T21:46:22","version" => "2.044011"},{"date" => "2020-02-01T13:27:10","version" => "2.044012"},{"date" => "2020-02-04T21:35:18","version" => "2.044013"},{"date" => "2020-02-09T10:03:07","version" => "2.044014"},{"date" => "2020-02-12T16:56:14","version" => "2.044015"},{"date" => "2020-04-15T20:25:36","version" => "2.045000"},{"date" => "2020-04-18T08:50:13","version" => "2.045001"},{"date" => "2020-04-19T17:03:54","version" => "2.045002"},{"date" => "2020-05-15T11:02:33","version" => "2.045003"},{"date" => "2020-05-18T11:34:20","version" => "2.045005"},{"date" => "2020-05-24T18:43:31","version" => "2.045006"},{"date" => "2020-06-05T08:11:31","version" => "2.045007"},{"date" => "2020-07-08T21:29:53","version" => "2.046000"},{"date" => "2020-07-10T21:30:48","version" => "2.046001"},{"date" => "2020-08-07T10:02:15","version" => "2.046002"},{"date" => "2020-10-17T12:15:43","version" => "2.046003"},{"date" => "2020-10-17T13:29:56","version" => "2.046004"},{"date" => "2020-10-17T13:40:12","version" => "2.046005"},{"date" => "2020-10-31T11:15:17","version" => "2.046006"},{"date" => "2020-12-23T11:58:41","version" => "2.047000"},{"date" => "2020-12-29T13:08:42","version" => "2.047001"},{"date" => "2020-12-30T20:42:02","version" => "2.047002"},{"date" => "2021-02-14T14:05:50","version" => "2.047003"},{"date" => "2021-02-15T22:13:51","version" => "2.047004"},{"date" => "2021-02-24T10:48:16","version" => "2.047005"},{"date" => "2021-07-14T11:34:50","version" => "2.047006"},{"date" => "2021-07-14T12:15:22","version" => "2.047007"},{"date" => "2021-07-21T08:54:04","version" => "2.047008"},{"date" => "2021-08-14T12:38:48","version" => "2.048000"},{"date" => "2021-08-22T13:29:25","version" => "2.049000"},{"date" => "2021-08-22T19:32:21","version" => "2.049001"},{"date" => "2021-09-03T05:26:59","version" => "2.049002"},{"date" => "2021-09-03T07:11:01","version" => "2.049003"},{"date" => "2021-09-03T20:36:58","version" => "2.049004"},{"date" => "2021-09-09T07:52:58","version" => "2.049005"},{"date" => "2021-10-03T07:55:21","version" => "2.049006"},{"date" => "2021-10-05T16:38:38","version" => "2.049007"},{"date" => "2021-10-06T15:53:00","version" => "2.049008"},{"date" => "2021-10-06T21:33:32","version" => "2.049009"},{"date" => "2021-10-11T20:34:00","version" => "2.049010"},{"date" => "2021-10-12T07:43:57","version" => "2.049011"},{"date" => "2021-10-12T12:28:03","version" => "2.050000"},{"date" => "2021-10-12T14:28:01","version" => "2.050001"},{"date" => "2021-10-19T08:13:11","version" => "2.050003"},{"date" => "2021-11-14T19:39:02","version" => "2.051001"},{"date" => "2021-11-23T16:10:12","version" => "2.051002"},{"date" => "2021-11-24T13:15:54","version" => "2.051003"},{"date" => "2021-11-25T11:53:35","version" => "2.051004"},{"date" => "2021-11-25T20:20:22","version" => "2.051005"},{"date" => "2021-11-30T05:19:10","version" => "2.052000"},{"date" => "2022-02-01T20:51:26","version" => "2.052001"},{"date" => "2022-02-28T18:14:51","version" => "2.052002"},{"date" => "2022-04-13T19:12:04","version" => "2.052003"},{"date" => "2022-04-22T08:58:41","version" => "2.052005"},{"date" => "2022-05-17T21:06:21","version" => "2.052006"},{"date" => "2022-06-03T21:24:35","version" => "2.052007"},{"date" => "2022-07-12T08:18:54","version" => "2.052008"},{"date" => "2022-07-26T21:00:56","version" => "2.052009"},{"date" => "2022-07-27T21:54:42","version" => "2.052010"},{"date" => "2022-08-01T16:54:16","version" => "2.052011"},{"date" => "2022-08-02T16:05:09","version" => "2.052012"},{"date" => "2022-08-02T20:51:15","version" => "2.053000"},{"date" => "2022-08-02T21:21:25","version" => "2.053001"},{"date" => "2022-08-03T17:05:56","version" => "2.053002"},{"date" => "2022-08-03T21:05:28","version" => "2.053003"},{"date" => "2022-08-04T22:02:30","version" => "2.053004"},{"date" => "2022-08-04T22:11:32","version" => "2.053005"},{"date" => "2022-08-07T22:32:50","version" => "2.053006"},{"date" => "2022-08-09T09:32:35","version" => "2.053007"},{"date" => "2022-08-15T12:46:43","version" => "2.054000"},{"date" => "2022-08-17T10:15:23","version" => "2.055000"},{"date" => "2022-09-02T08:05:05","version" => "2.055001"},{"date" => "2022-09-24T19:09:03","version" => "2.056000"},{"date" => "2022-09-24T19:09:14","version" => "2.057000"},{"date" => "2022-09-24T19:09:26","version" => "2.057001"},{"date" => "2022-09-24T21:42:34","version" => "2.057002"},{"date" => "2022-09-27T15:34:42","version" => "2.057004"},{"date" => "2022-09-28T14:20:19","version" => "2.057005"},{"date" => "2022-09-30T21:07:39","version" => "2.057006"},{"date" => "2022-10-04T12:22:31","version" => "2.057007"},{"date" => "2022-10-18T12:00:41","version" => "2.057008"},{"date" => "2022-11-04T10:29:49","version" => "2.058000"},{"date" => "2022-11-04T15:42:53","version" => "2.058001"},{"date" => "2022-11-04T15:54:41","version" => "2.058003"},{"date" => "2022-11-25T15:29:29","version" => "2.059000"},{"date" => "2022-11-26T20:37:56","version" => "2.059001"},{"date" => "2022-12-09T10:32:14","version" => "2.060000"},{"date" => "2022-12-11T16:58:49","version" => "2.060001"},{"date" => "2022-12-13T15:34:56","version" => "2.060002"},{"date" => "2022-12-14T16:55:04","version" => "2.060003"},{"date" => "2023-01-11T15:14:43","version" => "2.060004"},{"date" => "2023-02-21T14:22:36","version" => "2.060005"},{"date" => "2023-03-03T15:43:58","version" => "2.060007"},{"date" => "2023-03-08T17:21:35","version" => "2.060008"},{"date" => "2023-03-10T18:09:47","version" => "2.060009"},{"date" => "2023-03-10T18:12:29","version" => "2.060010"},{"date" => "2023-03-29T10:43:01","version" => "2.061000"},{"date" => "2023-04-27T15:33:52","version" => "2.061001"},{"date" => "2023-05-30T08:58:07","version" => "2.062000"},{"date" => "2023-06-05T17:02:14","version" => "2.062001"},{"date" => "2023-06-06T06:07:49","version" => "2.062002"},{"date" => "2023-06-20T09:11:03","version" => "2.062003"},{"date" => "2023-06-26T17:00:40","version" => "2.062004"},{"date" => "2023-06-26T18:35:55","version" => "2.062005"},{"date" => "2023-06-28T09:03:56","version" => "2.063000"},{"date" => "2023-06-28T16:06:44","version" => "2.063001"},{"date" => "2023-07-14T21:25:14","version" => "2.063002"},{"date" => "2023-07-15T10:11:43","version" => "2.063004"},{"date" => "2023-07-22T09:17:38","version" => "2.064000"},{"date" => "2023-07-25T12:03:07","version" => "2.064001"},{"date" => "2023-08-13T15:06:31","version" => "2.065000"},{"date" => "2023-08-13T18:47:39","version" => "2.065001"},{"date" => "2023-09-03T08:12:02","version" => "2.065002"},{"date" => "2023-09-19T18:11:32","version" => "2.066000"},{"date" => "2023-09-27T13:20:00","version" => "2.067001"},{"date" => "2023-09-27T13:27:43","version" => "2.067002"},{"date" => "2023-10-27T14:38:37","version" => "2.068000"},{"date" => "2023-11-01T21:58:28","version" => "2.068001"},{"date" => "2023-11-12T07:36:25","version" => "2.069000"},{"date" => "2023-11-14T19:10:46","version" => "2.070000"},{"date" => "2023-11-15T11:29:20","version" => "2.070001"},{"date" => "2023-11-21T16:01:49","version" => "2.070002"},{"date" => "2023-11-24T20:50:38","version" => "2.070003"},{"date" => "2023-12-07T08:00:38","version" => "2.071000"},{"date" => "2023-12-07T15:51:30","version" => "2.071001"},{"date" => "2024-01-06T14:13:03","version" => "2.071002"},{"date" => "2024-01-10T20:49:02","version" => "2.071003"},{"date" => "2024-01-14T16:49:02","version" => "2.072000"},{"date" => "2024-01-15T20:04:01","version" => "2.072001"},{"date" => "2024-01-21T11:04:41","version" => "2.072002"},{"date" => "2024-02-14T21:31:03","version" => "2.072003"},{"date" => "2024-03-13T15:45:46","version" => "2.073000"},{"date" => "2024-03-13T16:54:38","version" => "2.073001"},{"date" => "2024-03-19T09:53:20","version" => "2.074000"},{"date" => "2024-03-19T17:08:31","version" => "2.074001"},{"date" => "2024-04-08T18:12:37","version" => "2.075000"},{"date" => "2024-04-09T10:16:31","version" => "2.075001"},{"date" => "2024-04-10T10:43:31","version" => "2.075002"},{"date" => "2024-04-12T10:31:45","version" => "2.075003"},{"date" => "2024-04-22T16:27:19","version" => "2.076000"},{"date" => "2024-04-24T20:20:10","version" => "2.076001"},{"date" => "2024-04-30T16:36:08","version" => "2.076002"},{"date" => "2024-05-03T14:28:39","version" => "2.076004"},{"date" => "2024-05-20T18:19:33","version" => "2.076005"},{"date" => "2024-08-10T18:36:30","version" => "2.076006"},{"date" => "2024-08-15T09:14:32","version" => "2.077000"},{"date" => "2024-08-15T10:17:44","version" => "2.077001"},{"date" => "2024-08-15T10:52:40","version" => "2.077002"},{"date" => "2024-08-15T19:54:33","version" => "2.077003"},{"date" => "2024-08-15T21:20:21","version" => "2.077004"},{"date" => "2024-08-16T00:14:40","version" => "2.077005"},{"date" => "2024-08-18T06:35:14","version" => "2.077006"},{"date" => "2024-08-18T12:19:30","version" => "2.077007"},{"date" => "2024-08-19T06:08:24","version" => "2.077008"},{"date" => "2024-08-19T11:03:29","version" => "2.077009"},{"date" => "2024-08-23T09:20:50","version" => "2.077010"},{"date" => "2024-08-23T10:06:31","version" => "2.077011"},{"date" => "2024-08-27T08:13:19","version" => "2.078000"},{"date" => "2024-09-12T20:31:33","version" => "2.079000"},{"date" => "2024-09-13T12:33:44","version" => "2.079001"},{"date" => "2024-10-29T18:29:18","version" => "2.080000"},{"date" => "2024-10-29T22:40:05","version" => "2.080001"},{"date" => "2024-10-30T10:32:44","version" => "2.080002"},{"date" => "2024-10-30T14:56:55","version" => "2.080003"},{"date" => "2024-12-30T11:04:42","version" => "2.081000"},{"date" => "2024-12-30T22:06:11","version" => "2.081001"},{"date" => "2024-12-31T14:05:40","version" => "2.081002"},{"date" => "2024-12-31T18:13:01","version" => "2.081003"},{"date" => "2025-01-19T11:32:49","version" => "2.081004"},{"date" => "2025-01-29T09:05:34","version" => "2.082000"},{"date" => "2025-01-29T09:05:46","version" => "2.082001"},{"date" => "2025-02-02T21:01:02","version" => "2.082002"},{"date" => "2025-02-04T20:24:13","version" => "2.082003"},{"date" => "2025-02-06T12:37:52","version" => "2.083000"},{"date" => "2025-02-06T13:18:05","version" => "2.083001"},{"date" => "2025-03-05T17:35:07","version" => "2.084000"},{"date" => "2025-03-09T18:50:08","version" => "2.084001"},{"date" => "2025-04-19T14:09:15","version" => "2.084002"},{"date" => "2025-04-26T18:03:12","version" => "2.085000"},{"date" => "2025-05-02T11:38:20","version" => "2.085001"},{"date" => "2025-05-22T04:57:55","version" => "2.085002"},{"date" => "2025-05-24T17:59:36","version" => "2.085003"},{"date" => "2025-06-03T17:29:52","version" => "2.086000"},{"date" => "2025-06-04T16:09:11","version" => "2.086001"},{"date" => "2025-06-18T16:02:11","version" => "2.086002"},{"date" => "2025-06-21T21:19:20","version" => "2.086003"},{"date" => "2025-07-14T06:58:58","version" => "2.087000"},{"date" => "2025-08-20T08:48:08","version" => "2.087001"},{"date" => "2025-08-26T19:48:48","version" => "2.088000"},{"date" => "2025-08-26T20:55:03","version" => "2.088001"},{"date" => "2025-08-31T18:25:51","version" => "2.088002"},{"date" => "2025-09-02T16:27:31","version" => "2.088003"},{"date" => "2025-09-05T14:23:42","version" => "2.088004"},{"date" => "2025-09-07T21:39:05","version" => "2.089000"},{"date" => "2025-09-07T22:24:00","version" => "2.089001"},{"date" => "2025-09-12T08:53:38","version" => "2.089002"},{"date" => "2025-09-21T12:24:20","version" => "2.089003"},{"date" => "2025-09-21T17:24:33","version" => "2.089004"},{"date" => "2025-09-21T19:32:52","version" => "2.090000"},{"date" => "2025-09-25T11:53:09","version" => "2.090001"},{"date" => "2025-09-25T14:07:38","version" => "2.090002"},{"date" => "2025-09-30T18:57:58","version" => "2.091000"},{"date" => "2025-10-09T13:32:39","version" => "2.091001"},{"date" => "2025-10-19T21:09:39","version" => "2.092000"},{"date" => "2025-10-21T13:26:48","version" => "2.092001"},{"date" => "2025-10-22T15:55:40","version" => "2.092002"},{"date" => "2025-10-24T15:11:24","version" => "2.093000"},{"date" => "2025-10-24T15:34:57","version" => "2.093001"},{"date" => "2025-10-25T18:33:51","version" => "2.094000"},{"date" => "2025-10-29T13:02:15","version" => "2.094001"},{"date" => "2025-10-29T21:19:58","version" => "2.094002"},{"date" => "2025-11-03T21:28:10","version" => "2.094003"},{"date" => "2025-11-15T12:44:12","version" => "2.095000"},{"date" => "2025-11-15T17:24:25","version" => "2.095001"},{"date" => "2025-11-16T18:08:46","version" => "2.095002"},{"date" => "2025-11-18T20:13:49","version" => "2.095003"},{"date" => "2025-11-23T19:49:42","version" => "2.095004"},{"date" => "2025-11-30T16:31:48","version" => "2.095005"},{"date" => "2025-11-30T18:18:11","version" => "2.095006"},{"date" => "2025-12-07T20:39:51","version" => "2.096000"},{"date" => "2025-12-13T16:24:36","version" => "2.096001"},{"date" => "2025-12-16T12:26:36","version" => "2.097000"},{"date" => "2026-01-08T22:37:02","version" => "2.097001"},{"date" => "2026-01-09T10:32:45","version" => "2.097002"},{"date" => "2026-02-21T11:16:58","version" => "2.097003"}]},"App-cpanminus" => {"advisories" => [{"affected_versions" => ["<=1.7044"],"cves" => ["CVE-2020-16154"],"description" => "The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.\n","distribution" => "App-cpanminus","fixed_versions" => [">=1.7045"],"id" => "CPANSA-App-cpanminus-2020-01","references" => ["https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/","https://metacpan.org/pod/App::cpanminus","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","https://access.redhat.com/security/cve/cve-2020-16154","https://security-tracker.debian.org/tracker/CVE-2020-16154","https://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html","https://github.com/miyagawa/cpanminus/pull/638"],"reported" => "2020-07-30"},{"affected_versions" => [">0"],"cves" => ["CVE-2024-45321"],"description" => "The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.\n","distribution" => "App-cpanminus","fixed_versions" => [],"id" => "CPANSA-App-cpanminus-2024-45321","references" => ["https://github.com/miyagawa/cpanminus/issues/611","https://github.com/miyagawa/cpanminus/pull/674","https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html"],"reported" => "2024-08-27"}],"main_module" => "App::cpanminus","versions" => [{"date" => "2010-02-20T02:27:00","version" => "0.01"},{"date" => "2010-02-20T03:14:10","version" => "0.02"},{"date" => "2010-02-20T03:39:56","version" => "0.03"},{"date" => "2010-02-20T05:04:01","version" => "0.04"},{"date" => "2010-02-20T05:16:03","version" => "0.05"},{"date" => "2010-02-20T05:48:44","version" => "0.06"},{"date" => "2010-02-20T20:20:08","version" => "0.07"},{"date" => "2010-02-20T23:41:01","version" => "0.08"},{"date" => "2010-02-21T07:48:49","version" => "0.09"},{"date" => "2010-02-23T20:52:46","version" => "0.99_01"},{"date" => "2010-02-24T06:20:33","version" => "0.99_02"},{"date" => "2010-02-24T07:05:47","version" => "0.99_03"},{"date" => "2010-02-25T17:20:05","version" => "0.99_04"},{"date" => "2010-02-25T22:42:22","version" => "0.99_05"},{"date" => "2010-02-25T22:51:43","version" => "0.99_06"},{"date" => "2010-02-28T05:14:30","version" => "0.99_07"},{"date" => "2010-03-01T05:59:15","version" => "0.9910"},{"date" => "2010-03-02T00:29:51","version" => "0.9911"},{"date" => "2010-03-03T02:55:22","version" => "0.9912"},{"date" => "2010-03-03T03:21:59","version" => "0.9913"},{"date" => "2010-03-04T08:42:03","version" => "0.9914"},{"date" => "2010-03-04T09:58:11","version" => "0.9915"},{"date" => "2010-03-04T19:35:22","version" => "0.9916"},{"date" => "2010-03-09T13:58:32","version" => "0.9917"},{"date" => "2010-03-10T02:26:03","version" => "0.9918"},{"date" => "2010-03-10T02:41:31","version" => "0.9919"},{"date" => "2010-03-10T09:49:22","version" => "0.99_20"},{"date" => "2010-03-10T15:03:38","version" => "0.9921"},{"date" => "2010-03-11T02:01:28","version" => "0.9922"},{"date" => "2010-03-16T00:07:01","version" => "0.9923"},{"date" => "2010-03-22T05:05:33","version" => "0.99_24"},{"date" => "2010-03-23T02:54:44","version" => "0.99_25"},{"date" => "2010-03-23T03:24:34","version" => "0.99_26"},{"date" => "2010-03-23T18:24:55","version" => "0.9927"},{"date" => "2010-03-26T05:09:12","version" => "0.9928"},{"date" => "2010-03-27T04:42:41","version" => "0.9929"},{"date" => "2010-03-30T21:29:41","version" => "0.9930"},{"date" => "2010-04-05T01:18:12","version" => "0.9931"},{"date" => "2010-04-05T23:28:11","version" => "0.9932"},{"date" => "2010-04-11T07:51:27","version" => "0.99_33"},{"date" => "2010-04-11T11:55:44","version" => "0.9934"},{"date" => "2010-04-12T11:09:47","version" => "0.999_01"},{"date" => "2010-04-13T07:11:08","version" => "0.999_02"},{"date" => "2010-04-14T09:29:25","version" => "0.999_03"},{"date" => "2010-04-14T09:30:52","version" => "0.9935"},{"date" => "2010-04-19T06:23:01","version" => "0.999_04"},{"date" => "2010-04-21T11:40:46","version" => "0.999_05"},{"date" => "2010-04-21T11:53:47","version" => "0.9936"},{"date" => "2010-04-24T08:23:24","version" => "1.0000"},{"date" => "2010-04-24T08:26:40","version" => "1.0001"},{"date" => "2010-05-02T03:51:09","version" => "1.0002"},{"date" => "2010-05-04T23:16:18","version" => "1.0003"},{"date" => "2010-05-14T23:10:54","version" => "1.0004"},{"date" => "2010-07-02T23:39:32","version" => "1.0005"},{"date" => "2010-07-02T23:54:14","version" => "1.0006"},{"date" => "2010-07-30T19:55:47","version" => "1.0010"},{"date" => "2010-08-18T23:42:36","version" => "1.0011"},{"date" => "2010-08-20T19:58:19","version" => "1.0012"},{"date" => "2010-09-12T19:54:17","version" => "1.0013"},{"date" => "2010-09-21T19:43:20","version" => "1.0014"},{"date" => "2010-09-24T23:52:00","version" => "1.0015"},{"date" => "2010-11-12T07:57:33","version" => "1.1000"},{"date" => "2010-11-12T20:37:49","version" => "1.1001"},{"date" => "2010-11-17T02:28:44","version" => "1.1002"},{"date" => "2010-11-25T09:18:34","version" => "1.1003"},{"date" => "2010-11-30T18:07:12","version" => "1.1004"},{"date" => "2010-12-14T23:08:40","version" => "1.1005"},{"date" => "2010-12-16T19:32:01","version" => "1.1006"},{"date" => "2011-01-18T17:40:16","version" => "1.1007"},{"date" => "2011-01-18T20:54:34","version" => "1.19_01"},{"date" => "2011-01-18T22:11:52","version" => "1.19_02"},{"date" => "2011-01-26T22:08:11","version" => "1.1008"},{"date" => "2011-02-16T18:11:52","version" => "1.2000"},{"date" => "2011-02-16T18:55:46","version" => "1.2001"},{"date" => "2011-03-01T02:59:25","version" => "1.29_01"},{"date" => "2011-03-02T00:09:00","version" => "1.29_02"},{"date" => "2011-03-02T22:41:40","version" => "1.3000"},{"date" => "2011-03-04T02:35:03","version" => "1.3001"},{"date" => "2011-03-04T03:54:53","version" => "1.30_02"},{"date" => "2011-03-04T08:32:56","version" => "1.30_03"},{"date" => "2011-03-04T08:53:22","version" => "1.30_04"},{"date" => "2011-03-04T09:41:34","version" => "1.30_05"},{"date" => "2011-03-04T22:57:43","version" => "1.30_06"},{"date" => "2011-03-04T23:20:45","version" => "1.30_07"},{"date" => "2011-03-05T00:07:44","version" => "1.30_08"},{"date" => "2011-03-05T02:16:54","version" => "1.30_09"},{"date" => "2011-03-05T22:57:38","version" => "1.30_10"},{"date" => "2011-03-06T09:37:36","version" => "1.30_11"},{"date" => "2011-03-07T03:00:09","version" => "1.30_12"},{"date" => "2011-03-07T18:54:03","version" => "1.30_13"},{"date" => "2011-03-08T09:11:33","version" => "1.4000"},{"date" => "2011-03-08T18:11:57","version" => "1.4001"},{"date" => "2011-03-09T01:57:18","version" => "1.4002"},{"date" => "2011-03-10T02:15:19","version" => "1.4003"},{"date" => "2011-03-10T18:09:34","version" => "1.4004"},{"date" => "2011-05-11T19:49:38","version" => "1.4005"},{"date" => "2011-05-16T17:17:29","version" => "1.4006"},{"date" => "2011-05-17T17:54:45","version" => "1.4007"},{"date" => "2011-06-16T01:00:00","version" => "1.4008"},{"date" => "2011-06-26T17:59:17","version" => "1.49_01"},{"date" => "2011-10-12T09:57:03","version" => "1.49_02"},{"date" => "2011-10-13T06:40:49","version" => "1.5000"},{"date" => "2011-10-13T15:21:16","version" => "1.5001"},{"date" => "2011-10-18T00:13:36","version" => "1.5002"},{"date" => "2011-10-19T07:31:10","version" => "1.5003"},{"date" => "2011-11-08T22:29:31","version" => "1.5004"},{"date" => "2011-11-22T21:31:21","version" => "1.5005"},{"date" => "2011-11-29T19:49:42","version" => "1.5006"},{"date" => "2011-12-20T18:18:50","version" => "1.5007"},{"date" => "2012-03-18T01:23:40","version" => "1.5008"},{"date" => "2012-03-30T16:45:43","version" => "1.5009"},{"date" => "2012-03-31T11:01:47","version" => "1.5010"},{"date" => "2012-04-12T09:59:39","version" => "1.5011"},{"date" => "2012-05-11T03:50:22","version" => "1.5012"},{"date" => "2012-05-12T03:18:19","version" => "1.5013"},{"date" => "2012-06-13T01:34:12","version" => "1.5014"},{"date" => "2012-06-24T22:37:49","version" => "1.5015"},{"date" => "2012-07-17T19:02:48","version" => "1.5016"},{"date" => "2012-07-18T15:41:26","version" => "1.5017"},{"date" => "2012-09-19T05:42:19","version" => "1.5018"},{"date" => "2012-12-22T17:22:02","version" => "1.5019"},{"date" => "2013-01-29T18:32:26","version" => "1.5020"},{"date" => "2013-01-31T08:45:31","version" => "1.5021"},{"date" => "2013-01-31T18:07:46","version" => "1.59_01"},{"date" => "2013-02-01T03:12:10","version" => "1.59_02"},{"date" => "2013-02-01T18:54:58","version" => "1.59_03"},{"date" => "2013-02-03T17:07:16","version" => "1.59_04"},{"date" => "2013-02-04T19:52:48","version" => "1.59_05"},{"date" => "2013-02-05T20:40:30","version" => "1.59_06"},{"date" => "2013-02-06T19:17:51","version" => "1.59_07"},{"date" => "2013-02-06T19:32:27","version" => "1.59_08"},{"date" => "2013-02-07T09:59:04","version" => "1.59_09"},{"date" => "2013-02-08T00:29:16","version" => "1.59_10"},{"date" => "2013-02-11T22:12:12","version" => "1.59_11"},{"date" => "2013-02-14T02:15:12","version" => "1.59_12"},{"date" => "2013-02-25T20:16:34","version" => "1.59_13"},{"date" => "2013-02-26T17:57:00","version" => "1.6000"},{"date" => "2013-02-27T01:04:54","version" => "1.6001"},{"date" => "2013-02-27T20:13:45","version" => "1.6002"},{"date" => "2013-03-08T19:03:47","version" => "1.6003"},{"date" => "2013-03-08T19:32:25","version" => "1.6004"},{"date" => "2013-03-08T19:48:06","version" => "1.6005"},{"date" => "2013-03-14T06:00:27","version" => "1.6006"},{"date" => "2013-03-17T21:34:17","version" => "1.6007"},{"date" => "2013-03-19T17:03:36","version" => "1.6008"},{"date" => "2013-03-25T04:10:51","version" => "1.6100"},{"date" => "2013-03-25T20:41:37","version" => "1.6101"},{"date" => "2013-03-28T00:16:09","version" => "1.6102"},{"date" => "2013-03-30T21:36:49","version" => "1.6103"},{"date" => "2013-04-03T01:04:42","version" => "1.6104"},{"date" => "2013-04-05T05:17:38","version" => "1.6105"},{"date" => "2013-04-06T21:19:18","version" => "1.6106"},{"date" => "2013-04-07T04:19:16","version" => "1.6107"},{"date" => "2013-04-13T06:32:52","version" => "1.6108"},{"date" => "2013-04-13T11:48:43","version" => "1.6190"},{"date" => "2013-04-14T03:09:40","version" => "1.6191"},{"date" => "2013-04-14T08:17:32","version" => "1.6192"},{"date" => "2013-04-15T07:37:08","version" => "1.6193"},{"date" => "2013-04-15T07:42:51","version" => "1.6900"},{"date" => "2013-04-21T00:50:44","version" => "1.6901"},{"date" => "2013-04-21T01:06:02","version" => "1.6109"},{"date" => "2013-04-21T01:18:10","version" => "1.6902"},{"date" => "2013-04-22T01:07:09","version" => "1.6903"},{"date" => "2013-04-24T02:24:37","version" => "1.6904"},{"date" => "2013-04-24T03:05:21","version" => "1.6905"},{"date" => "2013-04-25T06:20:23","version" => "1.6906"},{"date" => "2013-04-26T18:40:08","version" => "1.6907"},{"date" => "2013-04-27T01:12:17","version" => "1.6908"},{"date" => "2013-04-29T08:49:53","version" => "1.6909"},{"date" => "2013-05-03T07:29:32","version" => "1.6910"},{"date" => "2013-05-04T20:28:02","version" => "1.6911"},{"date" => "2013-05-06T20:59:52","version" => "1.6912"},{"date" => "2013-05-10T00:05:10","version" => "1.6913"},{"date" => "2013-05-12T23:03:52","version" => "1.6914"},{"date" => "2013-05-16T02:01:33","version" => "1.6915"},{"date" => "2013-06-04T10:55:37","version" => "1.6916"},{"date" => "2013-06-05T01:07:33","version" => "1.6917"},{"date" => "2013-06-10T20:03:21","version" => "1.6918"},{"date" => "2013-06-12T15:33:22","version" => "1.6919"},{"date" => "2013-06-14T21:09:54","version" => "1.6920"},{"date" => "2013-06-18T10:19:43","version" => "1.6921"},{"date" => "2013-06-19T20:57:09","version" => "1.6922"},{"date" => "2013-07-04T05:17:11","version" => "1.6923"},{"date" => "2013-07-16T18:38:21","version" => "1.6924"},{"date" => "2013-07-20T05:08:06","version" => "1.6925"},{"date" => "2013-07-20T16:03:14","version" => "1.6926"},{"date" => "2013-07-23T07:45:33","version" => "1.6927"},{"date" => "2013-07-23T21:07:02","version" => "1.6928"},{"date" => "2013-07-24T18:46:29","version" => "1.6929"},{"date" => "2013-07-24T20:48:14","version" => "1.6930"},{"date" => "2013-07-24T21:51:33","version" => "1.6931"},{"date" => "2013-07-24T22:29:04","version" => "1.6932"},{"date" => "2013-07-25T16:58:24","version" => "1.6933"},{"date" => "2013-07-26T23:17:21","version" => "1.6934"},{"date" => "2013-07-31T18:36:57","version" => "1.6935"},{"date" => "2013-08-05T04:37:54","version" => "1.6936"},{"date" => "2013-08-06T01:55:29","version" => "1.6937"},{"date" => "2013-08-06T06:12:45","version" => "1.6938"},{"date" => "2013-08-06T09:55:55","version" => "1.6939"},{"date" => "2013-08-08T19:36:34","version" => "1.6940"},{"date" => "2013-08-20T18:32:44","version" => "1.6941"},{"date" => "2013-08-27T18:11:47","version" => "1.6942"},{"date" => "2013-09-03T23:40:37","version" => "1.6943"},{"date" => "2013-09-04T22:02:21","version" => "1.7000"},{"date" => "2013-09-08T20:12:16","version" => "1.7001"},{"date" => "2013-09-19T05:31:34","version" => "1.7100"},{"date" => "2013-09-19T11:15:59","version" => "1.7101"},{"date" => "2013-09-20T04:33:50","version" => "1.7102"},{"date" => "2014-04-27T05:46:31","version" => "1.7002"},{"date" => "2014-04-27T15:11:46","version" => "1.7003"},{"date" => "2014-04-27T16:23:35","version" => "1.7004"},{"date" => "2014-09-02T04:00:49","version" => "1.7005"},{"date" => "2014-09-02T06:27:35","version" => "1.7006"},{"date" => "2014-09-05T12:04:41","version" => "1.7005"},{"date" => "2014-09-05T22:45:37","version" => "1.7006"},{"date" => "2014-09-09T16:26:54","version" => "1.7007"},{"date" => "2014-09-10T08:19:24","version" => "1.7008"},{"date" => "2014-09-10T08:44:00","version" => "1.7009"},{"date" => "2014-09-17T09:28:23","version" => "1.7010"},{"date" => "2014-09-22T06:08:51","version" => "1.7011"},{"date" => "2014-09-27T02:29:33","version" => "1.7012"},{"date" => "2014-10-07T06:52:45","version" => "1.7013"},{"date" => "2014-10-08T03:54:02","version" => "1.7014"},{"date" => "2014-11-14T21:14:40","version" => "1.7015"},{"date" => "2014-11-16T19:47:26","version" => "1.7016"},{"date" => "2014-11-25T22:01:56","version" => "1.7017"},{"date" => "2014-11-25T22:08:49","version" => "1.7018"},{"date" => "2014-12-04T20:52:24","version" => "1.7019"},{"date" => "2014-12-09T01:54:37","version" => "1.7020"},{"date" => "2014-12-12T05:43:01","version" => "1.7021"},{"date" => "2014-12-13T00:42:15","version" => "1.7022"},{"date" => "2015-01-04T23:00:30","version" => "1.7023"},{"date" => "2015-01-12T21:32:45","version" => "1.7024"},{"date" => "2015-02-07T06:59:17","version" => "1.7025"},{"date" => "2015-02-14T01:12:18","version" => "1.7026"},{"date" => "2015-02-14T20:15:20","version" => "1.7027"},{"date" => "2015-04-17T17:24:16","version" => "1.7028"},{"date" => "2015-04-18T22:16:17","version" => "1.7029"},{"date" => "2015-04-19T12:15:59","version" => "1.7030"},{"date" => "2015-04-22T21:14:17","version" => "1.7031"},{"date" => "2015-04-30T01:52:49","version" => "1.7032"},{"date" => "2015-05-02T00:18:54","version" => "1.7033"},{"date" => "2015-05-07T21:21:07","version" => "1.7034"},{"date" => "2015-06-05T17:51:53","version" => "1.7035"},{"date" => "2015-06-06T05:08:20","version" => "1.7036"},{"date" => "2015-06-18T21:38:47","version" => "1.7037"},{"date" => "2015-06-23T01:05:25","version" => "1.7038"},{"date" => "2015-06-29T01:06:18","version" => "1.7039"},{"date" => "2016-01-07T19:29:19","version" => "1.7040"},{"date" => "2016-05-08T18:29:30","version" => "1.7041"},{"date" => "2016-05-24T07:49:34","version" => "1.7042"},{"date" => "2017-04-03T03:57:15","version" => "1.7043"},{"date" => "2018-04-19T11:54:56","version" => "1.7044"},{"date" => "2018-04-20T12:17:48","version" => "1.7900"},{"date" => "2018-04-20T12:20:35","version" => "1.7901"},{"date" => "2018-04-20T12:43:24","version" => "1.7902"},{"date" => "2018-04-20T14:54:30","version" => "1.7903"},{"date" => "2018-04-20T21:22:56","version" => "1.7904"},{"date" => "2018-04-21T09:40:47","version" => "1.7905"},{"date" => "2018-04-21T10:57:20","version" => "1.9015"},{"date" => "2018-04-21T11:17:58","version" => "1.9016"},{"date" => "2018-04-21T17:31:13","version" => "1.9017"},{"date" => "2018-04-22T13:54:32","version" => "1.9018"},{"date" => "2018-04-25T09:27:31","version" => "1.7906"},{"date" => "2018-04-26T11:36:59","version" => "1.7907"},{"date" => "2022-01-27T03:05:02","version" => "1.7045"},{"date" => "2022-04-27T06:01:26","version" => "1.7046"},{"date" => "2023-07-30T06:01:02","version" => "1.7047"},{"date" => "2024-10-29T18:49:03","version" => "1.7048"}]},"App-japerl" => {"advisories" => [{"affected_versions" => ["<0.09"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "App-japerl","fixed_versions" => [">=0.09"],"id" => "CPANSA-App-japerl-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "App::japerl","versions" => [{"date" => "2018-09-07T15:19:24","version" => "0.10"},{"date" => "2018-09-08T15:07:20","version" => "0.11"},{"date" => "2019-07-14T03:35:18","version" => "0.12"},{"date" => "2021-02-18T14:03:58","version" => "0.13"},{"date" => "2021-09-18T18:20:37","version" => "0.14"},{"date" => "2023-03-25T01:04:11","version" => "0.15"}]},"App-perlall" => {"advisories" => [{"affected_versions" => ["<0.33"],"cves" => ["CVE-2013-1667"],"description" => "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.\n","distribution" => "App-perlall","fixed_versions" => [">=0.33"],"id" => "CPANSA-App-perlall-2013-1667","references" => ["http://www.securityfocus.com/bid/58311","http://perl5.git.perl.org/perl.git/commitdiff/d59e31f","http://perl5.git.perl.org/perl.git/commitdiff/9d83adc","http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html","http://www.debian.org/security/2013/dsa-2641","http://secunia.com/advisories/52499","http://secunia.com/advisories/52472","https://bugzilla.redhat.com/show_bug.cgi?id=912276","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296","http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5","http://osvdb.org/90892","http://www.ubuntu.com/usn/USN-1770-1","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html","http://marc.info/?l=bugtraq&m=137891988921058&w=2","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/82598","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"],"reported" => "2013-03-14","severity" => undef}],"main_module" => "App::perlall","versions" => [{"date" => "2011-12-23T21:52:22","version" => "0.01"},{"date" => "2011-12-24T00:56:03","version" => "0.02"},{"date" => "2012-01-06T17:07:08","version" => "0.03"},{"date" => "2012-01-09T22:05:35","version" => "0.04"},{"date" => "2012-01-31T21:18:20","version" => "0.05"},{"date" => "2012-02-06T23:12:27","version" => "0.06"},{"date" => "2012-02-07T20:52:55","version" => "0.07"},{"date" => "2012-02-23T10:35:50","version" => "0.08"},{"date" => "2012-03-22T18:24:53","version" => "0.09"},{"date" => "2012-05-03T13:44:26","version" => "0.10"},{"date" => "2012-05-05T02:22:56","version" => "0.11"},{"date" => "2012-05-05T14:18:09","version" => "0.12"},{"date" => "2012-05-29T15:34:02","version" => "0.13"},{"date" => "2012-06-07T16:07:09","version" => "0.14"},{"date" => "2012-07-18T17:55:03","version" => "0.15"},{"date" => "2012-07-18T18:05:33","version" => "0.15_01"},{"date" => "2012-07-19T19:07:14","version" => "0.16"},{"date" => "2012-08-06T15:11:54","version" => "0.17"},{"date" => "2012-11-06T22:12:59","version" => "0.18"},{"date" => "2012-11-08T15:37:31","version" => "0.19"},{"date" => "2012-11-08T15:50:30","version" => "0.20"},{"date" => "2012-11-08T18:53:37","version" => "0.21"},{"date" => "2012-11-09T22:04:21","version" => "0.22"},{"date" => "2012-11-11T19:50:41","version" => "0.23"},{"date" => "2012-11-13T20:46:09","version" => "0.25"},{"date" => "2012-11-13T22:45:49","version" => "0.26"},{"date" => "2012-11-15T16:26:40","version" => "0.27"},{"date" => "2012-12-13T20:09:18","version" => "0.28"},{"date" => "2012-12-20T22:29:59","version" => "0.29"},{"date" => "2013-01-09T20:22:21","version" => "0.30"},{"date" => "2013-02-04T19:58:18","version" => "0.31"},{"date" => "2013-02-23T21:35:31","version" => "0.32"},{"date" => "2013-03-05T01:04:28","version" => "0.33"},{"date" => "2013-03-05T15:34:37","version" => "0.34"},{"date" => "2013-03-22T22:34:57","version" => "0.35"},{"date" => "2013-07-11T19:58:07","version" => "0.36"},{"date" => "2013-07-13T19:53:25","version" => "0.37"},{"date" => "2013-10-23T15:58:48","version" => "0.39"},{"date" => "2013-11-18T16:12:38","version" => "0.40"},{"date" => "2013-12-03T17:08:11","version" => "0.41"},{"date" => "2013-12-06T18:40:51","version" => "0.42"},{"date" => "2013-12-09T18:31:19","version" => "0.43"},{"date" => "2014-01-11T23:39:19","version" => "0.44"},{"date" => "2014-07-25T13:36:23","version" => "0.45"},{"date" => "2014-08-10T01:42:03","version" => "0.46"},{"date" => "2015-07-08T07:43:56","version" => "0.47"},{"date" => "2015-10-06T09:33:35","version" => "0.48"},{"date" => "2015-11-27T15:53:11","version" => "0.49"},{"date" => "2016-06-12T12:48:37","version" => "0.50"},{"date" => "2019-12-10T20:02:45","version" => "0.51"}]},"App-revealup" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.19"],"cves" => ["CVE-2020-8127"],"description" => "Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2020-8127-revealjs","references" => ["https://hackerone.com/reports/691977"],"reported" => "2020-02-28","severity" => "medium"},{"affected_versions" => [">=0.20,<=0.21"],"cves" => ["CVE-2020-8127"],"description" => "Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2020-8127-revealjs","references" => ["https://hackerone.com/reports/691977"],"reported" => "2020-02-28","severity" => "medium"},{"affected_versions" => ["==0.22"],"cves" => ["CVE-2022-0776"],"description" => "Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2022-0776-revealjs","references" => ["https://github.com/hakimel/reveal.js/commit/32cdd3b1872ba8e2267c9e87ae216cb55f40f4d2","https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001","https://github.com/yusukebe/App-revealup/issues/12#issuecomment-1169417411","https://github.com/yusukebe/App-revealup/commit/c8fea67994b1aa6d734066bff9ada4e834b09cb7"],"reported" => "2022-03-01","severity" => "medium"}],"main_module" => "App::revealup","versions" => [{"date" => "2014-05-25T10:34:08","version" => "0.01"},{"date" => "2014-05-25T11:39:22","version" => "0.02"},{"date" => "2014-06-06T08:03:43","version" => "0.03"},{"date" => "2014-06-06T22:08:16","version" => "0.04"},{"date" => "2014-06-11T05:44:23","version" => "0.05"},{"date" => "2014-06-11T06:22:41","version" => "0.06"},{"date" => "2014-06-11T11:27:29","version" => "0.07"},{"date" => "2014-06-16T01:22:48","version" => "0.08"},{"date" => "2014-06-17T02:53:12","version" => "0.09"},{"date" => "2014-07-05T21:47:41","version" => "0.10"},{"date" => "2014-07-05T21:54:30","version" => "0.11"},{"date" => "2014-09-03T20:57:24","version" => "0.12"},{"date" => "2014-09-16T03:40:03","version" => "0.13"},{"date" => "2014-11-07T16:32:52","version" => "0.14"},{"date" => "2014-11-24T06:40:45","version" => "0.15"},{"date" => "2014-12-19T06:25:32","version" => "0.16"},{"date" => "2014-12-19T20:12:33","version" => "0.17"},{"date" => "2014-12-21T22:32:08","version" => "0.18"},{"date" => "2014-12-21T22:43:49","version" => "0.19"},{"date" => "2015-07-07T15:34:28","version" => "0.20"},{"date" => "2015-08-28T12:57:12","version" => "0.21"},{"date" => "2020-02-06T12:53:05","version" => "0.22"},{"date" => "2022-06-29T00:31:20","version" => "0.23"}]},"Archive-Tar" => {"advisories" => [{"affected_versions" => ["<2.28"],"cves" => ["CVE-2018-12015"],"description" => "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.\n","distribution" => "Archive-Tar","fixed_versions" => [">=2.28"],"id" => "CPANSA-Archive-Tar-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-12015","https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5"],"reported" => "2018-06-12","severity" => "medium"},{"affected_versions" => ["<=1.36"],"cves" => ["CVE-2007-4829"],"description" => "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.\n","distribution" => "Archive-Tar","fixed_versions" => [">1.36"],"id" => "CPANSA-Archive-Tar-2007-4829","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=29517","https://bugzilla.redhat.com/show_bug.cgi?id=295021","http://rt.cpan.org/Public/Bug/Display.html?id=30380","https://issues.rpath.com/browse/RPL-1716","http://www.securityfocus.com/bid/26355","http://secunia.com/advisories/27539","http://osvdb.org/40410","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-2","http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml","http://secunia.com/advisories/33116","http://www.vupen.com/english/advisories/2007/3755","https://exchange.xforce.ibmcloud.com/vulnerabilities/38285","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"],"reported" => "2007-11-02","severity" => undef},{"affected_versions" => ["<2.10"],"cves" => ["CVE-2016-1238"],"description" => "'(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.'\n","distribution" => "Archive-Tar","fixed_versions" => [">=2.10"],"id" => "CPANSA-Archive-Tar-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Archive::Tar","versions" => [{"date" => "1998-02-02T06:13:59","version" => "0.071"},{"date" => "1998-04-10T17:07:35","version" => "0.072"},{"date" => "1998-07-30T00:56:03","version" => "0.08"},{"date" => "1999-01-10T02:22:23","version" => "0.20"},{"date" => "1999-02-02T19:01:41","version" => "0.21"},{"date" => "2000-04-28T00:37:46","version" => "0.22"},{"date" => "2003-01-21T23:07:30","version" => "0.23"},{"date" => "2003-03-18T17:08:50","version" => "0.99_01"},{"date" => "2003-03-26T14:57:35","version" => "0.99_02"},{"date" => "2003-04-28T16:01:24","version" => "0.99_03"},{"date" => "2003-04-28T16:57:58","version" => "0.99_04"},{"date" => "2003-04-30T12:52:19","version" => "0.99_05"},{"date" => "2003-05-05T12:06:35","version" => "0.99_06"},{"date" => "2003-05-31T09:27:33","version" => "1.00"},{"date" => "2003-06-08T10:46:56","version" => "1.01"},{"date" => "2003-06-12T09:47:58","version" => "1.02"},{"date" => "2003-06-26T12:52:19","version" => "1.03"},{"date" => "2003-07-27T17:07:50","version" => "1.04"},{"date" => "2003-08-25T13:38:44","version" => "1.05"},{"date" => "2003-10-15T14:35:12","version" => "1.06"},{"date" => "2003-10-17T11:42:14","version" => "1.07"},{"date" => "2004-01-05T12:59:23","version" => "1.08"},{"date" => "2004-05-22T12:32:02","version" => "1.09"},{"date" => "2004-06-11T19:24:06","version" => "1.10"},{"date" => "2004-11-09T16:12:40","version" => "1.20"},{"date" => "2004-11-10T16:04:13","version" => "1.21"},{"date" => "2004-11-21T10:09:52","version" => "1.22"},{"date" => "2004-12-03T15:53:06","version" => "1.23"},{"date" => "2005-05-03T13:11:19","version" => "1.24"},{"date" => "2005-08-20T10:14:40","version" => "1.25"},{"date" => "2005-08-22T09:29:53","version" => "1.26"},{"date" => "2006-01-19T13:31:53","version" => "1.28"},{"date" => "2006-03-03T13:56:20","version" => "1.29"},{"date" => "2006-08-02T15:00:41","version" => "1.30"},{"date" => "2007-05-18T12:18:49","version" => "1.31"},{"date" => "2007-05-25T09:32:48","version" => "1.32"},{"date" => "2007-08-15T14:20:33","version" => "1.34"},{"date" => "2007-09-16T09:13:21","version" => "1.36"},{"date" => "2007-11-11T11:59:00","version" => "1.37_01"},{"date" => "2007-12-24T11:02:07","version" => "1.38"},{"date" => "2008-08-22T16:33:49","version" => "1.39_01"},{"date" => "2008-08-25T03:56:58","version" => "1.39_02"},{"date" => "2008-08-25T22:07:56","version" => "1.39_03"},{"date" => "2008-09-08T12:14:37","version" => "1.39_04"},{"date" => "2008-10-13T13:42:10","version" => "1.40"},{"date" => "2008-12-13T17:10:15","version" => "1.42"},{"date" => "2009-01-19T17:08:08","version" => "1.44"},{"date" => "2009-03-05T16:10:06","version" => "1.46"},{"date" => "2009-04-20T17:07:30","version" => "1.48"},{"date" => "2009-06-12T12:01:54","version" => "1.50"},{"date" => "2009-06-13T11:29:50","version" => "1.52"},{"date" => "2009-09-10T12:13:03","version" => "1.54"},{"date" => "2010-02-03T14:40:15","version" => "1.56"},{"date" => "2010-02-17T21:47:16","version" => "1.58"},{"date" => "2010-04-23T14:12:31","version" => "1.60"},{"date" => "2010-06-28T21:02:59","version" => "1.62"},{"date" => "2010-07-09T11:04:45","version" => "1.64"},{"date" => "2010-07-26T08:44:00","version" => "1.66"},{"date" => "2010-08-17T16:06:19","version" => "1.68"},{"date" => "2010-11-15T22:02:53","version" => "1.70"},{"date" => "2010-11-18T19:22:01","version" => "1.72"},{"date" => "2010-12-18T21:19:51","version" => "1.74"},{"date" => "2011-01-07T22:27:40","version" => "1.76"},{"date" => "2011-09-08T22:13:33","version" => "1.78"},{"date" => "2011-10-13T10:25:39","version" => "1.80"},{"date" => "2011-11-21T12:14:43","version" => "1.82"},{"date" => "2012-03-03T00:00:05","version" => "1.84"},{"date" => "2012-05-24T11:38:09","version" => "1.86"},{"date" => "2012-06-01T11:06:25","version" => "1.88"},{"date" => "2012-09-05T18:19:00","version" => "1.90"},{"date" => "2013-06-18T15:13:27","version" => "1.92"},{"date" => "2013-10-22T14:28:22","version" => "0.93_01"},{"date" => "2013-10-22T14:36:08","version" => "1.93_02"},{"date" => "2013-10-24T18:02:48","version" => "1.94"},{"date" => "2013-10-24T19:10:34","version" => "1.96"},{"date" => "2014-06-14T17:12:02","version" => "1.98"},{"date" => "2014-06-15T14:59:24","version" => "2.00"},{"date" => "2014-09-14T18:03:23","version" => "2.02"},{"date" => "2014-12-14T20:13:33","version" => "2.04"},{"date" => "2016-04-24T14:05:11","version" => "2.06"},{"date" => "2016-05-12T08:57:35","version" => "2.08"},{"date" => "2016-07-27T12:40:29","version" => "2.10"},{"date" => "2016-10-16T11:27:58","version" => "2.12"},{"date" => "2016-10-20T12:38:57","version" => "2.14"},{"date" => "2016-11-01T19:19:36","version" => "2.16"},{"date" => "2016-11-07T13:36:15","version" => "2.18"},{"date" => "2016-12-15T10:54:40","version" => "2.20"},{"date" => "2016-12-16T09:46:28","version" => "2.22"},{"date" => "2016-12-16T15:27:38","version" => "2.24"},{"date" => "2017-05-12T12:46:05","version" => "2.26"},{"date" => "2018-06-08T10:57:04","version" => "2.28"},{"date" => "2018-06-19T11:55:28","version" => "2.30"},{"date" => "2018-09-13T07:17:10","version" => "2.32"},{"date" => "2020-02-01T16:41:47","version" => "2.34"},{"date" => "2020-02-02T13:34:34","version" => "2.36"},{"date" => "2020-06-25T07:51:56","version" => "2.38"},{"date" => "2021-07-27T09:51:54","version" => "2.40"},{"date" => "2023-03-25T12:10:20","version" => "3.00"},{"date" => "2023-04-12T23:09:11","version" => "3.02"},{"date" => "2025-02-25T20:25:09","version" => "3.04"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "1.26_01"},{"date" => "2006-08-15T00:00:00","dual_lived" => 1,"perl_release" => "5.009004","version" => "1.30_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.04_01"},{"date" => "2018-11-29T00:00:00","dual_lived" => 1,"perl_release" => "5.026003","version" => "2.24_01"},{"date" => "2023-12-30T00:00:00","dual_lived" => 1,"perl_release" => "5.039006","version" => "3.02_001"}]},"Archive-Unzip-Burst" => {"advisories" => [{"affected_versions" => [">=0.01"],"comment" => "0.09 is the latest version, so all versions are affected","cves" => ["CVE-2022-4976"],"description" => "Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities.  The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2022-4976","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=143547"],"reported" => "2025-06-12","severity" => undef},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8141"],"description" => "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8141-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174856","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8140"],"description" => "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8140-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174851","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8139"],"description" => "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8139-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174844"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8141"],"description" => "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8141-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174856","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8140"],"description" => "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8140-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174851","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8139"],"description" => "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8139-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174844"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Archive::Unzip::Burst","versions" => [{"date" => "2007-07-29T11:01:34","version" => "0.01"},{"date" => "2007-08-30T13:06:24","version" => "0.02"},{"date" => "2007-09-05T15:27:53","version" => "0.02_01"},{"date" => "2008-05-16T12:03:35","version" => "0.02_02"},{"date" => "2015-01-15T02:22:44","version" => "0.03"},{"date" => "2016-05-01T14:28:01","version" => "0.04"},{"date" => "2016-05-02T04:28:22","version" => "0.05"},{"date" => "2016-05-07T01:31:26","version" => "0.06"},{"date" => "2016-05-08T17:38:43","version" => "0.07"},{"date" => "2016-05-08T17:42:49","version" => "0.08"},{"date" => "2018-03-16T20:38:14","version" => "0.09"},{"date" => "2025-05-19T13:29:32","version" => "0.03"}]},"Archive-Zip" => {"advisories" => [{"affected_versions" => ["<1.61"],"cves" => ["CVE-2018-10860"],"description" => "perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.\n","distribution" => "Archive-Zip","fixed_versions" => [],"id" => "CPANSA-Archive-Zip-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-10860","https://github.com/redhotpenguin/perl-Archive-Zip/pull/33"],"reported" => "2018-06-28","severity" => "medium"},{"affected_versions" => ["<1.14"],"cves" => ["CVE-2004-1096"],"description" => "Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.\n","distribution" => "Archive-Zip","fixed_versions" => [],"id" => "CPANSA-Archive-Zip-2004-1096","references" => ["http://www.securityfocus.com/bid/11448","http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml","http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true","http://www.kb.cert.org/vuls/id/492545","http://secunia.com/advisories/13038/","http://www.mandriva.com/security/advisories?name=MDKSA-2004:118","https://exchange.xforce.ibmcloud.com/vulnerabilities/17761"],"reported" => "2005-01-10","severity" => undef}],"main_module" => "Archive::Zip","versions" => [{"date" => "2000-03-22T00:10:21","version" => "0.06"},{"date" => "2000-03-29T17:03:46","version" => "0.07"},{"date" => "2000-06-16T16:48:41","version" => "0.09"},{"date" => "2000-08-08T20:56:31","version" => "0.10"},{"date" => "2001-01-17T08:06:58","version" => "0.11"},{"date" => "2002-04-22T15:32:49","version" => "1.00"},{"date" => "2002-05-11T02:45:20","version" => "1.01"},{"date" => "2002-08-24T00:19:19","version" => "1.02"},{"date" => "2002-09-03T04:40:33","version" => "1.03"},{"date" => "2002-09-11T15:17:37","version" => "1.04"},{"date" => "2002-09-11T19:35:26","version" => "1.05"},{"date" => "2003-07-17T18:18:14","version" => "1.06"},{"date" => "2003-10-20T13:59:00","version" => "1.07"},{"date" => "2003-10-21T17:04:03","version" => "1.08"},{"date" => "2003-11-27T18:02:03","version" => "1.09"},{"date" => "2004-03-25T14:39:05","version" => "1.10"},{"date" => "2004-07-05T23:25:19","version" => "1_11"},{"date" => "2004-07-08T17:31:27","version" => "1.11"},{"date" => "2004-07-08T19:14:46","version" => "1.12"},{"date" => "2004-07-27T22:50:39","version" => "1.12_02"},{"date" => "2004-07-29T15:15:49","version" => "1.12_03"},{"date" => "2004-08-23T15:39:23","version" => "1.13"},{"date" => "2004-10-21T15:28:12","version" => "1.14"},{"date" => "2005-03-10T04:34:04","version" => "1.15_01"},{"date" => "2005-03-12T15:29:48","version" => "1.15_02"},{"date" => "2005-06-22T18:29:34","version" => "1.15"},{"date" => "2005-07-04T17:55:17","version" => "1.16"},{"date" => "2006-04-30T03:53:15","version" => "1.17_01"},{"date" => "2006-05-07T02:49:30","version" => "1.17_02"},{"date" => "2006-09-15T15:56:10","version" => "1.17_03"},{"date" => "2006-10-24T15:06:32","version" => "1.17_05"},{"date" => "2006-10-25T12:24:52","version" => "1.18"},{"date" => "2007-06-05T01:50:42","version" => "1.20"},{"date" => "2007-11-01T02:59:20","version" => "1.21"},{"date" => "2007-11-02T01:52:47","version" => "1.22"},{"date" => "2007-11-07T13:04:41","version" => "1.23"},{"date" => "2008-08-23T23:35:50","version" => "1.24"},{"date" => "2008-10-10T05:28:17","version" => "1.25"},{"date" => "2008-10-12T14:13:05","version" => "1.26"},{"date" => "2008-12-16T13:23:21","version" => "1.27_01"},{"date" => "2009-06-16T10:09:03","version" => "1.28"},{"date" => "2009-06-29T13:27:17","version" => "1.29"},{"date" => "2009-06-30T14:13:29","version" => "1.30"},{"date" => "2010-03-05T05:11:20","version" => "1.31_01"},{"date" => "2011-03-08T15:52:02","version" => "1.31_02"},{"date" => "2011-08-23T03:42:14","version" => "1.31_03"},{"date" => "2012-01-23T06:28:16","version" => "1.31_04"},{"date" => "2013-11-09T00:05:06","version" => "1.32"},{"date" => "2013-11-10T03:50:45","version" => "1.33"},{"date" => "2013-12-02T22:16:54","version" => "1.34"},{"date" => "2013-12-30T19:16:52","version" => "1.35"},{"date" => "2013-12-30T22:12:14","version" => "1.36"},{"date" => "2014-01-13T18:32:19","version" => "1.37"},{"date" => "2014-09-02T23:23:11","version" => "1.38"},{"date" => "2014-10-22T04:17:15","version" => "1.39"},{"date" => "2015-01-05T05:58:46","version" => "1.40"},{"date" => "2015-01-10T02:47:42","version" => "1.41"},{"date" => "2015-01-12T00:46:36","version" => "1.42"},{"date" => "2015-01-15T06:37:32","version" => "1.43"},{"date" => "2015-01-24T06:12:21","version" => "1.44"},{"date" => "2015-01-27T07:51:17","version" => "1.45"},{"date" => "2015-03-25T05:19:23","version" => "1.46"},{"date" => "2015-06-17T18:26:02","version" => "1.47"},{"date" => "2015-06-18T21:13:37","version" => "1.48"},{"date" => "2015-07-31T19:01:40","version" => "1.49"},{"date" => "2015-08-26T00:11:35","version" => "1.50"},{"date" => "2015-09-22T06:03:54","version" => "1.51"},{"date" => "2015-09-23T17:43:44","version" => "1.53"},{"date" => "2015-12-04T19:36:41","version" => "1.55"},{"date" => "2015-12-17T18:29:06","version" => "1.56"},{"date" => "2016-04-01T18:06:36","version" => "1.57"},{"date" => "2016-08-02T17:50:20","version" => "1.58"},{"date" => "2016-08-11T20:09:16","version" => "1.59"},{"date" => "2017-12-19T18:44:16","version" => "1.60"},{"date" => "2018-08-19T03:35:10","version" => "1.61"},{"date" => "2018-08-20T03:29:01","version" => "1.62"},{"date" => "2018-08-22T15:42:15","version" => "1.63"},{"date" => "2018-09-12T15:50:29","version" => "1.64"},{"date" => "2019-09-08T05:20:03","version" => "1.65"},{"date" => "2019-09-17T04:37:32","version" => "1.66"},{"date" => "2019-10-07T04:30:05","version" => "1.67"},{"date" => "2020-03-12T17:59:46","version" => "1.68"}]},"Authen-DigestMD5" => {"advisories" => [{"affected_versions" => [">=0.01"],"comment" => "The report incorrectly reports 0.02, although this problem is present in 0.04, which is the latest version","cves" => ["CVE-2025-40919"],"description" => "Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.  The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  According to RFC 2831, \"The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.\"","distribution" => "Authen-DigestMD5","fixed_versions" => [],"id" => "CPANSA-Authen-DigestMD5-2025-40919","references" => ["https://datatracker.ietf.org/doc/html/rfc2831","https://metacpan.org/release/SALVA/Authen-DigestMD5-0.01/source/DigestMD5.pm#L126"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Authen::DigestMD5","versions" => [{"date" => "2003-10-29T00:00:32","version" => "0.01"},{"date" => "2003-10-29T17:18:03","version" => "0.02"},{"date" => "2003-11-08T21:21:26","version" => "0.03"},{"date" => "2003-11-08T22:58:09","version" => "0.04"}]},"Authen-SASL" => {"advisories" => [{"affected_versions" => [">=2.04,<=2.1900"],"cves" => ["CVE-2025-40918"],"description" => "Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.  The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation  depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.\n","distribution" => "Authen-SASL","fixed_versions" => [">=2.1900"],"id" => "CPANSA-Authen-SASL-2025-40918","references" => ["https://datatracker.ietf.org/doc/html/rfc2831","https://github.com/gbarr/perl-authen-sasl/pull/22","https://metacpan.org/dist/Authen-SASL/source/lib/Authen/SASL/Perl/DIGEST_MD5.pm#L263","https://security.metacpan.org/patches/A/Authen-SASL/2.1800/CVE-2025-40918-r1.patch"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Authen::SASL","versions" => [{"date" => "2002-01-31T17:03:51","version" => "2.00"},{"date" => "2002-03-31T14:44:21","version" => "2.01"},{"date" => "2002-05-28T14:24:59","version" => "2.02"},{"date" => "2003-01-21T19:16:46","version" => "2.03"},{"date" => "2003-05-19T21:44:39","version" => "2.04"},{"date" => "2003-10-17T21:16:45","version" => "2.05"},{"date" => "2003-11-01T21:26:08","version" => "2.06"},{"date" => "2004-04-10T08:18:07","version" => "2.07"},{"date" => "2004-05-25T10:31:46","version" => "2.08"},{"date" => "2005-04-26T13:37:18","version" => "2.09"},{"date" => "2006-03-25T23:40:21","version" => "2.10"},{"date" => "2008-04-21T15:43:42","version" => "2.11"},{"date" => "2008-07-01T02:59:22","version" => "2.12"},{"date" => "2009-09-24T22:36:34","version" => "2.13"},{"date" => "2010-03-11T15:12:30","version" => "2.14"},{"date" => "2010-03-29T19:28:04","version" => "2.1401"},{"date" => "2010-06-02T18:58:54","version" => "2.15"},{"date" => "2012-09-04T16:12:29","version" => "2.16"},{"date" => "2023-08-09T22:53:31","version" => "2.1700"},{"date" => "2023-08-10T10:19:40","version" => "2.1700"},{"date" => "2025-04-25T16:10:56","version" => "2.1800"},{"date" => "2025-08-05T13:23:40","version" => "2.1900"},{"date" => "2026-01-28T22:01:16","version" => "2.2000"}]},"BSON-XS" => {"advisories" => [{"affected_versions" => ["<=0.8.4"],"cves" => ["CVE-2025-40906","CVE-2017-14227","CVE-2018-16790","CVE-2023-0437","CVE-2024-6381","CVE-2024-6383","CVE-2025-0755"],"description" => "BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.\nThose include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755.\nBSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.\n","distribution" => "BSON-XS","fixed_versions" => [],"id" => "CPANSA-BSON-XS-2025-40906","references" => ["https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html","https://www.mongodb.com/community/forums/t/mongodb-perl-driver-end-of-life/7890"],"reported" => "2025-05-16","severity" => "critical"},{"affected_versions" => [">=0.2.0,<=0.8.4"],"cves" => ["CVE-2023-0437"],"description" => "When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.\n","distribution" => "BSON-XS","fixed_versions" => [],"id" => "CPANSA-BSON-XS-2023-0437-libbson","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2023-0437","https://jira.mongodb.org/browse/CDRIVER-4747","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/7GUVOAFZFSYTNBF6R7H4XJM5DHWBRQ6P"],"reported" => "2024-01-12","severity" => "moderate"}],"main_module" => "BSON::XS","versions" => [{"date" => "2016-10-25T01:44:04","version" => "v0.2.0"},{"date" => "2016-10-27T14:29:08","version" => "v0.2.1"},{"date" => "2016-10-27T21:57:22","version" => "v0.2.2"},{"date" => "2018-05-17T20:38:16","version" => "v0.4.0"},{"date" => "2018-05-25T17:23:21","version" => "v0.4.1"},{"date" => "2018-06-13T14:02:45","version" => "v0.4.2"},{"date" => "2018-07-10T13:54:25","version" => "v0.4.3"},{"date" => "2018-09-13T03:31:32","version" => "v0.4.4"},{"date" => "2018-10-12T01:39:57","version" => "v0.4.5"},{"date" => "2018-10-12T15:51:36","version" => "v0.4.6"},{"date" => "2018-11-29T22:12:13","version" => "v0.6.0"},{"date" => "2019-07-12T18:08:23","version" => "v0.8.0"},{"date" => "2019-08-13T12:22:17","version" => "v0.8.1"},{"date" => "2019-12-05T18:59:17","version" => "v0.8.2"},{"date" => "2020-04-13T14:58:34","version" => "v0.8.3"},{"date" => "2020-08-13T14:54:04","version" => "v0.8.4"}]},"Batch-Batchrun" => {"advisories" => [{"affected_versions" => [">=1.03"],"cves" => ["CVE-2011-4117"],"description" => "The Batch::Batchrun module 1.03 for Perl does not properly handle temporary files.\n","distribution" => "Batch-Batchrun","fixed_versions" => [],"id" => "CPANSA-Batch-Batchrun-2011-4117","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://rt.cpan.org/Public/Bug/Display.html?id=69594"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Batch::Batchrun","versions" => [{"date" => "1999-08-21T20:25:47","version" => "1.03"}]},"Boost-Graph" => {"advisories" => [{"affected_versions" => [">=1.1,<=1.4"],"cves" => ["CVE-2008-0171"],"description" => "regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.\n","distribution" => "Boost-Graph","fixed_versions" => [],"id" => "CPANSA-Boost-Graph-2008-0171-boost","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=205955","http://svn.boost.org/trac/boost/changeset/42674","http://svn.boost.org/trac/boost/changeset/42745","https://issues.rpath.com/browse/RPL-2143","http://www.ubuntu.com/usn/usn-570-1","http://www.securityfocus.com/bid/27325","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html","http://secunia.com/advisories/28545","http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032","http://secunia.com/advisories/28705","http://secunia.com/advisories/28511","http://secunia.com/advisories/28527","http://wiki.rpath.com/Advisories:rPSA-2008-0063","http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml","http://secunia.com/advisories/28943","http://secunia.com/advisories/28860","http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html","http://secunia.com/advisories/29323","http://www.vupen.com/english/advisories/2008/0249","http://secunia.com/advisories/48099","http://www.securityfocus.com/archive/1/488102/100/0/threaded"],"reported" => "2008-01-17","severity" => undef},{"affected_versions" => [">=1.1,<=1.4"],"cves" => ["CVE-2008-0172"],"description" => "The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.\n","distribution" => "Boost-Graph","fixed_versions" => [],"id" => "CPANSA-Boost-Graph-2008-0172-boost","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=205955","http://svn.boost.org/trac/boost/changeset/42674","http://svn.boost.org/trac/boost/changeset/42745","https://issues.rpath.com/browse/RPL-2143","http://www.ubuntu.com/usn/usn-570-1","http://www.securityfocus.com/bid/27325","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html","http://secunia.com/advisories/28545","http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032","http://secunia.com/advisories/28705","http://secunia.com/advisories/28511","http://secunia.com/advisories/28527","http://wiki.rpath.com/Advisories:rPSA-2008-0063","http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml","http://secunia.com/advisories/28943","http://secunia.com/advisories/28860","http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html","http://secunia.com/advisories/29323","http://www.vupen.com/english/advisories/2008/0249","http://secunia.com/advisories/48099","http://www.securityfocus.com/archive/1/488102/100/0/threaded"],"reported" => "2008-01-17","severity" => undef}],"main_module" => "Boost::Graph","versions" => [{"date" => "2006-05-15T23:21:14","version" => "1.1"},{"date" => "2006-06-19T20:32:45","version" => "1.2"},{"date" => "2006-11-13T18:58:01","version" => "1.2"},{"date" => "2007-07-11T18:07:27","version" => "1.4"},{"date" => "2013-11-05T09:24:41","version" => "1.4_001"}]},"CBOR-XS" => {"advisories" => [{"affected_versions" => ["<1.7"],"cves" => [],"description" => "An out-of bound sharedref or stringref index could cause an out of bounds access - might be exploitable. A decoding error during indefinite array or hash decoding could cause an endless loop.\n","distribution" => "CBOR-XS","fixed_versions" => [">=1.7"],"id" => "CPANSA-CBOR-XS-2017-01","references" => ["https://metacpan.org/dist/CBOR-XS/changes"],"reported" => "2017-07-27","severity" => undef}],"main_module" => "CBOR::XS","versions" => [{"date" => "2013-10-25T23:10:42","version" => "0.01"},{"date" => "2013-10-26T11:09:56","version" => "0.02"},{"date" => "2013-10-26T23:04:01","version" => "0.03"},{"date" => "2013-10-27T22:48:22","version" => "0.04"},{"date" => "2013-10-28T21:28:30","version" => "0.05"},{"date" => "2013-10-29T15:57:13","version" => "0.06"},{"date" => "2013-10-29T22:05:30","version" => "0.07"},{"date" => "2013-10-30T10:11:46","version" => "0.08"},{"date" => "2013-11-22T16:19:26","version" => "0.09"},{"date" => "2013-11-28T16:09:19","version" => "1.0"},{"date" => "2013-11-30T18:42:59","version" => "1.1"},{"date" => "2013-12-01T17:11:47","version" => "1.11"},{"date" => "2013-12-03T10:25:03","version" => "1.12"},{"date" => "2013-12-10T21:07:58","version" => "1.2"},{"date" => "2014-01-05T14:25:36","version" => "1.25"},{"date" => "2014-10-25T06:37:38","version" => "1.26"},{"date" => "2015-04-27T20:22:15","version" => "1.3"},{"date" => "2016-02-08T04:38:25","version" => "1.4"},{"date" => "2016-02-25T14:23:47","version" => "1.41"},{"date" => "2016-04-27T09:40:38","version" => "1.5"},{"date" => "2016-12-07T14:14:49","version" => "1.6"},{"date" => "2017-06-27T02:03:48","version" => "1.7"},{"date" => "2018-11-15T19:53:50","version" => "1.71"},{"date" => "2020-11-29T21:36:13","version" => "1.8"},{"date" => "2020-11-30T18:31:32","version" => "1.81"},{"date" => "2020-12-01T01:50:49","version" => "1.82"},{"date" => "2020-12-08T08:30:59","version" => "1.83"},{"date" => "2021-10-21T01:16:11","version" => "1.84"},{"date" => "2021-10-23T03:00:48","version" => "1.85"},{"date" => "2021-11-04T16:50:24","version" => "1.86"},{"date" => "2023-09-10T20:45:43","version" => "1.87"}]},"CGI" => {"advisories" => [{"affected_versions" => ["<3.63"],"cves" => ["CVE-2012-5526"],"description" => "CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.\n","distribution" => "CGI","fixed_versions" => [">=3.63"],"id" => "CPANSA-CGI-2012-5526","references" => ["http://www.securityfocus.com/bid/56562","http://www.openwall.com/lists/oss-security/2012/11/15/6","https://github.com/markstos/CGI.pm/pull/23","http://www.securitytracker.com/id?1027780","http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://www.debian.org/security/2012/dsa-2586","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://secunia.com/advisories/55314","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/80098"],"reported" => "2012-11-21","severity" => undef},{"affected_versions" => ["<3.56"],"cves" => ["CVE-2011-2766"],"description" => "Usage of deprecated FCGI.pm API.\n","distribution" => "CGI","fixed_versions" => [">=3.56"],"id" => "CPANSA-CGI-2011-2766","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=68380","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766"],"reported" => "2011-11-08"},{"affected_versions" => ["<3.50"],"cves" => [],"description" => "Non-random MIME boundary.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-02","reported" => "2010-11-08"},{"affected_versions" => ["<3.49"],"cves" => [],"description" => "Newlines in headers.\n","distribution" => "CGI","fixed_versions" => [">=3.49"],"id" => "CPANSA-CGI-2010-01","reported" => "2010-02-05"},{"affected_versions" => ["<3.50"],"cves" => ["CVE-2010-4411"],"description" => "Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors.  NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-4411","references" => ["http://openwall.com/lists/oss-security/2010/12/01/3","http://www.mandriva.com/security/advisories?name=MDVSA-2011:008","http://www.vupen.com/english/advisories/2011/0106","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.vupen.com/english/advisories/2011/0271","http://www.vupen.com/english/advisories/2011/0212","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://secunia.com/advisories/43068","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"],"reported" => "2010-12-06","severity" => undef},{"affected_versions" => ["<3.50"],"cves" => ["CVE-2010-2761"],"description" => "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-2761","references" => ["https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380","http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes","http://openwall.com/lists/oss-security/2010/12/01/1","http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html","http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm","http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1","http://openwall.com/lists/oss-security/2010/12/01/2","http://openwall.com/lists/oss-security/2010/12/01/3","https://bugzilla.mozilla.org/show_bug.cgi?id=600464","http://osvdb.org/69588","http://osvdb.org/69589","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:237","http://www.vupen.com/english/advisories/2011/0076","http://www.mandriva.com/security/advisories?name=MDVSA-2010:250","http://secunia.com/advisories/42877","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html","http://secunia.com/advisories/43147","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html","http://www.vupen.com/english/advisories/2011/0249","http://www.vupen.com/english/advisories/2011/0271","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://www.vupen.com/english/advisories/2011/0212","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://secunia.com/advisories/43068","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2010-12-06","severity" => undef}],"main_module" => "CGI","versions" => [{"date" => "1995-11-25T09:21:00","version" => "2.10"},{"date" => "1995-12-28T09:08:00","version" => "2.13"},{"date" => "1996-05-22T22:30:00","version" => "2.20"},{"date" => "1996-05-31T05:31:00","version" => "2.21"},{"date" => "1996-08-07T09:24:00","version" => "2.22"},{"date" => "1996-08-14T08:17:00","version" => "2.23"},{"date" => "1996-08-21T09:09:00","version" => "2.24"},{"date" => "1996-09-10T14:23:00","version" => "2.25"},{"date" => "1996-10-22T11:17:00","version" => "2.26"},{"date" => "1996-10-24T18:21:00","version" => "2.27"},{"date" => "1996-12-02T11:48:00","version" => "2.28"},{"date" => "1996-12-09T13:39:00","version" => "2.29"},{"date" => "1997-01-02T16:40:00","version" => "2.30"},{"date" => "1997-02-15T15:36:00","version" => "2.31"},{"date" => "1997-03-25T08:58:00","version" => "2.32"},{"date" => "1997-04-04T20:45:00","version" => "2.33"},{"date" => "1997-04-10T15:41:00","version" => "2.34"},{"date" => "1997-04-20T18:29:00","version" => "2.35"},{"date" => "1997-05-09T09:33:00","version" => "2.36"},{"date" => "1997-08-29T04:42:00","version" => "2.37"},{"date" => "1997-09-15T17:51:00","version" => "2.37"},{"date" => "1997-10-01T04:15:00","version" => "2.37"},{"date" => "1997-10-12T07:10:00","version" => "2.37"},{"date" => "1997-11-23T11:37:00","version" => "2.37"},{"date" => "1997-12-20T09:57:00","version" => "2.37"},{"date" => "1998-01-16T12:22:00","version" => "2.37"},{"date" => "1998-01-19T11:34:00","version" => "2.37"},{"date" => "1998-01-26T11:00:00","version" => "2.37"},{"date" => "1998-01-29T19:48:00","version" => "2.37"},{"date" => "1998-02-02T13:37:00","version" => "2.37"},{"date" => "1998-02-05T08:25:00","version" => "2.37"},{"date" => "1998-02-09T13:58:00","version" => "2.37"},{"date" => "1998-02-16T16:21:00","version" => "2.37"},{"date" => "1998-02-23T08:33:00","version" => "2.37"},{"date" => "1998-02-24T16:52:00","version" => "2.37"},{"date" => "1998-03-13T15:33:00","version" => "2.37"},{"date" => "1998-03-22T21:12:00","version" => "2.38"},{"date" => "1998-03-24T22:37:08","version" => "2.39"},{"date" => "1998-05-20T09:17:00","version" => "2.40"},{"date" => "1998-05-28T15:03:00","version" => "2.41"},{"date" => "1998-06-09T09:00:00","version" => "2.42"},{"date" => "1998-10-14T19:06:31","version" => "2.43"},{"date" => "1998-11-24T19:41:41","version" => "2.44"},{"date" => "1998-11-26T11:07:27","version" => "2.45"},{"date" => "1998-12-06T10:22:46","version" => "2.46"},{"date" => "1999-02-18T03:50:16","version" => "2.47"},{"date" => "1999-02-19T14:10:25","version" => "2.48"},{"date" => "1999-02-23T22:00:33","version" => "2.49"},{"date" => "1999-06-08T15:13:15","version" => "2.52"},{"date" => "1999-06-09T14:56:06","version" => "2.53"},{"date" => "1999-08-09T14:18:33","version" => "2.54"},{"date" => "1999-08-31T17:11:00","version" => "2.55"},{"date" => "1999-09-13T21:11:51","version" => "2.56"},{"date" => "2000-03-23T23:00:12","version" => "2.58"},{"date" => "2000-03-24T12:31:52","version" => "2.59"},{"date" => "2000-03-27T22:11:34","version" => "2.60"},{"date" => "2000-03-28T02:50:18","version" => "2.61"},{"date" => "2000-03-28T21:38:03","version" => "2.62"},{"date" => "2000-04-10T15:19:54","version" => "2.63"},{"date" => "2000-04-11T15:25:13","version" => "2.64"},{"date" => "2000-04-11T15:55:40","version" => "2.65"},{"date" => "2000-04-12T20:16:46","version" => "2.66"},{"date" => "2000-05-16T01:38:08","version" => "2.67"},{"date" => "2000-05-18T17:55:55","version" => "2.68"},{"date" => "2000-07-28T03:06:11","version" => "2.69"},{"date" => "2000-08-04T19:37:27","version" => "2.70"},{"date" => "2000-08-13T16:09:25","version" => "2.71"},{"date" => "2000-08-20T17:35:50","version" => "2.72"},{"date" => "2000-08-24T13:33:37","version" => "3."},{"date" => "2000-09-13T02:55:51","version" => "2.73"},{"date" => "2000-09-13T16:35:14","version" => "2.74"},{"date" => "2001-02-02T15:43:07","version" => "2.75"},{"date" => "2001-02-02T15:50:53","version" => "2.751"},{"date" => "2001-02-04T23:49:27","version" => "2.752"},{"date" => "2001-03-12T17:00:13","version" => "2.753"},{"date" => "2001-06-15T15:33:28","version" => "3.02"},{"date" => "2001-06-29T14:47:39","version" => "3.02_"},{"date" => "2001-07-05T16:13:55","version" => "3.03_01"},{"date" => "2001-07-26T21:29:22","version" => "2.76"},{"date" => "2001-08-07T12:33:22","version" => "2.77"},{"date" => "2001-09-26T02:26:36","version" => "2.78"},{"date" => "2001-12-09T21:39:11","version" => "2.79"},{"date" => "2002-01-12T02:47:17","version" => "2.80"},{"date" => "2002-04-10T19:39:49","version" => "2.81"},{"date" => "2002-09-11T12:27:48","version" => "2.84"},{"date" => "2002-09-11T14:01:02","version" => "2.85"},{"date" => "2002-09-12T03:58:40","version" => "2.86"},{"date" => "2002-10-07T02:00:58","version" => "2.87"},{"date" => "2002-10-14T13:58:09","version" => "2.88"},{"date" => "2002-10-16T17:50:26","version" => "2.89"},{"date" => "2002-11-22T23:03:39","version" => 0},{"date" => "2003-02-10T20:11:57","version" => "2.90"},{"date" => "2003-02-11T14:15:15","version" => "2.91"},{"date" => "2003-04-28T00:44:10","version" => "2.92"},{"date" => "2003-04-28T13:37:43","version" => "2.93"},{"date" => "2003-06-09T12:15:29","version" => "2.94"},{"date" => "2003-06-13T02:35:42","version" => "2.95"},{"date" => "2003-06-16T18:42:38","version" => "2.96"},{"date" => "2003-06-17T23:32:52","version" => "2.97"},{"date" => "2003-07-16T17:06:29","version" => "2.98"},{"date" => "2003-08-01T14:43:54","version" => "2.99"},{"date" => "2003-08-18T17:51:48","version" => "3.00"},{"date" => "2003-12-10T17:05:47","version" => "3.01"},{"date" => "2004-01-13T16:34:47","version" => "3.03"},{"date" => "2004-01-19T12:44:30","version" => "3.04"},{"date" => "2004-04-12T20:39:57","version" => "3.05"},{"date" => "2005-03-09T21:06:46","version" => "3.06"},{"date" => "2005-03-14T16:34:03","version" => "3.07"},{"date" => "2005-04-20T15:31:11","version" => "3.08"},{"date" => "2005-05-05T20:16:55","version" => "3.09"},{"date" => "2005-05-13T21:48:46","version" => "3.10"},{"date" => "2005-08-03T21:17:14","version" => "3.11"},{"date" => "2005-12-04T16:46:53","version" => "3.12"},{"date" => "2005-12-05T13:54:26","version" => "3.13"},{"date" => "2005-12-06T22:14:19","version" => "3.14"},{"date" => "2005-12-07T20:16:49","version" => "3.15"},{"date" => "2006-02-08T18:50:56","version" => "3.16"},{"date" => "2006-02-24T19:04:58","version" => "3.17"},{"date" => "2006-04-17T13:56:06","version" => "3.19"},{"date" => "2006-04-23T14:27:55","version" => "3.20"},{"date" => "2006-08-21T19:12:36","version" => "3.21"},{"date" => "2006-08-23T15:24:41","version" => "3.22"},{"date" => "2006-08-24T11:53:26","version" => "3.23"},{"date" => "2006-09-28T17:09:45","version" => "3.25"},{"date" => "2007-02-27T15:42:54","version" => "3.27"},{"date" => "2007-03-29T15:38:01","version" => "3.28"},{"date" => "2007-04-16T17:00:18","version" => "3.29"},{"date" => "2007-11-30T19:06:19","version" => "3.31"},{"date" => "2007-12-27T18:41:32","version" => "3.32"},{"date" => "2008-01-03T15:03:17","version" => "3.33"},{"date" => "2008-03-18T16:04:41","version" => "3.34"},{"date" => "2008-03-27T14:26:48","version" => "3.35"},{"date" => "2008-04-23T13:09:44","version" => "3.37"},{"date" => "2008-06-25T14:58:32","version" => "3.38"},{"date" => "2008-07-29T15:01:52","version" => "3.39"},{"date" => "2008-08-06T18:21:51","version" => "3.40"},{"date" => "2008-08-26T13:56:27","version" => "3.41"},{"date" => "2008-09-08T14:15:41","version" => "3.42"},{"date" => "2009-04-06T18:35:19","version" => "3.43"},{"date" => "2009-07-30T16:34:17","version" => "3.44"},{"date" => "2009-08-14T13:37:12","version" => "3.45"},{"date" => "2009-09-09T15:39:42","version" => "3.46"},{"date" => "2009-09-09T20:03:01","version" => "3.47"},{"date" => "2009-09-25T15:07:03","version" => "3.48"},{"date" => "2010-02-05T16:24:53","version" => "3.49"},{"date" => "2010-11-08T21:53:26","version" => "3.50"},{"date" => "2011-01-05T18:28:41","version" => "3.51"},{"date" => "2011-01-25T04:30:05","version" => "3.52"},{"date" => "2011-04-25T23:01:21","version" => "3.53"},{"date" => "2011-04-28T14:36:41","version" => "3.54"},{"date" => "2011-06-03T15:39:16","version" => "3.55"},{"date" => "2011-11-09T02:00:20","version" => "3.56"},{"date" => "2011-11-09T15:59:18","version" => "3.57"},{"date" => "2011-11-12T03:36:07","version" => "3.58"},{"date" => "2011-12-30T13:35:35","version" => "3.59"},{"date" => "2012-08-16T03:21:13","version" => "3.60"},{"date" => "2012-11-03T02:10:42","version" => "3.61"},{"date" => "2012-11-10T01:40:50","version" => "3.62"},{"date" => "2012-11-14T23:45:29","version" => "3.63"},{"date" => "2013-11-24T01:22:00","version" => "3.64"},{"date" => "2014-02-12T03:13:58","version" => "3.65"},{"date" => "2014-05-15T12:59:58","version" => "3.65_01"},{"date" => "2014-05-16T11:43:33","version" => "3.65_02"},{"date" => "2014-05-20T12:31:46","version" => "3.65_03"},{"date" => "2014-05-22T19:58:14","version" => "4.00"},{"date" => "2014-05-27T13:13:51","version" => "4.01"},{"date" => "2014-06-09T13:55:49","version" => "4.02"},{"date" => "2014-07-02T14:53:06","version" => "4.03"},{"date" => "2014-07-28T18:30:34","version" => "4.03_01"},{"date" => "2014-07-30T14:26:40","version" => "4.03_02"},{"date" => "2014-08-13T11:40:14","version" => "4.03_03"},{"date" => "2014-09-04T14:42:14","version" => "4.04"},{"date" => "2014-09-20T16:08:55","version" => "4.04_01"},{"date" => "2014-09-28T19:57:05","version" => "4.04_02"},{"date" => "2014-09-29T09:50:07","version" => "4.04_03"},{"date" => "2014-10-06T12:01:14","version" => "4.04_04"},{"date" => "2014-10-06T12:24:10","version" => "4.04_05"},{"date" => "2014-10-08T07:42:49","version" => "4.05"},{"date" => "2014-10-10T11:35:49","version" => "4.06"},{"date" => "2014-10-12T16:29:35","version" => "4.07"},{"date" => "2014-10-18T11:00:38","version" => "4.08"},{"date" => "2014-10-21T07:33:36","version" => "4.09"},{"date" => "2014-11-25T21:06:50","version" => "4.09_01"},{"date" => "2014-11-27T12:53:51","version" => "4.10"},{"date" => "2014-11-30T12:12:26","version" => "4.10_01"},{"date" => "2014-12-03T07:25:15","version" => "4.11"},{"date" => "2014-12-18T08:35:52","version" => "4.12"},{"date" => "2014-12-18T09:21:52","version" => "4.13"},{"date" => "2015-02-12T14:19:13","version" => "4.13_01"},{"date" => "2015-02-13T08:01:29","version" => "4.13_02"},{"date" => "2015-03-01T13:28:25","version" => "4.13_03"},{"date" => "2015-03-08T16:09:21","version" => "4.13_04"},{"date" => "2015-03-25T17:55:15","version" => "4.13_05"},{"date" => "2015-04-01T06:51:57","version" => "4.14"},{"date" => "2015-04-17T14:27:39","version" => "4.14_01"},{"date" => "2015-04-20T07:15:45","version" => "4.15"},{"date" => "2015-05-29T14:48:42","version" => "4.20"},{"date" => "2015-06-22T07:50:02","version" => "4.21"},{"date" => "2015-10-16T09:46:31","version" => "4.22"},{"date" => "2015-12-20T18:33:35","version" => "4.24"},{"date" => "2015-12-21T09:29:19","version" => "4.25"},{"date" => "2016-02-04T16:37:12","version" => "4.26"},{"date" => "2016-03-02T08:03:46","version" => "4.27"},{"date" => "2016-03-14T07:21:48","version" => "4.28"},{"date" => "2016-05-22T12:23:19","version" => "4.28_01"},{"date" => "2016-05-22T12:54:23","version" => "4.28_02"},{"date" => "2016-05-23T08:25:25","version" => "4.28_03"},{"date" => "2016-06-09T12:01:20","version" => "4.29"},{"date" => "2016-06-09T12:11:54","version" => "4.30"},{"date" => "2016-06-14T07:14:00","version" => "4.31"},{"date" => "2016-07-19T07:05:46","version" => "4.32"},{"date" => "2016-09-16T09:47:49","version" => "4.33"},{"date" => "2016-10-13T11:58:55","version" => "4.34"},{"date" => "2016-10-13T13:56:21","version" => "4.35"},{"date" => "2017-03-29T08:56:26","version" => "4.35_01"},{"date" => "2017-04-06T14:42:12","version" => "4.36"},{"date" => "2017-11-01T10:17:40","version" => "4.37"},{"date" => "2017-12-01T08:41:02","version" => "4.38"},{"date" => "2018-08-13T15:57:52","version" => "4.39"},{"date" => "2018-08-15T08:39:39","version" => "4.40"},{"date" => "2019-03-26T15:58:49","version" => "4.41"},{"date" => "2019-03-26T16:33:27","version" => "4.42"},{"date" => "2019-05-01T14:28:45","version" => "4.43"},{"date" => "2019-06-03T09:00:55","version" => "4.44"},{"date" => "2020-01-13T07:03:55","version" => "4.45"},{"date" => "2020-02-03T14:49:22","version" => "4.46"},{"date" => "2020-05-01T13:01:44","version" => "4.47"},{"date" => "2020-06-02T08:22:41","version" => "4.48"},{"date" => "2020-06-08T09:46:25","version" => "4.49"},{"date" => "2020-06-22T07:35:25","version" => "4.50"},{"date" => "2020-10-05T06:14:39","version" => "4.51"},{"date" => "2021-05-04T08:02:27","version" => "4.52"},{"date" => "2021-06-03T06:45:55","version" => "4.53"},{"date" => "2022-02-03T07:52:34","version" => "4.54"},{"date" => "2023-01-03T07:45:53","version" => "4.55"},{"date" => "2023-03-03T08:51:51","version" => "4.56"},{"date" => "2023-05-02T13:16:01","version" => "4.57"},{"date" => "2023-10-02T07:08:45","version" => "4.58"},{"date" => "2023-10-02T07:14:30","version" => "4.59"},{"date" => "2023-11-01T07:57:12","version" => "4.60"},{"date" => "2024-01-08T15:17:04","version" => "4.61"},{"date" => "2024-03-01T13:46:49","version" => "4.62"},{"date" => "2024-03-06T15:20:30","version" => "4.63"},{"date" => "2024-03-18T12:10:48","version" => "4.64"},{"date" => "2024-06-04T15:15:17","version" => "4.65"},{"date" => "2024-06-19T08:59:52","version" => "4.66"},{"date" => "2025-01-08T15:27:45","version" => "4.67"},{"date" => "2025-04-01T09:38:18","version" => "4.68"},{"date" => "2025-06-11T06:21:57","version" => "4.69"},{"date" => "2025-07-07T11:59:39","version" => "4.70"},{"date" => "2025-10-01T08:09:27","version" => "4.71"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "3.15_01"}]},"CGI-Application" => {"advisories" => [{"affected_versions" => ["<4.50_51"],"cves" => ["CVE-2013-7329"],"description" => "The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.\n","distribution" => "CGI-Application","fixed_versions" => [],"id" => "CPANSA-CGI-Application-2013-7329","references" => ["https://github.com/markstos/CGI--Application/pull/15","http://openwall.com/lists/oss-security/2014/02/19/11","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129436.html","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129444.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739505","http://www.securityfocus.com/bid/65687","https://rt.cpan.org/Public/Bug/Display.html?id=84403","https://bugzilla.redhat.com/show_bug.cgi?id=1067180","https://exchange.xforce.ibmcloud.com/vulnerabilities/91735"],"reported" => "2014-10-06","severity" => undef}],"main_module" => "CGI::Application","versions" => [{"date" => "2000-07-11T04:23:51","version" => "1.0"},{"date" => "2000-07-12T15:21:41","version" => "1.1"},{"date" => "2000-07-18T21:11:44","version" => "1.2"},{"date" => "2001-05-21T12:03:59","version" => "1.3"},{"date" => "2001-05-28T18:29:06","version" => "1.31"},{"date" => "2001-06-25T03:17:50","version" => "2.0"},{"date" => "2001-08-11T22:18:28","version" => "2.1"},{"date" => "2002-05-06T03:21:57","version" => "2.2"},{"date" => "2002-05-06T11:57:30","version" => "2.3"},{"date" => "2002-05-27T01:01:18","version" => "2.4"},{"date" => "2002-07-18T11:59:16","version" => "2.5"},{"date" => "2002-10-07T13:03:27","version" => "2.6"},{"date" => "2003-02-01T13:52:45","version" => "3.0"},{"date" => "2003-06-02T13:01:50","version" => "3.1"},{"date" => "2004-02-04T03:23:56","version" => "3.2"},{"date" => "2004-02-04T15:53:56","version" => "3.2"},{"date" => "2004-02-14T01:47:53","version" => "3.22"},{"date" => "2004-09-26T19:22:20","version" => "3.30"},{"date" => "2004-09-26T19:35:26","version" => "3.31"},{"date" => "2005-03-19T14:42:14","version" => "4.0_2"},{"date" => "2005-06-07T03:25:55","version" => "4.0_4"},{"date" => "2005-06-11T04:00:57","version" => "4.0"},{"date" => "2005-06-13T19:15:12","version" => "4.01_01"},{"date" => "2005-06-14T14:37:30","version" => "4.01"},{"date" => "2005-07-24T19:08:18","version" => "4.02_1"},{"date" => "2005-07-31T03:11:25","version" => "4.02"},{"date" => "2005-08-04T23:45:52","version" => "4.03"},{"date" => "2005-09-01T02:54:00","version" => "4.04_01"},{"date" => "2005-09-09T01:12:21","version" => "4.04_02"},{"date" => "2005-10-12T02:12:18","version" => "4.04"},{"date" => "2006-03-02T01:58:41","version" => "4.05"},{"date" => "2006-04-13T02:34:40","version" => "4.06"},{"date" => "2006-07-02T05:05:34","version" => "4.07_01"},{"date" => "2007-10-31T23:34:31","version" => "4.07_02"},{"date" => "2008-06-16T20:09:18","version" => "4.07_03"},{"date" => "2008-06-18T03:30:33","version" => "4.10"},{"date" => "2008-08-10T15:36:00","version" => "4.11"},{"date" => "2008-09-27T04:18:05","version" => "4.11"},{"date" => "2008-11-02T00:43:18","version" => "4.11"},{"date" => "2009-01-03T16:13:59","version" => "4.21"},{"date" => "2009-07-30T01:35:48","version" => "4.30"},{"date" => "2009-07-30T01:42:34","version" => "4.31"},{"date" => "2010-02-14T00:33:00","version" => "4.32_1"},{"date" => "2011-06-16T17:07:16","version" => "4.50"},{"date" => "2015-01-23T12:19:21","version" => "4.50_50"},{"date" => "2015-07-18T12:57:01","version" => "4.50_51"},{"date" => "2018-02-28T13:57:05","version" => "4.60"},{"date" => "2018-03-01T13:29:17","version" => "4.60_1"},{"date" => "2018-03-02T09:20:24","version" => "4.61"}]},"CGI-Application-Dispatch" => {"advisories" => [{"affected_versions" => ["<1.02"],"cves" => [],"description" => "Untainted module names.\n","distribution" => "CGI-Application-Dispatch","fixed_versions" => [">=1.02"],"id" => "CPANSA-CGI-Application-Dispatch-2005-001","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Dispatch"],"reported" => "2005-01-20"}],"main_module" => "CGI::Application::Dispatch","versions" => [{"date" => "2004-09-13T01:35:58","version" => "0.01"},{"date" => "2004-10-19T18:26:01","version" => "0.02"},{"date" => "2004-10-29T16:53:40","version" => "0.03"},{"date" => "2005-01-06T15:34:49","version" => "1.00"},{"date" => "2005-01-08T12:42:00","version" => "1.01"},{"date" => "2005-01-20T14:43:28","version" => "1.02"},{"date" => "2005-03-04T16:28:16","version" => "1.03"},{"date" => "2005-07-12T21:44:54","version" => "1.04"},{"date" => "2006-01-12T15:56:53","version" => "2.00_02"},{"date" => "2006-02-06T15:50:52","version" => "2.00_03"},{"date" => "2006-02-14T15:41:25","version" => "2.00_04"},{"date" => "2006-04-12T14:18:22","version" => "2.00_05"},{"date" => "2006-06-27T04:29:04","version" => "2.00_06"},{"date" => "2006-07-03T15:52:12","version" => "2.00"},{"date" => "2006-08-14T14:14:10","version" => "2.01"},{"date" => "2006-08-17T14:57:55","version" => "2.02"},{"date" => "2006-09-30T02:13:40","version" => "2.03"},{"date" => "2007-01-03T18:12:57","version" => "2.10_01"},{"date" => "2007-01-11T18:55:41","version" => "2.10_02"},{"date" => "2007-01-15T14:08:30","version" => "2.10"},{"date" => "2007-12-28T20:23:49","version" => "2.11"},{"date" => "2007-12-31T20:43:51","version" => "2.12_01"},{"date" => "2008-01-03T14:39:57","version" => "2.12"},{"date" => "2008-03-08T18:33:34","version" => "2.13_01"},{"date" => "2008-03-11T16:41:27","version" => "2.13_02"},{"date" => "2008-09-17T00:44:02","version" => "2.13"},{"date" => "2008-11-03T01:33:21","version" => "2.14"},{"date" => "2008-12-04T16:00:05","version" => "2.15"},{"date" => "2009-03-24T02:03:51","version" => "2.16"},{"date" => "2009-12-30T19:06:27","version" => "2.17"},{"date" => "2011-01-05T03:42:59","version" => "2.18"},{"date" => "2011-06-16T17:42:14","version" => "3.00"},{"date" => "2011-06-24T02:53:20","version" => "3.01"},{"date" => "2011-06-24T22:33:01","version" => "3.02"},{"date" => "2011-06-26T03:52:14","version" => "3.03"},{"date" => "2011-06-29T13:45:53","version" => "3.04"},{"date" => "2011-09-07T22:21:15","version" => "3.05"},{"date" => "2011-09-09T15:29:58","version" => "3.06"},{"date" => "2011-09-09T17:32:11","version" => "3.07"},{"date" => "2012-09-03T04:04:19","version" => "3.10"},{"date" => "2012-09-14T01:02:58","version" => "3.11"},{"date" => "2012-09-14T01:19:52","version" => "3.12"}]},"CGI-Application-Plugin-AutoRunmode" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "Non-word characters are allowed in runmode name.\n","distribution" => "CGI-Application-Plugin-AutoRunmode","fixed_versions" => [">=0.04"],"id" => "CPANSA-CGI-Application-Plugin-AutoRunmode-2005-01","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Plugin-AutoRunmode"],"reported" => "2005-03-04"}],"main_module" => "CGI::Application::Plugin::AutoRunmode","versions" => [{"date" => "2005-03-04T06:59:51","version" => "0.04"},{"date" => "2005-03-10T07:22:55","version" => "0.05"},{"date" => "2005-06-15T10:20:17","version" => "0.06"},{"date" => "2005-06-18T02:09:08","version" => "0.07"},{"date" => "2005-07-17T00:49:10","version" => "0.08"},{"date" => "2005-09-22T12:31:22","version" => "0.09"},{"date" => "2005-10-16T00:17:47","version" => "0.10"},{"date" => "2005-10-18T13:23:50","version" => "0.11"},{"date" => "2005-11-03T01:10:37","version" => "0.12"},{"date" => "2006-04-08T07:18:44","version" => "0.13"},{"date" => "2006-05-21T05:04:48","version" => "0.14"},{"date" => "2006-12-17T07:46:24","version" => "0.15"},{"date" => "2009-02-14T09:16:39","version" => "0.16"},{"date" => "2010-05-21T04:24:45","version" => "0.17"},{"date" => "2011-02-18T09:23:15","version" => "0.18"}]},"CGI-Application-Plugin-CAPTCHA" => {"advisories" => [{"affected_versions" => ["<0.02"],"cves" => [],"description" => "A malicious programmer creating an application to use the service can just have his application send along a cookie that he has created himself, and with that supply an appropriate verification string for his cookie. To avoid that you need to include som kind of hidden server-side password in the string being encrypted, and also include it when you verify.\n","distribution" => "CGI-Application-Plugin-CAPTCHA","fixed_versions" => [">=0.02"],"id" => "CPANSA-CGI-Application-Plugin-CAPTCHA-2024-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=30759","https://metacpan.org/release/CROMEDOME/CGI-Application-Plugin-CAPTCHA-0.02/changes","https://github.com/cromedome/cgi-application-plugin-captcha/commit/9acb5b6561a9983787ad85f55b01c69a895014e6"],"reported" => undef,"severity" => undef}],"main_module" => "CGI::Application::Plugin::CAPTCHA","versions" => [{"date" => "2005-08-28T18:31:21","version" => "0.01"},{"date" => "2011-01-05T05:07:55","version" => "0.02"},{"date" => "2011-01-05T05:10:54","version" => "0.03"},{"date" => "2011-01-06T14:08:56","version" => "0.04"}]},"CGI-Application-Plugin-RunmodeDeclare" => {"advisories" => [{"affected_versions" => ["<0.03"],"cves" => [],"description" => "Wrong order of arguments.\n","distribution" => "CGI-Application-Plugin-RunmodeDeclare","fixed_versions" => [">=0.03"],"id" => "CPANSA-CGI-Application-Plugin-RunmodeDeclare-2008-01","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Plugin-RunmodeDeclare"],"reported" => "2008-10-20"}],"main_module" => "CGI::Application::Plugin::RunmodeDeclare","versions" => [{"date" => "2008-09-26T19:59:14","version" => "0.01"},{"date" => "2008-09-26T21:37:11","version" => "0.02"},{"date" => "2008-10-19T23:22:06","version" => "0.03"},{"date" => "2008-10-23T14:18:23","version" => "0.03_01"},{"date" => "2008-10-24T13:32:43","version" => "0.03_02"},{"date" => "2008-10-24T16:20:27","version" => "0.03_03"},{"date" => "2008-10-25T10:54:25","version" => "0.04"},{"date" => "2008-10-25T11:46:28","version" => "0.05"},{"date" => "2008-10-25T16:39:34","version" => "0.06"},{"date" => "2009-01-10T02:32:39","version" => "0.07"},{"date" => "2009-05-17T22:29:18","version" => "0.08"},{"date" => "2010-01-07T13:24:09","version" => "0.09"},{"date" => "2012-02-10T00:53:54","version" => "0.10"}]},"CGI-Auth-Basic" => {"advisories" => [{"affected_versions" => ["<1.11"],"cves" => [],"description" => "TBD\n","distribution" => "CGI-Auth-Basic","fixed_versions" => [">=1.11"],"id" => "CPANSA-CGI-Auth-Basic-2007-01","references" => ["https://metacpan.org/changes/distribution/CGI-Auth-Basic"],"reported" => "2007-12-30"}],"main_module" => "CGI::Auth::Basic","versions" => [{"date" => "2004-02-21T14:58:09","version" => "1.0"},{"date" => "2004-08-31T13:29:28","version" => "1.01"},{"date" => "2004-11-07T03:34:32","version" => "1.02"},{"date" => "2006-06-18T01:12:15","version" => "1.10"},{"date" => "2007-12-30T20:53:33","version" => "1.11"},{"date" => "2009-04-18T04:22:51","version" => "1.20"},{"date" => "2009-04-23T17:00:50","version" => "1.21"},{"date" => "2009-04-24T15:07:48","version" => "1.21"},{"date" => "2012-08-27T01:50:53","version" => "1.22"},{"date" => "2015-01-21T00:26:01","version" => "1.23"},{"date" => "2018-12-23T21:03:03","version" => "1.24"}]},"CGI-Session" => {"advisories" => [{"affected_versions" => ["<4.10"],"cves" => ["CVE-2006-1279"],"description" => "CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite.\n","distribution" => "CGI-Session","fixed_versions" => [],"id" => "CPANSA-CGI-Session-2006-1279","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555","http://secunia.com/advisories/19211","http://www.securityfocus.com/bid/17177","http://www.osvdb.org/23865","http://www.vupen.com/english/advisories/2006/0946","https://exchange.xforce.ibmcloud.com/vulnerabilities/25285"],"reported" => "2006-03-19","severity" => undef},{"affected_versions" => ["<4.12"],"cves" => [],"description" => "possible SQL injection attack\n","distribution" => "CGI-Session","fixed_versions" => [">=4.12"],"id" => "CPANSA-CGI-Session-2006-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=18578"],"reported" => "2006-04-06","severity" => undef}],"main_module" => "CGI::Session","versions" => [{"date" => "2001-10-30T08:59:10","version" => "0.01"},{"date" => "2002-05-10T12:04:15","version" => "2.0"},{"date" => "2002-05-10T17:38:46","version" => "2.1"},{"date" => "2002-05-14T18:21:39","version" => "2.2"},{"date" => "2002-05-17T18:02:23","version" => "2.4"},{"date" => "2002-05-27T09:52:46","version" => "2.7"},{"date" => "2002-06-06T08:08:21","version" => "2.9"},{"date" => "2002-06-06T08:36:26","version" => "2.91"},{"date" => "2002-06-18T18:15:57","version" => "2.92"},{"date" => "2002-08-26T08:23:54","version" => "2.94"},{"date" => "2002-11-27T07:20:47","version" => "3.1"},{"date" => "2002-11-27T12:27:59","version" => "3.2"},{"date" => "2002-11-28T03:19:31","version" => "v3.2.2.1"},{"date" => "2002-11-28T03:26:41","version" => "3.3"},{"date" => "2002-11-28T03:44:39","version" => "3.4"},{"date" => "2002-11-28T06:55:29","version" => "3.5"},{"date" => "2002-11-28T17:12:32","version" => "3.6"},{"date" => "2002-11-29T21:29:53","version" => "3.7"},{"date" => "2002-12-03T16:26:55","version" => "3.8"},{"date" => "2002-12-04T07:37:02","version" => "3.9"},{"date" => "2002-12-09T09:02:18","version" => "3.10"},{"date" => "2002-12-09T20:09:24","version" => "3.11"},{"date" => "2003-03-09T11:26:21","version" => "3.91"},{"date" => "2003-03-10T02:42:16","version" => "3.92"},{"date" => "2003-03-14T13:21:20","version" => "3.93"},{"date" => "2003-05-02T20:12:40","version" => "3.94"},{"date" => "2003-07-26T13:51:31","version" => "3.95"},{"date" => "2005-02-09T08:35:23","version" => "4.00_01"},{"date" => "2005-02-09T09:54:17","version" => "4.00_02"},{"date" => "2005-02-11T08:23:00","version" => "4.00_03"},{"date" => "2005-02-17T03:24:21","version" => "4.00_04"},{"date" => "2005-02-22T17:56:43","version" => "4.00_05"},{"date" => "2005-02-24T18:46:45","version" => "4.00_06"},{"date" => "2005-03-13T19:18:37","version" => "4.00_07"},{"date" => "2005-03-15T16:48:17","version" => "4.00_08"},{"date" => "2005-07-22T02:00:21","version" => "4.00_09"},{"date" => "2005-09-01T05:57:49","version" => "4.00"},{"date" => "2005-09-01T16:25:46","version" => "4.01"},{"date" => "2005-09-02T15:51:20","version" => "4.02"},{"date" => "2005-09-24T02:12:22","version" => "4.02_01"},{"date" => "2005-10-05T23:22:54","version" => "4.03"},{"date" => "2006-03-02T03:00:28","version" => "4.04"},{"date" => "2006-03-04T00:08:26","version" => "4.05"},{"date" => "2006-03-09T03:13:06","version" => "4.06"},{"date" => "2006-03-09T12:09:28","version" => "4.07"},{"date" => "2006-03-16T02:38:25","version" => "4.08"},{"date" => "2006-03-17T04:08:57","version" => "4.09"},{"date" => "2006-03-28T07:00:52","version" => "4.10"},{"date" => "2006-04-03T19:33:30","version" => "4.11"},{"date" => "2006-04-07T14:34:06","version" => "4.12"},{"date" => "2006-04-12T17:05:18","version" => "4.13"},{"date" => "2006-06-11T11:36:57","version" => "4.14"},{"date" => "2006-11-24T14:10:38","version" => "4.20_1"},{"date" => "2006-12-05T02:08:37","version" => "4.20"},{"date" => "2008-03-22T02:42:57","version" => "4.29_1"},{"date" => "2008-03-28T01:45:56","version" => "4.29_2"},{"date" => "2008-04-26T01:31:34","version" => "4.30"},{"date" => "2008-06-16T14:44:06","version" => "4.31"},{"date" => "2008-06-17T21:35:03","version" => "4.32"},{"date" => "2008-07-08T01:27:59","version" => "4.33"},{"date" => "2008-07-13T02:39:59","version" => "4.34"},{"date" => "2008-07-16T00:36:46","version" => "4.35"},{"date" => "2008-09-13T15:45:06","version" => "4.36"},{"date" => "2008-10-23T02:57:30","version" => "4.37"},{"date" => "2008-11-01T03:47:46","version" => "4.38"},{"date" => "2008-12-16T01:22:42","version" => "4.39"},{"date" => "2009-01-03T01:18:15","version" => "4.40"},{"date" => "2009-03-21T02:01:09","version" => "4.41"},{"date" => "2009-08-26T13:38:39","version" => "4.42"},{"date" => "2010-12-12T00:32:27","version" => "4.43"},{"date" => "2011-06-06T20:48:07","version" => "4.44"},{"date" => "2011-07-02T01:33:33","version" => "4.45"},{"date" => "2011-07-08T14:34:42","version" => "4.46"},{"date" => "2011-07-08T19:31:44","version" => "4.47"},{"date" => "2011-07-11T13:02:37","version" => "4.48"},{"date" => "2021-02-08T07:00:20","version" => "4.49"}]},"CGI-Simple" => {"advisories" => [{"affected_versions" => ["<1.113"],"cves" => ["CVE-2010-4410"],"description" => "Newlines in headers, which could lead to header injection attacks.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-02","references" => ["https://metacpan.org/changes/distribution/CGI-Simple"],"reported" => "2010-12-27"},{"affected_versions" => ["<1.113"],"cves" => [],"description" => "Non-random multipart boundary.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-01","references" => ["https://metacpan.org/changes/distribution/CGI-Simple"],"reported" => "2010-12-27"},{"affected_versions" => ["<=1.112"],"cves" => ["CVE-2010-2761"],"description" => "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-2761","references" => ["https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380","http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes","http://openwall.com/lists/oss-security/2010/12/01/1","http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html","http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm","http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1","http://openwall.com/lists/oss-security/2010/12/01/2","http://openwall.com/lists/oss-security/2010/12/01/3","https://bugzilla.mozilla.org/show_bug.cgi?id=600464","http://osvdb.org/69588","http://osvdb.org/69589","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:237","http://www.vupen.com/english/advisories/2011/0076","http://www.mandriva.com/security/advisories?name=MDVSA-2010:250","http://secunia.com/advisories/42877","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html","http://secunia.com/advisories/43147","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html","http://www.vupen.com/english/advisories/2011/0249","http://www.vupen.com/english/advisories/2011/0271","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://www.vupen.com/english/advisories/2011/0212","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://secunia.com/advisories/43068","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2010-12-06","severity" => undef},{"affected_versions" => ["<=1.282"],"cves" => ["CVE-2025-40927"],"description" => "CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting\x{a0}flaw in CGI::Simple\x{a0}that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions.  Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters.    As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks.  The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete.  Impact  By injecting %0A\x{a0}(newline) into a query string parameter, an attacker can:    *  Break the current HTTP header   *  Inject a new header or entire body   *  Deliver a script payload that is reflected in the server\x{2019}s response That can lead to the following attacks:    *  reflected XSS   *  open redirect   *  cache poisoning   *  header manipulation","distribution" => "CGI-Simple","fixed_versions" => [">=1.282"],"id" => "CPANSA-CGI-Simple-2025-40927","references" => ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2320","https://datatracker.ietf.org/doc/html/rfc7230#section-3","https://metacpan.org/release/MANWAR/CGI-Simple-1.281/diff/MANWAR/CGI-Simple-1.282/lib/CGI/Simple.pm","https://metacpan.org/release/MANWAR/CGI-Simple-1.281/source/lib/CGI/Simple.pm#L1031-1035","https://owasp.org/www-community/attacks/HTTP_Response_Splitting","https://rt.perl.org/Public/Bug/Display.html?id=21951"],"reported" => "2025-08-29","severity" => undef}],"main_module" => "CGI::Simple","versions" => [{"date" => "2007-01-09T22:31:27","version" => "0.078"},{"date" => "2007-02-23T16:22:19","version" => "0.079"},{"date" => "2007-03-30T20:15:35","version" => "0.080"},{"date" => "2007-05-20T19:19:40","version" => "0.081"},{"date" => "2007-05-22T18:43:01","version" => "0.082"},{"date" => "2007-05-22T18:54:06","version" => "0.83"},{"date" => "2007-05-24T03:15:01","version" => "1.0"},{"date" => "2007-07-13T18:58:16","version" => "1.1"},{"date" => "2007-07-31T01:57:01","version" => "1.1.1"},{"date" => "2007-07-31T02:04:25","version" => "1.1.2"},{"date" => "2007-07-31T02:10:47","version" => "1.103"},{"date" => "2008-05-13T15:46:18","version" => "1.104"},{"date" => "2008-05-16T14:37:31","version" => "1.105"},{"date" => "2008-09-14T13:29:51","version" => "1.106"},{"date" => "2009-03-07T21:24:59","version" => "1.107"},{"date" => "2009-03-13T14:06:24","version" => "1.108"},{"date" => "2009-04-16T17:54:13","version" => "1.109"},{"date" => "2009-05-24T21:25:22","version" => "1.110"},{"date" => "2009-05-28T18:02:08","version" => "1.111"},{"date" => "2009-05-31T10:43:56","version" => "1.112"},{"date" => "2010-12-27T13:11:56","version" => "1.113"},{"date" => "2014-10-19T12:53:24","version" => "1.115"},{"date" => "2018-03-01T15:09:42","version" => "1.13"},{"date" => "2018-03-03T10:42:06","version" => "1.14"},{"date" => "2018-03-04T03:42:20","version" => "1.15"},{"date" => "2018-07-25T15:17:39","version" => "1.16"},{"date" => "2018-10-02T09:48:08","version" => "1.17"},{"date" => "2018-10-03T14:21:12","version" => "1.18"},{"date" => "2018-10-04T12:05:58","version" => "1.19"},{"date" => "2018-10-05T11:30:05","version" => "1.20"},{"date" => "2018-10-06T07:21:31","version" => "1.21"},{"date" => "2019-09-07T04:28:17","version" => "1.22"},{"date" => "2020-02-06T06:12:09","version" => "1.23"},{"date" => "2020-02-07T11:11:56","version" => "1.24"},{"date" => "2020-02-10T13:00:54","version" => "1.25"},{"date" => "2022-01-02T18:00:56","version" => "1.26"},{"date" => "2022-01-06T16:00:18","version" => "1.27"},{"date" => "2022-01-11T15:16:20","version" => "1.280"},{"date" => "2024-01-31T14:19:02","version" => "1.281"},{"date" => "2025-08-28T19:12:51","version" => "1.282"}]},"CGI-apacheSSI" => {"advisories" => [{"affected_versions" => ["<0.95"],"cves" => [],"description" => "Security and parsing problems with \"include\" calls.\n","distribution" => "CGI-apacheSSI","fixed_versions" => [">=0.95"],"id" => "CPANSA-CGI-apacheSSI-2016-01","references" => ["https://metacpan.org/changes/distribution/CGI-apacheSSI"],"reported" => "2016-01-31"}],"main_module" => "CGI::apacheSSI","versions" => [{"date" => "2014-08-20T22:55:20","version" => "0.93"},{"date" => "2016-01-30T12:57:47","version" => "0.94"},{"date" => "2016-01-31T22:48:55","version" => "0.95"},{"date" => "2016-02-01T00:36:49","version" => "0.96"}]},"CPAN" => {"advisories" => [{"affected_versions" => ["<2.35"],"cves" => ["CVE-2023-31484"],"description" => "The verify_SSL flag is missing from HTTP::Tiny, and allows a network attacker to MITM the connection if it is used by the CPAN client\n","distribution" => "CPAN","fixed_versions" => [">=2.35"],"id" => "CPANSA-CPAN-2023-31484","previous_id" => ["CPANSA-CPAN-2023-01"],"references" => ["https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0","https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://github.com/andk/cpanpm/pull/175","https://www.openwall.com/lists/oss-security/2023/04/18/14"],"reported" => "2023-02-28"},{"affected_versions" => ["<1.93"],"cves" => [],"description" => "Archive::Tar preserves permissions in the tarball; extracted file permissions will be set from users umask instead.\n","distribution" => "CPAN","fixed_versions" => [">=1.93"],"id" => "CPANSA-CPAN-2009-01","references" => ["https://github.com/andk/cpanpm/commit/079fa2e7ee77d626eab8bb06d0465c6a05f6c8b6","https://rt.cpan.org/Ticket/Display.html?id=46384"],"reported" => "2009-09-23"},{"affected_versions" => ["<2.28"],"cves" => ["CVE-2020-16156"],"description" => "CPAN 2.28 allows Signature Verification Bypass.","distribution" => "CPAN","fixed_versions" => [">=2.29"],"id" => "CPANSA-CPAN-2020-16156","references" => ["https://metacpan.org/pod/distribution/CPAN/scripts/cpan","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/"],"reported" => "2021-12-13","severity" => "high"}],"main_module" => "CPAN","versions" => [{"date" => "1996-09-10T17:13:59","version" => "0.17"},{"date" => "1996-09-10T20:51:00","version" => "0.20"},{"date" => "1996-09-12T05:53:35","version" => "0.26"},{"date" => "1996-09-12T14:01:39","version" => "0.27"},{"date" => "1996-09-16T20:18:59","version" => "0.28"},{"date" => "1996-09-17T17:14:51","version" => "0.29"},{"date" => "1996-09-19T05:24:17","version" => "0.30"},{"date" => "1996-09-20T10:40:01","version" => "0.31"},{"date" => "1996-09-22T19:30:33","version" => "0.35"},{"date" => "1996-09-23T12:55:23","version" => "0.36"},{"date" => "1996-09-23T14:05:44","version" => "0.37"},{"date" => "1996-09-27T12:52:07","version" => "0.39"},{"date" => "1996-09-28T20:51:31","version" => "0.40"},{"date" => "1996-10-01T21:14:27","version" => "0.41"},{"date" => "1996-11-17T07:56:02","version" => "0.42"},{"date" => "1996-11-17T14:51:59","version" => "0.43"},{"date" => "1996-11-30T17:04:28","version" => "0.44"},{"date" => "1996-12-01T12:19:19","version" => "0.45"},{"date" => "1996-12-01T18:24:17","version" => "0.46"},{"date" => "1996-12-10T00:58:25","version" => "1.00"},{"date" => "1996-12-10T10:17:15","version" => "1.01"},{"date" => "1996-12-11T01:31:55","version" => "1.02"},{"date" => "1996-12-21T03:10:23","version" => "1.03"},{"date" => "1996-12-21T20:08:49","version" => "1.04"},{"date" => "1996-12-22T13:04:58","version" => "1.05"},{"date" => "1996-12-22T14:16:08","version" => "1.06"},{"date" => "1996-12-23T04:05:01","version" => "1.07"},{"date" => "1996-12-23T13:18:01","version" => "1.08"},{"date" => "1996-12-24T00:46:19","version" => "1.09"},{"date" => "1997-01-17T02:29:49","version" => "1.09_01"},{"date" => "1997-01-21T01:06:40","version" => "1.10"},{"date" => "1997-01-22T18:50:00","version" => "1.11"},{"date" => "1997-01-23T00:07:58","version" => "1.12"},{"date" => "1997-01-24T01:07:44","version" => "1.14"},{"date" => "1997-01-24T12:32:12","version" => "1.15"},{"date" => "1997-02-02T13:51:48","version" => "1.16_01"},{"date" => "1997-02-02T21:05:12","version" => "1.17"},{"date" => "1997-02-03T00:38:36","version" => "1.18"},{"date" => "1997-02-03T09:13:48","version" => "1.19"},{"date" => "1997-02-05T09:38:00","version" => "1.20"},{"date" => "1997-02-11T06:32:42","version" => "1.21"},{"date" => "1997-03-13T23:14:59","version" => "1.22_01"},{"date" => "1997-03-31T12:03:55","version" => "1.23"},{"date" => "1997-03-31T22:47:11","version" => "1.24"},{"date" => "1997-06-30T18:13:23","version" => "1.25"},{"date" => "1997-07-28T13:58:09","version" => "1.27"},{"date" => "1997-08-04T06:09:33","version" => "1.28"},{"date" => "1997-08-11T23:33:58","version" => "1.29"},{"date" => "1997-08-29T14:34:37","version" => "1.30"},{"date" => "1997-09-21T08:53:03","version" => "1.31"},{"date" => "1997-09-23T18:45:50","version" => "1.3101"},{"date" => "1998-01-02T18:22:35","version" => "1.32"},{"date" => "1998-01-10T18:24:23","version" => "1.33"},{"date" => "1998-02-03T18:06:41","version" => "1.35"},{"date" => "1998-02-08T08:55:55","version" => "1.36"},{"date" => "1998-06-12T06:51:25","version" => "1.37"},{"date" => "1998-06-14T20:18:08","version" => "1.38"},{"date" => "1998-07-24T20:13:41","version" => "1.40"},{"date" => "1998-12-01T02:20:32","version" => "1.41"},{"date" => "1998-12-01T07:58:35","version" => "1.42"},{"date" => "1998-12-01T22:16:27","version" => "1.43"},{"date" => "1998-12-03T17:07:54","version" => "1.43"},{"date" => "1999-01-09T18:38:33","version" => "1.44"},{"date" => "1999-01-10T19:38:27","version" => "1.44_51"},{"date" => "1999-01-13T12:15:42","version" => "1.44_52"},{"date" => "1999-01-15T09:26:40","version" => "1.44_53"},{"date" => "1999-01-15T09:27:45","version" => "1.44_54"},{"date" => "1999-01-23T14:56:16","version" => "1.45"},{"date" => "1999-01-25T01:43:42","version" => "1.46"},{"date" => "1999-01-25T13:11:23","version" => "1.47"},{"date" => "1999-03-06T19:34:54","version" => "1.48"},{"date" => "1999-05-22T16:45:00","version" => "1.49"},{"date" => "1999-05-23T14:32:20","version" => "1.50"},{"date" => "1999-10-23T03:06:39","version" => "1.50_01"},{"date" => "1999-12-29T22:30:22","version" => "1.51"},{"date" => "2000-01-08T15:32:55","version" => "1.52"},{"date" => "2000-03-23T23:39:41","version" => "1.53"},{"date" => "2000-03-25T22:51:15","version" => "1.54"},{"date" => "2000-07-30T11:15:04","version" => "1.55"},{"date" => "2000-08-01T20:47:09","version" => "1.56"},{"date" => "2000-08-16T12:54:07","version" => "1.57"},{"date" => "2000-08-21T19:44:18","version" => "1.57_51"},{"date" => "2000-08-27T22:09:36","version" => "1.57_53"},{"date" => "2000-08-30T16:54:50","version" => "1.57_54"},{"date" => "2000-08-31T08:11:01","version" => "1.57_55"},{"date" => "2000-08-31T22:16:21","version" => "1.57_56"},{"date" => "2000-09-01T12:18:43","version" => "1.57_57"},{"date" => "2000-09-03T22:19:20","version" => "1.57_58"},{"date" => "2000-09-05T09:44:05","version" => "1.57_59"},{"date" => "2000-09-05T19:55:34","version" => "1.57_60"},{"date" => "2000-09-06T10:54:07","version" => "1.57_61"},{"date" => "2000-09-08T02:19:06","version" => "1.57_62"},{"date" => "2000-09-10T08:54:37","version" => "1.57_65"},{"date" => "2000-09-12T08:46:40","version" => "1.57_66"},{"date" => "2000-09-17T10:24:31","version" => "1.57_67"},{"date" => "2000-10-08T14:25:04","version" => "1.57_68"},{"date" => "2000-10-18T14:53:45","version" => "1.58"},{"date" => "2000-10-21T14:21:06","version" => "1.58_51"},{"date" => "2000-10-25T07:05:38","version" => "1.58_52"},{"date" => "2000-10-26T11:03:29","version" => "1.58_53"},{"date" => "2000-10-26T15:34:21","version" => "1.58_54"},{"date" => "2000-10-27T07:59:03","version" => "1.58_55"},{"date" => "2000-11-04T09:36:53","version" => "1.58_56"},{"date" => "2000-11-06T19:30:27","version" => "1.58_57"},{"date" => "2000-11-08T08:10:51","version" => "1.58_90"},{"date" => "2000-11-13T10:26:38","version" => "1.58_91"},{"date" => "2000-11-14T18:24:18","version" => "1.58_92"},{"date" => "2000-11-15T07:19:56","version" => "1.58_93"},{"date" => "2000-12-01T06:05:58","version" => "1.59"},{"date" => "2000-12-01T08:19:58","version" => "1.59_51"},{"date" => "2000-12-26T13:54:06","version" => "1.59_52"},{"date" => "2001-01-02T16:37:24","version" => "1.59_53"},{"date" => "2001-02-09T21:44:55","version" => "1.59_54"},{"date" => "2002-04-19T13:29:54","version" => "1.60"},{"date" => "2002-04-20T02:18:41","version" => "1.60"},{"date" => "2002-04-21T11:31:25","version" => "1.60"},{"date" => "2002-05-07T10:38:54","version" => "1.61"},{"date" => "2002-07-28T10:51:47","version" => "1.62"},{"date" => "2002-08-30T08:58:10","version" => "1.63"},{"date" => "2003-02-06T10:04:06","version" => "1.64"},{"date" => "2003-02-08T17:10:13","version" => "1.65"},{"date" => "2003-03-04T19:38:21","version" => "1.70"},{"date" => "2003-04-11T04:33:18","version" => "1.70_52"},{"date" => "2003-04-13T12:43:40","version" => "1.70_53"},{"date" => "2003-05-15T21:04:52","version" => "1.70_54"},{"date" => "2003-07-04T09:48:08","version" => "1.71"},{"date" => "2003-07-27T20:35:05","version" => "1.72"},{"date" => "2003-07-28T08:21:47","version" => "1.73"},{"date" => "2003-07-28T22:58:08","version" => "1.74"},{"date" => "2003-07-29T15:14:13","version" => "1.75"},{"date" => "2003-07-31T15:14:02","version" => "1.76"},{"date" => "2003-09-21T21:25:41","version" => "1.76_01"},{"date" => "2005-09-19T06:37:38","version" => "1.76_51"},{"date" => "2005-09-22T07:02:02","version" => "1.76_52"},{"date" => "2005-09-22T07:09:48","version" => "1.76_53"},{"date" => "2005-10-01T08:23:38","version" => "1.76_54"},{"date" => "2005-10-19T06:10:58","version" => "1.76_55"},{"date" => "2005-10-21T04:59:36","version" => "1.76_56"},{"date" => "2005-10-27T07:08:29","version" => "1.76_57"},{"date" => "2005-11-02T04:03:28","version" => "1.76_58"},{"date" => "2005-11-03T06:37:52","version" => "1.76_59"},{"date" => "2005-11-03T07:38:40","version" => "1.76_60"},{"date" => "2005-11-06T10:36:53","version" => "1.76_61"},{"date" => "2005-11-07T04:22:19","version" => "1.76_62"},{"date" => "2005-11-07T04:47:05","version" => "1.76_63"},{"date" => "2005-11-07T21:58:06","version" => "1.76_64"},{"date" => "2005-11-07T22:18:44","version" => "1.76_65"},{"date" => "2005-12-03T10:12:08","version" => "1.80"},{"date" => "2005-12-18T11:29:26","version" => "1.80_51"},{"date" => "2005-12-21T12:13:15","version" => "1.80_53"},{"date" => "2005-12-22T08:42:59","version" => "1.80_54"},{"date" => "2005-12-24T07:25:34","version" => "1.80_55"},{"date" => "2005-12-24T09:59:47","version" => "1.80_56"},{"date" => "2005-12-31T11:58:10","version" => "1.80_57"},{"date" => "2006-01-01T09:01:43","version" => "1.80_58"},{"date" => "2006-01-02T23:15:15","version" => "1.81"},{"date" => "2006-01-04T07:47:25","version" => "1.82"},{"date" => "2006-01-05T08:03:36","version" => "1.83"},{"date" => "2006-01-08T13:35:16","version" => "1.83_51"},{"date" => "2006-01-10T05:00:26","version" => "1.83_52"},{"date" => "2006-01-12T07:54:36","version" => "1.83_53"},{"date" => "2006-01-13T08:20:42","version" => "1.83_54"},{"date" => "2006-01-14T11:34:47","version" => "1.83_55"},{"date" => "2006-01-18T06:03:44","version" => "1.83_56"},{"date" => "2006-01-19T08:00:02","version" => "1.83_57"},{"date" => "2006-01-22T12:05:01","version" => "1.83_58"},{"date" => "2006-01-25T13:10:20","version" => "1.83_59"},{"date" => "2006-01-30T10:35:47","version" => "1.83_60"},{"date" => "2006-01-30T23:18:09","version" => "1.83_61"},{"date" => "2006-01-31T10:28:57","version" => "1.83_62"},{"date" => "2006-02-01T07:49:36","version" => "1.83_63"},{"date" => "2006-02-02T09:17:39","version" => "1.83_64"},{"date" => "2006-02-04T11:20:05","version" => "1.83_65"},{"date" => "2006-02-04T17:05:00","version" => "1.83_66"},{"date" => "2006-02-06T00:46:27","version" => "1.83_67"},{"date" => "2006-02-08T07:43:36","version" => "1.83_68"},{"date" => "2006-02-14T08:17:55","version" => "1.83_69"},{"date" => "2006-02-15T07:01:02","version" => "1.84"},{"date" => "2006-02-19T17:05:36","version" => "1.85"},{"date" => "2006-02-20T08:36:51","version" => "1.86"},{"date" => "2006-02-21T06:05:05","version" => "1.86_51"},{"date" => "2006-02-22T22:29:54","version" => "1.86_52"},{"date" => "2006-02-24T08:24:09","version" => "1.86_53"},{"date" => "2006-02-27T07:01:10","version" => "1.87"},{"date" => "2006-03-06T08:02:28","version" => "1.87_51"},{"date" => "2006-07-21T22:33:11","version" => "1.87_52"},{"date" => "2006-07-22T18:55:13","version" => "1.87_53"},{"date" => "2006-07-23T21:37:11","version" => "1.87_54"},{"date" => "2006-07-29T19:36:50","version" => "1.87_55"},{"date" => "2006-08-24T05:57:41","version" => "1.87_56"},{"date" => "2006-08-26T17:05:56","version" => "1.87_57"},{"date" => "2006-08-31T06:50:49","version" => "1.87_58"},{"date" => "2006-09-03T21:05:29","version" => "1.87_59"},{"date" => "2006-09-10T11:57:33","version" => "1.87_61"},{"date" => "2006-09-11T21:24:18","version" => "1.87_62"},{"date" => "2006-09-13T05:44:15","version" => "1.87_63"},{"date" => "2006-09-16T11:02:25","version" => "1.87_64"},{"date" => "2006-09-19T03:44:51","version" => "1.87_65"},{"date" => "2006-09-21T20:30:41","version" => "1.88"},{"date" => "2006-09-22T20:40:40","version" => "1.8801"},{"date" => "2006-09-30T10:41:20","version" => "1.88_51"},{"date" => "2006-10-03T09:51:49","version" => "1.88_52"},{"date" => "2006-10-09T19:31:56","version" => "1.88_53"},{"date" => "2006-10-14T09:37:15","version" => "1.88_54"},{"date" => "2006-10-16T06:59:27","version" => "1.88_55"},{"date" => "2006-10-22T10:34:16","version" => "1.88_56"},{"date" => "2006-10-23T07:17:30","version" => "1.8802"},{"date" => "2006-10-24T07:18:16","version" => "1.88_57"},{"date" => "2006-10-28T15:00:07","version" => "1.88_58"},{"date" => "2006-11-05T21:24:52","version" => "1.88_59"},{"date" => "2006-11-10T08:39:55","version" => "1.88_61"},{"date" => "2006-11-13T07:44:27","version" => "1.88_62"},{"date" => "2006-11-29T08:11:50","version" => "1.88_63"},{"date" => "2006-12-04T07:53:37","version" => "1.88_64"},{"date" => "2006-12-11T21:36:04","version" => "1.88_65"},{"date" => "2006-12-19T08:21:17","version" => "1.88_66"},{"date" => "2006-12-31T17:18:53","version" => "1.88_67"},{"date" => "2007-01-07T21:22:12","version" => "1.88_68"},{"date" => "2007-01-08T03:42:56","version" => "1.88_69"},{"date" => "2007-01-27T16:57:49","version" => "1.88_71"},{"date" => "2007-01-31T07:11:33","version" => "1.88_72"},{"date" => "2007-02-13T05:24:13","version" => "1.88_73"},{"date" => "2007-02-15T07:12:17","version" => "1.88_74"},{"date" => "2007-02-18T16:52:49","version" => "1.88_75"},{"date" => "2007-02-19T06:20:20","version" => "1.88_76"},{"date" => "2007-02-19T21:26:47","version" => "1.88_77"},{"date" => "2007-03-05T23:26:57","version" => "1.88_78"},{"date" => "2007-03-16T01:54:55","version" => "1.88_79"},{"date" => "2007-04-07T07:41:18","version" => "1.90"},{"date" => "2007-04-19T07:03:03","version" => "1.91"},{"date" => "2007-04-23T00:09:11","version" => "1.9101"},{"date" => "2007-05-08T20:35:04","version" => "1.9102"},{"date" => "2007-07-07T16:15:40","version" => "1.91_51"},{"date" => "2007-07-14T18:45:58","version" => "1.91_52"},{"date" => "2007-08-09T06:49:38","version" => "1.91_53"},{"date" => "2007-09-14T21:18:33","version" => "1.91_54"},{"date" => "2007-09-15T07:14:26","version" => "1.91_55"},{"date" => "2007-09-23T11:15:08","version" => "1.92"},{"date" => "2007-09-27T07:11:10","version" => "1.9201"},{"date" => "2007-09-28T06:58:04","version" => "1.9202"},{"date" => "2007-09-28T07:13:26","version" => "1.9203"},{"date" => "2007-11-04T23:04:18","version" => "1.92_51"},{"date" => "2007-11-05T23:30:06","version" => "1.9204"},{"date" => "2007-11-11T11:27:20","version" => "1.92_52"},{"date" => "2007-11-11T18:49:37","version" => "1.9205"},{"date" => "2007-12-09T23:27:18","version" => "1.92_53"},{"date" => "2007-12-27T04:57:34","version" => "1.92_54"},{"date" => "2007-12-30T15:24:13","version" => "1.92_55"},{"date" => "2008-02-04T21:56:28","version" => "1.92_56"},{"date" => "2008-02-27T05:13:49","version" => "1.92_57"},{"date" => "2008-03-12T07:56:18","version" => "1.92_58"},{"date" => "2008-03-16T18:57:04","version" => "1.92_59"},{"date" => "2008-03-26T07:53:08","version" => "1.92_60"},{"date" => "2008-04-25T04:47:52","version" => "1.92_61"},{"date" => "2008-05-23T04:07:04","version" => "1.92_62"},{"date" => "2008-06-19T06:42:18","version" => "1.92_63"},{"date" => "2008-09-03T05:27:35","version" => "1.92_64"},{"date" => "2008-09-14T09:54:03","version" => "1.92_65"},{"date" => "2008-09-29T23:15:10","version" => "1.92_66"},{"date" => "2008-10-12T16:07:51","version" => "1.93"},{"date" => "2008-10-13T19:37:43","version" => "1.9301"},{"date" => "2009-01-11T22:07:01","version" => "1.93_02"},{"date" => "2009-02-01T12:38:23","version" => "1.93_03"},{"date" => "2009-02-01T21:06:21","version" => "1.93_51"},{"date" => "2009-02-28T15:58:39","version" => "1.9304"},{"date" => "2009-04-13T19:24:43","version" => "1.93_52"},{"date" => "2009-05-04T06:11:28","version" => "1.93_53"},{"date" => "2009-05-07T20:13:16","version" => "1.93_54"},{"date" => "2009-05-24T05:37:28","version" => "1.94"},{"date" => "2009-06-14T19:53:52","version" => "1.94_01"},{"date" => "2009-06-27T02:55:22","version" => "1.9402"},{"date" => "2009-09-14T02:47:24","version" => "1.94_51"},{"date" => "2009-10-15T19:33:19","version" => "1.94_52"},{"date" => "2009-12-18T07:00:09","version" => "1.94_53"},{"date" => "2010-01-14T08:01:42","version" => "1.94_54"},{"date" => "2010-02-03T03:43:49","version" => "1.94_55"},{"date" => "2010-02-17T13:39:33","version" => "1.94_56"},{"date" => "2010-05-24T19:33:41","version" => "1.94_57"},{"date" => "2010-06-24T06:34:13","version" => "1.94_58"},{"date" => "2010-09-26T20:23:30","version" => "1.94_59"},{"date" => "2010-09-28T20:44:58","version" => "1.94_60"},{"date" => "2010-10-03T17:29:37","version" => "1.94_61"},{"date" => "2010-10-26T06:43:51","version" => "1.94_62"},{"date" => "2011-01-16T17:58:10","version" => "1.94_63"},{"date" => "2011-01-21T04:58:35","version" => "1.94_64"},{"date" => "2011-02-14T12:10:12","version" => "1.94_65"},{"date" => "2011-03-12T11:30:03","version" => "1.9600"},{"date" => "2011-06-27T06:56:01","version" => "1.97_51"},{"date" => "2011-08-07T09:40:33","version" => "1.9800"},{"date" => "2012-10-16T21:42:49","version" => "1.99_51"},{"date" => "2013-02-06T07:41:54","version" => "2.00-TRIAL"},{"date" => "2013-04-12T16:57:44","version" => "2.00"},{"date" => "2013-06-22T20:27:32","version" => "2.01-TRIAL"},{"date" => "2013-06-23T07:33:40","version" => "2.02-TRIAL"},{"date" => "2013-09-15T09:42:33","version" => "2.03-TRIAL"},{"date" => "2014-03-18T22:33:22","version" => "2.04-TRIAL"},{"date" => "2014-03-31T20:55:24","version" => "2.05-TRIAL"},{"date" => "2014-04-04T02:07:20","version" => "2.05-TRIAL2"},{"date" => "2014-04-18T13:35:51","version" => "2.05"},{"date" => "2014-08-06T19:32:53","version" => "2.06-TRIAL"},{"date" => "2015-01-04T18:54:54","version" => "2.06-TRIAL"},{"date" => "2015-01-05T06:31:55","version" => "2.08-TRIAL"},{"date" => "2015-02-02T04:41:02","version" => "2.09-TRIAL"},{"date" => "2015-02-22T15:57:42","version" => "2.10-TRIAL"},{"date" => "2015-03-13T07:45:04","version" => "2.10"},{"date" => "2015-12-31T11:00:08","version" => "2.12-TRIAL"},{"date" => "2016-05-16T09:56:01","version" => "2.13-TRIAL"},{"date" => "2016-06-04T14:41:28","version" => "2.14-TRIAL"},{"date" => "2016-06-25T04:32:45","version" => "2.14"},{"date" => "2016-07-17T12:10:30","version" => "2.15-TRIAL"},{"date" => "2017-01-16T16:20:27","version" => "2.16-TRIAL"},{"date" => "2017-01-16T21:27:06","version" => "2.16-TRIAL2"},{"date" => "2017-02-14T16:22:20","version" => "2.16"},{"date" => "2017-02-15T09:37:10","version" => "2.17-TRIAL"},{"date" => "2017-02-16T09:48:46","version" => "2.17-TRIAL2"},{"date" => "2017-03-30T21:38:23","version" => "2.18-TRIAL"},{"date" => "2017-11-04T23:27:47","version" => "2.19-TRIAL"},{"date" => "2017-11-26T22:10:39","version" => "2.20-TRIAL"},{"date" => "2018-09-22T20:46:35","version" => "2.21-TRIAL"},{"date" => "2018-12-16T10:35:04","version" => "2.22-TRIAL"},{"date" => "2018-12-23T09:11:29","version" => "2.22"},{"date" => "2019-02-10T20:28:53","version" => "2.23-TRIAL"},{"date" => "2019-02-14T21:21:03","version" => "2.24-TRIAL"},{"date" => "2019-02-16T05:56:23","version" => "2.25-TRIAL"},{"date" => "2019-03-03T06:27:10","version" => "2.25"},{"date" => "2019-03-19T00:04:34","version" => "2.26"},{"date" => "2019-05-31T21:11:50","version" => "2.27-TRIAL"},{"date" => "2019-06-09T05:48:20","version" => "2.27-TRIAL2"},{"date" => "2019-07-03T20:15:40","version" => "2.27"},{"date" => "2020-04-03T02:52:43","version" => "2.28-TRIAL"},{"date" => "2020-06-13T04:57:39","version" => "2.28"},{"date" => "2021-11-23T16:58:45","version" => "2.29"},{"date" => "2021-12-12T09:16:03","version" => "2.30-TRIAL"},{"date" => "2021-12-14T20:52:30","version" => "2.31-TRIAL"},{"date" => "2021-12-26T21:35:55","version" => "2.32-TRIAL"},{"date" => "2022-01-21T04:09:07","version" => "2.33-TRIAL"},{"date" => "2022-03-27T17:53:47","version" => "2.33"},{"date" => "2022-04-03T19:19:13","version" => "2.34-TRIAL"},{"date" => "2022-04-17T17:40:25","version" => "2.34"},{"date" => "2023-04-15T14:44:27","version" => "2.35-TRIAL"},{"date" => "2023-04-27T13:05:07","version" => "2.35"},{"date" => "2023-05-10T07:08:30","version" => "2.36-TRIAL"},{"date" => "2023-05-14T19:36:11","version" => "2.36"},{"date" => "2024-08-18T17:03:50","version" => "2.37-TRIAL"},{"date" => "2024-08-30T17:18:31","version" => "2.37"},{"date" => "2024-10-03T10:21:39","version" => "2.38-TRIAL"},{"date" => "2024-10-13T11:32:53","version" => "2.38-TRIAL2"},{"date" => "2024-11-17T19:52:34","version" => "2.38"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.2401"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "1.3901"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.59_56"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.76_02"},{"date" => "2009-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011003","version" => "1.94_5301"},{"date" => "2011-09-26T00:00:00","dual_lived" => 1,"perl_release" => "5.014002","version" => "1.9600_01"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.03"},{"date" => "2014-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019010","version" => "2.04"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "2.11"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.11_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "2.14_01"},{"date" => "2017-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025010","version" => "2.17"},{"date" => "2017-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025012","version" => "2.18"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "2.20"},{"date" => "2018-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029004","version" => "2.21"}]},"CPAN-Checksums" => {"advisories" => [{"affected_versions" => ["<=2.12"],"cves" => ["CVE-2020-16155"],"description" => "The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.\n","distribution" => "CPAN-Checksums","fixed_versions" => [">=2.13"],"id" => "CPANSA-CPAN-Checksums-2020-16155","references" => ["https://metacpan.org/pod/CPAN::Checksums","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/"],"reported" => "2021-12-13","severity" => "medium"}],"main_module" => "CPAN::Checksums","versions" => [{"date" => "2000-12-10T09:31:19","version" => "1.003"},{"date" => "2000-12-11T08:49:05","version" => "1.004"},{"date" => "2000-12-11T10:20:16","version" => "1.006"},{"date" => "2000-12-11T13:38:18","version" => "1.007"},{"date" => "2000-12-13T11:24:09","version" => "1.008"},{"date" => "2002-03-31T20:27:49","version" => "1.009"},{"date" => "2002-10-06T17:22:35","version" => "1.0"},{"date" => "2002-10-07T08:56:12","version" => "1.011"},{"date" => "2003-02-02T10:26:00","version" => "1.014"},{"date" => "2003-02-03T15:44:57","version" => "1.015"},{"date" => "2003-02-03T19:21:46","version" => "1.016"},{"date" => "2005-01-24T07:59:41","version" => "1.018"},{"date" => "2005-10-31T07:27:02","version" => "1.032"},{"date" => "2005-11-11T07:16:04","version" => "1.039"},{"date" => "2006-05-01T13:34:41","version" => "1.048"},{"date" => "2006-05-09T03:30:39","version" => "1.050"},{"date" => "2007-08-05T12:10:58","version" => "1.061"},{"date" => "2007-10-09T03:09:45","version" => "1.064"},{"date" => "2008-05-17T05:26:24","version" => "2.00"},{"date" => "2008-09-03T19:33:28","version" => "2.01"},{"date" => "2008-10-31T06:54:59","version" => "2.02"},{"date" => "2009-09-20T01:50:36","version" => "2.03"},{"date" => "2009-09-28T04:10:09","version" => "2.04"},{"date" => "2010-01-23T05:39:17","version" => "2.05"},{"date" => "2010-10-24T12:13:44","version" => "2.06"},{"date" => "2010-11-20T22:18:39","version" => "2.07"},{"date" => "2011-08-30T06:32:02","version" => "2.08"},{"date" => "2014-04-04T04:06:11","version" => "2.09"},{"date" => "2015-04-11T05:48:38","version" => "2.10"},{"date" => "2016-04-09T05:42:27","version" => "2.11"},{"date" => "2016-06-14T02:42:03","version" => "2.12"},{"date" => "2021-11-23T16:57:18","version" => "2.13"},{"date" => "2021-12-04T10:00:42","version" => "2.14"}]},"Capture-Tiny" => {"advisories" => [{"affected_versions" => ["<0.24"],"cves" => ["CVE-2014-1875"],"description" => "The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.\n","distribution" => "Capture-Tiny","fixed_versions" => [">=0.24"],"id" => "CPANSA-Capture-Tiny-2014-1875","references" => ["http://osvdb.org/102963","https://bugzilla.redhat.com/show_bug.cgi?id=1062424","http://www.securityfocus.com/bid/65475","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737835","https://github.com/dagolden/Capture-Tiny/issues/16","http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128882.html","https://github.com/dagolden/Capture-Tiny/commit/635c9eabd52ab8042b0c841823bd6e692de87924","http://cpansearch.perl.org/src/DAGOLDEN/Capture-Tiny-0.24/Changes","http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128823.html","http://seclists.org/oss-sec/2014/q1/272","http://seclists.org/oss-sec/2014/q1/267","http://secunia.com/advisories/56823","https://exchange.xforce.ibmcloud.com/vulnerabilities/91464"],"reported" => "2014-10-06","severity" => undef}],"main_module" => "Capture::Tiny","versions" => [{"date" => "2009-02-14T04:25:26","version" => "0.01"},{"date" => "2009-02-17T22:26:18","version" => "0.02"},{"date" => "2009-02-20T18:09:46","version" => "0.03"},{"date" => "2009-02-25T14:29:32","version" => "0.04"},{"date" => "2009-03-03T11:58:12","version" => "0.05"},{"date" => "2009-04-21T11:07:47","version" => "0.05_51"},{"date" => "2009-05-07T10:57:33","version" => "0.06"},{"date" => "2010-01-24T05:21:56","version" => "0.07"},{"date" => "2010-06-20T23:17:16","version" => "0.08"},{"date" => "2011-01-28T04:53:00","version" => "0.09"},{"date" => "2011-02-07T12:02:15","version" => "0.10"},{"date" => "2011-05-20T03:35:28","version" => "0.11"},{"date" => "2011-12-01T22:00:04","version" => "0.12"},{"date" => "2011-12-02T18:40:05","version" => "0.13"},{"date" => "2011-12-22T15:16:31","version" => "0.14"},{"date" => "2011-12-23T16:12:30","version" => "0.15"},{"date" => "2012-02-13T02:06:15","version" => "0.16"},{"date" => "2012-02-22T13:09:42","version" => "0.17"},{"date" => "2012-03-07T23:25:31","version" => "0.17_51"},{"date" => "2012-03-09T16:46:53","version" => "0.17_52"},{"date" => "2012-05-04T20:33:43","version" => "0.18"},{"date" => "2012-08-07T00:28:08","version" => "0.19"},{"date" => "2012-09-19T17:22:24","version" => "0.20"},{"date" => "2012-11-15T00:13:08","version" => "0.21"},{"date" => "2013-03-27T19:52:10","version" => "0.22"},{"date" => "2013-10-20T15:28:15","version" => "0.23"},{"date" => "2014-02-06T22:18:06","version" => "0.24"},{"date" => "2014-08-16T14:09:48","version" => "0.25"},{"date" => "2014-11-04T11:57:19","version" => "0.26"},{"date" => "2014-11-05T04:12:33","version" => "0.27"},{"date" => "2015-02-11T11:41:44","version" => "0.28"},{"date" => "2015-04-19T16:44:50","version" => "0.29"},{"date" => "2015-05-16T00:45:01","version" => "0.30"},{"date" => "2016-02-14T14:39:55","version" => "0.31"},{"date" => "2016-02-18T15:14:06","version" => "0.32"},{"date" => "2016-02-19T04:29:41","version" => "0.34"},{"date" => "2016-02-29T02:38:12","version" => "0.36"},{"date" => "2016-05-02T11:09:27","version" => "0.37"},{"date" => "2016-05-02T14:24:23","version" => "0.39"},{"date" => "2016-05-23T15:45:16","version" => "0.40"},{"date" => "2016-05-23T16:01:05","version" => "0.41"},{"date" => "2016-05-31T16:41:30","version" => "0.42"},{"date" => "2016-08-05T18:02:43","version" => "0.44"},{"date" => "2017-02-23T18:32:44","version" => "0.45"},{"date" => "2017-02-25T19:26:54","version" => "0.46"},{"date" => "2017-07-26T14:36:03","version" => "0.47"},{"date" => "2018-04-22T07:09:08","version" => "0.48"},{"date" => "2024-12-16T13:11:27","version" => "0.49"},{"date" => "2024-12-19T13:16:05","version" => "0.50"}]},"Catalyst-Action-REST" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "YAML and YAML::HTML parsers are a potential security hole, as they may allow arbitrary Perl objects to be instantiated.\n","distribution" => "Catalyst-Action-REST","fixed_versions" => [">=1.12"],"id" => "CPANSA-Catalyst-Action-REST-2013-01","references" => ["https://metacpan.org/dist/Catalyst-Action-REST/changes"],"reported" => "2013-09-03","severity" => undef}],"main_module" => "Catalyst::Action::REST","versions" => [{"date" => "2006-11-20T03:15:08","version" => "0.1"},{"date" => "2006-12-01T01:42:22","version" => "0.2"},{"date" => "2006-12-04T00:22:45","version" => "0.30"},{"date" => "2006-12-06T08:48:49","version" => "0.31"},{"date" => "2007-03-10T00:44:35","version" => "0.40"},{"date" => "2007-05-24T21:09:40","version" => "0.41"},{"date" => "2007-07-07T19:33:22","version" => "0.50"},{"date" => "2008-01-04T01:33:04","version" => "0.60"},{"date" => "2008-06-30T19:30:56","version" => "0.61"},{"date" => "2008-07-02T15:25:10","version" => "0.62"},{"date" => "2008-08-07T17:14:34","version" => "0.63"},{"date" => "2008-08-14T16:09:53","version" => "0.64"},{"date" => "2008-08-20T17:45:46","version" => "0.65"},{"date" => "2008-08-22T18:24:57","version" => "0.66"},{"date" => "2009-03-25T16:38:07","version" => "0.67_01"},{"date" => "2009-03-26T05:04:33","version" => "0.67"},{"date" => "2009-03-26T05:37:53","version" => "0.68"},{"date" => "2009-03-26T21:19:43","version" => "0.69"},{"date" => "2009-03-28T06:23:19","version" => "0.70"},{"date" => "2009-03-28T16:19:10","version" => "0.71"},{"date" => "2009-06-25T18:56:47","version" => "0.72"},{"date" => "2009-06-28T00:22:51","version" => "0.73"},{"date" => "2009-07-22T23:12:44","version" => "0.74"},{"date" => "2009-08-17T13:11:15","version" => "0.75"},{"date" => "2009-08-21T20:42:44","version" => "0.76"},{"date" => "2009-08-27T01:26:49","version" => "0.77"},{"date" => "2009-09-28T14:05:11","version" => "0.78"},{"date" => "2009-12-11T01:11:49","version" => "0.79"},{"date" => "2009-12-19T14:59:13","version" => "0.80"},{"date" => "2010-01-14T20:56:56","version" => "0.81"},{"date" => "2010-02-04T22:35:05","version" => "0.82"},{"date" => "2010-02-08T22:24:29","version" => "0.83"},{"date" => "2010-05-06T08:34:09","version" => "0.84"},{"date" => "2010-05-13T08:15:30","version" => "0.85"},{"date" => "2010-09-01T22:17:14","version" => "0.86"},{"date" => "2010-11-03T19:48:23","version" => "0.87"},{"date" => "2011-01-11T23:12:42","version" => "0.88"},{"date" => "2011-01-24T21:59:02","version" => "0.89"},{"date" => "2011-02-25T13:58:06","version" => "0.90"},{"date" => "2011-08-04T12:46:05","version" => "0.91"},{"date" => "2011-10-01T10:11:59","version" => "0.91"},{"date" => "2011-10-12T18:35:31","version" => "0.93"},{"date" => "2011-12-09T08:51:25","version" => "0.94"},{"date" => "2012-01-04T19:54:14","version" => "0.95"},{"date" => "2012-01-30T11:32:44","version" => "0.96"},{"date" => "2012-02-21T10:06:13","version" => "0.97"},{"date" => "2012-02-21T11:44:32","version" => "0.98"},{"date" => "2012-02-28T09:14:17","version" => "0.99"},{"date" => "2012-04-13T08:37:31","version" => "1.00"},{"date" => "2012-05-29T20:02:44","version" => "1.01"},{"date" => "2012-06-05T21:45:05","version" => "1.02"},{"date" => "2012-06-27T23:52:31","version" => "1.03"},{"date" => "2012-06-30T09:32:24","version" => "1.04"},{"date" => "2012-07-02T19:16:30","version" => "1.05"},{"date" => "2012-12-11T22:13:48","version" => "1.06"},{"date" => "2013-04-11T19:25:51","version" => "1.07"},{"date" => "2013-04-16T07:36:02","version" => "1.08"},{"date" => "2013-04-19T12:43:57","version" => "1.09"},{"date" => "2013-04-22T13:43:09","version" => "1.10"},{"date" => "2013-06-16T14:28:48","version" => "1.11"},{"date" => "2013-09-11T17:50:54","version" => "1.12"},{"date" => "2013-11-08T15:49:54","version" => "1.13"},{"date" => "2013-12-27T21:33:09","version" => "1.14"},{"date" => "2014-05-07T14:04:03","version" => "1.15"},{"date" => "2014-09-12T18:22:35","version" => "1.16"},{"date" => "2014-10-24T00:59:39","version" => "1.17"},{"date" => "2015-01-20T18:22:02","version" => "1.18"},{"date" => "2015-02-06T15:40:56","version" => "1.19"},{"date" => "2015-10-29T20:34:02","version" => "1.20"},{"date" => "2017-12-05T15:16:47","version" => "1.21"}]},"Catalyst-Authentication-Credential-HTTP" => {"advisories" => [{"affected_versions" => ["<=1.018"],"cves" => ["CVE-2025-40920"],"description" => "Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.   *  Data::UUID does not use a strong cryptographic source for generating UUIDs.   *  Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.   *  The nonces should be generated from a strong cryptographic source, as per RFC 7616.\n","distribution" => "Catalyst-Authentication-Credential-HTTP","fixed_versions" => [">=1.019"],"id" => "CPANSA-Catalyst-Authentication-Credential-HTTP-2025-40920","references" => ["https://datatracker.ietf.org/doc/html/rfc7616#section-5.12","https://datatracker.ietf.org/doc/html/rfc9562#name-security-considerations","https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1","https://metacpan.org/release/ETHER/Catalyst-Authentication-Credential-HTTP-1.018/source/lib/Catalyst/Authentication/Credential/HTTP.pm#L391","https://security.metacpan.org/patches/C/Catalyst-Authentication-Credential-HTTP/1.018/CVE-2025-40920-r1.patch"],"reported" => "2025-08-11","severity" => undef}],"main_module" => "Catalyst::Authentication::Credential::HTTP","versions" => [{"date" => "2008-09-01T13:41:15","version" => "1.000"},{"date" => "2008-09-02T18:15:58","version" => "1.001"},{"date" => "2008-09-03T00:16:26","version" => "1.002"},{"date" => "2008-09-11T14:35:17","version" => "1.003"},{"date" => "2008-09-11T18:06:53","version" => "0.12"},{"date" => "2008-09-12T18:21:26","version" => "1.004"},{"date" => "2008-09-25T22:13:58","version" => "1.005"},{"date" => "2008-10-06T18:56:06","version" => "1.006"},{"date" => "2008-11-19T09:41:15","version" => "1.007"},{"date" => "2008-12-10T23:58:04","version" => "1.008"},{"date" => "2009-01-04T21:37:39","version" => "1.009"},{"date" => "2009-05-14T08:34:09","version" => "1.010"},{"date" => "2009-06-27T04:00:10","version" => "1.011"},{"date" => "2010-03-07T21:07:20","version" => "1.012"},{"date" => "2010-12-14T22:03:35","version" => "1.013"},{"date" => "2012-02-05T18:51:03","version" => "1.014"},{"date" => "2012-06-27T18:43:56","version" => "1.015"},{"date" => "2013-07-27T20:38:37","version" => "1.016"},{"date" => "2017-06-27T23:22:26","version" => "1.017"},{"date" => "2017-06-28T00:29:58","version" => "1.018"},{"date" => "2025-08-20T17:38:38","version" => "1.019"}]},"Catalyst-Authentication-Store-LDAP" => {"advisories" => [{"affected_versions" => ["<1.013"],"cves" => [],"description" => "Incorrect password check binds to the unauthenticated user.\n","distribution" => "Catalyst-Authentication-Store-LDAP","fixed_versions" => [">=1.013"],"id" => "CPANSA-Catalyst-Authentication-Store-LDAP-2012-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=81908"],"reported" => "2012-12-11","severity" => "high"}],"main_module" => "Catalyst::Authentication::Store::LDAP","versions" => [{"date" => "2008-02-05T18:18:24","version" => "0.1000"},{"date" => "2008-04-10T02:06:58","version" => "0.1001"},{"date" => "2008-07-09T20:45:43","version" => "0.1002"},{"date" => "2008-09-10T13:21:33","version" => "0.1003"},{"date" => "2008-10-22T01:57:27","version" => "0.1003"},{"date" => "2009-05-01T02:34:18","version" => "0.1005"},{"date" => "2009-12-11T18:54:26","version" => "1.006"},{"date" => "2010-03-19T10:07:13","version" => "1.007"},{"date" => "2010-04-03T03:04:13","version" => "1.008"},{"date" => "2010-05-15T07:14:41","version" => "1.009"},{"date" => "2010-07-06T21:39:55","version" => "1.010"},{"date" => "2010-07-07T20:41:22","version" => "1.011"},{"date" => "2010-10-05T08:11:56","version" => "1.012"},{"date" => "2013-01-09T14:58:46","version" => "1.013"},{"date" => "2013-04-26T19:51:28","version" => "1.014"},{"date" => "2015-02-20T18:07:31","version" => "1.015"},{"date" => "2016-02-11T17:50:52","version" => "1.016"},{"date" => "2021-05-26T09:59:28","version" => "1.017"}]},"Catalyst-Controller-Combine" => {"advisories" => [{"affected_versions" => ["<0.12"],"cves" => [],"description" => "Allows to use url-encoded path-parts to crawl along the file system and read files outside the intended directory.\n","distribution" => "Catalyst-Controller-Combine","fixed_versions" => [">=0.12"],"id" => "CPANSA-Catalyst-Controller-Combine-2010-01","references" => ["https://metacpan.org/changes/distribution/Catalyst-Controller-Combine"],"reported" => "2010-05-21"}],"main_module" => "Catalyst::Controller::Combine","versions" => [{"date" => "2009-07-11T17:58:25","version" => "0.06"},{"date" => "2009-07-13T06:49:00","version" => "0.07"},{"date" => "2009-10-24T12:48:21","version" => "0.08"},{"date" => "2010-03-13T19:31:13","version" => "0.09"},{"date" => "2010-03-27T18:44:05","version" => "0.10"},{"date" => "2010-06-21T20:47:02","version" => "0.12"},{"date" => "2011-07-28T19:53:12","version" => "0.13"},{"date" => "2012-02-20T20:59:00","version" => "0.14"},{"date" => "2012-05-04T10:43:12","version" => "0.15"}]},"Catalyst-Plugin-Session" => {"advisories" => [{"affected_versions" => ["<0.44"],"cves" => ["CVE-2025-40924"],"description" => "Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.  The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Catalyst-Plugin-Session","fixed_versions" => [">=0.44"],"id" => "CPANSA-Catalyst-Plugin-Session-2025-40924","references" => ["https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/c0e2b4ab1e42ebce1008286db8c571b6ee98c22c.patch","https://github.com/perl-catalyst/Catalyst-Plugin-Session/pull/5","https://metacpan.org/release/HAARG/Catalyst-Plugin-Session-0.43/source/lib/Catalyst/Plugin/Session.pm#L632"],"reported" => "2025-07-17","severity" => undef}],"main_module" => "Catalyst::Plugin::Session","versions" => [{"date" => "2005-11-14T20:45:06","version" => "0.01"},{"date" => "2005-11-23T12:29:16","version" => "0.02"},{"date" => "2005-12-26T08:24:04","version" => "0.03"},{"date" => "2005-12-28T11:51:50","version" => "0.04"},{"date" => "2006-01-01T10:45:07","version" => "0.05"},{"date" => "2006-07-29T16:35:24","version" => "0.06"},{"date" => "2006-07-31T11:24:16","version" => "0.07"},{"date" => "2006-07-31T12:11:58","version" => "0.08"},{"date" => "2006-07-31T18:24:07","version" => "0.09"},{"date" => "2006-08-01T08:08:13","version" => "0.10"},{"date" => "2006-08-10T15:03:04","version" => "0.11"},{"date" => "2006-08-26T17:55:09","version" => "0.12"},{"date" => "2006-10-12T19:54:32","version" => "0.13"},{"date" => "2007-01-31T11:24:20","version" => "0.14"},{"date" => "2007-06-24T15:17:44","version" => "0.15"},{"date" => "2007-07-03T14:40:50","version" => "0.16"},{"date" => "2007-07-16T10:20:50","version" => "0.17"},{"date" => "2007-08-15T18:06:22","version" => "0.18"},{"date" => "2007-10-08T18:18:10","version" => "0.19"},{"date" => "2009-01-09T02:13:40","version" => "0.19_01"},{"date" => "2009-02-05T14:50:15","version" => "0.20"},{"date" => "2009-04-30T20:54:07","version" => "0.21"},{"date" => "2009-05-13T21:00:18","version" => "0.22"},{"date" => "2009-06-16T19:43:53","version" => "0.23"},{"date" => "2009-06-23T08:20:00","version" => "0.24"},{"date" => "2009-07-08T21:54:31","version" => "0.25"},{"date" => "2009-08-19T21:23:25","version" => "0.26"},{"date" => "2009-10-06T08:45:28","version" => "0.26_01"},{"date" => "2009-10-08T21:38:42","version" => "0.27"},{"date" => "2009-10-29T09:59:18","version" => "0.28"},{"date" => "2009-11-04T23:43:22","version" => "0.29"},{"date" => "2010-06-24T12:54:05","version" => "0.30"},{"date" => "2010-10-08T14:39:33","version" => "0.31"},{"date" => "2011-06-08T12:05:42","version" => "0.32"},{"date" => "2012-03-26T10:03:59","version" => "0.33"},{"date" => "2012-04-02T14:51:39","version" => "0.34"},{"date" => "2012-04-24T08:24:54","version" => "0.35"},{"date" => "2012-10-19T22:40:25","version" => "0.36"},{"date" => "2013-02-25T14:04:31","version" => "0.37"},{"date" => "2013-09-18T14:03:08","version" => "0.38"},{"date" => "2013-10-16T15:09:02","version" => "0.39"},{"date" => "2015-01-27T01:20:24","version" => "0.40"},{"date" => "2018-12-06T02:31:20","version" => "0.41"},{"date" => "2022-05-31T00:20:53","version" => "0.42"},{"date" => "2022-06-03T14:15:38","version" => "0.43"},{"date" => "2025-07-16T14:18:57","version" => "0.44"}]},"Catalyst-Plugin-Static" => {"advisories" => [{"affected_versions" => ["<0.10"],"cves" => [],"description" => "Serving files outside of \$config->{root} directory.\n","distribution" => "Catalyst-Plugin-Static","fixed_versions" => [">=0.10"],"id" => "CPANSA-Catalyst-Plugin-Static-2005-01","reported" => "2005-11-14"}],"main_module" => "Catalyst::Plugin::Static","versions" => [{"date" => "2005-01-29T00:00:20","version" => "0.01"},{"date" => "2005-02-19T20:28:50","version" => "0.02"},{"date" => "2005-03-17T01:01:03","version" => "0.03"},{"date" => "2005-03-17T19:10:36","version" => "0.04"},{"date" => "2005-03-21T13:34:27","version" => "0.05"},{"date" => "2005-03-23T06:48:05","version" => "0.05"},{"date" => "2005-04-15T16:58:18","version" => "0.06"},{"date" => "2005-04-17T14:50:45","version" => "0.07"},{"date" => "2005-09-06T13:42:42","version" => "0.08"},{"date" => "2005-11-14T08:38:35","version" => "0.09"},{"date" => "2005-11-14T10:26:31","version" => "0.10"},{"date" => "2009-10-18T18:13:00","version" => "0.11"}]},"Catalyst-Plugin-Static-Simple" => {"advisories" => [{"affected_versions" => ["<0.34"],"cves" => ["CVE-2017-16248"],"description" => "The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.\n","distribution" => "Catalyst-Plugin-Static-Simple","fixed_versions" => [">=0.34"],"id" => "CPANSA-Catalyst-Plugin-Static-Simple-2017-01","references" => ["https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","https://metacpan.org/pod/CPAN::Checksums"],"reported" => "2017-10-31"}],"main_module" => "Catalyst::Plugin::Static::Simple","versions" => [{"date" => "2005-08-12T01:37:04","version" => "0.01"},{"date" => "2005-08-16T22:09:54","version" => "0.02"},{"date" => "2005-08-22T03:44:24","version" => "0.03"},{"date" => "2005-08-22T15:59:08","version" => "0.04"},{"date" => "2005-08-26T15:58:06","version" => "0.05"},{"date" => "2005-09-05T19:36:58","version" => "0.06"},{"date" => "2005-09-06T01:07:28","version" => "0.07"},{"date" => "2005-09-07T22:52:21","version" => "0.08"},{"date" => "2005-10-07T17:40:16","version" => "0.09"},{"date" => "2005-10-19T21:19:04","version" => "0.10"},{"date" => "2005-11-14T00:28:01","version" => "0.11"},{"date" => "2005-12-15T14:56:40","version" => "0.13"},{"date" => "2006-03-24T16:18:59","version" => "0.14"},{"date" => "2006-07-05T16:35:54","version" => "0.14"},{"date" => "2006-12-09T03:25:57","version" => "0.15"},{"date" => "2007-04-30T18:48:25","version" => "0.16"},{"date" => "2007-05-11T14:52:16","version" => "0.17"},{"date" => "2007-07-01T04:12:31","version" => "0.18"},{"date" => "2007-07-02T20:54:05","version" => "0.19"},{"date" => "2007-09-24T13:50:15","version" => "0.20"},{"date" => "2009-03-29T18:47:56","version" => "0.21"},{"date" => "2009-08-21T16:21:17","version" => "0.22"},{"date" => "2009-10-06T16:51:19","version" => "0.23"},{"date" => "2009-10-18T18:12:48","version" => "0.24"},{"date" => "2009-10-22T20:49:26","version" => "0.25"},{"date" => "2009-12-06T12:32:46","version" => "0.26"},{"date" => "2010-01-03T14:56:26","version" => "0.27"},{"date" => "2010-01-04T13:18:25","version" => "0.28"},{"date" => "2010-02-01T18:48:45","version" => "0.29"},{"date" => "2012-05-04T17:17:29","version" => "0.30"},{"date" => "2013-09-09T14:32:43","version" => "0.31"},{"date" => "2014-06-05T12:44:48","version" => "0.32"},{"date" => "2014-10-29T16:02:17","version" => "0.33"},{"date" => "2017-08-02T17:00:14","version" => "0.34"},{"date" => "2018-03-14T12:13:30","version" => "0.35"},{"date" => "2018-03-15T11:41:17","version" => "0.36"},{"date" => "2021-05-05T14:30:07","version" => "0.37"}]},"Catalyst-Runtime" => {"advisories" => [{"affected_versions" => ["<5.90020"],"cves" => [],"description" => "Passing a special host to the redirect page link makes it vulnerable to XSS attack.\n","distribution" => "Catalyst-Runtime","fixed_versions" => [">=5.90020"],"id" => "CPANSA-Catalyst-Runtime-2013-01","references" => ["http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/Catalyst-Runtime.git;a=commitdiff;h=7af54927870a7c6f89323ac1876d49f92e7841f5"],"reported" => "2013-01-23"},{"affected_versions" => ["<5.58"],"cves" => [],"description" => "Path traversal in Static::Simple plugin.\n","distribution" => "Catalyst-Runtime","fixed_versions" => [">=5.58"],"id" => "CPANSA-Catalyst-Runtime-2005-01","reported" => "2005-11-24"}],"main_module" => "Catalyst::Runtime","versions" => [{"date" => "2006-06-25T19:20:53","version" => "5.70_01"},{"date" => "2006-06-27T18:10:20","version" => "5.70_02"},{"date" => "2006-06-28T21:50:30","version" => "5.70_03"},{"date" => "2006-07-07T22:47:30","version" => "5.7000"},{"date" => "2006-07-20T06:00:58","version" => "5.7001"},{"date" => "2006-09-19T07:36:29","version" => "5.7002"},{"date" => "2006-09-23T17:43:12","version" => "5.7003"},{"date" => "2006-11-06T23:28:40","version" => "5.7004"},{"date" => "2006-11-07T19:43:56","version" => "5.7005"},{"date" => "2006-11-15T08:27:59","version" => "5.7006"},{"date" => "2007-03-14T11:13:37","version" => "5.7007"},{"date" => "2007-08-13T06:36:11","version" => "5.7008"},{"date" => "2007-08-21T22:23:53","version" => "5.7009"},{"date" => "2007-08-22T05:51:41","version" => "5.7010"},{"date" => "2007-10-18T18:11:24","version" => "5.7011"},{"date" => "2007-12-17T08:19:28","version" => "5.7012"},{"date" => "2008-05-17T12:41:13","version" => "5.7013"},{"date" => "2008-05-25T21:16:45","version" => "5.7013"},{"date" => "2008-06-25T20:43:41","version" => "5.7099_01"},{"date" => "2008-07-18T11:41:25","version" => "5.7099_02"},{"date" => "2008-07-20T08:15:02","version" => "5.7099_02"},{"date" => "2008-10-13T20:55:41","version" => "5.7099_02"},{"date" => "2008-10-14T06:06:06","version" => "5.7099_02"},{"date" => "2008-10-15T21:44:15","version" => "5.7015"},{"date" => "2008-10-17T12:42:53","version" => "5.8000_03"},{"date" => "2008-12-05T15:11:14","version" => "5.8000_04"},{"date" => "2009-01-12T15:46:59","version" => "5.7099_04"},{"date" => "2009-01-19T17:36:04","version" => "5.71000"},{"date" => "2009-01-29T08:56:09","version" => "5.8000_05"},{"date" => "2009-02-04T20:08:22","version" => "5.8000_06"},{"date" => "2009-03-27T09:21:12","version" => "5.71001"},{"date" => "2009-04-13T19:03:36","version" => "5.8000_07"},{"date" => "2009-04-18T20:26:00","version" => "5.80001"},{"date" => "2009-04-21T23:45:45","version" => "5.80002"},{"date" => "2009-04-29T14:39:21","version" => "5.80003"},{"date" => "2009-05-18T15:16:38","version" => "5.80004"},{"date" => "2009-06-06T12:49:15","version" => "5.80005"},{"date" => "2009-06-29T22:11:48","version" => "5.80006"},{"date" => "2009-06-30T22:11:36","version" => "5.80007"},{"date" => "2009-08-21T16:14:33","version" => "5.80008"},{"date" => "2009-08-21T20:29:33","version" => "5.80009"},{"date" => "2009-08-21T21:42:08","version" => "5.80010"},{"date" => "2009-08-23T11:57:26","version" => "5.80011"},{"date" => "2009-09-09T18:01:32","version" => "5.80012"},{"date" => "2009-09-17T09:35:20","version" => "5.80013"},{"date" => "2009-11-21T02:32:20","version" => "5.80014"},{"date" => "2009-11-22T20:24:47","version" => "5.80014_01"},{"date" => "2009-12-01T01:14:00","version" => "5.80014_02"},{"date" => "2009-12-02T15:42:50","version" => "5.80015"},{"date" => "2009-12-11T23:37:44","version" => "5.80016"},{"date" => "2010-01-10T02:01:50","version" => "5.80017"},{"date" => "2010-01-12T21:39:47","version" => "5.80018"},{"date" => "2010-01-29T00:18:07","version" => "5.80019"},{"date" => "2010-02-04T06:19:31","version" => "5.80020"},{"date" => "2010-03-03T23:16:29","version" => "5.80021"},{"date" => "2010-03-28T19:25:48","version" => "5.80022"},{"date" => "2010-05-07T22:07:08","version" => "5.80023"},{"date" => "2010-05-15T09:57:52","version" => "5.80024"},{"date" => "2010-07-29T00:59:16","version" => "5.80025"},{"date" => "2010-09-01T15:10:42","version" => "5.80026"},{"date" => "2010-09-02T11:33:03","version" => "5.80027"},{"date" => "2010-09-28T20:14:11","version" => "5.80028"},{"date" => "2010-10-03T16:24:08","version" => "5.80029"},{"date" => "2011-01-04T12:56:30","version" => "5.80030"},{"date" => "2011-01-24T10:50:27","version" => "5.89000"},{"date" => "2011-01-31T08:25:21","version" => "5.80031"},{"date" => "2011-02-23T08:28:58","version" => "5.80032"},{"date" => "2011-03-01T14:56:37","version" => "5.89001"},{"date" => "2011-03-02T10:37:42","version" => "5.89002"},{"date" => "2011-07-24T15:58:37","version" => "5.80033"},{"date" => "2011-07-28T20:05:01","version" => "5.89003"},{"date" => "2011-08-15T21:35:34","version" => "5.9000"},{"date" => "2011-08-15T21:59:58","version" => "5.90001"},{"date" => "2011-08-22T20:55:10","version" => "5.90002"},{"date" => "2011-10-05T07:48:57","version" => "5.90003"},{"date" => "2011-10-11T15:19:05","version" => "5.90004"},{"date" => "2011-10-22T21:01:24","version" => "5.90005"},{"date" => "2011-10-25T17:54:34","version" => "5.90006"},{"date" => "2011-11-22T20:40:44","version" => "5.90007"},{"date" => "2012-02-06T21:08:28","version" => "5.90008"},{"date" => "2012-02-16T09:29:44","version" => "5.90009"},{"date" => "2012-02-18T00:49:30","version" => "5.90010"},{"date" => "2012-03-08T21:53:00","version" => "5.90011"},{"date" => "2012-05-19T07:13:21","version" => "5.90012"},{"date" => "2012-06-08T00:37:40","version" => "5.90013"},{"date" => "2012-06-21T20:41:41","version" => "5.90013"},{"date" => "2012-06-26T14:34:56","version" => "5.90014"},{"date" => "2012-06-30T18:00:53","version" => "5.90015"},{"date" => "2012-08-17T01:39:42","version" => "5.90016"},{"date" => "2012-10-19T21:51:54","version" => "5.90017"},{"date" => "2012-10-24T01:01:44","version" => "5.90018"},{"date" => "2012-12-04T22:04:19","version" => "5.90019"},{"date" => "2013-02-22T14:05:39","version" => "5.90020"},{"date" => "2013-04-12T17:09:27","version" => "5.90030"},{"date" => "2013-06-12T21:26:14","version" => "5.90040"},{"date" => "2013-06-15T02:10:17","version" => "5.90041"},{"date" => "2013-06-16T01:57:47","version" => "5.90042"},{"date" => "2013-07-26T19:13:01","version" => "5.90049_001"},{"date" => "2013-08-21T02:39:45","version" => "5.90049_002"},{"date" => "2013-09-20T19:03:54","version" => "5.90049_003"},{"date" => "2013-10-18T22:19:33","version" => "5.90049_004"},{"date" => "2013-10-31T20:48:42","version" => "5.90049_005"},{"date" => "2013-11-05T03:25:31","version" => "5.90049_006"},{"date" => "2013-11-05T22:35:22","version" => "5.90050"},{"date" => "2013-11-07T17:14:35","version" => "5.90051"},{"date" => "2013-12-18T20:03:22","version" => "5.90052"},{"date" => "2013-12-19T14:33:08","version" => "5.90059_001"},{"date" => "2013-12-22T16:18:16","version" => "5.90053"},{"date" => "2013-12-22T16:34:11","version" => "5.90059_002"},{"date" => "2013-12-27T02:27:08","version" => "5.90059_003"},{"date" => "2014-01-27T17:20:51","version" => "5.90059_004"},{"date" => "2014-01-28T19:36:58","version" => "5.90059_005"},{"date" => "2014-02-06T20:41:25","version" => "5.90059_006"},{"date" => "2014-02-08T03:11:11","version" => "5.90060"},{"date" => "2014-03-10T14:46:10","version" => "5.90061"},{"date" => "2014-04-14T18:53:26","version" => "5.90062"},{"date" => "2014-05-02T00:15:16","version" => "5.90063"},{"date" => "2014-05-05T14:55:25","version" => "5.90064"},{"date" => "2014-05-27T18:08:08","version" => "5.90069_001"},{"date" => "2014-06-05T12:44:59","version" => "5.90065"},{"date" => "2014-06-10T00:22:42","version" => "5.90069_002"},{"date" => "2014-08-06T15:09:29","version" => "5.90069_003"},{"date" => "2014-08-07T15:59:15","version" => "5.90069_004"},{"date" => "2014-08-07T21:49:59","version" => "5.90070"},{"date" => "2014-08-10T13:15:52","version" => "5.90071"},{"date" => "2014-09-15T16:30:58","version" => "5.90072"},{"date" => "2014-09-23T17:24:54","version" => "5.90073"},{"date" => "2014-10-01T21:45:12","version" => "5.90074"},{"date" => "2014-10-07T00:07:51","version" => "5.90075"},{"date" => "2014-11-14T00:20:16","version" => "5.90076"},{"date" => "2014-11-19T00:28:27","version" => "5.90077"},{"date" => "2014-12-02T21:50:30","version" => "5.90079_001"},{"date" => "2014-12-02T23:22:07","version" => "5.90079_002"},{"date" => "2014-12-03T19:45:16","version" => "5.90079_003"},{"date" => "2014-12-26T23:05:46","version" => "5.90079_004"},{"date" => "2014-12-31T16:26:20","version" => "5.90078"},{"date" => "2014-12-31T21:04:56","version" => "5.90079_005"},{"date" => "2015-01-02T15:11:55","version" => "5.90079_006"},{"date" => "2015-01-02T18:11:38","version" => "5.90079"},{"date" => "2015-01-07T20:01:40","version" => "5.90079_007"},{"date" => "2015-01-07T23:26:17","version" => "5.90079_008"},{"date" => "2015-01-09T17:04:47","version" => "5.90080"},{"date" => "2015-01-10T22:39:56","version" => "5.90081"},{"date" => "2015-01-10T23:33:56","version" => "5.90082"},{"date" => "2015-02-17T02:29:50","version" => "5.90083"},{"date" => "2015-02-23T22:24:50","version" => "5.90084"},{"date" => "2015-03-25T18:58:11","version" => "5.90085"},{"date" => "2015-03-26T21:30:15","version" => "5.90089_001"},{"date" => "2015-04-17T21:32:30","version" => "5.90089_002"},{"date" => "2015-04-27T20:20:40","version" => "5.90089_003"},{"date" => "2015-04-28T18:24:12","version" => "5.90089_004"},{"date" => "2015-04-29T14:04:24","version" => "5.90090"},{"date" => "2015-05-08T20:36:59","version" => "5.90091"},{"date" => "2015-05-19T16:48:30","version" => "5.90092"},{"date" => "2015-05-29T17:06:23","version" => "5.90093"},{"date" => "2015-07-24T20:17:46","version" => "5.90094"},{"date" => "2015-07-27T14:32:30","version" => "5.90095"},{"date" => "2015-07-27T15:44:59","version" => "5.90096"},{"date" => "2015-07-28T20:33:41","version" => "5.90097"},{"date" => "2015-08-24T16:30:12","version" => "5.90100"},{"date" => "2015-09-04T22:57:40","version" => "5.90101"},{"date" => "2015-10-29T19:39:24","version" => "5.90102"},{"date" => "2015-11-12T10:19:42","version" => "5.90103"},{"date" => "2016-04-04T17:18:38","version" => "5.90104"},{"date" => "2016-06-08T20:06:53","version" => "5.90105"},{"date" => "2016-07-06T01:21:42","version" => "5.90106"},{"date" => "2016-07-20T19:12:32","version" => "5.90110"},{"date" => "2016-07-20T20:07:16","version" => "5.90111"},{"date" => "2016-07-25T21:03:05","version" => "5.90112"},{"date" => "2016-12-15T21:35:30","version" => "5.90113"},{"date" => "2016-12-19T16:54:08","version" => "5.90114"},{"date" => "2017-05-01T16:42:46","version" => "5.90115"},{"date" => "2018-01-19T20:55:15","version" => "5.90116"},{"date" => "2018-01-21T23:47:21","version" => "5.90117"},{"date" => "2018-05-01T09:59:20","version" => "5.90118"},{"date" => "2018-09-24T00:25:48","version" => "5.90119"},{"date" => "2018-10-19T06:13:58","version" => "5.90120"},{"date" => "2018-10-22T20:39:48","version" => "5.90_121"},{"date" => "2018-11-03T14:52:06","version" => "5.90122"},{"date" => "2018-11-27T15:39:35","version" => "5.90123"},{"date" => "2019-01-18T22:36:07","version" => "5.90124"},{"date" => "2020-01-19T01:11:05","version" => "5.90125"},{"date" => "2020-01-20T01:40:16","version" => "5.90126"},{"date" => "2020-07-27T01:25:21","version" => "5.90_127"},{"date" => "2020-09-11T12:38:26","version" => "5.90128"},{"date" => "2022-07-23T13:13:34","version" => "5.90129"},{"date" => "2022-11-09T15:37:01","version" => "5.90130"},{"date" => "2023-07-20T23:09:29","version" => "5.90131"},{"date" => "2024-11-08T19:56:41","version" => "5.90132"}]},"Clipboard" => {"advisories" => [{"affected_versions" => ["<0.16"],"cves" => ["CVE-2014-5509"],"description" => "clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit\$\$.\n","distribution" => "Clipboard","fixed_versions" => [">=0.16"],"id" => "CPANSA-Clipboard-2014-5509","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=98435","https://bugzilla.redhat.com/show_bug.cgi?id=1135624","http://www.securityfocus.com/bid/69473","http://www.openwall.com/lists/oss-security/2014/08/30/2"],"reported" => "2018-01-08","severity" => "medium"}],"main_module" => "Clipboard","versions" => [{"date" => "2005-05-01T17:19:57","version" => "0.01"},{"date" => "2005-05-02T06:17:33","version" => "0.02"},{"date" => "2005-05-04T06:17:44","version" => "0.03"},{"date" => "2005-05-08T05:54:44","version" => "0.04"},{"date" => "2005-06-01T17:00:34","version" => "0.06"},{"date" => "2005-06-02T05:06:37","version" => "0.07"},{"date" => "2005-06-22T17:05:15","version" => "0.08"},{"date" => "2005-11-19T06:12:48","version" => "0.09"},{"date" => "2010-10-07T01:39:10","version" => "0.10"},{"date" => "2010-10-07T04:49:39","version" => "0.11"},{"date" => "2010-10-11T06:13:22","version" => "0.12"},{"date" => "2010-10-13T04:46:50","version" => "0.13"},{"date" => "2019-01-30T10:47:45","version" => "0.14"},{"date" => "2019-01-30T11:00:22","version" => "0.15"},{"date" => "2019-01-30T11:22:23","version" => "0.16"},{"date" => "2019-01-30T14:00:52","version" => "0.17"},{"date" => "2019-01-30T20:12:11","version" => "0.18"},{"date" => "2019-01-31T11:00:20","version" => "0.19"},{"date" => "2019-04-17T20:55:35","version" => "0.20"},{"date" => "2019-12-02T06:04:27","version" => "0.21"},{"date" => "2020-01-28T18:10:34","version" => "0.22"},{"date" => "2020-03-06T15:43:11","version" => "0.23"},{"date" => "2020-03-07T08:25:07","version" => "0.24"},{"date" => "2020-05-14T06:33:28","version" => "0.25"},{"date" => "2020-05-16T07:56:58","version" => "0.26"},{"date" => "2021-02-13T18:13:34","version" => "0.27"},{"date" => "2021-02-23T07:47:20","version" => "0.28"},{"date" => "2024-04-07T03:11:57","version" => "0.29"},{"date" => "2024-06-16T12:03:21","version" => "0.30"},{"date" => "2025-01-21T17:04:47","version" => "0.31"},{"date" => "2025-02-10T08:24:16","version" => "0.32"}]},"Cmd-Dwarf" => {"advisories" => [{"affected_versions" => ["<1.20"],"cves" => [],"description" => "JSON highjacking possibility.\n","distribution" => "Cmd-Dwarf","fixed_versions" => [">=1.20"],"id" => "CPANSA-Cmd-Dwarf-2014-01","references" => ["https://github.com/seagirl/dwarf/commit/14cf7a1d55db635a07f4838e16f3d9a28e63f529","https://metacpan.org/changes/distribution/Cmd-Dwarf"],"reported" => "2014-12-03"}],"main_module" => "Cmd::Dwarf","versions" => [{"date" => "2015-07-30T06:48:35","version" => "1.27"},{"date" => "2015-08-26T13:27:51","version" => "1.28"},{"date" => "2015-08-28T08:58:33","version" => "1.29"},{"date" => "2015-09-17T08:17:32","version" => "1.30"},{"date" => "2016-01-20T06:39:15","version" => "1.31"},{"date" => "2016-10-25T05:56:33","version" => "1.41"},{"date" => "2017-03-29T04:42:05","version" => "1.42"},{"date" => "2017-06-21T07:06:05","version" => "1.50"},{"date" => "2017-10-05T08:08:01","version" => "1.60"},{"date" => "2018-03-17T07:35:19","version" => "1.70"},{"date" => "2018-08-18T11:43:10","version" => "1.80"},{"date" => "2019-04-05T05:22:33","version" => "1.81"},{"date" => "2019-04-05T05:36:46","version" => "1.82"},{"date" => "2019-04-05T09:06:55","version" => "1.83"}]},"Compress-LZ4" => {"advisories" => [{"affected_versions" => ["<0.20"],"cves" => [],"description" => "Outdated LZ4 source code with security issue on 32bit systems.\n","distribution" => "Compress-LZ4","fixed_versions" => [">=0.20"],"id" => "CPANSA-Compress-LZ4-2014-01","references" => ["https://metacpan.org/changes/distribution/Compress-LZ4","https://github.com/gray/compress-lz4/commit/fc503812b4cbba16429658e1dfe20ad8bbfd77a0"],"reported" => "2014-07-07"}],"main_module" => "Compress::LZ4","versions" => [{"date" => "2012-02-11T16:33:26","version" => "0.01"},{"date" => "2012-02-20T21:26:48","version" => "0.02"},{"date" => "2012-03-02T04:47:50","version" => "0.03"},{"date" => "2012-03-18T07:09:30","version" => "0.04"},{"date" => "2012-03-18T19:45:25","version" => "0.05"},{"date" => "2012-03-22T09:23:45","version" => "0.06"},{"date" => "2012-03-22T16:12:43","version" => "0.07"},{"date" => "2012-03-23T16:29:14","version" => "0.08"},{"date" => "2012-03-23T17:27:12","version" => "0.09"},{"date" => "2012-03-26T11:28:24","version" => "0.10"},{"date" => "2012-04-03T21:36:24","version" => "0.11"},{"date" => "2012-04-04T12:55:22","version" => "0.12"},{"date" => "2012-06-01T18:55:41","version" => "0.13"},{"date" => "2012-08-10T00:21:56","version" => "0.14"},{"date" => "2012-08-11T16:37:53","version" => "0.15"},{"date" => "2012-09-08T18:18:41","version" => "0.16"},{"date" => "2013-03-19T00:39:07","version" => "0.17"},{"date" => "2013-11-19T00:56:57","version" => "0.18"},{"date" => "2014-02-08T00:35:09","version" => "0.19"},{"date" => "2014-07-07T21:08:49","version" => "0.20"},{"date" => "2015-05-12T19:01:36","version" => "0.21"},{"date" => "2015-05-20T06:16:53","version" => "0.22"},{"date" => "2016-07-25T20:45:05","version" => "0.23"},{"date" => "2017-03-23T04:34:45","version" => "0.24"},{"date" => "2017-04-06T16:38:31","version" => "0.25"}]},"Compress-Raw-Bzip2" => {"advisories" => [{"affected_versions" => ["<2.031"],"cves" => ["CVE-2010-0405"],"description" => "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.\n","distribution" => "Compress-Raw-Bzip2","fixed_versions" => [">=2.031"],"id" => "CPANSA-Compress-Raw-Bzip2-2010-0405","references" => ["https://metacpan.org/changes/distribution/Compress-Raw-Bzip2"],"reported" => "2010-01-27"},{"affected_versions" => ["<2.018"],"cves" => ["CVE-2009-1884"],"description" => "Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.\n","distribution" => "Compress-Raw-Bzip2","fixed_versions" => [">=2.018"],"id" => "CPANSA-Compress-Raw-Bzip2-2009-1884","references" => ["http://security.gentoo.org/glsa/glsa-200908-07.xml","https://bugs.gentoo.org/show_bug.cgi?id=281955","https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html","https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html","http://www.securityfocus.com/bid/36082","http://secunia.com/advisories/36386","https://bugzilla.redhat.com/show_bug.cgi?id=518278","http://secunia.com/advisories/36415","https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"],"reported" => "2009-08-19","severity" => undef}],"main_module" => "Compress::Raw::Bzip2","versions" => [{"date" => "2006-03-13T16:14:00","version" => "2.000_10"},{"date" => "2006-04-15T21:23:09","version" => "2.000_11"},{"date" => "2006-05-17T12:43:30","version" => "2.000_12"},{"date" => "2006-06-20T12:43:47","version" => "2.000_13"},{"date" => "2006-10-26T14:15:45","version" => "2.000_14"},{"date" => "2006-11-01T10:35:27","version" => "2.001"},{"date" => "2006-12-29T20:40:23","version" => "2.002"},{"date" => "2007-01-02T13:03:45","version" => "2.003"},{"date" => "2007-03-03T15:50:04","version" => "2.004"},{"date" => "2007-07-01T00:06:51","version" => "2.005"},{"date" => "2007-09-01T19:44:48","version" => "2.006"},{"date" => "2007-11-10T11:59:25","version" => "2.008"},{"date" => "2008-04-20T14:41:25","version" => "2.009"},{"date" => "2008-05-05T17:18:15","version" => "2.010"},{"date" => "2008-05-17T11:16:17","version" => "2.011"},{"date" => "2008-07-15T22:23:56","version" => "2.012"},{"date" => "2008-09-02T20:20:05","version" => "2.014"},{"date" => "2008-09-03T20:47:15","version" => "2.015"},{"date" => "2009-04-04T09:47:36","version" => "2.017"},{"date" => "2009-05-03T16:26:57","version" => "2.018"},{"date" => "2009-05-04T09:42:06","version" => "2.019"},{"date" => "2009-06-03T17:48:18","version" => "2.020"},{"date" => "2009-08-30T20:25:24","version" => "2.021"},{"date" => "2009-11-09T23:25:19","version" => "2.023"},{"date" => "2010-01-09T17:56:12","version" => "2.024"},{"date" => "2010-03-28T12:56:33","version" => "2.025"},{"date" => "2010-04-07T19:49:29","version" => "2.026"},{"date" => "2010-04-24T19:15:32","version" => "2.027"},{"date" => "2010-07-24T14:29:17","version" => "2.030"},{"date" => "2010-09-21T19:44:52","version" => "2.031"},{"date" => "2011-01-06T11:26:00","version" => "2.032"},{"date" => "2011-01-11T14:02:05","version" => "2.033"},{"date" => "2011-05-02T21:50:15","version" => "2.034"},{"date" => "2011-05-07T08:30:09","version" => "2.035"},{"date" => "2011-06-18T21:45:13","version" => "2.036"},{"date" => "2011-06-22T07:17:56","version" => "2.037"},{"date" => "2011-10-28T14:27:59","version" => "2.039"},{"date" => "2011-10-28T22:18:59","version" => "2.040"},{"date" => "2011-11-17T23:44:58","version" => "2.042"},{"date" => "2011-11-20T21:31:34","version" => "2.043"},{"date" => "2011-12-03T22:48:47","version" => "2.044"},{"date" => "2011-12-04T19:19:58","version" => "2.045"},{"date" => "2012-01-28T23:26:44","version" => "2.047"},{"date" => "2012-01-29T16:58:55","version" => "2.048"},{"date" => "2012-02-18T15:56:34","version" => "2.049"},{"date" => "2012-04-29T12:40:06","version" => "2.052"},{"date" => "2012-08-05T20:35:37","version" => "2.055"},{"date" => "2012-11-10T19:08:29","version" => "2.057"},{"date" => "2012-11-12T22:14:16","version" => "2.058"},{"date" => "2012-11-25T13:38:19","version" => "2.059"},{"date" => "2013-01-07T20:02:08","version" => "2.060"},{"date" => "2013-05-27T09:54:30","version" => "2.061"},{"date" => "2013-08-12T19:06:20","version" => "2.062"},{"date" => "2013-11-02T17:14:54","version" => "2.063"},{"date" => "2014-02-01T23:19:50","version" => "2.064"},{"date" => "2014-09-21T12:40:58","version" => "2.066"},{"date" => "2014-12-08T15:12:21","version" => "2.067"},{"date" => "2014-12-23T17:44:34","version" => "2.068"},{"date" => "2015-09-27T14:33:57","version" => "2.069"},{"date" => "2016-12-28T23:07:42","version" => "2.070"},{"date" => "2017-02-12T20:39:20","version" => "2.072"},{"date" => "2017-02-19T20:35:17","version" => "2.073"},{"date" => "2017-02-19T22:11:17","version" => "2.074"},{"date" => "2018-04-03T18:20:04","version" => "2.080"},{"date" => "2018-04-08T15:01:21","version" => "2.081"},{"date" => "2018-12-30T22:38:05","version" => "2.083"},{"date" => "2019-01-06T08:56:52","version" => "2.084"},{"date" => "2019-03-31T19:13:22","version" => "2.086"},{"date" => "2019-08-10T18:11:44","version" => "2.087"},{"date" => "2019-11-03T08:56:50","version" => "2.088"},{"date" => "2019-11-03T19:53:42","version" => "2.089"},{"date" => "2019-11-09T18:35:48","version" => "2.090"},{"date" => "2019-11-23T19:34:12","version" => "2.091"},{"date" => "2019-12-04T22:08:25","version" => "2.092"},{"date" => "2019-12-07T16:05:12","version" => "2.093"},{"date" => "2020-07-13T10:53:44","version" => "2.094"},{"date" => "2020-07-20T19:13:40","version" => "2.095"},{"date" => "2020-07-31T20:50:12","version" => "2.096"},{"date" => "2021-01-07T13:00:00","version" => "2.100"},{"date" => "2021-02-20T14:08:53","version" => "2.101"},{"date" => "2022-04-03T19:48:28","version" => "2.103"},{"date" => "2022-06-25T09:02:32","version" => "2.201"},{"date" => "2023-02-08T19:23:39","version" => "2.204"},{"date" => "2023-07-16T15:36:44","version" => "2.205"},{"date" => "2023-07-25T15:36:59","version" => "2.206"},{"date" => "2024-02-18T22:19:11","version" => "2.207"},{"date" => "2024-02-19T09:28:45","version" => "2.208"},{"date" => "2024-02-20T13:23:07","version" => "2.209"},{"date" => "2024-02-26T09:33:37","version" => "2.210"},{"date" => "2024-04-06T13:40:27","version" => "2.211"},{"date" => "2024-04-27T12:52:31","version" => "2.212"},{"date" => "2024-08-28T15:29:28","version" => "2.213"},{"date" => "2025-10-24T16:23:16","version" => "2.214"},{"date" => "2026-01-31T23:47:12","version" => "2.217"},{"date" => "2026-03-08T13:51:32","version" => "2.218"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.05201"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038000","version" => "2.204_001"}]},"Compress-Raw-Zlib" => {"advisories" => [{"affected_versions" => ["<2.017"],"cves" => ["CVE-2009-1391"],"description" => "Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [">=2.017"],"id" => "CPANSA-Compress-Raw-Zlib-2009-1391","references" => ["http://article.gmane.org/gmane.mail.virus.amavis.user/33635","http://article.gmane.org/gmane.mail.virus.amavis.user/33638","http://www.securityfocus.com/bid/35307","http://secunia.com/advisories/35422","https://bugzilla.redhat.com/show_bug.cgi?id=504386","http://www.vupen.com/english/advisories/2009/1571","http://thread.gmane.org/gmane.mail.virus.amavis.user/33635","http://osvdb.org/55041","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35876","http://secunia.com/advisories/35685","https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html","http://secunia.com/advisories/35689","http://www.mandriva.com/security/advisories?name=MDVSA-2009:157","http://security.gentoo.org/glsa/glsa-200908-07.xml","https://bugs.gentoo.org/show_bug.cgi?id=273141","https://exchange.xforce.ibmcloud.com/vulnerabilities/51062","https://usn.ubuntu.com/794-1/"],"reported" => "2009-06-16","severity" => undef},{"affected_versions" => ["<=2.219"],"cves" => ["CVE-2026-3381"],"description" => "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.  Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.","distribution" => "Compress-Raw-Zlib","fixed_versions" => [">=2.220"],"id" => "CPANSA-Compress-Raw-Zlib-2026-3381","references" => ["https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/","https://github.com/madler/zlib","https://github.com/madler/zlib/releases/tag/v1.3.2","https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes","https://www.cve.org/CVERecord?id=CVE-2026-27171","https://www.zlib.net/"],"reported" => "2026-03-05","severity" => undef},{"affected_versions" => [">=2.025,<=2.048"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.049,<=2.052"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.053,<=2.060"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.061,<=2.074"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.075,<=2.101"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Compress::Raw::Zlib","versions" => [{"date" => "2006-03-03T23:06:38","version" => "2.000_09"},{"date" => "2006-03-13T16:14:20","version" => "2.000_10"},{"date" => "2006-04-15T21:23:24","version" => "2.000_11"},{"date" => "2006-05-17T12:43:41","version" => "2.000_12"},{"date" => "2006-06-20T12:45:30","version" => "2.000_13"},{"date" => "2006-10-26T14:15:34","version" => "2.000_09"},{"date" => "2006-11-01T10:35:38","version" => "2.001"},{"date" => "2006-12-29T20:40:35","version" => "2.002"},{"date" => "2007-01-02T13:03:57","version" => "2.003"},{"date" => "2007-03-03T15:50:15","version" => "2.004"},{"date" => "2007-07-01T00:07:02","version" => "2.005"},{"date" => "2007-09-01T19:44:59","version" => "2.006"},{"date" => "2007-11-10T11:59:36","version" => "2.008"},{"date" => "2008-04-20T14:42:52","version" => "2.009"},{"date" => "2008-05-05T17:18:27","version" => "2.010"},{"date" => "2008-05-17T11:16:28","version" => "2.011"},{"date" => "2008-07-15T22:24:07","version" => "2.012"},{"date" => "2008-09-02T20:20:16","version" => "2.014"},{"date" => "2008-09-03T20:47:27","version" => "2.015"},{"date" => "2009-04-04T09:49:03","version" => "2.017"},{"date" => "2009-05-03T16:27:08","version" => "2.018"},{"date" => "2009-05-04T09:42:17","version" => "2.019"},{"date" => "2009-06-03T17:48:30","version" => "2.020"},{"date" => "2009-08-30T20:25:35","version" => "2.021"},{"date" => "2009-11-09T23:26:59","version" => "2.023"},{"date" => "2010-01-09T17:56:35","version" => "2.024"},{"date" => "2010-03-28T12:57:08","version" => "2.025"},{"date" => "2010-04-07T19:51:09","version" => "2.026"},{"date" => "2010-04-24T19:15:54","version" => "2.027"},{"date" => "2010-07-24T14:31:01","version" => "2.030"},{"date" => "2011-01-06T11:23:45","version" => "2.032"},{"date" => "2011-01-11T14:03:45","version" => "2.033"},{"date" => "2011-05-02T22:05:37","version" => "2.034"},{"date" => "2011-05-07T08:31:57","version" => "2.035"},{"date" => "2011-06-18T21:45:36","version" => "2.036"},{"date" => "2011-06-22T07:18:22","version" => "2.037"},{"date" => "2011-10-28T14:28:35","version" => "2.039"},{"date" => "2011-10-28T22:20:38","version" => "2.040"},{"date" => "2011-11-17T23:45:21","version" => "2.042"},{"date" => "2011-11-20T21:33:33","version" => "2.043"},{"date" => "2011-12-03T22:49:10","version" => "2.044"},{"date" => "2011-12-04T19:21:36","version" => "2.045"},{"date" => "2012-01-28T23:28:28","version" => "2.047"},{"date" => "2012-01-29T17:00:33","version" => "2.048"},{"date" => "2012-02-18T15:58:12","version" => "2.049"},{"date" => "2012-02-21T19:35:18","version" => "2.050"},{"date" => "2012-02-22T20:43:23","version" => "2.051"},{"date" => "2012-04-29T12:41:57","version" => "2.052"},{"date" => "2012-05-06T08:40:06","version" => "2.053"},{"date" => "2012-05-08T19:22:47","version" => "2.054"},{"date" => "2012-08-05T20:36:06","version" => "2.055"},{"date" => "2012-08-10T22:20:09","version" => "2.056"},{"date" => "2012-11-10T19:08:56","version" => "2.057"},{"date" => "2012-11-12T22:14:42","version" => "2.058"},{"date" => "2012-11-25T13:38:42","version" => "2.059"},{"date" => "2013-01-07T20:02:22","version" => "2.060"},{"date" => "2013-05-27T09:54:54","version" => "2.061"},{"date" => "2013-08-12T19:08:05","version" => "2.062"},{"date" => "2013-11-02T17:15:17","version" => "2.063"},{"date" => "2014-02-01T23:21:28","version" => "2.064"},{"date" => "2014-02-03T20:23:00","version" => "2.065"},{"date" => "2014-09-21T12:42:35","version" => "2.066"},{"date" => "2014-12-08T15:14:00","version" => "2.067"},{"date" => "2014-12-23T17:44:57","version" => "2.068"},{"date" => "2015-09-26T18:41:58","version" => "2.069"},{"date" => "2016-12-28T23:09:21","version" => "2.070"},{"date" => "2016-12-30T22:58:08","version" => "2.071"},{"date" => "2017-02-12T20:41:25","version" => "2.072"},{"date" => "2017-02-19T20:37:20","version" => "2.073"},{"date" => "2017-02-19T22:11:41","version" => "2.074"},{"date" => "2017-11-14T15:43:26","version" => "2.075"},{"date" => "2017-11-21T22:29:23","version" => "2.076"},{"date" => "2018-04-03T18:22:06","version" => "2.080"},{"date" => "2018-04-08T15:02:55","version" => "2.081"},{"date" => "2018-12-30T22:40:08","version" => "2.083"},{"date" => "2019-01-06T08:57:15","version" => "2.084"},{"date" => "2019-03-31T19:11:54","version" => "2.086"},{"date" => "2019-08-10T18:12:03","version" => "2.087"},{"date" => "2019-11-03T08:55:23","version" => "2.088"},{"date" => "2019-11-03T19:54:04","version" => "2.089"},{"date" => "2019-11-09T15:58:48","version" => "2.090"},{"date" => "2019-11-23T19:34:34","version" => "2.091"},{"date" => "2019-12-04T22:08:37","version" => "2.092"},{"date" => "2019-12-07T16:05:34","version" => "2.093"},{"date" => "2020-07-13T10:54:06","version" => "2.094"},{"date" => "2020-07-21T06:57:01","version" => "2.095"},{"date" => "2020-07-31T20:48:45","version" => "2.096"},{"date" => "2021-01-07T13:00:23","version" => "2.100"},{"date" => "2021-02-20T14:10:43","version" => "2.101"},{"date" => "2022-04-03T19:48:50","version" => "2.103"},{"date" => "2022-05-13T06:30:30","version" => "2.104"},{"date" => "2022-05-14T14:24:32","version" => "2.105"},{"date" => "2022-06-21T21:19:21","version" => "2.200"},{"date" => "2022-06-25T09:04:10","version" => "2.201"},{"date" => "2022-06-27T08:18:10","version" => "2.202"},{"date" => "2023-02-08T19:26:25","version" => "2.204"},{"date" => "2023-07-16T15:32:41","version" => "2.205"},{"date" => "2023-07-25T15:35:40","version" => "2.206"},{"date" => "2024-02-18T22:16:24","version" => "2.207"},{"date" => "2024-02-19T09:27:19","version" => "2.208"},{"date" => "2024-02-26T16:11:33","version" => "2.209"},{"date" => "2024-04-06T13:41:58","version" => "2.211"},{"date" => "2024-04-27T12:55:28","version" => "2.212"},{"date" => "2024-08-28T15:27:59","version" => "2.213"},{"date" => "2025-10-24T16:23:27","version" => "2.214"},{"date" => "2026-01-31T22:31:04","version" => "2.217"},{"date" => "2026-02-03T10:45:59","version" => "2.218"},{"date" => "2026-02-23T15:24:28","version" => "2.219"},{"date" => "2026-02-27T10:04:09","version" => "2.220"},{"date" => "2026-02-27T13:17:42","version" => "2.221"},{"date" => "2026-03-08T12:34:59","version" => "2.222"},{"date" => "2010-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013003","version" => "2.027_01"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.05401"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "2.068_01"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038000","version" => "2.204_001"}]},"Concierge-Sessions" => {"advisories" => [{"affected_versions" => [">=0.8.1,<0.8.5"],"cves" => ["CVE-2026-2439"],"description" => "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,    *  There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.   *  The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.   *  UUIDs are identifiers whose mere possession grants access, as per RFC 9562.   *  The output of the built-in rand() function is predictable and unsuitable for security applications.","distribution" => "Concierge-Sessions","fixed_versions" => [">=0.8.5"],"id" => "CPANSA-Concierge-Sessions-2026-2439","references" => ["https://github.com/bwva/Concierge-Sessions/commit/20bb28e92e8fba307c4ff8264701c215be65e73b","https://metacpan.org/release/BVA/Concierge-Sessions-v0.8.4/diff/BVA/Concierge-Sessions-v0.8.5#lib/Concierge/Sessions/Base.pm","https://perldoc.perl.org/5.42.0/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://www.rfc-editor.org/rfc/rfc9562.html#name-security-considerations"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Concierge::Sessions","versions" => [{"date" => "2026-02-11T23:31:48","version" => "v0.8.1"},{"date" => "2026-02-12T04:02:53","version" => "v0.8.2"},{"date" => "2026-02-12T08:43:53","version" => "v0.8.3"},{"date" => "2026-02-12T09:47:28","version" => "v0.8.4"},{"date" => "2026-02-12T16:49:19","version" => "v0.8.5"},{"date" => "2026-02-13T04:18:00","version" => "v0.8.6"},{"date" => "2026-02-13T15:38:42","version" => "v0.8.7"},{"date" => "2026-02-13T17:47:48","version" => "v0.8.8"},{"date" => "2026-02-13T22:10:44","version" => "v0.8.9"},{"date" => "2026-02-13T22:32:58","version" => "v0.9.0"},{"date" => "2026-02-15T04:14:21","version" => "v0.10.0"},{"date" => "2026-02-15T18:14:32","version" => "v0.11.0"}]},"Config-IniFiles" => {"advisories" => [{"affected_versions" => ["<2.71"],"cves" => ["CVE-2012-2451"],"description" => "The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.  NOTE: some of these details are obtained from third party information.  NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.\n","distribution" => "Config-IniFiles","fixed_versions" => [],"id" => "CPANSA-Config-IniFiles-2012-2451","references" => ["http://www.openwall.com/lists/oss-security/2012/05/02/6","http://www.osvdb.org/81671","http://secunia.com/advisories/48990","https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59","https://bugzilla.redhat.com/show_bug.cgi?id=818386","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html","http://www.securityfocus.com/bid/53361","http://www.ubuntu.com/usn/USN-1543-1","https://exchange.xforce.ibmcloud.com/vulnerabilities/75328"],"reported" => "2012-06-27","severity" => undef}],"main_module" => "Config::IniFiles","versions" => [{"date" => "2000-06-20T02:07:11","version" => "0.05"},{"date" => "2000-06-26T02:38:13","version" => "0.06"},{"date" => "2000-07-31T01:32:53","version" => "0.08"},{"date" => "2000-07-31T01:51:15","version" => "0.09"},{"date" => "2000-09-17T03:29:50","version" => "0.11"},{"date" => "2000-09-20T01:06:10","version" => "1.6"},{"date" => "2000-10-17T02:01:37","version" => "1.8"},{"date" => "2000-11-25T03:36:14","version" => "1.11"},{"date" => "2000-11-28T14:09:00","version" => "1.12"},{"date" => "2000-11-28T14:09:15","version" => "1.13"},{"date" => "2000-12-13T17:45:25","version" => "2.10"},{"date" => "2000-12-18T17:56:28","version" => "2.13"},{"date" => "2001-01-08T18:27:24","version" => "2.14"},{"date" => "2001-03-24T21:54:18","version" => "2.17"},{"date" => "2001-03-30T04:48:27","version" => "2.18"},{"date" => "2001-04-05T01:06:51","version" => "2.19"},{"date" => "2001-08-28T11:05:35","version" => "2.21"},{"date" => "2001-12-06T17:15:03","version" => "2.22"},{"date" => "2001-12-07T16:24:14","version" => "2.23"},{"date" => "2001-12-07T17:27:08","version" => "2.24"},{"date" => "2001-12-12T20:50:06","version" => "2.25"},{"date" => "2001-12-19T22:26:32","version" => "2.26"},{"date" => "2001-12-20T16:11:24","version" => "2.27"},{"date" => "2002-08-15T21:41:35","version" => "2.29"},{"date" => "2002-10-15T18:59:21","version" => "2.30"},{"date" => "2002-12-18T01:58:55","version" => "2.36"},{"date" => "2003-01-31T23:06:08","version" => "2.37"},{"date" => "2003-05-14T01:38:13","version" => "2.38"},{"date" => "2005-04-29T20:33:23","version" => "2.39"},{"date" => "2008-12-04T17:02:19","version" => "2.43"},{"date" => "2008-12-25T09:47:08","version" => "2.44"},{"date" => "2008-12-27T15:25:59","version" => "2.45"},{"date" => "2009-01-17T14:40:26","version" => "2.46"},{"date" => "2009-01-21T09:41:11","version" => "2.47"},{"date" => "2009-04-07T12:26:44","version" => "2.48"},{"date" => "2009-05-02T14:27:53","version" => "2.49"},{"date" => "2009-05-31T11:58:04","version" => "2.50"},{"date" => "2009-06-08T09:41:11","version" => "2.51"},{"date" => "2009-06-28T13:21:57","version" => "2.52"},{"date" => "2009-11-13T09:58:28","version" => "2.53"},{"date" => "2009-11-18T11:15:13","version" => "2.54"},{"date" => "2009-12-22T15:48:07","version" => "2.55"},{"date" => "2009-12-31T04:57:40","version" => "2.56"},{"date" => "2010-03-01T13:51:57","version" => "2.57"},{"date" => "2010-05-17T07:45:33","version" => "2.58"},{"date" => "2010-11-12T11:33:52","version" => "2.59"},{"date" => "2010-11-13T07:22:50","version" => "2.60"},{"date" => "2010-11-14T08:57:26","version" => "2.61"},{"date" => "2010-11-19T13:37:37","version" => "2.62"},{"date" => "2010-11-19T14:54:12","version" => "2.63"},{"date" => "2010-11-20T09:55:05","version" => "2.64"},{"date" => "2010-11-25T18:48:52","version" => "2.65"},{"date" => "2011-01-29T16:40:18","version" => "2.66"},{"date" => "2011-06-21T11:59:37","version" => "2.67"},{"date" => "2011-06-21T19:18:33","version" => "2.68"},{"date" => "2012-04-05T09:10:11","version" => "2.69"},{"date" => "2012-04-06T09:52:14","version" => "2.70"},{"date" => "2012-05-02T08:05:15","version" => "2.71"},{"date" => "2012-05-05T16:56:55","version" => "2.72"},{"date" => "2012-05-14T07:49:33","version" => "2.73"},{"date" => "2012-05-23T21:47:46","version" => "2.74"},{"date" => "2012-05-25T12:29:48","version" => "2.75"},{"date" => "2012-06-15T14:47:10","version" => "2.76"},{"date" => "2012-06-21T16:39:23","version" => "2.77"},{"date" => "2012-10-21T11:18:39","version" => "2.78"},{"date" => "2013-05-06T07:10:33","version" => "2.79"},{"date" => "2013-05-14T19:25:07","version" => "2.80"},{"date" => "2013-05-16T10:36:17","version" => "2.81"},{"date" => "2013-05-21T15:35:10","version" => "2.82"},{"date" => "2014-01-27T09:01:28","version" => "2.83"},{"date" => "2015-04-13T18:40:30","version" => "2.84"},{"date" => "2015-04-13T19:08:57","version" => "2.85"},{"date" => "2015-04-14T07:55:59","version" => "2.86"},{"date" => "2015-06-16T09:06:37","version" => "2.87"},{"date" => "2015-07-10T08:38:11","version" => "2.88"},{"date" => "2016-05-03T09:14:13","version" => "2.89"},{"date" => "2016-06-02T13:09:19","version" => "2.90"},{"date" => "2016-06-03T03:11:38","version" => "2.91"},{"date" => "2016-06-17T09:34:08","version" => "2.92"},{"date" => "2016-07-24T08:34:00","version" => "2.93"},{"date" => "2016-11-29T17:31:38","version" => "2.94"},{"date" => "2018-03-16T11:14:39","version" => "2.95"},{"date" => "2018-04-07T08:45:56","version" => "2.96"},{"date" => "2018-04-21T09:13:56","version" => "2.97"},{"date" => "2018-04-21T11:50:34","version" => "2.98"},{"date" => "2018-09-13T07:11:41","version" => "3.000000"},{"date" => "2019-01-16T09:54:40","version" => "3.000001"},{"date" => "2019-03-14T13:34:40","version" => "3.000002"},{"date" => "2020-03-24T15:45:08","version" => "3.000003"}]},"Config-Model" => {"advisories" => [{"affected_versions" => ["<2.102"],"cves" => ["CVE-2017-0373"],"description" => "The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous \"use lib\" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-03","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/9bd64d9ec6c0939166a2216a37d58dd19a725951"],"reported" => "2017-05-10"},{"affected_versions" => ["<2.102"],"cves" => ["CVE-2017-0374"],"description" => "Loads models from a local directory, making it possible to substitute the model.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-02","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/4d37c75b0c4f9633b67999f8260b08027a6bc524"],"reported" => "2017-05-10"},{"affected_versions" => ["<2.102"],"cves" => [],"description" => "YAML or YAML::XS can be loaded automatically making it possible to run arbitrary code loading a specially crafted YAML file.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-01","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/01d212348bfbadf31bd74aadd26b1e391ff2fd92"],"reported" => "2017-05-10"}],"main_module" => "Config::Model","versions" => [{"date" => "2006-04-21T12:27:44","version" => "0.505"},{"date" => "2006-05-19T13:32:14","version" => "0.506"},{"date" => "2006-06-15T12:10:38","version" => "0.507"},{"date" => "2006-07-20T12:28:36","version" => "0.601"},{"date" => "2006-09-07T12:06:17","version" => "0.602"},{"date" => "2006-10-19T11:24:40","version" => "0.603"},{"date" => "2006-12-06T12:58:35","version" => "0.604"},{"date" => "2007-01-08T13:16:42","version" => "0.605"},{"date" => "2007-01-11T12:42:09","version" => "0.606"},{"date" => "2007-01-12T13:06:38","version" => "0.607"},{"date" => "2007-02-23T13:00:34","version" => "0.608"},{"date" => "2007-05-14T11:41:18","version" => "0.609"},{"date" => "2007-06-06T12:28:06","version" => "0.610"},{"date" => "2007-07-03T15:35:21","version" => "0.611"},{"date" => "2007-07-27T11:38:57","version" => "0.612"},{"date" => "2007-10-01T15:52:56","version" => "0.613"},{"date" => "2007-10-23T16:10:29","version" => "0.614"},{"date" => "2007-11-15T12:36:18","version" => "0.615"},{"date" => "2007-12-04T12:41:22","version" => "0.616"},{"date" => "2008-01-28T11:55:50","version" => "0.617"},{"date" => "2008-02-14T12:56:25","version" => "0.618"},{"date" => "2008-02-29T12:08:41","version" => "0.619"},{"date" => "2008-03-18T17:40:57","version" => "0.620"},{"date" => "2008-03-20T07:49:00","version" => "0.6201"},{"date" => "2008-04-04T11:38:49","version" => "0.621"},{"date" => "2008-04-25T16:23:31","version" => "0.622"},{"date" => "2008-05-19T11:47:46","version" => "0.623"},{"date" => "2008-07-25T11:35:07","version" => "0.624"},{"date" => "2008-07-30T12:02:43","version" => "0.625"},{"date" => "2008-09-22T12:20:00","version" => "0.626"},{"date" => "2008-09-23T11:05:58","version" => "0.627"},{"date" => "2008-09-29T12:35:05","version" => "0.628"},{"date" => "2008-10-13T15:09:27","version" => "0.629"},{"date" => "2008-10-21T11:59:27","version" => "0.630"},{"date" => "2008-11-10T14:37:44","version" => "0.631"},{"date" => "2008-12-16T13:32:26","version" => "0.632"},{"date" => "2008-12-23T15:36:48","version" => "0.633"},{"date" => "2009-03-05T13:06:32","version" => "0.634"},{"date" => "2009-04-20T12:21:46","version" => "0.635"},{"date" => "2009-05-30T16:19:54","version" => "0.636"},{"date" => "2009-06-23T12:07:41","version" => "0.637"},{"date" => "2009-06-30T11:31:35","version" => "0.638"},{"date" => "2009-09-08T11:35:25","version" => "0.639"},{"date" => "2009-09-09T16:10:41","version" => "0.640"},{"date" => "2010-01-20T17:30:14","version" => "0.641"},{"date" => "2010-01-21T17:17:34","version" => "0.642"},{"date" => "2010-02-25T13:04:52","version" => "0.643"},{"date" => "2010-03-12T15:24:45","version" => "0.644"},{"date" => "2010-03-28T14:53:46","version" => "1.001"},{"date" => "2010-04-22T12:22:00","version" => "1.202"},{"date" => "2010-06-03T11:09:45","version" => "1.203"},{"date" => "2010-06-03T11:20:09","version" => "1.204"},{"date" => "2010-06-07T16:04:03","version" => "1.205"},{"date" => "2010-08-13T10:53:09","version" => "1.206"},{"date" => "2010-09-14T16:14:40","version" => "1.207"},{"date" => "2010-09-16T11:46:11","version" => "1.208"},{"date" => "2010-09-20T12:29:12","version" => "1.209"},{"date" => "2010-09-30T16:34:27","version" => "1.210"},{"date" => "2010-10-08T10:46:45","version" => "1.211"},{"date" => "2010-10-15T11:08:52","version" => "1.212"},{"date" => "2010-10-19T12:29:03","version" => "1.213"},{"date" => "2010-10-19T15:17:01","version" => "1.214"},{"date" => "2010-10-19T15:28:56","version" => "1.215"},{"date" => "2010-10-26T12:16:51","version" => "1.216"},{"date" => "2010-10-30T12:44:11","version" => "1.217"},{"date" => "2010-11-05T11:53:14","version" => "1.218"},{"date" => "2010-11-09T13:20:51","version" => "1.219"},{"date" => "2010-11-10T08:41:22","version" => "1.220"},{"date" => "2010-11-21T17:40:10","version" => "1.221"},{"date" => "2010-11-22T14:01:55","version" => "1.222"},{"date" => "2010-11-28T17:34:03","version" => "1.223"},{"date" => "2010-12-06T13:18:53","version" => "1.224"},{"date" => "2010-12-07T08:01:43","version" => "1.225"},{"date" => "2010-12-08T18:48:08","version" => "1.226"},{"date" => "2011-01-07T18:12:45","version" => "1.227"},{"date" => "2011-01-09T12:27:15","version" => "1.228"},{"date" => "2011-01-10T19:57:53","version" => "1.229"},{"date" => "2011-01-20T16:47:27","version" => "1.230"},{"date" => "2011-01-30T11:30:23","version" => "1.231"},{"date" => "2011-01-30T13:51:34","version" => "1.232"},{"date" => "2011-02-11T12:25:32","version" => "1.233"},{"date" => "2011-02-21T17:11:22","version" => "1.234"},{"date" => "2011-03-01T13:06:28","version" => "1.235"},{"date" => "2011-04-01T14:09:03","version" => "1.236"},{"date" => "2011-04-04T12:57:04","version" => "1.237"},{"date" => "2011-04-05T14:45:45","version" => "1.238"},{"date" => "2011-04-05T17:40:17","version" => "1.240"},{"date" => "2011-04-07T18:09:49","version" => "1.241"},{"date" => "2011-04-25T15:28:14","version" => "1.242"},{"date" => "2011-05-02T12:33:33","version" => "1.243"},{"date" => "2011-05-16T15:52:46","version" => "1.244"},{"date" => "2011-06-17T12:10:22","version" => "1.245"},{"date" => "2011-06-20T12:32:24","version" => "1.246"},{"date" => "2011-06-27T14:14:52","version" => "1.247"},{"date" => "2011-07-05T15:48:52","version" => "1.248"},{"date" => "2011-07-12T09:54:39","version" => "1.249"},{"date" => "2011-07-22T12:40:47","version" => "1.250"},{"date" => "2011-08-30T12:16:32","version" => "1.251"},{"date" => "2011-09-01T16:06:19","version" => "1.252"},{"date" => "2011-09-02T16:03:35","version" => "1.253"},{"date" => "2011-09-04T15:21:52","version" => "1.254"},{"date" => "2011-09-15T15:23:39","version" => "1.255"},{"date" => "2011-09-16T12:28:51","version" => "1.256"},{"date" => "2011-09-23T10:52:00","version" => "1.257"},{"date" => "2011-10-14T14:45:06","version" => "1.258"},{"date" => "2011-10-16T10:17:53","version" => "1.259"},{"date" => "2011-10-28T13:28:02","version" => "1.260"},{"date" => "2011-11-18T17:02:26","version" => "1.261"},{"date" => "2011-11-19T11:55:30","version" => "1.262"},{"date" => "2011-11-29T15:43:38","version" => "1.263"},{"date" => "2011-11-30T07:50:25","version" => "1.264"},{"date" => "2011-12-06T18:26:54","version" => "1.265"},{"date" => "2012-02-06T11:55:29","version" => "2.001"},{"date" => "2012-02-08T09:49:49","version" => "2.002"},{"date" => "2012-02-08T13:14:22","version" => "2.003"},{"date" => "2012-02-09T11:28:18","version" => "2.004"},{"date" => "2012-02-23T18:25:32","version" => "2.005"},{"date" => "2012-02-25T11:30:41","version" => "2.006"},{"date" => "2012-02-26T16:34:50","version" => "2.007"},{"date" => "2012-03-01T12:40:23","version" => "2.008"},{"date" => "2012-03-13T13:11:49","version" => "2.009"},{"date" => "2012-03-13T13:15:03","version" => "2.010"},{"date" => "2012-03-19T21:41:44","version" => "2.011"},{"date" => "2012-04-05T11:41:54","version" => "2.012"},{"date" => "2012-04-06T12:10:46","version" => "2.013"},{"date" => "2012-05-04T13:57:13","version" => "2.014"},{"date" => "2012-05-14T10:06:13","version" => "2.015"},{"date" => "2012-05-20T08:38:36","version" => "2.016"},{"date" => "2012-05-21T10:56:35","version" => "2.017"},{"date" => "2012-05-29T13:53:06","version" => "2.018"},{"date" => "2012-06-05T12:34:15","version" => "2.019"},{"date" => "2012-06-18T08:34:26","version" => "2.020"},{"date" => "2012-06-27T14:44:55","version" => "2.021_01"},{"date" => "2012-06-28T15:30:52","version" => "2.021"},{"date" => "2012-07-03T14:47:31","version" => "2.022"},{"date" => "2012-07-04T13:50:37","version" => "2.023"},{"date" => "2012-09-04T11:30:02","version" => "2.024"},{"date" => "2012-09-10T10:52:02","version" => "2.025"},{"date" => "2012-09-20T17:12:09","version" => "2.026_1"},{"date" => "2012-09-21T10:38:47","version" => "2.026_2"},{"date" => "2012-09-27T11:53:42","version" => "2.026"},{"date" => "2012-10-30T12:48:16","version" => "2.027"},{"date" => "2012-11-27T12:44:55","version" => "2.028"},{"date" => "2012-11-28T13:31:04","version" => "2.029"},{"date" => "2013-02-27T18:37:05","version" => "2.030_01"},{"date" => "2013-03-23T09:47:53","version" => "2.030"},{"date" => "2013-04-03T17:22:28","version" => "2.031"},{"date" => "2013-04-15T11:28:33","version" => "2.032"},{"date" => "2013-04-15T19:27:14","version" => "2.033"},{"date" => "2013-04-17T19:29:52","version" => "2.034"},{"date" => "2013-04-27T15:05:09","version" => "2.035"},{"date" => "2013-05-25T17:53:04","version" => "2.036"},{"date" => "2013-06-15T17:46:45","version" => "2.037"},{"date" => "2013-07-03T19:30:32","version" => "2.038"},{"date" => "2013-07-18T18:12:07","version" => "2.039"},{"date" => "2013-07-20T09:46:11","version" => "2.040"},{"date" => "2013-08-14T17:58:40","version" => "2.041"},{"date" => "2013-09-15T17:41:45","version" => "2.042"},{"date" => "2013-09-20T17:35:06","version" => "2.043"},{"date" => "2013-10-13T16:02:40","version" => "2.044"},{"date" => "2013-10-18T17:48:15","version" => "2.045"},{"date" => "2013-12-15T13:07:37","version" => "2.046"},{"date" => "2014-01-25T15:54:37","version" => "2.047"},{"date" => "2014-02-23T18:02:19","version" => "2.048"},{"date" => "2014-02-26T19:45:44","version" => "2.049"},{"date" => "2014-02-27T18:12:32","version" => "2.050"},{"date" => "2014-03-06T18:23:11","version" => "2.051"},{"date" => "2014-03-23T16:20:43","version" => "2.052"},{"date" => "2014-03-25T19:11:57","version" => "2.053"},{"date" => "2014-04-01T17:51:50","version" => "2.054"},{"date" => "2014-05-02T11:33:28","version" => "2.055"},{"date" => "2014-05-18T19:34:53","version" => "2.056"},{"date" => "2014-06-12T19:32:47","version" => "2.057"},{"date" => "2014-06-19T19:43:18","version" => "2.058"},{"date" => "2014-06-29T15:08:02","version" => "2.059"},{"date" => "2014-08-19T12:43:59","version" => "2.060"},{"date" => "2014-09-23T19:21:04","version" => "2.061"},{"date" => "2014-11-23T19:45:05","version" => "2.062"},{"date" => "2014-11-28T17:55:21","version" => "2.063"},{"date" => "2014-12-04T18:47:05","version" => "2.064"},{"date" => "2015-01-06T20:16:15","version" => "2.065"},{"date" => "2015-02-15T16:13:00","version" => "2.066"},{"date" => "2015-03-01T18:38:28","version" => "2.067"},{"date" => "2015-03-29T13:39:56","version" => "2.068"},{"date" => "2015-04-25T19:29:15","version" => "2.069"},{"date" => "2015-05-03T14:00:52","version" => "2.070"},{"date" => "2015-05-23T11:15:16","version" => "2.071"},{"date" => "2015-07-18T19:31:43","version" => "2.072"},{"date" => "2015-07-19T07:35:51","version" => "2.073"},{"date" => "2015-09-30T18:56:39","version" => "2.074"},{"date" => "2015-11-22T20:11:19","version" => "2.075"},{"date" => "2016-01-14T18:13:20","version" => "2.076"},{"date" => "2016-01-20T19:55:36","version" => "2.077"},{"date" => "2016-01-24T18:48:46","version" => "2.078"},{"date" => "2016-02-12T20:44:28","version" => "2.079"},{"date" => "2016-02-27T17:59:55","version" => "2.080"},{"date" => "2016-02-29T19:01:45","version" => "2.081"},{"date" => "2016-03-29T18:22:30","version" => "2.082"},{"date" => "2016-04-20T18:32:29","version" => "2.083"},{"date" => "2016-05-26T17:35:53","version" => "2.084"},{"date" => "2016-05-29T17:13:14","version" => "2.085"},{"date" => "2016-06-04T19:28:08","version" => "2.086"},{"date" => "2016-06-29T17:35:35","version" => "2.087"},{"date" => "2016-07-09T18:06:03","version" => "2.088"},{"date" => "2016-09-04T13:17:52","version" => "2.089"},{"date" => "2016-09-10T16:07:07","version" => "2.090"},{"date" => "2016-09-13T17:05:56","version" => "2.091"},{"date" => "2016-09-23T17:46:04","version" => "2.092"},{"date" => "2016-11-08T18:33:39","version" => "2.093"},{"date" => "2016-11-09T18:23:05","version" => "2.094"},{"date" => "2016-12-06T18:01:00","version" => "2.095"},{"date" => "2016-12-11T20:28:14","version" => "2.096"},{"date" => "2016-12-22T17:35:34","version" => "2.097"},{"date" => "2017-02-26T18:58:23","version" => "2.098"},{"date" => "2017-03-05T17:09:37","version" => "2.099"},{"date" => "2017-03-18T12:06:34","version" => "2.100"},{"date" => "2017-04-28T17:40:56","version" => "2.101"},{"date" => "2017-05-14T19:10:40","version" => "2.102"},{"date" => "2017-05-25T08:15:17","version" => "2.103"},{"date" => "2017-06-03T13:23:33","version" => "2.104"},{"date" => "2017-06-09T17:26:55","version" => "2.105"},{"date" => "2017-07-16T14:07:23","version" => "2.106"},{"date" => "2017-08-30T19:12:10","version" => "2.107"},{"date" => "2017-08-31T17:23:43","version" => "2.108"},{"date" => "2017-09-18T17:52:57","version" => "2.109"},{"date" => "2017-09-21T19:12:32","version" => "2.110"},{"date" => "2017-09-22T18:41:04","version" => "2.111"},{"date" => "2017-10-01T09:12:45","version" => "2.112"},{"date" => "2017-10-12T19:07:46","version" => "2.113"},{"date" => "2017-11-11T16:35:03","version" => "2.114"},{"date" => "2017-12-14T18:03:18","version" => "2.115"},{"date" => "2017-12-16T09:52:09","version" => "2.116"},{"date" => "2018-02-03T18:09:35","version" => "2.117"},{"date" => "2018-03-26T18:33:19","version" => "2.118"},{"date" => "2018-04-02T16:55:50","version" => "2.119"},{"date" => "2018-04-08T07:56:03","version" => "2.120"},{"date" => "2018-04-15T17:08:18","version" => "2.121"},{"date" => "2018-04-17T17:20:14","version" => "2.122"},{"date" => "2018-05-01T17:18:09","version" => "2.123"},{"date" => "2018-06-09T17:16:59","version" => "2.124"},{"date" => "2018-06-24T12:47:24","version" => "2.125"},{"date" => "2018-08-20T13:10:09","version" => "2.126"},{"date" => "2018-09-30T16:44:13","version" => "2.127"},{"date" => "2018-11-21T19:33:41","version" => "2.128"},{"date" => "2018-12-05T18:44:58","version" => "2.129"},{"date" => "2018-12-07T19:02:10","version" => "2.130"},{"date" => "2018-12-16T18:32:58","version" => "2.131"},{"date" => "2018-12-22T17:50:27","version" => "2.132"},{"date" => "2019-01-13T20:17:07","version" => "2.133"},{"date" => "2019-05-05T10:51:38","version" => "2.134"},{"date" => "2019-06-05T17:21:24","version" => "2.135"},{"date" => "2019-07-29T15:44:09","version" => "2.136"},{"date" => "2019-12-01T17:32:00","version" => "2.137"},{"date" => "2019-12-27T14:43:21","version" => "2.138"},{"date" => "2020-07-18T14:38:14","version" => "2.139"},{"date" => "2020-07-31T08:24:37","version" => "2.140"},{"date" => "2021-01-17T18:04:01","version" => "2.141"},{"date" => "2021-04-07T17:08:47","version" => "2.142"},{"date" => "2021-10-31T17:28:44","version" => "2.143"},{"date" => "2021-11-04T17:26:40","version" => "2.144"},{"date" => "2021-11-06T18:23:25","version" => "2.145"},{"date" => "2021-11-28T18:13:47","version" => "2.146"},{"date" => "2021-11-29T18:42:25","version" => "2.147"},{"date" => "2022-01-09T15:02:17","version" => "2.148"},{"date" => "2022-01-13T16:42:50","version" => "2.149"},{"date" => "2022-05-08T15:10:12","version" => "2.150"},{"date" => "2022-07-26T14:32:41","version" => "2.151"},{"date" => "2022-07-28T08:07:07","version" => "2.152"},{"date" => "2023-07-14T14:05:14","version" => "2.153"},{"date" => "2023-07-14T17:35:53","version" => "2.153"},{"date" => "2024-06-15T14:47:56","version" => "2.154"},{"date" => "2024-11-24T15:11:43","version" => "2.155"},{"date" => "2026-02-02T15:05:59","version" => "2.156"},{"date" => "2026-03-03T18:24:07","version" => "2.157"},{"date" => "2026-03-04T18:23:59","version" => "2.158"},{"date" => "2026-03-08T15:55:43","version" => "2.159"}]},"Convert-ASN1" => {"advisories" => [{"affected_versions" => ["<0.27"],"cves" => ["CVE-2013-7488"],"description" => "perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.\n","distribution" => "Convert-ASN1","fixed_versions" => [],"id" => "CPANSA-Convert-ASN1-2013-7488","references" => ["https://github.com/gbarr/perl-Convert-ASN1/issues/14","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ONNQSW4SSKMG5RUEFZJZA5T5R2WXEGQF/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/6V3PJEQOT47ZO77263XPGS3Y3AJROI4X/"],"reported" => "2020-04-07","severity" => "high"}],"main_module" => "Convert::ASN1","versions" => [{"date" => "2000-04-03T21:52:45","version" => "0.04"},{"date" => "2000-05-12T10:14:51","version" => "0.05"},{"date" => "2000-05-22T11:08:54","version" => "0.06"},{"date" => "2000-05-30T14:31:54","version" => "0.07"},{"date" => "2001-02-05T22:44:53","version" => "0.08"},{"date" => "2001-04-19T23:07:25","version" => "0.09"},{"date" => "2001-04-20T06:40:05","version" => "0.10"},{"date" => "2001-06-11T13:37:41","version" => "0.11"},{"date" => "2001-07-31T17:11:59","version" => "0.12"},{"date" => "2001-08-26T07:23:52","version" => "0.13"},{"date" => "2001-09-10T18:07:31","version" => "0.14"},{"date" => "2002-01-22T11:33:25","version" => "0.15"},{"date" => "2002-08-20T00:05:24","version" => "0.16"},{"date" => "2003-05-12T17:52:00","version" => "0.17"},{"date" => "2003-10-08T14:31:56","version" => "0.18"},{"date" => "2005-04-19T00:51:07","version" => "0.19"},{"date" => "2006-02-22T01:29:15","version" => "0.20"},{"date" => "2007-02-03T02:50:32","version" => "0.21"},{"date" => "2008-09-15T19:39:08","version" => "0.22"},{"date" => "2012-05-03T21:33:29","version" => "0.23"},{"date" => "2012-06-04T22:12:03","version" => "0.24"},{"date" => "2012-06-09T00:32:31","version" => "0.25"},{"date" => "2012-06-09T18:31:05","version" => "0.26"},{"date" => "2014-06-25T18:49:11","version" => "0.27"},{"date" => "2021-05-23T21:05:04","version" => "0.28"},{"date" => "2021-05-24T21:29:37","version" => "0.29"},{"date" => "2021-05-30T00:58:54","version" => "0.30"},{"date" => "2021-06-03T01:30:40","version" => "0.31"},{"date" => "2021-09-21T21:46:25","version" => "0.32"},{"date" => "2021-09-22T22:51:23","version" => "0.33"},{"date" => "2023-08-07T22:47:22","version" => "0.34"}]},"Convert-UUlib" => {"advisories" => [{"affected_versions" => ["<1.051"],"cves" => ["CVE-2005-1349"],"description" => "Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.\n","distribution" => "Convert-UUlib","fixed_versions" => [],"id" => "CPANSA-Convert-UUlib-2005-1349","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200504-26.xml","http://secunia.com/advisories/15130","http://www.securityfocus.com/bid/13401","http://www.mandriva.com/security/advisories?name=MDKSA-2006:022","https://exchange.xforce.ibmcloud.com/vulnerabilities/20275"],"reported" => "2005-05-02","severity" => undef}],"main_module" => "Convert::UUlib","versions" => [{"date" => "1999-05-08T20:44:28","version" => "0.03"},{"date" => "1999-05-25T19:26:16","version" => "0.05"},{"date" => "1999-07-29T21:35:05","version" => "0.06"},{"date" => "2000-07-16T20:52:56","version" => "0.11"},{"date" => "2001-05-04T21:14:40","version" => "0.111"},{"date" => "2001-06-14T16:49:29","version" => "0.2"},{"date" => "2001-09-16T01:45:11","version" => "0.201"},{"date" => "2002-03-31T22:10:15","version" => "0.21"},{"date" => "2002-03-31T22:52:00","version" => "0.21"},{"date" => "2002-04-05T22:18:55","version" => "0.211"},{"date" => "2002-04-06T02:39:32","version" => "0.212"},{"date" => "2002-07-27T19:20:26","version" => "0.213"},{"date" => "2002-10-13T18:14:28","version" => "0.3"},{"date" => "2002-10-15T23:26:09","version" => "0.31"},{"date" => "2003-11-24T16:10:49","version" => "1.0"},{"date" => "2004-03-16T20:05:14","version" => "1.01"},{"date" => "2004-04-18T14:51:27","version" => "1.02"},{"date" => "2004-04-18T20:16:15","version" => "1.03"},{"date" => "2004-12-28T14:12:40","version" => "1.04"},{"date" => "2005-03-03T17:52:16","version" => "1.051"},{"date" => "2005-12-05T23:58:50","version" => "1.06"},{"date" => "2006-12-10T16:45:11","version" => "1.07"},{"date" => "2006-12-16T22:31:30","version" => "1.08"},{"date" => "2007-05-25T17:40:35","version" => "1.09"},{"date" => "2008-06-13T13:27:38","version" => "1.10"},{"date" => "2008-06-13T13:34:18","version" => "1.11"},{"date" => "2008-10-13T12:13:26","version" => "1.12"},{"date" => "2009-08-28T23:26:34","version" => "1.3"},{"date" => "2009-09-16T07:05:05","version" => "1.31"},{"date" => "2009-09-16T18:10:46","version" => "1.32"},{"date" => "2009-10-28T08:05:40","version" => "1.33"},{"date" => "2010-12-14T21:21:33","version" => "1.34"},{"date" => "2011-05-29T15:23:57","version" => "1.4"},{"date" => "2015-07-11T01:57:19","version" => "1.5"},{"date" => "2019-10-24T15:19:15","version" => "1.6"},{"date" => "2020-02-17T22:21:21","version" => "1.62"},{"date" => "2020-02-29T21:09:26","version" => "1.7"},{"date" => "2020-03-16T23:54:43","version" => "1.71"},{"date" => "2020-12-17T01:25:02","version" => "1.8"}]},"Cpanel-JSON-XS" => {"advisories" => [{"affected_versions" => ["<3.0225"],"cves" => [],"description" => "Overflow during processing of ill-formed UTF-8 strings.\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=3.0225"],"id" => "CPANSA-Cpanel-JSON-XS-2016-02","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/commit/f71768984ba7f50b0476c17a4f3b3f2ca88a6951","https://github.com/dankogai/p5-encode/issues/64"],"reported" => "2016-11-23"},{"affected_versions" => ["<3.0218"],"cves" => [],"description" => "Possible overflows in av and hv length types.\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=3.0218"],"id" => "CPANSA-Cpanel-JSON-XS-2016-01","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/commit/6554531b39fac236321d8601d35eaaa75ae45e20"],"reported" => undef},{"affected_versions" => ["<4.033"],"cves" => ["CVE-2022-48623"],"description" => "Wrong error messages/sometimes crashes or endless loops with invalid JSON in relaxed mode\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=4.033"],"id" => "CPANSA-Cpanel-JSON-XS-2023-01","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/issues/208","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.33/changes","https://nvd.nist.gov/vuln/detail/CVE-2022-48623","https://github.com/rurban/Cpanel-JSON-XS/commit/41f32396eee9395a40f9ed80145c37622560de9b","https://github.com/advisories/GHSA-44qr-8pf6-6q33"],"reported" => "2023-02-21"},{"affected_versions" => ["<4.40"],"cves" => ["CVE-2025-40929"],"description" => "Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=4.40"],"id" => "CPANSA-Cpanel-JSON-XS-2025-40929","references" => ["https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "Cpanel::JSON::XS","versions" => [{"date" => "2013-03-01T00:52:41","version" => "2.33_03"},{"date" => "2013-03-01T22:07:06","version" => "2.33_04"},{"date" => "2013-03-27T16:53:34","version" => "2.3305"},{"date" => "2013-03-27T17:17:51","version" => "2.3306"},{"date" => "2013-03-27T22:58:47","version" => "2.3307"},{"date" => "2013-03-28T14:28:56","version" => "2.3308"},{"date" => "2013-03-28T15:12:42","version" => "2.3309"},{"date" => "2013-03-28T17:33:21","version" => "2.3310"},{"date" => "2013-06-26T16:24:40","version" => "2.3313"},{"date" => "2013-09-09T05:54:40","version" => "2.3314"},{"date" => "2013-10-02T20:06:47","version" => "2.3401"},{"date" => "2013-11-02T14:42:20","version" => "2.3402"},{"date" => "2013-11-02T15:17:41","version" => "2.3403"},{"date" => "2014-01-30T15:58:58","version" => "2.3404"},{"date" => "2014-04-15T21:17:11","version" => "3.0101"},{"date" => "2014-04-17T18:37:34","version" => "3.0102"},{"date" => "2014-04-21T17:49:09","version" => "3.0103"},{"date" => "2014-04-26T16:04:39","version" => "3.0104"},{"date" => "2014-11-06T10:38:31","version" => "3.0105"},{"date" => "2014-11-11T21:57:49","version" => "3.0106"},{"date" => "2014-11-28T12:16:29","version" => "3.0107"},{"date" => "2014-12-11T17:02:07","version" => "3.0108"},{"date" => "2014-12-12T10:24:33","version" => "3.0109"},{"date" => "2014-12-12T22:35:37","version" => "3.0110"},{"date" => "2014-12-13T18:40:06","version" => "3.0111"},{"date" => "2014-12-14T16:34:01","version" => "3.0112"},{"date" => "2014-12-15T12:23:32","version" => "3.0113"},{"date" => "2015-01-04T14:06:03","version" => "3.0114"},{"date" => "2015-01-31T21:42:51","version" => "3.0115"},{"date" => "2015-11-26T08:58:33","version" => "3.0201"},{"date" => "2015-11-26T13:16:40","version" => "3.0202"},{"date" => "2015-11-26T13:42:02","version" => "3.0203"},{"date" => "2015-11-26T22:30:26","version" => "3.0204"},{"date" => "2015-11-29T14:09:00","version" => "3.0205"},{"date" => "2015-11-30T16:16:48","version" => "3.0206"},{"date" => "2015-12-02T16:34:35","version" => "3.0207"},{"date" => "2015-12-02T22:46:58","version" => "3.0208"},{"date" => "2015-12-03T09:45:04","version" => "3.0209"},{"date" => "2015-12-03T11:59:24","version" => "3.0210"},{"date" => "2016-01-10T17:38:25","version" => "3.0211"},{"date" => "2016-02-27T13:30:04","version" => "3.0212"},{"date" => "2016-03-02T10:28:37","version" => "3.0213"},{"date" => "2016-04-12T08:40:05","version" => "3.0213_01"},{"date" => "2016-04-13T10:40:03","version" => "3.0213_02"},{"date" => "2016-06-02T16:18:51","version" => "3.0214"},{"date" => "2016-06-06T13:28:49","version" => "3.0215"},{"date" => "2016-06-12T12:14:20","version" => "3.0216"},{"date" => "2016-06-18T09:59:27","version" => "3.0217"},{"date" => "2016-10-04T10:11:33","version" => "3.0217_01"},{"date" => "2016-10-04T14:47:29","version" => "3.0217_02"},{"date" => "2016-10-06T08:46:17","version" => "3.0217_03"},{"date" => "2016-10-07T12:11:03","version" => "3.0217_04"},{"date" => "2016-10-07T17:22:48","version" => "3.0217_05"},{"date" => "2016-10-08T08:01:50","version" => "3.0217_06"},{"date" => "2016-10-13T12:47:31","version" => "3.0218"},{"date" => "2016-10-26T11:45:35","version" => "3.0219"},{"date" => "2016-10-28T08:34:28","version" => "3.0220"},{"date" => "2016-10-30T12:27:36","version" => "3.0221"},{"date" => "2016-10-30T15:04:32","version" => "3.0222"},{"date" => "2016-11-16T11:47:38","version" => "3.0223"},{"date" => "2016-11-20T11:31:34","version" => "3.0224"},{"date" => "2016-11-23T18:43:00","version" => "3.0225"},{"date" => "2017-02-11T13:24:48","version" => "3.0226"},{"date" => "2017-02-13T10:57:06","version" => "3.0227"},{"date" => "2017-03-07T23:57:39","version" => "3.0228"},{"date" => "2017-03-10T14:08:07","version" => "3.0229"},{"date" => "2017-03-12T09:52:13","version" => "3.0230"},{"date" => "2017-03-29T09:51:51","version" => "3.0231"},{"date" => "2017-05-01T05:35:12","version" => "3.0232"},{"date" => "2017-05-01T14:54:56","version" => "3.0233"},{"date" => "2017-07-27T15:43:41","version" => "3.0234"},{"date" => "2017-07-27T16:21:47","version" => "3.0235"},{"date" => "2017-07-27T20:15:25","version" => "3.0236"},{"date" => "2017-07-28T11:15:05","version" => "3.0237"},{"date" => "2017-08-25T20:53:56","version" => "3.0238"},{"date" => "2017-08-28T20:48:37","version" => "3.0239"},{"date" => "2018-01-30T11:52:27","version" => "3.99_01"},{"date" => "2018-01-31T12:58:24","version" => "3.99_02"},{"date" => "2018-01-31T17:18:58","version" => "3.99_03"},{"date" => "2018-02-02T01:57:54","version" => "4.00"},{"date" => "2018-02-03T11:50:36","version" => "4.01"},{"date" => "2018-02-27T16:08:55","version" => "4.02"},{"date" => "2018-06-21T11:16:14","version" => "4.03"},{"date" => "2018-06-22T17:37:07","version" => "4.04"},{"date" => "2018-08-19T16:55:22","version" => "4.05"},{"date" => "2018-08-23T07:50:22","version" => "4.06"},{"date" => "2018-11-02T09:51:34","version" => "4.07"},{"date" => "2018-11-28T14:26:40","version" => "4.08"},{"date" => "2019-02-15T10:09:53","version" => "4.09"},{"date" => "2019-03-18T07:50:15","version" => "4.10"},{"date" => "2019-03-26T16:46:53","version" => "4.11"},{"date" => "2019-06-11T08:04:04","version" => "4.12"},{"date" => "2019-10-14T14:14:37","version" => "4.13"},{"date" => "2019-10-15T15:16:21","version" => "4.14"},{"date" => "2019-10-22T07:01:03","version" => "4.15"},{"date" => "2019-11-04T15:51:01","version" => "4.16"},{"date" => "2019-11-05T13:48:29","version" => "4.17"},{"date" => "2019-12-13T15:54:58","version" => "4.18"},{"date" => "2020-02-06T15:07:47","version" => "4.19"},{"date" => "2020-08-12T12:18:46","version" => "4.20"},{"date" => "2020-08-13T06:56:18","version" => "4.21"},{"date" => "2020-09-04T19:26:28","version" => "4.22"},{"date" => "2020-09-05T10:21:25","version" => "4.23"},{"date" => "2020-10-02T09:05:37","version" => "4.24"},{"date" => "2020-10-28T07:04:49","version" => "4.25"},{"date" => "2021-04-12T06:34:32","version" => "4.26"},{"date" => "2021-10-14T19:19:01","version" => "4.27"},{"date" => "2022-05-05T14:46:07","version" => "4.28"},{"date" => "2022-05-27T15:32:51","version" => "4.29"},{"date" => "2022-06-16T19:19:38","version" => "4.30"},{"date" => "2022-08-10T14:25:08","version" => "4.31"},{"date" => "2022-08-13T07:13:40","version" => "4.32"},{"date" => "2023-02-21T16:34:10","version" => "4.33"},{"date" => "2023-02-21T18:39:09","version" => "4.34"},{"date" => "2023-02-22T15:40:53","version" => "4.35"},{"date" => "2023-03-02T15:11:52","version" => "4.36"},{"date" => "2023-07-04T10:35:53","version" => "4.37"},{"date" => "2024-05-28T07:42:37","version" => "4.38"},{"date" => "2024-12-12T21:17:16","version" => "4.39"},{"date" => "2025-09-08T14:02:35","version" => "4.40"}]},"Crypt-CBC" => {"advisories" => [{"affected_versions" => ["<3.04"],"cves" => [],"description" => "Fixed bug involving manually-specified IV not being used in some circumstances.\n","distribution" => "Crypt-CBC","fixed_versions" => [">=3.04"],"id" => "CPANSA-Crypt-CBC-2021-0001","references" => ["https://metacpan.org/changes/distribution/Crypt-CBC","https://github.com/briandfoy/cpan-security-advisory/issues/165"],"reported" => "2021-05-17","severity" => undef},{"affected_versions" => ["<2.17"],"cves" => ["CVE-2006-0898"],"description" => "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.\n","distribution" => "Crypt-CBC","fixed_versions" => [">=2.17"],"id" => "CPANSA-Crypt-CBC-2006-0898","references" => ["https://metacpan.org/changes/distribution/Crypt-CBC","http://www.securityfocus.com/bid/16802","http://secunia.com/advisories/18755","http://www.debian.org/security/2006/dsa-996","http://secunia.com/advisories/19187","http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml","http://secunia.com/advisories/19303","http://www.novell.com/linux/security/advisories/2006_38_security.html","http://secunia.com/advisories/20899","http://securityreason.com/securityalert/488","http://www.redhat.com/support/errata/RHSA-2008-0261.html","http://secunia.com/advisories/31493","http://rhn.redhat.com/errata/RHSA-2008-0630.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/24954","http://www.securityfocus.com/archive/1/425966/100/0/threaded"],"reported" => "2006-02-25","severity" => undef},{"affected_versions" => [">=1.21,<3.07"],"cves" => ["CVE-2025-2814"],"description" => "Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  This issue affects operating systems where \"/dev/urandom'\" is unavailable.\x{a0} In that case, Crypt::CBC will fallback to use the insecure rand() function.","distribution" => "Crypt-CBC","fixed_versions" => [">=3.07"],"id" => "CPANSA-Crypt-CBC-2025-2814","references" => ["https://metacpan.org/dist/Crypt-CBC/source/lib/Crypt/CBC.pm#L777","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://github.com/lstein/Lib-Crypt-CBC/issues/9"],"reported" => "2025-04-13","severity" => undef}],"main_module" => "Crypt::CBC","versions" => [{"date" => "1998-06-19T19:48:52","version" => "1.00"},{"date" => "1998-09-22T18:30:35","version" => "1.10"},{"date" => "1998-12-20T23:36:49","version" => "1.20"},{"date" => "2000-01-27T00:27:56","version" => "1.22"},{"date" => "2000-02-22T15:20:56","version" => "1.23"},{"date" => "2000-06-07T18:55:59","version" => "1.24"},{"date" => "2000-06-08T15:59:07","version" => "1.25"},{"date" => "2001-12-10T17:16:25","version" => "2.01"},{"date" => "2002-01-24T05:30:16","version" => "2.02"},{"date" => "2002-06-02T18:40:15","version" => "2.03"},{"date" => "2002-06-12T02:20:51","version" => "2.04"},{"date" => "2002-06-22T13:02:09","version" => "2.05"},{"date" => "2002-08-08T18:47:49","version" => "2.07"},{"date" => "2002-09-11T12:17:23","version" => "2.08"},{"date" => "2004-05-27T15:20:52","version" => "2.09"},{"date" => "2004-05-29T17:29:19","version" => "2.10"},{"date" => "2004-06-03T16:22:32","version" => "2.11"},{"date" => "2004-06-17T15:55:19","version" => "2.11"},{"date" => "2005-05-05T20:11:50","version" => "2.14"},{"date" => "2005-08-01T14:02:45","version" => "2.15"},{"date" => "2006-02-16T14:08:57","version" => "2.17"},{"date" => "2006-06-06T23:22:02","version" => "2.18"},{"date" => "2006-08-12T19:52:11","version" => "2.19"},{"date" => "2006-10-16T23:40:13","version" => "2.21"},{"date" => "2006-10-29T21:55:34","version" => "2.22"},{"date" => "2007-09-28T15:25:53","version" => "2.24"},{"date" => "2008-03-28T14:17:29","version" => "2.27"},{"date" => "2008-03-31T14:56:52","version" => "2.28"},{"date" => "2008-04-22T14:27:07","version" => "2.29"},{"date" => "2008-09-30T15:17:58","version" => "2.30"},{"date" => "2012-10-30T11:08:06","version" => "2.31"},{"date" => "2012-12-14T19:30:14","version" => "2.32"},{"date" => "2013-07-30T20:03:53","version" => "2.33"},{"date" => "2021-02-07T15:30:51","version" => "3.00"},{"date" => "2021-02-08T21:38:16","version" => "3.01"},{"date" => "2021-04-11T22:16:48","version" => "3.02"},{"date" => "2021-04-19T02:59:12","version" => "3.03"},{"date" => "2021-05-17T15:03:53","version" => "3.04"},{"date" => "2025-07-21T00:57:11","version" => "3.05"},{"date" => "2025-07-26T16:23:53","version" => "3.06"},{"date" => "2025-07-27T14:50:49","version" => "3.07"}]},"Crypt-DSA" => {"advisories" => [{"affected_versions" => ["<1.18"],"cves" => ["CVE-2011-3599"],"description" => "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.\n","distribution" => "Crypt-DSA","fixed_versions" => [],"id" => "CPANSA-Crypt-DSA-2011-3599","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=71421","https://bugzilla.redhat.com/show_bug.cgi?id=743567","http://www.openwall.com/lists/oss-security/2011/10/05/9","http://www.openwall.com/lists/oss-security/2011/10/05/5","http://secunia.com/advisories/46275","http://www.securityfocus.com/bid/49928","http://osvdb.org/76025"],"reported" => "2011-10-10","severity" => undef}],"main_module" => "Crypt::DSA","versions" => [{"date" => "2001-03-24T01:21:08","version" => "0.02"},{"date" => "2001-04-07T07:44:41","version" => "0.03"},{"date" => "2001-04-23T00:09:38","version" => "0.10"},{"date" => "2001-05-02T23:26:09","version" => "0.11"},{"date" => "2001-05-04T06:12:08","version" => "0.12"},{"date" => "2005-05-26T16:19:59","version" => "0.13"},{"date" => "2006-05-08T18:43:01","version" => "0.14"},{"date" => "2009-08-19T11:11:31","version" => "0.15_01"},{"date" => "2009-09-11T12:47:36","version" => "1.16"},{"date" => "2011-06-17T01:49:57","version" => "1.17"},{"date" => "2024-12-04T04:25:53","version" => "1.18"},{"date" => "2024-12-04T13:54:34","version" => "1.18"},{"date" => "2024-12-04T14:50:02","version" => "1.19"}]},"Crypt-JWT" => {"advisories" => [{"affected_versions" => ["<0.023"],"cves" => ["CVE-2019-1010263"],"description" => "Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c.\n","distribution" => "Crypt-JWT","fixed_versions" => [">=0.023"],"id" => "CPANSA-Crypt-JWT-2019-01","references" => ["https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c","https://www.openwall.com/lists/oss-security/2018/09/07/1"],"reported" => "2019-03-20","severity" => "high"},{"affected_versions" => ["<0.022"],"cves" => ["CVE-2019-1010161"],"description" => "perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.\n","distribution" => "Crypt-JWT","fixed_versions" => [">=0.022"],"id" => "CPANSA-Crypt-JWT-2019-01","references" => ["https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483"],"reported" => "2019-03-20","severity" => "high"}],"main_module" => "Crypt::JWT","versions" => [{"date" => "2015-07-02T22:24:01","version" => "0.004"},{"date" => "2015-07-02T22:54:29","version" => "0.005"},{"date" => "2015-07-07T19:43:45","version" => "0.010"},{"date" => "2015-10-22T07:08:48","version" => "0.011"},{"date" => "2016-05-02T17:33:01","version" => "0.012"},{"date" => "2016-05-03T07:10:15","version" => "0.013"},{"date" => "2016-05-04T05:48:13","version" => "0.014"},{"date" => "2016-05-12T05:38:49","version" => "0.015"},{"date" => "2016-05-12T08:03:49","version" => "0.016"},{"date" => "2016-06-03T10:17:48","version" => "0.017"},{"date" => "2016-08-31T19:49:41","version" => "0.018"},{"date" => "2018-01-26T16:07:54","version" => "0.019"},{"date" => "2018-02-02T15:02:28","version" => "0.020"},{"date" => "2018-03-15T11:59:25","version" => "0.021"},{"date" => "2018-06-24T20:29:50","version" => "0.022"},{"date" => "2018-09-01T16:09:10","version" => "0.023"},{"date" => "2019-03-26T11:11:25","version" => "0.024"},{"date" => "2019-09-29T15:23:58","version" => "0.025"},{"date" => "2020-02-02T08:44:56","version" => "0.026"},{"date" => "2020-06-04T22:35:39","version" => "0.027"},{"date" => "2020-06-14T18:17:45","version" => "0.028"},{"date" => "2020-06-22T13:13:53","version" => "0.029"},{"date" => "2021-01-08T14:22:56","version" => "0.030"},{"date" => "2021-01-10T14:18:25","version" => "0.031"},{"date" => "2021-03-18T21:02:33","version" => "0.032"},{"date" => "2021-05-01T17:18:31","version" => "0.033"},{"date" => "2021-11-28T22:08:38","version" => "0.034"},{"date" => "2023-10-03T10:20:23","version" => "0.035"},{"date" => "2025-01-26T10:17:48","version" => "0.036"},{"date" => "2025-04-27T15:02:48","version" => "0.037"}]},"Crypt-NaCl-Sodium" => {"advisories" => [{"affected_versions" => ["<2.002"],"cves" => ["CVE-2026-2588"],"description" => "Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems.  Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions.  On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 64-bits.","distribution" => "Crypt-NaCl-Sodium","fixed_versions" => [">=2.002"],"id" => "CPANSA-Crypt-NaCl-Sodium-2026-2588","references" => ["https://github.com/cpan-authors/crypt-nacl-sodium/commit/557388bdb4da416a56663cda0154b80cd524395c.patch","https://github.com/cpan-authors/crypt-nacl-sodium/commit/8cf7f66ba922443e131c9deae1ee00fafe4f62e4.patch","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.001/source/Sodium.xs#L2119"],"reported" => "2026-02-23","severity" => undef},{"affected_versions" => ["<2.003"],"cves" => ["CVE-2026-30909"],"description" => "Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows.  bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer.  Encountering this issue is unlikely as the message length would need to be very large.  For bin2hex() the bin_len would have to be > SIZE_MAX / 2 For encrypt() the msg_len would need to be > SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be > SIZE_MAX - 16U For seal() the enc_len would need to be > SIZE_MAX - 64U","distribution" => "Crypt-NaCl-Sodium","fixed_versions" => [">=2.003"],"id" => "CPANSA-Crypt-NaCl-Sodium-2026-30909","references" => ["https://github.com/cpan-authors/crypt-nacl-sodium/pull/24.patch","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L2116","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L2310","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L3304","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L942","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.003/source/Changes","http://www.openwall.com/lists/oss-security/2026/03/08/1"],"reported" => "2026-03-08","severity" => undef}],"main_module" => "Crypt::NaCl::Sodium","versions" => [{"date" => "2015-05-11T23:46:38","version" => "0.01"},{"date" => "2015-05-12T00:36:27","version" => "0.02"},{"date" => "2015-05-12T21:28:08","version" => "0.03"},{"date" => "2015-05-17T23:32:58","version" => "0.04"},{"date" => "2015-05-19T21:42:19","version" => "0.05"},{"date" => "2015-05-20T21:42:03","version" => "0.06"},{"date" => "2015-07-13T21:38:48","version" => "0.07"},{"date" => "2015-07-16T23:17:55","version" => "0.08"},{"date" => "2015-11-22T23:01:21","version" => "1.0.6.0"},{"date" => "2015-11-25T23:52:50","version" => "1.0.6.1"},{"date" => "2015-12-24T02:46:57","version" => "1.0.7.0"},{"date" => "2015-12-27T21:47:41","version" => "1.0.8.0"},{"date" => "2026-02-11T00:21:19","version" => "2.000"},{"date" => "2026-02-12T23:20:54","version" => "2.001"},{"date" => "2026-02-22T23:28:45","version" => "2.002"},{"date" => "2026-03-08T01:06:53","version" => "2.003"}]},"Crypt-OpenSSL-DSA" => {"advisories" => [{"affected_versions" => ["<0.14"],"cves" => ["CVE-2009-0129"],"description" => "Missing error check in do_verify, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.\n","distribution" => "Crypt-OpenSSL-DSA","fixed_versions" => [">=0.14"],"id" => "CPANSA-Crypt-OpenSSL-DSA-2009-01","references" => ["https://metacpan.org/changes/distribution/Crypt-OpenSSL-DSA","https://www.openwall.com/lists/oss-security/2009/01/12/4","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519"],"reported" => "2009-01-15"}],"main_module" => "Crypt::OpenSSL::DSA","versions" => [{"date" => "2001-09-19T04:45:14","version" => "0.01"},{"date" => "2001-09-24T17:32:49","version" => "0.02"},{"date" => "2002-02-07T05:57:36","version" => "0.03"},{"date" => "2002-09-24T04:52:06","version" => "0.04"},{"date" => "2002-09-26T00:21:17","version" => "0.10"},{"date" => "2003-01-06T19:08:08","version" => "0.11"},{"date" => "2005-05-23T01:44:36","version" => "0.12"},{"date" => "2005-10-15T21:37:10","version" => "0.13"},{"date" => "2012-10-16T22:55:16","version" => "0.14"},{"date" => "2015-02-03T21:57:37","version" => "0.15"},{"date" => "2016-10-27T11:25:18","version" => "0.16"},{"date" => "2016-10-27T18:54:42","version" => "0.17"},{"date" => "2016-11-17T10:33:35","version" => "0.18"},{"date" => "2017-01-13T08:24:56","version" => "0.19"},{"date" => "2021-03-20T12:31:50","version" => "0.20"}]},"Crypt-OpenSSL-RSA" => {"advisories" => [{"affected_versions" => ["<0.35"],"cves" => ["CVE-2024-2467"],"description" => "A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.\n","distribution" => "Crypt-OpenSSL-RSA","fixed_versions" => [">=0.35"],"id" => "CPANSA-Crypt-OpenSSL-RSA-2024-2467","references" => ["https://access.redhat.com/security/cve/CVE-2024-2467","https://bugzilla.redhat.com/show_bug.cgi?id=2269567","https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42","https://people.redhat.com/~hkario/marvin/"],"reported" => "2024-04-25","severity" => undef}],"main_module" => "Crypt::OpenSSL::RSA","versions" => [{"date" => "2001-04-02T04:24:26","version" => "0.08"},{"date" => "2001-04-02T16:43:12","version" => "0.09"},{"date" => "2001-04-10T20:56:43","version" => "0.10"},{"date" => "2001-04-11T02:58:01","version" => "0.11"},{"date" => "2001-09-07T03:14:26","version" => "0.12"},{"date" => "2002-03-22T04:46:17","version" => "0.13"},{"date" => "2002-05-19T16:54:53","version" => "0.14"},{"date" => "2002-06-07T13:25:40","version" => "0.15"},{"date" => "2002-06-12T02:15:47","version" => "0.16"},{"date" => "2003-01-07T04:08:58","version" => "0.17"},{"date" => "2003-02-24T02:27:12","version" => "0.18"},{"date" => "2003-04-27T22:48:40","version" => "0.19"},{"date" => "2004-02-15T20:43:41","version" => "0.20"},{"date" => "2004-02-16T02:19:45","version" => "0.21"},{"date" => "2005-06-06T10:51:24","version" => "0.22"},{"date" => "2005-11-15T04:34:15","version" => "0.22"},{"date" => "2006-04-13T04:38:04","version" => "0.23"},{"date" => "2006-11-13T15:34:59","version" => "0.24"},{"date" => "2007-05-20T19:06:56","version" => "0.25"},{"date" => "2009-11-22T20:40:31","version" => "0.26"},{"date" => "2011-06-29T18:49:35","version" => "0.26_01"},{"date" => "2011-07-03T20:14:52","version" => "0.27"},{"date" => "2011-08-24T23:04:56","version" => "0.28"},{"date" => "2017-11-27T03:36:04","version" => "0.28"},{"date" => "2018-04-14T05:01:11","version" => "0.29_01"},{"date" => "2018-04-15T18:55:41","version" => "0.29_02"},{"date" => "2018-04-16T20:47:56","version" => "0.29_03"},{"date" => "2018-05-01T16:37:12","version" => "0.30"},{"date" => "2018-09-24T17:36:24","version" => "0.31"},{"date" => "2021-09-08T15:50:47","version" => "0.32"},{"date" => "2022-07-08T11:25:11","version" => "0.33"},{"date" => "2025-05-03T12:48:15","version" => "0.34_01"},{"date" => "2025-05-04T13:50:42","version" => "0.34_02"},{"date" => "2025-05-04T14:18:26","version" => "0.34_03"},{"date" => "2025-05-05T13:44:07","version" => "0.34"},{"date" => "2025-05-07T16:52:11","version" => "0.35"},{"date" => "2025-10-29T21:22:55","version" => "0.36"},{"date" => "2025-10-29T21:41:15","version" => "0.37"}]},"Crypt-Passwd-XS" => {"advisories" => [{"affected_versions" => ["<0.601"],"cves" => ["CVE-2012-2143"],"description" => "The crypt_des (aka DES-based crypt) function does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.\n","distribution" => "Crypt-Passwd-XS","fixed_versions" => [">=0.601"],"id" => "CPANSA-Crypt-Passwd-XS-2012-01","references" => ["https://metacpan.org/changes/distribution/Crypt-Passwd-XS"],"reported" => "2012-05-07"}],"main_module" => "Crypt::Passwd::XS","versions" => [{"date" => "2010-11-14T21:18:18","version" => "0.4"},{"date" => "2010-11-17T02:03:54","version" => "0.501"},{"date" => "2010-11-17T23:25:17","version" => "0.503"},{"date" => "2010-11-20T00:37:33","version" => "0.504"},{"date" => "2010-11-24T00:59:34","version" => "0.505"},{"date" => "2011-03-09T16:18:01","version" => "0.506"},{"date" => "2011-03-09T21:40:38","version" => "0.507"},{"date" => "2011-07-26T16:37:20","version" => "0.600"},{"date" => "2012-12-06T19:57:57","version" => "0.601"}]},"Crypt-Perl" => {"advisories" => [{"affected_versions" => ["<0.33"],"cves" => ["CVE-2020-17478"],"description" => "ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.\n","distribution" => "Crypt-Perl","fixed_versions" => [">=0.33"],"id" => "CPANSA-Crypt-Perl-2020-01","references" => ["https://github.com/FGasper/p5-Crypt-Perl/compare/0.32...0.33"],"reported" => "2020-08-10","severity" => "high"},{"affected_versions" => ["<0.32"],"cves" => ["CVE-2020-13895"],"description" => "Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.\n","distribution" => "Crypt-Perl","fixed_versions" => [">=0.32"],"id" => "CPANSA-Crypt-Perl-2020-02","references" => ["https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2","https://github.com/FGasper/p5-Crypt-Perl/issues/14"],"reported" => "2020-06-07","severity" => "high"}],"main_module" => "Crypt::Perl","versions" => [{"date" => "2016-12-14T06:20:54","version" => "0.01"},{"date" => "2016-12-17T05:33:45","version" => "0.02"},{"date" => "2016-12-19T14:55:23","version" => "0.021"},{"date" => "2016-12-19T22:19:39","version" => "0.022"},{"date" => "2016-12-20T08:45:47","version" => "0.03"},{"date" => "2016-12-20T18:44:49","version" => "0.031"},{"date" => "2016-12-21T05:18:09","version" => "0.032"},{"date" => "2016-12-23T05:59:32","version" => "0.033"},{"date" => "2016-12-29T16:03:59","version" => "0.1"},{"date" => "2016-12-31T06:23:01","version" => "0.11"},{"date" => "2017-01-02T21:24:31","version" => "0.12"},{"date" => "2017-01-03T14:55:13","version" => "0.13"},{"date" => "2017-01-03T16:30:45","version" => "0.14"},{"date" => "2017-01-04T00:12:29","version" => "0.15"},{"date" => "2017-02-02T09:09:40","version" => "0.15_1"},{"date" => "2017-02-03T03:31:34","version" => "0.16_rc1"},{"date" => "2017-02-03T03:38:07","version" => "0.15_2"},{"date" => "2017-02-03T07:21:32","version" => "0.15_3"},{"date" => "2017-02-07T04:16:06","version" => "0.16"},{"date" => "2017-02-08T07:56:45","version" => "0.16_1"},{"date" => "2017-02-08T09:25:41","version" => "0.17"},{"date" => "2017-02-09T04:07:34","version" => "0.17_1"},{"date" => "2018-06-18T01:48:20","version" => "0.18-TRIAL1"},{"date" => "2018-06-18T02:52:52","version" => "0.18-TRIAL2"},{"date" => "2018-06-18T12:03:17","version" => "0.18-TRIAL3"},{"date" => "2018-06-18T15:07:20","version" => "0.18-TRIAL4"},{"date" => "2018-06-18T20:34:04","version" => "0.18-TRIAL5"},{"date" => "2018-06-18T21:06:07","version" => "0.18-TRIAL6"},{"date" => "2018-06-18T21:47:43","version" => "0.18-TRIAL7"},{"date" => "2018-06-18T22:42:19","version" => "0.18"},{"date" => "2018-06-19T04:25:06","version" => "0.19"},{"date" => "2018-06-19T06:14:32","version" => "0.20-TRIAL1"},{"date" => "2018-06-19T14:23:57","version" => "0.20-TRIAL2"},{"date" => "2018-06-19T15:50:08","version" => "0.20"},{"date" => "2018-06-19T15:56:15","version" => "0.21"},{"date" => "2018-06-21T03:33:59","version" => "0.22-TRIAL1"},{"date" => "2018-06-21T13:31:18","version" => "0.22-TRIAL2"},{"date" => "2018-06-22T14:43:21","version" => "0.22"},{"date" => "2018-06-23T00:40:40","version" => "0.23-TRIAL1"},{"date" => "2018-06-25T14:35:15","version" => "0.23"},{"date" => "2018-07-23T03:11:37","version" => "0.24_TRIAL1"},{"date" => "2018-07-23T03:13:05","version" => "0.24_TRIAL2"},{"date" => "2018-07-23T03:16:58","version" => "0.24-TRIAL3"},{"date" => "2018-07-23T12:12:48","version" => "0.24-TRIAL4"},{"date" => "2018-07-24T22:03:18","version" => "0.24"},{"date" => "2018-07-25T01:54:45","version" => "0.25"},{"date" => "2018-07-28T19:52:07","version" => "0.26-TRIAL1"},{"date" => "2018-07-28T22:07:05","version" => "0.26"},{"date" => "2018-07-28T22:26:02","version" => "0.27-TRIAL1"},{"date" => "2018-07-29T02:05:05","version" => "0.27"},{"date" => "2018-08-25T00:24:23","version" => "0.28"},{"date" => "2018-08-25T02:38:45","version" => "0.29"},{"date" => "2018-12-22T02:29:37","version" => "0.30-TRIAL1"},{"date" => "2018-12-22T15:18:25","version" => "0.30-TRIAL2"},{"date" => "2018-12-24T03:14:46","version" => "0.30-TRIAL3"},{"date" => "2019-09-12T03:13:59","version" => "0.30"},{"date" => "2020-02-11T00:54:58","version" => "0.31_01"},{"date" => "2020-02-11T02:50:09","version" => "0.31_02"},{"date" => "2020-02-12T01:19:36","version" => "0.31"},{"date" => "2020-06-04T12:31:25","version" => "0.32_01"},{"date" => "2020-06-04T12:56:11","version" => "0.32_02"},{"date" => "2020-06-05T02:53:59","version" => "0.32"},{"date" => "2020-08-10T15:39:12","version" => "0.33"},{"date" => "2020-09-24T07:31:56","version" => "0.34_02"},{"date" => "2020-09-24T07:37:16","version" => "0.34_03"},{"date" => "2020-09-25T01:38:34","version" => "0.34_04"},{"date" => "2020-09-26T03:44:57","version" => "0.34_05"},{"date" => "2020-09-26T12:38:56","version" => "0.34_06"},{"date" => "2020-09-26T18:03:25","version" => "0.34_07"},{"date" => "2020-09-27T13:00:26","version" => "0.34_08"},{"date" => "2020-09-27T23:51:08","version" => "0.34_09"},{"date" => "2020-09-28T07:22:06","version" => "0.34"},{"date" => "2021-11-17T15:13:58","version" => "0.35_02"},{"date" => "2021-11-18T03:39:19","version" => "0.35"},{"date" => "2021-11-18T03:44:32","version" => "0.36"},{"date" => "2021-11-20T13:20:35","version" => "0.37_01"},{"date" => "2021-11-21T03:44:48","version" => "0.37_02"},{"date" => "2021-11-22T04:28:59","version" => "0.37_03"},{"date" => "2021-11-29T02:09:35","version" => "0.37_04"},{"date" => "2021-11-30T02:16:10","version" => "0.37_05"},{"date" => "2021-11-30T16:09:14","version" => "0.37_06"},{"date" => "2021-12-01T01:39:08","version" => "0.37_07"},{"date" => "2021-12-02T21:42:02","version" => "0.37_08"},{"date" => "2021-12-06T15:38:41","version" => "0.37_09"},{"date" => "2021-12-08T01:12:53","version" => "0.37_10"},{"date" => "2021-12-09T13:42:15","version" => "0.37_11"},{"date" => "2021-12-14T02:08:33","version" => "0.37_12"},{"date" => "2021-12-15T05:19:53","version" => "0.37_13"},{"date" => "2021-12-17T19:36:38","version" => "0.37"},{"date" => "2022-10-17T15:04:13","version" => "0.38"}]},"Crypt-Primes" => {"advisories" => [{"affected_versions" => ["<0.52"],"cves" => [],"description" => "bin/largeprimes uses a custom shebang, which allows it to load modules from several locations: '..', '../lib', 'lib'. This could lead to load modules from an unpredictable location depending from where the script is run and what user is running it.\n","distribution" => "Crypt-Primes","fixed_versions" => [">=0.52"],"id" => "CPANSA-Crypt-Primes-2024-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=128058","https://github.com/atoomic/Crypt-Primes/pull/2","https://github.com/perl-Crypt-OpenPGP/Crypt-Primes/blob/main/Changes"],"reported" => undef,"severity" => undef}],"main_module" => "Crypt::Primes","versions" => [{"date" => "2000-11-09T23:33:04","version" => "0.38"},{"date" => "2001-03-05T09:29:12","version" => "0.46"},{"date" => "2001-06-11T09:15:28","version" => "0.49"},{"date" => "2003-01-16T20:11:04","version" => "0.50"},{"date" => "2025-01-25T02:41:34","version" => "0.51"},{"date" => "2025-01-25T13:14:32","version" => "0.52"}]},"Crypt-Random" => {"advisories" => [{"affected_versions" => [">0"],"cves" => [],"description" => "The makerandom program that comes with Crypt::Random adds module search paths in its shebang line, potentially leading to issues with unexpected modules being loaded\n","distribution" => "Crypt-Random","fixed_versions" => [],"id" => "CPANSA-Crypt-Random-2024-001","references" => ["https://metacpan.org/dist/Crypt-Random/changes","https://rt.cpan.org/Ticket/Display.html?id=128062","https://github.com/atoomic/Crypt-Random/pull/1"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.05,<=1.55"],"cves" => ["CVE-2025-1828"],"description" => "Crypt::Random Perl package 1.05 through 1.55 may use rand() function,\x{a0}which is not\x{a0}cryptographically strong,\x{a0}for cryptographic functions.  If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available\x{a0}Crypt::Random will default to use the insecure\x{a0}Crypt::Random::rand provider.  In particular, Windows versions of perl will encounter this issue by default.","distribution" => "Crypt-Random","fixed_versions" => [">1.55"],"id" => "CPANSA-Crypt-Random-2025-1828","references" => ["https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05","https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1","https://perldoc.perl.org/functions/rand"],"reported" => "2025-03-11","severity" => undef}],"main_module" => "Crypt::Random","versions" => [{"date" => "1999-04-09T19:08:40","version" => "0.17"},{"date" => "1999-10-13T23:27:57","version" => "0.18"},{"date" => "2000-09-18T22:56:56","version" => "0.23"},{"date" => "2001-02-14T08:55:34","version" => "0.32"},{"date" => "2001-03-05T09:27:27","version" => "0.33"},{"date" => "2001-04-17T22:01:25","version" => "0.34"},{"date" => "2001-06-22T22:11:42","version" => "1.07"},{"date" => "2001-06-23T02:22:55","version" => "1.08"},{"date" => "2001-07-09T19:07:34","version" => "1.10"},{"date" => "2001-07-12T16:02:21","version" => "1.11"},{"date" => "2003-01-08T13:41:34","version" => "1.12"},{"date" => "2003-03-11T18:44:11","version" => "1.13"},{"date" => "2004-05-21T21:18:13","version" => "1.20"},{"date" => "2004-05-24T23:04:52","version" => "1.21"},{"date" => "2004-06-01T22:58:47","version" => "1.22"},{"date" => "2004-06-02T18:52:24","version" => "1.23"},{"date" => "2005-03-07T23:05:09","version" => "1.24"},{"date" => "2005-03-07T23:18:08","version" => "1.25"},{"date" => "2018-12-22T16:21:07","version" => "1.51"},{"date" => "2018-12-22T19:30:28","version" => "1.52"},{"date" => "2021-06-03T18:19:46","version" => "1.53"},{"date" => "2021-06-03T18:31:44","version" => "1.54"},{"date" => "2025-01-30T05:20:08","version" => "1.55"},{"date" => "2025-02-05T01:49:00","version" => "1.56"},{"date" => "2025-02-10T23:28:24","version" => "1.57"}]},"Crypt-Random-Source" => {"advisories" => [{"affected_versions" => ["<=0.12"],"cves" => ["CVE-2018-25107"],"description" => "In versions prior to 0.13, rand could be used as a result of calling get_weak, or get, if no random device was available. This implies that not explicitly asking for get_strong on a non POSIX operating system (e.g. Win32 without the Win32 backend) could have resulted in non cryptographically random data.\n","distribution" => "Crypt-Random-Source","fixed_versions" => [">=0.13"],"id" => "CPANSA-Crypt-Random-Source-2024-001","references" => ["https://metacpan.org/dist/Crypt-Random-Source/changes","https://nvd.nist.gov/vuln/detail/CVE-2018-25107","https://github.com/karenetheridge/Crypt-Random-Source/pull/3","https://metacpan.org/release/ETHER/Crypt-Random-Source-0.13/changes"],"reported" => undef,"severity" => undef}],"main_module" => "Crypt::Random::Source","versions" => [{"date" => "2008-06-17T00:15:09","version" => "0.01_01"},{"date" => "2008-06-17T01:51:37","version" => "0.01"},{"date" => "2008-06-17T01:53:15","version" => "0.02"},{"date" => "2008-06-17T06:01:16","version" => "0.03"},{"date" => "2009-11-25T17:09:48","version" => "0.04"},{"date" => "2009-11-25T17:11:14","version" => "0.05"},{"date" => "2010-12-23T03:04:46","version" => "0.06"},{"date" => "2011-01-05T08:42:20","version" => "0.07"},{"date" => "2014-08-05T00:05:07","version" => "0.08"},{"date" => "2014-08-30T17:12:48","version" => "0.09"},{"date" => "2014-08-31T18:06:40","version" => "0.10"},{"date" => "2015-10-24T04:00:11","version" => "0.11"},{"date" => "2016-03-11T03:43:41","version" => "0.12"},{"date" => "2018-04-08T01:09:20","version" => "0.13"},{"date" => "2018-04-10T02:58:59","version" => "0.14"}]},"Crypt-RandomEncryption" => {"advisories" => [{"affected_versions" => [">=0.01"],"cves" => ["CVE-2024-58040"],"description" => "Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.","distribution" => "Crypt-RandomEncryption","fixed_versions" => [],"id" => "CPANSA-Crypt-RandomEncryption-2024-58040","references" => ["https://metacpan.org/release/QWER/Crypt-RandomEncryption-0.01/source/lib/Crypt/RandomEncryption.pm#L33","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-09-30","severity" => undef}],"main_module" => "Crypt::RandomEncryption","versions" => [{"date" => "2013-05-16T18:07:28","version" => "0.01"}]},"Crypt-Salt" => {"advisories" => [{"affected_versions" => ["<=0.01"],"cves" => ["CVE-2025-1805"],"description" => "Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.","distribution" => "Crypt-Salt","fixed_versions" => [],"id" => "CPANSA-Crypt-Salt-2025-1805","references" => ["https://metacpan.org/release/HACHI/Crypt-Salt-0.01/source/lib/Crypt/Salt.pm#L76","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-02","severity" => undef}],"main_module" => "Crypt::Salt","versions" => [{"date" => "2003-11-12T06:13:44","version" => "0.01"}]},"Crypt-Sodium-XS" => {"advisories" => [{"affected_versions" => ["<0.000042"],"cves" => ["CVE-2025-15444"],"description" => "Crypt::Sodium::XS module versions prior to\x{a0}0.000042,\x{a0}for Perl, include a vulnerable version of libsodium  libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\x{a0} https://www.cve.org/CVERecord?id=CVE-2025-69277 .  The libsodium vulnerability states:  In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.  0.000042 includes a version of\x{a0}libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.","distribution" => "Crypt-Sodium-XS","embedded_vulnerability" => {"distributed_version" => "<-1.0.20","name" => "libsodium"},"fixed_versions" => [">=0.000042"],"id" => "CPANSA-Crypt-Sodium-XS-2025-15444","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://metacpan.org/dist/Crypt-Sodium-XS/changes"],"reported" => "2026-01-06","severity" => undef},{"affected_versions" => ["<0.001001"],"cves" => ["CVE-2026-30910"],"description" => "Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.  Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow.  Encountering this issue is unlikely as the message length would need to be very large.  For bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U","distribution" => "Crypt-Sodium-XS","fixed_versions" => [">=0.001001"],"id" => "CPANSA-Crypt-Sodium-XS-2026-30910","references" => ["https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes","http://www.openwall.com/lists/oss-security/2026/03/08/2"],"reported" => "2026-03-08","severity" => undef},{"affected_versions" => [">=0.000018,<=0.000027"],"cves" => ["CVE-2025-69277"],"description" => "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.\n","distribution" => "Crypt-Sodium-XS","fixed_versions" => [],"id" => "CPANSA-Crypt-Sodium-XS-2025-69277-libsodium","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7","https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf","https://github.com/pyca/pynacl/issues/920","https://ianix.com/pub/ed25519-deployment.html","https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html","https://news.ycombinator.com/item?id=46435614"],"reported" => "2025-12-31","severity" => "medium"},{"affected_versions" => [">=0.000028,<=0.000041"],"cves" => ["CVE-2025-69277"],"description" => "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.\n","distribution" => "Crypt-Sodium-XS","fixed_versions" => [],"id" => "CPANSA-Crypt-Sodium-XS-2025-69277-libsodium","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7","https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf","https://github.com/pyca/pynacl/issues/920","https://ianix.com/pub/ed25519-deployment.html","https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html","https://news.ycombinator.com/item?id=46435614"],"reported" => "2025-12-31","severity" => "medium"}],"main_module" => "Crypt::Sodium::XS","versions" => [{"date" => "2025-07-06T21:01:50","version" => "0.000018"},{"date" => "2025-07-07T16:16:33","version" => "0.000019"},{"date" => "2025-07-08T01:32:47","version" => "0.000020"},{"date" => "2025-07-08T02:22:03","version" => "0.000021"},{"date" => "2025-07-08T06:45:10","version" => "0.000022"},{"date" => "2025-07-08T22:14:02","version" => "0.000024"},{"date" => "2025-07-09T20:24:46","version" => "0.000025"},{"date" => "2025-07-09T21:42:18","version" => "0.000026"},{"date" => "2025-07-12T16:33:41","version" => "0.000027"},{"date" => "2025-07-15T19:55:23","version" => "0.000028"},{"date" => "2025-07-17T00:10:50","version" => "0.000029"},{"date" => "2025-07-19T21:47:23","version" => "0.000030"},{"date" => "2025-07-21T15:02:40","version" => "0.000031"},{"date" => "2025-07-23T23:48:57","version" => "0.000032"},{"date" => "2025-07-24T20:46:46","version" => "0.000033"},{"date" => "2025-08-01T19:01:56","version" => "0.000034"},{"date" => "2025-08-02T00:09:58","version" => "0.000035"},{"date" => "2025-08-03T14:55:38","version" => "0.000036"},{"date" => "2025-08-05T21:41:13","version" => "0.000037"},{"date" => "2025-08-09T18:31:17","version" => "0.000038"},{"date" => "2025-08-21T06:03:08","version" => "0.000039"},{"date" => "2025-12-04T06:38:40","version" => "0.000040"},{"date" => "2025-12-05T05:32:25","version" => "0.000041"},{"date" => "2026-01-04T09:58:53","version" => "0.000042"},{"date" => "2026-01-21T04:10:41","version" => "0.001000"},{"date" => "2026-03-07T22:47:08","version" => "0.001001"}]},"Crypt-SysRandom-XS" => {"advisories" => [{"affected_versions" => ["<0.010"],"cves" => ["CVE-2026-2597"],"description" => "Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes().  The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to chosen random function (e.g. getrandom) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service).  In common usage, the length argument is typically hardcoded by the caller, which reduces the likelihood of attacker-controlled exploitation. Applications that pass untrusted input to this parameter may be affected.","distribution" => "Crypt-SysRandom-XS","fixed_versions" => [">=0.010"],"id" => "CPANSA-Crypt-SysRandom-XS-2026-2597","references" => ["https://metacpan.org/dist/Crypt-SysRandom-XS/changes","https://metacpan.org/release/LEONT/Crypt-SysRandom-XS-0.011/source/lib/Crypt/SysRandom/XS.xs#L51-52"],"reported" => "2026-02-27","severity" => undef}],"main_module" => "Crypt::SysRandom::XS","versions" => [{"date" => "2025-02-04T01:59:42","version" => "0.006"},{"date" => "2025-02-05T19:46:04","version" => "0.007"},{"date" => "2025-02-20T12:52:45","version" => "0.008"},{"date" => "2025-04-11T16:46:48","version" => "0.009"},{"date" => "2026-02-16T20:43:40","version" => "0.010"},{"date" => "2026-02-16T23:58:52","version" => "0.011"}]},"Crypt-URandom" => {"advisories" => [{"affected_versions" => [">=0.41,<0.55"],"cves" => ["CVE-2026-2474"],"description" => "Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom().  The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to getrandom(data, length, GRND_NONBLOCK) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service).  In common usage, the length argument is typically hardcoded by the caller, which reduces the likelihood of attacker-controlled exploitation. Applications that pass untrusted input to this parameter may be affected.","distribution" => "Crypt-URandom","fixed_versions" => [">=0.55"],"id" => "CPANSA-Crypt-URandom-2026-2474","references" => ["https://metacpan.org/release/DDICK/Crypt-URandom-0.54/source/URandom.xs#L35-79","https://metacpan.org/release/DDICK/Crypt-URandom-0.55/source/Changes"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Crypt::URandom","versions" => [{"date" => "2011-04-19T21:19:07","version" => "0.0.27"},{"date" => "2011-09-03T08:32:28","version" => "0.28"},{"date" => "2013-02-14T08:52:19","version" => "0.29"},{"date" => "2013-02-26T10:34:54","version" => "0.30"},{"date" => "2013-03-01T07:59:28","version" => "0.31"},{"date" => "2013-03-09T04:25:55","version" => "0.32"},{"date" => "2013-03-09T04:32:35","version" => "0.33"},{"date" => "2013-03-10T09:20:53","version" => "0.34"},{"date" => "2015-05-13T20:12:12","version" => "0.35"},{"date" => "2015-06-01T11:45:38","version" => "0.36"},{"date" => "2023-05-10T11:55:21","version" => "0.37"},{"date" => "2023-05-10T19:57:07","version" => "0.38"},{"date" => "2023-05-21T09:05:01","version" => "0.39"},{"date" => "2024-02-24T09:03:35","version" => "0.40"},{"date" => "2024-12-29T23:34:13","version" => "0.41_01"},{"date" => "2024-12-30T00:00:05","version" => "0.41_02"},{"date" => "2025-01-01T22:58:00","version" => "0.41"},{"date" => "2025-01-02T23:56:10","version" => "0.42"},{"date" => "2025-01-03T09:04:23","version" => "0.43"},{"date" => "2025-01-03T20:47:27","version" => "0.44"},{"date" => "2025-01-03T22:28:26","version" => "0.45"},{"date" => "2025-01-04T08:47:50","version" => "0.46"},{"date" => "2025-01-06T10:45:06","version" => "0.47"},{"date" => "2025-01-06T21:08:58","version" => "0.48"},{"date" => "2025-01-07T21:28:34","version" => "0.49"},{"date" => "2025-01-08T21:56:14","version" => "0.50"},{"date" => "2025-01-19T07:28:53","version" => "0.51_01"},{"date" => "2025-01-19T07:57:30","version" => "0.51_02"},{"date" => "2025-01-22T11:25:07","version" => "0.51"},{"date" => "2025-01-22T19:39:34","version" => "0.52"},{"date" => "2025-02-08T09:07:55","version" => "0.53"},{"date" => "2025-03-15T09:46:36","version" => "0.54"},{"date" => "2026-02-16T20:08:04","version" => "0.55"}]},"CryptX" => {"advisories" => [{"affected_versions" => ["<0.062"],"cves" => ["CVE-2018-25099"],"description" => "A user can pass anything as the tag into gcm_decrypt_verify() and it will return decrypted plaintext.\n","distribution" => "CryptX","fixed_versions" => [">=0.062"],"id" => "CPANSA-CryptX-2018-01","references" => ["https://github.com/DCIT/perl-CryptX/issues/47","https://github.com/libtom/libtomcrypt/pull/451"],"reported" => "2018-10-26","severity" => undef},{"affected_versions" => ["<0.065"],"cves" => ["CVE-2025-40912","CVE-2019-17362"],"description" => "CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.  CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.","distribution" => "CryptX","embedded_vulnerability" => {"distributed_version" => undef,"name" => "libtomcrypt"},"fixed_versions" => [">=0.065"],"id" => "CPANSA-CryptX-2025-40912","references" => ["https://github.com/libtom/libtomcrypt/issues/507"],"reported" => "2025-06-11","severity" => undef},{"affected_versions" => ["<0.087"],"cves" => ["CVE-2025-40914","CVE-2023-36328"],"description" => "Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.  CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.","distribution" => "CryptX","embedded_vulnerability" => {"distributed_version" => undef,"name" => "libtommath"},"fixed_versions" => [">=0.087"],"id" => "CPANSA-CryptX-2025-40914","references" => ["https://github.com/advisories/GHSA-j3xv-6967-cv88","https://github.com/libtom/libtommath/pull/546","https://metacpan.org/release/MIK/CryptX-0.086/source/src/ltm/bn_mp_grow.c","https://www.cve.org/CVERecord?id=CVE-2023-36328"],"reported" => "2025-06-11","severity" => undef}],"main_module" => "CryptX","versions" => [{"date" => "2013-04-11T15:10:25","version" => "0.002"},{"date" => "2013-04-16T07:29:07","version" => "0.003"},{"date" => "2013-04-16T07:37:29","version" => "0.004"},{"date" => "2013-04-18T12:09:09","version" => "0.005"},{"date" => "2013-04-19T09:05:57","version" => "0.006"},{"date" => "2013-04-23T10:03:54","version" => "0.007"},{"date" => "2013-05-02T08:52:42","version" => "0.008"},{"date" => "2013-05-19T20:25:17","version" => "0.009"},{"date" => "2013-06-14T22:37:18","version" => "0.011"},{"date" => "2013-06-17T20:00:17","version" => "0.012"},{"date" => "2013-08-28T07:12:15","version" => "0.013"},{"date" => "2013-09-11T14:31:01","version" => "0.013_1"},{"date" => "2013-09-11T21:11:18","version" => "0.014"},{"date" => "2013-09-12T08:21:21","version" => "0.014_1"},{"date" => "2013-09-12T09:12:21","version" => "0.014_2"},{"date" => "2013-09-12T09:32:06","version" => "0.015"},{"date" => "2013-09-15T19:36:52","version" => "0.016"},{"date" => "2013-09-22T19:20:20","version" => "0.016_1"},{"date" => "2013-09-23T14:24:27","version" => "0.016_2"},{"date" => "2013-09-24T05:00:07","version" => "0.016_3"},{"date" => "2013-09-24T08:54:42","version" => "0.017"},{"date" => "2013-10-18T13:21:35","version" => "0.018"},{"date" => "2013-10-20T21:13:35","version" => "0.019"},{"date" => "2014-01-14T21:30:37","version" => "0.019_1"},{"date" => "2014-01-15T21:59:30","version" => "0.019_2"},{"date" => "2014-01-16T21:26:19","version" => "0.019_3"},{"date" => "2014-01-17T09:42:29","version" => "0.019_4"},{"date" => "2014-01-18T08:29:06","version" => "0.020"},{"date" => "2014-01-23T15:47:50","version" => "0.021"},{"date" => "2015-04-17T01:18:47","version" => "0.021_1"},{"date" => "2015-04-17T10:12:01","version" => "0.021_3"},{"date" => "2015-05-06T07:55:21","version" => "0.021_4"},{"date" => "2015-05-11T21:56:39","version" => "0.021_5"},{"date" => "2015-05-12T05:52:15","version" => "0.021_6"},{"date" => "2015-05-12T07:10:42","version" => "0.021_7"},{"date" => "2015-05-14T09:27:41","version" => "0.021_8"},{"date" => "2015-05-15T11:08:26","version" => "0.021_9"},{"date" => "2015-05-22T16:57:26","version" => "0.022"},{"date" => "2015-06-10T20:37:54","version" => "0.023"},{"date" => "2015-06-26T06:13:25","version" => "0.023_1"},{"date" => "2015-06-26T09:18:06","version" => "0.023_2"},{"date" => "2015-06-29T20:09:16","version" => "0.024"},{"date" => "2015-07-08T07:56:50","version" => "0.025"},{"date" => "2015-10-22T15:14:53","version" => "0.025_01"},{"date" => "2015-11-28T18:58:17","version" => "0.026"},{"date" => "2015-12-29T21:20:15","version" => "0.026_01"},{"date" => "2015-12-29T21:20:27","version" => "0.026_02"},{"date" => "2016-01-02T14:38:13","version" => "0.026_05"},{"date" => "2016-01-02T15:57:58","version" => "0.026_06"},{"date" => "2016-01-03T14:36:53","version" => "0.026_08"},{"date" => "2016-01-10T09:47:31","version" => "0.026_15"},{"date" => "2016-01-10T09:47:43","version" => "0.026_16"},{"date" => "2016-01-10T11:52:21","version" => "0.026_18"},{"date" => "2016-01-10T11:53:48","version" => "0.026_19"},{"date" => "2016-01-10T17:03:45","version" => "0.026_23"},{"date" => "2016-01-10T17:03:56","version" => "0.026_24"},{"date" => "2016-01-10T19:02:14","version" => "0.026_28"},{"date" => "2016-01-10T20:49:06","version" => "0.026_29"},{"date" => "2016-01-12T22:25:58","version" => "0.026_30"},{"date" => "2016-01-12T22:37:33","version" => "0.026_31"},{"date" => "2016-01-13T23:53:06","version" => "0.026_32"},{"date" => "2016-01-14T19:29:18","version" => "0.026_33"},{"date" => "2016-01-14T19:30:45","version" => "0.026_34"},{"date" => "2016-01-14T21:16:15","version" => "0.026_35"},{"date" => "2016-01-14T21:19:01","version" => "0.026_36"},{"date" => "2016-01-22T23:01:16","version" => "0.026_39"},{"date" => "2016-01-24T22:12:32","version" => "0.026_40"},{"date" => "2016-01-24T22:36:42","version" => "0.026_41"},{"date" => "2016-01-25T20:44:46","version" => "0.027"},{"date" => "2016-01-25T21:42:58","version" => "0.027_01"},{"date" => "2016-01-26T10:06:26","version" => "0.027_05"},{"date" => "2016-03-15T09:51:01","version" => "0.027_06"},{"date" => "2016-03-23T19:44:54","version" => "0.028"},{"date" => "2016-03-28T14:31:13","version" => "0.028_01"},{"date" => "2016-03-28T19:32:58","version" => "0.028_02"},{"date" => "2016-03-31T12:07:46","version" => "0.028_03"},{"date" => "2016-04-13T09:30:27","version" => "0.029"},{"date" => "2016-04-13T09:46:59","version" => "0.030"},{"date" => "2016-05-01T16:53:05","version" => "0.031"},{"date" => "2016-05-04T17:45:30","version" => "0.032"},{"date" => "2016-05-09T20:20:49","version" => "0.033"},{"date" => "2016-05-10T22:31:32","version" => "0.034"},{"date" => "2016-06-03T10:17:59","version" => "0.035"},{"date" => "2016-06-07T19:22:05","version" => "0.036"},{"date" => "2016-06-16T17:04:27","version" => "0.037"},{"date" => "2016-07-06T18:27:46","version" => "0.038"},{"date" => "2016-08-03T05:53:42","version" => "0.039"},{"date" => "2016-09-12T08:42:39","version" => "0.040"},{"date" => "2016-10-12T09:32:48","version" => "0.041"},{"date" => "2016-10-19T10:25:05","version" => "0.041_001"},{"date" => "2016-11-02T09:00:59","version" => "0.041_002"},{"date" => "2016-11-02T09:19:09","version" => "0.041_003"},{"date" => "2016-11-12T15:21:01","version" => "0.042"},{"date" => "2016-11-27T21:19:27","version" => "0.043"},{"date" => "2016-11-28T07:45:32","version" => "0.044"},{"date" => "2017-02-21T21:54:33","version" => "0.044_001"},{"date" => "2017-02-23T15:58:42","version" => "0.044_003"},{"date" => "2017-02-23T20:35:46","version" => "0.044_004"},{"date" => "2017-02-23T20:44:50","version" => "0.044_005"},{"date" => "2017-02-28T12:22:27","version" => "0.044_006"},{"date" => "2017-02-28T13:58:51","version" => "0.044_007"},{"date" => "2017-03-01T09:26:34","version" => "0.044_008"},{"date" => "2017-03-01T09:49:29","version" => "0.044_009"},{"date" => "2017-03-01T10:02:35","version" => "0.044_010"},{"date" => "2017-03-31T09:28:10","version" => "0.045"},{"date" => "2017-04-04T09:08:33","version" => "0.046"},{"date" => "2017-04-05T20:09:35","version" => "0.047"},{"date" => "2017-04-07T18:22:15","version" => "0.047_001"},{"date" => "2017-04-07T21:40:24","version" => "0.047_002"},{"date" => "2017-04-10T08:16:03","version" => "0.047_003"},{"date" => "2017-04-24T15:23:29","version" => "0.047_004"},{"date" => "2017-04-26T15:36:02","version" => "0.047_005"},{"date" => "2017-05-01T19:11:50","version" => "0.047_006"},{"date" => "2017-05-31T20:22:56","version" => "0.048"},{"date" => "2017-07-09T19:38:38","version" => "0.048_001"},{"date" => "2017-07-14T17:43:25","version" => "0.048_002"},{"date" => "2017-07-18T05:56:42","version" => "0.049"},{"date" => "2017-07-18T20:37:45","version" => "0.050"},{"date" => "2017-08-08T08:14:05","version" => "0.051"},{"date" => "2017-09-15T12:32:56","version" => "0.053"},{"date" => "2017-09-19T07:51:19","version" => "0.053_001"},{"date" => "2017-09-19T18:46:56","version" => "0.053_002"},{"date" => "2017-09-20T09:56:04","version" => "0.053_003"},{"date" => "2017-10-10T21:04:53","version" => "0.053_004"},{"date" => "2017-10-12T07:27:42","version" => "0.054"},{"date" => "2017-10-23T13:18:12","version" => "0.054_001"},{"date" => "2017-10-23T17:44:49","version" => "0.054_002"},{"date" => "2017-10-25T07:43:53","version" => "0.054_003"},{"date" => "2017-10-30T17:53:14","version" => "0.054_004"},{"date" => "2017-10-31T18:27:22","version" => "0.054_005"},{"date" => "2017-11-20T18:51:03","version" => "0.054_006"},{"date" => "2017-11-24T08:15:31","version" => "0.054_007"},{"date" => "2017-11-24T14:21:46","version" => "0.054_008"},{"date" => "2017-11-24T16:33:40","version" => "0.054_009"},{"date" => "2017-11-28T10:19:52","version" => "0.055"},{"date" => "2017-12-18T19:05:35","version" => "0.055_001"},{"date" => "2017-12-22T13:22:16","version" => "0.056"},{"date" => "2018-01-26T16:05:07","version" => "0.056_001"},{"date" => "2018-01-29T06:18:08","version" => "0.056_002"},{"date" => "2018-01-29T10:02:58","version" => "0.056_003"},{"date" => "2018-01-29T23:05:27","version" => "0.056_004"},{"date" => "2018-01-30T10:23:40","version" => "0.056_005"},{"date" => "2018-01-30T14:11:33","version" => "0.056_006"},{"date" => "2018-01-30T16:08:38","version" => "0.056_007"},{"date" => "2018-01-30T16:29:41","version" => "0.056_008"},{"date" => "2018-01-30T16:43:48","version" => "0.056_009"},{"date" => "2018-01-31T08:56:12","version" => "0.057"},{"date" => "2018-02-27T17:13:52","version" => "0.058"},{"date" => "2018-03-08T09:30:22","version" => "0.058_001"},{"date" => "2018-03-18T16:27:43","version" => "0.058_002"},{"date" => "2018-03-25T15:45:36","version" => "0.059"},{"date" => "2018-04-27T17:14:03","version" => "0.059_001"},{"date" => "2018-04-28T20:59:58","version" => "0.059_002"},{"date" => "2018-04-29T18:12:50","version" => "0.059_003"},{"date" => "2018-05-01T09:32:27","version" => "0.060"},{"date" => "2018-05-27T19:05:34","version" => "0.060_001"},{"date" => "2018-05-28T07:18:37","version" => "0.060_002"},{"date" => "2018-06-06T15:49:28","version" => "0.060_003"},{"date" => "2018-06-07T05:25:50","version" => "0.061"},{"date" => "2018-10-24T20:35:24","version" => "0.061_001"},{"date" => "2018-10-26T17:10:16","version" => "0.061_002"},{"date" => "2018-10-29T10:46:25","version" => "0.061_003"},{"date" => "2018-10-30T06:27:48","version" => "0.062"},{"date" => "2018-11-22T10:43:01","version" => "0.062_001"},{"date" => "2018-11-28T10:48:28","version" => "0.063"},{"date" => "2019-06-06T09:36:14","version" => "0.063_001"},{"date" => "2019-06-06T17:35:59","version" => "0.063_002"},{"date" => "2019-06-10T17:24:53","version" => "0.063_003"},{"date" => "2019-06-12T13:33:28","version" => "0.063_004"},{"date" => "2019-06-12T23:12:09","version" => "0.063_005"},{"date" => "2019-06-14T07:01:03","version" => "0.064"},{"date" => "2019-10-19T18:49:19","version" => "0.065"},{"date" => "2019-10-20T16:30:22","version" => "0.066"},{"date" => "2020-01-26T20:23:46","version" => "0.066_001"},{"date" => "2020-01-30T10:21:29","version" => "0.066_002"},{"date" => "2020-02-01T13:24:27","version" => "0.067"},{"date" => "2020-03-08T19:21:55","version" => "0.067_001"},{"date" => "2020-03-10T13:04:08","version" => "0.068"},{"date" => "2020-08-02T08:51:06","version" => "0.068_001"},{"date" => "2020-08-25T07:12:43","version" => "0.069"},{"date" => "2021-02-12T14:44:41","version" => "0.070"},{"date" => "2021-03-30T09:39:33","version" => "0.071"},{"date" => "2021-04-29T08:23:01","version" => "0.072"},{"date" => "2021-07-12T16:40:01","version" => "0.072_001"},{"date" => "2021-07-13T07:03:12","version" => "0.072_002"},{"date" => "2021-07-13T20:54:22","version" => "0.072_003"},{"date" => "2021-07-18T12:16:09","version" => "0.073"},{"date" => "2021-10-04T18:34:39","version" => "0.073_001"},{"date" => "2021-10-10T18:41:04","version" => "0.073_002"},{"date" => "2021-10-13T18:32:43","version" => "0.073_003"},{"date" => "2021-11-06T09:26:22","version" => "0.074"},{"date" => "2021-12-25T09:39:17","version" => "0.075"},{"date" => "2022-01-01T00:36:25","version" => "0.075_001"},{"date" => "2022-01-01T13:19:24","version" => "0.075_002"},{"date" => "2022-01-01T19:48:49","version" => "0.075_003"},{"date" => "2022-01-07T20:55:06","version" => "0.076"},{"date" => "2022-06-09T18:18:34","version" => "0.076_001"},{"date" => "2022-08-20T15:42:12","version" => "0.076_002"},{"date" => "2022-08-20T18:14:10","version" => "0.076_003"},{"date" => "2022-08-21T07:46:06","version" => "0.077"},{"date" => "2023-04-28T12:31:25","version" => "0.078"},{"date" => "2023-07-25T18:36:58","version" => "0.078_001"},{"date" => "2023-10-01T12:20:32","version" => "0.079"},{"date" => "2023-10-01T17:35:55","version" => "0.079_002"},{"date" => "2023-10-01T17:36:06","version" => "0.079_003"},{"date" => "2023-10-02T07:47:50","version" => "0.079_004"},{"date" => "2023-10-02T11:22:48","version" => "0.079_005"},{"date" => "2023-10-02T15:06:17","version" => "0.079_006"},{"date" => "2023-10-03T10:16:25","version" => "0.079_007"},{"date" => "2023-10-04T11:07:16","version" => "0.080"},{"date" => "2023-10-07T11:45:30","version" => "0.080_001"},{"date" => "2024-08-17T10:06:21","version" => "0.080_003"},{"date" => "2024-08-17T17:16:06","version" => "0.080_004"},{"date" => "2024-08-17T20:28:14","version" => "0.080_005"},{"date" => "2024-08-30T18:43:56","version" => "0.080_006"},{"date" => "2024-09-01T08:32:21","version" => "0.080_007"},{"date" => "2024-09-01T09:26:40","version" => "0.080_008"},{"date" => "2024-09-01T11:23:19","version" => "0.080_009"},{"date" => "2024-09-02T14:51:29","version" => "0.080_010"},{"date" => "2024-09-03T11:32:03","version" => "0.080_011"},{"date" => "2024-09-03T18:01:58","version" => "0.080_012"},{"date" => "2024-09-08T16:12:50","version" => "0.081"},{"date" => "2024-10-03T11:12:24","version" => "0.081_001"},{"date" => "2024-10-07T13:31:29","version" => "0.082"},{"date" => "2024-10-14T11:36:41","version" => "0.082_001"},{"date" => "2024-10-15T09:31:49","version" => "0.083"},{"date" => "2024-10-15T15:09:00","version" => "0.083_001"},{"date" => "2024-10-16T11:23:26","version" => "0.084"},{"date" => "2025-01-25T22:45:03","version" => "0.084_001"},{"date" => "2025-02-08T10:02:22","version" => "0.085"},{"date" => "2025-02-20T21:06:09","version" => "0.085_001"},{"date" => "2025-04-27T15:46:56","version" => "0.085_002"},{"date" => "2025-04-27T17:37:48","version" => "0.085_003"},{"date" => "2025-05-02T21:40:16","version" => "0.086"},{"date" => "2025-06-08T22:06:49","version" => "0.086_001"},{"date" => "2025-06-09T18:09:54","version" => "0.086_002"},{"date" => "2025-06-09T21:44:43","version" => "0.086_003"},{"date" => "2025-06-10T05:57:40","version" => "0.086_004"},{"date" => "2025-06-11T10:52:53","version" => "0.086_005"},{"date" => "2025-06-11T13:52:26","version" => "0.087"},{"date" => "2025-10-05T16:50:53","version" => "0.087_001"}]},"DBD-MariaDB" => {"advisories" => [{"affected_versions" => ["<1.00"],"cves" => ["CVE-2018-2767"],"description" => "SSL problems of MySQL and MariaDB clients.\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2018-01","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"},{"affected_versions" => ["<1.00"],"cves" => ["CVE-2017-10788"],"description" => "Use-after-free after calling mysql_stmt_close().\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2017-02","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"},{"affected_versions" => ["<1.00"],"cves" => ["CVE-2017-3302"],"description" => "Leaking dangling pointers.\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2017-01","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"}],"main_module" => "DBD::MariaDB","versions" => [{"date" => "2018-06-26T14:23:29","version" => "0.90_01"},{"date" => "2018-07-12T13:36:05","version" => "1.00"},{"date" => "2018-12-05T12:21:26","version" => "1.10"},{"date" => "2019-01-02T15:38:57","version" => "1.11"},{"date" => "2019-02-22T16:31:33","version" => "1.20"},{"date" => "2019-02-27T11:08:40","version" => "1.21"},{"date" => "2022-04-21T23:16:33","version" => "1.22"},{"date" => "2023-09-10T14:27:09","version" => "1.23"},{"date" => "2025-05-04T19:33:22","version" => "1.24"}]},"DBD-Pg" => {"advisories" => [{"affected_versions" => ["<2.19.0"],"cves" => ["CVE-2012-1151"],"description" => "Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.\n","distribution" => "DBD-Pg","fixed_versions" => [],"id" => "CPANSA-DBD-Pg-2012-1151","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536","https://rt.cpan.org/Public/Bug/Display.html?id=75642","http://secunia.com/advisories/48319","https://bugzilla.redhat.com/show_bug.cgi?id=801733","http://www.openwall.com/lists/oss-security/2012/03/10/4","http://secunia.com/advisories/48307","http://www.debian.org/security/2012/dsa-2431","http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes","http://www.openwall.com/lists/oss-security/2012/03/09/6","http://rhn.redhat.com/errata/RHSA-2012-1116.html","http://secunia.com/advisories/48824","http://security.gentoo.org/glsa/glsa-201204-08.xml","http://www.mandriva.com/security/advisories?name=MDVSA-2012:112","https://exchange.xforce.ibmcloud.com/vulnerabilities/73855","https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"],"reported" => "2012-09-09","severity" => undef},{"affected_versions" => ["==1.49"],"cves" => ["CVE-2009-0663"],"description" => "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.\n","distribution" => "DBD-Pg","fixed_versions" => [],"id" => "CPANSA-DBD-Pg-2009-0663","references" => ["http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz","https://launchpad.net/bugs/cve/2009-0663","http://www.debian.org/security/2009/dsa-1780","http://secunia.com/advisories/34909","http://www.securityfocus.com/bid/34755","http://www.redhat.com/support/errata/RHSA-2009-0479.html","http://secunia.com/advisories/35058","http://www.redhat.com/support/errata/RHSA-2009-1067.html","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35685","https://exchange.xforce.ibmcloud.com/vulnerabilities/50467","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"],"reported" => "2009-04-30","severity" => undef},{"affected_versions" => ["<2.0.0"],"cves" => ["CVE-2009-1341"],"description" => "Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.\n","distribution" => "DBD-Pg","fixed_versions" => [">=2.0.0"],"id" => "CPANSA-DBD-Pg-2009-1341","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=21392","https://launchpad.net/bugs/cve/2009-1341","http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz","http://www.debian.org/security/2009/dsa-1780","http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes","http://secunia.com/advisories/34909","http://www.securityfocus.com/bid/34757","http://www.redhat.com/support/errata/RHSA-2009-0479.html","http://secunia.com/advisories/35058","http://www.redhat.com/support/errata/RHSA-2009-1067.html","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35685","https://exchange.xforce.ibmcloud.com/vulnerabilities/50387","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680"],"reported" => "2009-04-30","severity" => undef}],"main_module" => "DBD::Pg","versions" => [{"date" => "1997-03-13T21:11:59","version" => "0.1"},{"date" => "1997-04-28T20:48:18","version" => "0.3"},{"date" => "1997-08-10T20:45:01","version" => "0.5"},{"date" => "1997-08-16T06:48:54","version" => "0.51"},{"date" => "1997-08-17T09:14:26","version" => "0.52"},{"date" => "1997-08-23T20:41:48","version" => "0.61"},{"date" => "1997-08-26T21:39:36","version" => "0.62"},{"date" => "1997-10-05T18:41:32","version" => "0.63"},{"date" => "1998-02-02T21:05:57","version" => "0.64"},{"date" => "1998-02-15T09:59:55","version" => "0.65"},{"date" => "1998-02-19T21:13:44","version" => "0.66"},{"date" => "1998-02-21T16:49:34","version" => "0.67"},{"date" => "1998-03-03T21:22:18","version" => "0.68"},{"date" => "1998-03-06T22:15:44","version" => "0.69"},{"date" => "1998-04-20T20:14:28","version" => "0.72"},{"date" => "1998-06-03T15:15:54","version" => "0.73"},{"date" => "1998-11-05T21:41:28","version" => "0.89"},{"date" => "1999-01-16T06:10:32","version" => "0.90"},{"date" => "1999-02-14T20:41:05","version" => "0.91"},{"date" => "1999-06-16T19:06:21","version" => "0.92"},{"date" => "1999-09-29T21:25:02","version" => "0.93"},{"date" => "2000-07-07T10:45:34","version" => "0.94"},{"date" => "2000-07-10T18:07:30","version" => "0.95"},{"date" => "2001-04-09T17:58:20","version" => "0.96"},{"date" => "2001-04-20T21:11:46","version" => "0.97"},{"date" => "2001-04-25T14:13:22","version" => "0.98"},{"date" => "2001-05-24T17:36:05","version" => "0.99"},{"date" => "2001-05-27T14:14:13","version" => "1.00"},{"date" => "2001-06-27T18:03:08","version" => "1.01"},{"date" => "2002-03-06T23:05:52","version" => "1.10"},{"date" => "2002-03-07T01:34:18","version" => "1.11"},{"date" => "2002-04-10T02:03:57","version" => "1.12"},{"date" => "2002-04-27T20:50:11","version" => "1.13"},{"date" => "2002-11-27T17:57:11","version" => "1.20"},{"date" => "2003-01-13T06:46:43","version" => "1.21"},{"date" => "2003-03-27T04:46:08","version" => "1.22"},{"date" => "2003-09-10T02:12:07","version" => "1.31_5"},{"date" => "2003-10-29T21:33:29","version" => "1.31_7"},{"date" => "2003-11-10T03:52:37","version" => "1.31_8"},{"date" => "2003-11-14T22:17:30","version" => "1.31_9"},{"date" => "2003-11-18T18:34:28","version" => "1.31"},{"date" => "2004-02-13T18:57:25","version" => "1.32_1"},{"date" => "2004-02-19T02:40:51","version" => "1.32_2"},{"date" => "2004-02-25T19:23:08","version" => "1.32"},{"date" => "2005-02-06T21:18:12","version" => "1.39_02"},{"date" => "2005-02-22T06:07:17","version" => "1.40"},{"date" => "2005-03-31T12:35:04","version" => "1.40_1"},{"date" => "2005-03-31T23:34:15","version" => "1.40_2"},{"date" => "2005-04-01T23:56:01","version" => "1.40_03"},{"date" => "2005-04-05T02:47:47","version" => "1.40_04"},{"date" => "2005-04-06T22:53:50","version" => "1.41"},{"date" => "2005-05-07T18:48:36","version" => "1.41_1"},{"date" => "2005-05-19T03:23:24","version" => "1.41_2"},{"date" => "2005-05-21T14:56:23","version" => "1.42"},{"date" => "2005-06-22T00:42:23","version" => "1.42_1"},{"date" => "2005-06-23T12:09:13","version" => "1.43"},{"date" => "2005-09-13T01:39:06","version" => "1.43_1"},{"date" => "2006-02-13T03:50:51","version" => "1.43_2"},{"date" => "2006-02-22T03:00:40","version" => "1.44"},{"date" => "2006-02-26T19:15:10","version" => "1.45"},{"date" => "2006-03-17T17:17:03","version" => "1.46"},{"date" => "2006-03-19T21:19:12","version" => "1.47"},{"date" => "2006-04-05T15:39:30","version" => "1.48"},{"date" => "2006-05-05T16:40:59","version" => "1.49"},{"date" => "2008-01-17T14:34:38","version" => "2.0.0"},{"date" => "2008-01-17T22:47:38","version" => "2.0.0_2"},{"date" => "2008-01-18T04:21:25","version" => "2.0.0_3"},{"date" => "2008-01-18T16:25:19","version" => "2.0.0_4"},{"date" => "2008-01-19T19:05:27","version" => "2.0.0_5"},{"date" => "2008-01-23T19:19:45","version" => "2.0.0_6"},{"date" => "2008-01-26T17:48:03","version" => "2.0.0_7"},{"date" => "2008-01-28T17:08:31","version" => "2.0.0_8"},{"date" => "2008-01-28T21:21:19","version" => "2.0.0_9"},{"date" => "2008-02-10T19:34:31","version" => "2.0.0"},{"date" => "2008-02-17T04:58:29","version" => "2.0.0_1"},{"date" => "2008-02-17T13:10:04","version" => "2.0.0_2"},{"date" => "2008-02-17T18:17:25","version" => "2.0.1_1"},{"date" => "2008-02-18T02:28:30","version" => "2.0.1_2"},{"date" => "2008-02-18T23:52:09","version" => "2.0.1_3"},{"date" => "2008-02-19T02:09:09","version" => "2.1.0"},{"date" => "2008-02-19T04:45:29","version" => "2.1.1"},{"date" => "2008-02-19T15:36:06","version" => "2.1.1_1"},{"date" => "2008-02-20T02:56:37","version" => "2.1.2"},{"date" => "2008-02-21T00:31:43","version" => "2.1.3"},{"date" => "2008-02-26T01:59:20","version" => "2.1.3_1"},{"date" => "2008-02-26T13:50:47","version" => "2.1.3_2"},{"date" => "2008-02-28T04:08:34","version" => "2.2.0"},{"date" => "2008-03-02T03:01:12","version" => "2.2.1"},{"date" => "2008-03-03T17:14:01","version" => "2.2.2"},{"date" => "2008-03-19T14:50:06","version" => "2.3.0"},{"date" => "2008-03-21T16:41:42","version" => "2.4.0"},{"date" => "2008-03-23T16:55:36","version" => "2.5.0"},{"date" => "2008-04-07T19:16:57","version" => "2.5.1"},{"date" => "2008-04-14T15:57:23","version" => "2.5.2_1"},{"date" => "2008-04-16T18:16:11","version" => "2.6.0"},{"date" => "2008-04-22T18:06:55","version" => "2.6.1"},{"date" => "2008-04-28T21:15:56","version" => "2.6.1_1"},{"date" => "2008-04-30T23:18:14","version" => "2.6.2"},{"date" => "2008-05-01T16:03:12","version" => "2.6.3"},{"date" => "2008-05-02T17:09:20","version" => "2.6.4"},{"date" => "2008-05-07T14:10:57","version" => "2.6.5"},{"date" => "2008-05-07T20:41:03","version" => "2.6.6"},{"date" => "2008-05-10T22:37:02","version" => "2.7.0"},{"date" => "2008-05-11T20:58:52","version" => "2.7.1"},{"date" => "2008-05-14T13:19:24","version" => "2.7.2"},{"date" => "2008-06-02T01:33:26","version" => "2.8.0"},{"date" => "2008-06-12T04:06:28","version" => "2.8.1"},{"date" => "2008-06-30T02:21:03","version" => "2.8.2"},{"date" => "2008-07-07T02:09:01","version" => "2.8.3"},{"date" => "2008-07-10T18:18:54","version" => "2.8.4"},{"date" => "2008-07-13T14:41:49","version" => "2.8.5"},{"date" => "2008-07-21T15:23:39","version" => "2.8.6"},{"date" => "2008-07-24T05:27:41","version" => "2.8.7"},{"date" => "2008-08-03T19:48:22","version" => "2.9.0"},{"date" => "2008-08-18T03:49:13","version" => "2.9.1"},{"date" => "2008-08-18T14:00:03","version" => "2.9.2"},{"date" => "2008-08-27T02:46:34","version" => "2.10.0"},{"date" => "2008-08-31T16:29:33","version" => "2.10.1"},{"date" => "2008-09-01T01:40:52","version" => "2.10.2"},{"date" => "2008-09-01T01:48:43","version" => "2.10.3"},{"date" => "2008-09-16T15:35:48","version" => "2.10.4"},{"date" => "2008-09-16T15:43:37","version" => "2.10.5"},{"date" => "2008-09-19T13:38:32","version" => "2.10.6"},{"date" => "2008-09-23T03:13:47","version" => "2.10.7"},{"date" => "2008-10-13T11:50:18","version" => "2.11.0"},{"date" => "2008-10-14T04:21:14","version" => "2.11.1"},{"date" => "2008-10-16T00:55:38","version" => "2.11.2"},{"date" => "2008-11-03T13:51:55","version" => "2.11.3"},{"date" => "2008-11-12T22:11:37","version" => "2.11.4"},{"date" => "2008-11-24T23:56:25","version" => "2.11.5"},{"date" => "2008-11-30T23:05:28","version" => "2.11.6"},{"date" => "2008-12-13T17:02:24","version" => "2.11.7"},{"date" => "2008-12-28T19:24:29","version" => "2.11.8"},{"date" => "2009-03-24T02:23:04","version" => "2.11.8_1"},{"date" => "2009-03-26T18:53:00","version" => "2.11.8_2"},{"date" => "2009-03-28T14:56:16","version" => "2.12.0"},{"date" => "2009-04-14T02:14:44","version" => "2.13.0"},{"date" => "2009-04-23T16:30:10","version" => "2.13.1"},{"date" => "2009-07-13T19:43:16","version" => "2.13.1_1"},{"date" => "2009-07-14T14:34:31","version" => "2.13.1_2"},{"date" => "2009-07-15T21:12:47","version" => "2.13.1_3"},{"date" => "2009-07-17T01:15:13","version" => "2.13.1_4"},{"date" => "2009-07-20T23:54:06","version" => "2.13.1_5"},{"date" => "2009-07-21T16:03:25","version" => "2.13.1_6"},{"date" => "2009-07-21T21:43:56","version" => "2.13.1_7"},{"date" => "2009-07-27T22:45:52","version" => "2.14.0"},{"date" => "2009-07-28T17:05:35","version" => "2.14.1"},{"date" => "2009-08-04T04:08:56","version" => "2.14.1_1"},{"date" => "2009-08-04T18:18:51","version" => "2.15.0"},{"date" => "2009-08-07T15:05:27","version" => "2.15.1"},{"date" => "2009-12-17T15:41:55","version" => "2.8.8"},{"date" => "2009-12-17T17:14:41","version" => "2.16.0"},{"date" => "2010-01-20T21:13:23","version" => "2.16.1"},{"date" => "2010-04-06T18:56:34","version" => "2.17.0"},{"date" => "2010-04-08T15:32:24","version" => "2.17.1"},{"date" => "2010-11-21T05:14:52","version" => "2.17.2"},{"date" => "2011-03-27T03:53:00","version" => "2.17.2_1"},{"date" => "2011-03-29T00:36:37","version" => "2.18.0"},{"date" => "2011-05-09T16:40:13","version" => "2.18.1"},{"date" => "2011-06-19T18:46:40","version" => "2.99.9_1"},{"date" => "2011-06-20T20:47:06","version" => "2.99.9_2"},{"date" => "2012-03-09T22:51:54","version" => "2.19.0"},{"date" => "2012-03-11T03:28:47","version" => "2.19.1"},{"date" => "2012-03-12T20:58:56","version" => "2.19.2"},{"date" => "2012-08-21T17:18:39","version" => "2.19.3"},{"date" => "2013-11-16T03:47:03","version" => "2.20.1_1"},{"date" => "2013-11-21T03:22:26","version" => "2.20.1_2"},{"date" => "2013-11-26T19:03:57","version" => "2.20.1_3"},{"date" => "2013-11-27T19:35:07","version" => "2.20.1_4"},{"date" => "2014-01-11T20:31:09","version" => "2.20.1_6"},{"date" => "2014-02-04T01:38:37","version" => "3.0.0"},{"date" => "2014-04-05T11:08:15","version" => "3.1.0"},{"date" => "2014-04-06T13:17:49","version" => "3.1.1"},{"date" => "2014-05-15T17:20:49","version" => "3.2.0"},{"date" => "2014-05-20T16:38:44","version" => "3.2.1"},{"date" => "2014-05-31T18:50:07","version" => "3.3.0"},{"date" => "2014-08-16T19:09:15","version" => "3.4.0"},{"date" => "2014-08-20T20:38:19","version" => "3.4.1"},{"date" => "2014-09-25T21:16:23","version" => "3.4.2"},{"date" => "2015-01-06T20:41:04","version" => "3.5.0"},{"date" => "2015-02-07T13:09:54","version" => "3.5.0_1"},{"date" => "2015-02-16T19:17:14","version" => "3.5.0_2"},{"date" => "2015-02-17T21:20:22","version" => "3.5.1"},{"date" => "2015-09-29T15:46:33","version" => "3.5.2"},{"date" => "2015-10-01T14:06:04","version" => "3.5.3"},{"date" => "2017-04-05T10:23:22","version" => "3.5.9_1"},{"date" => "2017-04-17T13:34:12","version" => "3.6.0"},{"date" => "2017-05-22T16:49:32","version" => "3.6.1"},{"date" => "2017-05-23T14:25:49","version" => "3.6.2"},{"date" => "2017-09-22T16:30:49","version" => "3.6.9_1"},{"date" => "2017-09-23T02:10:34","version" => "3.6.9_2"},{"date" => "2017-09-24T19:30:09","version" => "3.7.0"},{"date" => "2018-02-11T19:23:39","version" => "3.7.1"},{"date" => "2018-02-12T13:39:58","version" => "v3.7.3"},{"date" => "2018-02-13T04:10:10","version" => "3.7.4"},{"date" => "2019-04-26T02:20:41","version" => "3.8.0"},{"date" => "2019-07-06T19:44:25","version" => "3.8.1"},{"date" => "2019-07-25T15:48:44","version" => "3.8.9_1"},{"date" => "2019-08-13T21:10:51","version" => "3.9.0"},{"date" => "2019-08-15T19:46:43","version" => "3.9.1"},{"date" => "2019-09-03T15:18:09","version" => "3.10.0"},{"date" => "2020-01-14T03:27:38","version" => "3.10.1"},{"date" => "2020-01-17T22:34:46","version" => "3.10.2"},{"date" => "2020-01-20T21:01:45","version" => "3.10.3"},{"date" => "2020-02-03T17:19:38","version" => "3.10.4"},{"date" => "2020-03-23T17:47:23","version" => "3.10.5"},{"date" => "2020-04-23T16:46:52","version" => "3.11.0"},{"date" => "2020-04-28T15:12:38","version" => "3.11.1"},{"date" => "2020-05-07T18:35:28","version" => "3.12.0"},{"date" => "2020-06-03T13:39:22","version" => "3.12.1"},{"date" => "2020-06-04T15:30:54","version" => "3.12.2"},{"date" => "2020-06-05T17:59:13","version" => "3.12.3"},{"date" => "2020-06-08T20:38:00","version" => "3.12.3_1"},{"date" => "2020-06-15T21:25:55","version" => "3.12.3_2"},{"date" => "2020-06-17T15:53:25","version" => "3.13.0"},{"date" => "2020-07-20T00:24:23","version" => "3.14.0"},{"date" => "2020-08-12T16:17:33","version" => "3.14.1"},{"date" => "2020-08-13T13:36:09","version" => "3.14.2"},{"date" => "2021-05-21T21:20:28","version" => "3.15.0"},{"date" => "2022-02-14T15:39:15","version" => "3.15.1"},{"date" => "2022-08-08T18:03:02","version" => "3.16.0"},{"date" => "2023-03-06T00:06:35","version" => "3.16.1"},{"date" => "2023-04-04T19:49:11","version" => "3.16.2"},{"date" => "2023-04-04T20:43:26","version" => "3.16.3"},{"date" => "2023-08-24T00:42:24","version" => "3.17.0"},{"date" => "2023-12-06T23:47:13","version" => "3.18.0"}]},"DBD-SQLite" => {"advisories" => [{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-15358"],"description" => "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-15358","references" => ["https://www.sqlite.org/src/info/10fa79d00f8091e5","https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2","https://www.sqlite.org/src/tktview?name=8f157e8010","https://security.netapp.com/advisory/ntap-20200709-0001/","https://security.gentoo.org/glsa/202007-26","https://usn.ubuntu.com/4438-1/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211847","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpujan2021.html","https://support.apple.com/kb/HT212147","http://seclists.org/fulldisclosure/2021/Feb/14","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-06-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13632"],"description" => "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13632","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/a4dd148928ea65bd","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13631"],"description" => "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13631","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/eca0ba2cf4c0fdf7","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c\@%3Cissues.guacamole.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13630"],"description" => "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13630","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/0d69f76f0865f962","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "high"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13435","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13434","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-11656","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-11655","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-9327"],"description" => "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-9327","references" => ["https://www.sqlite.org/cgi/src/info/4374860b29383380","https://www.sqlite.org/cgi/src/info/abc473fb8fb99900","https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e","https://security.netapp.com/advisory/ntap-20200313-0002/","https://security.gentoo.org/glsa/202003-16","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-02-21","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-20218"],"description" => "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-20218","references" => ["https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://security.gentoo.org/glsa/202007-26","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html"],"reported" => "2020-01-02","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19959"],"description" => "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19959","references" => ["https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec","https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1","https://security.netapp.com/advisory/ntap-20200204-0001/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"reported" => "2020-01-03","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19926","CVE-2019-19880"],"description" => "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19926","references" => ["https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4298-2/","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-23","severity" => "high"},{"affected_versions" => [">=1.19_01,<1.63_03"],"cves" => ["CVE-2019-8457"],"description" => "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.63_04"],"id" => "CPANSA-DBD-SQLite-2019-8457","references" => ["https://www.sqlite.org/src/info/90acdbfce9c08858","https://www.sqlite.org/releaselog/3_28_0.html","https://usn.ubuntu.com/4004-1/","https://usn.ubuntu.com/4004-2/","https://security.netapp.com/advisory/ntap-20190606-0002/","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2019-05-30","severity" => "critical"},{"affected_versions" => [">=1.61_03,<1.63_03"],"cves" => ["CVE-2019-5018"],"description" => "An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.63_04"],"id" => "CPANSA-DBD-SQLite-2019-5018","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777","http://www.securityfocus.com/bid/108294","http://packetstormsecurity.com/files/152809/Sqlite3-Window-Function-Remote-Code-Execution.html","https://security.netapp.com/advisory/ntap-20190521-0001/","https://security.gentoo.org/glsa/201908-09","https://usn.ubuntu.com/4205-1/"],"reported" => "2019-05-10","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19925"],"description" => "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19925","references" => ["https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19924"],"description" => "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19924","references" => ["https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3","https://security.netapp.com/advisory/ntap-20200114-0003/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "medium"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19923"],"description" => "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19923","references" => ["https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19880"],"description" => "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19880","references" => ["https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54","https://security.netapp.com/advisory/ntap-20200114-0001/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-18","severity" => "high"},{"affected_versions" => ["<=1.65_02"],"cves" => ["CVE-2019-19646"],"description" => "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19646","references" => ["https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd","https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3","https://www.sqlite.org/","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "critical"},{"affected_versions" => ["<=1.65_02"],"cves" => ["CVE-2019-19645"],"description" => "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19645","references" => ["https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4394-1/","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "medium"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19603"],"description" => "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19603","references" => ["https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13","https://www.sqlite.org/","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4394-1/","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c\@%3Cissues.guacamole.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19317"],"description" => "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19317","references" => ["https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8","https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-05","severity" => "critical"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19244"],"description" => "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19244","references" => ["https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-25","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19242","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["<1.61_01"],"cves" => ["CVE-2018-20506"],"description" => "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.61_01"],"id" => "CPANSA-DBD-SQLite-2018-20506","references" => ["https://support.apple.com/kb/HT209451","https://support.apple.com/kb/HT209450","https://support.apple.com/kb/HT209448","https://support.apple.com/kb/HT209447","https://support.apple.com/kb/HT209446","https://support.apple.com/kb/HT209443","https://sqlite.org/src/info/940f2adc8541a838","https://seclists.org/bugtraq/2019/Jan/39","https://seclists.org/bugtraq/2019/Jan/33","https://seclists.org/bugtraq/2019/Jan/32","https://seclists.org/bugtraq/2019/Jan/31","https://seclists.org/bugtraq/2019/Jan/29","https://seclists.org/bugtraq/2019/Jan/28","http://www.securityfocus.com/bid/106698","http://seclists.org/fulldisclosure/2019/Jan/69","http://seclists.org/fulldisclosure/2019/Jan/68","http://seclists.org/fulldisclosure/2019/Jan/67","http://seclists.org/fulldisclosure/2019/Jan/66","http://seclists.org/fulldisclosure/2019/Jan/64","http://seclists.org/fulldisclosure/2019/Jan/62","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html","https://security.netapp.com/advisory/ntap-20190502-0004/","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2019-04-03","severity" => "high"},{"affected_versions" => ["==1.59_02"],"cves" => ["CVE-2018-20505"],"description" => "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.59_03"],"id" => "CPANSA-DBD-SQLite-2018-20505","references" => ["https://support.apple.com/kb/HT209451","https://support.apple.com/kb/HT209450","https://support.apple.com/kb/HT209448","https://support.apple.com/kb/HT209447","https://support.apple.com/kb/HT209446","https://support.apple.com/kb/HT209443","https://sqlite.org/src/info/1a84668dcfdebaf12415d","https://seclists.org/bugtraq/2019/Jan/39","https://seclists.org/bugtraq/2019/Jan/33","https://seclists.org/bugtraq/2019/Jan/32","https://seclists.org/bugtraq/2019/Jan/31","https://seclists.org/bugtraq/2019/Jan/29","https://seclists.org/bugtraq/2019/Jan/28","http://www.securityfocus.com/bid/106698","http://seclists.org/fulldisclosure/2019/Jan/69","http://seclists.org/fulldisclosure/2019/Jan/68","http://seclists.org/fulldisclosure/2019/Jan/67","http://seclists.org/fulldisclosure/2019/Jan/66","http://seclists.org/fulldisclosure/2019/Jan/64","http://seclists.org/fulldisclosure/2019/Jan/62","https://security.netapp.com/advisory/ntap-20190502-0004/","https://usn.ubuntu.com/4019-1/"],"reported" => "2019-04-03","severity" => "high"},{"affected_versions" => ["<1.61_01"],"cves" => ["CVE-2018-20346"],"description" => "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.61_01"],"id" => "CPANSA-DBD-SQLite-2018-20346","references" => ["https://www.sqlite.org/releaselog/3_25_3.html","https://www.mail-archive.com/sqlite-users\@mailinglists.sqlite.org/msg113218.html","https://crbug.com/900910","https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://bugzilla.redhat.com/show_bug.cgi?id=1659677","https://bugzilla.redhat.com/show_bug.cgi?id=1659379","https://blade.tencent.com/magellan/index_en.html","https://access.redhat.com/articles/3758321","https://worthdoingbadly.com/sqlitebug/","https://sqlite.org/src/info/d44318f59044162e","https://sqlite.org/src/info/940f2adc8541a838","https://news.ycombinator.com/item?id=18685296","https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html","https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html","https://www.synology.com/security/advisory/Synology_SA_18_61","http://www.securityfocus.com/bid/106323","https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html","https://security.gentoo.org/glsa/201904-21","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://support.apple.com/HT209448","https://support.apple.com/HT209447","https://support.apple.com/HT209446","https://support.apple.com/HT209451","https://support.apple.com/HT209443","https://support.apple.com/HT209450","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2018-12-21","severity" => "high"},{"affected_versions" => ["<1.59_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.59_01"],"id" => "CPANSA-DBD-SQLite-2018-8740","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["==1.55_06","<=1.55_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.55_07"],"id" => "CPANSA-DBD-SQLite-2017-10989","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["<=1.55_01"],"cves" => ["CVE-2016-6153"],"description" => "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.55_01"],"id" => "CPANSA-DBD-SQLite-2016-6153","references" => ["http://www.openwall.com/lists/oss-security/2016/07/01/1","http://www.securityfocus.com/bid/91546","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/","https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt","https://www.sqlite.org/releaselog/3_13_0.html","http://www.sqlite.org/cgi/src/info/67985761aa93fb61","http://www.openwall.com/lists/oss-security/2016/07/01/2","http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html","https://www.tenable.com/security/tns-2016-20","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://github.com/briandfoy/cpan-security-advisory/issues/187","https://rt.cpan.org/Public/Bug/Display.html?id=118395"],"reported" => "2016-09-26","severity" => "medium"},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3416"],"description" => "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3416","references" => ["http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://rhn.redhat.com/errata/RHSA-2015-1634.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3415"],"description" => "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3415","references" => ["https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3414"],"description" => "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3414","references" => ["https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["==1.47_01"],"cves" => ["CVE-2013-7443"],"description" => "Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2013-7443","references" => ["https://www.sqlite.org/src/info/520070ec7fbaac73eda0e0123596b7bb3e9a6897","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1448758","https://www.sqlite.org/src/info/ac5852d6403c9c9628ca0aa7be135c702f000698","http://ubuntu.com/usn/usn-2698-1","http://www.openwall.com/lists/oss-security/2015/07/14/5","http://www.openwall.com/lists/oss-security/2015/07/15/4","http://www.securityfocus.com/bid/76089"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.00,<=1.02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.03,<=1.04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.05"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.07"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.08"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.09"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.10,<=1.11"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.12"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.13"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.14"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.19_01,<=1.22_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.22_05,<=1.26_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.26_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.26_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.26_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.26_05,<=1.26_06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.26_07,<=1.27"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.28_01,<=1.28_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.29,<=1.30_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.30_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.30_04,<=1.31"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.32_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.32_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.32_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.32_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.33"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.34_01,<=1.34_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.36_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.36_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.36_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.36_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.37"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.38_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.38_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.38_03,<=1.40"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.41_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.41_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.41_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.41_04,<=1.41_05"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.41_06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.41_07,<=1.43_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.43_03,<=1.43_07"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.43_08,<=1.44"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.45_01,<=1.45_05"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.45_06,<=1.46"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.47_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.47_02,<1.47_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.47_05,<=1.48"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.49_01,<=1.49_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.49_03,<=1.49_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.49_05"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.49_06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.49_07,<=1.50"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.51_01,<=1.51_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.51_04"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.51_05"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.51_06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.51_07,<=1.54"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.55_01"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.55_02"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["=1.55_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.55_04,<=1.55_05"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.55_04,<=1.55_05"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.55_06"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2017-10989-sqlite","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => [">=1.55_07,<=1.58"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.55_07,<=1.58"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.59_01"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.59_01"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.59_02,<=1.60"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.59_02,<=1.60"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.61_01,<=1.61_02"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.61_01,<=1.61_02"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.61_03,<=1.63_01"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.61_03,<=1.63_01"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.63_02,<=1.63_03"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.63_02,<=1.63_03"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.63_04"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.63_04"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.63_05,<=1.64"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.63_05,<=1.64"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.65_01"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.65_01"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.65_02"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13435-sqlite","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["=1.65_02"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-13434-sqlite","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => [">=1.65_03,<=1.66"],"cves" => ["CVE-2020-15358"],"description" => "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-15358-sqlite","references" => ["https://www.sqlite.org/src/info/10fa79d00f8091e5","https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2","https://www.sqlite.org/src/tktview?name=8f157e8010","https://security.netapp.com/advisory/ntap-20200709-0001/","https://security.gentoo.org/glsa/202007-26","https://usn.ubuntu.com/4438-1/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211847","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpujan2021.html","https://support.apple.com/kb/HT212147","http://seclists.org/fulldisclosure/2021/Feb/14","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-06-27","severity" => "medium"},{"affected_versions" => ["=1.67_01"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.67_01"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.67_01"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"}],"main_module" => "DBD::SQLite","versions" => [{"date" => "2002-02-19T18:56:55","version" => "0.05"},{"date" => "2002-02-22T07:29:26","version" => "0.06"},{"date" => "2002-02-23T11:19:51","version" => "0.07"},{"date" => "2002-02-25T12:59:46","version" => "0.08"},{"date" => "2002-02-27T19:46:01","version" => "0.09"},{"date" => "2002-02-28T11:11:10","version" => "0.10"},{"date" => "2002-03-13T12:16:23","version" => "0.11"},{"date" => "2002-03-21T16:49:25","version" => "0.12"},{"date" => "2002-03-26T22:39:39","version" => "0.13"},{"date" => "2002-03-28T15:59:02","version" => "0.14"},{"date" => "2002-04-02T10:48:10","version" => "0.15"},{"date" => "2002-06-17T23:50:53","version" => "0.16"},{"date" => "2002-06-26T13:59:05","version" => "0.17"},{"date" => "2002-07-12T13:46:37","version" => "0.18"},{"date" => "2002-08-13T22:19:45","version" => "0.19"},{"date" => "2002-10-17T16:25:57","version" => "0.20"},{"date" => "2002-10-18T07:08:42","version" => "0.21"},{"date" => "2002-12-18T18:02:11","version" => "0.22"},{"date" => "2002-12-29T16:25:29","version" => "0.23"},{"date" => "2003-01-29T16:47:23","version" => "0.24"},{"date" => "2003-03-06T22:24:48","version" => "0.25"},{"date" => "2003-07-31T15:16:06","version" => "0.26"},{"date" => "2003-08-18T20:17:31","version" => "0.27"},{"date" => "2003-08-25T13:42:07","version" => "0.28"},{"date" => "2003-12-05T15:42:05","version" => "0.29"},{"date" => "2004-02-08T18:45:02","version" => "0.30"},{"date" => "2004-02-14T19:18:16","version" => "0.31"},{"date" => "2004-07-21T21:19:33","version" => "1.00"},{"date" => "2004-08-01T04:49:09","version" => "1.01"},{"date" => "2004-08-02T18:35:42","version" => "1.02"},{"date" => "2004-08-09T15:43:59","version" => "1.03"},{"date" => "2004-08-23T15:14:21","version" => "1.04"},{"date" => "2004-09-10T15:46:34","version" => "1.05"},{"date" => "2004-09-21T17:26:28","version" => "1.06"},{"date" => "2004-10-12T09:07:33","version" => "1.07"},{"date" => "2005-02-26T13:47:33","version" => "1.08"},{"date" => "2005-06-20T15:42:32","version" => "1.09"},{"date" => "2005-12-01T20:56:30","version" => "1.10"},{"date" => "2005-12-02T19:13:29","version" => "1.11"},{"date" => "2006-04-10T02:24:08","version" => "1.12"},{"date" => "2006-09-08T05:02:06","version" => "1.13"},{"date" => "2007-09-19T19:25:09","version" => "1.14"},{"date" => "2009-03-27T11:11:41","version" => "1.19_01"},{"date" => "2009-03-28T16:46:41","version" => "1.19_02"},{"date" => "2009-03-30T21:58:59","version" => "1.19_03"},{"date" => "2009-03-31T20:31:37","version" => "1.19_04"},{"date" => "2009-04-02T04:24:12","version" => "1.19_05"},{"date" => "2009-04-03T19:21:54","version" => "1.19_06"},{"date" => "2009-04-04T00:49:42","version" => "1.19_07"},{"date" => "2009-04-04T04:29:03","version" => "1.19_08"},{"date" => "2009-04-05T03:16:37","version" => "1.19_09"},{"date" => "2009-04-05T19:43:04","version" => "1.19_10"},{"date" => "2009-04-07T14:00:36","version" => "1.20"},{"date" => "2009-04-08T01:24:11","version" => "1.21"},{"date" => "2009-04-08T02:05:13","version" => "1.22_01"},{"date" => "2009-04-08T11:49:36","version" => "1.22_02"},{"date" => "2009-04-09T09:40:39","version" => "1.22_03"},{"date" => "2009-04-11T01:58:53","version" => "1.22_04"},{"date" => "2009-04-14T15:52:05","version" => "1.22_05"},{"date" => "2009-04-15T14:59:20","version" => "1.22_06"},{"date" => "2009-04-16T05:40:28","version" => "1.22_07"},{"date" => "2009-04-17T09:08:15","version" => "1.22_08"},{"date" => "2009-04-19T09:53:00","version" => "1.23"},{"date" => "2009-04-22T02:14:33","version" => "1.24_01"},{"date" => "2009-04-23T00:50:02","version" => "1.24_02"},{"date" => "2009-04-23T10:20:49","version" => "1.25"},{"date" => "2009-05-05T06:04:00","version" => "1.26_01"},{"date" => "2009-06-19T06:56:29","version" => "1.26_02"},{"date" => "2009-08-12T06:01:13","version" => "1.26_03"},{"date" => "2009-10-06T06:23:40","version" => "1.26_04"},{"date" => "2009-10-15T04:05:19","version" => "1.26_05"},{"date" => "2009-10-28T11:16:12","version" => "1.26_06"},{"date" => "2009-11-16T01:47:37","version" => "1.26_07"},{"date" => "2009-11-23T11:15:09","version" => "1.27"},{"date" => "2009-12-23T11:44:07","version" => "1.28_01"},{"date" => "2010-01-03T05:56:21","version" => "1.28_02"},{"date" => "2010-01-08T09:14:18","version" => "1.29"},{"date" => "2010-03-10T15:55:37","version" => "1.30_01"},{"date" => "2010-03-30T11:45:57","version" => "1.30_02"},{"date" => "2010-05-31T03:13:24","version" => "1.30_03"},{"date" => "2010-08-25T09:25:41","version" => "1.30_04"},{"date" => "2010-08-27T15:31:59","version" => "1.30_05"},{"date" => "2010-09-09T01:49:17","version" => "1.30_06"},{"date" => "2010-09-15T07:30:11","version" => "1.31"},{"date" => "2010-12-10T05:14:51","version" => "1.32_01"},{"date" => "2011-03-07T06:57:51","version" => "1.32_02"},{"date" => "2011-05-12T05:05:38","version" => "1.32_03"},{"date" => "2011-05-20T02:39:29","version" => "1.32_04"},{"date" => "2011-05-30T07:39:31","version" => "1.33"},{"date" => "2011-09-21T16:26:23","version" => "1.34_01"},{"date" => "2011-10-21T06:13:45","version" => "1.34_02"},{"date" => "2011-11-01T03:51:19","version" => "1.34_03"},{"date" => "2011-11-29T00:16:47","version" => "1.35"},{"date" => "2012-01-19T06:15:08","version" => "1.36_01"},{"date" => "2012-02-23T04:11:05","version" => "1.36_02"},{"date" => "2012-05-07T22:56:21","version" => "1.36_03"},{"date" => "2012-05-19T09:46:14","version" => "1.36_04"},{"date" => "2012-06-09T14:43:03","version" => "1.37"},{"date" => "2012-09-24T10:18:25","version" => "1.38_01"},{"date" => "2013-04-09T05:03:21","version" => "1.38_02"},{"date" => "2013-05-21T05:14:23","version" => "1.38_03"},{"date" => "2013-05-29T07:11:57","version" => "1.38_04"},{"date" => "2013-05-31T04:39:53","version" => "1.38_05"},{"date" => "2013-06-09T15:10:40","version" => "1.39"},{"date" => "2013-07-28T05:31:53","version" => "1.40"},{"date" => "2013-08-27T06:41:37","version" => "1.41_01"},{"date" => "2013-08-29T18:53:29","version" => "1.41_02"},{"date" => "2013-09-04T17:57:50","version" => "1.41_03"},{"date" => "2014-01-12T01:19:09","version" => "1.41_04"},{"date" => "2014-01-22T03:53:26","version" => "1.41_05"},{"date" => "2014-02-12T02:53:38","version" => "1.41_06"},{"date" => "2014-03-13T13:44:52","version" => "1.41_07"},{"date" => "2014-03-19T15:29:13","version" => "1.42"},{"date" => "2014-03-25T18:50:08","version" => "1.43_01"},{"date" => "2014-03-25T19:58:13","version" => "1.43_02"},{"date" => "2014-06-12T05:01:15","version" => "1.43_03"},{"date" => "2014-07-21T01:13:47","version" => "1.43_04"},{"date" => "2014-07-21T05:45:41","version" => "1.43_05"},{"date" => "2014-07-22T00:31:31","version" => "1.43_06"},{"date" => "2014-07-29T17:03:09","version" => "1.43_07"},{"date" => "2014-08-21T09:01:11","version" => "1.43_08"},{"date" => "2014-10-20T07:50:46","version" => "1.43_09"},{"date" => "2014-10-22T14:15:00","version" => "1.44"},{"date" => "2014-10-22T15:33:37","version" => "1.45_01"},{"date" => "2014-10-23T08:21:27","version" => "1.45_02"},{"date" => "2014-10-24T17:57:53","version" => "1.45_03"},{"date" => "2014-10-28T08:28:00","version" => "1.45_04"},{"date" => "2014-11-25T04:07:43","version" => "1.45_05"},{"date" => "2014-11-26T08:52:49","version" => "1.45_06"},{"date" => "2014-12-10T06:23:03","version" => "1.46"},{"date" => "2015-02-17T07:00:46","version" => "1.47_01"},{"date" => "2015-04-16T13:30:38","version" => "1.47_02"},{"date" => "2015-04-16T14:45:00","version" => "1.47_03"},{"date" => "2015-05-01T17:37:17","version" => "1.47_04"},{"date" => "2015-05-08T13:49:32","version" => "1.47_05"},{"date" => "2015-06-11T16:10:44","version" => "1.48"},{"date" => "2015-08-04T11:18:05","version" => "1.49_01"},{"date" => "2015-10-10T03:43:45","version" => "1.49_02"},{"date" => "2015-11-05T05:52:27","version" => "1.49_03"},{"date" => "2015-11-24T12:59:11","version" => "1.49_04"},{"date" => "2016-01-11T13:32:43","version" => "1.49_05"},{"date" => "2016-01-15T03:40:44","version" => "1.49_06"},{"date" => "2016-01-21T01:11:59","version" => "1.49_07"},{"date" => "2016-01-30T00:55:58","version" => "1.49_08"},{"date" => "2016-02-10T15:04:42","version" => "1.50"},{"date" => "2016-02-20T01:03:50","version" => "1.51_01"},{"date" => "2016-02-20T01:49:29","version" => "1.51_02"},{"date" => "2016-02-20T11:06:51","version" => "1.51_03"},{"date" => "2016-03-07T04:33:35","version" => "1.51_04"},{"date" => "2016-06-23T01:22:57","version" => "1.51_05"},{"date" => "2016-10-15T00:21:14","version" => "1.51_06"},{"date" => "2016-10-16T05:16:29","version" => "1.51_07"},{"date" => "2016-11-15T13:02:35","version" => "1.52"},{"date" => "2016-11-26T01:34:30","version" => "1.53_01"},{"date" => "2016-12-24T02:36:45","version" => "1.54"},{"date" => "2017-01-03T15:42:47","version" => "1.55_01"},{"date" => "2017-01-07T16:49:21","version" => "1.55_02"},{"date" => "2017-02-14T01:31:43","version" => "1.55_03"},{"date" => "2017-11-21T17:07:32","version" => "1.55_04"},{"date" => "2017-12-15T18:52:29","version" => "1.55_05"},{"date" => "2018-01-27T07:33:51","version" => "1.55_06"},{"date" => "2018-01-27T07:42:58","version" => "1.55_07"},{"date" => "2018-02-28T09:01:25","version" => "1.56"},{"date" => "2018-03-21T06:45:29","version" => "1.57_01"},{"date" => "2018-03-28T11:56:19","version" => "1.58"},{"date" => "2018-09-16T19:25:50","version" => "1.59_01"},{"date" => "2018-09-30T06:09:34","version" => "1.59_02"},{"date" => "2018-11-03T12:14:20","version" => "1.59_03"},{"date" => "2018-12-01T02:42:29","version" => "1.60"},{"date" => "2018-12-01T08:01:30","version" => "1.61_01"},{"date" => "2018-12-01T09:10:18","version" => "1.61_02"},{"date" => "2018-12-19T13:03:22","version" => "1.61_03"},{"date" => "2018-12-22T06:37:21","version" => "1.61_04"},{"date" => "2018-12-28T17:59:27","version" => "1.62"},{"date" => "2019-01-25T22:31:45","version" => "1.63_01"},{"date" => "2019-02-13T19:09:44","version" => "1.63_02"},{"date" => "2019-02-14T16:56:40","version" => "1.63_03"},{"date" => "2019-05-24T16:39:18","version" => "1.63_04"},{"date" => "2019-07-11T17:50:51","version" => "1.63_05"},{"date" => "2019-08-12T09:02:59","version" => "1.64"},{"date" => "2020-01-18T01:56:18","version" => "1.65_01"},{"date" => "2020-02-08T13:02:59","version" => "1.65_02"},{"date" => "2020-07-26T16:42:08","version" => "1.65_03"},{"date" => "2020-08-30T02:14:15","version" => "1.66"},{"date" => "2020-11-24T12:57:56","version" => "1.67_01"},{"date" => "2020-12-05T17:06:24","version" => "1.67_02"},{"date" => "2021-03-30T21:37:13","version" => "1.67_03"},{"date" => "2021-05-30T22:56:01","version" => "1.67_04"},{"date" => "2021-06-12T23:39:11","version" => "1.67_05"},{"date" => "2021-06-14T03:49:54","version" => "1.67_06"},{"date" => "2021-06-19T00:57:41","version" => "1.67_07"},{"date" => "2021-07-22T05:30:17","version" => "1.68"},{"date" => "2021-07-29T21:09:19","version" => "1.69_01"},{"date" => "2021-07-30T14:21:39","version" => "1.69_02"},{"date" => "2021-08-01T10:20:33","version" => "1.70"},{"date" => "2021-12-01T17:03:29","version" => "1.71_01"},{"date" => "2022-01-06T20:51:05","version" => "1.71_02"},{"date" => "2022-02-23T10:49:28","version" => "1.71_03"},{"date" => "2022-02-26T00:59:40","version" => "1.71_04"},{"date" => "2022-02-26T02:49:09","version" => "1.71_05"},{"date" => "2022-03-12T02:54:15","version" => "1.71_06"},{"date" => "2022-10-25T18:36:30","version" => "1.71_07"},{"date" => "2022-11-03T16:28:17","version" => "1.72"},{"date" => "2023-07-09T01:04:52","version" => "1.73_01"},{"date" => "2023-09-19T17:26:03","version" => "1.74"},{"date" => "2024-09-17T14:05:40","version" => "1.75_01"},{"date" => "2024-10-19T04:47:07","version" => "1.76"},{"date" => "2025-11-24T04:21:58","version" => "1.77_01"},{"date" => "2025-11-24T08:08:46","version" => "1.77_02"},{"date" => "2025-12-27T02:02:17","version" => "1.77_03"},{"date" => "2026-01-02T01:23:08","version" => "1.78"}]},"DBD-mysql" => {"advisories" => [{"affected_versions" => ["<4.044"],"cves" => ["CVE-2017-10788"],"description" => "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.044"],"id" => "CPANSA-DBD-mysql-2017-02","references" => ["https://github.com/perl5-dbi/DBD-mysql/issues/120","http://www.securityfocus.com/bid/99374","http://seclists.org/oss-sec/2017/q2/443"],"reported" => "2017-04-13"},{"affected_versions" => ["<4.044"],"cves" => ["CVE-2017-10789"],"description" => "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.044"],"id" => "CPANSA-DBD-mysql-2017-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/pull/114"],"reported" => "2017-03-23"},{"affected_versions" => [">=2.9003,<4.039"],"cves" => ["CVE-2016-1249"],"description" => "Out-of-bounds read.\n","distribution" => "DBD-mysql","fixed_versions" => ["<2.9003,>=4.039"],"id" => "CPANSA-DBD-mysql-2016-03","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"],"reported" => "2016-11-16"},{"affected_versions" => ["<4.037"],"cves" => ["CVE-2016-1246"],"description" => "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.037"],"id" => "CPANSA-DBD-mysql-2016-02","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2","http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"],"reported" => "2016-10-02"},{"affected_versions" => ["<4.034"],"cves" => ["CVE-2015-8949"],"description" => "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.034"],"id" => "CPANSA-DBD-mysql-2016-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"],"reported" => "2016-08-19"},{"affected_versions" => ["<4.041"],"cves" => ["CVE-2016-1251"],"description" => "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.041"],"id" => "CPANSA-DBD-mysql-2015-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"],"reported" => "2015-12-27"},{"affected_versions" => ["<4.028"],"cves" => ["CVE-2014-9906"],"description" => "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.028"],"id" => "CPANSA-DBD-mysql-2014-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc","https://rt.cpan.org/Public/Bug/Display.html?id=97625"],"reported" => "2014-07-30"}],"main_module" => "DBD::mysql","versions" => [{"date" => "2000-04-15T20:17:36","version" => "v1.2212."},{"date" => "2001-05-06T21:47:46","version" => "2.0900"},{"date" => "2001-05-25T21:24:45","version" => "2.0901"},{"date" => "2001-07-09T21:10:17","version" => "2.0902"},{"date" => "2001-10-28T22:53:19","version" => "2.0903"},{"date" => "2001-10-31T04:01:07","version" => "2.1000"},{"date" => "2001-11-04T17:55:04","version" => "2.1001"},{"date" => "2001-11-04T18:22:30","version" => "2.1002"},{"date" => "2001-11-05T20:14:34","version" => "2.1003"},{"date" => "2001-11-13T01:24:26","version" => "2.1004"},{"date" => "2001-12-13T09:07:53","version" => "2.1005"},{"date" => "2001-12-27T18:10:04","version" => "2.1007"},{"date" => "2001-12-27T18:10:21","version" => "2.1006"},{"date" => "2001-12-28T17:06:05","version" => "2.1008"},{"date" => "2002-01-01T20:02:26","version" => "2.1009"},{"date" => "2002-01-07T21:33:21","version" => "2.1010"},{"date" => "2002-02-12T11:09:53","version" => "2.1011"},{"date" => "2002-04-12T07:21:06","version" => "2.1012"},{"date" => "2002-04-15T07:49:36","version" => "2.1013"},{"date" => "2002-04-17T21:24:26","version" => "2.1014"},{"date" => "2002-04-29T20:53:41","version" => "2.1015"},{"date" => "2002-05-01T20:07:05","version" => "2.1016"},{"date" => "2002-05-02T20:59:04","version" => "2.1017"},{"date" => "2002-08-13T17:52:25","version" => "2.1018"},{"date" => "2002-09-16T18:42:20","version" => "2.1019"},{"date" => "2002-09-23T20:42:50","version" => "2.1020"},{"date" => "2002-12-17T20:46:14","version" => "2.1021"},{"date" => "2003-01-03T02:46:24","version" => "2.1022"},{"date" => "2003-01-19T21:19:03","version" => "2.1023"},{"date" => "2003-01-20T12:08:27","version" => "2.1024"},{"date" => "2003-02-07T21:09:44","version" => "2.1025"},{"date" => "2003-03-03T20:46:27","version" => "2.1026"},{"date" => "2003-05-31T18:08:15","version" => "2.1027"},{"date" => "2003-06-25T16:12:36","version" => "2.1028"},{"date" => "2003-06-27T04:32:05","version" => "2.9002"},{"date" => "2003-09-12T17:04:42","version" => "2.9003_1"},{"date" => "2003-10-27T03:39:04","version" => "2.9003"},{"date" => "2004-07-01T03:24:14","version" => "2.9004_2"},{"date" => "2004-07-14T03:07:34","version" => "2.9004"},{"date" => "2004-10-20T17:27:25","version" => "2.9005_1"},{"date" => "2004-10-28T00:39:25","version" => "2.9005_3"},{"date" => "2005-03-29T02:43:14","version" => "2.9005"},{"date" => "2005-04-04T04:27:00","version" => "2.9006"},{"date" => "2005-04-27T00:13:49","version" => "2.9015_3"},{"date" => "2005-04-27T00:14:06","version" => "2.9007"},{"date" => "2005-06-06T01:39:20","version" => "2.9008"},{"date" => "2005-07-01T01:48:20","version" => "3.0000"},{"date" => "2005-07-03T21:56:11","version" => "3.0000_0"},{"date" => "2005-07-04T15:53:40","version" => "3.0001_0"},{"date" => "2005-07-04T16:16:00","version" => "3.0001_1"},{"date" => "2005-07-07T01:14:17","version" => "3.0001"},{"date" => "2005-07-07T01:22:39","version" => "3.0001_2"},{"date" => "2005-07-08T05:37:13","version" => "3.0001_3"},{"date" => "2005-07-11T16:49:47","version" => "3.0002"},{"date" => "2005-08-04T02:50:35","version" => "3.0002_1"},{"date" => "2005-09-26T23:22:57","version" => "3.0002_2"},{"date" => "2005-09-28T18:58:55","version" => "3.0002_3"},{"date" => "2005-11-06T21:47:29","version" => "3.0002_4"},{"date" => "2006-02-01T23:20:01","version" => "3.0002_5"},{"date" => "2006-05-04T17:49:06","version" => "3.0003"},{"date" => "2006-05-04T17:49:23","version" => "3.0003_1"},{"date" => "2006-05-21T17:28:22","version" => "3.0004"},{"date" => "2006-05-21T17:28:33","version" => "3.0004_1"},{"date" => "2006-06-10T01:21:49","version" => "3.0005_1"},{"date" => "2006-06-10T01:22:01","version" => "3.0005"},{"date" => "2006-06-11T17:05:25","version" => "3.0006"},{"date" => "2006-06-11T17:05:36","version" => "3.0006_1"},{"date" => "2006-09-08T23:12:02","version" => "3.0007"},{"date" => "2006-09-08T23:13:45","version" => "3.0007_1"},{"date" => "2006-10-07T12:59:23","version" => "3.0007_2"},{"date" => "2006-10-16T13:42:13","version" => "3.0008"},{"date" => "2006-10-16T13:42:24","version" => "3.0008_1"},{"date" => "2006-12-24T14:11:04","version" => "4.00"},{"date" => "2007-01-08T01:11:12","version" => "4.001"},{"date" => "2007-03-02T03:32:59","version" => "4.002"},{"date" => "2007-03-02T14:13:37","version" => "4.003"},{"date" => "2007-03-22T22:31:22","version" => "4.004"},{"date" => "2007-06-08T15:33:34","version" => "4.005"},{"date" => "2007-12-26T22:50:48","version" => "4.006"},{"date" => "2008-05-11T15:56:07","version" => "4.007"},{"date" => "2008-08-15T14:06:50","version" => "4.008"},{"date" => "2008-10-22T01:05:54","version" => "4.009"},{"date" => "2008-10-24T14:00:41","version" => "4.010"},{"date" => "2009-04-14T02:40:31","version" => "4.011"},{"date" => "2009-06-19T02:08:06","version" => "4.012"},{"date" => "2009-09-16T18:37:29","version" => "4.013"},{"date" => "2010-04-15T03:17:58","version" => "4.014"},{"date" => "2010-07-09T19:48:58","version" => "4.015"},{"date" => "2010-07-10T16:50:49","version" => "4.016"},{"date" => "2010-08-12T05:50:17","version" => "4.017"},{"date" => "2010-10-26T16:59:27","version" => "4.018"},{"date" => "2011-05-09T01:28:25","version" => "4.019"},{"date" => "2011-08-20T18:45:49","version" => "4.020"},{"date" => "2012-04-28T14:18:16","version" => "4.021"},{"date" => "2012-08-30T02:00:19","version" => "4.022"},{"date" => "2013-04-12T21:48:10","version" => "4.023"},{"date" => "2013-09-17T16:04:11","version" => "4.024"},{"date" => "2013-11-04T18:29:18","version" => "4.025"},{"date" => "2014-01-16T01:33:03","version" => "4.026"},{"date" => "2014-03-19T14:25:36","version" => "4.027"},{"date" => "2014-08-01T19:59:28","version" => "4.028"},{"date" => "2014-12-09T02:39:44","version" => "4.029"},{"date" => "2015-01-28T03:53:42","version" => "4.030_01"},{"date" => "2015-03-02T20:44:31","version" => "4.030_02"},{"date" => "2015-03-06T20:12:05","version" => "4.031"},{"date" => "2015-04-16T22:28:43","version" => "4.032_01"},{"date" => "2015-07-21T12:15:24","version" => "4.032"},{"date" => "2015-10-25T19:59:17","version" => "4.032_03"},{"date" => "2015-10-27T03:37:29","version" => "4.033"},{"date" => "2015-12-15T07:16:36","version" => "4.033_01"},{"date" => "2015-12-18T07:00:41","version" => "4.033_02"},{"date" => "2016-07-04T19:32:50","version" => "4.033_03"},{"date" => "2016-07-06T06:32:05","version" => "4.034"},{"date" => "2016-07-09T05:50:13","version" => "4.035"},{"date" => "2016-08-01T06:29:25","version" => "4.035_01"},{"date" => "2016-08-11T08:11:18","version" => "4.035_02"},{"date" => "2016-08-19T15:52:10","version" => "4.035_03"},{"date" => "2016-08-23T05:59:26","version" => "4.036"},{"date" => "2016-10-03T07:00:29","version" => "4.037"},{"date" => "2016-10-14T20:56:49","version" => "4.037_01"},{"date" => "2016-10-19T19:37:55","version" => "4.037_02"},{"date" => "2016-10-20T02:33:04","version" => "4.038"},{"date" => "2016-10-30T08:45:31","version" => "4.038_01"},{"date" => "2016-11-16T03:57:57","version" => "4.039"},{"date" => "2016-11-19T19:56:51","version" => "4.040"},{"date" => "2016-11-28T20:40:41","version" => "4.041"},{"date" => "2016-12-13T06:59:09","version" => "4.041_01"},{"date" => "2017-02-28T20:57:20","version" => "4.041_02"},{"date" => "2017-03-08T20:32:52","version" => "4.042"},{"date" => "2017-06-29T21:12:09","version" => "4.043"},{"date" => "2018-01-23T01:53:30","version" => "4.044"},{"date" => "2018-02-07T21:43:00","version" => "4.044"},{"date" => "2018-02-08T20:30:55","version" => "4.045"},{"date" => "2018-02-08T20:48:11","version" => "4.046"},{"date" => "2018-03-09T20:27:44","version" => "4.046_01"},{"date" => "2018-09-09T03:02:20","version" => "4.047"},{"date" => "2018-09-15T12:46:51","version" => "4.048"},{"date" => "2018-11-17T18:58:09","version" => "4.049"},{"date" => "2019-01-09T09:07:15","version" => "4.050"},{"date" => "2019-10-07T10:06:13","version" => "4.018_01"},{"date" => "2023-10-04T07:10:45","version" => "4.051"},{"date" => "2023-10-04T07:20:03","version" => "5.001"},{"date" => "2023-10-24T09:02:42","version" => "5.002"},{"date" => "2023-12-01T07:13:15","version" => "4.052"},{"date" => "2023-12-01T07:14:42","version" => "5.003"},{"date" => "2024-03-19T08:16:14","version" => "5.004"},{"date" => "2024-05-01T09:04:33","version" => "5.005"},{"date" => "2024-06-04T19:59:44","version" => "5.006"},{"date" => "2024-07-01T06:02:18","version" => "5.007"},{"date" => "2024-07-30T07:47:38","version" => "5.008"},{"date" => "2024-09-19T08:35:24","version" => "5.009"},{"date" => "2024-11-11T06:43:01","version" => "5.010"},{"date" => "2025-01-06T06:52:30","version" => "4.053"},{"date" => "2025-01-06T06:55:27","version" => "5.011"},{"date" => "2025-04-11T16:18:15","version" => "5.012"},{"date" => "2025-08-03T08:51:10","version" => "4.054"},{"date" => "2025-08-03T08:51:21","version" => "5.013"},{"date" => "2026-02-23T07:39:11","version" => "4.055"}]},"DBD-mysqlPP" => {"advisories" => [{"affected_versions" => ["<0.93"],"cves" => [],"description" => "SQL injection.\n","distribution" => "DBD-mysqlPP","fixed_versions" => [">=0.03"],"id" => "CPANSA-DBD-mysqlPP-2011-01","references" => ["https://metacpan.org/changes/distribution/DBD-mysqlPP","https://jvn.jp/en/jp/JVN51216285/index.html"],"reported" => "2011-10-14","severity" => "high"}],"main_module" => "DBD::mysqlPP","versions" => [{"date" => "2002-04-04T07:20:36","version" => "0.02"},{"date" => "2002-04-15T10:26:39","version" => "0.03"},{"date" => "2003-01-24T11:14:14","version" => "0.04"},{"date" => "2011-10-21T23:07:07","version" => "0.05"},{"date" => "2011-10-26T22:17:22","version" => "0.06"},{"date" => "2011-11-17T22:24:50","version" => "0.07"}]},"DBI" => {"advisories" => [{"affected_versions" => ["<1.643"],"cves" => ["CVE-2020-14393"],"description" => "A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-01","references" => ["https://metacpan.org/changes/distribution/DBI","https://bugzilla.redhat.com/show_bug.cgi?id=1877409"],"reported" => "2020-09-16","severity" => "high"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2020-14392"],"description" => "An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-03","references" => ["https://metacpan.org/changes/distribution/DBI","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://bugzilla.redhat.com/show_bug.cgi?id=1877402","https://bugzilla.redhat.com/show_bug.cgi?id=1877402","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html","https://usn.ubuntu.com/4503-1/"],"reported" => "2020-06-17","severity" => "high"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2019-20919"],"description" => "An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-02","references" => ["https://metacpan.org/changes/distribution/DBI","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20919","https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff","https://bugzilla.redhat.com/show_bug.cgi?id=1877405","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","https://lists.opensuse.org/archives/list/security-announce\@lists.opensuse.org/message/US6VXPKVAYHOKNFSAFLM3FWNYZSJKQHS/","https://lists.opensuse.org/archives/list/security-announce\@lists.opensuse.org/message/KJN7E27GD6QQ2CRGEJ3TNW2DJFXA2AKN/","https://ubuntu.com/security/notices/USN-4534-1"],"reported" => "2020-09-17","severity" => "high"},{"affected_versions" => ["<1.632"],"cves" => [],"description" => "DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.\n","distribution" => "DBI","fixed_versions" => [">=1.632"],"id" => "CPANSA-DBI-2014-01","references" => ["https://metacpan.org/changes/distribution/DBI","https://rt.cpan.org/Public/Bug/Display.html?id=99508"],"reported" => "2014-10-15","severity" => "high"},{"affected_versions" => ["<1.47"],"cves" => ["CVE-2005-0077"],"description" => "Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.\n","distribution" => "DBI","fixed_versions" => [">=1.47"],"id" => "CPANSA-DBI-2005-01","references" => ["https://metacpan.org/changes/distribution/DBI"],"reported" => "2005-05-02"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2014-10402"],"description" => "An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.\n","distribution" => "DBI","fixed_versions" => [">=1.644"],"id" => "CPANSA-DBI-2014-10402","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590","https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes"],"reported" => "2020-09-16","severity" => "medium"},{"affected_versions" => ["<1.632"],"cves" => ["CVE-2014-10401"],"description" => "An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.\n","distribution" => "DBI","fixed_versions" => [">=1.644"],"id" => "CPANSA-DBI-2014-10401","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=99508","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014","https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a","https://usn.ubuntu.com/4509-1/","https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes"],"reported" => "2020-09-11","severity" => "medium"},{"affected_versions" => ["<1.628"],"cves" => ["CVE-2013-7491"],"description" => "An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.\n","distribution" => "DBI","fixed_versions" => [">=1.628"],"id" => "CPANSA-DBI-2013-7491","references" => ["https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.628-22nd-July-2013","https://rt.cpan.org/Public/Bug/Display.html?id=85562"],"reported" => "2020-09-11","severity" => "medium"},{"affected_versions" => ["<1.632"],"cves" => ["CVE-2013-7490"],"description" => "An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.\n","distribution" => "DBI","fixed_versions" => [">=1.632"],"id" => "CPANSA-DBI-2013-7490","references" => ["https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014","https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941","https://usn.ubuntu.com/4509-1/"],"reported" => "2020-09-11","severity" => "medium"}],"main_module" => "DBI","versions" => [{"date" => "1995-10-27T08:14:00","version" => "0.64"},{"date" => "1996-02-15T22:07:00","version" => "0.67"},{"date" => "1996-04-22T10:22:00","version" => "0.68"},{"date" => "1996-05-07T19:46:00","version" => "0.69"},{"date" => "1996-06-16T21:08:00","version" => "0.70"},{"date" => "1996-07-10T00:49:00","version" => "0.71"},{"date" => "1996-09-23T16:33:00","version" => "0.72"},{"date" => "1996-10-15T00:58:00","version" => "0.73"},{"date" => "1997-01-14T16:59:00","version" => "0.74"},{"date" => "1997-01-27T21:59:00","version" => "0.75"},{"date" => "1997-02-03T18:54:00","version" => "0.76"},{"date" => "1997-02-21T14:27:00","version" => "0.77"},{"date" => "1997-03-28T14:36:00","version" => "0.78"},{"date" => "1997-04-07T18:28:00","version" => "0.79"},{"date" => "1997-05-07T11:45:00","version" => "0.80"},{"date" => "1997-05-07T14:05:00","version" => "0.81"},{"date" => "1997-05-23T15:56:00","version" => "0.82"},{"date" => "1997-06-11T21:40:00","version" => "0.83"},{"date" => "1997-06-20T15:36:00","version" => "0.84"},{"date" => "1997-06-25T10:25:00","version" => "0.85"},{"date" => "1997-07-16T16:38:00","version" => "0.001"},{"date" => "1997-07-18T11:27:00","version" => "0.87"},{"date" => "1997-07-22T21:27:00","version" => "0.88"},{"date" => "1997-07-25T13:46:55","version" => "0.89"},{"date" => "1997-09-05T19:38:52","version" => "0.90"},{"date" => "1997-12-10T17:15:14","version" => "0.91"},{"date" => "1998-02-05T20:45:45","version" => "0.92"},{"date" => "1998-02-13T15:21:52","version" => "0.93"},{"date" => "1998-08-10T03:23:46","version" => "0.94"},{"date" => "1998-08-11T13:21:19","version" => "0.95"},{"date" => "1998-08-14T20:38:42","version" => "1.00"},{"date" => "1998-09-02T14:59:47","version" => "1.01"},{"date" => "1998-09-04T12:29:52","version" => "1.02"},{"date" => "1999-01-18T21:52:15","version" => "1.06"},{"date" => "1999-05-13T01:49:11","version" => "1.08"},{"date" => "1999-06-02T13:44:40","version" => "1.08"},{"date" => "1999-06-09T20:57:59","version" => "1.09"},{"date" => "1999-06-13T23:52:03","version" => "1.10"},{"date" => "1999-06-17T13:22:36","version" => "1.11"},{"date" => "1999-06-29T23:07:41","version" => "1.12"},{"date" => "1999-07-12T03:28:41","version" => "1.13"},{"date" => "2000-06-11T02:39:59","version" => "1.03_80"},{"date" => "2000-06-14T20:30:57","version" => "1.14"},{"date" => "2001-03-30T15:03:31","version" => "1.15"},{"date" => "2001-05-29T23:25:57","version" => "1.16"},{"date" => "2001-06-04T17:12:30","version" => "1.17"},{"date" => "2001-06-04T19:00:37","version" => "1.18"},{"date" => "2001-07-20T22:29:24","version" => "1.19"},{"date" => "2001-08-24T23:32:10","version" => "1.20"},{"date" => "2002-01-10T15:25:45","version" => "1.201"},{"date" => "2002-02-07T03:30:16","version" => "1.21"},{"date" => "2002-03-13T14:18:00","version" => "1.21"},{"date" => "2002-05-22T13:42:15","version" => "1.22"},{"date" => "2002-05-25T17:38:03","version" => "1.23"},{"date" => "2002-06-05T03:32:38","version" => "1.24"},{"date" => "2002-06-05T22:42:04","version" => "1.25"},{"date" => "2002-06-13T12:30:47","version" => "1.26"},{"date" => "2002-06-13T15:19:06","version" => "1.27"},{"date" => "2002-06-14T13:13:53","version" => "1.28"},{"date" => "2002-06-26T09:34:24","version" => "1.28"},{"date" => "2002-07-15T11:24:40","version" => "1.29"},{"date" => "2002-07-18T14:27:25","version" => "1.30"},{"date" => "2002-11-30T00:49:54","version" => "1.31"},{"date" => "2002-12-01T23:01:26","version" => "1.32"},{"date" => "2002-12-20T16:23:29","version" => "1.32"},{"date" => "2003-02-26T18:01:24","version" => "1.32_90"},{"date" => "2003-02-27T00:25:32","version" => "1.33"},{"date" => "2003-02-28T17:53:35","version" => "1.34"},{"date" => "2003-03-07T22:02:20","version" => "1.35"},{"date" => "2003-05-14T11:13:39","version" => "1.36"},{"date" => "2003-05-15T18:02:26","version" => "1.37"},{"date" => "2003-08-25T20:36:26","version" => "1.38"},{"date" => "2003-11-27T23:46:40","version" => "1.39"},{"date" => "2004-01-08T14:04:59","version" => "1.39"},{"date" => "2004-02-23T14:54:21","version" => "1.41"},{"date" => "2004-03-12T16:40:08","version" => "1.41"},{"date" => "2004-07-05T10:02:05","version" => "1.43"},{"date" => "2004-10-05T21:27:23","version" => "1.44"},{"date" => "2004-10-06T13:49:20","version" => "1.45"},{"date" => "2004-11-16T12:38:32","version" => "1.46"},{"date" => "2005-02-02T11:28:46","version" => "1.47"},{"date" => "2005-03-14T17:03:33","version" => "1.48"},{"date" => "2005-11-29T19:59:40","version" => "1.49"},{"date" => "2005-12-14T16:55:16","version" => "1.50"},{"date" => "2006-04-19T15:56:38","version" => "1.45"},{"date" => "2006-06-06T12:08:36","version" => "1.51"},{"date" => "2006-08-08T21:13:32","version" => "1.52"},{"date" => "2006-11-02T00:38:01","version" => "1.53"},{"date" => "2007-02-23T17:15:23","version" => "1.54"},{"date" => "2007-05-04T14:56:38","version" => "1.55"},{"date" => "2007-05-10T14:04:04","version" => "1.56"},{"date" => "2007-05-13T22:00:58","version" => "1.56"},{"date" => "2007-06-13T16:45:34","version" => "1.57"},{"date" => "2007-06-15T17:06:42","version" => "1.57"},{"date" => "2007-06-18T15:15:31","version" => "1.57"},{"date" => "2007-06-25T22:11:47","version" => "1.58"},{"date" => "2007-08-22T17:02:10","version" => "1.59"},{"date" => "2007-08-23T12:22:26","version" => "1.59"},{"date" => "2007-08-23T13:59:53","version" => "1.59"},{"date" => "2007-08-24T09:19:29","version" => "1.59"},{"date" => "2007-10-16T13:12:55","version" => "1.601"},{"date" => "2007-10-21T22:12:52","version" => "1.601"},{"date" => "2008-02-09T22:06:13","version" => "1.602"},{"date" => "2008-03-22T00:11:03","version" => "1.603"},{"date" => "2008-03-24T14:11:41","version" => "1.604"},{"date" => "2008-06-16T19:19:43","version" => "1.605"},{"date" => "2008-07-22T21:01:09","version" => "1.606"},{"date" => "2008-07-22T21:50:54","version" => "1.607"},{"date" => "2009-05-02T22:58:48","version" => "1.608"},{"date" => "2009-05-05T12:05:19","version" => "1.608"},{"date" => "2009-06-05T22:57:34","version" => "1.609"},{"date" => "2009-06-08T10:29:18","version" => "1.609"},{"date" => "2010-03-02T21:26:39","version" => "1.611"},{"date" => "2010-04-22T11:06:31","version" => "1.611"},{"date" => "2010-04-27T15:13:32","version" => "1.611"},{"date" => "2010-04-29T19:54:44","version" => "1.611"},{"date" => "2010-05-28T10:29:17","version" => "1.612"},{"date" => "2010-06-15T22:47:23","version" => "1.612"},{"date" => "2010-06-16T19:18:05","version" => "1.612"},{"date" => "2010-07-02T14:26:03","version" => "1.612"},{"date" => "2010-07-15T15:00:53","version" => "1.612"},{"date" => "2010-07-16T19:36:42","version" => "1.612"},{"date" => "2010-07-22T17:34:16","version" => "1.613"},{"date" => "2010-07-25T15:50:15","version" => "1.613"},{"date" => "2010-07-30T14:17:33","version" => "1.614"},{"date" => "2010-08-16T16:34:58","version" => "1.614"},{"date" => "2010-08-30T20:11:00","version" => "1.614"},{"date" => "2010-08-30T20:26:37","version" => "1.614"},{"date" => "2010-08-30T20:56:09","version" => "1.614"},{"date" => "2010-09-02T15:44:21","version" => "1.614"},{"date" => "2010-09-09T10:24:11","version" => "1.614"},{"date" => "2010-09-16T16:23:50","version" => "1.614"},{"date" => "2010-09-17T09:48:02","version" => "1.614"},{"date" => "2010-09-21T10:14:29","version" => "1.615"},{"date" => "2010-09-22T12:28:20","version" => "1.615"},{"date" => "2010-12-18T21:51:52","version" => "1.616"},{"date" => "2010-12-21T23:26:46","version" => "1.616"},{"date" => "2010-12-29T14:39:48","version" => "1.616"},{"date" => "2010-12-30T10:26:51","version" => "1.616"},{"date" => "2012-01-02T17:12:53","version" => "1.617"},{"date" => "2012-01-28T09:34:18","version" => "1.617"},{"date" => "2012-01-30T10:06:49","version" => "1.617"},{"date" => "2012-02-07T22:54:02","version" => "1.618"},{"date" => "2012-02-13T18:24:33","version" => "1.618"},{"date" => "2012-02-23T11:05:45","version" => "1.618"},{"date" => "2012-02-25T14:24:39","version" => "1.618"},{"date" => "2012-04-18T11:57:55","version" => "1.619"},{"date" => "2012-04-20T20:21:54","version" => "1.619"},{"date" => "2012-04-23T22:09:14","version" => "1.619"},{"date" => "2012-04-25T12:46:54","version" => "1.620"},{"date" => "2012-05-21T13:06:09","version" => "1.621"},{"date" => "2012-05-22T22:17:06","version" => "1.621"},{"date" => "2012-06-06T16:51:00","version" => "1.622"},{"date" => "2012-07-13T15:24:35","version" => "1.623"},{"date" => "2012-10-30T13:01:14","version" => "1.623"},{"date" => "2012-11-19T23:27:04","version" => "1.623"},{"date" => "2012-12-13T16:26:23","version" => "1.623"},{"date" => "2012-12-21T17:22:01","version" => "1.623"},{"date" => "2013-01-02T10:09:42","version" => "1.623"},{"date" => "2013-03-22T20:41:50","version" => "1.624"},{"date" => "2013-03-28T21:59:38","version" => "1.625"},{"date" => "2013-05-15T11:28:03","version" => "1.626"},{"date" => "2013-05-16T20:30:50","version" => "1.627"},{"date" => "2013-06-24T21:56:27","version" => "1.628"},{"date" => "2013-06-24T22:12:23","version" => "1.628"},{"date" => "2013-06-30T19:08:08","version" => "1.628"},{"date" => "2013-07-02T11:27:23","version" => "1.628"},{"date" => "2013-07-22T13:22:40","version" => "1.628"},{"date" => "2013-10-11T12:28:12","version" => "1.629"},{"date" => "2013-10-13T16:02:52","version" => "1.629"},{"date" => "2013-10-15T12:24:53","version" => "1.629"},{"date" => "2013-10-22T11:58:53","version" => "1.629_50"},{"date" => "2013-10-28T12:51:39","version" => "1.630"},{"date" => "2014-01-13T13:51:01","version" => "1.631"},{"date" => "2014-01-16T11:34:34","version" => "1.631"},{"date" => "2014-01-20T11:12:44","version" => "1.631"},{"date" => "2014-10-23T14:08:22","version" => "1.631"},{"date" => "2014-11-05T11:15:07","version" => "1.632"},{"date" => "2015-01-08T14:31:52","version" => "1.632"},{"date" => "2015-01-11T13:26:05","version" => "1.633"},{"date" => "2015-07-18T13:16:07","version" => "1.633"},{"date" => "2015-07-19T14:34:22","version" => "1.633_91"},{"date" => "2015-07-22T15:27:59","version" => "1.633_92"},{"date" => "2015-08-02T16:52:48","version" => "1.633_93"},{"date" => "2015-08-03T14:52:56","version" => "1.634"},{"date" => "2016-04-23T15:28:02","version" => "1.634"},{"date" => "2016-04-24T11:57:03","version" => "1.635"},{"date" => "2016-04-24T22:20:56","version" => "1.636"},{"date" => "2017-08-14T10:10:55","version" => "1.637"},{"date" => "2017-08-16T09:02:40","version" => "1.637"},{"date" => "2017-12-28T14:40:44","version" => "1.639"},{"date" => "2018-01-28T20:50:53","version" => "1.640"},{"date" => "2018-03-19T18:06:08","version" => "1.641"},{"date" => "2018-10-28T15:08:54","version" => "1.641_90"},{"date" => "2018-10-29T10:43:41","version" => "1.642"},{"date" => "2020-01-26T20:48:52","version" => "1.642_90"},{"date" => "2020-01-31T19:02:41","version" => "1.643"},{"date" => "2024-08-20T11:29:56","version" => "1.643_01"},{"date" => "2024-08-22T07:09:52","version" => "1.643_02"},{"date" => "2024-08-23T17:54:09","version" => "1.644"},{"date" => "2024-09-03T09:25:33","version" => "1.645"},{"date" => "2025-01-11T12:59:58","version" => "1.646"},{"date" => "2025-01-20T08:14:47","version" => "1.647"}]},"DBIx-Class-EncodedColumn" => {"advisories" => [{"affected_versions" => ["<0.11"],"cves" => ["CVE-2025-27551"],"description" => "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.  This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm.  This issue affects DBIx::Class::EncodedColumn until 0.00032.","distribution" => "DBIx-Class-EncodedColumn","fixed_versions" => [">=0.11"],"id" => "CPANSA-DBIx-Class-EncodedColumn-2025-27551","references" => ["https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-03-26","severity" => undef},{"affected_versions" => ["<0.11"],"cves" => ["CVE-2025-27552"],"description" => "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.  This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.  This issue affects DBIx::Class::EncodedColumn until 0.00032.","distribution" => "DBIx-Class-EncodedColumn","fixed_versions" => [">=0.11"],"id" => "CPANSA-DBIx-Class-EncodedColumn-2025-27552","references" => ["https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-03-26","severity" => undef}],"main_module" => "DBIx::Class::EncodedColumn","versions" => [{"date" => "2008-01-29T23:47:22","version" => "0.00001_01"},{"date" => "2008-01-31T23:21:56","version" => "0.00001_02"},{"date" => "2008-02-01T00:17:42","version" => "0.00001_03"},{"date" => "2008-02-01T18:52:21","version" => "0.00001"},{"date" => "2008-07-28T22:45:39","version" => "0.00002"},{"date" => "2009-09-01T15:45:04","version" => "0.00003"},{"date" => "2009-09-03T18:11:37","version" => "0.00004"},{"date" => "2009-10-11T15:06:19","version" => "0.00005"},{"date" => "2010-01-16T00:39:59","version" => "0.00006"},{"date" => "2010-04-30T00:12:56","version" => "0.00007"},{"date" => "2010-04-30T17:51:03","version" => "0.00008"},{"date" => "2010-05-17T20:20:11","version" => "0.00009_1"},{"date" => "2010-05-18T14:56:30","version" => "0.00009"},{"date" => "2010-08-27T18:36:04","version" => "0.00010"},{"date" => "2011-04-11T20:21:16","version" => "0.00011"},{"date" => "2013-04-29T14:32:51","version" => "0.00012"},{"date" => "2014-02-27T13:50:24","version" => "0.00013"},{"date" => "2016-05-31T13:31:04","version" => "0.00014"},{"date" => "2016-06-01T14:04:39","version" => "0.00015"},{"date" => "2019-06-12T12:59:07","version" => "0.00016"},{"date" => "2019-09-03T21:54:20","version" => "0.00017"},{"date" => "2019-09-16T18:10:46","version" => "0.00018"},{"date" => "2019-09-19T18:13:13","version" => "0.00019"},{"date" => "2019-09-25T12:34:33","version" => "0.00020"},{"date" => "2025-03-25T14:30:45","version" => "0.00030"},{"date" => "2025-03-25T17:55:22","version" => "0.00031"},{"date" => "2025-03-25T18:05:54","version" => "0.00032"},{"date" => "2025-03-26T11:34:06","version" => "0.1.0"},{"date" => "2025-03-26T11:40:46","version" => "0.11"}]},"DBIx-Custom" => {"advisories" => [{"affected_versions" => ["<0.1641"],"cves" => [],"description" => "SQL injection when passing special column names.\n","distribution" => "DBIx-Custom","fixed_versions" => [">=0.1641"],"id" => "CPANSA-DBIx-Custom-2011-01","references" => ["https://metacpan.org/changes/distribution/DBIx-Custom","https://github.com/yuki-kimoto/DBIx-Custom/commit/5b00b9f9a966e7abecabd91710c8fa893784d919"],"reported" => "2011-01-27","severity" => "high"}],"main_module" => "DBIx::Custom","versions" => [{"date" => "2009-11-08T04:18:19","version" => "0.0101"},{"date" => "2009-11-09T10:46:44","version" => "0.0201"},{"date" => "2009-11-12T14:12:47","version" => "0.0301"},{"date" => "2009-11-15T11:43:40","version" => "0.0401"},{"date" => "2009-11-16T11:10:52","version" => "0.0501"},{"date" => "2009-11-17T12:37:33","version" => "0.0502"},{"date" => "2009-11-19T12:05:50","version" => "0.0601"},{"date" => "2009-11-19T13:37:39","version" => "0.0602"},{"date" => "2009-11-20T12:08:31","version" => "0.0603"},{"date" => "2009-11-23T13:39:53","version" => "0.0604"},{"date" => "2009-11-23T14:45:46","version" => "0.0605"},{"date" => "2009-11-25T13:57:52","version" => "0.0701"},{"date" => "2009-12-01T07:30:25","version" => "0.0702"},{"date" => "2009-12-02T13:59:36","version" => "0.0801"},{"date" => "2009-12-09T14:27:53","version" => "0.0901"},{"date" => "2009-12-22T13:40:07","version" => "0.0902"},{"date" => "2010-01-18T12:42:57","version" => "0.0903"},{"date" => "2010-01-21T14:29:12","version" => "0.0904"},{"date" => "2010-01-22T12:51:23","version" => "0.0905"},{"date" => "2010-01-24T09:49:30","version" => "0.0906"},{"date" => "2010-01-30T00:15:17","version" => "0.1001"},{"date" => "2010-01-30T03:51:04","version" => "0.1101"},{"date" => "2010-05-01T13:02:19","version" => "0.1301"},{"date" => "2010-05-01T23:29:22","version" => "0.1401"},{"date" => "2010-05-02T06:04:57","version" => "0.1402"},{"date" => "2010-05-26T15:13:04","version" => "0.1501"},{"date" => "2010-05-27T14:00:04","version" => "0.1502"},{"date" => "2010-05-28T13:28:16","version" => "0.1503"},{"date" => "2010-06-25T12:11:33","version" => "0.1602"},{"date" => "2010-07-14T13:55:33","version" => "0.1603"},{"date" => "2010-08-03T14:43:14","version" => "0.1604"},{"date" => "2010-08-05T15:17:49","version" => "0.1605"},{"date" => "2010-08-05T15:24:36","version" => "0.1606"},{"date" => "2010-08-06T14:57:35","version" => "0.1607"},{"date" => "2010-08-07T05:49:19","version" => "0.1608"},{"date" => "2010-08-08T04:45:12","version" => "0.1609"},{"date" => "2010-08-08T12:44:43","version" => "0.1610"},{"date" => "2010-08-09T12:08:31","version" => "0.1611"},{"date" => "2010-08-10T11:19:41","version" => "0.1612"},{"date" => "2010-08-10T12:35:17","version" => "0.1613"},{"date" => "2010-08-12T15:01:01","version" => "0.1614"},{"date" => "2010-08-15T04:00:44","version" => "0.1615"},{"date" => "2010-08-24T10:18:06","version" => "0.1616"},{"date" => "2010-09-07T12:12:04","version" => "0.1617"},{"date" => "2010-10-17T05:44:56","version" => "0.1618"},{"date" => "2010-10-20T15:01:35","version" => "0.1619"},{"date" => "2010-10-21T14:38:05","version" => "0.1620"},{"date" => "2010-11-10T06:54:46","version" => "0.1621"},{"date" => "2010-12-20T14:58:38","version" => "0.1622"},{"date" => "2010-12-21T16:10:25","version" => "0.1623"},{"date" => "2010-12-22T08:41:09","version" => "0.1624"},{"date" => "2011-01-01T16:08:48","version" => "0.1625"},{"date" => "2011-01-02T04:21:11","version" => "0.1626"},{"date" => "2011-01-04T15:18:21","version" => "0.1627"},{"date" => "2011-01-12T07:29:29","version" => "0.1628"},{"date" => "2011-01-12T15:35:11","version" => "0.1629"},{"date" => "2011-01-13T15:41:25","version" => "0.1630"},{"date" => "2011-01-17T15:53:44","version" => "0.1631"},{"date" => "2011-01-18T14:43:16","version" => "0.1632"},{"date" => "2011-01-18T15:22:37","version" => "0.1633"},{"date" => "2011-01-19T14:52:48","version" => "0.1634"},{"date" => "2011-01-21T14:04:02","version" => "0.1635"},{"date" => "2011-01-22T13:02:55","version" => "0.1636"},{"date" => "2011-01-24T12:58:40","version" => "0.1637"},{"date" => "2011-01-25T12:32:26","version" => "0.1638"},{"date" => "2011-01-26T09:23:22","version" => "0.1639"},{"date" => "2011-01-26T13:59:10","version" => "0.1640"},{"date" => "2011-01-27T05:19:14","version" => "0.1641"},{"date" => "2011-01-28T12:18:42","version" => "0.1642"},{"date" => "2011-02-09T08:54:11","version" => "0.1643"},{"date" => "2011-02-11T14:07:25","version" => "0.1644"},{"date" => "2011-02-14T15:24:30","version" => "0.1645"},{"date" => "2011-02-18T17:48:52","version" => "0.1646"},{"date" => "2011-02-19T00:30:41","version" => "0.1647"},{"date" => "2011-02-21T16:13:29","version" => "0.1648"},{"date" => "2011-02-22T14:53:08","version" => "0.1649"},{"date" => "2011-02-24T05:45:44","version" => "0.1650"},{"date" => "2011-02-24T14:35:20","version" => "0.1651"},{"date" => "2011-02-25T14:39:56","version" => "0.1652"},{"date" => "2011-02-28T13:18:03","version" => "0.1653"},{"date" => "2011-03-06T14:32:11","version" => "0.1654"},{"date" => "2011-03-08T14:59:08","version" => "0.1655"},{"date" => "2011-03-09T13:44:35","version" => "0.1656"},{"date" => "2011-03-10T15:44:50","version" => "0.1657"},{"date" => "2011-03-11T16:23:11","version" => "0.1658"},{"date" => "2011-03-12T08:20:07","version" => "0.1659"},{"date" => "2011-03-14T11:16:27","version" => "0.1660"},{"date" => "2011-03-15T16:32:52","version" => "0.1661"},{"date" => "2011-03-19T14:40:50","version" => "0.1662"},{"date" => "2011-03-21T03:53:25","version" => "0.1663"},{"date" => "2011-03-24T14:45:52","version" => "0.1664"},{"date" => "2011-03-25T14:25:43","version" => "0.1665"},{"date" => "2011-03-29T17:26:27","version" => "0.1666"},{"date" => "2011-03-30T08:03:39","version" => "0.1667"},{"date" => "2011-03-30T15:04:03","version" => "0.1668"},{"date" => "2011-03-30T15:25:45","version" => "0.1669"},{"date" => "2011-04-01T15:29:33","version" => "0.1670"},{"date" => "2011-04-02T16:31:44","version" => "0.1671"},{"date" => "2011-04-04T13:37:34","version" => "0.1672"},{"date" => "2011-04-05T11:45:54","version" => "0.1673"},{"date" => "2011-04-05T11:59:11","version" => "0.1674"},{"date" => "2011-04-11T13:47:34","version" => "0.1675"},{"date" => "2011-04-11T14:55:38","version" => "0.1676"},{"date" => "2011-04-12T15:17:24","version" => "0.1677"},{"date" => "2011-04-18T13:36:31","version" => "0.1678"},{"date" => "2011-04-19T11:07:27","version" => "0.1679"},{"date" => "2011-04-25T14:05:23","version" => "0.1680"},{"date" => "2011-04-26T14:07:02","version" => "0.1681"},{"date" => "2011-05-23T14:40:41","version" => "0.1682"},{"date" => "2011-06-06T11:52:44","version" => "0.1683"},{"date" => "2011-06-07T13:07:20","version" => "0.1684"},{"date" => "2011-06-08T10:32:35","version" => "0.1685"},{"date" => "2011-06-08T12:24:07","version" => "0.1686"},{"date" => "2011-06-09T13:59:44","version" => "0.1687"},{"date" => "2011-06-10T13:26:20","version" => "0.1688"},{"date" => "2011-06-12T03:22:26","version" => "0.1689"},{"date" => "2011-06-12T12:01:43","version" => "0.1690"},{"date" => "2011-06-13T13:31:21","version" => "0.1691"},{"date" => "2011-06-14T13:27:31","version" => "0.1692"},{"date" => "2011-06-15T08:51:43","version" => "0.1693"},{"date" => "2011-06-17T14:38:23","version" => "0.1694"},{"date" => "2011-06-20T13:08:47","version" => "0.1695"},{"date" => "2011-06-21T13:12:38","version" => "0.1696"},{"date" => "2011-06-24T13:42:00","version" => "0.1697"},{"date" => "2011-06-27T13:23:13","version" => "0.1698"},{"date" => "2011-06-28T14:39:21","version" => "0.1699"},{"date" => "2011-07-01T11:04:37","version" => "0.1700"},{"date" => "2011-07-11T13:19:20","version" => "0.1701"},{"date" => "2011-07-26T14:09:43","version" => "0.1702"},{"date" => "2011-07-28T04:59:20","version" => "0.1703"},{"date" => "2011-07-29T13:45:24","version" => "0.1704"},{"date" => "2011-07-29T14:35:38","version" => "0.1705"},{"date" => "2011-07-30T04:25:21","version" => "0.1706"},{"date" => "2011-07-30T05:16:05","version" => "0.1707"},{"date" => "2011-07-30T14:32:34","version" => "0.1708"},{"date" => "2011-08-01T12:48:52","version" => "0.1709"},{"date" => "2011-08-02T13:30:15","version" => "0.1710"},{"date" => "2011-08-09T14:11:24","version" => "0.1711"},{"date" => "2011-08-10T16:16:52","version" => "0.1712"},{"date" => "2011-08-12T13:45:58","version" => "0.1713"},{"date" => "2011-08-13T13:38:02","version" => "0.1714"},{"date" => "2011-08-14T03:47:28","version" => "0.1715"},{"date" => "2011-08-15T14:00:28","version" => "0.1716"},{"date" => "2011-08-16T04:03:16","version" => "0.1717"},{"date" => "2011-08-20T09:40:46","version" => "0.1718"},{"date" => "2011-08-22T13:43:21","version" => "0.1720"},{"date" => "2011-08-26T14:11:53","version" => "0.1721"},{"date" => "2011-09-02T15:12:10","version" => "0.1722"},{"date" => "2011-09-12T12:24:14","version" => "0.1723"},{"date" => "2011-09-16T15:15:54","version" => "0.1724"},{"date" => "2011-09-27T11:48:33","version" => "0.1725"},{"date" => "2011-09-30T11:21:45","version" => "0.1726"},{"date" => "2011-10-03T10:43:32","version" => "0.1727"},{"date" => "2011-10-05T04:10:35","version" => "0.1728"},{"date" => "2011-10-05T08:12:55","version" => "0.1729"},{"date" => "2011-10-10T11:35:23","version" => "0.1730"},{"date" => "2011-10-11T14:30:46","version" => "0.1731"},{"date" => "2011-10-20T11:56:08","version" => "0.1732"},{"date" => "2011-10-21T22:47:50","version" => "0.1733"},{"date" => "2011-10-22T22:02:37","version" => "0.1734"},{"date" => "2011-10-23T00:11:48","version" => "0.1735"},{"date" => "2011-10-23T13:08:15","version" => "0.1736"},{"date" => "2011-10-24T14:07:44","version" => "0.1737"},{"date" => "2011-10-25T14:31:15","version" => "0.1738"},{"date" => "2011-10-26T01:14:58","version" => "0.1739"},{"date" => "2011-10-27T12:59:00","version" => "0.1740"},{"date" => "2011-10-28T11:49:57","version" => "0.1741"},{"date" => "2011-10-31T15:37:07","version" => "0.1742"},{"date" => "2011-11-01T12:02:38","version" => "0.1743"},{"date" => "2011-11-03T13:38:04","version" => "0.1744"},{"date" => "2011-11-04T14:16:11","version" => "0.1745"},{"date" => "2011-11-07T12:19:53","version" => "0.1746"},{"date" => "2011-11-11T11:59:27","version" => "0.1747"},{"date" => "2011-11-16T00:36:45","version" => "0.20_01"},{"date" => "2011-11-16T08:50:11","version" => "0.2100"},{"date" => "2011-11-21T11:05:36","version" => "0.2101"},{"date" => "2011-11-25T14:34:26","version" => "0.2102"},{"date" => "2011-11-28T10:38:56","version" => "0.2103"},{"date" => "2011-11-29T13:48:49","version" => "0.2104"},{"date" => "2012-01-14T13:39:10","version" => "0.2105"},{"date" => "2012-01-20T15:16:34","version" => "0.2106"},{"date" => "2012-01-25T08:56:44","version" => "0.2107"},{"date" => "2012-01-29T14:30:53","version" => "0.2108"},{"date" => "2012-02-07T13:31:49","version" => "0.2109"},{"date" => "2012-02-10T14:51:17","version" => "0.2110"},{"date" => "2012-02-11T14:45:41","version" => "0.2111"},{"date" => "2012-02-28T14:33:03","version" => "0.22"},{"date" => "2012-03-01T00:07:11","version" => "0.23"},{"date" => "2012-03-02T14:57:03","version" => "0.24"},{"date" => "2012-03-19T11:58:43","version" => "0.25"},{"date" => "2012-07-11T08:20:53","version" => "0.26"},{"date" => "2012-09-17T13:15:26","version" => "0.27"},{"date" => "2013-03-04T11:25:17","version" => "0.28"},{"date" => "2014-02-03T09:21:29","version" => "0.29"},{"date" => "2014-02-04T00:17:32","version" => "0.30"},{"date" => "2015-01-13T01:36:24","version" => "0.31"},{"date" => "2015-01-13T05:24:10","version" => "0.32"},{"date" => "2015-01-13T07:52:20","version" => "0.33"},{"date" => "2015-01-15T02:04:26","version" => "0.34"},{"date" => "2015-05-23T05:44:25","version" => "0.35"},{"date" => "2015-05-25T02:52:16","version" => "0.36"},{"date" => "2016-05-21T07:00:46","version" => "0.37"},{"date" => "2017-03-16T07:48:58","version" => "0.38"},{"date" => "2017-03-29T02:29:03","version" => "0.39"},{"date" => "2017-03-30T01:41:11","version" => "0.40"},{"date" => "2017-11-06T15:17:26","version" => "0.41"},{"date" => "2019-10-15T04:14:26","version" => "0.41_99"},{"date" => "2019-10-19T08:52:17","version" => "0.42"},{"date" => "2020-04-01T05:39:43","version" => "0.43"},{"date" => "2020-08-03T00:46:29","version" => "0.44"},{"date" => "2021-12-16T00:31:02","version" => "0.45"}]},"Dancer" => {"advisories" => [{"affected_versions" => ["<1.3114"],"cves" => ["CVE-2012-5572"],"description" => "CRLF injection vulnerability in the cookie method allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name.\n","distribution" => "Dancer","fixed_versions" => [">=1.3114"],"id" => "CPANSA-Dancer-2014-01","references" => ["https://metacpan.org/changes/distribution/Dancer","https://github.com/PerlDancer/Dancer/commit/46ef9124f3149f697455061499ac7cee40930349"],"reported" => "2014-05-30"},{"affected_versions" => ["<1.3051"],"cves" => ["CVE-2011-1589"],"description" => "Directory traversal vulnerability (Mojolicious report, but Dancer was vulnerable as well).\n","distribution" => "Dancer","fixed_versions" => [">=1.3051"],"id" => "CPANSA-Dancer-2011-01","references" => ["https://metacpan.org/changes/distribution/Dancer","https://github.com/PerlDancer/Dancer/commit/91d0bf6a36705b0971b18f7d38fa2f3df8c7b994"],"reported" => "2011-04-05"}],"main_module" => "Dancer","versions" => [{"date" => "2009-07-27T13:18:07","version" => "20090727.1315"},{"date" => "2009-07-27T14:14:13","version" => "0_0.99"},{"date" => "2009-08-01T13:48:20","version" => "0.9901"},{"date" => "2009-08-04T10:01:54","version" => "0.9902"},{"date" => "2009-08-07T12:29:03","version" => "0.9003"},{"date" => "2009-09-19T15:30:19","version" => "0.9904"},{"date" => "2009-09-23T21:33:51","version" => "0.9905"},{"date" => "2009-11-20T11:14:20","version" => "1.000"},{"date" => "2010-01-06T13:53:28","version" => "1.100"},{"date" => "2010-01-11T09:46:45","version" => "1.110"},{"date" => "2010-01-15T16:03:35","version" => "1.120"},{"date" => "2010-01-15T17:53:08","version" => "1.121"},{"date" => "2010-01-20T07:48:38","version" => "1.122"},{"date" => "2010-01-29T17:29:24","version" => "1.130"},{"date" => "2010-02-09T07:55:18","version" => "1.140"},{"date" => "2010-02-17T15:09:48","version" => "1.150"},{"date" => "2010-03-07T17:50:01","version" => "1.160"},{"date" => "2010-03-24T11:19:00","version" => "1.170"},{"date" => "2010-03-24T13:44:04","version" => "1.171"},{"date" => "2010-03-28T15:09:59","version" => "1.172"},{"date" => "2010-04-01T14:13:30","version" => "1.173"},{"date" => "2010-04-04T11:03:53","version" => "1.173_01"},{"date" => "2010-04-08T13:49:39","version" => "1.174"},{"date" => "2010-04-11T10:49:39","version" => "1.175"},{"date" => "2010-04-19T08:43:22","version" => "1.175_01"},{"date" => "2010-04-22T20:29:56","version" => "1.176"},{"date" => "2010-05-05T12:21:26","version" => "1.178_01"},{"date" => "2010-05-16T10:28:47","version" => "1.1800"},{"date" => "2010-05-19T14:17:57","version" => "1.1801"},{"date" => "2010-05-19T17:32:52","version" => "1.1802"},{"date" => "2010-05-23T20:45:17","version" => "1.1803"},{"date" => "2010-06-18T11:59:20","version" => "1.1804"},{"date" => "2010-06-22T06:41:58","version" => "1.1805"},{"date" => "2010-07-07T06:15:55","version" => "1.1806_01"},{"date" => "2010-08-14T16:37:45","version" => "1.1806_02"},{"date" => "2010-08-23T17:47:12","version" => "1.1807"},{"date" => "2010-08-24T06:23:38","version" => "1.1808"},{"date" => "2010-08-25T05:41:15","version" => "1.1809"},{"date" => "2010-09-01T06:19:20","version" => "1.1810"},{"date" => "2010-09-03T09:23:14","version" => "1.1811"},{"date" => "2010-09-21T12:19:35","version" => "1.1812"},{"date" => "2010-09-24T14:25:44","version" => "1.1901"},{"date" => "2010-10-14T09:25:03","version" => "1.1999_01"},{"date" => "2010-10-28T15:41:17","version" => "1.1999_02"},{"date" => "2010-11-02T14:14:32","version" => "1.1902"},{"date" => "2010-11-02T14:25:04","version" => "1.1902"},{"date" => "2010-11-03T17:07:29","version" => "1.1903"},{"date" => "2010-11-04T11:16:17","version" => "1.1904"},{"date" => "2010-11-11T07:43:21","version" => "1.1999_03"},{"date" => "2010-11-14T08:08:56","version" => "1.1999_04"},{"date" => "2010-11-18T15:54:33","version" => "1.200"},{"date" => "2010-11-18T16:52:47","version" => "1.2000"},{"date" => "2010-11-29T22:05:38","version" => "1.2000_01"},{"date" => "2010-11-30T10:00:23","version" => "1.2000_02"},{"date" => "2010-11-30T19:59:09","version" => "1.2001"},{"date" => "2010-12-02T12:18:12","version" => "1.2001_01"},{"date" => "2010-12-03T20:28:56","version" => "1.2002"},{"date" => "2010-12-07T18:05:50","version" => "1.2002_01"},{"date" => "2010-12-08T21:38:17","version" => "1.2002_02"},{"date" => "2010-12-10T18:28:16","version" => "1.2003"},{"date" => "2010-12-22T17:57:55","version" => "1.3000_01"},{"date" => "2011-01-03T15:17:14","version" => "1.3000_02"},{"date" => "2011-01-27T10:00:22","version" => "1.2004"},{"date" => "2011-01-27T10:09:31","version" => "1.3001"},{"date" => "2011-02-02T15:42:28","version" => "1.3002"},{"date" => "2011-02-05T17:07:15","version" => "1.2005"},{"date" => "2011-02-06T13:12:28","version" => "1.3003"},{"date" => "2011-02-10T20:48:48","version" => "1.3010"},{"date" => "2011-02-12T12:50:18","version" => "1.3010_01"},{"date" => "2011-02-14T15:58:10","version" => "1.3011"},{"date" => "2011-03-01T19:00:52","version" => "1.3012"},{"date" => "2011-03-03T08:41:00","version" => "1.3013"},{"date" => "2011-03-04T12:56:36","version" => "1.3014"},{"date" => "2011-03-10T14:16:24","version" => "1.3014_01"},{"date" => "2011-03-13T13:17:43","version" => "1.3019_01"},{"date" => "2011-03-14T07:44:57","version" => "1.3019_02"},{"date" => "2011-03-21T13:44:17","version" => "1.3020"},{"date" => "2011-04-01T15:22:58","version" => "1.3029_01"},{"date" => "2011-04-08T20:07:26","version" => "1.3029_02"},{"date" => "2011-04-10T08:18:44","version" => "1.3029_03"},{"date" => "2011-04-13T08:26:50","version" => "1.3030"},{"date" => "2011-04-27T14:58:57","version" => "1.3039_01"},{"date" => "2011-05-01T14:55:49","version" => "1.3040"},{"date" => "2011-05-14T15:03:00","version" => "1.3049_01"},{"date" => "2011-05-20T10:57:10","version" => "1.3050"},{"date" => "2011-05-27T12:57:27","version" => "1.3051"},{"date" => "2011-05-27T13:07:51","version" => "1.3059_01"},{"date" => "2011-05-29T14:06:24","version" => "1.3059_02"},{"date" => "2011-06-11T14:02:50","version" => "1.3059_03"},{"date" => "2011-06-12T17:31:55","version" => "1.3059_04"},{"date" => "2011-06-15T10:35:07","version" => "1.3060"},{"date" => "2011-07-07T13:19:45","version" => "1.3069_01"},{"date" => "2011-07-10T16:14:53","version" => "1.3069_02"},{"date" => "2011-07-14T13:47:19","version" => "1.3070"},{"date" => "2011-07-26T16:21:51","version" => "1.3071"},{"date" => "2011-08-17T15:27:53","version" => "1.3079_01"},{"date" => "2011-08-23T09:55:46","version" => "1.3072"},{"date" => "2011-08-28T14:13:40","version" => "1.3079_02"},{"date" => "2011-09-10T15:10:29","version" => "1.3079_03"},{"date" => "2011-10-02T16:07:02","version" => "1.3079_04"},{"date" => "2011-10-18T14:43:22","version" => "1.3079_05"},{"date" => "2011-10-25T21:16:42","version" => "1.3080"},{"date" => "2011-11-27T06:51:43","version" => "1.3089_01"},{"date" => "2011-12-13T14:41:24","version" => "1.3090"},{"date" => "2011-12-17T11:09:48","version" => "1.3091"},{"date" => "2012-01-27T14:38:05","version" => "1.3092"},{"date" => "2012-02-29T14:34:55","version" => "1.3093"},{"date" => "2012-03-31T09:57:40","version" => "1.3094"},{"date" => "2012-04-01T19:22:56","version" => "1.3095"},{"date" => "2012-06-22T20:18:54","version" => "1.3095_01"},{"date" => "2012-07-03T07:27:28","version" => "1.3095_02"},{"date" => "2012-07-05T23:09:20","version" => "1.3096"},{"date" => "2012-07-08T18:36:14","version" => "1.3097"},{"date" => "2012-07-28T14:40:15","version" => "1.3098"},{"date" => "2012-08-11T13:54:49","version" => "1.3099"},{"date" => "2012-08-25T19:42:47","version" => "1.3100"},{"date" => "2012-10-06T13:24:53","version" => "1.3110"},{"date" => "2012-12-24T13:17:58","version" => "1.9999_01"},{"date" => "2012-12-24T13:48:35","version" => "1.9999_02"},{"date" => "2013-01-22T21:38:11","version" => "2.0000_01"},{"date" => "2013-02-22T15:33:14","version" => "2.000001"},{"date" => "2013-02-24T22:51:59","version" => "1.3111"},{"date" => "2013-03-30T16:33:05","version" => "1.3111_01"},{"date" => "2013-04-01T22:31:08","version" => "1.3111_02"},{"date" => "2013-04-11T01:04:37","version" => "1.3112"},{"date" => "2013-05-09T00:36:16","version" => "1.3113"},{"date" => "2013-06-02T16:49:58","version" => "1.3114"},{"date" => "2013-06-09T23:54:16","version" => "1.3115"},{"date" => "2013-07-04T01:35:27","version" => "1.3116"},{"date" => "2013-07-31T22:40:52","version" => "1.3117"},{"date" => "2013-09-01T16:45:13","version" => "1.3118"},{"date" => "2013-10-26T19:42:59","version" => "1.3119"},{"date" => "2013-12-24T16:23:20","version" => "1.3120"},{"date" => "2014-02-02T22:26:53","version" => "1.3121"},{"date" => "2014-04-10T23:16:40","version" => "1.3122"},{"date" => "2014-04-12T15:47:53","version" => "1.3123"},{"date" => "2014-05-10T16:15:17","version" => "1.3124"},{"date" => "2014-07-12T17:19:08","version" => "1.3125"},{"date" => "2014-07-15T02:01:21","version" => "1.3126"},{"date" => "2014-09-09T00:49:19","version" => "1.3127"},{"date" => "2014-09-09T11:47:21","version" => "1.3128"},{"date" => "2014-09-10T00:50:37","version" => "1.3129"},{"date" => "2014-09-16T01:21:25","version" => "1.3130"},{"date" => "2014-10-11T18:59:22","version" => "1.3131_0"},{"date" => "2014-10-13T23:25:36","version" => "1.3131_1"},{"date" => "2014-10-20T23:14:23","version" => "1.3132"},{"date" => "2014-11-26T22:20:35","version" => "1.3133"},{"date" => "2015-02-23T01:33:08","version" => "1.3134"},{"date" => "2015-04-23T01:54:25","version" => "1.3135"},{"date" => "2015-05-24T15:48:19","version" => "1.3136"},{"date" => "2015-06-05T20:05:21","version" => "1.3137"},{"date" => "2015-06-12T20:55:50","version" => "1.3138"},{"date" => "2015-06-25T20:13:45","version" => "1.3139"},{"date" => "2015-07-03T13:56:32","version" => "1.3140"},{"date" => "2015-09-07T15:15:26","version" => "1.3141"},{"date" => "2015-09-15T00:52:23","version" => "1.3142"},{"date" => "2015-10-26T21:15:31","version" => "1.3143"},{"date" => "2015-11-04T12:36:07","version" => "1.3144"},{"date" => "2015-11-06T22:12:42","version" => "1.3200"},{"date" => "2015-11-07T19:27:25","version" => "1.3201"},{"date" => "2015-11-07T21:52:17","version" => "1.3202"},{"date" => "2016-02-15T21:33:45","version" => "1.3300"},{"date" => "2016-02-16T22:42:44","version" => "1.3301"},{"date" => "2018-05-20T19:52:07","version" => "1.3203"},{"date" => "2018-05-23T13:43:34","version" => "1.3204"},{"date" => "2018-06-13T22:02:36","version" => "1.3205"},{"date" => "2018-06-15T22:11:45","version" => "1.3400"},{"date" => "2018-10-01T11:53:31","version" => "1.3401"},{"date" => "2018-10-10T10:44:29","version" => "1.3402"},{"date" => "2018-10-11T22:45:37","version" => "1.3403"},{"date" => "2018-10-12T20:33:54","version" => "1.3500"},{"date" => "2019-03-14T19:27:25","version" => "1.3501"},{"date" => "2019-03-19T14:49:14","version" => "1.3510"},{"date" => "2019-03-29T11:18:31","version" => "1.3511"},{"date" => "2019-03-31T19:16:29","version" => "1.3512"},{"date" => "2020-01-29T21:03:12","version" => "1.3513"},{"date" => "2020-06-29T16:44:22","version" => "1.3514"},{"date" => "2020-10-02T20:51:17","version" => "1.3514_02"},{"date" => "2020-10-06T21:24:49","version" => "1.3514_03"},{"date" => "2022-06-29T22:00:04","version" => "1.3514_04"},{"date" => "2023-01-02T10:57:26","version" => "1.3520"},{"date" => "2023-02-05T23:40:49","version" => "1.3521"},{"date" => "2023-02-08T20:58:09","version" => "1.3521"},{"date" => "2026-01-26T22:30:00","version" => "1.3522"}]},"Dancer2" => {"advisories" => [{"affected_versions" => ["<0.206000"],"cves" => [],"description" => "There is a potential RCE with regards to Storable. We have added session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE.\n","distribution" => "Dancer2","fixed_versions" => [">=0.206000"],"id" => "CPANSA-Dancer2-2018-01","references" => ["https://metacpan.org/changes/distribution/Dancer2","http://lists.preshweb.co.uk/pipermail/dancer-users/2018-April/005952.html","https://github.com/PerlDancer/Dancer2/commit/3580f5d0874a9abf5483528f73bda9a7fd9ec7f1"],"reported" => "2018-01-30","severity" => "critical"}],"main_module" => "Dancer2","versions" => [{"date" => "2013-02-22T15:39:46","version" => "0.01"},{"date" => "2013-02-24T11:04:25","version" => "0.02"},{"date" => "2013-03-07T17:30:37","version" => "0.03"},{"date" => "2013-04-22T19:58:02","version" => "0.04"},{"date" => "2013-07-20T16:53:37","version" => "0.05"},{"date" => "2013-07-30T14:29:42","version" => "0.06"},{"date" => "2013-08-03T22:17:54","version" => "0.07"},{"date" => "2013-08-18T12:24:31","version" => "0.08"},{"date" => "2013-09-01T21:19:26","version" => "0.09"},{"date" => "2013-09-28T13:29:35","version" => "0.10"},{"date" => "2013-12-15T13:21:28","version" => "0.11"},{"date" => "2014-04-07T21:05:16","version" => "0.12"},{"date" => "2014-04-13T17:20:22","version" => "0.13"},{"date" => "2014-04-28T21:16:57","version" => "0.140000"},{"date" => "2014-05-01T08:50:43","version" => "0.140001"},{"date" => "2014-06-07T20:35:57","version" => "0.140900_01"},{"date" => "2014-06-08T20:29:28","version" => "0.141000"},{"date" => "2014-06-24T19:18:07","version" => "0.142000"},{"date" => "2014-07-05T19:43:17","version" => "0.143000"},{"date" => "2014-07-23T19:34:51","version" => "0.149000_01"},{"date" => "2014-08-10T11:53:37","version" => "0.149000_02"},{"date" => "2014-08-16T23:38:39","version" => "0.150000"},{"date" => "2014-10-08T19:51:49","version" => "0.151000"},{"date" => "2014-10-14T02:33:06","version" => "0.152000"},{"date" => "2014-10-23T21:48:36","version" => "0.153000"},{"date" => "2014-10-29T21:41:13","version" => "0.153001"},{"date" => "2014-10-30T08:29:15","version" => "0.153002"},{"date" => "2014-11-17T14:41:14","version" => "0.154000"},{"date" => "2014-11-28T00:21:55","version" => "0.155000"},{"date" => "2014-11-28T16:44:27","version" => "0.155001"},{"date" => "2014-12-02T22:02:03","version" => "0.155002"},{"date" => "2014-12-03T21:35:35","version" => "0.155003"},{"date" => "2014-12-04T10:57:08","version" => "0.155004"},{"date" => "2014-12-07T17:07:21","version" => "0.156000"},{"date" => "2014-12-08T22:08:30","version" => "0.156001"},{"date" => "2014-12-14T17:25:53","version" => "0.157000"},{"date" => "2014-12-21T19:42:24","version" => "0.157001"},{"date" => "2015-01-01T17:11:48","version" => "0.158000"},{"date" => "2015-02-24T03:54:24","version" => "0.159000"},{"date" => "2015-02-25T14:33:59","version" => "0.159001"},{"date" => "2015-03-03T18:25:28","version" => "0.159002"},{"date" => "2015-03-23T14:00:19","version" => "0.159003"},{"date" => "2015-04-26T22:15:22","version" => "0.160000"},{"date" => "2015-05-14T18:46:02","version" => "0.160001"},{"date" => "2015-06-04T11:07:02","version" => "0.160002"},{"date" => "2015-06-06T09:11:43","version" => "0.160003"},{"date" => "2015-07-08T13:04:02","version" => "0.161000"},{"date" => "2015-08-28T13:32:02","version" => "0.161000_01"},{"date" => "2015-09-06T11:13:10","version" => "0.162000"},{"date" => "2015-10-13T15:08:16","version" => "0.162000_01"},{"date" => "2015-10-15T11:00:10","version" => "0.163000"},{"date" => "2015-12-16T22:44:32","version" => "0.164000"},{"date" => "2015-12-17T08:23:24","version" => "0.165000"},{"date" => "2016-01-12T18:04:57","version" => "0.166000"},{"date" => "2016-01-22T06:57:11","version" => "0.166001"},{"date" => "2016-04-19T19:52:27","version" => "0.166001_01"},{"date" => "2016-04-29T14:45:41","version" => "0.166001_02"},{"date" => "2016-05-27T11:25:55","version" => "0.166001_03"},{"date" => "2016-05-27T12:57:04","version" => "0.166001_04"},{"date" => "2016-05-31T13:29:37","version" => "0.200000"},{"date" => "2016-06-16T14:00:23","version" => "0.200001"},{"date" => "2016-06-22T14:41:29","version" => "0.200002"},{"date" => "2016-07-05T19:36:46","version" => "0.200003"},{"date" => "2016-07-11T15:21:33","version" => "0.200003"},{"date" => "2016-07-22T04:41:26","version" => "0.200004"},{"date" => "2016-07-22T13:28:45","version" => "0.201000"},{"date" => "2016-08-13T18:53:07","version" => "0.202000"},{"date" => "2016-08-25T03:12:19","version" => "0.203000"},{"date" => "2016-09-04T02:01:29","version" => "0.203001"},{"date" => "2016-10-11T01:59:49","version" => "0.204000"},{"date" => "2016-10-17T13:32:25","version" => "0.204001"},{"date" => "2016-12-21T21:47:24","version" => "0.204002"},{"date" => "2017-01-25T21:23:22","version" => "0.204003"},{"date" => "2017-01-26T17:31:30","version" => "0.204004"},{"date" => "2017-03-10T21:40:43","version" => "0.205000"},{"date" => "2017-07-11T13:04:56","version" => "0.205001"},{"date" => "2017-10-17T21:10:03","version" => "0.205002"},{"date" => "2018-04-09T00:54:25","version" => "0.206000_01"},{"date" => "2018-04-10T01:50:18","version" => "0.206000_02"},{"date" => "2018-04-20T02:12:22","version" => "0.206000"},{"date" => "2018-11-14T22:26:15","version" => "0.207000"},{"date" => "2019-06-19T14:23:06","version" => "0.208000"},{"date" => "2019-08-05T01:12:14","version" => "0.208001"},{"date" => "2019-12-14T21:13:32","version" => "0.208002"},{"date" => "2019-12-24T05:57:09","version" => "0.300000"},{"date" => "2020-04-06T16:18:33","version" => "0.300001"},{"date" => "2020-04-07T15:49:22","version" => "0.300002"},{"date" => "2020-04-09T14:42:55","version" => "0.300003"},{"date" => "2020-05-27T00:54:55","version" => "0.300004"},{"date" => "2021-01-26T20:59:33","version" => "0.300005"},{"date" => "2021-03-15T23:12:49","version" => "0.301000"},{"date" => "2021-03-17T12:56:09","version" => "0.301001"},{"date" => "2021-04-18T19:33:05","version" => "0.301002"},{"date" => "2021-06-03T13:29:26","version" => "0.301003"},{"date" => "2021-06-06T17:32:08","version" => "0.301004"},{"date" => "2022-03-14T02:18:12","version" => "0.400000"},{"date" => "2023-02-05T23:42:54","version" => "0.400001"},{"date" => "2023-10-09T14:11:25","version" => "1.0.0"},{"date" => "2023-12-12T01:29:05","version" => "1.1.0"},{"date" => "2024-07-18T23:49:14","version" => "1.1.1"},{"date" => "2024-11-25T13:36:09","version" => "1.1.2"},{"date" => "2025-09-15T21:50:07","version" => "2.0.0"},{"date" => "2025-10-22T22:14:58","version" => "2.0.1"}]},"Data-Dumper" => {"advisories" => [{"affected_versions" => ["<2.154"],"cves" => ["CVE-2014-4330"],"description" => "Infinite recursion.\n","distribution" => "Data-Dumper","fixed_versions" => [">=2.154"],"id" => "CPANSA-Data-Dumper-2014-01","references" => ["https://metacpan.org/changes/distribution/Data-Dumper"],"reported" => "2014-09-30"}],"main_module" => "Data::Dumper","versions" => [{"date" => "1995-11-19T22:29:08","version" => "1.21"},{"date" => "1995-11-23T05:45:27","version" => "1.22"},{"date" => "1995-12-04T03:12:16","version" => "1.23"},{"date" => "1996-04-09T15:54:26","version" => "2.00"},{"date" => "1996-04-10T04:25:17","version" => "2.01"},{"date" => "1996-04-13T07:14:35","version" => "2.02"},{"date" => "1996-08-26T14:36:59","version" => "2.03"},{"date" => "1996-08-28T20:11:49","version" => "2.04"},{"date" => "1996-12-02T13:42:49","version" => "2.05"},{"date" => "1996-12-02T23:07:56","version" => "2.06"},{"date" => "1996-12-07T17:28:27","version" => "2.07"},{"date" => "1997-12-07T21:27:09","version" => "2.08"},{"date" => "1998-01-15T20:36:46","version" => "2.081"},{"date" => "1998-03-06T21:08:49","version" => "2.081"},{"date" => "1998-07-17T05:23:08","version" => "2.09"},{"date" => "1998-07-21T12:08:19","version" => "2.09"},{"date" => "1998-10-31T12:10:30","version" => "2.10"},{"date" => "1999-05-01T02:01:03","version" => "2.101"},{"date" => "1999-06-02T01:30:55","version" => "2.101"},{"date" => "2003-07-20T16:59:48","version" => "2.12_01"},{"date" => "2003-07-31T19:12:44","version" => "2.12_02"},{"date" => "2003-08-25T11:49:41","version" => "2.121"},{"date" => "2009-06-06T14:45:36","version" => "2.121_20"},{"date" => "2009-06-09T15:49:12","version" => "2.122"},{"date" => "2009-06-11T08:07:01","version" => "2.123"},{"date" => "2009-06-13T15:22:32","version" => "2.124"},{"date" => "2009-08-08T10:33:01","version" => "2.125"},{"date" => "2010-04-15T19:55:01","version" => "2.126"},{"date" => "2010-09-06T14:28:10","version" => "2.126_01"},{"date" => "2010-09-10T07:08:41","version" => "2.127"},{"date" => "2010-09-10T07:11:52","version" => "2.128"},{"date" => "2011-05-20T15:53:12","version" => "2.130_03"},{"date" => "2011-05-27T14:19:03","version" => "2.131"},{"date" => "2011-12-19T08:23:05","version" => "2.135_01"},{"date" => "2011-12-29T17:09:49","version" => "2.135_02"},{"date" => "2012-08-07T06:59:51","version" => "2.135_07"},{"date" => "2012-10-04T07:35:07","version" => "2.136"},{"date" => "2012-12-12T06:30:48","version" => "2.139"},{"date" => "2013-02-26T06:57:29","version" => "2.143"},{"date" => "2013-03-15T09:46:49","version" => "2.145"},{"date" => "2014-03-07T09:28:44","version" => "2.151"},{"date" => "2014-09-18T15:47:37","version" => "2.154"},{"date" => "2016-07-03T19:17:57","version" => "2.160"},{"date" => "2016-07-11T20:13:06","version" => "2.161"},{"date" => "2017-07-31T15:31:28","version" => "2.167_01"},{"date" => "2017-08-04T08:05:22","version" => "2.167_02"},{"date" => "2018-09-19T14:41:58","version" => "2.172"},{"date" => "2018-11-10T10:10:30","version" => "2.173"},{"date" => "2021-05-14T12:47:34","version" => "2.179_50"},{"date" => "2021-05-17T05:53:02","version" => "2.180"},{"date" => "2021-05-22T09:51:29","version" => "2.180_50"},{"date" => "2021-05-23T14:14:12","version" => "2.180_51"},{"date" => "2021-05-24T08:03:55","version" => "2.180_52"},{"date" => "2021-05-25T05:20:34","version" => "2.180_53"},{"date" => "2021-05-26T06:46:41","version" => "2.181"},{"date" => "2021-06-29T10:42:11","version" => "2.181_50"},{"date" => "2021-06-30T09:36:34","version" => "2.182"},{"date" => "2021-07-01T07:05:45","version" => "2.182_50"},{"date" => "2021-07-03T13:07:49","version" => "2.182_51"},{"date" => "2021-07-05T07:07:44","version" => "2.183"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "2.102"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.12"},{"date" => "2004-11-27T00:00:00","dual_lived" => 1,"perl_release" => "5.008006","version" => "2.121_02"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "2.121_04"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "2.121_08"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.121_17"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "2.121_13"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.01","version" => "2.121_14"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "2.129"},{"date" => "2010-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013007","version" => "2.130_01"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "2.130_02"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "2.132"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "2.134"},{"date" => "2012-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015007","version" => "2.135_03"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "2.135_05"},{"date" => "2012-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015009","version" => "2.135_06"},{"date" => "2012-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017006","version" => "2.137"},{"date" => "2013-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017008","version" => "2.141"},{"date" => "2013-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017009","version" => "2.142"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.146"},{"date" => "2013-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.019002","version" => "2.147"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "2.148"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.149"},{"date" => "2013-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019007","version" => "2.150"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "2.151_01"},{"date" => "2014-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021001","version" => "2.152"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "2.155"},{"date" => "2015-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021008","version" => "2.156"},{"date" => "2015-02-21T00:00:00","dual_lived" => 1,"perl_release" => "5.021009","version" => "2.157"},{"date" => "2015-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02101","version" => "2.158"},{"date" => "2015-12-21T00:00:00","dual_lived" => 1,"perl_release" => "5.023006","version" => "2.159"},{"date" => "2016-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025006","version" => "2.162"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "2.165"},{"date" => "2016-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025008","version" => "2.166"},{"date" => "2017-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025009","version" => "2.167"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "2.169"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "2.170"},{"date" => "2018-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029002","version" => "2.171"},{"date" => "2019-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029010","version" => "2.174"},{"date" => "2021-01-23T00:00:00","dual_lived" => 1,"perl_release" => "5.032001","version" => "2.174_01"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "2.175"},{"date" => "2020-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033003","version" => "2.176"},{"date" => "2021-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033008","version" => "2.177"},{"date" => "2021-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033009","version" => "2.178"},{"date" => "2021-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.034","version" => "2.179"},{"date" => "2022-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035008","version" => "2.184"},{"date" => "2022-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037001","version" => "2.185"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "2.186"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "2.187"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.03701","version" => "2.188"},{"date" => "2023-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039003","version" => "2.189"},{"date" => "2024-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.041001","version" => "2.190"},{"date" => "2025-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041008","version" => "2.191"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "2.192"}]},"Data-Entropy" => {"advisories" => [{"affected_versions" => ["<=0.007"],"cves" => ["CVE-2025-1860"],"description" => "Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not\x{a0}cryptographically secure,\x{a0}for cryptographic functions.","distribution" => "Data-Entropy","fixed_versions" => [">0.007"],"id" => "CPANSA-Data-Entropy-2025-1860","references" => ["https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80","https://perldoc.perl.org/functions/rand","https://lists.debian.org/debian-lts-announce/2025/03/msg00026.html"],"reported" => "2025-03-28","severity" => undef}],"main_module" => "Data::Entropy","versions" => [{"date" => "2006-07-19T01:09:30","version" => "0.000"},{"date" => "2006-08-03T20:27:12","version" => "0.001"},{"date" => "2006-08-05T09:15:08","version" => "0.002"},{"date" => "2007-01-21T00:51:31","version" => "0.003"},{"date" => "2007-09-03T21:25:09","version" => "0.004"},{"date" => "2009-03-03T20:31:03","version" => "0.005"},{"date" => "2009-11-21T14:01:52","version" => "0.006"},{"date" => "2011-04-27T20:03:17","version" => "0.007"},{"date" => "2025-03-27T19:11:37","version" => "0.008"}]},"Data-FormValidator" => {"advisories" => [{"affected_versions" => ["<=4.66"],"cves" => ["CVE-2011-2201"],"description" => "The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.\n","distribution" => "Data-FormValidator","fixed_versions" => [">4.66"],"id" => "CPANSA-Data-FormValidator-2011-2201","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511","http://www.openwall.com/lists/oss-security/2011/06/13/13","https://bugzilla.redhat.com/show_bug.cgi?id=712694","http://www.openwall.com/lists/oss-security/2011/06/12/3","http://www.securityfocus.com/bid/48167","https://rt.cpan.org/Public/Bug/Display.html?id=61792","http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html","http://www.openwall.com/lists/oss-security/2011/06/13/5"],"reported" => "2011-09-14","severity" => undef}],"main_module" => "Data::FormValidator","versions" => [{"date" => "2001-06-19T21:43:01","version" => "1.3"},{"date" => "2001-06-22T16:36:08","version" => "1.4"},{"date" => "2001-06-25T17:02:43","version" => "1.4"},{"date" => "2001-06-28T15:13:01","version" => "1.5"},{"date" => "2001-07-18T14:23:17","version" => "v1.5.1"},{"date" => "2001-09-23T22:42:22","version" => "1.6"},{"date" => "2001-11-03T18:16:00","version" => "1.7"},{"date" => "2002-02-14T22:45:46","version" => "1.8"},{"date" => "2002-02-18T02:20:12","version" => "1.9"},{"date" => "2002-04-21T13:42:36","version" => "1.10"},{"date" => "2002-06-29T21:04:14","version" => "1.11"},{"date" => "2002-10-07T02:06:39","version" => "1.91"},{"date" => "2002-12-23T23:36:37","version" => "1.92"},{"date" => "2003-03-08T13:10:33","version" => "1.93"},{"date" => "2003-03-23T03:01:57","version" => "2.00"},{"date" => "2003-04-02T15:18:15","version" => "2.01"},{"date" => "2003-04-09T15:54:50","version" => "2.02"},{"date" => "2003-04-10T16:12:40","version" => "2.03"},{"date" => "2003-04-12T02:58:35","version" => "2.04"},{"date" => "2003-04-20T22:23:44","version" => "2.10"},{"date" => "2003-04-24T02:51:03","version" => "2.10"},{"date" => "2003-05-11T21:29:55","version" => "3.00"},{"date" => "2003-05-16T04:06:05","version" => "3.01"},{"date" => "2003-05-26T23:18:18","version" => "3.1"},{"date" => "2003-05-27T19:41:01","version" => "3.11"},{"date" => "2003-06-23T01:27:03","version" => "3.12"},{"date" => "2003-11-02T21:19:10","version" => "3.13"},{"date" => "2003-11-03T17:59:41","version" => "3.14"},{"date" => "2003-11-30T20:36:41","version" => "3.15"},{"date" => "2004-01-04T01:37:01","version" => "3.49_1"},{"date" => "2004-01-12T22:04:27","version" => "3.50"},{"date" => "2004-02-27T04:19:47","version" => "3.51"},{"date" => "2004-03-21T17:42:11","version" => "3.52"},{"date" => "2004-03-23T02:33:53","version" => "3.53"},{"date" => "2004-03-24T14:55:49","version" => "3.54"},{"date" => "2004-04-17T02:30:02","version" => "3.56"},{"date" => "2004-04-22T02:26:41","version" => "3.57"},{"date" => "2004-05-05T21:55:00","version" => "3.58"},{"date" => "2004-07-02T17:48:51","version" => "3.59"},{"date" => "2004-09-28T02:25:35","version" => "3.61"},{"date" => "2004-10-09T04:00:51","version" => "3.62"},{"date" => "2004-11-17T22:27:13","version" => "3.63"},{"date" => "2005-05-20T01:25:45","version" => "4.00_01"},{"date" => "2005-07-03T19:37:11","version" => "4.00_02"},{"date" => "2005-07-20T02:07:36","version" => "3.70"},{"date" => "2005-07-31T17:36:02","version" => "3.71"},{"date" => "2005-08-14T16:09:26","version" => "4.00"},{"date" => "2005-08-20T18:20:14","version" => "4.01"},{"date" => "2005-09-01T02:31:29","version" => "4.02"},{"date" => "2005-12-23T01:00:49","version" => "4.10"},{"date" => "2006-01-03T23:49:53","version" => "4.11"},{"date" => "2006-01-06T02:14:25","version" => "4.12"},{"date" => "2006-02-10T02:48:33","version" => "4.13"},{"date" => "2006-02-17T18:48:14","version" => "4.14"},{"date" => "2006-06-13T01:12:23","version" => "4.20"},{"date" => "2006-07-01T15:42:37","version" => "4.21_01"},{"date" => "2006-07-11T01:45:51","version" => "4.30"},{"date" => "2006-08-21T23:43:58","version" => "4.40"},{"date" => "2006-10-03T18:16:57","version" => "4.49_1"},{"date" => "2006-12-05T02:41:19","version" => "4.50"},{"date" => "2007-07-14T03:36:00","version" => "4.51"},{"date" => "2007-10-19T19:41:46","version" => "4.52"},{"date" => "2007-10-20T20:02:19","version" => "4.50"},{"date" => "2007-10-21T13:30:20","version" => "4.54"},{"date" => "2007-10-21T15:50:42","version" => "4.55"},{"date" => "2007-10-31T16:49:55","version" => "4.56"},{"date" => "2007-11-02T02:55:19","version" => "4.57"},{"date" => "2008-06-16T18:28:54","version" => "4.60"},{"date" => "2008-06-16T18:46:47","version" => "4.61"},{"date" => "2009-01-03T17:14:18","version" => "4.62"},{"date" => "2009-01-03T17:49:48","version" => "4.63"},{"date" => "2009-12-31T03:22:00","version" => "4.65"},{"date" => "2010-02-24T14:33:48","version" => "4.66"},{"date" => "2011-11-12T02:18:45","version" => "4.67"},{"date" => "2011-11-12T03:11:55","version" => "4.70"},{"date" => "2012-10-02T20:40:09","version" => "4.71"},{"date" => "2012-11-01T15:14:05","version" => "4.80"},{"date" => "2013-07-19T12:31:06","version" => "4.81"},{"date" => "2017-02-23T15:15:37","version" => "4.82"},{"date" => "2017-02-23T16:39:53","version" => "4.83"},{"date" => "2017-02-25T15:12:25","version" => "4.84"},{"date" => "2017-02-25T20:34:08","version" => "4.85"},{"date" => "2017-03-26T19:39:49","version" => "4.86"},{"date" => "2017-08-28T12:41:42","version" => "4.88"}]},"Data-UUID" => {"advisories" => [{"affected_versions" => [">1.219,<1.227"],"cves" => ["CVE-2013-4184"],"description" => "Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks\n","distribution" => "Data-UUID","fixed_versions" => [">=1.227"],"id" => "CPANSA-Data-UUID-2013-4184","references" => ["https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4184","http://www.openwall.com/lists/oss-security/2013/07/31/4","http://www.securityfocus.com/bid/61534","https://exchange.xforce.ibmcloud.com/vulnerabilities/86103","https://security-tracker.debian.org/tracker/CVE-2013-4184","https://access.redhat.com/security/cve/cve-2013-4184","https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4184"],"reported" => "2019-12-10","severity" => "medium"}],"main_module" => "Data::UUID","versions" => [{"date" => "2001-10-30T17:35:43","version" => "0.01"},{"date" => "2001-10-31T17:16:07","version" => "0.02"},{"date" => "2001-11-05T17:56:17","version" => "0.03"},{"date" => "2001-12-12T21:23:28","version" => "0.04"},{"date" => "2002-02-13T19:57:54","version" => "0.05"},{"date" => "2002-03-11T15:42:56","version" => "0.06"},{"date" => "2002-06-12T21:38:06","version" => "0.07"},{"date" => "2002-11-29T17:19:21","version" => "0.08"},{"date" => "2003-02-26T21:56:46","version" => "0.09"},{"date" => "2003-07-17T21:55:38","version" => "0.10"},{"date" => "2003-08-27T20:17:10","version" => "0.11"},{"date" => "2006-02-24T00:44:57","version" => "0.12_01"},{"date" => "2006-02-25T20:45:33","version" => "0.13"},{"date" => "2006-03-18T13:42:09","version" => "0.14"},{"date" => "2006-09-06T02:19:07","version" => "0.141"},{"date" => "2006-09-06T02:46:59","version" => "0.142"},{"date" => "2006-09-18T02:16:47","version" => "0.143"},{"date" => "2006-09-19T22:29:33","version" => "0.145"},{"date" => "2006-11-15T01:22:33","version" => "0.146"},{"date" => "2006-11-16T14:16:50","version" => "0.147_01"},{"date" => "2006-11-16T15:25:08","version" => "0.148"},{"date" => "2007-03-08T16:05:15","version" => "1.148"},{"date" => "2008-11-01T16:36:57","version" => "1.149"},{"date" => "2008-11-02T03:21:27","version" => "1.200_01"},{"date" => "2008-11-11T21:40:52","version" => "1.200_02"},{"date" => "2009-04-18T18:12:28","version" => "1.201"},{"date" => "2009-06-15T22:47:18","version" => "1.202"},{"date" => "2009-11-03T21:49:20","version" => "1.203"},{"date" => "2010-05-07T01:57:28","version" => "1.210"},{"date" => "2010-05-07T12:00:52","version" => "1.211"},{"date" => "2010-05-07T22:59:24","version" => "1.212"},{"date" => "2010-05-09T19:29:59","version" => "1.213"},{"date" => "2010-05-15T01:06:55","version" => "1.214"},{"date" => "2010-05-25T02:47:15","version" => "1.215"},{"date" => "2010-09-04T18:14:56","version" => "1.216"},{"date" => "2010-09-14T01:48:04","version" => "1.217"},{"date" => "2012-08-01T03:25:46","version" => "1.218"},{"date" => "2013-07-07T03:00:13","version" => "1.219"},{"date" => "2014-12-16T00:07:05","version" => "1.220"},{"date" => "2015-08-10T12:37:32","version" => "1.221"},{"date" => "2018-04-29T22:11:17","version" => "1.222"},{"date" => "2019-02-25T22:28:34","version" => "1.223"},{"date" => "2019-03-02T14:20:33","version" => "1.224"},{"date" => "2020-04-12T18:42:29","version" => "1.225"},{"date" => "2020-04-12T18:43:57","version" => "1.226"},{"date" => "2024-03-18T19:39:28","version" => "1.227"}]},"Data-Validate-IP" => {"advisories" => [{"affected_versions" => ["<=0.29"],"cves" => ["CVE-2021-29662"],"description" => "The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Data-Validate-IP","fixed_versions" => [">0.29"],"id" => "CPANSA-Data-Validate-IP-2021-01","references" => ["https://security.netapp.com/advisory/ntap-20210604-0002/","https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/houseabsolute/Data-Validate-IP","https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e","https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md","https://sick.codes/sick-2021-018/"],"reported" => "2021-03-31"}],"main_module" => "Data::Validate::IP","versions" => [{"date" => "2005-03-04T16:46:50","version" => "0.02"},{"date" => "2005-03-04T20:06:14","version" => "0.03"},{"date" => "2005-04-28T15:11:20","version" => "0.04"},{"date" => "2007-03-06T19:45:16","version" => "0.05"},{"date" => "2007-05-16T16:08:59","version" => "0.06"},{"date" => "2007-05-18T02:42:07","version" => "0.07"},{"date" => "2007-12-06T18:48:53","version" => "0.08"},{"date" => "2009-06-04T17:52:28","version" => "0.10"},{"date" => "2010-03-01T19:40:48","version" => "0.11"},{"date" => "2010-12-29T21:23:08","version" => "0.12"},{"date" => "2011-01-06T14:25:53","version" => "0.13"},{"date" => "2011-01-06T14:45:14","version" => "0.14"},{"date" => "2013-02-05T00:19:11","version" => "0.15"},{"date" => "2013-02-06T15:18:38","version" => "0.16"},{"date" => "2013-02-19T15:58:21","version" => "0.17"},{"date" => "2013-02-20T00:31:32","version" => "0.18"},{"date" => "2013-03-13T15:48:07","version" => "0.19"},{"date" => "2013-07-13T19:21:15","version" => "0.20"},{"date" => "2013-12-05T21:16:41","version" => "0.21"},{"date" => "2013-12-05T22:47:38","version" => "0.22"},{"date" => "2014-03-09T16:00:20","version" => "0.23"},{"date" => "2014-08-28T16:00:00","version" => "0.24"},{"date" => "2016-02-02T16:17:46","version" => "0.25"},{"date" => "2016-05-31T17:31:50","version" => "0.26"},{"date" => "2016-11-17T18:05:57","version" => "0.27"},{"date" => "2021-03-29T17:01:17","version" => "0.28"},{"date" => "2021-03-29T17:07:58","version" => "0.29"},{"date" => "2021-03-29T21:50:39","version" => "0.30"},{"date" => "2022-11-28T18:19:55","version" => "0.31"}]},"Devel-PPPort" => {"advisories" => [{"affected_versions" => ["<3.41"],"cves" => [],"description" => "Function croak() takes first parameter printf-like format. Arbitrary string from the variable \$\@ can cause perl crash when contains one or more '%'.\n","distribution" => "Devel-PPPort","fixed_versions" => [">=3.41"],"id" => "CPANSA-Devel-PPPort-2017-01","references" => ["https://metacpan.org/dist/Devel-PPPort/changes","https://github.com/Dual-Life/Devel-PPPort/pull/47"],"reported" => "2017-02-14","severity" => undef}],"main_module" => "Devel::PPPort","versions" => [{"date" => "1999-03-01T05:05:50","version" => "1.0004"},{"date" => "1999-03-08T02:57:01","version" => "1.0005"},{"date" => "1999-03-24T16:17:40","version" => "1.0006"},{"date" => "1999-03-29T16:29:09","version" => "1.0007"},{"date" => "2004-08-07T14:09:53","version" => "2.99_01"},{"date" => "2004-08-08T17:24:46","version" => "2.99_02"},{"date" => "2004-08-09T20:40:45","version" => "2.99_03"},{"date" => "2004-08-10T21:37:23","version" => "2.99_04"},{"date" => "2004-08-10T21:52:34","version" => "2.99_05"},{"date" => "2004-08-11T21:14:33","version" => "2.99_06"},{"date" => "2004-08-13T11:05:16","version" => "2.99_07"},{"date" => "2004-08-16T09:37:21","version" => "3.00"},{"date" => "2004-08-17T21:45:21","version" => "3.00_01"},{"date" => "2004-08-19T11:23:25","version" => "3.00_02"},{"date" => "2004-08-20T13:31:59","version" => "3.00_03"},{"date" => "2004-08-23T05:52:31","version" => "3.01"},{"date" => "2004-09-08T19:25:27","version" => "3.02"},{"date" => "2004-09-08T20:39:17","version" => "3.03"},{"date" => "2004-12-29T14:03:53","version" => "3.04"},{"date" => "2005-01-31T18:29:11","version" => "3.05"},{"date" => "2005-02-02T21:53:39","version" => "3.06"},{"date" => "2005-06-25T16:59:34","version" => "3.06_01"},{"date" => "2005-10-18T19:59:34","version" => "3.06_02"},{"date" => "2005-10-18T21:43:58","version" => "3.06_03"},{"date" => "2005-10-30T11:10:01","version" => "3.06_04"},{"date" => "2006-01-16T18:10:31","version" => "3.07"},{"date" => "2006-01-19T18:40:04","version" => "3.08"},{"date" => "2006-05-20T11:11:00","version" => "3.08_01"},{"date" => "2006-05-22T11:17:01","version" => "3.08_02"},{"date" => "2006-05-25T15:33:51","version" => "3.08_03"},{"date" => "2006-05-29T17:44:18","version" => "3.08_04"},{"date" => "2006-06-23T19:00:30","version" => "3.08_05"},{"date" => "2006-06-25T08:09:51","version" => "3.08_06"},{"date" => "2006-07-03T21:36:39","version" => "3.08_07"},{"date" => "2006-07-08T16:22:49","version" => "3.09"},{"date" => "2006-07-21T17:25:17","version" => "3.09_01"},{"date" => "2006-07-25T18:45:27","version" => "3.09_02"},{"date" => "2006-08-14T19:31:33","version" => "3.10"},{"date" => "2006-12-02T16:26:47","version" => "3.10_01"},{"date" => "2006-12-02T17:23:57","version" => "3.10_02"},{"date" => "2007-02-14T13:10:03","version" => "3.11"},{"date" => "2007-03-23T17:09:16","version" => "3.11_01"},{"date" => "2007-08-12T23:08:25","version" => "3.11_02"},{"date" => "2007-08-14T19:14:20","version" => "3.11_03"},{"date" => "2007-08-20T16:31:23","version" => "3.11_04"},{"date" => "2007-08-20T17:29:16","version" => "3.11_05"},{"date" => "2007-09-11T21:41:31","version" => "3.11_06"},{"date" => "2007-09-22T08:00:55","version" => "3.12"},{"date" => "2007-10-04T10:33:11","version" => "3.13"},{"date" => "2008-01-04T14:09:17","version" => "3.13_01"},{"date" => "2008-04-13T13:11:47","version" => "3.13_02"},{"date" => "2008-05-13T19:07:49","version" => "3.13_03"},{"date" => "2008-06-01T12:08:17","version" => "3.14"},{"date" => "2008-07-11T20:42:44","version" => "3.14_01"},{"date" => "2008-10-12T19:49:45","version" => "3.14_02"},{"date" => "2008-10-21T21:20:59","version" => "3.14_03"},{"date" => "2008-10-30T18:55:01","version" => "3.14_04"},{"date" => "2008-10-31T07:20:25","version" => "3.14_05"},{"date" => "2009-01-18T13:49:22","version" => "3.15"},{"date" => "2009-01-23T17:33:31","version" => "3.16"},{"date" => "2009-03-15T15:45:38","version" => "3.17"},{"date" => "2009-06-12T11:05:52","version" => "3.18"},{"date" => "2009-06-12T11:25:31","version" => "3.18_01"},{"date" => "2009-06-14T09:59:59","version" => "3.19"},{"date" => "2010-02-20T18:48:07","version" => "3.19_01"},{"date" => "2010-03-07T12:51:00","version" => "3.19_02"},{"date" => "2011-04-13T07:49:49","version" => "3.19_03"},{"date" => "2011-09-10T19:32:27","version" => "3.20"},{"date" => "2013-08-17T13:27:59","version" => "3.21"},{"date" => "2014-03-20T02:17:15","version" => "3.22"},{"date" => "2014-04-13T00:04:17","version" => "3.23"},{"date" => "2014-05-09T00:15:50","version" => "3.24"},{"date" => "2014-12-02T13:08:04","version" => "3.25"},{"date" => "2015-01-08T02:42:03","version" => "3.26"},{"date" => "2015-01-13T15:02:40","version" => "3.27"},{"date" => "2015-01-16T12:33:46","version" => "3.28"},{"date" => "2015-03-05T13:22:18","version" => "3.29"},{"date" => "2015-03-05T20:29:10","version" => "3.30"},{"date" => "2015-03-12T14:27:15","version" => "3.31"},{"date" => "2015-09-30T16:31:45","version" => "3.32"},{"date" => "2016-05-06T11:01:12","version" => "3.32_01"},{"date" => "2016-05-24T13:59:25","version" => "3.32_02"},{"date" => "2016-06-03T13:47:32","version" => "3.33"},{"date" => "2016-06-12T23:09:20","version" => "3.34"},{"date" => "2016-06-17T18:22:04","version" => "3.35"},{"date" => "2017-05-14T08:53:44","version" => "3.36"},{"date" => "2018-04-21T12:18:05","version" => "3.41"},{"date" => "2018-04-21T14:45:37","version" => "3.42"},{"date" => "2018-09-19T14:47:44","version" => "3.43"},{"date" => "2018-10-12T17:16:24","version" => "3.43_04"},{"date" => "2019-02-20T23:05:14","version" => "3.44"},{"date" => "2019-03-19T20:55:38","version" => "3.45"},{"date" => "2019-04-26T19:50:59","version" => "3.46"},{"date" => "2019-04-28T05:30:49","version" => "3.47"},{"date" => "2019-04-28T21:43:34","version" => "3.48"},{"date" => "2019-04-28T21:57:51","version" => "3.48"},{"date" => "2019-04-29T17:48:49","version" => "3.49"},{"date" => "2019-04-30T19:05:34","version" => "3.50"},{"date" => "2019-04-30T23:09:43","version" => "3.51"},{"date" => "2019-05-14T17:18:17","version" => "3.52"},{"date" => "2019-06-09T16:13:03","version" => "3.52_04"},{"date" => "2019-06-11T07:57:30","version" => "3.53_04"},{"date" => "2019-09-28T00:25:55","version" => "3.53"},{"date" => "2019-09-28T00:35:17","version" => "3.54"},{"date" => "2019-11-07T21:15:22","version" => "3.55"},{"date" => "2019-11-25T17:04:32","version" => "3.56"},{"date" => "2020-01-31T20:46:51","version" => "3.57"},{"date" => "2020-02-10T22:15:17","version" => "3.57_01"},{"date" => "2020-03-04T21:32:50","version" => "3.57_02"},{"date" => "2020-03-09T20:42:29","version" => "3.58"},{"date" => "2020-08-06T22:31:34","version" => "3.58_01"},{"date" => "2020-08-10T16:51:52","version" => "3.59"},{"date" => "2020-08-11T19:44:32","version" => "3.60"},{"date" => "2020-09-30T23:22:16","version" => "3.60_01"},{"date" => "2020-10-07T14:59:47","version" => "3.60_02"},{"date" => "2020-10-12T23:25:45","version" => "3.61"},{"date" => "2020-10-16T20:01:45","version" => "3.62"},{"date" => "2021-07-07T00:08:28","version" => "3.63"},{"date" => "2022-02-01T18:16:40","version" => "3.64"},{"date" => "2022-03-02T22:12:02","version" => "3.65"},{"date" => "2022-03-02T22:41:01","version" => "3.66"},{"date" => "2022-03-08T19:25:43","version" => "3.67"},{"date" => "2022-03-18T22:08:30","version" => "3.68"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.0002"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "2.007"},{"date" => "2003-11-05T00:00:00","dual_lived" => 1,"perl_release" => "5.008002","version" => "2.009"},{"date" => "2004-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008003","version" => "2.011"},{"date" => "2003-10-27T00:00:00","dual_lived" => 1,"perl_release" => "5.009","version" => "2.008"},{"date" => "2004-03-16T00:00:00","dual_lived" => 1,"perl_release" => "5.009001","version" => "2.011_01"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "3.37"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "3.38"},{"date" => "2018-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027009","version" => "3.39"},{"date" => "2018-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027011","version" => "3.40"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.69"},{"date" => "2023-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037009","version" => "3.70"},{"date" => "2023-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037011","version" => "3.71"},{"date" => "2023-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039003","version" => "3.72"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.73"}]},"Devel-StackTrace" => {"advisories" => [{"affected_versions" => ["<1.19"],"cves" => ["CVE-2008-3502"],"description" => "Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.\n","distribution" => "Devel-StackTrace","fixed_versions" => [">=1.19"],"id" => "CPANSA-Devel-StackTrace-2008-3502","references" => ["http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html","http://www.securityfocus.com/bid/29925","http://secunia.com/advisories/30830","https://exchange.xforce.ibmcloud.com/vulnerabilities/43337"],"reported" => "2008-08-06","severity" => undef}],"main_module" => "Devel::StackTrace","versions" => [{"date" => "2000-06-27T19:21:12","version" => "0.7"},{"date" => "2000-07-04T16:34:23","version" => "0.75"},{"date" => "2000-09-03T02:55:27","version" => "0.8"},{"date" => "2000-09-03T04:10:13","version" => "0.85"},{"date" => "2001-11-24T06:37:34","version" => "0.9"},{"date" => "2002-08-23T09:12:26","version" => "1.00"},{"date" => "2002-09-18T16:19:28","version" => "1.01"},{"date" => "2002-09-19T22:12:09","version" => "1.02"},{"date" => "2003-01-22T20:33:08","version" => "1.03"},{"date" => "2003-09-25T19:15:23","version" => "1.04"},{"date" => "2004-02-17T20:35:35","version" => "1.05"},{"date" => "2004-02-22T00:14:28","version" => "1.06"},{"date" => "2004-02-22T00:30:48","version" => "1.07"},{"date" => "2004-02-23T15:25:26","version" => "1.08"},{"date" => "2004-02-26T22:30:00","version" => "1.09"},{"date" => "2004-03-10T21:25:04","version" => "1.10"},{"date" => "2004-04-12T05:11:33","version" => "1.11"},{"date" => "2005-09-30T05:47:47","version" => "1.12"},{"date" => "2006-04-01T04:51:47","version" => "1.13"},{"date" => "2007-03-16T15:29:38","version" => "1.14"},{"date" => "2007-04-28T20:07:57","version" => "1.15"},{"date" => "2008-02-02T06:09:06","version" => "1.16"},{"date" => "2008-03-30T17:20:19","version" => "1.17"},{"date" => "2008-03-31T14:16:23","version" => "1.18"},{"date" => "2008-06-13T18:07:37","version" => "1.19"},{"date" => "2008-06-13T23:46:42","version" => "1.1901"},{"date" => "2008-07-16T13:20:57","version" => "1.1902"},{"date" => "2008-10-26T01:44:25","version" => "1.20"},{"date" => "2009-07-02T04:50:03","version" => "1.21"},{"date" => "2009-07-15T19:51:37","version" => "1.22"},{"date" => "2010-08-28T01:47:36","version" => "1.23"},{"date" => "2010-09-03T14:18:22","version" => "1.24"},{"date" => "2010-09-06T14:54:15","version" => "1.25"},{"date" => "2010-10-15T15:25:58","version" => "1.26"},{"date" => "2011-01-16T18:57:01","version" => "1.27"},{"date" => "2012-11-16T16:59:05","version" => "1.28"},{"date" => "2012-11-16T17:47:00","version" => "1.29"},{"date" => "2012-11-20T05:07:49","version" => "1.30"},{"date" => "2014-01-16T22:37:16","version" => "1.31"},{"date" => "2014-05-05T08:01:10","version" => "1.32"},{"date" => "2014-06-26T20:43:33","version" => "1.33"},{"date" => "2014-06-26T21:50:12","version" => "1.34"},{"date" => "2014-11-01T18:06:29","version" => "2.00"},{"date" => "2016-03-02T17:23:15","version" => "2.01"},{"date" => "2016-12-07T19:51:47","version" => "2.02"},{"date" => "2017-11-18T17:10:57","version" => "2.03"},{"date" => "2019-05-24T18:54:07","version" => "2.04"},{"date" => "2024-01-08T04:48:56","version" => "2.05"}]},"Dezi" => {"advisories" => [{"affected_versions" => ["<0.002002"],"cves" => [],"description" => "Bypassing authentication on the /index URL app with non-idempotent requests to /search URL.\n","distribution" => "Dezi","fixed_versions" => [">=0.002002"],"id" => "CPANSA-Dezi-2012-01","references" => ["https://metacpan.org/changes/distribution/Dezi","https://github.com/karpet/Dezi/commit/f1ad292b4dd988d1a38202c804bb7a2a3bcca3c8"],"reported" => "2012-09-13"}],"main_module" => "Dezi","versions" => [{"date" => "2011-06-22T04:53:57","version" => "0.001000"},{"date" => "2011-08-03T02:42:22","version" => "0.001001"},{"date" => "2011-09-30T03:35:08","version" => "0.001002"},{"date" => "2011-10-23T02:12:02","version" => "0.001003"},{"date" => "2012-03-17T02:40:15","version" => "0.001004"},{"date" => "2012-07-11T03:20:40","version" => "0.001005"},{"date" => "2012-08-18T02:43:23","version" => "0.001006"},{"date" => "2012-08-22T03:58:33","version" => "0.001007"},{"date" => "2012-09-04T02:05:34","version" => "0.001008"},{"date" => "2012-09-12T03:51:13","version" => "0.002000"},{"date" => "2012-09-13T01:50:59","version" => "0.002001"},{"date" => "2012-09-13T14:10:02","version" => "0.002002"},{"date" => "2012-10-16T00:57:46","version" => "0.002003"},{"date" => "2012-10-18T03:15:21","version" => "0.002004"},{"date" => "2012-12-19T05:25:13","version" => "0.002005"},{"date" => "2013-02-03T02:49:07","version" => "0.002006"},{"date" => "2013-02-05T15:02:54","version" => "0.002007"},{"date" => "2013-02-09T05:37:41","version" => "0.002008"},{"date" => "2013-02-13T02:30:33","version" => "0.002009"},{"date" => "2013-02-13T04:31:49","version" => "0.002010"},{"date" => "2013-11-13T17:08:03","version" => "0.002011"},{"date" => "2014-02-27T18:08:30","version" => "0.002012"},{"date" => "2014-06-05T06:59:12","version" => "0.002998_01"},{"date" => "2014-06-08T04:59:17","version" => "0.003000"},{"date" => "2014-07-30T20:40:24","version" => "0.004000"},{"date" => "2014-09-02T02:45:00","version" => "0.004001"},{"date" => "2015-04-30T22:01:11","version" => "0.004002"},{"date" => "2018-05-16T02:24:24","version" => "0.004003"}]},"Digest" => {"advisories" => [{"affected_versions" => ["<1.17"],"cves" => ["CVE-2011-3597"],"description" => "Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.\n","distribution" => "Digest","fixed_versions" => [">=0.17"],"id" => "CPANSA-Digest-2011-3597","references" => ["http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://www.redhat.com/support/errata/RHSA-2011-1424.html","https://bugzilla.redhat.com/show_bug.cgi?id=743010","http://www.securityfocus.com/bid/49911","http://secunia.com/advisories/46279","http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes","http://www.mandriva.com/security/advisories?name=MDVSA-2012:009","http://www.mandriva.com/security/advisories?name=MDVSA-2012:008","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446"],"reported" => "2012-01-13","reviewed_by" => [{"date" => "2022-07-05","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => ["<1.19"],"cves" => ["CVE-2016-1238"],"description" => "Includes . in \@INC which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Digest","fixed_versions" => [">=1.19"],"id" => "CPANSA-Digest-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Digest","versions" => [{"date" => "2001-03-14T06:33:08","version" => "1.00"},{"date" => "2003-01-05T01:23:53","version" => "1.01"},{"date" => "2003-01-19T04:35:36","version" => "1.02"},{"date" => "2003-11-28T12:29:42","version" => "1.03"},{"date" => "2003-11-29T12:08:20","version" => "1.04"},{"date" => "2003-12-01T07:58:06","version" => "1.05"},{"date" => "2004-04-01T10:55:24","version" => "1.06"},{"date" => "2004-04-25T14:39:53","version" => "1.07"},{"date" => "2004-04-29T07:56:42","version" => "1.08"},{"date" => "2004-11-05T12:20:28","version" => "1.09"},{"date" => "2004-11-08T09:41:14","version" => "1.10"},{"date" => "2005-09-11T11:14:33","version" => "1.11"},{"date" => "2005-09-29T10:20:20","version" => "1.12"},{"date" => "2005-10-18T11:59:24","version" => "1.13"},{"date" => "2005-11-26T10:10:21","version" => "1.14"},{"date" => "2006-03-20T15:18:01","version" => "1.15"},{"date" => "2009-06-09T18:58:26","version" => "1.16"},{"date" => "2011-10-02T10:14:32","version" => "1.17"},{"date" => "2020-10-13T19:16:47","version" => "1.18"},{"date" => "2020-10-13T20:02:35","version" => "1.19"},{"date" => "2021-08-24T13:51:51","version" => "1.20"},{"date" => "2012-10-12T00:00:00","dual_lived" => 1,"perl_release" => "5.014003","version" => "1.16_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "1.17_01"}]},"Digest-MD5" => {"advisories" => [{"affected_versions" => ["<2.25"],"cves" => ["CVE-2002-0703"],"description" => "An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.\n","distribution" => "Digest-MD5","fixed_versions" => [],"id" => "CPANSA-Digest-MD5-2002-0703","references" => ["http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php","http://www.iss.net/security_center/static/9051.php","http://www.securityfocus.com/bid/4716","http://rhn.redhat.com/errata/RHSA-2002-081.html"],"reported" => "2002-07-26","severity" => undef}],"main_module" => "Digest::MD5","versions" => [{"date" => "1998-10-23T12:30:56","version" => "1.99_53"},{"date" => "1998-10-24T13:58:24","version" => "1.99_54"},{"date" => "1998-10-24T22:44:03","version" => "1.99_55"},{"date" => "1998-10-24T23:07:15","version" => "1.99_56"},{"date" => "1998-10-27T21:09:37","version" => "1.99_57"},{"date" => "1998-10-28T14:11:30","version" => "1.99_58"},{"date" => "1998-10-28T20:57:10","version" => "1.99_59"},{"date" => "1998-10-30T17:23:27","version" => "1.99_60"},{"date" => "1998-11-04T22:27:42","version" => "2.00"},{"date" => "1998-12-30T04:01:06","version" => "2.01"},{"date" => "1999-01-31T16:44:38","version" => "2.02"},{"date" => "1999-02-01T20:25:06","version" => "2.02"},{"date" => "1999-02-27T21:39:24","version" => "2.03"},{"date" => "1999-03-05T21:17:35","version" => "2.04"},{"date" => "1999-03-15T10:58:32","version" => "2.05"},{"date" => "1999-03-19T05:05:36","version" => "2.05"},{"date" => "1999-03-26T13:51:38","version" => "2.06"},{"date" => "1999-04-26T09:45:43","version" => "2.07"},{"date" => "1999-06-02T13:44:41","version" => "2.07"},{"date" => "1999-07-28T10:55:54","version" => "2.08"},{"date" => "1999-08-05T23:29:15","version" => "2.09"},{"date" => "1999-09-02T12:45:17","version" => "2.09"},{"date" => "2000-08-18T08:49:59","version" => "2.10"},{"date" => "2000-08-19T17:39:04","version" => "2.11"},{"date" => "2000-09-18T15:10:45","version" => "2.12"},{"date" => "2001-01-19T06:08:47","version" => "2.12"},{"date" => "2001-03-14T05:56:41","version" => "2.13"},{"date" => "2001-03-17T04:35:32","version" => "2.13"},{"date" => "2001-06-24T07:37:20","version" => "2.13"},{"date" => "2001-07-18T13:40:13","version" => "2.14"},{"date" => "2001-08-27T17:53:29","version" => "2.15"},{"date" => "2001-08-29T06:32:30","version" => "2.15"},{"date" => "2001-09-07T05:52:46","version" => "2.16"},{"date" => "2002-04-25T17:24:14","version" => "2.17"},{"date" => "2002-05-01T23:34:50","version" => "2.18"},{"date" => "2002-05-02T03:21:40","version" => "2.19"},{"date" => "2002-05-06T05:20:38","version" => "2.20"},{"date" => "2002-12-28T05:33:19","version" => "2.21"},{"date" => "2003-01-05T01:04:07","version" => "2.22"},{"date" => "2003-01-19T04:55:24","version" => "2.23"},{"date" => "2003-03-09T15:26:49","version" => "2.24"},{"date" => "2003-07-05T05:33:54","version" => "2.25"},{"date" => "2003-07-22T06:15:03","version" => "2.26"},{"date" => "2003-08-05T06:12:31","version" => "2.27"},{"date" => "2003-10-06T13:16:20","version" => "2.28"},{"date" => "2003-10-06T17:37:30","version" => "2.29"},{"date" => "2003-10-09T09:40:47","version" => "2.30"},{"date" => "2003-11-28T13:10:59","version" => "2.31"},{"date" => "2003-12-05T10:15:43","version" => "2.32"},{"date" => "2003-12-07T10:31:15","version" => "2.33"},{"date" => "2005-11-26T10:05:19","version" => "2.34"},{"date" => "2005-11-26T11:15:35","version" => "2.35"},{"date" => "2005-11-30T13:55:38","version" => "2.36"},{"date" => "2008-11-12T09:36:42","version" => "2.37"},{"date" => "2008-11-14T13:50:45","version" => "2.38"},{"date" => "2009-06-09T20:21:55","version" => "2.39"},{"date" => "2010-07-03T14:01:25","version" => "2.40"},{"date" => "2010-09-25T22:12:42","version" => "2.50"},{"date" => "2010-09-30T19:46:29","version" => "2.51"},{"date" => "2012-06-07T22:37:00","version" => "2.52"},{"date" => "2013-07-02T17:56:06","version" => "2.53"},{"date" => "2015-01-12T21:19:42","version" => "2.54"},{"date" => "2016-03-09T21:17:10","version" => "2.55"},{"date" => "2020-10-05T17:19:37","version" => "2.56"},{"date" => "2020-10-05T17:42:48","version" => "2.57"},{"date" => "2020-10-05T21:53:32","version" => "2.58"},{"date" => "2023-12-30T21:01:56","version" => "2.59"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "2.36_01"},{"date" => "2019-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031005","version" => "2.55_01"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038000","version" => "2.58_01"}]},"Digest-SHA" => {"advisories" => [{"affected_versions" => ["<5.96"],"cves" => ["CVE-2016-1238"],"description" => "Digest::SHA before 5.96 with perls earlier than v5.26 included the current working directory in the module search path, which could lead to the inadvernant loading of unexpected versions of a module. The current directory was removed from the default module search path in perls from v5.26 and later.\n","distribution" => "Digest-SHA","fixed_versions" => [">=5.96"],"id" => "CPANSA-Digest-SHA-2016-1238","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=116513","https://github.com/advisories/GHSA-hm5v-6984-hfqp","https://metacpan.org/release/MSHELOR/Digest-SHA-5.96/diff/MSHELOR/Digest-SHA-5.95","https://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","https://lists.debian.org/debian-security-announce/2016/msg00206.html","https://security.gentoo.org/glsa/201701-75"],"reported" => undef,"severity" => "high"}],"main_module" => "Digest::SHA","versions" => [{"date" => "2003-10-11T09:45:19","version" => "0.9"},{"date" => "2003-10-20T09:50:18","version" => "1.0"},{"date" => "2003-10-25T11:31:51","version" => "1.01"},{"date" => "2003-11-01T21:22:08","version" => "2.0"},{"date" => "2003-11-09T11:06:19","version" => "2.1"},{"date" => "2003-11-16T11:08:06","version" => "2.2"},{"date" => "2003-11-19T11:54:09","version" => "2.3"},{"date" => "2003-11-23T00:52:20","version" => "2.4"},{"date" => "2003-11-26T12:32:09","version" => "3.0"},{"date" => "2003-11-30T07:47:28","version" => "v4.0.0"},{"date" => "2003-11-30T16:19:28","version" => "3.1-alpha1"},{"date" => "2003-12-01T13:27:50","version" => "4.0.2"},{"date" => "2003-12-03T11:20:55","version" => "v4.0.3"},{"date" => "2003-12-04T07:54:40","version" => "v4.0.4"},{"date" => "2003-12-06T09:23:46","version" => "v4.0.5"},{"date" => "2003-12-11T11:30:14","version" => "v4.0.6"},{"date" => "2003-12-13T09:30:39","version" => "v4.0.7"},{"date" => "2003-12-19T07:30:18","version" => "v4.0.8"},{"date" => "2003-12-24T10:37:28","version" => "v4.0.9"},{"date" => "2003-12-25T08:13:32","version" => "v4.1.0"},{"date" => "2003-12-28T00:09:30","version" => "v4.2.0"},{"date" => "2004-01-24T08:43:05","version" => "v4.2.1"},{"date" => "2004-02-01T08:52:29","version" => "v4.2.2"},{"date" => "2004-02-07T10:45:32","version" => "v4.3.0"},{"date" => "2004-03-04T10:41:51","version" => "v4.3.1"},{"date" => "2004-04-28T11:30:19","version" => "4.3.2"},{"date" => "2004-05-05T07:56:21","version" => "4.3.3"},{"date" => "2004-05-14T12:08:55","version" => "5.00"},{"date" => "2004-05-21T20:20:18","version" => "5.01"},{"date" => "2004-07-29T10:13:58","version" => "5.02"},{"date" => "2004-07-31T07:34:46","version" => "5.03"},{"date" => "2004-08-06T09:44:08","version" => "5.10"},{"date" => "2004-08-15T12:25:38","version" => "5.20"},{"date" => "2004-08-23T12:35:36","version" => "5.21"},{"date" => "2004-09-08T08:01:56","version" => "5.22"},{"date" => "2004-09-10T06:51:39","version" => "5.23"},{"date" => "2004-09-12T11:33:41","version" => "5.24"},{"date" => "2004-09-13T02:27:16","version" => "5.25"},{"date" => "2004-10-10T09:13:00","version" => "5.26"},{"date" => "2004-10-24T11:25:48","version" => "5.27"},{"date" => "2004-11-17T09:23:50","version" => "5.28"},{"date" => "2005-08-15T09:20:59","version" => "5.29"},{"date" => "2005-08-21T00:35:30","version" => "5.30"},{"date" => "2005-09-05T08:36:39","version" => "5.31"},{"date" => "2005-12-02T10:13:07","version" => "5.32"},{"date" => "2006-02-03T02:22:56","version" => "5.34"},{"date" => "2006-05-08T01:10:50","version" => "5.35"},{"date" => "2006-05-08T11:19:00","version" => "5.36"},{"date" => "2006-05-15T11:31:17","version" => "5.37"},{"date" => "2006-05-25T10:10:52","version" => "5.38"},{"date" => "2006-05-28T10:49:11","version" => "5.39"},{"date" => "2006-06-02T21:45:07","version" => "5.40"},{"date" => "2006-06-03T09:31:44","version" => "5.41"},{"date" => "2006-07-24T11:22:26","version" => "5.42"},{"date" => "2006-08-05T10:13:57","version" => "5.43"},{"date" => "2006-10-14T07:59:30","version" => "5.44"},{"date" => "2007-06-26T10:20:05","version" => "5.45"},{"date" => "2008-04-09T12:40:29","version" => "5.46"},{"date" => "2008-04-30T11:17:26","version" => "5.47"},{"date" => "2010-01-05T02:07:18","version" => "5.48"},{"date" => "2010-12-12T14:44:43","version" => "5.49"},{"date" => "2010-12-14T13:46:10","version" => "5.50"},{"date" => "2011-03-03T13:19:38","version" => "5.60"},{"date" => "2011-03-09T12:56:01","version" => "5.61"},{"date" => "2011-05-14T11:11:34","version" => "5.62"},{"date" => "2011-11-08T13:27:54","version" => "5.63"},{"date" => "2011-12-14T10:18:37","version" => "5.70"},{"date" => "2012-02-29T11:11:59","version" => "5.71"},{"date" => "2012-09-25T01:14:59","version" => "5.72"},{"date" => "2012-10-31T11:42:32","version" => "5.73"},{"date" => "2012-11-24T11:40:47","version" => "5.74"},{"date" => "2012-12-10T21:21:06","version" => "5.80"},{"date" => "2013-01-14T14:32:22","version" => "5.81"},{"date" => "2013-01-24T12:06:14","version" => "5.82"},{"date" => "2013-03-04T16:22:03","version" => "5.83"},{"date" => "2013-03-10T00:42:51","version" => "5.84"},{"date" => "2013-06-26T11:11:56","version" => "5.85"},{"date" => "2014-01-30T15:40:50","version" => "5.86"},{"date" => "2014-02-18T01:26:20","version" => "5.87"},{"date" => "2014-03-17T16:05:33","version" => "5.88"},{"date" => "2014-04-19T13:09:10","version" => "5.89"},{"date" => "2014-05-07T15:54:15","version" => "5.90"},{"date" => "2014-05-16T17:36:12","version" => "5.91"},{"date" => "2014-06-01T07:25:04","version" => "5.92"},{"date" => "2014-10-26T13:15:37","version" => "5.93"},{"date" => "2015-01-10T09:49:55","version" => "5.94"},{"date" => "2015-01-10T20:24:40","version" => "5.95"},{"date" => "2016-07-28T11:11:53","version" => "5.96"},{"date" => "2017-09-06T09:38:45","version" => "5.97"},{"date" => "2017-10-04T08:38:13","version" => "5.98"},{"date" => "2017-12-09T06:04:13","version" => "6.00"},{"date" => "2017-12-25T07:41:55","version" => "6.01"},{"date" => "2018-04-20T23:47:19","version" => "6.02"},{"date" => "2022-08-08T18:56:41","version" => "6.03"},{"date" => "2023-02-25T19:06:34","version" => "6.04"},{"date" => "2013-08-12T00:00:00","dual_lived" => 1,"perl_release" => "5.018001","version" => "5.84_01"},{"date" => "2014-10-01T00:00:00","dual_lived" => 1,"perl_release" => "5.018003","version" => "5.84_02"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "5.95_01"}]},"Dpkg" => {"advisories" => [{"affected_versions" => ["<1.21.8"],"cves" => ["CVE-2022-1664"],"description" => "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.\n","distribution" => "Dpkg","fixed_versions" => [">=1.21.8"],"id" => "CPANSA-Dpkg-2022-1664","references" => ["https://lists.debian.org/debian-security-announce/2022/msg00115.html","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b","https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"],"reported" => "2022-05-26","severity" => "critical"},{"affected_versions" => ["<1.18.24"],"cves" => ["CVE-2017-8283"],"description" => "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.24"],"id" => "CPANSA-Dpkg-2017-8283","references" => ["http://www.openwall.com/lists/oss-security/2017/04/20/2","http://www.securityfocus.com/bid/98064"],"reported" => "2017-04-26","severity" => "critical"},{"affected_versions" => ["<1.18.11"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.11"],"id" => "CPANSA-Dpkg-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => ["<1.18.4"],"cves" => ["CVE-2015-0860"],"description" => "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.4"],"id" => "CPANSA-Dpkg-2015-0860","references" => ["http://www.ubuntu.com/usn/USN-2820-1","http://www.debian.org/security/2015/dsa-3407","https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324","https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d","https://security.gentoo.org/glsa/201612-07"],"reported" => "2015-12-03","severity" => undef},{"affected_versions" => ["<1.18.0"],"cves" => ["CVE-2015-0840"],"description" => "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.0"],"id" => "CPANSA-Dpkg-2015-0840","references" => ["http://www.ubuntu.com/usn/USN-2566-1","http://www.debian.org/security/2015/dsa-3217","http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"],"reported" => "2015-04-13","severity" => undef},{"affected_versions" => ["<1.17.22"],"cves" => ["CVE-2014-8625"],"description" => "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.22"],"id" => "CPANSA-Dpkg-2014-8625","references" => ["http://seclists.org/oss-sec/2014/q4/539","https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135","http://seclists.org/oss-sec/2014/q4/622","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485","http://seclists.org/oss-sec/2014/q4/551","http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"],"reported" => "2015-01-20","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3127"],"description" => "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3127","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306","http://www.securityfocus.com/bid/67181","http://seclists.org/oss-sec/2014/q2/227","http://seclists.org/oss-sec/2014/q2/191","http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"],"reported" => "2014-05-14","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3864"],"description" => "Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3864","references" => ["http://openwall.com/lists/oss-security/2014/05/25/2","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498","http://www.securityfocus.com/bid/67725","http://www.ubuntu.com/usn/USN-2242-1","http://www.debian.org/security/2014/dsa-2953"],"reported" => "2014-05-30","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3865"],"description" => "Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3865","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749183","http://openwall.com/lists/oss-security/2014/05/25/2","http://www.securityfocus.com/bid/67727","http://www.ubuntu.com/usn/USN-2242-1","http://www.debian.org/security/2014/dsa-2953"],"reported" => "2014-05-30","severity" => undef},{"affected_versions" => ["<1.17.9"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.9"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.17.9"],"cves" => ["CVE-2014-3127"],"description" => "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.9"],"id" => "CPANSA-Dpkg-2014-3127","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306","http://www.securityfocus.com/bid/67181","http://seclists.org/oss-sec/2014/q2/227","http://seclists.org/oss-sec/2014/q2/191","http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"],"reported" => "2014-05-14","severity" => undef},{"affected_versions" => ["<1.17.8"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.8"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.15.8.8"],"cves" => ["CVE-2010-1679"],"description" => "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.8.8"],"id" => "CPANSA-Dpkg-2010-1679","references" => ["http://www.vupen.com/english/advisories/2011/0044","http://secunia.com/advisories/42831","http://secunia.com/advisories/42826","http://www.ubuntu.com/usn/USN-1038-1","http://www.debian.org/security/2011/dsa-2142","http://www.vupen.com/english/advisories/2011/0040","http://osvdb.org/70368","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html","http://secunia.com/advisories/43054","http://www.securityfocus.com/bid/45703","http://www.vupen.com/english/advisories/2011/0196","https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"],"reported" => "2011-01-11","severity" => undef},{"affected_versions" => ["<1.15.6"],"cves" => ["CVE-2010-0396"],"description" => "Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.6"],"id" => "CPANSA-Dpkg-2010-0396","references" => ["http://www.debian.org/security/2010/dsa-2011","http://www.vupen.com/english/advisories/2010/0582","http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz","https://exchange.xforce.ibmcloud.com/vulnerabilities/56887"],"reported" => "2010-03-15","severity" => undef},{"affected_versions" => ["==1.9.21"],"cves" => ["CVE-2004-2768"],"description" => "dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.\n","distribution" => "Dpkg","fixed_versions" => [">=1.9.22"],"id" => "CPANSA-Dpkg-2004-2768","references" => ["http://www.hackinglinuxexposed.com/articles/20031214.html","http://lists.jammed.com/ISN/2003/12/0056.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692","https://bugzilla.redhat.com/show_bug.cgi?id=598775","https://exchange.xforce.ibmcloud.com/vulnerabilities/59428"],"reported" => "2010-06-08","severity" => undef},{"affected_versions" => ["<1.15.10"],"cves" => ["CVE-2011-0402"],"description" => "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.10"],"id" => "CPANSA-Dpkg-2011-0402","references" => ["http://www.ubuntu.com/usn/USN-1038-1","http://secunia.com/advisories/42831","http://www.debian.org/security/2011/dsa-2142","http://secunia.com/advisories/42826","http://www.vupen.com/english/advisories/2011/0040","http://www.vupen.com/english/advisories/2011/0044","http://osvdb.org/70367","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html","http://www.vupen.com/english/advisories/2011/0196","http://www.securityfocus.com/bid/45703","http://secunia.com/advisories/43054","https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"],"reported" => "2011-01-11","severity" => undef}],"main_module" => "Dpkg","versions" => [{"date" => "2018-09-26T18:53:52","version" => "v1.19.1"},{"date" => "2018-10-08T10:54:58","version" => "v1.19.2"},{"date" => "2019-01-22T18:41:25","version" => "v1.19.3"},{"date" => "2019-02-23T17:40:31","version" => "v1.19.5"},{"date" => "2019-03-25T14:54:21","version" => "v1.19.6"},{"date" => "2019-06-03T21:51:58","version" => "v1.19.7"},{"date" => "2020-03-08T03:05:24","version" => "v1.20.0"},{"date" => "2020-06-27T01:26:33","version" => "v1.20.1"},{"date" => "2020-06-27T23:35:03","version" => "v1.20.2"},{"date" => "2020-06-29T11:02:10","version" => "v1.20.3"},{"date" => "2020-07-07T06:22:23","version" => "v1.20.4"},{"date" => "2020-07-08T03:55:55","version" => "v1.20.5"},{"date" => "2021-01-08T04:23:50","version" => "v1.20.6"},{"date" => "2021-01-09T00:19:44","version" => "v1.20.7"},{"date" => "2021-04-13T21:44:34","version" => "v1.20.8"},{"date" => "2021-04-13T23:33:15","version" => "v1.20.9"},{"date" => "2021-12-05T18:08:48","version" => "v1.21.0"},{"date" => "2021-12-06T20:23:10","version" => "v1.21.1"},{"date" => "2022-03-13T20:07:04","version" => "v1.21.2"},{"date" => "2022-03-24T20:19:38","version" => "v1.21.3"},{"date" => "2022-03-26T12:56:21","version" => "v1.21.4"},{"date" => "2022-03-29T01:07:10","version" => "v1.21.5"},{"date" => "2022-05-25T15:21:07","version" => "v1.21.8"},{"date" => "2022-07-01T09:48:45","version" => "v1.21.9"},{"date" => "2022-12-01T12:08:26","version" => "v1.21.10"},{"date" => "2022-12-02T23:34:17","version" => "v1.21.11"},{"date" => "2022-12-19T01:27:49","version" => "v1.21.13"},{"date" => "2023-01-01T23:04:24","version" => "v1.21.14"},{"date" => "2023-01-25T22:18:51","version" => "v1.21.19"},{"date" => "2023-05-16T22:34:01","version" => "v1.21.22"},{"date" => "2023-08-30T10:44:22","version" => "v1.22.0"},{"date" => "2023-10-30T03:47:45","version" => "v1.22.1"},{"date" => "2023-12-18T03:09:08","version" => "v1.22.2"},{"date" => "2024-01-24T12:39:35","version" => "v1.22.4"},{"date" => "2024-02-27T03:56:46","version" => "v1.22.5"},{"date" => "2024-03-10T21:52:57","version" => "v1.22.6"},{"date" => "2024-07-16T23:58:08","version" => "v1.22.7"},{"date" => "2024-07-21T18:44:31","version" => "v1.22.8"},{"date" => "2024-08-01T11:07:53","version" => "v1.22.11"},{"date" => "2025-01-02T03:22:30","version" => "v1.22.12"},{"date" => "2025-01-03T11:09:37","version" => "v1.22.13"},{"date" => "2025-03-07T02:57:57","version" => "v1.22.16"},{"date" => "2025-03-09T18:23:59","version" => "v1.22.18"},{"date" => "2025-05-18T22:53:57","version" => "v1.22.19"},{"date" => "2025-06-04T23:18:14","version" => "v1.22.20"},{"date" => "2025-07-02T00:09:01","version" => "v1.22.21"},{"date" => "2025-12-16T22:55:42","version" => "v1.23.0"},{"date" => "2025-12-17T12:41:12","version" => "v1.23.1"},{"date" => "2026-01-18T17:58:28","version" => "v1.23.4"}]},"EV-Hiredis" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.04"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "EV-Hiredis","fixed_versions" => [],"id" => "CPANSA-EV-Hiredis-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"}],"main_module" => "EV::Hiredis","versions" => [{"date" => "2013-01-09T10:22:05","version" => "0.01"},{"date" => "2013-03-13T06:16:24","version" => "0.02"},{"date" => "2014-09-18T09:39:46","version" => "0.03"},{"date" => "2017-04-23T10:09:14","version" => "0.04"},{"date" => "2022-09-11T04:29:22","version" => "0.05"},{"date" => "2023-04-25T22:39:52","version" => "0.06"},{"date" => "2023-05-03T14:14:01","version" => "0.07"}]},"EasyTCP" => {"advisories" => [{"affected_versions" => ["<0.15"],"cves" => ["CVE-2002-20002"],"description" => "The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.\n","distribution" => "EasyTCP","fixed_versions" => [">=0.15"],"id" => "CPANSA-EasyTCP-2002-20002","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/184","https://metacpan.org/release/MNAGUIB/EasyTCP-0.15/view/EasyTCP.pm","https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"],"reported" => "2025-01-02","severity" => "moderate"},{"affected_versions" => [">=0.15"],"cves" => ["CVE-2024-56830"],"description" => "The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.\n","distribution" => "EasyTCP","fixed_versions" => [],"id" => "CPANSA-EasyTCP-2024-56830","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/184","https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"],"reported" => "2025-01-02","severity" => "moderate"}],"main_module" => "Net::EasyTCP","versions" => [{"date" => "2002-01-03T20:21:16","version" => "0.01"},{"date" => "2002-01-10T23:58:29","version" => "0.02"},{"date" => "2002-01-12T22:23:25","version" => "0.03"},{"date" => "2002-01-14T20:13:58","version" => "0.04"},{"date" => "2002-01-16T16:30:59","version" => "0.05"},{"date" => "2002-01-18T04:48:03","version" => "0.06"},{"date" => "2002-01-21T20:26:09","version" => "0.07"},{"date" => "2002-01-22T21:08:52","version" => "0.08"},{"date" => "2002-01-31T16:33:35","version" => "0.09"},{"date" => "2002-02-01T02:09:00","version" => "0.10"},{"date" => "2002-02-05T20:35:47","version" => "0.11"},{"date" => "2002-02-22T19:51:44","version" => "0.12"},{"date" => "2002-03-22T20:47:32","version" => "0.13"},{"date" => "2002-09-07T05:21:49","version" => "0.14"},{"date" => "2002-09-25T03:02:37","version" => "0.15"},{"date" => "2002-09-30T20:20:38","version" => "0.16"},{"date" => "2002-11-11T19:38:16","version" => "0.17"},{"date" => "2003-02-26T22:15:03","version" => "0.18"},{"date" => "2003-03-02T05:47:04","version" => "0.19"},{"date" => "2003-05-14T19:40:01","version" => "0.20"},{"date" => "2003-05-14T20:22:30","version" => "0.21"},{"date" => "2003-05-15T13:10:31","version" => "0.22"},{"date" => "2003-05-24T13:19:56","version" => "0.23"},{"date" => "2003-07-15T01:11:20","version" => "0.24"},{"date" => "2003-08-07T12:19:25","version" => "0.25"},{"date" => "2004-04-06T02:50:22","version" => "0.26"}]},"Elive" => {"advisories" => [{"affected_versions" => ["<1.20"],"cves" => [],"description" => "Elive::DAO->set() did not die on tainted data.\n","distribution" => "Elive","fixed_versions" => [">=1.20"],"id" => "CPANSA-Elive-2011-01","references" => ["https://metacpan.org/dist/Elive/changes"],"reported" => "2011-10-15","severity" => undef}],"main_module" => "Elive","versions" => [{"date" => "2009-03-17T06:37:43","version" => "0.01"},{"date" => "2009-04-13T23:51:59","version" => "0.02"},{"date" => "2009-04-14T20:26:27","version" => "0.03"},{"date" => "2009-04-15T22:30:08","version" => "0.04"},{"date" => "2009-04-17T07:27:23","version" => "0.05"},{"date" => "2009-04-17T22:04:55","version" => "0.06"},{"date" => "2009-04-22T00:14:13","version" => "0.07"},{"date" => "2009-04-22T03:10:13","version" => "0.08"},{"date" => "2009-04-24T22:26:35","version" => "0.09"},{"date" => "2009-04-28T07:30:45","version" => "0.10"},{"date" => "2009-04-29T21:49:12","version" => "0.11"},{"date" => "2009-05-01T23:15:47","version" => "0.12"},{"date" => "2009-05-04T22:19:09","version" => "0.13"},{"date" => "2009-05-05T20:09:18","version" => "0.14"},{"date" => "2009-05-08T22:04:14","version" => "0.15"},{"date" => "2009-05-11T20:38:56","version" => "0.16"},{"date" => "2009-05-13T21:31:52","version" => "0.17"},{"date" => "2009-05-15T03:47:36","version" => "0.18"},{"date" => "2009-05-18T21:43:03","version" => "0.19"},{"date" => "2009-05-24T00:13:36","version" => "0.20"},{"date" => "2009-05-24T20:48:19","version" => "0.21"},{"date" => "2009-05-27T22:05:37","version" => "0.22"},{"date" => "2009-05-29T05:09:57","version" => "0.23"},{"date" => "2009-06-03T04:48:43","version" => "0.24"},{"date" => "2009-06-03T22:18:02","version" => "0.25"},{"date" => "2009-06-12T22:36:31","version" => "0.26"},{"date" => "2009-06-19T21:34:40","version" => "0.27"},{"date" => "2009-06-22T03:47:43","version" => "0.28"},{"date" => "2009-06-24T04:14:37","version" => "0.29"},{"date" => "2009-06-26T23:24:47","version" => "0.30"},{"date" => "2009-07-03T06:18:23","version" => "0.31"},{"date" => "2009-07-17T22:56:55","version" => "0.32"},{"date" => "2009-07-22T03:22:18","version" => "0.33"},{"date" => "2009-07-28T06:46:45","version" => "0.34"},{"date" => "2009-08-02T22:36:31","version" => "0.35"},{"date" => "2009-08-03T22:44:25","version" => "0.36"},{"date" => "2009-08-05T21:02:32","version" => "0.37"},{"date" => "2009-08-21T08:29:37","version" => "0.38"},{"date" => "2009-08-31T02:24:45","version" => "0.39"},{"date" => "2009-09-10T01:20:54","version" => "0.40"},{"date" => "2009-09-11T21:34:13","version" => "0.41"},{"date" => "2009-10-08T00:53:22","version" => "0.42"},{"date" => "2009-10-20T23:09:46","version" => "0.43"},{"date" => "2009-10-22T00:05:22","version" => "0.44"},{"date" => "2009-10-26T04:15:36","version" => "0.45"},{"date" => "2009-10-28T08:27:27","version" => "0.46"},{"date" => "2009-10-28T21:26:06","version" => "0.47"},{"date" => "2009-10-29T00:00:43","version" => "0.48"},{"date" => "2009-11-02T21:37:24","version" => "0.48_01"},{"date" => "2009-11-06T20:36:30","version" => "0.49"},{"date" => "2009-11-09T21:34:02","version" => "0.50"},{"date" => "2009-11-16T00:26:26","version" => "0.51"},{"date" => "2009-11-30T20:38:39","version" => "0.52"},{"date" => "2009-12-14T23:14:43","version" => "0.53"},{"date" => "2009-12-18T00:24:06","version" => "0.53_1"},{"date" => "2009-12-18T22:36:34","version" => "0.54"},{"date" => "2009-12-20T20:02:22","version" => "0.55"},{"date" => "2010-01-04T06:35:00","version" => "0.56"},{"date" => "2010-01-04T21:18:52","version" => "0.57"},{"date" => "2010-01-14T00:08:40","version" => "0.58"},{"date" => "2010-01-21T22:46:27","version" => "0.59"},{"date" => "2010-01-24T21:24:09","version" => "0.60"},{"date" => "2010-01-26T22:38:54","version" => "0.61"},{"date" => "2010-02-15T23:06:41","version" => "0.62"},{"date" => "2010-03-06T22:34:53","version" => "0.63"},{"date" => "2010-03-11T22:45:28","version" => "0.64"},{"date" => "2010-05-17T00:40:50","version" => "0.65"},{"date" => "2010-05-21T23:54:39","version" => "0.66"},{"date" => "2010-05-27T22:12:29","version" => "0.67"},{"date" => "2010-06-02T07:33:50","version" => "0.68"},{"date" => "2010-06-11T00:12:21","version" => "0.69"},{"date" => "2010-06-22T05:13:22","version" => "0.70"},{"date" => "2010-06-22T22:20:27","version" => "0.71"},{"date" => "2010-08-13T01:10:30","version" => "0.72"},{"date" => "2010-09-03T03:48:51","version" => "0.73"},{"date" => "2010-10-14T20:54:08","version" => "0.74_2"},{"date" => "2010-10-18T01:49:41","version" => "0.74"},{"date" => "2010-10-27T23:52:59","version" => "0.75"},{"date" => "2010-11-09T23:46:08","version" => "0.76"},{"date" => "2010-12-08T21:27:13","version" => "0.77"},{"date" => "2010-12-08T23:17:00","version" => "0.78"},{"date" => "2011-01-20T02:01:43","version" => "0.79"},{"date" => "2011-01-27T19:56:34","version" => "0.80"},{"date" => "2011-02-03T03:17:09","version" => "0.81"},{"date" => "2011-02-10T00:02:08","version" => "0.82"},{"date" => "2011-03-10T05:19:08","version" => "0.83"},{"date" => "2011-03-11T01:11:39","version" => "0.84"},{"date" => "2011-03-14T00:55:18","version" => "0.85"},{"date" => "2011-03-14T21:15:08","version" => "0.86"},{"date" => "2011-04-11T00:59:22","version" => "0.87"},{"date" => "2011-04-11T19:19:42","version" => "0.87.1"},{"date" => "2011-04-15T02:12:50","version" => "0.87.2"},{"date" => "2011-04-27T02:43:51","version" => "0.88"},{"date" => "2011-05-20T00:15:55","version" => "0.89"},{"date" => "2011-06-08T23:34:06","version" => "0.90"},{"date" => "2011-06-14T23:35:27","version" => "0.91"},{"date" => "2011-06-28T07:09:46","version" => "0.95"},{"date" => "2011-06-29T21:42:38","version" => "0.96"},{"date" => "2011-07-05T06:35:18","version" => "0.97"},{"date" => "2011-07-08T00:35:18","version" => "0.98"},{"date" => "2011-07-14T03:25:12","version" => "0.99"},{"date" => "2011-07-19T00:14:00","version" => "1.00"},{"date" => "2011-07-20T01:14:39","version" => "1.01"},{"date" => "2011-07-21T05:49:47","version" => "1.02"},{"date" => "2011-07-23T23:23:35","version" => "1.03"},{"date" => "2011-07-29T00:14:06","version" => "1.04"},{"date" => "2011-08-01T02:20:53","version" => "1.05"},{"date" => "2011-08-05T21:36:24","version" => "1.06"},{"date" => "2011-08-07T01:43:31","version" => "1.07"},{"date" => "2011-08-09T00:51:44","version" => "1.08"},{"date" => "2011-08-10T05:13:13","version" => "1.09"},{"date" => "2011-08-10T21:06:42","version" => "1.10"},{"date" => "2011-08-11T22:27:24","version" => "1.11"},{"date" => "2011-08-15T00:58:40","version" => "1.12"},{"date" => "2011-08-19T00:21:11","version" => "1.13"},{"date" => "2011-08-20T22:44:01","version" => "1.14"},{"date" => "2011-08-23T21:43:48","version" => "1.15"},{"date" => "2011-08-26T22:25:28","version" => "1.16"},{"date" => "2011-09-08T22:32:49","version" => "1.17"},{"date" => "2011-09-16T00:00:34","version" => "1.18"},{"date" => "2011-09-28T07:09:24","version" => "1.19"},{"date" => "2011-11-15T01:28:33","version" => "1.20"},{"date" => "2011-12-03T01:49:03","version" => "1.21"},{"date" => "2012-01-05T04:04:10","version" => "1.22"},{"date" => "2012-01-25T20:01:01","version" => "1.23"},{"date" => "2012-02-28T01:03:16","version" => "1.24"},{"date" => "2012-04-18T04:53:06","version" => "1.25"},{"date" => "2012-05-04T04:11:34","version" => "1.26"},{"date" => "2012-07-13T21:59:27","version" => "1.27"},{"date" => "2012-10-12T02:45:37","version" => "1.28"},{"date" => "2012-10-26T21:16:49","version" => "1.29"},{"date" => "2013-01-04T01:33:50","version" => "1.30"},{"date" => "2013-03-28T02:39:54","version" => "1.31"},{"date" => "2014-02-28T16:40:50","version" => "1.32"},{"date" => "2015-01-21T21:14:50","version" => "1.33"},{"date" => "2015-04-03T22:38:32","version" => "1.34"},{"date" => "2015-06-29T02:59:33","version" => "1.35"},{"date" => "2015-12-03T20:48:05","version" => "1.36"},{"date" => "2015-12-04T02:58:35","version" => "1.37"}]},"Email-Address" => {"advisories" => [{"affected_versions" => ["<1.905"],"cves" => ["CVE-2014-0477"],"description" => "Inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.\n","distribution" => "Email-Address","fixed_versions" => [">=1.905"],"id" => "CPANSA-Email-Address-2014-01","references" => ["https://metacpan.org/changes/distribution/Email-Address"],"reported" => "2014-07-03"},{"affected_versions" => ["<1.909"],"cves" => ["CVE-2018-12558"],"description" => "The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters (\"\\f\").\n","distribution" => "Email-Address","fixed_versions" => [">=1.909"],"id" => "CPANSA-Email-Address-2014-01","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873","http://www.openwall.com/lists/oss-security/2018/06/19/3","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00012.html"],"reported" => "2018-06-19"},{"affected_versions" => ["<1.904"],"cves" => ["CVE-2014-4720"],"description" => "Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to \"backtracking into the phrase,\" a different vulnerability than CVE-2014-0477.\n","distribution" => "Email-Address","fixed_versions" => [">=1.904"],"id" => "CPANSA-Email-Address-2014-4720","references" => ["https://github.com/rjbs/Email-Address/blob/master/Changes","http://seclists.org/oss-sec/2014/q2/563"],"reported" => "2014-07-06","severity" => undef}],"main_module" => "Email::Address","versions" => [{"date" => "2004-05-27T03:19:56","version" => "1.1"},{"date" => "2004-06-02T16:35:30","version" => "1.2"},{"date" => "2004-08-16T21:39:58","version" => "1.3"},{"date" => "2004-10-05T18:10:42","version" => "1.5"},{"date" => "2004-10-05T18:20:42","version" => "1.6"},{"date" => "2004-10-13T10:21:17","version" => "1.7"},{"date" => "2004-10-22T16:37:27","version" => "1.80"},{"date" => "2006-07-11T15:04:28","version" => "1.85"},{"date" => "2006-07-22T00:42:17","version" => "1.86"},{"date" => "2006-08-10T16:48:44","version" => "1.870"},{"date" => "2006-10-12T19:35:04","version" => "1.861"},{"date" => "2006-10-12T22:16:28","version" => "1.871"},{"date" => "2006-11-11T16:01:38","version" => "1.880"},{"date" => "2006-11-19T21:19:02","version" => "1.881"},{"date" => "2006-11-22T01:26:44","version" => "1.882"},{"date" => "2006-11-25T13:53:46","version" => "1.883"},{"date" => "2006-12-05T03:41:39","version" => "1.884"},{"date" => "2007-03-01T01:08:16","version" => "1.885"},{"date" => "2007-03-01T20:18:53","version" => "1.886"},{"date" => "2007-04-01T19:15:49","version" => "1.887"},{"date" => "2007-06-23T01:27:24","version" => "1.888"},{"date" => "2007-12-19T22:14:37","version" => "1.889"},{"date" => "2010-08-22T19:03:33","version" => "1.890"},{"date" => "2010-08-31T00:56:53","version" => "1.891"},{"date" => "2010-09-03T23:45:13","version" => "1.892"},{"date" => "2012-01-03T03:55:12","version" => "1.893"},{"date" => "2012-01-14T16:17:56","version" => "1.894"},{"date" => "2012-01-15T18:41:33","version" => "1.895"},{"date" => "2012-08-01T03:07:33","version" => "1.896"},{"date" => "2012-12-17T15:16:33","version" => "1.897"},{"date" => "2013-02-07T21:41:48","version" => "1.898"},{"date" => "2013-08-02T14:54:13","version" => "1.899"},{"date" => "2013-08-08T18:46:07","version" => "1.900"},{"date" => "2014-01-29T03:43:28","version" => "1.901"},{"date" => "2014-04-17T15:19:31","version" => "1.902"},{"date" => "2014-04-18T01:07:10","version" => "1.903"},{"date" => "2014-06-14T04:22:22","version" => "1.904"},{"date" => "2014-06-18T02:55:59","version" => "1.905"},{"date" => "2015-02-03T21:49:39","version" => "1.906"},{"date" => "2015-02-03T22:48:46","version" => "1.907"},{"date" => "2015-09-20T02:55:12","version" => "1.908"},{"date" => "2018-03-05T03:26:56","version" => "1.909"},{"date" => "2018-12-18T02:29:23","version" => "1.910"},{"date" => "2018-12-22T16:31:37","version" => "1.911"},{"date" => "2018-12-31T19:51:36","version" => "1.912"},{"date" => "2023-01-10T00:42:33","version" => "1.913"}]},"Email-MIME" => {"advisories" => [{"affected_versions" => ["<1.954"],"cves" => ["CVE-2024-4140"],"description" => "An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.\n","distribution" => "Email-MIME","fixed_versions" => [">=1.954"],"id" => "CPANSA-Email-MIME-2024-4140","references" => ["https://bugs.debian.org/960062","https://github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2","https://github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8","https://github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531","https://github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2d","https://github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1","https://github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63","https://github.com/rjbs/Email-MIME/issues/66","https://github.com/rjbs/Email-MIME/pull/80","https://www.cve.org/CVERecord?id=CVE-2024-4140"],"reported" => "2024-05-02","severity" => undef}],"main_module" => "Email::MIME","versions" => [{"date" => "2004-01-23T12:04:54","version" => "1.0_01"},{"date" => "2004-03-24T16:01:33","version" => "1.1"},{"date" => "2004-04-02T08:52:35","version" => "1.2"},{"date" => "2004-04-05T16:27:42","version" => "1.3"},{"date" => "2004-07-01T17:38:00","version" => "1.4"},{"date" => "2004-07-01T17:40:06","version" => "1.5"},{"date" => "2004-07-04T20:17:06","version" => "1.6"},{"date" => "2004-07-05T21:56:19","version" => "1.7"},{"date" => "2004-08-25T09:58:28","version" => "1.8"},{"date" => "2004-10-30T00:19:03","version" => "1.81"},{"date" => "2004-11-18T01:02:46","version" => "1.82"},{"date" => "2006-07-13T12:09:00","version" => "1.85"},{"date" => "2006-08-22T12:15:01","version" => "1.851"},{"date" => "2006-09-06T03:22:24","version" => "1.852"},{"date" => "2006-10-12T19:23:59","version" => "1.853"},{"date" => "2006-10-15T12:57:06","version" => "1.854"},{"date" => "2006-10-19T19:26:56","version" => "1.855"},{"date" => "2006-11-28T01:54:55","version" => "1.856"},{"date" => "2006-11-28T02:45:42","version" => "1.857"},{"date" => "2007-02-10T03:53:13","version" => "1.858"},{"date" => "2007-03-21T02:13:51","version" => "1.859"},{"date" => "2007-07-14T02:17:11","version" => "1.860"},{"date" => "2007-11-06T02:03:23","version" => "1.861"},{"date" => "2008-09-08T22:24:06","version" => "1.861_01"},{"date" => "2009-01-24T03:09:24","version" => "1.862"},{"date" => "2009-01-30T13:35:20","version" => "1.863"},{"date" => "2009-11-03T20:49:02","version" => "1.900"},{"date" => "2009-11-05T19:29:16","version" => "1.901"},{"date" => "2009-11-11T20:53:15","version" => "1.902"},{"date" => "2009-12-23T14:14:45","version" => "1.903"},{"date" => "2010-09-04T22:05:49","version" => "1.904"},{"date" => "2010-09-06T13:25:51","version" => "1.905"},{"date" => "2010-10-08T01:06:33","version" => "1.906"},{"date" => "2011-02-02T22:52:42","version" => "1.907"},{"date" => "2011-06-02T03:16:50","version" => "1.908"},{"date" => "2011-09-08T19:27:38","version" => "1.909"},{"date" => "2011-09-12T16:45:52","version" => "1.910"},{"date" => "2012-07-22T23:12:42","version" => "1.911"},{"date" => "2013-04-08T19:42:09","version" => "1.912_01"},{"date" => "2013-06-17T15:24:37","version" => "1.920"},{"date" => "2013-07-02T02:51:36","version" => "1.921"},{"date" => "2013-07-10T12:45:29","version" => "1.922"},{"date" => "2013-08-09T02:00:30","version" => "1.923"},{"date" => "2013-08-11T03:25:40","version" => "1.924"},{"date" => "2013-11-08T12:02:21","version" => "1.925"},{"date" => "2014-01-29T04:29:29","version" => "1.926"},{"date" => "2014-12-04T15:22:49","version" => "1.927"},{"date" => "2014-12-16T02:49:06","version" => "1.928"},{"date" => "2015-02-17T14:32:33","version" => "1.929"},{"date" => "2015-03-26T03:00:09","version" => "1.930"},{"date" => "2015-07-12T21:32:56","version" => "1.931"},{"date" => "2015-07-25T02:25:32","version" => "1.932"},{"date" => "2015-07-25T13:33:07","version" => "1.933"},{"date" => "2015-08-02T00:35:40","version" => "1.934"},{"date" => "2015-08-31T20:49:57","version" => "1.935"},{"date" => "2015-09-11T02:48:33","version" => "1.936"},{"date" => "2016-01-28T18:33:58","version" => "1.937"},{"date" => "2017-01-02T01:04:29","version" => "1.938"},{"date" => "2017-01-14T19:59:46","version" => "1.939"},{"date" => "2017-01-29T15:34:49","version" => "1.940"},{"date" => "2017-03-05T00:18:30","version" => "1.941"},{"date" => "2017-03-05T13:16:39","version" => "1.942"},{"date" => "2017-06-09T23:01:41","version" => "1.943"},{"date" => "2017-07-25T16:40:42","version" => "1.944"},{"date" => "2017-07-25T18:18:48","version" => "1.945"},{"date" => "2017-08-31T13:31:14","version" => "1.946"},{"date" => "2020-05-09T18:30:39","version" => "1.947"},{"date" => "2020-05-09T19:06:22","version" => "1.948"},{"date" => "2020-05-24T14:27:02","version" => "1.949"},{"date" => "2020-11-03T00:22:52","version" => "1.950"},{"date" => "2021-12-14T14:43:29","version" => "1.951"},{"date" => "2021-12-14T14:58:13","version" => "1.952"},{"date" => "2023-01-09T00:03:49","version" => "1.953"},{"date" => "2024-05-02T21:13:55","version" => "1.954"}]},"Encode" => {"advisories" => [{"affected_versions" => ["<2.85"],"cves" => ["CVE-2016-1238"],"description" => "Loading optional modules from . (current directory).\n","distribution" => "Encode","fixed_versions" => [">=2.85"],"id" => "CPANSA-Encode-2016-01","references" => ["https://metacpan.org/changes/distribution/Encode","https://github.com/dankogai/p5-encode/pull/58/commits/12be15d64ce089154c4367dc1842cd0dc0993ec6"],"reported" => "2016-07-27","severity" => "high"},{"affected_versions" => [">=3.05","<=3.11"],"cves" => ["CVE-2021-36770"],"description" => "Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates \@INC in a scalar context, and thus \@INC has only an integer value.\n","distribution" => "Encode","fixed_versions" => [">3.11"],"id" => "CPANSA-Encode-2021-01","references" => ["https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9","https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74","https://metacpan.org/dist/Encode/changes","https://news.cpanel.com/unscheduled-tsr-10-august-2021/","https://security.netapp.com/advisory/ntap-20210909-0003/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/","https://security-tracker.debian.org/tracker/CVE-2021-36770"],"reported" => "2021-07-17"},{"affected_versions" => ["<2.44"],"cves" => ["CVE-2011-2939"],"description" => "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.\n","distribution" => "Encode","fixed_versions" => [">=2.44"],"id" => "CPANSA-Encode-2011-2939","references" => ["http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5","https://bugzilla.redhat.com/show_bug.cgi?id=731246","http://www.openwall.com/lists/oss-security/2011/08/19/17","http://www.redhat.com/support/errata/RHSA-2011-1424.html","http://www.openwall.com/lists/oss-security/2011/08/18/8","http://secunia.com/advisories/46989","http://www.mandriva.com/security/advisories?name=MDVSA-2012:008","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://www.securityfocus.com/bid/49858","http://secunia.com/advisories/46172","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://secunia.com/advisories/55314","http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)"],"reported" => "2012-01-13","severity" => undef,"x-commit" => "Encode CVE-2011-2939 GitHub #13"}],"main_module" => "Encode","versions" => [{"date" => "2002-03-20T08:30:40","version" => "0.93"},{"date" => "2002-03-20T20:15:52","version" => "0.94"},{"date" => "2002-03-21T16:07:21","version" => "0.95"},{"date" => "2002-03-22T22:33:15","version" => "0.96"},{"date" => "2002-03-23T20:36:05","version" => "0.97"},{"date" => "2002-03-24T16:07:09","version" => "0.98"},{"date" => "2002-03-25T19:45:16","version" => "0.99"},{"date" => "2002-03-28T23:39:49","version" => "1.00"},{"date" => "2002-03-29T21:43:17","version" => "1.01"},{"date" => "2002-03-31T21:40:25","version" => "1.10"},{"date" => "2002-03-31T22:27:07","version" => "1.11"},{"date" => "2002-04-04T20:02:40","version" => "1.20"},{"date" => "2002-04-07T15:36:48","version" => "1.26"},{"date" => "2002-04-07T18:49:41","version" => "1.27"},{"date" => "2002-04-07T19:05:34","version" => "1.28"},{"date" => "2002-04-08T02:49:31","version" => "1.30"},{"date" => "2002-04-08T18:51:14","version" => "1.31"},{"date" => "2002-04-09T20:26:37","version" => "1.32"},{"date" => "2002-04-10T22:44:19","version" => "1.33"},{"date" => "2002-04-14T22:49:10","version" => "1.40"},{"date" => "2002-04-16T23:47:16","version" => "1.41"},{"date" => "2002-04-19T06:18:26","version" => "1.50"},{"date" => "2002-04-20T10:08:39","version" => "1.51"},{"date" => "2002-04-20T23:55:45","version" => "1.52"},{"date" => "2002-04-22T09:56:04","version" => "1.56"},{"date" => "2002-04-22T20:37:12","version" => "1.57"},{"date" => "2002-04-23T00:22:06","version" => "1.58"},{"date" => "2002-04-24T20:23:42","version" => "1.60"},{"date" => "2002-04-26T03:19:40","version" => "1.61"},{"date" => "2002-04-27T11:43:39","version" => "1.62"},{"date" => "2002-04-27T19:52:51","version" => "1.63"},{"date" => "2002-04-29T07:20:38","version" => "1.64"},{"date" => "2002-04-30T16:40:07","version" => "1.65"},{"date" => "2002-05-01T05:51:35","version" => "1.66"},{"date" => "2002-05-02T07:43:35","version" => "1.67"},{"date" => "2002-05-03T12:29:47","version" => "1.68"},{"date" => "2002-05-04T16:50:40","version" => "1.69"},{"date" => "2002-05-06T10:36:39","version" => "1.70"},{"date" => "2002-05-07T16:30:42","version" => "1.71"},{"date" => "2002-05-20T16:04:48","version" => "1.72"},{"date" => "2002-05-28T18:41:36","version" => "1.74"},{"date" => "2002-06-01T18:17:49","version" => "1.75"},{"date" => "2002-08-25T15:18:49","version" => "1.76"},{"date" => "2002-10-06T03:59:19","version" => "1.77"},{"date" => "2002-10-20T15:55:16","version" => "1.78"},{"date" => "2002-10-21T06:11:36","version" => "1.79"},{"date" => "2002-10-21T20:42:56","version" => "1.80"},{"date" => "2002-11-08T18:42:11","version" => "1.81"},{"date" => "2002-11-14T23:17:11","version" => "1.82"},{"date" => "2002-11-18T18:06:47","version" => "1.83"},{"date" => "2003-01-10T12:09:05","version" => "1.84"},{"date" => "2003-01-21T22:23:28","version" => "1.85"},{"date" => "2003-01-22T03:36:42","version" => "1.86"},{"date" => "2003-02-06T02:01:00","version" => "1.87"},{"date" => "2003-02-20T14:46:12","version" => "1.88"},{"date" => "2003-02-28T01:45:53","version" => "1.89"},{"date" => "2003-03-09T17:54:26","version" => "1.90"},{"date" => "2003-03-09T20:12:08","version" => "1.91"},{"date" => "2003-03-31T03:51:31","version" => "1.92"},{"date" => "2003-04-24T17:50:54","version" => "1.93"},{"date" => "2003-05-10T18:31:48","version" => "1.94"},{"date" => "2003-05-21T09:22:43","version" => "1.95"},{"date" => "2003-06-18T09:41:21","version" => "1.96"},{"date" => "2003-07-08T22:01:28","version" => "1.97"},{"date" => "2003-08-25T11:47:32","version" => "1.98"},{"date" => "2003-12-29T02:52:28","version" => "1.99"},{"date" => "2004-05-16T21:05:06","version" => "2.00"},{"date" => "2004-05-25T16:31:35","version" => "2.01"},{"date" => "2004-08-31T11:01:51","version" => "2.02"},{"date" => "2004-10-06T06:50:47","version" => "2.03"},{"date" => "2004-10-16T21:26:58","version" => "2.04"},{"date" => "2004-10-19T05:03:32","version" => "2.05"},{"date" => "2004-10-22T06:29:14","version" => "2.06"},{"date" => "2004-10-22T19:43:19","version" => "2.07"},{"date" => "2004-10-24T13:04:29","version" => "2.08"},{"date" => "2004-12-03T19:21:42","version" => "2.09"},{"date" => "2005-05-16T18:54:53","version" => "2.10"},{"date" => "2005-08-05T11:26:06","version" => "2.11"},{"date" => "2005-09-08T14:23:38","version" => "2.12"},{"date" => "2006-01-15T15:12:01","version" => "2.13"},{"date" => "2006-01-15T15:57:41","version" => "2.14"},{"date" => "2006-04-06T16:01:30","version" => "2.15"},{"date" => "2006-05-03T18:38:44","version" => "2.16"},{"date" => "2006-05-09T17:14:04","version" => "2.17"},{"date" => "2006-06-03T20:34:08","version" => "2.18"},{"date" => "2007-04-06T13:05:52","version" => "2.19"},{"date" => "2007-04-22T15:17:34","version" => "2.20"},{"date" => "2007-05-12T06:50:09","version" => "2.21"},{"date" => "2007-05-29T07:43:07","version" => "2.22"},{"date" => "2007-05-29T18:21:25","version" => "2.23"},{"date" => "2008-03-12T10:12:18","version" => "2.24"},{"date" => "2008-05-07T21:06:08","version" => "2.25"},{"date" => "2008-07-01T21:03:33","version" => "2.26"},{"date" => "2009-01-21T23:01:50","version" => "2.27"},{"date" => "2009-02-01T13:16:44","version" => "2.29"},{"date" => "2009-02-15T17:48:01","version" => "2.30"},{"date" => "2009-02-16T06:25:32","version" => "2.31"},{"date" => "2009-03-07T07:45:00","version" => "2.32"},{"date" => "2009-03-25T08:01:10","version" => "2.33"},{"date" => "2009-07-08T13:53:25","version" => "2.34"},{"date" => "2009-07-13T02:32:45","version" => "2.35"},{"date" => "2009-09-06T09:20:21","version" => "2.36"},{"date" => "2009-09-06T14:37:23","version" => "2.37"},{"date" => "2009-11-16T14:34:43","version" => "2.38"},{"date" => "2009-11-26T09:31:02","version" => "2.39"},{"date" => "2010-09-18T18:47:17","version" => "2.40"},{"date" => "2010-12-23T11:12:33","version" => "2.41"},{"date" => "2010-12-31T22:52:35","version" => "2.42"},{"date" => "2011-05-21T23:21:24","version" => "2.43"},{"date" => "2011-08-09T08:01:30","version" => "2.44"},{"date" => "2012-08-05T23:15:11","version" => "2.45"},{"date" => "2012-08-12T05:52:45","version" => "2.46"},{"date" => "2012-08-15T05:40:21","version" => "2.47"},{"date" => "2013-02-18T02:43:35","version" => "2.48"},{"date" => "2013-03-05T03:19:15","version" => "2.49"},{"date" => "2013-04-26T18:36:59","version" => "2.50"},{"date" => "2013-04-29T22:21:31","version" => "2.51"},{"date" => "2013-08-14T02:33:46","version" => "2.52"},{"date" => "2013-08-29T15:27:02","version" => "2.53"},{"date" => "2013-08-29T16:50:08","version" => "2.54"},{"date" => "2013-09-14T07:58:54","version" => "2.55"},{"date" => "2013-12-22T04:12:07","version" => "2.56"},{"date" => "2014-01-03T04:55:36","version" => "2.57"},{"date" => "2014-03-28T02:41:54","version" => "2.58"},{"date" => "2014-04-06T17:41:19","version" => "2.59"},{"date" => "2014-04-29T16:34:10","version" => "2.60"},{"date" => "2014-05-31T09:55:56","version" => "2.61"},{"date" => "2014-05-31T12:20:28","version" => "2.62"},{"date" => "2014-10-19T07:13:44","version" => "2.63"},{"date" => "2014-10-29T15:42:04","version" => "2.64"},{"date" => "2014-11-27T14:12:57","version" => "2.65"},{"date" => "2014-12-02T23:37:28","version" => "2.66"},{"date" => "2014-12-04T20:28:33","version" => "2.67"},{"date" => "2015-01-22T10:29:46","version" => "2.68"},{"date" => "2015-02-05T10:43:34","version" => "2.69"},{"date" => "2015-02-05T10:56:52","version" => "2.70"},{"date" => "2015-03-12T00:14:19","version" => "2.71"},{"date" => "2015-03-14T02:51:25","version" => "2.72"},{"date" => "2015-04-15T23:27:13","version" => "2.73"},{"date" => "2015-06-25T00:59:20","version" => "2.74"},{"date" => "2015-06-30T10:10:03","version" => "2.75"},{"date" => "2015-07-31T02:26:51","version" => "2.76"},{"date" => "2015-09-15T14:03:35","version" => "2.77"},{"date" => "2015-09-24T02:29:52","version" => "2.78"},{"date" => "2016-01-22T07:08:25","version" => "2.79"},{"date" => "2016-01-25T15:04:42","version" => "2.80"},{"date" => "2016-02-06T19:34:58","version" => "2.81"},{"date" => "2016-02-06T20:21:37","version" => "2.82"},{"date" => "2016-03-24T08:00:30","version" => "2.83"},{"date" => "2016-04-11T07:24:26","version" => "2.84"},{"date" => "2016-08-04T03:37:23","version" => "2.85"},{"date" => "2016-08-10T18:25:39","version" => "2.86"},{"date" => "2016-10-28T05:15:33","version" => "2.87"},{"date" => "2016-11-29T23:38:19","version" => "2.88"},{"date" => "2017-04-21T05:24:59","version" => "2.89"},{"date" => "2017-06-10T17:46:11","version" => "2.90"},{"date" => "2017-06-22T08:18:22","version" => "2.91"},{"date" => "2017-07-18T07:23:39","version" => "2.92"},{"date" => "2017-10-06T22:33:35","version" => "2.93"},{"date" => "2018-01-09T06:04:38","version" => "2.94"},{"date" => "2018-02-08T00:41:02","version" => "2.95"},{"date" => "2018-02-11T05:41:37","version" => "2.96"},{"date" => "2018-02-21T12:30:05","version" => "2.97"},{"date" => "2018-04-22T09:14:59","version" => "2.98"},{"date" => "2019-01-21T03:28:35","version" => "2.99"},{"date" => "2019-01-31T04:42:29","version" => "2.100"},{"date" => "2019-01-31T05:05:06","version" => "3.00"},{"date" => "2019-03-13T00:45:28","version" => "3.01"},{"date" => "2019-12-25T09:47:36","version" => "3.02"},{"date" => "2020-03-02T04:45:26","version" => "3.03"},{"date" => "2020-03-10T22:40:35","version" => "3.04"},{"date" => "2020-03-18T05:03:23","version" => "3.05"},{"date" => "2020-05-02T02:40:38","version" => "3.06"},{"date" => "2020-07-25T13:08:13","version" => "3.07"},{"date" => "2020-12-02T09:20:23","version" => "3.08"},{"date" => "2021-05-14T11:03:11","version" => "3.09"},{"date" => "2021-05-18T07:51:48","version" => "3.10"},{"date" => "2021-07-23T02:41:38","version" => "3.11"},{"date" => "2021-08-09T14:30:33","version" => "3.12"},{"date" => "2021-10-06T00:57:50","version" => "3.13"},{"date" => "2021-10-08T00:35:29","version" => "3.14"},{"date" => "2021-10-08T15:45:44","version" => "3.15"},{"date" => "2021-10-13T08:39:09","version" => "3.16"},{"date" => "2022-04-07T03:18:23","version" => "3.17"},{"date" => "2022-06-25T02:14:35","version" => "3.18"},{"date" => "2022-08-04T04:51:01","version" => "3.19"},{"date" => "2023-11-10T01:26:15","version" => "3.20"},{"date" => "2024-02-25T23:19:43","version" => "3.21"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "0.40"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.9801"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "1.99_01"},{"date" => "2006-08-15T00:00:00","dual_lived" => 1,"perl_release" => "5.009004","version" => "2.18_01"},{"date" => "2012-11-10T00:00:00","dual_lived" => 1,"perl_release" => "5.012005","version" => "2.39_01"},{"date" => "2011-09-26T00:00:00","dual_lived" => 1,"perl_release" => "5.014002","version" => "2.42_01"},{"date" => "2013-03-10T00:00:00","dual_lived" => 1,"perl_release" => "5.014004","version" => "2.42_02"},{"date" => "2013-03-11T00:00:00","dual_lived" => 1,"perl_release" => "5.016003","version" => "2.44_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.72_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "2.80_01"},{"date" => "2022-03-13T00:00:00","dual_lived" => 1,"perl_release" => "5.034001","version" => "3.08_01"}]},"ExtUtils-MakeMaker" => {"advisories" => [{"affected_versions" => ["<7.22"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "ExtUtils-MakeMaker","fixed_versions" => [">=7.22"],"id" => "CPANSA-ExtUtils-MakeMaker-2016-01","references" => ["https://metacpan.org/changes/distribution/ExtUtils-MakeMaker","https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/commit/3e9df17d11c40f2561c23ec79693c8c390e0ae88"],"reported" => "2016-08-07","severity" => "high"}],"main_module" => "ExtUtils::MakeMaker","versions" => [{"date" => "2001-07-06T08:23:56","version" => "5.47_01"},{"date" => "2002-01-16T20:19:18","version" => "5.48_01"},{"date" => "2002-01-18T04:56:33","version" => "5.48_03"},{"date" => "2002-01-22T00:33:31","version" => "5.48_04"},{"date" => "2002-02-04T08:46:04","version" => "5.49_01"},{"date" => "2002-03-05T04:53:40","version" => "5.50_01"},{"date" => "2002-03-25T07:53:14","version" => "5.51_01"},{"date" => "2002-03-26T05:56:07","version" => "5.52_01"},{"date" => "2002-03-31T03:55:52","version" => "5.54_01"},{"date" => "2002-04-05T05:01:52","version" => "5.55_01"},{"date" => "2002-04-06T08:29:20","version" => "5.55_02"},{"date" => "2002-04-07T03:04:18","version" => "5.55_03"},{"date" => "2002-04-11T05:32:04","version" => "5.90_01"},{"date" => "2002-04-24T04:21:44","version" => "5.91_01"},{"date" => "2002-04-30T03:43:53","version" => "5.92_01"},{"date" => "2002-05-06T06:02:08","version" => "5.93_01"},{"date" => "2002-05-17T19:04:41","version" => "5.94_01"},{"date" => "2002-05-17T21:24:13","version" => "5.94_02"},{"date" => "2002-05-18T18:43:02","version" => "5.95_01"},{"date" => "2002-05-23T21:01:02","version" => "5.96_01"},{"date" => "2002-05-26T01:25:25","version" => "6.00"},{"date" => "2002-05-30T19:02:20","version" => "6.01"},{"date" => "2002-06-16T05:41:28","version" => "6.02"},{"date" => "2002-06-19T21:24:32","version" => "6.03"},{"date" => "2002-08-27T01:42:36","version" => "6.04"},{"date" => "2002-08-27T23:24:30","version" => "6.05"},{"date" => "2002-12-19T08:42:01","version" => "6.06_01"},{"date" => "2002-12-24T04:54:53","version" => "6.06_02"},{"date" => "2003-03-30T03:49:59","version" => "6.06_03"},{"date" => "2003-03-31T04:37:55","version" => "6.06_04"},{"date" => "2003-03-31T10:50:00","version" => "6.06_05"},{"date" => "2003-04-07T02:46:10","version" => "6.10_01"},{"date" => "2003-04-07T08:33:23","version" => "6.10_02"},{"date" => "2003-04-11T07:27:36","version" => "6.10_03"},{"date" => "2003-05-23T09:05:27","version" => "6.10_04"},{"date" => "2003-06-07T01:32:29","version" => "6.10_05"},{"date" => "2003-06-07T08:00:14","version" => "6.10_06"},{"date" => "2003-07-05T23:40:34","version" => "6.10_07"},{"date" => "2003-07-22T01:23:46","version" => "6.10_08"},{"date" => "2003-07-28T04:00:19","version" => "6.11"},{"date" => "2003-07-30T05:28:47","version" => "6.12"},{"date" => "2003-07-31T23:51:40","version" => "6.13"},{"date" => "2003-08-03T23:27:51","version" => "6.14"},{"date" => "2003-08-03T23:46:11","version" => "6.15"},{"date" => "2003-08-18T08:43:08","version" => "6.16"},{"date" => "2003-09-15T22:23:01","version" => "6.17"},{"date" => "2003-11-04T04:12:53","version" => "6.18"},{"date" => "2003-11-04T07:03:30","version" => "6.19"},{"date" => "2003-11-06T10:37:47","version" => "6.20"},{"date" => "2003-11-11T08:26:17","version" => "6.21"},{"date" => "2004-04-03T21:33:45","version" => "6.21_03"},{"date" => "2004-11-24T04:06:20","version" => "6.22"},{"date" => "2004-11-26T21:15:45","version" => "6.23"},{"date" => "2004-11-30T20:42:14","version" => "6.24"},{"date" => "2004-12-09T06:00:53","version" => "6.24_01"},{"date" => "2004-12-15T12:05:50","version" => "6.25"},{"date" => "2004-12-18T02:34:56","version" => "6.25_01"},{"date" => "2004-12-20T08:36:56","version" => "6.25_02"},{"date" => "2004-12-21T04:17:27","version" => "6.25_03"},{"date" => "2004-12-21T05:58:10","version" => "6.25_04"},{"date" => "2004-12-22T13:05:53","version" => "6.25_05"},{"date" => "2004-12-26T22:26:26","version" => "6.25_06"},{"date" => "2004-12-31T08:53:31","version" => "6.25_07"},{"date" => "2005-02-08T14:21:17","version" => "6.25_08"},{"date" => "2005-03-12T18:29:26","version" => "6.25_09"},{"date" => "2005-03-14T00:17:26","version" => "6.25_10"},{"date" => "2005-03-15T10:05:07","version" => "6.25_11"},{"date" => "2005-03-19T00:19:47","version" => "6.25_12"},{"date" => "2005-03-22T22:50:34","version" => "6.26"},{"date" => "2005-03-29T05:48:40","version" => "6.26_01"},{"date" => "2005-04-04T23:55:46","version" => "6.27"},{"date" => "2005-04-12T23:23:53","version" => "6.28"},{"date" => "2005-05-19T21:22:00","version" => "6.29"},{"date" => "2005-05-20T23:14:45","version" => "6.30"},{"date" => "2005-08-17T06:59:11","version" => "6.30_01"},{"date" => "2006-09-01T19:07:28","version" => "6.30_02"},{"date" => "2006-09-01T21:06:57","version" => "6.30_03"},{"date" => "2006-09-11T20:20:27","version" => "6.30_04"},{"date" => "2006-10-10T01:04:44","version" => "6.31"},{"date" => "2007-02-21T16:02:09","version" => "6.32"},{"date" => "2007-06-29T22:18:15","version" => "6.33"},{"date" => "2007-06-30T16:10:15","version" => "6.34"},{"date" => "2007-07-02T03:56:25","version" => "6.35"},{"date" => "2007-07-03T08:10:57","version" => "6.36"},{"date" => "2007-11-26T01:10:14","version" => "6.37_01"},{"date" => "2007-11-26T07:35:50","version" => "6.37_02"},{"date" => "2007-11-26T22:18:55","version" => "6.37_03"},{"date" => "2007-11-29T00:04:35","version" => "6.38"},{"date" => "2007-12-06T11:08:15","version" => "6.40"},{"date" => "2007-12-08T01:02:26","version" => "6.42"},{"date" => "2008-01-02T00:09:23","version" => "6.43_01"},{"date" => "2008-02-29T00:08:42","version" => "6.44"},{"date" => "2008-09-06T10:22:44","version" => "6.45_01"},{"date" => "2008-09-07T21:18:05","version" => "6.45_02"},{"date" => "2008-09-27T21:37:54","version" => "6.46"},{"date" => "2008-10-14T16:41:49","version" => "6.47_01"},{"date" => "2008-10-16T23:18:52","version" => "6.47_02"},{"date" => "2008-10-20T18:20:40","version" => "6.48"},{"date" => "2009-02-20T01:11:08","version" => "6.49_01"},{"date" => "2009-03-22T19:30:00","version" => "6.50"},{"date" => "2009-04-10T21:33:29","version" => "6.51_01"},{"date" => "2009-04-14T04:22:58","version" => "6.51_02"},{"date" => "2009-05-24T05:41:35","version" => "6.51_03"},{"date" => "2009-05-24T21:07:28","version" => "6.51_04"},{"date" => "2009-05-30T18:41:35","version" => "6.52"},{"date" => "2009-06-08T02:05:24","version" => "6.53_01"},{"date" => "2009-06-08T02:28:24","version" => "6.53_02"},{"date" => "2009-07-02T21:55:25","version" => "6.53_03"},{"date" => "2009-07-07T23:53:09","version" => "6.54"},{"date" => "2009-07-14T23:02:39","version" => "6.55_01"},{"date" => "2009-08-05T07:40:59","version" => "6.55_02"},{"date" => "2009-12-05T07:09:23","version" => "6.55_03"},{"date" => "2009-12-17T22:06:47","version" => "6.56"},{"date" => "2010-08-24T08:38:36","version" => "6.57_01"},{"date" => "2010-09-07T23:43:49","version" => "6.57_02"},{"date" => "2010-09-08T22:33:36","version" => "6.57_03"},{"date" => "2010-09-09T23:52:37","version" => "6.57_04"},{"date" => "2010-09-11T20:25:23","version" => "6.57_05"},{"date" => "2010-10-06T10:53:43","version" => "6.57_06"},{"date" => "2011-03-25T03:41:39","version" => "6.57_07"},{"date" => "2011-03-27T11:00:41","version" => "6.57_08"},{"date" => "2011-03-28T00:15:59","version" => "6.57_09"},{"date" => "2011-04-04T05:33:46","version" => "6.57_10"},{"date" => "2011-05-20T00:34:23","version" => "6.57_11"},{"date" => "2011-07-06T21:22:27","version" => "6.58"},{"date" => "2011-08-03T20:25:34","version" => "6.58_01"},{"date" => "2011-08-05T13:07:58","version" => "6.59"},{"date" => "2011-09-25T05:23:43","version" => "6.61_01"},{"date" => "2011-10-23T23:48:06","version" => "6.62"},{"date" => "2011-10-24T00:40:49","version" => "6.63_01"},{"date" => "2011-11-02T00:07:43","version" => "6.63_02"},{"date" => "2012-11-02T03:58:40","version" => "6.63_03"},{"date" => "2012-11-22T21:25:35","version" => "6.63_04"},{"date" => "2012-12-17T02:35:20","version" => "6.64"},{"date" => "2013-03-18T23:21:28","version" => "6.65_01"},{"date" => "2013-04-14T09:59:15","version" => "6.65_02"},{"date" => "2013-04-15T12:50:31","version" => "6.65_03"},{"date" => "2013-04-19T17:52:08","version" => "6.66"},{"date" => "2013-04-25T20:08:31","version" => "6.67_01"},{"date" => "2013-06-02T17:31:16","version" => "6.67_02"},{"date" => "2013-06-05T21:09:00","version" => "6.67_03"},{"date" => "2013-06-10T19:25:22","version" => "6.67_04"},{"date" => "2013-06-13T20:55:25","version" => "6.67_05"},{"date" => "2013-06-14T22:35:24","version" => "6.68"},{"date" => "2013-06-20T12:00:00","version" => "6.69_01"},{"date" => "2013-07-02T12:16:23","version" => "6.69_02"},{"date" => "2013-07-09T21:47:07","version" => "6.69_03"},{"date" => "2013-07-10T10:50:08","version" => "6.69_04"},{"date" => "2013-07-11T21:20:53","version" => "6.69_05"},{"date" => "2013-07-12T13:51:50","version" => "6.69_06"},{"date" => "2013-07-16T14:34:32","version" => "6.69_07"},{"date" => "2013-07-16T23:40:44","version" => "6.69_08"},{"date" => "2013-07-21T08:26:44","version" => "6.69_09"},{"date" => "2013-07-23T21:42:47","version" => "6.70"},{"date" => "2013-07-24T08:33:58","version" => "6.71_01"},{"date" => "2013-07-24T17:42:20","version" => "6.72"},{"date" => "2013-07-24T22:53:41","version" => "6.73_01"},{"date" => "2013-07-26T12:34:19","version" => "6.73_02"},{"date" => "2013-07-30T21:12:02","version" => "6.73_03"},{"date" => "2013-08-01T21:41:12","version" => "6.73_04"},{"date" => "2013-08-05T16:45:38","version" => "6.73_05"},{"date" => "2013-08-05T23:52:18","version" => "6.73_06"},{"date" => "2013-08-07T15:09:12","version" => "6.73_07"},{"date" => "2013-08-09T18:52:24","version" => "6.73_08"},{"date" => "2013-08-09T19:00:18","version" => "6.73_09"},{"date" => "2013-08-16T15:43:35","version" => "6.73_10"},{"date" => "2013-08-17T21:57:55","version" => "6.73_11"},{"date" => "2013-08-23T09:52:43","version" => "6.73_12"},{"date" => "2013-08-27T11:45:55","version" => "6.74"},{"date" => "2013-08-29T14:09:22","version" => "6.75_01"},{"date" => "2013-09-01T20:52:29","version" => "6.75_02"},{"date" => "2013-09-02T23:26:56","version" => "6.75_03"},{"date" => "2013-09-05T11:10:20","version" => "6.75_04"},{"date" => "2013-09-06T12:40:59","version" => "6.76"},{"date" => "2013-09-10T14:22:45","version" => "6.77_01"},{"date" => "2013-09-12T20:23:49","version" => "6.77_02"},{"date" => "2013-09-16T11:23:59","version" => "6.77_03"},{"date" => "2013-09-18T18:25:33","version" => "6.77_04"},{"date" => "2013-09-19T13:12:32","version" => "6.77_05"},{"date" => "2013-09-19T14:43:24","version" => "6.77_06"},{"date" => "2013-09-21T08:48:44","version" => "6.77_07"},{"date" => "2013-09-22T17:46:50","version" => "6.77_08"},{"date" => "2013-09-23T12:47:39","version" => "6.78"},{"date" => "2013-10-01T14:01:33","version" => "6.79_01"},{"date" => "2013-10-11T12:01:23","version" => "6.79_02"},{"date" => "2013-10-11T13:00:29","version" => "6.79_03"},{"date" => "2013-10-11T17:59:30","version" => "6.79_04"},{"date" => "2013-10-15T15:08:06","version" => "6.80"},{"date" => "2013-10-16T08:04:29","version" => "6.81_01"},{"date" => "2013-10-17T11:24:19","version" => "6.81_02"},{"date" => "2013-10-24T19:54:34","version" => "6.81_03"},{"date" => "2013-11-01T19:56:13","version" => "6.81_04"},{"date" => "2013-11-02T21:44:06","version" => "6.81_05"},{"date" => "2013-11-04T19:24:38","version" => "6.82"},{"date" => "2013-11-05T11:45:54","version" => "6.83_01"},{"date" => "2013-11-12T11:15:21","version" => "6.83_02"},{"date" => "2013-11-15T09:49:39","version" => "6.83_03"},{"date" => "2013-11-17T11:44:01","version" => "6.83_04"},{"date" => "2013-11-25T22:52:46","version" => "6.83_05"},{"date" => "2013-11-29T21:55:40","version" => "6.83_06"},{"date" => "2013-11-30T15:27:01","version" => "6.84"},{"date" => "2013-12-16T13:18:35","version" => "6.85_01"},{"date" => "2013-12-17T10:17:50","version" => "6.85_02"},{"date" => "2013-12-23T14:59:36","version" => "6.85_03"},{"date" => "2013-12-23T15:02:38","version" => "6.85_04"},{"date" => "2013-12-29T11:28:14","version" => "6.85_05"},{"date" => "2013-12-30T23:18:09","version" => "6.85_06"},{"date" => "2014-01-01T19:00:36","version" => "6.85_07"},{"date" => "2014-01-04T12:21:05","version" => "6.86"},{"date" => "2014-01-12T10:34:38","version" => "6.87_01"},{"date" => "2014-01-18T13:30:15","version" => "6.87_02"},{"date" => "2014-01-19T17:53:19","version" => "6.87_03"},{"date" => "2014-01-26T19:33:34","version" => "6.87_04"},{"date" => "2014-01-28T14:00:44","version" => "6.87_05"},{"date" => "2014-01-31T20:59:13","version" => "6.88"},{"date" => "2014-02-17T16:23:55","version" => "6.89_01"},{"date" => "2014-02-20T20:49:24","version" => "6.90"},{"date" => "2014-03-06T13:52:24","version" => "6.91_01"},{"date" => "2014-03-13T16:34:37","version" => "6.92"},{"date" => "2014-03-24T16:57:01","version" => "6.93_01"},{"date" => "2014-03-25T20:38:21","version" => "6.94"},{"date" => "2014-04-02T20:52:53","version" => "6.95_01"},{"date" => "2014-04-07T14:29:26","version" => "6.95_02"},{"date" => "2014-04-11T21:09:21","version" => "6.96"},{"date" => "2014-04-24T13:29:12","version" => "6.97_01"},{"date" => "2014-04-28T10:55:44","version" => "6.97_02"},{"date" => "2014-04-29T20:41:00","version" => "6.98"},{"date" => "2014-06-03T21:19:42","version" => "6.99_01"},{"date" => "2014-06-05T11:18:25","version" => "6.99_02"},{"date" => "2014-07-04T10:15:23","version" => "6.99_03"},{"date" => "2014-07-12T11:54:35","version" => "6.99_04"},{"date" => "2014-07-22T11:42:12","version" => "6.99_05"},{"date" => "2014-07-28T14:07:14","version" => "6.99_06"},{"date" => "2014-07-30T16:44:02","version" => "6.99_07"},{"date" => "2014-08-18T13:19:18","version" => "6.99_08"},{"date" => "2014-08-28T10:13:30","version" => "6.99_09"},{"date" => "2014-09-04T14:04:55","version" => "6.99_10"},{"date" => "2014-09-08T13:39:46","version" => "6.99_11"},{"date" => "2014-09-11T14:32:19","version" => "6.99_12"},{"date" => "2014-09-15T19:11:34","version" => "6.99_13"},{"date" => "2014-09-19T14:06:14","version" => "6.99_14"},{"date" => "2014-09-21T12:23:58","version" => "6.99_15"},{"date" => "2014-10-02T18:50:08","version" => "6.99_16"},{"date" => "2014-10-12T18:41:24","version" => "6.99_17"},{"date" => "2014-10-20T09:14:39","version" => "6.99_18"},{"date" => "2014-10-22T19:48:56","version" => "7.00"},{"date" => "2014-10-25T12:49:55","version" => "7.01_01"},{"date" => "2014-10-25T16:49:40","version" => "7.01_02"},{"date" => "2014-10-30T19:48:04","version" => "7.01_03"},{"date" => "2014-10-31T10:13:56","version" => "7.01_04"},{"date" => "2014-11-03T12:53:43","version" => "7.01_05"},{"date" => "2014-11-03T20:55:23","version" => "7.01_06"},{"date" => "2014-11-04T19:40:07","version" => "7.01_07"},{"date" => "2014-11-04T20:29:00","version" => "7.01_08"},{"date" => "2014-11-06T21:59:55","version" => "7.01_09"},{"date" => "2014-11-08T10:39:16","version" => "7.02"},{"date" => "2014-11-18T21:47:11","version" => "7.03_01"},{"date" => "2014-11-24T13:26:46","version" => "7.03_02"},{"date" => "2014-11-25T16:43:06","version" => "7.03_03"},{"date" => "2014-11-27T14:42:51","version" => "7.03_04"},{"date" => "2014-11-28T18:32:48","version" => "7.03_05"},{"date" => "2014-12-01T15:37:46","version" => "7.03_06"},{"date" => "2014-12-02T12:56:02","version" => "7.04"},{"date" => "2014-12-06T16:58:07","version" => "7.05_01"},{"date" => "2014-12-15T20:13:08","version" => "7.05_02"},{"date" => "2014-12-24T12:12:00","version" => "7.05_03"},{"date" => "2014-12-24T14:49:46","version" => "7.05_04"},{"date" => "2014-12-31T23:21:05","version" => "7.05_05"},{"date" => "2015-01-08T19:09:29","version" => "7.05_06"},{"date" => "2015-01-09T16:23:43","version" => "7.05_07"},{"date" => "2015-01-20T10:13:21","version" => "7.05_08"},{"date" => "2015-01-23T10:51:30","version" => "7.05_09"},{"date" => "2015-01-26T15:19:01","version" => "7.05_10"},{"date" => "2015-01-31T16:40:19","version" => "7.05_11"},{"date" => "2015-02-07T15:19:11","version" => "7.05_12"},{"date" => "2015-02-18T22:49:29","version" => "7.05_13"},{"date" => "2015-02-20T17:32:55","version" => "7.05_14"},{"date" => "2015-03-05T19:44:02","version" => "7.05_15"},{"date" => "2015-03-09T11:35:12","version" => "7.05_16"},{"date" => "2015-03-24T12:27:52","version" => "7.05_17"},{"date" => "2015-03-27T12:20:03","version" => "7.05_18"},{"date" => "2015-03-27T16:59:34","version" => "7.05_19"},{"date" => "2015-04-04T15:53:36","version" => "7.05_20"},{"date" => "2015-06-13T14:19:26","version" => "7.05_21"},{"date" => "2015-06-14T13:44:56","version" => "7.05_22"},{"date" => "2015-06-24T19:51:24","version" => "7.05_23"},{"date" => "2015-07-01T18:30:38","version" => "7.05_24"},{"date" => "2015-07-07T17:18:36","version" => "7.05_25"},{"date" => "2015-08-04T19:41:25","version" => "7.05_26"},{"date" => "2015-08-05T09:35:40","version" => "7.05_27"},{"date" => "2015-08-19T18:10:20","version" => "7.05_28"},{"date" => "2015-08-24T15:26:22","version" => "7.05_29"},{"date" => "2015-08-31T18:06:48","version" => "7.06"},{"date" => "2015-09-02T11:55:33","version" => "7.07_01"},{"date" => "2015-09-08T19:59:05","version" => "7.08"},{"date" => "2015-09-10T18:55:41","version" => "7.10"},{"date" => "2015-11-12T12:35:03","version" => "7.11_01"},{"date" => "2015-11-21T20:23:22","version" => "7.11_02"},{"date" => "2015-11-25T15:40:06","version" => "7.11_03"},{"date" => "2016-02-15T11:40:55","version" => "7.11_04"},{"date" => "2016-03-19T10:07:11","version" => "7.11_05"},{"date" => "2016-03-29T18:44:47","version" => "7.11_06"},{"date" => "2016-04-19T11:41:10","version" => "7.12"},{"date" => "2016-04-23T16:35:56","version" => "7.13_01"},{"date" => "2016-04-24T13:20:40","version" => "7.14"},{"date" => "2016-04-27T18:27:25","version" => "7.15_01"},{"date" => "2016-04-28T12:15:28","version" => "7.15_02"},{"date" => "2016-05-01T13:29:10","version" => "7.15_03"},{"date" => "2016-05-07T10:28:49","version" => "7.16"},{"date" => "2016-05-09T19:14:54","version" => "7.17_01"},{"date" => "2016-05-09T23:07:33","version" => "7.17_02"},{"date" => "2016-05-11T18:22:21","version" => "7.17_03"},{"date" => "2016-05-23T15:39:08","version" => "7.18"},{"date" => "2016-06-02T14:01:28","version" => "7.19_01"},{"date" => "2016-06-13T09:11:52","version" => "7.19_02"},{"date" => "2016-06-13T13:44:33","version" => "7.19_03"},{"date" => "2016-06-14T11:35:43","version" => "7.19_04"},{"date" => "2016-06-20T14:40:57","version" => "7.19_05"},{"date" => "2016-06-27T12:04:29","version" => "7.19_06"},{"date" => "2016-07-03T14:30:23","version" => "7.19_07"},{"date" => "2016-07-28T12:26:56","version" => "7.19_08"},{"date" => "2016-08-05T08:57:09","version" => "7.20"},{"date" => "2016-08-07T09:54:04","version" => "7.21_01"},{"date" => "2016-08-08T08:42:10","version" => "7.22"},{"date" => "2016-08-19T09:24:06","version" => "7.23_01"},{"date" => "2016-08-20T12:35:27","version" => "7.24"},{"date" => "2017-02-03T15:21:22","version" => "7.25_01"},{"date" => "2017-05-11T11:19:49","version" => "7.25_02"},{"date" => "2017-05-11T17:09:16","version" => "7.25_03"},{"date" => "2017-05-12T12:25:54","version" => "7.25_04"},{"date" => "2017-05-15T09:41:49","version" => "7.25_05"},{"date" => "2017-05-23T19:31:28","version" => "7.25_06"},{"date" => "2017-05-27T20:21:06","version" => "7.26"},{"date" => "2017-05-28T10:50:55","version" => "7.27_01"},{"date" => "2017-05-30T08:56:32","version" => "7.27_02"},{"date" => "2017-05-30T21:26:23","version" => "7.28"},{"date" => "2017-05-31T08:32:44","version" => "7.29_01"},{"date" => "2017-06-11T11:17:55","version" => "7.29_02"},{"date" => "2017-06-12T12:31:08","version" => "7.30"},{"date" => "2017-06-14T15:10:23","version" => "7.31_01"},{"date" => "2017-06-26T13:14:10","version" => "7.31_02"},{"date" => "2017-07-10T09:02:35","version" => "7.31_03"},{"date" => "2017-10-05T12:19:00","version" => "7.31_04"},{"date" => "2017-11-25T09:37:04","version" => "7.31_05"},{"date" => "2018-01-16T13:28:46","version" => "7.31_06"},{"date" => "2018-01-16T16:24:23","version" => "7.31_07"},{"date" => "2018-02-12T12:32:45","version" => "7.31_08"},{"date" => "2018-02-16T20:25:44","version" => "7.32"},{"date" => "2018-02-20T10:44:19","version" => "7.33_01"},{"date" => "2018-02-24T14:05:00","version" => "7.33_02"},{"date" => "2018-02-24T20:21:42","version" => "7.33_03"},{"date" => "2018-03-19T10:51:54","version" => "7.34"},{"date" => "2018-04-19T12:46:01","version" => "7.35_01"},{"date" => "2018-04-24T11:01:35","version" => "7.35_02"},{"date" => "2018-04-27T13:59:23","version" => "7.35_03"},{"date" => "2018-07-09T09:50:43","version" => "7.35_04"},{"date" => "2018-07-10T09:18:31","version" => "7.35_05"},{"date" => "2018-07-19T19:49:08","version" => "7.35_06"},{"date" => "2018-11-23T11:59:44","version" => "7.35_07"},{"date" => "2018-12-06T10:56:33","version" => "7.35_08"},{"date" => "2019-02-18T10:27:00","version" => "7.35_09"},{"date" => "2019-02-20T10:06:48","version" => "7.35_10"},{"date" => "2019-04-25T11:10:29","version" => "7.35_11"},{"date" => "2019-04-27T22:17:58","version" => "7.35_12"},{"date" => "2019-04-28T11:23:25","version" => "7.35_13"},{"date" => "2019-04-28T13:15:57","version" => "7.35_14"},{"date" => "2019-04-28T15:48:41","version" => "7.36"},{"date" => "2019-06-07T10:55:49","version" => "7.37_01"},{"date" => "2019-06-27T10:35:57","version" => "7.37_02"},{"date" => "2019-08-03T12:27:47","version" => "7.37_03"},{"date" => "2019-08-22T14:34:47","version" => "7.37_04"},{"date" => "2019-09-11T09:16:48","version" => "7.38"},{"date" => "2019-09-16T06:54:51","version" => "7.39_01"},{"date" => "2019-11-07T10:03:13","version" => "7.39_02"},{"date" => "2019-11-17T20:12:14","version" => "7.39_03"},{"date" => "2019-11-18T15:20:20","version" => "7.39_04"},{"date" => "2019-11-21T12:10:17","version" => "7.39_05"},{"date" => "2019-12-16T20:02:27","version" => "7.40"},{"date" => "2019-12-16T21:53:56","version" => "7.41_01"},{"date" => "2019-12-17T22:30:33","version" => "7.42"},{"date" => "2020-01-05T13:00:40","version" => "7.43_01"},{"date" => "2020-01-14T16:54:08","version" => "7.44"},{"date" => "2020-05-28T16:58:08","version" => "7.45_01"},{"date" => "2020-06-23T10:14:10","version" => "7.46"},{"date" => "2020-06-26T10:13:17","version" => "7.47_01"},{"date" => "2020-07-07T07:38:50","version" => "7.47_02"},{"date" => "2020-07-08T21:54:35","version" => "7.47_03"},{"date" => "2020-07-28T19:00:26","version" => "7.47_04"},{"date" => "2020-07-31T09:57:33","version" => "7.47_05"},{"date" => "2020-08-01T13:53:05","version" => "7.47_06"},{"date" => "2020-08-03T21:39:02","version" => "7.47_07"},{"date" => "2020-08-31T09:02:22","version" => "7.47_08"},{"date" => "2020-09-14T13:50:45","version" => "7.47_09"},{"date" => "2020-09-15T18:45:02","version" => "7.47_10"},{"date" => "2020-09-20T09:20:24","version" => "7.47_11"},{"date" => "2020-09-30T15:40:12","version" => "7.47_12"},{"date" => "2020-10-04T10:56:39","version" => "7.48"},{"date" => "2020-10-06T17:29:16","version" => "7.49_01"},{"date" => "2020-10-08T12:03:50","version" => "7.49_02"},{"date" => "2020-10-09T20:46:22","version" => "7.49_03"},{"date" => "2020-10-13T18:34:34","version" => "7.49_04"},{"date" => "2020-10-21T18:14:52","version" => "7.50"},{"date" => "2020-11-04T00:05:13","version" => "7.51_01"},{"date" => "2020-11-04T19:51:52","version" => "7.52"},{"date" => "2020-11-10T03:50:49","version" => "7.53_01"},{"date" => "2020-11-12T19:50:41","version" => "7.54"},{"date" => "2020-11-18T18:25:16","version" => "7.55_01"},{"date" => "2020-11-19T20:00:09","version" => "7.56"},{"date" => "2020-12-18T13:45:54","version" => "7.57_01"},{"date" => "2020-12-18T23:07:45","version" => "7.57_02"},{"date" => "2020-12-21T18:31:44","version" => "7.58"},{"date" => "2021-02-02T10:13:35","version" => "7.59_01"},{"date" => "2021-02-17T11:05:23","version" => "7.60"},{"date" => "2021-03-21T15:00:35","version" => "7.61_01"},{"date" => "2021-04-13T18:13:28","version" => "7.62"},{"date" => "2021-05-25T18:00:03","version" => "7.63_01"},{"date" => "2021-06-03T19:05:10","version" => "7.63_02"},{"date" => "2021-06-22T13:53:51","version" => "7.63_03"},{"date" => "2021-06-30T14:30:46","version" => "7.63_04"},{"date" => "2021-08-14T08:19:32","version" => "7.63_05"},{"date" => "2021-11-03T01:44:47","version" => "7.63_06"},{"date" => "2021-11-27T11:51:29","version" => "7.63_07"},{"date" => "2021-11-27T17:31:21","version" => "7.63_08"},{"date" => "2021-12-08T22:35:25","version" => "7.63_09"},{"date" => "2021-12-13T16:54:00","version" => "7.63_10"},{"date" => "2021-12-14T17:00:18","version" => "7.63_11"},{"date" => "2021-12-17T19:24:34","version" => "7.64"},{"date" => "2022-05-30T10:07:14","version" => "7.65_01"},{"date" => "2022-07-22T13:01:08","version" => "7.65_02"},{"date" => "2022-12-24T00:32:29","version" => "7.65_03"},{"date" => "2022-12-25T09:06:33","version" => "7.66"},{"date" => "2023-03-01T13:47:08","version" => "7.67_01"},{"date" => "2023-03-06T11:17:11","version" => "7.67_02"},{"date" => "2023-03-14T21:41:23","version" => "7.68"},{"date" => "2023-03-25T11:45:00","version" => "7.69_01"},{"date" => "2023-03-26T13:29:08","version" => "7.70"},{"date" => "2024-06-24T19:34:30","version" => "7.71_01"},{"date" => "2024-11-22T19:08:50","version" => "7.71_02"},{"date" => "2025-02-19T01:40:18","version" => "7.71_03"},{"date" => "2025-02-24T15:29:06","version" => "7.71_04"},{"date" => "2025-02-28T18:43:37","version" => "7.71_05"},{"date" => "2025-03-03T16:59:13","version" => "7.71_06"},{"date" => "2025-03-05T21:46:33","version" => "7.71_07"},{"date" => "2025-03-08T23:59:14","version" => "7.71_08"},{"date" => "2025-03-14T11:11:41","version" => "7.72"},{"date" => "2025-03-30T10:57:25","version" => "7.73_01"},{"date" => "2025-04-09T12:39:45","version" => "7.74"},{"date" => "2025-05-23T14:13:25","version" => "7.75_01"},{"date" => "2025-05-23T19:17:36","version" => "7.76"},{"date" => "2025-07-28T18:05:55","version" => "7.77_01"},{"date" => "2025-08-20T11:28:18","version" => "7.77_02"},{"date" => "2026-03-02T17:45:14","version" => "7.77_03"},{"date" => "2026-03-03T20:35:04","version" => "7.78"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "5.21"},{"date" => "1996-10-10T00:00:00","dual_lived" => 1,"perl_release" => "5.00307","version" => "5.38"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "5.4002"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "5.42"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "5.4301"},{"date" => "1999-03-28T00:00:00","dual_lived" => 1,"perl_release" => "5.00503","version" => "5.4302"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006000","version" => "5.45"},{"date" => "2004-03-16T00:00:00","dual_lived" => 1,"perl_release" => "5.009001","version" => "6.21_02"},{"date" => "2010-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013000","version" => "6.5601"},{"date" => "2015-06-01T00:00:00","dual_lived" => 1,"perl_release" => "5.022000","version" => "7.04_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "7.04_02"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "7.10_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "7.10_02"}]},"ExtUtils-ParseXS" => {"advisories" => [{"affected_versions" => ["<3.35"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.","distribution" => "ExtUtils-ParseXS","fixed_versions" => [">=3.35"],"id" => "CPANSA-ExtUtils-ParseXS-2016-1238","references" => ["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "ExtUtils::ParseXS","versions" => [{"date" => "2002-12-09T00:53:36","version" => "1.98_01"},{"date" => "2003-02-05T18:22:19","version" => "1.99"},{"date" => "2003-02-23T22:45:04","version" => "2.00"},{"date" => "2003-03-20T15:25:07","version" => "2.01"},{"date" => "2003-03-31T00:25:32","version" => "2.02"},{"date" => "2003-08-16T22:57:00","version" => "2.03"},{"date" => "2003-09-04T18:14:59","version" => "2.04"},{"date" => "2003-09-29T15:35:39","version" => "2.05"},{"date" => "2003-12-26T15:05:42","version" => "2.06"},{"date" => "2004-01-25T23:04:13","version" => "2.07"},{"date" => "2004-02-21T03:46:57","version" => "2.08"},{"date" => "2005-03-27T17:18:20","version" => "2.09"},{"date" => "2005-05-31T02:37:25","version" => "2.10"},{"date" => "2005-06-14T04:04:10","version" => "2.11"},{"date" => "2005-08-25T01:07:16","version" => "2.12"},{"date" => "2005-10-04T03:02:19","version" => "2.13"},{"date" => "2005-10-09T01:52:46","version" => "2.14"},{"date" => "2005-10-10T15:09:54","version" => "2.15"},{"date" => "2006-09-16T03:35:22","version" => "2.16"},{"date" => "2006-11-20T23:08:18","version" => "2.17"},{"date" => "2007-01-30T02:58:43","version" => "2.18"},{"date" => "2008-02-17T20:29:31","version" => "2.19"},{"date" => "2008-08-07T03:20:09","version" => "2.19_02"},{"date" => "2009-06-28T03:01:41","version" => "2.19_03"},{"date" => "2009-06-29T15:51:33","version" => "2.19_04"},{"date" => "2009-07-01T17:49:20","version" => "2.20"},{"date" => "2009-07-08T16:47:56","version" => "2.20_01"},{"date" => "2009-07-18T21:23:28","version" => "2.2002"},{"date" => "2009-07-24T03:16:46","version" => "2.20_03"},{"date" => "2009-08-10T15:44:42","version" => "2.20_04"},{"date" => "2009-08-23T01:50:17","version" => "2.20_05"},{"date" => "2009-09-15T02:36:48","version" => "2.200401"},{"date" => "2009-10-02T05:28:52","version" => "2.200402"},{"date" => "2009-10-02T06:06:00","version" => "2.200403"},{"date" => "2009-10-03T03:49:34","version" => "2.20_06"},{"date" => "2009-10-03T15:28:29","version" => "2.20_07"},{"date" => "2009-10-05T15:25:07","version" => "2.21"},{"date" => "2009-12-19T12:43:55","version" => "2.21_01"},{"date" => "2009-12-19T15:58:28","version" => "2.21_02"},{"date" => "2010-01-11T20:03:31","version" => "2.22"},{"date" => "2010-01-25T21:14:41","version" => "2.2201"},{"date" => "2010-01-27T20:07:51","version" => "2.2202"},{"date" => "2010-02-11T19:04:49","version" => "2.2203"},{"date" => "2010-03-10T19:27:43","version" => "2.2204"},{"date" => "2010-03-10T23:17:47","version" => "2.2205"},{"date" => "2010-07-04T19:53:47","version" => "2.2206"},{"date" => "2011-07-12T20:42:45","version" => "3.00_01"},{"date" => "2011-07-14T13:21:26","version" => "3.00_02"},{"date" => "2011-07-23T15:09:23","version" => "3.00_03"},{"date" => "2011-07-27T20:24:26","version" => "3.00_04"},{"date" => "2011-07-27T20:57:56","version" => "3.00_05"},{"date" => "2011-08-04T16:06:39","version" => "3.01"},{"date" => "2011-08-04T18:09:18","version" => "3.02"},{"date" => "2011-08-11T06:25:52","version" => "3.03"},{"date" => "2011-08-21T11:40:28","version" => "3.03_02"},{"date" => "2011-08-24T17:51:31","version" => "3.03_03"},{"date" => "2011-08-25T06:33:30","version" => "3.04"},{"date" => "2011-08-28T15:57:42","version" => "3.04_01"},{"date" => "2011-09-03T13:31:37","version" => "3.04_02"},{"date" => "2011-09-04T16:55:05","version" => "3.04_03"},{"date" => "2011-09-12T06:28:10","version" => "3.04_04"},{"date" => "2011-10-05T06:18:44","version" => "3.05"},{"date" => "2011-12-07T07:35:08","version" => "3.06"},{"date" => "2011-12-07T13:15:12","version" => "3.07"},{"date" => "2011-12-19T17:10:40","version" => "3.08"},{"date" => "2011-12-28T18:05:57","version" => "3.09"},{"date" => "2011-12-29T17:00:16","version" => "3.11"},{"date" => "2012-01-28T12:07:45","version" => "3.13_01"},{"date" => "2012-02-01T17:51:52","version" => "3.14"},{"date" => "2012-02-02T07:15:27","version" => "3.15"},{"date" => "2012-11-19T06:42:48","version" => "3.18"},{"date" => "2013-04-11T18:19:45","version" => "3.18_01"},{"date" => "2013-04-15T05:41:18","version" => "3.18_02"},{"date" => "2013-04-19T16:47:41","version" => "3.18_03"},{"date" => "2013-06-20T15:51:15","version" => "3.18_04"},{"date" => "2013-08-09T17:14:04","version" => "3.21"},{"date" => "2013-08-29T17:31:29","version" => "3.22"},{"date" => "2014-03-07T09:35:16","version" => "3.24"},{"date" => "2015-08-10T08:49:21","version" => "3.29_01"},{"date" => "2015-08-31T08:44:00","version" => "3.30"},{"date" => "2017-07-31T15:52:17","version" => "3.35"},{"date" => "2017-12-18T12:31:00","version" => "3.36_03"},{"date" => "2021-04-17T17:48:59","version" => "3.43_02"},{"date" => "2022-01-06T23:02:34","version" => "3.44"},{"date" => "2023-09-02T13:28:52","version" => "3.51"},{"date" => "2025-05-02T15:03:49","version" => "3.52"},{"date" => "2025-05-02T15:06:38","version" => "3.53"},{"date" => "2025-05-02T15:17:11","version" => "3.54"},{"date" => "2025-05-02T15:38:05","version" => "3.55"},{"date" => "2025-05-02T15:40:54","version" => "3.56"},{"date" => "2025-05-02T15:45:00","version" => "3.57"},{"date" => "2025-07-20T19:24:38","version" => "3.58"},{"date" => "2025-09-05T13:37:50","version" => "3.59"},{"date" => "2025-09-26T22:20:43","version" => "3.60"},{"date" => "2026-01-09T17:11:34","version" => "3.61"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "2.15_02"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.01","version" => "2.18_02"},{"date" => "2010-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013004","version" => "2.2207"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "2.2208"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "2.2209"},{"date" => "2011-05-14T00:00:00","dual_lived" => 1,"perl_release" => "5.014000","version" => "2.2210"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "3.03_01"},{"date" => "2012-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015007","version" => "3.12"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "3.16"},{"date" => "2012-05-26T00:00:00","dual_lived" => 1,"perl_release" => "5.017","version" => "3.17"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "3.19"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "3.23"},{"date" => "2014-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021001","version" => "3.25"},{"date" => "2014-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021006","version" => "3.26"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "3.27"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "3.28"},{"date" => "2015-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023002","version" => "3.29"},{"date" => "2016-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023007","version" => "3.31"},{"date" => "2016-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025002","version" => "3.32"},{"date" => "2016-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025003","version" => "3.33"},{"date" => "2017-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025011","version" => "3.34"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "3.36"},{"date" => "2018-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027009","version" => "3.38"},{"date" => "2018-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02701","version" => "3.39"},{"date" => "2018-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.029006","version" => "3.40"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "3.41"},{"date" => "2020-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033005","version" => "3.42"},{"date" => "2021-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033009","version" => "3.43"},{"date" => "2022-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035010","version" => "3.45"},{"date" => "2022-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037004","version" => "3.46"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.48"},{"date" => "2022-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037007","version" => "3.49"},{"date" => "2023-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037011","version" => "3.50"}]},"FCGI" => {"advisories" => [{"affected_versions" => ["<0.74"],"cves" => ["CVE-2011-2766"],"description" => "Leaking information across requests when using the deprecated and undocumented old FCGI interface.\n","distribution" => "FCGI","fixed_versions" => [">=0.74"],"id" => "CPANSA-FCGI-2011-01","references" => ["https://metacpan.org/changes/distribution/FCGI","https://github.com/perl-catalyst/FCGI/commit/297693dc8362d25bb25e473899c72508a0f71d2e"],"reported" => "2011-09-24"},{"affected_versions" => [">=0.44"],"cves" => ["CVE-2025-40907"],"description" => "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.  The included FastCGI library is affected by  CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.","distribution" => "FCGI","fixed_versions" => [],"id" => "CPANSA-FCGI-2025-40907","references" => ["http://www.openwall.com/lists/oss-security/2025/04/23/4","https://github.com/FastCGI-Archives/fcgi2/issues/67","https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5","https://github.com/perl-catalyst/FCGI/issues/14","https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch","https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library"],"reported" => "2025-05-16","severity" => undef}],"main_module" => "FCGI","versions" => [{"date" => "1996-09-25T17:48:57","version" => "0.25"},{"date" => "1996-10-15T21:51:06","version" => "0.26"},{"date" => "1997-02-20T08:55:44","version" => "0.27"},{"date" => "1997-02-25T07:14:13","version" => "0.28"},{"date" => "1997-06-10T18:16:17","version" => "0.29"},{"date" => "1997-06-24T17:17:05","version" => "0.30"},{"date" => "1997-07-24T11:05:43","version" => "0.31"},{"date" => "1998-06-17T10:24:17","version" => "0.34"},{"date" => "1998-06-22T15:38:51","version" => "0.35"},{"date" => "1998-06-24T19:42:57","version" => "0.36"},{"date" => "1998-06-27T16:08:39","version" => "0.37"},{"date" => "1998-07-15T15:24:00","version" => "0.40"},{"date" => "1998-07-29T16:05:51","version" => "0.41"},{"date" => "1998-08-28T15:30:49","version" => "0.42"},{"date" => "1998-12-22T22:34:14","version" => "0.43"},{"date" => "1998-12-23T11:28:39","version" => "0.44"},{"date" => "1999-03-08T17:04:02","version" => "0.45"},{"date" => "1999-07-30T08:26:31","version" => "0.46"},{"date" => "1999-07-31T21:58:01","version" => "0.47"},{"date" => "1999-08-27T13:41:54","version" => "0.48"},{"date" => "2000-04-09T18:58:32","version" => "0.49"},{"date" => "2000-04-10T07:04:43","version" => "0.50"},{"date" => "2000-04-12T12:27:09","version" => "0.51"},{"date" => "2000-04-12T14:10:02","version" => "0.52"},{"date" => "2000-07-10T10:01:51","version" => "0.53"},{"date" => "2000-10-08T19:52:29","version" => "0.54"},{"date" => "2000-10-18T21:22:46","version" => "0.55"},{"date" => "2000-11-03T15:44:28","version" => "0.56"},{"date" => "2000-11-12T15:15:01","version" => "0.57"},{"date" => "2000-11-14T23:20:24","version" => "0.58"},{"date" => "2000-12-31T22:05:44","version" => "0.59"},{"date" => "2001-06-08T15:19:08","version" => "0.60"},{"date" => "2001-09-20T12:34:13","version" => "0.61"},{"date" => "2001-09-21T16:19:42","version" => "0.62"},{"date" => "2001-09-24T20:43:48","version" => "0.63"},{"date" => "2001-09-25T08:26:24","version" => "0.64"},{"date" => "2002-02-19T14:16:27","version" => "0.65"},{"date" => "2002-09-05T16:23:07","version" => "0.66"},{"date" => "2002-12-23T10:21:36","version" => "0.67"},{"date" => "2009-12-20T21:05:48","version" => "0.67_01"},{"date" => "2010-01-06T10:07:05","version" => "0.68"},{"date" => "2010-01-10T01:35:11","version" => "0.68_01"},{"date" => "2010-01-13T19:25:40","version" => "0.68_02"},{"date" => "2010-02-15T23:08:12","version" => "0.69"},{"date" => "2010-03-22T14:35:03","version" => "0.70"},{"date" => "2010-04-01T00:55:33","version" => "0.71"},{"date" => "2010-08-24T21:32:56","version" => "0.71_01"},{"date" => "2011-04-28T08:50:09","version" => "0.71_02"},{"date" => "2011-04-28T09:05:42","version" => "0.71_03"},{"date" => "2011-05-19T09:06:02","version" => "0.72"},{"date" => "2011-05-28T01:35:17","version" => "0.73"},{"date" => "2011-09-24T08:31:47","version" => "0.74"},{"date" => "2014-07-17T00:19:02","version" => "0.75"},{"date" => "2014-08-05T01:29:06","version" => "0.76"},{"date" => "2014-08-05T15:53:28","version" => "0.77"},{"date" => "2016-03-07T00:08:23","version" => "0.78"},{"date" => "2019-12-14T18:29:19","version" => "0.79"},{"date" => "2021-07-25T04:54:49","version" => "0.80"},{"date" => "2021-07-30T23:19:01","version" => "0.81"},{"date" => "2021-07-31T03:26:34","version" => "0.82"}]},"Fake-Encode" => {"advisories" => [{"affected_versions" => ["<0.08"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "Fake-Encode","fixed_versions" => [">=0.08"],"id" => "CPANSA-Fake-Encode-2017-01","references" => ["https://metacpan.org/changes/distribution/Fake-Encode"],"reported" => "2017-01-23"}],"main_module" => "Fake::Encode","versions" => [{"date" => "2016-05-31T14:11:49","version" => "0.01"},{"date" => "2017-01-23T12:34:23","version" => "0.02"},{"date" => "2017-01-25T15:52:13","version" => "0.03"},{"date" => "2017-01-26T15:17:01","version" => "0.04"},{"date" => "2017-03-06T16:01:40","version" => "0.05"},{"date" => "2017-09-08T17:54:14","version" => "0.06"},{"date" => "2017-09-09T15:27:50","version" => "0.07"},{"date" => "2018-02-03T14:50:49","version" => "0.08"},{"date" => "2018-02-19T12:21:04","version" => "0.09"},{"date" => "2019-07-11T16:26:06","version" => "0.10"},{"date" => "2023-03-25T02:26:13","version" => "0.11"}]},"Fake-Our" => {"advisories" => [{"affected_versions" => ["<0.06"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "Fake-Our","fixed_versions" => [">=0.06"],"id" => "CPANSA-Fake-Our-2017-01","references" => ["https://metacpan.org/changes/distribution/Fake-Our"],"reported" => "2017-01-23"}],"main_module" => "Fake::Our","versions" => [{"date" => "2014-02-09T05:36:09","version" => "0.01"},{"date" => "2014-08-06T17:33:15","version" => "0.02"},{"date" => "2014-08-09T02:35:25","version" => "0.03"},{"date" => "2014-08-10T15:33:58","version" => "0.04"},{"date" => "2015-06-21T04:09:47","version" => "0.05"},{"date" => "2017-01-23T12:34:34","version" => "0.06"},{"date" => "2017-01-26T15:21:45","version" => "0.07"},{"date" => "2017-01-27T15:18:56","version" => "0.08"},{"date" => "2017-01-28T15:07:50","version" => "0.09"},{"date" => "2017-03-06T16:01:51","version" => "0.10"},{"date" => "2018-02-03T11:05:49","version" => "0.11"},{"date" => "2018-02-16T17:54:00","version" => "0.12"},{"date" => "2018-02-17T01:35:58","version" => "0.13"},{"date" => "2018-02-18T15:32:17","version" => "0.14"},{"date" => "2019-07-11T16:27:42","version" => "0.15"},{"date" => "2019-07-14T00:51:24","version" => "0.16"},{"date" => "2023-03-25T02:32:44","version" => "0.17"}]},"File-DataClass" => {"advisories" => [{"affected_versions" => ["<0.72.1"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "File-DataClass","fixed_versions" => [">=0.72.1"],"id" => "CPANSA-File-DataClass-2017-01","references" => ["https://metacpan.org/changes/distribution/File-DataClass"],"reported" => "2017-04-01"}],"main_module" => "File::DataClass","versions" => [{"date" => "2010-09-29T16:37:04","version" => "0.1.228"},{"date" => "2010-10-06T14:20:31","version" => "0.2.234"},{"date" => "2011-01-26T18:14:50","version" => "0.3.238"},{"date" => "2011-02-27T23:09:38","version" => "0.3.239"},{"date" => "2011-04-12T19:44:59","version" => "0.3.259"},{"date" => "2011-05-15T17:45:09","version" => "0.4.268"},{"date" => "2011-05-30T01:47:40","version" => "0.5.271"},{"date" => "2011-07-11T13:39:10","version" => "0.6.286"},{"date" => "2011-11-30T00:05:18","version" => "0.7.321"},{"date" => "2011-12-02T04:40:20","version" => "0.7.325"},{"date" => "2011-12-02T22:39:25","version" => "0.7.326"},{"date" => "2011-12-03T18:43:58","version" => "0.7.328"},{"date" => "2012-02-22T18:28:29","version" => "0.7.330"},{"date" => "2012-02-23T11:00:24","version" => "0.7.331"},{"date" => "2012-02-24T10:52:18","version" => "0.7.332"},{"date" => "2012-03-12T17:34:58","version" => "0.7.335"},{"date" => "2012-03-20T18:24:26","version" => "0.7.336"},{"date" => "2012-03-21T22:43:50","version" => "0.7.338"},{"date" => "2012-03-22T13:48:59","version" => "0.7.339"},{"date" => "2012-03-24T00:37:31","version" => "0.7.343"},{"date" => "2012-03-28T23:58:41","version" => "0.8.351"},{"date" => "2012-03-29T22:05:21","version" => "0.8.355"},{"date" => "2012-04-03T00:26:12","version" => "0.8.357"},{"date" => "2012-04-04T15:19:03","version" => "0.8.360"},{"date" => "2012-04-17T18:57:01","version" => "0.9.368"},{"date" => "2012-05-19T21:05:56","version" => "0.10.380"},{"date" => "2012-07-10T00:34:23","version" => "0.11.401"},{"date" => "2012-09-02T13:43:37","version" => "0.12.406"},{"date" => "2012-09-06T14:02:06","version" => "0.12.409"},{"date" => "2012-11-07T07:49:39","version" => "0.13.416"},{"date" => "2012-11-13T20:16:27","version" => "0.13.418"},{"date" => "2012-12-12T23:25:16","version" => "0.13.420"},{"date" => "2012-12-14T17:58:08","version" => "0.13.421"},{"date" => "2012-12-19T22:23:08","version" => "0.13.422"},{"date" => "2012-12-21T20:48:41","version" => "0.13.424"},{"date" => "2012-12-30T03:05:28","version" => "0.13.427"},{"date" => "2013-01-07T00:52:48","version" => "0.14.429"},{"date" => "2013-04-01T01:14:44","version" => "0.15.431"},{"date" => "2013-04-02T14:21:13","version" => "0.15.434"},{"date" => "2013-04-14T16:15:55","version" => "v0.16.438"},{"date" => "2013-04-15T20:42:56","version" => "v0.16.442"},{"date" => "2013-04-24T03:47:54","version" => "v0.16.445"},{"date" => "2013-04-29T17:12:37","version" => "v0.17.450"},{"date" => "2013-04-30T22:15:36","version" => "v0.18.6"},{"date" => "2013-05-02T14:14:57","version" => "v0.19.1"},{"date" => "2013-05-07T23:33:06","version" => "v0.20.6"},{"date" => "2013-05-10T14:58:03","version" => "v0.20.7"},{"date" => "2013-05-14T13:32:28","version" => "v0.20.8"},{"date" => "2013-05-15T20:03:34","version" => "v0.20.9"},{"date" => "2013-05-16T00:11:50","version" => "v0.20.10"},{"date" => "2013-05-17T16:07:41","version" => "v0.20.12"},{"date" => "2013-06-08T13:26:40","version" => "v0.20.13"},{"date" => "2013-07-28T17:41:14","version" => "v0.22.1"},{"date" => "2013-07-29T11:39:49","version" => "v0.22.2"},{"date" => "2013-07-29T11:46:28","version" => "v0.22.3"},{"date" => "2013-07-29T18:37:14","version" => "v0.22.4"},{"date" => "2013-07-30T10:19:23","version" => "v0.22.5"},{"date" => "2013-07-30T16:25:59","version" => "v0.22.7"},{"date" => "2013-07-31T09:54:30","version" => "v0.22.8"},{"date" => "2013-08-02T19:06:49","version" => "v0.22.9"},{"date" => "2013-08-06T17:19:31","version" => "v0.23.1"},{"date" => "2013-08-07T13:14:13","version" => "v0.23.2"},{"date" => "2013-08-13T18:01:24","version" => "0.24.1"},{"date" => "2013-08-16T22:49:23","version" => "0.24.3"},{"date" => "2013-09-03T13:11:17","version" => "0.25.1"},{"date" => "2013-09-26T16:04:18","version" => "0.26.1"},{"date" => "2013-11-22T09:42:00","version" => "0.27.1"},{"date" => "2014-01-01T15:02:23","version" => "0.28.1"},{"date" => "2014-01-01T17:03:18","version" => "0.29.1"},{"date" => "2014-01-02T02:33:28","version" => "0.30.1"},{"date" => "2014-01-13T18:41:29","version" => "0.31.1"},{"date" => "2014-01-24T20:56:21","version" => "0.33.1"},{"date" => "2014-04-04T10:52:59","version" => "0.34.1"},{"date" => "2014-05-01T14:40:32","version" => "0.35.1"},{"date" => "2014-05-13T10:03:54","version" => "0.36.1"},{"date" => "2014-05-13T21:08:07","version" => "0.37.1"},{"date" => "2014-05-15T00:11:43","version" => "0.38.1"},{"date" => "2014-05-16T08:19:01","version" => "0.39.1"},{"date" => "2014-05-22T09:37:34","version" => "0.40.1"},{"date" => "2014-05-22T14:10:49","version" => "0.40.2"},{"date" => "2014-05-28T10:28:42","version" => "0.41.1"},{"date" => "2014-07-03T23:27:53","version" => "0.42.1"},{"date" => "2014-07-04T09:25:10","version" => "0.42.2"},{"date" => "2014-07-04T12:19:02","version" => "0.43.1"},{"date" => "2014-07-16T12:39:03","version" => "0.44.1"},{"date" => "2014-08-18T23:00:05","version" => "0.45.1"},{"date" => "2014-08-26T12:43:14","version" => "0.45.5"},{"date" => "2014-08-26T16:41:35","version" => "0.46.1"},{"date" => "2014-08-27T16:17:50","version" => "0.47.1"},{"date" => "2014-09-03T22:25:51","version" => "0.48.1"},{"date" => "2014-10-02T17:39:13","version" => "0.48.3"},{"date" => "2014-10-02T19:59:28","version" => "0.49.1"},{"date" => "2014-11-07T18:51:52","version" => "0.50.1"},{"date" => "2014-11-08T21:45:45","version" => "0.50.2"},{"date" => "2014-11-09T13:19:50","version" => "0.50.3"},{"date" => "2014-11-09T15:52:41","version" => "0.51.1"},{"date" => "2014-11-10T12:44:49","version" => "0.52.1"},{"date" => "2014-12-19T11:49:49","version" => "0.53.1"},{"date" => "2014-12-19T22:54:41","version" => "0.54.1"},{"date" => "2015-02-05T00:04:33","version" => "0.55.1"},{"date" => "2015-03-19T14:59:03","version" => "0.56.1"},{"date" => "2015-04-04T20:00:58","version" => "0.57.1"},{"date" => "2015-04-04T20:16:31","version" => "0.58.1"},{"date" => "2015-04-05T17:58:31","version" => "0.59.1"},{"date" => "2015-04-08T23:10:28","version" => "0.60.1"},{"date" => "2015-05-11T12:15:05","version" => "0.61.1"},{"date" => "2015-05-24T11:52:28","version" => "0.62.1"},{"date" => "2015-06-21T21:42:17","version" => "0.63.1"},{"date" => "2015-08-29T08:58:54","version" => "0.66.1"},{"date" => "2016-02-01T00:18:43","version" => "0.67.1"},{"date" => "2016-02-01T14:33:11","version" => "0.68.1"},{"date" => "2016-07-05T00:36:52","version" => "0.69.1"},{"date" => "2016-07-29T15:24:24","version" => "0.70.1"},{"date" => "2016-07-29T18:59:13","version" => "0.71.1"},{"date" => "2017-04-02T08:23:47","version" => "0.72.1"},{"date" => "2017-06-02T00:03:17","version" => "0.73.1"}]},"File-Find-Rule" => {"advisories" => [{"affected_versions" => ["<=0.34"],"cves" => ["CVE-2011-10007"],"description" => "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.  A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.  Example:  \$ mkdir /tmp/poc; echo > \"/tmp/poc/|id\" \$ perl -MFile::Find::Rule \\ \x{a0} \x{a0} -E 'File::Find::Rule->grep(\"foo\")->in(\"/tmp/poc\")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)","distribution" => "File-Find-Rule","fixed_versions" => [">=0.35"],"id" => "CPANSA-File-Find-Rule-2011-10007","references" => ["https://github.com/richardc/perl-file-find-rule/commit/df58128bcee4c1da78c34d7f3fe1357e575ad56f.patch","https://github.com/richardc/perl-file-find-rule/pull/4","https://metacpan.org/release/RCLAMP/File-Find-Rule-0.34/source/lib/File/Find/Rule.pm#L423","https://rt.cpan.org/Public/Bug/Display.html?id=64504","http://www.openwall.com/lists/oss-security/2025/06/05/4","http://www.openwall.com/lists/oss-security/2025/06/06/1","http://www.openwall.com/lists/oss-security/2025/06/06/3","https://lists.debian.org/debian-lts-announce/2025/06/msg00006.html","https://github.com/richardc/perl-file-find-rule/pull/4"],"reported" => "2025-06-05","severity" => undef}],"main_module" => "File::Find::Rule","versions" => [{"date" => "2002-07-26T13:03:10","version" => "0.01"},{"date" => "2002-08-14T22:28:12","version" => "0.02"},{"date" => "2002-08-24T17:34:12","version" => "0.03"},{"date" => "2002-09-10T08:54:04","version" => "0.04"},{"date" => "2002-10-21T16:37:18","version" => "0.05"},{"date" => "2002-10-22T07:30:31","version" => "0.06"},{"date" => "2002-10-25T15:54:13","version" => "0.07"},{"date" => "2002-12-04T13:55:56","version" => "0.08"},{"date" => "2003-01-21T10:56:48","version" => "0.09"},{"date" => "2003-03-10T02:07:24","version" => "0.10"},{"date" => "2003-06-22T21:04:15","version" => "0.20_01"},{"date" => "2003-06-25T11:36:22","version" => "0.20_02"},{"date" => "2003-07-29T19:24:32","version" => "0.11"},{"date" => "2003-08-04T09:27:12","version" => "0.20_03"},{"date" => "2003-09-08T17:44:26","version" => "0.20"},{"date" => "2003-09-15T12:16:58","version" => "0.21"},{"date" => "2003-10-03T19:33:19","version" => "0.22"},{"date" => "2003-10-03T22:57:25","version" => "0.23"},{"date" => "2003-10-04T11:20:43","version" => "0.24_01"},{"date" => "2003-10-06T14:22:20","version" => "0.24"},{"date" => "2003-10-22T17:11:46","version" => "0.25"},{"date" => "2003-11-10T22:10:06","version" => "0.26"},{"date" => "2004-02-25T10:55:36","version" => "0.27"},{"date" => "2004-05-18T20:37:58","version" => "0.28"},{"date" => "2006-05-16T14:28:43","version" => "0.29"},{"date" => "2006-06-01T15:39:35","version" => "0.30"},{"date" => "2009-11-27T22:58:10","version" => "0.31"},{"date" => "2009-11-28T00:47:34","version" => "0.32"},{"date" => "2011-09-19T11:56:02","version" => "0.33"},{"date" => "2015-12-03T14:31:54","version" => "0.34"},{"date" => "2025-06-05T15:35:41","version" => "0.35"}]},"File-KeePass" => {"advisories" => [{"affected_versions" => [">0"],"cves" => [],"description" => "The module is making use of the perl rand function for key and iv generation (for Crypt::Rijndael).\n","distribution" => "File-KeePass","fixed_versions" => [],"id" => "CPANSA-File-KeePass-2016-01","references" => ["https://rt.cpan.org/Ticket/Display.html?id=117836"],"reported" => "2016-09-14","severity" => undef}],"main_module" => "File::KeePass","versions" => [{"date" => "2010-06-29T14:52:50","version" => "0.01"},{"date" => "2010-12-04T04:33:41","version" => "0.02"},{"date" => "2010-12-07T06:06:57","version" => "0.03"},{"date" => "2012-09-13T04:48:56","version" => "2.00"},{"date" => "2012-09-13T14:17:11","version" => "2.01"},{"date" => "2012-09-13T15:22:40","version" => "2.02"},{"date" => "2012-09-15T22:25:43","version" => "2.03"}]},"File-Path" => {"advisories" => [{"affected_versions" => ["<2.13"],"cves" => ["CVE-2017-6512"],"description" => "Race condition in the rmtree and remove_tree functions allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.\n","distribution" => "File-Path","fixed_versions" => [">=2.13"],"id" => "CPANSA-File-Path-2017-01","references" => ["https://metacpan.org/changes/distribution/File-Path","https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2"],"reported" => "2017-05-02"},{"affected_versions" => ["<=1.08"],"cves" => ["CVE-2008-5303"],"description" => "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2008-5303","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905","http://www.openwall.com/lists/oss-security/2008/11/28/2","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36","http://www.gossamer-threads.com/lists/perl/porters/233695#233695","http://www.debian.org/security/2008/dsa-1678","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://secunia.com/advisories/32980","http://support.apple.com/kb/HT4077","http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://secunia.com/advisories/40052","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/47044","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-12-01","severity" => undef},{"affected_versions" => ["==1.08","==2.07"],"cves" => ["CVE-2008-5302"],"description" => "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448.  It is different from CVE-2008-5303 due to affected versions.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2008-5302","references" => ["http://www.gossamer-threads.com/lists/perl/porters/233695#233695","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905","http://www.openwall.com/lists/oss-security/2008/11/28/2","http://www.debian.org/security/2008/dsa-1678","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-1","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","http://secunia.com/advisories/32980","http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","http://support.apple.com/kb/HT4077","http://secunia.com/advisories/40052","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/47043","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-12-01","severity" => undef},{"affected_versions" => [">=2.04,<2.07"],"cves" => ["CVE-2008-2827"],"description" => "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.\n","distribution" => "File-Path","fixed_versions" => [">=2.07"],"id" => "CPANSA-File-Path-2008-2827","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319","http://rt.cpan.org/Public/Bug/Display.html?id=36982","http://www.securityfocus.com/bid/29902","http://secunia.com/advisories/30790","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","http://www.mandriva.com/security/advisories?name=MDVSA-2008:165","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html","http://secunia.com/advisories/30837","http://secunia.com/advisories/31687","http://www.securitytracker.com/id?1020373","https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"],"reported" => "2008-06-23","severity" => undef},{"affected_versions" => ["<1.07"],"cves" => ["CVE-2005-0448"],"description" => "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2005-0448","references" => ["http://www.debian.org/security/2005/dsa-696","http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml","http://www.redhat.com/support/errata/RHSA-2005-881.html","http://secunia.com/advisories/18075","http://www.securityfocus.com/bid/12767","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://secunia.com/advisories/14531","http://secunia.com/advisories/18517","http://fedoranews.org/updates/FEDORA--.shtml","http://www.redhat.com/support/errata/RHSA-2005-674.html","http://secunia.com/advisories/17079","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://www.mandriva.com/security/advisories?name=MDKSA-2005:079","http://www.securityfocus.com/advisories/8704","http://secunia.com/advisories/55314","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475","https://usn.ubuntu.com/94-1/"],"reported" => "2005-05-02","severity" => undef},{"affected_versions" => [">=1.06,<=1.404"],"cves" => ["CVE-2004-0452"],"description" => "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2004-0452","references" => ["http://www.debian.org/security/2004/dsa-620","http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://www.securityfocus.com/bid/12072","http://secunia.com/advisories/12991","http://secunia.com/advisories/18517","http://fedoranews.org/updates/FEDORA--.shtml","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://secunia.com/advisories/55314","http://marc.info/?l=bugtraq&m=110547693019788&w=2","https://www.ubuntu.com/usn/usn-44-1/","https://exchange.xforce.ibmcloud.com/vulnerabilities/18650","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"],"reported" => "2004-12-21","severity" => undef}],"main_module" => "File::Path","versions" => [{"date" => "2007-05-17T13:46:15","version" => "1.99_01"},{"date" => "2007-05-27T09:29:48","version" => "1.99_02"},{"date" => "2007-06-27T19:23:09","version" => "2.00_05"},{"date" => "2007-07-04T21:37:13","version" => "2.00_06"},{"date" => "2007-07-09T19:37:02","version" => "2.00_07"},{"date" => "2007-08-01T00:10:43","version" => "2.00_08"},{"date" => "2007-08-20T18:15:55","version" => "2.00_09"},{"date" => "2007-09-04T17:20:45","version" => "2.00_10"},{"date" => "2007-09-08T12:53:07","version" => "2.00_11"},{"date" => "2007-09-29T10:29:32","version" => "2.01"},{"date" => "2007-10-24T10:36:09","version" => "2.02"},{"date" => "2007-11-04T18:36:19","version" => "2.03"},{"date" => "2007-11-24T09:53:23","version" => "2.04"},{"date" => "2008-05-07T08:25:05","version" => "2.05"},{"date" => "2008-05-08T09:36:50","version" => "2.06"},{"date" => "2008-05-10T21:02:47","version" => "2.06_01"},{"date" => "2008-05-12T10:07:46","version" => "2.06_02"},{"date" => "2008-05-12T21:43:43","version" => "2.06_03"},{"date" => "2008-05-13T14:40:30","version" => "2.06_04"},{"date" => "2008-10-01T20:41:37","version" => "2.06_05"},{"date" => "2008-10-05T21:59:58","version" => "2.06_06"},{"date" => "2008-10-29T17:55:36","version" => "2.06_07"},{"date" => "2008-11-05T00:12:29","version" => "2.06_08"},{"date" => "2008-11-09T13:11:17","version" => "2.07"},{"date" => "2009-06-21T13:23:32","version" => "2.07_03"},{"date" => "2009-10-04T10:31:05","version" => "2.08"},{"date" => "2013-01-16T21:36:05","version" => "2.09"},{"date" => "2015-06-24T17:03:22","version" => "2.10_001"},{"date" => "2015-06-26T17:28:20","version" => "2.10_002"},{"date" => "2015-07-08T16:59:11","version" => "2.10_003"},{"date" => "2015-07-10T11:34:44","version" => "2.10_004"},{"date" => "2015-07-17T15:03:07","version" => "2.10_005"},{"date" => "2015-07-18T02:28:14","version" => "2.11"},{"date" => "2015-07-24T23:01:36","version" => "2.11_001"},{"date" => "2015-07-25T09:56:18","version" => "2.11_002"},{"date" => "2015-08-03T18:07:05","version" => "2.11_003"},{"date" => "2015-10-01T19:34:07","version" => "2.11_004"},{"date" => "2015-10-09T12:11:52","version" => "2.12"},{"date" => "2016-09-18T13:35:39","version" => "2.12_001"},{"date" => "2017-03-12T22:09:35","version" => "2.12_002"},{"date" => "2017-04-07T13:59:30","version" => "2.12_003"},{"date" => "2017-04-18T18:37:56","version" => "2.12_004"},{"date" => "2017-04-21T12:03:20","version" => "2.12_005"},{"date" => "2017-04-21T21:58:56","version" => "2.12_006"},{"date" => "2017-04-22T20:09:24","version" => "2.12_007"},{"date" => "2017-05-07T17:48:35","version" => "2.12_008"},{"date" => "2017-05-31T23:44:51","version" => "2.13"},{"date" => "2017-06-07T21:34:52","version" => "2.14"},{"date" => "2017-07-30T02:40:36","version" => "2.15"},{"date" => "2018-08-31T13:04:13","version" => "2.16"},{"date" => "2020-07-18T18:29:28","version" => "2.17"},{"date" => "2020-11-04T12:38:02","version" => "2.18_001"},{"date" => "2020-11-05T01:30:15","version" => "2.18"},{"date" => "1995-03-14T00:00:00","dual_lived" => 1,"perl_release" => "5.001","version" => undef},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "1.01"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.04"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "1.0402"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "1.0401"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006000","version" => "1.0403"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "1.0404"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.05"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.06"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "1.07"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.08"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.07_02"},{"date" => "2009-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011003","version" => "2.08_01"},{"date" => "2016-05-09T00:00:00","dual_lived" => 1,"perl_release" => "5.024000","version" => "2.12_01"}]},"File-Slurp" => {"advisories" => [{"affected_versions" => ["<9999.26"],"cves" => [],"description" => "Use of sysread treats any :encoding(...) as effectively :utf8.\n","distribution" => "File-Slurp","fixed_versions" => [">=9999.26"],"id" => "CPANSA-File-Slurp-2013-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=83126","https://rt.perl.org/Ticket/Display.html?id=121870"],"reported" => "2013-02-04"}],"main_module" => "File::Slurp","versions" => [{"date" => "1996-04-22T21:18:00","version" => "96.042202"},{"date" => "1998-07-19T16:25:00","version" => "98.071901"},{"date" => "2001-11-04T03:17:00","version" => "2001.1103"},{"date" => "2002-03-08T05:22:00","version" => "2002.0305"},{"date" => "2002-11-01T03:14:00","version" => "2002.1031"},{"date" => "2003-09-04T16:28:00","version" => "2004.0904"},{"date" => "2003-11-24T07:45:57","version" => "0.01"},{"date" => "2003-11-24T08:02:47","version" => "9999.01"},{"date" => "2003-12-17T09:20:57","version" => "9999.02"},{"date" => "2003-12-22T06:54:57","version" => "9999.03"},{"date" => "2004-02-23T19:27:53","version" => "9999.04"},{"date" => "2004-09-21T05:23:58","version" => "9999.06"},{"date" => "2005-01-30T10:01:07","version" => "9999.07"},{"date" => "2005-04-16T05:06:09","version" => "9999.08"},{"date" => "2005-04-29T06:09:11","version" => "9999.09"},{"date" => "2006-01-19T18:29:42","version" => "9999.10"},{"date" => "2006-01-20T06:45:13","version" => "9999.11"},{"date" => "2006-03-07T07:13:42","version" => "9999.12"},{"date" => "2008-01-24T04:57:12","version" => "9999.13"},{"date" => "2011-03-22T22:41:08","version" => "9999.14"},{"date" => "2011-03-24T22:52:42","version" => "9999.15"},{"date" => "2011-04-24T04:26:18","version" => "9999.16"},{"date" => "2011-05-13T06:23:08","version" => "9999.17"},{"date" => "2011-05-13T07:03:44","version" => "9999.18"},{"date" => "2011-06-07T08:08:06","version" => "9999.19"},{"date" => "2018-09-28T01:57:50","version" => "9999.20_01"},{"date" => "2018-10-05T01:23:09","version" => "9999.20_02"},{"date" => "2018-10-08T21:16:27","version" => "9999.21"},{"date" => "2018-10-16T03:15:39","version" => "9999.22"},{"date" => "2018-10-20T20:06:53","version" => "9999.23"},{"date" => "2018-10-30T02:45:09","version" => "9999.24"},{"date" => "2018-11-16T16:11:34","version" => "9999.25"},{"date" => "2019-02-13T16:35:40","version" => "9999.26"},{"date" => "2019-04-05T13:28:05","version" => "9999.27"},{"date" => "2019-09-13T00:36:22","version" => "9999.28"},{"date" => "2019-11-27T20:40:47","version" => "9999.29"},{"date" => "2020-03-09T14:31:40","version" => "9999.30"},{"date" => "2020-06-28T22:33:21","version" => "9999.31"},{"date" => "2020-07-01T00:34:08","version" => "9999.32"}]},"File-Temp" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2011-4116"],"description" => "_is_safe in the File::Temp module for Perl does not properly handle symlinks.\n","distribution" => "File-Temp","fixed_versions" => [],"id" => "CPANSA-File-Temp-2011-4116","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","https://rt.cpan.org/Public/Bug/Display.html?id=69106","https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://seclists.org/oss-sec/2011/q4/238"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "File::Temp","versions" => [{"date" => "2000-03-14T20:15:55","version" => "0.05"},{"date" => "2000-04-28T04:48:55","version" => "0.07"},{"date" => "2000-05-16T01:10:28","version" => "0.08"},{"date" => "2000-07-26T20:30:30","version" => "0.09"},{"date" => "2000-12-12T21:04:53","version" => "0.11"},{"date" => "2001-02-23T00:37:44","version" => "0.12"},{"date" => "2003-08-16T04:06:11","version" => "0.13"},{"date" => "2003-08-17T04:42:50","version" => "0.14"},{"date" => "2005-02-22T05:40:33","version" => "0.15"},{"date" => "2005-02-22T21:42:47","version" => "0.16"},{"date" => "2006-08-18T22:40:10","version" => "0.17"},{"date" => "2007-01-22T00:18:40","version" => "0.18"},{"date" => "2007-11-20T08:28:08","version" => "0.19"},{"date" => "2007-12-21T00:46:29","version" => "0.20"},{"date" => "2008-11-14T01:30:09","version" => "0.21"},{"date" => "2009-06-29T07:41:24","version" => "0.22"},{"date" => "2013-02-07T17:03:45","version" => "0.22_90"},{"date" => "2013-03-14T21:57:42","version" => "0.23"},{"date" => "2013-04-11T15:31:13","version" => "0.2301"},{"date" => "2013-09-26T13:48:13","version" => "0.2302"},{"date" => "2013-10-09T13:59:01","version" => "0.2303"},{"date" => "2013-10-10T13:17:32","version" => "0.2304"},{"date" => "2018-04-19T12:01:34","version" => "0.2305"},{"date" => "2018-06-24T19:34:31","version" => "0.2306"},{"date" => "2018-06-24T19:41:28","version" => "0.2307"},{"date" => "2018-07-11T21:07:49","version" => "0.2308"},{"date" => "2019-01-06T20:32:53","version" => "0.2309"},{"date" => "2020-09-26T17:39:38","version" => "0.2310"},{"date" => "2020-10-03T04:04:55","version" => "0.2311"},{"date" => "2025-09-01T18:57:33","version" => "0.2312"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "0.16_01"}]},"Filesys-SmbClientParser" => {"advisories" => [{"affected_versions" => ["<=2.7"],"cves" => ["CVE-2008-3285"],"description" => "The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.\n","distribution" => "Filesys-SmbClientParser","fixed_versions" => [],"id" => "CPANSA-Filesys-SmbClientParser-2008-3285","references" => ["http://www.securityfocus.com/bid/30290","http://secunia.com/advisories/31175","http://securityreason.com/securityalert/4027","https://exchange.xforce.ibmcloud.com/vulnerabilities/43910","http://www.securityfocus.com/archive/1/494536/100/0/threaded"],"reported" => "2008-07-24","severity" => undef}],"main_module" => "Filesys::SmbClientParser","versions" => [{"date" => "2000-11-19T21:10:38","version" => "0.01"},{"date" => "2000-11-20T19:41:09","version" => "0.2"},{"date" => "2001-01-12T00:31:50","version" => "0.3"},{"date" => "2001-04-15T22:37:14","version" => "1.2"},{"date" => "2001-04-19T17:38:19","version" => "1.3"},{"date" => "2001-05-30T08:04:44","version" => "1.4"},{"date" => "2002-01-25T12:18:47","version" => "2.0"},{"date" => "2002-04-19T21:56:09","version" => "2.1"},{"date" => "2002-08-09T11:24:20","version" => "2.2"},{"date" => "2002-08-13T14:55:48","version" => "2.3"},{"date" => "2002-11-08T23:57:07","version" => "2.4"},{"date" => "2002-11-12T18:59:33","version" => "2.5"},{"date" => "2004-01-28T23:06:58","version" => "2.6"},{"date" => "2004-04-14T21:56:02","version" => "2.7"}]},"GBrowse" => {"advisories" => [{"affected_versions" => ["<2.56"],"cves" => [],"description" => "An attacker is able to delete other users' accounts.  No httponly cookie flag.  Cross-site scripting vulnerability in generation of citation text.\n","distribution" => "GBrowse","fixed_versions" => [">=2.56"],"id" => "CPANSA-GBrowse-2017-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2017-01-15"},{"affected_versions" => ["<1.62"],"cves" => [],"description" => "Cross-site scripting.\n","distribution" => "GBrowse","fixed_versions" => [">=1.62"],"id" => "CPANSA-GBrowse-2004-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2004-04-05"},{"affected_versions" => ["<1.54"],"cves" => [],"description" => "Path traversal.\n","distribution" => "GBrowse","fixed_versions" => [">=1.54"],"id" => "CPANSA-GBrowse-2003-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2003-08-23"}],"main_module" => "CGI::Toggle","versions" => [{"date" => "2008-12-29T15:38:27","version" => "1.981"},{"date" => "2008-12-29T17:21:12","version" => "1.982"},{"date" => "2009-01-06T07:42:56","version" => "1.983"},{"date" => "2009-01-06T09:17:54","version" => "1.984"},{"date" => "2009-01-10T12:37:42","version" => "1.985"},{"date" => "2009-01-12T16:58:20","version" => "1.986"},{"date" => "2009-01-22T19:49:50","version" => "1.987"},{"date" => "2009-01-30T00:12:57","version" => "1.988"},{"date" => "2009-03-10T19:24:17","version" => "1.989"},{"date" => "2009-04-03T19:29:22","version" => "1.99"},{"date" => "2009-05-04T05:30:31","version" => "1.991"},{"date" => "2009-05-05T23:40:00","version" => "1.992"},{"date" => "2009-05-07T14:11:11","version" => "1.993"},{"date" => "2009-05-30T22:07:17","version" => "1.994"},{"date" => "2009-06-08T21:27:08","version" => "1.995"},{"date" => "2009-07-06T14:12:57","version" => "1.996"},{"date" => "2009-07-30T16:40:54","version" => "1.997"},{"date" => "2009-08-19T19:19:44","version" => "1.9971"},{"date" => "2009-12-09T21:39:37","version" => "1.998"},{"date" => "2009-12-15T15:59:37","version" => "1.9982"},{"date" => "2009-12-18T19:25:25","version" => "1.9983"},{"date" => "2009-12-22T21:20:40","version" => "1.9984"},{"date" => "2009-12-23T21:56:31","version" => "1.999"},{"date" => "2010-01-28T02:58:41","version" => "2.00"},{"date" => "2010-02-09T18:13:33","version" => "2.01"},{"date" => "2010-03-10T05:56:50","version" => "2.02"},{"date" => "2010-03-25T16:06:21","version" => "2.03"},{"date" => "2010-04-18T21:44:27","version" => "2.04"},{"date" => "2010-05-13T03:30:32","version" => "2.05"},{"date" => "2010-05-13T21:17:05","version" => "2.06"},{"date" => "2010-05-17T14:49:41","version" => "2.07"},{"date" => "2010-05-21T02:52:47","version" => "2.08"},{"date" => "2010-06-10T20:17:32","version" => "2.09"},{"date" => "2010-06-15T14:20:30","version" => "2.10"},{"date" => "2010-06-30T19:15:37","version" => "2.11"},{"date" => "2010-06-30T19:30:03","version" => "2.12"},{"date" => "2010-07-05T20:17:39","version" => "2.13"},{"date" => "2010-08-27T15:06:04","version" => "2.14"},{"date" => "2010-09-13T22:17:44","version" => "2.15"},{"date" => "2010-11-01T16:24:01","version" => "2.16"},{"date" => "2010-11-18T17:08:57","version" => "2.17"},{"date" => "2011-01-18T22:35:59","version" => "2.20"},{"date" => "2011-01-22T17:17:34","version" => "2.21"},{"date" => "2011-01-26T14:31:35","version" => "2.22"},{"date" => "2011-01-30T20:03:25","version" => "2.23"},{"date" => "2011-01-31T17:19:08","version" => "2.24"},{"date" => "2011-02-02T18:53:40","version" => "2.25"},{"date" => "2011-02-04T18:51:54","version" => "2.26"},{"date" => "2011-04-10T21:07:42","version" => "2.27"},{"date" => "2011-04-10T21:32:05","version" => "2.28"},{"date" => "2011-05-02T16:12:11","version" => "2.29"},{"date" => "2011-05-03T12:17:18","version" => "2.30"},{"date" => "2011-05-03T15:50:21","version" => "2.31"},{"date" => "2011-05-04T18:47:51","version" => "2.32"},{"date" => "2011-05-07T03:27:32","version" => "2.33"},{"date" => "2011-06-01T15:19:47","version" => "2.34"},{"date" => "2011-06-03T13:41:28","version" => "2.35"},{"date" => "2011-06-04T14:58:14","version" => "2.36"},{"date" => "2011-06-06T21:24:59","version" => "2.37"},{"date" => "2011-06-09T16:00:48","version" => "2.38"},{"date" => "2011-06-29T17:45:00","version" => "2.39"},{"date" => "2011-09-30T16:56:29","version" => "2.40"},{"date" => "2011-10-07T13:31:48","version" => "2.41"},{"date" => "2011-10-12T19:33:22","version" => "2.42"},{"date" => "2011-10-24T16:43:23","version" => "2.43"},{"date" => "2011-12-08T23:09:26","version" => "2.44"},{"date" => "2012-01-03T21:35:41","version" => "2.45"},{"date" => "2012-02-10T17:28:20","version" => "2.46"},{"date" => "2012-02-16T12:40:04","version" => "2.47"},{"date" => "2012-02-24T21:06:10","version" => "2.48"},{"date" => "2012-04-17T23:48:26","version" => "2.49"},{"date" => "2012-09-04T16:22:21","version" => "2.50"},{"date" => "2012-09-18T03:01:31","version" => "2.51"},{"date" => "2012-09-26T02:54:36","version" => "2.52"},{"date" => "2012-12-10T11:23:34","version" => "2.53"},{"date" => "2012-12-11T15:49:03","version" => "2.54"},{"date" => "2013-07-10T14:51:25","version" => "2.55"},{"date" => "2017-01-15T21:29:11","version" => "2.56"}]},"GD" => {"advisories" => [{"affected_versions" => ["<2.72"],"cves" => ["CVE-2019-6977"],"description" => "gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.\n","distribution" => "GD","fixed_versions" => [">=2.72"],"id" => "CPANSA-GD-2019-6977","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2019-6977","https://bugs.php.net/bug.php?id=77270","http://php.net/ChangeLog-7.php","http://php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/106731","https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html","https://www.debian.org/security/2019/dsa-4384","https://usn.ubuntu.com/3900-1/","https://security.netapp.com/advisory/ntap-20190315-0003/","https://security.gentoo.org/glsa/201903-18","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html","http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html","https://www.exploit-db.com/exploits/46677/","https://access.redhat.com/errata/RHSA-2019:2519","https://access.redhat.com/errata/RHSA-2019:3299","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"],"reported" => "2019-01-27","severity" => "high"}],"main_module" => "GD","versions" => [{"date" => "1996-05-17T08:12:00","version" => "1.00"},{"date" => "1996-07-17T10:16:00","version" => "1.01"},{"date" => "1996-09-07T16:53:00","version" => "1.10"},{"date" => "1996-09-09T10:37:00","version" => "1.11"},{"date" => "1996-09-10T12:04:00","version" => "1.12"},{"date" => "1996-09-11T07:27:00","version" => "1.13"},{"date" => "1996-09-12T16:11:00","version" => "1.14"},{"date" => "1997-11-19T21:13:00","version" => "1.15"},{"date" => "1997-12-19T14:26:00","version" => "1.16"},{"date" => "1998-01-16T13:34:00","version" => "1.17"},{"date" => "1998-01-26T08:44:00","version" => "1.18"},{"date" => "1998-03-08T16:43:26","version" => "1.18"},{"date" => "1999-01-31T17:52:34","version" => "1.18"},{"date" => "1999-04-26T20:35:55","version" => "1.19"},{"date" => "1999-06-02T13:44:43","version" => "1.19"},{"date" => "1999-08-31T03:38:46","version" => "1.20"},{"date" => "1999-08-31T14:55:24","version" => "1.21"},{"date" => "1999-09-30T21:46:47","version" => "1.22"},{"date" => "1999-11-11T14:26:14","version" => "1.23"},{"date" => "2000-02-15T19:54:37","version" => "1.24"},{"date" => "2000-02-22T15:20:41","version" => "1.25"},{"date" => "2000-03-18T23:21:50","version" => "1.26"},{"date" => "2000-03-22T19:41:56","version" => "1.27"},{"date" => "2000-06-23T12:15:51","version" => "1.28"},{"date" => "2000-06-23T18:26:31","version" => "1.29"},{"date" => "2000-07-07T02:42:47","version" => "1.30"},{"date" => "2000-11-10T16:00:09","version" => "1.32"},{"date" => "2001-04-05T04:42:53","version" => "1.33"},{"date" => "2001-09-26T05:19:41","version" => "1.31"},{"date" => "2001-12-06T22:57:11","version" => "1.35"},{"date" => "2001-12-17T19:13:23","version" => "1.36"},{"date" => "2001-12-19T21:34:33","version" => "1.37"},{"date" => "2002-01-04T15:33:18","version" => "1.38"},{"date" => "2002-06-12T02:09:05","version" => "1.39"},{"date" => "2002-06-19T12:11:07","version" => "1.40"},{"date" => "2002-07-22T07:33:14","version" => "1.41"},{"date" => "2002-08-09T16:31:00","version" => "2.00"},{"date" => "2002-08-09T16:39:49","version" => "2.01"},{"date" => "2002-10-14T13:07:59","version" => "2.02"},{"date" => "2002-11-01T15:46:28","version" => "2.04"},{"date" => "2002-11-05T00:55:52","version" => "2.041"},{"date" => "2002-11-25T01:35:10","version" => "2.05"},{"date" => "2003-01-08T16:49:15","version" => "2.06"},{"date" => "2003-04-24T05:06:33","version" => "2.07"},{"date" => "2003-10-06T23:04:15","version" => "2.10"},{"date" => "2003-10-07T22:33:21","version" => "2.11"},{"date" => "2004-02-06T14:33:56","version" => "2.12"},{"date" => "2004-07-22T20:32:01","version" => "2.15"},{"date" => "2004-07-27T00:47:05","version" => "2.16"},{"date" => "2004-11-10T19:15:39","version" => "2.17"},{"date" => "2004-11-12T15:19:40","version" => "2.18"},{"date" => "2004-11-16T13:36:22","version" => "2.19"},{"date" => "2005-02-09T18:50:44","version" => "2.21"},{"date" => "2005-03-07T18:09:39","version" => "2.22"},{"date" => "2005-03-09T21:04:40","version" => "2.23"},{"date" => "2005-07-15T18:47:39","version" => "2.25"},{"date" => "2005-08-04T13:34:01","version" => "2.26"},{"date" => "2005-08-06T14:52:27","version" => "2.27"},{"date" => "2005-08-08T17:28:37","version" => "2.28"},{"date" => "2005-10-19T05:44:52","version" => "2.29"},{"date" => "2005-10-19T07:51:48","version" => "2.30"},{"date" => "2006-02-20T19:48:20","version" => "2.31"},{"date" => "2006-03-08T20:19:06","version" => "2.32"},{"date" => "2006-06-01T20:02:57","version" => "2.34"},{"date" => "2006-08-23T15:31:17","version" => "2.35"},{"date" => "2008-04-21T14:15:26","version" => "2.39"},{"date" => "2008-08-07T18:48:46","version" => "2.40"},{"date" => "2008-08-07T19:17:19","version" => "2.41"},{"date" => "2009-06-10T14:44:33","version" => "2.43"},{"date" => "2009-07-10T18:12:58","version" => "2.44"},{"date" => "2010-04-30T18:52:21","version" => "2.45"},{"date" => "2011-05-01T17:47:22","version" => "2.46"},{"date" => "2013-02-26T10:54:32","version" => "2.48"},{"date" => "2013-02-26T11:04:16","version" => "2.49"},{"date" => "2013-07-02T20:48:59","version" => "2.50"},{"date" => "2014-02-04T16:53:54","version" => "2.51"},{"date" => "2014-02-19T04:29:23","version" => "2.52"},{"date" => "2014-04-01T14:26:31","version" => "2.53"},{"date" => "2014-10-27T02:29:14","version" => "2.55"},{"date" => "2014-10-28T01:35:39","version" => "2.56"},{"date" => "2017-04-19T14:45:56","version" => "2.56_01"},{"date" => "2017-04-19T14:56:35","version" => "2.56_02"},{"date" => "2017-04-19T15:19:33","version" => "2.56_03"},{"date" => "2017-04-21T06:22:54","version" => "2.57"},{"date" => "2017-04-21T08:38:24","version" => "2.58"},{"date" => "2017-04-21T10:35:21","version" => "2.59"},{"date" => "2017-04-21T22:11:18","version" => "2.60"},{"date" => "2017-04-22T15:52:15","version" => "2.61"},{"date" => "2017-04-22T22:27:02","version" => "2.62"},{"date" => "2017-04-23T08:23:06","version" => "2.63"},{"date" => "2017-04-23T09:03:18","version" => "2.64"},{"date" => "2017-04-23T10:36:23","version" => "2.65"},{"date" => "2017-04-23T13:08:08","version" => "2.66"},{"date" => "2017-11-15T08:33:16","version" => "2.67"},{"date" => "2018-02-18T19:56:41","version" => "2.68"},{"date" => "2018-08-26T15:40:02","version" => "2.69"},{"date" => "2019-01-10T12:57:08","version" => "2.70"},{"date" => "2019-02-12T11:53:42","version" => "2.71"},{"date" => "2020-07-18T06:02:50","version" => "2.72"},{"date" => "2020-09-24T13:01:57","version" => "2.73"},{"date" => "2022-01-23T15:34:48","version" => "2.74"},{"date" => "2022-01-25T16:54:22","version" => "2.75"},{"date" => "2022-02-01T14:50:45","version" => "2.76"},{"date" => "2023-05-29T07:10:47","version" => "2.77"},{"date" => "2023-07-04T09:13:52","version" => "2.78"},{"date" => "2024-04-29T19:57:07","version" => "2.79"},{"date" => "2024-05-03T11:16:48","version" => "2.80"},{"date" => "2024-05-03T17:02:57","version" => "2.81"},{"date" => "2024-05-27T10:31:38","version" => "2.82"},{"date" => "2024-06-23T15:46:01","version" => "2.83"},{"date" => "2026-01-04T19:40:59","version" => "2.84"}]},"GPIB" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2006-1565"],"description" => "Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.\n","distribution" => "GPIB","fixed_versions" => [],"id" => "CPANSA-GPIB-2006-1565","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359239","http://www.securityfocus.com/bid/17288","https://exchange.xforce.ibmcloud.com/vulnerabilities/25681"],"reported" => "2006-03-31","severity" => undef}],"main_module" => "GPIB","versions" => [{"date" => "2002-01-02T03:13:38","version" => "0_30"}]},"Galileo" => {"advisories" => [{"affected_versions" => ["<0.043"],"cves" => ["CVE-2019-7410"],"description" => "There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via \$page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).\n","distribution" => "Galileo","fixed_versions" => [">=0.043"],"id" => "CPANSA-Galileo-2019-7410","references" => ["https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMS_v0.042.txt","https://metacpan.org/changes/distribution/Galileo","https://github.com/jberger/Galileo/pull/55/files","https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_Vulnerability_in_Galileo_CMS_v0.042.txt"],"reported" => "2020-08-14","severity" => "medium"}],"main_module" => "Galileo","versions" => [{"date" => "2012-07-30T17:03:42","version" => "0.001"},{"date" => "2012-07-30T17:38:19","version" => "0.002"},{"date" => "2012-07-30T20:36:06","version" => "0.003"},{"date" => "2012-07-31T15:41:59","version" => "0.004"},{"date" => "2012-08-06T21:26:17","version" => "0.005"},{"date" => "2012-08-09T20:39:14","version" => "0.006"},{"date" => "2012-09-10T17:57:20","version" => "0.007"},{"date" => "2012-10-27T17:40:15","version" => "0.008"},{"date" => "2012-10-28T18:03:00","version" => "0.009"},{"date" => "2012-10-28T18:10:15","version" => "0.01"},{"date" => "2012-10-31T22:10:19","version" => "0.011"},{"date" => "2013-01-15T15:10:42","version" => "0.012"},{"date" => "2013-01-15T21:07:00","version" => "0.013"},{"date" => "2013-01-16T21:37:32","version" => "0.014"},{"date" => "2013-01-19T03:59:45","version" => "0.015"},{"date" => "2013-01-26T21:28:59","version" => "0.016"},{"date" => "2013-02-05T03:32:32","version" => "0.017"},{"date" => "2013-02-06T02:47:47","version" => "0.018"},{"date" => "2013-02-06T03:09:27","version" => "0.019"},{"date" => "2013-02-11T23:33:00","version" => "0.020"},{"date" => "2013-02-17T01:24:51","version" => "0.021"},{"date" => "2013-02-17T02:44:14","version" => "0.022"},{"date" => "2013-03-04T18:25:01","version" => "0.023"},{"date" => "2013-03-12T15:24:22","version" => "0.024"},{"date" => "2013-03-12T18:48:22","version" => "0.025"},{"date" => "2013-03-15T15:18:18","version" => "0.026"},{"date" => "2013-04-03T20:04:15","version" => "0.027"},{"date" => "2013-05-14T15:59:46","version" => "0.028"},{"date" => "2013-06-29T03:30:18","version" => "0.029"},{"date" => "2013-08-27T03:43:39","version" => "0.030"},{"date" => "2013-11-28T18:36:10","version" => "0.031"},{"date" => "2014-04-06T16:17:22","version" => "0.032"},{"date" => "2014-05-10T19:38:50","version" => "0.033"},{"date" => "2014-05-31T13:06:42","version" => "0.034"},{"date" => "2014-08-16T22:10:46","version" => "0.035"},{"date" => "2014-08-31T15:31:15","version" => "0.036"},{"date" => "2014-10-14T04:03:53","version" => "0.037"},{"date" => "2015-01-25T18:08:54","version" => "0.038"},{"date" => "2015-09-28T18:25:31","version" => "0.039"},{"date" => "2016-01-07T16:33:46","version" => "0.040"},{"date" => "2016-08-13T18:15:17","version" => "0.041"},{"date" => "2017-03-16T03:14:04","version" => "0.042"},{"date" => "2020-08-06T16:26:58","version" => "0.043"}]},"Git-Raw" => {"advisories" => [{"affected_versions" => [">=0.08,<=0.24"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.08,<=0.24"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.08,<=0.24"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.25,<=0.28"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.25,<=0.28"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.25,<=0.28"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.29,<=0.40"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.29,<=0.40"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.29,<=0.40"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.41,<=0.50"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.41,<=0.50"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.41,<=0.50"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.51,<=0.53"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.51,<=0.53"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.51,<=0.53"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.54,<=0.58"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.54,<=0.58"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.54,<=0.58"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.59,<=0.60"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.59,<=0.60"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.59,<=0.60"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => ["==0.75"],"cves" => ["CVE-2018-10888"],"description" => "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-10888-libgit2","references" => ["https://github.com/libgit2/libgit2/releases/tag/v0.27.3","https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3","https://bugzilla.redhat.com/show_bug.cgi?id=1598024","https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"],"reported" => "2018-07-10","severity" => "medium"},{"affected_versions" => ["==0.75"],"cves" => ["CVE-2018-10887"],"description" => "A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-10887-libgit2","references" => ["https://github.com/libgit2/libgit2/releases/tag/v0.27.3","https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22","https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a","https://bugzilla.redhat.com/show_bug.cgi?id=1598021","https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"],"reported" => "2018-07-10","severity" => "high"},{"affected_versions" => [">=0.76,<=0.82"],"cves" => ["CVE-2018-10888"],"description" => "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-10888-libgit2","references" => ["https://github.com/libgit2/libgit2/releases/tag/v0.27.3","https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3","https://bugzilla.redhat.com/show_bug.cgi?id=1598024","https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"],"reported" => "2018-07-10","severity" => "medium"},{"affected_versions" => [">=0.76,<=0.82"],"cves" => ["CVE-2018-10887"],"description" => "A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-10887-libgit2","references" => ["https://github.com/libgit2/libgit2/releases/tag/v0.27.3","https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22","https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a","https://bugzilla.redhat.com/show_bug.cgi?id=1598021","https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"],"reported" => "2018-07-10","severity" => "high"},{"affected_versions" => [">=0.83,<=0.84"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.85,<=0.87"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => ["==0.88"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => ["==0.89"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.08,<=0.40"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=0.41,<=0.75"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=0.76,<=0.88"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Git::Raw","versions" => [{"date" => "2012-08-05T11:44:00","version" => "0.01"},{"date" => "2012-08-05T20:19:35","version" => "0.02"},{"date" => "2012-08-06T16:46:15","version" => "0.03"},{"date" => "2012-08-08T21:43:23","version" => "0.04"},{"date" => "2012-08-09T15:57:26","version" => "0.05"},{"date" => "2012-08-17T14:13:37","version" => "0.06"},{"date" => "2012-08-20T19:03:21","version" => "0.07"},{"date" => "2012-08-21T15:15:44","version" => "0.08"},{"date" => "2012-08-22T17:57:45","version" => "0.09"},{"date" => "2012-08-22T18:54:02","version" => "0.10"},{"date" => "2012-08-23T09:42:11","version" => "0.11"},{"date" => "2012-09-22T17:26:43","version" => "0.12"},{"date" => "2012-10-02T16:28:54","version" => "0.13"},{"date" => "2012-10-19T10:29:16","version" => "0.14"},{"date" => "2012-10-30T21:41:51","version" => "0.15"},{"date" => "2012-11-30T11:44:22","version" => "0.16"},{"date" => "2012-12-04T12:50:53","version" => "0.17"},{"date" => "2012-12-14T17:41:07","version" => "0.18"},{"date" => "2013-01-03T18:26:04","version" => "0.19"},{"date" => "2013-01-26T12:47:33","version" => "0.20"},{"date" => "2013-02-20T16:43:28","version" => "0.21"},{"date" => "2013-02-23T14:21:03","version" => "0.22"},{"date" => "2013-03-25T13:12:14","version" => "0.23"},{"date" => "2013-03-31T11:09:03","version" => "0.24"},{"date" => "2013-10-09T13:20:24","version" => "0.25"},{"date" => "2013-10-09T14:13:40","version" => "0.26"},{"date" => "2013-10-23T10:37:15","version" => "0.27"},{"date" => "2013-11-18T14:02:54","version" => "0.28"},{"date" => "2013-11-24T19:20:25","version" => "0.29"},{"date" => "2014-01-26T13:41:14","version" => "0.30"},{"date" => "2014-02-08T18:10:43","version" => "0.31"},{"date" => "2014-03-16T14:06:42","version" => "0.32"},{"date" => "2014-04-14T10:32:15","version" => "0.33"},{"date" => "2014-04-27T10:41:00","version" => "0.34"},{"date" => "2014-04-28T16:45:42","version" => "0.35"},{"date" => "2014-05-02T14:01:36","version" => "0.36"},{"date" => "2014-06-08T15:27:13","version" => "0.37"},{"date" => "2014-06-11T18:05:33","version" => "0.38"},{"date" => "2014-06-12T16:08:55","version" => "0.39"},{"date" => "2014-06-25T19:08:19","version" => "0.40"},{"date" => "2014-08-03T16:09:58","version" => "0.41"},{"date" => "2014-08-09T13:22:08","version" => "0.42"},{"date" => "2014-08-14T13:21:12","version" => "0.43"},{"date" => "2014-08-18T08:35:38","version" => "0.44"},{"date" => "2014-09-18T21:31:44","version" => "0.45"},{"date" => "2014-09-19T10:44:04","version" => "0.46"},{"date" => "2014-09-30T11:08:31","version" => "0.47"},{"date" => "2014-10-13T21:10:25","version" => "0.48"},{"date" => "2014-10-24T10:06:17","version" => "0.49"},{"date" => "2014-11-15T18:12:53","version" => "0.50"},{"date" => "2015-02-09T07:56:23","version" => "0.51"},{"date" => "2015-03-19T11:47:40","version" => "0.52"},{"date" => "2015-04-14T18:26:22","version" => "0.53"},{"date" => "2015-11-12T19:30:27","version" => "0.54"},{"date" => "2015-11-14T09:21:11","version" => "0.55"},{"date" => "2015-11-17T11:54:04","version" => "0.56"},{"date" => "2015-11-21T13:30:25","version" => "0.57"},{"date" => "2015-11-23T05:52:12","version" => "0.58"},{"date" => "2016-05-23T04:45:30","version" => "0.59"},{"date" => "2016-06-09T17:50:00","version" => "0.60"},{"date" => "2016-12-05T17:51:20","version" => "0.61"},{"date" => "2016-12-06T16:59:22","version" => "0.62"},{"date" => "2016-12-08T18:31:51","version" => "0.63"},{"date" => "2016-12-16T12:56:55","version" => "0.64"},{"date" => "2016-12-21T16:02:45","version" => "0.65"},{"date" => "2016-12-28T16:06:29","version" => "0.66"},{"date" => "2016-12-28T17:03:40","version" => "0.67"},{"date" => "2016-12-30T08:07:24","version" => "0.68"},{"date" => "2016-12-30T08:11:44","version" => "0.69"},{"date" => "2016-12-30T19:19:00","version" => "0.70"},{"date" => "2017-01-09T06:53:53","version" => "0.71"},{"date" => "2017-01-10T05:12:24","version" => "0.72"},{"date" => "2017-03-22T16:43:32","version" => "0.73"},{"date" => "2017-03-24T09:07:21","version" => "0.74"},{"date" => "2018-01-25T18:54:11","version" => "0.75"},{"date" => "2018-03-08T16:00:17","version" => "0.76"},{"date" => "2018-03-09T04:57:30","version" => "0.77"},{"date" => "2018-03-09T13:30:01","version" => "0.78"},{"date" => "2018-03-23T18:40:02","version" => "0.79"},{"date" => "2018-06-17T08:47:43","version" => "0.80"},{"date" => "2018-06-27T17:23:13","version" => "0.81"},{"date" => "2018-12-12T15:18:03","version" => "0.82"},{"date" => "2019-05-20T13:42:02","version" => "0.83"},{"date" => "2019-08-19T20:36:03","version" => "0.84"},{"date" => "2020-04-19T11:32:47","version" => "0.85"},{"date" => "2020-04-25T11:27:33","version" => "0.86"},{"date" => "2020-08-30T12:19:25","version" => "0.87"},{"date" => "2021-08-08T12:37:22","version" => "0.88"},{"date" => "2022-10-23T16:31:07","version" => "0.89"},{"date" => "2022-10-27T08:52:11","version" => "0.90"}]},"Git-XS" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.08,<=0.17"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.17"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.17,<=0.88"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.88"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Git::XS","versions" => [{"date" => "2011-12-27T05:42:38","version" => "0.01"},{"date" => "2011-12-27T23:09:56","version" => "0.02"}]},"GitLab-API-v4" => {"advisories" => [{"affected_versions" => [">=0.26"],"cves" => ["CVE-2023-31485"],"description" => "GitLab::API::v4 is missing the verify_SSL=>1 flag in HTTP::Tiny, allowing a network attacker to MITM connections to the GitLab server.\n","distribution" => "GitLab-API-v4","fixed_versions" => [],"id" => "CPANSA-GitLab-API-v4-2023-31485","references" => ["https://github.com/bluefeet/GitLab-API-v4/pull/57","https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://www.openwall.com/lists/oss-security/2023/04/18/14","https://github.com/chansen/p5-http-tiny/pull/151"],"reported" => "2023-02-28"}],"main_module" => "GitLab::API::v4","versions" => [{"date" => "2017-12-11T18:40:52","version" => "0.01"},{"date" => "2017-12-16T00:11:18","version" => "0.02"},{"date" => "2018-01-12T21:26:23","version" => "0.03"},{"date" => "2018-02-03T23:15:40","version" => "0.04"},{"date" => "2018-03-06T18:26:52","version" => "0.05"},{"date" => "2018-04-09T20:06:01","version" => "0.06"},{"date" => "2018-05-10T21:33:05","version" => "0.07"},{"date" => "2018-05-14T17:33:39","version" => "0.08"},{"date" => "2018-05-29T04:48:13","version" => "0.09"},{"date" => "2018-06-06T06:47:41","version" => "0.10"},{"date" => "2018-09-02T05:24:51","version" => "0.11"},{"date" => "2018-09-12T01:04:05","version" => "0.12"},{"date" => "2018-11-08T13:44:56","version" => "0.13"},{"date" => "2018-12-04T20:39:42","version" => "0.14"},{"date" => "2019-01-09T18:13:46","version" => "0.15"},{"date" => "2019-02-18T06:21:38","version" => "0.16"},{"date" => "2019-02-20T22:49:13","version" => "0.17"},{"date" => "2019-04-01T04:36:27","version" => "0.18"},{"date" => "2019-05-17T20:41:31","version" => "0.19"},{"date" => "2019-07-23T21:42:57","version" => "0.20"},{"date" => "2019-08-24T18:56:25","version" => "0.21"},{"date" => "2019-09-13T15:03:00","version" => "0.22"},{"date" => "2019-10-18T19:55:54","version" => "0.23"},{"date" => "2020-02-12T22:10:58","version" => "0.24"},{"date" => "2020-02-12T22:21:40","version" => "0.25"},{"date" => "2021-01-30T07:11:26","version" => "0.26"},{"date" => "2023-06-07T20:51:14","version" => "0.27"}]},"Graphics-ColorNames" => {"advisories" => [{"affected_versions" => [">=2.0_01,<=3.1.2"],"cves" => ["CVE-2024-55918"],"description" => "A specially-named file may lead to HTML injection attacks.\n","distribution" => "Graphics-ColorNames","fixed_versions" => [">3.1.2"],"id" => "CPANSA-Graphics-ColorNames-2010-02","references" => ["https://metacpan.org/changes/distribution/Graphics-ColorNames","https://rt.cpan.org/Public/Bug/Display.html?id=54500"],"reported" => "2010-02-11"}],"main_module" => "Graphics::ColorNames","versions" => [{"date" => "2001-02-20T03:47:48","version" => "0.10"},{"date" => "2001-04-12T02:32:22","version" => "0.20"},{"date" => "2001-04-13T04:37:27","version" => "0.21"},{"date" => "2001-04-15T14:26:41","version" => "0.22"},{"date" => "2001-04-18T03:13:51","version" => "0.23"},{"date" => "2001-04-28T16:09:48","version" => "0.24"},{"date" => "2001-10-05T02:42:20","version" => "0.30"},{"date" => "2002-10-24T01:17:51","version" => "0.31"},{"date" => "2002-12-05T03:07:24","version" => "0.32"},{"date" => "2004-07-22T00:41:35","version" => "0.3901"},{"date" => "2004-07-22T20:01:47","version" => "0.39_02"},{"date" => "2004-07-23T01:52:58","version" => "0.39_03"},{"date" => "2004-07-26T06:36:47","version" => "0.39_04"},{"date" => "2004-08-01T01:21:33","version" => "1.00"},{"date" => "2004-08-18T20:32:07","version" => "1.01"},{"date" => "2004-08-24T15:53:20","version" => "1.02"},{"date" => "2004-08-26T21:51:46","version" => "1.03"},{"date" => "2004-09-03T06:56:23","version" => "1.04"},{"date" => "2004-09-03T07:00:16","version" => "1.05"},{"date" => "2005-03-29T23:06:41","version" => "1.06"},{"date" => "2005-04-04T15:17:24","version" => "2.0_01"},{"date" => "2005-04-07T16:08:52","version" => "2.0_02"},{"date" => "2005-04-08T16:48:24","version" => "2.0_03"},{"date" => "2006-10-24T13:58:29","version" => "2.0_04"},{"date" => "2007-12-16T15:33:27","version" => "2.01"},{"date" => "2007-12-16T16:04:00","version" => "2.02"},{"date" => "2007-12-17T12:49:37","version" => "2.03"},{"date" => "2007-12-17T20:01:53","version" => "2.04"},{"date" => "2007-12-20T16:01:35","version" => "2.10_01"},{"date" => "2008-01-04T15:55:53","version" => "2.10_02"},{"date" => "2008-01-05T13:14:32","version" => "2.10_03"},{"date" => "2008-01-06T21:52:18","version" => "2.10_04"},{"date" => "2008-01-08T16:20:38","version" => "2.10_05"},{"date" => "2008-01-10T21:43:53","version" => "2.11"},{"date" => "2018-09-27T23:02:17","version" => "v3.0.0"},{"date" => "2018-09-28T12:40:06","version" => "v3.0.1"},{"date" => "2018-09-28T16:56:39","version" => "v3.0.2"},{"date" => "2018-09-30T12:37:45","version" => "v3.1.0"},{"date" => "2018-10-01T16:51:16","version" => "v3.1.1"},{"date" => "2018-10-01T22:15:39","version" => "v3.1.2"},{"date" => "2018-10-03T23:36:26","version" => "v3.2.0"},{"date" => "2018-10-06T10:00:38","version" => "v3.2.1"},{"date" => "2018-10-23T20:30:22","version" => "v3.3.0"},{"date" => "2018-10-24T15:03:58","version" => "v3.3.1"},{"date" => "2018-10-27T16:33:30","version" => "v3.3.2"},{"date" => "2018-10-27T18:31:44","version" => "v3.3.3"},{"date" => "2018-11-11T15:13:51","version" => "v3.3.4"},{"date" => "2018-11-18T19:13:42","version" => "v3.4.0"},{"date" => "2019-06-06T20:30:43","version" => "v3.5.0"}]},"HTML-EP" => {"advisories" => [{"affected_versions" => [">=0.2011"],"cves" => ["CVE-2012-6142"],"description" => "HTML::EP::Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "HTML-EP","fixed_versions" => [],"id" => "CPANSA-HTML-EP-2012-6142","references" => ["http://www.securityfocus.com/bid/59833","http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84199"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "HTML::EP","versions" => [{"date" => "1998-06-24T20:39:44","version" => "0.1000"},{"date" => "1998-06-26T12:21:47","version" => "0.1002"},{"date" => "1998-07-17T21:28:11","version" => "0.1005"},{"date" => "1998-07-18T16:05:32","version" => "0.1006"},{"date" => "1998-07-24T20:40:11","version" => "0.1100"},{"date" => "1998-09-12T20:26:57","version" => "0.1106"},{"date" => "1998-09-14T00:09:23","version" => "0.1107"},{"date" => "1998-09-18T01:41:54","version" => "0.1108"},{"date" => "1998-10-06T09:42:57","version" => "0.1109"},{"date" => "1998-10-13T16:57:33","version" => "0.1111"},{"date" => "1998-10-15T19:02:15","version" => "0.1112"},{"date" => "1998-10-21T21:58:15","version" => "0.1113"},{"date" => "1998-11-06T20:01:59","version" => "0.1116"},{"date" => "1998-11-29T18:25:07","version" => "0.1117"},{"date" => "1998-12-03T17:11:04","version" => "0.1118"},{"date" => "1999-01-26T02:07:08","version" => "0.1123"},{"date" => "1999-02-01T00:08:19","version" => "0.1124"},{"date" => "1999-02-07T20:07:50","version" => "0.1125"},{"date" => "1999-02-13T12:36:36","version" => "0.1126"},{"date" => "1999-02-23T18:47:31","version" => "0.1127"},{"date" => "1999-02-26T18:27:47","version" => "0.1128"},{"date" => "1999-05-04T22:59:11","version" => "0.1130"},{"date" => "1999-08-26T15:05:04","version" => "0.11321"},{"date" => "1999-08-27T11:29:51","version" => "0.1133"},{"date" => "1999-08-31T11:04:44","version" => "0.1134"},{"date" => "1999-09-21T10:22:21","version" => "0.1135"},{"date" => "1999-09-26T13:27:28","version" => "0.20_00"},{"date" => "1999-09-27T10:28:51","version" => "0.20_01"},{"date" => "1999-11-05T11:38:40","version" => "0.2003"},{"date" => "1999-11-08T15:38:12","version" => "0.2004"},{"date" => "1999-11-08T18:18:11","version" => "0.2005"},{"date" => "1999-11-17T12:28:55","version" => "0.2006"},{"date" => "1999-11-17T17:23:52","version" => "0.2007"},{"date" => "1999-11-25T10:15:38","version" => "0.2008"},{"date" => "1999-12-07T20:43:46","version" => "0.2009"},{"date" => "1999-12-15T22:41:39","version" => "0.2010"},{"date" => "2001-01-05T13:26:37","version" => "0.2011"},{"date" => "2001-01-05T13:27:07","version" => 0}]},"HTML-Parser" => {"advisories" => [{"affected_versions" => ["<3.63"],"cves" => ["CVE-2009-3627"],"description" => "The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.\n","distribution" => "HTML-Parser","fixed_versions" => [">=3.63"],"id" => "CPANSA-HTML-Parser-2009-3627","references" => ["https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225","http://www.openwall.com/lists/oss-security/2009/10/23/9","http://secunia.com/advisories/37155","http://www.securityfocus.com/bid/36807","https://bugzilla.redhat.com/show_bug.cgi?id=530604","http://www.vupen.com/english/advisories/2009/3022","http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c","https://exchange.xforce.ibmcloud.com/vulnerabilities/53941"],"reported" => "2009-10-29","severity" => undef}],"main_module" => "HTML::Parser","versions" => [{"date" => "1998-03-31T22:25:05","version" => "2.14"},{"date" => "1998-04-02T11:40:38","version" => "2.16"},{"date" => "1998-04-28T08:35:12","version" => "2.17"},{"date" => "1998-06-22T19:45:24","version" => "2.18"},{"date" => "1998-07-06T23:12:33","version" => "2.19"},{"date" => "1998-07-08T13:05:04","version" => "2.20"},{"date" => "1998-11-13T21:48:08","version" => "2.21"},{"date" => "1999-06-09T10:34:35","version" => "2.23"},{"date" => "1999-11-03T07:10:32","version" => "2.24"},{"date" => "1999-11-05T09:46:11","version" => "2.25"},{"date" => "1999-12-14T23:01:49","version" => "3.00"},{"date" => "1999-12-19T07:07:38","version" => "3.01"},{"date" => "1999-12-21T09:55:56","version" => "3.02"},{"date" => "2000-01-15T16:25:39","version" => "3.04"},{"date" => "2000-01-22T16:14:25","version" => "3.05"},{"date" => "2000-03-06T14:00:15","version" => "3.06"},{"date" => "2000-03-20T12:47:48","version" => "3.07"},{"date" => "2000-05-23T10:59:19","version" => "3.08"},{"date" => "2000-06-28T08:49:09","version" => "3.09"},{"date" => "2000-06-29T07:52:47","version" => "3.10"},{"date" => "2000-08-22T10:04:28","version" => "3.11"},{"date" => "2000-09-14T18:22:47","version" => "3.12"},{"date" => "2000-09-17T01:55:45","version" => "3.13"},{"date" => "2000-12-04T06:05:39","version" => "3.14"},{"date" => "2000-12-26T09:04:53","version" => "3.15"},{"date" => "2001-02-23T07:21:20","version" => "3.16"},{"date" => "2001-02-24T06:32:38","version" => "3.17"},{"date" => "2001-02-25T04:51:50","version" => "3.18"},{"date" => "2001-03-10T04:32:27","version" => "3.19"},{"date" => "2001-03-13T19:44:52","version" => "3.19_90"},{"date" => "2001-03-16T02:29:32","version" => "3.19"},{"date" => "2001-03-19T19:26:50","version" => "3.19_91"},{"date" => "2001-03-26T15:37:39","version" => "3.19_92"},{"date" => "2001-03-27T19:44:20","version" => "3.19_93"},{"date" => "2001-03-30T08:24:11","version" => "3.19_94"},{"date" => "2001-04-03T00:18:14","version" => "3.20"},{"date" => "2001-04-10T22:34:03","version" => "3.21"},{"date" => "2001-04-18T05:31:23","version" => "3.22"},{"date" => "2001-05-02T04:18:51","version" => "3.23"},{"date" => "2001-05-05T06:18:21","version" => "3.23"},{"date" => "2001-05-09T07:23:34","version" => "3.24"},{"date" => "2001-05-11T17:26:39","version" => "3.25"},{"date" => "2001-06-12T08:35:06","version" => "3.25"},{"date" => "2002-03-17T20:11:55","version" => "3.26"},{"date" => "2003-01-18T13:08:01","version" => "3.27"},{"date" => "2003-04-17T03:56:32","version" => "3.28"},{"date" => "2003-08-15T06:11:17","version" => "3.29"},{"date" => "2003-08-18T05:48:21","version" => "3.30"},{"date" => "2003-08-19T14:56:07","version" => "3.31"},{"date" => "2003-10-10T14:31:48","version" => "3.32"},{"date" => "2003-10-14T10:53:29","version" => "3.33"},{"date" => "2003-10-27T21:23:09","version" => "3.34"},{"date" => "2003-12-12T14:27:23","version" => "3.35"},{"date" => "2004-04-01T12:21:44","version" => "3.36"},{"date" => "2004-11-10T18:56:54","version" => "3.37"},{"date" => "2004-11-11T10:19:56","version" => "3.38"},{"date" => "2004-11-17T14:33:49","version" => "3.39_90"},{"date" => "2004-11-23T11:46:30","version" => "3.39_91"},{"date" => "2004-11-23T22:25:21","version" => "3.39_92"},{"date" => "2004-11-29T11:14:34","version" => "3.40"},{"date" => "2004-11-30T09:30:56","version" => "3.41"},{"date" => "2004-12-04T11:54:54","version" => "3.42"},{"date" => "2004-12-06T09:19:28","version" => "3.43"},{"date" => "2004-12-28T14:07:28","version" => "3.44"},{"date" => "2005-01-06T09:09:45","version" => "3.45"},{"date" => "2005-10-24T12:34:04","version" => "3.46"},{"date" => "2005-11-22T21:50:09","version" => "3.47"},{"date" => "2005-12-02T17:41:00","version" => "3.48"},{"date" => "2006-02-08T10:58:39","version" => "3.49"},{"date" => "2006-02-14T18:32:51","version" => "3.50"},{"date" => "2006-03-22T09:26:15","version" => "3.51"},{"date" => "2006-04-26T08:43:13","version" => "3.52"},{"date" => "2006-04-27T11:55:34","version" => "3.53"},{"date" => "2006-04-28T08:21:04","version" => "3.54"},{"date" => "2006-07-10T09:16:22","version" => "3.55"},{"date" => "2007-01-12T11:00:07","version" => "3.56"},{"date" => "2008-11-16T21:45:07","version" => "3.57"},{"date" => "2008-11-17T11:35:37","version" => "3.58"},{"date" => "2008-11-24T09:15:09","version" => "3.59"},{"date" => "2009-02-09T11:26:08","version" => "3.60"},{"date" => "2009-06-20T09:34:17","version" => "3.61"},{"date" => "2009-08-13T21:01:27","version" => "3.62"},{"date" => "2009-10-22T20:11:52","version" => "3.63"},{"date" => "2009-10-25T12:24:11","version" => "3.64"},{"date" => "2010-04-04T20:44:00","version" => "3.65"},{"date" => "2010-07-09T13:27:13","version" => "3.66"},{"date" => "2010-08-17T17:15:19","version" => "3.67"},{"date" => "2010-09-01T21:28:52","version" => "3.68"},{"date" => "2011-10-15T15:35:01","version" => "3.69"},{"date" => "2013-03-28T22:21:30","version" => "3.70"},{"date" => "2013-05-08T22:23:29","version" => "3.71"},{"date" => "2016-01-19T17:44:02","version" => "3.72"},{"date" => "2020-08-25T17:40:17","version" => "3.73"},{"date" => "2020-08-30T18:40:48","version" => "3.74"},{"date" => "2020-08-30T19:58:22","version" => "3.75"},{"date" => "2021-03-04T18:06:59","version" => "3.76"},{"date" => "2022-03-14T22:12:49","version" => "3.77"},{"date" => "2022-03-28T15:23:23","version" => "3.78"},{"date" => "2022-10-12T15:41:58","version" => "3.79"},{"date" => "2022-11-01T14:19:26","version" => "3.80"},{"date" => "2023-01-31T03:13:18","version" => "3.81"},{"date" => "2024-03-13T20:11:51","version" => "3.82"},{"date" => "2024-07-30T16:42:50","version" => "3.83"}]},"HTML-Perlinfo" => {"advisories" => [{"affected_versions" => ["<1.52"],"cves" => [],"description" => "Possibility of denial-of-service attack.\n","distribution" => "HTML-Perlinfo","fixed_versions" => [">=1.52"],"id" => "CPANSA-HTML-Perlinfo-2008-01","references" => ["https://metacpan.org/changes/release/ACCARDO/HTML-Perlinfo-1.52"],"reported" => "2008-07-04"}],"main_module" => "HTML::Perlinfo","versions" => [{"date" => "2005-08-18T21:39:08","version" => "1.00"},{"date" => "2005-09-19T20:41:07","version" => "1.05"},{"date" => "2006-01-14T05:25:20","version" => "1.25"},{"date" => "2006-08-13T03:42:36","version" => "1.40"},{"date" => "2006-08-13T09:29:45","version" => "1.41"},{"date" => "2006-08-15T01:04:34","version" => "1.42"},{"date" => "2006-08-25T07:51:28","version" => "1.43"},{"date" => "2006-09-10T23:20:13","version" => "1.44"},{"date" => "2006-09-24T02:22:48","version" => "1.45"},{"date" => "2006-09-27T20:08:12","version" => "1.46"},{"date" => "2006-10-02T19:30:30","version" => "1.47"},{"date" => "2008-03-16T03:15:04","version" => "1.48"},{"date" => "2008-04-26T04:17:07","version" => "1.49"},{"date" => "2008-04-30T20:44:40","version" => "1.50"},{"date" => "2008-06-08T21:07:29","version" => "1.51"},{"date" => "2008-07-03T23:57:26","version" => "1.52"},{"date" => "2008-07-21T22:24:22","version" => "1.53"},{"date" => "2008-07-27T23:52:36","version" => "1.54"},{"date" => "2009-04-08T01:09:54","version" => "1.55"},{"date" => "2009-04-08T19:06:59","version" => "1.56"},{"date" => "2009-04-16T15:57:34","version" => "1.57"},{"date" => "2009-04-17T02:41:48","version" => "1.58"},{"date" => "2009-04-22T03:29:45","version" => "1.59"},{"date" => "2009-05-02T20:48:38","version" => "1.60"},{"date" => "2009-05-02T22:21:42","version" => "1.60"},{"date" => "2009-05-03T23:02:35","version" => "1.61"},{"date" => "2011-06-13T19:28:39","version" => "1.62"},{"date" => "2014-08-19T21:37:30","version" => "1.63"},{"date" => "2014-08-19T22:29:15","version" => "1.64"},{"date" => "2015-06-06T23:25:41","version" => "1.65"},{"date" => "2015-06-08T18:20:03","version" => "1.66"},{"date" => "2015-06-08T20:22:33","version" => "1.67"},{"date" => "2015-06-12T02:03:18","version" => "1.68"},{"date" => "2016-11-29T19:21:00","version" => "1.69"},{"date" => "2019-06-24T15:33:44","version" => "1.70"},{"date" => "2019-06-25T02:15:30","version" => "1.71"},{"date" => "2019-07-02T19:22:14","version" => "1.72"},{"date" => "2019-07-02T20:41:23","version" => "1.73"}]},"HTML-Scrubber" => {"advisories" => [{"affected_versions" => ["<0.15"],"cves" => ["CVE-2015-5667"],"description" => "Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.\n","distribution" => "HTML-Scrubber","fixed_versions" => [">=0.15"],"id" => "CPANSA-HTML-Scrubber-2015-5667","references" => ["http://jvn.jp/en/jp/JVN53973084/index.html","http://jvndb.jvn.jp/jvndb/JVNDB-2015-000171","https://metacpan.org/release/HTML-Scrubber","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172997.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172983.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172934.html"],"reported" => "2015-10-31","severity" => undef}],"main_module" => "HTML::Scrubber","versions" => [{"date" => "2003-04-18T14:10:19","version" => "0.02"},{"date" => "2003-07-21T14:57:02","version" => "0.03"},{"date" => "2003-10-30T02:31:36","version" => "0.04"},{"date" => "2003-10-31T07:27:00","version" => "0.05"},{"date" => "2003-11-02T11:10:49","version" => "0.06"},{"date" => "2004-03-18T14:35:12","version" => "0.07"},{"date" => "2004-04-01T22:12:20","version" => "0.08"},{"date" => "2011-04-01T15:36:18","version" => "0.09"},{"date" => "2013-09-27T14:06:41","version" => "0.10"},{"date" => "2013-10-11T14:13:11","version" => "0.11"},{"date" => "2015-03-14T18:25:35","version" => "0.12"},{"date" => "2015-03-19T16:31:12","version" => "0.13"},{"date" => "2015-04-02T16:20:48","version" => "0.14"},{"date" => "2015-10-10T14:02:08","version" => "0.15"},{"date" => "2017-06-25T19:31:24","version" => "0.16"},{"date" => "2017-06-27T13:04:46","version" => "0.17"},{"date" => "2019-09-22T11:11:50","version" => "0.18"},{"date" => "2019-09-24T12:28:19","version" => "0.19"}]},"HTML-StripScripts" => {"advisories" => [{"affected_versions" => ["<=1.06"],"cves" => ["CVE-2023-24038"],"description" => "The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.\n","distribution" => "HTML-StripScripts","fixed_versions" => [],"id" => "CPANSA-HTML-StripScripts-2023-24038","references" => ["https://github.com/clintongormley/perl-html-stripscripts/issues/3","https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html","https://www.debian.org/security/2023/dsa-5339"],"reported" => "2023-01-21","severity" => "high"}],"main_module" => "HTML::StripScripts","versions" => [{"date" => "2003-03-30T10:08:51","version" => "0.01"},{"date" => "2003-07-25T18:13:42","version" => "0.02"},{"date" => "2004-04-27T16:45:34","version" => "0.03"},{"date" => "2007-05-28T11:57:07","version" => "0.90"},{"date" => "2007-05-28T12:31:03","version" => "0.99"},{"date" => "2007-05-29T13:15:46","version" => "0.991"},{"date" => "2007-06-05T12:44:56","version" => "1.00"},{"date" => "2007-10-22T14:30:52","version" => "1.01"},{"date" => "2007-10-22T15:47:44","version" => "1.02"},{"date" => "2007-10-22T17:21:36","version" => "1.03"},{"date" => "2007-11-16T17:53:46","version" => "1.04"},{"date" => "2009-11-05T10:25:59","version" => "1.05"},{"date" => "2016-05-12T09:44:35","version" => "1.06"}]},"HTML-Template-Pro" => {"advisories" => [{"affected_versions" => ["<0.9507"],"cves" => ["CVE-2011-4616"],"description" => "Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.\n","distribution" => "HTML-Template-Pro","fixed_versions" => [">=0.9507"],"id" => "CPANSA-HTML-Template-Pro-2011-4616","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587","http://openwall.com/lists/oss-security/2011/12/19/1","http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507","http://secunia.com/advisories/47184","http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes","http://www.securityfocus.com/bid/51117","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html"],"reported" => "2012-01-06","severity" => undef}],"main_module" => "HTML::Template::Pro","versions" => [{"date" => "2005-06-09T11:07:59","version" => "0.38"},{"date" => "2005-06-22T09:55:37","version" => "0.39"},{"date" => "2005-07-07T09:11:59","version" => "0.40"},{"date" => "2005-07-26T16:58:29","version" => "0.41"},{"date" => "2005-08-04T15:58:27","version" => "0.42"},{"date" => "2005-08-04T17:36:21","version" => "0.43"},{"date" => "2005-08-12T16:32:44","version" => "0.44"},{"date" => "2005-08-19T19:10:08","version" => "0.45"},{"date" => "2005-08-26T18:24:23","version" => "0.46"},{"date" => "2005-08-31T17:43:09","version" => "0.48"},{"date" => "2005-09-08T17:43:14","version" => "0.50"},{"date" => "2005-09-30T15:59:34","version" => "0.52"},{"date" => "2005-10-06T17:14:51","version" => "0.53"},{"date" => "2005-10-17T13:37:05","version" => "0.54"},{"date" => "2005-10-26T12:18:18","version" => "0.55"},{"date" => "2005-11-03T16:46:06","version" => "0.56"},{"date" => "2005-11-13T16:12:39","version" => "0.57"},{"date" => "2005-12-02T08:10:18","version" => "0.58"},{"date" => "2006-01-22T20:07:54","version" => "0.59"},{"date" => "2006-02-02T16:32:55","version" => "0.60"},{"date" => "2006-02-06T20:45:02","version" => "0.61"},{"date" => "2006-02-22T20:05:55","version" => "0.62"},{"date" => "2006-04-18T20:24:51","version" => "0.64"},{"date" => "2007-06-01T14:46:48","version" => "0.65"},{"date" => "2007-10-04T11:08:55","version" => "0.66"},{"date" => "2007-12-02T23:20:56","version" => "0.67"},{"date" => "2008-01-08T18:01:32","version" => "0.68"},{"date" => "2008-01-08T20:03:26","version" => "0.68"},{"date" => "2008-03-01T19:46:47","version" => "0.69"},{"date" => "2008-06-09T09:06:12","version" => "0.70"},{"date" => "2008-09-05T19:36:06","version" => "0.71"},{"date" => "2008-12-19T08:16:12","version" => "0.72"},{"date" => "2009-04-02T20:36:25","version" => "0.73"},{"date" => "2009-04-10T20:41:07","version" => "0.74"},{"date" => "2009-07-05T16:40:09","version" => "0.75"},{"date" => "2009-07-13T08:33:36","version" => "0.76"},{"date" => "2009-07-23T17:37:10","version" => "0.80"},{"date" => "2009-07-28T15:58:37","version" => "0.81"},{"date" => "2009-08-04T15:46:34","version" => "0.82"},{"date" => "2009-08-05T20:27:52","version" => "0.83"},{"date" => "2009-08-08T18:13:20","version" => "0.84"},{"date" => "2009-08-09T16:45:02","version" => "0.85"},{"date" => "2009-08-24T08:00:34","version" => "0.86"},{"date" => "2009-08-29T19:22:41","version" => "0.87"},{"date" => "2009-09-11T16:53:57","version" => "0.90"},{"date" => "2009-09-24T15:48:49","version" => "0.91"},{"date" => "2009-09-29T20:14:35","version" => "0.92"},{"date" => "2009-11-23T20:25:34","version" => "0.93"},{"date" => "2010-03-26T19:12:55","version" => "0.94"},{"date" => "2010-05-21T19:34:29","version" => "0.95"},{"date" => "2010-06-16T19:00:45","version" => "0.9501"},{"date" => "2010-06-24T18:50:34","version" => "0.9502"},{"date" => "2010-08-29T12:45:12","version" => "0.9503"},{"date" => "2010-09-29T07:16:03","version" => "0.9504"},{"date" => "2011-07-01T10:40:21","version" => "0.9505"},{"date" => "2011-10-04T20:31:16","version" => "0.9506"},{"date" => "2011-12-09T07:59:17","version" => "0.9507"},{"date" => "2011-12-26T21:57:41","version" => "0.9508"},{"date" => "2012-02-28T19:59:05","version" => "0.9509"},{"date" => "2013-05-13T08:40:09","version" => "0.9510"},{"date" => "2021-11-30T23:21:23","version" => "0.9520"},{"date" => "2021-12-02T07:27:12","version" => "0.9521"},{"date" => "2021-12-06T17:53:48","version" => "0.9522"},{"date" => "2021-12-15T09:50:03","version" => "0.9523"},{"date" => "2022-01-16T20:42:34","version" => "0.9524"}]},"HTTP-Body" => {"advisories" => [{"affected_versions" => [">=1.08,<1.23"],"cves" => ["CVE-2013-4407"],"description" => "HTTP::Body::Multipart in the HTTP-Body 1.08, 1.22, and earlier module for Perl uses the part of the uploaded file's name after the first \".\" character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.\n","distribution" => "HTTP-Body","fixed_versions" => [">=1.23"],"id" => "CPANSA-HTTP-Body-2013-4407","references" => ["https://www.openwall.com/lists/oss-security/2024/04/07/1","https://security-tracker.debian.org/tracker/CVE-2013-4407","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634"],"reported" => "2013-09-02","severity" => "moderate"}],"main_module" => "HTTP::Body","versions" => [{"date" => "2005-10-06T23:31:10","version" => "0.01"},{"date" => "2005-10-07T19:39:00","version" => "0.2"},{"date" => "2005-10-28T00:04:21","version" => "0.03"},{"date" => "2005-11-09T06:02:28","version" => "0.4"},{"date" => "2005-11-17T04:03:44","version" => "0.5"},{"date" => "2006-01-06T11:55:08","version" => "0.6"},{"date" => "2007-03-23T17:02:39","version" => "0.7"},{"date" => "2007-03-24T01:48:23","version" => "0.8"},{"date" => "2007-03-27T17:55:21","version" => "0.9"},{"date" => "2008-02-23T16:03:17","version" => "1.00"},{"date" => "2008-02-23T16:16:09","version" => "1.01"},{"date" => "2008-02-27T22:08:06","version" => "1.02"},{"date" => "2008-04-07T14:20:46","version" => "1.03"},{"date" => "2008-06-23T19:41:56","version" => "1.04"},{"date" => "2008-12-01T22:14:51","version" => "1.05"},{"date" => "2010-01-09T18:23:07","version" => "1.06"},{"date" => "2010-01-24T19:42:49","version" => "1.07"},{"date" => "2010-08-19T19:02:08","version" => "1.08"},{"date" => "2010-08-19T23:11:46","version" => "1.09"},{"date" => "2010-10-08T14:52:40","version" => "1.10"},{"date" => "2010-10-26T14:38:59","version" => "1.11"},{"date" => "2011-03-20T00:58:03","version" => "1.12"},{"date" => "2011-11-04T18:44:06","version" => "1.14"},{"date" => "2011-12-05T03:02:21","version" => "1.15"},{"date" => "2012-10-03T15:19:24","version" => "1.16"},{"date" => "2012-10-03T22:04:49","version" => "1.17"},{"date" => "2013-12-06T15:06:26","version" => "1.18"},{"date" => "2013-12-06T15:07:56","version" => "1.19"},{"date" => "2015-01-28T15:21:00","version" => "1.20"},{"date" => "2015-01-29T03:50:10","version" => "1.21"},{"date" => "2015-01-29T03:53:01","version" => "1.22"},{"date" => "2024-03-30T03:28:24","version" => "1.23"}]},"HTTP-Daemon" => {"advisories" => [{"affected_versions" => ["<6.15"],"cves" => ["CVE-2022-31081"],"description" => "HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my \$rqst = \$conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my \$cl = \$rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected.\n","distribution" => "HTTP-Daemon","fixed_versions" => [">=6.15"],"id" => "CPANSA-HTTP-Daemon-2022-31081","references" => ["https://github.com/libwww-perl/HTTP-Daemon/commit/e84475de51d6fd7b29354a997413472a99db70b2","https://github.com/libwww-perl/HTTP-Daemon/commit/8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0","https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn","https://datatracker.ietf.org/doc/html/rfc7230#section-9.5","https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf","http://metacpan.org/release/HTTP-Daemon/","https://cwe.mitre.org/data/definitions/444.html","https://github.com/libwww-perl/HTTP-Daemon/issues/56","https://github.com/NixOS/nixpkgs/pull/181632"],"reported" => "2022-06-27","severity" => "medium"}],"main_module" => "HTTP::Daemon","versions" => [{"date" => "2011-02-27T22:49:28","version" => "6.00"},{"date" => "2012-02-18T12:26:43","version" => "6.01"},{"date" => "2019-04-01T16:05:05","version" => "6.02"},{"date" => "2019-04-01T20:58:35","version" => "6.03"},{"date" => "2019-04-02T13:12:12","version" => "6.04"},{"date" => "2019-07-26T20:42:43","version" => "6.05"},{"date" => "2019-08-29T14:24:33","version" => "6.06"},{"date" => "2020-05-19T19:20:38","version" => "6.07"},{"date" => "2020-05-22T15:27:22","version" => "6.08"},{"date" => "2020-05-25T16:53:41","version" => "6.09"},{"date" => "2020-05-26T16:22:18","version" => "6.10"},{"date" => "2020-06-03T14:48:37","version" => "6.11"},{"date" => "2020-06-04T16:03:28","version" => "6.12"},{"date" => "2022-02-09T20:41:36","version" => "6.13"},{"date" => "2022-03-03T20:49:07","version" => "6.14"},{"date" => "2023-02-22T22:03:32","version" => "6.15"},{"date" => "2023-02-24T03:09:01","version" => "6.16"}]},"HTTP-Session2" => {"advisories" => [{"affected_versions" => ["<1.10"],"cves" => ["CVE-2018-25160"],"description" => "HTTP::Session2 1.09 does not validate session id, this causes RCE depending on the session store you use.\n","distribution" => "HTTP-Session2","fixed_versions" => [">=1.10"],"id" => "CPANSA-HTTP-Session2-2018-01","references" => ["https://metacpan.org/changes/distribution/HTTP-Session2","https://github.com/tokuhirom/HTTP-Session2/commit/813838f6d08034b6a265a70e53b59b941b5d3e6d"],"reported" => "2018-01-26","severity" => "critical"},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2026-3255"],"description" => "HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function.  The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand() function is unsuitable for cryptographic usage.  HTTP::Session2 after version 1.02 will attempt to use the /dev/urandom device to generate a session id, but if the device is unavailable (for example, under Windows), then it will revert to the insecure method described above.","distribution" => "HTTP-Session2","fixed_versions" => [">=1.12"],"id" => "CPANSA-HTTP-Session2-2026-3255","references" => ["https://github.com/tokuhirom/HTTP-Session2/commit/9cfde4d7e0965172aef5dcfa3b03bb48df93e636.patch","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.01/source/lib/HTTP/Session2/ServerStore.pm#L68","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.11/source/lib/HTTP/Session2/Random.pm#L35","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.12/changes","http://www.openwall.com/lists/oss-security/2026/02/27/12"],"reported" => "2026-02-27","severity" => undef}],"main_module" => "HTTP::Session2","versions" => [{"date" => "2013-10-28T03:20:09","version" => "0.01"},{"date" => "2013-10-30T00:17:21","version" => "0.02"},{"date" => "2013-10-31T01:21:27","version" => "0.03"},{"date" => "2013-11-01T01:10:52","version" => "0.04"},{"date" => "2014-03-18T18:53:09","version" => "0.05"},{"date" => "2014-07-28T04:10:11","version" => "1.00"},{"date" => "2014-07-28T11:44:05","version" => "1.01"},{"date" => "2014-07-31T21:17:23","version" => "1.02"},{"date" => "2014-08-01T11:04:00","version" => "1.03"},{"date" => "2014-08-01T11:10:56","version" => "1.04"},{"date" => "2014-08-01T11:20:46","version" => "1.05"},{"date" => "2014-08-01T14:04:04","version" => "1.06"},{"date" => "2014-08-01T14:08:11","version" => "1.07"},{"date" => "2014-08-03T07:23:00","version" => "1.08"},{"date" => "2014-09-01T02:26:38","version" => "1.09"},{"date" => "2018-01-26T05:02:08","version" => "1.10"},{"date" => "2026-02-25T16:30:30","version" => "1.11"},{"date" => "2026-02-26T14:47:32","version" => "1.12"}]},"HTTP-Tiny" => {"advisories" => [{"affected_versions" => ["<0.083"],"cves" => ["CVE-2023-31486"],"description" => "HTTP::Tiny v0.082, a Perl core module since v5.13.9 and available standalone on CPAN, does not verify TLS certs by default. Users must opt-in with the verify_SSL=>1 flag to verify certs when using HTTPS.\n\nResulting in a CWE-1188: Insecure Default Initialization of Resource weakness.\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.083"],"id" => "CPANSA-HTTP-Tiny-2023-31486","references" => ["https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://github.com/chansen/p5-http-tiny/issues/152","https://github.com/chansen/p5-http-tiny/pull/151","https://hackeriet.github.io/cpan-http-tiny-overview/","https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/","https://github.com/NixOS/nixpkgs/pull/187480","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089","https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92.patch","https://github.com/chansen/p5-http-tiny/issues/134","https://github.com/chansen/p5-http-tiny/issues/68"],"reported" => "2023-02-14"},{"affected_versions" => ["<0.059"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.059"],"id" => "CPANSA-HTTP-Tiny-2016-1238","references" => ["https://metacpan.org/changes/distribution/HTTP-Tiny","https://github.com/chansen/p5-http-tiny/commit/b239c95ea7a256cfee9b8848f1bd4d1df6e66444"],"reported" => "2016-07-29"},{"affected_versions" => ["<0.039"],"cves" => [],"description" => "Temporary file creating during mirror()  not opened exclusively.\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.039"],"id" => "CPANSA-HTTP-Tiny-2013-01","references" => ["https://metacpan.org/dist/HTTP-Tiny/changes"],"reported" => "2013-11-27"}],"main_module" => "HTTP::Tiny","versions" => [{"date" => "2010-12-11T12:59:31","version" => "0.001"},{"date" => "2010-12-14T02:59:37","version" => "0.002"},{"date" => "2010-12-15T17:30:49","version" => "0.003"},{"date" => "2010-12-16T03:53:33","version" => "0.004"},{"date" => "2011-01-08T11:32:21","version" => "0.005"},{"date" => "2011-01-10T12:27:39","version" => "0.006"},{"date" => "2011-01-12T09:56:28","version" => "0.007"},{"date" => "2011-01-14T11:34:51","version" => "0.008"},{"date" => "2011-01-17T21:29:27","version" => "0.009"},{"date" => "2011-02-04T07:45:53","version" => "0.010"},{"date" => "2011-03-20T00:49:53","version" => "0.011"},{"date" => "2011-03-31T19:49:33","version" => "0.012"},{"date" => "2011-07-18T03:15:12","version" => "0.013"},{"date" => "2011-10-20T17:55:01","version" => "0.014"},{"date" => "2011-10-26T20:42:15","version" => "0.015"},{"date" => "2011-10-27T03:06:06","version" => "0.016"},{"date" => "2012-02-23T02:58:42","version" => "0.017"},{"date" => "2012-04-18T13:41:15","version" => "0.018"},{"date" => "2012-05-14T11:15:52","version" => "0.019"},{"date" => "2012-05-14T19:25:57","version" => "0.020"},{"date" => "2012-05-16T02:39:55","version" => "0.021"},{"date" => "2012-06-02T03:32:21","version" => "0.022"},{"date" => "2012-09-19T16:06:37","version" => "0.023"},{"date" => "2012-10-10T00:45:59","version" => "0.024"},{"date" => "2012-12-26T17:11:23","version" => "0.025"},{"date" => "2013-03-05T03:54:12","version" => "0.026"},{"date" => "2013-03-05T17:04:07","version" => "0.027"},{"date" => "2013-03-05T19:13:42","version" => "0.028"},{"date" => "2013-04-17T17:51:23","version" => "0.029"},{"date" => "2013-06-13T15:47:33","version" => "0.030"},{"date" => "2013-06-17T03:18:45","version" => "0.031"},{"date" => "2013-06-20T15:42:26","version" => "0.032"},{"date" => "2013-06-21T10:27:45","version" => "0.033"},{"date" => "2013-06-26T23:03:50","version" => "0.034"},{"date" => "2013-09-10T16:30:04","version" => "0.035"},{"date" => "2013-09-25T16:11:04","version" => "0.036"},{"date" => "2013-10-28T17:50:02","version" => "0.037"},{"date" => "2013-11-18T17:57:17","version" => "0.038"},{"date" => "2013-11-28T00:49:36","version" => "0.039"},{"date" => "2014-02-17T18:05:10","version" => "0.040"},{"date" => "2014-02-17T18:09:12","version" => "0.041"},{"date" => "2014-02-18T16:24:50","version" => "0.042"},{"date" => "2014-02-21T01:42:05","version" => "0.043"},{"date" => "2014-07-17T03:47:41","version" => "0.044"},{"date" => "2014-07-20T23:24:33","version" => "0.045"},{"date" => "2014-07-21T14:33:53","version" => "0.046"},{"date" => "2014-07-29T18:13:01","version" => "0.047"},{"date" => "2014-08-21T17:20:45","version" => "0.048"},{"date" => "2014-09-02T15:21:17","version" => "0.049"},{"date" => "2014-09-23T19:32:00","version" => "0.050"},{"date" => "2014-11-18T03:59:56","version" => "0.051"},{"date" => "2014-12-11T20:25:19","version" => "0.052"},{"date" => "2014-12-12T04:43:37","version" => "0.053"},{"date" => "2015-01-27T12:18:58","version" => "0.054"},{"date" => "2015-05-07T22:15:24","version" => "0.055"},{"date" => "2015-05-19T10:01:27","version" => "0.056"},{"date" => "2016-04-18T14:19:09","version" => "0.057"},{"date" => "2016-05-03T17:49:33","version" => "0.058"},{"date" => "2016-07-29T20:12:12","version" => "0.059"},{"date" => "2016-08-05T16:12:02","version" => "0.061"},{"date" => "2016-08-08T16:20:33","version" => "0.063"},{"date" => "2016-08-17T01:43:01","version" => "0.064"},{"date" => "2016-09-10T02:43:48","version" => "0.065"},{"date" => "2016-09-14T15:45:04","version" => "0.067"},{"date" => "2016-09-23T20:15:05","version" => "0.068"},{"date" => "2016-10-05T15:37:11","version" => "0.069"},{"date" => "2016-10-10T03:25:33","version" => "0.070"},{"date" => "2018-07-24T15:35:02","version" => "0.073"},{"date" => "2018-07-30T19:37:29","version" => "0.074"},{"date" => "2018-08-01T11:10:11","version" => "0.075"},{"date" => "2018-08-06T01:09:54","version" => "0.076"},{"date" => "2021-07-22T17:08:36","version" => "0.077"},{"date" => "2021-08-02T13:26:31","version" => "0.078"},{"date" => "2021-11-04T16:34:59","version" => "0.079"},{"date" => "2021-11-05T12:17:42","version" => "0.080"},{"date" => "2022-07-17T13:02:38","version" => "0.081"},{"date" => "2022-07-25T13:47:22","version" => "0.082"},{"date" => "2023-06-11T11:06:38","version" => "0.083"},{"date" => "2023-06-14T10:35:44","version" => "0.084"},{"date" => "2023-06-22T14:07:29","version" => "0.086"},{"date" => "2023-07-11T12:54:02","version" => "0.088"},{"date" => "2024-10-21T07:38:21","version" => "0.089"},{"date" => "2024-11-12T10:52:55","version" => "0.090"},{"date" => "2025-12-13T05:27:26","version" => "0.091"},{"date" => "2025-12-27T19:51:28","version" => "0.092"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.054_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "0.056_001"}]},"HarfBuzz-Shaper" => {"advisories" => [{"affected_versions" => ["<0.032"],"cves" => ["CVE-2026-0943"],"description" => "HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.\x{a0}  Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.","distribution" => "HarfBuzz-Shaper","embedded_vulnerability" => {"distributed_version" => "8.4.0","name" => "harfbuzz"},"fixed_versions" => [">=0.032"],"id" => "CPANSA-HarfBuzz-Shaper-2026-0943","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=2429296","https://metacpan.org/release/JV/HarfBuzz-Shaper-0.032/changes","https://www.cve.org/CVERecord?id=CVE-2026-22693"],"reported" => "2026-01-19","severity" => undef},{"affected_versions" => [">0.017.1,<0.018.1"],"cves" => ["CVE-2026-22693"],"description" => "HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.","distribution" => "HarfBuzz-Shaper","fixed_versions" => [],"id" => "CPANSA-HarfBuzz-Shaper-2026-22693-harfbuzz","references" => ["https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae","https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww","http://www.openwall.com/lists/oss-security/2026/01/11/1","http://www.openwall.com/lists/oss-security/2026/01/12/1"],"reported" => "2026-01-10","severity" => undef}],"main_module" => "HarfBuzz::Shaper","versions" => [{"date" => "2020-01-25T20:50:26","version" => "0.01"},{"date" => "2020-01-25T21:11:12","version" => "0.011"},{"date" => "2020-01-26T11:27:35","version" => "0.012"},{"date" => "2020-01-26T18:54:44","version" => "0.013"},{"date" => "2020-01-26T20:44:49","version" => "0.014"},{"date" => "2020-01-26T21:23:20","version" => "0.015"},{"date" => "2020-01-27T11:11:25","version" => "0.016"},{"date" => "2020-01-29T20:06:05","version" => "0.017"},{"date" => "2020-01-29T22:48:07","version" => "v0.017.1"},{"date" => "2020-01-30T08:56:56","version" => "0.018"},{"date" => "2020-01-30T23:01:26","version" => "v0.018.1"},{"date" => "2020-01-31T08:41:35","version" => "v0.018.2"},{"date" => "2020-01-31T14:42:22","version" => "v0.018.3"},{"date" => "2020-02-02T09:24:58","version" => "v0.018.4"},{"date" => "2020-02-06T15:32:38","version" => "0.019"},{"date" => "2020-02-07T08:52:42","version" => "0.020"},{"date" => "2020-02-08T21:13:09","version" => "0.021"},{"date" => "2020-06-05T11:33:14","version" => "0.022"},{"date" => "2020-07-11T20:50:43","version" => "0.023"},{"date" => "2021-04-12T09:07:33","version" => "0.024"},{"date" => "2021-12-24T07:18:44","version" => "0.025"},{"date" => "2022-01-07T19:55:32","version" => "0.026"},{"date" => "2024-05-07T12:06:56","version" => "0.027"},{"date" => "2025-01-29T09:03:21","version" => "0.028"},{"date" => "2025-01-30T05:18:06","version" => "0.029"},{"date" => "2025-01-31T14:13:59","version" => "0.030"},{"date" => "2025-01-31T19:34:57","version" => "0.031"},{"date" => "2026-01-14T23:19:07","version" => "0.032"},{"date" => "2026-01-19T21:24:52","version" => "0.033"}]},"IO-Compress" => {"advisories" => [{"affected_versions" => ["<2.070"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "IO-Compress","fixed_versions" => [">=2.070"],"id" => "CPANSA-IO-Compress-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "IO::Compress","versions" => [{"date" => "2009-04-04T09:49:11","version" => "2.017"},{"date" => "2009-05-03T16:27:20","version" => "2.018"},{"date" => "2009-05-04T09:43:44","version" => "2.019"},{"date" => "2009-06-03T17:48:41","version" => "2.020"},{"date" => "2009-08-30T20:27:02","version" => "2.021"},{"date" => "2009-10-09T21:56:08","version" => "2.022"},{"date" => "2009-11-09T23:43:07","version" => "2.023"},{"date" => "2010-01-09T17:56:46","version" => "2.024"},{"date" => "2010-03-28T12:57:23","version" => "2.025"},{"date" => "2010-04-07T19:51:37","version" => "2.026"},{"date" => "2010-04-24T19:16:06","version" => "2.027"},{"date" => "2010-07-24T14:46:19","version" => "2.030"},{"date" => "2011-01-06T11:24:01","version" => "2.032"},{"date" => "2011-01-11T14:03:58","version" => "2.033"},{"date" => "2011-05-02T21:50:29","version" => "2.034"},{"date" => "2011-05-07T08:32:12","version" => "2.035"},{"date" => "2011-06-18T21:45:50","version" => "2.036"},{"date" => "2011-06-22T07:19:49","version" => "2.037"},{"date" => "2011-10-28T14:28:46","version" => "2.039"},{"date" => "2011-10-28T22:20:49","version" => "2.040"},{"date" => "2011-11-17T23:45:33","version" => "2.042"},{"date" => "2011-11-20T21:34:13","version" => "2.043"},{"date" => "2011-12-03T22:49:21","version" => "2.044"},{"date" => "2011-12-04T19:21:48","version" => "2.045"},{"date" => "2011-12-18T22:38:32","version" => "2.046"},{"date" => "2012-01-28T23:28:39","version" => "2.047"},{"date" => "2012-01-29T17:00:45","version" => "2.048"},{"date" => "2012-02-18T15:58:24","version" => "2.049"},{"date" => "2012-04-29T12:42:10","version" => "2.052"},{"date" => "2012-08-05T20:37:36","version" => "2.055"},{"date" => "2012-11-10T19:09:13","version" => "2.057"},{"date" => "2012-11-12T22:15:00","version" => "2.058"},{"date" => "2012-12-15T13:41:23","version" => "2.059"},{"date" => "2013-01-07T20:02:34","version" => "2.060"},{"date" => "2013-05-27T09:55:05","version" => "2.061"},{"date" => "2013-08-12T19:08:16","version" => "2.062"},{"date" => "2013-11-02T17:15:29","version" => "2.063"},{"date" => "2014-02-01T23:21:32","version" => "2.064"},{"date" => "2014-09-21T12:42:45","version" => "2.066"},{"date" => "2014-12-08T15:14:06","version" => "2.067"},{"date" => "2014-12-23T17:46:25","version" => "2.068"},{"date" => "2015-09-26T18:42:09","version" => "2.069"},{"date" => "2016-12-28T23:09:27","version" => "2.070"},{"date" => "2017-02-12T20:41:37","version" => "2.072"},{"date" => "2017-02-19T20:37:27","version" => "2.073"},{"date" => "2017-02-19T22:11:53","version" => "2.074"},{"date" => "2018-04-03T18:22:13","version" => "2.080"},{"date" => "2018-04-08T15:03:07","version" => "2.081"},{"date" => "2018-12-30T22:40:20","version" => "2.083"},{"date" => "2019-01-06T08:57:26","version" => "2.084"},{"date" => "2019-03-31T19:16:41","version" => "2.086"},{"date" => "2019-08-10T18:12:14","version" => "2.087"},{"date" => "2019-11-03T09:29:00","version" => "2.088"},{"date" => "2019-11-03T19:54:15","version" => "2.089"},{"date" => "2019-11-09T16:00:26","version" => "2.090"},{"date" => "2019-11-23T19:44:59","version" => "2.091"},{"date" => "2019-12-04T22:10:26","version" => "2.092"},{"date" => "2019-12-07T16:05:46","version" => "2.093"},{"date" => "2020-07-14T15:32:09","version" => "2.094"},{"date" => "2020-07-20T19:25:09","version" => "2.095"},{"date" => "2020-07-31T20:53:32","version" => "2.096"},{"date" => "2021-01-07T13:57:52","version" => "2.100"},{"date" => "2021-02-20T14:25:27","version" => "2.101"},{"date" => "2021-02-28T08:57:41","version" => "2.102"},{"date" => "2022-04-03T19:50:28","version" => "2.103"},{"date" => "2022-04-09T15:43:24","version" => "2.104"},{"date" => "2022-04-09T21:36:46","version" => "2.105"},{"date" => "2022-04-12T16:10:04","version" => "2.106"},{"date" => "2022-06-25T09:04:18","version" => "2.201"},{"date" => "2023-02-08T21:49:30","version" => "2.204"},{"date" => "2023-07-16T19:41:51","version" => "2.205"},{"date" => "2023-07-25T15:56:21","version" => "2.206"},{"date" => "2024-02-18T22:20:49","version" => "2.207"},{"date" => "2024-03-31T15:17:06","version" => "2.208"},{"date" => "2024-04-06T13:44:44","version" => "2.211"},{"date" => "2024-04-27T12:55:39","version" => "2.212"},{"date" => "2024-08-28T15:36:27","version" => "2.213"},{"date" => "2025-10-24T16:29:27","version" => "2.214"},{"date" => "2026-01-30T17:09:53","version" => "2.215"},{"date" => "2026-01-30T22:29:53","version" => "2.216"},{"date" => "2026-02-01T11:12:56","version" => "2.217"},{"date" => "2026-03-08T15:13:32","version" => "2.218"},{"date" => "2026-03-09T13:58:06","version" => "2.219"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => undef}]},"IO-Compress-Brotli" => {"advisories" => [{"affected_versions" => [">=0.002,<=0.002001"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => [">=0.002_002,<=0.003"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => [">=0.003_001,<=0.004"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => ["==0.004001"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => ["==0.004_002"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"}],"main_module" => "IO::Compress::Brotli","versions" => [{"date" => "2015-12-31T19:03:44","version" => "0.001"},{"date" => "2016-01-01T09:33:21","version" => "0.001001"},{"date" => "2016-08-27T23:37:42","version" => "0.002"},{"date" => "2016-09-08T22:12:55","version" => "0.002001"},{"date" => "2017-09-09T17:15:27","version" => "0.002_002"},{"date" => "2017-09-16T20:41:00","version" => "0.003"},{"date" => "2017-09-23T19:24:01","version" => "0.003_001"},{"date" => "2017-10-14T17:57:14","version" => "0.003_002"},{"date" => "2017-10-28T19:51:35","version" => "0.004"},{"date" => "2018-05-19T19:01:07","version" => "0.004001"},{"date" => "2019-06-11T13:08:10","version" => "0.004_002"},{"date" => "2023-10-22T02:32:43","version" => "0.005"},{"date" => "2023-10-25T01:07:09","version" => "0.006"},{"date" => "2023-10-26T23:39:09","version" => "0.007"},{"date" => "2023-10-27T20:59:46","version" => "0.008"},{"date" => "2023-10-28T01:38:26","version" => "0.009"},{"date" => "2023-10-28T13:52:29","version" => "0.010"},{"date" => "2023-10-29T00:01:12","version" => "0.011"},{"date" => "2023-10-29T12:50:49","version" => "0.012"},{"date" => "2023-10-29T16:08:16","version" => "0.013"},{"date" => "2023-10-29T22:30:42","version" => "0.014"},{"date" => "2023-10-30T20:23:25","version" => "0.015"},{"date" => "2023-10-31T01:19:01","version" => "0.016"},{"date" => "2023-10-31T19:55:10","version" => "0.017"},{"date" => "2023-10-31T23:58:30","version" => "0.018"},{"date" => "2024-11-30T18:35:29","version" => "0.019"},{"date" => "2025-11-18T03:02:17","version" => "0.020"}]},"IO-Socket-SSL" => {"advisories" => [{"affected_versions" => ["<=1.35"],"cves" => ["CVE-2010-4334"],"description" => "The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.\n","distribution" => "IO-Socket-SSL","fixed_versions" => [">1.35"],"id" => "CPANSA-IO-Socket-SSL-2010-4334","references" => ["http://osvdb.org/69626","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058","http://www.securityfocus.com/bid/45189","http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes","http://secunia.com/advisories/42508","http://secunia.com/advisories/42757","http://www.openwall.com/lists/oss-security/2010/12/09/8","http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052594.html","http://www.openwall.com/lists/oss-security/2010/12/24/1","http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052601.html","http://www.mandriva.com/security/advisories?name=MDVSA-2011:092"],"reported" => "2011-01-14","severity" => undef},{"affected_versions" => [">=1.14","<=1.25"],"cves" => ["CVE-2009-3024"],"description" => "The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.\n","distribution" => "IO-Socket-SSL","fixed_versions" => [">=1.26"],"id" => "CPANSA-IO-Socket-SSL-2009-3024","references" => ["http://www.openwall.com/lists/oss-security/2009/08/31/4","http://www.openwall.com/lists/oss-security/2009/08/28/1","http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.30/Changes","http://www.openwall.com/lists/oss-security/2009/08/29/1","http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html","http://www.vupen.com/english/advisories/2011/0118","http://www.gentoo.org/security/en/glsa/glsa-201101-06.xml","http://secunia.com/advisories/42893"],"reported" => "2009-08-31","severity" => undef}],"main_module" => "IO::Socket::SSL","versions" => [{"date" => "1999-06-18T14:54:49","version" => "0.70"},{"date" => "1999-07-21T19:45:05","version" => "0.72"},{"date" => "1999-07-29T17:28:04","version" => "0.73"},{"date" => "2000-07-04T11:46:51","version" => "0.74"},{"date" => "2000-08-08T06:59:10","version" => "0.75"},{"date" => "2000-11-17T14:26:45","version" => "0.76"},{"date" => "2001-01-15T13:57:06","version" => "0.77"},{"date" => "2001-04-24T07:00:38","version" => "0.78"},{"date" => "2001-06-04T08:01:01","version" => "0.79"},{"date" => "2001-08-19T08:28:53","version" => "0.80"},{"date" => "2002-04-10T12:43:43","version" => "0.81"},{"date" => "2002-08-13T21:42:55","version" => "0.90"},{"date" => "2002-08-19T15:28:09","version" => "0.901"},{"date" => "2002-09-01T01:13:14","version" => "0.91"},{"date" => "2002-10-22T06:15:30","version" => "0.92"},{"date" => "2003-06-24T19:24:37","version" => "0.93"},{"date" => "2003-06-26T19:41:04","version" => "0.94"},{"date" => "2003-08-25T22:47:30","version" => "0.95"},{"date" => "2004-04-30T17:43:07","version" => "0.96"},{"date" => "2005-07-17T09:20:02","version" => "0.97"},{"date" => "2006-06-12T14:37:33","version" => "0.98"},{"date" => "2006-06-12T14:48:30","version" => "0.98"},{"date" => "2006-07-17T15:05:06","version" => "0.99"},{"date" => "2006-07-18T13:33:27","version" => "0.99"},{"date" => "2006-07-20T05:59:15","version" => "0.99"},{"date" => "2006-07-20T08:35:45","version" => "0.99"},{"date" => "2006-07-24T14:27:43","version" => "0.99"},{"date" => "2006-08-02T07:30:04","version" => "0.99"},{"date" => "2006-08-02T07:37:59","version" => "0.99"},{"date" => "2006-08-02T20:43:25","version" => "0.99"},{"date" => "2006-08-11T10:01:10","version" => "0.99"},{"date" => "2006-08-15T20:22:28","version" => "0.99"},{"date" => "2006-09-12T14:16:38","version" => "0.99"},{"date" => "2006-09-13T11:10:06","version" => "0.99"},{"date" => "2006-12-01T09:57:52","version" => "0.99"},{"date" => "2007-03-06T18:12:09","version" => "0.99"},{"date" => "2007-03-28T19:06:21","version" => "0.99"},{"date" => "2007-04-16T19:35:58","version" => "0.99"},{"date" => "2007-04-30T07:45:00","version" => "0.99"},{"date" => "2007-06-03T19:46:51","version" => "0.99"},{"date" => "2007-06-06T13:59:06","version" => "0.99"},{"date" => "2007-08-10T09:07:39","version" => "0.99"},{"date" => "2007-09-13T19:40:43","version" => "0.99"},{"date" => "2007-10-09T21:18:11","version" => "0.99"},{"date" => "2007-10-10T18:49:29","version" => "0.99"},{"date" => "2007-10-26T06:29:26","version" => "0.99"},{"date" => "2008-01-11T17:59:06","version" => "0.99"},{"date" => "2008-01-28T06:44:08","version" => "0.99"},{"date" => "2008-02-22T09:07:12","version" => "0.99"},{"date" => "2008-02-24T09:42:37","version" => "0.99"},{"date" => "2008-02-25T21:18:02","version" => "0.99"},{"date" => "2008-03-10T08:46:06","version" => "0.99"},{"date" => "2008-07-16T09:27:07","version" => "0.99"},{"date" => "2008-08-28T20:03:28","version" => "0.99"},{"date" => "2008-09-19T06:34:13","version" => "0.99"},{"date" => "2008-09-19T16:54:30","version" => "0.99"},{"date" => "2008-09-24T07:52:48","version" => "0.99"},{"date" => "2008-09-25T09:24:39","version" => "0.99"},{"date" => "2008-10-13T09:06:13","version" => "0.99"},{"date" => "2008-11-17T17:21:39","version" => "0.99"},{"date" => "2008-12-31T14:47:59","version" => "0.99"},{"date" => "2009-01-15T20:52:54","version" => "0.99"},{"date" => "2009-01-22T20:59:47","version" => "0.99"},{"date" => "2009-01-24T06:34:00","version" => "0.99"},{"date" => "2009-02-23T09:59:39","version" => "1.23"},{"date" => "2009-04-01T08:02:14","version" => "1.24"},{"date" => "2009-07-02T18:15:35","version" => "1.25"},{"date" => "2009-07-03T07:36:23","version" => "1.26"},{"date" => "2009-07-24T06:37:32","version" => "1.27"},{"date" => "2009-08-19T10:46:35","version" => "1.28"},{"date" => "2009-08-19T10:54:30","version" => "1.29"},{"date" => "2009-08-19T14:41:37","version" => "1.30"},{"date" => "2009-09-01T07:44:10","version" => "1.30_2"},{"date" => "2009-09-02T05:57:30","version" => "1.30_3"},{"date" => "2009-09-25T19:10:53","version" => "1.31"},{"date" => "2010-02-22T09:39:43","version" => "1.32"},{"date" => "2010-03-17T12:53:27","version" => "1.33"},{"date" => "2010-11-01T08:55:36","version" => "1.34"},{"date" => "2010-12-06T08:16:23","version" => "1.35"},{"date" => "2010-12-08T19:28:31","version" => "1.36"},{"date" => "2010-12-09T08:38:47","version" => "1.37"},{"date" => "2011-01-18T08:45:03","version" => "1.38"},{"date" => "2011-03-03T11:39:29","version" => "1.39"},{"date" => "2011-05-02T10:32:52","version" => "1.40"},{"date" => "2011-05-10T05:14:22","version" => "1.41"},{"date" => "2011-05-10T14:15:57","version" => "1.42"},{"date" => "2011-05-11T08:23:15","version" => "1.43"},{"date" => "2011-05-12T19:35:25","version" => "1.43_1"},{"date" => "2011-05-27T11:46:14","version" => "1.44"},{"date" => "2011-10-13T08:42:32","version" => "1.45"},{"date" => "2011-10-18T06:30:07","version" => "1.46"},{"date" => "2011-10-21T07:09:03","version" => "1.47"},{"date" => "2011-10-26T16:35:42","version" => "1.48"},{"date" => "2011-10-28T08:26:49","version" => "1.49"},{"date" => "2011-12-06T21:14:17","version" => "1.50"},{"date" => "2011-12-06T21:25:05","version" => "1.51"},{"date" => "2011-12-07T08:12:01","version" => "1.52"},{"date" => "2011-12-11T21:45:13","version" => "1.53"},{"date" => "2012-01-11T08:15:23","version" => "1.54"},{"date" => "2012-02-20T06:49:04","version" => "1.55"},{"date" => "2012-02-22T15:49:39","version" => "1.56"},{"date" => "2012-02-26T21:57:54","version" => "1.57"},{"date" => "2012-02-26T22:09:30","version" => "1.58"},{"date" => "2012-03-08T10:44:05","version" => "1.59"},{"date" => "2012-03-20T18:59:41","version" => "1.60"},{"date" => "2012-03-27T14:34:36","version" => "1.61"},{"date" => "2012-03-28T05:53:19","version" => "1.62"},{"date" => "2012-04-06T20:33:58","version" => "1.63"},{"date" => "2012-04-06T21:04:54","version" => "1.64"},{"date" => "2012-04-16T16:51:54","version" => "1.65"},{"date" => "2012-04-16T18:52:52","version" => "1.66"},{"date" => "2012-05-07T09:39:11","version" => "1.67"},{"date" => "2012-05-07T13:01:38","version" => "1.68"},{"date" => "2012-05-08T08:24:35","version" => "1.69"},{"date" => "2012-05-08T09:18:24","version" => "1.70"},{"date" => "2012-05-09T08:41:48","version" => "1.71"},{"date" => "2012-05-10T11:10:15","version" => "1.72"},{"date" => "2012-05-11T19:29:42","version" => "1.73"},{"date" => "2012-05-13T15:19:26","version" => "1.74"},{"date" => "2012-06-07T17:42:47","version" => "1.74_1"},{"date" => "2012-06-07T21:59:28","version" => "1.74_2"},{"date" => "2012-06-15T12:42:21","version" => "1.75"},{"date" => "2012-06-18T06:20:09","version" => "1.76"},{"date" => "2012-10-05T05:36:56","version" => "1.77"},{"date" => "2012-11-25T14:08:27","version" => "1.78"},{"date" => "2012-11-25T15:50:09","version" => "1.79"},{"date" => "2012-11-30T07:47:23","version" => "1.80"},{"date" => "2012-12-06T09:14:04","version" => "1.81"},{"date" => "2013-01-28T07:41:50","version" => "1.82"},{"date" => "2013-02-03T19:04:27","version" => "1.83"},{"date" => "2013-02-14T08:05:20","version" => "1.831"},{"date" => "2013-02-15T20:48:12","version" => "1.84"},{"date" => "2013-04-14T08:59:30","version" => "1.85"},{"date" => "2013-04-17T11:31:18","version" => "1.86"},{"date" => "2013-04-24T18:16:01","version" => "1.87"},{"date" => "2013-05-02T05:59:47","version" => "1.88"},{"date" => "2013-05-14T13:36:49","version" => "1.89"},{"date" => "2013-05-29T18:58:35","version" => "1.90"},{"date" => "2013-05-30T09:36:07","version" => "1.91"},{"date" => "2013-05-30T19:20:11","version" => "1.92"},{"date" => "2013-05-31T06:14:58","version" => "1.93"},{"date" => "2013-06-01T12:46:14","version" => "1.94"},{"date" => "2013-07-03T08:44:53","version" => "1.950"},{"date" => "2013-07-03T10:02:42","version" => "1.951"},{"date" => "2013-07-11T20:14:18","version" => "1.952"},{"date" => "2013-07-22T06:34:31","version" => "1.953"},{"date" => "2013-09-15T13:05:33","version" => "1.954"},{"date" => "2013-10-11T16:54:45","version" => "1.955"},{"date" => "2013-11-10T18:00:08","version" => "1.956"},{"date" => "2013-11-11T08:42:30","version" => "1.957"},{"date" => "2013-11-11T18:28:16","version" => "1.958"},{"date" => "2013-11-12T15:39:42","version" => "1.959"},{"date" => "2013-11-13T00:10:43","version" => "1.960"},{"date" => "2013-11-26T14:47:11","version" => "1.961"},{"date" => "2013-11-27T21:19:25","version" => "1.962"},{"date" => "2014-01-13T13:05:48","version" => "1.963"},{"date" => "2014-01-15T11:36:49","version" => "1.964"},{"date" => "2014-01-16T19:11:32","version" => "1.965"},{"date" => "2014-01-21T16:53:39","version" => "1.966"},{"date" => "2014-02-06T22:06:14","version" => "1.967"},{"date" => "2014-03-13T06:38:27","version" => "1.968"},{"date" => "2014-03-16T16:41:39","version" => "1.969"},{"date" => "2014-03-19T05:04:51","version" => "1.970"},{"date" => "2014-03-22T19:54:06","version" => "1.971"},{"date" => "2014-03-23T06:48:23","version" => "1.972"},{"date" => "2014-03-26T07:10:22","version" => "1.973"},{"date" => "2014-04-02T06:53:53","version" => "1.974"},{"date" => "2014-04-02T10:14:38","version" => "1.975"},{"date" => "2014-04-04T04:36:04","version" => "1.976"},{"date" => "2014-04-04T13:25:28","version" => "1.977"},{"date" => "2014-04-04T14:21:32","version" => "1.978"},{"date" => "2014-04-06T06:24:29","version" => "1.979"},{"date" => "2014-04-08T01:25:10","version" => "1.980"},{"date" => "2014-04-08T11:09:59","version" => "1.981"},{"date" => "2014-04-24T20:14:47","version" => "1.982"},{"date" => "2014-04-27T12:02:16","version" => "1.982_1"},{"date" => "2014-05-04T08:03:37","version" => "1.983"},{"date" => "2014-05-10T13:11:17","version" => "1.984"},{"date" => "2014-05-15T06:30:28","version" => "1.985"},{"date" => "2014-05-16T17:41:46","version" => "1.986"},{"date" => "2014-05-17T15:03:37","version" => "1.987"},{"date" => "2014-05-17T22:15:10","version" => "1.988"},{"date" => "2014-05-24T08:16:00","version" => "1.989"},{"date" => "2014-05-26T05:46:04","version" => "1.989_1"},{"date" => "2014-05-27T11:00:11","version" => "1.990"},{"date" => "2014-05-27T19:43:31","version" => "1.991"},{"date" => "2014-06-01T21:47:49","version" => "1.992"},{"date" => "2014-06-13T20:45:52","version" => "1.993"},{"date" => "2014-06-22T09:53:11","version" => "1.994"},{"date" => "2014-07-11T21:50:48","version" => "1.995"},{"date" => "2014-07-12T11:49:12","version" => "1.996"},{"date" => "2014-07-12T17:24:04","version" => "1.997"},{"date" => "2014-09-07T14:59:47","version" => "1.998"},{"date" => "2014-10-09T19:56:19","version" => "1.999"},{"date" => "2014-10-16T05:05:11","version" => "2.000"},{"date" => "2014-10-21T09:46:39","version" => "2.001"},{"date" => "2014-10-21T21:00:54","version" => "2.002"},{"date" => "2014-11-14T20:12:08","version" => "2.003"},{"date" => "2014-11-15T10:05:06","version" => "2.004"},{"date" => "2014-11-15T10:14:17","version" => "2.004_1"},{"date" => "2014-11-15T16:29:13","version" => "2.005"},{"date" => "2014-11-15T16:34:37","version" => "2.005_1"},{"date" => "2014-11-22T20:51:08","version" => "2.006"},{"date" => "2014-11-26T22:00:05","version" => "2.007"},{"date" => "2014-12-16T06:36:16","version" => "2.008"},{"date" => "2015-01-12T10:48:21","version" => "2.009"},{"date" => "2015-01-14T20:13:41","version" => "2.010"},{"date" => "2015-02-01T16:00:22","version" => "2.011"},{"date" => "2015-02-02T07:46:57","version" => "2.012"},{"date" => "2015-05-01T15:39:14","version" => "2.013"},{"date" => "2015-05-05T06:31:37","version" => "2.014"},{"date" => "2015-05-13T20:43:55","version" => "2.015"},{"date" => "2015-05-26T21:15:38","version" => "2.015_001"},{"date" => "2015-05-27T05:39:14","version" => "2.015_002"},{"date" => "2015-05-27T17:24:09","version" => "2.015_003"},{"date" => "2015-05-28T07:07:25","version" => "2.015_004"},{"date" => "2015-05-29T06:01:37","version" => "2.015_005"},{"date" => "2015-06-02T19:35:20","version" => "2.015_006"},{"date" => "2015-06-02T20:41:45","version" => "2.016"},{"date" => "2015-06-04T14:38:29","version" => "2.016_001"},{"date" => "2015-06-14T17:05:06","version" => "2.016_002"},{"date" => "2015-08-24T15:45:30","version" => "2.017"},{"date" => "2015-08-27T11:31:55","version" => "2.018"},{"date" => "2015-09-01T05:32:47","version" => "2.019"},{"date" => "2015-09-20T10:33:59","version" => "2.020"},{"date" => "2015-12-02T19:55:29","version" => "2.021"},{"date" => "2015-12-10T07:12:46","version" => "2.022"},{"date" => "2016-01-30T11:12:14","version" => "2.023"},{"date" => "2016-02-06T19:38:18","version" => "2.024"},{"date" => "2016-04-04T07:23:02","version" => "2.025"},{"date" => "2016-04-20T06:11:37","version" => "2.026"},{"date" => "2016-04-20T14:22:50","version" => "2.027"},{"date" => "2016-06-27T14:22:02","version" => "2.028"},{"date" => "2016-06-27T15:53:16","version" => "2.029"},{"date" => "2016-07-08T08:53:04","version" => "2.030"},{"date" => "2016-07-08T11:40:31","version" => "2.031"},{"date" => "2016-07-12T13:12:57","version" => "2.032"},{"date" => "2016-07-15T09:00:38","version" => "2.033"},{"date" => "2016-08-08T08:19:05","version" => "2.034"},{"date" => "2016-08-11T14:25:18","version" => "2.035"},{"date" => "2016-08-11T19:03:38","version" => "2.036"},{"date" => "2016-08-22T17:39:32","version" => "2.037"},{"date" => "2016-09-17T09:36:29","version" => "2.038"},{"date" => "2016-11-20T21:01:59","version" => "2.039"},{"date" => "2016-12-17T15:18:35","version" => "2.040"},{"date" => "2017-01-04T05:17:55","version" => "2.041"},{"date" => "2017-01-05T18:32:13","version" => "2.042"},{"date" => "2017-01-06T13:27:56","version" => "2.043"},{"date" => "2017-01-26T10:46:57","version" => "2.044"},{"date" => "2017-02-13T15:26:59","version" => "2.045"},{"date" => "2017-02-15T18:41:05","version" => "2.046"},{"date" => "2017-02-16T19:01:01","version" => "2.047"},{"date" => "2017-04-16T18:33:09","version" => "2.048"},{"date" => "2017-06-12T05:15:34","version" => "2.049"},{"date" => "2017-08-18T06:07:18","version" => "2.050"},{"date" => "2017-09-05T09:28:25","version" => "2.051"},{"date" => "2017-10-22T08:48:29","version" => "2.052"},{"date" => "2018-01-21T19:41:38","version" => "2.053"},{"date" => "2018-01-22T05:11:45","version" => "2.054"},{"date" => "2018-02-15T13:45:54","version" => "2.055"},{"date" => "2018-02-19T06:35:28","version" => "2.056"},{"date" => "2018-07-18T19:16:28","version" => "2.057"},{"date" => "2018-07-19T07:54:24","version" => "2.058"},{"date" => "2018-08-15T16:13:05","version" => "2.059"},{"date" => "2018-09-16T19:15:07","version" => "2.060"},{"date" => "2019-02-23T02:08:16","version" => "2.061"},{"date" => "2019-02-24T00:14:55","version" => "2.062"},{"date" => "2019-03-01T14:48:40","version" => "2.063"},{"date" => "2019-03-04T12:28:12","version" => "2.064"},{"date" => "2019-03-05T18:50:40","version" => "2.065"},{"date" => "2019-03-06T06:55:56","version" => "2.066"},{"date" => "2020-02-14T17:49:51","version" => "2.067"},{"date" => "2020-03-31T06:15:39","version" => "2.068"},{"date" => "2021-01-22T16:55:49","version" => "2.069"},{"date" => "2021-02-26T08:03:24","version" => "2.070"},{"date" => "2021-05-23T08:12:02","version" => "2.071"},{"date" => "2021-08-16T13:06:40","version" => "2.072"},{"date" => "2021-12-22T19:30:42","version" => "2.073"},{"date" => "2022-01-07T15:09:53","version" => "2.074"},{"date" => "2022-09-02T18:18:33","version" => "2.075"},{"date" => "2022-11-14T13:41:15","version" => "2.076"},{"date" => "2022-11-21T11:44:16","version" => "2.077"},{"date" => "2022-12-11T20:10:13","version" => "2.078"},{"date" => "2023-01-16T06:28:01","version" => "2.079"},{"date" => "2023-01-18T16:28:53","version" => "2.080"},{"date" => "2023-01-25T10:49:10","version" => "2.081"},{"date" => "2023-05-17T20:41:22","version" => "2.082"},{"date" => "2023-05-18T09:15:20","version" => "2.083"},{"date" => "2023-11-06T21:02:36","version" => "2.084"},{"date" => "2024-01-22T19:07:08","version" => "2.085"},{"date" => "2024-07-03T12:14:36","version" => "2.086"},{"date" => "2024-07-08T05:33:53","version" => "2.087"},{"date" => "2024-07-14T05:05:54","version" => "2.088"},{"date" => "2024-08-29T14:46:00","version" => "2.089"},{"date" => "2025-06-03T04:11:54","version" => "2.090"},{"date" => "2025-06-11T17:38:14","version" => "2.091"},{"date" => "2025-06-16T13:32:00","version" => "2.092"},{"date" => "2025-06-17T06:49:47","version" => "2.093"},{"date" => "2025-06-18T19:37:41","version" => "2.094"},{"date" => "2025-07-10T16:57:04","version" => "2.095"},{"date" => "2026-01-04T17:47:18","version" => "2.096"},{"date" => "2026-01-06T17:52:56","version" => "2.097"},{"date" => "2026-01-06T19:20:57","version" => "2.098"}]},"IPC-Cmd" => {"advisories" => [{"affected_versions" => ["<0.96"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "IPC-Cmd","fixed_versions" => [">=0.96"],"id" => "CPANSA-IPC-Cmd-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "IPC::Cmd","versions" => [{"date" => "2003-05-10T16:57:39","version" => "0.02"},{"date" => "2003-05-11T08:50:33","version" => "0.03"},{"date" => "2003-09-25T10:34:58","version" => "0.04"},{"date" => "2004-06-18T11:43:01","version" => "0.20"},{"date" => "2004-08-16T10:26:03","version" => "0.22"},{"date" => "2004-12-03T15:53:45","version" => "0.23"},{"date" => "2004-12-09T09:56:18","version" => "0.24"},{"date" => "2006-09-06T15:57:50","version" => "0.25"},{"date" => "2006-10-05T14:42:36","version" => "0.29_01"},{"date" => "2006-10-11T11:11:24","version" => "0.30"},{"date" => "2006-10-13T11:18:04","version" => "0.32"},{"date" => "2006-10-20T13:16:49","version" => "0.34"},{"date" => "2006-11-24T14:01:10","version" => "0.36"},{"date" => "2007-10-11T15:17:44","version" => "0.38"},{"date" => "2007-10-17T09:29:57","version" => "0.40"},{"date" => "2008-05-18T15:50:12","version" => "0.41_01"},{"date" => "2008-06-29T15:41:17","version" => "0.41_02"},{"date" => "2008-07-13T13:08:43","version" => "0.41_03"},{"date" => "2008-07-14T13:57:54","version" => "0.41_04"},{"date" => "2008-09-22T13:12:26","version" => "0.41_05"},{"date" => "2008-09-24T15:46:32","version" => "0.41_06"},{"date" => "2008-10-05T16:24:49","version" => "0.41_07"},{"date" => "2008-10-10T09:47:07","version" => "0.42"},{"date" => "2009-05-04T08:15:08","version" => "0.44"},{"date" => "2009-06-12T11:38:40","version" => "0.46"},{"date" => "2009-09-07T14:15:59","version" => "0.48"},{"date" => "2009-09-07T15:21:24","version" => "0.50"},{"date" => "2009-11-08T23:24:39","version" => "0.51_01"},{"date" => "2009-11-13T16:17:59","version" => "0.52"},{"date" => "2009-11-15T22:04:56","version" => "0.54"},{"date" => "2010-02-03T14:21:25","version" => "0.56"},{"date" => "2010-04-29T20:06:40","version" => "0.58"},{"date" => "2010-07-05T08:10:45","version" => "0.60"},{"date" => "2010-10-19T14:53:57","version" => "0.62"},{"date" => "2010-10-19T18:09:00","version" => "0.64"},{"date" => "2010-11-23T12:11:55","version" => "0.66"},{"date" => "2011-01-07T22:28:30","version" => "0.68"},{"date" => "2011-01-31T20:40:13","version" => "0.70"},{"date" => "2011-05-10T13:07:15","version" => "0.71_01"},{"date" => "2011-05-26T12:01:30","version" => "0.71_02"},{"date" => "2011-05-26T12:46:44","version" => "0.71_03"},{"date" => "2011-06-22T11:34:08","version" => "0.72"},{"date" => "2012-01-30T10:35:24","version" => "0.74"},{"date" => "2012-01-30T11:34:12","version" => "0.76"},{"date" => "2012-04-30T18:52:04","version" => "0.78"},{"date" => "2013-03-02T22:15:43","version" => "0.80"},{"date" => "2013-06-29T21:17:06","version" => "0.82"},{"date" => "2013-08-06T09:28:59","version" => "0.84"},{"date" => "2013-09-05T19:34:47","version" => "0.85_01"},{"date" => "2013-10-10T13:09:11","version" => "0.85_02"},{"date" => "2013-11-04T14:18:01","version" => "0.86"},{"date" => "2013-11-15T14:47:57","version" => "0.88"},{"date" => "2013-11-18T15:12:15","version" => "0.90"},{"date" => "2014-01-22T20:01:22","version" => "0.92"},{"date" => "2016-02-12T19:01:25","version" => "0.94"},{"date" => "2016-07-28T10:19:44","version" => "0.96"},{"date" => "2017-05-12T16:05:02","version" => "0.98"},{"date" => "2018-02-14T16:21:01","version" => "1.00"},{"date" => "2018-05-03T08:53:01","version" => "1.02"},{"date" => "2019-07-13T09:17:39","version" => "1.04"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "0.36_01"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.01","version" => "0.40_1"},{"date" => "2013-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019005","version" => "0.84_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.92_01"}]},"IPC-Run" => {"advisories" => [{"affected_versions" => ["<0.90","==0.90_01","==0.90_02"],"cves" => [],"description" => "INADDR_ANY can be your external ip, IPC::Run should only listen on localhost.\n","distribution" => "IPC-Run","fixed_versions" => [">=0.90"],"id" => "CPANSA-IPC-Run-2009-01","references" => ["https://metacpan.org/dist/IPC-Run/changes","https://rt.cpan.org/Public/Bug/Display.html?id=49693"],"reported" => "2009-09-14"}],"main_module" => "IPC::Run","versions" => [{"date" => "2000-05-22T05:10:41","version" => "0.1"},{"date" => "2000-06-01T06:12:25","version" => "0.2"},{"date" => "2000-06-02T16:53:04","version" => "0.21"},{"date" => "2000-06-03T12:34:23","version" => "0.3"},{"date" => "2000-06-06T18:48:56","version" => "0.32"},{"date" => "2000-06-08T10:24:28","version" => "0.33"},{"date" => "2000-06-08T10:41:19","version" => "0.34"},{"date" => "2000-06-15T19:06:43","version" => "0.4"},{"date" => "2000-08-17T14:33:30","version" => "0.42"},{"date" => "2000-10-02T21:20:49","version" => "0.44"},{"date" => "2001-11-11T04:21:36","version" => "0.5"},{"date" => "2001-11-12T07:19:27","version" => "0.51"},{"date" => "2001-12-01T06:05:11","version" => "0.54"},{"date" => "2001-12-01T21:54:11","version" => "0.55"},{"date" => "2001-12-02T13:48:12","version" => "0.56"},{"date" => "2001-12-06T20:33:30","version" => "0.6"},{"date" => "2001-12-07T09:31:12","version" => "0.61"},{"date" => "2002-01-01T20:42:40","version" => "0.62"},{"date" => "2002-02-27T17:14:16","version" => "0.63"},{"date" => "2002-03-14T17:14:53","version" => "0.64"},{"date" => "2002-03-27T11:42:32","version" => "0.66"},{"date" => "2002-04-26T15:04:45","version" => "0.7"},{"date" => "2002-05-06T13:23:28","version" => "0.71"},{"date" => "2002-05-09T15:58:13","version" => "0.72"},{"date" => "2002-05-22T13:20:13","version" => "0.73"},{"date" => "2002-05-23T13:48:23","version" => "0.74"},{"date" => "2003-01-28T17:59:36","version" => "0.75"},{"date" => "2003-09-26T19:35:48","version" => "0.77"},{"date" => "2004-03-09T06:22:24","version" => "0.78"},{"date" => "2005-01-19T23:50:56","version" => "0.79"},{"date" => "2006-03-10T15:30:59","version" => "0.80_91"},{"date" => "2006-05-10T20:00:28","version" => "0.80"},{"date" => "2008-10-15T09:59:57","version" => "0.81_01"},{"date" => "2008-12-18T12:01:25","version" => "0.82"},{"date" => "2009-07-09T16:38:18","version" => "0.83"},{"date" => "2009-07-13T00:59:41","version" => "0.84"},{"date" => "2010-03-23T05:12:54","version" => "0.85"},{"date" => "2010-03-24T20:11:05","version" => "0.86"},{"date" => "2010-03-29T18:03:50","version" => "0.87"},{"date" => "2010-03-30T18:14:22","version" => "0.88"},{"date" => "2010-04-01T04:48:26","version" => "0.89"},{"date" => "2011-06-03T04:41:40","version" => "0.90_01"},{"date" => "2011-06-29T04:15:08","version" => "0.90_02"},{"date" => "2011-07-01T04:18:30","version" => "0.90_03"},{"date" => "2011-07-03T20:10:42","version" => "0.90"},{"date" => "2012-01-25T05:16:00","version" => "0.91_01"},{"date" => "2012-02-15T04:50:23","version" => "0.91"},{"date" => "2012-08-22T15:00:56","version" => "0.92_01"},{"date" => "2012-08-30T15:26:42","version" => "0.92"},{"date" => "2014-12-11T05:59:50","version" => "0.93"},{"date" => "2014-12-11T07:48:28","version" => "0.93_01"},{"date" => "2014-12-14T07:23:31","version" => "0.94"},{"date" => "2016-04-13T03:11:26","version" => "0.94_01"},{"date" => "2016-04-14T05:15:22","version" => "0.94_02"},{"date" => "2017-04-25T01:29:03","version" => "0.95"},{"date" => "2017-05-12T13:48:34","version" => "0.96"},{"date" => "2018-03-26T21:45:38","version" => "0.97"},{"date" => "2018-03-29T18:52:43","version" => "0.98"},{"date" => "2018-03-30T22:49:37","version" => "0.99"},{"date" => "2018-05-23T17:24:25","version" => "20180523.0"},{"date" => "2020-05-05T20:57:23","version" => "20200505.0"},{"date" => "2022-08-07T12:50:57","version" => "20220807.0"},{"date" => "2023-10-03T01:09:01","version" => "20231003.0"},{"date" => "2025-07-15T17:03:00","version" => "20250715.0_01"},{"date" => "2025-08-10T01:54:10","version" => "20250809.0"}]},"IPTables-Parse" => {"advisories" => [{"affected_versions" => ["<1.6"],"cves" => ["CVE-2015-8326"],"description" => "The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.\n","distribution" => "IPTables-Parse","fixed_versions" => [],"id" => "CPANSA-IPTables-Parse-2015-8326","references" => ["https://metacpan.org/source/MRASH/IPTables-Parse-1.6/Changes","https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87","https://bugzilla.redhat.com/show_bug.cgi?id=1267962","http://www.openwall.com/lists/oss-security/2015/11/24/10"],"reported" => "2017-06-07","severity" => "medium"}],"main_module" => "IPTables::Parse","versions" => [{"date" => "2008-10-26T23:15:50","version" => "0.7"},{"date" => "2012-02-27T02:20:58","version" => "0.8"},{"date" => "2012-02-27T02:22:29","version" => "0.9"},{"date" => "2012-02-29T02:51:44","version" => "1.0"},{"date" => "2012-03-03T03:56:08","version" => "1.1"},{"date" => "2015-02-25T02:08:58","version" => "1.1"},{"date" => "2015-03-01T20:15:52","version" => "1.3.1"},{"date" => "2015-03-01T20:50:07","version" => "1.4"},{"date" => "2015-09-09T13:53:26","version" => "1.5"},{"date" => "2015-11-07T21:08:49","version" => "1.6"},{"date" => "2015-11-30T01:16:22","version" => "1.6.1"}]},"Image-ExifTool" => {"advisories" => [{"affected_versions" => ["<=12.37"],"cves" => ["CVE-2022-23935"],"description" => "lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a \$file =~ /\\|\$/ check, leading to command injection.\n","distribution" => "Image-ExifTool","fixed_versions" => [">12.38"],"id" => "CPANSA-Image-ExifTool-2022-23935","references" => ["https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582","https://gist.github.com/ert-plus/1414276e4cb5d56dd431c2f0429e4429"],"reported" => "2022-01-25","severity" => "critical"},{"affected_versions" => [">=7.44,<=12.23"],"cves" => ["CVE-2021-22204"],"description" => "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image\n","distribution" => "Image-ExifTool","fixed_versions" => [">12.23"],"id" => "CPANSA-Image-ExifTool-2021-22204","references" => ["http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html","http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html","http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html","http://www.openwall.com/lists/oss-security/2021/05/09/1","http://www.openwall.com/lists/oss-security/2021/05/10/5","https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800","https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json","https://hackerone.com/reports/1154542","https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/","https://www.debian.org/security/2021/dsa-4910"],"reported" => "2021-04-23","severity" => undef},{"affected_versions" => ["==8.32"],"cves" => ["CVE-2018-20211"],"description" => "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\\\par-%username%\\\\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).\n","distribution" => "Image-ExifTool","fixed_versions" => [">8"],"id" => "CPANSA-Image-ExifTool-2018-20211","references" => ["http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html","http://seclists.org/fulldisclosure/2018/Dec/44"],"reported" => "2019-01-02","severity" => undef}],"main_module" => "Image::ExifTool","versions" => [{"date" => "2004-10-04T15:37:06","version" => "3.60"},{"date" => "2004-11-02T12:46:54","version" => "3.72"},{"date" => "2004-11-05T12:41:52","version" => "3.74"},{"date" => "2004-11-11T18:24:18","version" => "3.82"},{"date" => "2004-11-24T18:42:42","version" => "3.93"},{"date" => "2004-11-25T16:34:47","version" => "3.94"},{"date" => "2005-01-24T13:15:55","version" => "4.36"},{"date" => "2005-02-07T15:56:43","version" => "4.53"},{"date" => "2005-02-18T00:42:59","version" => "4.64"},{"date" => "2005-03-01T19:23:29","version" => "4.73"},{"date" => "2005-03-15T12:09:56","version" => "4.87"},{"date" => "2005-04-02T19:46:41","version" => "4.93"},{"date" => "2005-04-20T12:41:30","version" => "5.05"},{"date" => "2005-05-16T15:54:07","version" => "5.18"},{"date" => "2005-06-03T19:21:17","version" => "5.25"},{"date" => "2005-06-15T17:21:33","version" => "5.32"},{"date" => "2005-07-19T18:16:02","version" => "5.46"},{"date" => "2005-08-24T14:58:18","version" => "5.55"},{"date" => "2005-10-13T13:15:01","version" => "5.67"},{"date" => "2005-11-18T13:04:29","version" => "5.77"},{"date" => "2005-12-22T16:42:56","version" => "5.87"},{"date" => "2006-02-19T20:26:14","version" => "6.00"},{"date" => "2006-05-12T12:10:32","version" => "6.17"},{"date" => "2006-07-24T13:18:05","version" => "6.29"},{"date" => "2006-09-06T20:26:16","version" => "6.36"},{"date" => "2006-09-21T15:39:52","version" => "6.42"},{"date" => "2006-11-20T13:52:55","version" => "6.57"},{"date" => "2006-12-20T13:07:23","version" => "6.66"},{"date" => "2007-02-14T13:28:50","version" => "6.75"},{"date" => "2007-02-16T13:21:27","version" => "6.76"},{"date" => "2007-05-10T18:53:15","version" => "6.90"},{"date" => "2007-10-24T11:39:52","version" => "7.00"},{"date" => "2008-02-05T17:21:39","version" => "7.15"},{"date" => "2008-03-12T12:24:57","version" => "7.21"},{"date" => "2008-04-18T13:09:00","version" => "7.25"},{"date" => "2008-05-31T11:39:35","version" => "7.30"},{"date" => "2008-10-26T19:00:34","version" => "7.50"},{"date" => "2008-10-27T13:48:39","version" => "7.51"},{"date" => "2009-01-06T13:48:18","version" => "7.60"},{"date" => "2009-02-09T14:25:12","version" => "7.67"},{"date" => "2009-07-02T15:42:38","version" => "7.82"},{"date" => "2009-08-18T01:30:53","version" => "7.88"},{"date" => "2009-08-18T12:03:19","version" => "7.89"},{"date" => "2009-11-20T19:06:24","version" => "8.00"},{"date" => "2010-02-08T20:49:00","version" => "8.10"},{"date" => "2010-03-18T14:09:58","version" => "8.15"},{"date" => "2010-07-13T12:35:33","version" => "8.25"},{"date" => "2010-11-21T21:29:00","version" => "8.40"},{"date" => "2011-03-01T12:43:02","version" => "8.50"},{"date" => "2011-06-27T11:52:50","version" => "8.60"},{"date" => "2011-09-24T10:53:29","version" => "8.65"},{"date" => "2012-01-08T13:48:19","version" => "8.75"},{"date" => "2012-01-27T14:19:10","version" => "8.77"},{"date" => "2012-03-25T12:07:06","version" => "8.85"},{"date" => "2012-04-28T12:06:48","version" => "8.90"},{"date" => "2012-08-25T12:28:04","version" => "9.01"},{"date" => "2012-11-03T16:37:48","version" => "9.04"},{"date" => "2013-01-02T21:07:34","version" => "9.11"},{"date" => "2013-01-03T01:49:33","version" => "9.12"},{"date" => "2013-01-10T15:05:11","version" => "9.13"},{"date" => "2013-04-06T11:38:39","version" => "9.25"},{"date" => "2013-04-15T11:20:13","version" => "9.27"},{"date" => "2014-01-11T22:58:56","version" => "9.46"},{"date" => "2014-02-22T14:40:30","version" => "9.53"},{"date" => "2014-05-11T13:34:36","version" => "9.60"},{"date" => "2014-09-03T12:19:55","version" => "9.70"},{"date" => "2014-11-15T15:14:24","version" => "9.76"},{"date" => "2015-03-14T11:33:58","version" => "9.90"},{"date" => "2015-08-18T13:30:08","version" => "10.00"},{"date" => "2016-01-22T15:51:06","version" => "10.10"},{"date" => "2016-04-20T13:25:01","version" => "10.15"},{"date" => "2016-06-13T14:05:58","version" => "10.20"},{"date" => "2016-11-24T16:55:55","version" => "10.36"},{"date" => "2017-01-13T16:02:53","version" => "10.39"},{"date" => "2017-01-14T17:30:45","version" => "10.40"},{"date" => "2017-04-20T12:54:29","version" => "10.50"},{"date" => "2017-06-05T14:41:23","version" => "10.55"},{"date" => "2018-02-22T13:27:40","version" => "10.80"},{"date" => "2018-06-07T11:44:16","version" => "11.00"},{"date" => "2018-06-11T12:18:41","version" => "11.01"},{"date" => "2018-09-28T01:34:43","version" => "11.11"},{"date" => "2019-03-06T15:14:28","version" => "11.30"},{"date" => "2019-06-11T15:29:41","version" => "11.50"},{"date" => "2019-10-10T13:04:36","version" => "11.70"},{"date" => "2020-01-28T15:40:58","version" => "11.85"},{"date" => "2020-06-11T20:36:48","version" => "12.00"},{"date" => "2021-01-18T14:03:50","version" => "12.15"},{"date" => "2021-01-21T17:51:28","version" => "12.16"},{"date" => "2021-05-21T00:37:46","version" => "12.26"},{"date" => "2021-08-12T13:13:43","version" => "12.30"},{"date" => "2022-06-07T11:39:06","version" => "12.42"},{"date" => "2022-06-07T20:05:13","version" => "12.42"},{"date" => "2022-11-09T11:41:50","version" => "12.50"},{"date" => "2023-04-05T15:01:59","version" => "12.60"},{"date" => "2023-11-19T16:15:22","version" => "12.70"},{"date" => "2024-01-31T01:08:08","version" => "12.75"},{"date" => "2024-01-31T15:31:14","version" => "12.76"},{"date" => "2024-10-29T17:10:24","version" => "13.00"},{"date" => "2024-12-20T16:49:20","version" => "13.10"},{"date" => "2025-03-11T12:01:50","version" => "13.25"},{"date" => "2025-05-25T18:10:41","version" => "13.30"},{"date" => "2025-09-06T12:17:12","version" => "13.35"},{"date" => "2025-09-09T18:09:15","version" => "13.36"},{"date" => "2025-12-15T20:40:08","version" => "13.44"},{"date" => "2026-02-07T18:48:19","version" => "13.50"}]},"Image-Info" => {"advisories" => [{"affected_versions" => ["<1.39"],"cves" => ["CVE-2016-9181"],"description" => "perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.\n","distribution" => "Image-Info","fixed_versions" => [">=1.39"],"id" => "CPANSA-Image-Info-2016-01","references" => ["http://www.securityfocus.com/bid/94220","http://www.openwall.com/lists/oss-security/2016/11/04/2"],"reported" => "2016-11-04"}],"main_module" => "Image::Info","versions" => [{"date" => "1999-12-19T07:09:24","version" => "0.01"},{"date" => "1999-12-22T00:03:22","version" => "0.02"},{"date" => "1999-12-25T22:43:22","version" => "0.03"},{"date" => "2000-01-07T18:20:42","version" => "0.04"},{"date" => "2000-08-24T09:09:25","version" => "0.05"},{"date" => "2000-10-18T19:55:02","version" => "1.00"},{"date" => "2000-10-31T17:32:56","version" => "1.01"},{"date" => "2000-11-10T18:21:41","version" => "1.02"},{"date" => "2000-11-13T19:44:44","version" => "1.03"},{"date" => "2000-11-30T20:25:46","version" => "1.04"},{"date" => "2001-03-24T20:20:31","version" => "0.06"},{"date" => "2001-03-24T20:40:20","version" => "1.05"},{"date" => "2001-03-26T19:28:11","version" => "1.06"},{"date" => "2001-04-11T00:53:39","version" => "1.07"},{"date" => "2001-08-24T18:29:39","version" => "1.08"},{"date" => "2001-12-14T23:07:08","version" => "1.09"},{"date" => "2002-05-29T00:04:22","version" => "1.10"},{"date" => "2002-07-04T17:37:20","version" => "1.11"},{"date" => "2002-12-31T00:09:32","version" => "1.12"},{"date" => "2003-10-06T17:27:43","version" => "1.13"},{"date" => "2003-10-06T21:50:56","version" => "1.14"},{"date" => "2003-10-06T22:10:09","version" => "1.15"},{"date" => "2004-01-07T12:47:37","version" => "1.16"},{"date" => "2006-01-28T12:41:59","version" => "1.17"},{"date" => "2006-03-03T15:31:07","version" => "1.18"},{"date" => "2006-03-05T09:19:05","version" => "1.18"},{"date" => "2006-03-13T20:52:28","version" => "1.18"},{"date" => "2006-05-01T14:33:54","version" => "1.18"},{"date" => "2006-07-16T12:43:58","version" => "1.18"},{"date" => "2006-09-30T12:35:03","version" => "1.23"},{"date" => "2007-02-25T12:39:30","version" => "1.24"},{"date" => "2007-05-14T19:11:49","version" => "1.25"},{"date" => "2007-09-09T11:23:15","version" => "1.26"},{"date" => "2007-12-15T13:50:50","version" => "1.27"},{"date" => "2008-03-30T19:16:37","version" => "1.28"},{"date" => "2009-07-08T20:39:39","version" => "1.28_50"},{"date" => "2009-07-09T22:26:22","version" => "1.28_51"},{"date" => "2009-07-17T18:24:54","version" => "1.28_52"},{"date" => "2009-07-31T21:09:25","version" => "1.29"},{"date" => "2009-08-14T20:25:31","version" => "1.29_50"},{"date" => "2009-09-14T19:04:17","version" => "1.29_51"},{"date" => "2009-09-16T19:23:40","version" => "1.29_51"},{"date" => "2009-10-23T20:45:13","version" => "1.29_51"},{"date" => "2009-10-31T09:21:38","version" => "1.29_51"},{"date" => "2009-11-14T16:30:54","version" => "1.30_50"},{"date" => "2009-11-22T22:10:25","version" => "1.30_51"},{"date" => "2010-02-09T20:08:40","version" => "1.30_52"},{"date" => "2010-02-09T20:43:56","version" => "1.30_53"},{"date" => "2010-09-25T15:42:44","version" => "1.31"},{"date" => "2011-12-28T21:32:21","version" => "1.31_50"},{"date" => "2011-12-28T21:53:50","version" => "1.31_51"},{"date" => "2012-02-21T21:03:11","version" => "1.32"},{"date" => "2012-10-23T19:59:15","version" => "1.32_50"},{"date" => "2012-10-24T20:24:17","version" => "1.32_51"},{"date" => "2012-10-25T21:49:45","version" => "1.32_52"},{"date" => "2012-11-03T19:12:43","version" => "1.33"},{"date" => "2013-01-27T13:49:04","version" => "1.33_50"},{"date" => "2013-01-28T11:15:59","version" => "1.33_51"},{"date" => "2013-01-29T16:18:27","version" => "1.34"},{"date" => "2013-04-03T20:29:08","version" => "1.34_50"},{"date" => "2013-04-10T19:22:43","version" => "1.35"},{"date" => "2013-05-06T10:32:44","version" => "1.35_50"},{"date" => "2013-06-28T08:29:45","version" => "1.35_51"},{"date" => "2013-07-05T08:23:26","version" => "1.36"},{"date" => "2014-12-19T23:10:31","version" => "1.36_51"},{"date" => "2014-12-29T22:23:42","version" => "1.36_52"},{"date" => "2014-12-31T08:44:32","version" => "1.37"},{"date" => "2015-04-20T05:00:55","version" => "1.38"},{"date" => "2016-10-01T15:35:13","version" => "1.38_50"},{"date" => "2016-10-01T17:43:27","version" => "1.38_51"},{"date" => "2016-10-08T09:00:58","version" => "1.39"},{"date" => "2017-03-19T20:16:19","version" => "1.39_50"},{"date" => "2017-03-21T19:05:30","version" => "1.40"},{"date" => "2017-06-30T17:22:28","version" => "1.40_50"},{"date" => "2017-07-12T16:34:02","version" => "1.41"},{"date" => "2019-10-16T19:12:33","version" => "1.41_50"},{"date" => "2019-10-19T06:46:49","version" => "1.42"},{"date" => "2022-07-17T15:58:54","version" => "1.42_50"},{"date" => "2022-10-03T17:54:30","version" => "1.43"},{"date" => "2023-07-25T18:26:43","version" => "1.43_50"},{"date" => "2023-08-03T17:14:43","version" => "1.44"},{"date" => "2024-11-20T08:40:18","version" => "1.44_50"},{"date" => "2024-11-23T10:43:42","version" => "1.44_51"},{"date" => "2024-11-24T09:58:13","version" => "1.45"}]},"Image-PNG-Simple" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.07"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "Image-PNG-Simple","fixed_versions" => [],"id" => "CPANSA-Image-PNG-Simple-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"}],"main_module" => "Image::PNG::Simple","versions" => [{"date" => "2015-07-30T11:31:38","version" => "0.01"},{"date" => "2015-08-01T00:08:18","version" => "0.02"},{"date" => "2015-08-03T05:20:49","version" => "0.03"},{"date" => "2015-08-04T02:01:32","version" => "0.04"},{"date" => "2015-08-04T12:30:46","version" => "0.05"},{"date" => "2015-08-05T02:29:57","version" => "0.06"},{"date" => "2015-08-06T02:51:43","version" => "0.07"}]},"Imager" => {"advisories" => [{"affected_versions" => ["<1.006"],"cves" => ["CVE-2016-1238"],"description" => "Imager would search the default current directory entry in \@INC when searching for file format support modules.\n","distribution" => "Imager","fixed_versions" => [">=1.006"],"id" => "CPANSA-Imager-2016-1238","references" => ["https://metacpan.org/dist/Imager/changes","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => "high"},{"affected_versions" => [">=0.42,<=0.63"],"cves" => ["CVE-2008-1928"],"description" => "Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels.\n","distribution" => "Imager","fixed_versions" => [">=0.64"],"id" => "CPANSA-Imager-2008-1928","references" => ["https://metacpan.org/dist/Imager/changes","http://rt.cpan.org/Public/Bug/Display.html?id=35324","http://imager.perl.org/i/release064/Imager_0_64","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00569.html","http://www.securityfocus.com/bid/28980","http://secunia.com/advisories/30030","http://secunia.com/advisories/30011","http://www.vupen.com/english/advisories/2008/1387/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41986"],"reported" => "2008-04-24","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => [">=0.21,<=0.56"],"cves" => ["CVE-2007-2459"],"description" => "Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.\n","distribution" => "Imager","fixed_versions" => [">=0.57"],"id" => "CPANSA-Imager-2007-2459","references" => ["http://imager.perl.org/a/65.html","http://rt.cpan.org/Public/Bug/Display.html?id=26811","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421582","http://www.debian.org/security/2008/dsa-1498","http://www.securityfocus.com/bid/23711","http://secunia.com/advisories/25038","http://secunia.com/advisories/28868","http://osvdb.org/39846","http://www.vupen.com/english/advisories/2007/1587","http://osvdb.org/35470","https://exchange.xforce.ibmcloud.com/vulnerabilities/34010"],"reported" => "2007-05-02","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => ["<0.98"],"cves" => [],"description" => "When drawing on an image with an alpha channel where the source minimum is greater than zero, Imager would read from beyond the end of a malloc() allocated buffer.  In rare circumstances this could lead to some of the source image not being written to the target image, or possibly to a segmentation fault.\n","distribution" => "Imager","fixed_versions" => [">=0.98"],"id" => "CPANSA-Imager-2014-01","references" => ["https://metacpan.org/dist/Imager/changes"],"reported" => "2014-01-03","severity" => undef},{"affected_versions" => ["<=1.024"],"cves" => ["CVE-2024-53901"],"description" => "\"invalid next size\" backtrace on use of trim on certain images\n","distribution" => "Imager","fixed_versions" => [">1.024"],"id" => "CPANSA-Imager-2024-001","references" => ["https://metacpan.org/dist/Imager/changes","https://github.com/tonycoz/imager/issues/534"],"reported" => "2024-11-17","severity" => "moderate"},{"affected_versions" => ["<0.50"],"cves" => ["CVE-2006-0053"],"description" => "Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.\n","distribution" => "Imager","fixed_versions" => [">=0.50"],"id" => "CPANSA-Imager-2006-0053","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661","http://rt.cpan.org/Public/Bug/Display.html?id=18397","http://secunia.com/advisories/19575","http://secunia.com/advisories/19577","http://www.debian.org/security/2006/dsa-1028","http://www.securityfocus.com/bid/17415","http://www.vupen.com/english/advisories/2006/1294","https://exchange.xforce.ibmcloud.com/vulnerabilities/25717","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661","http://rt.cpan.org/Public/Bug/Display.html?id=18397","http://secunia.com/advisories/19575","http://secunia.com/advisories/19577","http://www.debian.org/security/2006/dsa-1028","http://www.securityfocus.com/bid/17415","http://www.vupen.com/english/advisories/2006/1294","https://exchange.xforce.ibmcloud.com/vulnerabilities/25717"],"reported" => "2006-04-10","severity" => undef}],"main_module" => "Imager","versions" => [{"date" => "1999-07-19T14:26:37","version" => "0.21"},{"date" => "2000-01-03T20:14:03","version" => "0.27"},{"date" => "2000-01-04T11:16:56","version" => "0.28"},{"date" => "2000-01-05T10:48:05","version" => "0.29"},{"date" => "2000-01-16T12:52:22","version" => "0.31"},{"date" => "2000-03-04T13:28:32","version" => "0.32"},{"date" => "2001-01-29T00:50:14","version" => "0.35"},{"date" => "2001-01-29T15:06:27","version" => "0.36"},{"date" => "2001-01-31T05:02:15","version" => "0.37"},{"date" => "2001-05-21T16:21:08","version" => "0.38"},{"date" => "2001-11-02T21:39:20","version" => "0.39"},{"date" => "2002-04-11T15:09:57","version" => "0.40"},{"date" => "2002-04-12T12:07:29","version" => "0.41"},{"date" => "2004-01-04T12:47:37","version" => "0.42"},{"date" => "2004-02-17T07:53:52","version" => "0.43"},{"date" => "2004-12-07T23:58:16","version" => "0.43_03"},{"date" => "2004-12-15T13:02:40","version" => "0.44"},{"date" => "2005-05-24T07:08:15","version" => "0.44_01"},{"date" => "2005-05-30T04:41:43","version" => "0.45"},{"date" => "2005-12-12T04:07:30","version" => "0.45_02"},{"date" => "2005-12-20T00:13:31","version" => "0.46"},{"date" => "2005-12-30T06:05:50","version" => "0.47"},{"date" => "2006-02-21T06:09:30","version" => "0.47_01"},{"date" => "2006-03-03T05:06:46","version" => "0.48"},{"date" => "2006-03-07T01:04:03","version" => "0.49"},{"date" => "2006-03-28T04:31:56","version" => "0.49_01"},{"date" => "2006-03-29T00:31:03","version" => "0.50"},{"date" => "2006-04-23T14:29:42","version" => "0.51"},{"date" => "2006-06-28T13:38:48","version" => "0.51_01"},{"date" => "2006-07-04T14:03:23","version" => "0.51_02"},{"date" => "2006-07-19T00:58:22","version" => "0.51_03"},{"date" => "2006-07-25T05:09:08","version" => "0.52"},{"date" => "2006-07-27T01:01:57","version" => "0.53"},{"date" => "2006-09-14T07:58:27","version" => "0.54"},{"date" => "2006-12-16T22:31:19","version" => "0.55"},{"date" => "2007-04-01T12:30:34","version" => "0.56"},{"date" => "2007-04-30T08:49:39","version" => "0.57"},{"date" => "2007-05-11T11:00:18","version" => "0.57_01"},{"date" => "2007-05-16T12:49:23","version" => "0.58"},{"date" => "2007-06-14T07:33:05","version" => "0.59"},{"date" => "2007-08-30T07:51:36","version" => "0.60"},{"date" => "2007-11-05T07:53:45","version" => "0.61"},{"date" => "2007-11-28T10:06:27","version" => "0.61_02"},{"date" => "2007-12-10T08:31:12","version" => "0.62"},{"date" => "2008-04-07T08:49:14","version" => "0.63"},{"date" => "2008-04-23T04:10:18","version" => "0.64"},{"date" => "2008-05-20T06:34:48","version" => "0.65"},{"date" => "2008-12-12T11:57:40","version" => "0.67"},{"date" => "2009-09-02T07:05:11","version" => "0.67_01"},{"date" => "2009-09-07T05:14:24","version" => "0.68"},{"date" => "2009-09-08T09:23:38","version" => "0.69"},{"date" => "2009-09-21T03:36:15","version" => "0.70"},{"date" => "2009-11-16T04:15:54","version" => "0.71"},{"date" => "2009-11-30T07:17:33","version" => "0.71_01"},{"date" => "2009-12-01T09:06:53","version" => "0.71_02"},{"date" => "2009-12-04T14:21:49","version" => "0.71_03"},{"date" => "2009-12-10T00:44:51","version" => "0.72"},{"date" => "2010-03-15T07:24:59","version" => "0.73"},{"date" => "2010-05-06T14:29:21","version" => "0.74"},{"date" => "2010-06-20T10:47:23","version" => "0.75"},{"date" => "2010-08-06T10:49:44","version" => "0.75_01"},{"date" => "2010-08-07T01:48:37","version" => "0.75_02"},{"date" => "2010-08-09T12:49:36","version" => "0.75_03"},{"date" => "2010-08-11T09:33:24","version" => "0.77"},{"date" => "2010-09-13T10:48:57","version" => "0.77_01"},{"date" => "2010-09-27T04:59:03","version" => "0.77_02"},{"date" => "2010-10-04T09:00:26","version" => "0.78"},{"date" => "2010-12-11T01:09:12","version" => "0.79"},{"date" => "2011-01-17T07:43:35","version" => "0.80"},{"date" => "2011-02-14T08:22:57","version" => "0.81"},{"date" => "2011-03-14T12:18:07","version" => "0.82"},{"date" => "2011-05-17T11:15:02","version" => "0.82_01"},{"date" => "2011-05-20T14:07:44","version" => "0.83"},{"date" => "2011-06-20T12:54:05","version" => "0.84"},{"date" => "2011-08-08T12:39:58","version" => "0.84_01"},{"date" => "2011-08-22T09:28:25","version" => "0.84_02"},{"date" => "2011-08-29T09:19:04","version" => "0.85"},{"date" => "2011-10-10T07:22:51","version" => "0.85_01"},{"date" => "2011-10-24T10:14:57","version" => "0.85_02"},{"date" => "2011-10-31T10:37:15","version" => "0.86"},{"date" => "2012-01-03T05:27:14","version" => "0.87"},{"date" => "2012-02-22T05:13:09","version" => "0.88"},{"date" => "2012-03-18T01:45:35","version" => "0.89"},{"date" => "2012-04-30T09:09:02","version" => "0.90"},{"date" => "2012-06-04T12:27:17","version" => "0.91"},{"date" => "2012-08-14T09:53:38","version" => "0.92"},{"date" => "2012-08-18T01:41:22","version" => "0.92_01"},{"date" => "2012-10-15T10:15:07","version" => "0.93"},{"date" => "2012-11-12T10:44:54","version" => "0.93_01"},{"date" => "2012-11-25T00:13:16","version" => "0.93_02"},{"date" => "2012-12-14T22:59:55","version" => "0.94"},{"date" => "2013-03-02T08:34:07","version" => "0.94_01"},{"date" => "2013-04-05T06:19:32","version" => "0.94_02"},{"date" => "2013-04-19T12:13:27","version" => "0.95"},{"date" => "2013-05-19T04:27:19","version" => "0.96"},{"date" => "2013-07-01T13:21:32","version" => "0.96_01"},{"date" => "2013-07-09T13:46:48","version" => "0.96_02"},{"date" => "2013-07-15T09:52:06","version" => "0.97"},{"date" => "2014-01-02T22:22:03","version" => "0.98"},{"date" => "2014-06-25T11:36:29","version" => "0.99"},{"date" => "2014-06-29T05:06:45","version" => "0.99_01"},{"date" => "2014-07-21T09:16:17","version" => "0.99_02"},{"date" => "2014-07-29T09:13:55","version" => "1.000"},{"date" => "2015-01-02T03:34:59","version" => "1.001"},{"date" => "2015-04-03T01:31:26","version" => "1.002"},{"date" => "2015-05-12T08:11:18","version" => "1.003"},{"date" => "2015-11-08T09:45:59","version" => "1.004"},{"date" => "2016-03-16T08:35:26","version" => "1.004_001"},{"date" => "2016-03-20T01:27:53","version" => "1.004_002"},{"date" => "2016-03-23T09:34:13","version" => "1.004_003"},{"date" => "2016-04-15T05:58:07","version" => "1.004_004"},{"date" => "2016-04-16T00:01:33","version" => "1.005"},{"date" => "2017-08-26T04:27:06","version" => "1.006"},{"date" => "2018-11-24T01:47:34","version" => "1.007"},{"date" => "2018-12-31T10:04:02","version" => "1.008"},{"date" => "2019-01-11T09:10:13","version" => "1.009"},{"date" => "2019-02-13T08:14:07","version" => "1.010"},{"date" => "2019-03-07T03:20:03","version" => "1.011"},{"date" => "2020-06-14T03:26:02","version" => "1.012"},{"date" => "2022-04-27T05:18:23","version" => "1.013"},{"date" => "2022-04-28T07:22:51","version" => "1.014"},{"date" => "2022-05-07T04:35:16","version" => "1.015"},{"date" => "2022-06-12T05:27:23","version" => "1.016"},{"date" => "2022-06-14T09:55:03","version" => "1.017"},{"date" => "2022-06-19T12:04:12","version" => "1.018"},{"date" => "2022-07-09T03:41:29","version" => "1.019"},{"date" => "2023-11-12T06:55:05","version" => "1.020"},{"date" => "2023-12-01T06:53:47","version" => "1.021"},{"date" => "2023-12-02T23:32:54","version" => "1.022"},{"date" => "2024-01-19T03:18:43","version" => "1.023"},{"date" => "2024-04-06T02:24:09","version" => "1.024"},{"date" => "2024-04-14T12:28:26","version" => "1.024_001"},{"date" => "2024-04-20T07:15:38","version" => "1.024_002"},{"date" => "2024-04-22T12:51:23","version" => "1.024_003"},{"date" => "2024-04-24T08:35:58","version" => "1.024_004"},{"date" => "2024-04-27T01:24:42","version" => "1.024_005"},{"date" => "2024-06-11T11:35:22","version" => "1.024_006"},{"date" => "2024-06-12T09:58:08","version" => "1.024_007"},{"date" => "2024-06-13T10:45:14","version" => "1.024_008"},{"date" => "2024-11-16T05:30:21","version" => "1.025"},{"date" => "2025-02-08T05:03:18","version" => "1.026"},{"date" => "2025-03-02T10:22:16","version" => "1.027"},{"date" => "2025-06-08T08:16:50","version" => "1.027_001"},{"date" => "2025-06-16T09:35:19","version" => "1.028"},{"date" => "2025-10-06T07:54:07","version" => "1.029"}]},"JS-jQuery" => {"advisories" => [{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "JS::jQuery","versions" => [{"date" => "2008-03-11T01:54:48","version" => "1.2.3.001"},{"date" => "2008-08-28T06:54:56","version" => "1.2.6.001"}]},"JSON-SIMD" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40930"],"description" => "JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact.","distribution" => "JSON-SIMD","fixed_versions" => [],"id" => "CPANSA-JSON-SIMD-2025-40930","references" => ["https://github.com/pjuhasz/JSON-SIMD/commit/9a87de7331c9fa5198cae404a83b17649cf7b918.patch","https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.06/source/SIMD.xs#L248","https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.07/changes"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "JSON::SIMD","versions" => [{"date" => "2023-04-17T17:13:41","version" => "1.00"},{"date" => "2023-04-17T17:37:46","version" => "1.01"},{"date" => "2023-04-17T18:04:21","version" => "1.02"},{"date" => "2023-04-18T18:56:08","version" => "1.03"},{"date" => "2023-04-20T18:02:37","version" => "1.04"},{"date" => "2023-04-22T20:28:17","version" => "1.05"},{"date" => "2023-04-27T16:22:59","version" => "1.06"},{"date" => "2025-09-08T14:44:06","version" => "1.07"}]},"JSON-XS" => {"advisories" => [{"affected_versions" => ["<4.04"],"cves" => ["CVE-2025-40928"],"description" => "JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact","distribution" => "JSON-XS","fixed_versions" => [">=4.04"],"id" => "CPANSA-JSON-XS-2025-40928","references" => ["https://metacpan.org/release/MLEHMANN/JSON-XS-4.03/source/XS.xs#L256","https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "JSON::XS","versions" => [{"date" => "2007-03-22T21:14:45","version" => "0.1"},{"date" => "2007-03-22T23:25:44","version" => "0.2"},{"date" => "2007-03-23T18:34:15","version" => "0.3"},{"date" => "2007-03-24T01:15:56","version" => "0.31"},{"date" => "2007-03-24T19:43:37","version" => "0.5"},{"date" => "2007-03-25T00:48:00","version" => "0.7"},{"date" => "2007-03-25T22:12:20","version" => "0.8"},{"date" => "2007-03-29T02:46:46","version" => "1.0"},{"date" => "2007-03-31T14:24:01","version" => "1.01"},{"date" => "2007-04-04T00:02:20","version" => "1.1"},{"date" => "2007-04-09T05:11:06","version" => "1.11"},{"date" => "2007-05-09T16:36:29","version" => "1.2"},{"date" => "2007-05-09T16:41:26","version" => "1.21"},{"date" => "2007-05-23T22:07:54","version" => "1.22"},{"date" => "2007-06-06T18:17:55","version" => "1.23"},{"date" => "2007-06-11T03:45:26","version" => "1.24"},{"date" => "2007-06-23T23:50:26","version" => "1.3"},{"date" => "2007-07-02T08:08:00","version" => "1.4"},{"date" => "2007-07-10T16:23:43","version" => "1.41"},{"date" => "2007-07-23T22:58:05","version" => "1.42"},{"date" => "2007-07-26T11:33:40","version" => "1.43"},{"date" => "2007-08-21T23:03:31","version" => "1.44"},{"date" => "2007-08-28T02:07:48","version" => "1.5"},{"date" => "2007-10-13T01:58:29","version" => "1.51"},{"date" => "2007-10-15T01:23:45","version" => "1.52"},{"date" => "2007-11-13T22:59:42","version" => "1.53"},{"date" => "2007-12-04T10:37:49","version" => "2.0"},{"date" => "2007-12-05T11:00:12","version" => "2.01"},{"date" => "2008-03-19T22:31:09","version" => "2.1"},{"date" => "2008-04-16T18:38:21","version" => "2.2"},{"date" => "2008-06-03T06:44:13","version" => "2.21"},{"date" => "2008-07-15T11:30:13","version" => "2.22"},{"date" => "2008-07-19T04:22:25","version" => "2.222"},{"date" => "2008-07-20T17:55:32","version" => "2.2222"},{"date" => "2008-09-29T03:09:52","version" => "2.23"},{"date" => "2008-11-20T04:00:26","version" => "2.231"},{"date" => "2009-02-19T01:13:45","version" => "2.2311"},{"date" => "2009-02-22T10:13:47","version" => "2.232"},{"date" => "2009-05-30T06:27:00","version" => "2.24"},{"date" => "2009-08-08T10:06:47","version" => "2.25"},{"date" => "2009-10-10T01:49:08","version" => "2.26"},{"date" => "2010-01-07T06:36:46","version" => "2.27"},{"date" => "2010-03-11T19:31:59","version" => "2.28"},{"date" => "2010-03-17T01:45:55","version" => "2.29"},{"date" => "2010-08-17T23:27:33","version" => "2.3"},{"date" => "2011-07-27T15:54:57","version" => "2.31"},{"date" => "2011-08-11T17:07:26","version" => "2.32"},{"date" => "2012-08-01T19:04:47","version" => "2.33"},{"date" => "2013-05-23T09:33:09","version" => "2.34"},{"date" => "2013-10-29T06:25:52","version" => "3.0"},{"date" => "2013-10-29T15:57:01","version" => "3.01"},{"date" => "2016-02-26T21:47:56","version" => "3.02"},{"date" => "2016-11-16T19:22:12","version" => "3.03"},{"date" => "2017-08-17T03:49:01","version" => "3.04"},{"date" => "2018-11-15T23:08:35","version" => "4.0_00"},{"date" => "2018-11-19T10:28:12","version" => "4.0"},{"date" => "2019-02-24T04:08:23","version" => "4.01"},{"date" => "2019-03-06T07:32:09","version" => "4.02"},{"date" => "2020-10-27T18:06:42","version" => "4.03"},{"date" => "2025-09-08T16:00:30","version" => "4.04"}]},"JavaScript-Duktape" => {"advisories" => [{"affected_versions" => [">=2.1.0,<=2.1.1"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.1.2,<=2.1.4"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.1.5,<=2.2.1"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.3.0,<=2.4.2"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => ["==2.5.0"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"}],"main_module" => "JavaScript::Duktape","versions" => [{"date" => "2015-05-06T22:56:32","version" => "v0.0.1_1"},{"date" => "2015-05-18T00:23:07","version" => "v0.0.1_2"},{"date" => "2015-05-20T21:48:48","version" => "v0.0.2_1"},{"date" => "2015-06-13T19:03:59","version" => "v0.0.3"},{"date" => "2015-07-03T17:56:13","version" => "v0.0.4"},{"date" => "2015-07-16T19:16:14","version" => "v0.0.5"},{"date" => "2015-10-24T00:09:54","version" => "v0.1.1"},{"date" => "2015-11-02T17:01:15","version" => "v0.2.0"},{"date" => "2015-11-03T16:48:04","version" => "v0.2.1"},{"date" => "2015-11-09T10:12:50","version" => "v0.3.0"},{"date" => "2016-04-01T20:02:28","version" => "v1.0.0"},{"date" => "2016-04-07T17:41:05","version" => "v1.0.1"},{"date" => "2016-05-03T17:13:29","version" => "v1.0.2"},{"date" => "2017-02-24T00:39:47","version" => "v2.1.0"},{"date" => "2017-03-10T12:24:35","version" => "v2.1.1"},{"date" => "2017-03-23T03:16:11","version" => "v2.1.2"},{"date" => "2017-03-25T17:49:27","version" => "v2.1.3"},{"date" => "2017-05-20T14:17:44","version" => "v2.1.4"},{"date" => "2017-05-27T15:04:29","version" => "v2.1.5"},{"date" => "2017-06-02T20:31:52","version" => "v2.2.0"},{"date" => "2017-06-21T22:08:07","version" => "v2.2.1"},{"date" => "2017-12-16T15:41:31","version" => "v2.3.0"},{"date" => "2017-12-16T19:24:58","version" => "v2.4.0"},{"date" => "2017-12-16T20:38:04","version" => "v2.4.1"},{"date" => "2017-12-17T20:04:05","version" => "v2.4.2"},{"date" => "2018-09-04T11:14:29","version" => "v2.5.0"}]},"JavaScript-Duktape-XS" => {"advisories" => [{"affected_versions" => [">=0.000030,<=0.000078"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape-XS","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-XS-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"}],"main_module" => "JavaScript::Duktape::XS","versions" => [{"date" => "2018-03-22T19:58:59","version" => "0.000030"},{"date" => "2018-03-23T11:49:50","version" => "0.000031"},{"date" => "2018-03-26T11:02:50","version" => "0.000032"},{"date" => "2018-03-29T14:31:21","version" => "0.000034"},{"date" => "2018-03-30T07:15:32","version" => "0.000035"},{"date" => "2018-04-04T09:33:24","version" => "0.000036"},{"date" => "2018-04-10T12:34:39","version" => "0.000037"},{"date" => "2018-04-10T15:15:12","version" => "0.000038"},{"date" => "2018-04-12T10:11:24","version" => "0.000039"},{"date" => "2018-04-12T11:44:15","version" => "0.000040"},{"date" => "2018-04-12T12:11:45","version" => "0.000041"},{"date" => "2018-04-13T08:53:34","version" => "0.000042"},{"date" => "2018-04-16T10:13:44","version" => "0.000043"},{"date" => "2018-04-17T07:52:14","version" => "0.000044"},{"date" => "2018-04-18T15:14:31","version" => "0.000045"},{"date" => "2018-04-19T06:55:16","version" => "0.000046"},{"date" => "2018-04-19T13:05:20","version" => "0.000047"},{"date" => "2018-04-19T15:00:21","version" => "0.000048"},{"date" => "2018-04-23T10:31:54","version" => "0.000049"},{"date" => "2018-04-23T15:11:03","version" => "0.000050"},{"date" => "2018-04-25T08:52:03","version" => "0.000051"},{"date" => "2018-05-13T22:52:47","version" => "0.000052"},{"date" => "2018-05-30T08:29:51","version" => "0.000060"},{"date" => "2018-05-30T14:48:38","version" => "0.000061"},{"date" => "2018-06-07T17:38:20","version" => "0.000062"},{"date" => "2018-06-08T07:14:07","version" => "0.000063"},{"date" => "2018-06-08T13:01:42","version" => "0.000064"},{"date" => "2018-06-08T15:37:05","version" => "0.000065"},{"date" => "2018-06-26T08:28:00","version" => "0.000066"},{"date" => "2018-06-26T10:34:38","version" => "0.000067"},{"date" => "2018-07-11T14:18:40","version" => "0.000068"},{"date" => "2018-07-27T11:54:29","version" => "0.000069"},{"date" => "2018-07-30T07:57:07","version" => "0.000070"},{"date" => "2018-08-28T14:01:07","version" => "0.000071"},{"date" => "2018-09-10T12:53:10","version" => "0.000073"},{"date" => "2018-09-11T08:44:24","version" => "0.000074"},{"date" => "2019-01-31T15:24:38","version" => "0.000075"},{"date" => "2019-04-08T08:53:49","version" => "0.000076"},{"date" => "2019-06-28T06:54:32","version" => "0.000077"},{"date" => "2019-08-14T11:05:18","version" => "0.000078"},{"date" => "2021-09-02T10:21:33","version" => "0.000079"},{"date" => "2025-02-19T09:44:22","version" => "0.000081"}]},"Jifty" => {"advisories" => [{"affected_versions" => ["<1.10518"],"cves" => [],"description" => "The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations.  This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.\n","distribution" => "Jifty","fixed_versions" => [">=1.10518"],"id" => "CPANSA-Jifty-2011-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2011-03-17"},{"affected_versions" => ["<0.90409"],"cves" => [],"description" => "The REST plugin would let you call any method on the model.\n","distribution" => "Jifty","fixed_versions" => [">=0.90409"],"id" => "CPANSA-Jifty-2009-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2009-04-09"},{"affected_versions" => ["<0.70408"],"cves" => [],"description" => "Allowed all actions on GET.\n","distribution" => "Jifty","fixed_versions" => [">=0.80408"],"id" => "CPANSA-Jifty-2008-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2009-04-08"},{"affected_versions" => ["<0.60706"],"cves" => [],"description" => "Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the \"standalone\" webserver in production, the attacker could gain read only access to local files.\n","distribution" => "Jifty","fixed_versions" => [">=0.60706"],"id" => "CPANSA-Jifty-2006-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2006-07-06"}],"main_module" => "Jifty","versions" => [{"date" => "2005-12-25T08:19:39","version" => "0.51225"},{"date" => "2005-12-28T17:23:39","version" => "0.51228"},{"date" => "2006-02-14T04:15:03","version" => "0.60213"},{"date" => "2006-02-22T04:57:24","version" => "0.60213"},{"date" => "2006-03-21T23:10:58","version" => "0.60213"},{"date" => "2006-05-05T18:56:21","version" => "0.60321"},{"date" => "2006-05-08T14:38:03","version" => "0.60507"},{"date" => "2006-06-15T14:01:15","version" => "0.60714"},{"date" => "2006-06-16T12:16:03","version" => "0.60616"},{"date" => "2006-07-07T04:32:27","version" => "0.60706"},{"date" => "2006-07-07T05:54:06","version" => "0.60707"},{"date" => "2006-07-23T00:27:10","version" => "0.60722"},{"date" => "2006-09-13T00:25:58","version" => "0.60912"},{"date" => "2006-11-24T03:39:06","version" => "0.61123_01"},{"date" => "2007-01-17T04:52:58","version" => "0.70116"},{"date" => "2007-01-17T20:49:04","version" => "0.70117"},{"date" => "2007-04-17T18:45:55","version" => "0.70415"},{"date" => "2007-04-23T01:08:41","version" => "0.70422"},{"date" => "2007-08-24T04:20:59","version" => "0.70824"},{"date" => "2007-11-29T22:13:17","version" => "0.71129"},{"date" => "2008-04-08T21:15:29","version" => "0.80408"},{"date" => "2009-04-09T23:10:34","version" => "0.90409"},{"date" => "2009-05-20T01:14:48","version" => "0.90519"},{"date" => "2009-06-30T17:41:18","version" => "0.90519"},{"date" => "2009-07-01T19:08:14","version" => "0.90519"},{"date" => "2009-11-18T00:08:35","version" => "0.90701"},{"date" => "2010-12-09T23:08:09","version" => "1.01209"},{"date" => "2011-02-14T22:10:50","version" => "1.10214"},{"date" => "2011-02-28T16:22:26","version" => "1.10228"},{"date" => "2011-05-18T18:12:42","version" => "1.10518"},{"date" => "2015-04-30T20:48:27","version" => "1.50430"}]},"Jifty-DBI" => {"advisories" => [{"affected_versions" => ["<0.68"],"cves" => [],"description" => "SQL injection in column names, operators, order and group by.\n","distribution" => "Jifty-DBI","fixed_versions" => [">=0.68"],"id" => "CPANSA-Jifty-DBI-2011-01","references" => ["https://metacpan.org/dist/Jifty-DBI/changes","https://metacpan.org/dist/Jifty/changes"],"reported" => "2011-04-04"}],"main_module" => "Jifty::DBI","versions" => [{"date" => "2005-11-08T21:32:52","version" => "0.02"},{"date" => "2005-11-26T07:21:20","version" => "0.05_01"},{"date" => "2005-12-23T20:48:59","version" => "0.06"},{"date" => "2005-12-24T04:29:10","version" => "0.06"},{"date" => "2005-12-25T19:37:31","version" => "0.08"},{"date" => "2005-12-29T13:31:40","version" => "0.09"},{"date" => "2006-01-08T10:05:05","version" => "0.10"},{"date" => "2006-01-15T17:22:14","version" => "0.11"},{"date" => "2006-03-05T01:55:32","version" => "0.15"},{"date" => "2006-03-05T02:07:03","version" => "0.15"},{"date" => "2006-03-31T13:22:16","version" => "0.18"},{"date" => "2006-04-02T10:05:36","version" => "0.19"},{"date" => "2006-04-21T16:27:47","version" => "0.20"},{"date" => "2006-05-03T18:26:47","version" => "0.20"},{"date" => "2006-06-15T12:17:00","version" => "0.21"},{"date" => "2006-09-12T22:56:59","version" => "0.25"},{"date" => "2006-11-13T16:15:30","version" => "0.25"},{"date" => "2006-11-24T03:15:46","version" => "0.25"},{"date" => "2007-01-17T20:34:50","version" => "0.25"},{"date" => "2007-01-26T11:55:26","version" => "0.31"},{"date" => "2007-01-26T12:22:07","version" => "0.39_99"},{"date" => "2007-01-26T12:56:35","version" => "0.32"},{"date" => "2007-01-26T13:34:03","version" => "0.39_999"},{"date" => "2007-01-28T13:30:21","version" => "0.32"},{"date" => "2007-04-15T15:26:52","version" => "0.39_9999"},{"date" => "2007-04-16T20:21:33","version" => "0.41"},{"date" => "2007-08-24T04:20:36","version" => "0.43"},{"date" => "2007-10-26T16:48:22","version" => "0.43"},{"date" => "2007-11-07T17:27:17","version" => "0.46"},{"date" => "2007-11-16T21:28:33","version" => "0.46"},{"date" => "2007-11-29T21:38:34","version" => "0.46"},{"date" => "2008-04-08T03:05:48","version" => "0.49"},{"date" => "2009-03-25T19:32:29","version" => "0.53"},{"date" => "2009-05-19T12:33:45","version" => "0.53"},{"date" => "2009-07-14T07:29:33","version" => "0.53"},{"date" => "2009-11-19T01:16:21","version" => "0.59"},{"date" => "2010-01-04T18:04:58","version" => "0.60"},{"date" => "2010-12-08T20:15:10","version" => "0.63"},{"date" => "2010-12-08T20:24:47","version" => "0.64"},{"date" => "2011-02-14T21:27:51","version" => "0.66"},{"date" => "2011-02-28T16:00:37","version" => "0.67"},{"date" => "2011-04-14T16:20:25","version" => "0.68"},{"date" => "2011-05-17T19:54:33","version" => "0.69"},{"date" => "2011-06-15T20:46:39","version" => "0.70"},{"date" => "2011-06-17T20:39:50","version" => "0.71"},{"date" => "2011-10-17T16:45:06","version" => "0.72"},{"date" => "2012-01-25T21:39:16","version" => "0.73"},{"date" => "2012-01-25T21:45:14","version" => "0.74"},{"date" => "2013-01-29T20:18:33","version" => "0.75"},{"date" => "2013-06-17T22:14:37","version" => "0.76"},{"date" => "2013-12-01T18:11:35","version" => "0.77"},{"date" => "2015-04-30T19:16:36","version" => "0.78"}]},"Kelp" => {"advisories" => [{"affected_versions" => ["<0.9001"],"cves" => [],"description" => "X-Real-IP, X-Forwarded-Host and X-Remote-User headers were trusted and used in Kelp::Request\n","distribution" => "Kelp","fixed_versions" => [">=0.9001"],"id" => "CPANSA-Kelp-2014-01","references" => ["https://metacpan.org/dist/Kelp/changes","https://github.com/sgnix/kelp/commit/9f8f5a5215bdc1685a671c1157132a65727aadff"],"reported" => "2014-05-30","reviewed_by" => [{"date" => "2022-06-28","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]}],"main_module" => "Kelp","versions" => [{"date" => "2013-04-12T17:16:52","version" => "0.1"},{"date" => "2013-04-12T17:39:48","version" => "0.11"},{"date" => "2013-04-14T01:05:22","version" => "0.2"},{"date" => "2013-04-16T21:52:38","version" => "0.21"},{"date" => "2013-04-17T04:59:31","version" => "0.215"},{"date" => "2013-04-17T13:16:42","version" => "0.216"},{"date" => "2013-04-17T19:13:12","version" => "0.217"},{"date" => "2013-04-20T01:47:43","version" => "0.218"},{"date" => "2013-04-20T20:27:42","version" => "0.2181"},{"date" => "2013-05-02T16:45:58","version" => "0.2182"},{"date" => "2013-05-06T03:44:19","version" => "0.219"},{"date" => "2013-05-14T20:01:26","version" => "0.2191"},{"date" => "2013-05-25T21:37:51","version" => "0.3001"},{"date" => "2013-06-14T05:59:18","version" => "0.3101"},{"date" => "2013-06-16T15:38:29","version" => "0.3102"},{"date" => "2013-07-03T02:34:18","version" => "0.4001"},{"date" => "2013-07-05T17:36:59","version" => "0.4011"},{"date" => "2013-07-05T22:46:46","version" => "0.4012"},{"date" => "2013-08-15T03:19:01","version" => "0.4501"},{"date" => "2013-11-11T18:10:07","version" => "0.455"},{"date" => "2013-11-20T05:15:34","version" => "0.456"},{"date" => "2014-03-02T17:34:04","version" => "0.457"},{"date" => "2014-03-27T16:29:16","version" => "0.4601"},{"date" => "2014-03-31T22:46:22","version" => "0.4602"},{"date" => "2014-05-31T00:52:57","version" => "0.9001"},{"date" => "2014-07-13T00:41:29","version" => "0.9012"},{"date" => "2014-08-08T17:57:48","version" => "0.9015"},{"date" => "2014-12-15T07:02:58","version" => "0.9021"},{"date" => "2015-04-03T00:32:47","version" => "0.9051"},{"date" => "2015-08-11T06:50:14","version" => "0.9071"},{"date" => "2016-11-09T00:00:02","version" => "0.9081"},{"date" => "2017-12-28T21:08:47","version" => "1.01"},{"date" => "2018-01-08T16:43:42","version" => "1.02"},{"date" => "2021-01-12T14:26:40","version" => "1.03"},{"date" => "2021-01-14T15:00:50","version" => "1.03_1"},{"date" => "2021-01-16T16:53:41","version" => "1.03_2"},{"date" => "2021-01-18T21:15:56","version" => "1.04"},{"date" => "2021-01-21T12:12:36","version" => "1.04_01"},{"date" => "2021-01-21T17:15:38","version" => "1.05"},{"date" => "2022-05-09T21:07:41","version" => "1.06"},{"date" => "2024-06-02T18:49:17","version" => "1.07"},{"date" => "2024-06-05T19:57:13","version" => "1.10_01"},{"date" => "2024-06-08T19:49:17","version" => "2.00_01"},{"date" => "2024-06-09T13:06:47","version" => "2.00_02"},{"date" => "2024-06-09T15:41:33","version" => "2.00_03"},{"date" => "2024-06-09T20:00:29","version" => "2.00_04"},{"date" => "2024-06-10T07:25:19","version" => "2.00_05"},{"date" => "2024-06-10T15:39:47","version" => "2.00"},{"date" => "2024-06-15T11:55:22","version" => "2.01_01"},{"date" => "2024-06-18T16:33:19","version" => "2.01_02"},{"date" => "2024-06-19T19:26:30","version" => "2.01_03"},{"date" => "2024-06-20T06:26:12","version" => "2.01_04"},{"date" => "2024-06-20T20:43:31","version" => "2.01_05"},{"date" => "2024-06-23T19:25:33","version" => "2.10_01"},{"date" => "2024-06-24T05:14:31","version" => "2.10"},{"date" => "2024-06-25T04:15:52","version" => "2.11"},{"date" => "2024-06-26T06:15:21","version" => "2.12"},{"date" => "2024-07-01T06:06:23","version" => "2.13"},{"date" => "2024-07-02T05:28:06","version" => "2.14"},{"date" => "2024-07-03T19:52:27","version" => "2.15"},{"date" => "2024-07-05T19:03:36","version" => "2.16"},{"date" => "2024-07-06T04:18:40","version" => "2.17"},{"date" => "2024-10-08T04:22:01","version" => "2.18"},{"date" => "2024-10-10T20:15:05","version" => "2.19"},{"date" => "2025-03-30T20:44:00","version" => "2.20"},{"date" => "2025-04-02T21:37:22","version" => "2.21"},{"date" => "2025-06-12T19:29:46","version" => "2.22"}]},"Kossy" => {"advisories" => [{"affected_versions" => ["<0.60"],"cves" => ["CVE-2021-47157"],"description" => "Flaw in defense from JSON hijacking.\n","distribution" => "Kossy","fixed_versions" => [">=0.60"],"id" => "CPANSA-Kossy-2021-01","references" => ["https://github.com/kazeburo/Kossy/pull/16","https://metacpan.org/dist/Kossy/changes"],"reported" => "2021-08-29","severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Kossy","versions" => [{"date" => "2011-11-29T08:45:37","version" => "0.05"},{"date" => "2012-01-05T01:58:20","version" => "0.06"},{"date" => "2012-02-17T03:11:05","version" => "0.07"},{"date" => "2012-04-24T10:06:21","version" => "0.08"},{"date" => "2012-05-17T08:52:24","version" => "0.09"},{"date" => "2012-06-19T02:16:23","version" => "0.10"},{"date" => "2012-07-24T12:51:12","version" => "0.11"},{"date" => "2012-08-24T09:24:50","version" => "0.12"},{"date" => "2012-12-05T02:26:49","version" => "0.13"},{"date" => "2013-03-14T13:28:06","version" => "0.14"},{"date" => "2013-04-04T15:38:05","version" => "0.14"},{"date" => "2013-07-16T04:32:43","version" => "0.16"},{"date" => "2013-07-16T04:40:39","version" => "0.17"},{"date" => "2013-08-08T07:08:09","version" => "0.18"},{"date" => "2013-08-30T07:04:23","version" => "0.19"},{"date" => "2013-10-09T06:49:21","version" => "0.20"},{"date" => "2013-10-10T06:42:16","version" => "0.21"},{"date" => "2013-10-15T02:46:09","version" => "0.22"},{"date" => "2013-10-21T05:21:48","version" => "0.23"},{"date" => "2013-10-31T04:44:36","version" => "0.24"},{"date" => "2013-11-06T02:29:36","version" => "0.25"},{"date" => "2013-11-12T02:17:30","version" => "0.26"},{"date" => "2013-11-12T05:48:05","version" => "0.27"},{"date" => "2013-11-28T01:33:03","version" => "0.28"},{"date" => "2014-02-12T04:48:29","version" => "0.30"},{"date" => "2014-02-12T04:56:17","version" => "0.31"},{"date" => "2014-02-19T06:55:53","version" => "0.32"},{"date" => "2014-02-19T16:20:13","version" => "0.33"},{"date" => "2014-02-19T17:19:43","version" => "0.34"},{"date" => "2014-05-28T15:13:06","version" => "0.34"},{"date" => "2014-05-28T15:51:34","version" => "0.34"},{"date" => "2014-05-28T16:50:27","version" => "0.37"},{"date" => "2014-05-29T06:37:53","version" => "0.38"},{"date" => "2014-10-20T05:47:47","version" => "0.39"},{"date" => "2016-07-19T15:04:31","version" => "0.40"},{"date" => "2021-08-26T13:50:58","version" => "0.50"},{"date" => "2021-09-16T12:04:39","version" => "0.60"},{"date" => "2023-11-06T14:27:18","version" => "0.61"},{"date" => "2023-11-09T08:57:59","version" => "0.62"},{"date" => "2023-11-13T02:24:42","version" => "0.63"}]},"LWP-Protocol-Net-Curl" => {"advisories" => [{"affected_versions" => ["<0.009"],"cves" => [],"description" => "Misconfiguration with libcurl v7.28.1 causes a HTTPS validation issues.\n","distribution" => "LWP-Protocol-Net-Curl","fixed_versions" => [">=0.009"],"id" => "CPANSA-LWP-Protocol-Net-Curl-2012-01","references" => ["https://metacpan.org/changes/distribution/LWP-Protocol-Net-Curl","https://github.com/creaktive/LWP-Protocol-Net-Curl/commit/dc8b183c6520a2b6bcde685de635675ee4a7e019"],"reported" => "2012-11-28"}],"main_module" => "LWP::Protocol::Net::Curl","versions" => [{"date" => "2012-10-24T18:49:20","version" => "0.001"},{"date" => "2012-10-26T20:05:13","version" => "0.002"},{"date" => "2012-10-29T18:55:46","version" => "0.003"},{"date" => "2012-10-31T13:01:46","version" => "0.004"},{"date" => "2012-11-01T15:17:14","version" => "0.005"},{"date" => "2012-11-12T12:23:09","version" => "0.006"},{"date" => "2012-11-13T14:33:10","version" => "0.007"},{"date" => "2012-11-25T22:38:58","version" => "0.008"},{"date" => "2012-11-28T19:03:10","version" => "0.009"},{"date" => "2012-12-07T00:13:55","version" => "0.010"},{"date" => "2012-12-18T12:05:00","version" => "0.011"},{"date" => "2013-02-08T11:00:04","version" => "0.012"},{"date" => "2013-02-11T01:56:30","version" => "0.013"},{"date" => "2013-02-16T12:51:03","version" => "0.014"},{"date" => "2013-05-13T21:41:47","version" => "0.015"},{"date" => "2013-05-18T22:12:03","version" => "0.016"},{"date" => "2013-07-13T12:22:34","version" => "0.017"},{"date" => "2013-08-17T11:34:49","version" => "0.018"},{"date" => "2013-10-11T12:33:53","version" => "0.019"},{"date" => "2013-10-13T09:02:17","version" => "0.020"},{"date" => "2014-01-21T17:46:37","version" => "0.021"},{"date" => "2014-07-09T15:04:06","version" => "0.022"},{"date" => "2014-12-23T17:06:56","version" => "0.023"},{"date" => "2019-07-12T12:27:08","version" => "0.024"},{"date" => "2019-07-15T11:29:17","version" => "0.025"},{"date" => "2019-10-08T12:01:54","version" => "0.026"},{"date" => "2025-01-21T10:57:04","version" => "0.027"}]},"LWP-Protocol-https" => {"advisories" => [{"affected_versions" => [">=6.04,<=6.06"],"cves" => ["CVE-2014-3230"],"description" => "The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.\n","distribution" => "LWP-Protocol-https","fixed_versions" => [">6.06"],"id" => "CPANSA-LWP-Protocol-https-2014-3230","references" => ["http://www.openwall.com/lists/oss-security/2014/05/04/1","http://www.openwall.com/lists/oss-security/2014/05/02/8","http://www.openwall.com/lists/oss-security/2014/05/06/8","https://github.com/libwww-perl/lwp-protocol-https/pull/14","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579"],"reported" => "2020-01-28","severity" => "medium"}],"main_module" => "LWP::Protocol::https","versions" => [{"date" => "2011-03-27T11:59:53","version" => "6.02"},{"date" => "2012-02-18T23:01:32","version" => "6.03"},{"date" => "2013-04-29T21:26:33","version" => "6.04"},{"date" => "2014-04-18T17:03:15","version" => "6.06"},{"date" => "2017-02-20T02:46:43","version" => "6.07"},{"date" => "2020-03-23T20:20:33","version" => "6.08"},{"date" => "2020-07-16T13:33:20","version" => "6.09"},{"date" => "2020-12-17T15:44:24","version" => "6.10"},{"date" => "2023-07-09T15:11:15","version" => "6.11"},{"date" => "2024-01-22T17:51:48","version" => "6.12"},{"date" => "2024-02-06T01:01:15","version" => "6.13"},{"date" => "2024-03-11T01:09:49","version" => "6.14"},{"date" => "2026-02-23T20:37:13","version" => "6.15"}]},"Lemonldap-NG-Common" => {"advisories" => [{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.94"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.94"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.95"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.95"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.12"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Common","versions" => [{"date" => "2008-12-25T08:24:58","version" => "0.9"},{"date" => "2008-12-28T09:07:37","version" => "0.91"},{"date" => "2009-02-08T07:12:51","version" => "0.92"},{"date" => "2009-06-29T10:14:12","version" => "0.93"},{"date" => "2009-06-29T11:55:37","version" => "0.94"},{"date" => "2009-10-11T08:25:47","version" => "0.95"},{"date" => "2010-10-13T21:00:29","version" => "0.99"},{"date" => "2010-10-22T05:34:36","version" => "0.99.1"},{"date" => "2010-10-22T05:44:23","version" => "0.991"},{"date" => "2010-10-24T06:31:39","version" => "0.992"},{"date" => "2010-11-26T13:38:09","version" => "1.0.0"},{"date" => "2011-02-28T13:40:38","version" => "1.0.2"},{"date" => "2011-03-07T11:16:29","version" => "1.0.3"},{"date" => "2011-03-23T14:52:32","version" => "1.0.4"},{"date" => "2011-04-15T14:51:05","version" => "1.0.5"},{"date" => "2011-05-30T08:40:05","version" => "1.0.6"},{"date" => "2011-07-08T09:33:02","version" => "1.1.0"},{"date" => "2011-07-29T13:41:39","version" => "1.1.1"},{"date" => "2011-10-07T12:56:16","version" => "1.1.2"},{"date" => "2012-06-18T10:11:39","version" => "1.2.0"},{"date" => "2012-07-06T09:18:20","version" => "1.2.1"},{"date" => "2012-09-17T14:02:30","version" => "1.2.2"},{"date" => "2013-01-25T21:51:20","version" => "1.2.2_01"},{"date" => "2013-02-08T17:09:50","version" => "1.2.3"},{"date" => "2013-04-23T13:19:31","version" => "1.2.4"},{"date" => "2013-08-26T10:37:20","version" => "1.2.5"},{"date" => "2013-11-02T16:29:19","version" => "v1.3.0"},{"date" => "2013-11-10T18:00:20","version" => "v1.3.0_01"},{"date" => "2013-11-11T13:59:28","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:16","version" => "1.3.2"},{"date" => "2014-03-07T13:54:49","version" => "1.3.3"},{"date" => "2014-06-30T12:52:26","version" => "v1.4.0"},{"date" => "2014-07-25T09:53:47","version" => "v1.4.1"},{"date" => "2014-11-05T15:13:39","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:12","version" => "v1.4.3"},{"date" => "2015-04-15T10:04:56","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:36","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:30","version" => "v1.4.6"},{"date" => "2016-03-02T09:49:50","version" => "v1.9.0"},{"date" => "2016-03-22T14:24:49","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:14","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:35","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:02","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:17","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:03","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:00","version" => "v1.9.4"},{"date" => "2016-07-13T09:07:43","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:20","version" => "v1.9.5"},{"date" => "2016-10-10T13:33:58","version" => "v1.4.11"},{"date" => "2016-10-16T12:22:51","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:20","version" => "v1.9.7"},{"date" => "2017-02-28T21:02:38","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:54:49","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:35","version" => "v1.9.99_02"},{"date" => "2017-03-07T05:58:47","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:13","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:20:56","version" => "v1.9.9"},{"date" => "2017-05-19T18:53:04","version" => "v1.9.10"},{"date" => "2017-09-01T10:30:44","version" => "v1.9.11"},{"date" => "2017-09-12T08:39:52","version" => "v1.9.12"},{"date" => "2017-09-29T13:58:45","version" => "v1.9.13"},{"date" => "2017-11-24T19:57:28","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:02","version" => "v1.9.15"},{"date" => "2018-03-16T10:33:38","version" => "v1.9.16"},{"date" => "2018-06-16T09:26:52","version" => "v1.9.17"},{"date" => "2018-10-05T09:39:50","version" => "v1.9.18"},{"date" => "2019-02-12T17:13:05","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:36","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:02","version" => "v2.0.4"},{"date" => "2019-06-29T21:29:43","version" => "v2.0.5"},{"date" => "2019-12-21T21:46:05","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:02","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:18","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:02","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:35","version" => "v2.0.11"},{"date" => "2021-07-22T17:37:52","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:22","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:37","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:02","version" => "v2.0.15"},{"date" => "2022-09-16T08:34:33","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:28:06","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:19","version" => "v2.16.2"},{"date" => "2023-08-30T16:22:52","version" => "v2.17.0"},{"date" => "2023-12-20T21:10:29","version" => "v2.18.0"},{"date" => "2023-12-22T23:40:41","version" => "v2.18.1"},{"date" => "2024-02-06T17:42:02","version" => "v2.18.2"},{"date" => "2024-04-30T15:22:47","version" => "v2.19.0"},{"date" => "2024-07-15T14:44:53","version" => "v2.19.1"},{"date" => "2024-09-04T07:29:59","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:27","version" => "v2.20.0"},{"date" => "2024-11-08T16:33:39","version" => "v2.20.1"},{"date" => "2025-01-22T17:42:14","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:01","version" => "v2.21.0"},{"date" => "2025-06-11T11:14:59","version" => "v2.21.1"},{"date" => "2025-07-11T15:39:59","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:23","version" => "v2.21.3"},{"date" => "2025-10-17T15:26:48","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:08","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:05","version" => "v2.22.2"}]},"Lemonldap-NG-Handler" => {"advisories" => [{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.76"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.76"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.88"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.88"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.92"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.92"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Handler","versions" => [{"date" => "2005-06-29T18:42:29","version" => "0.01"},{"date" => "2005-07-02T08:47:30","version" => "0.02"},{"date" => "2005-07-27T19:22:32","version" => "0.03"},{"date" => "2005-07-29T14:35:49","version" => "0.04"},{"date" => "2005-07-29T15:36:42","version" => "0.05"},{"date" => "2006-07-13T17:53:49","version" => "0.06"},{"date" => "2006-09-27T16:47:33","version" => "0.07"},{"date" => "2006-09-30T21:30:18","version" => "0.1"},{"date" => "2006-10-07T13:24:25","version" => "0.11"},{"date" => "2006-10-14T13:17:22","version" => "0.3"},{"date" => "2006-10-17T13:58:42","version" => "0.5"},{"date" => "2006-11-02T14:33:27","version" => "0.6"},{"date" => "2006-11-02T15:58:18","version" => "0.61"},{"date" => "2006-11-03T07:14:00","version" => "0.62"},{"date" => "2006-12-05T06:47:36","version" => "0.621"},{"date" => "2006-12-07T21:02:24","version" => "0.63"},{"date" => "2006-12-19T18:22:50","version" => "0.7"},{"date" => "2006-12-31T13:03:21","version" => "0.71"},{"date" => "2007-01-05T20:38:29","version" => "0.73"},{"date" => "2007-02-10T11:16:17","version" => "0.74"},{"date" => "2007-02-28T22:28:56","version" => "0.75"},{"date" => "2007-03-09T20:16:44","version" => "0.76"},{"date" => "2007-03-29T19:52:16","version" => "0.77"},{"date" => "2007-04-14T13:14:29","version" => "0.8"},{"date" => "2007-04-15T12:47:16","version" => "0.81"},{"date" => "2007-06-20T19:44:05","version" => "0.82"},{"date" => "2007-07-22T20:34:59","version" => "0.83"},{"date" => "2007-07-31T05:11:23","version" => "0.84"},{"date" => "2008-02-28T07:11:26","version" => "0.85"},{"date" => "2008-04-11T14:53:16","version" => "0.86"},{"date" => "2008-06-06T05:49:44","version" => "0.87"},{"date" => "2008-06-06T12:59:07","version" => "0.88"},{"date" => "2008-08-25T19:52:13","version" => "0.89"},{"date" => "2008-12-25T08:26:27","version" => "0.9"},{"date" => "2009-06-29T10:14:23","version" => "0.91"},{"date" => "2009-10-11T08:25:58","version" => "0.92"},{"date" => "2010-10-13T21:00:41","version" => "0.99"},{"date" => "2010-10-22T05:34:48","version" => "0.99.1"},{"date" => "2010-10-22T05:44:36","version" => "0.991"},{"date" => "2010-10-24T06:31:51","version" => "0.992"},{"date" => "2010-11-26T13:38:22","version" => "1.0.0"},{"date" => "2011-02-28T13:42:05","version" => "1.0.2"},{"date" => "2011-03-07T11:16:41","version" => "1.0.3"},{"date" => "2011-03-23T14:52:45","version" => "1.0.4"},{"date" => "2011-04-15T14:51:16","version" => "1.0.5"},{"date" => "2011-05-30T08:40:17","version" => "1.0.6"},{"date" => "2011-07-08T09:33:13","version" => "1.1.0"},{"date" => "2011-07-29T13:43:07","version" => "1.1.1"},{"date" => "2011-10-07T12:56:28","version" => "1.1.2"},{"date" => "2012-06-18T10:13:06","version" => "1.2.0"},{"date" => "2012-07-06T09:18:32","version" => "1.2.1"},{"date" => "2012-09-17T14:02:42","version" => "1.2.2"},{"date" => "2013-01-25T21:51:32","version" => "1.2.2_01"},{"date" => "2013-02-08T17:10:02","version" => "1.2.3"},{"date" => "2013-04-23T13:19:34","version" => "1.2.4"},{"date" => "2013-08-26T10:37:32","version" => "1.2.5"},{"date" => "2013-11-02T16:29:31","version" => "v1.3.0"},{"date" => "2013-11-11T14:00:55","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:27","version" => "1.3.2"},{"date" => "2014-03-07T13:55:01","version" => "1.3.3"},{"date" => "2014-06-30T12:52:38","version" => "v1.4.0"},{"date" => "2014-07-25T09:53:58","version" => "v1.4.1"},{"date" => "2014-11-05T15:13:51","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:24","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:08","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:47","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:41","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:01","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:00","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:26","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:47","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:13","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:29","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:15","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:11","version" => "v1.9.4"},{"date" => "2016-07-13T09:07:55","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:31","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:10","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:02","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:32","version" => "v1.9.7"},{"date" => "2017-02-28T21:10:55","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:01","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:46","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:15","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:25","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:08","version" => "v1.9.9"},{"date" => "2017-05-19T18:50:09","version" => "v1.9.10"},{"date" => "2017-09-01T10:30:55","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:03","version" => "v1.9.12"},{"date" => "2017-09-29T13:58:57","version" => "v1.9.13"},{"date" => "2017-11-24T19:57:39","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:13","version" => "v1.9.15"},{"date" => "2018-03-16T10:33:50","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:04","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:02","version" => "v1.9.18"},{"date" => "2018-11-30T10:48:13","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:16","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:47","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:13","version" => "v2.0.4"},{"date" => "2019-06-29T21:29:54","version" => "v2.0.5"},{"date" => "2019-09-24T13:00:38","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:16","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:13","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:30","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:13","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:46","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:04","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:33","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:48","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:13","version" => "v2.0.15"},{"date" => "2022-09-16T08:34:44","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:28:17","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:30","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:18","version" => "v2.17.0"},{"date" => "2023-12-20T21:10:42","version" => "v2.18.0"},{"date" => "2023-12-22T23:40:52","version" => "v2.18.1"},{"date" => "2024-02-06T17:42:13","version" => "v2.18.2"},{"date" => "2024-04-30T15:22:58","version" => "v2.19.0"},{"date" => "2024-07-15T14:45:04","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:10","version" => "v2.19.2"},{"date" => "2024-10-08T15:56:54","version" => "v2.20.0"},{"date" => "2024-11-08T16:33:50","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:18","version" => "v2.20.2"},{"date" => "2025-01-22T17:42:25","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:12","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:10","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:10","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:34","version" => "v2.21.3"},{"date" => "2025-10-17T15:26:59","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:19","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:16","version" => "v2.22.2"}]},"Lemonldap-NG-Manager" => {"advisories" => [{"affected_versions" => ["0.03"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.03"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.511"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.511"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.72"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.72"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.87"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.87"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Manager","versions" => [{"date" => "2006-12-10T21:39:02","version" => "0.01"},{"date" => "2006-12-11T07:00:16","version" => "0.02"},{"date" => "2006-12-16T11:32:53","version" => "0.03"},{"date" => "2006-12-19T18:25:24","version" => "0.04"},{"date" => "2006-12-31T13:03:44","version" => "0.1"},{"date" => "2007-01-05T20:38:40","version" => "0.3"},{"date" => "2007-01-13T19:49:19","version" => "0.4"},{"date" => "2007-02-04T14:12:51","version" => "0.43"},{"date" => "2007-02-28T22:29:07","version" => "0.44"},{"date" => "2007-03-04T18:22:09","version" => "0.5"},{"date" => "2007-03-09T20:18:20","version" => "0.51"},{"date" => "2007-03-11T20:25:29","version" => "0.511"},{"date" => "2007-03-29T19:52:20","version" => "0.61"},{"date" => "2007-04-15T11:33:06","version" => "0.63"},{"date" => "2007-05-05T20:35:41","version" => "0.64"},{"date" => "2007-05-06T14:43:00","version" => "0.65"},{"date" => "2007-06-13T13:52:42","version" => "0.7"},{"date" => "2007-06-20T19:43:54","version" => "0.72"},{"date" => "2007-07-03T05:51:25","version" => "0.8"},{"date" => "2007-07-22T20:35:02","version" => "0.82"},{"date" => "2008-02-28T07:11:37","version" => "0.83"},{"date" => "2008-04-11T14:53:27","version" => "0.84"},{"date" => "2008-06-06T05:49:55","version" => "0.85"},{"date" => "2008-08-25T19:53:40","version" => "0.86"},{"date" => "2008-12-25T08:26:37","version" => "0.87"},{"date" => "2009-06-29T10:14:34","version" => "0.89"},{"date" => "2009-06-29T11:57:03","version" => "0.9"},{"date" => "2009-06-29T16:52:14","version" => "0.90"},{"date" => "2009-10-11T08:26:09","version" => "0.91"},{"date" => "2010-10-13T21:00:54","version" => "0.99"},{"date" => "2010-10-22T05:36:18","version" => "0.99.1"},{"date" => "2010-10-22T05:44:52","version" => "0.991"},{"date" => "2010-10-24T06:32:02","version" => "0.992"},{"date" => "2010-11-26T13:38:43","version" => "1.0.0"},{"date" => "2011-02-28T13:42:13","version" => "1.0.2"},{"date" => "2011-03-07T11:16:52","version" => "v1.0.3"},{"date" => "2011-03-23T14:52:57","version" => "1.0.4"},{"date" => "2011-04-15T14:51:27","version" => "1.0.5"},{"date" => "2011-05-30T08:40:28","version" => "1.0.6"},{"date" => "2011-07-08T09:33:24","version" => "1.1.0"},{"date" => "2011-07-29T13:43:25","version" => "1.1.1"},{"date" => "2011-10-07T12:56:39","version" => "1.1.2"},{"date" => "2012-06-18T10:13:16","version" => "1.2.0"},{"date" => "2012-07-06T09:18:43","version" => "1.2.1"},{"date" => "2012-09-17T14:02:56","version" => "1.2.2"},{"date" => "2013-01-25T21:51:43","version" => "1.2.2_01"},{"date" => "2013-02-08T17:11:29","version" => "1.2.3"},{"date" => "2013-04-23T13:19:45","version" => "1.2.4"},{"date" => "2013-08-26T10:38:59","version" => "1.2.5"},{"date" => "2013-11-02T16:29:43","version" => "v1.3.0"},{"date" => "2013-11-11T14:01:06","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:39","version" => "1.3.2"},{"date" => "2014-03-07T13:55:12","version" => "1.3.3"},{"date" => "2014-06-30T12:54:05","version" => "v1.4.0"},{"date" => "2014-07-25T09:55:25","version" => "v1.4.1"},{"date" => "2014-11-05T15:14:02","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:36","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:19","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:59","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:52","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:13","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:12","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:37","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:58","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:25","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:41","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:26","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:23","version" => "v1.9.4"},{"date" => "2016-07-13T09:08:06","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:43","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:21","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:14","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:43","version" => "v1.9.7"},{"date" => "2017-02-28T21:11:07","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:22","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:58","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:17","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:36","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:20","version" => "v1.9.9"},{"date" => "2017-05-19T18:50:21","version" => "v1.9.10"},{"date" => "2017-09-01T10:31:07","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:15","version" => "v1.9.12"},{"date" => "2017-09-29T14:00:24","version" => "v1.9.13"},{"date" => "2017-11-24T19:59:07","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:25","version" => "v1.9.15"},{"date" => "2018-03-16T10:34:01","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:16","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:14","version" => "v1.9.18"},{"date" => "2018-11-30T10:49:40","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:28","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:59","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:24","version" => "v2.0.4"},{"date" => "2019-06-29T21:31:21","version" => "v2.0.5"},{"date" => "2019-09-24T13:00:49","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:27","version" => "v2.0.7"},{"date" => "2020-05-05T16:12:34","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:41","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:24","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:57","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:15","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:44","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:59","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:24","version" => "v2.0.15"},{"date" => "2022-09-16T08:36:11","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:29:43","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:41","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:29","version" => "v2.17.0"},{"date" => "2023-12-20T21:12:09","version" => "v2.18.0"},{"date" => "2023-12-22T23:41:03","version" => "v2.18.1"},{"date" => "2024-02-06T17:49:02","version" => "v2.18.2"},{"date" => "2024-04-30T15:23:09","version" => "v2.19.0"},{"date" => "2024-07-15T14:45:15","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:22","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:38","version" => "v2.20.0"},{"date" => "2024-11-08T16:34:01","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:29","version" => "v2.20.2"},{"date" => "2025-01-22T17:40:23","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:23","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:21","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:21","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:45","version" => "v2.21.3"},{"date" => "2025-10-17T15:27:10","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:30","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:27","version" => "v2.22.2"}]},"Lemonldap-NG-Portal" => {"advisories" => [{"affected_versions" => ["<0.87"],"cves" => [],"description" => "When running on Apache with thread support setMacros and setGroups were not launched with the good datas.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [">=0.87"],"id" => "CPANSA-Lemonldap-NG-Portal-2009-01","references" => ["https://metacpan.org/changes/distribution/Lemonldap-NG-Portal"],"reported" => "2009-02-08"},{"affected_versions" => ["0.42"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.42"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.64"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.64"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.73"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.73"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.74"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.74"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.89"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.89"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Portal","versions" => [{"date" => "2005-06-29T18:44:50","version" => "0.01"},{"date" => "2005-07-02T08:49:37","version" => "0.02"},{"date" => "2006-10-07T13:24:36","version" => "0.1"},{"date" => "2006-10-14T13:26:07","version" => "0.11"},{"date" => "2006-10-14T14:11:06","version" => "0.111"},{"date" => "2006-10-17T13:58:53","version" => "0.2"},{"date" => "2006-11-02T15:23:31","version" => "0.4"},{"date" => "2006-11-03T07:25:06","version" => "0.41"},{"date" => "2006-12-07T21:02:36","version" => "0.42"},{"date" => "2006-12-19T18:26:07","version" => "0.5"},{"date" => "2006-12-31T13:03:32","version" => "0.51"},{"date" => "2007-01-13T19:47:36","version" => "0.6"},{"date" => "2007-02-28T22:29:18","version" => "0.62"},{"date" => "2007-03-04T18:23:52","version" => "0.63"},{"date" => "2007-03-09T20:18:23","version" => "0.64"},{"date" => "2007-03-29T19:52:31","version" => "0.7"},{"date" => "2007-04-01T20:26:10","version" => "0.71"},{"date" => "2007-04-14T20:46:13","version" => "0.72"},{"date" => "2007-04-20T06:51:13","version" => "0.73"},{"date" => "2007-06-13T13:54:26","version" => "0.74"},{"date" => "2007-07-22T20:35:13","version" => "0.76"},{"date" => "2007-07-31T05:11:34","version" => "0.77"},{"date" => "2007-10-15T06:03:56","version" => "0.8"},{"date" => "2008-02-28T07:13:04","version" => "0.81"},{"date" => "2008-04-11T14:53:38","version" => "0.82"},{"date" => "2008-06-06T05:50:06","version" => "0.83"},{"date" => "2008-06-06T12:46:10","version" => "0.84"},{"date" => "2008-08-25T19:53:48","version" => "0.85"},{"date" => "2008-12-25T08:26:49","version" => "0.86"},{"date" => "2009-02-08T07:13:05","version" => "0.87"},{"date" => "2009-06-29T10:14:46","version" => "0.88"},{"date" => "2009-07-05T11:40:59","version" => "0.89"},{"date" => "2009-10-11T08:26:21","version" => "0.90"},{"date" => "2010-10-13T21:02:21","version" => "0.99"},{"date" => "2010-10-22T05:36:29","version" => "0.99.1"},{"date" => "2010-10-22T05:45:04","version" => "0.991"},{"date" => "2010-10-24T06:33:29","version" => "0.992"},{"date" => "2010-11-26T13:38:59","version" => "1.0.0"},{"date" => "2011-02-28T13:42:23","version" => "1.0.2"},{"date" => "2011-03-07T11:17:03","version" => "v1.0.3"},{"date" => "2011-03-23T14:54:26","version" => "1.0.4"},{"date" => "2011-04-15T14:51:44","version" => "1.0.5"},{"date" => "2011-05-30T08:40:46","version" => "1.0.6"},{"date" => "2011-07-08T09:33:35","version" => "1.1.0"},{"date" => "2011-07-29T13:43:35","version" => "1.1.1"},{"date" => "2011-10-07T12:58:06","version" => "1.1.2"},{"date" => "2012-06-18T10:13:31","version" => "1.2.0"},{"date" => "2012-07-06T09:18:54","version" => "1.2.1"},{"date" => "2012-09-17T14:04:26","version" => "1.2.2"},{"date" => "2013-01-25T21:51:54","version" => "1.2.2_01"},{"date" => "2013-02-08T17:11:38","version" => "1.2.3"},{"date" => "2013-04-23T13:19:57","version" => "1.2.4"},{"date" => "2013-08-26T10:39:11","version" => "1.2.5"},{"date" => "2013-11-02T16:31:10","version" => "v1.3.0"},{"date" => "2013-11-10T18:00:31","version" => "v1.3.0_01"},{"date" => "2013-11-11T14:01:21","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:50","version" => "1.3.2"},{"date" => "2014-03-07T13:55:23","version" => "1.3.3"},{"date" => "2014-06-30T12:54:16","version" => "v1.4.0"},{"date" => "2014-07-25T09:55:37","version" => "v1.4.1"},{"date" => "2014-11-05T15:15:30","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:47","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:31","version" => "v1.4.4"},{"date" => "2015-05-22T16:54:10","version" => "v1.4.5"},{"date" => "2015-10-09T09:21:04","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:24","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:24","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:49","version" => "v1.9.1"},{"date" => "2016-04-27T15:23:10","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:36","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:52","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:38","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:34","version" => "v1.9.4"},{"date" => "2016-07-13T09:08:18","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:54","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:33","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:25","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:55","version" => "v1.9.7"},{"date" => "2017-02-28T21:11:18","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:34","version" => "v1.9.8"},{"date" => "2017-03-07T05:48:09","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:28","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:48","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:31","version" => "v1.9.9"},{"date" => "2017-05-19T18:48:42","version" => "v1.9.10"},{"date" => "2017-09-01T10:32:34","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:27","version" => "v1.9.12"},{"date" => "2017-09-29T14:00:36","version" => "v1.9.13"},{"date" => "2017-11-24T19:59:18","version" => "v1.9.14"},{"date" => "2018-01-23T12:50:53","version" => "v1.9.15"},{"date" => "2018-03-16T10:34:13","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:27","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:26","version" => "v1.9.18"},{"date" => "2018-11-30T10:49:52","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:39","version" => "v2.0.2"},{"date" => "2019-04-11T12:23:10","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:36","version" => "v2.0.4"},{"date" => "2019-06-29T21:31:33","version" => "v2.0.5"},{"date" => "2019-09-24T13:01:00","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:38","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:25","version" => "v2.0.8"},{"date" => "2020-09-07T06:21:08","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:36","version" => "v2.0.10"},{"date" => "2021-01-31T14:52:09","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:26","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:56","version" => "v2.0.13"},{"date" => "2022-02-22T18:13:11","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:35","version" => "v2.0.15"},{"date" => "2022-09-16T08:36:23","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:29:55","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:52","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:40","version" => "v2.17.0"},{"date" => "2023-12-20T21:12:20","version" => "v2.18.0"},{"date" => "2023-12-22T23:41:14","version" => "v2.18.1"},{"date" => "2024-02-06T17:49:13","version" => "v2.18.2"},{"date" => "2024-04-30T15:23:21","version" => "v2.19.0"},{"date" => "2024-07-15T14:48:13","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:33","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:50","version" => "v2.20.0"},{"date" => "2024-11-08T16:34:12","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:40","version" => "v2.20.2"},{"date" => "2025-01-22T17:40:34","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:34","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:32","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:33","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:56","version" => "v2.21.3"},{"date" => "2025-10-17T15:27:21","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:41","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:38","version" => "v2.22.2"}]},"Linux-Statm-Tiny" => {"advisories" => [{"affected_versions" => ["<0.0701"],"cves" => ["CVE-2025-3051"],"description" => "Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be\x{a0}loaded instead of the intended file, potentially leading to arbitrary\x{a0}code execution.  Linux::Statm::Tiny uses Mite to produce the affected code section due to\x{a0}CVE-2025-30672","distribution" => "Linux-Statm-Tiny","fixed_versions" => [">=0.0701"],"id" => "CPANSA-Linux-Statm-Tiny-2025-3051","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0700/source/lib/Linux/Statm/Tiny/Mite.pm#L82","https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0701/changes"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Linux::Statm::Tiny","versions" => [{"date" => "2015-01-05T12:19:47","version" => "0.0100"},{"date" => "2015-01-05T15:39:13","version" => "0.0200"},{"date" => "2015-01-05T18:23:59","version" => "0.0201"},{"date" => "2015-01-12T11:30:31","version" => "0.0300"},{"date" => "2015-03-27T13:57:06","version" => "0.0400"},{"date" => "2015-04-09T08:05:00","version" => "0.0500"},{"date" => "2015-05-05T16:02:45","version" => "0.0501"},{"date" => "2015-05-05T16:22:04","version" => "0.0502"},{"date" => "2015-05-06T13:21:39","version" => "0.0503"},{"date" => "2015-05-25T13:38:11","version" => "0.0504"},{"date" => "2015-06-23T17:07:45","version" => "0.0505"},{"date" => "2018-10-27T22:38:48","version" => "0.0600"},{"date" => "2019-02-17T18:30:34","version" => "0.0601"},{"date" => "2022-04-04T15:34:50","version" => "0.0602"},{"date" => "2022-04-04T15:41:28","version" => "0.0603"},{"date" => "2022-07-26T16:29:04","version" => "0.0700"},{"date" => "2025-03-31T13:52:42","version" => "0.0701"}]},"Locale-Maketext" => {"advisories" => [{"affected_versions" => ["<1.25"],"cves" => ["CVE-2012-6329"],"description" => "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.\n","distribution" => "Locale-Maketext","fixed_versions" => [],"id" => "CPANSA-Locale-Maketext-2012-6329","references" => ["http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8","http://sourceforge.net/mailarchive/message.php?msg_id=30219695","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224","http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329","http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod","http://openwall.com/lists/oss-security/2012/12/11/4","http://code.activestate.com/lists/perl5-porters/187763/","http://code.activestate.com/lists/perl5-porters/187746/","https://bugzilla.redhat.com/show_bug.cgi?id=884354","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032","http://www.ubuntu.com/usn/USN-2099-1","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/56950","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2013-01-04","severity" => undef},{"affected_versions" => ["<1.28"],"cves" => ["CVE-2016-1238"],"description" => "Does not remove . from \@INC, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Locale-Maketext","fixed_versions" => [">=1.28"],"id" => "CPANSA-Locale-Maketext-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Locale::Maketext","versions" => [{"date" => "1999-03-16T05:22:44","version" => "0.17"},{"date" => "2000-05-14T08:26:33","version" => "0.18"},{"date" => "2001-05-25T14:21:01","version" => "1.01"},{"date" => "2001-06-20T08:28:48","version" => "1.02"},{"date" => "2001-06-22T05:27:18","version" => "1.03"},{"date" => "2003-04-02T20:20:43","version" => "1.04"},{"date" => "2003-04-19T06:11:36","version" => "1.05"},{"date" => "2003-06-22T07:51:14","version" => "1.06"},{"date" => "2004-01-12T04:18:16","version" => "1.07"},{"date" => "2004-01-20T00:14:54","version" => "1.08"},{"date" => "2004-03-31T06:47:07","version" => "1.09"},{"date" => "2005-11-11T03:42:57","version" => "1.10"},{"date" => "2007-05-08T05:03:08","version" => "1.11_01"},{"date" => "2007-11-18T05:22:03","version" => "1.12"},{"date" => "2008-05-28T15:01:40","version" => "1.13"},{"date" => "2009-06-23T18:13:14","version" => "1.13_80"},{"date" => "2009-06-24T00:22:21","version" => "1.13_81"},{"date" => "2009-06-24T02:33:08","version" => "1.13_82"},{"date" => "2010-09-28T22:59:25","version" => "1.15_01"},{"date" => "2010-10-07T14:12:19","version" => "1.15_02"},{"date" => "2010-10-11T18:07:07","version" => "1.16"},{"date" => "2010-10-20T15:54:47","version" => "1.16_01"},{"date" => "2010-10-20T18:42:13","version" => "1.17"},{"date" => "2011-05-25T15:44:55","version" => "1.18_01"},{"date" => "2011-05-31T19:29:50","version" => "1.19"},{"date" => "2011-12-15T04:02:22","version" => "1.19_01"},{"date" => "2011-12-23T15:18:14","version" => "1.21"},{"date" => "2012-01-15T05:02:24","version" => "1.22"},{"date" => "2012-12-04T21:29:08","version" => "1.23"},{"date" => "2014-04-14T03:15:07","version" => "1.25_01"},{"date" => "2014-04-15T20:10:23","version" => "1.25"},{"date" => "2014-12-04T20:57:02","version" => "1.26"},{"date" => "2016-06-22T23:30:00","version" => "1.27"},{"date" => "2016-07-25T17:57:25","version" => "1.28"},{"date" => "2020-01-20T05:04:23","version" => "1.29"},{"date" => "2022-04-01T19:18:30","version" => "1.30"},{"date" => "2022-04-14T21:18:43","version" => "1.31"},{"date" => "2022-08-22T19:20:51","version" => "1.32"},{"date" => "2023-12-30T21:23:51","version" => "1.33"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "1.10_01"},{"date" => "2009-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011002","version" => "1.14"},{"date" => "2010-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013003","version" => "1.15"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "1.18"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "1.20"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "1.24"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "1.26_01"}]},"Log-Any" => {"advisories" => [{"affected_versions" => [">=1.712,<=1.715"],"cves" => [],"description" => "The WithStackTrace proxy may expose sensitive information\n","distribution" => "Log-Any","fixed_versions" => ["1.716"],"id" => "CPANSA-Log-Any-2023-001","references" => ["https://metacpan.org/dist/Log-Any/changes","https://github.com/preaction/Log-Any/pull/97"],"reported" => undef,"severity" => undef}],"main_module" => "Log::Any","versions" => [{"date" => "2009-07-11T14:11:33","version" => "0.01"},{"date" => "2009-07-14T23:34:51","version" => "0.02"},{"date" => "2009-07-18T03:41:02","version" => "0.03"},{"date" => "2009-09-04T00:32:59","version" => "0.03"},{"date" => "2009-10-27T22:26:20","version" => "0.05"},{"date" => "2009-10-31T23:24:23","version" => "0.06"},{"date" => "2009-12-07T17:57:19","version" => "0.07"},{"date" => "2009-12-16T01:31:06","version" => "0.08"},{"date" => "2010-01-05T21:20:31","version" => "0.09"},{"date" => "2010-01-05T21:27:46","version" => "0.10"},{"date" => "2010-02-12T13:08:17","version" => "0.11"},{"date" => "2011-03-23T21:55:43","version" => "0.12"},{"date" => "2011-08-02T13:27:07","version" => "0.13"},{"date" => "2011-08-31T22:51:22","version" => "0.14"},{"date" => "2013-04-10T17:16:43","version" => "0.15"},{"date" => "2014-12-12T22:09:51","version" => "0.90"},{"date" => "2014-12-15T03:15:09","version" => "0.91"},{"date" => "2014-12-15T12:13:47","version" => "0.92"},{"date" => "2014-12-26T03:04:57","version" => "1.00"},{"date" => "2014-12-27T03:26:31","version" => "1.01"},{"date" => "2014-12-28T12:07:41","version" => "1.02"},{"date" => "2015-01-02T03:43:07","version" => "1.03"},{"date" => "2015-03-26T10:09:30","version" => "1.031"},{"date" => "2015-03-26T21:24:48","version" => "1.032"},{"date" => "2016-02-03T15:34:02","version" => "1.033"},{"date" => "2016-02-04T19:48:49","version" => "1.035"},{"date" => "2016-02-06T01:27:07","version" => "1.037"},{"date" => "2016-02-10T21:18:02","version" => "1.038"},{"date" => "2016-02-24T22:48:34","version" => "1.040"},{"date" => "2016-08-18T05:02:37","version" => "1.041"},{"date" => "2016-08-27T04:38:20","version" => "1.042"},{"date" => "2016-11-04T02:48:06","version" => "1.043"},{"date" => "2016-11-06T21:53:19","version" => "1.044"},{"date" => "2016-11-12T03:54:03","version" => "1.045"},{"date" => "2017-01-12T03:44:21","version" => "1.046"},{"date" => "2017-03-23T01:25:09","version" => "1.047"},{"date" => "2017-03-27T20:17:22","version" => "1.048"},{"date" => "2017-03-28T21:03:30","version" => "1.049"},{"date" => "2017-08-04T03:30:12","version" => "1.050"},{"date" => "2017-08-07T01:43:24","version" => "1.051"},{"date" => "2017-09-28T22:00:06","version" => "1.700"},{"date" => "2017-10-02T19:38:09","version" => "1.701"},{"date" => "2017-11-28T21:20:01","version" => "1.702"},{"date" => "2017-11-29T16:57:31","version" => "1.703"},{"date" => "2017-12-18T00:14:35","version" => "1.704"},{"date" => "2018-01-17T19:50:35","version" => "1.705"},{"date" => "2018-07-07T01:21:05","version" => "1.706"},{"date" => "2018-08-02T03:56:11","version" => "1.707"},{"date" => "2020-01-13T03:58:06","version" => "1.708"},{"date" => "2021-02-17T21:17:28","version" => "1.709"},{"date" => "2021-08-02T15:11:51","version" => "1.710"},{"date" => "2022-11-22T17:29:07","version" => "1.711"},{"date" => "2022-12-09T17:06:31","version" => "1.712"},{"date" => "2022-12-12T18:45:32","version" => "1.713"},{"date" => "2023-03-20T16:49:03","version" => "1.714"},{"date" => "2023-05-04T18:09:55","version" => "1.715"},{"date" => "2023-06-26T19:15:29","version" => "1.716"},{"date" => "2023-08-17T15:53:05","version" => "1.717"},{"date" => "2025-06-01T15:00:19","version" => "1.718"}]},"MARC-File-XML" => {"advisories" => [{"affected_versions" => ["<1.0.2"],"cves" => ["CVE-2014-1626"],"description" => "XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.\n","distribution" => "MARC-File-XML","fixed_versions" => [],"id" => "CPANSA-MARC-File-XML-2014-1626","references" => ["http://www.securityfocus.com/bid/65057","http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html","http://secunia.com/advisories/55404","http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html","https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes","http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html","http://osvdb.org/102367","https://exchange.xforce.ibmcloud.com/vulnerabilities/90620"],"reported" => "2014-01-26","severity" => undef}],"main_module" => "MARC::File::XML","versions" => [{"date" => "2017-05-24T01:18:18","version" => "v1.0.5"}]},"MDK-Common" => {"advisories" => [{"affected_versions" => ["==1.1.11","==1.1.24",">=1.2.9,<=1.2.14"],"cves" => ["CVE-2009-0912"],"description" => "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors.'\n","distribution" => "MDK-Common","fixed_versions" => [],"id" => "CPANSA-MDK-Common-2009-0912","references" => ["http://www.securityfocus.com/bid/34089","http://www.vupen.com/english/advisories/2009/0688","http://www.mandriva.com/security/advisories?name=MDVSA-2009:072","https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"],"reported" => "2009-03-16","severity" => undef}],"main_module" => "MDK::Common","versions" => [{"date" => "2012-09-14T16:23:25","version" => "1.2.29"},{"date" => "2014-05-06T17:14:10","version" => "v1.2.30"},{"date" => "2017-10-27T22:31:26","version" => "v1.2.32"},{"date" => "2017-10-27T23:18:48","version" => "v1.2.33"},{"date" => "2017-10-28T01:09:39","version" => "v1.2.34"},{"date" => "2017-10-28T03:37:17","version" => "v1.2.34.1"},{"date" => "2017-10-28T04:28:13","version" => "v1.2.34.2"}]},"MHonArc" => {"advisories" => [{"affected_versions" => ["<2.6.17"],"cves" => ["CVE-2010-4524"],"description" => "Improper escaping of certain HTML sequences (XSS).\n","distribution" => "MHonArc","fixed_versions" => [">=2.6.17"],"id" => "CPANSA-MHonArc-2011-01","references" => ["https://metacpan.org/changes/distribution/MHonArc"],"reported" => "2011-01-09"},{"affected_versions" => ["<2.6.17"],"cves" => ["CVE-2010-1677"],"description" => "DoS when processing html messages with deep tag nesting.\n","distribution" => "MHonArc","fixed_versions" => [">=2.6.17"],"id" => "CPANSA-MHonArc-2011-02","references" => ["https://metacpan.org/changes/distribution/MHonArc"],"reported" => "2011-01-09"}],"main_module" => "MHonArc::UTF8","versions" => [{"date" => "1997-12-11T20:44:41","version" => "2.1"},{"date" => "1998-03-04T01:06:00","version" => "v2.2.0"},{"date" => "1998-10-11T02:56:10","version" => "v2.3.0"},{"date" => "1998-10-25T19:27:37","version" => "v2.3.1"},{"date" => "1998-11-01T20:02:48","version" => "v2.3.2"},{"date" => "1998-11-08T21:59:21","version" => "v2.3.3"},{"date" => "1999-06-26T07:57:53","version" => "v2.4.0"},{"date" => "1999-07-26T19:30:51","version" => "v2.4.1"},{"date" => "1999-08-12T07:16:14","version" => "v2.4.2"},{"date" => "1999-08-16T06:25:39","version" => "v2.4.3"},{"date" => "1999-10-01T19:43:07","version" => "v2.4.4"},{"date" => "2000-02-15T03:44:03","version" => "v2.4.5"},{"date" => "2000-04-24T08:35:56","version" => "v2.4.6"},{"date" => "2000-10-29T04:18:32","version" => "v2.4.7"},{"date" => "2000-10-30T06:29:47","version" => "v2.4.7"},{"date" => "2001-04-14T21:48:01","version" => "v2.4.8"},{"date" => "2001-06-11T03:09:13","version" => "v2.4.9"},{"date" => "2001-08-26T19:46:53","version" => "v2.5.0"},{"date" => "2001-09-07T15:24:19","version" => "v2.5.0"},{"date" => "2001-10-17T16:03:13","version" => "v2.5.0"},{"date" => "2001-11-14T05:09:59","version" => "v2.5.1"},{"date" => "2001-11-25T06:46:19","version" => "v2.5.2"},{"date" => "2002-04-18T07:23:29","version" => "v2.5.3"},{"date" => "2002-05-03T05:06:16","version" => "v2.5.4"},{"date" => "2002-05-28T05:43:00","version" => "v2.5.5"},{"date" => "2002-06-18T18:07:38","version" => "v2.5.6"},{"date" => "2002-06-21T22:59:36","version" => "v2.5.7"},{"date" => "2002-06-29T03:22:26","version" => "v2.5.8"},{"date" => "2002-07-20T02:39:53","version" => "v2.5.9"},{"date" => "2002-07-29T00:10:32","version" => "v2.5.10"},{"date" => "2002-08-04T04:25:22","version" => "v2.5.11"},{"date" => "2002-09-04T04:32:14","version" => "v2.5.12"},{"date" => "2002-10-21T17:13:35","version" => "v2.5.13"},{"date" => "2002-12-22T01:07:40","version" => "v2.5.14"},{"date" => "2003-02-10T05:23:02","version" => "v2.6.0"},{"date" => "2003-02-23T00:39:05","version" => "v2.6.1"},{"date" => "2003-03-12T01:55:48","version" => "v2.6.2"},{"date" => "2003-04-06T02:11:59","version" => "v2.6.3"},{"date" => "2003-06-22T21:54:52","version" => "v2.6.4"},{"date" => "2003-07-20T04:51:56","version" => "v2.6.5"},{"date" => "2003-07-21T17:20:07","version" => "v2.6.6"},{"date" => "2003-08-07T23:49:43","version" => "v2.6.7"},{"date" => "2003-08-13T04:47:02","version" => "v2.6.8"},{"date" => "2004-05-17T06:24:46","version" => "v2.6.9"},{"date" => "2004-05-17T06:25:16","version" => "v2.6.10"},{"date" => "2005-05-20T17:15:40","version" => "v2.6.11"},{"date" => "2005-06-09T02:30:11","version" => "v2.6.12"},{"date" => "2005-07-06T05:15:55","version" => "v2.6.13"},{"date" => "2005-07-23T07:15:49","version" => "2.6.14"},{"date" => "2005-07-27T03:46:13","version" => "2.6.15"},{"date" => "2006-06-10T03:21:01","version" => "2.6.16"},{"date" => "2011-01-09T10:04:06","version" => "2.6.17"},{"date" => "2011-01-09T16:35:39","version" => "2.6.18"},{"date" => "2014-04-22T03:33:53","version" => "2.6.19"},{"date" => "2020-09-14T09:22:58","version" => "v2.6.20"},{"date" => "2020-09-14T11:54:14","version" => "v2.6.21"},{"date" => "2020-09-21T07:06:18","version" => "v2.6.22"},{"date" => "2020-11-12T12:54:55","version" => "v2.6.23"},{"date" => "2020-11-16T14:24:54","version" => "v2.6.24"}]},"MIME-tools" => {"advisories" => [{"affected_versions" => ["<4.109"],"cves" => [],"description" => "There was a potential security hole when outputting entities with recommended filenames.\n","distribution" => "MIME-tools","fixed_versions" => [">=4.109"],"id" => "CPANSA-MIME-tools-1998-01","references" => ["https://metacpan.org/dist/MIME-tools/changes"],"reported" => "1998-01-10","severity" => undef}],"main_module" => "MIME::Body","versions" => [{"date" => "1996-10-18T13:57:11","version" => "2.01"},{"date" => "1996-10-23T19:20:59","version" => "2.02"},{"date" => "1996-10-28T18:27:36","version" => "2.03"},{"date" => "1996-11-03T00:35:36","version" => "2.04"},{"date" => "1997-01-13T10:17:14","version" => "2.13"},{"date" => "1997-01-14T07:05:37","version" => "2.14"},{"date" => "1997-01-21T03:40:48","version" => "3.203"},{"date" => "1997-01-22T11:24:13","version" => "3.204"},{"date" => "1998-01-14T15:44:55","version" => "4.111"},{"date" => "1998-01-18T04:23:37","version" => "4.112"},{"date" => "1998-01-20T08:21:18","version" => "4.113"},{"date" => "1998-02-14T21:45:26","version" => "4.116"},{"date" => "1998-05-05T14:32:36","version" => "4.119"},{"date" => "1998-06-04T13:30:01","version" => "4.121"},{"date" => "1999-02-10T05:39:03","version" => "4.122"},{"date" => "1999-05-14T13:29:15","version" => "4.124"},{"date" => "2000-05-24T14:44:21","version" => "5.115"},{"date" => "2000-05-26T04:46:25","version" => "5.116"},{"date" => "2000-06-06T16:14:02","version" => "5.205"},{"date" => "2000-06-08T07:36:13","version" => "5.206"},{"date" => "2000-06-09T03:44:00","version" => "5.207"},{"date" => "2000-06-10T08:12:36","version" => "5.209"},{"date" => "2000-06-20T13:24:34","version" => "5.210"},{"date" => "2000-06-24T06:57:34","version" => "5.211"},{"date" => "2000-07-07T14:46:11","version" => "5.304"},{"date" => "2000-07-20T06:47:41","version" => "5.306"},{"date" => "2000-08-15T14:22:44","version" => "5.310"},{"date" => "2000-08-16T05:28:11","version" => "5.311"},{"date" => "2000-09-05T04:17:48","version" => "5.313"},{"date" => "2000-09-06T04:59:03","version" => "5.314"},{"date" => "2000-09-21T06:14:25","version" => "5.316"},{"date" => "2000-11-05T15:24:04","version" => "5.404"},{"date" => "2000-11-06T00:34:39","version" => "5.405"},{"date" => "2000-11-10T05:27:35","version" => "5.408"},{"date" => "2000-11-20T18:04:43","version" => "5.409"},{"date" => "2000-11-23T05:31:08","version" => "5.410"},{"date" => "2001-06-05T15:21:25","version" => "5.411"},{"date" => "2001-11-16T17:32:32","version" => "5.411"},{"date" => "2003-06-09T16:42:00","version" => "6.200_01"},{"date" => "2003-07-22T20:49:42","version" => "6.200_02"},{"date" => "2004-09-14T14:20:07","version" => "5.412"},{"date" => "2004-09-15T14:11:08","version" => "5.413"},{"date" => "2004-10-06T19:46:54","version" => "5.414"},{"date" => "2004-10-27T12:51:54","version" => "5.415"},{"date" => "2005-01-03T15:45:29","version" => "5.416"},{"date" => "2005-01-20T21:24:25","version" => "5.417"},{"date" => "2005-09-29T19:40:53","version" => "5.418"},{"date" => "2005-12-22T21:52:16","version" => "5.419"},{"date" => "2006-03-17T21:20:12","version" => "5.420"},{"date" => "2007-06-18T20:04:22","version" => "5.420_01"},{"date" => "2007-08-31T18:03:20","version" => "5.420_02"},{"date" => "2007-09-20T21:33:01","version" => "5.421"},{"date" => "2007-09-25T22:31:20","version" => "5.422"},{"date" => "2007-09-27T15:50:17","version" => "5.423"},{"date" => "2007-11-07T15:36:31","version" => "5.424"},{"date" => "2007-11-17T16:20:42","version" => "5.425"},{"date" => "2008-03-18T13:45:38","version" => "5.426"},{"date" => "2008-06-30T18:41:00","version" => "5.426"},{"date" => "2010-04-22T15:31:33","version" => "5.428"},{"date" => "2010-04-30T13:47:59","version" => "5.500"},{"date" => "2011-01-07T15:59:19","version" => "5.500"},{"date" => "2011-02-17T18:37:12","version" => "5.501"},{"date" => "2011-03-08T14:03:11","version" => "5.502"},{"date" => "2012-06-08T13:44:12","version" => "5.503"},{"date" => "2013-01-30T21:01:40","version" => "5.504"},{"date" => "2013-11-14T15:27:15","version" => "5.505"},{"date" => "2015-04-22T17:32:26","version" => "5.506"},{"date" => "2015-09-30T13:21:56","version" => "5.507"},{"date" => "2016-08-29T14:52:28","version" => "5.508"},{"date" => "2017-04-05T18:13:30","version" => "5.508"},{"date" => "2022-07-06T14:20:39","version" => "5.503"},{"date" => "2024-01-02T15:38:07","version" => "5.503"},{"date" => "2024-01-08T18:22:18","version" => "5.503"},{"date" => "2024-01-25T16:28:54","version" => "5.503"},{"date" => "2024-02-06T20:49:02","version" => "5.503"},{"date" => "2024-04-24T15:36:43","version" => "5.515"},{"date" => "2026-02-10T17:09:42","version" => "5.516"},{"date" => "2026-02-11T02:54:45","version" => "5.517"}]},"MT" => {"advisories" => [{"affected_versions" => [">=4.20,<=4.38"],"cves" => ["CVE-2013-0209"],"description" => "lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2013-0209","references" => ["http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt","http://www.movabletype.org/2013/01/movable_type_438_patch.html","http://openwall.com/lists/oss-security/2013/01/22/3","http://www.sec-1.com/blog/?p=402"],"reported" => "2013-01-23","severity" => undef},{"affected_versions" => [">=7,<=7.9.4",">=6,<=6.8.6",">=4,<=5"],"cves" => ["CVE-2022-38078"],"description" => "Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.\n","distribution" => "MT","fixed_versions" => [">=7.9.5",">=6.8.7,<7"],"id" => "CPANSA-MT-2022-38078","references" => ["https://movabletype.org/news/2022/08/mt-795-687-released.html","https://jvn.jp/en/jp/JVN57728859/index.html"],"reported" => "2022-08-24","severity" => "critical"},{"affected_versions" => [">=7,<=7.8.1",">=6,<=6.8.2","<6"],"cves" => ["CVE-2021-20837"],"description" => "Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20837","references" => ["https://jvn.jp/en/jp/JVN41119755/index.html","https://movabletype.org/news/2021/10/mt-782-683-released.html","http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html","http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"],"reported" => "2021-10-26","severity" => "critical"},{"affected_versions" => [">=7,<7.8.0"],"cves" => ["CVE-2021-20814"],"description" => "Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20814","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0"],"cves" => ["CVE-2021-20813"],"description" => "Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20813","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20815"],"description" => "Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20815","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20811"],"description" => "Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20811","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20810"],"description" => "Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20810","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20809"],"description" => "Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20809","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20808"],"description" => "Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20808","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => ["<=1.37"],"cves" => ["CVE-2020-5669"],"description" => "Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5669","references" => ["https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html","https://jvn.jp/en/jp/JVN94245475/index.html"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5577"],"description" => "Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5577","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "high"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5576"],"description" => "Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5576","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "high"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5575"],"description" => "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5575","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "medium"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5574"],"description" => "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5574","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "medium"},{"affected_versions" => [">=7,<7.1.4",">=6,<=6.5.2"],"cves" => ["CVE-2020-5528"],"description" => "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5528","references" => ["https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html","http://jvn.jp/en/jp/JVN94435544/index.html"],"reported" => "2020-02-06","severity" => "medium"},{"affected_versions" => [">=7,<7.1.3",">=6.5.0,<=6.5.1",">=6,<=6.3.9"],"cves" => ["CVE-2019-6025"],"description" => "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2019-6025","references" => ["https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html","http://jvn.jp/en/jp/JVN65280626/index.html"],"reported" => "2019-12-26","severity" => "medium"},{"affected_versions" => ["==6.3.1"],"cves" => ["CVE-2018-0672"],"description" => "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2018-0672","references" => ["http://jvn.jp/en/jp/JVN89550319/index.html"],"reported" => "2018-09-04","severity" => "medium"},{"affected_versions" => [">=6.0.0,<6.1.3",">=6.2.0,<6.2.6","<5.2.13"],"cves" => ["CVE-2016-5742"],"description" => "SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2016-5742","references" => ["https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html","http://www.openwall.com/lists/oss-security/2016/06/22/6","http://www.openwall.com/lists/oss-security/2016/06/22/5","http://www.openwall.com/lists/oss-security/2016/06/22/3","http://www.securitytracker.com/id/1036160"],"reported" => "2017-01-23","severity" => "critical"},{"affected_versions" => ["<5.2.12",">=6.0.0,<=6.0.7"],"cves" => ["CVE-2015-1592"],"description" => "Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2015-1592","references" => ["https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html","http://www.securityfocus.com/bid/72606","http://www.openwall.com/lists/oss-security/2015/02/12/17","http://www.openwall.com/lists/oss-security/2015/02/12/2","https://www.debian.org/security/2015/dsa-3183","http://www.securitytracker.com/id/1031777","https://exchange.xforce.ibmcloud.com/vulnerabilities/100912"],"reported" => "2015-02-19","severity" => undef},{"affected_versions" => ["<5.18",">=5.2.0,<5.2.11",">=6,<6.0.6"],"cves" => ["CVE-2014-9057"],"description" => "SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2014-9057","references" => ["https://movabletype.org/news/2014/12/6.0.6.html","https://movabletype.org/documentation/appendices/release-notes/6.0.6.html","http://secunia.com/advisories/61227","https://www.debian.org/security/2015/dsa-3183"],"reported" => "2014-12-16","severity" => undef},{"affected_versions" => ["<5.2.6"],"cves" => ["CVE-2013-2184"],"description" => "Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2013-2184","references" => ["https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html","http://www.debian.org/security/2015/dsa-3183","http://seclists.org/oss-sec/2013/q2/568","http://seclists.org/oss-sec/2013/q2/560"],"reported" => "2015-03-27","severity" => undef},{"affected_versions" => ["==5.13"],"cves" => ["CVE-2012-1503"],"description" => "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-1503","references" => ["http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html","http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html","http://www.exploit-db.com/exploits/22151","http://osvdb.org/show/osvdb/86729","http://www.securityfocus.com/bid/56160","https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"],"reported" => "2014-08-29","severity" => undef},{"affected_versions" => ["<4.38",">=5,<5.07",">=5.10,<5.13"],"cves" => ["CVE-2012-0320"],"description" => "Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-0320","references" => ["http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html","http://www.movabletype.org/documentation/appendices/release-notes/513.html","http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018","http://jvn.jp/en/jp/JVN20083397/index.html","http://www.securitytracker.com/id?1026738","http://www.securityfocus.com/bid/52138","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-03-03","severity" => undef},{"affected_versions" => ["<4.38",">=5,<5.07",">=5.10,<5.13"],"cves" => ["CVE-2012-0317"],"description" => "Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-0317","references" => ["http://jvn.jp/en/jp/JVN70683217/index.html","http://www.movabletype.org/documentation/appendices/release-notes/513.html","http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html","http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015","http://www.securitytracker.com/id?1026738","http://www.securityfocus.com/bid/52138","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-03-03","severity" => undef},{"affected_versions" => [">=4,<4.36",">=5,<5.05"],"cves" => ["CVE-2011-5085"],"description" => "Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2011-5085","references" => ["http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-04-02","severity" => undef},{"affected_versions" => [">=4,<4.36",">=5,<5.05"],"cves" => ["CVE-2011-5084"],"description" => "Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2011-5084","references" => ["http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-04-02","severity" => undef},{"affected_versions" => [">=5.0,<=5.01"],"cves" => ["CVE-2010-1985"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2010-1985","references" => ["http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html","http://www.movabletype.com/blog/2010/05/movable-type-502.html","http://www.vupen.com/english/advisories/2010/1136","http://secunia.com/advisories/39741","http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html","http://jvn.jp/en/jp/JVN92854093/index.html"],"reported" => "2010-05-19","severity" => undef},{"affected_versions" => ["<4.261"],"cves" => ["CVE-2009-2492"],"description" => "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-2492","references" => ["http://jvn.jp/en/jp/JVN86472161/index.html","http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html","http://www.vupen.com/english/advisories/2009/1668","http://secunia.com/advisories/35534","http://www.securityfocus.com/bid/35885"],"reported" => "2009-07-17","severity" => undef},{"affected_versions" => ["<4.261"],"cves" => ["CVE-2009-2481"],"description" => "mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-2481","references" => ["http://jvn.jp/en/jp/JVN08369659/index.html","http://www.vupen.com/english/advisories/2009/1668","http://www.securityfocus.com/bid/35471","http://secunia.com/advisories/35534","http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/51330"],"reported" => "2009-07-16","severity" => undef},{"affected_versions" => ["<4.24"],"cves" => ["CVE-2009-0752"],"description" => "Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-0752","references" => ["http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html"],"reported" => "2009-03-03","severity" => undef},{"affected_versions" => ["<4.23"],"cves" => ["CVE-2008-5846"],"description" => "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\"\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5846","references" => ["http://www.movabletype.org/mt_423_change_log.html","http://www.securityfocus.com/bid/33133","https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"],"reported" => "2009-01-05","severity" => undef},{"affected_versions" => ["<4.23"],"cves" => ["CVE-2008-5845"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5845","references" => ["http://www.movabletype.org/mt_423_change_log.html","http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html","http://jvn.jp/en/jp/JVN45658190/index.html"],"reported" => "2009-01-05","severity" => undef},{"affected_versions" => [">=3,<=3.38",">=4,<4.23"],"cves" => ["CVE-2008-5808"],"description" => "Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to \"application management.\"\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5808","references" => ["http://secunia.com/advisories/32935","http://www.securityfocus.com/bid/32604","http://jvn.jp/en/jp/JVN02216739/index.html","http://www.movabletype.jp/blog/_movable_type_423.html","http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/47019"],"reported" => "2009-01-02","severity" => undef},{"affected_versions" => [">=7,<=7.7.1"],"cves" => ["CVE-2021-20812"],"description" => "Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20812","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => ["<=7"],"cves" => ["CVE-2022-43660"],"description" => "Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2022-43660","references" => ["https://movabletype.org/news/2022/11/mt-796-688-released.html","https://jvn.jp/en/jp/JVN37014768/index.html"],"reported" => "2022-12-07","severity" => undef}],"main_module" => "","versions" => []},"Mail-Audit" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2005-4536"],"description" => "Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.\n","distribution" => "Mail-Audit","fixed_versions" => [],"id" => "CPANSA-Mail-Audit-2005-4536","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029","http://www.debian.org/security/2006/dsa-960","http://secunia.com/advisories/18652","http://secunia.com/advisories/18656","http://www.securityfocus.com/bid/16434","http://www.vupen.com/english/advisories/2006/0378","https://exchange.xforce.ibmcloud.com/vulnerabilities/24380"],"reported" => "2005-12-31","severity" => undef}],"main_module" => "Mail::Audit","versions" => [{"date" => "2000-03-25T11:22:17","version" => "1.0"},{"date" => "2000-06-17T08:03:59","version" => "1.1"},{"date" => "2000-06-17T10:56:28","version" => "1.2"},{"date" => "2000-06-17T11:13:20","version" => "1.3"},{"date" => "2001-01-04T20:17:04","version" => "1.4"},{"date" => "2001-01-07T14:23:39","version" => "1.5"},{"date" => "2001-01-13T22:45:20","version" => "1.6"},{"date" => "2001-01-27T11:31:56","version" => "1.7"},{"date" => "2001-02-12T16:34:27","version" => "1.8"},{"date" => "2001-03-21T21:35:00","version" => "1.9"},{"date" => "2001-04-23T15:45:51","version" => "1.10"},{"date" => "2001-05-16T23:20:35","version" => "1.11"},{"date" => "2001-12-10T21:02:24","version" => "2.0"},{"date" => "2002-03-04T19:59:38","version" => "2.1"},{"date" => "2006-05-27T01:36:59","version" => "2.200_01"},{"date" => "2006-05-31T01:58:52","version" => "2.200_02"},{"date" => "2006-06-02T02:17:31","version" => "2.200_03"},{"date" => "2006-06-04T20:18:18","version" => "2.200_04"},{"date" => "2006-06-05T03:39:12","version" => "2.200_05"},{"date" => "2006-07-16T21:50:04","version" => "2.201"},{"date" => "2006-07-21T12:18:37","version" => "2.202"},{"date" => "2006-07-22T00:53:55","version" => "2.203"},{"date" => "2006-09-19T11:26:30","version" => "2.210"},{"date" => "2006-09-19T11:38:19","version" => "2.211"},{"date" => "2006-10-31T15:24:49","version" => "2.212"},{"date" => "2007-02-15T17:05:02","version" => "2.213"},{"date" => "2007-02-15T19:32:24","version" => "2.214"},{"date" => "2007-02-19T21:14:15","version" => "2.215"},{"date" => "2007-02-27T01:52:17","version" => "2.216"},{"date" => "2007-03-05T17:16:08","version" => "2.217"},{"date" => "2007-03-06T16:24:21","version" => "2.218"},{"date" => "2007-06-14T22:28:51","version" => "2.219"},{"date" => "2007-07-14T19:04:32","version" => "2.220"},{"date" => "2007-09-17T13:26:24","version" => "2.221"},{"date" => "2007-11-02T03:23:46","version" => "2.222"},{"date" => "2008-04-17T20:32:32","version" => "2.223"},{"date" => "2009-09-18T17:22:37","version" => "2.224"},{"date" => "2009-11-23T19:27:24","version" => "2.225"},{"date" => "2011-11-11T16:37:46","version" => "2.226"},{"date" => "2011-11-14T19:21:44","version" => "2.227"},{"date" => "2013-09-29T01:21:47","version" => "2.228"}]},"MailTools" => {"advisories" => [{"affected_versions" => ["<1.51"],"cves" => ["CVE-2002-1271"],"description" => "The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.\n","distribution" => "MailTools","fixed_versions" => [">=1.51"],"id" => "CPANSA-Mail-Mailer-2002-1271","references" => ["http://www.iss.net/security_center/static/10548.php","http://www.debian.org/security/2003/dsa-386","http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php","http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html","http://www.securityfocus.com/bid/6104","http://marc.info/?l=bugtraq&m=103659723101369&w=2","http://marc.info/?l=bugtraq&m=103679569705086&w=2"],"reported" => "2002-11-12","severity" => undef}],"main_module" => "MailTools","versions" => [{"date" => "1995-10-21T04:25:33","version" => "1.03"},{"date" => "1995-11-21T11:54:38","version" => "1.04"},{"date" => "1996-08-13T09:42:17","version" => "1.06"},{"date" => "1997-01-02T10:39:44","version" => "1.07"},{"date" => "1997-01-07T13:38:49","version" => "1.08"},{"date" => "1997-02-24T09:04:31","version" => "1.09"},{"date" => "1997-11-13T02:23:35","version" => "1.10"},{"date" => "1997-11-16T16:16:12","version" => "1.1001"},{"date" => "1997-11-18T01:49:48","version" => "1.1002"},{"date" => "1997-11-26T02:32:07","version" => "1.1003"},{"date" => "1998-01-03T03:56:45","version" => "1.11"},{"date" => "1998-09-26T14:47:35","version" => "1.12"},{"date" => "1999-03-31T17:45:02","version" => "1.13"},{"date" => "2000-03-29T12:35:40","version" => "1.14"},{"date" => "2000-04-14T10:53:46","version" => "1.1401"},{"date" => "2000-09-04T14:01:06","version" => "1.15"},{"date" => "2001-08-08T09:13:27","version" => "1.16"},{"date" => "2001-08-24T18:19:52","version" => "1.40"},{"date" => "2001-11-14T10:36:58","version" => "1.41"},{"date" => "2001-12-10T18:28:08","version" => "1.42"},{"date" => "2002-02-08T09:41:37","version" => "1.43"},{"date" => "2002-03-23T09:36:15","version" => "1.44"},{"date" => "2002-05-23T08:17:57","version" => "1.45"},{"date" => "2002-05-29T13:09:54","version" => "1.46"},{"date" => "2002-07-05T10:03:43","version" => "1.47"},{"date" => "2002-08-07T21:07:03","version" => "1.48"},{"date" => "2002-08-28T06:38:30","version" => "1.49"},{"date" => "2002-09-03T22:35:45","version" => "1.50"},{"date" => "2002-10-29T13:24:48","version" => "1.51"},{"date" => "2002-11-29T12:50:47","version" => "1.52"},{"date" => "2002-12-09T16:47:38","version" => "1.53"},{"date" => "2003-01-06T07:02:35","version" => "1.54"},{"date" => "2003-01-06T07:07:36","version" => "1.55"},{"date" => "2003-01-06T16:16:54","version" => "1.56"},{"date" => "2003-01-14T08:49:45","version" => "1.57"},{"date" => "2003-01-14T13:45:20","version" => "1.58"},{"date" => "2003-08-13T06:16:07","version" => "1.59"},{"date" => "2003-09-24T07:21:11","version" => "1.60"},{"date" => "2004-03-10T09:55:12","version" => "1.61"},{"date" => "2004-03-24T12:32:28","version" => "1.62"},{"date" => "2004-08-16T15:30:07","version" => "1.63"},{"date" => "2004-08-17T20:26:08","version" => "1.64"},{"date" => "2004-11-24T15:05:58","version" => "1.65"},{"date" => "2005-01-20T09:18:51","version" => "1.66"},{"date" => "2005-03-31T10:07:53","version" => "1.67"},{"date" => "2006-01-05T09:33:09","version" => "1.68"},{"date" => "2006-01-05T10:19:56","version" => "1.70"},{"date" => "2006-01-05T10:22:10","version" => "1.71"},{"date" => "2006-01-17T08:11:53","version" => "1.72"},{"date" => "2006-01-21T08:58:00","version" => "1.73"},{"date" => "2006-02-28T07:44:59","version" => "1.74"},{"date" => "2007-04-10T07:27:15","version" => "1.76"},{"date" => "2007-05-11T12:17:49","version" => "1.77"},{"date" => "2007-06-20T12:42:21","version" => "2.00_01"},{"date" => "2007-07-21T10:31:51","version" => "2.00_02"},{"date" => "2007-09-25T10:30:00","version" => "2.00_03"},{"date" => "2007-11-28T09:50:07","version" => "2.01"},{"date" => "2007-11-30T09:00:20","version" => "2.02"},{"date" => "2008-04-14T09:14:48","version" => "2.03"},{"date" => "2008-07-29T09:46:50","version" => "2.04"},{"date" => "2009-12-18T22:01:23","version" => "2.05"},{"date" => "2010-01-26T09:04:49","version" => "2.06"},{"date" => "2010-10-01T10:39:38","version" => "2.07"},{"date" => "2011-06-01T11:56:43","version" => "2.08"},{"date" => "2012-02-25T13:51:23","version" => "2.09"},{"date" => "2012-08-28T08:28:08","version" => "2.10"},{"date" => "2012-08-29T07:13:34","version" => "2.11"},{"date" => "2012-12-21T11:27:10","version" => "2.12"},{"date" => "2014-01-05T18:36:21","version" => "2.13"},{"date" => "2014-11-21T16:15:46","version" => "2.14"},{"date" => "2016-04-18T12:11:57","version" => "2.15"},{"date" => "2016-04-18T16:00:17","version" => "2.16"},{"date" => "2016-05-11T15:27:31","version" => "2.17"},{"date" => "2016-05-18T21:54:30","version" => "2.18"},{"date" => "2017-08-22T11:37:34","version" => "2.19"},{"date" => "2018-01-23T12:52:56","version" => "2.20"},{"date" => "2019-05-21T14:28:18","version" => "2.21"},{"date" => "2024-11-18T10:23:29","version" => "2.22"}]},"MarpaX-ESLIF" => {"advisories" => [{"affected_versions" => [">=4.0.0,<6.0.23"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"},{"affected_versions" => [">=2.0.10,<4.0.0"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"},{"affected_versions" => [">=1.053,<2.0.10"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"}],"main_module" => "MarpaX::ESLIF","versions" => [{"date" => "2017-03-26T10:57:12","version" => "1.0.43"},{"date" => "2017-03-28T18:31:33","version" => "1.0.47"},{"date" => "2017-03-29T04:21:35","version" => "1.0.48"},{"date" => "2017-03-29T18:37:45","version" => "1.0.49"},{"date" => "2017-04-02T10:33:46","version" => "1.0.50"},{"date" => "2017-04-03T19:05:28","version" => "1.0.51"},{"date" => "2017-04-13T17:35:13","version" => "1.0.52"},{"date" => "2017-04-14T07:43:59","version" => "1.0.53"},{"date" => "2017-04-29T19:13:38","version" => "2.0.1"},{"date" => "2017-05-05T23:23:22","version" => "2.0.3"},{"date" => "2017-05-07T07:40:42","version" => "2.0.4"},{"date" => "2017-05-10T05:42:35","version" => "2.0.5"},{"date" => "2017-05-10T18:16:00","version" => "2.0.6"},{"date" => "2017-05-10T19:36:06","version" => "2.0.7"},{"date" => "2017-05-10T19:56:35","version" => "2.0.8"},{"date" => "2017-05-11T19:06:11","version" => "2.0.9"},{"date" => "2017-05-12T18:52:12","version" => "2.0.10"},{"date" => "2017-05-13T22:39:09","version" => "2.0.11"},{"date" => "2017-05-31T17:51:29","version" => "2.0.12"},{"date" => "2017-05-31T19:34:51","version" => "2.0.13"},{"date" => "2017-06-27T05:59:02","version" => "2.0.14"},{"date" => "2017-08-14T05:56:46","version" => "2.0.15"},{"date" => "2017-08-14T19:28:19","version" => "2.0.16"},{"date" => "2017-10-20T19:44:53","version" => "2.0.17"},{"date" => "2017-10-25T03:57:11","version" => "2.0.18"},{"date" => "2017-10-25T04:49:24","version" => "2.0.19"},{"date" => "2017-10-28T05:10:19","version" => "2.0.20"},{"date" => "2017-10-29T19:48:03","version" => "2.0.21"},{"date" => "2017-10-30T03:49:16","version" => "2.0.22"},{"date" => "2017-11-04T07:23:55","version" => "2.0.23"},{"date" => "2017-12-27T15:06:03","version" => "2.0.30"},{"date" => "2017-12-31T19:08:47","version" => "2.0.31"},{"date" => "2018-01-19T04:10:03","version" => "2.0.32"},{"date" => "2018-01-25T16:13:07","version" => "2.0.33"},{"date" => "2018-01-30T06:38:42","version" => "2.0.34"},{"date" => "2018-02-21T07:14:12","version" => "2.0.36"},{"date" => "2018-02-25T11:50:02","version" => "2.0.37"},{"date" => "2018-02-25T11:59:32","version" => "2.0.38"},{"date" => "2018-03-12T18:34:09","version" => "2.0.39"},{"date" => "2018-03-13T18:06:17","version" => "2.0.40"},{"date" => "2018-03-15T04:09:56","version" => "2.0.41"},{"date" => "2018-03-21T06:39:42","version" => "2.0.42"},{"date" => "2018-04-04T05:39:12","version" => "2.0.43"},{"date" => "2019-04-07T10:41:47","version" => "3.0.1"},{"date" => "2019-04-07T14:13:23","version" => "3.0.2"},{"date" => "2019-04-07T17:44:04","version" => "3.0.3"},{"date" => "2019-04-10T05:00:51","version" => "3.0.4"},{"date" => "2019-04-11T04:06:12","version" => "3.0.5"},{"date" => "2019-04-11T17:28:27","version" => "3.0.6"},{"date" => "2019-04-13T14:07:12","version" => "3.0.7"},{"date" => "2019-04-14T11:09:19","version" => "3.0.8"},{"date" => "2019-04-18T05:23:29","version" => "3.0.9"},{"date" => "2019-05-12T05:55:11","version" => "3.0.10"},{"date" => "2019-06-09T13:40:40","version" => "3.0.11"},{"date" => "2019-06-13T19:54:54","version" => "3.0.12"},{"date" => "2019-07-21T04:54:47","version" => "3.0.13"},{"date" => "2019-07-22T04:57:08","version" => "3.0.14"},{"date" => "2019-08-03T04:52:02","version" => "3.0.15"},{"date" => "2019-08-04T08:28:03","version" => "3.0.16"},{"date" => "2019-08-08T04:53:38","version" => "3.0.17"},{"date" => "2019-08-28T05:42:34","version" => "3.0.18"},{"date" => "2019-10-13T08:57:33","version" => "3.0.19"},{"date" => "2019-11-17T17:16:55","version" => "3.0.27"},{"date" => "2019-11-17T18:55:54","version" => "3.0.28"},{"date" => "2019-11-21T05:15:21","version" => "3.0.29"},{"date" => "2020-02-22T09:35:43","version" => "3.0.30"},{"date" => "2020-03-02T06:30:41","version" => "3.0.31"},{"date" => "2020-03-03T05:55:13","version" => "3.0.32"},{"date" => "2020-08-14T04:24:47","version" => "4.0.1"},{"date" => "2021-02-09T17:59:43","version" => "5.0.2"},{"date" => "2021-02-10T04:34:01","version" => "5.0.3"},{"date" => "2021-02-10T19:53:29","version" => "5.0.4"},{"date" => "2021-02-11T07:57:27","version" => "5.0.5"},{"date" => "2021-02-13T13:28:54","version" => "5.0.6"},{"date" => "2021-02-14T15:08:27","version" => "5.0.7"},{"date" => "2021-12-05T11:06:06","version" => "6.0.1"},{"date" => "2021-12-12T15:19:09","version" => "6.0.2"},{"date" => "2021-12-13T01:55:29","version" => "6.0.3"},{"date" => "2021-12-13T03:36:47","version" => "6.0.4"},{"date" => "2021-12-15T07:27:24","version" => "6.0.5"},{"date" => "2021-12-22T06:41:38","version" => "6.0.6"},{"date" => "2021-12-23T05:42:39","version" => "6.0.7"},{"date" => "2021-12-24T06:34:17","version" => "6.0.8"},{"date" => "2022-01-01T08:41:06","version" => "6.0.9"},{"date" => "2022-01-02T06:02:38","version" => "6.0.10"},{"date" => "2022-01-10T05:16:06","version" => "6.0.11"},{"date" => "2022-01-17T08:02:35","version" => "6.0.12"},{"date" => "2022-01-18T06:17:30","version" => "6.0.13"},{"date" => "2022-02-25T08:38:59","version" => "6.0.14"},{"date" => "2022-03-06T13:53:19","version" => "6.0.15"},{"date" => "2022-03-29T05:40:00","version" => "6.0.16"},{"date" => "2022-05-01T08:08:14","version" => "6.0.17"},{"date" => "2022-05-02T05:46:40","version" => "6.0.18"},{"date" => "2022-05-04T04:41:47","version" => "6.0.19"},{"date" => "2022-05-10T04:49:43","version" => "6.0.20"},{"date" => "2022-05-15T06:21:08","version" => "6.0.21"},{"date" => "2022-05-20T06:08:02","version" => "6.0.22"},{"date" => "2022-06-15T07:10:22","version" => "6.0.23"},{"date" => "2022-06-16T04:18:25","version" => "6.0.24"},{"date" => "2022-08-05T07:14:05","version" => "6.0.25"},{"date" => "2022-09-15T05:20:07","version" => "6.0.26"},{"date" => "2022-09-25T09:36:30","version" => "6.0.27"},{"date" => "2023-01-08T19:11:51","version" => "6.0.28"},{"date" => "2023-01-14T16:31:10","version" => "6.0.29"},{"date" => "2023-02-14T06:31:07","version" => "6.0.30"},{"date" => "2023-02-14T07:31:33","version" => "6.0.31"},{"date" => "2024-02-20T07:12:44","version" => "6.0.33"},{"date" => "2024-02-22T02:15:03","version" => "6.0.33.1"},{"date" => "2024-02-22T07:23:31","version" => "6.0.33.2"},{"date" => "2024-02-23T00:35:01","version" => "6.0.33.3"},{"date" => "2024-03-01T06:11:32","version" => "6.0.33.4"},{"date" => "2024-04-16T04:53:42","version" => "6.0.35.1"}]},"Maypole" => {"advisories" => [{"affected_versions" => [">=2.10"],"cves" => ["CVE-2025-15578"],"description" => "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.","distribution" => "Maypole","fixed_versions" => [],"id" => "CPANSA-Maypole-2025-15578","references" => ["https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Maypole","versions" => [{"date" => "2004-02-11T17:41:55","version" => "1.0"},{"date" => "2004-02-25T10:32:37","version" => "1.1"},{"date" => "2004-03-25T12:42:17","version" => "1.2"},{"date" => "2004-03-26T19:19:58","version" => "1.3"},{"date" => "2004-04-16T17:18:54","version" => "1.4"},{"date" => "2004-06-21T13:43:06","version" => "1.5"},{"date" => "2004-07-16T22:54:54","version" => "1.6"},{"date" => "2004-07-17T19:17:16","version" => "1.7"},{"date" => "2004-10-18T08:10:24","version" => "1.99_01"},{"date" => "2004-10-23T19:10:22","version" => "2.0"},{"date" => "2004-10-24T13:04:49","version" => "2.01"},{"date" => "2004-10-25T12:10:08","version" => "2.02"},{"date" => "2004-10-26T14:17:44","version" => "2.03"},{"date" => "2004-10-28T13:53:40","version" => "2.04"},{"date" => "2004-12-24T04:01:58","version" => "2.05"},{"date" => "2004-12-29T01:41:17","version" => "2.06"},{"date" => "2005-01-24T20:48:15","version" => "2.08"},{"date" => "2005-01-25T23:04:10","version" => "2.09"},{"date" => "2005-07-05T18:37:34","version" => "2.10_pre1"},{"date" => "2005-07-08T19:16:47","version" => "2.10_pre2"},{"date" => "2005-07-08T19:23:54","version" => "2.10_pre2a"},{"date" => "2005-07-12T20:29:09","version" => "2.10_pre3"},{"date" => "2005-07-19T18:29:26","version" => "2.10"},{"date" => "2006-04-14T09:53:11","version" => "2.11_pre1"},{"date" => "2006-04-25T13:31:05","version" => "2.11_pre2"},{"date" => "2006-05-03T15:10:36","version" => "2.11_pre3"},{"date" => "2006-07-17T10:20:10","version" => "2.11_pre4"},{"date" => "2006-07-20T12:14:28","version" => "2.11_pre5"},{"date" => "2006-07-31T19:06:36","version" => "2.11"},{"date" => "2007-06-02T15:03:39","version" => "2.111"},{"date" => "2007-06-22T11:40:46","version" => "2.12"},{"date" => "2007-08-29T13:00:02","version" => "2.121"},{"date" => "2008-04-18T10:27:38","version" => "2.13"}]},"Mite" => {"advisories" => [{"affected_versions" => ["<0.013000"],"cves" => ["CVE-2025-30672"],"description" => "Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the \@INC path similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be  loaded instead of the intended file, potentially leading to arbitrary  code execution.  This affects the Mite distribution itself, and other distributions that contain code generated by Mite.","distribution" => "Mite","fixed_versions" => [">=0.013000"],"id" => "CPANSA-Mite-2025-30672","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/release/TOBYINK/Mite-0.013000/changes","https://perldoc.perl.org/perlrun#PERL_USE_UNSAFE_INC","https://wiki.gentoo.org/wiki/Project:Perl/Dot-In-INC-Removal"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Mite","versions" => [{"date" => "2014-07-29T21:10:24","version" => "v0.0.1"},{"date" => "2022-06-21T17:04:26","version" => "v0.0.2"},{"date" => "2022-06-21T20:35:06","version" => "v0.0.3"},{"date" => "2022-06-22T01:18:18","version" => "v0.0.4"},{"date" => "2022-06-22T12:41:26","version" => "v0.0.5"},{"date" => "2022-06-23T13:34:32","version" => "v0.0.6"},{"date" => "2022-06-23T19:39:49","version" => "v0.0.7"},{"date" => "2022-06-24T12:23:18","version" => "v0.0.8"},{"date" => "2022-06-28T12:54:37","version" => "v0.0.9"},{"date" => "2022-06-28T16:33:12","version" => "0.001000"},{"date" => "2022-06-28T23:23:27","version" => "0.001001"},{"date" => "2022-06-29T00:14:33","version" => "0.001002"},{"date" => "2022-06-29T00:23:14","version" => "0.001003"},{"date" => "2022-06-29T09:48:18","version" => "0.001004"},{"date" => "2022-06-29T10:47:18","version" => "0.001005"},{"date" => "2022-06-29T13:26:40","version" => "0.001006"},{"date" => "2022-06-29T15:01:20","version" => "0.001007"},{"date" => "2022-06-29T17:18:46","version" => "0.001008"},{"date" => "2022-06-29T17:24:52","version" => "0.001009"},{"date" => "2022-06-29T22:02:50","version" => "0.001010"},{"date" => "2022-06-29T23:15:21","version" => "0.001011"},{"date" => "2022-06-30T13:09:55","version" => "0.001012"},{"date" => "2022-06-30T20:52:53","version" => "0.001013"},{"date" => "2022-07-01T16:08:26","version" => "0.002000"},{"date" => "2022-07-01T17:12:53","version" => "0.002001"},{"date" => "2022-07-01T20:55:40","version" => "0.002002"},{"date" => "2022-07-02T19:31:17","version" => "0.002003"},{"date" => "2022-07-02T23:37:00","version" => "0.002004"},{"date" => "2022-07-03T08:50:07","version" => "0.003000"},{"date" => "2022-07-03T11:21:56","version" => "0.003001"},{"date" => "2022-07-04T20:27:47","version" => "0.004000"},{"date" => "2022-07-05T18:08:58","version" => "0.005000"},{"date" => "2022-07-06T13:32:59","version" => "0.005001"},{"date" => "2022-07-07T08:21:36","version" => "0.005002"},{"date" => "2022-07-08T12:14:54","version" => "0.005003"},{"date" => "2022-07-08T21:28:24","version" => "0.005004"},{"date" => "2022-07-09T16:14:35","version" => "0.006000"},{"date" => "2022-07-09T18:08:05","version" => "0.006001"},{"date" => "2022-07-10T10:32:50","version" => "0.006002"},{"date" => "2022-07-10T10:36:37","version" => "0.006003"},{"date" => "2022-07-10T11:56:49","version" => "0.006004"},{"date" => "2022-07-10T16:37:45","version" => "0.006005"},{"date" => "2022-07-10T19:55:04","version" => "0.006006"},{"date" => "2022-07-11T08:10:46","version" => "0.006007"},{"date" => "2022-07-11T13:14:24","version" => "0.006008"},{"date" => "2022-07-11T20:17:03","version" => "0.006009"},{"date" => "2022-07-12T12:19:49","version" => "0.006010"},{"date" => "2022-07-12T13:45:58","version" => "0.006011"},{"date" => "2022-07-13T12:26:42","version" => "0.006012"},{"date" => "2022-07-14T20:44:28","version" => "0.006013"},{"date" => "2022-07-16T23:12:32","version" => "0.007000"},{"date" => "2022-07-17T08:15:25","version" => "0.007001"},{"date" => "2022-07-17T08:57:45","version" => "0.007002"},{"date" => "2022-07-17T11:24:15","version" => "0.007003"},{"date" => "2022-07-20T09:23:13","version" => "0.007004"},{"date" => "2022-07-21T13:07:18","version" => "0.007005"},{"date" => "2022-07-21T20:44:59","version" => "0.007006"},{"date" => "2022-08-01T16:50:24","version" => "0.008000"},{"date" => "2022-08-03T14:18:10","version" => "0.008001"},{"date" => "2022-08-03T16:55:42","version" => "0.008002"},{"date" => "2022-08-04T23:53:31","version" => "0.008003"},{"date" => "2022-08-07T16:16:40","version" => "0.009000"},{"date" => "2022-08-08T12:49:01","version" => "0.009001"},{"date" => "2022-08-08T16:16:56","version" => "0.009002"},{"date" => "2022-08-08T18:19:51","version" => "0.009003"},{"date" => "2022-08-09T18:41:15","version" => "0.010000"},{"date" => "2022-08-09T21:40:29","version" => "0.010001"},{"date" => "2022-08-12T10:21:24","version" => "0.010002"},{"date" => "2022-08-12T15:46:11","version" => "0.010003"},{"date" => "2022-08-13T08:14:34","version" => "0.010004"},{"date" => "2022-08-13T13:06:05","version" => "0.010005"},{"date" => "2022-08-14T13:54:50","version" => "0.010006"},{"date" => "2022-08-14T14:03:09","version" => "0.010007"},{"date" => "2022-08-15T14:16:11","version" => "0.010008"},{"date" => "2022-11-09T15:20:39","version" => "0.011000"},{"date" => "2022-12-12T20:44:49","version" => "0.012000"},{"date" => "2025-03-31T10:59:29","version" => "0.013000"}]},"Module-Load-Conditional" => {"advisories" => [{"affected_versions" => ["<0.66"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Module-Load-Conditional","fixed_versions" => [">=0.66"],"id" => "CPANSA-Module-Load-Conditional-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Module::Load::Conditional","versions" => [{"date" => "2003-05-10T16:59:45","version" => "0.02"},{"date" => "2003-05-31T12:30:25","version" => "0.03"},{"date" => "2003-10-05T15:11:11","version" => "0.04"},{"date" => "2004-05-22T14:34:33","version" => "0.05"},{"date" => "2004-12-03T15:53:27","version" => "0.06"},{"date" => "2005-01-13T18:59:45","version" => "0.07"},{"date" => "2005-01-14T17:32:34","version" => "0.08"},{"date" => "2006-08-01T20:05:30","version" => "0.10"},{"date" => "2006-08-13T13:08:40","version" => "0.12"},{"date" => "2007-01-03T17:38:46","version" => "0.14"},{"date" => "2007-01-25T21:40:29","version" => "0.16"},{"date" => "2007-09-15T14:20:27","version" => "0.18"},{"date" => "2007-10-03T15:27:25","version" => "0.20"},{"date" => "2007-10-15T08:19:21","version" => "0.22"},{"date" => "2008-01-02T15:57:46","version" => "0.24"},{"date" => "2008-02-29T16:01:59","version" => "0.26"},{"date" => "2008-12-17T12:56:57","version" => "0.28"},{"date" => "2009-01-19T15:56:22","version" => "0.30"},{"date" => "2009-10-23T09:16:58","version" => "0.31_01"},{"date" => "2009-10-23T20:58:24","version" => "0.32"},{"date" => "2009-10-29T09:27:23","version" => "0.34"},{"date" => "2010-02-09T14:20:49","version" => "0.36"},{"date" => "2010-04-23T15:03:33","version" => "0.38"},{"date" => "2011-01-07T22:28:54","version" => "0.40"},{"date" => "2011-02-09T15:29:28","version" => "0.42"},{"date" => "2011-02-09T21:54:40","version" => "0.44"},{"date" => "2011-09-07T23:02:16","version" => "0.46"},{"date" => "2012-03-15T13:58:36","version" => "0.48"},{"date" => "2012-04-27T21:29:11","version" => "0.50"},{"date" => "2012-07-29T09:13:49","version" => "0.52"},{"date" => "2012-08-12T08:13:47","version" => "0.54"},{"date" => "2013-08-29T20:32:38","version" => "0.56"},{"date" => "2013-09-01T10:25:33","version" => "0.58"},{"date" => "2014-01-16T12:31:47","version" => "0.60"},{"date" => "2014-01-24T15:55:28","version" => "0.62"},{"date" => "2015-01-17T13:36:11","version" => "0.64"},{"date" => "2016-07-27T07:37:34","version" => "0.66"},{"date" => "2016-07-29T07:05:40","version" => "0.68"},{"date" => "2019-11-10T14:37:30","version" => "0.70"},{"date" => "2020-06-25T07:23:00","version" => "0.72"},{"date" => "2020-08-21T08:09:10","version" => "0.74"}]},"Module-Metadata" => {"advisories" => [{"affected_versions" => ["<1.000015"],"cves" => ["CVE-2013-1437"],"description" => "Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the \$Version value.\n","distribution" => "Module-Metadata","fixed_versions" => [">=1.000015"],"id" => "CPANSA-Module-Metadata-2013-1437","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html","https://metacpan.org/changes/distribution/Module-Metadata","http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html"],"reported" => "2020-01-28","reviewed_by" => [{"date" => "2022-07-11","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => "critical"}],"main_module" => "Module::Metadata","versions" => [{"date" => "2010-07-06T21:16:54","version" => "1.000000"},{"date" => "2010-07-08T23:56:47","version" => "1.000001"},{"date" => "2010-12-10T17:07:09","version" => "1.000002"},{"date" => "2011-01-07T02:35:06","version" => "1.000003"},{"date" => "2011-02-03T07:55:40","version" => "1.000004"},{"date" => "2011-08-03T01:41:05","version" => "1.000005"},{"date" => "2011-08-29T19:48:33","version" => "1.000006"},{"date" => "2011-09-07T16:01:55","version" => "1.000007"},{"date" => "2012-02-08T03:31:54","version" => "1.000008"},{"date" => "2012-02-08T17:34:49","version" => "1.000009"},{"date" => "2012-07-29T19:21:55","version" => "1.000010"},{"date" => "2012-08-16T00:07:05","version" => "1.000010_001"},{"date" => "2012-08-16T00:15:02","version" => "1.000010_002"},{"date" => "2012-08-16T04:54:55","version" => "1.000010_003"},{"date" => "2012-08-16T19:57:31","version" => "1.000011"},{"date" => "2013-05-05T04:59:03","version" => "1.000012"},{"date" => "2013-05-08T23:00:33","version" => "1.000013"},{"date" => "2013-05-09T09:02:22","version" => "1.000014"},{"date" => "2013-08-21T15:46:56","version" => "1.000015"},{"date" => "2013-08-22T05:59:11","version" => "1.000016"},{"date" => "2013-09-11T01:06:02","version" => "1.000017"},{"date" => "2013-09-11T16:28:24","version" => "1.000018"},{"date" => "2013-10-06T16:50:13","version" => "1.000019"},{"date" => "2014-04-27T20:57:08","version" => "1.000020"},{"date" => "2014-04-29T18:29:51","version" => "1.000021"},{"date" => "2014-04-29T22:06:21","version" => "1.000022"},{"date" => "2014-06-02T02:39:20","version" => "1.000023"},{"date" => "2014-06-03T01:54:30","version" => "1.000024"},{"date" => "2015-01-04T18:57:40","version" => "1.000025"},{"date" => "2015-01-17T19:23:52","version" => "1.000026"},{"date" => "2015-04-11T00:23:53","version" => "1.000027"},{"date" => "2015-09-11T04:25:25","version" => "1.000028"},{"date" => "2015-09-11T16:26:57","version" => "1.000029"},{"date" => "2015-11-20T03:05:34","version" => "1.000030"},{"date" => "2015-11-24T03:59:40","version" => "1.000031"},{"date" => "2016-04-23T22:38:13","version" => "1.000032"},{"date" => "2016-07-24T23:34:48","version" => "1.000033"},{"date" => "2018-07-19T20:31:14","version" => "1.000034"},{"date" => "2019-04-18T02:44:48","version" => "1.000035"},{"date" => "2019-04-18T18:27:14","version" => "1.000036"},{"date" => "2019-09-07T18:34:09","version" => "1.000037"},{"date" => "2023-04-28T11:27:07","version" => "1.000038"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "1.000005_01"}]},"Module-Provision" => {"advisories" => [{"affected_versions" => ["<0.42.1"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Module-Provision","fixed_versions" => [">=0.42.1"],"id" => "CPANSA-Module-Provision-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Module::Provision","versions" => [{"date" => "2013-04-14T19:20:34","version" => "v0.3.43"},{"date" => "2013-04-15T12:46:30","version" => "v0.3.44"},{"date" => "2013-04-15T17:33:39","version" => "v0.3.45"},{"date" => "2013-04-21T16:14:43","version" => "v0.4.47"},{"date" => "2013-04-22T15:09:36","version" => "v0.4.51"},{"date" => "2013-04-24T04:13:42","version" => "v0.6.59"},{"date" => "2013-04-24T23:34:41","version" => "v0.7.4"},{"date" => "2013-04-27T01:18:07","version" => "v0.7.6"},{"date" => "2013-04-27T11:36:59","version" => "v0.7.7"},{"date" => "2013-04-30T22:32:47","version" => "v0.8.3"},{"date" => "2013-05-02T18:45:43","version" => "v0.9.5"},{"date" => "2013-05-04T00:14:46","version" => "v0.10.1"},{"date" => "2013-05-04T20:22:41","version" => "v0.11.1"},{"date" => "2013-05-06T15:08:18","version" => "v0.12.1"},{"date" => "2013-05-08T15:51:41","version" => "v0.12.3"},{"date" => "2013-05-09T23:42:20","version" => "v0.12.5"},{"date" => "2013-05-10T19:29:24","version" => "v0.12.6"},{"date" => "2013-05-11T02:15:00","version" => "v0.13.1"},{"date" => "2013-05-11T13:59:50","version" => "v0.14.2"},{"date" => "2013-05-12T18:03:55","version" => "v0.15.3"},{"date" => "2013-05-14T12:49:37","version" => "v0.15.5"},{"date" => "2013-05-15T17:55:40","version" => "v0.15.6"},{"date" => "2013-05-15T20:59:19","version" => "v0.15.7"},{"date" => "2013-05-16T23:02:48","version" => "v0.15.8"},{"date" => "2013-05-19T12:59:15","version" => "v0.15.9"},{"date" => "2013-06-08T17:12:50","version" => "v0.16.1"},{"date" => "2013-07-28T18:42:27","version" => "v0.17.16"},{"date" => "2013-07-29T16:10:28","version" => "v0.17.17"},{"date" => "2013-07-29T23:51:34","version" => "v0.17.18"},{"date" => "2013-07-30T13:06:37","version" => "v0.17.19"},{"date" => "2013-08-07T17:56:55","version" => "v0.18.0"},{"date" => "2013-08-07T17:58:22","version" => "v0.18.1"},{"date" => "2013-08-08T13:39:44","version" => "v0.18.2"},{"date" => "2013-08-10T08:51:08","version" => "v0.18.3"},{"date" => "2013-08-10T21:18:54","version" => "v0.18.4"},{"date" => "2013-08-17T15:47:30","version" => "0.20.1"},{"date" => "2013-08-21T12:36:06","version" => "0.21.1"},{"date" => "2013-08-21T12:56:35","version" => "0.22.1"},{"date" => "2013-09-14T09:38:12","version" => "0.23.1"},{"date" => "2013-09-16T20:23:50","version" => "0.24.1"},{"date" => "2013-11-23T13:38:55","version" => "0.25.1"},{"date" => "2013-11-25T21:30:21","version" => "0.26.1"},{"date" => "2013-12-11T17:25:32","version" => "0.27.1"},{"date" => "2013-12-12T14:23:50","version" => "0.28.1"},{"date" => "2013-12-12T21:54:50","version" => "0.29.1"},{"date" => "2014-01-24T21:05:50","version" => "0.31.2"},{"date" => "2014-05-01T14:42:10","version" => "0.32.1"},{"date" => "2014-05-15T20:55:59","version" => "0.33.1"},{"date" => "2014-05-19T11:47:05","version" => "0.34.1"},{"date" => "2014-10-28T13:51:21","version" => "0.36.1"},{"date" => "2015-02-11T17:52:30","version" => "0.38.1"},{"date" => "2015-02-11T19:03:04","version" => "0.39.1"},{"date" => "2015-06-08T21:47:29","version" => "0.40.1"},{"date" => "2016-04-04T12:15:12","version" => "0.41.1"},{"date" => "2017-05-08T19:30:17","version" => "0.42.1"}]},"Module-ScanDeps" => {"advisories" => [{"affected_versions" => ["<1.36"],"cves" => ["CVE-2024-10224"],"description" => "Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a \"pesky pipe\" (such as passing \"commands|\" as a filename) or by passing arbitrary strings to eval().\n","distribution" => "Module-ScanDeps","fixed_versions" => [">=1.36"],"id" => "CPANSA-Module-ScanDeps-2024-10224","references" => ["https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529","https://www.cve.org/CVERecord?id=CVE-2024-10224","https://www.qualys.com/2024/11/19/needrestart/needrestart.txt","https://lists.debian.org/debian-lts-announce/2024/11/msg00015.html","https://ubuntu.com/security/CVE-2024-10224"],"reported" => "2024-11-19","severity" => undef}],"main_module" => "Module::ScanDeps","versions" => [{"date" => "2002-11-02T02:07:07","version" => "0.01"},{"date" => "2002-11-02T15:56:27","version" => "0.02"},{"date" => "2002-11-03T19:51:24","version" => "0.03"},{"date" => "2002-11-04T12:01:46","version" => "0.10"},{"date" => "2003-01-18T19:35:58","version" => "0.12"},{"date" => "2003-01-18T21:08:58","version" => "0.13"},{"date" => "2003-01-19T15:48:47","version" => "0.14"},{"date" => "2003-02-25T03:23:37","version" => "0.17"},{"date" => "2003-03-20T11:59:13","version" => "0.18"},{"date" => "2003-03-22T13:20:27","version" => "0.19"},{"date" => "2003-07-30T14:59:45","version" => "0.20"},{"date" => "2003-07-30T15:18:11","version" => "0.21"},{"date" => "2003-08-07T18:41:51","version" => "0.22"},{"date" => "2003-08-08T10:19:27","version" => "0.23"},{"date" => "2003-08-10T05:43:06","version" => "0.24"},{"date" => "2003-08-10T15:46:55","version" => "0.25"},{"date" => "2003-08-16T04:48:20","version" => "0.27"},{"date" => "2003-08-17T19:03:59","version" => "0.28"},{"date" => "2003-09-17T09:18:20","version" => "0.29"},{"date" => "2003-09-20T20:36:32","version" => "0.30"},{"date" => "2003-10-17T22:37:35","version" => "0.31"},{"date" => "2003-10-26T10:53:58","version" => "0.32"},{"date" => "2003-12-21T01:21:51","version" => "0.33"},{"date" => "2003-12-30T02:36:30","version" => "0.34"},{"date" => "2003-12-31T12:02:59","version" => "0.35"},{"date" => "2003-12-31T15:33:07","version" => "0.37"},{"date" => "2004-01-08T11:38:10","version" => "0.38"},{"date" => "2004-01-25T16:28:12","version" => "0.39"},{"date" => "2004-02-23T21:14:41","version" => "0.40"},{"date" => "2004-04-18T16:05:29","version" => "0.41"},{"date" => "2004-04-30T20:02:44","version" => "0.42"},{"date" => "2004-06-02T18:05:32","version" => "0.43"},{"date" => "2004-06-08T19:06:29","version" => "0.44"},{"date" => "2004-06-30T08:03:18","version" => "0.45"},{"date" => "2004-07-02T10:35:16","version" => "0.46"},{"date" => "2004-08-30T22:13:57","version" => "0.47"},{"date" => "2004-09-06T20:56:31","version" => "0.48"},{"date" => "2004-09-26T17:45:11","version" => "0.49"},{"date" => "2004-10-03T17:31:23","version" => "0.50"},{"date" => "2005-01-07T20:57:46","version" => "0.51"},{"date" => "2005-12-12T12:05:41","version" => "0.52"},{"date" => "2006-01-09T18:07:40","version" => "0.53"},{"date" => "2006-01-11T03:19:40","version" => "0.54"},{"date" => "2006-02-17T16:39:23","version" => "0.55"},{"date" => "2006-02-20T15:38:03","version" => "0.56"},{"date" => "2006-03-03T19:30:56","version" => "0.57"},{"date" => "2006-04-16T14:54:53","version" => "0.58"},{"date" => "2006-05-03T09:13:49","version" => "0.59"},{"date" => "2006-05-23T15:29:09","version" => "0.60"},{"date" => "2006-06-30T19:12:26","version" => "0.61"},{"date" => "2006-07-16T09:25:37","version" => "0.62"},{"date" => "2006-08-27T17:26:32","version" => "0.63"},{"date" => "2006-09-23T07:46:41","version" => "0.64"},{"date" => "2006-09-24T07:59:07","version" => "0.64"},{"date" => "2006-09-24T09:03:21","version" => "0.66"},{"date" => "2006-10-24T16:12:59","version" => "0.67"},{"date" => "2006-10-25T19:08:27","version" => "0.68"},{"date" => "2006-11-07T18:16:07","version" => "0.69"},{"date" => "2006-11-21T11:00:52","version" => "0.70"},{"date" => "2007-01-04T19:28:34","version" => "0.71"},{"date" => "2007-02-03T10:40:10","version" => "0.72"},{"date" => "2007-03-25T18:35:04","version" => "0.73"},{"date" => "2007-04-14T09:17:51","version" => "0.73_01"},{"date" => "2007-04-30T18:45:05","version" => "0.74"},{"date" => "2007-06-24T17:25:22","version" => "0.75"},{"date" => "2007-07-21T15:40:54","version" => "0.76"},{"date" => "2007-09-20T17:42:07","version" => "0.77"},{"date" => "2007-11-17T04:18:23","version" => "0.78"},{"date" => "2007-11-30T21:08:01","version" => "0.80"},{"date" => "2007-12-07T13:24:35","version" => "0.81"},{"date" => "2008-01-28T16:33:27","version" => "0.82"},{"date" => "2008-03-22T23:35:16","version" => "0.83"},{"date" => "2008-05-13T14:39:03","version" => "0.84"},{"date" => "2008-10-23T13:17:33","version" => "0.86"},{"date" => "2008-10-28T13:10:35","version" => "0.87"},{"date" => "2008-11-02T16:06:00","version" => "0.83"},{"date" => "2008-11-03T21:38:03","version" => "0.83"},{"date" => "2009-05-09T09:09:37","version" => "0.90"},{"date" => "2009-06-22T20:07:07","version" => "0.91"},{"date" => "2009-07-19T08:55:54","version" => "0.92"},{"date" => "2009-07-19T09:51:33","version" => "0.93"},{"date" => "2009-08-10T18:32:02","version" => "0.94"},{"date" => "2009-09-16T09:14:53","version" => "0.95"},{"date" => "2009-11-13T10:36:02","version" => "0.96"},{"date" => "2010-04-10T15:20:47","version" => "0.97"},{"date" => "2010-07-26T19:24:02","version" => "0.98"},{"date" => "2011-02-19T16:00:01","version" => "1.00"},{"date" => "2011-03-26T12:51:17","version" => "1.01"},{"date" => "2011-04-03T19:59:22","version" => "1.02"},{"date" => "2011-07-18T21:29:19","version" => "1.03"},{"date" => "2011-07-21T09:09:46","version" => "1.04"},{"date" => "2011-11-02T18:31:39","version" => "1.05"},{"date" => "2011-11-28T15:50:49","version" => "1.06"},{"date" => "2011-11-29T18:02:00","version" => "1.07"},{"date" => "2012-02-21T16:07:41","version" => "1.08"},{"date" => "2012-09-09T11:14:11","version" => "1.09"},{"date" => "2012-10-20T14:15:34","version" => "1.10"},{"date" => "2013-09-28T10:27:58","version" => "1.11"},{"date" => "2013-12-01T14:49:13","version" => "1.12"},{"date" => "2013-12-21T12:07:54","version" => "1.13"},{"date" => "2014-08-03T11:34:45","version" => "1.14"},{"date" => "2014-08-23T15:39:26","version" => "1.15"},{"date" => "2014-09-28T16:17:32","version" => "1.16"},{"date" => "2014-10-31T11:13:34","version" => "1.17"},{"date" => "2015-01-19T21:56:34","version" => "1.18"},{"date" => "2015-05-27T08:53:42","version" => "1.19"},{"date" => "2015-10-04T13:18:36","version" => "1.20"},{"date" => "2016-04-05T10:11:15","version" => "1.21"},{"date" => "2016-09-17T20:57:48","version" => "1.22"},{"date" => "2016-11-16T19:46:41","version" => "1.23"},{"date" => "2017-06-28T17:13:27","version" => "1.24"},{"date" => "2018-08-17T22:21:56","version" => "1.25"},{"date" => "2018-12-12T17:38:39","version" => "1.26"},{"date" => "2018-12-13T17:16:52","version" => "1.26_001"},{"date" => "2019-01-15T20:08:40","version" => "1.27"},{"date" => "2020-08-06T08:02:24","version" => "1.28"},{"date" => "2020-08-16T12:35:20","version" => "1.29"},{"date" => "2021-01-13T15:02:27","version" => "1.30"},{"date" => "2021-04-21T14:17:01","version" => "1.31"},{"date" => "2023-06-14T09:30:00","version" => "1.31_001"},{"date" => "2023-06-15T11:55:12","version" => "1.31_002"},{"date" => "2023-06-16T09:04:27","version" => "1.31_003"},{"date" => "2023-06-18T10:34:43","version" => "1.31_004"},{"date" => "2023-07-05T15:58:09","version" => "1.32"},{"date" => "2023-08-04T15:50:23","version" => "1.33"},{"date" => "2023-09-24T15:21:05","version" => "1.34"},{"date" => "2023-11-05T12:46:38","version" => "1.35"},{"date" => "2024-11-19T16:12:58","version" => "1.37"}]},"Module-Signature" => {"advisories" => [{"affected_versions" => ["<0.72"],"cves" => ["CVE-2013-2145"],"description" => "The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a \"special unknown cipher\" that references an untrusted module in Digest/.\n","distribution" => "Module-Signature","fixed_versions" => [">=0.72"],"id" => "CPANSA-Module-Signature-2013-01","references" => ["https://metacpan.org/changes/distribution/Module-Signature"],"reported" => "2013-08-19"}],"main_module" => "Module::Signature","versions" => [{"date" => "2002-08-13T14:04:00","version" => "0.02"},{"date" => "2002-08-13T15:48:18","version" => "0.03"},{"date" => "2002-08-14T08:03:45","version" => "0.04"},{"date" => "2002-08-14T09:28:41","version" => "0.05"},{"date" => "2002-10-10T15:22:33","version" => "0.06"},{"date" => "2002-10-11T04:16:01","version" => "0.07"},{"date" => "2002-10-11T19:32:19","version" => "0.08"},{"date" => "2002-10-12T10:33:29","version" => "0.09"},{"date" => "2002-10-12T11:10:21","version" => "0.10"},{"date" => "2002-10-12T19:23:48","version" => "0.11"},{"date" => "2002-10-12T22:55:54","version" => "0.12"},{"date" => "2002-10-13T05:22:45","version" => "0.13"},{"date" => "2002-10-17T06:14:07","version" => "0.14"},{"date" => "2002-10-17T22:01:57","version" => "0.15"},{"date" => "2002-10-28T23:37:00","version" => "0.16"},{"date" => "2002-10-30T07:05:06","version" => "0.17"},{"date" => "2002-11-04T15:08:41","version" => "0.18"},{"date" => "2002-11-04T15:13:45","version" => "0.19"},{"date" => "2002-11-04T15:24:41","version" => "0.20"},{"date" => "2002-11-22T10:28:48","version" => "0.21"},{"date" => "2003-05-15T18:44:28","version" => "0.23"},{"date" => "2003-07-08T02:49:57","version" => "0.24"},{"date" => "2003-07-16T06:31:58","version" => "0.25"},{"date" => "2003-07-17T14:03:19","version" => "0.26"},{"date" => "2003-07-28T14:31:54","version" => "0.27"},{"date" => "2003-07-29T15:30:55","version" => "0.28"},{"date" => "2003-08-08T02:54:01","version" => "0.29"},{"date" => "2003-08-10T13:35:38","version" => "0.30"},{"date" => "2003-08-10T17:17:19","version" => "0.31"},{"date" => "2003-08-11T09:15:13","version" => "0.32"},{"date" => "2003-08-12T04:11:59","version" => "0.33"},{"date" => "2003-08-18T15:32:45","version" => "0.34"},{"date" => "2003-08-27T07:08:31","version" => "0.35"},{"date" => "2003-10-28T04:22:56","version" => "0.36"},{"date" => "2003-11-06T10:55:07","version" => "0.37"},{"date" => "2004-01-01T10:14:15","version" => "0.38"},{"date" => "2004-06-17T15:17:14","version" => "0.39"},{"date" => "2004-07-01T12:18:17","version" => "0.40"},{"date" => "2004-07-04T08:19:11","version" => "0.41"},{"date" => "2004-11-20T06:19:22","version" => "0.42"},{"date" => "2004-12-16T06:45:55","version" => "0.43"},{"date" => "2004-12-16T07:17:30","version" => "0.44"},{"date" => "2005-08-09T04:23:46","version" => "0.45"},{"date" => "2005-08-21T08:16:22","version" => "0.50"},{"date" => "2006-01-01T18:41:57","version" => "0.51"},{"date" => "2006-01-18T16:32:37","version" => "0.52"},{"date" => "2006-01-31T05:02:24","version" => "0.53"},{"date" => "2006-05-11T17:12:46","version" => "0.54"},{"date" => "2006-07-30T01:15:07","version" => "0.55"},{"date" => "2009-11-16T14:59:35","version" => "0.60"},{"date" => "2009-11-18T16:58:07","version" => "0.61"},{"date" => "2010-03-23T21:21:37","version" => "0.62"},{"date" => "2010-03-28T02:49:21","version" => "0.62"},{"date" => "2010-05-08T22:55:43","version" => "0.62"},{"date" => "2010-09-03T19:55:36","version" => "0.65"},{"date" => "2010-09-06T20:58:24","version" => "0.66"},{"date" => "2011-04-17T15:09:22","version" => "0.67"},{"date" => "2011-05-13T09:55:20","version" => "0.68"},{"date" => "2012-11-02T15:20:28","version" => "0.69"},{"date" => "2012-11-28T17:49:21","version" => "0.70"},{"date" => "2013-06-04T10:29:18","version" => "0.71"},{"date" => "2013-06-05T15:21:34","version" => "0.72"},{"date" => "2013-06-05T20:57:10","version" => "0.73"},{"date" => "2015-04-06T18:39:32","version" => "0.74"},{"date" => "2015-04-06T20:58:34","version" => "0.75"},{"date" => "2015-04-08T10:13:11","version" => "0.76"},{"date" => "2015-04-08T11:47:26","version" => "0.77"},{"date" => "2015-04-09T09:00:30","version" => "0.78"},{"date" => "2015-05-18T15:18:02","version" => "0.79"},{"date" => "2016-06-07T06:36:30","version" => "0.80"},{"date" => "2016-09-05T06:41:06","version" => "0.81"},{"date" => "2018-08-26T15:19:13","version" => "0.81"},{"date" => "2018-08-29T08:35:25","version" => "0.83"},{"date" => "2020-06-25T13:01:10","version" => "0.84"},{"date" => "2020-06-25T13:10:23","version" => "0.86"},{"date" => "2020-07-04T07:16:32","version" => "0.87"},{"date" => "2021-12-18T03:39:32","version" => "0.87"},{"date" => "2024-09-14T13:57:16","version" => "0.89"},{"date" => "2024-09-15T22:11:10","version" => "0.89"},{"date" => "2025-06-12T01:04:46","version" => "0.90"},{"date" => "2025-06-12T20:20:16","version" => "0.90"},{"date" => "2025-06-24T15:20:35","version" => "0.91"},{"date" => "2025-06-25T17:30:52","version" => "0.92"},{"date" => "2025-06-27T19:39:37","version" => "0.93"}]},"Mojo-DOM-Role-Analyzer" => {"advisories" => [{"affected_versions" => ["<=0.015"],"cves" => ["CVE-2024-38526"],"description" => "pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.\n","distribution" => "Mojo-DOM-Role-Analyzer","embedded_vulnerability" => {"distributed_version" => undef,"name" => "polyfill.io"},"fixed_versions" => [],"id" => "CPANSA-Mojo-DOM-Role-Analyzer-2024-38526","references" => ["https://github.com/mitmproxy/pdoc/pull/703","https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62","https://sansec.io/research/polyfill-supply-chain-attack","https://github.com/briandfoy/cpan-security-advisory/issues/155","https://github.com/sdondley/Mojo-DOM-Role-Analyzer/issues/10","https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/"],"reported" => "2024-06-26","severity" => undef}],"main_module" => "Mojo::DOM::Role::Analyzer","versions" => [{"date" => "2020-08-04T22:48:59","version" => "0.007"},{"date" => "2020-08-05T13:43:47","version" => "0.008"},{"date" => "2020-08-06T02:47:29","version" => "0.009"},{"date" => "2020-08-08T13:39:18","version" => "0.010"},{"date" => "2020-08-09T13:43:20","version" => "0.011"},{"date" => "2020-08-09T23:37:24","version" => "0.012"},{"date" => "2020-08-12T03:21:57","version" => "0.013"},{"date" => "2020-08-13T21:09:19","version" => "0.014"},{"date" => "2020-08-16T15:39:17","version" => "0.015"}]},"MojoMojo" => {"advisories" => [{"affected_versions" => ["<0.999033"],"cves" => [],"description" => "Anonymous users can delete attachments.\n","distribution" => "MojoMojo","fixed_versions" => [">=0.999033"],"id" => "CPANSA-MojoMojo-2009-01","references" => ["https://metacpan.org/changes/distribution/MojoMojo","https://github.com/mojomojo/mojomojo/commit/a9b9fd4f4f037627d30f3cbaa10abe42a3439637"],"reported" => "2009-08-14"}],"main_module" => "MojoMojo","versions" => [{"date" => "2007-08-29T14:32:52","version" => "0.05"},{"date" => "2007-09-12T21:46:24","version" => "0.05"},{"date" => "2007-09-13T11:28:37","version" => "0.05"},{"date" => "2007-09-18T07:33:43","version" => "0.999004"},{"date" => "2007-09-18T08:02:02","version" => "0.999005"},{"date" => "2007-09-19T20:59:39","version" => "0.999006"},{"date" => "2007-09-23T23:30:59","version" => "0.999007"},{"date" => "2007-11-12T22:25:35","version" => "0.999008"},{"date" => "2008-01-20T23:15:07","version" => "0.999010"},{"date" => "2008-01-23T23:00:05","version" => "0.999011"},{"date" => "2008-02-05T23:20:47","version" => "0.999012"},{"date" => "2008-03-05T00:34:49","version" => "0.999013"},{"date" => "2008-05-02T18:11:49","version" => "0.999014"},{"date" => "2008-05-03T16:10:08","version" => "0.999015"},{"date" => "2008-06-29T13:03:39","version" => "0.999016"},{"date" => "2008-07-09T14:26:56","version" => "0.999017"},{"date" => "2008-07-16T19:26:46","version" => "0.999018"},{"date" => "2008-07-19T21:33:36","version" => "0.999018"},{"date" => "2008-07-29T16:25:08","version" => "0.999018"},{"date" => "2008-11-01T01:04:37","version" => "0.999021"},{"date" => "2008-11-15T09:09:37","version" => "0.999022"},{"date" => "2008-11-23T16:45:05","version" => "0.999023"},{"date" => "2008-12-31T17:53:50","version" => "0.999024"},{"date" => "2009-01-04T22:51:40","version" => "0.999025"},{"date" => "2009-01-07T23:28:15","version" => "0.999026"},{"date" => "2009-01-30T23:29:25","version" => "0.999027"},{"date" => "2009-04-23T10:06:20","version" => "0.999028"},{"date" => "2009-05-09T23:21:10","version" => "0.999029"},{"date" => "2009-07-18T19:39:14","version" => "0.999030"},{"date" => "2009-07-26T19:39:37","version" => "0.999031"},{"date" => "2009-08-02T21:28:51","version" => "0.999032"},{"date" => "2009-08-14T12:50:18","version" => "0.999033"},{"date" => "2009-09-04T18:27:34","version" => "0.999040"},{"date" => "2009-10-26T16:07:25","version" => "0.999041"},{"date" => "2009-12-02T08:22:24","version" => "0.999042"},{"date" => "2010-05-11T22:58:19","version" => "1.00"},{"date" => "2010-05-27T07:44:39","version" => "1.01"},{"date" => "2010-08-30T21:24:41","version" => "1.02"},{"date" => "2011-01-13T12:48:10","version" => "1.03"},{"date" => "2011-03-12T23:37:45","version" => "1.04"},{"date" => "2011-09-14T10:09:05","version" => "1.05"},{"date" => "2012-08-07T10:39:42","version" => "1.06"},{"date" => "2012-11-12T23:30:00","version" => "1.07"},{"date" => "2013-01-06T07:46:41","version" => "1.08"},{"date" => "2013-01-25T16:06:42","version" => "1.09"},{"date" => "2013-05-12T22:59:03","version" => "1.10"},{"date" => "2014-12-25T17:13:24","version" => "1.11"},{"date" => "2017-05-13T13:47:52","version" => "1.12"}]},"Mojolicious" => {"advisories" => [{"affected_versions" => ["<9.31"],"cves" => [],"description" => "Mojo::DOM did not correctly parse <script> tags.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.31"],"id" => "CPANSA-Mojolicious-2022-03","references" => ["https://github.com/mojolicious/mojo/commit/6f195d85db6756022d3599f7d2634975688c9550","https://github.com/mojolicious/mojo/issues/2014","https://github.com/mojolicious/mojo/issues/2015"],"reported" => "2022-12-10","severity" => undef},{"affected_versions" => ["<9.19"],"cves" => [],"description" => "Small sessions could be used as part of a brute-force attack to decode the session secret.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.91"],"id" => "CPANSA-Mojolicious-2021-02","references" => ["https://github.com/mojolicious/mojo/pull/1791"],"reported" => "2021-06-01","severity" => undef},{"affected_versions" => ["<9.11"],"cves" => ["CVE-2021-47208"],"description" => "A bug in format detection can potentially be exploited for a DoS attack.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.11"],"id" => "CPANSA-Mojolicious-2021-01","references" => ["https://github.com/mojolicious/mojo/issues/1736","https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c"],"reported" => "2021-03-16","severity" => undef},{"affected_versions" => [">1.74,<8.65"],"cves" => ["CVE-2020-36829"],"description" => "Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.\n","distribution" => "Mojolicious","fixed_versions" => [">=8.65"],"id" => "CPANSA-Mojolicious-2020-01","references" => ["https://github.com/mojolicious/mojo/pull/1601"],"reported" => "2020-11-10","reviewed_by" => [{"date" => "2022-06-22","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => [">7.83,<7.92"],"cves" => [],"description" => "This release reverts the addition of stream classes (added in 7.83), which have unfortunately resulted in many Mojolicious applications becoming unstable. While there are no known exploits yet, we've chosen to err on the side of cautiousness and will classify this as a security issue.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.92"],"id" => "CPANSA-Mojolicious-2018-04","references" => ["https://github.com/mojolicious/mojo/commit/61f6cbf22c7bf8eb4787bd1014d91ee2416c73e7"],"reported" => "2018-08-09","severity" => "critical"},{"affected_versions" => ["<7.80"],"cves" => [],"description" => "Mojo::UserAgent was not checking peer SSL certificates by default.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.80"],"id" => "CPANSA-Mojolicious-2018-03","references" => ["https://github.com/mojolicious/mojo/pull/1226","https://github.com/mojolicious/mojo/commit/d3cbbad890673612fdbdea63fdd522b516f6104c"],"reported" => "2018-05-19","severity" => "high"},{"affected_versions" => ["<7.78"],"cves" => [],"description" => "GET requests with embedded backslashes can be used to access local files on Windows hosts\n","distribution" => "Mojolicious","fixed_versions" => [">=7.78"],"id" => "CPANSA-Mojolicious-2018-02","references" => ["https://github.com/mojolicious/mojo/pull/1217","https://github.com/mojolicious/mojo/commit/23ebe051d9378f0f122e3c908845fc0c2cae0106"],"reported" => "2018-05-11","severity" => "critical"},{"affected_versions" => ["<7.66"],"cves" => ["CVE-2018-25100"],"description" => "Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.66"],"id" => "CPANSA-Mojolicious-2018-01","references" => ["https://github.com/mojolicious/mojo/pull/1192","https://github.com/mojolicious/mojo/issues/1185","https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149"],"reported" => "2018-02-13","severity" => "minor"},{"affected_versions" => ["<5.76"],"cves" => [],"description" => "Directory traversal on Windows\n","distribution" => "Mojolicious","fixed_versions" => [">=5.76"],"id" => "CPANSA-Mojolicious-2015-01","references" => ["https://github.com/mojolicious/mojo/issues/738","https://github.com/mojolicious/mojo/commit/9ffa38fca73a9ddee91cbc70e0696268d500edde"],"reported" => "2015-02-02","severity" => "critical"},{"affected_versions" => ["<5.48"],"cves" => [],"description" => "Context sensitivity of method param could lead to parameter injection attacks.\n","distribution" => "Mojolicious","fixed_versions" => [">=5.48"],"id" => "CPANSA-Mojolicious-2014-01","references" => ["https://github.com/mojolicious/mojo/commit/a815d4797145f872ef6e9f1270841eda1d410afb"],"reported" => "2014-10-07","severity" => "high"},{"affected_versions" => ["<1.16"],"cves" => ["CVE-2011-1589"],"description" => "Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.16"],"id" => "CPANSA-Mojolicious-2011-02","references" => ["https://github.com/mojolicious/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818","https://www.cvedetails.com/cve/CVE-2011-1589/"],"reported" => "2011-04-05","severity" => "critical"},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2011-1841"],"description" => "Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.12"],"id" => "CPANSA-Mojolicious-2011-01","references" => ["https://exchange.xforce.ibmcloud.com/vulnerabilities/67257","https://www.debian.org/security/2011/dsa-2239","https://github.com/mojolicious/mojo/commit/f6801ef7be8c78092e38f870b19fae3da0899d60"],"reported" => "2011-03-10","severity" => "high"},{"affected_versions" => ["<0.999927"],"cves" => ["CVE-2010-4803"],"description" => "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=0.999927"],"id" => "CPANSA-Mojolicious-2010-4803","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952","http://www.debian.org/security/2011/dsa-2239"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<0.999928"],"cves" => ["CVE-2010-4802"],"description" => "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=0.999928"],"id" => "CPANSA-Mojolicious-2010-4802","references" => ["https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952","https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44","http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://www.debian.org/security/2011/dsa-2239"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2011-1841"],"description" => "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.12"],"id" => "CPANSA-Mojolicious-2011-1841","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html","http://www.debian.org/security/2011/dsa-2239","http://www.securityfocus.com/bid/47713","https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<0.991250"],"cves" => ["CVE-2009-5074"],"description" => "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">0.991250"],"id" => "CPANSA-Mojolicious-2009-5074","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => [">=0.999922"],"cves" => ["CVE-2024-58134"],"description" => "Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.  These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.","distribution" => "Mojolicious","fixed_versions" => [],"id" => "CPANSA-Mojolicious-2024-58134","references" => ["https://github.com/hashcat/hashcat/pull/4090","https://github.com/mojolicious/mojo/pull/1791","https://github.com/mojolicious/mojo/pull/2200","https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802","https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51","https://www.synacktiv.com/publications/baking-mojolicious-cookies","https://www.cve.org/CVERecord?id=CVE-2024-58134"],"reported" => "2025-05-03","severity" => undef},{"affected_versions" => [">=7.28"],"comment" => "Mojolicious will use CryptX if it is installed, but it falls back to the default behavior otherwise","cves" => ["CVE-2024-58135"],"description" => "Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets.  When creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.","distribution" => "Mojolicious","fixed_versions" => [],"id" => "CPANSA-Mojolicious-2024-58135","references" => ["https://github.com/hashcat/hashcat/pull/4090","https://github.com/mojolicious/mojo/pull/2200","https://metacpan.org/release/SRI/Mojolicious-7.28/source/lib/Mojolicious/Command/generate/app.pm#L220","https://metacpan.org/release/SRI/Mojolicious-9.38/source/lib/Mojolicious/Command/Author/generate/app.pm#L202","https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojo/Util.pm#L181","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-05-03","severity" => undef}],"main_module" => "Mojolicious","versions" => [{"date" => "2010-02-11T02:04:14","version" => "0.999920"},{"date" => "2010-02-11T02:55:03","version" => "0.999921"},{"date" => "2010-02-26T18:50:34","version" => "0.999922"},{"date" => "2010-03-08T20:03:52","version" => "0.999923"},{"date" => "2010-03-20T22:56:55","version" => "0.999924"},{"date" => "2010-06-07T22:33:12","version" => "0.999925"},{"date" => "2010-06-11T10:33:01","version" => "0.999926"},{"date" => "2010-08-15T13:48:19","version" => "0.999927"},{"date" => "2010-08-17T17:41:47","version" => "0.999928"},{"date" => "2010-08-17T17:54:45","version" => "0.999929"},{"date" => "2010-10-19T13:57:49","version" => "0.999930"},{"date" => "2010-10-26T04:44:54","version" => "0.999931"},{"date" => "2010-10-30T00:54:42","version" => "0.999932"},{"date" => "2010-10-30T19:46:09","version" => "0.999933"},{"date" => "2010-11-01T00:33:14","version" => "0.999934"},{"date" => "2010-11-03T20:34:11","version" => "0.999935"},{"date" => "2010-11-04T23:48:46","version" => "0.999936"},{"date" => "2010-11-09T20:13:52","version" => "0.999937"},{"date" => "2010-11-09T21:24:17","version" => "0.999938"},{"date" => "2010-11-15T17:56:49","version" => "0.999939"},{"date" => "2010-11-15T23:18:40","version" => "0.999940"},{"date" => "2010-11-19T14:22:51","version" => "0.999941"},{"date" => "2010-12-01T18:57:50","version" => "0.999950"},{"date" => "2010-12-26T14:55:33","version" => "1.0"},{"date" => "2011-01-06T12:00:46","version" => "1.01"},{"date" => "2011-02-14T03:22:27","version" => "1.1"},{"date" => "2011-02-18T17:07:03","version" => "1.11"},{"date" => "2011-03-10T10:05:32","version" => "1.12"},{"date" => "2011-03-14T11:58:23","version" => "1.13"},{"date" => "2011-03-17T13:24:28","version" => "1.14"},{"date" => "2011-03-18T18:31:34","version" => "1.15"},{"date" => "2011-04-15T09:07:17","version" => "1.16"},{"date" => "2011-04-18T21:49:07","version" => "1.17"},{"date" => "2011-04-19T21:03:20","version" => "1.18"},{"date" => "2011-04-19T22:17:44","version" => "1.19"},{"date" => "2011-04-20T10:39:46","version" => "1.20"},{"date" => "2011-04-20T15:29:17","version" => "1.21"},{"date" => "2011-05-02T07:00:00","version" => "1.22"},{"date" => "2011-05-08T17:00:10","version" => "1.31"},{"date" => "2011-05-11T13:29:59","version" => "1.32"},{"date" => "2011-05-20T12:32:57","version" => "1.33"},{"date" => "2011-05-22T13:20:40","version" => "1.34"},{"date" => "2011-06-02T09:03:36","version" => "1.4"},{"date" => "2011-06-03T10:12:43","version" => "1.41"},{"date" => "2011-06-09T14:12:56","version" => "1.42"},{"date" => "2011-06-13T14:05:24","version" => "1.43"},{"date" => "2011-06-18T18:14:22","version" => "1.44"},{"date" => "2011-06-20T00:25:16","version" => "1.45"},{"date" => "2011-06-21T04:56:47","version" => "1.46"},{"date" => "2011-06-22T13:03:42","version" => "1.47"},{"date" => "2011-06-24T12:01:47","version" => "1.48"},{"date" => "2011-06-30T15:18:18","version" => "1.49"},{"date" => "2011-07-01T10:26:00","version" => "1.50"},{"date" => "2011-07-01T13:59:47","version" => "1.51"},{"date" => "2011-07-01T17:48:50","version" => "1.52"},{"date" => "2011-07-02T11:48:49","version" => "1.53"},{"date" => "2011-07-03T18:04:37","version" => "1.54"},{"date" => "2011-07-04T21:23:51","version" => "1.55"},{"date" => "2011-07-05T20:49:36","version" => "1.56"},{"date" => "2011-07-07T02:00:07","version" => "1.57"},{"date" => "2011-07-07T19:52:59","version" => "1.58"},{"date" => "2011-07-08T04:58:56","version" => "1.59"},{"date" => "2011-07-08T20:44:55","version" => "1.60"},{"date" => "2011-07-09T19:36:58","version" => "1.61"},{"date" => "2011-07-10T00:40:32","version" => "1.62"},{"date" => "2011-07-10T03:19:49","version" => "1.63"},{"date" => "2011-07-10T05:51:47","version" => "1.64"},{"date" => "2011-07-25T18:13:25","version" => "1.65"},{"date" => "2011-07-26T23:14:38","version" => "1.66"},{"date" => "2011-07-27T13:57:06","version" => "1.67"},{"date" => "2011-07-29T18:39:20","version" => "1.68"},{"date" => "2011-08-03T14:32:24","version" => "1.69"},{"date" => "2011-08-04T15:34:41","version" => "1.70"},{"date" => "2011-08-05T04:01:50","version" => "1.71"},{"date" => "2011-08-05T20:07:50","version" => "1.72"},{"date" => "2011-08-09T10:07:19","version" => "1.73"},{"date" => "2011-08-09T12:09:49","version" => "1.74"},{"date" => "2011-08-12T13:14:07","version" => "1.75"},{"date" => "2011-08-12T14:54:00","version" => "1.76"},{"date" => "2011-08-14T20:48:58","version" => "1.77"},{"date" => "2011-08-16T13:22:48","version" => "1.78"},{"date" => "2011-08-17T17:43:58","version" => "1.79"},{"date" => "2011-08-17T19:08:11","version" => "1.80"},{"date" => "2011-08-19T02:48:39","version" => "1.81"},{"date" => "2011-08-19T04:55:49","version" => "1.82"},{"date" => "2011-08-19T05:21:15","version" => "1.83"},{"date" => "2011-08-19T18:08:30","version" => "1.84"},{"date" => "2011-08-20T00:19:42","version" => "1.85"},{"date" => "2011-08-21T18:59:13","version" => "1.86"},{"date" => "2011-08-23T00:49:19","version" => "1.87"},{"date" => "2011-08-23T19:20:37","version" => "1.88"},{"date" => "2011-08-23T21:15:42","version" => "1.89"},{"date" => "2011-08-24T19:01:47","version" => "1.90"},{"date" => "2011-08-25T05:54:05","version" => "1.91"},{"date" => "2011-08-26T00:47:54","version" => "1.92"},{"date" => "2011-08-27T09:11:59","version" => "1.93"},{"date" => "2011-08-27T10:52:14","version" => "1.94"},{"date" => "2011-09-01T20:50:35","version" => "1.95"},{"date" => "2011-09-01T22:42:14","version" => "1.96"},{"date" => "2011-09-03T10:32:15","version" => "1.97"},{"date" => "2011-09-14T18:21:20","version" => "1.98"},{"date" => "2011-09-29T08:27:22","version" => "1.99"},{"date" => "2011-10-17T16:25:55","version" => "2.0"},{"date" => "2011-10-19T12:49:44","version" => "2.01"},{"date" => "2011-10-19T23:41:41","version" => "2.02"},{"date" => "2011-10-20T12:24:36","version" => "2.03"},{"date" => "2011-10-21T15:37:59","version" => "2.04"},{"date" => "2011-10-22T16:36:22","version" => "2.05"},{"date" => "2011-10-22T21:44:31","version" => "2.06"},{"date" => "2011-10-23T00:39:23","version" => "2.07"},{"date" => "2011-10-23T01:30:44","version" => "2.08"},{"date" => "2011-10-23T02:13:30","version" => "2.09"},{"date" => "2011-10-25T02:22:41","version" => "2.10"},{"date" => "2011-10-25T18:47:46","version" => "2.11"},{"date" => "2011-10-27T01:54:39","version" => "2.12"},{"date" => "2011-10-27T19:15:21","version" => "2.13"},{"date" => "2011-10-28T20:28:23","version" => "2.14"},{"date" => "2011-10-29T04:29:30","version" => "2.15"},{"date" => "2011-10-29T20:52:07","version" => "2.16"},{"date" => "2011-10-30T00:55:35","version" => "2.17"},{"date" => "2011-10-30T18:03:30","version" => "2.18"},{"date" => "2011-10-31T09:07:02","version" => "2.19"},{"date" => "2011-11-01T00:40:20","version" => "2.20"},{"date" => "2011-11-02T01:29:01","version" => "2.21"},{"date" => "2011-11-03T15:21:43","version" => "2.22"},{"date" => "2011-11-04T18:45:33","version" => "2.23"},{"date" => "2011-11-05T16:16:00","version" => "2.24"},{"date" => "2011-11-08T21:13:48","version" => "2.25"},{"date" => "2011-11-10T16:53:32","version" => "2.26"},{"date" => "2011-11-16T20:59:52","version" => "2.27"},{"date" => "2011-11-17T23:44:36","version" => "2.28"},{"date" => "2011-11-19T20:10:28","version" => "2.29"},{"date" => "2011-11-20T00:19:04","version" => "2.30"},{"date" => "2011-11-20T22:25:03","version" => "2.31"},{"date" => "2011-11-24T10:31:31","version" => "2.32"},{"date" => "2011-11-28T12:32:13","version" => "2.33"},{"date" => "2011-11-28T14:02:31","version" => "2.34"},{"date" => "2011-12-01T14:19:35","version" => "2.35"},{"date" => "2011-12-05T10:52:35","version" => "2.36"},{"date" => "2011-12-10T18:18:16","version" => "2.37"},{"date" => "2011-12-17T12:03:38","version" => "2.38"},{"date" => "2011-12-22T12:31:43","version" => "2.39"},{"date" => "2011-12-24T13:04:21","version" => "2.40"},{"date" => "2011-12-28T16:09:18","version" => "2.41"},{"date" => "2012-01-02T17:15:52","version" => "2.42"},{"date" => "2012-01-08T03:43:27","version" => "2.43"},{"date" => "2012-01-17T23:21:12","version" => "2.44"},{"date" => "2012-01-18T15:23:03","version" => "2.45"},{"date" => "2012-01-25T18:20:48","version" => "2.46"},{"date" => "2012-02-06T16:28:27","version" => "2.47"},{"date" => "2012-02-09T07:04:28","version" => "2.48"},{"date" => "2012-02-13T19:45:00","version" => "2.49"},{"date" => "2012-02-18T01:18:38","version" => "2.50"},{"date" => "2012-02-19T12:32:58","version" => "2.51"},{"date" => "2012-02-24T15:01:33","version" => "2.52"},{"date" => "2012-02-25T05:53:29","version" => "2.53"},{"date" => "2012-02-27T15:31:19","version" => "2.54"},{"date" => "2012-02-27T19:26:41","version" => "2.55"},{"date" => "2012-03-01T21:07:06","version" => "2.56"},{"date" => "2012-03-03T22:01:50","version" => "2.57"},{"date" => "2012-03-09T18:38:46","version" => "2.58"},{"date" => "2012-03-09T19:02:23","version" => "2.59"},{"date" => "2012-03-13T16:50:25","version" => "2.60"},{"date" => "2012-03-14T00:41:48","version" => "2.61"},{"date" => "2012-03-17T09:05:12","version" => "2.62"},{"date" => "2012-03-20T18:39:51","version" => "2.63"},{"date" => "2012-03-21T01:23:59","version" => "2.64"},{"date" => "2012-03-22T22:06:10","version" => "2.65"},{"date" => "2012-03-23T16:16:55","version" => "2.66"},{"date" => "2012-03-24T14:29:35","version" => "2.67"},{"date" => "2012-03-24T14:59:52","version" => "2.68"},{"date" => "2012-03-27T12:53:44","version" => "2.69"},{"date" => "2012-03-30T21:24:44","version" => "2.70"},{"date" => "2012-04-03T01:46:31","version" => "2.71"},{"date" => "2012-04-03T13:16:07","version" => "2.72"},{"date" => "2012-04-03T17:10:05","version" => "2.73"},{"date" => "2012-04-03T22:33:05","version" => "2.74"},{"date" => "2012-04-05T01:57:10","version" => "2.75"},{"date" => "2012-04-05T03:52:05","version" => "2.76"},{"date" => "2012-04-09T12:36:15","version" => "2.77"},{"date" => "2012-04-09T18:54:51","version" => "2.78"},{"date" => "2012-04-10T10:58:23","version" => "2.79"},{"date" => "2012-04-10T14:25:57","version" => "2.80"},{"date" => "2012-04-15T18:49:31","version" => "2.81"},{"date" => "2012-04-16T21:09:32","version" => "2.82"},{"date" => "2012-04-18T18:51:37","version" => "2.83"},{"date" => "2012-04-18T21:29:14","version" => "2.84"},{"date" => "2012-04-19T15:37:54","version" => "2.85"},{"date" => "2012-04-23T12:21:14","version" => "2.86"},{"date" => "2012-04-23T14:19:09","version" => "2.87"},{"date" => "2012-04-24T02:15:58","version" => "2.88"},{"date" => "2012-04-24T20:08:49","version" => "2.89"},{"date" => "2012-04-25T11:35:38","version" => "2.90"},{"date" => "2012-04-26T19:20:37","version" => "2.91"},{"date" => "2012-04-30T16:50:01","version" => "2.92"},{"date" => "2012-05-05T22:00:26","version" => "2.93"},{"date" => "2012-05-10T03:49:57","version" => "2.94"},{"date" => "2012-05-10T20:08:54","version" => "2.95"},{"date" => "2012-05-21T08:26:37","version" => "2.96"},{"date" => "2012-05-28T12:11:13","version" => "2.97"},{"date" => "2012-05-30T18:21:26","version" => "2.98"},{"date" => "2012-06-26T06:45:51","version" => "3.0"},{"date" => "2012-07-01T10:00:07","version" => "3.01"},{"date" => "2012-07-03T19:21:54","version" => "3.02"},{"date" => "2012-07-06T21:17:36","version" => "3.03"},{"date" => "2012-07-07T11:29:24","version" => "3.04"},{"date" => "2012-07-07T21:49:48","version" => "3.05"},{"date" => "2012-07-11T17:27:01","version" => "3.06"},{"date" => "2012-07-13T00:25:44","version" => "3.07"},{"date" => "2012-07-13T21:53:56","version" => "3.08"},{"date" => "2012-07-16T19:46:15","version" => "3.09"},{"date" => "2012-07-16T20:00:50","version" => "3.10"},{"date" => "2012-07-19T01:44:35","version" => "3.11"},{"date" => "2012-07-20T12:30:03","version" => "3.12"},{"date" => "2012-07-24T17:03:04","version" => "3.13"},{"date" => "2012-07-27T11:05:47","version" => "3.14"},{"date" => "2012-07-28T11:32:31","version" => "3.15"},{"date" => "2012-07-31T18:55:11","version" => "3.16"},{"date" => "2012-08-01T00:38:50","version" => "3.17"},{"date" => "2012-08-01T19:15:21","version" => "3.18"},{"date" => "2012-08-02T15:40:34","version" => "3.19"},{"date" => "2012-08-03T23:32:38","version" => "3.20"},{"date" => "2012-08-05T22:32:21","version" => "3.21"},{"date" => "2012-08-06T19:53:03","version" => "3.22"},{"date" => "2012-08-07T03:37:26","version" => "3.23"},{"date" => "2012-08-07T20:56:45","version" => "3.24"},{"date" => "2012-08-08T00:31:31","version" => "3.25"},{"date" => "2012-08-08T04:04:18","version" => "3.26"},{"date" => "2012-08-08T21:18:27","version" => "3.27"},{"date" => "2012-08-10T12:18:38","version" => "3.28"},{"date" => "2012-08-13T13:42:56","version" => "3.29"},{"date" => "2012-08-13T16:14:35","version" => "3.30"},{"date" => "2012-08-15T09:37:25","version" => "3.31"},{"date" => "2012-08-20T12:37:26","version" => "3.32"},{"date" => "2012-08-23T18:34:00","version" => "3.33"},{"date" => "2012-08-24T01:17:41","version" => "3.34"},{"date" => "2012-08-27T22:52:31","version" => "3.35"},{"date" => "2012-08-30T00:59:43","version" => "3.36"},{"date" => "2012-09-04T20:50:40","version" => "3.37"},{"date" => "2012-09-07T00:05:53","version" => "3.38"},{"date" => "2012-09-10T11:58:00","version" => "3.39"},{"date" => "2012-09-11T18:03:47","version" => "3.40"},{"date" => "2012-09-13T18:22:49","version" => "3.41"},{"date" => "2012-09-16T17:29:48","version" => "3.42"},{"date" => "2012-09-22T19:40:59","version" => "3.43"},{"date" => "2012-09-29T11:20:17","version" => "3.44"},{"date" => "2012-10-09T20:39:26","version" => "3.45"},{"date" => "2012-10-10T20:55:33","version" => "3.46"},{"date" => "2012-10-12T23:10:49","version" => "3.47"},{"date" => "2012-10-16T22:51:05","version" => "3.48"},{"date" => "2012-10-19T16:34:25","version" => "3.49"},{"date" => "2012-10-20T01:34:34","version" => "3.50"},{"date" => "2012-10-23T20:23:54","version" => "3.51"},{"date" => "2012-10-26T14:41:25","version" => "3.52"},{"date" => "2012-10-31T02:41:01","version" => "3.53"},{"date" => "2012-11-01T04:36:00","version" => "3.54"},{"date" => "2012-11-08T11:20:15","version" => "3.55"},{"date" => "2012-11-09T20:09:37","version" => "3.56"},{"date" => "2012-11-12T19:47:57","version" => "3.57"},{"date" => "2012-11-19T16:05:13","version" => "3.58"},{"date" => "2012-11-20T19:53:03","version" => "3.59"},{"date" => "2012-11-22T05:12:27","version" => "3.60"},{"date" => "2012-11-25T04:19:47","version" => "3.61"},{"date" => "2012-11-26T00:57:00","version" => "3.62"},{"date" => "2012-11-28T10:17:51","version" => "3.63"},{"date" => "2012-12-01T16:39:26","version" => "3.64"},{"date" => "2012-12-08T22:47:54","version" => "3.65"},{"date" => "2012-12-14T01:03:29","version" => "3.66"},{"date" => "2012-12-14T23:48:00","version" => "3.67"},{"date" => "2012-12-16T00:55:55","version" => "3.68"},{"date" => "2012-12-20T22:47:53","version" => "3.69"},{"date" => "2012-12-23T22:18:59","version" => "3.70"},{"date" => "2013-01-02T11:57:12","version" => "3.71"},{"date" => "2013-01-04T22:16:16","version" => "3.72"},{"date" => "2013-01-06T22:46:48","version" => "3.73"},{"date" => "2013-01-07T18:47:06","version" => "3.74"},{"date" => "2013-01-08T16:15:03","version" => "3.75"},{"date" => "2013-01-10T00:00:19","version" => "3.76"},{"date" => "2013-01-12T00:36:11","version" => "3.77"},{"date" => "2013-01-12T23:47:49","version" => "3.78"},{"date" => "2013-01-13T00:50:13","version" => "3.79"},{"date" => "2013-01-15T05:02:52","version" => "3.80"},{"date" => "2013-01-17T21:32:48","version" => "3.81"},{"date" => "2013-01-18T15:50:23","version" => "3.82"},{"date" => "2013-01-27T15:28:40","version" => "3.83"},{"date" => "2013-01-30T00:32:12","version" => "3.84"},{"date" => "2013-02-13T00:56:23","version" => "3.85"},{"date" => "2013-02-22T02:01:13","version" => "3.86"},{"date" => "2013-02-23T19:36:00","version" => "3.87"},{"date" => "2013-03-03T21:53:52","version" => "3.88"},{"date" => "2013-03-04T16:12:24","version" => "3.89"},{"date" => "2013-03-14T20:08:14","version" => "3.90"},{"date" => "2013-03-17T22:59:42","version" => "3.91"},{"date" => "2013-04-03T19:48:34","version" => "3.92"},{"date" => "2013-04-05T21:46:38","version" => "3.93"},{"date" => "2013-04-08T21:48:55","version" => "3.94"},{"date" => "2013-04-12T03:49:59","version" => "3.95"},{"date" => "2013-04-22T21:34:16","version" => "3.96"},{"date" => "2013-04-25T21:49:41","version" => "3.97"},{"date" => "2013-05-15T20:02:05","version" => "4.0"},{"date" => "2013-05-19T17:24:38","version" => "4.01"},{"date" => "2013-05-20T16:55:00","version" => "4.02"},{"date" => "2013-05-21T05:24:56","version" => "4.03"},{"date" => "2013-05-23T21:25:32","version" => "4.04"},{"date" => "2013-05-24T02:59:59","version" => "4.05"},{"date" => "2013-05-24T14:23:41","version" => "4.06"},{"date" => "2013-05-25T18:07:30","version" => "4.07"},{"date" => "2013-05-30T21:45:51","version" => "4.08"},{"date" => "2013-05-31T02:24:29","version" => "4.09"},{"date" => "2013-06-01T02:09:07","version" => "4.10"},{"date" => "2013-06-03T04:34:37","version" => "4.11"},{"date" => "2013-06-07T01:51:09","version" => "4.12"},{"date" => "2013-06-09T00:25:21","version" => "4.13"},{"date" => "2013-06-10T00:23:12","version" => "4.14"},{"date" => "2013-06-18T08:02:11","version" => "4.15"},{"date" => "2013-06-19T01:27:29","version" => "4.16"},{"date" => "2013-07-04T16:14:27","version" => "4.17"},{"date" => "2013-07-08T09:17:43","version" => "4.18"},{"date" => "2013-07-21T21:47:46","version" => "4.19"},{"date" => "2013-07-28T12:53:38","version" => "4.20"},{"date" => "2013-07-28T20:17:31","version" => "4.21"},{"date" => "2013-07-29T19:13:38","version" => "4.22"},{"date" => "2013-07-31T20:35:17","version" => "4.23"},{"date" => "2013-08-08T21:10:52","version" => "4.24"},{"date" => "2013-08-17T20:16:56","version" => "4.25"},{"date" => "2013-08-18T15:06:51","version" => "4.26"},{"date" => "2013-08-26T15:29:36","version" => "4.27"},{"date" => "2013-08-29T16:11:59","version" => "4.28"},{"date" => "2013-08-31T02:01:44","version" => "4.29"},{"date" => "2013-09-01T21:48:28","version" => "4.30"},{"date" => "2013-09-04T20:09:26","version" => "4.31"},{"date" => "2013-09-06T21:19:59","version" => "4.32"},{"date" => "2013-09-07T20:38:03","version" => "4.33"},{"date" => "2013-09-08T20:58:54","version" => "4.34"},{"date" => "2013-09-10T21:40:13","version" => "4.35"},{"date" => "2013-09-12T21:31:22","version" => "4.36"},{"date" => "2013-09-13T01:32:54","version" => "4.37"},{"date" => "2013-09-16T22:01:40","version" => "4.38"},{"date" => "2013-09-17T04:53:49","version" => "4.39"},{"date" => "2013-09-21T01:15:17","version" => "4.40"},{"date" => "2013-09-21T17:25:38","version" => "4.41"},{"date" => "2013-09-30T07:46:05","version" => "4.42"},{"date" => "2013-10-02T19:16:26","version" => "4.43"},{"date" => "2013-10-04T21:18:14","version" => "4.44"},{"date" => "2013-10-06T15:46:08","version" => "4.45"},{"date" => "2013-10-12T17:11:54","version" => "4.46"},{"date" => "2013-10-14T23:51:30","version" => "4.47"},{"date" => "2013-10-16T05:28:45","version" => "4.48"},{"date" => "2013-10-17T16:53:59","version" => "4.49"},{"date" => "2013-10-23T01:18:55","version" => "4.50"},{"date" => "2013-10-28T17:20:46","version" => "4.51"},{"date" => "2013-10-29T06:27:25","version" => "4.52"},{"date" => "2013-10-30T00:21:27","version" => "4.53"},{"date" => "2013-11-07T00:45:35","version" => "4.54"},{"date" => "2013-11-07T02:38:24","version" => "4.55"},{"date" => "2013-11-10T02:56:56","version" => "4.56"},{"date" => "2013-11-11T20:30:04","version" => "4.57"},{"date" => "2013-11-19T20:46:01","version" => "4.58"},{"date" => "2013-12-04T21:35:49","version" => "4.59"},{"date" => "2013-12-11T16:33:35","version" => "4.60"},{"date" => "2013-12-16T16:59:25","version" => "4.61"},{"date" => "2013-12-17T20:35:36","version" => "4.62"},{"date" => "2013-12-19T22:59:01","version" => "4.63"},{"date" => "2014-01-01T16:20:28","version" => "4.64"},{"date" => "2014-01-02T22:36:45","version" => "4.65"},{"date" => "2014-01-04T21:48:06","version" => "4.66"},{"date" => "2014-01-11T17:20:18","version" => "4.67"},{"date" => "2014-01-21T22:24:03","version" => "4.68"},{"date" => "2014-01-24T04:06:26","version" => "4.69"},{"date" => "2014-01-26T22:08:54","version" => "4.70"},{"date" => "2014-01-28T03:10:15","version" => "4.71"},{"date" => "2014-01-29T21:29:25","version" => "4.72"},{"date" => "2014-02-01T05:20:38","version" => "4.73"},{"date" => "2014-02-02T04:30:05","version" => "4.74"},{"date" => "2014-02-02T06:54:56","version" => "4.75"},{"date" => "2014-02-04T22:41:32","version" => "4.76"},{"date" => "2014-02-06T23:19:13","version" => "4.77"},{"date" => "2014-02-08T23:02:08","version" => "4.78"},{"date" => "2014-02-11T02:49:44","version" => "4.79"},{"date" => "2014-02-13T04:30:43","version" => "4.80"},{"date" => "2014-02-15T03:27:30","version" => "4.81"},{"date" => "2014-02-19T04:11:47","version" => "4.82"},{"date" => "2014-02-19T06:20:46","version" => "4.83"},{"date" => "2014-02-22T22:59:02","version" => "4.84"},{"date" => "2014-02-26T22:48:41","version" => "4.85"},{"date" => "2014-03-03T05:45:32","version" => "4.86"},{"date" => "2014-03-04T07:14:15","version" => "4.87"},{"date" => "2014-03-09T22:42:42","version" => "4.88"},{"date" => "2014-03-13T21:30:57","version" => "4.89"},{"date" => "2014-03-16T21:22:35","version" => "4.90"},{"date" => "2014-03-29T00:05:17","version" => "4.91"},{"date" => "2014-04-08T20:41:54","version" => "4.92"},{"date" => "2014-04-13T02:17:03","version" => "4.93"},{"date" => "2014-04-19T23:39:22","version" => "4.94"},{"date" => "2014-04-27T03:27:43","version" => "4.95"},{"date" => "2014-04-27T20:04:36","version" => "4.96"},{"date" => "2014-04-29T22:12:52","version" => "4.97"},{"date" => "2014-05-09T01:57:34","version" => "4.98"},{"date" => "2014-05-12T00:46:43","version" => "4.99"},{"date" => "2014-05-29T20:15:51","version" => "5.0"},{"date" => "2014-05-30T14:51:14","version" => "5.01"},{"date" => "2014-05-31T21:51:34","version" => "5.02"},{"date" => "2014-06-02T22:07:46","version" => "5.03"},{"date" => "2014-06-03T21:11:50","version" => "5.04"},{"date" => "2014-06-08T21:50:53","version" => "5.05"},{"date" => "2014-06-12T02:08:01","version" => "5.06"},{"date" => "2014-06-13T19:28:04","version" => "5.07"},{"date" => "2014-06-16T23:44:48","version" => "5.08"},{"date" => "2014-06-24T15:02:21","version" => "5.09"},{"date" => "2014-06-28T23:25:12","version" => "5.10"},{"date" => "2014-07-03T04:01:24","version" => "5.11"},{"date" => "2014-07-03T23:06:55","version" => "5.12"},{"date" => "2014-07-13T00:44:29","version" => "5.13"},{"date" => "2014-07-14T22:01:49","version" => "5.14"},{"date" => "2014-07-17T17:58:05","version" => "5.15"},{"date" => "2014-07-21T16:01:56","version" => "5.16"},{"date" => "2014-07-24T12:40:41","version" => "5.17"},{"date" => "2014-07-25T20:25:29","version" => "5.18"},{"date" => "2014-07-26T21:03:13","version" => "5.19"},{"date" => "2014-07-26T23:36:18","version" => "5.20"},{"date" => "2014-07-27T18:48:25","version" => "5.21"},{"date" => "2014-07-30T16:42:35","version" => "5.22"},{"date" => "2014-07-31T21:32:03","version" => "5.23"},{"date" => "2014-08-02T21:56:32","version" => "5.24"},{"date" => "2014-08-07T01:29:20","version" => "5.25"},{"date" => "2014-08-09T21:26:37","version" => "5.26"},{"date" => "2014-08-11T14:26:47","version" => "5.27"},{"date" => "2014-08-13T00:32:33","version" => "5.28"},{"date" => "2014-08-16T12:40:15","version" => "5.29"},{"date" => "2014-08-17T21:49:15","version" => "5.30"},{"date" => "2014-08-19T17:40:27","version" => "5.31"},{"date" => "2014-08-21T18:19:53","version" => "5.32"},{"date" => "2014-08-23T22:25:32","version" => "5.33"},{"date" => "2014-08-29T21:53:02","version" => "5.34"},{"date" => "2014-08-30T21:57:50","version" => "5.35"},{"date" => "2014-09-02T00:20:21","version" => "5.36"},{"date" => "2014-09-03T20:55:45","version" => "5.37"},{"date" => "2014-09-05T21:57:34","version" => "5.38"},{"date" => "2014-09-07T03:18:45","version" => "5.39"},{"date" => "2014-09-12T01:06:33","version" => "5.40"},{"date" => "2014-09-13T21:24:03","version" => "5.41"},{"date" => "2014-09-17T21:54:39","version" => "5.42"},{"date" => "2014-09-22T00:14:24","version" => "5.43"},{"date" => "2014-09-23T00:49:52","version" => "5.44"},{"date" => "2014-09-27T03:21:55","version" => "5.46"},{"date" => "2014-09-27T03:24:38","version" => "5.45"},{"date" => "2014-09-28T03:31:15","version" => "5.47"},{"date" => "2014-10-07T23:08:14","version" => "5.48"},{"date" => "2014-10-10T21:12:14","version" => "5.49"},{"date" => "2014-10-15T22:00:04","version" => "5.50"},{"date" => "2014-10-17T21:48:17","version" => "5.51"},{"date" => "2014-10-18T20:49:34","version" => "5.52"},{"date" => "2014-10-20T23:34:37","version" => "5.53"},{"date" => "2014-10-23T22:51:06","version" => "5.54"},{"date" => "2014-10-29T00:58:34","version" => "5.55"},{"date" => "2014-10-30T00:23:25","version" => "5.56"},{"date" => "2014-11-02T22:52:07","version" => "5.57"},{"date" => "2014-11-07T00:04:47","version" => "5.58"},{"date" => "2014-11-08T00:26:41","version" => "5.59"},{"date" => "2014-11-12T01:31:36","version" => "5.60"},{"date" => "2014-11-15T00:46:43","version" => "5.61"},{"date" => "2014-11-18T18:24:54","version" => "5.62"},{"date" => "2014-11-22T03:52:56","version" => "5.63"},{"date" => "2014-11-23T02:12:00","version" => "5.64"},{"date" => "2014-11-25T03:23:01","version" => "5.65"},{"date" => "2014-11-27T03:13:19","version" => "5.66"},{"date" => "2014-11-27T06:19:49","version" => "5.67"},{"date" => "2014-12-03T04:36:04","version" => "5.68"},{"date" => "2014-12-13T02:19:36","version" => "5.69"},{"date" => "2014-12-18T00:12:31","version" => "5.70"},{"date" => "2015-01-01T22:44:58","version" => "5.71"},{"date" => "2015-01-11T20:02:04","version" => "5.72"},{"date" => "2015-01-23T16:29:22","version" => "5.73"},{"date" => "2015-01-24T13:32:51","version" => "5.74"},{"date" => "2015-01-27T04:08:19","version" => "5.75"},{"date" => "2015-02-02T19:36:16","version" => "5.76"},{"date" => "2015-02-03T02:37:04","version" => "5.77"},{"date" => "2015-02-13T00:21:48","version" => "5.78"},{"date" => "2015-02-13T05:32:50","version" => "5.79"},{"date" => "2015-02-18T05:24:00","version" => "5.80"},{"date" => "2015-02-21T03:30:18","version" => "5.81"},{"date" => "2015-02-23T03:05:04","version" => "5.82"},{"date" => "2015-02-26T22:17:01","version" => "6.0"},{"date" => "2015-03-03T16:12:16","version" => "6.01"},{"date" => "2015-03-10T02:53:22","version" => "6.02"},{"date" => "2015-03-16T04:43:10","version" => "6.03"},{"date" => "2015-03-23T04:42:27","version" => "6.04"},{"date" => "2015-03-25T05:08:15","version" => "6.05"},{"date" => "2015-04-07T00:55:21","version" => "6.06"},{"date" => "2015-04-07T17:38:01","version" => "6.07"},{"date" => "2015-04-09T22:03:46","version" => "6.08"},{"date" => "2015-04-26T05:10:45","version" => "6.09"},{"date" => "2015-04-27T02:01:03","version" => "6.10"},{"date" => "2015-05-16T22:14:01","version" => "6.11"},{"date" => "2015-06-18T21:48:20","version" => "6.12"},{"date" => "2015-08-20T06:09:39","version" => "6.16"},{"date" => "2015-08-22T19:38:51","version" => "6.17"},{"date" => "2015-09-02T17:26:36","version" => "6.18"},{"date" => "2015-09-12T23:37:29","version" => "6.19"},{"date" => "2015-09-16T22:50:30","version" => "6.20"},{"date" => "2015-09-23T01:05:04","version" => "6.21"},{"date" => "2015-09-27T01:03:32","version" => "6.22"},{"date" => "2015-10-07T18:17:26","version" => "6.23"},{"date" => "2015-10-13T22:54:46","version" => "6.24"},{"date" => "2015-10-22T02:49:47","version" => "6.25"},{"date" => "2015-10-29T00:29:07","version" => "6.26"},{"date" => "2015-10-30T00:07:08","version" => "6.27"},{"date" => "2015-11-02T15:17:16","version" => "6.28"},{"date" => "2015-11-12T02:59:43","version" => "6.30"},{"date" => "2015-11-14T19:38:51","version" => "6.31"},{"date" => "2015-11-18T18:16:15","version" => "6.32"},{"date" => "2015-11-22T16:47:00","version" => "6.33"},{"date" => "2016-01-13T20:08:22","version" => "6.40"},{"date" => "2016-01-24T22:01:52","version" => "6.42"},{"date" => "2016-02-01T16:15:40","version" => "6.43"},{"date" => "2016-02-05T22:42:51","version" => "6.44"},{"date" => "2016-02-09T23:29:35","version" => "6.45"},{"date" => "2016-02-14T00:51:10","version" => "6.46"},{"date" => "2016-02-19T23:09:15","version" => "6.47"},{"date" => "2016-02-24T17:07:45","version" => "6.48"},{"date" => "2016-02-26T22:47:33","version" => "6.49"},{"date" => "2016-02-27T00:12:03","version" => "6.50"},{"date" => "2016-02-29T23:03:44","version" => "6.51"},{"date" => "2016-03-02T22:24:28","version" => "6.52"},{"date" => "2016-03-04T00:58:55","version" => "6.53"},{"date" => "2016-03-07T15:09:42","version" => "6.54"},{"date" => "2016-03-08T20:42:43","version" => "6.55"},{"date" => "2016-03-16T02:42:45","version" => "6.56"},{"date" => "2016-03-23T04:23:41","version" => "6.57"},{"date" => "2016-04-10T17:11:22","version" => "6.58"},{"date" => "2016-04-22T18:45:19","version" => "6.59"},{"date" => "2016-04-26T13:16:04","version" => "6.60"},{"date" => "2016-05-02T17:31:34","version" => "6.61"},{"date" => "2016-05-14T21:05:47","version" => "6.62"},{"date" => "2016-06-03T21:10:48","version" => "6.63"},{"date" => "2016-06-09T16:41:51","version" => "6.64"},{"date" => "2016-06-14T16:15:21","version" => "6.65"},{"date" => "2016-06-16T22:35:28","version" => "6.66"},{"date" => "2016-07-19T06:21:07","version" => "7.0"},{"date" => "2016-08-01T18:46:35","version" => "7.01"},{"date" => "2016-08-17T16:34:19","version" => "7.02"},{"date" => "2016-08-17T16:40:11","version" => "7.03"},{"date" => "2016-08-29T13:59:45","version" => "7.04"},{"date" => "2016-08-29T16:44:18","version" => "7.05"},{"date" => "2016-09-17T21:05:37","version" => "7.06"},{"date" => "2016-09-20T12:30:54","version" => "7.07"},{"date" => "2016-09-23T17:19:00","version" => "7.08"},{"date" => "2016-10-23T09:46:35","version" => "7.09"},{"date" => "2016-11-01T19:02:03","version" => "7.10"},{"date" => "2016-11-30T09:23:48","version" => "7.11"},{"date" => "2016-12-20T08:41:05","version" => "7.12"},{"date" => "2016-12-29T19:40:25","version" => "7.13"},{"date" => "2017-01-04T22:58:20","version" => "7.14"},{"date" => "2017-01-10T11:42:59","version" => "7.15"},{"date" => "2017-01-10T23:52:50","version" => "7.16"},{"date" => "2017-01-11T08:35:01","version" => "7.17"},{"date" => "2017-01-11T22:05:10","version" => "7.18"},{"date" => "2017-01-15T16:05:23","version" => "7.19"},{"date" => "2017-01-18T09:38:55","version" => "7.20"},{"date" => "2017-01-22T14:29:35","version" => "7.21"},{"date" => "2017-01-25T23:09:32","version" => "7.22"},{"date" => "2017-01-29T21:43:19","version" => "7.23"},{"date" => "2017-02-05T21:09:47","version" => "7.24"},{"date" => "2017-02-09T22:51:35","version" => "7.25"},{"date" => "2017-02-15T23:08:52","version" => "7.26"},{"date" => "2017-02-27T17:02:21","version" => "7.27"},{"date" => "2017-03-07T21:36:36","version" => "7.28"},{"date" => "2017-03-14T23:27:54","version" => "7.29"},{"date" => "2017-04-06T12:04:02","version" => "7.30"},{"date" => "2017-04-24T07:50:54","version" => "7.31"},{"date" => "2017-05-30T17:08:40","version" => "7.32"},{"date" => "2017-06-05T22:14:35","version" => "7.33"},{"date" => "2017-07-02T22:04:01","version" => "7.34"},{"date" => "2017-07-05T07:50:23","version" => "7.35"},{"date" => "2017-07-10T07:48:45","version" => "7.36"},{"date" => "2017-07-24T07:55:46","version" => "7.37"},{"date" => "2017-08-01T21:56:47","version" => "7.38"},{"date" => "2017-08-03T08:50:10","version" => "7.39"},{"date" => "2017-08-14T08:32:54","version" => "7.40"},{"date" => "2017-08-16T08:19:30","version" => "7.41"},{"date" => "2017-08-17T11:15:42","version" => "7.42"},{"date" => "2017-08-18T08:26:45","version" => "7.43"},{"date" => "2017-09-03T16:04:13","version" => "7.44"},{"date" => "2017-09-07T08:41:40","version" => "7.45"},{"date" => "2017-09-12T12:27:00","version" => "7.46"},{"date" => "2017-10-12T08:26:53","version" => "7.47"},{"date" => "2017-10-21T13:33:01","version" => "7.48"},{"date" => "2017-10-30T13:18:49","version" => "7.49"},{"date" => "2017-10-30T18:18:13","version" => "7.50"},{"date" => "2017-10-31T19:14:43","version" => "7.51"},{"date" => "2017-11-02T22:29:23","version" => "7.52"},{"date" => "2017-11-04T15:24:07","version" => "7.53"},{"date" => "2017-11-04T22:50:30","version" => "7.54"},{"date" => "2017-11-07T10:58:56","version" => "7.55"},{"date" => "2017-11-16T13:33:27","version" => "7.56"},{"date" => "2017-11-18T16:10:38","version" => "7.57"},{"date" => "2017-12-03T22:14:41","version" => "7.58"},{"date" => "2017-12-17T17:58:55","version" => "7.59"},{"date" => "2018-01-03T14:00:44","version" => "7.60"},{"date" => "2018-01-15T15:35:28","version" => "7.61"},{"date" => "2018-02-03T19:53:39","version" => "7.62"},{"date" => "2018-02-06T20:52:51","version" => "7.63"},{"date" => "2018-02-07T10:17:57","version" => "7.64"},{"date" => "2018-02-11T21:55:33","version" => "7.65"},{"date" => "2018-02-14T08:55:35","version" => "7.66"},{"date" => "2018-02-19T23:11:52","version" => "7.67"},{"date" => "2018-02-23T18:44:15","version" => "7.68"},{"date" => "2018-02-24T21:58:41","version" => "7.69"},{"date" => "2018-02-28T23:47:08","version" => "7.70"},{"date" => "2018-03-16T16:41:58","version" => "7.71"},{"date" => "2018-04-02T21:01:43","version" => "7.72"},{"date" => "2018-04-06T14:10:03","version" => "7.73"},{"date" => "2018-04-07T22:15:16","version" => "7.74"},{"date" => "2018-04-10T16:04:41","version" => "7.75"},{"date" => "2018-04-24T16:55:32","version" => "7.76"},{"date" => "2018-05-01T17:18:20","version" => "7.77"},{"date" => "2018-05-11T16:36:16","version" => "7.78"},{"date" => "2018-05-14T22:13:04","version" => "7.79"},{"date" => "2018-05-20T22:46:20","version" => "7.80"},{"date" => "2018-05-21T22:39:30","version" => "7.81"},{"date" => "2018-05-27T21:59:59","version" => "7.82"},{"date" => "2018-06-03T21:10:42","version" => "7.83"},{"date" => "2018-06-06T14:04:49","version" => "7.84"},{"date" => "2018-06-19T15:57:43","version" => "7.85"},{"date" => "2018-07-03T11:30:46","version" => "7.86"},{"date" => "2018-07-04T10:20:11","version" => "7.87"},{"date" => "2018-07-13T11:00:52","version" => "7.88"},{"date" => "2018-08-07T09:38:35","version" => "7.89"},{"date" => "2018-08-08T22:19:36","version" => "7.90"},{"date" => "2018-08-09T08:39:58","version" => "7.91"},{"date" => "2018-08-09T16:52:45","version" => "7.92"},{"date" => "2018-08-12T14:23:08","version" => "7.93"},{"date" => "2018-08-31T12:53:17","version" => "7.94"},{"date" => "2018-09-14T22:17:06","version" => "8.0"},{"date" => "2018-09-25T16:14:07","version" => "8.01"},{"date" => "2018-10-01T21:34:50","version" => "8.02"},{"date" => "2018-10-16T22:41:46","version" => "8.03"},{"date" => "2018-10-21T20:23:27","version" => "8.04"},{"date" => "2018-11-01T17:15:20","version" => "8.05"},{"date" => "2018-11-08T23:31:57","version" => "8.06"},{"date" => "2018-11-18T22:09:07","version" => "8.07"},{"date" => "2018-12-01T18:26:15","version" => "8.08"},{"date" => "2018-12-04T20:59:01","version" => "8.09"},{"date" => "2018-12-20T10:28:28","version" => "8.10"},{"date" => "2019-01-02T18:04:35","version" => "8.11"},{"date" => "2019-02-01T16:34:38","version" => "8.12"},{"date" => "2019-03-21T22:06:21","version" => "8.13"},{"date" => "2019-04-18T19:11:08","version" => "8.14"},{"date" => "2019-04-26T17:54:06","version" => "8.15"},{"date" => "2019-05-19T19:50:45","version" => "8.16"},{"date" => "2019-05-23T20:50:59","version" => "8.17"},{"date" => "2019-06-28T21:29:47","version" => "8.18"},{"date" => "2019-07-08T10:26:46","version" => "8.19"},{"date" => "2019-07-09T21:02:16","version" => "8.20"},{"date" => "2019-07-14T17:08:55","version" => "8.21"},{"date" => "2019-07-17T10:46:26","version" => "8.22"},{"date" => "2019-08-12T22:52:14","version" => "8.23"},{"date" => "2019-09-11T22:33:49","version" => "8.24"},{"date" => "2019-09-29T13:16:15","version" => "8.25"},{"date" => "2019-11-03T15:48:59","version" => "8.26"},{"date" => "2019-12-04T19:48:08","version" => "8.27"},{"date" => "2019-12-26T16:09:10","version" => "8.28"},{"date" => "2019-12-28T16:58:30","version" => "8.29"},{"date" => "2020-01-09T20:35:42","version" => "8.30"},{"date" => "2020-01-14T20:19:13","version" => "8.31"},{"date" => "2020-01-19T14:35:03","version" => "8.32"},{"date" => "2020-02-11T20:25:08","version" => "8.33"},{"date" => "2020-03-16T17:27:27","version" => "8.34"},{"date" => "2020-03-21T15:12:26","version" => "8.35"},{"date" => "2020-04-02T09:05:58","version" => "8.36"},{"date" => "2020-04-19T19:47:37","version" => "8.37"},{"date" => "2020-04-21T19:54:01","version" => "8.38"},{"date" => "2020-04-22T12:49:38","version" => "8.39"},{"date" => "2020-04-23T09:24:25","version" => "8.40"},{"date" => "2020-05-01T13:34:44","version" => "8.41"},{"date" => "2020-05-04T17:15:38","version" => "8.42"},{"date" => "2020-05-21T12:51:12","version" => "8.43"},{"date" => "2020-05-25T19:06:44","version" => "8.50"},{"date" => "2020-05-31T12:29:16","version" => "8.51"},{"date" => "2020-06-03T20:01:13","version" => "8.52"},{"date" => "2020-06-10T18:02:24","version" => "8.53"},{"date" => "2020-06-14T17:42:03","version" => "8.54"},{"date" => "2020-06-18T09:42:34","version" => "8.55"},{"date" => "2020-06-26T20:08:07","version" => "8.56"},{"date" => "2020-07-17T09:08:51","version" => "8.57"},{"date" => "2020-08-10T18:14:24","version" => "8.58"},{"date" => "2020-09-13T16:04:24","version" => "8.59"},{"date" => "2020-09-27T15:50:48","version" => "8.60"},{"date" => "2020-10-02T11:01:53","version" => "8.61"},{"date" => "2020-10-12T09:57:55","version" => "8.62"},{"date" => "2020-10-13T08:18:36","version" => "8.63"},{"date" => "2020-11-06T18:38:59","version" => "8.64"},{"date" => "2020-11-11T19:55:44","version" => "8.65"},{"date" => "2020-11-30T10:42:18","version" => "8.66"},{"date" => "2020-12-05T16:45:53","version" => "8.67"},{"date" => "2020-12-27T23:38:05","version" => "8.68"},{"date" => "2020-12-28T14:38:20","version" => "8.69"},{"date" => "2020-12-30T14:43:19","version" => "8.70"},{"date" => "2021-01-17T17:06:28","version" => "8.71"},{"date" => "2021-01-27T15:33:24","version" => "8.72"},{"date" => "2021-02-06T16:08:52","version" => "8.73"},{"date" => "2021-02-14T18:44:04","version" => "9.0"},{"date" => "2021-02-16T21:32:29","version" => "9.01"},{"date" => "2021-03-01T19:16:02","version" => "9.02"},{"date" => "2021-03-07T18:49:12","version" => "9.03"},{"date" => "2021-03-11T21:04:03","version" => "9.07"},{"date" => "2021-03-12T16:47:37","version" => "9.08"},{"date" => "2021-03-14T18:32:57","version" => "9.09"},{"date" => "2021-03-15T13:26:22","version" => "9.10"},{"date" => "2021-03-20T16:41:03","version" => "9.11"},{"date" => "2021-03-20T21:25:26","version" => "9.12"},{"date" => "2021-03-22T11:33:00","version" => "9.13"},{"date" => "2021-03-23T22:54:21","version" => "9.14"},{"date" => "2021-04-06T09:10:10","version" => "9.15"},{"date" => "2021-04-09T11:31:09","version" => "9.16"},{"date" => "2021-04-13T10:11:02","version" => "9.17"},{"date" => "2021-05-23T14:06:27","version" => "9.18"},{"date" => "2021-06-02T09:14:48","version" => "9.19"},{"date" => "2021-08-09T17:26:54","version" => "9.20"},{"date" => "2021-08-13T19:14:43","version" => "9.21"},{"date" => "2021-10-21T11:53:53","version" => "9.22"},{"date" => "2022-03-25T11:37:40","version" => "9.23"},{"date" => "2022-04-18T18:28:00","version" => "9.24"},{"date" => "2022-04-28T15:21:32","version" => "9.25"},{"date" => "2022-05-23T15:17:22","version" => "9.26"},{"date" => "2022-09-12T11:10:27","version" => "9.27"},{"date" => "2022-10-14T18:55:13","version" => "9.28"},{"date" => "2022-11-11T10:15:54","version" => "9.29"},{"date" => "2022-11-23T11:52:17","version" => "9.30"},{"date" => "2022-12-21T00:36:31","version" => "9.31"},{"date" => "2023-05-08T22:09:51","version" => "9.32"},{"date" => "2023-06-14T19:25:48","version" => "9.33"},{"date" => "2023-09-11T18:34:53","version" => "9.34"},{"date" => "2023-10-27T17:11:42","version" => "9.35"},{"date" => "2024-03-08T22:16:38","version" => "9.36"},{"date" => "2024-05-13T17:48:56","version" => "9.37"},{"date" => "2024-08-17T14:52:48","version" => "9.38"},{"date" => "2024-11-23T14:16:18","version" => "9.39"},{"date" => "2025-05-12T13:09:01","version" => "9.40"},{"date" => "2025-07-03T12:27:43","version" => "9.41"},{"date" => "2025-10-01T14:47:16","version" => "9.42"}]},"Mojolicious-Plugin-CSRF" => {"advisories" => [{"affected_versions" => ["==1.03"],"cves" => ["CVE-2025-40915"],"description" => "Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.  That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.","distribution" => "Mojolicious-Plugin-CSRF","fixed_versions" => [">=1.03"],"id" => "CPANSA-Mojolicious-Plugin-CSRF-2025-40915","references" => ["https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03"],"reported" => "2025-06-11","severity" => undef}],"main_module" => "Mojolicious::Plugin::CSRF","versions" => [{"date" => "2025-05-18T15:33:39","version" => "1.01"},{"date" => "2025-05-18T17:46:33","version" => "1.02"},{"date" => "2025-06-11T01:38:00","version" => "1.03"},{"date" => "2025-06-11T13:31:36","version" => "1.04"},{"date" => "2025-06-13T17:50:34","version" => "1.05"}]},"Mojolicious-Plugin-CaptchaPNG" => {"advisories" => [{"affected_versions" => ["<1.06"],"cves" => ["CVE-2025-40916"],"description" => "Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.  That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.","distribution" => "Mojolicious-Plugin-CaptchaPNG","fixed_versions" => [">=1.06"],"id" => "CPANSA-Mojolicious-Plugin-CaptchaPNG-2025-40916","references" => ["https://metacpan.org/pod/perlfunc#rand","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.04/diff/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.05/lib/Mojolicious/Plugin/CaptchaPNG.pm","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.06/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-06-16","severity" => undef}],"main_module" => "Mojolicious::Plugin::CaptchaPNG","versions" => [{"date" => "2025-02-05T00:29:06","version" => "1.02"},{"date" => "2025-02-05T18:58:16","version" => "1.03"},{"date" => "2025-05-18T17:49:30","version" => "1.04"},{"date" => "2025-06-11T01:40:57","version" => "1.05"},{"date" => "2025-06-11T14:08:11","version" => "1.06"},{"date" => "2025-06-13T17:50:45","version" => "1.07"},{"date" => "2025-06-17T16:49:35","version" => "1.08"}]},"Mojolicious-Plugin-LazyImage" => {"advisories" => [{"affected_versions" => ["<=0.01"],"cves" => ["CVE-2024-38526"],"description" => "pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.\n","distribution" => "Mojolicious-Plugin-LazyImage","embedded_vulnerability" => {"distributed_version" => undef,"name" => "polyfill.io"},"fixed_versions" => [],"id" => "CPANSA-Mojolicious-Plugin-LazyImage-2024-38526","references" => ["https://github.com/mitmproxy/pdoc/pull/703","https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62","https://sansec.io/research/polyfill-supply-chain-attack","https://github.com/briandfoy/cpan-security-advisory/issues/155","https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/"],"reported" => "2024-06-26","severity" => undef}],"main_module" => "Mojolicious::Plugin::LazyImage","versions" => [{"date" => "2017-12-28T10:40:31","version" => "0.01"}]},"Mojolicious-Plugin-OAuth2" => {"advisories" => [{"affected_versions" => ["<1.3"],"cves" => [],"description" => "Param injection in case of several parameters of the same name are present.\n","distribution" => "Mojolicious-Plugin-OAuth2","fixed_versions" => [">=1.3"],"id" => "CPANSA-Mojolicious-Plugin-OAuth2-2014-01","references" => ["https://metacpan.org/changes/distribution/Mojolicious-Plugin-OAuth2","https://github.com/marcusramberg/Mojolicious-Plugin-OAuth2/commit/68315d329059b427e13d486c0e10733f728709aa"],"reported" => "2014-10-07"}],"main_module" => "Mojolicious::Plugin::OAuth2","versions" => [{"date" => "2011-01-08T11:03:42","version" => "0.01"},{"date" => "2011-01-09T18:00:14","version" => "0.02"},{"date" => "2011-04-03T16:00:38","version" => "0.1"},{"date" => "2011-08-01T16:56:18","version" => "0.2"},{"date" => "2011-09-04T19:42:29","version" => "0.3"},{"date" => "2011-09-07T16:59:50","version" => "0.4"},{"date" => "2011-10-19T11:55:32","version" => "0.5"},{"date" => "2012-03-09T21:15:39","version" => "0.6"},{"date" => "2012-05-30T11:49:29","version" => "0.7"},{"date" => "2012-08-23T20:18:41","version" => "0.8"},{"date" => "2013-05-20T05:55:18","version" => "0.9"},{"date" => "2013-11-06T13:24:52","version" => "1.0"},{"date" => "2014-03-13T08:18:10","version" => "1.1"},{"date" => "2014-09-06T13:49:59","version" => "1.2"},{"date" => "2014-10-07T05:49:16","version" => "1.3"},{"date" => "2015-03-01T20:09:19","version" => "1.4"},{"date" => "2015-03-02T07:32:59","version" => "1.5"},{"date" => "2015-03-18T16:40:18","version" => "1.51"},{"date" => "2015-04-06T20:46:39","version" => "1.52"},{"date" => "2015-09-08T07:27:41","version" => "1.53"},{"date" => "2018-08-30T10:48:55","version" => "1.54"},{"date" => "2018-09-08T18:30:54","version" => "1.55"},{"date" => "2018-09-23T22:04:16","version" => "1.56"},{"date" => "2018-09-24T08:55:14","version" => "1.57"},{"date" => "2019-07-03T12:24:11","version" => "1.58"},{"date" => "2021-02-16T23:34:41","version" => "1.59"},{"date" => "2021-10-27T10:37:42","version" => "2.00"},{"date" => "2021-10-28T09:30:06","version" => "2.01"},{"date" => "2022-02-08T09:50:33","version" => "2.02"}]},"Moxy" => {"advisories" => [{"affected_versions" => ["<0.25"],"cves" => [],"description" => "Allowed file schema\n","distribution" => "Moxy","fixed_versions" => [">=0.25"],"id" => "CPANSA-Moxy-2008-01","references" => ["https://metacpan.org/dist/Moxy/changes"],"reported" => "2008-04-09","severity" => undef}],"main_module" => "Moxy","versions" => [{"date" => "2008-01-01T18:30:22","version" => "0.04"},{"date" => "2008-01-02T13:16:19","version" => "0.05"},{"date" => "2008-01-19T02:45:48","version" => "0.06"},{"date" => "2008-01-19T04:46:15","version" => "0.07"},{"date" => "2008-01-19T13:40:32","version" => "0.08"},{"date" => "2008-01-20T07:59:32","version" => "0.20"},{"date" => "2008-01-25T07:34:00","version" => "0.22"},{"date" => "2008-01-26T10:16:38","version" => "0.23"},{"date" => "2008-01-27T06:18:24","version" => "0.24"},{"date" => "2008-04-09T15:15:08","version" => "0.25"},{"date" => "2008-04-20T05:07:40","version" => "0.30"},{"date" => "2008-04-20T11:43:55","version" => "0.31"},{"date" => "2008-04-21T02:33:59","version" => "0.32"},{"date" => "2008-05-13T04:32:15","version" => "0.32"},{"date" => "2008-05-14T04:12:27","version" => "0.32"},{"date" => "2008-06-14T07:29:30","version" => "0.32"},{"date" => "2008-08-14T16:20:15","version" => "0.32"},{"date" => "2008-08-22T09:54:45","version" => "0.32"},{"date" => "2008-10-02T10:14:27","version" => "0.32"},{"date" => "2008-11-07T01:24:33","version" => "0.32"},{"date" => "2008-11-07T01:43:45","version" => "0.32"},{"date" => "2008-11-08T01:14:56","version" => "0.32"},{"date" => "2008-11-19T02:50:08","version" => "0.32"},{"date" => "2009-02-10T11:05:56","version" => "0.32"},{"date" => "2009-02-20T09:48:43","version" => "0.51"},{"date" => "2009-03-24T11:22:16","version" => "0.52"},{"date" => "2009-03-31T06:33:35","version" => "0.53"},{"date" => "2009-04-07T10:51:35","version" => "0.54"},{"date" => "2009-04-08T06:23:07","version" => "0.55"},{"date" => "2009-04-08T08:36:37","version" => "0.56"},{"date" => "2011-01-26T08:17:33","version" => "0.60"},{"date" => "2011-05-18T04:36:44","version" => "0.57"},{"date" => "2011-05-18T04:46:01","version" => "0.60"},{"date" => "2011-05-24T01:35:05","version" => "0.60"},{"date" => "2011-05-27T01:48:35","version" => "0.63"},{"date" => "2012-11-06T05:23:15","version" => "0.70"}]},"Mozilla-CA" => {"advisories" => [{"affected_versions" => ["<20110914"],"cves" => [],"description" => "Google Chrome user alibo encountered an active \"man in the middle\" (MITM) attack on secure SSL connections to Google servers. The fraudulent certificate was mis-issued by DigiNotar, a Dutch Certificate Authority. DigiNotar has reported evidence that other fraudulent certificates were issued and in active use but the full extent of the compromise is not known.\n","distribution" => "Mozilla-CA","fixed_versions" => [">=20110914"],"id" => "CPANSA-Mozilla-CA-2011-34","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=70967","https://www.mozilla.org/en-US/security/advisories/mfsa2011-35/","https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/"],"reported" => undef,"severity" => undef},{"affected_versions" => ["<20240730"],"cves" => ["CVE-2024-39689"],"description" => "ECM GlobalTrust 2000 root certificates have been distrusted\n","distribution" => "Mozilla-CA","fixed_versions" => [">=20240730"],"id" => "CPANSA-Mozilla-CA-2024-39689","references" => ["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI","https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ","https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc","https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"],"reported" => "2024-06-11","severity" => "low"}],"main_module" => "Mozilla::CA","versions" => [{"date" => "2011-01-22T12:13:20","version" => 20110122},{"date" => "2011-01-26T19:10:48","version" => 20110126},{"date" => "2011-02-11T22:42:06","version" => 20110209},{"date" => "2011-03-01T23:13:54","version" => 20110301},{"date" => "2011-04-09T21:15:42","version" => 20110409},{"date" => "2011-09-04T03:48:06","version" => 20110904},{"date" => "2011-09-15T08:01:35","version" => 20110914},{"date" => "2011-10-25T06:46:10","version" => 20111025},{"date" => "2012-01-18T06:52:33","version" => 20120118},{"date" => "2012-03-09T01:57:07","version" => 20120309},{"date" => "2012-08-22T00:27:51","version" => 20120822},{"date" => "2012-08-22T06:39:33","version" => 20120823},{"date" => "2013-01-14T18:34:17","version" => 20130114},{"date" => "2014-12-22T00:25:09","version" => 20141217},{"date" => "2015-08-26T05:56:57","version" => 20150826},{"date" => "2016-01-04T01:19:28","version" => 20160104},{"date" => "2018-03-01T11:34:46","version" => 20180117},{"date" => "2020-05-20T04:53:47","version" => 20200520},{"date" => "2021-10-01T21:38:43","version" => 20211001},{"date" => "2022-11-14T10:45:12","version" => 20221114},{"date" => "2023-08-01T15:43:22","version" => 20230801},{"date" => "2023-08-07T12:10:03","version" => 20230807},{"date" => "2023-08-21T18:15:27","version" => 20230821},{"date" => "2023-12-13T20:18:41","version" => 20231213},{"date" => "2024-03-13T15:19:08","version" => 20240313},{"date" => "2024-07-30T16:10:02","version" => 20240730},{"date" => "2024-09-24T02:19:55","version" => 20240924},{"date" => "2025-02-02T15:34:15","version" => 20250202},{"date" => "2025-06-02T17:39:28","version" => 20250602}]},"MySQL-Admin" => {"advisories" => [{"affected_versions" => ["<0.34"],"cves" => [],"description" => "Unspecified security issues.\n","distribution" => "MySQL-Admin","fixed_versions" => [">=0.34"],"id" => "CPANSA-MySQL-Admin-1-1","references" => ["https://metacpan.org/dist/MySQL-Admin/changes"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.14,<=1.18"],"cves" => ["X-CVE-2014-0001"],"description" => "Affected versions of the package are vulnerable to Cross-site Scripting (XSS) via the editor box.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-X-CVE-2014-0001-bootstrap-markdown-editor","references" => ["https://security.snyk.io/vuln/npm:bootstrap-markdown:20140826","https://cwe.mitre.org/data/definitions/79.html"],"reported" => "2014-08-25","severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-20921"],"description" => "bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-20921-bootstrap-select","references" => ["https://github.com/advisories/GHSA-9r7h-6639-v5mw","https://github.com/snapappointments/bootstrap-select/issues/2199","https://www.npmjs.com/advisories/1522","https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457"],"reported" => "2020-09-30","severity" => "medium"},{"affected_versions" => [">=1.14,<=1.18"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "MySQL::Admin","versions" => [{"date" => "2009-04-05T07:27:17","version" => "0.41"},{"date" => "2009-04-25T12:13:07","version" => "0.42"},{"date" => "2009-05-02T16:39:11","version" => "0.43"},{"date" => "2009-05-06T16:32:16","version" => "0.44"},{"date" => "2009-09-20T10:34:08","version" => "0.47"},{"date" => "2009-09-20T17:52:11","version" => "0.48"},{"date" => "2009-09-20T19:27:03","version" => "0.5"},{"date" => "2009-09-23T13:03:36","version" => "0.51"},{"date" => "2009-09-26T10:35:54","version" => "0.52"},{"date" => "2009-09-28T06:12:57","version" => "0.54"},{"date" => "2009-09-29T10:34:19","version" => "0.55"},{"date" => "2009-09-30T16:13:36","version" => "0.56"},{"date" => "2009-10-03T07:37:25","version" => "0.57"},{"date" => "2009-10-04T06:02:37","version" => "0.58"},{"date" => "2009-10-04T09:07:10","version" => "0.59"},{"date" => "2009-10-05T15:31:56","version" => "0.6"},{"date" => "2009-10-13T13:03:13","version" => "0.61"},{"date" => "2009-10-13T13:28:16","version" => "0.62"},{"date" => "2015-03-22T15:18:03","version" => "0.65"},{"date" => "2015-03-24T07:27:33","version" => "0.66"},{"date" => "2015-03-26T19:31:05","version" => "0.67"},{"date" => "2015-03-30T18:13:38","version" => "0.68"},{"date" => "2015-04-01T20:54:59","version" => "0.69"},{"date" => "2015-04-02T18:13:25","version" => "0.7"},{"date" => "2015-04-02T20:01:04","version" => "0.71"},{"date" => "2015-04-06T19:38:13","version" => "0.72"},{"date" => "2015-04-07T17:24:44","version" => "0.73"},{"date" => "2015-04-09T20:30:39","version" => "0.74"},{"date" => "2015-04-12T19:12:02","version" => "0.75"},{"date" => "2015-04-18T10:10:22","version" => "0.76"},{"date" => "2015-04-23T19:09:21","version" => "0.77"},{"date" => "2015-06-19T21:18:27","version" => "0.79"},{"date" => "2015-06-20T15:56:45","version" => "0.8"},{"date" => "2015-06-21T11:51:26","version" => "0.81"},{"date" => "2015-07-09T20:24:39","version" => "0.84"},{"date" => "2015-07-10T12:25:42","version" => "0.85"},{"date" => "2015-07-11T17:51:30","version" => "0.86"},{"date" => "2015-07-26T19:47:51","version" => "0.87"},{"date" => "2015-10-10T14:46:47","version" => "0.89"},{"date" => "2015-10-31T17:56:24","version" => "0.9"},{"date" => "2015-11-01T11:42:27","version" => "0.91"},{"date" => "2015-11-01T13:05:50","version" => "0.92"},{"date" => "2015-12-27T20:50:17","version" => "0.93"},{"date" => "2016-01-25T20:30:24","version" => "0.94"},{"date" => "2016-01-26T09:59:39","version" => "0.95"},{"date" => "2016-01-26T13:59:30","version" => "0.96"},{"date" => "2016-01-28T09:10:44","version" => "0.97"},{"date" => "2016-02-03T21:51:55","version" => "0.98"},{"date" => "2016-02-06T07:24:22","version" => "0.99"},{"date" => "2016-02-06T10:01:55","version" => 1},{"date" => "2016-02-06T17:43:58","version" => "1.01"},{"date" => "2016-02-14T18:20:01","version" => "1.02"},{"date" => "2016-02-23T12:55:34","version" => "1.03"},{"date" => "2016-02-24T14:56:54","version" => "1.04"},{"date" => "2016-05-15T18:28:42","version" => "1.05"},{"date" => "2016-06-25T20:34:51","version" => "1.06"},{"date" => "2016-06-26T11:54:44","version" => "1.07"},{"date" => "2016-10-26T20:01:37","version" => "1.08"},{"date" => "2016-10-26T20:17:36","version" => "1.09"},{"date" => "2017-01-25T20:32:12","version" => "1.1"},{"date" => "2017-01-26T20:40:27","version" => "1.11"},{"date" => "2017-01-29T19:25:00","version" => "1.12"},{"date" => "2018-06-03T15:06:18","version" => "1.13"},{"date" => "2018-06-10T16:38:09","version" => "1.14"},{"date" => "2018-07-01T19:20:11","version" => "1.15"},{"date" => "2018-07-24T05:59:11","version" => "1.16"},{"date" => "2019-04-22T13:37:27","version" => "1.17"},{"date" => "2019-05-26T14:49:11","version" => "1.18"}]},"Net-CIDR" => {"advisories" => [{"affected_versions" => ["<0.25"],"cves" => ["CVE-2021-4456"],"description" => "addr2cidr may output dotted decimal IP address with leading zeros, that some older tools may interpret as octal values.","distribution" => "Net-CIDR","fixed_versions" => [">=0.25"],"id" => "CPANSA-Net-CIDR-2021-4456","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/svarshavchik/Net-CIDR/pull/4","https://github.com/briandfoy/cpan-security-advisory/issues/199","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28918","https://github.com/advisories/GHSA-pch5-whg9-qr2r","https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/"],"reported" => undef,"severity" => undef}],"main_module" => "Net::CIDR","versions" => [{"date" => "2001-07-10T02:31:15","version" => "0.02"},{"date" => "2001-10-25T03:21:00","version" => "0.03"},{"date" => "2001-11-27T18:09:02","version" => "0.04"},{"date" => "2003-05-01T15:22:27","version" => "0.07"},{"date" => "2003-08-14T05:53:06","version" => "0.08"},{"date" => "2003-11-19T00:25:14","version" => "0.09"},{"date" => "2004-07-19T23:49:07","version" => "0.10"},{"date" => "2005-08-10T01:21:28","version" => "0.11"},{"date" => "2009-01-19T18:52:31","version" => "0.13"},{"date" => "2010-06-27T13:49:06","version" => "0.14"},{"date" => "2012-02-16T13:12:52","version" => "0.15"},{"date" => "2012-10-01T03:17:27","version" => "0.16"},{"date" => "2012-10-21T13:44:40","version" => "0.17"},{"date" => "2015-02-04T02:03:45","version" => "0.18"},{"date" => "2018-06-12T02:13:49","version" => "0.19"},{"date" => "2019-04-17T01:46:50","version" => "0.20"},{"date" => "2021-03-31T01:43:37","version" => "0.21"},{"date" => "2025-03-09T12:42:15","version" => "0.22"},{"date" => "2025-03-10T12:02:04","version" => "0.23"},{"date" => "2025-05-20T11:56:28","version" => "0.24"},{"date" => "2025-05-20T14:24:29","version" => "v0.24.1"},{"date" => "2025-05-24T02:12:05","version" => "0.25"},{"date" => "2025-06-21T02:56:12","version" => "0.26"},{"date" => "2025-08-13T00:00:19","version" => "0.27"}]},"Net-CIDR-Lite" => {"advisories" => [{"affected_versions" => ["<0.22"],"cves" => ["CVE-2021-47154"],"description" => "The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-CIDR-Lite","fixed_versions" => [">=0.22"],"id" => "CPANSA-Net-CIDR-Lite-2021-47154","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc","https://metacpan.org/dist/Net-CIDR-Lite/changes","https://metacpan.org/pod/Net::CIDR::Lite"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::CIDR::Lite","versions" => [{"date" => "2001-10-23T22:54:21","version" => "0.02"},{"date" => "2001-10-24T00:14:02","version" => "0.03"},{"date" => "2001-10-24T00:55:11","version" => "0.04"},{"date" => "2001-10-25T17:20:05","version" => "0.05"},{"date" => "2001-10-31T01:40:19","version" => "0.06"},{"date" => "2001-10-31T23:51:49","version" => "0.07"},{"date" => "2001-11-26T23:12:47","version" => "0.08"},{"date" => "2001-11-27T05:47:30","version" => "0.09"},{"date" => "2001-11-27T18:25:47","version" => "0.10"},{"date" => "2002-04-16T05:44:00","version" => "0.11"},{"date" => "2002-07-15T07:07:02","version" => "0.12"},{"date" => "2002-07-15T09:46:34","version" => "0.13"},{"date" => "2002-07-15T16:31:01","version" => "0.14"},{"date" => "2003-04-16T20:20:04","version" => "0.15"},{"date" => "2005-05-18T19:01:44","version" => "0.16"},{"date" => "2005-05-18T19:43:12","version" => "0.17"},{"date" => "2005-05-21T08:14:32","version" => "0.18"},{"date" => "2006-01-30T19:34:31","version" => "0.19"},{"date" => "2006-02-14T00:58:01","version" => "0.20"},{"date" => "2010-03-26T00:38:30","version" => "0.21"},{"date" => "2021-04-04T21:03:12","version" => "0.22"}]},"Net-CIDR-Set" => {"advisories" => [{"affected_versions" => [">=0.10,<=0.13"],"cves" => ["CVE-2025-40911"],"description" => "Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.  Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.  Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.","distribution" => "Net-CIDR-Set","fixed_versions" => [">=0.14"],"id" => "CPANSA-Net-CIDR-Set-2025-40911","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab003a8a.patch","https://metacpan.org/release/RRWO/Net-CIDR-Set-0.14/changes"],"reported" => "2025-05-27","severity" => undef}],"main_module" => "Net::CIDR::Set","versions" => [{"date" => "2009-01-29T15:06:24","version" => "0.10"},{"date" => "2009-01-29T23:03:08","version" => "0.11"},{"date" => "2014-02-24T13:52:37","version" => "0.13"},{"date" => "2025-05-27T15:18:39","version" => "0.14"},{"date" => "2025-05-27T15:38:17","version" => "0.15"},{"date" => "2025-06-03T12:56:20","version" => "0.16"},{"date" => "2025-08-03T10:40:58","version" => "0.17"},{"date" => "2025-08-03T10:46:20","version" => "0.18"},{"date" => "2025-08-05T12:12:04","version" => "0.19"}]},"Net-DNS" => {"advisories" => [{"affected_versions" => ["<0.63"],"cves" => ["CVE-2007-6341"],"description" => "Allows remote attackers to cause a denial of service (program \"croak\") via a crafted DNS response.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.63"],"id" => "CPANSA-Net-DNS-2008-01","references" => ["https://metacpan.org/changes/distribution/Net-DNS"],"reported" => "2008-02-08"},{"affected_versions" => ["<0.60"],"cves" => ["CVE-2007-3409"],"description" => "Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.60"],"id" => "CPANSA-Net-DNS-2007-3409","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=27285","http://www.net-dns.org/docs/Changes.html","http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:146","http://www.redhat.com/support/errata/RHSA-2007-0674.html","ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc","http://www.novell.com/linux/security/advisories/2007_17_sr.html","http://www.trustix.org/errata/2007/0023/","http://www.ubuntu.com/usn/usn-483-1","http://www.securityfocus.com/bid/24669","http://www.securitytracker.com/id?1018376","http://secunia.com/advisories/25829","http://secunia.com/advisories/26014","http://secunia.com/advisories/26055","http://secunia.com/advisories/26012","http://secunia.com/advisories/26075","http://secunia.com/advisories/26211","http://secunia.com/advisories/26231","http://secunia.com/advisories/26417","http://secunia.com/advisories/26543","http://www.debian.org/security/2008/dsa-1515","http://secunia.com/advisories/29354","http://osvdb.org/37054","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10595","http://www.securityfocus.com/archive/1/473871/100/0/threaded"],"reported" => "2007-06-26","severity" => undef},{"affected_versions" => ["<0.60"],"cves" => ["CVE-2007-3377"],"description" => "Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.60"],"id" => "CPANSA-Net-DNS-2007-3377","references" => ["http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html","http://rt.cpan.org/Public/Bug/Display.html?id=23961","https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458","http://www.net-dns.org/docs/Changes.html","http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm","http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:146","http://www.redhat.com/support/errata/RHSA-2007-0674.html","http://www.redhat.com/support/errata/RHSA-2007-0675.html","ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc","http://www.novell.com/linux/security/advisories/2007_17_sr.html","http://www.trustix.org/errata/2007/0023/","http://www.ubuntu.com/usn/usn-483-1","http://www.securityfocus.com/bid/24669","http://www.securitytracker.com/id?1018377","http://secunia.com/advisories/25829","http://secunia.com/advisories/26014","http://secunia.com/advisories/26055","http://secunia.com/advisories/26012","http://secunia.com/advisories/26075","http://secunia.com/advisories/26211","http://secunia.com/advisories/26231","http://secunia.com/advisories/26417","http://secunia.com/advisories/26508","http://secunia.com/advisories/26543","http://www.debian.org/security/2008/dsa-1515","http://secunia.com/advisories/29354","http://osvdb.org/37053","https://exchange.xforce.ibmcloud.com/vulnerabilities/35112","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9904","http://www.securityfocus.com/archive/1/473871/100/0/threaded"],"reported" => "2007-06-25","severity" => undef}],"main_module" => "Net::DNS","versions" => [{"date" => "1997-02-04T10:03:21","version" => "0.02"},{"date" => "1997-02-05T05:54:07","version" => "0.02"},{"date" => "1997-02-10T16:24:12","version" => "0.03"},{"date" => "1997-02-13T23:50:40","version" => "0.04"},{"date" => "1997-03-28T06:22:18","version" => "0.05"},{"date" => "1997-04-03T06:54:12","version" => "0.06"},{"date" => "1997-04-19T18:07:46","version" => "0.07"},{"date" => "1997-05-13T15:27:34","version" => "0.08"},{"date" => "1997-05-29T22:16:14","version" => "0.09"},{"date" => "1997-06-13T04:35:29","version" => "0.10"},{"date" => "1997-07-06T18:10:05","version" => "0.11"},{"date" => "1997-10-02T05:53:19","version" => "0.12"},{"date" => "2002-02-01T21:32:42","version" => "0.14"},{"date" => "2002-04-11T23:04:19","version" => "0.19"},{"date" => "2002-05-15T00:39:48","version" => "0.20"},{"date" => "2002-06-03T21:44:48","version" => "0.21"},{"date" => "2002-06-06T21:48:08","version" => "0.22"},{"date" => "2002-06-11T22:49:07","version" => "0.23"},{"date" => "2002-07-06T20:17:50","version" => "0.24"},{"date" => "2002-08-01T10:37:46","version" => "0.25"},{"date" => "2002-08-05T20:11:20","version" => "0.26"},{"date" => "2002-08-15T15:55:56","version" => "0.27"},{"date" => "2002-08-21T00:18:55","version" => "0.28"},{"date" => "2002-10-02T06:09:09","version" => "0.29"},{"date" => "2002-11-07T13:19:03","version" => "0.30"},{"date" => "2002-11-18T04:32:09","version" => "0.31"},{"date" => "2003-01-05T21:37:55","version" => "0.32"},{"date" => "2003-01-08T18:31:53","version" => "0.33"},{"date" => "2003-03-06T19:19:53","version" => "0.34"},{"date" => "2003-05-22T02:33:15","version" => "0.34_02"},{"date" => "2003-05-23T01:24:00","version" => "0.34_03"},{"date" => "2003-05-26T07:13:38","version" => "0.35"},{"date" => "2003-05-28T22:24:43","version" => "0.36"},{"date" => "2003-05-28T22:41:56","version" => "0.37"},{"date" => "2003-06-05T23:55:14","version" => "0.38"},{"date" => "2003-06-23T00:19:28","version" => "0.38_01"},{"date" => "2003-07-29T09:34:12","version" => "0.38_02"},{"date" => "2003-08-07T22:35:45","version" => "0.39"},{"date" => "2003-08-12T04:10:01","version" => "0.39_01"},{"date" => "2003-08-28T15:17:51","version" => "0.39_02"},{"date" => "2003-09-01T22:18:39","version" => "0.40"},{"date" => "2003-09-26T22:54:49","version" => "0.40_01"},{"date" => "2003-10-03T15:57:27","version" => "0.41"},{"date" => "2003-10-26T05:42:29","version" => "0.42"},{"date" => "2003-12-01T04:39:24","version" => "0.42_01"},{"date" => "2003-12-11T08:53:09","version" => "0.42_02"},{"date" => "2003-12-12T00:28:17","version" => "0.43"},{"date" => "2003-12-13T01:55:07","version" => "0.44"},{"date" => "2004-01-03T06:49:06","version" => "0.44_01"},{"date" => "2004-01-04T04:51:25","version" => "0.44_02"},{"date" => "2004-01-08T05:56:11","version" => "0.45"},{"date" => "2004-02-10T00:53:47","version" => "0.45_01"},{"date" => "2004-02-21T12:53:34","version" => "0.46"},{"date" => "2004-04-01T07:39:00","version" => "0.47"},{"date" => "2004-05-06T19:18:31","version" => "0.47_01"},{"date" => "2004-08-13T01:11:57","version" => "0.48"},{"date" => "2005-03-07T14:31:55","version" => "0.48_01"},{"date" => "2005-03-14T20:47:20","version" => "0.48_02"},{"date" => "2005-03-22T15:54:51","version" => "0.48_03"},{"date" => "2005-03-29T13:12:16","version" => "0.49"},{"date" => "2005-05-24T08:07:55","version" => "0.49_01"},{"date" => "2005-05-28T07:07:52","version" => "0.49_02"},{"date" => "2005-06-01T20:51:43","version" => "0.49_03"},{"date" => "2005-06-08T14:15:32","version" => "0.50"},{"date" => "2005-06-10T11:00:29","version" => "0.51"},{"date" => "2005-06-14T11:42:54","version" => "0.49_01"},{"date" => "2005-06-22T14:32:45","version" => "0.49_01"},{"date" => "2005-07-01T21:50:47","version" => "0.52"},{"date" => "2005-07-22T12:23:21","version" => "0.53"},{"date" => "2005-07-31T14:40:15","version" => "0.53_01"},{"date" => "2005-10-18T14:39:03","version" => "0.53_02"},{"date" => "2005-12-07T13:15:30","version" => "0.54"},{"date" => "2005-12-14T10:29:42","version" => "0.55"},{"date" => "2006-02-20T15:34:25","version" => "0.56"},{"date" => "2006-02-24T16:21:14","version" => "0.57"},{"date" => "2006-07-04T11:42:41","version" => "0.58"},{"date" => "2006-09-18T19:31:10","version" => "0.59"},{"date" => "2007-06-22T07:31:18","version" => "0.60"},{"date" => "2007-08-01T12:26:55","version" => "0.61"},{"date" => "2007-12-28T19:32:25","version" => "0.62"},{"date" => "2008-02-08T15:49:50","version" => "0.63"},{"date" => "2008-12-30T18:11:35","version" => "0.64"},{"date" => "2009-01-26T18:19:23","version" => "0.65"},{"date" => "2009-12-30T13:58:25","version" => "0.66"},{"date" => "2011-10-25T12:14:24","version" => "0.66_01"},{"date" => "2011-10-27T14:23:38","version" => "0.66_02"},{"date" => "2011-10-28T14:31:06","version" => "0.66_03"},{"date" => "2011-10-28T15:00:15","version" => "0.66_04"},{"date" => "2011-10-31T14:36:02","version" => "0.66_06"},{"date" => "2011-10-31T19:34:01","version" => "0.66_07"},{"date" => "2011-11-02T21:52:59","version" => "0.66_08"},{"date" => "2011-11-07T09:07:56","version" => "0.67"},{"date" => "2012-01-23T13:41:03","version" => "0.67_01"},{"date" => "2012-01-26T10:44:13","version" => "0.67_03"},{"date" => "2012-01-27T08:47:28","version" => "0.67_04"},{"date" => "2012-01-31T21:54:27","version" => "0.68"},{"date" => "2012-01-31T22:11:31","version" => "0.68"},{"date" => "2012-10-29T15:35:55","version" => "0.68_01"},{"date" => "2012-10-31T10:25:57","version" => "0.68_02"},{"date" => "2012-10-31T20:33:53","version" => "0.68_03"},{"date" => "2012-11-12T07:15:13","version" => "0.68_04"},{"date" => "2012-11-12T10:22:31","version" => "0.68_05"},{"date" => "2012-11-19T12:57:25","version" => "0.68_06"},{"date" => "2012-11-21T23:12:34","version" => "0.68_07"},{"date" => "2012-11-23T22:12:01","version" => "0.68_08"},{"date" => "2012-12-04T07:18:08","version" => "0.68_09"},{"date" => "2012-12-05T12:07:43","version" => "0.69"},{"date" => "2012-12-05T14:05:12","version" => "0.69_1"},{"date" => "2012-12-06T11:10:17","version" => "0.70"},{"date" => "2012-12-12T16:04:03","version" => "0.70_1"},{"date" => "2012-12-15T11:18:56","version" => "0.71"},{"date" => "2012-12-24T21:14:23","version" => "0.71_01"},{"date" => "2012-12-28T15:03:57","version" => "0.72"},{"date" => "2013-11-13T15:18:55","version" => "0.72_01"},{"date" => "2013-11-14T16:13:33","version" => "0.72_02"},{"date" => "2013-11-18T10:49:23","version" => "0.72_03"},{"date" => "2013-11-19T21:52:50","version" => "0.72_04"},{"date" => "2013-11-29T13:35:08","version" => "0.73"},{"date" => "2013-12-24T15:21:50","version" => "0.73_1"},{"date" => "2014-01-02T20:32:27","version" => "0.73_2"},{"date" => "2014-01-05T20:31:16","version" => "0.73_3"},{"date" => "2014-01-12T10:25:24","version" => "0.73_4"},{"date" => "2014-01-13T15:59:49","version" => "0.73_5"},{"date" => "2014-01-16T10:23:47","version" => "0.74"},{"date" => "2014-03-03T21:33:39","version" => "0.74_1"},{"date" => "2014-03-10T08:36:19","version" => "0.74_2"},{"date" => "2014-04-03T21:00:45","version" => "0.74_3"},{"date" => "2014-04-30T14:05:59","version" => "0.74_4"},{"date" => "2014-05-05T06:05:46","version" => "0.74_5"},{"date" => "2014-05-06T09:22:01","version" => "0.74_6"},{"date" => "2014-05-08T09:54:21","version" => "0.75"},{"date" => "2014-05-22T20:56:00","version" => "0.75_1"},{"date" => "2014-05-23T22:26:56","version" => "0.76"},{"date" => "2014-05-29T11:26:07","version" => "0.76_1"},{"date" => "2014-06-05T16:04:39","version" => "0.76_2"},{"date" => "2014-06-13T08:31:32","version" => "0.76_3"},{"date" => "2014-06-13T21:57:13","version" => "0.77"},{"date" => "2014-07-02T09:53:03","version" => "0.77_1"},{"date" => "2014-07-09T07:09:44","version" => "0.77_2"},{"date" => "2014-07-10T14:13:33","version" => "0.78"},{"date" => "2014-07-30T21:41:25","version" => "0.78_1"},{"date" => "2014-08-12T22:13:54","version" => "0.78_2"},{"date" => "2014-08-15T14:40:22","version" => "0.78_3"},{"date" => "2014-08-19T13:24:46","version" => "0.78_5"},{"date" => "2014-08-22T22:29:13","version" => "0.79"},{"date" => "2014-09-11T11:42:35","version" => "0.79_1"},{"date" => "2014-09-15T14:51:32","version" => "0.79_2"},{"date" => "2014-09-22T11:51:22","version" => "0.80"},{"date" => "2014-10-20T08:19:15","version" => "0.80_1"},{"date" => "2014-10-24T08:21:15","version" => "0.80_2"},{"date" => "2014-10-29T13:44:16","version" => "0.81"},{"date" => "2015-01-05T10:22:06","version" => "0.81_01"},{"date" => "2015-01-20T14:12:38","version" => "0.82"},{"date" => "2015-02-11T14:26:36","version" => "0.82_01"},{"date" => "2015-02-18T11:05:47","version" => "0.82_02"},{"date" => "2015-02-26T15:48:06","version" => "0.83"},{"date" => "2015-05-27T10:04:50","version" => "1.00_01"},{"date" => "2015-06-11T17:23:10","version" => "1.00_02"},{"date" => "2015-06-15T10:02:08","version" => "1.00_03"},{"date" => "2015-06-23T13:57:29","version" => "1.00_04"},{"date" => "2015-06-26T09:37:11","version" => "1.00_05"},{"date" => "2015-06-29T17:15:06","version" => "1.00_06"},{"date" => "2015-07-01T13:51:22","version" => "1.00_07"},{"date" => "2015-07-02T08:17:44","version" => "1.00_08"},{"date" => "2015-07-06T17:28:32","version" => "1.01"},{"date" => "2015-08-26T20:44:25","version" => "1.01_01"},{"date" => "2015-09-03T06:21:58","version" => "1.01_02"},{"date" => "2015-09-04T20:39:37","version" => "1.01_03"},{"date" => "2015-09-08T08:26:06","version" => "1.01_04"},{"date" => "2015-09-11T11:49:24","version" => "1.01_05"},{"date" => "2015-09-15T18:51:53","version" => "1.01_06"},{"date" => "2015-09-16T10:25:09","version" => "1.02"},{"date" => "2015-09-22T13:39:43","version" => "1.02_01"},{"date" => "2015-10-05T08:30:03","version" => "1.02_02"},{"date" => "2015-10-06T20:39:36","version" => "1.02_03"},{"date" => "2015-10-08T21:24:29","version" => "1.02_04"},{"date" => "2015-10-13T07:30:39","version" => "1.02_05"},{"date" => "2015-10-14T12:44:57","version" => "1.02_06"},{"date" => "2015-10-20T09:59:26","version" => "1.02_07"},{"date" => "2015-10-23T08:32:04","version" => "1.02_08"},{"date" => "2015-10-27T16:07:21","version" => "1.02_09"},{"date" => "2015-11-02T06:00:09","version" => "1.02_10"},{"date" => "2015-11-08T13:49:33","version" => "1.03"},{"date" => "2015-12-01T21:21:55","version" => "1.03_01"},{"date" => "2015-12-02T14:27:42","version" => "1.03_02"},{"date" => "2015-12-02T20:49:07","version" => "1.03_03"},{"date" => "2015-12-08T20:41:10","version" => "1.04"},{"date" => "2016-02-01T16:26:27","version" => "1.04_01"},{"date" => "2016-02-02T08:03:42","version" => "1.04_02"},{"date" => "2016-02-05T12:19:57","version" => "1.04_03"},{"date" => "2016-02-29T12:32:53","version" => "1.04_04"},{"date" => "2016-03-07T21:11:01","version" => "1.05"},{"date" => "2016-03-21T13:15:38","version" => "1.05_01"},{"date" => "2016-03-24T18:45:15","version" => "1.05_02"},{"date" => "2016-04-04T21:53:54","version" => "1.05_03"},{"date" => "2016-04-15T10:11:03","version" => "1.05_04"},{"date" => "2016-04-17T12:05:46","version" => "1.05_05"},{"date" => "2016-05-11T08:58:51","version" => "1.05_06"},{"date" => "2016-05-22T07:54:41","version" => "1.05_07"},{"date" => "2016-05-27T19:12:44","version" => "1.06"},{"date" => "2016-06-22T08:54:06","version" => "1.06_01"},{"date" => "2016-08-24T11:36:13","version" => "1.06_02"},{"date" => "2016-08-25T15:01:31","version" => "1.06_03"},{"date" => "2016-09-17T08:19:30","version" => "1.06_04"},{"date" => "2016-11-12T03:24:33","version" => "1.06_05"},{"date" => "2016-12-23T14:48:42","version" => "1.06_06"},{"date" => "2016-12-29T17:16:20","version" => "1.07"},{"date" => "2017-01-18T21:51:05","version" => "1.07_01"},{"date" => "2017-01-27T10:44:03","version" => "1.07_02"},{"date" => "2017-02-09T10:28:55","version" => "1.07_03"},{"date" => "2017-02-13T10:08:41","version" => "1.07_04"},{"date" => "2017-02-20T11:12:45","version" => "1.08"},{"date" => "2017-03-06T09:33:06","version" => "1.08_02"},{"date" => "2017-03-13T10:02:22","version" => "1.08_03"},{"date" => "2017-03-22T09:48:52","version" => "1.08_04"},{"date" => "2017-03-24T07:00:36","version" => "1.09"},{"date" => "2017-04-19T13:10:57","version" => "1.09_01"},{"date" => "2017-05-05T22:21:10","version" => "1.10"},{"date" => "2017-05-31T09:07:40","version" => "1.10_01"},{"date" => "2017-06-03T20:26:47","version" => "1.10_02"},{"date" => "2017-06-12T12:03:07","version" => "1.10_03"},{"date" => "2017-06-26T12:52:57","version" => "1.11"},{"date" => "2017-07-07T21:50:10","version" => "1.11_01"},{"date" => "2017-07-28T16:17:01","version" => "1.11_02"},{"date" => "2017-08-15T10:33:15","version" => "1.11_03"},{"date" => "2017-08-17T12:48:08","version" => "1.11_04"},{"date" => "2017-08-18T13:15:31","version" => "1.12"},{"date" => "2017-09-12T09:28:26","version" => "1.12_01"},{"date" => "2017-10-06T09:07:45","version" => "1.12_02"},{"date" => "2017-10-10T14:42:38","version" => "1.12_03"},{"date" => "2017-10-18T09:49:20","version" => "1.13"},{"date" => "2017-11-30T11:11:55","version" => "1.13_01"},{"date" => "2017-12-07T10:17:12","version" => "1.13_02"},{"date" => "2017-12-15T12:34:59","version" => "1.14"},{"date" => "2018-01-31T10:11:39","version" => "1.14_01"},{"date" => "2018-02-01T14:14:07","version" => "1.14_02"},{"date" => "2018-02-09T11:42:14","version" => "1.15"},{"date" => "2018-06-11T09:20:56","version" => "1.15_01"},{"date" => "2018-06-14T10:46:39","version" => "1.15_02"},{"date" => "2018-07-03T09:05:15","version" => "1.15_03"},{"date" => "2018-07-06T10:03:02","version" => "1.15_04"},{"date" => "2018-07-16T04:56:07","version" => "1.16"},{"date" => "2018-07-20T16:22:38","version" => "1.16_01"},{"date" => "2018-07-24T15:35:14","version" => "1.16_02"},{"date" => "2018-07-25T07:10:24","version" => "1.17"},{"date" => "2018-09-11T10:24:34","version" => "1.17_01"},{"date" => "2018-09-11T15:32:52","version" => "1.17_02"},{"date" => "2018-09-12T06:15:44","version" => "1.17_03"},{"date" => "2018-09-21T14:49:48","version" => "1.18"},{"date" => "2018-11-08T06:39:55","version" => "1.18_01"},{"date" => "2018-11-15T06:02:14","version" => "1.19"},{"date" => "2018-12-31T12:23:28","version" => "1.19_01"},{"date" => "2019-01-28T09:48:25","version" => "1.19_02"},{"date" => "2019-03-22T08:40:39","version" => "1.19_03"},{"date" => "2019-03-22T14:13:56","version" => "1.20"},{"date" => "2019-07-21T09:20:43","version" => "1.20_01"},{"date" => "2019-07-23T14:51:08","version" => "1.20_02"},{"date" => "2019-08-21T13:49:42","version" => "1.20_03"},{"date" => "2019-08-30T08:37:40","version" => "1.21"},{"date" => "2020-02-02T21:54:31","version" => "1.21_01"},{"date" => "2020-02-13T13:56:48","version" => "1.22"},{"date" => "2020-03-17T09:09:32","version" => "1.22_01"},{"date" => "2020-03-18T14:55:27","version" => "1.23"},{"date" => "2020-05-13T09:04:51","version" => "1.23_01"},{"date" => "2020-05-27T12:47:25","version" => "1.24"},{"date" => "2020-06-19T10:52:05","version" => "1.24_01"},{"date" => "2020-06-23T13:07:04","version" => "1.24_02"},{"date" => "2020-06-26T15:40:24","version" => "1.25"},{"date" => "2020-07-28T12:55:42","version" => "1.25_01"},{"date" => "2020-07-31T08:43:21","version" => "1.25_02"},{"date" => "2020-08-06T15:55:03","version" => "1.26"},{"date" => "2020-08-31T13:51:53","version" => "1.26_01"},{"date" => "2020-09-07T08:02:00","version" => "1.26_02"},{"date" => "2020-09-11T18:53:08","version" => "1.27"},{"date" => "2020-10-08T22:00:15","version" => "1.27_01"},{"date" => "2020-10-16T10:20:24","version" => "1.27_02"},{"date" => "2020-10-19T08:09:59","version" => "1.27_03"},{"date" => "2020-10-23T16:53:49","version" => "1.28"},{"date" => "2020-11-16T16:33:26","version" => "1.28_01"},{"date" => "2020-11-18T13:40:46","version" => "1.29"},{"date" => "2020-12-24T15:37:27","version" => "1.29_01"},{"date" => "2021-03-22T08:38:47","version" => "1.29_02"},{"date" => "2021-03-28T09:38:33","version" => "1.29_03"},{"date" => "2021-03-30T10:06:50","version" => "1.30"},{"date" => "2021-05-02T12:43:26","version" => "1.31"},{"date" => "2021-07-09T09:57:13","version" => "1.31_01"},{"date" => "2021-07-16T14:24:25","version" => "1.32"},{"date" => "2021-08-11T10:07:26","version" => "1.32_01"},{"date" => "2021-12-08T10:42:13","version" => "1.32_02"},{"date" => "2021-12-16T12:22:39","version" => "1.33"},{"date" => "2022-05-21T10:05:03","version" => "1.33_01"},{"date" => "2022-05-30T13:39:34","version" => "1.34"},{"date" => "2022-09-23T13:43:05","version" => "1.34_01"},{"date" => "2022-10-04T13:44:45","version" => "1.34_02"},{"date" => "2022-10-04T20:02:07","version" => "1.35"},{"date" => "2022-12-20T14:45:20","version" => "1.35_01"},{"date" => "2022-12-21T11:28:18","version" => "1.35_02"},{"date" => "2022-12-28T13:12:39","version" => "1.35_03"},{"date" => "2022-12-30T15:53:37","version" => "1.36"},{"date" => "2023-01-30T14:07:07","version" => "1.36_01"},{"date" => "2023-02-20T15:36:17","version" => "1.36_02"},{"date" => "2023-03-06T12:19:36","version" => "1.36_03"},{"date" => "2023-03-13T18:06:16","version" => "1.37"},{"date" => "2023-03-30T19:26:05","version" => "1.37_01"},{"date" => "2023-04-17T12:34:49","version" => "1.37_02"},{"date" => "2023-04-20T12:38:12","version" => "1.37_03"},{"date" => "2023-04-25T20:37:19","version" => "1.37_04"},{"date" => "2023-05-09T10:50:45","version" => "1.38"},{"date" => "2023-05-31T14:12:28","version" => "1.38_01"},{"date" => "2023-06-01T11:46:37","version" => "1.39"},{"date" => "2023-08-23T14:53:17","version" => "1.39_01"},{"date" => "2023-08-25T12:50:35","version" => "1.39_02"},{"date" => "2023-08-30T18:16:07","version" => "1.40"},{"date" => "2023-11-22T08:42:22","version" => "1.40_01"},{"date" => "2023-11-27T13:28:04","version" => "1.41"},{"date" => "2023-12-24T15:48:59","version" => "1.42"},{"date" => "2024-01-04T11:21:08","version" => "1.42_01"},{"date" => "2024-01-08T09:38:46","version" => "1.42_02"},{"date" => "2024-01-10T15:04:01","version" => "1.42_03"},{"date" => "2024-01-17T09:07:40","version" => "1.42_04"},{"date" => "2024-01-25T11:08:34","version" => "1.42_05"},{"date" => "2024-01-26T14:54:33","version" => "1.43"},{"date" => "2024-02-14T09:22:32","version" => "1.43_01"},{"date" => "2024-02-15T13:03:57","version" => "1.44"},{"date" => "2024-04-21T08:24:10","version" => "1.44_01"},{"date" => "2024-05-02T11:03:24","version" => "1.45"},{"date" => "2024-07-26T03:56:44","version" => "1.45_01"},{"date" => "2024-08-12T09:53:41","version" => "1.45_02"},{"date" => "2024-08-19T15:12:15","version" => "1.46"},{"date" => "2024-09-18T20:46:06","version" => "1.47"},{"date" => "2024-11-07T14:13:26","version" => "1.47_01"},{"date" => "2024-11-08T13:27:46","version" => "1.48"},{"date" => "2024-12-16T13:43:49","version" => "1.48_01"},{"date" => "2024-12-18T14:24:48","version" => "1.48_02"},{"date" => "2024-12-27T13:12:51","version" => "1.49"},{"date" => "2025-01-02T16:36:47","version" => "1.49_01"},{"date" => "2025-01-29T09:05:23","version" => "1.49_02"},{"date" => "2025-02-08T16:50:50","version" => "1.49_03"},{"date" => "2025-02-10T13:49:02","version" => "1.49_04"},{"date" => "2025-02-11T15:56:15","version" => "1.49_05"},{"date" => "2025-02-21T08:48:19","version" => "1.50"},{"date" => "2025-07-01T12:01:39","version" => "1.50_01"},{"date" => "2025-07-04T13:49:27","version" => "1.51"},{"date" => "2025-07-18T11:52:46","version" => "1.51_01"},{"date" => "2025-07-19T11:26:47","version" => "1.51_02"},{"date" => "2025-07-22T16:56:24","version" => "1.51_03"},{"date" => "2025-07-28T13:57:39","version" => "1.51_04"},{"date" => "2025-07-29T18:11:00","version" => "1.52"},{"date" => "2025-08-14T12:01:11","version" => "1.52_01"},{"date" => "2025-08-19T09:53:44","version" => "1.52_02"},{"date" => "2025-08-26T09:53:47","version" => "1.52_03"},{"date" => "2025-08-29T12:22:39","version" => "1.53"},{"date" => "2026-01-16T13:17:34","version" => "1.54"}]},"Net-Dropbear" => {"advisories" => [{"affected_versions" => ["<0"],"comment" => "From the author: \"I have reviewed Dropbear's usage of libtomcrypt, and the function in question for CVE-2019-17362, der_decode_utf8_string, is not used in Dropbear. None of the DER parsing from libtomcrypt is used in Dropbear at all, I have confirmed that the flag to include it is not set, and confirmed that the resultant Dropbear.so that is built by Net::Dropbear does not include any of the der_* symbols.\"\n","cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","embedded_vulnerability" => {"affected_versions" => "<0","distributed_version" => "1.8.2","name" => "libtomcrypt"},"fixed_versions" => [">0"],"id" => "CPANSA-Net-Dropbear-2019-17362","references" => ["https://github.com/atrodo/Net-Dropbear/issues/6","https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">0"],"comment" => "embedded library is libtommath","cves" => ["CVE-2025-40913","CVE-2023-36328"],"description" => "Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow.  Net::Dropbear\x{a0}embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2025-40913","references" => ["https://github.com/advisories/GHSA-j3xv-6967-cv88","https://github.com/libtom/libtommath/pull/546","https://metacpan.org/release/ATRODO/Net-Dropbear-0.16/source/dropbear/libtommath/bn_mp_grow.c","https://www.cve.org/CVERecord?id=CVE-2023-36328"],"reported" => "2025-07-16","severity" => undef},{"affected_versions" => [">=0.01,<=0.07"],"cves" => ["CVE-2020-36254"],"description" => "scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2020-36254-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff"],"reported" => "2021-02-25","severity" => "high"},{"affected_versions" => [">=0.08,<=0.10"],"cves" => ["CVE-2020-36254"],"description" => "scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2020-36254-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff"],"reported" => "2021-02-25","severity" => "high"},{"affected_versions" => [">=0.11,<=0.13"],"cves" => ["CVE-2020-36254"],"description" => "scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2020-36254-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff"],"reported" => "2021-02-25","severity" => "high"},{"affected_versions" => [">=0.14"],"cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-17362-libtomcrypt","references" => ["https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">=0.11,<=0.13"],"cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-17362-libtomcrypt","references" => ["https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">=0.01,<=0.10"],"cves" => ["CVE-2016-6129"],"description" => "The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2016-6129-libtomcrypt","references" => ["https://www.op-tee.org/advisories/","https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0","https://bugzilla.redhat.com/show_bug.cgi?id=1370955"],"reported" => "2017-02-13","severity" => "high"}],"main_module" => "Net::Dropbear","versions" => [{"date" => "2015-11-03T18:31:23","version" => "0.01"},{"date" => "2015-11-04T04:17:39","version" => "0.02"},{"date" => "2015-11-05T06:49:56","version" => "0.03"},{"date" => "2015-11-07T03:40:31","version" => "0.04"},{"date" => "2015-11-29T00:37:40","version" => "0.06"},{"date" => "2016-01-02T05:57:50","version" => "0.07"},{"date" => "2016-08-04T05:36:45","version" => "0.08"},{"date" => "2016-08-08T05:56:46","version" => "0.09"},{"date" => "2016-08-10T05:05:32","version" => "0.10"},{"date" => "2020-03-17T04:05:13","version" => "0.11"},{"date" => "2020-03-20T02:33:34","version" => "0.12"},{"date" => "2020-03-21T14:51:53","version" => "0.13"},{"date" => "2021-05-28T04:07:12","version" => "0.14"},{"date" => "2022-07-01T04:48:35","version" => "0.15"},{"date" => "2022-07-08T03:18:20","version" => "0.16"}]},"Net-Dropbox-API" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-58036"],"description" => "Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Net-Dropbox-API","fixed_versions" => [],"id" => "CPANSA-Net-Dropbox-API-2024-58036","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L11","https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L385","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Net::Dropbox::API","versions" => [{"date" => "2010-05-12T02:24:44","version" => "0.02"},{"date" => "2010-05-12T03:47:17","version" => "0.3"},{"date" => "2010-05-12T05:20:22","version" => "0.4"},{"date" => "2010-05-13T01:28:14","version" => "0.5"},{"date" => "2010-05-13T01:45:47","version" => "0.6"},{"date" => "2010-09-29T22:44:37","version" => "0.7"},{"date" => "2010-10-17T21:34:59","version" => "0.9"},{"date" => "2011-02-06T21:28:22","version" => "0.10"},{"date" => "2011-02-20T20:23:48","version" => "1.0"},{"date" => "2011-02-23T03:51:46","version" => "1.1"},{"date" => "2011-03-23T19:59:39","version" => "1.2"},{"date" => "2011-04-08T04:53:20","version" => "1.3"},{"date" => "2011-04-12T19:45:12","version" => "1.4"},{"date" => "2011-05-09T07:49:55","version" => "1.5"},{"date" => "2011-05-16T05:45:53","version" => "1.6"},{"date" => "2011-06-16T01:18:02","version" => "1.6.1"},{"date" => "2011-06-28T00:24:02","version" => "1.7"},{"date" => "2012-03-22T23:54:58","version" => "1.8"},{"date" => "2012-10-23T07:31:36","version" => "1.9"}]},"Net-IP-LPM" => {"advisories" => [{"affected_versions" => [">=1.10"],"cves" => ["CVE-2025-40910"],"description" => "Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.  Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.","distribution" => "Net-IP-LPM","fixed_versions" => [],"id" => "CPANSA-Net-IP-LPM-2025-40910","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/TPODER/Net-IP-LPM-1.10/diff/TPODER/Net-IP-LPM-1.09/lib/Net/IP/LPM.pm","https://security.metacpan.org/patches/N/Net-IP-LPM/1.10/CVE-2025-40910-r1.patch"],"reported" => "2025-06-27","severity" => undef}],"main_module" => "Net::IP::LPM","versions" => [{"date" => "2013-01-05T14:28:16","version" => "0.01_01"},{"date" => "2013-01-07T14:50:26","version" => "0.01_02"},{"date" => "2013-01-09T06:10:47","version" => "0.01_03"},{"date" => "2013-01-12T11:32:07","version" => "0.02"},{"date" => "2013-03-08T12:21:31","version" => "0.02_01"},{"date" => "2013-03-16T21:27:03","version" => "0.03"},{"date" => "2013-08-17T04:37:38","version" => "1.01_01"},{"date" => "2013-08-18T06:59:49","version" => "1.01_02"},{"date" => "2013-08-18T14:53:57","version" => "1.01_04"},{"date" => "2013-08-20T06:13:43","version" => "1.02"},{"date" => "2013-08-20T18:42:21","version" => "1.03"},{"date" => "2013-08-26T07:46:02","version" => "1.04"},{"date" => "2013-10-02T16:49:57","version" => "1.05"},{"date" => "2014-11-16T13:18:40","version" => "1.06"},{"date" => "2014-11-20T07:37:55","version" => "1.07"},{"date" => "2014-12-01T21:14:24","version" => "1.09"},{"date" => "2015-08-03T08:40:34","version" => "1.10"}]},"Net-IPAddress-Util" => {"advisories" => [{"affected_versions" => ["<5.000"],"cves" => ["CVE-2021-47156"],"description" => "The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-IPAddress-Util","fixed_versions" => [">=5.000"],"id" => "CPANSA-Net-IPAddress-Util-2021-47156","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/Net-IPAddress-Util","https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::IPAddress::Util","versions" => [{"date" => "2010-03-21T17:13:19","version" => "0.01"},{"date" => "2010-03-21T21:58:11","version" => "0.02"},{"date" => "2010-03-21T23:54:15","version" => "0.03"},{"date" => "2010-03-22T00:50:40","version" => "0.04"},{"date" => "2010-03-23T11:38:32","version" => "0.05"},{"date" => "2010-03-24T10:42:02","version" => "0.06"},{"date" => "2010-03-25T10:58:12","version" => "0.07"},{"date" => "2010-03-26T11:06:58","version" => "0.08"},{"date" => "2010-03-27T15:38:27","version" => "0.09"},{"date" => "2010-04-29T01:26:36","version" => "0.10"},{"date" => "2011-03-26T22:10:10","version" => "0.11"},{"date" => "2011-03-27T00:22:54","version" => "0.12"},{"date" => "2012-05-30T10:03:21","version" => "1.000"},{"date" => "2012-05-31T10:48:35","version" => "1.001"},{"date" => "2012-06-09T08:44:51","version" => "1.002"},{"date" => "2013-10-29T14:27:36","version" => "2.000"},{"date" => "2013-10-29T14:31:44","version" => "2.000_TRIAL"},{"date" => "2013-10-30T03:01:39","version" => "2.001_TRIAL"},{"date" => "2013-10-30T03:32:06","version" => "2.002_TRIAL"},{"date" => "2013-10-30T11:47:01","version" => "2.003_TRIAL"},{"date" => "2013-10-30T15:53:55","version" => "2.004_TRIAL"},{"date" => "2013-11-01T02:53:47","version" => "1.500"},{"date" => "2013-11-02T02:04:49","version" => "3.000"},{"date" => "2014-04-29T10:09:11","version" => "3.001"},{"date" => "2014-06-10T06:38:16","version" => "3.002"},{"date" => "2014-06-14T21:40:33","version" => "3.003"},{"date" => "2014-09-24T11:29:12","version" => "3.010"},{"date" => "2014-09-24T13:12:04","version" => "3.011"},{"date" => "2014-09-26T05:01:04","version" => "3.012"},{"date" => "2014-09-27T15:52:03","version" => "3.013"},{"date" => "2014-09-27T15:59:49","version" => "3.014"},{"date" => "2014-09-30T03:35:57","version" => "3.015"},{"date" => "2014-09-30T03:47:35","version" => "3.016"},{"date" => "2014-09-30T05:30:38","version" => "3.017"},{"date" => "2014-09-30T06:56:39","version" => "3.018"},{"date" => "2015-01-11T03:59:42","version" => "3.019"},{"date" => "2015-01-11T23:29:32","version" => "3.020"},{"date" => "2015-02-18T06:04:51","version" => "3.021"},{"date" => "2015-03-21T16:22:56","version" => "3.022"},{"date" => "2016-03-30T16:54:57","version" => "3.024"},{"date" => "2016-03-30T23:56:29","version" => "3.025"},{"date" => "2016-04-07T19:36:23","version" => "3.026"},{"date" => "2016-04-13T13:40:55","version" => "3.027"},{"date" => "2017-08-17T16:40:13","version" => "3.028"},{"date" => "2017-08-17T21:11:21","version" => "3.029"},{"date" => "2017-08-18T18:07:20","version" => "3.030"},{"date" => "2017-08-18T19:01:22","version" => "3.031"},{"date" => "2017-08-31T16:41:45","version" => "3.032"},{"date" => "2017-08-31T19:39:56","version" => "3.033"},{"date" => "2017-09-20T19:26:27","version" => "3.034"},{"date" => "2017-09-21T10:14:03","version" => "4.000"},{"date" => "2017-09-22T13:04:11","version" => "4.001"},{"date" => "2017-10-04T18:28:54","version" => "4.002"},{"date" => "2017-10-05T18:08:46","version" => "4.003"},{"date" => "2017-10-05T18:44:53","version" => "4.004"},{"date" => "2021-04-05T18:40:34","version" => "5.000"},{"date" => "2021-04-11T04:34:22","version" => "5.001"}]},"Net-IPv4Addr" => {"advisories" => [{"affected_versions" => [">=0.10"],"cves" => ["CVE-2021-47155"],"description" => "The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-IPv4Addr","fixed_versions" => [],"id" => "CPANSA-Net-IPV4Addr-2021-47155","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/Net-IPAddress-Util","https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::IPv4Addr","versions" => [{"date" => "1999-10-20T01:18:13","version" => "0.07"},{"date" => "1999-12-17T23:08:34","version" => "0.08"},{"date" => "1999-12-17T23:10:21","version" => "0.8"},{"date" => "2000-05-03T20:24:59","version" => "0.09"},{"date" => "2000-08-07T19:39:33","version" => "0.10"}]},"Net-NSCA-Client" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-57854"],"description" => "Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.  Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.  Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.","distribution" => "Net-NSCA-Client","fixed_versions" => [">=0.009002"],"id" => "CPANSA-Net-NSCA-Client-2024-57854","references" => ["https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119","https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Net::NSCA::Client","versions" => [{"date" => "2009-10-02T00:42:02","version" => "0.001"},{"date" => "2009-10-08T21:34:38","version" => "0.002"},{"date" => "2009-10-31T20:52:06","version" => "0.003"},{"date" => "2009-11-01T00:48:01","version" => "0.004"},{"date" => "2009-11-01T06:39:10","version" => "0.005"},{"date" => "2009-11-03T16:07:59","version" => "0.006"},{"date" => "2010-08-25T02:20:41","version" => "0.007"},{"date" => "2010-08-31T02:16:17","version" => "0.008"},{"date" => "2011-05-03T16:19:48","version" => "0.009"},{"date" => "2011-05-06T02:00:18","version" => "0.009001"},{"date" => "2011-10-24T04:44:41","version" => "0.009002"}]},"Net-Netmask" => {"advisories" => [{"affected_versions" => ["<2.0000"],"cves" => ["CVE-2021-29424"],"description" => "The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-Netmask","fixed_versions" => [">=2.0000"],"id" => "CPANSA-Net-Netmask-2021-01","references" => ["https://security.netapp.com/advisory/ntap-20210604-0007/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/","https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/changes/distribution/Net-Netmask#L11-22"],"reported" => "2021-03-29"}],"main_module" => "Net::Netmask","versions" => [{"date" => "1998-06-08T05:38:00","version" => "1.0"},{"date" => "1998-06-08T22:46:00","version" => "1.2"},{"date" => "1998-06-25T17:03:00","version" => "1.3"},{"date" => "1998-11-29T20:50:00","version" => "1.4"},{"date" => "1999-03-28T03:32:00","version" => "1.6"},{"date" => "1999-09-15T17:44:00","version" => "1.7"},{"date" => "1999-09-21T00:53:00","version" => "1.8"},{"date" => "2001-05-16T09:18:57","version" => "1.9"},{"date" => "2001-09-30T06:14:00","version" => "1.9001"},{"date" => "2001-11-12T18:20:00","version" => "1.9002"},{"date" => "2003-05-27T15:36:25","version" => "1.9003"},{"date" => "2003-05-29T03:36:30","version" => "1.9004"},{"date" => "2003-11-29T22:49:00","version" => "1.9005"},{"date" => "2003-12-05T22:02:00","version" => "1.9006"},{"date" => "2004-01-02T23:56:00","version" => "1.9007"},{"date" => "2004-04-06T20:15:00","version" => "1.9008"},{"date" => "2004-04-12T21:05:00","version" => "1.9009"},{"date" => "2004-05-31T19:48:00","version" => "1.9011"},{"date" => "2005-05-19T15:45:00","version" => "1.9012"},{"date" => "2006-09-06T19:27:00","version" => "1.9013"},{"date" => "2006-10-14T01:20:00","version" => "1.9014"},{"date" => "2006-11-30T21:06:00","version" => "1.9015"},{"date" => "2011-03-23T04:41:06","version" => "1.9016"},{"date" => "2013-09-21T01:56:56","version" => "1.9017"},{"date" => "2013-09-27T01:25:15","version" => "1.9018"},{"date" => "2013-10-02T00:42:56","version" => "1.9019"},{"date" => "2014-07-18T00:15:30","version" => "1.9021"},{"date" => "2015-05-05T03:36:33","version" => "1.9022"},{"date" => "2018-06-04T04:39:04","version" => "1.9100"},{"date" => "2018-06-05T01:21:39","version" => "1.9101"},{"date" => "2018-06-18T16:35:20","version" => "1.9102"},{"date" => "2018-06-18T21:31:04","version" => "1.9103"},{"date" => "2018-07-27T04:52:04","version" => "1.9104"},{"date" => "2018-07-27T23:03:36","version" => "1.9104"},{"date" => "2021-03-29T17:24:43","version" => "2.0000"},{"date" => "2021-03-29T19:31:52","version" => "2.0001"},{"date" => "2022-08-31T18:09:46","version" => "2.0002"},{"date" => "2025-05-17T15:27:37","version" => "2.0003"}]},"Net-OAuth" => {"advisories" => [{"affected_versions" => ["<0.29"],"cves" => ["CVE-2025-22376"],"description" => "In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.\n","distribution" => "Net-OAuth","fixed_versions" => [">=0.29"],"id" => "CPANSA-Net-OAuth-2025-22376","references" => ["https://metacpan.org/release/KGRENNAN/Net-OAuth-0.28/source/lib/Net/OAuth/Client.pm#L260","https://metacpan.org/release/RRWO/Net-OAuth-0.29/changes"],"reported" => "2025-01-03","severity" => "high"}],"main_module" => "Net::OAuth","versions" => [{"date" => "2007-09-30T14:22:46","version" => "0.01"},{"date" => "2007-10-02T07:37:48","version" => "0.02"},{"date" => "2007-10-15T01:37:47","version" => "0.03"},{"date" => "2007-10-19T16:49:05","version" => "0.04"},{"date" => "2007-11-19T03:34:37","version" => "0.05"},{"date" => "2008-03-08T00:52:34","version" => "0.06"},{"date" => "2008-06-01T16:10:24","version" => "0.07"},{"date" => "2008-06-02T17:46:32","version" => "0.08"},{"date" => "2008-06-03T03:48:14","version" => "0.09"},{"date" => "2008-06-04T16:32:57","version" => "0.1"},{"date" => "2008-06-04T16:52:05","version" => "0.11"},{"date" => "2008-07-04T23:04:35","version" => "0.12"},{"date" => "2008-11-13T22:55:38","version" => "0.13"},{"date" => "2008-12-13T17:32:02","version" => "0.14"},{"date" => "2009-06-05T01:27:05","version" => "0.15"},{"date" => "2009-06-15T18:40:40","version" => "0.16"},{"date" => "2009-06-25T17:05:32","version" => "0.17"},{"date" => "2009-06-25T17:21:13","version" => "0.18"},{"date" => "2009-06-26T17:37:04","version" => "0.19"},{"date" => "2009-11-13T19:04:23","version" => "0.20"},{"date" => "2010-03-10T23:07:13","version" => "0.21"},{"date" => "2010-03-11T00:25:24","version" => "0.22"},{"date" => "2010-03-18T17:53:01","version" => "0.23"},{"date" => "2010-03-21T03:44:38","version" => "0.24"},{"date" => "2010-03-21T03:53:29","version" => "0.25"},{"date" => "2010-06-16T20:08:26","version" => "0.26"},{"date" => "2010-06-16T20:47:49","version" => "0.27"},{"date" => "2012-01-06T06:08:03","version" => "0.28"},{"date" => "2025-01-03T09:18:44","version" => "0.29"},{"date" => "2025-01-03T09:48:29","version" => "0.30"},{"date" => "2025-04-03T16:00:58","version" => "0.31"}]},"Net-OpenID-Consumer" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "A potential timing attack when checking signatures.\n","distribution" => "Net-OpenID-Consumer","fixed_versions" => [">=1.12"],"id" => "CPANSA-Net-OpenID-Consumer-2010-01","references" => ["https://metacpan.org/changes/distribution/Net-OpenID-Consumer","https://github.com/wrog/Net-OpenID-Consumer/commit/4e82c7e4b6ad4bc40571c5cfcaa58f9365b147a5","http://lists.openid.net/pipermail/openid-security/2010-July/001156.html"],"reported" => "2010-11-06"},{"affected_versions" => ["<0.06"],"cves" => [],"description" => "Incorrect comparison of system openssl status when doing DSA checks.\n","distribution" => "Net-OpenID-Consumer","fixed_versions" => [">=0.06"],"id" => "CPANSA-Net-OpenID-Consumer-2015-05","references" => ["https://metacpan.org/changes/distribution/Net-OpenID-Consumer"],"reported" => "2015-05-26"}],"main_module" => "Net::OpenID::Consumer","versions" => [{"date" => "2005-05-23T03:02:59","version" => "0.02"},{"date" => "2005-05-23T08:05:35","version" => "0.03"},{"date" => "2005-05-25T05:08:25","version" => "0.04"},{"date" => "2005-05-25T06:14:44","version" => "0.05"},{"date" => "2005-05-26T06:18:39","version" => "0.06"},{"date" => "2005-05-26T06:56:30","version" => "0.07"},{"date" => "2005-05-26T07:18:01","version" => "0.08"},{"date" => "2005-06-23T23:50:47","version" => "0.09"},{"date" => "2005-06-27T04:43:01","version" => "0.10"},{"date" => "2005-06-27T21:59:47","version" => "0.11"},{"date" => "2005-07-13T17:57:27","version" => "0.12"},{"date" => "2007-04-16T17:58:45","version" => "0.13"},{"date" => "2007-08-03T22:07:20","version" => "0.14"},{"date" => "2008-10-13T02:30:05","version" => "1.01"},{"date" => "2008-10-14T04:39:07","version" => "1.02"},{"date" => "2008-11-30T02:02:17","version" => "1.03"},{"date" => "2010-02-18T15:32:06","version" => "1.04"},{"date" => "2010-02-18T16:01:19","version" => "1.05"},{"date" => "2010-03-16T17:38:56","version" => "1.06"},{"date" => "2010-11-06T02:24:29","version" => "1.030099_001"},{"date" => "2010-11-07T11:21:33","version" => "1.030099_002"},{"date" => "2010-11-08T22:35:52","version" => "1.030099_003"},{"date" => "2010-12-17T21:57:03","version" => "1.030099_004"},{"date" => "2011-01-01T01:55:09","version" => "1.030099_005"},{"date" => "2011-10-23T01:35:49","version" => "1.030099_006"},{"date" => "2011-10-25T23:10:00","version" => "1.100099_001"},{"date" => "2011-11-02T10:38:05","version" => "1.100099_002"},{"date" => "2011-11-04T23:01:32","version" => "1.11"},{"date" => "2011-11-07T17:16:08","version" => "1.12"},{"date" => "2011-11-15T03:28:36","version" => "1.13"},{"date" => "2013-04-01T13:17:57","version" => "1.14"},{"date" => "2013-09-06T23:47:04","version" => "1.15"},{"date" => "2014-09-15T21:38:12","version" => "1.16"},{"date" => "2016-01-15T11:45:55","version" => "1.17"},{"date" => "2016-02-08T01:40:13","version" => "1.18"}]},"Net-Ping-External" => {"advisories" => [{"affected_versions" => ["<=0.15"],"cves" => ["CVE-2008-7319"],"description" => "The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.\n","distribution" => "Net-Ping-External","fixed_versions" => [],"id" => "CPANSA-Net-Ping-External-2008-7319","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=33230","https://bugs.debian.org/881097","http://www.openwall.com/lists/oss-security/2017/11/07/4","http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch"],"reported" => "2017-11-07","severity" => "critical"}],"main_module" => "Net::Ping::External","versions" => [{"date" => "2001-03-15T21:53:04","version" => "0.01"},{"date" => "2001-03-22T00:15:08","version" => "0.02"},{"date" => "2001-03-23T08:35:49","version" => "0.03"},{"date" => "2001-04-20T17:33:31","version" => "0.04"},{"date" => "2001-04-20T18:43:34","version" => "0.05"},{"date" => "2001-04-26T02:59:41","version" => "0.06"},{"date" => "2001-09-28T02:20:34","version" => "0.07"},{"date" => "2001-09-30T21:39:47","version" => "0.08"},{"date" => "2001-11-10T06:10:33","version" => "0.09"},{"date" => "2001-11-10T16:19:21","version" => "0.10"},{"date" => "2003-02-11T22:41:33","version" => "0.11"},{"date" => "2006-09-07T10:52:21","version" => "0.12_01"},{"date" => "2007-01-31T22:09:41","version" => "0.12_02"},{"date" => "2007-02-08T16:06:46","version" => "0.12"},{"date" => "2008-12-18T20:27:07","version" => "0.13"},{"date" => "2013-10-29T17:05:01","version" => "0.14"},{"date" => "2014-04-12T21:37:12","version" => "0.15"}]},"Net-SNMP" => {"advisories" => [{"affected_versions" => [">=5.1.4,<6.0.0"],"cves" => ["CVE-2008-2292"],"description" => "Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).\n","distribution" => "Net-SNMP","fixed_versions" => [">=6.0.0"],"id" => "CPANSA-Net-SNMP-2008-2292","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694","http://www.securityfocus.com/bid/29212","http://secunia.com/advisories/30187","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html","http://www.vmware.com/security/advisories/VMSA-2008-0013.html","http://secunia.com/advisories/31334","http://secunia.com/advisories/30647","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html","http://secunia.com/advisories/31155","http://secunia.com/advisories/31351","http://security.gentoo.org/glsa/glsa-200808-02.xml","http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1","http://www.mandriva.com/security/advisories?name=MDVSA-2008:118","http://secunia.com/advisories/31467","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html","http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm","http://secunia.com/advisories/31568","http://www.debian.org/security/2008/dsa-1663","http://secunia.com/advisories/30615","http://www.redhat.com/support/errata/RHSA-2008-0529.html","http://secunia.com/advisories/32664","http://www.ubuntu.com/usn/usn-685-1","http://secunia.com/advisories/33003","http://www.vupen.com/english/advisories/2008/2361","http://www.vupen.com/english/advisories/2008/2141/references","http://www.vupen.com/english/advisories/2008/1528/references","http://www.securitytracker.com/id?1020527","https://exchange.xforce.ibmcloud.com/vulnerabilities/42430","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261"],"reported" => "2008-05-18","severity" => undef},{"affected_versions" => ["<=5.2.1.2"],"cves" => ["CVE-2005-2811"],"description" => "Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.\n","distribution" => "Net-SNMP","fixed_versions" => [],"id" => "CPANSA-Net-SNMP-2005-2811","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml"],"reported" => "2005-09-07","severity" => undef},{"affected_versions" => ["<=5.7.3"],"cves" => ["CVE-2014-2285"],"description" => "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.\n","distribution" => "Net-SNMP","fixed_versions" => [],"id" => "CPANSA-Net-SNMP-2014-2285","references" => ["http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html","http://comments.gmane.org/gmane.comp.security.oss.general/12284","https://bugzilla.redhat.com/show_bug.cgi?id=1072778","http://sourceforge.net/p/net-snmp/patches/1275/","http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html","https://bugzilla.redhat.com/show_bug.cgi?id=1072044","http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html","http://secunia.com/advisories/59974","http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml","https://rhn.redhat.com/errata/RHSA-2014-0322.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2014-04-27","severity" => undef}],"main_module" => "Net::SNMP","versions" => [{"date" => "1998-10-14T13:13:11","version" => "1.10"},{"date" => "1998-11-06T14:25:38","version" => "1.20"},{"date" => "1999-03-17T13:51:17","version" => "1.30"},{"date" => "1999-04-26T13:39:02","version" => "1.40"},{"date" => "1999-05-06T16:25:03","version" => "2.00"},{"date" => "1999-08-12T15:23:21","version" => "2.99"},{"date" => "1999-09-09T13:30:41","version" => "3.00"},{"date" => "2000-01-01T18:12:05","version" => "3.01"},{"date" => "2000-05-06T04:35:25","version" => "3.50"},{"date" => "2000-09-09T15:00:00","version" => "3.60"},{"date" => "2001-09-09T13:33:46","version" => "3.65"},{"date" => "2001-11-09T14:14:48","version" => "v4.0.0"},{"date" => "2002-01-01T14:16:29","version" => "v4.0.1"},{"date" => "2002-05-06T12:51:31","version" => "v4.0.2"},{"date" => "2002-09-09T12:55:22","version" => "v4.0.3"},{"date" => "2003-05-06T11:06:55","version" => "v4.1.0"},{"date" => "2003-09-09T12:50:16","version" => "v4.1.1"},{"date" => "2003-09-11T19:19:45","version" => "v4.1.2"},{"date" => "2004-07-20T13:49:08","version" => "v5.0.0"},{"date" => "2004-09-09T17:06:35","version" => "v5.0.1"},{"date" => "2005-07-20T13:58:05","version" => "v5.1.0"},{"date" => "2005-10-20T14:25:07","version" => "v5.2.0"},{"date" => "2009-09-09T15:17:46","version" => "v6.0.0"},{"date" => "2010-09-10T00:15:52","version" => "v6.0.1"}]},"Net-SSLeay" => {"advisories" => [{"affected_versions" => ["<1.25"],"cves" => ["CVE-2005-0106"],"description" => "SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.\n","distribution" => "Net-SSLeay","fixed_versions" => [">=1.25"],"id" => "CPANSA-Net-SSLeay-2005-0106","references" => ["http://secunia.com/advisories/18639","http://www.securityfocus.com/bid/13471","http://www.mandriva.com/security/advisories?name=MDKSA-2006:023","https://usn.ubuntu.com/113-1/"],"reported" => "2005-05-03","severity" => undef}],"main_module" => "Net::SSLeay","versions" => [{"date" => "2007-07-03T14:02:04","version" => "1.31_01"},{"date" => "2007-07-14T20:12:31","version" => "1.31_02"},{"date" => "2007-09-03T21:16:05","version" => "1.32"},{"date" => "2008-02-14T13:43:47","version" => "1.33_01"},{"date" => "2008-07-24T01:16:26","version" => "1.34"},{"date" => "2008-07-24T22:14:14","version" => "1.35"},{"date" => "2010-01-30T21:16:14","version" => "1.36"},{"date" => "2011-09-15T22:28:53","version" => "1.37"},{"date" => "2011-09-16T11:48:42","version" => "1.38"},{"date" => "2011-09-21T06:57:15","version" => "1.39"},{"date" => "2011-09-23T02:41:56","version" => "1.40"},{"date" => "2011-09-24T22:11:30","version" => "1.41"},{"date" => "2011-10-03T06:27:18","version" => "1.42"},{"date" => "2012-02-23T22:42:58","version" => "1.42"},{"date" => "2012-02-24T21:44:59","version" => "1.42"},{"date" => "2012-02-24T22:54:26","version" => "1.42"},{"date" => "2012-04-02T21:16:31","version" => "1.46"},{"date" => "2012-04-04T00:54:15","version" => "1.47"},{"date" => "2012-04-25T07:03:14","version" => "1.48"},{"date" => "2012-09-24T22:12:48","version" => "1.49"},{"date" => "2012-12-12T21:00:17","version" => "1.49"},{"date" => "2012-12-14T05:38:34","version" => "1.49"},{"date" => "2013-01-08T23:13:16","version" => "1.51"},{"date" => "2013-03-22T07:31:43","version" => "1.51"},{"date" => "2013-03-22T22:14:08","version" => "1.53"},{"date" => "2013-06-07T22:33:01","version" => "1.53"},{"date" => "2014-01-07T22:12:16","version" => "1.56"},{"date" => "2014-01-11T21:39:27","version" => "1.56"},{"date" => "2014-01-14T23:29:28","version" => "1.58"},{"date" => "2014-05-09T22:10:47","version" => "1.59"},{"date" => "2014-05-10T21:41:25","version" => "1.60"},{"date" => "2014-05-12T10:07:16","version" => "1.61"},{"date" => "2014-05-18T21:22:05","version" => "1.61"},{"date" => "2014-05-19T10:44:07","version" => "1.63"},{"date" => "2014-06-11T02:56:20","version" => "1.64"},{"date" => "2014-07-14T10:26:12","version" => "1.65"},{"date" => "2014-08-21T01:09:39","version" => "1.66"},{"date" => "2015-01-16T22:22:07","version" => "1.67"},{"date" => "2015-01-24T00:27:20","version" => "1.68"},{"date" => "2015-06-03T21:47:53","version" => "1.68"},{"date" => "2015-06-25T23:10:05","version" => "1.70"},{"date" => "2015-09-18T03:19:23","version" => "1.71"},{"date" => "2015-09-21T21:54:16","version" => "1.72"},{"date" => "2016-04-11T00:17:37","version" => "1.73"},{"date" => "2016-04-11T21:48:54","version" => "1.74"},{"date" => "2016-07-31T01:22:50","version" => "1.75"},{"date" => "2016-07-31T02:53:16","version" => "1.76"},{"date" => "2016-07-31T20:27:29","version" => "1.77"},{"date" => "2016-08-13T08:42:51","version" => "1.78"},{"date" => "2017-01-03T07:57:10","version" => "1.79"},{"date" => "2017-01-04T21:41:24","version" => "1.80"},{"date" => "2017-03-27T21:02:27","version" => "1.81"},{"date" => "2017-10-31T04:50:54","version" => "1.82"},{"date" => "2018-01-16T04:44:04","version" => "1.83"},{"date" => "2018-01-17T03:12:01","version" => "1.84"},{"date" => "2018-03-13T22:28:12","version" => "1.85"},{"date" => "2018-07-04T20:41:16","version" => "1.86_01"},{"date" => "2018-07-06T12:18:38","version" => "1.86_02"},{"date" => "2018-07-19T19:42:35","version" => "1.86_03"},{"date" => "2018-07-30T17:01:10","version" => "1.86_04"},{"date" => "2018-08-23T08:31:09","version" => "1.86_05"},{"date" => "2018-09-29T15:52:57","version" => "1.86_06"},{"date" => "2018-12-13T09:56:46","version" => "1.86_07"},{"date" => "2019-03-12T14:20:11","version" => "1.86_08"},{"date" => "2019-03-12T21:00:55","version" => "1.86_09"},{"date" => "2019-05-05T01:38:23","version" => "1.86_10"},{"date" => "2019-05-08T16:24:16","version" => "1.86_11"},{"date" => "2019-05-10T20:36:42","version" => "1.88"},{"date" => "2020-03-22T13:48:11","version" => "1.89_01"},{"date" => "2020-08-06T23:48:51","version" => "1.89_02"},{"date" => "2020-12-12T16:47:00","version" => "1.89_03"},{"date" => "2021-01-13T19:01:50","version" => "1.89_04"},{"date" => "2021-01-21T00:51:03","version" => "1.89_05"},{"date" => "2021-01-21T19:08:38","version" => "1.90"},{"date" => "2021-10-24T18:14:27","version" => "1.91_01"},{"date" => "2021-12-29T22:30:53","version" => "1.91_02"},{"date" => "2022-01-10T19:21:16","version" => "1.91_03"},{"date" => "2022-01-12T22:47:57","version" => "1.92"},{"date" => "2022-03-20T18:24:35","version" => "1.93_01"},{"date" => "2023-02-23T01:08:20","version" => "1.93_02"},{"date" => "2024-01-02T14:34:40","version" => "1.93_03"},{"date" => "2024-01-05T00:45:35","version" => "1.93_04"},{"date" => "2024-01-06T18:39:23","version" => "1.93_05"},{"date" => "2024-01-08T01:22:27","version" => "1.94"},{"date" => "2026-02-05T17:57:53","version" => "1.95_01"}]},"Net-Server" => {"advisories" => [{"affected_versions" => ["<=0.87"],"cves" => ["CVE-2005-1127"],"description" => "Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.\n","distribution" => "Net-Server","fixed_versions" => [">0.87"],"id" => "CPANSA-Net-Server-2005-1127","references" => ["http://lists.ee.ethz.ch/postgrey/msg00627.html","http://lists.ee.ethz.ch/postgrey/msg00630.html","http://lists.ee.ethz.ch/postgrey/msg00647.html","http://www.osvdb.org/15517","http://secunia.com/advisories/14958","http://www.debian.org/security/2006/dsa-1121","http://www.debian.org/security/2006/dsa-1122","http://secunia.com/advisories/21164","http://secunia.com/advisories/21152","http://secunia.com/advisories/21149","http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml","http://www.securityfocus.com/bid/13193","http://secunia.com/advisories/21452","http://www.mandriva.com/security/advisories?name=MDKSA-2006:131","http://marc.info/?l=full-disclosure&m=111354538331167&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/20108"],"reported" => "2005-05-02","severity" => undef}],"main_module" => "Net::Server","versions" => [{"date" => "2001-03-05T14:48:26","version" => "0.46"},{"date" => "2001-03-08T14:37:30","version" => "0.47"},{"date" => "2001-03-13T16:35:32","version" => "0.52"},{"date" => "2001-03-20T06:55:22","version" => "0.55"},{"date" => "2001-04-09T16:54:28","version" => "0.58"},{"date" => "2001-05-10T15:05:54","version" => "0.63"},{"date" => "2001-07-05T15:19:21","version" => "0.65"},{"date" => "2001-08-23T17:45:28","version" => "0.75"},{"date" => "2001-08-27T16:15:20","version" => "0.77"},{"date" => "2001-10-24T16:30:10","version" => "0.79"},{"date" => "2001-11-14T17:30:01","version" => "0.80"},{"date" => "2001-11-19T20:57:43","version" => "0.81"},{"date" => "2002-02-05T21:55:06","version" => "0.82"},{"date" => "2002-06-20T20:21:27","version" => "0.84"},{"date" => "2003-03-07T15:29:18","version" => "0.85"},{"date" => "2003-11-06T20:11:03","version" => "0.86"},{"date" => "2004-02-15T06:20:34","version" => "0.87"},{"date" => "2005-05-05T01:51:14","version" => "0.88"},{"date" => "2005-06-21T21:24:27","version" => "0.88"},{"date" => "2005-11-23T08:40:11","version" => "0.89"},{"date" => "2005-12-05T21:19:07","version" => "0.90"},{"date" => "2006-03-08T22:27:33","version" => "0.91"},{"date" => "2006-03-22T17:26:29","version" => "0.92"},{"date" => "2006-03-24T20:03:25","version" => "0.93"},{"date" => "2006-07-12T02:54:02","version" => "0.94"},{"date" => "2007-02-03T08:23:04","version" => "0.95"},{"date" => "2007-03-26T15:01:13","version" => "0.96"},{"date" => "2007-07-25T16:29:47","version" => "0.97"},{"date" => "2010-07-13T19:27:21","version" => "0.99"},{"date" => "2011-07-22T12:36:35","version" => "0.99.6.1"},{"date" => "2012-05-30T15:41:07","version" => "2.000"},{"date" => "2012-05-30T21:48:13","version" => "2.001"},{"date" => "2012-05-31T21:43:35","version" => "2.002"},{"date" => "2012-06-06T19:31:21","version" => "2.003"},{"date" => "2012-06-08T17:22:50","version" => "2.004"},{"date" => "2012-06-12T19:40:55","version" => "2.005"},{"date" => "2012-06-20T22:51:22","version" => "2.006"},{"date" => "2013-01-10T07:47:04","version" => "2.007"},{"date" => "2014-05-12T18:22:26","version" => "2.008"},{"date" => "2017-08-10T21:13:01","version" => "2.009"},{"date" => "2021-03-22T15:23:31","version" => "2.010"},{"date" => "2022-12-02T00:35:10","version" => "2.011"},{"date" => "2022-12-02T04:19:54","version" => "2.012"},{"date" => "2022-12-03T01:57:05","version" => "2.013"},{"date" => "2023-03-14T17:16:00","version" => "2.014"},{"date" => "2026-01-22T06:48:54","version" => "2.015"},{"date" => "2026-01-28T01:58:44","version" => "2.016"},{"date" => "2026-02-09T07:04:13","version" => "2.017"},{"date" => "2026-02-18T03:45:06","version" => "2.018"}]},"Net-Server-Coro" => {"advisories" => [{"affected_versions" => ["<1.0"],"cves" => ["CVE-2011-0411"],"description" => "Remaining contents of the read buffer could allow plaintext injection attacks wherein attackers could cause nominally SSL-only commands to be executed by appending them to the end of a STARTTLS.\n","distribution" => "Net-Server-Coro","fixed_versions" => [">=1.0"],"id" => "CPANSA-Net-Server-Coro-2011-0411","references" => ["https://www.itsecdb.com/oval/definition/oval/org.opensuse.security/def/20110411/CVE-2011-0411.html","https://metacpan.org/dist/Net-Server-Coro/changes"],"reported" => "2011-03-16","severity" => undef}],"main_module" => "Net::Server::Coro","versions" => [{"date" => "2008-03-10T20:46:24","version" => "0.2"},{"date" => "2008-10-22T17:26:30","version" => "0.3"},{"date" => "2008-10-22T17:41:55","version" => "0.4"},{"date" => "2009-10-16T03:46:28","version" => "0.5"},{"date" => "2009-10-16T14:56:53","version" => "0.6"},{"date" => "2009-12-16T03:28:15","version" => "0.7"},{"date" => "2010-01-30T16:11:57","version" => "0.8"},{"date" => "2010-11-15T04:56:09","version" => "0.9"},{"date" => "2011-09-05T05:33:01","version" => "1.0"},{"date" => "2011-09-05T05:37:09","version" => "1.1"},{"date" => "2011-10-29T06:29:11","version" => "1.2"},{"date" => "2012-11-12T08:14:39","version" => "1.3"}]},"Net-Xero" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-56370"],"description" => "Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Net::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Net-Xero","fixed_versions" => [],"id" => "CPANSA-Net-Xero-2024-56370","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L58","https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L9","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Net::Xero","versions" => [{"date" => "2015-06-03T14:39:37","version" => "0.14"},{"date" => "2015-06-05T11:37:55","version" => "0.40"},{"date" => "2015-06-05T11:49:29","version" => "0.41"},{"date" => "2015-06-05T12:59:28","version" => "0.42"},{"date" => "2015-06-05T14:09:46","version" => "0.43"},{"date" => "2017-01-12T17:10:29","version" => "0.44"}]},"Nginx-Engine" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.06"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Engine","fixed_versions" => [],"id" => "CPANSA-Nginx-Engine-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=0.07,<=0.12"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Engine","fixed_versions" => [],"id" => "CPANSA-Nginx-Engine-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef}],"main_module" => "Nginx::Engine","versions" => [{"date" => "2010-12-29T03:17:47","version" => "0.01"},{"date" => "2010-12-29T23:10:29","version" => "0.02"},{"date" => "2011-01-01T23:25:22","version" => "0.03"},{"date" => "2011-01-07T17:59:46","version" => "0.04"},{"date" => "2011-01-11T01:02:07","version" => "0.05"},{"date" => "2011-03-13T21:15:24","version" => "0.06"},{"date" => "2011-06-29T23:21:28","version" => "0.07"},{"date" => "2011-06-30T18:47:28","version" => "0.08"},{"date" => "2011-07-03T02:02:40","version" => "0.09"},{"date" => "2011-07-24T01:46:43","version" => "0.10"},{"date" => "2011-08-16T17:05:53","version" => "0.11"},{"date" => "2011-11-23T00:09:16","version" => "0.12"}]},"Nginx-Perl" => {"advisories" => [{"affected_versions" => ["==1.1.9.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.11.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.13.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.14.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.15.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.16.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.1.17.1"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=1.1.18.1,<=1.1.18.2"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=1.1.19.2,<=1.1.19.3"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.2.0.4,==1.2.0.5"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.2.1.5"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => ["==1.2.2.5"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=1.2.6.5,<=1.2.6.6"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=1.2.9.6,<=1.2.9.7"],"cves" => ["CVE-2014-3616"],"description" => "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2014-3616-nginx","references" => ["http://www.debian.org/security/2014/dsa-3029","http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">=1.8.1.8,<=1.8.1.10"],"cves" => ["CVE-2016-0747"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0747-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","https://bugzilla.redhat.com/show_bug.cgi?id=1302589","http://www.ubuntu.com/usn/USN-2892-1","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "medium"}],"main_module" => "Nginx::Perl","versions" => [{"date" => "2011-12-22T01:23:05","version" => "1.1.9.1"},{"date" => "2011-12-22T01:59:52","version" => "1.1.11.1"},{"date" => "2012-01-22T03:51:35","version" => "v1.1.13.1"},{"date" => "2012-02-13T18:35:00","version" => "v1.1.14.1"},{"date" => "2012-02-15T22:56:02","version" => "v1.1.15.1"},{"date" => "2012-02-29T17:37:37","version" => "v1.1.16.1"},{"date" => "2012-03-15T15:04:38","version" => "v1.1.17.1"},{"date" => "2012-03-28T14:43:19","version" => "v1.1.18.1"},{"date" => "2012-04-12T13:30:24","version" => "v1.1.18.2"},{"date" => "2012-04-12T13:46:15","version" => "v1.1.19.2"},{"date" => "2012-04-13T01:53:10","version" => "v1.1.19.3"},{"date" => "2012-04-23T14:20:36","version" => "v1.2.0.4"},{"date" => "2012-05-10T23:38:18","version" => "v1.2.0.5"},{"date" => "2012-06-05T14:59:28","version" => "v1.2.1.5"},{"date" => "2012-07-07T14:27:33","version" => "v1.2.2.5"},{"date" => "2013-01-31T00:57:38","version" => "v1.2.2.5"},{"date" => "2013-01-31T06:18:23","version" => "v1.2.6.6"},{"date" => "2013-11-20T01:20:39","version" => "v1.2.6.6"},{"date" => "2013-11-20T02:04:33","version" => "v1.2.9.7"},{"date" => "2016-02-26T21:46:29","version" => "v1.8.1.8"},{"date" => "2016-04-13T19:54:21","version" => "v1.8.1.9"},{"date" => "2016-04-14T00:55:02","version" => "v1.8.1.10"}]},"Otogiri" => {"advisories" => [{"affected_versions" => ["<0.13"],"cves" => [],"description" => "A dependant module SQL::Maker without strict mode is vulnerable to SQL injection.\n","distribution" => "Otogiri","fixed_versions" => [">=0.13"],"id" => "CPANSA-Otogiri-2014-01","references" => ["https://github.com/ytnobody/Otogiri/commit/fac1592b3d153a6871ff1aed8016a6888cff9095","https://metacpan.org/changes/distribution/Otogiri"],"reported" => "2014-07-03"}],"main_module" => "Otogiri","versions" => [{"date" => "2013-10-30T06:45:51","version" => "0.01"},{"date" => "2013-11-08T08:36:50","version" => "0.02"},{"date" => "2013-11-09T05:00:47","version" => "0.03"},{"date" => "2013-12-27T00:15:23","version" => "0.04"},{"date" => "2013-12-28T15:54:15","version" => "0.05"},{"date" => "2014-01-14T09:13:18","version" => "0.06"},{"date" => "2014-02-25T06:25:50","version" => "0.07"},{"date" => "2014-03-18T04:14:12","version" => "0.08"},{"date" => "2014-03-18T05:07:37","version" => "0.09"},{"date" => "2014-05-13T12:58:21","version" => "0.10"},{"date" => "2014-05-30T10:11:18","version" => "0.11"},{"date" => "2014-06-05T08:30:13","version" => "0.12"},{"date" => "2014-07-03T12:40:28","version" => "0.13"},{"date" => "2014-12-18T08:37:33","version" => "0.14"},{"date" => "2015-01-11T04:56:15","version" => "0.15"},{"date" => "2015-11-13T07:18:18","version" => "0.16"},{"date" => "2016-02-02T05:58:26","version" => "0.17"},{"date" => "2017-05-19T01:37:05","version" => "0.18"},{"date" => "2020-01-17T11:12:52","version" => "0.19"},{"date" => "2023-10-15T02:01:31","version" => "0.20"},{"date" => "2023-10-15T02:02:58","version" => "0.21"},{"date" => "2023-12-10T00:23:20","version" => "0.22"},{"date" => "2024-06-08T13:42:18","version" => "0.23"},{"date" => "2025-09-29T08:35:44","version" => "0.24"}]},"PAR" => {"advisories" => [{"affected_versions" => ["<1.003"],"cves" => ["CVE-2011-4114"],"description" => "PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).\n","distribution" => "PAR","fixed_versions" => [">=1.003"],"id" => "CPANSA-PAR-2011-01","references" => ["https://metacpan.org/changes/distribution/PAR","https://rt.cpan.org/Public/Bug/Display.html?id=69560"],"reported" => "2011-07-18"},{"affected_versions" => ["<1.003"],"cves" => ["CVE-2011-5060"],"description" => "The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.\n","distribution" => "PAR","fixed_versions" => [">=1.003"],"id" => "CPANSA-PAR-2011-5060","references" => ["http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog","https://bugzilla.redhat.com/show_bug.cgi?id=753955","https://rt.cpan.org/Public/Bug/Display.html?id=69560","https://exchange.xforce.ibmcloud.com/vulnerabilities/72435"],"reported" => "2012-01-13","severity" => undef}],"main_module" => "PAR","versions" => [{"date" => "2002-10-18T20:38:24","version" => "0.01"},{"date" => "2002-10-18T21:07:35","version" => "0.02"},{"date" => "2002-10-18T22:18:06","version" => "0.03"},{"date" => "2002-10-19T02:46:52","version" => "0.04"},{"date" => "2002-10-19T14:33:26","version" => "0.05"},{"date" => "2002-10-19T15:31:54","version" => "0.06"},{"date" => "2002-10-19T17:38:40","version" => "0.10"},{"date" => "2002-10-19T22:30:34","version" => "0.11"},{"date" => "2002-10-20T13:00:43","version" => "0.12"},{"date" => "2002-10-21T17:29:03","version" => "0.13"},{"date" => "2002-10-27T10:38:32","version" => "0.14"},{"date" => "2002-10-27T17:52:07","version" => "0.15"},{"date" => "2002-11-02T02:20:38","version" => "0.20"},{"date" => "2002-11-02T21:26:48","version" => "0.21"},{"date" => "2002-11-03T13:05:06","version" => "0.22"},{"date" => "2002-11-05T14:36:58","version" => "0.30"},{"date" => "2002-11-05T22:23:36","version" => "0.40"},{"date" => "2002-11-06T12:25:00","version" => "0.41"},{"date" => "2002-11-07T00:48:34","version" => "0.42"},{"date" => "2002-11-07T14:41:31","version" => "0.43"},{"date" => "2002-11-08T15:01:18","version" => "0.44"},{"date" => "2002-11-08T21:01:12","version" => "0.45"},{"date" => "2002-11-09T23:02:45","version" => "0.46"},{"date" => "2002-11-10T06:56:37","version" => "0.47"},{"date" => "2002-11-13T11:32:10","version" => "0.48"},{"date" => "2002-11-23T14:45:40","version" => "0.49"},{"date" => "2002-12-03T01:00:23","version" => "0.50"},{"date" => "2002-12-11T14:30:53","version" => "0.51"},{"date" => "2002-12-17T04:06:52","version" => "0.60"},{"date" => "2002-12-17T11:49:44","version" => "0.61"},{"date" => "2003-01-09T11:16:42","version" => "0.62"},{"date" => "2003-02-06T00:38:33","version" => "0.63"},{"date" => "2003-03-01T15:54:25","version" => "0.64"},{"date" => "2003-03-09T14:31:52","version" => "0.65"},{"date" => "2003-03-19T15:54:32","version" => "0.66"},{"date" => "2003-03-31T19:58:56","version" => "0.66"},{"date" => "2003-05-16T17:35:22","version" => "0.67_89"},{"date" => "2003-05-25T19:09:58","version" => "0.68"},{"date" => "2003-05-31T13:12:53","version" => "0.69"},{"date" => "2003-07-08T15:39:11","version" => "0.69"},{"date" => "2003-07-16T08:20:09","version" => "0.69_91"},{"date" => "2003-07-27T14:13:18","version" => "0.69_93"},{"date" => "2003-07-29T08:21:31","version" => "0.70"},{"date" => "2003-07-30T13:57:01","version" => "0.71"},{"date" => "2003-08-02T13:11:15","version" => "0.72"},{"date" => "2003-08-06T09:16:17","version" => "0.73"},{"date" => "2003-08-25T13:39:35","version" => "0.74"},{"date" => "2003-09-21T10:58:00","version" => "0.75"},{"date" => "2003-10-23T04:45:55","version" => "0.75_99"},{"date" => "2003-10-28T12:21:23","version" => "0.76"},{"date" => "2003-12-11T23:00:26","version" => "0.76_98"},{"date" => "2003-12-28T02:31:29","version" => "0.76_99"},{"date" => "2003-12-31T15:33:24","version" => "0.77"},{"date" => "2004-01-03T17:36:11","version" => "0.77_98"},{"date" => "2004-01-04T20:30:15","version" => "0.77_99"},{"date" => "2004-01-06T21:26:43","version" => "0.78"},{"date" => "2004-01-08T11:35:51","version" => "0.79"},{"date" => "2004-02-15T23:25:34","version" => "0.79_97"},{"date" => "2004-02-27T15:58:33","version" => "0.79_98"},{"date" => "2004-02-27T23:54:39","version" => "0.79_98"},{"date" => "2004-03-03T14:49:47","version" => "0.79_99"},{"date" => "2004-03-16T17:04:25","version" => "0.80"},{"date" => "2004-03-28T14:43:14","version" => "0.80_99"},{"date" => "2004-05-22T19:13:38","version" => "0.81"},{"date" => "2004-05-24T14:59:45","version" => "0.82"},{"date" => "2004-05-29T16:02:03","version" => "0.83"},{"date" => "2004-07-02T10:59:55","version" => "0.85"},{"date" => "2004-08-30T22:49:15","version" => "0.85_01"},{"date" => "2004-12-11T03:49:09","version" => "0.86"},{"date" => "2005-01-30T19:04:55","version" => "0.87"},{"date" => "2005-06-07T09:13:43","version" => "0.88"},{"date" => "2005-06-10T15:49:20","version" => "0.89"},{"date" => "2005-11-25T23:01:00","version" => "0.90"},{"date" => "2006-02-15T09:33:05","version" => "0.91"},{"date" => "2006-03-04T20:16:36","version" => "0.91"},{"date" => "2006-05-19T13:37:12","version" => "0.93"},{"date" => "2006-06-02T10:25:51","version" => "0.93"},{"date" => "2006-06-20T20:44:56","version" => "0.93"},{"date" => "2006-07-22T19:59:13","version" => "0.942"},{"date" => "2006-08-05T11:28:06","version" => "0.950"},{"date" => "2006-08-11T15:51:56","version" => "0.950"},{"date" => "2006-08-12T12:35:34","version" => "0.950"},{"date" => "2006-08-22T14:14:35","version" => "0.952"},{"date" => "2006-09-26T20:18:06","version" => "0.954"},{"date" => "2006-10-03T12:35:05","version" => "0.955"},{"date" => "2006-10-03T12:58:55","version" => "0.956"},{"date" => "2006-10-24T16:42:26","version" => "0.957"},{"date" => "2006-11-11T14:33:23","version" => "0.958"},{"date" => "2006-11-12T11:48:37","version" => "0.959"},{"date" => "2006-11-21T12:02:35","version" => "0.960"},{"date" => "2006-12-01T14:19:55","version" => "0.969_01"},{"date" => "2006-12-03T17:25:33","version" => "0.970"},{"date" => "2007-01-10T17:58:01","version" => "0.970_01"},{"date" => "2007-01-12T11:02:02","version" => "0.971"},{"date" => "2007-01-16T15:23:38","version" => "0.972"},{"date" => "2007-02-03T11:40:25","version" => "0.973"},{"date" => "2007-07-29T11:17:27","version" => "0.976"},{"date" => "2007-12-20T21:17:26","version" => "0.977"},{"date" => "2008-05-13T12:44:22","version" => "0.979"},{"date" => "2008-05-22T11:41:38","version" => "0.980"},{"date" => "2008-08-09T22:17:14","version" => "0.980"},{"date" => "2008-08-10T21:39:41","version" => "0.980"},{"date" => "2008-09-12T15:02:23","version" => "0.983"},{"date" => "2009-01-25T22:31:20","version" => "0.984"},{"date" => "2009-02-02T01:40:36","version" => "0.985_01"},{"date" => "2009-02-19T16:04:27","version" => "0.986"},{"date" => "2009-02-20T14:30:08","version" => "0.987_01"},{"date" => "2009-03-02T14:47:14","version" => "0.988"},{"date" => "2009-03-02T14:56:44","version" => "0.989_01"},{"date" => "2009-03-10T15:11:05","version" => "0.991"},{"date" => "2009-04-05T11:32:48","version" => "0.992"},{"date" => "2009-07-19T16:37:30","version" => "0.993"},{"date" => "2009-07-23T13:08:07","version" => "0.994"},{"date" => "2010-04-10T14:05:52","version" => "1.000"},{"date" => "2010-07-25T09:32:33","version" => "1.001"},{"date" => "2010-07-25T10:07:06","version" => "1.002"},{"date" => "2011-11-28T16:53:29","version" => "1.003"},{"date" => "2011-11-30T22:31:25","version" => "1.004"},{"date" => "2011-12-02T13:53:02","version" => "1.005"},{"date" => "2012-10-14T22:45:17","version" => "1.006"},{"date" => "2012-10-22T21:50:20","version" => "1.007"},{"date" => "2015-01-24T14:11:44","version" => "1.008"},{"date" => "2015-04-22T15:26:50","version" => "1.009"},{"date" => "2015-07-13T10:56:21","version" => "1.010"},{"date" => "2016-09-18T11:33:22","version" => "1.011"},{"date" => "2016-11-25T16:06:43","version" => "1.012"},{"date" => "2016-11-27T16:51:00","version" => "1.013"},{"date" => "2016-12-18T16:36:08","version" => "1.014"},{"date" => "2017-04-13T15:29:12","version" => "1.015"},{"date" => "2019-05-20T18:13:46","version" => "1.016"},{"date" => "2021-01-13T14:51:49","version" => "1.017"},{"date" => "2022-09-28T20:53:07","version" => "1.018"},{"date" => "2023-11-01T13:25:01","version" => "1.019"},{"date" => "2024-03-04T10:49:29","version" => "1.020"},{"date" => "2025-07-31T12:02:34","version" => "1.021"}]},"PAR-Packer" => {"advisories" => [{"affected_versions" => ["<1.011"],"cves" => ["CVE-2011-4114"],"description" => "PAR packed files are extracted to unsafe and predictable temporary directories.\n","distribution" => "PAR-Packer","fixed_versions" => [">=1.011"],"id" => "CPANSA-PAR-Packer-2011-01","references" => ["https://metacpan.org/changes/distribution/PAR-Packer","https://rt.cpan.org/Public/Bug/Display.html?id=69560"],"reported" => "2011-07-18"}],"main_module" => "PAR::Packer","versions" => [{"date" => "2006-12-01T14:20:06","version" => "0.969_01"},{"date" => "2006-12-03T17:36:32","version" => "0.970"},{"date" => "2007-02-03T12:27:07","version" => "0.973"},{"date" => "2007-05-07T18:21:52","version" => "0.975"},{"date" => "2007-07-29T11:50:15","version" => "0.976"},{"date" => "2007-12-20T21:39:30","version" => "0.977"},{"date" => "2008-02-29T18:37:56","version" => "0.978"},{"date" => "2008-05-13T15:45:56","version" => "0.979"},{"date" => "2008-05-14T10:27:09","version" => "0.980"},{"date" => "2008-07-29T15:44:11","version" => "0.982"},{"date" => "2009-03-10T15:55:06","version" => "0.980"},{"date" => "2009-03-21T11:20:02","version" => "0.991"},{"date" => "2009-07-19T16:47:51","version" => "0.992_01"},{"date" => "2009-07-23T13:18:32","version" => "0.992_02"},{"date" => "2009-07-24T18:30:24","version" => "0.992_03"},{"date" => "2009-09-11T07:38:47","version" => "0.992_04"},{"date" => "2009-11-13T09:01:15","version" => "0.992_05"},{"date" => "2009-11-20T13:59:38","version" => "0.992_06"},{"date" => "2009-11-22T13:08:12","version" => "1.000"},{"date" => "2009-11-24T11:16:58","version" => "1.001"},{"date" => "2009-12-17T20:55:25","version" => "1.002"},{"date" => "2010-04-10T17:57:57","version" => "1.003"},{"date" => "2010-04-20T12:10:24","version" => "1.004"},{"date" => "2010-06-05T15:54:54","version" => "1.005"},{"date" => "2010-06-26T11:23:34","version" => "1.006"},{"date" => "2010-09-09T16:42:00","version" => "1.007"},{"date" => "2010-11-21T17:11:43","version" => "1.008"},{"date" => "2011-03-26T13:36:55","version" => "1.009"},{"date" => "2011-07-13T14:10:05","version" => "1.010"},{"date" => "2011-12-01T21:08:37","version" => "1.011"},{"date" => "2011-12-02T17:53:42","version" => "1.012"},{"date" => "2012-02-22T09:58:04","version" => "1.013"},{"date" => "2012-12-21T15:55:13","version" => "1.014"},{"date" => "2013-10-09T12:06:04","version" => "1.015"},{"date" => "2013-11-30T19:03:48","version" => "1.016"},{"date" => "2013-12-03T23:53:51","version" => "1.017"},{"date" => "2014-05-18T16:52:34","version" => "1.018"},{"date" => "2014-07-07T14:25:15","version" => "1.019"},{"date" => "2014-08-24T13:27:57","version" => "1.020"},{"date" => "2014-09-14T13:49:37","version" => "1.021"},{"date" => "2014-09-19T10:07:30","version" => "1.022"},{"date" => "2014-11-02T14:32:42","version" => "1.023"},{"date" => "2014-11-07T09:04:07","version" => "1.024"},{"date" => "2015-01-24T16:52:17","version" => "1.025"},{"date" => "2015-07-19T13:14:40","version" => "1.026"},{"date" => "2015-11-18T16:58:33","version" => "1.027"},{"date" => "2015-11-19T09:05:09","version" => "1.027"},{"date" => "2016-01-12T16:24:46","version" => "1.029"},{"date" => "2016-02-02T14:54:21","version" => "1.029_01"},{"date" => "2016-02-11T14:08:57","version" => "1.029_02"},{"date" => "2016-02-25T08:41:55","version" => "1.029_03"},{"date" => "2016-02-29T08:36:46","version" => "1.029_04"},{"date" => "2016-03-29T08:29:59","version" => "1.030"},{"date" => "2016-04-10T17:15:52","version" => "1.031"},{"date" => "2016-04-29T17:01:57","version" => "1.031_01"},{"date" => "2016-05-07T09:59:28","version" => "1.032"},{"date" => "2016-05-19T09:50:49","version" => "1.033"},{"date" => "2016-07-17T12:38:31","version" => "1.034"},{"date" => "2016-07-23T12:04:14","version" => "1.035"},{"date" => "2016-12-04T17:13:20","version" => "1.035_001"},{"date" => "2016-12-19T19:35:16","version" => "1.035_002"},{"date" => "2016-12-30T11:06:25","version" => "1.036"},{"date" => "2017-03-22T19:29:19","version" => "1.036_001"},{"date" => "2017-05-14T11:54:43","version" => "1.036_002"},{"date" => "2017-05-28T11:33:53","version" => "1.037"},{"date" => "2017-09-27T19:40:44","version" => "1.038"},{"date" => "2017-09-28T05:13:05","version" => "1.039"},{"date" => "2017-10-10T17:00:14","version" => "1.039_001"},{"date" => "2017-10-13T12:05:52","version" => "1.039_002"},{"date" => "2017-10-16T20:46:49","version" => "1.039_003"},{"date" => "2017-10-17T17:07:49","version" => "1.039_004"},{"date" => "2017-10-21T16:09:18","version" => "1.040"},{"date" => "2017-11-08T17:07:11","version" => "1.041"},{"date" => "2018-04-02T21:46:01","version" => "1.042"},{"date" => "2018-04-03T11:26:08","version" => "1.043"},{"date" => "2018-06-06T22:03:32","version" => "1.044"},{"date" => "2018-06-12T19:04:22","version" => "1.045"},{"date" => "2018-08-17T22:20:28","version" => "1.046"},{"date" => "2018-08-19T09:17:57","version" => "1.047"},{"date" => "2019-03-04T09:42:35","version" => "1.047_001"},{"date" => "2019-03-04T15:33:14","version" => "1.047_002"},{"date" => "2019-03-06T17:39:18","version" => "1.047_003"},{"date" => "2019-04-29T11:53:04","version" => "1.048"},{"date" => "2019-05-31T11:58:05","version" => "1.049"},{"date" => "2020-03-08T15:56:09","version" => "1.049_001"},{"date" => "2020-03-08T22:53:16","version" => "1.049_002"},{"date" => "2020-03-08T22:58:32","version" => "1.049_003"},{"date" => "2020-03-10T13:51:31","version" => "1.049_004"},{"date" => "2020-03-18T08:14:29","version" => "1.050"},{"date" => "2020-11-29T22:25:00","version" => "1.051"},{"date" => "2021-01-13T15:44:24","version" => "1.052"},{"date" => "2022-01-25T15:25:10","version" => "1.053"},{"date" => "2022-01-27T11:05:32","version" => "1.054"},{"date" => "2022-07-03T16:27:19","version" => "1.055"},{"date" => "2022-08-31T07:56:09","version" => "1.055_01"},{"date" => "2022-09-05T10:12:07","version" => "1.056"},{"date" => "2022-11-25T09:12:00","version" => "1.056_01"},{"date" => "2022-11-27T15:25:29","version" => "1.056_02"},{"date" => "2022-11-29T11:33:29","version" => "1.057"},{"date" => "2023-05-24T11:53:27","version" => "1.057_001"},{"date" => "2023-06-07T14:56:47","version" => "1.057_002"},{"date" => "2023-06-12T09:14:24","version" => "1.058"},{"date" => "2023-07-20T14:13:30","version" => "1.059"},{"date" => "2023-12-15T14:05:16","version" => "1.061"},{"date" => "2024-03-05T14:01:26","version" => "1.062"},{"date" => "2024-03-10T13:46:23","version" => "1.062_001"},{"date" => "2024-03-11T13:08:45","version" => "1.062_002"},{"date" => "2024-03-15T12:57:23","version" => "1.063"},{"date" => "2024-06-24T09:05:18","version" => "1.063_001"},{"date" => "2025-07-08T11:36:24","version" => "1.064"}]},"PApp" => {"advisories" => [{"affected_versions" => ["<0.11"],"cves" => [],"description" => "Testing for nonexistant access rights always returned true.\n","distribution" => "PApp","fixed_versions" => [">=0.11"],"id" => "CPANSA-PApp-2001-01","references" => ["https://metacpan.org/dist/PApp/changes"],"reported" => "2001-10-27","severity" => undef}],"main_module" => "PApp","versions" => [{"date" => "2000-04-11T19:29:07","version" => "0.02"},{"date" => "2000-04-14T01:33:03","version" => "0.03"},{"date" => "2000-05-11T01:27:39","version" => "0.04"},{"date" => "2000-05-27T20:43:50","version" => "0.05"},{"date" => "2000-06-07T19:56:36","version" => "0.06"},{"date" => "2000-06-09T20:15:48","version" => "0.07"},{"date" => "2000-06-18T21:57:46","version" => "0.08"},{"date" => "2001-02-25T17:23:00","version" => "0.12"},{"date" => "2001-11-30T10:35:30","version" => "0.121"},{"date" => "2001-12-03T18:35:13","version" => "0.122"},{"date" => "2002-04-16T17:20:02","version" => "0.142"},{"date" => "2002-09-27T09:55:48","version" => "0.143"},{"date" => "2002-11-15T19:09:27","version" => "0.2"},{"date" => "2003-11-01T21:22:27","version" => "0.22"},{"date" => "2004-04-24T07:18:03","version" => "0.95"},{"date" => "2004-11-23T17:16:58","version" => 1},{"date" => "2005-09-04T14:32:15","version" => "1.1"},{"date" => "2007-01-06T19:32:19","version" => "1.2"},{"date" => "2008-01-20T12:37:14","version" => "1.4"},{"date" => "2008-01-28T20:07:08","version" => "1.41"},{"date" => "2008-11-26T07:18:45","version" => "1.42"},{"date" => "2008-12-09T17:23:32","version" => "1.43"},{"date" => "2010-01-30T03:08:38","version" => "1.44"},{"date" => "2010-11-21T07:30:21","version" => "1.45"},{"date" => "2013-03-19T12:24:55","version" => "2.0"},{"date" => "2016-02-11T07:21:31","version" => "2.1"},{"date" => "2020-02-17T11:04:59","version" => "2.2"},{"date" => "2023-08-02T22:30:09","version" => "2.3"},{"date" => "2026-01-13T22:30:41","version" => "2.4"}]},"PGObject-Util-DBAdmin" => {"advisories" => [{"affected_versions" => ["<1.6.0"],"cves" => ["CVE-2018-9246"],"description" => "The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.\n","distribution" => "PGObject-Util-DBAdmin","fixed_versions" => [">=1.6.0"],"id" => "CPANSA-PGObject-Util-DBAdmin-2018-01","references" => ["https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"],"reported" => "2018-06-18"}],"main_module" => "PGObject::Util::DBAdmin","versions" => [{"date" => "2014-09-11T11:20:13","version" => "0.01"},{"date" => "2014-09-12T02:45:35","version" => "0.02"},{"date" => "2014-09-13T02:03:16","version" => "0.03"},{"date" => "2014-09-13T14:37:42","version" => "0.04"},{"date" => "2014-09-14T07:48:28","version" => "0.05"},{"date" => "2014-09-17T08:27:06","version" => "0.06"},{"date" => "2015-07-16T14:55:28","version" => "0.07"},{"date" => "2016-02-11T18:01:16","version" => "0.08"},{"date" => "2016-07-18T11:03:07","version" => "0.09"},{"date" => "2016-12-16T21:20:09","version" => "v0.09.0"},{"date" => "2016-12-16T21:36:46","version" => "v0.10.0"},{"date" => "2016-12-16T21:43:21","version" => "v0.100.0"},{"date" => "2018-03-31T14:06:25","version" => "v0.120.0"},{"date" => "2018-05-06T09:28:39","version" => "v0.130.0"},{"date" => "2018-06-05T19:29:29","version" => "v0.130.1"},{"date" => "2019-07-07T08:06:48","version" => "v0.131.0"},{"date" => "2019-07-08T20:46:34","version" => "v1.0.0"},{"date" => "2019-07-09T18:04:14","version" => "v1.0.1"},{"date" => "2019-09-20T06:49:02","version" => "v1.0.2"},{"date" => "2019-09-29T18:24:55","version" => "v1.0.3"},{"date" => "2020-09-21T21:20:33","version" => "v1.1.0"},{"date" => "2020-10-21T20:17:28","version" => "v1.2.0"},{"date" => "2020-10-21T22:24:41","version" => "v1.2.1"},{"date" => "2020-10-23T18:46:24","version" => "v1.2.2"},{"date" => "2020-10-24T07:08:10","version" => "v1.2.3"},{"date" => "2020-10-24T19:58:09","version" => "v1.3.0"},{"date" => "2020-10-25T12:15:26","version" => "v1.4.0"},{"date" => "2021-09-24T12:47:40","version" => "v1.5.0"},{"date" => "2021-11-07T12:22:17","version" => "v1.6.0"},{"date" => "2021-11-07T14:17:22","version" => "v1.6.1"},{"date" => "2024-09-13T19:24:01","version" => "v1.6.2"}]},"POE-Component-IRC" => {"advisories" => [{"affected_versions" => ["<6.32"],"cves" => ["CVE-2010-3438"],"description" => "libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as \\\"some text\\\\rQUIT\\\" to the 'privmsg' handler, which would cause the client to disconnect from the server.\n","distribution" => "POE-Component-IRC","fixed_versions" => [">=6.32"],"id" => "CPANSA-Poe-Component-IRC-2010-3438","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438","https://security-tracker.debian.org/tracker/CVE-2010-3438"],"reported" => "2019-11-12","severity" => "critical"}],"main_module" => "POE::Component::IRC","versions" => [{"date" => "2001-01-14T01:08:55","version" => "1.0"},{"date" => "2001-02-21T23:20:30","version" => "1.0"},{"date" => "2001-03-02T11:10:34","version" => "1.1"},{"date" => "2001-05-24T09:39:58","version" => "1.2"},{"date" => "2001-07-01T00:29:06","version" => "1.3"},{"date" => "2001-07-03T00:23:58","version" => "1.4"},{"date" => "2001-07-05T22:29:01","version" => "1.5"},{"date" => "2001-07-07T02:07:09","version" => "1.6"},{"date" => "2001-07-21T08:09:18","version" => "1.7"},{"date" => "2001-12-11T00:06:53","version" => "1.8"},{"date" => "2001-12-13T07:07:40","version" => "1.9"},{"date" => "2002-02-22T23:26:52","version" => "2.0"},{"date" => "2002-03-05T01:19:43","version" => "2.1"},{"date" => "2002-05-24T20:54:40","version" => "2.2"},{"date" => "2002-09-06T15:29:09","version" => "2.3"},{"date" => "2002-10-10T21:24:56","version" => "2.4"},{"date" => "2002-10-27T19:02:42","version" => "2.5"},{"date" => "2002-12-12T04:30:15","version" => "2.6"},{"date" => "2003-02-02T23:23:52","version" => "2.7"},{"date" => "2003-06-07T23:25:07","version" => "2.8"},{"date" => "2003-07-19T20:38:58","version" => "2.9"},{"date" => "2004-12-31T13:57:37","version" => "3.0"},{"date" => "2005-01-21T12:36:21","version" => "3.1"},{"date" => "2005-02-02T11:58:41","version" => "3.2"},{"date" => "2005-02-02T14:17:25","version" => "3.3"},{"date" => "2005-02-18T15:40:19","version" => "3.4"},{"date" => "2005-02-23T13:35:13","version" => "3.4"},{"date" => "2005-03-01T18:10:05","version" => "3.4"},{"date" => "2005-03-04T17:53:49","version" => "3.4"},{"date" => "2005-03-14T10:31:33","version" => "3.4"},{"date" => "2005-03-21T09:24:00","version" => "3.4"},{"date" => "2005-04-05T09:50:19","version" => "4.0"},{"date" => "2005-04-11T10:31:43","version" => "4.1"},{"date" => "2005-04-14T19:46:49","version" => "4.2"},{"date" => "2005-04-20T08:35:06","version" => "4.3"},{"date" => "2005-04-28T14:23:29","version" => "4.4"},{"date" => "2005-05-22T15:26:46","version" => "4.5"},{"date" => "2005-06-01T14:33:57","version" => "4.6"},{"date" => "2005-06-02T09:53:57","version" => "4.61"},{"date" => "2005-06-02T15:47:47","version" => "4.62"},{"date" => "2005-06-16T21:03:43","version" => "4.63"},{"date" => "2005-07-05T15:28:06","version" => "4.64"},{"date" => "2005-07-13T16:52:52","version" => "4.65"},{"date" => "2005-07-28T17:16:01","version" => "4.66"},{"date" => "2005-08-25T13:31:53","version" => "4.67"},{"date" => "2005-09-02T12:35:28","version" => "4.68"},{"date" => "2005-09-05T11:27:29","version" => "4.69"},{"date" => "2005-09-16T15:59:06","version" => "4.70"},{"date" => "2005-10-13T18:10:10","version" => "4.71"},{"date" => "2005-10-25T18:07:42","version" => "4.72"},{"date" => "2005-10-26T06:43:59","version" => "4.73"},{"date" => "2005-10-26T08:21:25","version" => "4.74"},{"date" => "2005-12-04T17:50:30","version" => "4.75"},{"date" => "2005-12-23T15:22:40","version" => "4.76"},{"date" => "2005-12-26T17:08:35","version" => "4.77"},{"date" => "2006-01-10T22:07:46","version" => "4.78"},{"date" => "2006-01-15T17:09:57","version" => "4.79"},{"date" => "2006-03-16T16:53:54","version" => "4.80"},{"date" => "2006-03-31T16:02:38","version" => "4.81"},{"date" => "2006-04-11T18:38:36","version" => "4.82"},{"date" => "2006-04-11T19:50:58","version" => "4.83"},{"date" => "2006-04-12T13:40:40","version" => "4.84"},{"date" => "2006-04-13T11:43:55","version" => "4.85"},{"date" => "2006-04-27T20:45:17","version" => "4.86"},{"date" => "2006-05-06T16:13:30","version" => "4.87"},{"date" => "2006-05-21T17:09:49","version" => "4.88"},{"date" => "2006-05-22T08:21:25","version" => "4.89"},{"date" => "2006-05-22T12:56:03","version" => "4.90"},{"date" => "2006-06-01T20:15:32","version" => "4.91"},{"date" => "2006-06-11T17:15:17","version" => "4.92"},{"date" => "2006-06-13T18:29:21","version" => "4.93"},{"date" => "2006-07-02T09:10:52","version" => "4.94"},{"date" => "2006-07-05T10:47:35","version" => "4.95"},{"date" => "2006-07-16T13:37:50","version" => "4.96"},{"date" => "2006-07-24T11:55:01","version" => "4.97"},{"date" => "2006-08-18T11:39:13","version" => "4.98"},{"date" => "2006-08-29T16:57:17","version" => "4.99"},{"date" => "2006-09-01T01:32:30","version" => "5.00"},{"date" => "2006-09-07T17:03:08","version" => "5.01"},{"date" => "2006-09-08T15:45:55","version" => "5.02"},{"date" => "2006-09-16T13:33:43","version" => "5.03"},{"date" => "2006-09-25T12:40:35","version" => "5.04"},{"date" => "2006-10-06T14:02:37","version" => "5.05"},{"date" => "2006-10-12T12:29:17","version" => "5.06"},{"date" => "2006-10-17T10:57:25","version" => "5.07"},{"date" => "2006-10-23T12:43:37","version" => "5.08"},{"date" => "2006-10-24T14:15:06","version" => "5.09"},{"date" => "2006-10-24T17:18:06","version" => "5.10"},{"date" => "2006-10-25T15:51:16","version" => "5.11"},{"date" => "2006-11-16T14:01:15","version" => "5.12"},{"date" => "2006-11-19T14:34:09","version" => "5.13"},{"date" => "2006-11-29T11:10:54","version" => "5.14"},{"date" => "2006-12-05T19:42:12","version" => "5.15"},{"date" => "2006-12-06T12:27:38","version" => "5.16"},{"date" => "2006-12-12T23:09:26","version" => "5.17"},{"date" => "2006-12-29T11:08:52","version" => "5.18"},{"date" => "2007-01-31T12:06:39","version" => "5.19"},{"date" => "2007-01-31T17:37:46","version" => "5.20"},{"date" => "2007-02-01T12:39:18","version" => "5.21"},{"date" => "2007-02-02T12:55:07","version" => "5.22"},{"date" => "2007-04-12T15:28:46","version" => "5.23"},{"date" => "2007-04-16T12:51:48","version" => "5.24"},{"date" => "2007-04-29T12:19:32","version" => "5.25"},{"date" => "2007-04-29T14:33:13","version" => "5.26"},{"date" => "2007-05-01T13:21:57","version" => "5.27"},{"date" => "2007-05-01T14:14:27","version" => "5.28"},{"date" => "2007-05-03T12:51:34","version" => "5.29"},{"date" => "2007-05-08T18:38:59","version" => "5.30"},{"date" => "2007-05-18T09:26:43","version" => "5.31_01"},{"date" => "2007-05-31T15:25:34","version" => "5.31_02"},{"date" => "2007-06-01T10:02:23","version" => "5.31_03"},{"date" => "2007-06-05T08:46:20","version" => "5.31_04"},{"date" => "2007-06-11T09:30:57","version" => "5.31_05"},{"date" => "2007-06-12T11:28:18","version" => "5.32"},{"date" => "2007-07-10T17:11:05","version" => "5.33_01"},{"date" => "2007-07-25T10:01:32","version" => "5.34"},{"date" => "2007-11-01T14:32:47","version" => "5.36"},{"date" => "2007-12-05T21:26:00","version" => "5.37_01"},{"date" => "2007-12-06T08:53:09","version" => "5.37_02"},{"date" => "2007-12-06T17:35:01","version" => "5.38"},{"date" => "2007-12-26T11:03:08","version" => "5.40"},{"date" => "2007-12-31T12:44:42","version" => "5.42"},{"date" => "2008-01-01T14:10:56","version" => "5.44"},{"date" => "2008-01-03T15:21:36","version" => "5.46"},{"date" => "2008-01-10T20:32:12","version" => "5.48"},{"date" => "2008-01-13T10:30:41","version" => "5.50"},{"date" => "2008-01-14T08:06:32","version" => "5.52"},{"date" => "2008-01-27T09:43:44","version" => "5.54"},{"date" => "2008-01-31T13:13:54","version" => "5.56"},{"date" => "2008-02-04T08:13:31","version" => "5.58"},{"date" => "2008-02-06T13:54:09","version" => "5.60"},{"date" => "2008-02-07T16:42:54","version" => "5.62"},{"date" => "2008-02-16T08:35:10","version" => "5.64"},{"date" => "2008-02-18T22:11:13","version" => "5.66"},{"date" => "2008-02-20T20:00:00","version" => "5.68"},{"date" => "2008-03-03T10:51:33","version" => "5.70"},{"date" => "2008-03-21T10:56:45","version" => "5.72"},{"date" => "2008-04-02T15:23:28","version" => "5.74"},{"date" => "2008-04-24T15:13:29","version" => "5.76"},{"date" => "2008-05-30T07:16:00","version" => "5.78"},{"date" => "2008-06-12T15:42:21","version" => "5.80"},{"date" => "2008-06-14T08:49:07","version" => "5.82"},{"date" => "2008-06-26T19:16:22","version" => "5.84"},{"date" => "2008-07-22T09:11:40","version" => "5.86"},{"date" => "2008-08-28T15:06:57","version" => "5.88"},{"date" => "2009-01-22T11:04:20","version" => "5.90"},{"date" => "2009-01-27T13:08:53","version" => "5.92"},{"date" => "2009-01-27T21:56:50","version" => "5.94"},{"date" => "2009-01-28T12:02:40","version" => "5.96"},{"date" => "2009-03-02T23:16:08","version" => "5.98"},{"date" => "2009-03-04T23:31:34","version" => "6.00"},{"date" => "2009-03-06T11:07:07","version" => "6.02"},{"date" => "2009-03-07T23:41:08","version" => "6.04"},{"date" => "2009-04-11T09:24:16","version" => "6.05_01"},{"date" => "2009-04-30T12:12:52","version" => "6.06"},{"date" => "2009-05-29T11:58:02","version" => "6.08"},{"date" => "2009-07-09T20:20:10","version" => "6.09_01"},{"date" => "2009-07-10T09:17:48","version" => "6.09_02"},{"date" => "2009-07-10T14:24:17","version" => "6.09_03"},{"date" => "2009-07-12T20:52:44","version" => "6.09_04"},{"date" => "2009-07-16T14:20:12","version" => "6.09_05"},{"date" => "2009-07-17T10:23:41","version" => "6.09_06"},{"date" => "2009-07-21T06:26:37","version" => "6.09_07"},{"date" => "2009-07-27T12:19:55","version" => "6.09_08"},{"date" => "2009-07-29T11:16:27","version" => "6.09_09"},{"date" => "2009-07-30T13:40:56","version" => "6.09_10"},{"date" => "2009-08-07T12:59:58","version" => "6.09_11"},{"date" => "2009-08-14T20:49:04","version" => "6.10"},{"date" => "2009-08-19T09:21:27","version" => "6.11_01"},{"date" => "2009-09-10T09:00:17","version" => "6.12"},{"date" => "2009-09-24T15:13:45","version" => "6.14"},{"date" => "2009-10-11T09:02:32","version" => "6.16"},{"date" => "2009-12-11T19:28:22","version" => "6.18"},{"date" => "2010-01-15T18:42:20","version" => "6.20"},{"date" => "2010-01-20T01:54:34","version" => "6.22"},{"date" => "2010-02-12T02:47:46","version" => "6.24"},{"date" => "2010-03-14T07:34:45","version" => "6.26"},{"date" => "2010-03-14T10:57:17","version" => "6.28"},{"date" => "2010-05-10T14:40:23","version" => "6.30"},{"date" => "2010-05-11T13:45:23","version" => "6.32"},{"date" => "2010-06-21T20:28:42","version" => "6.33"},{"date" => "2010-06-25T18:17:14","version" => "6.34"},{"date" => "2010-06-27T09:33:18","version" => "6.35"},{"date" => "2010-07-26T03:54:08","version" => "6.36"},{"date" => "2010-08-17T23:08:39","version" => "6.37"},{"date" => "2010-09-03T18:33:58","version" => "6.38"},{"date" => "2010-09-04T02:16:21","version" => "6.39"},{"date" => "2010-09-09T06:56:17","version" => "6.40"},{"date" => "2010-09-23T21:34:09","version" => "6.41"},{"date" => "2010-09-25T09:40:47","version" => "6.42"},{"date" => "2010-09-25T21:30:54","version" => "6.43"},{"date" => "2010-09-25T23:35:19","version" => "6.44"},{"date" => "2010-09-26T03:42:36","version" => "6.45"},{"date" => "2010-09-29T04:59:09","version" => "6.46"},{"date" => "2010-10-03T15:29:13","version" => "6.47"},{"date" => "2010-10-03T19:50:31","version" => "6.48"},{"date" => "2010-10-16T19:05:02","version" => "6.49"},{"date" => "2010-11-03T02:06:04","version" => "6.50"},{"date" => "2010-11-05T11:29:30","version" => "6.51"},{"date" => "2010-11-05T17:26:55","version" => "6.52"},{"date" => "2011-03-10T15:39:11","version" => "6.53"},{"date" => "2011-03-10T18:21:18","version" => "6.54"},{"date" => "2011-04-01T18:38:19","version" => "6.55"},{"date" => "2011-04-01T20:05:44","version" => "6.56"},{"date" => "2011-04-02T03:41:42","version" => "6.57"},{"date" => "2011-04-04T17:52:07","version" => "6.58"},{"date" => "2011-04-04T20:23:21","version" => "6.59"},{"date" => "2011-04-15T06:13:37","version" => "6.60"},{"date" => "2011-04-19T17:04:11","version" => "6.61"},{"date" => "2011-05-03T11:00:14","version" => "6.62"},{"date" => "2011-05-15T05:08:04","version" => "6.63"},{"date" => "2011-05-15T10:00:34","version" => "6.64"},{"date" => "2011-05-19T01:55:49","version" => "6.65"},{"date" => "2011-05-19T22:33:07","version" => "6.66"},{"date" => "2011-05-22T16:45:17","version" => "6.67"},{"date" => "2011-05-22T17:02:27","version" => "6.68"},{"date" => "2011-07-29T01:54:20","version" => "6.69"},{"date" => "2011-08-02T03:40:17","version" => "6.70"},{"date" => "2011-09-18T16:08:38","version" => "6.71"},{"date" => "2011-10-07T15:42:11","version" => "6.72"},{"date" => "2011-10-08T04:41:24","version" => "6.73"},{"date" => "2011-10-09T20:16:25","version" => "6.74"},{"date" => "2011-11-13T14:26:23","version" => "6.75"},{"date" => "2011-11-29T03:25:52","version" => "6.76"},{"date" => "2011-12-02T03:56:47","version" => "6.77"},{"date" => "2011-12-07T20:30:42","version" => "6.78"},{"date" => "2012-09-19T13:26:08","version" => "6.79"},{"date" => "2012-09-20T08:55:35","version" => "6.80"},{"date" => "2012-11-23T15:56:03","version" => "6.81"},{"date" => "2013-03-09T22:17:24","version" => "6.82"},{"date" => "2013-05-27T09:43:25","version" => "6.83"},{"date" => "2014-06-17T09:47:20","version" => "6.84"},{"date" => "2014-06-19T09:22:12","version" => "6.85"},{"date" => "2014-06-20T10:14:59","version" => "6.86"},{"date" => "2014-06-21T14:09:46","version" => "6.87"},{"date" => "2014-06-28T12:16:18","version" => "6.88"},{"date" => "2017-09-05T18:14:17","version" => "6.89"},{"date" => "2017-09-05T18:19:13","version" => "6.90"},{"date" => "2021-06-05T12:55:31","version" => "6.91"},{"date" => "2021-06-08T13:32:11","version" => "6.92"},{"date" => "2021-06-15T18:29:10","version" => "6.93"},{"date" => "2025-07-07T00:26:11","version" => "6.94"},{"date" => "2025-07-07T01:32:11","version" => "6.95"}]},"POSIX-2008" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "POSIX::2008's implementation of readlink() and readlinkat(). The underlying syscalls do not add any null terminator byte at the end of the output buffer, but _readlink50c() in 2008.XS also fails to add a null terminator before returning the result string to perl. This results in arbitrary memory contents being visible in the result returned to perl code by readlink() and readlinkat(). At the very least, this causes failures in any downstream code that attempts to access whatever filename (plus the erroneous garbage) was linked to.\n","distribution" => "POSIX-2008","fixed_versions" => [">=0.04"],"id" => "CPANSA-POSIX-2008-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=96644"],"reported" => undef,"severity" => undef},{"affected_versions" => ["<0.24"],"cves" => ["CVE-2024-55564"],"description" => "Fixed potential env buffer overflow in _execve50c()\n","distribution" => "POSIX-2008","fixed_versions" => [">=0.24"],"id" => "CPANSA-POSIX-2008-002","references" => ["https://metacpan.org/release/CGPAN/POSIX-2008-0.24/source/Changes"],"reported" => undef,"severity" => undef}],"main_module" => "POSIX::2008","versions" => [{"date" => "2013-09-13T17:14:53","version" => "0.01"},{"date" => "2013-09-14T16:20:56","version" => "0.02"},{"date" => "2013-09-16T09:32:15","version" => "0.03"},{"date" => "2015-05-25T13:51:17","version" => "0.04"},{"date" => "2017-08-25T20:52:28","version" => "0.05"},{"date" => "2017-08-26T17:21:09","version" => "0.06"},{"date" => "2017-08-27T14:55:54","version" => "0.07"},{"date" => "2017-08-31T18:14:24","version" => "0.08"},{"date" => "2017-09-01T10:14:04","version" => "0.09"},{"date" => "2017-09-02T09:15:21","version" => "0.10"},{"date" => "2017-09-02T13:11:19","version" => "0.11"},{"date" => "2017-09-03T20:02:26","version" => "0.12"},{"date" => "2017-09-08T11:50:51","version" => "0.13"},{"date" => "2017-09-09T18:04:53","version" => "0.14"},{"date" => "2017-09-10T12:50:52","version" => "0.15"},{"date" => "2017-09-15T14:59:53","version" => "0.16"},{"date" => "2023-06-01T13:51:43","version" => "0.18"},{"date" => "2023-07-07T13:52:59","version" => "0.19"},{"date" => "2023-07-08T12:09:34","version" => "0.20_01"},{"date" => "2023-07-09T08:25:58","version" => "0.20_02"},{"date" => "2023-07-11T15:26:35","version" => "0.20_03"},{"date" => "2023-07-12T17:47:09","version" => "0.20_04"},{"date" => "2023-07-13T17:26:29","version" => "0.20_05"},{"date" => "2023-07-14T15:57:30","version" => "0.20"},{"date" => "2023-11-16T19:54:40","version" => "0.21"},{"date" => "2024-01-26T16:30:56","version" => "0.22"},{"date" => "2024-01-27T15:34:00","version" => "0.23"},{"date" => "2024-06-14T12:10:38","version" => "0.24"},{"date" => "2025-07-12T16:48:06","version" => "0.25"},{"date" => "2025-07-25T10:05:43","version" => "0.26"}]},"Parallel-ForkManager" => {"advisories" => [{"affected_versions" => ["<1.0.0"],"cves" => ["CVE-2011-4115"],"description" => "Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.\n","distribution" => "Parallel-ForkManager","fixed_versions" => [">1.0.0"],"id" => "CPANSA-Parallel-ForkManager-2011-4115","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://rt.cpan.org/Public/Bug/Display.html?id=68298"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Parallel::ForkManager","versions" => [{"date" => "2000-10-19T21:52:22","version" => "0.5"},{"date" => "2000-11-30T11:03:55","version" => "0.6"},{"date" => "2001-04-04T11:28:22","version" => "0.7"},{"date" => "2001-05-14T14:34:23","version" => "v0.7.2"},{"date" => "2001-10-24T00:32:21","version" => "v0.7.3"},{"date" => "2002-07-04T21:16:46","version" => "v0.7.4"},{"date" => "2002-12-25T23:14:12","version" => "v0.7.5"},{"date" => "2010-08-15T10:53:20","version" => "0.7.6"},{"date" => "2010-09-27T22:27:36","version" => "0.7.7"},{"date" => "2010-10-25T16:44:43","version" => "0.7.8"},{"date" => "2010-11-01T18:06:12","version" => "0.7.9"},{"date" => "2012-12-23T10:29:10","version" => "v1.0.0"},{"date" => "2012-12-23T19:35:57","version" => "1.01"},{"date" => "2012-12-24T11:30:23","version" => "1.02"},{"date" => "2013-03-06T09:31:14","version" => "1.03"},{"date" => "2013-09-03T06:57:39","version" => "1.04"},{"date" => "2013-09-18T08:58:10","version" => "1.05"},{"date" => "2013-12-24T20:42:36","version" => "1.06"},{"date" => "2014-11-10T07:11:25","version" => "1.07"},{"date" => "2015-01-07T15:27:26","version" => "1.08"},{"date" => "2015-01-08T14:47:12","version" => "1.09"},{"date" => "2015-01-15T15:22:56","version" => "1.10"},{"date" => "2015-01-22T19:09:25","version" => "1.10_1"},{"date" => "2015-01-26T19:32:34","version" => "1.10_2"},{"date" => "2015-01-30T16:16:43","version" => "1.11"},{"date" => "2015-02-23T23:22:38","version" => "1.12"},{"date" => "2015-05-11T22:32:07","version" => "1.13"},{"date" => "2015-05-17T21:19:58","version" => "1.14"},{"date" => "2015-07-08T21:41:39","version" => "1.15"},{"date" => "2015-10-08T22:51:51","version" => "1.16"},{"date" => "2015-11-28T14:50:06","version" => "1.17"},{"date" => "2016-03-29T23:27:09","version" => "1.18"},{"date" => "2016-06-28T23:04:26","version" => "1.19"},{"date" => "2018-07-19T00:48:24","version" => "1.20"},{"date" => "2018-08-23T01:28:34","version" => "2.00"},{"date" => "2018-08-23T23:59:37","version" => "2.01"},{"date" => "2018-10-08T23:21:03","version" => "2.02"},{"date" => "2024-08-24T18:13:26","version" => "2.03"},{"date" => "2025-08-30T16:12:19","version" => "2.04"}]},"PathTools" => {"advisories" => [{"affected_versions" => ["<3.65"],"cves" => ["CVE-2016-1238"],"description" => "Does not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "PathTools","fixed_versions" => [">=3.65"],"id" => "CPANSA-PathTools-2016-02","references" => ["https://metacpan.org/changes/distribution/PathTools"],"reported" => "2016-02-08"},{"affected_versions" => ["<3.62"],"cves" => ["CVE-2015-8607"],"description" => "Does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.\n","distribution" => "PathTools","fixed_versions" => [">=3.62"],"id" => "CPANSA-PathTools-2016-01","references" => ["https://metacpan.org/changes/distribution/PathTools"],"reported" => "2016-01-11"}],"main_module" => "Cwd","versions" => [{"date" => "2004-09-03T03:40:00","version" => "3.00"},{"date" => "2004-09-07T03:39:26","version" => "3.01"},{"date" => "2004-11-19T04:26:35","version" => "3.01_01"},{"date" => "2004-11-29T04:20:10","version" => "3.01_02"},{"date" => "2004-11-30T02:34:46","version" => "3.01_03"},{"date" => "2005-01-10T01:33:05","version" => "3.02"},{"date" => "2005-01-22T03:59:59","version" => "3.03"},{"date" => "2005-02-07T00:28:43","version" => "3.04"},{"date" => "2005-02-28T13:27:37","version" => "3.05"},{"date" => "2005-04-14T02:06:10","version" => "3.06"},{"date" => "2005-05-06T12:50:38","version" => "3.07"},{"date" => "2005-05-28T15:13:27","version" => "3.08"},{"date" => "2005-06-15T23:45:19","version" => "3.09"},{"date" => "2005-08-26T03:29:11","version" => "3.10"},{"date" => "2005-08-28T01:16:38","version" => "3.11"},{"date" => "2005-10-04T03:14:00","version" => "3.12"},{"date" => "2005-11-16T05:58:53","version" => "3.13"},{"date" => "2005-11-18T00:15:37","version" => "3.14"},{"date" => "2005-12-10T04:51:57","version" => "3.14_01"},{"date" => "2005-12-14T05:11:27","version" => "3.14_02"},{"date" => "2005-12-27T20:32:26","version" => "3.15"},{"date" => "2006-01-31T02:52:07","version" => "3.16"},{"date" => "2006-03-03T22:55:18","version" => "3.17"},{"date" => "2006-04-28T03:04:00","version" => "3.18"},{"date" => "2006-07-12T03:43:15","version" => "3.19"},{"date" => "2006-10-05T02:18:51","version" => "3.21"},{"date" => "2006-10-10T02:53:23","version" => "3.22"},{"date" => "2006-10-11T17:13:59","version" => "3.23"},{"date" => "2006-11-20T04:53:56","version" => "3.24"},{"date" => "2007-05-22T02:08:53","version" => "3.25"},{"date" => "2007-10-14T02:15:40","version" => "3.25_01"},{"date" => "2007-12-25T02:34:28","version" => "3.2501"},{"date" => "2008-01-14T12:02:28","version" => "3.26"},{"date" => "2008-01-15T23:27:33","version" => "3.26_01"},{"date" => "2008-01-17T02:21:47","version" => "3.27"},{"date" => "2008-02-12T03:46:01","version" => "3.2701"},{"date" => "2008-07-26T02:19:45","version" => "3.28_01"},{"date" => "2008-10-27T19:27:37","version" => "3.28_02"},{"date" => "2008-10-27T21:16:35","version" => "3.28_03"},{"date" => "2008-10-29T20:11:52","version" => "3.29"},{"date" => "2009-05-07T18:27:46","version" => "3.29_01"},{"date" => "2009-05-10T08:59:46","version" => "3.30"},{"date" => "2009-09-21T12:46:15","version" => "3.30_01"},{"date" => "2009-09-29T06:22:30","version" => "3.30_02"},{"date" => "2009-11-01T14:22:36","version" => "3.31"},{"date" => "2010-07-23T08:10:31","version" => "3.31_02"},{"date" => "2010-09-17T13:24:05","version" => "3.31_03"},{"date" => "2010-09-19T15:53:14","version" => "3.32"},{"date" => "2010-09-20T07:54:00","version" => "3.33"},{"date" => "2011-12-20T07:42:29","version" => "3.39_01"},{"date" => "2013-01-16T06:35:08","version" => "3.40"},{"date" => "2014-05-01T18:34:31","version" => "3.46_01"},{"date" => "2014-05-23T17:00:38","version" => "3.47"},{"date" => "2015-07-11T22:18:08","version" => "3.56_01"},{"date" => "2015-07-16T15:33:27","version" => "3.56_02"},{"date" => "2015-11-09T22:09:25","version" => "3.58_01"},{"date" => "2015-11-13T23:46:00","version" => "3.59"},{"date" => "2015-11-19T02:32:50","version" => "3.60"},{"date" => "2016-01-11T13:49:31","version" => "3.62"},{"date" => "2018-02-18T20:27:27","version" => "3.73"},{"date" => "2018-02-19T08:41:14","version" => "3.74"},{"date" => "2018-08-29T19:53:19","version" => "3.75"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "2.00"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "2.01"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006000","version" => "2.02"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "2.04"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.06"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "2.08"},{"date" => "2004-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008003","version" => "2.12"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "2.17"},{"date" => "2004-07-19T00:00:00","dual_lived" => 1,"perl_release" => "5.008005","version" => "2.19"},{"date" => "2009-10-02T00:00:00","dual_lived" => 1,"perl_release" => "5.011000","version" => "3.3002"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "3.34"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "3.35"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "3.36"},{"date" => "2011-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013010","version" => "3.37"},{"date" => "2011-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015006","version" => "3.38"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "3.39_02"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "3.39_03"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "3.41"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "3.44"},{"date" => "2013-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019005","version" => "3.45"},{"date" => "2014-09-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020001","version" => "3.48"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "3.48_01"},{"date" => "2014-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021002","version" => "3.49"},{"date" => "2014-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021004","version" => "3.50"},{"date" => "2014-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021005","version" => "3.51"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "3.54"},{"date" => "2015-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02101","version" => "3.55"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "3.56"},{"date" => "2015-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023002","version" => "3.57"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "3.58"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "3.63"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "3.63_01"},{"date" => "2016-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025002","version" => "3.64"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "3.65"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "3.66"},{"date" => "2017-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025011","version" => "3.67"},{"date" => "2017-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027002","version" => "3.68"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "3.70"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "3.71"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "3.72"},{"date" => "2018-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029005","version" => "3.76"},{"date" => "2019-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029007","version" => "3.77"},{"date" => "2019-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029010","version" => "3.78"},{"date" => "2020-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033004","version" => "3.79"},{"date" => "2020-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033005","version" => "3.80"},{"date" => "2021-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035001","version" => "3.81"},{"date" => "2021-07-23T00:00:00","dual_lived" => 1,"perl_release" => "5.035002","version" => "3.82"},{"date" => "2021-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035007","version" => "3.83"},{"date" => "2022-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035010","version" => "3.84"},{"date" => "2022-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037001","version" => "3.85"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "3.86"},{"date" => "2022-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037007","version" => "3.88"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.03701","version" => "3.89"},{"date" => "2023-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039002","version" => "3.90"},{"date" => "2025-01-18T00:00:00","dual_lived" => 1,"perl_release" => "5.040001","version" => "3.91"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.92"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "3.94"}]},"Perl-Tidy" => {"advisories" => [{"affected_versions" => ["<20170521"],"cves" => ["CVE-2016-10374"],"description" => "perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.","distribution" => "Perl-Tidy","fixed_versions" => [">=20170521"],"id" => "CPANSA-Perl-Tidy-2016-10374","references" => ["https://bugs.debian.org/862667"],"reported" => "2017-05-17","severity" => undef},{"affected_versions" => ["<20140328"],"comment" => "This issue is actually about a temporary file with a a particular, known name (perltidy.TMP), and that expression of the problem was fixed. This does not mean that all similar problems are solved.","cves" => ["CVE-2014-2277"],"description" => "The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.","distribution" => "Perl-Tidy","fixed_versions" => [">=20140328"],"id" => "CPANSA-Perl-Tidy-2014-2277","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130464.html","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html","http://www.openwall.com/lists/oss-security/2014/03/09/1","http://www.securityfocus.com/bid/66139","https://bugzilla.redhat.com/show_bug.cgi?id=1074720","https://exchange.xforce.ibmcloud.com/vulnerabilities/92104","https://github.com/perltidy/perltidy/issues/193"],"reported" => "2017-10-17","severity" => undef}],"main_module" => "Perl::Tidy","versions" => [{"date" => "2002-12-12T04:04:58","version" => 20021130},{"date" => "2003-07-29T01:16:45","version" => 20030726},{"date" => "2003-10-22T19:58:39","version" => 20031021},{"date" => "2006-06-14T19:23:10","version" => 20060614},{"date" => "2006-07-21T13:54:28","version" => 20060719},{"date" => "2007-04-24T16:01:04","version" => 20070424},{"date" => "2007-05-04T17:15:58","version" => 20070504},{"date" => "2007-05-08T20:58:34","version" => 20070508},{"date" => "2007-08-01T17:28:17","version" => 20070801},{"date" => "2007-12-06T18:43:33","version" => 20071205},{"date" => "2009-06-17T12:24:15","version" => 20090616},{"date" => "2010-12-17T01:14:33","version" => 20101217},{"date" => "2012-06-19T22:24:36","version" => 20120619},{"date" => "2012-07-01T21:48:51","version" => 20120701},{"date" => "2012-07-14T14:05:46","version" => 20120714},{"date" => "2012-12-09T14:22:00","version" => 20121207},{"date" => "2013-07-16T23:57:29","version" => 20130717},{"date" => "2013-08-05T23:43:11","version" => 20130805},{"date" => "2013-08-06T00:53:04","version" => 20130806},{"date" => "2013-09-22T14:50:31","version" => 20130922},{"date" => "2014-03-28T12:47:26","version" => 20140328},{"date" => "2014-07-11T12:19:22","version" => 20140711},{"date" => "2015-08-15T01:10:08","version" => 20150815},{"date" => "2016-02-27T16:37:50","version" => 20160301},{"date" => "2016-03-01T16:02:00","version" => 20160302},{"date" => "2017-05-21T15:50:20","version" => 20170521},{"date" => "2017-12-14T14:28:53","version" => 20171214},{"date" => "2017-12-31T15:46:44","version" => 20180101},{"date" => "2018-02-18T19:39:25","version" => 20180219},{"date" => "2018-02-20T11:53:21","version" => 20180220},{"date" => "2018-11-17T01:59:23","version" => 20181117},{"date" => "2018-11-18T04:52:04","version" => 20181118},{"date" => "2018-11-18T05:56:29","version" => 20181119},{"date" => "2018-11-19T15:37:08","version" => 20181120},{"date" => "2019-05-31T14:47:55","version" => 20190601},{"date" => "2019-09-14T23:41:55","version" => 20190915},{"date" => "2019-12-03T14:34:15","version" => 20191203},{"date" => "2020-01-09T23:28:34","version" => 20200110},{"date" => "2020-06-19T13:05:06","version" => 20200619},{"date" => "2020-08-22T13:34:22","version" => 20200822},{"date" => "2020-09-06T21:51:31","version" => 20200907},{"date" => "2020-09-28T23:43:58","version" => 20201001},{"date" => "2020-12-02T23:45:54","version" => 20201202},{"date" => "2020-12-06T22:05:36","version" => 20201207},{"date" => "2021-01-10T15:32:47","version" => 20210111},{"date" => "2021-04-01T13:13:11","version" => 20210402},{"date" => "2021-06-24T14:09:49","version" => 20210625},{"date" => "2021-07-17T13:21:01","version" => 20210717},{"date" => "2021-10-29T12:52:01","version" => 20211029},{"date" => "2022-02-15T14:21:53","version" => 20220215},{"date" => "2022-02-15T16:27:06","version" => 20220216},{"date" => "2022-02-15T16:54:52","version" => 20220217},{"date" => "2022-06-13T12:51:44","version" => 20220613},{"date" => "2022-11-10T13:56:33","version" => 20221111},{"date" => "2022-11-11T13:33:22","version" => 20221112},{"date" => "2023-03-08T15:07:20","version" => 20230309},{"date" => "2023-07-01T13:11:20","version" => 20230701},{"date" => "2023-09-08T13:48:48","version" => 20230909},{"date" => "2023-09-12T21:49:07","version" => 20230912},{"date" => "2024-02-01T13:55:33","version" => 20240202},{"date" => "2024-05-10T13:16:10","version" => 20240511},{"date" => "2024-09-03T13:06:06","version" => 20240903},{"date" => "2025-01-05T01:48:16","version" => 20250105},{"date" => "2025-02-13T14:45:10","version" => 20250214},{"date" => "2025-03-11T23:43:02","version" => 20250311},{"date" => "2025-06-15T13:30:07","version" => 20250616},{"date" => "2025-07-11T13:09:54","version" => 20250711},{"date" => "2025-09-12T13:54:29","version" => 20250912},{"date" => "2026-01-08T14:58:18","version" => 20260109},{"date" => "2026-02-03T14:43:25","version" => 20260204}]},"Perl-Version" => {"advisories" => [{"affected_versions" => ["<1.013"],"cves" => [],"description" => "Insecure dependency File::Slurp is used.\n","distribution" => "Perl-Version","fixed_versions" => [">=1.013"],"id" => "CPANSA-Perl-Version-2014-01","references" => ["https://metacpan.org/changes/distribution/Perl-Version","https://rt.cpan.org/Public/Bug/Display.html?id=92974"],"reported" => "2014-02-12"}],"main_module" => "Perl::Version","versions" => [{"date" => "2007-02-07T19:41:42","version" => "v0.0.1"},{"date" => "2007-02-23T18:03:11","version" => "v0.0.3"},{"date" => "2007-02-24T18:03:42","version" => "v0.0.4"},{"date" => "2007-02-25T12:41:13","version" => "v0.0.5"},{"date" => "2007-02-27T12:46:07","version" => "v0.0.6"},{"date" => "2007-02-28T01:27:59","version" => "v0.0.7"},{"date" => "2007-06-20T16:09:31","version" => "0.0.8"},{"date" => "2007-09-03T14:28:35","version" => "v1.000"},{"date" => "2007-09-07T15:42:58","version" => "v1.001"},{"date" => "2007-09-07T15:58:18","version" => "v1.002"},{"date" => "2007-11-08T12:14:27","version" => "1.003"},{"date" => "2007-11-08T12:24:59","version" => "1.004"},{"date" => "2008-04-03T14:56:16","version" => "1.005"},{"date" => "2008-04-07T19:14:56","version" => "1.006"},{"date" => "2008-04-07T19:27:24","version" => "1.007"},{"date" => "2009-03-07T16:40:03","version" => "1.008"},{"date" => "2009-03-09T16:22:08","version" => "1.009"},{"date" => "2010-09-19T15:37:48","version" => "1.010"},{"date" => "2011-02-21T21:32:17","version" => "1.011"},{"date" => "2014-02-12T20:58:43","version" => "1.013"},{"date" => "2014-02-14T16:08:42","version" => "1.013_01"},{"date" => "2014-02-18T16:42:57","version" => "1.013_02"},{"date" => "2015-11-21T06:05:48","version" => "1.013_03"},{"date" => "2024-01-04T15:11:21","version" => "1.015"},{"date" => "2024-01-05T13:57:01","version" => "1.016"},{"date" => "2024-03-09T01:38:25","version" => "1.017"},{"date" => "2025-01-27T13:08:16","version" => "1.018"},{"date" => "2026-02-24T23:29:53","version" => "1.019"}]},"Perl6-Pugs" => {"advisories" => [{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-1659"],"description" => "Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched \"\\Q\\E\" sequences with orphan \"\\E\" codes.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-1659-libpcre","references" => ["http://www.pcre.org/changelog.txt","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.mandriva.com/security/advisories?name=MDKSA-2007:212","http://www.redhat.com/support/errata/RHSA-2007-0967.html","http://www.redhat.com/support/errata/RHSA-2007-1068.html","http://www.novell.com/linux/security/advisories/2007_62_pcre.html","http://www.novell.com/linux/security/advisories/2007_25_sr.html","http://www.securityfocus.com/bid/26346","http://securitytracker.com/id?1018895","http://secunia.com/advisories/27598","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27547","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27773","http://secunia.com/advisories/27697","http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm","http://docs.info.apple.com/article.html?artnum=307179","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28041","http://secunia.com/advisories/27965","http://secunia.com/advisories/28136","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://www.mandriva.com/security/advisories?name=MDVSA-2008:030","http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html","http://secunia.com/advisories/28658","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://docs.info.apple.com/article.html?artnum=307562","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://secunia.com/advisories/30106","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2008/0924/references","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2007/3790","http://www.debian.org/security/2007/dsa-1399","http://www.debian.org/security/2008/dsa-1570","https://exchange.xforce.ibmcloud.com/vulnerabilities/38272","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-1661"],"description" => "Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the \"\\X?\\d\" and \"\\P{L}?\\d\" patterns.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-1661-libpcre","references" => ["http://www.pcre.org/changelog.txt","http://www.debian.org/security/2007/dsa-1399","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.novell.com/linux/security/advisories/2007_62_pcre.html","http://www.securityfocus.com/bid/26346","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27773","http://secunia.com/advisories/27697","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28136","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://secunia.com/advisories/30106","http://www.debian.org/security/2008/dsa-1570","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2007/3790","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2008/0924/references","http://docs.info.apple.com/article.html?artnum=307562","http://docs.info.apple.com/article.html?artnum=307179","https://exchange.xforce.ibmcloud.com/vulnerabilities/38274","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-1662"],"description" => "Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-1662-libpcre","references" => ["http://www.pcre.org/changelog.txt","http://www.debian.org/security/2007/dsa-1399","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.securityfocus.com/bid/26346","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27697","http://docs.info.apple.com/article.html?artnum=307179","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28136","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://docs.info.apple.com/article.html?artnum=307562","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://secunia.com/advisories/30106","http://www.debian.org/security/2008/dsa-1570","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2007/3790","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2008/0924/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/38275","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-4766"],"description" => "Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-4766-libpcre","references" => ["http://www.pcre.org/changelog.txt","http://www.debian.org/security/2007/dsa-1399","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.novell.com/linux/security/advisories/2007_62_pcre.html","http://www.securityfocus.com/bid/26346","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27773","http://secunia.com/advisories/27697","http://docs.info.apple.com/article.html?artnum=307179","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28136","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://docs.info.apple.com/article.html?artnum=307562","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://www.debian.org/security/2008/dsa-1570","http://secunia.com/advisories/30106","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2007/3790","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2008/0924/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/38276","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-4767"],"description" => "Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \\p sequence, (2) a \\P sequence, or (3) a \\P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-4767-libpcre","references" => ["http://www.pcre.org/changelog.txt","http://www.debian.org/security/2007/dsa-1399","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.novell.com/linux/security/advisories/2007_62_pcre.html","http://www.securityfocus.com/bid/26346","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27773","http://secunia.com/advisories/27697","http://docs.info.apple.com/article.html?artnum=307179","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28136","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://docs.info.apple.com/article.html?artnum=307562","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://secunia.com/advisories/30106","http://www.debian.org/security/2008/dsa-1570","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2007/3790","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2008/0924/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/38277","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2007-4768"],"description" => "Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2007-4768-libpcre","references" => ["http://www.debian.org/security/2007/dsa-1399","http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html","https://issues.rpath.com/browse/RPL-1738","http://security.gentoo.org/glsa/glsa-200711-30.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:211","http://www.securityfocus.com/bid/26346","http://secunia.com/advisories/27538","http://secunia.com/advisories/27543","http://secunia.com/advisories/27554","http://secunia.com/advisories/27741","http://secunia.com/advisories/27697","http://www.adobe.com/support/security/bulletins/apsb07-20.html","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.redhat.com/support/errata/RHSA-2007-1126.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://www.us-cert.gov/cas/techalerts/TA07-355A.html","http://securitytracker.com/id?1019116","http://secunia.com/advisories/28136","http://secunia.com/advisories/28157","http://secunia.com/advisories/28161","http://bugs.gentoo.org/show_bug.cgi?id=198976","http://security.gentoo.org/glsa/glsa-200801-02.xml","http://secunia.com/advisories/28406","http://secunia.com/advisories/28414","http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml","http://secunia.com/advisories/28570","http://security.gentoo.org/glsa/glsa-200801-18.xml","http://security.gentoo.org/glsa/glsa-200801-19.xml","http://secunia.com/advisories/28714","http://secunia.com/advisories/28720","http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html","http://secunia.com/advisories/28213","https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html","http://secunia.com/advisories/29267","http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html","http://secunia.com/advisories/29420","http://www.adobe.com/support/security/bulletins/apsb08-13.html","http://security.gentoo.org/glsa/glsa-200805-11.xml","http://secunia.com/advisories/30155","http://secunia.com/advisories/30219","http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1","http://secunia.com/advisories/30507","http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1","http://secunia.com/advisories/30840","http://secunia.com/advisories/30106","http://www.debian.org/security/2008/dsa-1570","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2007/4258","http://www.vupen.com/english/advisories/2008/1966/references","http://www.vupen.com/english/advisories/2008/0924/references","http://www.vupen.com/english/advisories/2008/1724/references","http://www.vupen.com/english/advisories/2007/3725","http://www.vupen.com/english/advisories/2007/3790","http://docs.info.apple.com/article.html?artnum=307562","http://docs.info.apple.com/article.html?artnum=307179","https://exchange.xforce.ibmcloud.com/vulnerabilities/38278","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701","https://usn.ubuntu.com/547-1/","http://www.securityfocus.com/archive/1/483579/100/0/threaded","http://www.securityfocus.com/archive/1/483357/100/0/threaded"],"reported" => "2007-11-07","severity" => undef}],"main_module" => "Perl6::Pugs","versions" => [{"date" => "2005-02-06T19:03:38","version" => "6.0.0"},{"date" => "2005-02-07T00:46:57","version" => "6.0.1"},{"date" => "2005-02-09T04:59:47","version" => "6.0.2"},{"date" => "2005-02-11T19:27:50","version" => "6.0.2"},{"date" => "2005-02-12T04:11:20","version" => "6.0.4"},{"date" => "2005-02-14T18:13:02","version" => "6.0.5"},{"date" => "2005-02-17T18:36:41","version" => "6.0.6"},{"date" => "2005-02-17T18:44:09","version" => "6.0.7"},{"date" => "2005-02-20T19:24:21","version" => "6.0.7"},{"date" => "2005-02-28T04:51:23","version" => "6.0.9"},{"date" => "2005-03-05T03:38:25","version" => "6.0.9"},{"date" => "2005-03-13T20:41:30","version" => "6.0.11"},{"date" => "2005-03-20T17:55:40","version" => "6.0.9"},{"date" => "2005-03-27T07:10:11","version" => "6.0.13"},{"date" => "2005-04-04T04:21:37","version" => "6.0.14"},{"date" => "2005-04-12T19:51:15","version" => "6.2.0"},{"date" => "2005-04-23T22:56:30","version" => "6.2.1"},{"date" => "2005-05-01T16:29:36","version" => "6.2.2"},{"date" => "2005-05-12T17:15:04","version" => "6.2.3"},{"date" => "2005-05-23T21:17:12","version" => "6.2.4"},{"date" => "2005-05-23T21:39:42","version" => "6.2.5"},{"date" => "2005-06-02T03:17:03","version" => "6.2.6"},{"date" => "2005-06-13T12:34:18","version" => "6.2.7"},{"date" => "2005-07-13T16:16:05","version" => "6.2.8"},{"date" => "2005-08-03T19:19:38","version" => "6.2.9"},{"date" => "2005-10-10T01:32:18","version" => "6.2.10"},{"date" => "2006-02-01T21:12:47","version" => "6.2.11"},{"date" => "2006-06-26T20:22:01","version" => "6.2.11"},{"date" => "2006-10-17T12:51:53","version" => "6.2.13"}]},"PerlSpeak" => {"advisories" => [{"affected_versions" => ["<=2.01"],"cves" => ["CVE-2020-10674"],"description" => "PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.","distribution" => "PerlSpeak","fixed_versions" => [">2.01"],"id" => "CPANSA-PerlSpeak-2011-10007","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-10674","https://metacpan.org/source/JKAMPHAUS/PerlSpeak-2.01/Changes","https://rt.cpan.org/Public/Bug/Display.html?id=132173","https://github.com/gitpan/PerlSpeak"],"reported" => "2025-06-05","severity" => undef}],"main_module" => "PerlSpeak","versions" => [{"date" => "2007-01-08T06:32:14","version" => "0.01"},{"date" => "2007-01-09T06:00:00","version" => "0.03"},{"date" => "2007-01-20T19:51:59","version" => "0.50"},{"date" => "2007-01-24T19:12:12","version" => "0.50"},{"date" => "2007-06-18T04:41:45","version" => "1.0"},{"date" => "2007-11-02T15:03:33","version" => "1.50"},{"date" => "2008-01-03T02:33:29","version" => "2.01"}]},"Perlbal" => {"advisories" => [{"affected_versions" => ["<1.70"],"cves" => ["CVE-2008-1652"],"description" => "Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter.  NOTE: some of these details are obtained from third party information.\n","distribution" => "Perlbal","fixed_versions" => [],"id" => "CPANSA-Perlbal-2008-1652","references" => ["http://search.cpan.org/src/BRADFITZ/Perlbal-1.70/CHANGES","http://secunia.com/advisories/29565","http://www.vupen.com/english/advisories/2008/1045/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41540"],"reported" => "2008-04-02","severity" => undef}],"main_module" => "Perlbal","versions" => [{"date" => "2005-07-26T20:21:09","version" => "1.3"},{"date" => "2005-08-17T06:04:13","version" => "1.35"},{"date" => "2005-08-19T17:27:29","version" => "1.36"},{"date" => "2005-10-19T16:57:48","version" => "1.38"},{"date" => "2006-02-06T19:25:44","version" => "1.41"},{"date" => "2006-08-04T04:56:17","version" => "1.42"},{"date" => "2006-08-09T18:09:23","version" => "1.43"},{"date" => "2006-08-10T21:49:57","version" => "1.44"},{"date" => "2006-08-10T23:04:14","version" => "1.45"},{"date" => "2006-08-10T23:55:32","version" => "1.46"},{"date" => "2006-08-15T23:17:40","version" => "1.47"},{"date" => "2006-09-08T20:42:55","version" => "1.50"},{"date" => "2006-10-04T18:55:28","version" => "1.51"},{"date" => "2006-11-13T18:01:56","version" => "1.52"},{"date" => "2006-12-05T09:32:56","version" => "1.53"},{"date" => "2007-02-05T20:00:01","version" => "1.54"},{"date" => "2007-03-21T07:32:33","version" => "1.55"},{"date" => "2007-04-16T21:02:13","version" => "1.56"},{"date" => "2007-04-26T20:37:24","version" => "1.57"},{"date" => "2007-05-11T18:20:57","version" => "1.58"},{"date" => "2007-05-22T17:31:31","version" => "1.59"},{"date" => "2007-10-24T04:09:35","version" => "1.60"},{"date" => "2008-03-09T04:28:27","version" => "1.70"},{"date" => "2008-09-14T00:41:35","version" => "1.71"},{"date" => "2008-09-22T01:40:20","version" => "1.72"},{"date" => "2009-10-05T20:51:59","version" => "1.73"},{"date" => "2010-03-20T07:59:03","version" => "1.74"},{"date" => "2010-04-02T22:32:03","version" => "1.75"},{"date" => "2010-06-18T01:52:54","version" => "1.76"},{"date" => "2011-01-16T05:20:16","version" => "1.77"},{"date" => "2011-01-23T05:33:07","version" => "1.78"},{"date" => "2011-06-15T23:59:19","version" => "1.79"},{"date" => "2012-02-27T07:02:28","version" => "1.80"}]},"Perldoc-Server" => {"advisories" => [{"affected_versions" => [">=0.09,<=0.10"],"cves" => ["CVE-2021-23432"],"description" => "This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()\n","distribution" => "Perldoc-Server","fixed_versions" => [],"id" => "CPANSA-Perldoc-Server-2021-23432-mootools","references" => ["https://snyk.io/vuln/SNYK-JS-MOOTOOLS-1325536"],"reported" => "2021-08-24","severity" => "critical"}],"main_module" => "Perldoc::Server","versions" => [{"date" => "2009-03-30T15:26:20","version" => "0.01"},{"date" => "2009-04-01T08:44:34","version" => "0.02"},{"date" => "2009-04-02T11:01:42","version" => "0.03"},{"date" => "2009-04-04T14:26:15","version" => "0.04"},{"date" => "2009-04-05T12:36:37","version" => "0.05"},{"date" => "2009-09-16T12:05:55","version" => "0.07"},{"date" => "2010-04-24T13:51:16","version" => "0.08"},{"date" => "2010-04-28T20:46:28","version" => "0.09"},{"date" => "2011-11-15T17:52:36","version" => "0.10"}]},"Pinto" => {"advisories" => [{"affected_versions" => ["<0.09995"],"cves" => [],"description" => "Pinto server allowed directory traveral.\n","distribution" => "Pinto","fixed_versions" => [">=0.09995"],"id" => "CPANSA-Pinto-2014-01","references" => ["https://metacpan.org/dist/Pinto/changes","https://github.com/thaljef/Pinto/commit/195d46eb4488a7dec6c39d6eb1c48dc872ab2b3b"],"reported" => "2014-08-19","reviewed_by" => [{"date" => "2022-06-28","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]}],"main_module" => "Pinto","versions" => [{"date" => "2011-07-26T21:17:47","version" => "0.001"},{"date" => "2011-07-27T00:22:00","version" => "0.002"},{"date" => "2011-08-04T06:00:27","version" => "0.003"},{"date" => "2011-08-04T07:24:59","version" => "0.004"},{"date" => "2011-08-04T07:46:03","version" => "0.005"},{"date" => "2011-08-04T07:54:24","version" => "0.006"},{"date" => "2011-08-04T15:07:03","version" => "0.007"},{"date" => "2011-08-09T21:49:02","version" => "0.008"},{"date" => "2011-08-13T00:51:56","version" => "0.009"},{"date" => "2011-08-14T20:32:00","version" => "0.010"},{"date" => "2011-08-15T04:14:45","version" => "0.011"},{"date" => "2011-08-17T16:12:20","version" => "0.012"},{"date" => "2011-08-17T23:14:14","version" => "0.014"},{"date" => "2011-08-18T08:57:36","version" => "0.015"},{"date" => "2011-08-18T09:03:09","version" => "0.016"},{"date" => "2011-08-24T07:53:18","version" => "0.017"},{"date" => "2011-08-24T08:48:57","version" => "0.018"},{"date" => "2011-08-24T11:16:38","version" => "0.019"},{"date" => "2011-08-29T03:46:11","version" => "0.020"},{"date" => "2011-08-30T08:20:49","version" => "0.021"},{"date" => "2011-08-31T08:35:52","version" => "0.022"},{"date" => "2011-08-31T21:22:32","version" => "0.023"},{"date" => "2011-09-01T22:29:05","version" => "0.024"},{"date" => "2011-12-02T11:21:54","version" => "0.025_001"},{"date" => "2011-12-02T12:42:45","version" => "0.025_002"},{"date" => "2011-12-03T12:16:42","version" => "0.025_003"},{"date" => "2011-12-07T15:26:36","version" => "0.025_004"},{"date" => "2011-12-07T20:09:02","version" => "0.026"},{"date" => "2011-12-08T23:27:07","version" => "0.027"},{"date" => "2011-12-12T09:32:39","version" => "0.028"},{"date" => "2011-12-15T08:31:43","version" => "0.029"},{"date" => "2012-01-27T06:05:38","version" => "0.030"},{"date" => "2012-02-28T13:23:36","version" => "0.031"},{"date" => "2012-03-01T18:43:41","version" => "0.032"},{"date" => "2012-03-15T14:00:07","version" => "0.033"},{"date" => "2012-04-05T02:08:20","version" => "0.035"},{"date" => "2012-04-09T07:18:50","version" => "0.036"},{"date" => "2012-04-11T03:02:41","version" => "0.037"},{"date" => "2012-04-17T01:21:11","version" => "0.038"},{"date" => "2012-05-01T20:52:05","version" => "0.040_001"},{"date" => "2012-05-04T23:28:00","version" => "0.040_002"},{"date" => "2012-05-05T04:42:35","version" => "0.040_003"},{"date" => "2012-05-15T18:18:01","version" => "0.041"},{"date" => "2012-05-18T04:59:37","version" => "0.042"},{"date" => "2012-06-19T17:58:05","version" => "0.043"},{"date" => "2012-07-15T08:45:52","version" => "0.044"},{"date" => "2012-07-24T06:18:49","version" => "0.045"},{"date" => "2012-08-13T22:50:28","version" => "0.046"},{"date" => "2012-08-14T00:27:03","version" => "0.047"},{"date" => "2012-08-15T16:28:03","version" => "0.048"},{"date" => "2012-08-15T21:30:01","version" => "0.050"},{"date" => "2012-08-16T01:31:42","version" => "0.051"},{"date" => "2012-09-18T23:20:20","version" => "0.052"},{"date" => "2012-09-20T04:03:53","version" => "0.053"},{"date" => "2012-09-20T05:07:44","version" => "0.054"},{"date" => "2012-09-20T20:40:05","version" => "0.055"},{"date" => "2012-09-27T20:45:51","version" => "0.056"},{"date" => "2012-10-07T21:25:33","version" => "0.057"},{"date" => "2012-10-12T06:19:44","version" => "0.058"},{"date" => "2012-10-20T08:01:03","version" => "0.059"},{"date" => "2012-10-23T21:41:47","version" => "0.060"},{"date" => "2012-10-31T00:23:58","version" => "0.061"},{"date" => "2012-11-08T18:57:09","version" => "0.062"},{"date" => "2012-11-12T20:03:29","version" => "0.063"},{"date" => "2012-11-12T21:58:57","version" => "0.064"},{"date" => "2012-11-14T18:00:34","version" => "0.065"},{"date" => "2013-03-15T23:28:13","version" => "0.065_01"},{"date" => "2013-03-16T06:44:49","version" => "0.065_02"},{"date" => "2013-03-19T22:58:08","version" => "0.065_03"},{"date" => "2013-03-20T23:12:44","version" => "0.065_04"},{"date" => "2013-03-20T23:28:07","version" => "0.065_05"},{"date" => "2013-03-23T07:33:37","version" => "0.065_06"},{"date" => "2013-03-26T23:29:22","version" => "0.066"},{"date" => "2013-03-30T07:51:45","version" => "0.067"},{"date" => "2013-04-05T05:47:08","version" => "0.068"},{"date" => "2013-04-21T16:55:30","version" => "0.079_01"},{"date" => "2013-04-23T07:53:34","version" => "0.079_04"},{"date" => "2013-04-26T17:50:55","version" => "0.080"},{"date" => "2013-04-26T21:00:35","version" => "0.081"},{"date" => "2013-04-29T17:02:33","version" => "0.082"},{"date" => "2013-05-13T21:45:43","version" => "0.083"},{"date" => "2013-05-15T00:34:13","version" => "0.084"},{"date" => "2013-06-16T08:05:08","version" => "0.084_01"},{"date" => "2013-06-17T04:08:49","version" => "0.084_02"},{"date" => "2013-06-17T20:09:55","version" => "0.085"},{"date" => "2013-06-18T10:08:10","version" => "0.086"},{"date" => "2013-06-20T01:50:39","version" => "0.087"},{"date" => "2013-07-09T08:19:39","version" => "0.087_01"},{"date" => "2013-07-21T08:38:23","version" => "0.087_03"},{"date" => "2013-07-27T03:21:44","version" => "0.087_04"},{"date" => "2013-07-30T07:00:31","version" => "0.087_05"},{"date" => "2013-08-15T18:00:31","version" => "0.088"},{"date" => "2013-08-19T20:34:32","version" => "0.089"},{"date" => "2013-08-23T22:02:45","version" => "0.090"},{"date" => "2013-10-25T19:22:19","version" => "0.091"},{"date" => "2013-11-20T19:18:40","version" => "0.092"},{"date" => "2013-12-22T00:41:08","version" => "0.093"},{"date" => "2013-12-22T09:07:09","version" => "0.094"},{"date" => "2013-12-23T07:49:14","version" => "0.095"},{"date" => "2014-01-07T18:57:51","version" => "0.096"},{"date" => "2014-01-08T07:10:26","version" => "0.097"},{"date" => "2014-01-17T20:57:05","version" => "0.097_01"},{"date" => "2014-01-23T08:46:47","version" => "0.097_02"},{"date" => "2014-01-23T22:17:10","version" => "0.097_03"},{"date" => "2014-01-25T23:24:17","version" => "0.097_04"},{"date" => "2014-01-28T01:01:18","version" => "0.098"},{"date" => "2014-01-28T10:07:29","version" => "0.098_01"},{"date" => "2014-01-28T20:44:00","version" => "0.099"},{"date" => "2014-02-01T01:30:41","version" => "0.0991"},{"date" => "2014-02-10T10:11:30","version" => "0.0992"},{"date" => "2014-02-23T22:14:22","version" => "0.0993"},{"date" => "2014-03-02T00:14:38","version" => "0.0994"},{"date" => "2014-03-05T09:16:04","version" => "0.0994_01"},{"date" => "2014-03-16T06:18:21","version" => "0.0994_02"},{"date" => "2014-03-16T07:56:27","version" => "0.0994_03"},{"date" => "2014-03-18T04:44:49","version" => "0.0994_04"},{"date" => "2014-03-19T04:24:14","version" => "0.0995"},{"date" => "2014-03-23T04:23:21","version" => "0.0996"},{"date" => "2014-03-24T04:02:32","version" => "0.0997"},{"date" => "2014-03-31T22:44:44","version" => "0.0998"},{"date" => "2014-04-04T06:05:12","version" => "0.0999"},{"date" => "2014-04-05T12:41:39","version" => "0.09991"},{"date" => "2014-04-23T22:27:50","version" => "0.09992"},{"date" => "2014-04-28T17:43:44","version" => "0.09992_01"},{"date" => "2014-04-29T21:34:32","version" => "0.09992_02"},{"date" => "2014-05-03T01:04:46","version" => "0.09993"},{"date" => "2014-08-20T01:44:36","version" => "0.09995"},{"date" => "2014-11-04T19:15:26","version" => "0.09996"},{"date" => "2015-03-24T08:26:01","version" => "0.09997"},{"date" => "2015-06-10T15:22:03","version" => "0.09998"},{"date" => "2015-06-14T05:30:55","version" => "0.09999"},{"date" => "2015-08-12T08:48:47","version" => "0.11"},{"date" => "2016-07-17T05:04:20","version" => "0.11_01"},{"date" => "2016-07-26T04:18:25","version" => "0.12"},{"date" => "2017-08-06T05:59:13","version" => "0.13"},{"date" => "2017-08-06T07:31:17","version" => "0.14"}]},"PlRPC" => {"advisories" => [{"affected_versions" => ["<=0.2020"],"cves" => ["CVE-2013-7284"],"description" => "The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "PlRPC","fixed_versions" => [],"id" => "CPANSA-PlRPC-2013-7284","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1051108","http://seclists.org/oss-sec/2014/q1/56","http://seclists.org/oss-sec/2014/q1/62","https://bugzilla.redhat.com/show_bug.cgi?id=1030572","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789","https://rt.cpan.org/Public/Bug/Display.html?id=90474"],"reported" => "2014-04-29","severity" => undef}],"main_module" => "Bundle::PlRPC","versions" => [{"date" => "1998-10-28T23:03:06","version" => "0.2001"},{"date" => "1999-01-15T09:26:43","version" => "0.2003"},{"date" => "1999-04-09T21:18:22","version" => "0.2010"},{"date" => "1999-06-21T09:10:10","version" => "0.2004"},{"date" => "1999-06-21T09:26:45","version" => "0.2011"},{"date" => "1999-06-26T16:21:38","version" => "0.2012"},{"date" => "2001-01-23T08:17:41","version" => "0.2013"},{"date" => "2001-01-23T15:57:05","version" => "0.2014"},{"date" => "2001-03-26T13:10:50","version" => "0.2015"},{"date" => "2001-10-01T02:45:21","version" => "0.2016"},{"date" => "2003-06-09T08:55:18","version" => "0.2017"},{"date" => "2004-07-27T07:47:32","version" => "0.2018"},{"date" => "2007-05-22T20:56:36","version" => "0.2018"},{"date" => "2007-06-17T20:00:21","version" => "0.2018"},{"date" => "2012-01-27T16:55:27","version" => "0.2021_01"}]},"Plack" => {"advisories" => [{"affected_versions" => ["<1.0034"],"cves" => [],"description" => "Fixed a possible directory traversal with Plack::App::File on Win32.\n","distribution" => "Plack","fixed_versions" => [">=1.0034"],"id" => "CPANSA-Plack-2015-0202","references" => [],"reported" => "2015-02-02"},{"affected_versions" => ["<1.0031"],"cves" => [],"description" => "Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files\n","distribution" => "Plack","fixed_versions" => [">=1.0031"],"id" => "CPANSA-Plack-2014-0801","references" => ["https://github.com/plack/Plack/pull/446"],"reported" => "2014-08-01"},{"affected_versions" => ["<1.0016"],"cves" => [],"description" => "Fixed directory traversal bug in Plack::App::File on win32 environments\n","distribution" => "Plack","fixed_versions" => [">=1.0016"],"id" => "CPANSA-Plack-2013-0131","references" => [],"reported" => "2013-01-31"}],"main_module" => "Plack","versions" => [{"date" => "2009-10-13T07:21:14","version" => "0.9000"},{"date" => "2009-10-13T07:59:20","version" => "0.9001"},{"date" => "2009-10-14T18:28:32","version" => "0.9002"},{"date" => "2009-10-19T02:19:08","version" => "0.9003"},{"date" => "2009-10-21T05:59:54","version" => "0.9004"},{"date" => "2009-10-22T03:55:53","version" => "0.9005"},{"date" => "2009-10-23T08:22:57","version" => "0.9006"},{"date" => "2009-10-25T00:49:12","version" => "0.9007"},{"date" => "2009-10-27T21:20:52","version" => "0.9008"},{"date" => "2009-11-08T04:51:25","version" => "0.9009"},{"date" => "2009-11-12T07:23:02","version" => "0.9010"},{"date" => "2009-11-12T11:57:16","version" => "0.9011"},{"date" => "2009-11-17T21:48:12","version" => "0.9012"},{"date" => "2009-11-19T02:29:16","version" => "0.9013"},{"date" => "2009-11-21T05:54:55","version" => "0.9014"},{"date" => "2009-11-26T08:39:53","version" => "0.9015"},{"date" => "2009-11-29T07:41:55","version" => "0.9016"},{"date" => "2009-11-29T08:40:10","version" => "0.9017"},{"date" => "2009-12-03T08:52:20","version" => "0.9018"},{"date" => "2009-12-06T06:01:48","version" => "0.9019"},{"date" => "2009-12-07T10:39:46","version" => "0.9020"},{"date" => "2009-12-08T22:32:02","version" => "0.9021"},{"date" => "2009-12-13T19:03:10","version" => "0.9022"},{"date" => "2009-12-17T21:22:18","version" => "0.9023"},{"date" => "2009-12-19T20:28:45","version" => "0.9024"},{"date" => "2009-12-26T01:16:08","version" => "0.9025"},{"date" => "2010-01-01T01:38:39","version" => "0.9026"},{"date" => "2010-01-04T00:36:24","version" => "0.9027"},{"date" => "2010-01-06T02:44:35","version" => "0.9028"},{"date" => "2010-01-08T03:13:27","version" => "0.9029"},{"date" => "2010-01-09T21:17:38","version" => "0.9030"},{"date" => "2010-01-11T19:34:54","version" => "0.9031"},{"date" => "2010-01-29T22:44:12","version" => "0.99_01"},{"date" => "2010-01-31T06:15:25","version" => "0.99_02"},{"date" => "2010-02-04T00:15:09","version" => "0.99_03"},{"date" => "2010-02-06T07:17:08","version" => "0.99_04"},{"date" => "2010-02-10T20:55:18","version" => "0.99_05"},{"date" => "2010-02-23T03:10:40","version" => "0.9910"},{"date" => "2010-02-23T09:58:27","version" => "0.9911"},{"date" => "2010-02-25T09:32:19","version" => "0.9912"},{"date" => "2010-02-26T03:16:42","version" => "0.9913"},{"date" => "2010-03-04T00:07:15","version" => "0.9914"},{"date" => "2010-03-08T09:35:55","version" => "0.9915"},{"date" => "2010-03-12T03:56:59","version" => "0.9916"},{"date" => "2010-03-17T22:41:16","version" => "0.9917"},{"date" => "2010-03-18T05:42:29","version" => "0.9918"},{"date" => "2010-03-18T05:56:03","version" => "0.9919"},{"date" => "2010-03-19T07:05:16","version" => "0.9920"},{"date" => "2010-03-25T22:10:09","version" => "0.99_21"},{"date" => "2010-03-26T02:51:33","version" => "0.99_22"},{"date" => "2010-03-27T08:06:00","version" => "0.99_23"},{"date" => "2010-03-27T20:36:26","version" => "0.99_24"},{"date" => "2010-03-28T02:06:23","version" => "0.9925"},{"date" => "2010-03-28T21:49:52","version" => "0.9926"},{"date" => "2010-03-29T19:51:35","version" => "0.9927"},{"date" => "2010-03-30T00:07:33","version" => "0.9928"},{"date" => "2010-03-31T07:37:38","version" => "0.9929"},{"date" => "2010-04-14T03:22:29","version" => "0.9930"},{"date" => "2010-04-17T06:54:58","version" => "0.9931"},{"date" => "2010-04-19T06:29:10","version" => "0.9932"},{"date" => "2010-04-27T21:35:45","version" => "0.9933"},{"date" => "2010-05-04T22:51:24","version" => "0.9934"},{"date" => "2010-05-05T22:21:08","version" => "0.9935"},{"date" => "2010-05-14T23:01:23","version" => "0.9936"},{"date" => "2010-05-15T06:14:20","version" => "0.9937"},{"date" => "2010-05-24T00:16:59","version" => "0.9938"},{"date" => "2010-07-03T01:04:03","version" => "0.9938"},{"date" => "2010-07-03T06:43:20","version" => "0.9940"},{"date" => "2010-07-09T01:22:49","version" => "0.9941"},{"date" => "2010-07-24T06:46:17","version" => "0.9942"},{"date" => "2010-07-30T20:26:59","version" => "0.9943"},{"date" => "2010-08-09T06:40:55","version" => "0.9944"},{"date" => "2010-08-19T23:32:19","version" => "0.9945"},{"date" => "2010-08-29T05:49:19","version" => "0.9946"},{"date" => "2010-09-09T09:27:05","version" => "0.9947"},{"date" => "2010-09-09T23:04:59","version" => "0.9948"},{"date" => "2010-09-14T19:01:11","version" => "0.9949"},{"date" => "2010-09-30T21:14:53","version" => "0.9950"},{"date" => "2010-10-25T21:19:36","version" => "0.9951"},{"date" => "2010-12-02T22:06:47","version" => "0.9952"},{"date" => "2010-12-03T22:52:23","version" => "0.9953"},{"date" => "2010-12-10T01:48:11","version" => "0.9954"},{"date" => "2010-12-10T02:03:59","version" => "0.9955"},{"date" => "2010-12-10T03:39:26","version" => "0.9956"},{"date" => "2010-12-16T19:33:28","version" => "0.9957"},{"date" => "2010-12-20T23:23:17","version" => "0.9958"},{"date" => "2010-12-21T19:58:23","version" => "0.9959"},{"date" => "2010-12-25T19:18:11","version" => "0.9960"},{"date" => "2011-01-08T05:54:56","version" => "0.9961"},{"date" => "2011-01-09T05:21:23","version" => "0.9962"},{"date" => "2011-01-11T00:51:33","version" => "0.9963"},{"date" => "2011-01-25T00:50:49","version" => "0.9964"},{"date" => "2011-01-25T07:13:52","version" => "0.9965"},{"date" => "2011-01-25T20:03:38","version" => "0.9966"},{"date" => "2011-01-25T22:27:44","version" => "0.9967"},{"date" => "2011-02-10T03:09:10","version" => "0.9968"},{"date" => "2011-02-19T05:56:47","version" => "0.9969"},{"date" => "2011-02-22T16:44:11","version" => "0.9970"},{"date" => "2011-02-23T22:07:39","version" => "0.9971"},{"date" => "2011-02-24T19:57:46","version" => "0.9972"},{"date" => "2011-02-26T17:48:50","version" => "0.9973"},{"date" => "2011-03-04T04:56:59","version" => "0.9974"},{"date" => "2011-03-24T18:38:08","version" => "0.99_75"},{"date" => "2011-04-09T01:29:10","version" => "0.9976"},{"date" => "2011-05-01T19:24:37","version" => "0.9977"},{"date" => "2011-05-04T18:31:01","version" => "0.9978"},{"date" => "2011-05-17T16:59:59","version" => "0.9979"},{"date" => "2011-06-07T03:29:28","version" => "0.9980"},{"date" => "2011-07-19T00:35:19","version" => "0.9981"},{"date" => "2011-07-19T20:14:06","version" => "0.9982"},{"date" => "2011-09-27T17:23:29","version" => "0.9983"},{"date" => "2011-10-03T16:57:23","version" => "0.9984"},{"date" => "2011-10-31T20:17:46","version" => "0.9985"},{"date" => "2012-03-12T18:29:44","version" => "0.9986"},{"date" => "2012-05-10T05:13:38","version" => "0.9987"},{"date" => "2012-05-11T10:27:33","version" => "0.9988"},{"date" => "2012-06-21T20:49:15","version" => "0.9989"},{"date" => "2012-07-18T18:17:16","version" => "0.9990"},{"date" => "2012-07-20T00:30:44","version" => "0.9991"},{"date" => "2012-07-20T02:12:14","version" => "1.0000"},{"date" => "2012-07-26T23:28:35","version" => "1.0001"},{"date" => "2012-08-14T00:09:45","version" => "1.0002"},{"date" => "2012-08-29T20:49:18","version" => "1.0003"},{"date" => "2012-09-20T02:21:25","version" => "1.0004"},{"date" => "2012-10-09T20:37:58","version" => "1.0005"},{"date" => "2012-10-18T23:10:01","version" => "1.0006"},{"date" => "2012-10-21T06:23:22","version" => "1.0007"},{"date" => "2012-10-23T01:54:12","version" => "1.0008"},{"date" => "2012-10-23T07:59:59","version" => "1.0009"},{"date" => "2012-11-02T20:33:36","version" => "1.0010"},{"date" => "2012-11-11T19:09:23","version" => "1.0011"},{"date" => "2012-11-14T20:02:29","version" => "1.0012"},{"date" => "2012-11-15T03:49:43","version" => "1.0013"},{"date" => "2012-12-03T18:30:20","version" => "1.0014"},{"date" => "2013-01-10T23:23:32","version" => "1.0015"},{"date" => "2013-01-31T21:28:36","version" => "1.0016"},{"date" => "2013-02-08T03:43:51","version" => "1.0017"},{"date" => "2013-03-08T18:47:51","version" => "1.0018"},{"date" => "2013-04-02T01:39:27","version" => "1.0019"},{"date" => "2013-04-02T02:39:03","version" => "1.0020"},{"date" => "2013-04-02T18:21:32","version" => "1.0021"},{"date" => "2013-04-02T19:38:30","version" => "1.0022"},{"date" => "2013-04-08T18:14:06","version" => "1.0023"},{"date" => "2013-05-01T17:07:27","version" => "1.0024"},{"date" => "2013-06-12T20:10:31","version" => "1.0025"},{"date" => "2013-06-13T06:01:17","version" => "1.0026"},{"date" => "2013-06-14T04:31:09","version" => "1.0027"},{"date" => "2013-06-15T08:44:43","version" => "1.0028"},{"date" => "2013-08-22T21:06:25","version" => "1.0029"},{"date" => "2013-11-23T07:55:52","version" => "1.0030"},{"date" => "2014-08-01T20:20:15","version" => "1.0031"},{"date" => "2014-10-04T18:14:01","version" => "1.0032"},{"date" => "2014-10-23T20:32:28","version" => "1.0033"},{"date" => "2015-02-02T20:44:19","version" => "1.0034"},{"date" => "2015-04-16T08:09:20","version" => "1.0035"},{"date" => "2015-06-03T19:03:39","version" => "1.0036"},{"date" => "2015-06-19T17:02:08","version" => "1.0037"},{"date" => "2015-11-25T20:37:51","version" => "1.0038"},{"date" => "2015-12-06T11:29:40","version" => "1.0039"},{"date" => "2016-04-01T16:58:21","version" => "1.0040"},{"date" => "2016-09-25T21:25:47","version" => "1.0041"},{"date" => "2016-09-29T05:38:42","version" => "1.0042"},{"date" => "2017-02-22T03:02:05","version" => "1.0043"},{"date" => "2017-04-27T17:48:20","version" => "1.0044"},{"date" => "2017-12-31T20:42:50","version" => "1.0045"},{"date" => "2018-02-10T07:52:31","version" => "1.0046"},{"date" => "2018-02-10T09:25:30","version" => "1.0047"},{"date" => "2020-11-30T00:21:36","version" => "1.0048"},{"date" => "2022-09-01T17:44:48","version" => "1.0049"},{"date" => "2022-09-05T15:48:11","version" => "1.0050"},{"date" => "2024-01-05T23:11:02","version" => "1.0051"},{"date" => "2024-09-30T20:39:33","version" => "1.0052"},{"date" => "2024-12-12T21:11:55","version" => "1.0053"}]},"Plack-Debugger" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Plack::Debugger","versions" => [{"date" => "2014-11-10T19:22:12","version" => "0.01"},{"date" => "2014-11-15T15:51:48","version" => "0.02"},{"date" => "2014-12-28T23:11:51","version" => "0.03"}]},"Plack-Middleware-Bootstrap" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Plack-Middleware-Bootstrap","fixed_versions" => [],"id" => "CPANSA-Plack-Middleware-Bootstrap-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "Plack::Middleware::Bootstrap","versions" => [{"date" => "2014-12-15T08:26:06","version" => "0.01"},{"date" => "2014-12-15T08:49:36","version" => "0.02"},{"date" => "2014-12-15T08:59:55","version" => "0.03"},{"date" => "2014-12-16T01:57:09","version" => "0.04"},{"date" => "2014-12-17T00:20:15","version" => "0.05"},{"date" => "2015-01-13T01:19:47","version" => "0.06"},{"date" => "2015-10-06T07:12:15","version" => "0.07"},{"date" => "2016-06-09T08:34:17","version" => "0.08"}]},"Plack-Middleware-Session" => {"advisories" => [{"affected_versions" => ["<=0.21"],"cves" => [],"description" => "Plack::Middleware::Session::Cookie 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server, when the middleware is enabled without a secret.\n","distribution" => "Plack-Middleware-Session","fixed_versions" => [">0.21"],"id" => "CPANSA-Plack-Middleware-Session-2014-01","references" => ["https://gist.github.com/miyagawa/2b8764af908a0dacd43d","https://metacpan.org/changes/distribution/Plack-Middleware-Session"],"reported" => "2014-08-11","severity" => "critical"},{"affected_versions" => ["<0.35"],"cves" => ["CVE-2025-40923"],"description" => "Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Plack-Middleware-Session","fixed_versions" => [">=0.35"],"id" => "CPANSA-Plack-Middleware-Session-2025-40923","references" => ["https://github.com/plack/Plack-Middleware-Session/commit/1fbfbb355e34e7f4b3906f66cf958cedadd2b9be.patch","https://github.com/plack/Plack-Middleware-Session/pull/52","https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.34/source/lib/Plack/Session/State.pm#L22","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Plack::Middleware::Session","versions" => [{"date" => "2009-12-15T18:59:13","version" => "0.01"},{"date" => "2009-12-19T19:27:38","version" => "0.02"},{"date" => "2010-01-07T22:12:43","version" => "0.03"},{"date" => "2010-01-30T21:46:53","version" => "0.09_01"},{"date" => "2010-01-31T07:17:07","version" => "0.09_02"},{"date" => "2010-02-03T04:46:20","version" => "0.09_03"},{"date" => "2010-02-23T03:16:31","version" => "0.10"},{"date" => "2010-02-27T10:47:17","version" => "0.11"},{"date" => "2010-07-07T22:55:18","version" => "0.12"},{"date" => "2010-12-22T17:00:14","version" => "0.13"},{"date" => "2011-03-29T20:50:06","version" => "0.14"},{"date" => "2012-09-04T21:16:35","version" => "0.15"},{"date" => "2013-02-10T19:43:11","version" => "0.16"},{"date" => "2013-02-11T23:45:49","version" => "0.17"},{"date" => "2013-02-12T10:57:14","version" => "0.17"},{"date" => "2013-06-24T23:09:39","version" => "0.20"},{"date" => "2013-10-12T18:42:26","version" => "0.21"},{"date" => "2014-08-11T17:18:03","version" => "0.22"},{"date" => "2014-08-11T17:23:40","version" => "0.23"},{"date" => "2014-09-05T11:48:57","version" => "0.24"},{"date" => "2014-09-29T03:07:54","version" => "0.25"},{"date" => "2015-02-03T08:17:55","version" => "0.26"},{"date" => "2015-02-14T00:52:35","version" => "0.27"},{"date" => "2015-02-16T16:30:31","version" => "0.28"},{"date" => "2015-02-17T23:57:32","version" => "0.29"},{"date" => "2015-03-02T18:25:56","version" => "0.30"},{"date" => "2019-02-26T19:01:59","version" => "0.31"},{"date" => "2019-02-26T21:36:43","version" => "0.32"},{"date" => "2019-03-09T23:19:27","version" => "0.33"},{"date" => "2024-09-23T16:54:44","version" => "0.34"},{"date" => "2025-07-07T22:51:18","version" => "0.35"},{"date" => "2025-07-23T19:02:02","version" => "0.36"}]},"Plack-Middleware-Session-Simple" => {"advisories" => [{"affected_versions" => ["<0.05"],"cves" => ["CVE-2025-40926"],"description" => "Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.  Plack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923.","distribution" => "Plack-Middleware-Session-Simple","fixed_versions" => [">=0.05"],"id" => "CPANSA-Plack-Middleware-Session-Simple-2025-40926","references" => ["https://github.com/kazeburo/Plack-Middleware-Session-Simple/commit/760bb358b8f53e52cf415888a4ac858fd99bb24e.patch","https://github.com/kazeburo/Plack-Middleware-Session-Simple/pull/4","https://metacpan.org/release/KAZEBURO/Plack-Middleware-Session-Simple-0.04/source/lib/Plack/Middleware/Session/Simple.pm#L43","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://www.cve.org/CVERecord?id=CVE-2025-40923"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Plack::Middleware::Session::Simple","versions" => [{"date" => "2013-10-25T05:18:35","version" => "0.01"},{"date" => "2013-10-27T14:44:57","version" => "0.02"},{"date" => "2014-10-20T14:22:04","version" => "0.03"},{"date" => "2018-03-03T04:50:44","version" => "0.04"},{"date" => "2026-03-08T14:44:02","version" => "0.05"}]},"Plack-Middleware-StaticShared" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "Vulnerability of directory traversal.\n","distribution" => "Plack-Middleware-StaticShared","fixed_versions" => [">=0.04"],"id" => "CPANSA-Plack-Middleware-StaticShared-2012-01","references" => ["https://metacpan.org/dist/Plack-Middleware-StaticShared/changes"],"reported" => "2012-04-26","severity" => undef}],"main_module" => "Plack::Middleware::StaticShared","versions" => [{"date" => "2010-12-03T11:42:11","version" => "0.01"},{"date" => "2011-08-03T00:32:41","version" => "0.02"},{"date" => "2011-08-10T14:36:03","version" => "0.03"},{"date" => "2012-04-26T03:37:11","version" => "0.04"},{"date" => "2013-01-24T10:40:54","version" => "0.05"},{"date" => "2016-06-09T03:53:36","version" => "0.06"}]},"Plack-Middleware-Statsd" => {"advisories" => [{"affected_versions" => ["<0.8.0"],"cves" => [],"description" => "Stats for request methods are only counted for ASCII words, anything else is counted as 'other'. Stats for content types are only counted for well-formed types.","distribution" => "Plack-Middleware-Statsd","fixed_versions" => [">=0.8.0"],"id" => "CPANSA-Plack-Middleware-Statsd-2025-001","references" => ["https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-m5mc-hhfv-6rjf","https://github.com/briandfoy/cpan-security-advisory/issues/198","https://metacpan.org/dist/Plack-Middleware-Statsd/changes"],"reported" => "2025-05-13","severity" => undef}],"main_module" => "Plack::Middleware::Statsd","versions" => [{"date" => "2018-01-31T18:15:11","version" => "v0.1.0"},{"date" => "2018-02-01T14:21:59","version" => "v0.1.1"},{"date" => "2018-02-01T17:21:50","version" => "v0.2.0"},{"date" => "2018-02-05T14:17:24","version" => "v0.2.1"},{"date" => "2018-02-06T11:11:05","version" => "v0.3.0"},{"date" => "2018-02-10T23:24:24","version" => "v0.3.1"},{"date" => "2018-02-10T23:37:02","version" => "v0.3.2"},{"date" => "2018-02-13T15:25:33","version" => "v0.3.3"},{"date" => "2018-03-01T15:40:24","version" => "v0.3.4"},{"date" => "2018-05-31T20:20:12","version" => "v0.3.5"},{"date" => "2018-10-16T21:39:35","version" => "v0.3.6"},{"date" => "2018-10-19T15:07:45","version" => "v0.3.7"},{"date" => "2018-11-30T01:31:20","version" => "v0.3.8"},{"date" => "2018-11-30T16:00:44","version" => "v0.3.9"},{"date" => "2019-12-18T23:46:32","version" => "v0.3.10"},{"date" => "2020-03-21T00:25:26","version" => "v0.4.0"},{"date" => "2020-03-21T17:16:50","version" => "v0.4.1"},{"date" => "2020-03-21T18:28:58","version" => "v0.4.2"},{"date" => "2020-03-23T09:00:09","version" => "v0.4.3"},{"date" => "2020-04-30T13:05:15","version" => "v0.4.4"},{"date" => "2020-05-11T17:29:43","version" => "v0.4.5"},{"date" => "2021-04-21T15:52:11","version" => "v0.4.6"},{"date" => "2021-04-27T15:48:15","version" => "v0.4.7"},{"date" => "2021-06-15T16:04:11","version" => "v0.5.0"},{"date" => "2021-07-03T13:09:16","version" => "v0.5.1"},{"date" => "2022-07-26T15:50:57","version" => "v0.6.0"},{"date" => "2022-09-02T15:06:07","version" => "v0.6.1"},{"date" => "2022-12-11T16:07:55","version" => "v0.6.2"},{"date" => "2023-06-15T18:46:16","version" => "v0.6.3"},{"date" => "2024-07-13T11:52:52","version" => "v0.7.0"},{"date" => "2024-07-20T11:53:49","version" => "v0.7.1"},{"date" => "2025-05-13T12:08:27","version" => "v0.8.0"},{"date" => "2025-08-07T12:10:59","version" => "v0.8.1"},{"date" => "2025-08-16T11:12:13","version" => "v0.8.2"}]},"Plack-Middleware-XSRFBlock" => {"advisories" => [{"affected_versions" => ["<0.0.19"],"cves" => ["CVE-2023-52431"],"description" => "When not using signed cookies, it was possible to bypass XSRFBlock by POSTing an empty form value and an empty cookie\n","distribution" => "Plack-Middleware-XSRFBlock","fixed_versions" => [">=0.0.19"],"id" => "CPANSA-Plack-Middleware-XSRFBlock-20230714-01","references" => ["https://metacpan.org/dist/Plack-Middleware-XSRFBlock/changes","https://metacpan.org/release/DAKKAR/Plack-Middleware-XSRFBlock-0.0.19/source/Changes","https://nvd.nist.gov/vuln/detail/CVE-2023-52431"],"reported" => "2023-07-14","severity" => undef}],"main_module" => "Plack::Middleware::XSRFBlock","versions" => [{"date" => "2013-06-20T11:01:27","version" => "0.0.0_01"},{"date" => "2013-06-21T14:07:31","version" => "0.0.0_02"},{"date" => "2013-06-21T14:48:20","version" => "0.0.0_03"},{"date" => "2013-06-21T15:04:00","version" => "0.0.0_04"},{"date" => "2013-06-23T23:30:14","version" => "0.0.0_05"},{"date" => "2013-10-21T15:36:45","version" => "0.0.1"},{"date" => "2014-03-28T11:34:07","version" => "0.0.2"},{"date" => "2014-06-24T15:02:09","version" => "0.0.3"},{"date" => "2014-07-09T12:44:23","version" => "0.0.4"},{"date" => "2014-07-22T15:29:19","version" => "0.0.5"},{"date" => "2014-08-05T20:48:41","version" => "0.0.6"},{"date" => "2014-08-28T16:51:49","version" => "0.0.7"},{"date" => "2014-09-18T08:03:26","version" => "0.0.8"},{"date" => "2014-10-13T10:16:45","version" => "0.0.9"},{"date" => "2015-07-18T22:04:22","version" => "0.0.10"},{"date" => "2015-09-07T16:45:50","version" => "0.0.11"},{"date" => "2017-07-13T10:36:46","version" => "0.0.12"},{"date" => "2018-07-23T11:02:29","version" => "0.0.13"},{"date" => "2018-07-23T16:19:18","version" => "0.0.14"},{"date" => "2018-07-24T12:45:15","version" => "0.0.15"},{"date" => "2018-07-25T13:24:47","version" => "0.0.16"},{"date" => "2022-10-17T09:58:14","version" => "0.0.17"},{"date" => "2023-07-13T09:16:48","version" => "0.0.18"},{"date" => "2023-07-14T09:17:25","version" => "0.0.19"}]},"Pod-Perldoc" => {"advisories" => [{"affected_versions" => ["<3.26"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Pod-Perldoc","fixed_versions" => [">=3.26"],"id" => "CPANSA-Pod-Perldoc-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Pod::Perldoc","versions" => [{"date" => "2002-11-11T10:33:54","version" => "3.04"},{"date" => "2002-11-12T05:04:50","version" => "3.05"},{"date" => "2002-11-22T10:04:59","version" => "3.06"},{"date" => "2002-12-02T05:24:12","version" => "3.07"},{"date" => "2003-01-19T03:50:24","version" => "3.08"},{"date" => "2003-07-24T14:38:18","version" => "3.09"},{"date" => "2003-09-11T07:02:58","version" => "3.10"},{"date" => "2003-10-12T23:01:05","version" => "3.11"},{"date" => "2003-10-22T01:02:23","version" => "3.12"},{"date" => "2004-04-10T02:26:31","version" => "3.13"},{"date" => "2004-11-30T22:34:04","version" => "3.14"},{"date" => "2007-08-23T12:55:53","version" => "3.14_01"},{"date" => "2007-08-23T18:18:55","version" => "3.14_02"},{"date" => "2007-09-04T13:39:37","version" => "3.14_03"},{"date" => "2008-04-16T14:37:04","version" => "3.14_04"},{"date" => "2008-04-22T18:26:25","version" => "3.14_05"},{"date" => "2008-05-03T00:43:47","version" => "3.14_06"},{"date" => "2008-05-08T14:33:08","version" => "3.14_07"},{"date" => "2008-11-01T15:01:44","version" => "3.15"},{"date" => "2009-09-30T17:29:52","version" => "3.15_01"},{"date" => "2011-11-13T23:32:29","version" => "3.15_08"},{"date" => "2011-11-14T19:38:57","version" => "3.15_09"},{"date" => "2011-11-20T01:58:40","version" => "3.15_10"},{"date" => "2011-11-29T19:10:49","version" => "3.15_11"},{"date" => "2011-12-09T13:03:26","version" => "3.15_12"},{"date" => "2011-12-14T10:17:10","version" => "3.15_13"},{"date" => "2011-12-18T16:08:00","version" => "3.15_14"},{"date" => "2012-01-06T16:47:58","version" => "3.15_15"},{"date" => "2012-03-17T05:02:18","version" => "3.16"},{"date" => "2012-03-18T03:01:03","version" => "3.17"},{"date" => "2013-01-28T04:11:09","version" => "3.18"},{"date" => "2013-01-28T04:33:05","version" => "3.19"},{"date" => "2013-01-29T02:56:49","version" => "3.19_01"},{"date" => "2013-04-27T05:51:04","version" => "3.20"},{"date" => "2013-11-19T17:18:23","version" => "3.21_01"},{"date" => "2014-01-06T02:28:01","version" => "3.21"},{"date" => "2014-01-31T05:43:36","version" => "3.22_01"},{"date" => "2014-02-05T05:17:44","version" => "3.22_02"},{"date" => "2014-02-23T19:09:39","version" => "3.23"},{"date" => "2014-08-16T16:52:05","version" => "3.23_01"},{"date" => "2014-08-19T03:49:18","version" => "3.24"},{"date" => "2014-09-10T03:32:34","version" => "3.24_01"},{"date" => "2015-01-21T03:18:32","version" => "3.24_02"},{"date" => "2015-02-12T03:13:45","version" => "3.25"},{"date" => "2016-01-12T14:43:09","version" => "3.25_02"},{"date" => "2016-07-28T04:44:07","version" => "3.26"},{"date" => "2016-07-30T16:09:06","version" => "3.26_01"},{"date" => "2016-08-02T16:35:03","version" => "3.26_02"},{"date" => "2016-08-03T20:48:54","version" => "3.27"},{"date" => "2016-10-16T02:46:57","version" => "3.27_01"},{"date" => "2017-03-01T22:00:04","version" => "3.27_02"},{"date" => "2017-03-16T01:14:07","version" => "3.28"},{"date" => "2023-12-06T07:21:16","version" => "3.28_01"},{"date" => "2025-02-16T02:15:19","version" => "3.29"},{"date" => "2010-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011005","version" => "3.15_02"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "3.15_03"},{"date" => "2011-06-16T00:00:00","dual_lived" => 1,"perl_release" => "5.014001","version" => "3.15_04"},{"date" => "2011-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015","version" => "3.15_05"},{"date" => "2011-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015001","version" => "3.15_06"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "3.15_07"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "3.25_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "3.25_03"},{"date" => "2017-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027005","version" => "3.2801"}]},"Prima-codecs-win32" => {"advisories" => [{"affected_versions" => [">=1.00,<=1.01"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "Prima-codecs-win32","fixed_versions" => [],"id" => "CPANSA-Prima-codecs-win32-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"}],"main_module" => "Prima::codecs::win32","versions" => [{"date" => "2008-04-19T17:18:34","version" => "1.00"},{"date" => "2008-04-28T19:10:04","version" => "1.01"}]},"Prima-codecs-win64" => {"advisories" => [{"affected_versions" => [">=1.01,<=1.02"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "Prima-codecs-win64","fixed_versions" => [],"id" => "CPANSA-Prima-codecs-win64-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"}],"main_module" => "Prima::codecs::win64","versions" => [{"date" => "2011-03-26T20:49:34","version" => "1.01"},{"date" => "2012-02-07T19:35:40","version" => "1.02"}]},"Proc-Daemon" => {"advisories" => [{"affected_versions" => ["<0.14"],"cves" => ["CVE-2013-7135"],"description" => "The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.\n","distribution" => "Proc-Daemon","fixed_versions" => [],"id" => "CPANSA-Proc-Daemon-2013-7135","references" => ["http://www.openwall.com/lists/oss-security/2014/01/07/7","http://www.openwall.com/lists/oss-security/2013/12/16/5","http://www.openwall.com/lists/oss-security/2013/12/18/2","https://rt.cpan.org/Public/Bug/Display.html?id=91450","http://www.mandriva.com/security/advisories?name=MDVSA-2014:021"],"reported" => "2014-01-28","severity" => undef}],"main_module" => "Proc::Daemon","versions" => [{"date" => "1998-01-27T18:42:37","version" => "0.01"},{"date" => "1999-04-17T19:55:07","version" => "0.02"},{"date" => "2003-06-19T22:58:30","version" => "0.03"},{"date" => "2010-10-23T23:11:32","version" => "0.04"},{"date" => "2010-10-28T20:25:50","version" => "0.05"},{"date" => "2011-01-17T22:14:07","version" => "0.06"},{"date" => "2011-02-17T19:34:32","version" => "0.07"},{"date" => "2011-03-13T17:38:15","version" => "0.08"},{"date" => "2011-03-15T07:05:00","version" => "0.09"},{"date" => "2011-04-01T19:26:32","version" => "0.10"},{"date" => "2011-05-23T14:48:37","version" => "0.11"},{"date" => "2011-05-24T17:12:19","version" => "0.12"},{"date" => "2011-06-01T11:39:51","version" => "0.13"},{"date" => "2011-06-03T09:06:45","version" => "0.14"},{"date" => "2015-01-22T00:22:38","version" => "0.15"},{"date" => "2015-01-23T00:10:30","version" => "0.16"},{"date" => "2015-01-23T23:23:49","version" => "0.17"},{"date" => "2015-01-27T01:03:25","version" => "0.18"},{"date" => "2015-03-22T09:37:55","version" => "0.19"},{"date" => "2015-06-24T04:34:03","version" => "0.20"},{"date" => "2015-08-07T01:52:52","version" => "0.21"},{"date" => "2015-10-29T00:30:34","version" => "0.22"},{"date" => "2016-01-01T18:51:05","version" => "0.23"}]},"Proc-ProcessTable" => {"advisories" => [{"affected_versions" => [">=0.45,<0.47"],"cves" => ["CVE-2011-4363"],"description" => "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.\n","distribution" => "Proc-ProcessTable","fixed_versions" => [">=0.47"],"id" => "CPANSA-Proc-ProcessTable-2011-4363","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500","http://www.osvdb.org/77428","http://www.openwall.com/lists/oss-security/2011/11/30/2","http://www.securityfocus.com/bid/50868","https://rt.cpan.org/Public/Bug/Display.html?id=72862","http://www.openwall.com/lists/oss-security/2011/11/30/3","http://secunia.com/advisories/47015","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"],"reported" => "2012-10-07","severity" => undef}],"main_module" => "Proc::ProcessTable","versions" => [{"date" => "1998-07-23T12:59:39","version" => "0.01"},{"date" => "1998-07-24T12:50:40","version" => "0.02"},{"date" => "1998-07-26T13:18:26","version" => "0.03"},{"date" => "1998-08-15T21:22:20","version" => "0.04"},{"date" => "1998-12-09T23:53:30","version" => "0.05"},{"date" => "1998-12-10T04:51:19","version" => "0.06"},{"date" => "1999-02-05T03:21:51","version" => "0.08"},{"date" => "1999-02-20T04:27:53","version" => "0.09"},{"date" => "1999-02-20T16:36:14","version" => "0.10"},{"date" => "1999-03-07T00:16:52","version" => "0.11"},{"date" => "1999-03-21T16:07:46","version" => "0.12"},{"date" => "1999-05-14T02:10:41","version" => "0.13"},{"date" => "1999-05-16T01:22:45","version" => "0.14"},{"date" => "1999-06-02T02:39:22","version" => "0.15"},{"date" => "1999-08-10T03:45:58","version" => "0.16"},{"date" => "1999-08-19T15:45:19","version" => "0.17"},{"date" => "1999-08-19T17:44:22","version" => "0.18"},{"date" => "1999-09-09T02:45:48","version" => "0.20"},{"date" => "1999-09-10T16:51:02","version" => "0.21"},{"date" => "1999-10-05T12:34:33","version" => "0.22"},{"date" => "1999-11-01T13:55:15","version" => "0.23"},{"date" => "2000-01-20T20:57:35","version" => "0.24"},{"date" => "2000-02-03T16:28:46","version" => "0.25"},{"date" => "2000-02-11T21:56:23","version" => "0.26"},{"date" => "2000-06-29T12:38:46","version" => "0.27"},{"date" => "2000-08-14T09:25:19","version" => "0.28"},{"date" => "2001-01-09T12:47:49","version" => "0.29"},{"date" => "2001-03-08T02:57:16","version" => "0.30"},{"date" => "2001-06-01T12:39:15","version" => "0.31"},{"date" => "2001-08-20T02:41:52","version" => "0.32"},{"date" => "2001-10-16T13:32:04","version" => "0.33"},{"date" => "2002-02-25T03:17:15","version" => "0.34"},{"date" => "2002-07-03T04:31:57","version" => "0.35"},{"date" => "2002-11-08T02:31:59","version" => "0.36"},{"date" => "2002-11-08T14:59:11","version" => "0.37"},{"date" => "2002-12-07T03:33:51","version" => "0.38"},{"date" => "2003-10-03T17:45:51","version" => "0.39"},{"date" => "2005-07-11T01:33:32","version" => "0.40"},{"date" => "2006-07-01T04:27:59","version" => "0.41"},{"date" => "2008-01-26T05:34:53","version" => "0.42"},{"date" => "2008-07-18T04:05:51","version" => "0.43"},{"date" => "2008-07-25T14:29:08","version" => "0.44"},{"date" => "2008-09-08T15:39:40","version" => "0.45"},{"date" => "2012-10-19T13:58:48","version" => "0.46"},{"date" => "2013-02-16T16:06:35","version" => "0.47"},{"date" => "2013-05-26T22:20:21","version" => "0.48"},{"date" => "2013-12-05T23:31:39","version" => "0.49"},{"date" => "2013-12-15T15:47:54","version" => "0.50"},{"date" => "2014-05-17T21:03:43","version" => "0.50_01"},{"date" => "2014-10-17T22:56:58","version" => "0.51"},{"date" => "2015-08-23T10:12:37","version" => "0.52"},{"date" => "2015-08-24T19:36:41","version" => "0.53"},{"date" => "2018-02-01T21:02:36","version" => "0.54"},{"date" => "2018-02-01T21:57:51","version" => "0.55"},{"date" => "2019-02-07T22:38:02","version" => "0.56"},{"date" => "2019-06-14T21:16:11","version" => "0.56_01"},{"date" => "2019-06-15T11:28:52","version" => "0.56_02"},{"date" => "2019-06-15T18:56:51","version" => "0.57"},{"date" => "2019-06-15T19:20:02","version" => "0.58"},{"date" => "2019-06-20T19:35:05","version" => "0.59"},{"date" => "2021-08-14T16:19:38","version" => "0.60"},{"date" => "2021-08-17T22:50:12","version" => "0.61"},{"date" => "2021-08-18T06:57:20","version" => "0.611"},{"date" => "2021-09-08T10:39:21","version" => "0.612"},{"date" => "2021-09-13T14:03:14","version" => "0.62"},{"date" => "2021-09-26T21:58:24","version" => "0.631"},{"date" => "2021-09-26T22:35:32","version" => "0.632"},{"date" => "2021-09-26T23:01:20","version" => "0.633"},{"date" => "2021-09-26T23:04:23","version" => "0.634"},{"date" => "2023-05-08T06:51:59","version" => "0.635"},{"date" => "2023-06-21T06:25:43","version" => "0.636"},{"date" => "2025-07-28T20:23:29","version" => "0.637"}]},"RPC-XML" => {"advisories" => [{"affected_versions" => ["<0.45"],"cves" => [],"description" => "A a potential security hole in the parsing of external entities.\n","distribution" => "RPC-XML","fixed_versions" => [">=0.45"],"id" => "CPANSA-RPC-XML-2002-01","references" => ["https://metacpan.org/dist/RPC-XML/changes"],"reported" => "2002-10-29"}],"main_module" => "RPC::XML","versions" => [{"date" => "2001-06-13T06:30:46","version" => "0.25"},{"date" => "2001-06-27T06:18:37","version" => "0.26"},{"date" => "2001-07-08T23:38:52","version" => "0.27"},{"date" => "2001-10-08T05:10:22","version" => "0.28"},{"date" => "2001-12-03T07:08:58","version" => "0.29"},{"date" => "2002-01-03T09:49:30","version" => "0.30"},{"date" => "2002-01-28T00:48:45","version" => "0.35"},{"date" => "2002-01-29T20:03:48","version" => "0.36"},{"date" => "2002-03-23T06:39:00","version" => "0.37"},{"date" => "2002-05-04T07:56:19","version" => "0.40"},{"date" => "2002-05-22T10:04:14","version" => "0.41"},{"date" => "2002-08-01T08:41:21","version" => "0.42"},{"date" => "2002-08-19T05:56:10","version" => "0.43"},{"date" => "2002-08-31T06:58:58","version" => "0.44"},{"date" => "2002-10-30T05:15:04","version" => "0.45"},{"date" => "2002-12-30T07:51:25","version" => "0.46"},{"date" => "2003-01-27T11:37:20","version" => "0.50"},{"date" => "2003-01-30T09:36:24","version" => "0.51"},{"date" => "2003-02-10T09:48:58","version" => "0.52"},{"date" => "2003-02-25T09:25:51","version" => "0.53"},{"date" => "2004-04-14T12:55:46","version" => "0.54"},{"date" => "2004-11-30T09:27:12","version" => "0.55"},{"date" => "2004-12-09T09:29:34","version" => "0.56"},{"date" => "2004-12-24T11:07:31","version" => "0.57"},{"date" => "2005-05-12T10:47:19","version" => "0.58"},{"date" => "2006-06-30T07:56:12","version" => "0.59"},{"date" => "2008-04-09T17:59:42","version" => "0.60"},{"date" => "2008-09-15T10:19:12","version" => "0.61"},{"date" => "2008-09-19T09:16:21","version" => "0.62"},{"date" => "2008-09-19T09:28:08","version" => "0.63"},{"date" => "2008-09-29T11:24:26","version" => "0.64"},{"date" => "2009-06-17T13:19:54","version" => "0.65"},{"date" => "2009-07-09T14:42:56","version" => "0.66"},{"date" => "2009-07-10T08:34:44","version" => "0.67"},{"date" => "2009-09-03T17:37:20","version" => "0.69"},{"date" => "2009-12-07T06:33:13","version" => "0.70"},{"date" => "2009-12-08T04:11:10","version" => "0.71"},{"date" => "2009-12-14T05:48:11","version" => "0.72"},{"date" => "2010-03-17T05:55:29","version" => "0.73"},{"date" => "2011-01-23T21:08:04","version" => "0.74"},{"date" => "2011-08-14T00:40:40","version" => "0.75"},{"date" => "2011-08-21T19:48:16","version" => "0.76"},{"date" => "2012-09-03T18:58:22","version" => "0.77"},{"date" => "2014-02-07T04:15:00","version" => "0.78"},{"date" => "2015-05-01T16:02:19","version" => "0.79"},{"date" => "2016-05-08T20:17:31","version" => "0.80"},{"date" => "2021-01-06T02:49:51","version" => "0.81"},{"date" => "2021-01-06T18:05:35","version" => "0.82"}]},"RT-Authen-ExternalAuth" => {"advisories" => [{"affected_versions" => ["<0.27"],"cves" => ["CVE-2017-5361"],"description" => "Timing sidechannel vulnerability in password checking.\n","distribution" => "RT-Authen-ExternalAuth","fixed_versions" => [">=0.27"],"id" => "CPANSA-RT-Authen-ExternalAuth-2017-01","references" => ["https://metacpan.org/changes/distribution/RT-Authen-ExternalAuth"],"reported" => "2017-06-15"}],"main_module" => "RT::Authen::ExternalAuth","versions" => [{"date" => "2008-03-13T16:16:36","version" => "0.01"},{"date" => "2008-03-17T13:34:40","version" => "0.02"},{"date" => "2008-03-31T14:55:18","version" => "0.03"},{"date" => "2008-04-03T14:20:36","version" => "0.04"},{"date" => "2008-04-09T08:57:51","version" => "0.05"},{"date" => "2008-10-17T13:22:11","version" => "0.06_01"},{"date" => "2008-10-17T16:41:34","version" => "0.06_02"},{"date" => "2008-10-31T12:08:54","version" => "0.06_02"},{"date" => "2008-11-01T18:23:27","version" => "0.06_02"},{"date" => "2008-11-06T21:16:42","version" => "0.06_02"},{"date" => "2008-12-22T22:08:06","version" => "0.07_02"},{"date" => "2009-01-20T21:09:48","version" => "0.07_02"},{"date" => "2009-01-24T13:52:42","version" => "0.07_02"},{"date" => "2011-02-19T00:43:35","version" => "0.08_01"},{"date" => "2011-04-15T19:46:43","version" => "0.08_02"},{"date" => "2011-05-06T21:08:52","version" => "0.09"},{"date" => "2012-01-23T17:51:41","version" => "0.09_01"},{"date" => "2012-01-26T18:48:51","version" => "0.09_02"},{"date" => "2012-01-27T23:07:12","version" => "0.09_03"},{"date" => "2012-02-17T16:34:10","version" => "0.10"},{"date" => "2012-02-23T16:31:54","version" => "0.10_01"},{"date" => "2012-07-25T08:57:21","version" => "0.11"},{"date" => "2012-07-25T18:36:36","version" => "0.11"},{"date" => "2012-10-26T19:59:54","version" => "0.12"},{"date" => "2013-01-31T19:22:43","version" => "0.13"},{"date" => "2013-05-22T21:28:15","version" => "0.14"},{"date" => "2013-05-23T00:20:43","version" => "0.15"},{"date" => "2013-06-27T19:24:37","version" => "0.16"},{"date" => "2013-07-10T19:43:08","version" => "0.17"},{"date" => "2014-03-07T22:19:49","version" => "0.18"},{"date" => "2014-04-04T17:21:04","version" => "0.19"},{"date" => "2014-04-09T19:34:29","version" => "0.20"},{"date" => "2014-07-02T02:20:30","version" => "0.21"},{"date" => "2014-08-14T04:04:28","version" => "0.22_01"},{"date" => "2014-08-14T17:28:53","version" => "0.23"},{"date" => "2014-09-30T22:04:16","version" => "0.23_01"},{"date" => "2014-10-09T16:24:49","version" => "0.24"},{"date" => "2014-10-16T20:59:29","version" => "0.25"},{"date" => "2016-08-02T16:14:34","version" => "0.26"},{"date" => "2017-06-15T18:44:24","version" => "0.27"}]},"RT-Extension-MobileUI" => {"advisories" => [{"affected_versions" => ["<1.02"],"cves" => ["CVE-2012-2769"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page.\n","distribution" => "RT-Extension-MobileUI","fixed_versions" => [">=1.02"],"id" => "CPANSA-RT-Extension-MobileUI-2012-01","references" => ["https://metacpan.org/changes/distribution/RT-Extension-MobileUI"],"reported" => "2012-05-18"}],"main_module" => "RT::Extension::MobileUI","versions" => [{"date" => "2010-08-05T20:58:09","version" => "0.9"},{"date" => "2010-08-06T15:38:53","version" => "0.91"},{"date" => "2010-08-06T15:58:11","version" => "0.92"},{"date" => "2010-08-06T17:55:08","version" => "0.93"},{"date" => "2010-08-09T13:36:43","version" => "0.94"},{"date" => "2010-08-09T13:44:33","version" => "0.95"},{"date" => "2010-08-26T21:28:07","version" => "0.96"},{"date" => "2010-09-06T18:11:56","version" => "0.96"},{"date" => "2010-10-28T15:50:29","version" => "0.98"},{"date" => "2010-10-29T14:08:08","version" => "0.99"},{"date" => "2010-11-19T18:11:43","version" => "1.00"},{"date" => "2010-12-08T16:36:01","version" => "1.01"},{"date" => "2012-07-25T08:57:33","version" => "1.02"},{"date" => "2012-07-25T18:36:52","version" => "1.02"},{"date" => "2012-08-27T16:42:55","version" => "1.03"},{"date" => "2013-06-12T19:09:14","version" => "1.04"},{"date" => "2013-08-13T18:06:54","version" => "1.05"},{"date" => "2014-04-23T20:25:25","version" => "1.06"},{"date" => "2014-04-23T20:26:56","version" => "1.07"}]},"RTMP-Client" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "TBD\n","distribution" => "RTMP-Client","fixed_versions" => [">=0.04"],"id" => "CPANSA-RTMP-Client-2011-01","references" => ["https://metacpan.org/changes/distribution/RTMP-Client"],"reported" => "2011-12-01"}],"main_module" => "RTMP::Client","versions" => [{"date" => "2011-07-26T08:17:20","version" => "0.01"},{"date" => "2011-07-27T02:09:05","version" => "0.02"},{"date" => "2011-07-27T02:17:06","version" => "0.03"},{"date" => "2011-12-01T08:59:19","version" => "0.04"}]},"Redis-Fast" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.14"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => [">=0.15,<=0.16"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => [">=0.17,<=0.26"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => [">=0.27,<=0.31"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"}],"main_module" => "Redis::Fast","versions" => [{"date" => "2013-10-10T16:48:55","version" => "0.01"},{"date" => "2013-10-13T13:31:18","version" => "0.02"},{"date" => "2013-10-16T12:17:21","version" => "0.03"},{"date" => "2013-12-10T02:59:49","version" => "0.04"},{"date" => "2013-12-20T02:25:52","version" => "0.05"},{"date" => "2014-02-01T02:03:01","version" => "0.06"},{"date" => "2014-05-17T07:23:45","version" => "0.07"},{"date" => "2014-05-31T03:52:00","version" => "0.08"},{"date" => "2014-07-08T15:52:19","version" => "0.09"},{"date" => "2014-07-16T01:00:34","version" => "0.10"},{"date" => "2014-07-16T02:35:51","version" => "0.11"},{"date" => "2014-09-08T16:22:31","version" => "0.12"},{"date" => "2014-10-16T11:25:20","version" => "0.13"},{"date" => "2014-12-07T13:36:56","version" => "0.14"},{"date" => "2015-03-10T14:15:01","version" => "0.15"},{"date" => "2015-03-12T02:37:40","version" => "0.16"},{"date" => "2016-01-23T06:47:00","version" => "0.17"},{"date" => "2016-01-26T13:13:22","version" => "0.18"},{"date" => "2016-12-20T11:37:58","version" => "0.19"},{"date" => "2017-02-25T22:54:41","version" => "0.20"},{"date" => "2018-01-28T01:08:06","version" => "0.21"},{"date" => "2018-08-12T06:30:24","version" => "0.22"},{"date" => "2019-05-29T11:24:31","version" => "0.23"},{"date" => "2019-08-19T22:59:06","version" => "0.24"},{"date" => "2019-08-20T02:35:05","version" => "0.25"},{"date" => "2020-05-02T04:21:12","version" => "0.26"},{"date" => "2020-08-08T22:48:49","version" => "0.27"},{"date" => "2020-11-01T23:10:16","version" => "0.28"},{"date" => "2021-01-17T10:40:10","version" => "0.29"},{"date" => "2021-05-07T13:10:39","version" => "0.30"},{"date" => "2021-07-04T06:57:25","version" => "0.31"},{"date" => "2021-10-16T07:19:44","version" => "0.32"},{"date" => "2021-10-30T11:33:21","version" => "0.33"},{"date" => "2022-06-07T22:23:52","version" => "0.34"},{"date" => "2022-11-19T06:52:56","version" => "0.35"},{"date" => "2023-07-05T20:28:55","version" => "0.36"},{"date" => "2024-03-08T16:30:57","version" => "0.37"}]},"Redis-hiredis" => {"advisories" => [{"affected_versions" => ["==0.9.2,>=0.9.2.1,<0.9.2.8"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => ["==0.10.1"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => ["==0.10.2"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"},{"affected_versions" => ["==0.11.0"],"cves" => ["CVE-2020-7105"],"description" => "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2020-7105-hiredis","references" => ["https://github.com/redis/hiredis/issues/747","https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/"],"reported" => "2020-01-16","severity" => "high"}],"main_module" => "Redis::hiredis","versions" => [{"date" => "2010-08-29T15:04:34","version" => "v0.0.1"},{"date" => "2010-08-31T21:10:48","version" => "v0.0.2"},{"date" => "2010-11-03T03:16:19","version" => "v0.0.3"},{"date" => "2010-12-23T22:44:49","version" => "0.9.2"},{"date" => "2010-12-24T15:19:10","version" => "0.9.2.1"},{"date" => "2011-01-03T14:51:09","version" => "0.9.2.2"},{"date" => "2011-01-09T01:19:16","version" => "0.9.2.3"},{"date" => "2011-02-19T17:57:38","version" => "0.9.2.4"},{"date" => "2011-02-20T02:07:52","version" => "0.9.2.5"},{"date" => "2011-03-01T01:47:19","version" => "0.9.2.6"},{"date" => "2012-04-07T15:01:24","version" => "0.10.1"},{"date" => "2012-06-28T14:54:48","version" => "0.10.2"},{"date" => "2013-04-02T14:14:24","version" => "v0.11.0"}]},"Redland" => {"advisories" => [{"affected_versions" => ["==0.9.13,==0.9.13.2"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==0.9.14.1"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==1.0.5.2,==1.0.5.3"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==1.0.13.1"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef}],"main_module" => "RDF::Redland::World","versions" => [{"date" => "2003-09-04T14:24:10","version" => "v0.9.13"},{"date" => "2003-09-07T19:13:18","version" => "v0.9.13.2"},{"date" => "2003-09-08T18:13:06","version" => "v0.9.14.1"},{"date" => "2006-11-28T06:09:59","version" => "v1.0.5.2"},{"date" => "2006-11-29T06:05:03","version" => "v1.0.5.3"},{"date" => "2006-11-30T19:01:24","version" => "v1.0.5.4"},{"date" => "2011-03-29T11:33:50","version" => "v1.0.13.1"}]},"Resource-Pack-jQuery" => {"advisories" => [{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Resource::Pack::jQuery","versions" => [{"date" => "2010-04-19T20:02:13","version" => "0.01"}]},"SOAP-Lite" => {"advisories" => [{"affected_versions" => ["<1.15"],"cves" => ["CVE-2015-8978"],"description" => "An example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.\n","distribution" => "SOAP-Lite","fixed_versions" => [">=1.15"],"id" => "CPANSA-SOAP-Lite-2015-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite","https://www.securityfocus.com/bid/94487","https://github.com/redhotpenguin/perl-soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124"],"reported" => "2015-07-21"},{"affected_versions" => ["<0.55"],"cves" => ["CVE-2002-1742"],"description" => "Allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger.\n","distribution" => "SOAP-Lite","fixed_versions" => [">=0.55"],"id" => "CPANSA-SOAP-Lite-2002-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite"],"reported" => "2002-04-08","severity" => "high"},{"affected_versions" => ["<0.38"],"cves" => [],"description" => "Security problem on server side (no more details).\n","distribution" => "SOAP-Lite","fixed_versions" => [">=0.38"],"id" => "CPANSA-SOAP-Lite-2000-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite"],"reported" => "2000-10-05"}],"main_module" => "SOAP::Lite","versions" => [{"date" => "2000-09-25T01:49:14","version" => "0.36"},{"date" => "2000-10-06T01:58:32","version" => "0.38"},{"date" => "2000-10-09T04:27:51","version" => "0.39"},{"date" => "2000-10-16T05:12:09","version" => "0.40"},{"date" => "2000-10-31T15:10:52","version" => "0.41"},{"date" => "2000-11-15T15:00:57","version" => "0.42"},{"date" => "2000-11-28T20:43:40","version" => "0.43"},{"date" => "2000-12-13T07:37:47","version" => "0.44"},{"date" => "2001-01-17T17:28:31","version" => "0.45"},{"date" => "2001-02-01T02:23:51","version" => "0.46"},{"date" => "2001-02-22T07:28:20","version" => "0.47"},{"date" => "2001-04-18T19:09:15","version" => "0.50"},{"date" => "2001-07-18T22:39:30","version" => "0.51"},{"date" => "2001-11-21T19:35:24","version" => "0.52"},{"date" => "2002-04-16T05:20:54","version" => "0.55"},{"date" => "2003-10-28T19:27:00","version" => "0.60"},{"date" => "2004-02-26T16:36:26","version" => "0.60"},{"date" => "2005-02-22T01:57:43","version" => "0.65_3"},{"date" => "2005-04-03T09:20:17","version" => "0.65_4"},{"date" => "2005-05-06T17:24:23","version" => "0.65_5"},{"date" => "2005-06-03T19:23:20","version" => "0.65_6"},{"date" => "2005-12-25T08:42:50","version" => "0.66"},{"date" => "2006-01-04T23:14:27","version" => "0.66.1"},{"date" => "2006-01-27T21:43:49","version" => "0.67"},{"date" => "2006-07-06T18:18:56","version" => "0.68"},{"date" => "2006-08-16T14:53:50","version" => "0.69"},{"date" => "2007-10-18T20:54:02","version" => "0.70_01"},{"date" => "2007-11-08T21:30:41","version" => "0.70_02"},{"date" => "2007-11-18T19:00:11","version" => "0.70_03"},{"date" => "2008-01-02T17:06:17","version" => "0.70_04"},{"date" => "2008-02-13T12:28:07","version" => "0.70_05"},{"date" => "2008-02-16T10:37:04","version" => "0.70_06"},{"date" => "2008-02-25T21:44:41","version" => "0.70_07"},{"date" => "2008-02-25T21:50:22","version" => "0.70_08"},{"date" => "2008-02-28T21:58:13","version" => "0.71"},{"date" => "2008-03-29T14:13:41","version" => "0.71.01"},{"date" => "2008-04-14T17:25:25","version" => "0.71.02"},{"date" => "2008-04-17T20:40:23","version" => "v0.71.03"},{"date" => "2008-04-22T06:03:55","version" => "0.71.04"},{"date" => "2008-05-05T21:50:36","version" => "0.710.05"},{"date" => "2008-06-05T18:47:08","version" => "0.710.06"},{"date" => "2008-06-13T20:27:05","version" => "0.710.07"},{"date" => "2008-07-13T20:41:11","version" => "0.710.08"},{"date" => "2009-09-29T21:20:02","version" => "0.710.09"},{"date" => "2009-09-30T18:40:30","version" => "0.710.10"},{"date" => "2010-03-18T20:24:42","version" => "0.711"},{"date" => "2010-06-03T15:41:39","version" => "0.712"},{"date" => "2011-08-16T17:53:28","version" => "0.713"},{"date" => "2011-08-18T19:51:02","version" => "0.714"},{"date" => "2012-07-15T09:37:20","version" => "0.715"},{"date" => "2013-05-11T06:44:04","version" => "0.716"},{"date" => "2013-07-17T06:17:00","version" => "1.0"},{"date" => "2013-07-29T08:26:07","version" => "1.01"},{"date" => "2013-07-30T02:20:34","version" => "1.02"},{"date" => "2013-08-04T17:49:18","version" => "1.03"},{"date" => "2013-08-10T03:46:49","version" => "1.04"},{"date" => "2013-08-19T05:31:17","version" => "1.05"},{"date" => "2013-08-22T04:20:29","version" => "1.06"},{"date" => "2013-11-08T03:09:10","version" => "1.07"},{"date" => "2013-11-08T17:41:10","version" => "1.08"},{"date" => "2014-01-14T21:41:07","version" => "1.09"},{"date" => "2014-01-23T18:53:42","version" => "1.10"},{"date" => "2014-02-22T05:18:14","version" => "1.11"},{"date" => "2014-11-27T07:08:11","version" => "1.12"},{"date" => "2014-12-30T15:58:06","version" => "1.13"},{"date" => "2015-03-25T05:04:34","version" => "1.14"},{"date" => "2015-07-21T18:12:21","version" => "1.15"},{"date" => "2015-07-23T07:34:59","version" => "1.16"},{"date" => "2015-07-31T05:59:50","version" => "1.17"},{"date" => "2015-08-26T04:31:24","version" => "1.18"},{"date" => "2015-08-26T15:38:01","version" => "1.19"},{"date" => "2016-06-09T21:34:36","version" => "1.20"},{"date" => "2017-08-16T05:18:24","version" => "1.22"},{"date" => "2017-12-19T02:30:48","version" => "1.23"},{"date" => "2017-12-19T18:36:52","version" => "1.24"},{"date" => "2017-12-29T18:39:43","version" => "1.25"},{"date" => "2017-12-30T22:19:12","version" => "1.26"},{"date" => "2018-05-14T20:36:08","version" => "1.27"}]},"SVG-Sparkline" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "Invalid data input validation makes it possible to pass arbitrary strings to module loading eval.\n","distribution" => "SVG-Sparkline","fixed_versions" => [">=1.12"],"id" => "CPANSA-SVG-Sparkline-2017-01","references" => ["https://metacpan.org/changes/distribution/SVG-Sparkline","https://github.com/gwadej/svg-sparkline/commit/ca83d6eb56aa86f3ca735866ffa9aa97acc2e708"],"reported" => "2017-05-15"}],"main_module" => "SVG::Sparkline","versions" => [{"date" => "2009-04-02T02:42:59","version" => "0.1.0"},{"date" => "2009-04-03T01:30:19","version" => "0.1.1"},{"date" => "2009-04-05T21:43:08","version" => "0.2.0"},{"date" => "2009-04-18T04:46:33","version" => "0.2.5"},{"date" => "2009-04-21T00:31:44","version" => "0.2.6"},{"date" => "2009-04-27T03:42:24","version" => "0.2.7"},{"date" => "2009-05-06T23:20:05","version" => "0.3"},{"date" => "2009-05-07T22:11:10","version" => "0.31"},{"date" => "2009-10-19T04:12:52","version" => "0.32"},{"date" => "2009-10-21T00:27:30","version" => "0.33"},{"date" => "2010-05-01T04:50:06","version" => "0.34"},{"date" => "2010-10-30T22:01:18","version" => "0.35"},{"date" => "2012-09-04T00:09:32","version" => "0.36"},{"date" => "2013-10-24T14:01:00","version" => 1},{"date" => "2014-09-04T02:01:54","version" => "1.1"},{"date" => "2015-03-03T19:38:44","version" => "1.11"},{"date" => "2017-05-15T01:32:51","version" => "1.12"}]},"SVN-Look" => {"advisories" => [{"affected_versions" => ["<0.40"],"cves" => [],"description" => "Two-arg open with a possibility of running arbitrary commands.\n","distribution" => "SVN-Look","fixed_versions" => [">=0.40"],"id" => "CPANSA-SVN-Look-2014-01","references" => ["https://metacpan.org/changes/distribution/SVN-Look","https://github.com/gnustavo/SVN-Look/commit/b413ac1c397dfc6b2d164fede693f7ff9a94c83c","https://bugs.launchpad.net/ubuntu/+source/libsvn-look-perl/+bug/1323300"],"reported" => "2014-05-31"}],"main_module" => "SVN::Look","versions" => [{"date" => "2008-09-26T03:22:44","version" => "0.08.360"},{"date" => "2008-09-27T22:10:54","version" => "0.09.366"},{"date" => "2008-09-28T03:07:02","version" => "0.10.369"},{"date" => "2008-10-05T03:16:35","version" => "0.11.388"},{"date" => "2008-10-10T02:25:16","version" => "0.12.409"},{"date" => "2008-10-24T00:51:56","version" => "0.12.442"},{"date" => "2008-11-03T10:43:38","version" => "0.12.455"},{"date" => "2008-11-06T03:11:52","version" => "0.13.463"},{"date" => "2009-02-28T02:50:53","version" => "0.14.5"},{"date" => "2009-03-01T12:17:06","version" => "0.14.7"},{"date" => "2009-03-06T01:52:43","version" => "0.14.9"},{"date" => "2009-03-08T02:25:41","version" => "0.14.10"},{"date" => "2009-03-20T01:24:06","version" => "0.14.12"},{"date" => "2009-10-25T01:23:51","version" => "0.15"},{"date" => "2010-02-16T20:16:51","version" => "0.16"},{"date" => "2010-02-24T23:20:51","version" => "0.17"},{"date" => "2010-04-28T11:38:27","version" => "0.18"},{"date" => "2010-12-12T10:35:04","version" => "0.19"},{"date" => "2010-12-12T19:59:46","version" => "0.20"},{"date" => "2011-07-20T20:11:31","version" => "0.21"},{"date" => "2011-07-22T22:31:55","version" => "0.22"},{"date" => "2011-07-27T20:22:58","version" => "0.23"},{"date" => "2011-07-30T21:52:08","version" => "0.24"},{"date" => "2011-08-21T23:31:44","version" => "0.25"},{"date" => "2011-08-27T20:12:39","version" => "0.26"},{"date" => "2011-09-18T02:42:31","version" => "0.27"},{"date" => "2011-10-10T23:18:59","version" => "0.28"},{"date" => "2011-10-13T01:06:12","version" => "0.29"},{"date" => "2011-11-02T21:00:23","version" => "0.30"},{"date" => "2012-02-26T00:04:15","version" => "0.31"},{"date" => "2012-02-26T21:55:01","version" => "0.32"},{"date" => "2012-02-27T23:49:07","version" => "0.33"},{"date" => "2012-03-05T14:37:05","version" => "0.34"},{"date" => "2012-04-22T00:14:50","version" => "0.35"},{"date" => "2012-06-18T17:07:07","version" => "0.36"},{"date" => "2012-06-18T17:34:58","version" => "0.37"},{"date" => "2012-06-19T17:00:40","version" => "0.38"},{"date" => "2013-10-20T23:32:26","version" => "0.39"},{"date" => "2014-06-12T18:05:32","version" => "0.40"},{"date" => "2014-06-14T02:51:53","version" => "0.41"},{"date" => "2020-10-09T01:36:59","version" => "0.42"},{"date" => "2022-05-21T14:32:05","version" => "0.43"}]},"Safe" => {"advisories" => [{"affected_versions" => ["<=2.26"],"cves" => ["CVE-2010-1447"],"description" => "The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.\n","distribution" => "Safe","fixed_versions" => [">=2.27"],"id" => "CPANSA-Safe-2010-1447","references" => ["https://bugs.launchpad.net/bugs/cve/2010-1447","http://www.vupen.com/english/advisories/2010/1167","http://secunia.com/advisories/39845","http://www.postgresql.org/about/news.1203","http://security-tracker.debian.org/tracker/CVE-2010-1447","https://bugzilla.redhat.com/show_bug.cgi?id=588269","http://www.securitytracker.com/id?1023988","http://osvdb.org/64756","http://www.securityfocus.com/bid/40305","http://secunia.com/advisories/40052","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://www.openwall.com/lists/oss-security/2010/05/20/5","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://www.redhat.com/support/errata/RHSA-2010-0457.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:115","http://secunia.com/advisories/40049","http://www.debian.org/security/2011/dsa-2267","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530"],"reported" => "2010-05-19","severity" => undef},{"affected_versions" => ["<2.25"],"cves" => ["CVE-2010-1168"],"description" => "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\"\n","distribution" => "Safe","fixed_versions" => [],"id" => "CPANSA-Safe-2010-1168","references" => ["http://www.openwall.com/lists/oss-security/2010/05/20/5","http://www.redhat.com/support/errata/RHSA-2010-0457.html","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://secunia.com/advisories/40049","http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes","http://www.mandriva.com/security/advisories?name=MDVSA-2010:115","http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","https://bugzilla.redhat.com/show_bug.cgi?id=576508","http://secunia.com/advisories/40052","http://securitytracker.com/id?1024062","http://secunia.com/advisories/42402","http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in","http://www.vupen.com/english/advisories/2010/3075","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"],"reported" => "2010-06-21","severity" => undef},{"affected_versions" => ["<=2.07"],"cves" => ["CVE-2002-1323"],"description" => "Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined \@_ variable, which is not reset between successive calls.\n","distribution" => "Safe","fixed_versions" => [">=2.08"],"id" => "CPANSA-Safe-2002-1323","references" => ["http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5","http://www.securityfocus.com/bid/6111","http://www.debian.org/security/2002/dsa-208","http://www.iss.net/security_center/static/10574.php","http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744","http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html","http://www.redhat.com/support/errata/RHSA-2003-256.html","http://www.redhat.com/support/errata/RHSA-2003-257.html","ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A","ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt","ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt","http://www.osvdb.org/2183","http://www.osvdb.org/3814","http://marc.info/?l=bugtraq&m=104040175522502&w=2","http://marc.info/?l=bugtraq&m=104033126305252&w=2","http://marc.info/?l=bugtraq&m=104005919814869&w=2","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1160"],"reported" => "2002-12-11","severity" => undef}],"main_module" => "Safe","versions" => [{"date" => "1995-08-24T12:36:38","version" => 0},{"date" => "1995-09-01T21:17:14","version" => 0},{"date" => "1996-02-10T20:04:44","version" => "2.01"},{"date" => "2002-10-05T18:38:39","version" => "2.08"},{"date" => "2002-10-06T12:17:23","version" => "2.09"},{"date" => "2004-07-02T13:08:36","version" => "2.11"},{"date" => "2008-01-28T17:33:00","version" => "2.13"},{"date" => "2008-01-30T16:30:34","version" => "2.14"},{"date" => "2008-02-06T12:34:21","version" => "2.15"},{"date" => "2008-03-13T10:54:21","version" => "2.16"},{"date" => "2009-06-28T14:20:14","version" => "2.17"},{"date" => "2009-08-25T07:44:28","version" => "2.19"},{"date" => "2009-11-30T23:33:41","version" => "2.20"},{"date" => "2010-01-14T21:51:28","version" => "2.21"},{"date" => "2010-02-11T21:59:56","version" => "2.22"},{"date" => "2010-02-22T22:45:10","version" => "2.23"},{"date" => "2010-03-06T21:42:25","version" => "2.24"},{"date" => "2010-03-07T21:51:36","version" => "2.25"},{"date" => "2010-03-09T10:56:56","version" => "2.26"},{"date" => "2010-04-29T20:37:15","version" => "2.27"},{"date" => "2010-09-13T13:50:58","version" => "2.28"},{"date" => "2010-10-31T13:20:32","version" => "2.29"},{"date" => "2011-12-07T08:22:34","version" => "2.30"},{"date" => "2012-03-31T15:27:57","version" => "2.32"},{"date" => "2012-04-03T10:12:30","version" => "2.33"},{"date" => "2013-02-21T07:31:30","version" => "2.35"},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "1.00"},{"date" => "1996-10-10T00:00:00","dual_lived" => 1,"perl_release" => "5.00307","version" => "2.06"},{"date" => "2003-11-15T00:00:00","dual_lived" => 1,"perl_release" => "5.006002","version" => "2.10"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.07"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "2.12"},{"date" => "2009-08-22T00:00:00","dual_lived" => 1,"perl_release" => "5.010001","version" => "2.18"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "2.31"},{"date" => "2012-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.016000","version" => "2.31_01"},{"date" => "2012-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017001","version" => "2.33_01"},{"date" => "2013-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017008","version" => "2.34"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.36"},{"date" => "2013-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.019002","version" => "2.37"},{"date" => "2014-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021003","version" => "2.38"},{"date" => "2015-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021008","version" => "2.39"},{"date" => "2017-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025012","version" => "2.40"},{"date" => "2019-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031005","version" => "2.41"},{"date" => "2021-01-23T00:00:00","dual_lived" => 1,"perl_release" => "5.032001","version" => "2.41_01"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "2.42"},{"date" => "2020-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033002","version" => "2.43"},{"date" => "2022-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037004","version" => "2.44"},{"date" => "2023-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039002","version" => "2.45"},{"date" => "2024-02-23T00:00:00","dual_lived" => 1,"perl_release" => "5.039008","version" => "2.46"},{"date" => "2024-08-29T00:00:00","dual_lived" => 1,"perl_release" => "5.041003","version" => "2.47"}]},"Search-OpenSearch-Server" => {"advisories" => [{"affected_versions" => ["<0.17"],"cves" => [],"description" => "Arbitrary Perl methods could be called via HTTP like RPC.\n","distribution" => "Search-OpenSearch-Server","fixed_versions" => [">=0.17"],"id" => "CPANSA-Search-OpenSearch-Server-2012-01","references" => ["https://metacpan.org/changes/distribution/Search-OpenSearch-Server","https://github.com/karpet/search-opensearch-server/commit/69d53fde9d70fe12e1f592de482601c43c45a278"],"reported" => "2012-08-31"}],"main_module" => "Search::OpenSearch::Server","versions" => [{"date" => "2010-05-28T03:07:46","version" => "0.01"},{"date" => "2010-05-29T01:11:09","version" => "0.02"},{"date" => "2010-06-23T01:22:53","version" => "0.03"},{"date" => "2010-06-26T21:08:31","version" => "0.04"},{"date" => "2011-01-08T04:05:22","version" => "0.05"},{"date" => "2011-09-26T18:12:08","version" => "0.06"},{"date" => "2011-09-26T18:16:12","version" => "0.07"},{"date" => "2011-09-30T03:15:51","version" => "0.08"},{"date" => "2011-10-23T01:42:30","version" => "0.09"},{"date" => "2012-05-01T02:22:52","version" => "0.10"},{"date" => "2012-07-15T03:32:57","version" => "0.11"},{"date" => "2012-07-27T02:42:45","version" => "0.12"},{"date" => "2012-08-07T01:48:25","version" => "0.13"},{"date" => "2012-08-10T03:10:13","version" => "0.14"},{"date" => "2012-08-21T02:34:37","version" => "0.15"},{"date" => "2012-08-21T17:47:00","version" => "0.16"},{"date" => "2012-09-04T01:54:00","version" => "0.17"},{"date" => "2012-09-12T03:42:03","version" => "0.18"},{"date" => "2012-09-13T14:06:58","version" => "0.19"},{"date" => "2012-09-20T02:21:37","version" => "0.20"},{"date" => "2012-10-15T04:32:38","version" => "0.21"},{"date" => "2012-11-08T03:20:16","version" => "0.22"},{"date" => "2012-11-21T19:01:22","version" => "0.23"},{"date" => "2012-11-26T19:37:12","version" => "0.24"},{"date" => "2012-12-18T19:11:36","version" => "0.25"},{"date" => "2013-01-04T19:08:19","version" => "0.26"},{"date" => "2013-06-14T02:28:09","version" => "0.27"},{"date" => "2014-03-02T22:22:17","version" => "0.28"},{"date" => "2014-04-23T18:20:52","version" => "0.299_01"},{"date" => "2014-04-24T02:56:24","version" => "0.299_02"},{"date" => "2014-06-05T07:29:19","version" => "0.299_03"},{"date" => "2014-06-08T04:57:40","version" => "0.300"},{"date" => "2015-08-14T20:04:12","version" => "0.301"}]},"Sereal-Decoder" => {"advisories" => [{"affected_versions" => [">=4.009_002,<5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2019-11922"],"description" => "A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2019-11922-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2019-11922","https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html","https://usn.ubuntu.com/4108-1/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00078.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2019-07-25","severity" => undef},{"affected_versions" => [">=4.009_002,<4.012"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.012,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002_001"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.012"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.012,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002_001"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"}],"main_module" => "Sereal::Decoder","versions" => [{"date" => "2012-09-10T09:44:39","version" => "0.06"},{"date" => "2012-09-11T11:16:49","version" => "0.07"},{"date" => "2012-09-13T15:19:16","version" => "0.08"},{"date" => "2012-09-14T08:13:35","version" => "0.09"},{"date" => "2012-09-17T11:45:59","version" => "0.10"},{"date" => "2012-09-18T11:24:00","version" => "0.11"},{"date" => "2012-10-02T12:58:59","version" => "0.13"},{"date" => "2012-10-17T15:20:23","version" => "0.15"},{"date" => "2012-11-23T06:50:18","version" => "0.19"},{"date" => "2013-01-02T09:01:45","version" => "0.21"},{"date" => "2013-01-08T06:40:29","version" => "0.23"},{"date" => "2013-01-10T07:54:57","version" => "0.24"},{"date" => "2013-01-22T17:04:30","version" => "0.25"},{"date" => "2013-02-09T12:09:15","version" => "0.27"},{"date" => "2013-02-09T15:37:44","version" => "0.28"},{"date" => "2013-02-09T17:24:46","version" => "0.29"},{"date" => "2013-02-13T05:46:48","version" => "0.30"},{"date" => "2013-02-17T14:28:38","version" => "0.31"},{"date" => "2013-03-23T14:41:14","version" => "0.32"},{"date" => "2013-03-23T16:48:31","version" => "0.33"},{"date" => "2013-03-23T18:00:17","version" => "0.34"},{"date" => "2013-04-01T09:59:34","version" => "0.35"},{"date" => "2013-05-07T11:13:38","version" => "0.36"},{"date" => "2013-09-02T05:49:42","version" => "0.37"},{"date" => "2013-10-01T05:50:10","version" => "2.00_01"},{"date" => "2013-10-28T18:31:59","version" => "2.00_02"},{"date" => "2013-12-29T09:43:11","version" => "2.00_03"},{"date" => "2013-12-31T08:30:39","version" => "2.01"},{"date" => "2014-01-06T14:02:01","version" => "2.02"},{"date" => "2014-01-07T19:08:14","version" => "2.03"},{"date" => "2014-03-05T17:32:45","version" => "2.04"},{"date" => "2014-03-09T10:48:14","version" => "2.06"},{"date" => "2014-03-26T17:11:19","version" => "2.07_01"},{"date" => "2014-04-06T15:50:32","version" => "2.070_101"},{"date" => "2014-04-06T16:56:29","version" => "2.070_102"},{"date" => "2014-04-08T22:36:48","version" => "2.070_103"},{"date" => "2014-04-10T20:44:01","version" => "2.08"},{"date" => "2014-04-13T19:24:30","version" => "2.09"},{"date" => "2014-04-13T19:33:58","version" => "2.10"},{"date" => "2014-04-13T21:13:15","version" => "2.11"},{"date" => "2014-05-11T21:48:57","version" => "2.12"},{"date" => "2014-05-29T10:52:41","version" => "3.000_001"},{"date" => "2014-06-01T21:49:26","version" => "3.000_002"},{"date" => "2014-06-01T22:17:01","version" => "3.000_003"},{"date" => "2014-06-03T20:11:57","version" => "3.000_004"},{"date" => "2014-06-04T20:54:19","version" => "3.001"},{"date" => "2014-06-12T19:19:47","version" => "3.001_001"},{"date" => "2014-06-27T14:55:30","version" => "3.001_002"},{"date" => "2014-07-15T11:53:29","version" => "3.001_003"},{"date" => "2014-07-27T17:59:04","version" => "3.001_004"},{"date" => "2014-07-28T10:29:01","version" => "3.001_005"},{"date" => "2014-08-03T20:41:48","version" => "3.001_006"},{"date" => "2014-08-04T19:15:53","version" => "3.001_007"},{"date" => "2014-08-05T16:35:50","version" => "3.001_008"},{"date" => "2014-08-05T20:00:37","version" => "3.001_009"},{"date" => "2014-08-12T18:10:42","version" => "3.001_010"},{"date" => "2014-08-12T18:36:29","version" => "3.001_011"},{"date" => "2014-08-15T12:08:35","version" => "3.001_012"},{"date" => "2014-08-20T09:23:57","version" => "3.002"},{"date" => "2014-09-26T11:40:22","version" => "3.002_001"},{"date" => "2014-10-18T12:06:18","version" => "3.002_002"},{"date" => "2014-10-19T22:06:20","version" => "3.003"},{"date" => "2014-11-23T15:58:21","version" => "3.003_001"},{"date" => "2014-12-21T17:53:23","version" => "3.003_002"},{"date" => "2014-12-26T04:50:12","version" => "3.003_003"},{"date" => "2014-12-26T15:06:03","version" => "3.003_004"},{"date" => "2014-12-27T15:20:21","version" => "3.004"},{"date" => "2015-01-05T14:37:58","version" => "3.005"},{"date" => "2015-01-27T21:39:30","version" => "3.005_001"},{"date" => "2015-11-09T09:32:04","version" => "3.005_002"},{"date" => "2015-11-12T13:57:53","version" => "3.005_003"},{"date" => "2015-11-13T14:55:50","version" => "3.005_004"},{"date" => "2015-11-13T19:57:24","version" => "3.005_005"},{"date" => "2015-11-14T10:41:41","version" => "3.006"},{"date" => "2015-11-16T10:11:19","version" => "3.006_001"},{"date" => "2015-11-16T11:39:40","version" => "3.006_002"},{"date" => "2015-11-18T16:25:19","version" => "3.006_003"},{"date" => "2015-11-18T18:49:44","version" => "3.006_004"},{"date" => "2015-11-20T08:33:23","version" => "3.006_005"},{"date" => "2015-11-21T15:42:08","version" => "3.006_006"},{"date" => "2015-11-25T13:37:19","version" => "3.006_007"},{"date" => "2015-11-26T21:00:53","version" => "3.007"},{"date" => "2015-11-27T20:48:32","version" => "3.008"},{"date" => "2015-11-30T11:07:39","version" => "3.009"},{"date" => "2015-12-06T22:53:40","version" => "3.011"},{"date" => "2015-12-06T23:48:32","version" => "3.012"},{"date" => "2015-12-07T00:07:29","version" => "3.014"},{"date" => "2016-08-30T09:45:18","version" => "3.014_002"},{"date" => "2016-09-01T18:23:21","version" => "3.015"},{"date" => "2017-02-06T10:52:56","version" => "4.001_001"},{"date" => "2017-04-22T11:08:36","version" => "4.001_002"},{"date" => "2017-04-23T09:56:11","version" => "4.001_003"},{"date" => "2017-11-11T09:33:51","version" => "4.002"},{"date" => "2017-11-12T16:10:52","version" => "4.003"},{"date" => "2017-11-12T19:09:55","version" => "4.004"},{"date" => "2018-01-23T20:57:49","version" => "4.005"},{"date" => "2019-04-08T20:03:23","version" => "4.006"},{"date" => "2019-04-09T17:26:43","version" => "4.007"},{"date" => "2020-01-29T17:33:56","version" => "4.007_001"},{"date" => "2020-01-30T06:22:37","version" => "4.008"},{"date" => "2020-01-31T15:51:57","version" => "4.009"},{"date" => "2020-02-02T03:23:18","version" => "4.009_001"},{"date" => "2020-02-02T09:19:30","version" => "4.009_002"},{"date" => "2020-02-02T17:40:26","version" => "4.009_003"},{"date" => "2020-02-04T02:57:02","version" => "4.010"},{"date" => "2020-02-04T05:06:24","version" => "4.011"},{"date" => "2020-06-10T21:07:04","version" => "4.012"},{"date" => "2020-06-11T16:51:45","version" => "4.014"},{"date" => "2020-07-08T07:09:15","version" => "4.015"},{"date" => "2020-07-09T14:12:25","version" => "4.016"},{"date" => "2020-07-09T18:30:34","version" => "4.017"},{"date" => "2020-07-29T09:01:02","version" => "4.017_001"},{"date" => "2020-08-03T10:39:28","version" => "4.018"},{"date" => "2022-02-07T11:58:57","version" => "4.019"},{"date" => "2022-02-17T11:27:44","version" => "4.020"},{"date" => "2022-02-18T04:47:33","version" => "4.021"},{"date" => "2022-02-19T11:23:46","version" => "4.022"},{"date" => "2022-02-20T04:16:56","version" => "4.023"},{"date" => "2022-07-28T11:26:37","version" => "4.024"},{"date" => "2022-07-28T12:22:47","version" => "4.025"},{"date" => "2022-09-01T13:13:13","version" => "5.000_001"},{"date" => "2022-09-02T18:56:25","version" => "5.000_002"},{"date" => "2022-09-03T13:56:39","version" => "5.001"},{"date" => "2023-01-31T14:34:21","version" => "5.001_001"},{"date" => "2023-02-01T08:09:30","version" => "5.001_002"},{"date" => "2023-02-01T10:53:49","version" => "5.001_003"},{"date" => "2023-02-01T11:38:26","version" => "5.002"},{"date" => "2023-02-06T16:44:17","version" => "5.002_001"},{"date" => "2023-02-07T10:26:08","version" => "5.002_002"},{"date" => "2023-02-08T02:39:42","version" => "5.003"},{"date" => "2023-04-19T13:20:25","version" => "5.004"}]},"Sereal-Encoder" => {"advisories" => [{"affected_versions" => [">=4.009_002,<5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2019-11922"],"description" => "A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2019-11922-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2019-11922","https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html","https://usn.ubuntu.com/4108-1/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00078.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2019-07-25","severity" => undef},{"affected_versions" => [">=4.009_002,<4.014"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.014,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.014"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.014,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"}],"main_module" => "Sereal::Encoder","versions" => [{"date" => "2012-09-10T09:43:11","version" => "0.06"},{"date" => "2012-09-11T11:17:07","version" => "0.07"},{"date" => "2012-09-13T15:19:40","version" => "0.08"},{"date" => "2012-09-14T08:13:49","version" => "0.09"},{"date" => "2012-09-17T11:44:12","version" => "0.10"},{"date" => "2012-09-18T11:24:11","version" => "0.11"},{"date" => "2012-09-19T06:01:22","version" => "0.12"},{"date" => "2012-10-10T09:14:22","version" => "0.14"},{"date" => "2012-10-17T15:20:00","version" => "0.15"},{"date" => "2012-10-25T09:33:51","version" => "0.16"},{"date" => "2012-10-29T10:58:18","version" => "0.17"},{"date" => "2012-11-14T06:42:06","version" => "0.18"},{"date" => "2012-11-23T14:37:56","version" => "0.20"},{"date" => "2013-01-08T06:40:40","version" => "0.23"},{"date" => "2013-01-22T17:03:02","version" => "0.25"},{"date" => "2013-02-03T11:46:46","version" => "0.26"},{"date" => "2013-02-09T12:09:26","version" => "0.27"},{"date" => "2013-02-09T15:37:48","version" => "0.28"},{"date" => "2013-02-09T17:24:34","version" => "0.29"},{"date" => "2013-02-13T05:46:59","version" => "0.30"},{"date" => "2013-02-17T14:30:05","version" => "0.31"},{"date" => "2013-03-23T14:39:47","version" => "0.32"},{"date" => "2013-03-23T16:47:04","version" => "0.33"},{"date" => "2013-03-23T18:00:05","version" => "0.34"},{"date" => "2013-04-01T09:59:22","version" => "0.35"},{"date" => "2013-05-07T11:13:49","version" => "0.36"},{"date" => "2013-09-02T05:49:19","version" => "0.37"},{"date" => "2013-10-01T05:51:37","version" => "2.00_01"},{"date" => "2013-10-28T18:38:35","version" => "2.00_02"},{"date" => "2013-12-29T09:44:38","version" => "2.00_03"},{"date" => "2013-12-31T08:30:50","version" => "2.01"},{"date" => "2014-01-06T14:01:57","version" => "2.02"},{"date" => "2014-01-07T19:08:26","version" => "2.03"},{"date" => "2014-03-05T17:32:56","version" => "2.04"},{"date" => "2014-03-09T10:48:25","version" => "2.06"},{"date" => "2014-03-26T17:11:30","version" => "2.07_01"},{"date" => "2014-04-06T15:50:20","version" => "2.070_101"},{"date" => "2014-04-06T16:56:18","version" => "2.070_102"},{"date" => "2014-04-08T22:36:36","version" => "2.070_103"},{"date" => "2014-04-10T20:43:50","version" => "2.08"},{"date" => "2014-04-13T19:24:19","version" => "2.09"},{"date" => "2014-04-13T19:33:47","version" => "2.10"},{"date" => "2014-04-13T21:13:04","version" => "2.11"},{"date" => "2014-05-11T21:49:09","version" => "2.12"},{"date" => "2014-05-29T10:52:53","version" => "3.000_001"},{"date" => "2014-06-01T21:49:38","version" => "3.000_002"},{"date" => "2014-06-01T22:17:13","version" => "3.000_003"},{"date" => "2014-06-03T20:12:08","version" => "3.000_004"},{"date" => "2014-06-04T20:54:31","version" => "3.001"},{"date" => "2014-06-12T19:19:59","version" => "3.001_001"},{"date" => "2014-06-27T14:55:41","version" => "3.001_002"},{"date" => "2014-07-15T11:53:41","version" => "3.001_003"},{"date" => "2014-07-27T17:59:16","version" => "3.001_004"},{"date" => "2014-07-28T10:29:12","version" => "3.001_005"},{"date" => "2014-08-03T20:42:00","version" => "3.001_006"},{"date" => "2014-08-04T19:16:04","version" => "3.001_007"},{"date" => "2014-08-05T16:35:53","version" => "3.001_008"},{"date" => "2014-08-05T19:58:59","version" => "3.001_009"},{"date" => "2014-08-12T18:10:53","version" => "3.001_010"},{"date" => "2014-08-12T18:36:41","version" => "3.001_011"},{"date" => "2014-08-15T12:08:46","version" => "3.001_012"},{"date" => "2014-08-20T09:24:08","version" => "3.002"},{"date" => "2014-09-26T11:40:33","version" => "3.002_001"},{"date" => "2014-10-18T12:06:29","version" => "3.002_002"},{"date" => "2014-10-19T22:06:31","version" => "3.003"},{"date" => "2014-11-23T15:58:32","version" => "3.003_001"},{"date" => "2014-12-21T17:53:35","version" => "3.003_002"},{"date" => "2014-12-26T04:50:23","version" => "3.003_003"},{"date" => "2014-12-26T15:06:15","version" => "3.003_004"},{"date" => "2014-12-27T15:20:32","version" => "3.004"},{"date" => "2015-01-05T14:38:10","version" => "3.005"},{"date" => "2015-01-27T21:37:51","version" => "3.005_001"},{"date" => "2015-11-09T09:32:15","version" => "3.005_002"},{"date" => "2015-11-12T13:58:04","version" => "3.005_003"},{"date" => "2015-11-13T14:56:01","version" => "3.005_004"},{"date" => "2015-11-13T19:57:36","version" => "3.005_005"},{"date" => "2015-11-14T10:41:52","version" => "3.006"},{"date" => "2015-11-16T10:11:31","version" => "3.006_001"},{"date" => "2015-11-16T11:39:51","version" => "3.006_002"},{"date" => "2015-11-18T16:25:31","version" => "3.006_003"},{"date" => "2015-11-18T18:49:56","version" => "3.006_004"},{"date" => "2015-11-20T08:33:34","version" => "3.006_005"},{"date" => "2015-11-21T15:42:19","version" => "3.006_006"},{"date" => "2015-11-25T13:35:40","version" => "3.006_007"},{"date" => "2015-11-26T21:01:05","version" => "3.007"},{"date" => "2015-11-27T20:48:43","version" => "3.008"},{"date" => "2015-11-30T11:07:50","version" => "3.009"},{"date" => "2015-12-06T22:53:53","version" => "3.011"},{"date" => "2015-12-06T23:48:43","version" => "3.012"},{"date" => "2015-12-07T00:07:40","version" => "3.014"},{"date" => "2016-08-30T09:43:28","version" => "3.014_002"},{"date" => "2016-09-01T18:23:33","version" => "3.015"},{"date" => "2017-02-06T10:51:16","version" => "4.001_001"},{"date" => "2017-04-22T11:08:48","version" => "4.001_002"},{"date" => "2017-04-23T09:56:23","version" => "4.001_003"},{"date" => "2017-11-11T09:34:03","version" => "4.002"},{"date" => "2017-11-12T16:11:04","version" => "4.003"},{"date" => "2017-11-12T19:10:06","version" => "4.004"},{"date" => "2018-01-23T20:58:01","version" => "4.005"},{"date" => "2019-04-08T20:03:34","version" => "4.006"},{"date" => "2019-04-09T17:26:54","version" => "4.007"},{"date" => "2020-01-29T17:34:08","version" => "4.007_001"},{"date" => "2020-01-30T06:22:49","version" => "4.008"},{"date" => "2020-01-31T15:52:09","version" => "4.009"},{"date" => "2020-02-02T03:23:30","version" => "4.009_001"},{"date" => "2020-02-02T09:19:41","version" => "4.009_002"},{"date" => "2020-02-02T17:38:48","version" => "4.009_003"},{"date" => "2020-02-04T02:57:13","version" => "4.010"},{"date" => "2020-02-04T05:06:35","version" => "4.011"},{"date" => "2020-06-10T21:07:15","version" => "4.012"},{"date" => "2020-06-11T16:51:56","version" => "4.014"},{"date" => "2020-07-08T07:09:27","version" => "4.015"},{"date" => "2020-07-09T14:12:37","version" => "4.016"},{"date" => "2020-07-09T18:30:45","version" => "4.017"},{"date" => "2020-07-29T09:01:13","version" => "4.017_001"},{"date" => "2020-08-03T10:39:39","version" => "4.018"},{"date" => "2022-02-07T11:59:08","version" => "4.019"},{"date" => "2022-02-17T11:27:55","version" => "4.020"},{"date" => "2022-02-18T04:47:44","version" => "4.021"},{"date" => "2022-02-19T11:23:57","version" => "4.022"},{"date" => "2022-02-20T04:17:07","version" => "4.023"},{"date" => "2022-07-28T11:26:48","version" => "4.024"},{"date" => "2022-07-28T12:21:09","version" => "4.025"},{"date" => "2022-09-01T13:13:25","version" => "5.000_001"},{"date" => "2022-09-02T18:56:37","version" => "5.000_002"},{"date" => "2022-09-03T13:56:50","version" => "5.001"},{"date" => "2023-01-31T14:34:32","version" => "5.001_001"},{"date" => "2023-02-01T08:09:41","version" => "5.001_002"},{"date" => "2023-02-01T10:54:00","version" => "5.001_003"},{"date" => "2023-02-01T11:38:37","version" => "5.002"},{"date" => "2023-02-06T16:44:28","version" => "5.002_001"},{"date" => "2023-02-07T10:26:19","version" => "5.002_002"},{"date" => "2023-02-08T02:39:53","version" => "5.003"},{"date" => "2023-04-19T13:20:36","version" => "5.004"}]},"Sidef" => {"advisories" => [{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Sidef","versions" => [{"date" => "2015-06-19T22:56:13","version" => "0.06"},{"date" => "2015-07-07T22:15:05","version" => "0.07"},{"date" => "2015-07-16T17:29:42","version" => "0.08"},{"date" => "2015-07-23T06:30:35","version" => "0.09"},{"date" => "2015-07-24T05:59:07","version" => "0.0900001"},{"date" => "2015-09-07T00:03:50","version" => "0.0900002"},{"date" => "2015-09-16T22:58:56","version" => "0.10"},{"date" => "2015-10-31T07:15:42","version" => "2.10"},{"date" => "2015-11-24T18:52:00","version" => "2.11"},{"date" => "2015-12-10T23:46:41","version" => "2.12"},{"date" => "2015-12-24T09:03:59","version" => "2.13"},{"date" => "2016-01-02T10:53:48","version" => "2.20"},{"date" => "2016-01-14T13:51:33","version" => "2.21"},{"date" => "2016-02-08T03:21:05","version" => "2.22"},{"date" => "2016-03-06T14:33:37","version" => "2.23"},{"date" => "2016-03-24T16:49:45","version" => "2.24"},{"date" => "2016-05-27T20:32:46","version" => "2.25"},{"date" => "2016-06-01T15:48:21","version" => "2.26"},{"date" => "2016-07-29T13:02:29","version" => "2.30"},{"date" => "2016-08-18T22:40:23","version" => "2.300001"},{"date" => "2016-09-08T22:23:21","version" => "2.31"},{"date" => "2016-10-07T19:01:28","version" => "2.32"},{"date" => "2016-11-13T15:40:06","version" => "2.33"},{"date" => "2016-11-17T17:46:34","version" => "2.330001"},{"date" => "2016-12-24T19:58:48","version" => "2.34"},{"date" => "2017-01-30T20:53:41","version" => "2.35"},{"date" => "2017-03-02T08:58:20","version" => "2.36"},{"date" => "2017-04-04T19:53:33","version" => "2.37"},{"date" => "2017-04-22T19:35:52","version" => "3.00"},{"date" => "2017-05-09T22:49:43","version" => "3.01"},{"date" => "2017-06-05T21:56:28","version" => "3.02"},{"date" => "2017-08-27T20:59:15","version" => "3.03"},{"date" => "2017-10-06T01:08:28","version" => "3.04"},{"date" => "2017-11-03T23:04:20","version" => "3.05"},{"date" => "2017-12-08T13:13:05","version" => "3.10"},{"date" => "2018-02-17T11:31:53","version" => "3.15"},{"date" => "2018-05-05T20:49:50","version" => "3.16"},{"date" => "2018-05-30T21:54:08","version" => "3.17"},{"date" => "2018-07-04T20:15:48","version" => "3.18"},{"date" => "2018-07-31T09:11:13","version" => "3.19"},{"date" => "2018-10-13T22:10:15","version" => "3.50"},{"date" => "2019-01-07T00:48:34","version" => "3.60"},{"date" => "2019-03-24T18:15:23","version" => "3.70"},{"date" => "2019-05-18T23:57:28","version" => "3.80"},{"date" => "2019-08-18T09:18:32","version" => "3.85"},{"date" => "2019-12-25T18:38:15","version" => "3.90"},{"date" => "2020-03-22T22:05:56","version" => "3.95"},{"date" => "2020-07-20T16:23:44","version" => "3.96"},{"date" => "2021-01-17T23:11:25","version" => "3.97"},{"date" => "2021-01-18T22:53:11","version" => "v3.97.1"},{"date" => "2021-03-26T16:00:09","version" => "3.98"},{"date" => "2021-09-02T11:47:37","version" => "3.99"},{"date" => "2022-03-27T09:40:38","version" => "22.03"},{"date" => "2022-05-13T08:16:40","version" => "22.05"},{"date" => "2022-07-16T16:52:14","version" => "22.07"},{"date" => "2022-12-01T21:12:53","version" => "22.12"},{"date" => "2023-03-06T12:08:52","version" => "23.03"},{"date" => "2023-05-11T10:10:43","version" => "23.05"},{"date" => "2023-08-29T10:34:43","version" => "23.08"},{"date" => "2023-10-17T05:11:25","version" => "23.10"},{"date" => "2023-11-07T05:18:27","version" => "23.11"},{"date" => "2024-01-06T17:09:42","version" => "24.01"},{"date" => "2024-05-12T07:43:14","version" => "24.05"},{"date" => "2024-11-28T19:18:13","version" => "24.11"},{"date" => "2025-12-21T00:33:44","version" => "25.12"},{"date" => "2026-01-13T18:42:36","version" => "26.01"}]},"Smolder" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-58041"],"description" => "Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions.  Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Smolder::DB::Developer uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Smolder","fixed_versions" => [],"id" => "CPANSA-Smolder-2024-58041","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L221","https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L5","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2026-02-24","severity" => undef}],"main_module" => "Smolder","versions" => [{"date" => "2009-03-30T07:16:46","version" => "1.30"},{"date" => "2009-03-30T08:54:42","version" => "1.31"},{"date" => "2009-03-30T14:21:48","version" => "1.32"},{"date" => "2009-03-30T21:47:26","version" => "1.33"},{"date" => "2009-04-02T13:59:15","version" => "1.34"},{"date" => "2009-04-04T12:02:59","version" => "1.35"},{"date" => "2009-04-08T21:49:00","version" => "1.36"},{"date" => "2009-04-22T01:45:55","version" => "1.37"},{"date" => "2009-04-24T19:18:08","version" => "1.38"},{"date" => "2009-05-08T16:54:22","version" => "1.39"},{"date" => "2009-06-23T03:41:41","version" => "1.40"},{"date" => "2009-12-14T01:28:30","version" => "1.50"},{"date" => "2009-12-16T00:54:47","version" => "1.51"},{"date" => "2013-07-08T12:13:08","version" => "1.52"}]},"SockJS" => {"advisories" => [{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.10"],"cves" => ["CVE-2020-7693"],"description" => "Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7693-sockjs","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-7693"],"reported" => "2020-07-09","severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-7693"],"description" => "Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7693-sockjs","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-7693"],"reported" => "2020-07-09","severity" => undef}],"main_module" => "SockJS","versions" => [{"date" => "2013-04-06T13:37:32","version" => "0.01"},{"date" => "2018-08-26T06:26:34","version" => "0.03"},{"date" => "2018-08-26T12:25:45","version" => "0.04"},{"date" => "2018-08-26T17:55:40","version" => "0.05"},{"date" => "2018-08-26T18:26:38","version" => "0.06"},{"date" => "2018-09-29T11:17:26","version" => "0.07"},{"date" => "2018-12-02T09:25:55","version" => "0.08"},{"date" => "2018-12-02T11:11:31","version" => "0.09"},{"date" => "2018-12-07T12:02:52","version" => "0.10"}]},"Socket" => {"advisories" => [{"affected_versions" => ["<2.026"],"cves" => [],"description" => "The function croak is variadic which expects as a first parameter printf-style format.  Passing arbitrary and string from the caller as a printf format leads to the security problem CWE-134: Use of Externally-Controlled Format String.\n","distribution" => "Socket","fixed_versions" => [">=2.027"],"id" => "CPANSA-Socket-2017-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=122830"],"reported" => "2017-08-17","severity" => undef}],"main_module" => "Socket","versions" => [{"date" => "1995-11-09T22:44:00","version" => "1.3"},{"date" => "1996-06-09T12:32:00","version" => "1.5"},{"date" => "2011-10-25T22:29:20","version" => "1.94_03"},{"date" => "2011-10-26T17:37:31","version" => "1.94_04"},{"date" => "2011-10-27T17:28:25","version" => "1.94_05"},{"date" => "2011-10-30T01:34:45","version" => "1.94_06"},{"date" => "2011-11-22T15:09:56","version" => "1.94_07"},{"date" => "2011-12-01T14:07:01","version" => "1.95"},{"date" => "2011-12-02T23:40:37","version" => "1.95_001"},{"date" => "2011-12-05T19:33:32","version" => "1.95_002"},{"date" => "2011-12-06T23:28:06","version" => "1.95_003"},{"date" => "2011-12-07T16:24:12","version" => "1.95_004"},{"date" => "2011-12-11T00:25:11","version" => "1.96"},{"date" => "2011-12-16T19:47:41","version" => "1.97"},{"date" => "2012-02-07T15:33:00","version" => "1.97_001"},{"date" => "2012-02-12T11:40:21","version" => "1.97_002"},{"date" => "2012-02-16T00:52:35","version" => "1.98"},{"date" => "2012-02-17T00:24:56","version" => "1.98_001"},{"date" => "2012-02-21T23:39:36","version" => "1.99"},{"date" => "2012-03-10T00:09:16","version" => "2.000"},{"date" => "2012-03-27T13:59:43","version" => "2.001"},{"date" => "2012-05-18T16:23:54","version" => "2.001_001"},{"date" => "2012-05-22T15:38:46","version" => "2.001_002"},{"date" => "2012-05-31T15:02:53","version" => "2.001_003"},{"date" => "2012-06-06T10:22:21","version" => "2.002"},{"date" => "2012-08-15T13:14:45","version" => "2.003"},{"date" => "2012-08-15T21:22:04","version" => "2.004"},{"date" => "2012-08-16T21:27:21","version" => "2.005"},{"date" => "2012-08-19T21:49:58","version" => "2.006"},{"date" => "2012-12-16T18:27:03","version" => "2.007"},{"date" => "2012-12-27T15:41:41","version" => "2.008"},{"date" => "2013-01-18T16:13:59","version" => "2.009"},{"date" => "2013-06-24T19:25:09","version" => "2.010"},{"date" => "2013-07-28T18:46:32","version" => "2.011"},{"date" => "2013-09-03T12:23:51","version" => "2.012"},{"date" => "2013-10-28T00:53:02","version" => "2.013"},{"date" => "2014-05-31T23:16:34","version" => "2.014"},{"date" => "2014-08-15T22:38:05","version" => "2.015"},{"date" => "2014-10-08T20:58:19","version" => "2.016"},{"date" => "2015-02-10T12:28:48","version" => "2.017"},{"date" => "2015-02-12T13:45:11","version" => "2.018"},{"date" => "2015-04-27T20:25:03","version" => "2.018_001"},{"date" => "2015-04-29T16:08:52","version" => "2.019"},{"date" => "2015-06-24T13:49:15","version" => "2.020"},{"date" => "2015-11-18T17:15:18","version" => "2.021"},{"date" => "2016-04-16T22:49:32","version" => "2.021_01"},{"date" => "2016-06-06T10:07:12","version" => "2.021_02"},{"date" => "2016-08-01T15:05:16","version" => "2.022"},{"date" => "2016-08-02T13:53:11","version" => "2.023"},{"date" => "2016-08-11T12:52:58","version" => "2.024"},{"date" => "2016-08-26T17:50:04","version" => "2.024_01"},{"date" => "2016-08-26T22:33:20","version" => "2.024_02"},{"date" => "2016-10-04T14:06:42","version" => "2.024_03"},{"date" => "2018-01-09T15:15:51","version" => "2.025"},{"date" => "2018-01-11T23:18:50","version" => "2.026"},{"date" => "2018-01-12T17:00:49","version" => "2.027"},{"date" => "2018-09-05T10:32:16","version" => "2.027_04"},{"date" => "2019-02-20T00:03:23","version" => "2.028"},{"date" => "2019-02-20T19:58:07","version" => "2.029"},{"date" => "2019-02-21T19:41:16","version" => "2.029"},{"date" => "2019-04-14T09:28:49","version" => "2.027_05"},{"date" => "2019-06-15T14:08:34","version" => "2.029_05"},{"date" => "2020-07-06T13:57:06","version" => "2.030"},{"date" => "2021-01-05T15:50:53","version" => "2.031"},{"date" => "2021-06-02T23:32:40","version" => "2.032"},{"date" => "2022-04-29T14:34:23","version" => "2.033"},{"date" => "2022-06-27T09:29:08","version" => "2.034"},{"date" => "2022-07-01T14:22:10","version" => "2.035"},{"date" => "2022-08-19T16:40:53","version" => "2.036"},{"date" => "2023-06-06T11:57:25","version" => "2.037"},{"date" => "2024-04-15T20:15:41","version" => "2.038"},{"date" => "2025-06-25T17:07:24","version" => "2.039"},{"date" => "2025-07-16T11:30:51","version" => "2.040"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.6"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "1.7"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006000","version" => "1.72"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.75"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.76"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "1.77"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.78"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "1.81"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "1.79"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.01","version" => "1.80"},{"date" => "2009-08-22T00:00:00","dual_lived" => 1,"perl_release" => "5.010001","version" => "1.82"},{"date" => "2009-10-02T00:00:00","dual_lived" => 1,"perl_release" => "5.011000","version" => "1.84"},{"date" => "2009-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011001","version" => "1.85"},{"date" => "2010-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011005","version" => "1.86"},{"date" => "2010-04-12T00:00:00","dual_lived" => 1,"perl_release" => "5.012000","version" => "1.87"},{"date" => "2011-01-21T00:00:00","dual_lived" => 1,"perl_release" => "5.012003","version" => "1.87_01"},{"date" => "2010-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013001","version" => "1.88"},{"date" => "2010-06-22T00:00:00","dual_lived" => 1,"perl_release" => "5.013002","version" => "1.89"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "1.90"},{"date" => "2010-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013007","version" => "1.91"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "1.92"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "1.93"},{"date" => "2011-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013010","version" => "1.94"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "1.94_01"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "1.94_02"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "2.006_001"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "2.020_01"},{"date" => "2015-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023004","version" => "2.020_02"},{"date" => "2016-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023009","version" => "2.020_03"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "2.020_04"}]},"Spoon" => {"advisories" => [{"affected_versions" => [">0.24"],"cves" => ["CVE-2012-6143"],"description" => "Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "Spoon","fixed_versions" => [],"id" => "CPANSA-Spoon-Cookie-2012-6143","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=85217","http://www.securityfocus.com/bid/59834","http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84197"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "Spoon","versions" => [{"date" => "2004-03-21T10:04:10","version" => "0.10"},{"date" => "2004-03-23T07:50:48","version" => "0.11"},{"date" => "2004-03-30T16:23:32","version" => "0.12"},{"date" => "2004-05-07T16:21:27","version" => "0.13"},{"date" => "2004-06-02T10:15:14","version" => "0.14"},{"date" => "2004-06-21T17:39:05","version" => "0.15"},{"date" => "2004-06-22T17:43:16","version" => "0.16"},{"date" => "2004-07-20T20:01:22","version" => "0.17"},{"date" => "2004-08-12T05:59:51","version" => "0.18"},{"date" => "2004-12-16T00:12:10","version" => "0.19"},{"date" => "2004-12-18T09:04:38","version" => "0.20"},{"date" => "2005-01-11T16:27:02","version" => "0.21"},{"date" => "2005-04-04T14:49:45","version" => "0.22"},{"date" => "2005-04-07T03:44:14","version" => "0.23"},{"date" => "2006-12-09T23:29:37","version" => "0.24"}]},"Spreadsheet-ParseExcel" => {"advisories" => [{"affected_versions" => ["<0.66"],"cves" => ["CVE-2023-7101"],"description" => "Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type \x{201c}eval\x{201d}. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.\n","distribution" => "Spreadsheet-ParseExcel","fixed_versions" => [">=0.66"],"id" => "CPANSA-Spreadsheet-ParseExcel-2023-7101","references" => ["http://www.openwall.com/lists/oss-security/2023/12/29/4","https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171","https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md","https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc","https://https://metacpan.org/dist/Spreadsheet-ParseExcel","https://https://www.cve.org/CVERecord?id=CVE-2023-7101","https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html"],"reported" => "2023-12-24","severity" => undef}],"main_module" => "Spreadsheet::ParseExcel","versions" => [{"date" => "2000-10-06T00:33:12","version" => "0.06"},{"date" => "2000-11-18T03:01:33","version" => "0.07"},{"date" => "2000-11-24T23:59:57","version" => "0.08"},{"date" => "2000-12-15T02:58:39","version" => "0.09"},{"date" => "2001-01-16T00:27:35","version" => "0.10"},{"date" => "2001-01-31T15:09:13","version" => "0.11"},{"date" => "2001-02-05T11:37:49","version" => "0.12"},{"date" => "2001-02-22T22:35:17","version" => "0.13"},{"date" => "2001-03-06T02:14:24","version" => "0.15"},{"date" => "2001-03-07T21:50:33","version" => "0.16"},{"date" => "2001-03-12T23:08:09","version" => "0.17"},{"date" => "2001-03-17T07:39:42","version" => "0.18"},{"date" => "2001-03-26T11:41:43","version" => "0.19"},{"date" => "2001-03-30T11:22:58","version" => "0.20"},{"date" => "2001-04-11T00:12:29","version" => "0.201"},{"date" => "2001-04-11T00:17:15","version" => "v0.20.1"},{"date" => "2001-04-28T02:18:17","version" => "0.21"},{"date" => "2001-04-29T05:37:04","version" => "v0.21.1"},{"date" => "2001-05-01T07:23:55","version" => "v0.21.2"},{"date" => "2001-05-05T09:46:39","version" => "0.22"},{"date" => "2001-05-15T22:20:34","version" => "v0.22.1"},{"date" => "2001-05-24T22:12:58","version" => "v0.22.2"},{"date" => "2001-06-05T22:21:24","version" => "v0.22.3"},{"date" => "2001-06-21T21:38:06","version" => "0.23"},{"date" => "2001-06-26T03:05:48","version" => "0.2301"},{"date" => "2001-07-05T10:44:34","version" => "0.24"},{"date" => "2001-07-13T10:51:35","version" => "0.2402"},{"date" => "2001-07-24T21:45:07","version" => "0.2403"},{"date" => "2001-12-06T22:01:45","version" => "0.2404"},{"date" => "2002-01-28T22:38:34","version" => "0.2405"},{"date" => "2002-04-07T22:20:17","version" => "0.2406"},{"date" => "2002-04-24T13:05:42","version" => "0.2407"},{"date" => "2002-05-09T15:05:41","version" => "0.25"},{"date" => "2002-06-05T20:57:29","version" => "0.26"},{"date" => "2002-07-13T22:41:34","version" => "0.2601"},{"date" => "2002-07-16T02:07:27","version" => "0.2602"},{"date" => "2004-05-30T01:51:09","version" => "0.2603"},{"date" => "2006-09-11T09:15:23","version" => "0.27_01"},{"date" => "2006-09-12T20:55:36","version" => "0.27_02"},{"date" => "2006-11-02T16:44:10","version" => "0.27_03"},{"date" => "2007-01-03T15:48:01","version" => "0.27"},{"date" => "2007-01-07T17:20:30","version" => "0.28"},{"date" => "2007-03-29T23:21:14","version" => "0.29"},{"date" => "2007-03-31T15:33:28","version" => "0.30"},{"date" => "2007-05-03T02:21:13","version" => "0.31"},{"date" => "2007-05-05T03:56:46","version" => "0.32"},{"date" => "2008-09-07T07:47:07","version" => "0.33"},{"date" => "2008-10-24T00:05:35","version" => "0.40"},{"date" => "2008-10-24T00:18:27","version" => "0.33"},{"date" => "2009-01-01T20:42:10","version" => "0.42"},{"date" => "2009-01-08T02:06:27","version" => "0.43"},{"date" => "2009-01-09T03:37:10","version" => "0.44"},{"date" => "2009-01-14T02:19:46","version" => "0.45"},{"date" => "2009-01-20T00:34:23","version" => "0.46"},{"date" => "2009-01-22T00:39:18","version" => "0.47"},{"date" => "2009-01-23T07:07:04","version" => "0.48"},{"date" => "2009-01-24T01:19:12","version" => "0.49"},{"date" => "2009-08-18T23:30:07","version" => "0.50"},{"date" => "2009-08-19T22:08:26","version" => "0.51"},{"date" => "2009-08-21T18:09:01","version" => "0.52"},{"date" => "2009-08-24T23:06:49","version" => "0.53"},{"date" => "2009-08-25T20:24:31","version" => "0.54"},{"date" => "2009-09-30T06:26:08","version" => "0.55"},{"date" => "2009-12-10T00:23:50","version" => "0.56"},{"date" => "2010-01-24T19:18:56","version" => "0.57"},{"date" => "2010-09-17T18:09:07","version" => "0.58"},{"date" => "2011-04-06T19:13:26","version" => "0.59"},{"date" => "2014-02-26T19:58:52","version" => "0.60"},{"date" => "2014-03-04T18:56:46","version" => "0.61"},{"date" => "2014-03-05T17:16:00","version" => "0.62"},{"date" => "2014-03-07T20:47:21","version" => "0.63"},{"date" => "2014-03-11T17:22:13","version" => "0.64"},{"date" => "2014-03-18T20:47:23","version" => "0.65"},{"date" => "2023-12-29T01:14:58","version" => "0.66"}]},"Spreadsheet-ParseXLSX" => {"advisories" => [{"affected_versions" => ["<0.28"],"cves" => ["CVE-2024-22368"],"description" => "The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.\n","distribution" => "Spreadsheet-ParseXLSX","fixed_versions" => [">=0.28"],"id" => "CPANSA-Spreadsheet-ParseXLSX-2024-22368","references" => ["https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md","https://github.com/briandfoy/cpan-security-advisory/issues/131","https://nvd.nist.gov/vuln/detail/CVE-2024-22368","https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md","https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes","https://github.com/advisories/GHSA-x2hg-844v-frvh"],"reported" => "2024-01-03"},{"affected_versions" => ["<0.30"],"cves" => ["CVE-2024-23525"],"description" => "In default configuration of Spreadsheet::ParseXLSX, whenever we call Spreadsheet::ParseXLSX->new()->parse('user_input_file.xlsx'), we'd be vulnerable for XXE vulnerability if the XLSX file that we are parsing is from user input.\n","distribution" => "Spreadsheet-ParseXLSX","fixed_versions" => [">=0.30"],"id" => "CPANSA-Spreadsheet-ParseXLSX-2024-23525","references" => ["https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes","https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a","https://github.com/briandfoy/cpan-security-advisory/issues/134","https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10","https://github.com/advisories/GHSA-cxjh-j6f8-vrmf","https://nvd.nist.gov/vuln/detail/CVE-2024-23525"],"reported" => "2024-01-17"}],"main_module" => "Spreadsheet::ParseXLSX","versions" => [{"date" => "2013-07-17T02:45:07","version" => "0.01"},{"date" => "2013-07-17T15:14:43","version" => "0.02"},{"date" => "2013-07-26T07:34:38","version" => "0.03"},{"date" => "2013-07-31T18:28:38","version" => "0.04"},{"date" => "2013-07-31T22:15:56","version" => "0.05"},{"date" => "2013-08-29T20:02:30","version" => "0.06"},{"date" => "2013-09-05T18:34:35","version" => "0.07"},{"date" => "2013-09-10T18:21:15","version" => "0.08"},{"date" => "2013-10-09T14:52:49","version" => "0.09"},{"date" => "2013-11-06T18:36:10","version" => "0.10"},{"date" => "2013-11-14T00:30:46","version" => "0.11"},{"date" => "2013-12-09T20:27:26","version" => "0.12"},{"date" => "2014-01-29T21:32:54","version" => "0.13"},{"date" => "2014-04-03T16:56:25","version" => "0.14"},{"date" => "2014-07-05T01:39:06","version" => "0.15"},{"date" => "2014-07-05T18:55:08","version" => "0.16"},{"date" => "2015-03-26T03:38:16","version" => "0.17"},{"date" => "2015-09-19T06:08:07","version" => "0.18"},{"date" => "2015-12-04T07:38:39","version" => "0.19"},{"date" => "2015-12-05T18:45:32","version" => "0.20"},{"date" => "2016-05-23T07:09:47","version" => "0.21"},{"date" => "2016-05-25T05:39:15","version" => "0.22"},{"date" => "2016-05-29T03:01:59","version" => "0.23"},{"date" => "2016-06-25T18:03:32","version" => "0.24"},{"date" => "2016-07-15T02:36:28","version" => "0.25"},{"date" => "2016-08-16T06:35:10","version" => "0.26"},{"date" => "2016-08-16T07:12:41","version" => "0.27"},{"date" => "2024-01-02T13:45:35","version" => "0.28"},{"date" => "2024-01-02T17:49:11","version" => "0.29"},{"date" => "2024-01-17T11:34:43","version" => "0.30"},{"date" => "2024-01-18T11:30:17","version" => "0.31"},{"date" => "2024-03-08T11:04:50","version" => "0.32"},{"date" => "2024-03-08T12:50:37","version" => "0.33"},{"date" => "2024-03-13T10:28:28","version" => "0.34"},{"date" => "2024-03-19T16:22:17","version" => "0.35"},{"date" => "2025-01-24T09:33:40","version" => "0.36"}]},"Squatting" => {"advisories" => [{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Squatting","versions" => [{"date" => "2008-05-13T22:22:58","version" => "0.20"},{"date" => "2008-05-14T06:05:11","version" => "0.21"},{"date" => "2008-06-02T19:48:13","version" => "0.30"},{"date" => "2008-06-06T10:48:50","version" => "0.31"},{"date" => "2008-07-06T17:46:05","version" => "0.40"},{"date" => "2008-07-09T04:13:14","version" => "0.41"},{"date" => "2008-07-25T14:38:30","version" => "0.42"},{"date" => "2008-07-31T02:12:58","version" => "0.50"},{"date" => "2008-08-07T23:35:32","version" => "0.51"},{"date" => "2008-08-09T00:05:02","version" => "0.52"},{"date" => "2009-04-21T18:46:53","version" => "0.60"},{"date" => "2009-08-27T12:18:15","version" => "0.70"},{"date" => "2011-04-27T11:37:19","version" => "0.80"},{"date" => "2011-04-27T21:17:13","version" => "0.81"},{"date" => "2013-08-12T04:12:05","version" => "0.82"},{"date" => "2014-02-20T03:16:20","version" => "0.83"}]},"Starch" => {"advisories" => [{"affected_versions" => ["<=0.14"],"cves" => ["CVE-2025-40925"],"description" => "Starch versions 0.14 and earlier generate session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Starch","fixed_versions" => [],"id" => "CPANSA-Starch-2025-40925","references" => ["https://github.com/bluefeet/Starch/commit/5573449e64e0660f7ee209d1eab5881d4ccbee3b.patch","https://github.com/bluefeet/Starch/pull/5","https://metacpan.org/dist/Starch/source/lib/Starch/Manager.pm"],"reported" => "2025-09-20","severity" => undef}],"main_module" => "Starch","versions" => [{"date" => "2015-07-31T23:11:38","version" => "0.06"},{"date" => "2018-05-17T14:47:29","version" => "0.07"},{"date" => "2018-09-04T01:40:23","version" => "0.08"},{"date" => "2018-09-04T17:20:53","version" => "0.09"},{"date" => "2019-02-14T19:42:01","version" => "0.10"},{"date" => "2019-02-20T15:55:30","version" => "0.11"},{"date" => "2019-03-01T06:11:34","version" => "0.12"},{"date" => "2019-03-23T21:36:38","version" => "0.13"},{"date" => "2019-05-13T02:14:22","version" => "0.14"}]},"Stardust" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Stardust","versions" => [{"date" => "2009-08-28T03:34:38","version" => "0.01"},{"date" => "2009-09-02T08:17:45","version" => "0.02"},{"date" => "2009-09-08T13:01:44","version" => "0.03"},{"date" => "2009-09-08T20:19:12","version" => "0.04"},{"date" => "2009-09-11T02:44:30","version" => "0.05"},{"date" => "2009-09-11T07:03:42","version" => "0.06"},{"date" => "2009-09-11T08:22:34","version" => "0.07"},{"date" => "2011-08-04T18:24:59","version" => "0.08"}]},"Storable" => {"advisories" => [{"affected_versions" => ["<3.05"],"cves" => [],"description" => "Malcrafted storable files or buffers.\n","distribution" => "Storable","fixed_versions" => [">=3.05"],"id" => "CPANSA-Storable-2017-01","references" => ["https://metacpan.org/changes/distribution/Storable","https://cxsecurity.com/issue/WLB-2007120031"],"reported" => "2017-01-29"}],"main_module" => "Storable","versions" => [{"date" => "1995-10-02T10:50:02","version" => "0.1"},{"date" => "1997-01-13T11:42:25","version" => "0.2"},{"date" => "1997-01-13T17:18:01","version" => "0.2"},{"date" => "1997-01-14T15:12:36","version" => "0.3"},{"date" => "1997-01-15T18:25:57","version" => "0.4"},{"date" => "1997-01-22T14:47:23","version" => "0.4"},{"date" => "1997-02-27T15:02:37","version" => "0.4"},{"date" => "1997-02-27T15:38:18","version" => "0.4"},{"date" => "1997-03-25T10:32:00","version" => "0.4"},{"date" => "1997-05-16T09:24:59","version" => "0.4"},{"date" => "1997-06-03T09:38:38","version" => "0.4"},{"date" => "1997-06-10T16:47:47","version" => "0.5"},{"date" => "1997-11-05T10:05:11","version" => "0.5"},{"date" => "1998-01-13T16:59:38","version" => "0.5"},{"date" => "1998-01-20T08:32:03","version" => "0.5"},{"date" => "1998-03-06T20:52:28","version" => "0.5"},{"date" => "1998-03-25T14:10:24","version" => "0.5"},{"date" => "1998-04-08T11:20:48","version" => "0.5"},{"date" => "1998-04-09T16:17:05","version" => "0.5"},{"date" => "1998-04-24T15:29:23","version" => "0.5"},{"date" => "1998-04-30T13:13:58","version" => "0.5"},{"date" => "1998-05-12T07:15:48","version" => "0.5"},{"date" => "1998-06-04T16:19:02","version" => "0.6"},{"date" => "1998-06-12T09:54:35","version" => "0.6"},{"date" => "1998-06-22T09:00:32","version" => "0.6"},{"date" => "1998-07-03T13:53:55","version" => "0.6"},{"date" => "1998-07-21T12:10:39","version" => "0.6"},{"date" => "1999-01-31T18:01:47","version" => "0.6"},{"date" => "1999-07-12T13:05:25","version" => "0.6"},{"date" => "1999-09-02T12:47:03","version" => "0.6"},{"date" => "1999-09-14T20:27:23","version" => "v0.6.5"},{"date" => "1999-10-19T19:33:43","version" => "v0.6.6"},{"date" => "1999-10-20T17:10:19","version" => "v0.6.7"},{"date" => "2000-03-02T22:29:53","version" => "v0.6.9"},{"date" => "2000-03-29T18:00:09","version" => "v0.6.10"},{"date" => "2000-04-02T22:12:47","version" => "v0.6.11"},{"date" => "2000-08-03T22:12:31","version" => "v0.7.0"},{"date" => "2000-08-13T20:17:55","version" => "v0.7.1"},{"date" => "2000-08-14T07:27:17","version" => "v0.7.2"},{"date" => "2000-08-23T23:12:01","version" => "v0.7.4"},{"date" => "2000-09-01T19:44:37","version" => "v1.0.0"},{"date" => "2000-09-17T16:56:12","version" => "v1.0.1"},{"date" => "2000-09-28T21:50:42","version" => "v1.0.2"},{"date" => "2000-09-29T19:55:57","version" => "v1.0.3"},{"date" => "2000-10-23T18:12:41","version" => "v1.0.4"},{"date" => "2000-10-26T17:18:33","version" => "v1.0.5"},{"date" => "2000-11-05T17:30:34","version" => "v1.0.6"},{"date" => "2001-01-03T09:48:40","version" => "v1.0.7"},{"date" => "2001-02-17T12:43:23","version" => "v1.0.10"},{"date" => "2001-03-15T00:30:04","version" => "v1.0.11"},{"date" => "2001-07-01T11:30:39","version" => "v1.0.12"},{"date" => "2001-08-28T21:59:16","version" => "v1.0.13"},{"date" => "2001-12-01T13:48:14","version" => "v1.0.14"},{"date" => "2002-05-18T16:48:08","version" => "2.00"},{"date" => "2002-05-28T20:34:47","version" => "2.02"},{"date" => "2002-06-01T04:35:47","version" => "2.03"},{"date" => "2002-06-08T02:11:56","version" => "2.04"},{"date" => "2002-10-03T03:37:51","version" => "2.05"},{"date" => "2002-11-25T12:34:01","version" => "2.06"},{"date" => "2003-05-05T05:21:16","version" => "2.07"},{"date" => "2003-09-05T20:01:37","version" => "2.08"},{"date" => "2004-01-06T01:47:55","version" => "2.09"},{"date" => "2004-03-01T04:28:16","version" => "2.10"},{"date" => "2004-03-17T15:11:57","version" => "2.11"},{"date" => "2004-03-24T03:24:16","version" => "2.12"},{"date" => "2004-06-28T16:41:47","version" => "2.13"},{"date" => "2005-04-25T02:15:51","version" => "2.14"},{"date" => "2005-05-23T17:21:53","version" => "2.15"},{"date" => "2007-03-31T00:51:12","version" => "2.16"},{"date" => "2007-11-16T20:48:24","version" => "2.17"},{"date" => "2007-11-23T18:18:24","version" => "2.18"},{"date" => "2009-05-18T04:18:09","version" => "2.20"},{"date" => "2009-08-06T05:30:04","version" => "2.21"},{"date" => "2010-11-12T17:12:42","version" => "2.23"},{"date" => "2010-11-12T17:29:29","version" => "2.24"},{"date" => "2010-12-11T06:08:33","version" => "2.25"},{"date" => "2011-07-03T04:04:14","version" => "2.29"},{"date" => "2011-07-12T03:59:06","version" => "2.30"},{"date" => "2012-06-07T01:16:46","version" => "2.35"},{"date" => "2012-09-11T01:30:44","version" => "2.38"},{"date" => "2012-09-11T01:38:57","version" => "2.39"},{"date" => "2013-07-13T16:49:48","version" => "2.45"},{"date" => "2014-07-02T11:09:04","version" => "2.51"},{"date" => "2017-01-29T11:41:00","version" => "3.05"},{"date" => "2017-01-30T14:25:11","version" => "3.05_01"},{"date" => "2017-01-30T18:55:50","version" => "3.05_02"},{"date" => "2017-01-31T01:58:36","version" => "3.05_03"},{"date" => "2017-02-02T11:22:12","version" => "3.05_04"},{"date" => "2017-03-05T10:48:10","version" => "3.05_06"},{"date" => "2017-03-05T12:52:10","version" => "3.05_07"},{"date" => "2017-03-11T07:51:19","version" => "3.05_09"},{"date" => "2017-03-14T09:03:54","version" => "3.05_10"},{"date" => "2017-03-29T20:00:48","version" => "3.05_11"},{"date" => "2017-04-19T07:20:42","version" => "3.05_12"},{"date" => "2017-10-15T12:06:30","version" => "3.05_14"},{"date" => "2017-10-21T09:30:17","version" => "3.05_15"},{"date" => "2017-10-21T16:17:28","version" => "3.05_16"},{"date" => "2018-04-19T08:29:33","version" => "3.06"},{"date" => "2018-04-20T16:11:03","version" => "3.05_17"},{"date" => "2018-04-21T10:08:56","version" => "3.08"},{"date" => "2018-04-21T16:50:30","version" => "3.09"},{"date" => "2018-04-27T17:46:19","version" => "3.11"},{"date" => "2018-09-05T15:12:26","version" => "3.11_01"},{"date" => "2019-03-06T12:42:01","version" => "3.12_03"},{"date" => "2019-03-12T09:31:55","version" => "3.12_04"},{"date" => "2019-04-16T07:32:16","version" => "3.14_04"},{"date" => "2019-04-23T13:29:25","version" => "3.15"},{"date" => "2019-05-05T12:46:33","version" => "3.15_04"},{"date" => "2021-08-25T09:06:32","version" => "3.24_50"},{"date" => "2021-08-30T08:39:08","version" => "3.25"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.015"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.19"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "2.15_02"},{"date" => "2009-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011001","version" => "2.22"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "2.26"},{"date" => "2011-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013011","version" => "2.27"},{"date" => "2011-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015","version" => "2.28"},{"date" => "2011-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015001","version" => "2.31"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "2.32"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "2.33"},{"date" => "2011-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015006","version" => "2.34"},{"date" => "2012-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017001","version" => "2.36"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.37"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "2.40"},{"date" => "2013-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017011","version" => "2.41"},{"date" => "2013-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019","version" => "2.42"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.43"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "2.46"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.47"},{"date" => "2013-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019007","version" => "2.48"},{"date" => "2014-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019011","version" => "2.49"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "2.49_01"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "2.52"},{"date" => "2015-02-21T00:00:00","dual_lived" => 1,"perl_release" => "5.021009","version" => "2.53"},{"date" => "2015-12-13T00:00:00","dual_lived" => 1,"perl_release" => "5.022001","version" => "2.53_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.53_02"},{"date" => "2015-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023001","version" => "2.54"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "2.55"},{"date" => "2016-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023009","version" => "2.56"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "2.56_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "2.57"},{"date" => "2016-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025006","version" => "2.58"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "2.59"},{"date" => "2017-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025009","version" => "2.61"},{"date" => "2017-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025010","version" => "2.62"},{"date" => "2017-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027001","version" => "2.63"},{"date" => "2017-08-21T00:00:00","dual_lived" => 1,"perl_release" => "5.027003","version" => "2.64"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "2.65"},{"date" => "2019-04-19T00:00:00","dual_lived" => 1,"perl_release" => "5.028002","version" => "3.08_01"},{"date" => "2018-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029002","version" => "3.12"},{"date" => "2018-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029003","version" => "3.13"},{"date" => "2018-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.029006","version" => "3.14"},{"date" => "2019-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031001","version" => "3.16"},{"date" => "2019-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031003","version" => "3.17"},{"date" => "2019-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031007","version" => "3.18"},{"date" => "2020-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031009","version" => "3.19"},{"date" => "2020-04-28T00:00:00","dual_lived" => 1,"perl_release" => "5.031011","version" => "3.20"},{"date" => "2020-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.032","version" => "3.21"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "3.22"},{"date" => "2020-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033003","version" => "3.23"},{"date" => "2021-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035003","version" => "3.24"},{"date" => "2022-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035011","version" => "3.26"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "3.27"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.28"},{"date" => "2023-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037008","version" => "3.29"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.03701","version" => "3.31"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038000","version" => "3.32"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.33"},{"date" => "2024-08-29T00:00:00","dual_lived" => 1,"perl_release" => "5.041003","version" => "3.34"},{"date" => "2024-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041004","version" => "3.35"},{"date" => "2025-03-21T00:00:00","dual_lived" => 1,"perl_release" => "5.041010","version" => "3.36"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "3.37"}]},"String-Compare-ConstantTime" => {"advisories" => [{"affected_versions" => ["<=0.321"],"cves" => ["CVE-2024-13939"],"description" => "String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.  As stated in the documentation: \"If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents).\"  This is similar to\x{a0}CVE-2020-36829","distribution" => "String-Compare-ConstantTime","fixed_versions" => [],"id" => "CPANSA-String-Compare-ConstantTime-2024-13939","references" => ["https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL"],"reported" => "2025-03-28","severity" => undef}],"main_module" => "String::Compare::ConstantTime","versions" => [{"date" => "2012-07-13T00:08:31","version" => "0.20"},{"date" => "2012-10-10T01:38:04","version" => "0.300"},{"date" => "2014-09-24T03:21:54","version" => "0.310"},{"date" => "2015-10-24T21:53:39","version" => "0.311"},{"date" => "2017-02-14T16:57:07","version" => "0.312"},{"date" => "2018-04-23T16:13:42","version" => "0.320"},{"date" => "2019-06-17T13:33:11","version" => "0.321"}]},"Sub-HandlesVia" => {"advisories" => [{"affected_versions" => ["<0.050002"],"cves" => ["CVE-2025-30673"],"description" => "Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be\x{a0}loaded instead of the intended file, potentially leading to arbitrary\x{a0}code execution.  Sub::HandlesVia uses Mite to produce the affected code section due to\x{a0}CVE-2025-30672","distribution" => "Sub-HandlesVia","fixed_versions" => [">=0.050002"],"id" => "CPANSA-Sub-HandlesVia-2025-30673","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/dist/Sub-HandlesVia/changes#L12","https://metacpan.org/release/TOBYINK/Sub-HandlesVia-0.050001/source/lib/Sub/HandlesVia/Mite.pm#L114"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Sub::HandlesVia","versions" => [{"date" => "2020-01-21T12:20:29","version" => "0.001"},{"date" => "2020-01-21T12:44:10","version" => "0.002"},{"date" => "2020-01-21T21:31:54","version" => "0.003"},{"date" => "2020-01-22T20:46:52","version" => "0.004"},{"date" => "2020-01-23T12:15:51","version" => "0.005"},{"date" => "2020-01-23T12:57:19","version" => "0.006"},{"date" => "2020-01-25T18:32:49","version" => "0.007"},{"date" => "2020-01-26T21:21:53","version" => "0.008_000"},{"date" => "2020-01-26T23:51:45","version" => "0.008_001"},{"date" => "2020-01-27T01:42:52","version" => "0.008_002"},{"date" => "2020-01-27T08:53:01","version" => "0.008_003"},{"date" => "2020-01-27T10:55:08","version" => "0.009"},{"date" => "2020-01-27T14:35:32","version" => "0.010"},{"date" => "2020-01-27T20:50:11","version" => "0.011"},{"date" => "2020-02-02T19:19:39","version" => "0.012"},{"date" => "2020-02-04T23:25:52","version" => "0.013"},{"date" => "2020-08-25T12:50:04","version" => "0.014"},{"date" => "2020-09-12T14:08:39","version" => "0.015"},{"date" => "2020-09-20T16:31:29","version" => "0.016"},{"date" => "2022-06-11T11:23:50","version" => "0.017"},{"date" => "2022-06-11T14:29:41","version" => "0.018"},{"date" => "2022-06-11T16:47:08","version" => "0.019"},{"date" => "2022-06-11T20:23:02","version" => "0.020"},{"date" => "2022-06-12T17:24:14","version" => "0.021"},{"date" => "2022-06-14T16:04:34","version" => "0.022"},{"date" => "2022-06-15T01:20:36","version" => "0.023"},{"date" => "2022-06-15T14:42:36","version" => "0.024"},{"date" => "2022-06-16T10:36:27","version" => "0.025"},{"date" => "2022-06-29T23:39:10","version" => "0.026"},{"date" => "2022-06-30T00:10:02","version" => "0.027"},{"date" => "2022-07-01T23:17:41","version" => "0.028"},{"date" => "2022-07-09T18:26:58","version" => "0.029"},{"date" => "2022-07-09T18:32:11","version" => "0.030"},{"date" => "2022-07-09T19:48:20","version" => "0.031"},{"date" => "2022-07-12T19:15:21","version" => "0.032"},{"date" => "2022-08-05T15:26:32","version" => "0.033"},{"date" => "2022-08-07T14:36:37","version" => "0.034"},{"date" => "2022-08-12T14:45:11","version" => "0.035"},{"date" => "2022-08-26T14:46:58","version" => "0.036"},{"date" => "2022-09-26T08:48:59","version" => "0.037"},{"date" => "2022-10-21T14:29:19","version" => "0.038"},{"date" => "2022-10-26T10:30:49","version" => "0.039"},{"date" => "2022-10-27T12:45:21","version" => "0.040"},{"date" => "2022-10-29T15:58:04","version" => "0.041"},{"date" => "2022-10-30T12:28:45","version" => "0.042"},{"date" => "2022-10-31T11:04:11","version" => "0.043"},{"date" => "2022-10-31T18:24:28","version" => "0.044"},{"date" => "2022-11-08T18:45:23","version" => "0.045"},{"date" => "2022-12-16T16:02:25","version" => "0.046"},{"date" => "2023-04-05T21:51:07","version" => "0.050000"},{"date" => "2025-03-23T18:30:54","version" => "0.050001"},{"date" => "2025-03-31T11:34:28","version" => "0.050002"},{"date" => "2025-07-14T21:33:31","version" => "0.050003"},{"date" => "2025-11-10T17:13:26","version" => "0.050004"},{"date" => "2025-11-10T17:24:14","version" => "0.050005"},{"date" => "2025-11-11T22:25:44","version" => "0.050006"},{"date" => "2025-11-15T20:17:13","version" => "0.050007"},{"date" => "2025-11-21T09:14:26","version" => "0.052000"},{"date" => "2026-01-28T23:06:43","version" => "0.053000"},{"date" => "2026-01-29T09:02:27","version" => "0.053001"},{"date" => "2026-01-30T17:28:28","version" => "0.053002"},{"date" => "2026-01-31T23:44:23","version" => "0.053003"},{"date" => "2026-02-01T23:30:36","version" => "0.053004"},{"date" => "2026-02-04T17:17:58","version" => "0.053005"}]},"Sys-Syslog" => {"advisories" => [{"affected_versions" => ["<0.35"],"cves" => ["CVE-2016-1238"],"description" => "Optional modules loaded from loading optional modules from \".\"\n","distribution" => "Sys-Syslog","fixed_versions" => [">=0.35"],"id" => "CPANSA-Sys-Syslog-2016-1238","references" => ["https://metacpan.org/dist/Sys-Syslog/changes","https://rt.cpan.org/Public/Bug/Display.html?id=116543"],"reported" => "2016-07-27","severity" => "high"}],"main_module" => "Sys::Syslog","versions" => [{"date" => "2005-12-06T22:19:29","version" => "0.09"},{"date" => "2005-12-08T01:10:57","version" => "0.10"},{"date" => "2005-12-27T23:49:31","version" => "0.11"},{"date" => "2006-01-07T04:07:20","version" => "0.12"},{"date" => "2006-01-11T01:03:02","version" => "0.13"},{"date" => "2006-05-25T22:42:27","version" => "0.14"},{"date" => "2006-06-10T23:57:12","version" => "0.15"},{"date" => "2006-06-20T21:26:29","version" => "0.16"},{"date" => "2006-07-23T01:51:16","version" => "0.17"},{"date" => "2006-08-28T22:18:29","version" => "0.18"},{"date" => "2007-09-05T09:39:56","version" => "0.19"},{"date" => "2007-09-05T10:23:25","version" => "0.20"},{"date" => "2007-09-13T23:01:59","version" => "0.21"},{"date" => "2007-11-08T00:58:57","version" => "0.22"},{"date" => "2007-11-12T22:42:29","version" => "0.23"},{"date" => "2007-12-31T17:18:56","version" => "0.24"},{"date" => "2008-06-05T23:16:19","version" => "0.25"},{"date" => "2008-06-15T23:49:12","version" => "0.25"},{"date" => "2008-09-21T17:05:08","version" => "0.27"},{"date" => "2009-03-14T03:24:36","version" => "1.00"},{"date" => "2011-04-16T17:01:20","version" => "0.28"},{"date" => "2011-04-18T14:10:00","version" => "0.29"},{"date" => "2012-08-15T01:27:23","version" => "0.30"},{"date" => "2012-08-18T18:07:17","version" => "0.31"},{"date" => "2012-09-14T12:36:22","version" => "0.32"},{"date" => "2013-05-24T00:13:07","version" => "0.33"},{"date" => "2016-05-05T23:20:00","version" => "0.34"},{"date" => "2016-09-01T16:56:39","version" => "0.35"},{"date" => "2019-10-21T22:41:02","version" => "0.36"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006000","version" => "0.01"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "0.02"},{"date" => "2002-07-19T00:00:00","dual_lived" => 1,"perl_release" => "5.008","version" => "0.03"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "0.04"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "0.05"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "0.06"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "0.18_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.33_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "0.34_01"}]},"Tcl" => {"advisories" => [{"affected_versions" => [">=0.89,<=1.27"],"cves" => ["CVE-2008-0553"],"description" => "Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.\n","distribution" => "Tcl","fixed_versions" => [],"id" => "CPANSA-Tcl-2008-0553-tcl","references" => ["http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894","http://www.securityfocus.com/bid/27655","http://securitytracker.com/id?1019309","http://secunia.com/advisories/28784","https://bugzilla.redhat.com/show_bug.cgi?id=431518","https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html","https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html","https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html","https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html","http://www.mandriva.com/security/advisories?name=MDVSA-2008:041","http://secunia.com/advisories/28807","http://secunia.com/advisories/28848","http://www.debian.org/security/2008/dsa-1490","http://www.debian.org/security/2008/dsa-1491","http://secunia.com/advisories/28857","http://secunia.com/advisories/28867","http://wiki.rpath.com/Advisories:rPSA-2008-0054","https://issues.rpath.com/browse/RPL-2215","http://secunia.com/advisories/28954","http://www.redhat.com/support/errata/RHSA-2008-0135.html","http://www.redhat.com/support/errata/RHSA-2008-0134.html","http://www.redhat.com/support/errata/RHSA-2008-0136.html","http://secunia.com/advisories/29069","http://secunia.com/advisories/29070","http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html","http://secunia.com/advisories/29622","http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1","http://secunia.com/advisories/30129","http://www.vmware.com/security/advisories/VMSA-2008-0009.html","http://secunia.com/advisories/30535","http://secunia.com/advisories/30717","http://secunia.com/advisories/30783","http://www.novell.com/linux/security/advisories/2008_13_sr.html","http://www.debian.org/security/2008/dsa-1598","https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html","http://secunia.com/advisories/30188","http://www.vupen.com/english/advisories/2008/0430","http://www.vupen.com/english/advisories/2008/1744","http://www.vupen.com/english/advisories/2008/1456/references","http://ubuntu.com/usn/usn-664-1","http://secunia.com/advisories/32608","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098","http://www.securityfocus.com/archive/1/493080/100/0/threaded","http://www.securityfocus.com/archive/1/488069/100/0/threaded"],"reported" => "2008-02-07","severity" => undef}],"main_module" => "Tcl","versions" => [{"date" => "1995-08-20T09:21:54","version" => 0},{"date" => "1997-09-18T16:57:00","version" => 0},{"date" => "2001-03-11T23:23:17","version" => 0},{"date" => "2003-05-18T23:45:54","version" => "0.4"},{"date" => "2003-05-25T20:00:11","version" => "0.5"},{"date" => "2003-06-08T08:07:42","version" => "0.6"},{"date" => "2003-07-02T17:33:44","version" => "0.7"},{"date" => "2003-07-03T16:40:09","version" => "0.71"},{"date" => "2003-08-19T20:32:16","version" => "0.72"},{"date" => "2004-03-28T11:29:19","version" => "0.75"},{"date" => "2004-04-17T07:03:50","version" => "0.76"},{"date" => "2004-04-17T09:34:42","version" => "0.77"},{"date" => "2004-05-02T20:16:01","version" => "0.80"},{"date" => "2004-05-09T19:45:16","version" => "0.81"},{"date" => "2004-09-12T22:11:09","version" => "0.84"},{"date" => "2004-12-31T07:20:14","version" => "0.85"},{"date" => "2005-02-02T17:03:47","version" => "0.87"},{"date" => "2005-08-22T20:31:27","version" => "0.88"},{"date" => "2006-05-23T09:36:56","version" => "0.89"},{"date" => "2006-11-11T09:22:01","version" => "0.90"},{"date" => "2006-11-13T17:53:37","version" => "0.91"},{"date" => "2007-06-07T19:50:54","version" => "0.95"},{"date" => "2008-09-06T21:03:59","version" => "0.97"},{"date" => "2009-11-24T01:24:12","version" => "0.98"},{"date" => "2010-11-02T22:20:55","version" => "0.99"},{"date" => "2010-11-23T20:42:35","version" => "1.00"},{"date" => "2011-02-10T09:28:49","version" => "1.01"},{"date" => "2011-02-11T06:06:07","version" => "1.02"},{"date" => "2013-04-12T06:43:49","version" => "1.02_50"},{"date" => "2016-02-21T18:58:43","version" => "1.03"},{"date" => "2016-03-20T15:25:13","version" => "1.04"},{"date" => "2016-06-28T17:10:13","version" => "1.05"},{"date" => "2018-06-23T13:50:33","version" => "1.06"},{"date" => "2018-06-26T20:55:40","version" => "1.07"},{"date" => "2018-06-27T11:47:10","version" => "1.08"},{"date" => "2018-06-27T13:50:27","version" => "1.09"},{"date" => "2018-06-28T08:02:58","version" => "1.10"},{"date" => "2018-07-13T08:35:58","version" => "1.11"},{"date" => "2018-07-14T08:03:20","version" => "1.12"},{"date" => "2018-07-15T11:36:17","version" => "1.15"},{"date" => "2018-07-15T12:22:05","version" => "1.13"},{"date" => "2018-07-15T16:43:59","version" => "1.16"},{"date" => "2018-07-17T11:29:52","version" => "1.17"},{"date" => "2018-07-18T15:54:30","version" => "1.18"},{"date" => "2018-07-19T16:25:01","version" => "1.19"},{"date" => "2018-07-19T19:14:28","version" => "1.20"},{"date" => "2018-07-20T09:58:37","version" => "1.21"},{"date" => "2018-07-20T18:15:43","version" => "1.22"},{"date" => "2018-07-21T17:34:34","version" => "1.23"},{"date" => "2018-07-23T19:28:49","version" => "1.24"},{"date" => "2018-07-25T16:37:19","version" => "1.25"},{"date" => "2018-08-22T08:49:39","version" => "1.27"},{"date" => "2024-01-02T12:27:15","version" => "1.28"},{"date" => "2024-01-02T14:18:57","version" => "1.29"},{"date" => "2024-01-02T16:00:50","version" => "1.30"},{"date" => "2024-01-03T12:37:05","version" => "1.31"},{"date" => "2024-01-06T15:12:10","version" => "1.32"},{"date" => "2025-01-06T19:58:52","version" => "1.50"},{"date" => "2025-01-07T18:25:32","version" => "1.51_01"},{"date" => "2025-01-26T17:49:05","version" => "1.51"},{"date" => "2025-03-16T09:15:07","version" => "1.51_02"},{"date" => "2025-03-16T09:25:42","version" => "1.52"},{"date" => "2025-03-16T14:25:32","version" => "1.53"}]},"Term-ReadLine-Gnu" => {"advisories" => [{"affected_versions" => ["<1.27"],"comment" => "The presense of affected versions of Term-ReadLine-Gnu suggests that a vulnerable version of the readline linrary is installed on the host system.\n","cves" => ["CVE-2014-2524"],"description" => "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.\n","distribution" => "Term-ReadLine-Gnu","external_vulnerability" => {"distributed_version" => "<=6.3","name" => "readline"},"fixed_versions" => [">=1.27"],"id" => "CPANSA-Term-ReadLine-Gnu-2014-2524","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1077023","http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html","http://seclists.org/oss-sec/2014/q1/579","http://seclists.org/oss-sec/2014/q1/587","https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html","http://www.mandriva.com/security/advisories?name=MDVSA-2014:154","http://advisories.mageia.org/MGASA-2014-0319.html","http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html","http://www.mandriva.com/security/advisories?name=MDVSA-2015:132"],"reported" => "2014-08-20","severity" => undef}],"main_module" => "Term::ReadLine::Gnu","versions" => [{"date" => "1997-02-07T02:03:51","version" => "0.06"},{"date" => "1997-03-26T07:17:23","version" => "0.07"},{"date" => "1997-08-25T15:02:01","version" => "0.09"},{"date" => "1998-03-31T15:49:08","version" => "0.10"},{"date" => "1998-04-17T05:23:29","version" => "1.00"},{"date" => "1998-05-13T15:45:47","version" => "1.01"},{"date" => "1998-09-30T16:10:02","version" => "1.03"},{"date" => "1999-02-22T17:28:32","version" => "1.04"},{"date" => "1999-04-10T16:08:54","version" => "1.05"},{"date" => "1999-05-05T14:55:21","version" => "1.06"},{"date" => "1999-07-19T15:13:19","version" => "1.07"},{"date" => "1999-12-30T13:37:18","version" => "1.08"},{"date" => "2000-04-03T18:05:33","version" => "1.09"},{"date" => "2001-04-22T14:23:37","version" => "1.10"},{"date" => "2001-10-28T04:38:19","version" => "1.11"},{"date" => "2002-03-31T05:54:31","version" => "1.12"},{"date" => "2002-07-28T05:07:18","version" => "1.13"},{"date" => "2003-03-17T03:59:29","version" => "1.14"},{"date" => "2004-10-17T20:00:06","version" => "1.15"},{"date" => "2006-04-02T01:36:28","version" => "1.16"},{"date" => "2008-02-07T15:00:09","version" => "1.17"},{"date" => "2008-02-07T15:52:11","version" => "1.17"},{"date" => "2009-02-27T14:14:29","version" => "1.18"},{"date" => "2009-03-20T17:00:37","version" => "1.19"},{"date" => "2010-05-02T14:26:20","version" => "1.20"},{"date" => "2014-03-01T17:19:57","version" => "1.21"},{"date" => "2014-03-05T14:48:24","version" => "1.22"},{"date" => "2014-03-19T15:53:44","version" => "1.23"},{"date" => "2014-03-23T11:58:51","version" => "1.24"},{"date" => "2014-12-20T13:25:24","version" => "1.25"},{"date" => "2015-01-31T12:30:45","version" => "1.26"},{"date" => "2015-09-06T06:03:05","version" => "1.27"},{"date" => "2015-09-21T13:14:52","version" => "1.28"},{"date" => "2016-02-29T14:06:51","version" => "1.29"},{"date" => "2016-03-01T15:55:22","version" => "1.30"},{"date" => "2016-03-06T00:45:52","version" => "1.31"},{"date" => "2016-06-07T15:25:50","version" => "1.32"},{"date" => "2016-06-09T17:11:29","version" => "1.33"},{"date" => "2016-06-12T14:53:40","version" => "1.34"},{"date" => "2016-11-03T14:36:40","version" => "1.35"},{"date" => "2019-01-14T05:39:06","version" => "1.36"},{"date" => "2020-12-27T03:26:23","version" => "1.37"},{"date" => "2021-02-22T09:48:52","version" => "1.38"},{"date" => "2021-02-22T14:36:24","version" => "1.39"},{"date" => "2021-02-23T07:24:27","version" => "1.40"},{"date" => "2021-05-01T14:45:09","version" => "1.41"},{"date" => "2021-05-07T03:30:02","version" => "1.42"},{"date" => "2022-10-01T08:45:18","version" => "1.43"},{"date" => "2022-11-06T14:03:08","version" => "1.44"},{"date" => "2022-11-27T13:23:27","version" => "1.45"},{"date" => "2023-07-01T09:18:33","version" => "1.46"},{"date" => "2025-07-06T02:25:46","version" => "1.47"}]},"Tk" => {"advisories" => [{"affected_versions" => ["<804.029"],"cves" => ["CVE-2006-4484"],"description" => "Buffer overflow in the LWZReadByte_ function in the GD extension in allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.\n","distribution" => "Tk","fixed_versions" => [">=804.029"],"id" => "CPANSA-Tk-2008-01","references" => ["https://metacpan.org/changes/distribution/Tk"],"reported" => "2008-10-01"},{"affected_versions" => [">804.024,<=804.027"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"},{"affected_versions" => [">804.027_500,<=804.036"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"},{"affected_versions" => [">0"],"cves" => ["CVE-2007-4769"],"description" => "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2007-4769-tcl","references" => ["http://www.postgresql.org/about/news.905","http://www.securityfocus.com/bid/27163","http://securitytracker.com/id?1019157","http://secunia.com/advisories/28359","http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894","http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894","http://www.mandriva.com/security/advisories?name=MDVSA-2008:004","https://issues.rpath.com/browse/RPL-1768","http://www.debian.org/security/2008/dsa-1460","http://www.debian.org/security/2008/dsa-1463","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html","http://www.redhat.com/support/errata/RHSA-2008-0038.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1","http://secunia.com/advisories/28376","http://secunia.com/advisories/28438","http://secunia.com/advisories/28437","http://secunia.com/advisories/28454","http://secunia.com/advisories/28464","http://secunia.com/advisories/28477","http://secunia.com/advisories/28479","http://secunia.com/advisories/28455","http://security.gentoo.org/glsa/glsa-200801-15.xml","http://secunia.com/advisories/28679","http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html","http://secunia.com/advisories/28698","http://www.redhat.com/support/errata/RHSA-2008-0040.html","http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1","http://secunia.com/advisories/29638","http://www.vupen.com/english/advisories/2008/1071/references","http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154","http://www.vupen.com/english/advisories/2008/0109","http://www.vupen.com/english/advisories/2008/0061","https://exchange.xforce.ibmcloud.com/vulnerabilities/39499","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804","https://usn.ubuntu.com/568-1/","http://www.securityfocus.com/archive/1/486407/100/0/threaded","http://www.securityfocus.com/archive/1/485864/100/0/threaded"],"reported" => "2008-01-09","severity" => undef}],"main_module" => "Tk","versions" => [{"date" => "1995-08-22T23:03:30","version" => 0},{"date" => "1995-12-19T01:56:04","version" => 0},{"date" => "1996-08-29T00:19:01","version" => 0},{"date" => "1996-09-07T01:08:44","version" => "400.200"},{"date" => "1997-01-08T23:27:30","version" => "400.201"},{"date" => "1997-01-25T12:33:02","version" => "400.202"},{"date" => "1997-05-04T20:05:58","version" => "402.000"},{"date" => "1997-06-14T19:17:26","version" => "402.001"},{"date" => "1997-07-18T17:01:40","version" => "402.002"},{"date" => "1997-10-04T15:32:53","version" => "402.003"},{"date" => "1998-01-25T17:07:27","version" => "402.004"},{"date" => "1998-02-07T21:22:00","version" => "402.003"},{"date" => "1998-02-22T19:34:11","version" => "800.000"},{"date" => "1998-03-02T00:12:00","version" => "800.0_01"},{"date" => "1998-03-09T22:37:37","version" => "800.0_02"},{"date" => "1998-03-17T13:43:00","version" => "402.003"},{"date" => "1998-04-01T04:36:00","version" => "402.003"},{"date" => "1998-04-02T18:32:00","version" => "402.003"},{"date" => "1998-04-05T08:37:23","version" => "800.003"},{"date" => "1998-04-19T17:23:45","version" => "800.004"},{"date" => "1998-05-17T18:07:11","version" => "800.005"},{"date" => "1998-06-14T20:30:35","version" => "800.006"},{"date" => "1998-06-26T16:30:23","version" => "800.007"},{"date" => "1998-07-17T16:47:42","version" => "800.008"},{"date" => "1998-08-08T19:31:23","version" => "800.010"},{"date" => "1998-09-01T17:20:02","version" => "800.011"},{"date" => "1998-11-15T14:28:04","version" => "800.012"},{"date" => "1999-03-16T22:13:10","version" => "800.013"},{"date" => "1999-04-05T20:15:39","version" => "800.014"},{"date" => "1999-07-28T22:10:03","version" => "800.015"},{"date" => "2000-01-08T12:48:56","version" => "800.017"},{"date" => "2000-01-08T12:58:16","version" => "800.0_16"},{"date" => "2000-01-22T19:44:55","version" => "800.018"},{"date" => "2000-03-13T16:39:08","version" => "800.019"},{"date" => "2000-03-27T17:01:22","version" => "800.020"},{"date" => "2000-04-21T13:38:21","version" => "800.021"},{"date" => "2000-05-13T09:48:51","version" => "800.022"},{"date" => "2001-05-15T15:07:21","version" => "800.023"},{"date" => "2001-07-14T21:06:00","version" => "800.012"},{"date" => "2002-03-05T16:38:25","version" => "800.024"},{"date" => "2002-03-17T20:30:42","version" => "800.024"},{"date" => "2002-10-13T17:20:55","version" => "804.0_24"},{"date" => "2003-05-02T01:10:54","version" => "v804.024."},{"date" => "2003-09-08T08:13:16","version" => "800.025"},{"date" => "2003-09-28T18:01:55","version" => "804.025"},{"date" => "2003-10-10T18:24:24","version" => "804.025"},{"date" => "2003-10-20T20:44:44","version" => "804.025"},{"date" => "2003-10-27T08:23:07","version" => "804.025"},{"date" => "2003-11-02T22:28:10","version" => "804.025"},{"date" => "2003-11-16T22:15:42","version" => "804.025"},{"date" => "2003-12-02T21:26:56","version" => "804.025"},{"date" => "2003-12-08T08:01:15","version" => "804.025_"},{"date" => "2003-12-11T08:03:20","version" => "804.025"},{"date" => "2003-12-14T20:22:05","version" => "804.025"},{"date" => "2003-12-19T17:42:32","version" => "804.025"},{"date" => "2003-12-21T21:09:10","version" => "804.025_"},{"date" => "2003-12-23T23:19:20","version" => "804.025"},{"date" => "2004-01-12T21:59:01","version" => "804.025"},{"date" => "2004-02-28T17:33:01","version" => "804.025_"},{"date" => "2004-03-07T20:33:56","version" => "804.025_"},{"date" => "2004-03-19T08:10:49","version" => "804.026"},{"date" => "2004-04-11T19:04:25","version" => "804.026"},{"date" => "2007-02-11T08:49:16","version" => "804.027_500"},{"date" => "2007-09-21T22:57:57","version" => "804.027_501"},{"date" => "2007-12-04T21:03:29","version" => "804.027_502"},{"date" => "2007-12-18T22:01:39","version" => "804.028"},{"date" => "2008-10-01T21:48:52","version" => "804.0285"},{"date" => "2008-11-04T22:27:51","version" => "804.028501"},{"date" => "2010-01-30T17:54:07","version" => "804.028502"},{"date" => "2010-05-13T00:00:04","version" => "804.028503"},{"date" => "2010-05-27T19:25:41","version" => "804.029"},{"date" => "2011-06-13T17:53:20","version" => "804.0295"},{"date" => "2011-10-14T19:22:48","version" => "804.029501"},{"date" => "2011-10-17T21:12:41","version" => "804.029502"},{"date" => "2011-10-20T21:08:12","version" => "804.03"},{"date" => "2013-05-17T22:16:24","version" => "804.030500"},{"date" => "2013-05-18T05:01:41","version" => "804.030501"},{"date" => "2013-05-21T07:30:50","version" => "804.030502"},{"date" => "2013-05-25T12:57:05","version" => "804.031"},{"date" => "2013-11-17T11:24:41","version" => "804.031500"},{"date" => "2013-11-18T20:19:08","version" => "804.031501"},{"date" => "2013-12-01T15:07:28","version" => "804.031502"},{"date" => "2013-12-07T13:00:14","version" => "804.031503"},{"date" => "2014-01-26T17:01:07","version" => "804.032"},{"date" => "2014-11-06T21:01:44","version" => "804.032500"},{"date" => "2015-01-31T10:28:08","version" => "804.032501"},{"date" => "2015-02-21T15:54:08","version" => "804.033"},{"date" => "2017-08-20T09:29:42","version" => "804.033500"},{"date" => "2017-08-26T15:26:56","version" => "804.034"},{"date" => "2020-02-23T16:12:23","version" => "804.034500"},{"date" => "2020-03-19T21:02:47","version" => "804.034501"},{"date" => "2020-03-28T19:28:42","version" => "804.035"},{"date" => "2021-02-07T19:55:40","version" => "804.035501"},{"date" => "2021-02-14T12:53:44","version" => "804.036"}]},"UI-Dialog" => {"advisories" => [{"affected_versions" => ["<1.11"],"cves" => [],"description" => "Allows remote attackers to execute arbitrary commands.\n","distribution" => "UI-Dialog","fixed_versions" => [">=1.11"],"id" => "CPANSA-UI-Dialog-2015-01","references" => ["https://metacpan.org/changes/distribution/UI-Dialog"],"reported" => "2015-10-10"},{"affected_versions" => ["<1.03"],"cves" => [],"description" => "CDialog and Whiptail backends usage of the temp files.\n","distribution" => "UI-Dialog","fixed_versions" => [">=1.03"],"id" => "CPANSA-UI-Dialog-2004-01","references" => ["https://metacpan.org/changes/distribution/UI-Dialog"],"reported" => "2004-02-18"},{"affected_versions" => ["<=1.09"],"cves" => ["CVE-2008-7315"],"description" => "UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.\n","distribution" => "UI-Dialog","fixed_versions" => [">1.09"],"id" => "CPANSA-UI-Dialog-2008-7315","references" => ["https://security-tracker.debian.org/tracker/CVE-2008-7315/","https://rt.cpan.org/Public/Bug/Display.html?id=107364","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448","http://www.securityfocus.com/bid/77031/info","http://www.openwall.com/lists/oss-security/2015/10/08/6"],"reported" => "2017-10-10","severity" => "critical"}],"main_module" => "UI::Dialog","versions" => [{"date" => "2004-01-04T10:51:34","version" => "1.00"},{"date" => "2004-01-13T00:08:39","version" => "1.01"},{"date" => "2004-02-15T11:03:37","version" => "1.02"},{"date" => "2004-02-18T16:52:59","version" => "1.03"},{"date" => "2004-02-22T18:34:25","version" => "1.04"},{"date" => "2004-03-18T02:12:03","version" => "1.05"},{"date" => "2004-03-18T16:01:50","version" => "1.06"},{"date" => "2004-07-21T19:59:51","version" => "1.07"},{"date" => "2004-10-05T00:46:22","version" => "1.08"},{"date" => "2013-08-10T09:39:07","version" => "1.09"},{"date" => "2013-08-10T17:09:57","version" => "1.09"},{"date" => "2013-08-19T17:22:00","version" => "1.09"},{"date" => "2016-01-19T19:05:07","version" => "1.11"},{"date" => "2016-01-22T06:42:45","version" => "1.12"},{"date" => "2016-01-30T21:24:56","version" => "1.13"},{"date" => "2016-02-03T02:10:12","version" => "1.14"},{"date" => "2016-02-09T00:11:17","version" => "1.15"},{"date" => "2016-02-10T02:57:43","version" => "1.16"},{"date" => "2016-02-12T05:25:14","version" => "1.17"},{"date" => "2016-02-13T02:56:26","version" => "1.18"},{"date" => "2016-02-21T23:33:48","version" => "1.19"},{"date" => "2016-03-07T02:15:26","version" => "1.20"},{"date" => "2016-04-02T22:17:32","version" => "1.21"}]},"UR" => {"advisories" => [{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "UR","versions" => [{"date" => "2009-06-07T02:56:12","version" => "0.5"},{"date" => "2009-06-07T14:35:30","version" => "0.6"},{"date" => "2009-06-10T13:02:02","version" => "0.7"},{"date" => "2009-06-17T19:58:14","version" => "0.8"},{"date" => "2009-06-19T21:24:12","version" => "0.9"},{"date" => "2009-07-23T02:44:02","version" => "0.010000"},{"date" => "2009-08-08T02:06:36","version" => "v0.11"},{"date" => "2009-09-10T15:29:51","version" => "v0.12"},{"date" => "2010-07-24T01:13:14","version" => "v0.12"},{"date" => "2010-08-03T20:14:01","version" => "v0.12"},{"date" => "2010-09-28T19:29:58","version" => "v0.16"},{"date" => "2010-11-10T17:12:23","version" => "v0.17"},{"date" => "2010-12-10T15:09:46","version" => "v0.17"},{"date" => "2010-12-24T15:27:18","version" => "v0.17"},{"date" => "2011-01-09T22:52:34","version" => "v0.20.0"},{"date" => "2011-01-11T04:01:49","version" => "0.20"},{"date" => "2011-01-12T02:21:39","version" => "v0.20.0"},{"date" => "2011-01-13T01:06:47","version" => "v0.20.0"},{"date" => "2011-01-13T02:53:43","version" => "v0.21.0"},{"date" => "2011-01-13T03:02:18","version" => "v0.22.0"},{"date" => "2011-01-13T03:17:32","version" => "v0.23.0"},{"date" => "2011-01-15T18:02:04","version" => "v0.24.0"},{"date" => "2011-01-15T18:58:48","version" => "0.25"},{"date" => "2011-01-16T18:14:53","version" => "0.26"},{"date" => "2011-01-23T03:21:45","version" => "0.27"},{"date" => "2011-01-23T21:45:44","version" => "0.28"},{"date" => "2011-03-07T16:47:26","version" => "0.29"},{"date" => "2011-03-07T17:30:00","version" => "0.30"},{"date" => "2011-06-29T18:14:31","version" => "0.32"},{"date" => "2011-06-29T19:29:49","version" => "0.32"},{"date" => "2011-06-30T23:11:11","version" => "0.33"},{"date" => "2011-07-26T17:06:49","version" => "0.34"},{"date" => "2011-10-28T20:35:09","version" => "0.35"},{"date" => "2012-01-05T22:13:28","version" => "0.36"},{"date" => "2012-02-03T20:20:16","version" => "0.37"},{"date" => "2012-03-28T20:41:57","version" => "0.38"},{"date" => "2012-03-29T15:18:49","version" => "0.38"},{"date" => "2013-01-31T02:50:56","version" => "0.39"},{"date" => "2013-01-31T19:53:27","version" => "0.391"},{"date" => "2013-01-31T21:45:49","version" => "0.392"},{"date" => "2013-02-25T17:16:34","version" => "0.40"},{"date" => "2013-03-01T21:36:01","version" => "0.41_01"},{"date" => "2013-03-04T17:41:12","version" => "0.41_02"},{"date" => "2013-03-05T14:57:47","version" => "0.41_03"},{"date" => "2013-03-11T16:47:16","version" => "0.41_04"},{"date" => "2013-03-13T16:00:04","version" => "0.41_05"},{"date" => "2013-03-18T18:11:56","version" => "0.41"},{"date" => "2014-06-26T22:26:14","version" => "0.42_01"},{"date" => "2014-06-27T16:57:25","version" => "0.42_02"},{"date" => "2014-06-30T18:50:27","version" => "0.42_03"},{"date" => "2014-07-03T14:36:23","version" => "0.43"},{"date" => "2015-07-06T14:36:22","version" => "0.44"},{"date" => "2016-09-19T21:06:59","version" => "0.44_01"},{"date" => "2016-09-22T20:09:37","version" => "0.45"},{"date" => "2017-03-24T19:46:02","version" => "0.46"},{"date" => "2018-07-30T00:43:07","version" => "0.46"},{"date" => "2018-08-06T14:29:10","version" => "0.47"}]},"Ukigumo-Agent" => {"advisories" => [{"affected_versions" => [">=0.0.7,<=0.1.8"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Agent","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Agent-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "Ukigumo::Agent","versions" => [{"date" => "2013-03-14T03:40:56","version" => "v0.0.1"},{"date" => "2013-03-14T03:50:26","version" => "v0.0.2"},{"date" => "2013-03-14T03:59:34","version" => "v0.0.3"},{"date" => "2013-03-14T05:53:39","version" => "v0.0.5"},{"date" => "2013-03-14T08:46:38","version" => "v0.0.6"},{"date" => "2013-03-27T03:35:38","version" => "0.0.7"},{"date" => "2013-03-28T02:48:36","version" => "0.0.8"},{"date" => "2013-03-30T13:26:16","version" => "0.0.9"},{"date" => "2013-04-01T01:30:42","version" => "0.0.10"},{"date" => "2013-06-16T02:24:50","version" => "v0.0.11"},{"date" => "2014-03-13T10:54:45","version" => "v0.0.12"},{"date" => "2014-03-17T03:51:33","version" => "v0.0.13"},{"date" => "2014-03-17T04:05:38","version" => "v0.0.14"},{"date" => "2014-03-17T15:33:36","version" => "v0.0.15"},{"date" => "2014-03-19T08:49:23","version" => "v0.0.16"},{"date" => "2014-03-27T23:35:17","version" => "v0.1.0"},{"date" => "2014-03-27T23:36:44","version" => "v0.1.1"},{"date" => "2014-04-05T05:50:05","version" => "v0.1.2"},{"date" => "2014-04-06T14:49:08","version" => "v0.1.3"},{"date" => "2014-04-08T06:56:15","version" => "v0.1.4"},{"date" => "2014-05-01T04:34:16","version" => "v0.1.5"},{"date" => "2014-05-02T03:52:32","version" => "v0.1.6"},{"date" => "2014-06-20T02:38:53","version" => "v0.1.7"},{"date" => "2015-10-22T08:21:09","version" => "v0.1.8"}]},"Ukigumo-Server" => {"advisories" => [{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-7746"],"description" => "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7746-chartjs","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376","https://github.com/chartjs/Chart.js/pull/7920","https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374"],"reported" => "2020-10-29","severity" => "high"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Ukigumo::Server","versions" => [{"date" => "2013-10-03T02:13:43","version" => "0.01"},{"date" => "2013-10-03T16:59:57","version" => "v1.0.0"},{"date" => "2013-11-02T00:26:13","version" => "v1.0.1"},{"date" => "2013-11-02T09:29:47","version" => "v1.0.2"},{"date" => "2014-02-20T10:34:17","version" => "v1.1.0"},{"date" => "2014-03-13T10:42:41","version" => "v2.0.0"},{"date" => "2014-03-13T15:34:35","version" => "v2.0.1"},{"date" => "2014-03-14T14:37:37","version" => "v2.0.2"},{"date" => "2014-03-17T15:24:12","version" => "v2.0.3"},{"date" => "2014-04-05T05:47:09","version" => "v2.1.0"},{"date" => "2014-04-06T14:51:57","version" => "v2.1.1"},{"date" => "2014-04-08T07:09:05","version" => "v2.1.2"},{"date" => "2014-04-30T06:46:48","version" => "v2.1.3"},{"date" => "2015-01-23T12:07:31","version" => "v2.1.4"},{"date" => "2018-07-26T05:25:21","version" => "v2.1.5"}]},"UnQLite" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2026-3257"],"description" => "UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library.  UnQLite for Perl embeds the UnQLite library.  Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.","distribution" => "UnQLite","fixed_versions" => [],"id" => "CPANSA-UnQLite-2026-3257","references" => ["https://metacpan.org/release/TOKUHIROM/UnQLite-0.07/source/Changes","https://unqlite.symisc.net/","https://www.cve.org/CVERecord?id=CVE-2025-3791"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "UnQLite","versions" => [{"date" => "2013-07-03T19:04:57","version" => "0.01"},{"date" => "2013-07-05T06:44:50","version" => "0.02"},{"date" => "2013-07-18T03:14:55","version" => "0.03"},{"date" => "2014-08-30T09:37:46","version" => "0.04"},{"date" => "2014-12-23T22:57:03","version" => "0.05"},{"date" => "2026-02-25T01:20:29","version" => "0.06"},{"date" => "2026-02-28T01:51:39","version" => "0.07"}]},"Valiant" => {"advisories" => [{"affected_versions" => ["<0.002011"],"cves" => [],"description" => "closed potential security issue with deeply nested paramters in the DBIC glue code.  This was a hack that could let someone create a child record if you were allowing find_by_unique rather than find by primary key.\n","distribution" => "Valiant","fixed_versions" => [">=0.002011"],"id" => "CPANSA-Valiant-2024-001","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/175","https://github.com/jjn1056/Valiant/commit/242348776cc01e736397767f11f86cc4055817c4"],"reported" => undef,"severity" => undef}],"main_module" => "Valiant","versions" => [{"date" => "2021-02-25T17:30:04","version" => "0.001001"},{"date" => "2021-02-25T17:57:04","version" => "0.001002"},{"date" => "2021-03-04T15:56:07","version" => "0.001003"},{"date" => "2021-04-07T14:42:08","version" => "0.001004"},{"date" => "2021-04-18T12:44:18","version" => "0.001005"},{"date" => "2021-04-20T01:13:20","version" => "0.001006"},{"date" => "2021-09-07T01:06:25","version" => "0.001007"},{"date" => "2021-09-14T14:58:28","version" => "0.001008"},{"date" => "2021-10-01T17:54:48","version" => "0.001009"},{"date" => "2021-10-26T17:09:00","version" => "0.001010"},{"date" => "2021-11-03T21:55:14","version" => "0.001011"},{"date" => "2022-02-27T23:39:59","version" => "0.001012"},{"date" => "2022-03-03T14:37:57","version" => "0.001013"},{"date" => "2022-03-04T15:43:13","version" => "0.001014"},{"date" => "2022-08-03T23:46:42","version" => "0.001015"},{"date" => "2022-09-11T19:09:30","version" => "0.001016"},{"date" => "2022-12-06T23:57:19","version" => "0.001017"},{"date" => "2023-04-06T18:14:16","version" => "0.001018"},{"date" => "2023-04-08T22:55:02","version" => "0.001019"},{"date" => "2023-04-09T19:34:57","version" => "0.001020"},{"date" => "2023-04-10T21:53:58","version" => "0.001021"},{"date" => "2023-04-18T13:17:26","version" => "0.001022"},{"date" => "2023-07-13T01:06:07","version" => "0.001023"},{"date" => "2023-07-14T12:59:23","version" => "0.001024"},{"date" => "2023-08-02T23:49:48","version" => "0.001025"},{"date" => "2023-08-03T22:50:38","version" => "0.001026"},{"date" => "2023-08-11T22:44:06","version" => "0.002001"},{"date" => "2023-08-27T14:18:29","version" => "0.002002"},{"date" => "2023-10-04T17:28:16","version" => "0.002003"},{"date" => "2024-07-29T19:33:48","version" => "0.002004"},{"date" => "2024-10-02T00:46:07","version" => "0.002005"},{"date" => "2024-11-11T21:41:15","version" => "0.002006"},{"date" => "2024-11-26T18:52:22","version" => "0.002007"},{"date" => "2024-11-29T16:12:40","version" => "0.002008"},{"date" => "2024-12-05T17:37:52","version" => "0.002009"},{"date" => "2024-12-07T15:43:12","version" => "0.002010"},{"date" => "2024-12-07T19:59:50","version" => "0.002011"},{"date" => "2024-12-12T22:53:06","version" => "0.002012"},{"date" => "2025-01-02T02:25:00","version" => "0.002013"},{"date" => "2025-01-02T15:12:36","version" => "0.002014"},{"date" => "2025-01-02T16:14:29","version" => "0.002015"},{"date" => "2025-03-02T16:09:42","version" => "0.002016"},{"date" => "2025-03-10T16:29:26","version" => "0.002017"},{"date" => "2025-06-21T13:56:39","version" => "0.002018"},{"date" => "2025-07-10T15:04:52","version" => "0.002019"}]},"WWW-Mechanize" => {"advisories" => [{"affected_versions" => ["<1.05_03"],"cves" => [],"description" => "find_link() uses eval().\n","distribution" => "WWW-Mechanize","fixed_versions" => [">=1.05_03"],"id" => "CPANSA-WWW-Mechanize-2004-01","references" => ["https://metacpan.org/dist/WWW-Mechanize/changes"],"reported" => "2004-10-31","severity" => undef}],"main_module" => "WWW::Mechanize","versions" => [{"date" => "2002-09-10T21:50:10","version" => "0.30"},{"date" => "2002-09-13T20:19:21","version" => "0.31"},{"date" => "2002-10-24T04:25:30","version" => "0.32"},{"date" => "2003-01-16T16:05:31","version" => "0.33"},{"date" => "2003-01-22T23:57:57","version" => "0.35"},{"date" => "2003-02-04T17:40:03","version" => "0.36"},{"date" => "2003-03-04T21:13:29","version" => "0.37"},{"date" => "2003-03-25T05:52:17","version" => "0.38"},{"date" => "2003-04-02T05:31:16","version" => "0.39"},{"date" => "2003-04-20T02:56:53","version" => "0.40"},{"date" => "2003-05-23T04:29:22","version" => "0.41"},{"date" => "2003-05-27T03:44:25","version" => "0.42"},{"date" => "2003-05-29T14:30:01","version" => "0.43"},{"date" => "2003-06-05T17:16:31","version" => "0.44"},{"date" => "2003-06-17T04:25:04","version" => "0.45"},{"date" => "2003-06-20T16:17:58","version" => "0.46"},{"date" => "2003-06-22T03:54:22","version" => "0.47"},{"date" => "2003-06-22T18:56:42","version" => "0.48"},{"date" => "2003-06-23T19:49:13","version" => "0.49"},{"date" => "2003-06-24T14:54:50","version" => "0.50"},{"date" => "2003-06-30T02:43:06","version" => "0.51"},{"date" => "2003-07-08T23:52:55","version" => "0.52"},{"date" => "2003-07-17T17:26:47","version" => "0.53"},{"date" => "2003-07-20T05:50:27","version" => "0.54"},{"date" => "2003-07-22T17:15:43","version" => "0.55"},{"date" => "2003-07-24T17:25:57","version" => "0.56"},{"date" => "2003-08-01T04:36:32","version" => "0.57"},{"date" => "2003-08-15T04:41:26","version" => "0.58"},{"date" => "2003-09-04T05:33:00","version" => "0.59"},{"date" => "2003-09-23T04:32:57","version" => "0.60"},{"date" => "2003-10-06T23:41:02","version" => "0.61"},{"date" => "2003-10-08T01:55:58","version" => "0.62"},{"date" => "2003-10-13T20:24:52","version" => "0.63"},{"date" => "2003-10-24T04:57:15","version" => "0.64"},{"date" => "2003-11-10T06:19:18","version" => "0.65"},{"date" => "2003-11-13T21:09:41","version" => "0.66"},{"date" => "2003-11-26T05:21:34","version" => "0.69_01"},{"date" => "2003-12-01T05:52:38","version" => "0.70"},{"date" => "2003-12-22T05:53:11","version" => "0.71_01"},{"date" => "2003-12-22T21:01:12","version" => "0.71_02"},{"date" => "2004-01-13T04:45:37","version" => "0.72"},{"date" => "2004-02-29T05:58:51","version" => "0.73_01"},{"date" => "2004-03-03T05:57:51","version" => "0.73_02"},{"date" => "2004-03-21T06:08:45","version" => "0.73_03"},{"date" => "2004-03-23T05:41:11","version" => "0.74"},{"date" => "2004-03-28T04:54:18","version" => "0.75_01"},{"date" => "2004-04-05T05:01:50","version" => "0.75_02"},{"date" => "2004-04-08T03:05:29","version" => "0.76"},{"date" => "2004-04-10T05:55:21","version" => "1.00"},{"date" => "2004-04-14T04:14:17","version" => "1.02"},{"date" => "2004-05-27T20:23:15","version" => "1.03_01"},{"date" => "2004-08-17T04:10:41","version" => "1.03_02"},{"date" => "2004-09-16T04:32:03","version" => "1.04"},{"date" => "2004-10-01T02:18:55","version" => "1.05_01"},{"date" => "2004-10-02T22:08:55","version" => "1.05_02"},{"date" => "2004-11-01T03:25:19","version" => "1.05_03"},{"date" => "2004-11-06T05:39:06","version" => "1.05_04"},{"date" => "2004-12-08T21:25:06","version" => "1.06"},{"date" => "2004-12-24T07:08:27","version" => "1.08"},{"date" => "2005-02-02T05:58:14","version" => "1.10"},{"date" => "2005-02-14T06:21:29","version" => "1.11_01"},{"date" => "2005-02-22T04:05:23","version" => "1.11_02"},{"date" => "2005-02-25T05:50:52","version" => "1.12"},{"date" => "2005-04-12T19:32:06","version" => "1.13_01"},{"date" => "2005-08-30T22:32:23","version" => "1.14"},{"date" => "2005-10-28T22:38:43","version" => "1.16"},{"date" => "2006-01-12T22:26:07","version" => "1.17_01"},{"date" => "2006-02-02T06:32:25","version" => "1.18"},{"date" => "2006-08-08T05:13:01","version" => "1.19_02"},{"date" => "2006-08-19T06:44:58","version" => "1.20"},{"date" => "2006-09-18T22:22:26","version" => "1.21_01"},{"date" => "2006-10-04T18:17:54","version" => "1.21_02"},{"date" => "2006-10-07T06:26:26","version" => "1.21_03"},{"date" => "2006-10-08T02:39:57","version" => "1.21_04"},{"date" => "2007-03-02T06:09:51","version" => "1.22"},{"date" => "2007-05-11T21:01:11","version" => "1.24"},{"date" => "2007-05-16T05:27:55","version" => "1.26"},{"date" => "2007-05-22T19:16:39","version" => "1.29_01"},{"date" => "2007-05-25T02:37:45","version" => "1.30"},{"date" => "2007-09-18T04:39:11","version" => "1.31_01"},{"date" => "2007-10-25T16:59:57","version" => "1.31_02"},{"date" => "2007-10-30T17:09:44","version" => "1.32"},{"date" => "2007-12-10T06:39:14","version" => "1.34"},{"date" => "2008-09-28T04:52:28","version" => "1.49_01"},{"date" => "2008-10-27T04:12:02","version" => "1.50"},{"date" => "2008-11-06T21:12:28","version" => "1.51_01"},{"date" => "2008-11-18T07:34:58","version" => "1.51_02"},{"date" => "2008-11-20T17:07:18","version" => "1.51_03"},{"date" => "2008-11-25T15:56:37","version" => "1.52"},{"date" => "2009-01-12T06:51:13","version" => "1.54"},{"date" => "2009-07-06T17:20:24","version" => "1.55_01"},{"date" => "2009-07-10T22:13:25","version" => "1.56"},{"date" => "2009-07-14T03:40:28","version" => "1.58"},{"date" => "2009-08-17T06:04:34","version" => "1.60"},{"date" => "2010-04-11T04:14:18","version" => "1.62"},{"date" => "2010-07-01T15:49:38","version" => "1.64"},{"date" => "2010-09-10T22:10:32","version" => "1.66"},{"date" => "2011-04-07T05:12:31","version" => "1.67_01"},{"date" => "2011-04-21T15:11:30","version" => "1.68"},{"date" => "2011-08-01T21:49:08","version" => "1.69_01"},{"date" => "2011-08-26T17:52:15","version" => "1.70"},{"date" => "2011-11-25T18:39:23","version" => "1.71"},{"date" => "2012-02-02T23:40:39","version" => "1.72"},{"date" => "2012-03-24T16:20:29","version" => "1.72_01"},{"date" => "2012-04-27T00:35:00","version" => "1.72_02"},{"date" => "2013-08-24T04:33:44","version" => "1.73"},{"date" => "2015-01-24T05:52:57","version" => "1.74"},{"date" => "2015-06-03T03:27:34","version" => "1.75"},{"date" => "2016-07-29T16:21:58","version" => "1.76"},{"date" => "2016-08-05T16:58:03","version" => "1.77"},{"date" => "2016-08-08T13:30:07","version" => "1.78"},{"date" => "2016-09-17T04:05:20","version" => "1.79"},{"date" => "2016-09-25T02:46:39","version" => "1.80"},{"date" => "2016-10-06T12:55:47","version" => "1.81"},{"date" => "2016-10-07T13:50:48","version" => "1.82"},{"date" => "2016-10-14T20:59:34","version" => "1.83"},{"date" => "2017-03-07T18:46:19","version" => "1.84"},{"date" => "2017-06-28T22:11:34","version" => "1.85"},{"date" => "2017-07-04T15:51:05","version" => "1.86"},{"date" => "2018-02-07T22:07:28","version" => "1.87"},{"date" => "2018-03-23T15:41:01","version" => "1.88"},{"date" => "2018-10-18T19:56:43","version" => "1.89"},{"date" => "2018-11-12T18:53:49","version" => "1.90"},{"date" => "2019-01-10T19:04:12","version" => "1.91"},{"date" => "2019-08-24T01:02:55","version" => "1.92"},{"date" => "2019-10-04T21:10:14","version" => "1.93"},{"date" => "2019-10-10T13:15:13","version" => "1.94"},{"date" => "2019-10-28T13:17:10","version" => "1.95"},{"date" => "2020-02-21T02:27:01","version" => "1.96"},{"date" => "2020-05-14T00:48:07","version" => "1.97"},{"date" => "2020-05-25T17:08:10","version" => "1.98"},{"date" => "2020-06-08T15:44:13","version" => "1.99"},{"date" => "2020-06-09T19:17:21","version" => "2.00"},{"date" => "2020-09-18T17:52:29","version" => "2.01"},{"date" => "2020-10-13T13:53:04","version" => "2.02"},{"date" => "2020-11-10T14:49:20","version" => "2.03"},{"date" => "2021-08-06T12:35:04","version" => "2.04"},{"date" => "2021-09-21T14:23:14","version" => "2.05"},{"date" => "2021-10-25T21:00:18","version" => "2.06"},{"date" => "2022-04-29T15:40:57","version" => "2.07"},{"date" => "2022-05-30T17:33:59","version" => "2.08"},{"date" => "2022-06-14T14:22:59","version" => "2.09"},{"date" => "2022-07-04T21:09:58","version" => "2.10"},{"date" => "2022-07-17T17:27:26","version" => "2.11"},{"date" => "2022-07-20T06:47:33","version" => "2.12"},{"date" => "2022-07-29T09:50:42","version" => "2.13"},{"date" => "2022-08-15T19:26:39","version" => "2.14"},{"date" => "2022-08-21T08:24:07","version" => "2.15"},{"date" => "2023-02-11T12:11:44","version" => "2.16"},{"date" => "2023-04-27T15:49:35","version" => "2.17"},{"date" => "2024-01-30T14:34:27","version" => "2.18"},{"date" => "2024-09-16T15:28:35","version" => "2.19"},{"date" => "2025-10-22T19:06:27","version" => "2.20"}]},"WWW-OAuth" => {"advisories" => [{"affected_versions" => ["<=1.000"],"cves" => ["CVE-2025-40905"],"description" => "WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.","distribution" => "WWW-OAuth","fixed_versions" => [">=1.001"],"id" => "CPANSA-WWW-OAuth-2025-40905","references" => ["https://metacpan.org/release/DBOOK/WWW-OAuth-1.000/source/lib/WWW/OAuth.pm#L86","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","http://www.openwall.com/lists/oss-security/2026/02/13/1"],"reported" => "2026-02-13","severity" => undef}],"main_module" => "WWW::OAuth","versions" => [{"date" => "2016-01-31T07:53:39","version" => "0.001"},{"date" => "2016-02-01T04:23:38","version" => "0.002"},{"date" => "2016-05-19T04:37:32","version" => "0.003"},{"date" => "2016-11-23T22:30:34","version" => "0.004"},{"date" => "2016-12-09T03:50:40","version" => "0.005"},{"date" => "2016-12-10T04:46:51","version" => "0.006"},{"date" => "2018-09-17T23:08:53","version" => "1.000"},{"date" => "2025-01-06T09:16:26","version" => "1.001"},{"date" => "2025-01-15T01:57:07","version" => "1.002"},{"date" => "2025-04-25T09:28:55","version" => "1.003"}]},"WWW-ORCID" => {"advisories" => [{"affected_versions" => [">=0.02"],"cves" => ["CVE-2021-3822"],"description" => "jsoneditor is vulnerable to Inefficient Regular Expression Complexity\n","distribution" => "WWW-ORCID","fixed_versions" => [],"id" => "CPANSA-WWW-ORCID-2021-3822-jsoneditor","references" => ["https://github.com/josdejong/jsoneditor/commit/092e386cf49f2a1450625617da8e0137ed067c3e","https://huntr.dev/bounties/1e3ed803-b7ed-42f1-a4ea-c4c75da9de73"],"reported" => "2021-09-27","severity" => "high"}],"main_module" => "WWW::ORCID","versions" => [{"date" => "2013-05-23T15:40:49","version" => "0.01"},{"date" => "2013-05-23T18:36:32","version" => "0.0101"},{"date" => "2015-04-22T12:01:16","version" => "0.0102"},{"date" => "2015-09-01T12:23:38","version" => "0.02"},{"date" => "2017-08-07T13:35:26","version" => "0.02_01"},{"date" => "2017-08-08T08:31:22","version" => "0.0201"},{"date" => "2017-08-08T08:46:24","version" => "0.0201_01"},{"date" => "2017-08-08T09:23:10","version" => "0.03_01"},{"date" => "2017-08-10T07:31:58","version" => "0.03_02"},{"date" => "2017-08-11T14:09:25","version" => "0.03_03"},{"date" => "2017-08-18T13:59:11","version" => "0.04"},{"date" => "2017-08-18T15:12:32","version" => "0.0401"},{"date" => "2019-06-21T12:29:19","version" => "0.0402"}]},"WWW-UsePerl-Server" => {"advisories" => [{"affected_versions" => ["==0.36"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "WWW-UsePerl-Server","fixed_versions" => [],"id" => "CPANSA-WWW-UsePerl-Server-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "WWW::UsePerl::Server","versions" => [{"date" => "2012-05-05T19:00:47","version" => "0.36"}]},"Web-API" => {"advisories" => [{"affected_versions" => ["<=2.8"],"cves" => ["CVE-2024-57868"],"description" => "Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Web::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Web-API","fixed_versions" => [">2.8"],"id" => "CPANSA-Web-API-2024-57868","references" => ["https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L20","https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L348","https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Web::API","versions" => [{"date" => "2013-01-07T00:40:46","version" => "0.4"},{"date" => "2013-01-07T01:20:59","version" => "0.5"},{"date" => "2013-01-12T20:34:30","version" => "0.6"},{"date" => "2013-02-28T02:17:58","version" => "0.7"},{"date" => "2013-03-05T20:49:09","version" => "0.8"},{"date" => "2013-05-06T06:15:17","version" => "0.9"},{"date" => "2013-09-13T19:52:23","version" => "1.0"},{"date" => "2013-09-16T21:17:08","version" => "1.1"},{"date" => "2013-09-24T16:34:33","version" => "1.2"},{"date" => "2013-09-25T21:59:25","version" => "1.3"},{"date" => "2013-10-28T04:52:47","version" => "1.4"},{"date" => "2013-10-30T11:32:40","version" => "1.5"},{"date" => "2013-12-18T00:33:16","version" => "1.6"},{"date" => "2014-03-06T11:15:31","version" => "1.7"},{"date" => "2014-03-27T11:28:58","version" => "1.8"},{"date" => "2014-07-02T15:27:23","version" => "1.9"},{"date" => "2014-11-26T16:03:35","version" => "2.0"},{"date" => "2014-11-27T02:30:18","version" => "2.1"},{"date" => "2014-12-19T01:19:05","version" => "2.2"},{"date" => "2017-05-09T12:30:47","version" => "2.2.1"},{"date" => "2017-05-10T13:33:17","version" => "2.3.0"},{"date" => "2017-06-12T15:35:44","version" => "2.2.2"},{"date" => "2017-10-21T05:34:45","version" => "2.2.3"},{"date" => "2018-12-25T10:23:53","version" => "2.3"},{"date" => "2018-12-25T10:58:10","version" => "2.3.1"},{"date" => "2019-01-07T12:26:54","version" => "2.4.0"},{"date" => "2019-01-15T04:02:07","version" => "2.4.1"},{"date" => "2019-11-18T02:38:25","version" => "2.5"},{"date" => "2019-11-26T05:00:01","version" => "2.6"},{"date" => "2020-05-02T07:58:13","version" => "2.7"},{"date" => "2024-04-09T16:02:08","version" => "2.8"}]},"WebService-Xero" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-52322"],"description" => "WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "WebService-Xero","fixed_versions" => [],"id" => "CPANSA-WebService-Xero-2024-52322","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "WebService::Xero","versions" => [{"date" => "2016-11-29T16:57:37","version" => "0.10"},{"date" => "2016-11-30T16:52:01","version" => "0.11"}]},"Wight-Chart" => {"advisories" => [{"affected_versions" => ["==0.003"],"cves" => ["CVE-2020-7746"],"description" => "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.\n","distribution" => "Wight-Chart","fixed_versions" => [],"id" => "CPANSA-Wight-Chart-2020-7746-chartjs","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376","https://github.com/chartjs/Chart.js/pull/7920","https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374"],"reported" => "2020-10-29","severity" => "high"}],"main_module" => "Wight::Chart","versions" => [{"date" => "2013-08-27T12:23:48","version" => "0.003"}]},"Win32-File-Summary" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2018-12015"],"description" => "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-12015","https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5"],"reported" => "2018-06-12","severity" => "medium"},{"affected_versions" => [">0"],"cves" => ["CVE-2007-4829"],"description" => "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2007-4829","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=29517","https://bugzilla.redhat.com/show_bug.cgi?id=295021","http://rt.cpan.org/Public/Bug/Display.html?id=30380","https://issues.rpath.com/browse/RPL-1716","http://www.securityfocus.com/bid/26355","http://secunia.com/advisories/27539","http://osvdb.org/40410","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-2","http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml","http://secunia.com/advisories/33116","http://www.vupen.com/english/advisories/2007/3755","https://exchange.xforce.ibmcloud.com/vulnerabilities/38285","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"],"reported" => "2007-11-02","severity" => undef},{"affected_versions" => [">0"],"cves" => ["CVE-2016-1238"],"description" => "'(1) cpan/Win32-File-Summary/bin/ptar, (2) cpan/Win32-File-Summary/bin/ptardiff, (3) cpan/Win32-File-Summary/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.'\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=1.00,<=1.10"],"cves" => ["CVE-2016-4570"],"description" => "The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.\n","distribution" => "Win32-File-Summary","fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-4570-mxml","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1334648","http://www.openwall.com/lists/oss-security/2016/05/11/14","http://www.openwall.com/lists/oss-security/2016/05/09/16","http://www.securityfocus.com/bid/90315","https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"],"reported" => "2017-02-03","severity" => "medium"},{"affected_versions" => [">=1.00,<=1.10"],"cves" => ["CVE-2016-4571"],"description" => "The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.\n","distribution" => "Win32-File-Summary","fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-4571-mxml","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1334648","http://www.openwall.com/lists/oss-security/2016/05/11/14","http://www.openwall.com/lists/oss-security/2016/05/09/16","http://www.securityfocus.com/bid/90315","https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"],"reported" => "2017-02-03","severity" => "medium"}],"main_module" => "Win32::File::Summary","versions" => [{"date" => "2005-04-24T18:36:18","version" => "0.01"},{"date" => "2005-04-25T15:18:03","version" => "0.01"},{"date" => "2005-04-30T12:09:11","version" => "0.01"},{"date" => "2005-05-17T09:52:46","version" => "0.01"},{"date" => "2005-08-06T18:10:08","version" => "0.01"},{"date" => "2005-08-24T04:39:30","version" => "0.01"},{"date" => "2006-06-11T14:15:36","version" => "0.01"}]},"Win32-Printer" => {"advisories" => [{"affected_versions" => [">=0.7.0,<=0.7.1"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.8.0,<=0.8.3"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => ["==0.8.4"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.9.0,<=0.9.1"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.7.0,<0.9.0"],"cves" => ["CVE-2016-9601"],"description" => "ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2016-9601-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601","https://bugs.ghostscript.com/show_bug.cgi?id=697457","http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092","https://www.debian.org/security/2017/dsa-3817","https://security.gentoo.org/glsa/201706-24","http://www.securityfocus.com/bid/97095"],"reported" => "2018-04-24","severity" => "medium"},{"affected_versions" => [">=0.9.0,<=0.9.1"],"cves" => ["CVE-2016-9601"],"description" => "ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2016-9601-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601","https://bugs.ghostscript.com/show_bug.cgi?id=697457","http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092","https://www.debian.org/security/2017/dsa-3817","https://security.gentoo.org/glsa/201706-24","http://www.securityfocus.com/bid/97095"],"reported" => "2018-04-24","severity" => "medium"}],"main_module" => "Win32::Printer","versions" => [{"date" => "2003-08-05T07:57:55","version" => "v0.6.1"},{"date" => "2003-08-05T08:26:35","version" => "v0.6.1"},{"date" => "2003-08-14T12:07:09","version" => "v0.6.2"},{"date" => "2003-08-31T16:02:18","version" => "v0.6.3"},{"date" => "2003-09-01T14:26:20","version" => "v0.6.3.1"},{"date" => "2003-09-22T14:05:39","version" => "v0.6.4"},{"date" => "2003-10-12T17:37:04","version" => "v0.6.5"},{"date" => "2003-10-28T13:16:47","version" => "v0.6.6"},{"date" => "2003-11-03T08:07:09","version" => "v0.6.6.1"},{"date" => "2004-01-08T01:49:39","version" => "v0.7.0"},{"date" => "2004-03-11T12:29:29","version" => "v0.7.1"},{"date" => "2004-04-22T13:37:23","version" => "v0.8.0"},{"date" => "2004-06-22T07:26:31","version" => "v0.8.1"},{"date" => "2004-08-09T09:53:52","version" => "v0.8.2"},{"date" => "2004-08-11T12:35:45","version" => "v0.8.3"},{"date" => "2004-11-04T07:45:40","version" => "v0.8.4"},{"date" => "2005-02-07T11:06:58","version" => "v0.9.0"},{"date" => "2008-04-28T07:49:03","version" => "v0.9.1"}]},"XAO-Web" => {"advisories" => [{"affected_versions" => ["<1.84"],"cves" => ["CVE-2020-36827"],"description" => "Embedded HTML in JSON data was not escaped.\n","distribution" => "XAO-Web","fixed_versions" => [">=1.84"],"id" => "CPANSA-XAO-Web-2020-01","references" => ["https://github.com/amaltsev/XAO-Web/commit/20dd1d3bc5b811503f5722a16037b60197fe7ef4","https://metacpan.org/release/AMALTSEV/XAO-Web-1.84/changes"],"reported" => "2020-09-18","severity" => undef}],"main_module" => "XAO::Web","versions" => [{"date" => "2002-01-03T03:05:25","version" => "1.0"},{"date" => "2002-01-04T02:47:11","version" => "1.01"},{"date" => "2002-01-04T03:44:00","version" => "1.02"},{"date" => "2002-03-19T04:56:54","version" => "1.03"},{"date" => "2002-11-09T02:33:07","version" => "1.04"},{"date" => "2003-11-13T02:15:48","version" => "1.05"},{"date" => "2003-11-13T07:09:31","version" => "1.05"},{"date" => "2005-01-14T01:48:49","version" => "1.06"},{"date" => "2005-02-01T03:24:39","version" => "1.07"},{"date" => "2017-04-19T20:26:55","version" => "1.45"},{"date" => "2017-04-20T00:32:26","version" => "1.46"},{"date" => "2017-05-01T19:57:48","version" => "1.47"},{"date" => "2018-07-07T00:42:57","version" => "1.68"},{"date" => "2018-07-07T03:29:38","version" => "1.69"},{"date" => "2018-07-07T16:38:26","version" => "1.70"},{"date" => "2018-07-30T13:35:32","version" => "1.71"},{"date" => "2018-10-20T00:50:11","version" => "1.72"},{"date" => "2018-10-25T19:16:09","version" => "1.73"},{"date" => "2018-10-30T01:27:58","version" => "1.74"},{"date" => "2019-01-10T02:17:29","version" => "1.75"},{"date" => "2019-03-02T17:38:20","version" => "1.76"},{"date" => "2019-04-26T23:13:56","version" => "1.77"},{"date" => "2019-11-20T20:52:59","version" => "1.78"},{"date" => "2019-12-24T02:26:57","version" => "1.79"},{"date" => "2020-01-10T01:19:32","version" => "1.80"},{"date" => "2020-07-21T02:08:41","version" => "1.81"},{"date" => "2020-08-26T22:28:48","version" => "1.82"},{"date" => "2020-08-26T23:19:26","version" => "1.83"},{"date" => "2020-09-18T03:22:46","version" => "1.84"},{"date" => "2020-09-22T23:47:44","version" => "1.85"},{"date" => "2020-09-23T00:51:16","version" => "1.86"},{"date" => "2021-06-08T22:38:04","version" => "1.87"},{"date" => "2022-04-09T02:06:50","version" => "1.88"},{"date" => "2022-07-02T00:05:43","version" => "1.89"},{"date" => "2022-12-08T04:50:55","version" => "1.90"},{"date" => "2023-05-22T21:52:57","version" => "1.91"},{"date" => "2025-04-03T00:49:02","version" => "1.92"},{"date" => "2025-04-03T02:01:24","version" => "1.93"}]},"XML-Atom" => {"advisories" => [{"affected_versions" => ["<0.39"],"cves" => ["CVE-2012-1102"],"description" => "It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.\n","distribution" => "XML-Atom","fixed_versions" => [],"id" => "CPANSA-XML-Atom-2012-1102","references" => ["https://seclists.org/oss-sec/2012/q1/549","https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes"],"reported" => "2021-07-09","severity" => "high"}],"main_module" => "XML::Atom","versions" => [{"date" => "2003-09-08T04:47:09","version" => "0.01"},{"date" => "2003-09-28T23:11:32","version" => "0.02"},{"date" => "2003-12-05T09:20:27","version" => "0.03"},{"date" => "2003-12-15T08:03:04","version" => "0.04"},{"date" => "2003-12-15T17:10:29","version" => "0.041"},{"date" => "2004-01-06T05:04:22","version" => "0.05"},{"date" => "2004-04-24T23:47:03","version" => "0.06"},{"date" => "2004-05-16T01:13:46","version" => "0.07"},{"date" => "2004-06-02T06:05:57","version" => "0.08"},{"date" => "2004-07-30T05:49:54","version" => "0.09"},{"date" => "2005-01-01T00:20:55","version" => "0.10"},{"date" => "2005-02-24T03:19:08","version" => "0.11"},{"date" => "2005-06-07T05:13:21","version" => "0.12"},{"date" => "2005-07-19T21:00:39","version" => "0.12_01"},{"date" => "2005-08-16T21:46:06","version" => "0.12_02"},{"date" => "2005-08-18T07:18:26","version" => "0.13"},{"date" => "2005-09-14T05:38:53","version" => "0.13_01"},{"date" => "2005-10-21T04:55:40","version" => "0.14"},{"date" => "2005-11-01T05:55:40","version" => "0.15"},{"date" => "2005-11-22T21:17:26","version" => "0.16"},{"date" => "2006-02-22T23:24:00","version" => "0.17"},{"date" => "2006-03-16T06:14:49","version" => "0.18"},{"date" => "2006-03-19T05:03:12","version" => "0.19"},{"date" => "2006-04-30T16:49:38","version" => "0.19_01"},{"date" => "2006-07-07T06:39:52","version" => "0.19_03"},{"date" => "2006-07-12T03:44:58","version" => "0.20"},{"date" => "2006-07-12T17:44:49","version" => "0.21"},{"date" => "2006-07-19T10:42:43","version" => "0.21_01"},{"date" => "2006-07-20T08:07:49","version" => "0.21_02"},{"date" => "2006-07-21T10:15:06","version" => "0.21_03"},{"date" => "2006-07-24T20:00:37","version" => "0.22"},{"date" => "2006-08-27T05:53:47","version" => "0.22_01"},{"date" => "2006-08-27T06:42:17","version" => "0.23"},{"date" => "2006-11-25T23:03:57","version" => "0.24"},{"date" => "2006-11-30T23:14:23","version" => "0.25"},{"date" => "2007-04-27T20:57:39","version" => "0.25_01"},{"date" => "2007-06-20T19:23:36","version" => "0.25_02"},{"date" => "2007-09-16T04:24:44","version" => "0.26"},{"date" => "2007-09-16T04:41:58","version" => "0.27"},{"date" => "2007-10-04T20:30:48","version" => "0.27_01"},{"date" => "2007-11-06T21:08:06","version" => "0.28"},{"date" => "2008-10-26T00:27:44","version" => "0.29"},{"date" => "2008-11-12T22:45:37","version" => "0.30"},{"date" => "2008-11-13T21:19:34","version" => "0.31"},{"date" => "2008-11-23T22:07:41","version" => "0.32"},{"date" => "2009-01-07T02:00:59","version" => "0.33"},{"date" => "2009-04-29T17:46:03","version" => "0.34"},{"date" => "2009-05-01T23:42:30","version" => "0.35"},{"date" => "2009-12-21T22:02:23","version" => "0.36"},{"date" => "2009-12-29T02:32:53","version" => "0.37"},{"date" => "2011-05-23T02:57:51","version" => "0.38"},{"date" => "2011-06-21T04:07:51","version" => "0.39"},{"date" => "2011-09-18T19:43:27","version" => "0.40"},{"date" => "2011-09-27T01:44:56","version" => "0.41"},{"date" => "2017-05-12T05:34:02","version" => "0.42"},{"date" => "2021-04-28T20:40:29","version" => "0.43"}]},"XML-DT" => {"advisories" => [{"affected_versions" => ["<0.64"],"cves" => ["CVE-2014-5260"],"description" => "The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.\n","distribution" => "XML-DT","fixed_versions" => [],"id" => "CPANSA-XML-DT-2014-5260","references" => ["http://openwall.com/lists/oss-security/2014/08/15/8","https://metacpan.org/diff/file?target=AMBS/XML-DT-0.64/&source=AMBS/XML-DT-0.63/","https://metacpan.org/source/AMBS/XML-DT-0.66/Changes","https://bugs.debian.org/756566"],"reported" => "2014-08-16","severity" => undef}],"main_module" => "XML::DT","versions" => [{"date" => "1999-07-30T13:04:11","version" => "0.11"},{"date" => "2000-04-07T09:24:55","version" => "0.14"},{"date" => "2000-09-19T17:03:40","version" => "0.15"},{"date" => "2000-10-16T16:21:54","version" => "0.16"},{"date" => "2000-11-30T12:37:27","version" => "0.19"},{"date" => "2002-03-07T17:54:06","version" => "0.20"},{"date" => "2002-05-28T12:35:07","version" => "0.21"},{"date" => "2002-12-20T17:31:58","version" => "0.22"},{"date" => "2002-12-27T09:10:47","version" => "0.23"},{"date" => "2003-02-20T16:16:43","version" => "0.24"},{"date" => "2003-06-17T10:15:16","version" => "v0.24.1"},{"date" => "2003-10-09T08:12:32","version" => "0.25"},{"date" => "2003-10-13T07:47:22","version" => "0.25"},{"date" => "2003-11-14T10:55:50","version" => "0.27"},{"date" => "2003-12-16T14:25:13","version" => "0.28"},{"date" => "2004-01-07T11:38:24","version" => "0.29"},{"date" => "2004-01-22T11:25:21","version" => "0.30"},{"date" => "2004-08-09T17:43:41","version" => "0.31"},{"date" => "2004-09-20T19:15:56","version" => "0.32"},{"date" => "2004-10-03T19:21:18","version" => "0.33"},{"date" => "2004-10-30T14:43:29","version" => "0.34"},{"date" => "2004-11-15T16:39:19","version" => "0.35"},{"date" => "2004-11-19T17:29:05","version" => "0.36"},{"date" => "2004-11-21T16:27:45","version" => "0.37"},{"date" => "2004-12-24T16:34:24","version" => "0.38"},{"date" => "2005-03-22T12:05:18","version" => "0.39"},{"date" => "2005-04-06T08:14:46","version" => "0.40"},{"date" => "2005-07-20T20:28:06","version" => "0.41"},{"date" => "2005-09-18T16:06:11","version" => "0.42"},{"date" => "2006-05-15T09:08:21","version" => "0.43"},{"date" => "2006-05-15T09:33:07","version" => "0.44"},{"date" => "2006-05-16T14:14:36","version" => "0.45"},{"date" => "2006-11-03T09:39:12","version" => "0.46"},{"date" => "2006-11-23T18:14:09","version" => "0.47"},{"date" => "2008-02-20T22:00:02","version" => "0.48"},{"date" => "2008-02-20T22:16:45","version" => "0.49"},{"date" => "2008-02-21T22:02:53","version" => "0.50"},{"date" => "2008-02-22T17:19:12","version" => "0.51"},{"date" => "2008-10-22T09:12:08","version" => "0.52"},{"date" => "2009-01-18T20:10:36","version" => "0.53"},{"date" => "2010-11-19T16:27:23","version" => "0.54"},{"date" => "2011-02-12T22:08:27","version" => "0.55"},{"date" => "2011-02-12T22:09:55","version" => "0.56"},{"date" => "2012-04-07T20:30:58","version" => "0.57"},{"date" => "2012-04-09T10:19:15","version" => "0.58"},{"date" => "2012-06-05T13:37:08","version" => "0.59"},{"date" => "2012-06-25T16:57:54","version" => "0.60"},{"date" => "2012-06-25T17:04:58","version" => "0.61"},{"date" => "2012-06-25T19:02:40","version" => "0.62"},{"date" => "2013-03-25T22:27:48","version" => "0.63"},{"date" => "2014-07-31T19:46:44","version" => "0.64"},{"date" => "2014-08-01T13:00:43","version" => "0.65"},{"date" => "2014-08-15T20:17:39","version" => "0.66"},{"date" => "2015-03-15T18:28:49","version" => "0.67"},{"date" => "2015-09-29T08:06:14","version" => "0.68"},{"date" => "2019-04-22T17:01:30","version" => "0.69"}]},"XML-LibXML" => {"advisories" => [{"affected_versions" => ["<2.0120"],"cves" => ["CVE-2015-3451"],"description" => "The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.\n","distribution" => "XML-LibXML","fixed_versions" => [">=2.0120"],"id" => "CPANSA-XML-LibXML-2015-01","references" => ["https://metacpan.org/changes/distribution/XML-LibXML"],"reported" => "2015-04-23"},{"affected_versions" => ["<2.0129"],"cves" => ["CVE-2017-10672"],"description" => "Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.\n","distribution" => "XML-LibXML","fixed_versions" => [">=2.0129"],"id" => "CPANSA-XML-LibXML-2017-01","references" => ["https://www.debian.org/security/2017/dsa-4042","https://rt.cpan.org/Public/Bug/Display.html?id=122246","https://lists.debian.org/debian-lts-announce/2017/11/msg00017.html"],"reported" => "2015-04-23"}],"main_module" => "XML::LibXML","versions" => [{"date" => "2001-05-18T11:31:21","version" => "0.91"},{"date" => "2001-06-03T07:47:14","version" => "0.92"},{"date" => "2001-06-09T16:52:26","version" => "0.93"},{"date" => "2001-06-10T08:54:23","version" => "0.94"},{"date" => "2001-06-21T10:07:56","version" => "0.96"},{"date" => "2001-06-29T20:39:47","version" => "0.97"},{"date" => "2001-07-20T16:08:25","version" => "0.99"},{"date" => "2001-08-07T10:13:29","version" => "1.00"},{"date" => "2001-11-14T11:39:59","version" => "1.30"},{"date" => "2001-11-25T17:25:52","version" => "1.31"},{"date" => "2002-03-13T14:24:12","version" => "1.40"},{"date" => "2002-05-11T21:07:22","version" => "1.49"},{"date" => "2002-05-20T11:33:20","version" => "1.50"},{"date" => "2002-05-31T16:53:50","version" => "1.51"},{"date" => "2002-06-12T10:16:35","version" => "1.52"},{"date" => "2002-09-14T21:02:38","version" => "1.53"},{"date" => "2002-10-26T15:21:51","version" => "1.54_0"},{"date" => "2002-11-08T10:03:05","version" => "1.54_1"},{"date" => "2002-11-08T18:15:20","version" => "1.54_2"},{"date" => "2002-11-15T20:14:58","version" => "1.54_3"},{"date" => "2003-05-22T23:44:39","version" => "1.54_4"},{"date" => "2003-05-30T18:46:39","version" => "1.54"},{"date" => "2003-08-19T21:15:43","version" => "1.55"},{"date" => "2003-08-25T13:39:01","version" => "1.56"},{"date" => "2004-02-29T16:56:42","version" => "1.57"},{"date" => "2004-03-31T19:49:55","version" => "1.58"},{"date" => "2004-04-04T11:42:03","version" => "1.58_1"},{"date" => "2006-08-02T10:59:49","version" => "1.59"},{"date" => "2006-08-26T18:11:05","version" => "1.60"},{"date" => "2006-09-24T15:43:20","version" => "1.61"},{"date" => "2006-09-25T07:21:39","version" => "1.61"},{"date" => "2006-09-25T07:42:26","version" => "1.61"},{"date" => "2006-09-25T11:38:04","version" => "1.61"},{"date" => "2006-11-18T09:57:51","version" => "1.62"},{"date" => "2006-11-25T09:10:37","version" => "1.62"},{"date" => "2007-04-16T11:46:21","version" => "1.63"},{"date" => "2007-09-09T21:51:03","version" => "1.64"},{"date" => "2007-09-25T16:37:46","version" => "1.65"},{"date" => "2008-01-29T21:10:45","version" => "1.66"},{"date" => "2008-11-04T14:26:16","version" => "1.67"},{"date" => "2008-11-05T13:32:59","version" => "1.68"},{"date" => "2008-11-11T21:00:56","version" => "1.69"},{"date" => "2009-01-23T22:30:52","version" => "1.69_1"},{"date" => "2009-02-06T19:12:24","version" => "1.69_2"},{"date" => "2009-10-07T12:31:25","version" => "1.70"},{"date" => "2011-06-14T17:01:30","version" => "1.71"},{"date" => "2011-06-16T16:40:11","version" => "1.72"},{"date" => "2011-06-18T08:35:40","version" => "1.73"},{"date" => "2011-06-23T12:27:53","version" => "1.74"},{"date" => "2011-06-24T16:02:54","version" => "1.75"},{"date" => "2011-06-30T18:20:41","version" => "1.76"},{"date" => "2011-07-01T19:31:51","version" => "1.77"},{"date" => "2011-07-06T17:27:49","version" => "1.78"},{"date" => "2011-07-08T17:06:33","version" => "1.79"},{"date" => "2011-07-12T20:39:51","version" => "1.80"},{"date" => "2011-07-16T15:36:21","version" => "1.81"},{"date" => "2011-07-20T20:49:05","version" => "1.82"},{"date" => "2011-07-23T11:34:22","version" => "1.83"},{"date" => "2011-07-23T20:17:26","version" => "1.84"},{"date" => "2011-08-24T14:08:28","version" => "1.85"},{"date" => "2011-08-25T08:46:56","version" => "1.86"},{"date" => "2011-08-27T11:07:44","version" => "1.87"},{"date" => "2011-09-21T10:01:23","version" => "1.88"},{"date" => "2011-12-24T07:47:30","version" => "1.89"},{"date" => "2012-01-08T19:01:33","version" => "1.90"},{"date" => "2012-02-21T12:02:10","version" => "1.91"},{"date" => "2012-02-21T17:03:56","version" => "1.92"},{"date" => "2012-02-27T09:18:12","version" => "1.93"},{"date" => "2012-03-03T20:10:26","version" => "1.94"},{"date" => "2012-03-06T08:42:27","version" => "1.95"},{"date" => "2012-03-16T19:05:40","version" => "1.96"},{"date" => "2012-04-30T17:35:11","version" => "1.97"},{"date" => "2012-05-13T18:06:03","version" => "1.98"},{"date" => "2012-05-31T07:25:35","version" => "1.99"},{"date" => "2012-06-19T20:07:27","version" => "2.0000"},{"date" => "2012-06-20T16:53:03","version" => "2.0001"},{"date" => "2012-07-08T15:12:36","version" => "2.0002"},{"date" => "2012-07-27T15:22:53","version" => "2.0003"},{"date" => "2012-08-07T20:06:48","version" => "2.0004"},{"date" => "2012-10-13T11:23:03","version" => "2.0005"},{"date" => "2012-10-13T20:34:57","version" => "2.0006"},{"date" => "2012-10-17T17:05:13","version" => "2.0007"},{"date" => "2012-10-22T10:13:20","version" => "2.0008"},{"date" => "2012-11-01T14:29:13","version" => "2.0009"},{"date" => "2012-11-01T18:16:34","version" => "2.0010"},{"date" => "2012-11-07T22:29:47","version" => "2.0011"},{"date" => "2012-11-09T04:42:04","version" => "2.0012"},{"date" => "2012-12-04T15:46:46","version" => "2.0013"},{"date" => "2012-12-05T09:13:26","version" => "2.0014"},{"date" => "2013-04-12T23:35:55","version" => "2.0015"},{"date" => "2013-04-13T19:39:51","version" => "2.0016"},{"date" => "2013-05-09T08:07:47","version" => "2.0017"},{"date" => "2013-05-13T10:44:19","version" => "2.0018"},{"date" => "2013-07-01T08:08:50","version" => "2.0019"},{"date" => "2013-08-14T05:27:26","version" => "2.0100"},{"date" => "2013-08-15T05:34:30","version" => "2.0101"},{"date" => "2013-08-19T12:18:31","version" => "2.0102"},{"date" => "2013-08-22T05:35:19","version" => "2.0103"},{"date" => "2013-08-30T09:38:04","version" => "2.0104"},{"date" => "2013-09-07T17:24:00","version" => "2.0105"},{"date" => "2013-09-17T16:14:51","version" => "2.0106"},{"date" => "2013-10-31T07:16:02","version" => "2.0107"},{"date" => "2013-12-17T09:10:53","version" => "2.0108"},{"date" => "2014-01-31T08:01:23","version" => "2.0109"},{"date" => "2014-02-01T14:14:02","version" => "2.0110"},{"date" => "2014-03-05T15:31:25","version" => "2.0111"},{"date" => "2014-03-13T18:19:10","version" => "2.0112"},{"date" => "2014-03-14T12:15:54","version" => "2.0113"},{"date" => "2014-04-03T13:01:06","version" => "2.0114"},{"date" => "2014-04-03T13:15:41","version" => "2.0115"},{"date" => "2014-04-12T08:10:37","version" => "2.0116"},{"date" => "2014-10-26T16:31:29","version" => "2.0117"},{"date" => "2015-02-05T10:57:03","version" => "2.0118"},{"date" => "2015-04-23T07:14:45","version" => "2.0119"},{"date" => "2015-05-01T09:50:18","version" => "2.0120"},{"date" => "2015-05-03T12:08:06","version" => "2.0121"},{"date" => "2015-09-01T09:02:29","version" => "2.0122"},{"date" => "2015-12-06T13:19:22","version" => "2.0123"},{"date" => "2016-02-27T11:21:08","version" => "2.0124"},{"date" => "2016-05-30T09:24:51","version" => "2.0125"},{"date" => "2016-06-24T16:21:00","version" => "2.0126"},{"date" => "2016-07-22T17:40:51","version" => "2.0127"},{"date" => "2016-07-24T09:15:48","version" => "2.0128"},{"date" => "2017-03-14T13:37:23","version" => "2.0129"},{"date" => "2017-10-18T08:45:49","version" => "2.0130"},{"date" => "2017-10-24T08:57:20","version" => "2.0131"},{"date" => "2017-10-28T17:58:34","version" => "2.0132"},{"date" => "2019-02-02T11:11:30","version" => "2.0133"},{"date" => "2019-02-10T15:02:55","version" => "2.0134"},{"date" => "2019-03-23T08:54:34","version" => "2.0200"},{"date" => "2019-05-25T17:46:46","version" => "2.0201"},{"date" => "2020-01-13T09:16:50","version" => "2.0202"},{"date" => "2020-03-11T06:48:19","version" => "2.0203"},{"date" => "2020-03-17T16:33:17","version" => "2.0204"},{"date" => "2020-05-08T11:36:06","version" => "2.0205"},{"date" => "2020-09-15T08:06:58","version" => "2.0206"},{"date" => "2021-04-17T08:16:22","version" => "2.0207"},{"date" => "2022-09-30T03:29:15","version" => "2.0208"},{"date" => "2023-07-15T06:04:39","version" => "2.0209"},{"date" => "2024-01-24T15:19:39","version" => "2.0210"}]},"XML-Sig" => {"advisories" => [{"affected_versions" => [">=0.27,<=0.67"],"cves" => ["CVE-2025-40934"],"description" => "XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.  An attacker can remove the signature from the XML document to make it pass the verification check.  XML-Sig is a Perl module to validate signatures on XML files.\x{a0} An unsigned XML file should return an error message.\x{a0} The affected versions return true when attempting to validate an XML file that contains no signatures.","distribution" => "XML-Sig","fixed_versions" => [">=0.68"],"id" => "CPANSA-XML-Sig-2025-40934","references" => ["https://github.com/perl-net-saml2/perl-XML-Sig/issues/63","https://github.com/perl-net-saml2/perl-XML-Sig/pull/64"],"reported" => "2025-11-26","severity" => undef}],"main_module" => "XML::Sig","versions" => [{"date" => "2009-10-28T23:54:04","version" => "0.1"},{"date" => "2009-10-29T05:20:59","version" => "0.2"},{"date" => "2009-11-20T04:35:13","version" => "0.2.1"},{"date" => "2009-11-20T05:09:41","version" => "0.21"},{"date" => "2009-12-08T18:00:44","version" => "0.22"},{"date" => "2020-06-27T03:58:29","version" => "0.27"},{"date" => "2020-06-27T14:35:14","version" => "0.28"},{"date" => "2020-11-29T23:46:03","version" => "0.29"},{"date" => "2020-11-30T03:29:19","version" => "0.30"},{"date" => "2020-12-02T22:36:05","version" => "0.31"},{"date" => "2020-12-03T01:18:15","version" => "0.32"},{"date" => "2020-12-07T00:59:38","version" => "0.33"},{"date" => "2020-12-07T02:29:37","version" => "0.34"},{"date" => "2021-01-08T01:28:22","version" => "0.35"},{"date" => "2021-01-08T11:50:22","version" => "0.36"},{"date" => "2021-01-10T02:50:59","version" => "0.37"},{"date" => "2021-01-10T15:27:25","version" => "0.38"},{"date" => "2021-01-13T00:29:13","version" => "0.39"},{"date" => "2021-03-13T02:24:22","version" => "0.40"},{"date" => "2021-03-13T13:33:53","version" => "0.41"},{"date" => "2021-03-15T00:03:02","version" => "0.42"},{"date" => "2021-03-15T01:18:04","version" => "0.43"},{"date" => "2021-03-20T14:15:36","version" => "0.44"},{"date" => "2021-03-20T21:28:09","version" => "0.45"},{"date" => "2021-03-27T16:02:51","version" => "0.46"},{"date" => "2021-03-28T14:31:07","version" => "0.47"},{"date" => "2021-04-10T00:47:31","version" => "0.48"},{"date" => "2021-04-10T13:01:06","version" => "0.49"},{"date" => "2021-04-18T22:43:29","version" => "0.50"},{"date" => "2021-07-03T22:46:09","version" => "0.51"},{"date" => "2021-11-27T19:48:18","version" => "0.52"},{"date" => "2021-11-28T15:08:21","version" => "0.53"},{"date" => "2021-12-05T17:16:00","version" => "0.54"},{"date" => "2021-12-07T22:14:01","version" => "0.55"},{"date" => "2022-03-16T00:06:40","version" => "0.56"},{"date" => "2022-04-15T22:57:47","version" => "0.57"},{"date" => "2022-07-19T00:46:35","version" => "0.58"},{"date" => "2022-11-25T02:26:53","version" => "0.59"},{"date" => "2023-03-13T00:29:05","version" => "0.60"},{"date" => "2023-03-13T00:44:20","version" => "0.61"},{"date" => "2023-03-18T23:22:43","version" => "0.62"},{"date" => "2023-03-19T12:59:49","version" => "0.63"},{"date" => "2023-06-26T22:04:31","version" => "0.64"},{"date" => "2023-11-21T22:39:12","version" => "0.65"},{"date" => "2025-05-09T00:13:19","version" => "0.66"},{"date" => "2025-11-07T22:27:16","version" => "0.67"},{"date" => "2025-11-26T22:29:54","version" => "0.68"},{"date" => "2026-01-11T00:19:14","version" => "0.69"}]},"XML-Simple" => {"advisories" => [{"affected_versions" => ["<2.25"],"cves" => [],"description" => "The No. 4 item on the OWASP top 10 is external XML entities. When using XML::Parser, XML::Simple is currently vulnerable by default.\n","distribution" => "XML-Simple","fixed_versions" => [">=2.25"],"id" => "CPANSA-XML-Simple-2018-01","references" => ["https://metacpan.org/dist/XML-Simple/changes","https://github.com/grantm/xml-simple/pull/8"],"reported" => "2018-02-18","severity" => undef}],"main_module" => "XML::Simple","versions" => [{"date" => "1999-11-29T02:30:19","version" => "1.00"},{"date" => "1999-12-01T11:02:42","version" => "1.01"},{"date" => "2000-03-05T20:58:37","version" => "1.03"},{"date" => "2000-04-03T04:12:07","version" => "1.04"},{"date" => "2000-08-30T23:40:57","version" => "1.05"},{"date" => "2001-11-19T22:04:26","version" => "1.06"},{"date" => "2002-02-05T22:46:39","version" => "1.07"},{"date" => "2002-02-09T22:43:03","version" => "1.08"},{"date" => "2002-02-14T22:13:24","version" => "1.08_01"},{"date" => "2002-12-08T08:23:26","version" => "2.00"},{"date" => "2002-12-11T09:56:59","version" => "2.01"},{"date" => "2002-12-15T08:21:09","version" => "2.02"},{"date" => "2003-01-20T07:54:05","version" => "2.03"},{"date" => "2003-04-10T10:25:56","version" => "2.04"},{"date" => "2003-04-16T10:22:00","version" => "2.05"},{"date" => "2003-05-18T08:50:04","version" => "2.06"},{"date" => "2003-05-20T08:53:19","version" => "2.07"},{"date" => "2003-06-13T10:31:53","version" => "2.08"},{"date" => "2003-09-09T09:43:24","version" => "2.09"},{"date" => "2004-02-29T10:18:06","version" => "2.10"},{"date" => "2004-03-02T08:29:33","version" => "2.11"},{"date" => "2004-04-05T09:29:23","version" => "2.12"},{"date" => "2004-11-17T09:06:18","version" => "2.13"},{"date" => "2005-01-29T05:16:40","version" => "2.14"},{"date" => "2006-10-03T01:33:47","version" => "2.15"},{"date" => "2006-10-30T08:33:07","version" => "2.16"},{"date" => "2007-08-02T10:47:38","version" => "2.17"},{"date" => "2007-08-15T10:39:25","version" => "2.18"},{"date" => "2012-06-17T11:28:59","version" => "2.19_01"},{"date" => "2012-06-19T08:34:33","version" => "2.19_02"},{"date" => "2012-06-20T10:01:37","version" => "2.20"},{"date" => "2015-12-04T03:35:12","version" => "2.21"},{"date" => "2015-12-04T22:08:47","version" => "2.22"},{"date" => "2017-04-17T03:49:52","version" => "2.23"},{"date" => "2017-04-17T04:12:48","version" => "2.24"},{"date" => "2018-03-18T03:19:24","version" => "2.25"}]},"XML-Twig" => {"advisories" => [{"affected_versions" => ["<1.39"],"cves" => ["CVE-2016-9180"],"description" => "perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.\n","distribution" => "XML-Twig","fixed_versions" => [">=1.39"],"id" => "CPANSA-XML-Twig-2016-9180","references" => ["http://www.securityfocus.com/bid/94219","http://www.openwall.com/lists/oss-security/2016/11/04/2","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00033.html","https://rt.cpan.org/Public/Bug/Display.html?id=118097"],"reported" => "2016-12-22","severity" => "critical"}],"main_module" => "XML::Twig","versions" => [{"date" => "1999-10-05T22:25:47","version" => "1.6"},{"date" => "1999-12-07T16:53:28","version" => "1.7"},{"date" => "1999-12-17T17:03:18","version" => "1.8"},{"date" => "2000-02-18T00:39:24","version" => "1.9"},{"date" => "2000-03-24T23:22:37","version" => "1.10"},{"date" => "2000-06-05T19:27:48","version" => "2.00"},{"date" => "2000-08-18T12:10:46","version" => "2.01"},{"date" => "2001-01-16T09:14:14","version" => "2.02"},{"date" => "2002-01-09T16:33:44","version" => "3.00"},{"date" => "2002-01-09T17:01:53","version" => "3.01"},{"date" => "2002-01-16T14:11:04","version" => "3.02"},{"date" => "2002-03-26T14:40:14","version" => "3.03"},{"date" => "2002-04-02T04:57:42","version" => "3.04"},{"date" => "2002-07-09T16:02:36","version" => "3.05"},{"date" => "2002-09-17T17:07:34","version" => "3.06"},{"date" => "2002-09-17T20:03:49","version" => "3.07"},{"date" => "2002-09-17T21:57:09","version" => "3.08"},{"date" => "2002-11-11T07:42:10","version" => "3.09"},{"date" => "2003-06-09T19:35:52","version" => "3.10"},{"date" => "2003-09-24T13:23:47","version" => "3.11"},{"date" => "2004-01-29T15:20:30","version" => "3.12"},{"date" => "2004-02-02T07:13:15","version" => "3.13"},{"date" => "2004-03-17T15:39:18","version" => "3.14"},{"date" => "2004-04-05T08:30:51","version" => "3.15"},{"date" => "2005-02-11T17:51:59","version" => "3.16"},{"date" => "2005-03-16T14:06:47","version" => "3.17"},{"date" => "2005-08-08T12:22:25","version" => "3.18"},{"date" => "2005-08-10T16:22:28","version" => "3.19"},{"date" => "2005-08-11T13:51:56","version" => "3.20"},{"date" => "2005-08-12T12:59:54","version" => "3.21"},{"date" => "2005-10-14T16:27:05","version" => "3.22"},{"date" => "2006-01-23T14:26:19","version" => "3.23"},{"date" => "2006-05-09T08:56:08","version" => "3.24"},{"date" => "2006-05-10T11:07:37","version" => "3.25"},{"date" => "2006-07-01T11:18:04","version" => "3.26"},{"date" => "2007-01-05T17:23:58","version" => "3.28"},{"date" => "2007-01-22T09:42:28","version" => "3.29"},{"date" => "2007-11-06T14:49:35","version" => "3.30"},{"date" => "2007-11-07T19:29:27","version" => "3.31"},{"date" => "2007-11-13T20:40:13","version" => "3.32"},{"date" => "2010-01-15T17:14:59","version" => "3.33"},{"date" => "2010-01-18T19:31:16","version" => "3.34"},{"date" => "2010-05-16T05:25:45","version" => "3.35"},{"date" => "2010-10-07T09:55:43","version" => "3.36"},{"date" => "2010-10-10T05:53:41","version" => "3.37"},{"date" => "2011-02-27T06:57:30","version" => "3.38"},{"date" => "2011-09-22T01:30:24","version" => "3.39"},{"date" => "2012-05-10T10:44:35","version" => "3.40"},{"date" => "2012-08-08T20:31:00","version" => "3.41"},{"date" => "2012-11-08T12:28:17","version" => "3.42"},{"date" => "2013-05-13T08:47:04","version" => "3.44"},{"date" => "2014-03-01T08:34:52","version" => "3.45"},{"date" => "2014-03-05T11:25:33","version" => "3.46"},{"date" => "2014-03-29T10:30:09","version" => "3.47"},{"date" => "2014-03-30T09:01:59","version" => "3.48"},{"date" => "2015-04-12T09:17:47","version" => "3.49"},{"date" => "2016-11-22T15:01:43","version" => "3.50"},{"date" => "2016-11-23T12:34:37","version" => "3.51"},{"date" => "2016-11-23T17:21:16","version" => "3.52"},{"date" => "2024-12-13T15:34:19","version" => "3.53"},{"date" => "2025-06-11T09:49:17","version" => "3.54"}]},"YAML" => {"advisories" => [{"affected_versions" => ["<1.28"],"cves" => [],"description" => "Loading globs is easily exploitable.\n","distribution" => "YAML","fixed_versions" => [">=1.28"],"id" => "CPANSA-YAML-2019-01","references" => ["https://github.com/ingydotnet/yaml-pm/issues/212"],"reported" => "2019-04-27","severity" => undef},{"affected_versions" => ["<1.25"],"cves" => [],"description" => "YAML loader can run DESTROY method of object created with perl/* tag.\n","distribution" => "YAML","fixed_versions" => [">=1.25"],"id" => "CPANSA-YAML-2017-01","references" => ["https://github.com/ingydotnet/yaml-pm/issues/176"],"reported" => "2017-05-10","severity" => undef}],"main_module" => "YAML","versions" => [{"date" => "2001-12-19T10:33:57","version" => "0.25"},{"date" => "2002-01-10T06:33:41","version" => "0.26"},{"date" => "2002-01-15T22:34:34","version" => "0.30"},{"date" => "2002-06-25T06:25:48","version" => "0.35"},{"date" => "2004-01-20T09:22:57","version" => "0.49_01"},{"date" => "2005-01-31T06:49:59","version" => "0.36"},{"date" => "2005-03-31T02:57:10","version" => "0.37"},{"date" => "2005-03-31T10:16:09","version" => "0.38"},{"date" => "2005-04-12T22:41:53","version" => "0.39"},{"date" => "2005-04-25T19:42:26","version" => "0.39"},{"date" => "2005-12-25T19:27:42","version" => "0.49_70"},{"date" => "2006-01-10T05:55:16","version" => "0.50"},{"date" => "2006-01-14T19:47:39","version" => "0.50"},{"date" => "2006-01-18T23:03:28","version" => "0.52"},{"date" => "2006-01-19T19:13:35","version" => "0.53"},{"date" => "2006-01-30T02:22:33","version" => "0.54"},{"date" => "2006-01-30T03:11:55","version" => "0.55"},{"date" => "2006-01-30T18:41:21","version" => "0.56"},{"date" => "2006-02-02T07:36:12","version" => "0.56"},{"date" => "2006-02-14T21:21:22","version" => "0.58"},{"date" => "2006-07-01T05:16:14","version" => "0.60"},{"date" => "2006-07-02T20:36:06","version" => "0.61"},{"date" => "2006-07-03T22:52:48","version" => "0.62"},{"date" => "2007-06-20T23:18:21","version" => "0.63"},{"date" => "2007-06-21T23:29:30","version" => "0.64"},{"date" => "2007-06-22T00:58:23","version" => "0.65"},{"date" => "2007-09-27T09:16:07","version" => "0.66"},{"date" => "2008-12-01T10:57:39","version" => "0.67"},{"date" => "2008-12-04T09:07:34","version" => "0.68"},{"date" => "2009-08-10T05:19:57","version" => "0.69_01"},{"date" => "2009-08-10T12:44:33","version" => "0.69_02"},{"date" => "2009-08-10T17:23:08","version" => "0.70"},{"date" => "2010-01-03T01:52:05","version" => "0.71"},{"date" => "2010-09-01T02:04:50","version" => "0.72"},{"date" => "2011-04-19T10:57:00","version" => "0.73"},{"date" => "2011-09-25T20:06:34","version" => "0.74"},{"date" => "2011-09-26T22:47:06","version" => "0.75"},{"date" => "2011-09-28T10:06:35","version" => "0.76"},{"date" => "2011-09-29T16:29:20","version" => "0.77"},{"date" => "2012-01-02T07:55:05","version" => "0.78"},{"date" => "2012-02-09T01:26:43","version" => "0.79"},{"date" => "2012-02-10T20:57:18","version" => "0.80"},{"date" => "2012-04-19T18:04:48","version" => "0.81"},{"date" => "2012-07-12T18:51:27","version" => "0.82"},{"date" => "2012-07-13T15:45:29","version" => "0.83"},{"date" => "2012-07-13T18:19:24","version" => "0.84"},{"date" => "2013-11-24T15:44:47","version" => "0.85"},{"date" => "2013-11-26T16:43:45","version" => "0.86"},{"date" => "2013-12-01T05:53:16","version" => "0.87"},{"date" => "2013-12-03T05:30:33","version" => "0.88"},{"date" => "2014-02-08T22:12:24","version" => "0.89"},{"date" => "2014-02-10T16:45:22","version" => "0.90"},{"date" => "2014-05-27T21:16:01","version" => "0.91"},{"date" => "2014-05-29T03:07:13","version" => "0.92"},{"date" => "2014-06-14T05:33:25","version" => "0.93"},{"date" => "2014-06-14T17:34:58","version" => "0.94"},{"date" => "2014-06-20T19:10:04","version" => "0.95"},{"date" => "2014-07-14T05:59:12","version" => "0.96"},{"date" => "2014-07-17T06:38:34","version" => "0.97"},{"date" => "2014-07-30T19:33:24","version" => "0.98"},{"date" => "2014-08-07T00:57:08","version" => "0.99"},{"date" => "2014-08-07T07:36:47","version" => "1.00"},{"date" => "2014-08-07T21:49:48","version" => "1.01"},{"date" => "2014-08-16T04:11:27","version" => "1.02"},{"date" => "2014-08-16T10:33:26","version" => "1.03"},{"date" => "2014-08-16T15:30:43","version" => "1.04"},{"date" => "2014-08-16T20:04:31","version" => "1.05"},{"date" => "2014-08-16T23:51:52","version" => "1.06"},{"date" => "2014-08-18T15:40:59","version" => "1.07"},{"date" => "2014-08-18T17:23:04","version" => "1.08"},{"date" => "2014-08-19T23:42:23","version" => "1.09"},{"date" => "2014-08-29T05:54:45","version" => "1.10"},{"date" => "2014-08-30T03:10:03","version" => "1.11"},{"date" => "2014-09-22T15:25:30","version" => "1.12"},{"date" => "2014-10-11T16:07:22","version" => "1.13"},{"date" => "2015-01-17T23:33:39","version" => "1.14"},{"date" => "2015-04-18T15:04:42","version" => "1.15"},{"date" => "2016-07-03T17:53:34","version" => "1.16"},{"date" => "2016-07-05T20:04:45","version" => "1.16_001"},{"date" => "2016-07-05T20:10:01","version" => "1.16_002"},{"date" => "2016-07-05T20:21:25","version" => "1.17"},{"date" => "2016-07-08T14:53:24","version" => "1.18"},{"date" => "2016-11-11T22:44:07","version" => "1.18_001"},{"date" => "2016-11-18T18:46:59","version" => "1.19"},{"date" => "2016-11-27T20:27:37","version" => "1.19_001"},{"date" => "2016-12-02T21:21:40","version" => "1.20"},{"date" => "2016-12-02T22:00:08","version" => "1.20_001"},{"date" => "2016-12-07T21:17:58","version" => "1.20_002"},{"date" => "2016-12-23T20:20:06","version" => "1.21"},{"date" => "2017-02-14T22:24:38","version" => "1.22"},{"date" => "2017-02-19T21:08:48","version" => "1.23"},{"date" => "2017-05-12T15:06:03","version" => "1.23_001"},{"date" => "2017-05-14T13:15:34","version" => "1.23_002"},{"date" => "2017-10-29T22:09:18","version" => "1.23_003"},{"date" => "2017-10-30T19:33:07","version" => "1.24"},{"date" => "2018-05-06T19:10:48","version" => "1.24_001"},{"date" => "2018-05-10T16:22:16","version" => "1.24_002"},{"date" => "2018-05-11T17:59:33","version" => "1.25"},{"date" => "2018-05-12T11:43:38","version" => "1.25_001"},{"date" => "2018-05-17T13:00:07","version" => "1.25_002"},{"date" => "2018-05-18T19:58:16","version" => "1.26"},{"date" => "2018-10-18T19:46:23","version" => "1.26_001"},{"date" => "2018-11-03T13:02:53","version" => "1.27"},{"date" => "2019-04-27T13:41:56","version" => "1.27_001"},{"date" => "2019-04-28T09:46:43","version" => "1.28"},{"date" => "2019-05-05T11:31:39","version" => "1.28_001"},{"date" => "2019-05-11T08:28:01","version" => "1.29"},{"date" => "2020-01-27T22:10:33","version" => "1.30"},{"date" => "2023-12-27T15:11:23","version" => "1.31"}]},"YAML-LibYAML" => {"advisories" => [{"affected_versions" => ["<0.69"],"cves" => [],"description" => "Need SafeLoad and SafeDump analog to python\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.69"],"id" => "CPANSA-YAML-LibYAML-2016-01","references" => ["https://github.com/ingydotnet/yaml-libyaml-pm/issues/45"],"reported" => "2016-03-10","severity" => undef},{"affected_versions" => ["<0.53"],"cves" => ["CVE-2014-9130"],"description" => "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.54"],"id" => "CPANSA-YAML-LibYAML-2014-9130","references" => ["http://www.openwall.com/lists/oss-security/2014/11/29/3","http://www.openwall.com/lists/oss-security/2014/11/28/8","https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2","http://www.securityfocus.com/bid/71349","http://secunia.com/advisories/59947","https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure","http://secunia.com/advisories/60944","http://www.openwall.com/lists/oss-security/2014/11/28/1","http://linux.oracle.com/errata/ELSA-2015-0100.html","http://secunia.com/advisories/62723","http://secunia.com/advisories/62705","http://secunia.com/advisories/62774","http://www.ubuntu.com/usn/USN-2461-2","http://www.ubuntu.com/usn/USN-2461-3","http://www.ubuntu.com/usn/USN-2461-1","http://rhn.redhat.com/errata/RHSA-2015-0100.html","http://www.debian.org/security/2014/dsa-3103","http://rhn.redhat.com/errata/RHSA-2015-0112.html","http://www.debian.org/security/2014/dsa-3102","http://www.debian.org/security/2014/dsa-3115","http://rhn.redhat.com/errata/RHSA-2015-0260.html","http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html","http://www.mandriva.com/security/advisories?name=MDVSA-2015:060","http://www.mandriva.com/security/advisories?name=MDVSA-2014:242","http://advisories.mageia.org/MGASA-2014-0508.html","http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html","http://secunia.com/advisories/62176","http://secunia.com/advisories/62174","http://secunia.com/advisories/62164","https://exchange.xforce.ibmcloud.com/vulnerabilities/99047","https://puppet.com/security/cve/cve-2014-9130"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">0.38,<0.57"],"cves" => ["CVE-2012-1152"],"description" => "Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.57"],"id" => "CPANSA-YAML-LibYAML-2012-1152","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=801738","https://rt.cpan.org/Public/Bug/Display.html?id=46507","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077023.html","http://www.openwall.com/lists/oss-security/2012/03/10/4","http://www.openwall.com/lists/oss-security/2012/03/09/6","http://www.debian.org/security/2012/dsa-2432","http://www.securityfocus.com/bid/52381","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077782.html","https://rt.cpan.org/Public/Bug/Display.html?id=75365","http://secunia.com/advisories/48317","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077004.html","http://lists.opensuse.org/opensuse-updates/2012-08/msg00029.html","http://secunia.com/advisories/50277","http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/73856"],"reported" => "2012-09-09","severity" => undef},{"affected_versions" => ["<0.903.0"],"cves" => ["CVE-2025-40908"],"description" => "YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.903.0"],"id" => "CPANSA-YAML-LibYAML-2025-001","references" => ["https://www.cve.org/CVERecord?id=CVE-2025-40908","https://github.com/ingydotnet/yaml-libyaml-pm/issues/120","https://github.com/ingydotnet/yaml-libyaml-pm/pull/121","https://github.com/ingydotnet/yaml-libyaml-pm/pull/122"],"reported" => "2025-06-01","severity" => "critical"}],"main_module" => "YAML::LibYAML","versions" => [{"date" => "2007-05-11T21:37:19","version" => "0.01"},{"date" => "2007-05-15T06:37:59","version" => "0.02"},{"date" => "2007-05-19T22:23:53","version" => "0.03"},{"date" => "2007-05-21T05:19:05","version" => "0.04"},{"date" => "2007-05-21T07:45:35","version" => "0.05"},{"date" => "2007-05-23T06:56:11","version" => "0.06"},{"date" => "2007-05-23T07:10:14","version" => "0.07"},{"date" => "2007-05-26T04:58:43","version" => "0.08"},{"date" => "2007-05-28T07:47:31","version" => "0.09"},{"date" => "2007-05-28T10:30:28","version" => "0.10"},{"date" => "2007-05-30T00:30:09","version" => "0.11"},{"date" => "2007-05-30T08:13:24","version" => "0.12"},{"date" => "2007-05-30T09:38:37","version" => "0.14"},{"date" => "2007-05-31T07:48:16","version" => "0.15"},{"date" => "2007-05-31T21:05:50","version" => "0.16"},{"date" => "2007-06-07T02:55:10","version" => "0.17"},{"date" => "2007-06-18T01:35:48","version" => "0.18"},{"date" => "2007-06-18T08:06:43","version" => "0.19"},{"date" => "2007-06-18T23:34:20","version" => "0.20"},{"date" => "2007-06-21T23:27:47","version" => "0.21"},{"date" => "2007-06-22T07:42:47","version" => "0.22"},{"date" => "2007-06-23T01:17:58","version" => "0.23"},{"date" => "2007-06-24T18:37:51","version" => "0.24"},{"date" => "2007-06-25T01:40:09","version" => "0.25"},{"date" => "2007-06-26T21:00:04","version" => "0.26"},{"date" => "2008-06-07T05:37:26","version" => "0.27"},{"date" => "2008-11-12T07:09:30","version" => "0.29"},{"date" => "2009-01-11T11:00:54","version" => "0.30"},{"date" => "2009-01-12T09:26:53","version" => "0.31"},{"date" => "2009-01-12T09:34:50","version" => "0.32"},{"date" => "2010-04-15T01:01:10","version" => "0.33"},{"date" => "2010-09-23T22:43:36","version" => "0.34"},{"date" => "2011-04-03T16:41:03","version" => "0.35"},{"date" => "2011-09-29T18:10:52","version" => "0.37"},{"date" => "2012-01-04T06:58:09","version" => "0.38"},{"date" => "2013-02-12T02:09:38","version" => "0.39"},{"date" => "2013-03-12T18:07:29","version" => "0.40"},{"date" => "2013-03-13T17:36:09","version" => "0.41"},{"date" => "2014-07-11T22:30:03","version" => "0.42"},{"date" => "2014-07-12T17:05:47","version" => "0.43"},{"date" => "2014-07-13T22:24:47","version" => "0.44"},{"date" => "2014-08-04T08:23:39","version" => "0.45"},{"date" => "2014-08-05T17:33:54","version" => "0.46"},{"date" => "2014-08-09T07:30:51","version" => "0.47"},{"date" => "2014-08-16T04:07:46","version" => "0.48"},{"date" => "2014-08-16T14:31:04","version" => "0.49"},{"date" => "2014-08-16T19:58:18","version" => "0.50"},{"date" => "2014-08-16T21:29:48","version" => "0.51"},{"date" => "2014-08-23T04:04:49","version" => "0.52"},{"date" => "2014-11-28T17:22:06","version" => "0.53"},{"date" => "2014-11-29T19:48:26","version" => "0.54"},{"date" => "2014-12-23T01:27:43","version" => "0.55"},{"date" => "2015-01-16T03:23:05","version" => "0.56"},{"date" => "2015-01-16T04:06:00","version" => "0.57"},{"date" => "2015-01-21T05:02:46","version" => "0.58"},{"date" => "2015-01-26T23:05:30","version" => "0.59"},{"date" => "2016-02-09T19:36:50","version" => "0.60"},{"date" => "2016-02-20T18:05:06","version" => "0.61"},{"date" => "2016-02-22T15:47:18","version" => "0.62"},{"date" => "2016-07-03T17:33:17","version" => "0.62_001"},{"date" => "2016-07-03T17:40:25","version" => "0.62_002"},{"date" => "2016-07-08T14:41:45","version" => "0.63"},{"date" => "2016-09-08T09:56:51","version" => "0.71"},{"date" => "2016-09-13T14:44:45","version" => "0.73"},{"date" => "2017-01-03T04:10:44","version" => "0.63_001"},{"date" => "2017-04-03T18:56:26","version" => "0.63_002"},{"date" => "2017-04-07T18:32:36","version" => "0.64"},{"date" => "2017-05-18T21:10:50","version" => "0.65"},{"date" => "2017-08-13T11:49:59","version" => "0.65_001"},{"date" => "2017-08-17T18:07:26","version" => "0.66"},{"date" => "2017-11-10T21:07:40","version" => "0.66_001"},{"date" => "2017-11-14T20:03:09","version" => "0.66_002"},{"date" => "2017-11-15T18:00:42","version" => "0.67"},{"date" => "2017-12-16T21:50:01","version" => "0.67_001"},{"date" => "2017-12-18T19:01:27","version" => "0.68"},{"date" => "2017-12-20T18:38:40","version" => "0.68_001"},{"date" => "2017-12-22T11:40:39","version" => "0.68_002"},{"date" => "2017-12-26T17:37:54","version" => "0.69"},{"date" => "2018-06-07T20:16:52","version" => "0.69_001"},{"date" => "2018-06-09T19:53:37","version" => "0.70"},{"date" => "2018-06-27T17:14:44","version" => "0.70_001"},{"date" => "2018-07-08T15:04:37","version" => "0.72"},{"date" => "2018-08-31T15:38:28","version" => "0.72_01"},{"date" => "2018-09-01T01:07:45","version" => "0.74"},{"date" => "2018-10-14T14:09:48","version" => "0.74_001"},{"date" => "2018-11-03T13:17:49","version" => "0.75"},{"date" => "2018-12-16T17:28:49","version" => "0.75_001"},{"date" => "2018-12-30T19:11:20","version" => "0.76"},{"date" => "2019-03-13T18:47:41","version" => "0.76_001"},{"date" => "2019-04-15T20:56:14","version" => "0.77"},{"date" => "2019-05-15T18:20:47","version" => "0.77_001"},{"date" => "2019-05-18T16:36:19","version" => "0.78"},{"date" => "2019-05-30T16:01:02","version" => "0.78_001"},{"date" => "2019-06-10T11:10:47","version" => "0.78_002"},{"date" => "2019-06-11T19:36:40","version" => "0.79"},{"date" => "2019-08-21T16:49:31","version" => "0.79_001"},{"date" => "2019-08-22T11:18:19","version" => "0.80"},{"date" => "2020-01-27T22:06:22","version" => "0.81"},{"date" => "2020-05-02T18:40:13","version" => "0.82"},{"date" => "2021-05-02T00:16:51","version" => "0.82_001"},{"date" => "2021-05-08T21:52:55","version" => "0.83"},{"date" => "2022-09-03T19:20:07","version" => "0.84"},{"date" => "2022-09-09T15:31:45","version" => "0.84_001"},{"date" => "2022-09-09T18:12:56","version" => "0.84_002"},{"date" => "2022-09-09T19:01:06","version" => "0.84_003"},{"date" => "2022-09-12T12:21:48","version" => "0.85"},{"date" => "2023-01-26T02:35:03","version" => "0.86"},{"date" => "2023-05-04T10:47:26","version" => "0.86_001"},{"date" => "2023-05-04T19:38:30","version" => "0.87"},{"date" => "2023-05-12T12:28:46","version" => "0.88"},{"date" => "2024-01-24T21:55:26","version" => "0.88_001"},{"date" => "2024-01-27T00:45:43","version" => "0.89"},{"date" => "2024-05-26T13:07:57","version" => "0.89_001"},{"date" => "2024-09-06T21:47:43","version" => "0.90"},{"date" => "2024-09-06T22:09:50","version" => "v0.901.0"},{"date" => "2024-09-09T20:42:09","version" => "v0.901.1"},{"date" => "2024-09-20T19:48:00","version" => "v0.902.0"},{"date" => "2025-01-12T21:19:33","version" => "v0.902.1"},{"date" => "2025-01-26T01:28:39","version" => "v0.902.2"},{"date" => "2025-01-26T15:02:24","version" => "v0.902.3"},{"date" => "2025-02-02T22:21:19","version" => "v0.902.4"},{"date" => "2025-02-02T23:15:49","version" => "v0.903.0"},{"date" => "2025-05-01T14:17:45","version" => "v0.903.1"},{"date" => "2025-05-03T08:45:21","version" => "v0.903.2"},{"date" => "2025-05-03T16:35:27","version" => "v0.903.3"},{"date" => "2025-05-03T19:49:05","version" => "v0.903.4"},{"date" => "2025-05-08T12:21:43","version" => "v0.904.0"}]},"YAML-Syck" => {"advisories" => [{"affected_versions" => ["<1.36"],"cves" => ["CVE-2025-11683"],"description" => "YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure  Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read  The issue is seen with complex YAML files with a hash of all keys and empty values.\x{a0} There is no indication that the issue leads to accessing memory outside that allocated to the module.","distribution" => "YAML-Syck","fixed_versions" => [">=1.36"],"id" => "CPANSA-YAML-Syck-2025-11683","references" => ["https://github.com/cpan-authors/YAML-Syck/pull/65","https://metacpan.org/dist/YAML-Syck/changes"],"reported" => "2025-10-16","severity" => undef}],"main_module" => "YAML::Syck","versions" => [{"date" => "2005-12-25T17:59:15","version" => "0.01"},{"date" => "2005-12-26T12:10:56","version" => "0.02"},{"date" => "2005-12-27T15:53:07","version" => "0.03"},{"date" => "2005-12-28T12:16:03","version" => "0.04"},{"date" => "2006-01-08T15:54:21","version" => "0.05"},{"date" => "2006-01-08T16:03:43","version" => "0.06"},{"date" => "2006-01-08T16:25:54","version" => "0.07"},{"date" => "2006-01-08T16:38:52","version" => "0.08"},{"date" => "2006-01-08T16:42:46","version" => "0.09"},{"date" => "2006-01-08T17:13:31","version" => "0.10"},{"date" => "2006-01-08T17:22:15","version" => "0.11"},{"date" => "2006-01-09T04:57:24","version" => "0.12"},{"date" => "2006-01-09T05:44:42","version" => "0.13"},{"date" => "2006-01-09T16:03:57","version" => "0.14"},{"date" => "2006-01-10T10:57:02","version" => "0.15"},{"date" => "2006-01-10T11:57:08","version" => "0.16"},{"date" => "2006-01-10T12:28:26","version" => "0.17"},{"date" => "2006-01-10T12:49:52","version" => "0.18"},{"date" => "2006-01-10T15:52:23","version" => "0.19"},{"date" => "2006-01-11T11:18:16","version" => "0.20"},{"date" => "2006-01-11T12:36:14","version" => "0.21"},{"date" => "2006-01-11T18:44:14","version" => "0.22"},{"date" => "2006-01-14T11:44:53","version" => "0.23"},{"date" => "2006-01-14T12:21:56","version" => "0.24"},{"date" => "2006-01-15T07:45:04","version" => "0.25"},{"date" => "2006-01-15T18:03:09","version" => "0.26"},{"date" => "2006-01-15T19:16:11","version" => "0.27"},{"date" => "2006-01-16T09:58:39","version" => "0.28"},{"date" => "2006-02-05T03:50:47","version" => "0.29"},{"date" => "2006-02-06T12:54:49","version" => "0.30"},{"date" => "2006-02-10T19:25:13","version" => "0.31"},{"date" => "2006-02-11T11:00:16","version" => "0.32"},{"date" => "2006-02-15T11:53:00","version" => "0.33"},{"date" => "2006-03-06T23:28:23","version" => "0.34"},{"date" => "2006-03-09T13:11:32","version" => "0.35"},{"date" => "2006-03-10T10:27:01","version" => "0.36"},{"date" => "2006-03-14T01:19:25","version" => "0.37"},{"date" => "2006-03-14T12:44:44","version" => "0.38"},{"date" => "2006-03-31T07:32:11","version" => "0.40"},{"date" => "2006-04-01T05:50:05","version" => "0.41"},{"date" => "2006-04-25T13:07:17","version" => "0.42"},{"date" => "2006-04-29T15:26:40","version" => "0.43"},{"date" => "2006-05-03T18:04:03","version" => "0.43"},{"date" => "2006-05-27T03:30:37","version" => "0.45"},{"date" => "2006-06-24T22:55:59","version" => "0.46_01"},{"date" => "2006-07-01T05:26:06","version" => "0.60"},{"date" => "2006-07-01T14:03:38","version" => "0.61"},{"date" => "2006-07-12T06:56:58","version" => "0.62"},{"date" => "2006-07-20T19:19:13","version" => "0.63"},{"date" => "2006-07-23T00:30:37","version" => "0.64"},{"date" => "2006-07-29T16:47:56","version" => "0.65"},{"date" => "2006-07-29T23:27:40","version" => "0.66"},{"date" => "2006-07-30T01:00:36","version" => "0.67"},{"date" => "2006-10-02T12:49:23","version" => "0.70"},{"date" => "2006-10-03T15:25:46","version" => "0.70"},{"date" => "2006-11-26T00:07:30","version" => "0.72"},{"date" => "2007-01-25T19:36:14","version" => "0.80"},{"date" => "2007-01-25T23:07:09","version" => "0.81"},{"date" => "2007-01-25T23:22:51","version" => "0.82"},{"date" => "2007-04-01T16:57:59","version" => "0.84"},{"date" => "2007-04-20T14:49:50","version" => "0.85"},{"date" => "2007-06-16T13:17:35","version" => "0.86"},{"date" => "2007-06-16T16:51:23","version" => "0.86"},{"date" => "2007-06-16T20:33:56","version" => "0.86"},{"date" => "2007-06-21T19:55:23","version" => "0.86"},{"date" => "2007-06-23T02:21:39","version" => "0.86"},{"date" => "2007-07-10T01:11:34","version" => "0.86"},{"date" => "2007-08-03T17:35:53","version" => "0.86"},{"date" => "2007-08-07T17:25:31","version" => "0.86"},{"date" => "2007-09-02T16:30:10","version" => "0.86"},{"date" => "2007-10-13T13:58:17","version" => "0.86"},{"date" => "2007-10-22T18:08:48","version" => "0.86"},{"date" => "2007-12-09T21:14:09","version" => "0.86"},{"date" => "2008-01-18T17:50:22","version" => "0.86"},{"date" => "2008-02-16T12:20:10","version" => "0.86"},{"date" => "2008-02-16T13:04:46","version" => "0.86"},{"date" => "2008-02-16T16:13:51","version" => "0.86"},{"date" => "2008-06-09T02:50:39","version" => "0.86"},{"date" => "2009-04-25T03:38:49","version" => "0.86"},{"date" => "2009-04-25T03:41:41","version" => "0.86"},{"date" => "2010-05-20T10:41:25","version" => "1.07_01"},{"date" => "2010-05-23T17:10:30","version" => "1.08"},{"date" => "2010-05-23T17:48:37","version" => "1.08_01"},{"date" => "2010-05-29T22:54:14","version" => "1.09"},{"date" => "2010-06-06T21:44:15","version" => "1.10"},{"date" => "2010-07-16T11:41:50","version" => "1.10_01"},{"date" => "2010-07-19T17:41:06","version" => "1.10_01"},{"date" => "2010-07-19T22:34:01","version" => "1.10_01"},{"date" => "2010-07-19T23:55:46","version" => "1.10_01"},{"date" => "2010-07-28T06:23:27","version" => "1.10_01"},{"date" => "2010-07-29T21:34:27","version" => "1.10_06"},{"date" => "2010-07-29T22:07:40","version" => "1.10_07"},{"date" => "2010-08-03T15:06:07","version" => "1.11"},{"date" => "2010-08-04T17:28:29","version" => "1.12"},{"date" => "2010-08-26T18:14:47","version" => "1.13"},{"date" => "2010-08-26T20:39:52","version" => "1.14"},{"date" => "2010-09-23T12:20:14","version" => "1.15"},{"date" => "2010-11-21T14:40:01","version" => "1.16"},{"date" => "2010-11-21T16:43:16","version" => "1.17"},{"date" => "2011-11-03T07:09:03","version" => "1.17_01"},{"date" => "2011-11-05T19:16:14","version" => "1.17_01"},{"date" => "2011-11-08T06:51:54","version" => "1.17_01"},{"date" => "2012-02-11T09:48:37","version" => "1.20_01"},{"date" => "2012-02-15T04:54:29","version" => "1.20"},{"date" => "2012-08-22T21:49:37","version" => "1.21_01"},{"date" => "2012-09-21T03:45:26","version" => "1.21"},{"date" => "2012-11-28T00:21:05","version" => "1.22_01"},{"date" => "2012-12-04T23:06:27","version" => "1.22"},{"date" => "2013-02-21T20:13:43","version" => "1.23_01"},{"date" => "2013-02-26T19:19:43","version" => "1.23"},{"date" => "2013-03-02T07:57:56","version" => "1.24_01"},{"date" => "2013-03-02T08:54:34","version" => "1.24_02"},{"date" => "2013-03-07T16:44:31","version" => "1.24"},{"date" => "2013-03-11T04:31:15","version" => "1.25"},{"date" => "2013-05-21T03:09:18","version" => "1.26"},{"date" => "2013-05-21T04:14:10","version" => "1.27"},{"date" => "2014-06-11T19:33:47","version" => "1.28_01"},{"date" => "2014-12-11T07:31:36","version" => "1.28"},{"date" => "2014-12-14T08:32:24","version" => "1.29_01"},{"date" => "2014-12-15T15:58:26","version" => "1.29"},{"date" => "2017-04-18T00:21:57","version" => "1.30_01"},{"date" => "2017-04-20T05:05:41","version" => "1.30"},{"date" => "2018-10-25T19:22:24","version" => "1.31"},{"date" => "2020-01-27T22:19:52","version" => "1.32"},{"date" => "2020-10-26T19:35:28","version" => "1.33"},{"date" => "2020-10-26T20:20:42","version" => "1.34"},{"date" => "2025-10-09T22:46:16","version" => "1.35"},{"date" => "2025-10-10T04:58:28","version" => "1.36"}]},"YATT-Lite" => {"advisories" => [{"affected_versions" => [">=0,<=0.101_102"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "YATT::Lite","versions" => [{"date" => "2013-05-15T03:12:13","version" => "0.0_4"},{"date" => "2013-05-16T06:28:33","version" => "0.0_5"},{"date" => "2013-05-17T07:24:55","version" => "0.0_6"},{"date" => "2013-05-18T02:10:28","version" => "v0.0.6"},{"date" => "2013-06-18T09:57:42","version" => "0.0_7"},{"date" => "2013-06-20T06:09:54","version" => "v0.0.7"},{"date" => "2013-08-25T12:22:03","version" => "0.0_8"},{"date" => "2014-05-13T03:27:34","version" => "v0.0.8"},{"date" => "2014-05-14T13:17:13","version" => "0.0_9"},{"date" => "2014-05-26T13:31:04","version" => "v0.0.9"},{"date" => "2015-04-09T03:34:39","version" => "v0.0.9_001"},{"date" => "2015-04-09T06:01:16","version" => "v0.0.9_002"},{"date" => "2015-04-28T03:29:18","version" => "0.100"},{"date" => "2015-09-03T05:45:15","version" => "0.100_001"},{"date" => "2015-10-31T05:31:03","version" => "0.100_002"},{"date" => "2015-11-05T07:30:33","version" => "0.100_003"},{"date" => "2016-05-24T00:35:40","version" => "0.101"},{"date" => "2017-06-17T00:04:00","version" => "0.101_001"},{"date" => "2020-10-15T11:00:17","version" => "0.101_100"},{"date" => "2020-10-17T07:22:36","version" => "0.101_101"},{"date" => "2020-10-17T10:33:49","version" => "0.101_102"},{"date" => "2023-12-05T06:59:47","version" => "0.101_103"},{"date" => "2024-08-16T05:04:15","version" => "0.110"},{"date" => "2024-11-29T09:35:12","version" => "0.120"},{"date" => "2024-12-10T07:10:28","version" => "0.121"},{"date" => "2025-03-20T02:36:40","version" => "0.122"},{"date" => "2025-03-29T07:49:37","version" => "0.123"},{"date" => "2025-05-17T08:02:02","version" => "0.130"},{"date" => "2025-05-18T12:55:44","version" => "0.131"}]},"Yancy" => {"advisories" => [{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["X-CVE-2018-vue-001"],"description" => "Regular Expression Denial of Service.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-X-CVE-2018-vue-001-vue","references" => ["https://security.snyk.io/vuln/npm:vue:20180222"],"reported" => "2018-02-21","severity" => undef}],"main_module" => "Yancy","versions" => [{"date" => "2017-12-03T00:52:00","version" => "0.001"},{"date" => "2017-12-03T02:48:33","version" => "0.002"},{"date" => "2017-12-05T19:18:06","version" => "0.003"},{"date" => "2017-12-05T20:50:34","version" => "0.004"},{"date" => "2017-12-12T21:48:00","version" => "0.005"},{"date" => "2017-12-15T17:07:32","version" => "0.006"},{"date" => "2017-12-17T00:34:29","version" => "0.007"},{"date" => "2017-12-18T00:39:37","version" => "0.008"},{"date" => "2018-01-07T22:33:53","version" => "0.009"},{"date" => "2018-01-12T22:59:55","version" => "0.010"},{"date" => "2018-01-13T18:49:01","version" => "0.011"},{"date" => "2018-01-29T18:51:02","version" => "0.012"},{"date" => "2018-02-08T05:23:07","version" => "0.013"},{"date" => "2018-02-09T20:51:30","version" => "0.014"},{"date" => "2018-02-12T18:53:07","version" => "0.015"},{"date" => "2018-02-17T04:34:18","version" => "0.016"},{"date" => "2018-02-18T04:27:50","version" => "0.017"},{"date" => "2018-02-22T00:11:09","version" => "0.018"},{"date" => "2018-02-24T05:26:49","version" => "0.019"},{"date" => "2018-02-25T20:44:25","version" => "0.020"},{"date" => "2018-03-02T18:40:59","version" => "0.021"},{"date" => "2018-03-06T21:58:19","version" => "0.022"},{"date" => "2018-03-11T01:00:16","version" => "0.023"},{"date" => "2018-03-15T05:22:49","version" => "1.000"},{"date" => "2018-03-15T19:57:00","version" => "1.001"},{"date" => "2018-03-18T21:57:03","version" => "1.002"},{"date" => "2018-03-28T21:27:52","version" => "1.003"},{"date" => "2018-03-30T18:25:45","version" => "1.004"},{"date" => "2018-05-19T02:53:00","version" => "1.005"},{"date" => "2018-08-12T06:09:06","version" => "1.006"},{"date" => "2018-08-12T20:27:15","version" => "1.007"},{"date" => "2018-09-11T01:20:18","version" => "1.008"},{"date" => "2018-10-22T01:51:24","version" => "1.009"},{"date" => "2018-10-25T00:25:17","version" => "1.010"},{"date" => "2018-10-27T05:32:05","version" => "1.011"},{"date" => "2018-10-30T03:33:36","version" => "1.012"},{"date" => "2018-11-09T17:33:11","version" => "1.013"},{"date" => "2018-11-09T22:02:05","version" => "1.014"},{"date" => "2018-11-25T04:56:36","version" => "1.015"},{"date" => "2018-12-07T04:54:02","version" => "1.016"},{"date" => "2018-12-09T23:45:29","version" => "1.017"},{"date" => "2018-12-18T04:40:44","version" => "1.018"},{"date" => "2018-12-31T00:38:59","version" => "1.019"},{"date" => "2019-01-02T01:03:29","version" => "1.020"},{"date" => "2019-01-09T05:55:47","version" => "1.021"},{"date" => "2019-01-13T19:30:57","version" => "1.022"},{"date" => "2019-02-15T02:25:28","version" => "1.023"},{"date" => "2019-04-26T14:56:12","version" => "1.024"},{"date" => "2019-05-06T04:11:41","version" => "1.025"},{"date" => "2019-05-17T06:27:23","version" => "1.026"},{"date" => "2019-06-02T06:06:08","version" => "1.027"},{"date" => "2019-06-04T17:15:26","version" => "1.028"},{"date" => "2019-06-06T05:25:24","version" => "1.029"},{"date" => "2019-06-07T02:08:14","version" => "1.030"},{"date" => "2019-06-07T02:27:03","version" => "1.031"},{"date" => "2019-06-14T03:39:20","version" => "1.032"},{"date" => "2019-06-20T02:48:25","version" => "1.033"},{"date" => "2019-06-24T00:57:16","version" => "1.034"},{"date" => "2019-07-01T03:16:03","version" => "1.035"},{"date" => "2019-07-06T23:50:11","version" => "1.036"},{"date" => "2019-07-27T00:50:49","version" => "1.037"},{"date" => "2019-07-30T04:27:18","version" => "1.038"},{"date" => "2019-08-10T23:39:44","version" => "1.039"},{"date" => "2019-09-14T04:17:35","version" => "1.040"},{"date" => "2019-10-12T23:55:02","version" => "1.041"},{"date" => "2019-11-24T08:24:08","version" => "1.042"},{"date" => "2019-12-05T23:08:45","version" => "1.043"},{"date" => "2019-12-06T03:51:58","version" => "1.044"},{"date" => "2019-12-17T04:40:46","version" => "1.045"},{"date" => "2020-03-29T18:00:56","version" => "1.046"},{"date" => "2020-04-01T03:02:07","version" => "1.047"},{"date" => "2020-04-06T02:30:40","version" => "1.048"},{"date" => "2020-04-07T04:31:26","version" => "1.049"},{"date" => "2020-04-08T04:28:36","version" => "1.050"},{"date" => "2020-04-11T05:13:41","version" => "1.051"},{"date" => "2020-04-14T04:57:48","version" => "1.052"},{"date" => "2020-04-15T04:01:57","version" => "1.053"},{"date" => "2020-04-19T21:32:12","version" => "1.054"},{"date" => "2020-04-25T02:06:45","version" => "1.055"},{"date" => "2020-04-26T19:33:14","version" => "1.056"},{"date" => "2020-05-31T02:45:58","version" => "1.057"},{"date" => "2020-06-03T20:37:49","version" => "1.058"},{"date" => "2020-06-06T23:00:04","version" => "1.059"},{"date" => "2020-06-07T21:49:37","version" => "1.060"},{"date" => "2020-06-10T15:54:16","version" => "1.061"},{"date" => "2020-06-17T01:02:58","version" => "1.062"},{"date" => "2020-06-25T02:56:34","version" => "1.063"},{"date" => "2020-06-26T05:04:42","version" => "1.064"},{"date" => "2020-07-30T03:14:01","version" => "1.065"},{"date" => "2020-08-08T00:49:06","version" => "1.066"},{"date" => "2020-11-16T04:55:02","version" => "1.067"},{"date" => "2020-12-19T22:43:03","version" => "1.068"},{"date" => "2021-03-04T15:49:34","version" => "1.069"},{"date" => "2021-05-09T01:57:45","version" => "1.070"},{"date" => "2021-05-24T17:07:54","version" => "1.071"},{"date" => "2021-05-26T04:38:25","version" => "1.072"},{"date" => "2021-06-07T16:41:34","version" => "1.073"},{"date" => "2021-06-18T17:57:53","version" => "1.074"},{"date" => "2021-08-07T20:15:50","version" => "1.075"},{"date" => "2021-08-11T18:10:15","version" => "1.076"},{"date" => "2021-09-06T02:25:08","version" => "1.077"},{"date" => "2021-10-17T17:04:53","version" => "1.078"},{"date" => "2021-10-24T20:02:37","version" => "1.079"},{"date" => "2021-10-25T00:42:07","version" => "1.080"},{"date" => "2021-10-26T14:34:15","version" => "1.081"},{"date" => "2021-10-29T22:45:47","version" => "1.082"},{"date" => "2021-10-31T20:56:53","version" => "1.083"},{"date" => "2021-11-03T17:00:00","version" => "1.084"},{"date" => "2021-12-04T04:58:21","version" => "1.085"},{"date" => "2021-12-12T01:08:52","version" => "1.086"},{"date" => "2021-12-14T22:11:27","version" => "1.087"},{"date" => "2021-12-19T02:26:57","version" => "1.088"}]},"Yote" => {"advisories" => [{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Yote","versions" => [{"date" => "2012-01-22T10:43:15","version" => "0.03"},{"date" => "2012-01-29T07:46:40","version" => "0.05"},{"date" => "2012-02-01T08:18:26","version" => "0.06"},{"date" => "2012-02-11T16:40:05","version" => "0.070"},{"date" => "2012-02-12T16:46:56","version" => "0.071"},{"date" => "2012-02-12T20:11:04","version" => "0.073"},{"date" => "2012-02-16T08:01:45","version" => "0.075"},{"date" => "2012-02-25T06:16:49","version" => "0.076"},{"date" => "2012-03-07T15:53:55","version" => "0.077"},{"date" => "2012-03-13T15:45:53","version" => "0.078"},{"date" => "2012-03-14T01:40:01","version" => "0.079"},{"date" => "2012-03-17T04:58:12","version" => "0.080"},{"date" => "2012-03-21T01:00:10","version" => "0.081"},{"date" => "2012-03-23T15:29:25","version" => "0.082"},{"date" => "2012-03-29T16:10:50","version" => "0.083"},{"date" => "2012-04-03T03:36:11","version" => "0.084"},{"date" => "2012-04-07T01:57:35","version" => "0.085"},{"date" => "2012-04-17T14:58:33","version" => "0.086"},{"date" => "2012-04-23T00:34:04","version" => "0.087"},{"date" => "2012-05-09T15:44:27","version" => "0.088"},{"date" => "2012-06-17T16:41:27","version" => "0.89"},{"date" => "2012-07-07T18:21:53","version" => "0.090"},{"date" => "2012-12-07T23:08:36","version" => "0.092"},{"date" => "2012-12-12T00:15:28","version" => "0.093"},{"date" => "2012-12-15T03:00:06","version" => "0.094"},{"date" => "2012-12-21T15:03:35","version" => "0.095"},{"date" => "2012-12-21T15:10:23","version" => "0.094"},{"date" => "2012-12-21T16:41:46","version" => "0.097"},{"date" => "2013-02-26T16:07:02","version" => "0.097"},{"date" => "2013-02-26T22:00:08","version" => "0.097"},{"date" => "2013-04-11T09:00:27","version" => "0.097"},{"date" => "2013-04-13T18:08:08","version" => "0.097"},{"date" => "2013-04-24T05:02:26","version" => "0.0975"},{"date" => "2013-04-24T20:50:26","version" => "0.0975"},{"date" => "2013-04-24T21:06:41","version" => "0.0976"},{"date" => "2013-04-24T23:55:23","version" => "0.0977"},{"date" => "2013-04-27T00:36:29","version" => "0.0978"},{"date" => "2013-04-27T01:37:31","version" => "0.0979"},{"date" => "2013-04-27T20:40:51","version" => "0.0980"},{"date" => "2013-05-02T02:22:35","version" => "0.0981"},{"date" => "2013-05-02T22:58:43","version" => "0.0982"},{"date" => "2013-05-06T15:52:27","version" => "0.0983"},{"date" => "2013-05-06T18:20:49","version" => "0.0984"},{"date" => "2013-05-11T01:05:36","version" => "0.0985"},{"date" => "2013-05-13T19:58:35","version" => "0.0986"},{"date" => "2013-05-13T23:31:05","version" => "0.0987"},{"date" => "2013-05-14T23:16:07","version" => "0.0988"},{"date" => "2013-05-19T19:40:20","version" => "0.0989"},{"date" => "2013-05-20T20:35:57","version" => "0.0990"},{"date" => "2013-05-21T01:32:16","version" => "0.0991"},{"date" => "2013-05-26T05:36:04","version" => "0.0992"},{"date" => "2013-06-04T05:13:09","version" => "0.0993"},{"date" => "2013-06-09T19:10:13","version" => "0.0994"},{"date" => "2013-06-09T21:09:39","version" => "0.0995"},{"date" => "2013-06-13T17:22:45","version" => "0.0996"},{"date" => "2013-06-19T23:18:28","version" => "0.1000"},{"date" => "2013-06-20T01:15:43","version" => "0.1001"},{"date" => "2013-07-08T18:51:52","version" => "0.1002"},{"date" => "2013-07-11T04:25:50","version" => "0.1003"},{"date" => "2013-07-25T05:35:23","version" => "0.1004"},{"date" => "2013-07-25T06:10:27","version" => "0.1005"},{"date" => "2013-09-10T03:54:55","version" => "0.1007"},{"date" => "2013-09-18T07:11:47","version" => "0.1008"},{"date" => "2013-10-13T04:31:17","version" => "0.1010"},{"date" => "2013-11-20T01:45:12","version" => "0.1011"},{"date" => "2013-11-28T06:46:16","version" => "0.1012"},{"date" => "2013-11-28T07:09:28","version" => "0.1013"},{"date" => "2013-12-26T03:28:50","version" => "0.1014"},{"date" => "2013-12-26T08:20:18","version" => "0.1015"},{"date" => "2013-12-28T19:05:21","version" => "0.1016"},{"date" => "2014-01-03T05:59:02","version" => "0.1017"},{"date" => "2014-01-03T06:25:40","version" => "0.1018"},{"date" => "2014-01-07T06:55:43","version" => "0.1019"},{"date" => "2014-02-07T05:56:36","version" => "0.1020"},{"date" => "2014-02-08T04:50:07","version" => "0.1021"},{"date" => "2014-02-20T17:39:10","version" => "0.1022"},{"date" => "2014-03-19T17:10:59","version" => "0.2"},{"date" => "2014-04-05T15:46:56","version" => "0.201"},{"date" => "2014-04-09T05:41:25","version" => "0.202"},{"date" => "2014-04-09T06:26:12","version" => "0.203"},{"date" => "2014-04-16T05:15:00","version" => "0.204"},{"date" => "2014-04-16T06:14:50","version" => "0.205"},{"date" => "2014-04-17T16:14:50","version" => "0.206"},{"date" => "2014-04-19T05:22:53","version" => "0.207"},{"date" => "2014-04-26T00:43:56","version" => "0.208"},{"date" => "2014-04-26T20:08:07","version" => "0.209"},{"date" => "2014-04-28T06:20:54","version" => "0.210"},{"date" => "2014-05-01T07:40:34","version" => "0.211"},{"date" => "2014-05-01T21:51:37","version" => "0.212"},{"date" => "2014-05-02T05:53:29","version" => "0.213"},{"date" => "2014-06-01T08:43:50","version" => "0.214"},{"date" => "2014-07-14T21:20:42","version" => "0.215"},{"date" => "2014-07-28T02:56:15","version" => "0.217"},{"date" => "2014-08-02T03:52:23","version" => "0.218"},{"date" => "2014-08-15T07:05:20","version" => "0.219"},{"date" => "2014-08-16T00:26:35","version" => "0.220"},{"date" => "2014-08-16T21:00:03","version" => "0.221"},{"date" => "2014-08-16T21:07:56","version" => "0.222"},{"date" => "2014-08-17T05:44:33","version" => "0.223"},{"date" => "2014-08-20T06:51:52","version" => "0.224"},{"date" => "2014-08-23T02:39:34","version" => "0.225"},{"date" => "2014-09-04T04:16:58","version" => "0.226"},{"date" => "2014-09-14T04:58:03","version" => "0.228"},{"date" => "2014-09-28T21:11:57","version" => "0.230"},{"date" => "2014-12-09T18:14:17","version" => "0.231"},{"date" => "2015-03-29T20:00:25","version" => "0.300"},{"date" => "2015-04-06T04:00:18","version" => "0.302"},{"date" => "2015-04-06T17:37:33","version" => "0.303"},{"date" => "2015-04-07T05:21:56","version" => "0.304"},{"date" => "2015-04-07T16:52:31","version" => "0.306"},{"date" => "2015-04-07T18:12:24","version" => "0.307"},{"date" => "2015-05-26T21:43:52","version" => "0.308"},{"date" => "2015-05-26T21:48:26","version" => "0.309"},{"date" => "2015-05-26T22:35:35","version" => "0.310"},{"date" => "2015-08-19T01:10:26","version" => "0.311"},{"date" => "2015-09-04T16:15:30","version" => "0.312"},{"date" => "2015-10-11T03:06:17","version" => "1.0"},{"date" => "2015-11-03T00:30:41","version" => "1.1"},{"date" => "2015-12-09T07:17:54","version" => "1.2"},{"date" => "2016-03-09T19:59:10","version" => "1.3"},{"date" => "2016-03-09T20:02:02","version" => "1.02"},{"date" => "2016-03-09T23:15:18","version" => "1.31"},{"date" => "2016-05-01T19:53:03","version" => "1.32"},{"date" => "2016-05-03T02:00:18","version" => "1.33"},{"date" => "2016-05-05T15:33:14","version" => "1.34"},{"date" => "2016-05-06T19:58:06","version" => "1.35"},{"date" => "2016-05-06T20:45:29","version" => "1.36"},{"date" => "2016-05-07T17:30:07","version" => "1.37"},{"date" => "2016-05-10T23:16:25","version" => "1.38"},{"date" => "2016-05-11T23:57:21","version" => "1.39"},{"date" => "2016-05-31T18:50:56","version" => "1.40"},{"date" => "2016-09-01T16:14:07","version" => "1.41"},{"date" => "2016-11-21T18:59:45","version" => "1.43"},{"date" => "2016-12-01T07:11:37","version" => "1.44"},{"date" => "2016-12-21T19:44:12","version" => "1.45"},{"date" => "2017-04-08T21:01:47","version" => "2.0"},{"date" => "2017-08-16T23:30:57","version" => "2.01"},{"date" => "2017-09-20T19:01:58","version" => "2.02"},{"date" => "2018-03-25T03:31:35","version" => "3.0"}]},"Yukki" => {"advisories" => [{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41182"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41182-jqueryui","references" => ["https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc","https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41183"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41183-jqueryui","references" => ["https://bugs.jqueryui.com/ticket/15284","https://github.com/jquery/jquery-ui/pull/1953","https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-001","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41184"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41184-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280","https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-core-2022-001","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.112770"],"cves" => ["CVE-2010-5312"],"description" => "Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2010-5312-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3","http://seclists.org/oss-sec/2014/q4/616","http://bugs.jqueryui.com/ticket/6016","http://seclists.org/oss-sec/2014/q4/613","http://rhn.redhat.com/errata/RHSA-2015-0442.html","http://www.debian.org/security/2015/dsa-3249","http://www.securityfocus.com/bid/71106","http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","http://rhn.redhat.com/errata/RHSA-2015-1462.html","http://www.securitytracker.com/id/1037035","https://exchange.xforce.ibmcloud.com/vulnerabilities/98696","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.drupal.org/sa-core-2022-002","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E"],"reported" => "2014-11-24","severity" => undef},{"affected_versions" => [">=0.0.121700,<=0.140290"],"cves" => ["CVE-2010-5312"],"description" => "Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2010-5312-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3","http://seclists.org/oss-sec/2014/q4/616","http://bugs.jqueryui.com/ticket/6016","http://seclists.org/oss-sec/2014/q4/613","http://rhn.redhat.com/errata/RHSA-2015-0442.html","http://www.debian.org/security/2015/dsa-3249","http://www.securityfocus.com/bid/71106","http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","http://rhn.redhat.com/errata/RHSA-2015-1462.html","http://www.securitytracker.com/id/1037035","https://exchange.xforce.ibmcloud.com/vulnerabilities/98696","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.drupal.org/sa-core-2022-002","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E"],"reported" => "2014-11-24","severity" => undef},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => ["<=0.140290"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => [">=0.110830,<=0.111160"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => [">=0.111280,<=0.112770"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => [">=0.121700,<=0.140290"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"}],"main_module" => "Yukki","versions" => [{"date" => "2011-03-24T04:47:01","version" => "0.110830"},{"date" => "2011-03-25T05:35:01","version" => "0.110840"},{"date" => "2011-03-26T04:25:48","version" => "0.110850"},{"date" => "2011-03-29T03:08:58","version" => "0.110880"},{"date" => "2011-03-31T22:33:47","version" => "0.110900"},{"date" => "2011-04-16T02:29:38","version" => "0.111060"},{"date" => "2011-04-26T03:12:19","version" => "0.111160"},{"date" => "2011-05-08T01:46:50","version" => "0.111280"},{"date" => "2011-06-15T01:52:19","version" => "0.111660"},{"date" => "2011-06-21T03:20:58","version" => "0.111720"},{"date" => "2011-07-02T20:55:01","version" => "0.111830"},{"date" => "2011-10-04T19:30:44","version" => "0.112770"},{"date" => "2012-06-18T04:45:34","version" => "0.121700"},{"date" => "2012-06-27T02:33:18","version" => "0.121790"},{"date" => "2013-08-04T02:04:00","version" => "0.132160"},{"date" => "2014-01-29T14:29:25","version" => "0.140290"},{"date" => "2017-07-19T16:04:21","version" => "0.99_01"},{"date" => "2017-07-20T18:43:41","version" => "0.990_001"},{"date" => "2017-07-21T00:30:50","version" => "0.990_002"},{"date" => "2017-07-23T04:49:37","version" => "0.991_001"},{"date" => "2017-08-04T04:09:29","version" => "0.991_002"},{"date" => "2017-08-11T00:22:44","version" => "0.991_003"},{"date" => "2017-08-13T02:54:57","version" => "0.991_004"},{"date" => "2017-08-18T18:47:13","version" => "0.991_005"},{"date" => "2017-11-09T02:48:59","version" => "0.991_006"},{"date" => "2026-01-31T18:55:04","version" => "0.991_007"}]},"Zabbix-Reporter" => {"advisories" => [{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Zabbix::Reporter","versions" => [{"date" => "2013-03-27T23:01:45","version" => "0.01"},{"date" => "2013-03-29T20:06:46","version" => "0.02"},{"date" => "2013-05-05T11:26:24","version" => "0.03"},{"date" => "2013-05-13T20:38:47","version" => "0.04"},{"date" => "2013-05-21T19:59:56","version" => "0.05"},{"date" => "2013-06-16T12:55:56","version" => "0.06"},{"date" => "2013-09-08T21:14:34","version" => "0.07"}]},"Zonemaster-Backend" => {"advisories" => [{"affected_versions" => ["<7.0.0"],"cves" => [],"description" => "When running the API behind a reverse proxy on the same machine (like it is using the configuration example provided by the GUI) the remote ip might always be localhost even if the query was done from elsewher\n","distribution" => "Zonemaster-Backend","fixed_versions" => [">=7.0.0"],"id" => "CPANSA-Zonemaster-Backend-2021-001","references" => ["https://github.com/zonemaster/zonemaster-backend/issues/838","https://metacpan.org/dist/Zonemaster-Backend/changes"],"reported" => "2021-08-05","severity" => undef},{"affected_versions" => ["<1.0.1"],"cves" => [],"description" => "Potential SQL injection.\n","distribution" => "Zonemaster-Backend","fixed_versions" => [">=1.0.1"],"id" => "CPANSA-Zonemaster-Backend-2015-001","references" => ["https://github.com/zonemaster/zonemaster-backend/issues/25","https://metacpan.org/dist/Zonemaster-Backend/changes"],"reported" => "2015-01-28","severity" => undef}],"main_module" => "Zonemaster::Backend","versions" => [{"date" => "2017-11-02T13:57:24","version" => "2.0.0"},{"date" => "2018-01-12T17:25:15","version" => "2.0.1"},{"date" => "2018-02-23T13:09:41","version" => "2.0.2"},{"date" => "2018-06-25T08:43:15","version" => "2.1.0"},{"date" => "2019-05-24T07:07:47","version" => "4.0.0"},{"date" => "2019-05-31T16:42:26","version" => "4.0.1"},{"date" => "2020-05-01T14:49:55","version" => "5.0.0"},{"date" => "2020-05-15T12:59:00","version" => "5.0.1"},{"date" => "2020-05-22T07:31:56","version" => "5.0.2"},{"date" => "2020-11-09T09:49:51","version" => "6.0.0"},{"date" => "2020-11-10T10:02:13","version" => "6.0.1"},{"date" => "2020-11-18T09:08:50","version" => "6.0.2"},{"date" => "2021-02-09T11:02:57","version" => "6.1.0"},{"date" => "2021-05-31T20:39:03","version" => "6.2.0"},{"date" => "2021-09-18T14:05:03","version" => "7.0.0"},{"date" => "2021-12-06T00:20:51","version" => "8.0.0"},{"date" => "2021-12-20T10:08:13","version" => "8.1.0"},{"date" => "2022-06-10T11:39:25","version" => "9.0.0"},{"date" => "2022-07-08T08:40:31","version" => "9.0.1"},{"date" => "2022-12-19T09:29:40","version" => "10.0.0"},{"date" => "2023-01-31T16:06:19","version" => "10.0.1"},{"date" => "2023-03-01T17:37:05","version" => "10.0.2"},{"date" => "2023-06-21T16:14:40","version" => "11.0.0"},{"date" => "2023-08-08T02:40:32","version" => "11.0.1"},{"date" => "2023-09-08T09:18:30","version" => "11.0.2"},{"date" => "2024-03-18T15:59:50","version" => "11.1.0"},{"date" => "2024-03-28T10:49:24","version" => "11.1.1"},{"date" => "2024-07-01T15:45:21","version" => "11.2.0"},{"date" => "2024-12-09T13:52:41","version" => "11.3.0"},{"date" => "2025-03-04T21:47:49","version" => "11.4.0"},{"date" => "2025-06-26T17:21:54","version" => "11.5.0"},{"date" => "2025-12-19T11:15:27","version" => "12.0.0"}]},"Zonemaster-GUI" => {"advisories" => [{"affected_versions" => [">=1.0.7,<=1.0.11"],"cves" => ["CVE-2019-14863"],"description" => "There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2019-14863-angular","references" => ["https://snyk.io/vuln/npm:angular:20150807","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863"],"reported" => "2020-01-02","severity" => "medium"},{"affected_versions" => [">=1.0.7,<1.0.11"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Zonemaster::GUI","versions" => [{"date" => "2016-10-17T13:50:05","version" => "v1.0.7"},{"date" => "2016-10-17T14:35:43","version" => "v1.0.7"},{"date" => "2017-11-02T14:09:33","version" => "1.0.8"},{"date" => "2018-01-12T17:25:49","version" => "1.0.9"},{"date" => "2018-01-26T11:37:00","version" => "1.0.10"},{"date" => "2018-02-23T13:11:09","version" => "1.0.11"}]},"cppAdaptive1" => {"advisories" => [{"affected_versions" => ["==0.01"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "cppAdaptive1","fixed_versions" => [],"id" => "CPANSA-cppAdaptive1-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "cppAdaptive1","fixed_versions" => [],"id" => "CPANSA-cppAdaptive1-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "cppAdaptive1","versions" => [{"date" => "2017-08-15T00:25:43","version" => "0.01"}]},"cppAdaptive2" => {"advisories" => [{"affected_versions" => [">=0.01,<=3.0.3"],"cves" => ["CVE-2016-10087"],"description" => "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.\n","distribution" => "cppAdaptive2","fixed_versions" => [],"id" => "CPANSA-cppAdaptive2-2016-10087-libpng","references" => ["http://www.openwall.com/lists/oss-security/2016/12/30/4","http://www.openwall.com/lists/oss-security/2016/12/29/2","http://www.securityfocus.com/bid/95157","https://security.gentoo.org/glsa/201701-74","https://usn.ubuntu.com/3712-2/","https://usn.ubuntu.com/3712-1/","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2017-01-30","severity" => "high"},{"affected_versions" => [">=0.01,<=3.0.3"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "cppAdaptive2","fixed_versions" => [],"id" => "CPANSA-cppAdaptive2-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "cppAdaptive2","versions" => [{"date" => "2018-05-30T06:24:48","version" => "0.01"},{"date" => "2018-06-04T20:54:37","version" => "v0.2.0"},{"date" => "2018-06-05T05:02:05","version" => "v1.0.0"},{"date" => "2018-06-05T15:49:02","version" => "v2.0.0"},{"date" => "2018-06-05T18:41:34","version" => "v2.0.1"},{"date" => "2018-06-06T17:15:24","version" => "v2.0.2"},{"date" => "2018-06-10T16:13:47","version" => "v3.0.0"},{"date" => "2018-06-10T18:17:00","version" => "v3.0.1"},{"date" => "2018-06-10T20:01:07","version" => "v3.0.2"},{"date" => "2018-06-11T04:59:40","version" => "v3.0.3"}]},"eperl" => {"advisories" => [{"affected_versions" => ["<=2.2.14"],"cves" => ["CVE-2001-0733"],"description" => "The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.\n","distribution" => "eperl","fixed_versions" => [],"id" => "CPANSA-ePerl-2001-0733","references" => ["http://www.securityfocus.com/archive/1/192711","http://www.securityfocus.com/bid/2912","https://exchange.xforce.ibmcloud.com/vulnerabilities/6743"],"reported" => "2001-10-18","severity" => undef}],"main_module" => "Parse::ePerl","versions" => [{"date" => "1996-09-08T09:22:26","version" => "1.4"},{"date" => "1997-01-20T06:55:18","version" => "v2.0.3"},{"date" => "1997-03-25T09:19:29","version" => "2.1"},{"date" => "1997-04-03T12:24:29","version" => "2.1"},{"date" => "1997-04-05T08:04:08","version" => "2.1"},{"date" => "1997-04-18T16:36:34","version" => "2.1"},{"date" => "1997-04-27T15:20:23","version" => "v2.1.0"},{"date" => "1997-05-04T20:06:49","version" => "v2.1.1"},{"date" => "1997-05-29T10:26:35","version" => "2.2"},{"date" => "1997-05-30T06:24:00","version" => "v2.1.2"},{"date" => "1997-05-30T16:53:19","version" => "2.2"},{"date" => "1997-06-06T07:37:49","version" => "2.2"},{"date" => "1997-06-28T15:59:18","version" => "2.2"},{"date" => "1997-07-19T08:23:43","version" => "v2.2.0"},{"date" => "1997-08-14T15:16:02","version" => "v2.2.2"},{"date" => "1997-08-21T15:44:18","version" => "v2.2.3"},{"date" => "1997-09-01T14:16:42","version" => "v2.2.4"},{"date" => "1997-09-03T10:33:40","version" => "v2.2.5"},{"date" => "1997-10-28T13:28:21","version" => "v2.2.6"},{"date" => "1997-11-17T16:37:11","version" => "v2.2.8"},{"date" => "1998-01-02T11:42:11","version" => "v2.2.12"},{"date" => "1998-07-10T09:22:54","version" => "v2.2.13"}]},"libapreq2" => {"advisories" => [{"affected_versions" => ["<2.07"],"cves" => ["CVE-2006-0042"],"description" => "Unspecified vulnerability in apreq_parse_headers and apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.\n","distribution" => "libapreq2","fixed_versions" => [">=2.07"],"id" => "CPANSA-libapreq2-2006-01","references" => ["https://metacpan.org/changes/distribution/libapreq2"],"reported" => "2007-04-17"}],"main_module" => "Apache2::Cookie","versions" => [{"date" => "2003-11-11T01:28:48","version" => "2.01_03"},{"date" => "2003-11-16T04:16:12","version" => "2.02_02"},{"date" => "2004-06-12T14:52:49","version" => "2.03_04"},{"date" => "2004-08-30T16:13:45","version" => "2.04_03"},{"date" => "2005-05-04T23:38:05","version" => "2.05"},{"date" => "2005-07-20T17:10:48","version" => "2.06"},{"date" => "2006-02-12T18:10:47","version" => "2.07"},{"date" => "2006-08-09T04:54:07","version" => "2.08"},{"date" => "2009-03-13T22:47:11","version" => "2.12"},{"date" => "2010-12-02T18:41:57","version" => "2.13"},{"date" => "2021-02-23T13:26:47","version" => "2.15"},{"date" => "2021-03-22T17:59:11","version" => "2.16"}]},"libwww-perl" => {"advisories" => [{"affected_versions" => ["<6.28"],"cves" => [],"description" => "LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command\n","distribution" => "libwww-perl","fixed_versions" => [">=6.27"],"id" => "CPANSA-libwww-perl-2017-01","references" => ["https://github.com/libwww-perl/libwww-perl/pull/270"],"reported" => "2017-11-06","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]},{"affected_versions" => ["<6.00"],"cves" => ["CVE-2011-0633"],"description" => "The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.\n","distribution" => "libwww-perl","fixed_versions" => [">=6.00"],"id" => "CPANSA-libwww-perl-2011-01","references" => ["http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html","http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html"],"reported" => "2011-01-20"},{"affected_versions" => ["<5.835"],"cves" => ["CVE-2010-2253"],"description" => "lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.\n","distribution" => "libwww-perl","fixed_versions" => [">=5.835"],"id" => "CPANSA-libwww-perl-2010-01","references" => ["http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html","http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html"],"reported" => "2010-07-06"},{"affected_versions" => ["<5.51"],"cves" => [],"description" => "If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for \"http_proxy\" permits \"HTTP_PROXY\" to be found, but this can be trivially set by the web client using the \"Proxy:\" header.\n","distribution" => "libwww-perl","fixed_versions" => [">=5.51"],"id" => "CPANSA-libwww-perl-2001-01","reported" => "2001-03-14"},{"affected_versions" => ["<0.04"],"cves" => [],"description" => "There is a security hole with the implementation of getBasicCredentials().\n","distribution" => "libwww-perl","fixed_versions" => [">=0.04"],"id" => "CPANSA-libwww-perl-1995-01","references" => ["https://metacpan.org/dist/libwww-perl/changes"],"reported" => "1995-09-06"}],"main_module" => "LWP","versions" => [{"date" => "1995-09-16T13:51:35","version" => 5},{"date" => "1995-11-06T14:29:13","version" => 5},{"date" => "1996-05-09T22:43:16","version" => 5},{"date" => "1996-05-26T14:01:51","version" => "5.00"},{"date" => "1996-08-02T16:38:58","version" => "5.01"},{"date" => "1996-09-11T16:19:57","version" => "5.02"},{"date" => "1996-09-30T22:58:37","version" => "5.03"},{"date" => "1996-10-22T10:39:33","version" => "5.04"},{"date" => "1996-12-04T23:36:17","version" => "5.05"},{"date" => "1997-01-27T23:53:38","version" => "5.06"},{"date" => "1997-02-11T14:20:18","version" => "5.07"},{"date" => "1997-04-05T13:10:16","version" => "5.08"},{"date" => "1997-06-10T11:07:01","version" => "5.09"},{"date" => "1997-06-20T10:51:10","version" => "5.10"},{"date" => "1997-08-06T08:41:11","version" => "5.11"},{"date" => "1997-09-05T09:38:58","version" => "5.12"},{"date" => "1997-09-20T12:50:59","version" => "5.13"},{"date" => "1997-10-12T20:55:32","version" => "5.14"},{"date" => "1997-11-06T20:23:06","version" => "5.15"},{"date" => "1997-12-12T17:44:29","version" => "5.18"},{"date" => "1997-12-16T22:25:00","version" => "5.18_03"},{"date" => "1997-12-17T10:08:54","version" => "5.18_04"},{"date" => "1998-01-20T18:16:51","version" => "5.18_05"},{"date" => "1998-01-26T23:55:39","version" => "5.19"},{"date" => "1998-02-12T23:43:23","version" => "5.20"},{"date" => "1998-03-12T18:39:08","version" => "5.21"},{"date" => "1998-03-24T19:42:54","version" => "5.22"},{"date" => "1998-03-31T22:25:14","version" => "5.30"},{"date" => "1998-04-10T15:07:10","version" => "5.31"},{"date" => "1998-04-17T05:23:45","version" => "5.32"},{"date" => "1998-05-07T15:10:00","version" => "5.33"},{"date" => "1998-07-07T16:06:51","version" => "5.34"},{"date" => "1998-07-09T23:05:12","version" => "5.35"},{"date" => "1998-08-04T15:15:44","version" => "5.36"},{"date" => "1998-10-12T17:42:28","version" => "5.40_01"},{"date" => "1998-11-19T22:17:29","version" => "5.41"},{"date" => "1999-03-20T07:52:48","version" => "5.42"},{"date" => "1999-05-09T19:26:17","version" => "5.43"},{"date" => "1999-06-25T20:34:40","version" => "5.44"},{"date" => "1999-09-20T13:36:22","version" => "5.45"},{"date" => "1999-10-28T12:30:45","version" => "5.46"},{"date" => "1999-11-16T14:59:58","version" => "5.47"},{"date" => "2000-04-09T19:45:32","version" => "5.48"},{"date" => "2001-01-01T06:35:20","version" => "5.49"},{"date" => "2001-01-12T20:58:43","version" => "5.50"},{"date" => "2001-03-14T21:33:03","version" => "5.51"},{"date" => "2001-03-29T21:39:12","version" => "5.52"},{"date" => "2001-04-10T23:15:00","version" => "5.53"},{"date" => "2001-04-19T06:13:35","version" => "5.53_90"},{"date" => "2001-04-21T05:02:13","version" => "5.53_91"},{"date" => "2001-04-25T17:37:11","version" => "5.53_92"},{"date" => "2001-04-29T06:28:31","version" => "5.53_93"},{"date" => "2001-05-05T13:57:20","version" => "5.53_94"},{"date" => "2001-08-07T00:46:18","version" => "5.53_95"},{"date" => "2001-08-28T05:59:46","version" => "5.53_96"},{"date" => "2001-09-20T00:33:20","version" => "5.53_97"},{"date" => "2001-10-26T23:30:57","version" => "5.60"},{"date" => "2001-11-17T02:56:46","version" => "5.61"},{"date" => "2001-11-21T19:00:47","version" => "5.62"},{"date" => "2001-12-14T21:01:09","version" => "5.63"},{"date" => "2002-02-09T18:54:35","version" => "5.64"},{"date" => "2002-05-31T20:59:15","version" => "5.65"},{"date" => "2002-12-20T19:28:34","version" => "5.66"},{"date" => "2003-01-01T16:53:11","version" => "5.67"},{"date" => "2003-01-03T05:04:44","version" => "5.68"},{"date" => "2003-01-24T16:55:35","version" => "5.69"},{"date" => "2003-10-13T20:56:35","version" => "5.70"},{"date" => "2003-10-14T19:12:56","version" => "5.71"},{"date" => "2003-10-15T19:53:47","version" => "5.72"},{"date" => "2003-10-19T20:04:40","version" => "5.73"},{"date" => "2003-10-23T19:26:57","version" => "5.74"},{"date" => "2003-10-26T22:10:48","version" => "5.75"},{"date" => "2003-11-21T19:33:09","version" => "5.76"},{"date" => "2004-04-06T13:41:45","version" => "5.77"},{"date" => "2004-04-07T11:13:36","version" => "5.78"},{"date" => "2004-04-13T08:09:08","version" => "5.79"},{"date" => "2004-06-16T10:43:42","version" => "5.800"},{"date" => "2004-11-12T18:32:17","version" => "5.801"},{"date" => "2004-11-30T13:06:01","version" => "5.802"},{"date" => "2004-12-11T15:48:30","version" => "5.803"},{"date" => "2005-12-06T09:36:12","version" => "5.804"},{"date" => "2005-12-08T12:29:02","version" => "5.805"},{"date" => "2007-07-19T21:31:44","version" => "5.806"},{"date" => "2007-07-31T13:14:54","version" => "5.807"},{"date" => "2007-08-05T13:29:17","version" => "5.808"},{"date" => "2008-04-08T11:47:19","version" => "5.810"},{"date" => "2008-04-14T08:28:19","version" => "5.811"},{"date" => "2008-04-16T10:32:51","version" => "5.812"},{"date" => "2008-06-17T20:37:17","version" => "5.813"},{"date" => "2008-07-25T09:09:53","version" => "5.814"},{"date" => "2008-09-24T18:10:11","version" => "5.815"},{"date" => "2008-09-29T09:27:09","version" => "5.816"},{"date" => "2008-10-10T21:31:27","version" => "5.817"},{"date" => "2008-10-16T10:32:24","version" => "5.818"},{"date" => "2008-10-20T11:43:37","version" => "5.819"},{"date" => "2008-11-05T18:07:29","version" => "5.820"},{"date" => "2008-11-25T00:16:49","version" => "5.821"},{"date" => "2008-12-05T19:18:40","version" => "5.822"},{"date" => "2009-01-12T16:50:02","version" => "5.823"},{"date" => "2009-02-13T14:12:29","version" => "5.824"},{"date" => "2009-02-16T10:00:35","version" => "5.825"},{"date" => "2009-04-24T20:42:45","version" => "5.826"},{"date" => "2009-06-15T19:36:37","version" => "5.827"},{"date" => "2009-06-25T19:44:55","version" => "5.828"},{"date" => "2009-07-08T20:03:11","version" => "5.829"},{"date" => "2009-07-26T19:39:49","version" => "5.830"},{"date" => "2009-08-13T20:53:34","version" => "5.831"},{"date" => "2009-09-21T18:24:41","version" => "5.832"},{"date" => "2009-10-06T21:23:39","version" => "5.833"},{"date" => "2009-11-21T13:09:14","version" => "5.834"},{"date" => "2010-05-05T21:13:47","version" => "5.835"},{"date" => "2010-05-13T07:34:58","version" => "5.836"},{"date" => "2010-09-20T21:24:38","version" => "5.837"},{"date" => "2010-11-04T15:16:35","version" => "5.837"},{"date" => "2011-03-08T19:25:05","version" => "6.00"},{"date" => "2011-03-09T23:30:57","version" => "6.01"},{"date" => "2011-03-27T11:35:01","version" => "6.02"},{"date" => "2011-10-15T13:38:28","version" => "6.03"},{"date" => "2012-02-18T22:13:13","version" => "6.04"},{"date" => "2013-03-11T21:47:56","version" => "6.05"},{"date" => "2014-04-16T18:38:49","version" => "6.06"},{"date" => "2014-07-02T05:10:47","version" => "6.07"},{"date" => "2014-07-25T03:19:43","version" => "6.08"},{"date" => "2015-02-10T02:58:40","version" => "6.09"},{"date" => "2015-02-12T17:40:48","version" => "6.10"},{"date" => "2015-02-13T21:38:49","version" => "6.11"},{"date" => "2015-02-14T00:16:15","version" => "6.12"},{"date" => "2015-02-14T18:45:12","version" => "6.13"},{"date" => "2015-11-25T20:23:47","version" => "6.14_001"},{"date" => "2015-12-05T06:01:09","version" => "6.15"},{"date" => "2016-01-05T00:29:20","version" => "6.15_001"},{"date" => "2016-01-14T01:52:18","version" => "6.15_002"},{"date" => "2016-01-14T02:01:20","version" => "6.15_003"},{"date" => "2016-02-13T06:18:45","version" => "6.15_004"},{"date" => "2017-01-18T14:22:22","version" => "6.16"},{"date" => "2017-01-31T19:39:10","version" => "6.17"},{"date" => "2017-02-03T20:31:54","version" => "6.18"},{"date" => "2017-02-14T19:56:20","version" => "6.19"},{"date" => "2017-02-21T15:19:06","version" => "6.20"},{"date" => "2017-02-21T20:38:03","version" => "6.21"},{"date" => "2017-03-01T15:27:43","version" => "6.22"},{"date" => "2017-03-07T03:49:52","version" => "6.23"},{"date" => "2017-03-14T16:36:38","version" => "6.24"},{"date" => "2017-04-03T17:20:06","version" => "6.25"},{"date" => "2017-04-12T15:36:20","version" => "6.26"},{"date" => "2017-09-21T22:32:37","version" => "6.27"},{"date" => "2017-11-06T15:43:47","version" => "6.28"},{"date" => "2017-11-06T20:34:56","version" => "6.29"},{"date" => "2017-12-08T01:57:23","version" => "6.30"},{"date" => "2017-12-11T01:57:47","version" => "6.31"},{"date" => "2018-02-20T19:41:40","version" => "6.32"},{"date" => "2018-02-27T04:04:55","version" => "6.33"},{"date" => "2018-06-05T18:50:45","version" => "6.34"},{"date" => "2018-07-16T04:51:16","version" => "6.35"},{"date" => "2018-10-10T02:21:49","version" => "6.36"},{"date" => "2019-03-06T20:51:05","version" => "6.37"},{"date" => "2019-03-25T19:00:53","version" => "6.38"},{"date" => "2019-05-06T14:19:25","version" => "6.39"},{"date" => "2019-10-24T13:08:25","version" => "6.40"},{"date" => "2019-10-28T14:45:05","version" => "6.41"},{"date" => "2019-11-20T17:41:59","version" => "6.42"},{"date" => "2019-11-26T13:56:02","version" => "6.43"},{"date" => "2020-04-14T19:39:37","version" => "6.44"},{"date" => "2020-06-08T14:52:52","version" => "6.45"},{"date" => "2020-06-23T21:20:14","version" => "6.46"},{"date" => "2020-08-18T15:28:34","version" => "6.47"},{"date" => "2020-09-20T15:26:52","version" => "6.48"},{"date" => "2020-09-24T00:29:49","version" => "6.49"},{"date" => "2020-12-16T18:36:35","version" => "6.50"},{"date" => "2020-12-29T22:09:46","version" => "6.51"},{"date" => "2021-01-07T21:58:27","version" => "6.52"},{"date" => "2021-03-07T16:55:35","version" => "6.53"},{"date" => "2021-05-06T17:55:38","version" => "6.54"},{"date" => "2021-06-17T13:58:40","version" => "6.55"},{"date" => "2021-08-17T13:58:19","version" => "6.56"},{"date" => "2021-09-20T20:29:02","version" => "6.57"},{"date" => "2021-10-25T20:44:12","version" => "6.58"},{"date" => "2021-12-02T21:20:00","version" => "6.59"},{"date" => "2021-12-17T22:33:53","version" => "6.60"},{"date" => "2022-01-21T21:44:31","version" => "6.61"},{"date" => "2022-04-05T01:05:20","version" => "6.62"},{"date" => "2022-04-25T15:25:43","version" => "6.63"},{"date" => "2022-04-26T13:17:45","version" => "6.64"},{"date" => "2022-05-09T18:42:27","version" => "6.65"},{"date" => "2022-05-18T16:57:21","version" => "6.66"},{"date" => "2022-06-14T20:24:12","version" => "6.67"},{"date" => "2023-02-27T19:20:03","version" => "6.68"},{"date" => "2023-04-29T13:15:34","version" => "6.69"},{"date" => "2023-04-30T13:26:14","version" => "6.70"},{"date" => "2023-06-20T19:46:00","version" => "6.71"},{"date" => "2023-07-17T22:02:15","version" => "6.72"},{"date" => "2024-01-13T20:26:02","version" => "6.73"},{"date" => "2024-01-22T17:49:13","version" => "6.74"},{"date" => "2024-01-24T14:30:24","version" => "6.75"},{"date" => "2024-01-25T18:33:12","version" => "6.76"},{"date" => "2024-03-11T00:58:25","version" => "6.77"},{"date" => "2025-02-20T00:44:17","version" => "6.78"},{"date" => "2025-06-27T22:44:59","version" => "6.79"},{"date" => "2025-09-11T22:58:55","version" => "6.80"},{"date" => "2025-10-22T17:05:45","version" => "6.81"}]},"mod_perl" => {"advisories" => [{"affected_versions" => ["<1.31"],"cves" => ["CVE-2009-0796"],"description" => "XSS in Apache::Status.\n","distribution" => "mod_perl","fixed_versions" => [">=1.31"],"id" => "CPANSA-mod_perl-2009-01","references" => ["https://metacpan.org/changes/distribution/mod_perl"],"reported" => "2009-05-11"},{"affected_versions" => ["<1.30"],"cves" => ["CVE-2007-1349"],"description" => "Unescaped variable interpolation in Apache::PerlRun regular expression could cause regex engine tampering.\n","distribution" => "mod_perl","fixed_versions" => [">=1.30"],"id" => "CPANSA-mod_perl-2007-01","references" => ["https://metacpan.org/changes/distribution/mod_perl"],"reported" => "2007-03-29"},{"affected_versions" => [">=2.0,<=2.0.10"],"cves" => ["CVE-2011-2767"],"description" => "mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.\n","distribution" => "mod_perl","fixed_versions" => [],"id" => "CPANSA-mod_perl-2011-2767","references" => ["https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E","https://bugs.debian.org/644169","https://lists.debian.org/debian-lts-announce/2018/09/msg00018.html","https://access.redhat.com/errata/RHSA-2018:2737","https://access.redhat.com/errata/RHSA-2018:2826","https://access.redhat.com/errata/RHSA-2018:2825","http://www.securityfocus.com/bid/105195","https://usn.ubuntu.com/3825-1/","https://usn.ubuntu.com/3825-2/","https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d\@%3Cmodperl-cvs.perl.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.html"],"reported" => "2018-08-26","severity" => "critical"}],"main_module" => "mod_perl2","versions" => [{"date" => "1996-05-21T02:07:05","version" => "0.60"},{"date" => "1996-05-21T20:51:37","version" => "0.60"},{"date" => "1996-06-18T19:41:55","version" => "0.60"},{"date" => "1996-06-25T15:49:56","version" => "0.60"},{"date" => "1996-07-14T23:39:07","version" => "0.70"},{"date" => "1996-07-26T20:39:23","version" => "0.76"},{"date" => "1996-09-08T22:13:32","version" => "0.81"},{"date" => "1996-10-04T15:50:31","version" => "0.83_02"},{"date" => "1996-10-09T07:10:24","version" => "0.83_03"},{"date" => "1996-10-14T03:46:54","version" => "0.83_04"},{"date" => "1996-10-15T13:34:22","version" => "0.83_05"},{"date" => "1996-10-17T03:48:27","version" => "0.83_06"},{"date" => "1996-10-18T22:18:01","version" => "0.83_07"},{"date" => "1996-10-21T01:37:29","version" => "0.83_09"},{"date" => "1996-10-25T14:09:06","version" => "0.83_10"},{"date" => "1996-10-28T00:01:00","version" => "0.84"},{"date" => "1996-11-13T05:39:14","version" => "0.85"},{"date" => "1996-11-14T07:21:01","version" => "0.85_01"},{"date" => "1996-11-27T17:19:02","version" => "0.85_02"},{"date" => "1996-12-05T03:37:12","version" => "0.85_03"},{"date" => "1996-12-10T23:17:33","version" => "0.85_04"},{"date" => "1996-12-17T13:31:40","version" => "0.85_06"},{"date" => "1996-12-19T14:32:44","version" => "0.86"},{"date" => "1996-12-24T04:19:35","version" => "0.87"},{"date" => "1996-12-24T20:41:28","version" => "0.88"},{"date" => "1996-12-31T04:43:25","version" => "0.89"},{"date" => "1996-12-31T07:52:56","version" => "0.90"},{"date" => "1997-01-20T10:04:20","version" => "0.90_01"},{"date" => "1997-01-23T00:58:22","version" => "0.91"},{"date" => "1997-01-23T15:56:19","version" => "0.92"},{"date" => "1997-01-28T02:37:30","version" => "0.93"},{"date" => "1997-03-05T03:19:32","version" => "0.93_01"},{"date" => "1997-03-10T12:07:39","version" => "0.94"},{"date" => "1997-03-23T18:53:46","version" => "0.95"},{"date" => "1997-03-23T18:54:02","version" => "0.95_02"},{"date" => "1997-04-01T04:44:44","version" => "0.95_03"},{"date" => "1997-04-02T01:35:22","version" => "0.95_04"},{"date" => "1997-04-02T03:20:37","version" => "0.95_05"},{"date" => "1997-04-02T04:42:28","version" => "0.95_06"},{"date" => "1997-04-04T05:33:39","version" => "0.96"},{"date" => "1997-04-16T03:54:02","version" => "0.97"},{"date" => "1997-04-23T03:29:01","version" => "0.97_01"},{"date" => "1997-04-30T03:56:50","version" => "0.97_02"},{"date" => "1997-05-02T19:58:12","version" => "0.98"},{"date" => "1997-05-19T22:59:20","version" => "0.98_03"},{"date" => "1997-05-23T00:24:28","version" => "0.98_05"},{"date" => "1997-05-30T02:07:03","version" => "0.98_08"},{"date" => "1997-06-02T00:05:45","version" => "0.98_09"},{"date" => "1997-06-03T03:15:48","version" => "0.98_10"},{"date" => "1997-06-04T01:54:46","version" => "0.98_11"},{"date" => "1997-06-06T01:14:09","version" => "0.98_12"},{"date" => "1997-06-12T00:36:43","version" => "0.99"},{"date" => "1997-06-30T03:04:22","version" => "1.00"},{"date" => "1997-07-08T06:20:15","version" => "1.00"},{"date" => "1997-07-30T20:57:59","version" => "1.00"},{"date" => "1997-08-25T22:00:29","version" => "0.85_05"},{"date" => "1997-09-16T01:09:06","version" => "1.00_02"},{"date" => "1997-09-21T21:40:32","version" => "1.00_03"},{"date" => "1997-10-17T00:04:35","version" => "1.01"},{"date" => "1997-10-17T15:40:45","version" => "1.02"},{"date" => "1997-10-24T04:02:30","version" => "1.03"},{"date" => "1997-10-31T03:59:22","version" => "1.04"},{"date" => "1997-11-07T04:32:07","version" => "1.05"},{"date" => "1997-11-26T02:09:01","version" => "1.07"},{"date" => "1997-12-02T21:34:03","version" => "1.07_01"},{"date" => "1997-12-22T09:29:56","version" => "1.07_02"},{"date" => "1998-01-08T10:21:31","version" => "1.07_03"},{"date" => "1998-01-28T02:10:28","version" => "1.07_03"},{"date" => "1998-01-29T00:47:52","version" => "1.07_03"},{"date" => "1998-02-10T11:04:03","version" => "1.07_04"},{"date" => "1998-02-12T15:08:20","version" => "1.07_04"},{"date" => "1998-02-20T03:43:49","version" => "1.08"},{"date" => "1998-03-07T01:06:09","version" => "1.08"},{"date" => "1998-03-19T07:39:18","version" => "1.09"},{"date" => "1998-03-21T04:14:02","version" => "1.10"},{"date" => "1998-03-27T16:52:20","version" => "1.10"},{"date" => "1998-04-21T14:43:05","version" => "1.11"},{"date" => "1998-04-24T18:58:30","version" => "1.11"},{"date" => "1998-06-09T16:51:19","version" => "1.11"},{"date" => "1998-06-14T19:21:25","version" => "1.12"},{"date" => "1998-07-14T01:13:07","version" => "1.13"},{"date" => "1998-07-19T00:19:20","version" => "1.14"},{"date" => "1998-07-24T13:52:53","version" => "1.15"},{"date" => "1998-07-24T15:59:13","version" => "1.15"},{"date" => "1998-09-20T00:02:57","version" => "1.15_01"},{"date" => "1998-10-02T23:10:02","version" => "1.16"},{"date" => "1998-10-28T18:16:45","version" => "1.16"},{"date" => "1998-11-24T23:54:59","version" => "1.16_01"},{"date" => "1998-12-01T00:01:25","version" => "1.16_02"},{"date" => "1999-01-28T06:27:45","version" => "1.18"},{"date" => "1999-06-11T17:22:35","version" => "1.20"},{"date" => "1999-07-02T23:43:56","version" => "1.21"},{"date" => "2000-03-06T01:32:31","version" => "1.21_01"},{"date" => "2000-03-07T07:56:53","version" => "1.21_02"},{"date" => "2000-03-15T10:25:52","version" => "1.21_03"},{"date" => "2000-03-23T06:51:53","version" => "1.22"},{"date" => "2000-04-21T06:51:47","version" => "1.23"},{"date" => "2000-05-17T05:44:34","version" => "1.24"},{"date" => "2000-10-10T16:44:39","version" => "1.24_01"},{"date" => "2001-01-30T04:33:45","version" => "1.25"},{"date" => "2001-07-06T21:27:16","version" => "1.25_01"},{"date" => "2001-07-12T02:23:32","version" => "1.26"},{"date" => "2002-04-07T04:58:26","version" => "1.99_01"},{"date" => "2002-06-02T03:05:50","version" => "1.27"},{"date" => "2002-06-02T03:27:13","version" => "1.99_02"},{"date" => "2002-06-15T23:59:37","version" => "1.99_03"},{"date" => "2002-06-21T22:45:41","version" => "1.99_04"},{"date" => "2002-08-20T16:54:13","version" => "1.99_05"},{"date" => "2002-09-27T15:19:03","version" => "1.99_06"},{"date" => "2002-09-27T19:41:50","version" => "1.99_07"},{"date" => "2003-01-11T04:22:19","version" => "1.99_08"},{"date" => "2003-04-28T02:36:59","version" => "1.99_09"},{"date" => "2003-07-03T03:32:20","version" => "1.28"},{"date" => "2003-09-29T17:11:24","version" => "1.99_10"},{"date" => "2003-10-08T04:54:22","version" => "1.29"},{"date" => "2003-11-10T21:04:15","version" => "1.99_11"},{"date" => "2003-12-22T19:56:22","version" => "1.99_12"},{"date" => "2004-03-09T00:29:43","version" => "1.99_13"},{"date" => "2004-05-21T18:02:49","version" => "1.99_14"},{"date" => "2004-08-20T18:35:12","version" => "1.99_15"},{"date" => "2004-08-23T05:59:47","version" => "1.99_16"},{"date" => "2004-10-22T21:38:19","version" => "1.99_17"},{"date" => "2004-12-12T23:22:37","version" => "v2.0.0"},{"date" => "2004-12-23T23:38:49","version" => "v2.0.0"},{"date" => "2005-01-06T01:27:43","version" => "v2.0.0"},{"date" => "2005-01-22T08:55:19","version" => "v2.0.0"},{"date" => "2005-04-14T13:19:23","version" => "v2.0.0"},{"date" => "2005-05-04T02:48:58","version" => "v2.0.0"},{"date" => "2005-05-20T05:12:45","version" => "v2.0.0"},{"date" => "2005-06-17T21:05:23","version" => "v2.0.1"},{"date" => "2005-10-21T01:27:23","version" => "v2.0.2"},{"date" => "2006-11-29T08:29:30","version" => "v2.0.3"},{"date" => "2007-03-30T06:19:02","version" => "1.30"},{"date" => "2008-04-17T06:32:36","version" => "v2.0.4"},{"date" => "2009-05-13T02:29:50","version" => "1.31"},{"date" => "2011-02-07T23:31:36","version" => "v2.0.5"},{"date" => "2012-04-25T15:31:27","version" => "v2.0.6"},{"date" => "2012-06-06T02:40:24","version" => "v2.0.7"},{"date" => "2013-04-18T02:15:56","version" => "2.0.8"},{"date" => "2015-06-18T21:16:34","version" => "2.0.9"},{"date" => "2016-10-27T21:16:36","version" => "2.0.10"},{"date" => "2019-10-05T11:36:44","version" => "2.0.11"},{"date" => "2022-01-30T13:36:21","version" => "2.0.12"},{"date" => "2023-10-21T10:32:29","version" => "2.0.13"}]},"perl" => {"advisories" => [{"affected_versions" => ["<1.13"],"cves" => ["CVE-2011-2728"],"description" => "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.\n","distribution" => "perl","fixed_versions" => [">=1.13"],"id" => "CPANSA-File-Glob-2011-2728","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html","http://www.securityfocus.com/bid/49858","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77","http://secunia.com/advisories/46172","https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1","https://bugzilla.redhat.com/show_bug.cgi?id=742987"],"reported" => "2012-12-21","severity" => undef},{"affected_versions" => ["<5.24.1"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "perl","fixed_versions" => [">=5.24.1"],"id" => "CPANSA-ExtUtils-ParseXS-2016-1238","references" => ["https://perldoc.perl.org/5.24.1/perldelta","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=5.22.0,<5.24.0"],"cves" => ["CVE-2016-6185"],"description" => "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2016-6185","references" => ["https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/","https://github.com/Perl/perl5/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/","http://www.openwall.com/lists/oss-security/2016/07/07/1","http://www.openwall.com/lists/oss-security/2016/07/08/5","https://rt.cpan.org/Public/Bug/Display.html?id=115808","http://www.debian.org/security/2016/dsa-3628","http://www.securitytracker.com/id/1036260","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.securityfocus.com/bid/91685","https://security.gentoo.org/glsa/201701-75","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/","https://github.com/Perl/perl5/blob/blead/pod/perl5260delta.pod"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=5.005,<5.24.0"],"cves" => ["CVE-2015-8608"],"description" => "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2015-8608","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=126755","https://github.com/Perl/perl5/issues/15067","https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2017-02-07","severity" => "critical"},{"affected_versions" => ["<5.14.2"],"cves" => ["CVE-2011-2728"],"description" => "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.\n","distribution" => "perl","fixed_versions" => [">=5.14.2"],"id" => "CPANSA-perl-2011-2728","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html","http://www.securityfocus.com/bid/49858","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77","http://secunia.com/advisories/46172","https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1","https://bugzilla.redhat.com/show_bug.cgi?id=742987"],"reported" => "2012-12-21","severity" => undef},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-12723"],"description" => "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-12723","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://github.com/Perl/perl5/issues/16947","https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a","https://github.com/Perl/perl5/issues/17743","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-10878"],"description" => "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-10878","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c","https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-10543"],"description" => "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-10543","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => [">=5.22.0,<5.24.4",">=5.26.0,<5.28.2"],"cves" => ["CVE-2018-6798"],"description" => "An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.\n","distribution" => "perl","fixed_versions" => [">=5.28.0"],"id" => "CPANSA-perl-2018-6798","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=132063","http://www.securitytracker.com/id/1040681","https://access.redhat.com/errata/RHSA-2018:1192","https://usn.ubuntu.com/3625-1/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta","https://github.com/Perl/perl5/issues/16143"],"reported" => "2018-04-17","severity" => "high"},{"affected_versions" => [">=5.18.0,<5.24.4",">=5.26.0,<5.26.2"],"cves" => ["CVE-2018-6797"],"description" => "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.\n","distribution" => "perl","fixed_versions" => [">=5.28.0"],"id" => "CPANSA-perl-2018-6797","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=132227","http://www.securitytracker.com/id/1040681","https://access.redhat.com/errata/RHSA-2018:1192","https://usn.ubuntu.com/3625-1/","http://www.securitytracker.com/id/1042004","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta"],"reported" => "2018-04-17","severity" => "critical"},{"affected_versions" => ["<5.24.4",">=5.26.0,<5.26.2"],"cves" => ["CVE-2018-6913"],"description" => "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.\n","distribution" => "perl","fixed_versions" => [">=5.26.2"],"id" => "CPANSA-perl-2018-6913","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=131844","https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html","http://www.securitytracker.com/id/1040681","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/","http://www.securityfocus.com/bid/103953","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta","https://github.com/Perl/perl5/issues/16098"],"reported" => "2018-04-17","severity" => "critical"},{"affected_versions" => ["<5.26.3"],"cves" => ["CVE-2018-18314"],"description" => "Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.26.3"],"id" => "CPANSA-perl-2018-18314","references" => ["https://www.debian.org/security/2018/dsa-4347","https://rt.perl.org/Ticket/Display.html?id=131649","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f","https://bugzilla.redhat.com/show_bug.cgi?id=1646751","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106145","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["<5.26.3"],"cves" => ["CVE-2018-18313"],"description" => "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.\n","distribution" => "perl","fixed_versions" => [">=5.26.3"],"id" => "CPANSA-perl-2018-18313","references" => ["https://www.debian.org/security/2018/dsa-4347","https://usn.ubuntu.com/3834-2/","https://rt.perl.org/Ticket/Display.html?id=133192","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62","https://bugzilla.redhat.com/show_bug.cgi?id=1646738","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://support.apple.com/kb/HT209600","https://seclists.org/bugtraq/2019/Mar/42","http://seclists.org/fulldisclosure/2019/Mar/49","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["==5.28.0","<5.26.3"],"cves" => ["CVE-2018-18312"],"description" => "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.28.1"],"id" => "CPANSA-perl-2018-18312","references" => ["https://www.debian.org/security/2018/dsa-4347","https://rt.perl.org/Public/Bug/Display.html?id=133423","https://metacpan.org/changes/release/SHAY/perl-5.28.1","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://bugzilla.redhat.com/show_bug.cgi?id=1646734","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106179","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5281delta","https://perldoc.perl.org/perl5263delta"],"reported" => "2018-12-05","severity" => "critical"},{"affected_versions" => ["<5.26.3","==5.28.0"],"cves" => ["CVE-2018-18311"],"description" => "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.28.1"],"id" => "CPANSA-perl-2018-18311","references" => ["https://www.debian.org/security/2018/dsa-4347","https://usn.ubuntu.com/3834-2/","https://rt.perl.org/Ticket/Display.html?id=133204","https://metacpan.org/changes/release/SHAY/perl-5.28.1","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html","https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be","https://bugzilla.redhat.com/show_bug.cgi?id=1646730","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106145","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://access.redhat.com/errata/RHSA-2019:0109","https://security.netapp.com/advisory/ntap-20190221-0003/","https://support.apple.com/kb/HT209600","https://seclists.org/bugtraq/2019/Mar/42","http://seclists.org/fulldisclosure/2019/Mar/49","https://kc.mcafee.com/corporate/index?page=content&id=SB10278","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:1790","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:1942","https://access.redhat.com/errata/RHSA-2019:2400","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5281delta","https://perldoc.perl.org/perl5263delta"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["==5.26.0",">=5.20.0,<5.24.3"],"cves" => ["CVE-2017-12883"],"description" => "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\\\N{U+...}' escape.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12883","references" => ["https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1","https://bugzilla.redhat.com/show_bug.cgi?id=1492093","http://www.securityfocus.com/bid/100852","http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch","https://rt.perl.org/Public/Bug/Display.html?id=131598","http://www.debian.org/security/2017/dsa-3982","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://github.com/Perl/perl5/issues/16025","https://perldoc.perl.org/perl5243delta","https://perldoc.perl.org/perl5280delta","https://perldoc.perl.org/perl5261delta"],"reported" => "2017-09-19","severity" => "critical"},{"affected_versions" => [">=5.18.0,<5.24.3","==5.26.0"],"cves" => ["CVE-2017-12837"],"description" => "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\\\\N{}' escape and the case-insensitive modifier.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12837","references" => ["https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5","https://bugzilla.redhat.com/show_bug.cgi?id=1492091","http://www.securityfocus.com/bid/100860","https://rt.perl.org/Public/Bug/Display.html?id=131582","http://www.debian.org/security/2017/dsa-3982","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://github.com/Perl/perl5/issues/16021","https://perldoc.perl.org/perl5243delta","https://perldoc.perl.org/perl5261delta","https://perldoc.perl.org/perl5280delta"],"reported" => "2017-09-19","severity" => "high"},{"affected_versions" => ["<5.24.0"],"cves" => ["CVE-2015-8853"],"description" => "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\"\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2015-8853","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html","http://www.openwall.com/lists/oss-security/2016/04/20/7","https://bugzilla.redhat.com/show_bug.cgi?id=1329106","https://rt.perl.org/Public/Bug/Display.html?id=123562","http://www.openwall.com/lists/oss-security/2016/04/20/5","http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securityfocus.com/bid/86707","https://security.gentoo.org/glsa/201701-75","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/"],"reported" => "2016-05-25","severity" => "high"},{"affected_versions" => ["<5.18.0"],"cves" => ["CVE-2013-1667"],"description" => "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2013-1667","references" => ["http://www.securityfocus.com/bid/58311","http://perl5.git.perl.org/perl.git/commitdiff/d59e31f","http://perl5.git.perl.org/perl.git/commitdiff/9d83adc","http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html","http://www.debian.org/security/2013/dsa-2641","http://secunia.com/advisories/52499","http://secunia.com/advisories/52472","https://bugzilla.redhat.com/show_bug.cgi?id=912276","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296","http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5","http://osvdb.org/90892","http://www.ubuntu.com/usn/USN-1770-1","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html","http://marc.info/?l=bugtraq&m=137891988921058&w=2","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/82598","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"],"reported" => "2013-03-14","severity" => undef},{"affected_versions" => [">=5.10.0,<5.12.0"],"cves" => ["CVE-2011-0761"],"description" => "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.\n","distribution" => "perl","fixed_versions" => [">=5.12.0"],"id" => "CPANSA-perl-2011-0761","references" => ["http://www.securityfocus.com/bid/47766","http://securitytracker.com/id?1025507","http://www.toucan-system.com/advisories/tssa-2011-03.txt","http://securityreason.com/securityalert/8248","https://exchange.xforce.ibmcloud.com/vulnerabilities/67355","http://www.securityfocus.com/archive/1/517916/100/0/threaded"],"reported" => "2011-05-13","severity" => undef},{"affected_versions" => ["<=5.14.0"],"cves" => ["CVE-2010-4777"],"description" => "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.\n","distribution" => "perl","fixed_versions" => [">5.14.0"],"id" => "CPANSA-perl-2010-4777","references" => ["http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html","https://bugzilla.redhat.com/show_bug.cgi?id=694166","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836","https://rt.perl.org/Public/Bug/Display.html?id=76538","https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html","http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html","http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"],"reported" => "2014-02-10","severity" => undef},{"affected_versions" => ["<5.10.0"],"cves" => ["CVE-2010-1158"],"description" => "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.\n","distribution" => "perl","fixed_versions" => [">=5.10.0"],"id" => "CPANSA-perl-2010-1158","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=313565","http://www.openwall.com/lists/oss-security/2010/04/14/3","http://perldoc.perl.org/perl5100delta.html","http://www.openwall.com/lists/oss-security/2010/04/08/9","https://bugzilla.redhat.com/show_bug.cgi?id=580605","http://secunia.com/advisories/55314"],"reported" => "2010-04-20","severity" => undef},{"affected_versions" => ["<=5.10.1"],"cves" => ["CVE-2009-3626"],"description" => "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.\n","distribution" => "perl","fixed_versions" => [">5.10.1"],"id" => "CPANSA-perl-2009-3626","references" => ["http://securitytracker.com/id?1023077","http://www.vupen.com/english/advisories/2009/3023","http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4","http://www.securityfocus.com/bid/36812","https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225","http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/","http://www.osvdb.org/59283","http://www.openwall.com/lists/oss-security/2009/10/23/8","http://secunia.com/advisories/37144","http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973","https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"],"reported" => "2009-10-29","severity" => undef},{"affected_versions" => ["<=5.8.8"],"cves" => ["CVE-2008-1927"],"description" => "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.  NOTE: this issue might only be present on certain operating systems.\n","distribution" => "perl","fixed_versions" => [">5.8.8"],"id" => "CPANSA-perl-2008-1927","references" => ["http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792","http://www.debian.org/security/2008/dsa-1556","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html","http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml","http://www.securityfocus.com/bid/28928","http://secunia.com/advisories/29948","http://secunia.com/advisories/30025","http://secunia.com/advisories/30326","http://www.securitytracker.com/id?1020253","http://www.redhat.com/support/errata/RHSA-2008-0522.html","http://secunia.com/advisories/30624","http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm","http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://secunia.com/advisories/31467","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","http://secunia.com/advisories/31604","http://secunia.com/advisories/31208","http://secunia.com/advisories/31328","http://www.vmware.com/security/advisories/VMSA-2008-0013.html","http://www.redhat.com/support/errata/RHSA-2008-0532.html","http://secunia.com/advisories/31687","http://osvdb.org/44588","http://www.mandriva.com/security/advisories?name=MDVSA-2008:100","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html","http://secunia.com/advisories/33937","http://support.apple.com/kb/HT3438","http://www.vupen.com/english/advisories/2009/0422","http://www.vupen.com/english/advisories/2008/2361","http://www.vupen.com/english/advisories/2008/2424","http://www.vupen.com/english/advisories/2008/2265/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41996","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-04-24","severity" => undef},{"affected_versions" => ["<5.10.0"],"cves" => ["CVE-2005-3962"],"description" => "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.\n","distribution" => "perl","fixed_versions" => [">=5.10.1"],"id" => "CPANSA-perl-2005-3962","references" => ["http://www.dyadsecurity.com/perl-0002.html","http://www.kb.cert.org/vuls/id/948385","http://www.securityfocus.com/bid/15629","http://secunia.com/advisories/17802","http://secunia.com/advisories/17844","http://secunia.com/advisories/17762","http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html","http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml","http://www.trustix.org/errata/2005/0070","http://secunia.com/advisories/17941","http://secunia.com/advisories/17952","http://www.redhat.com/support/errata/RHSA-2005-880.html","http://www.novell.com/linux/security/advisories/2005_71_perl.html","http://secunia.com/advisories/18183","http://secunia.com/advisories/18187","http://www.redhat.com/support/errata/RHSA-2005-881.html","http://secunia.com/advisories/18075","http://www.openbsd.org/errata37.html#perl","http://secunia.com/advisories/18295","ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch","http://www.osvdb.org/21345","http://www.osvdb.org/22255","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://secunia.com/advisories/18517","http://secunia.com/advisories/17993","https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1","http://secunia.com/advisories/19041","http://www.debian.org/security/2006/dsa-943","http://secunia.com/advisories/18413","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm","http://www.novell.com/linux/security/advisories/2005_29_sr.html","http://secunia.com/advisories/20894","http://docs.info.apple.com/article.html?artnum=304829","http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html","http://www.us-cert.gov/cas/techalerts/TA06-333A.html","http://secunia.com/advisories/23155","http://www.mandriva.com/security/advisories?name=MDKSA-2005:225","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://secunia.com/advisories/31208","http://www.vupen.com/english/advisories/2006/2613","http://www.vupen.com/english/advisories/2006/0771","http://www.vupen.com/english/advisories/2006/4750","ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch","http://www.vupen.com/english/advisories/2005/2688","http://marc.info/?l=full-disclosure&m=113342788118630&w=2","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598","https://usn.ubuntu.com/222-1/","http://www.securityfocus.com/archive/1/438726/100/0/threaded","http://www.securityfocus.com/archive/1/418333/100/0/threaded"],"reported" => "2005-12-01","severity" => undef},{"affected_versions" => ["==5.8.0"],"cves" => ["CVE-2005-0156"],"description" => "Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.\n","distribution" => "perl","fixed_versions" => [">=5.8.1"],"id" => "CPANSA-perl-2005-0156","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://www.trustix.org/errata/2005/0003/","http://www.securityfocus.com/bid/12426","http://secunia.com/advisories/14120","http://fedoranews.org/updates/FEDORA--.shtml","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://www.mandriva.com/security/advisories?name=MDKSA-2005:031","http://secunia.com/advisories/55314","http://marc.info/?l=bugtraq&m=110737149402683&w=2","http://marc.info/?l=full-disclosure&m=110779721503111&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/19208","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803","http://www.digitalmunition.com/DMA[2005-0131b].txt"],"reported" => "2005-02-07","severity" => undef},{"affected_versions" => ["==5.8.0"],"cves" => ["CVE-2005-0155"],"description" => "The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.\n","distribution" => "perl","fixed_versions" => [">=5.8.1"],"id" => "CPANSA-perl-2005-0155","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://www.trustix.org/errata/2005/0003/","http://www.securityfocus.com/bid/12426","http://secunia.com/advisories/14120","http://fedoranews.org/updates/FEDORA--.shtml","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm","http://secunia.com/advisories/21646","http://www.mandriva.com/security/advisories?name=MDKSA-2005:031","http://marc.info/?l=bugtraq&m=110737149402683&w=2","http://marc.info/?l=full-disclosure&m=110779723332339&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/19207","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404","http://www.digitalmunition.com/DMA[2005-0131a].txt"],"reported" => "2005-05-02","severity" => undef},{"affected_versions" => ["<=5.8.8"],"cves" => ["CVE-2007-5116"],"description" => "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.\n","distribution" => "perl","fixed_versions" => [">5.8.8"],"id" => "CPANSA-perl-2007-5116","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=323571","http://www.mandriva.com/security/advisories?name=MDKSA-2007:207","http://www.redhat.com/support/errata/RHSA-2007-0966.html","http://www.redhat.com/support/errata/RHSA-2007-1011.html","http://www.securityfocus.com/bid/26350","http://secunia.com/advisories/27531","http://secunia.com/advisories/27546","https://bugzilla.redhat.com/show_bug.cgi?id=378131","https://issues.rpath.com/browse/RPL-1813","http://www.debian.org/security/2007/dsa-1400","http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml","http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html","http://www.novell.com/linux/security/advisories/2007_24_sr.html","http://www.ubuntu.com/usn/usn-552-1","http://securitytracker.com/id?1018899","http://secunia.com/advisories/27479","http://secunia.com/advisories/27515","http://secunia.com/advisories/27548","http://secunia.com/advisories/27613","http://secunia.com/advisories/27570","http://secunia.com/advisories/27936","http://docs.info.apple.com/article.html?artnum=307179","ftp://aix.software.ibm.com/aix/efixes/security/README","http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220","http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28167","http://lists.vmware.com/pipermail/security-announce/2008/000002.html","http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm","http://secunia.com/advisories/28368","http://secunia.com/advisories/28387","http://secunia.com/advisories/27756","http://www.vmware.com/security/advisories/VMSA-2008-0001.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1","http://secunia.com/advisories/28993","http://secunia.com/advisories/29074","http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1","http://secunia.com/advisories/31208","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2008/0064","http://www.vupen.com/english/advisories/2008/0641","http://www.vupen.com/english/advisories/2007/3724","http://www.vupen.com/english/advisories/2007/4255","http://marc.info/?l=bugtraq&m=120352263023774&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/38270","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669","http://www.securityfocus.com/archive/1/486859/100/0/threaded","http://www.securityfocus.com/archive/1/485936/100/0/threaded","http://www.securityfocus.com/archive/1/483584/100/0/threaded","http://www.securityfocus.com/archive/1/483563/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => ["<5.16.0"],"cves" => ["CVE-2012-5195"],"description" => "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.\n","distribution" => "perl","fixed_versions" => [">=5.16.0"],"id" => "CPANSA-perl-2012-5195","references" => ["http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44","http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html","http://www.securityfocus.com/bid/56287","http://www.openwall.com/lists/oss-security/2012/10/27/1","http://secunia.com/advisories/51457","http://www.openwall.com/lists/oss-security/2012/10/26/2","http://www.ubuntu.com/usn/USN-1643-1","http://www.debian.org/security/2012/dsa-2586","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://secunia.com/advisories/55314","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673"],"reported" => "2012-12-18","severity" => undef},{"affected_versions" => ["<5.22.1"],"cves" => ["CVE-2016-2381"],"description" => "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.\n","distribution" => "perl","fixed_versions" => [">=5.22.1"],"id" => "CPANSA-perl-2016-2381","references" => ["http://www.gossamer-threads.com/lists/perl/porters/326387","http://www.debian.org/security/2016/dsa-3501","http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.securityfocus.com/bid/83802","http://www.ubuntu.com/usn/USN-2916-1","http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html","https://security.gentoo.org/glsa/201701-75","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2016-04-08","severity" => "high"},{"affected_versions" => ["==5.8.1"],"cves" => ["CVE-2003-0900"],"description" => "Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.\n","distribution" => "perl","fixed_versions" => [">5.8.1"],"id" => "CPANSA-perl-2003-0900","references" => ["https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711"],"reported" => "2003-12-31","severity" => undef},{"affected_versions" => ["<5.20.0"],"cves" => ["CVE-2013-7422"],"description" => "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.\n","distribution" => "perl","fixed_versions" => [">=5.20"],"id" => "CPANSA-perl-2013-7422","references" => ["http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html","https://support.apple.com/kb/HT205031","http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06","http://www.securityfocus.com/bid/75704","http://www.ubuntu.com/usn/USN-2916-1","https://security.gentoo.org/glsa/201507-11"],"reported" => "2015-08-16","severity" => undef},{"affected_versions" => ["<5.22.2"],"cves" => ["CVE-2015-8608"],"description" => "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.\n","distribution" => "perl","fixed_versions" => [">=5.22.2"],"id" => "CPANSA-perl-2015-8608","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=126755","https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2017-02-07","severity" => "critical"},{"affected_versions" => ["<5.14.0"],"cves" => ["CVE-2011-1487"],"description" => "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.\n","distribution" => "perl","fixed_versions" => [">=5.14.0"],"id" => "CPANSA-perl-2011-1487","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=692844","http://openwall.com/lists/oss-security/2011/04/01/3","http://openwall.com/lists/oss-security/2011/04/04/35","https://bugzilla.redhat.com/show_bug.cgi?id=692898","http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336","http://secunia.com/advisories/43921","http://www.securityfocus.com/bid/47124","http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99","http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html","http://secunia.com/advisories/44168","http://www.debian.org/security/2011/dsa-2265","http://www.mandriva.com/security/advisories?name=MDVSA-2011:091","http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"],"reported" => "2011-04-11","severity" => undef},{"affected_versions" => ["<5.4.4"],"cves" => ["CVE-1999-1386"],"description" => "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.\n","distribution" => "perl","fixed_versions" => [">5.4.4"],"id" => "CPANSA-perl-1999-1386","references" => ["http://www.redhat.com/support/errata/rh50-errata-general.html#perl","http://www.iss.net/security_center/static/7243.php","http://marc.info/?l=bugtraq&m=88932165406213&w=2"],"reported" => "1999-12-31","severity" => undef},{"affected_versions" => [">=5.24.0,<5.24.3","==5.26.0"],"cves" => ["CVE-2017-12814"],"description" => "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12814","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=131665","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","http://www.securityfocus.com/bid/101051","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5243delta","https://github.com/Perl/perl5/issues/16051","https://perldoc.perl.org/perl5261delta","https://perldoc.perl.org/perl5280delta"],"reported" => "2017-09-28","severity" => "critical"},{"affected_versions" => ["==5.34.0"],"cves" => ["CVE-2022-48522"],"description" => "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.\n","distribution" => "perl","fixed_versions" => [">=5.34.1"],"id" => "CPANSA-perl-2022-48522","references" => ["https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48522","https://security.netapp.com/advisory/ntap-20230915-0008/","https://ubuntu.com/security/CVE-2022-48522"],"reported" => "2023-08-22","severity" => undef},{"affected_versions" => [">=5.30.0,<5.34.3",">=5.36.0,<5.36.3","==5.38.0"],"cves" => ["CVE-2023-47038"],"description" => "A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one attacker controlled byte buffer overflow in a heap allocated buffer\n","distribution" => "perl","fixed_versions" => ["==5.34.3","==5.36.3","==5.38.1"],"id" => "CPANSA-perl-2023-47038","references" => ["https://perldoc.perl.org/perl5342delta","https://perldoc.perl.org/perl5363delta","https://perldoc.perl.org/perl5381delta","https://perldoc.perl.org/perl5382delta","https://perldoc.perl.org/perl5400delta"],"reported" => "2023-10-30","severity" => undef},{"affected_versions" => ["<5.34.2",">=5.36.0,<5.36.3","==5.38.0"],"cves" => ["CVE-2023-47039"],"description" => "Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory.\n\nAn attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.\n","distribution" => "perl","fixed_versions" => [">=5.38.1"],"id" => "CPANSA-perl-2023-47039","references" => ["https://github.com/ycdxsb/WindowsPrivilegeEscalation","https://perldoc.perl.org/perl5342delta","https://perldoc.perl.org/perl5363delta","https://perldoc.perl.org/perl5381delta","https://perldoc.perl.org/perl5382delta","https://perldoc.perl.org/perl5400delta"],"reported" => "2023-10-30","severity" => undef},{"affected_versions" => ["<5.34.3",">=5.36.0,<5.36.3",">=5.38.0,<5.38.2"],"cves" => ["CVE-2023-47100"],"description" => "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.\n","distribution" => "perl","fixed_versions" => [">=5.38.2"],"id" => "CPANSA-perl-2023-47100","references" => ["https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3","https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010","https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"],"reported" => undef,"severity" => undef},{"affected_versions" => [">0,<5.38.4",">=5.40.0,<5.40.2"],"cves" => ["CVE-2024-56406"],"description" => "A heap buffer overflow vulnerability was discovered in Perl.   When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.  \x{a0} \x{a0}\$ perl -e '\$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;'  \x{a0} \x{a0}Segmentation fault (core dumped)  It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.","distribution" => "perl","fixed_versions" => [">=5.40.1",">=5.38.4,<5.40.0"],"id" => "CPANSA-perl-2024-56406","references" => ["https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch","https://metacpan.org/release/SHAY/perl-5.38.4/changes","https://metacpan.org/release/SHAY/perl-5.40.2/changes","http://www.openwall.com/lists/oss-security/2025/04/13/3","http://www.openwall.com/lists/oss-security/2025/04/13/4"],"reported" => "2025-04-13","severity" => undef},{"affected_versions" => [">=5.16.3,<5.38.5",">=5.40.0,<5.40.3",">=5.41.0,<5.41.13"],"cves" => ["CVE-2025-40909"],"description" => "Perl threads have a working directory race condition where file operations may target unintended paths.  If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\x{a0}that handle for the new thread, which is visible from any third (or\x{a0}more) thread already running.   This may lead to unintended operations\x{a0}such as loading code or accessing files from unexpected locations,\x{a0}which a local attacker may be able to exploit.  The bug was introduced in commit\x{a0}11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6","distribution" => "perl","fixed_versions" => [">=5.41.13",">=5.38.5,<5.40.0",">=5.40.3"],"id" => "CPANSA-perl-2025-40909","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226","https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e","https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch","https://github.com/Perl/perl5/issues/10387","https://github.com/Perl/perl5/issues/23010","https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads","https://www.openwall.com/lists/oss-security/2025/05/22/2","http://www.openwall.com/lists/oss-security/2025/05/23/1","http://www.openwall.com/lists/oss-security/2025/05/30/4"],"reported" => "2025-05-30","severity" => undef},{"affected_versions" => [">=4.0,<5.4.0"],"cves" => ["CVE-1999-0034"],"description" => "Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-1999-0034","references" => ["https://exchange.xforce.ibmcloud.com/vulnerabilities/448","https://www.cpan.org/src/5.0/CA-97.17.sperl"],"reported" => "1997-05-29","severity" => undef},{"affected_versions" => [">=4.0,<5.6.0"],"cves" => ["CVE-1999-0462"],"description" => "suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-1999-0462","references" => ["http://www.securityfocus.com/bid/339"],"reported" => "1999-03-17","severity" => undef},{"affected_versions" => ["<5.6.1"],"cves" => ["CVE-2000-0703"],"description" => "suidperl (aka sperl) does not properly cleanse the escape sequence \"~!\" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the \"interactive\" environmental variable and calling suidperl with a filename that contains the escape sequence.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-2000-0703","references" => ["http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html","http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt","http://www.securityfocus.com/bid/1547","http://www.novell.com/linux/security/advisories/suse_security_announce_59.html","http://www.redhat.com/support/errata/RHSA-2000-048.html","http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html","https://www.cpan.org/src/5.0/sperl-2000-08-05/sperl-2000-08-05.txt"],"reported" => "2000-10-20","severity" => undef}],"main_module" => "perl","versions" => [{"date" => "1996-02-03T07:48:14","version" => "5.002"},{"date" => "1996-08-08T23:13:50","version" => "5.003_02"},{"date" => "1996-08-10T19:07:27","version" => "5.003_02"},{"date" => "1996-08-28T16:43:47","version" => "5.003_03"},{"date" => "1996-09-02T23:25:30","version" => "5.003_04"},{"date" => "1996-09-12T20:10:42","version" => "5.003_05"},{"date" => "1996-10-08T21:59:27","version" => "5.003_06"},{"date" => "1996-10-11T03:39:44","version" => "5.003_07"},{"date" => "1996-11-19T07:27:23","version" => "5.003_08"},{"date" => "1996-11-26T09:46:17","version" => "5.003_09"},{"date" => "1996-11-30T01:22:23","version" => "5.003_10"},{"date" => "1996-12-06T09:08:18","version" => "5.003_11"},{"date" => "1996-12-19T04:59:47","version" => "5.003_12"},{"date" => "1996-12-20T02:59:16","version" => "5.003_13"},{"date" => "1996-12-23T22:09:26","version" => "5.003_15"},{"date" => "1996-12-24T23:22:02","version" => "5.003_16"},{"date" => "1996-12-27T20:20:05","version" => "5.003_17"},{"date" => "1996-12-31T21:35:40","version" => "5.003_18"},{"date" => "1997-01-04T06:02:28","version" => "5.003_19"},{"date" => "1997-01-08T02:15:49","version" => "5.003_20"},{"date" => "1997-01-15T23:12:15","version" => "5.003_21"},{"date" => "1997-01-16T20:04:16","version" => "5.003_22"},{"date" => "1997-01-25T10:04:29","version" => "5.003_23"},{"date" => "1997-01-29T06:05:11","version" => "5.003_24"},{"date" => "1997-02-04T05:41:02","version" => "5.003_25"},{"date" => "1997-02-10T19:37:44","version" => "5.003_26"},{"date" => "1997-02-18T01:13:23","version" => "5.003_27"},{"date" => "1997-02-21T17:17:57","version" => "5.003_28"},{"date" => "1997-02-25T03:29:59","version" => "5.003_90"},{"date" => "1997-03-01T08:08:54","version" => "5.003_91"},{"date" => "1997-03-06T18:24:17","version" => "5.003_92"},{"date" => "1997-03-10T12:06:55","version" => "5.003_93"},{"date" => "1997-03-22T05:43:00","version" => "5.003_94"},{"date" => "1997-03-25T19:52:24","version" => "5.003_95"},{"date" => "1997-04-01T00:50:13","version" => "5.003_96"},{"date" => "1997-04-03T00:50:37","version" => "5.003_97"},{"date" => "1997-04-24T00:56:53","version" => "5.003_97"},{"date" => "1997-04-25T03:44:34","version" => "5.003_97"},{"date" => "1997-04-28T20:33:01","version" => "5.003_97"},{"date" => "1997-04-30T15:40:09","version" => "5.003_98"},{"date" => "1997-05-01T18:40:08","version" => "5.003_99"},{"date" => "1997-05-09T05:37:58","version" => "5.003_99"},{"date" => "1997-05-15T22:54:01","version" => "5.004"},{"date" => "1997-06-13T15:08:00","version" => "5.004_01"},{"date" => "1997-08-07T20:07:25","version" => "5.004_02"},{"date" => "1997-09-05T17:46:00","version" => "5.004_03"},{"date" => "1997-09-05T18:13:00","version" => "5.004"},{"date" => "1997-09-19T18:22:20","version" => "5.004"},{"date" => "1997-09-23T06:21:18","version" => "5.004"},{"date" => "1997-10-02T16:49:00","version" => "5.004_51"},{"date" => "1997-10-09T23:16:38","version" => "5.004"},{"date" => "1997-10-14T19:19:40","version" => "5.004"},{"date" => "1997-10-15T16:17:00","version" => "5.004_52"},{"date" => "1997-10-15T16:28:24","version" => "5.004_04"},{"date" => "1997-10-16T16:24:00","version" => "5.004_53"},{"date" => "1997-11-14T17:04:00","version" => "5.004_54"},{"date" => "1997-11-25T17:17:00","version" => "5.004_55"},{"date" => "1997-12-18T16:20:00","version" => "5.004_56"},{"date" => "1998-02-03T15:06:00","version" => "5.004_57"},{"date" => "1998-02-06T17:25:00","version" => "5.004_58"},{"date" => "1998-02-13T16:42:00","version" => "5.004_59"},{"date" => "1998-02-20T17:42:00","version" => "5.004_60"},{"date" => "1998-02-27T17:55:00","version" => "5.004_61"},{"date" => "1998-03-04T19:46:42","version" => "5.004"},{"date" => "1998-03-06T15:27:00","version" => "5.004_62"},{"date" => "1998-03-17T15:29:00","version" => "5.004_63"},{"date" => "1998-04-03T15:44:00","version" => "5.004_64"},{"date" => "1998-05-01T23:37:24","version" => "5.004_04"},{"date" => "1998-05-15T15:57:00","version" => "5.004_65"},{"date" => "1998-05-15T23:46:53","version" => "5.004_04"},{"date" => "1998-05-19T23:51:10","version" => "5.004_04"},{"date" => "1998-05-29T15:23:00","version" => "5.004_66"},{"date" => "1998-06-15T11:47:27","version" => "5.004_67"},{"date" => "1998-06-23T11:50:59","version" => "5.004_68"},{"date" => "1998-06-29T09:42:04","version" => "5.004_69"},{"date" => "1998-07-06T08:22:24","version" => "5.004_70"},{"date" => "1998-07-09T13:47:36","version" => "5.004_71"},{"date" => "1998-07-12T13:32:41","version" => "5.004_72"},{"date" => "1998-07-13T09:17:14","version" => "5.004_73"},{"date" => "1998-07-14T10:31:15","version" => "5.004_74"},{"date" => "1998-07-15T11:29:51","version" => "5.005"},{"date" => "1998-07-21T05:16:24","version" => "5.004_05"},{"date" => "1998-07-21T11:36:27","version" => "5.005"},{"date" => "1998-07-23T00:55:19","version" => "5.005"},{"date" => "1998-07-26T06:20:30","version" => "5.005_50"},{"date" => "1998-07-27T00:16:22","version" => "5.005_01"},{"date" => "1998-08-02T10:32:29","version" => "5.005_02"},{"date" => "1998-08-05T10:49:59","version" => "5.005_02"},{"date" => "1998-08-08T05:46:05","version" => "5.005_02"},{"date" => "1998-08-10T08:33:23","version" => "5.005_51"},{"date" => "1998-09-25T11:59:38","version" => "5.005_52"},{"date" => "1998-10-09T17:05:49","version" => "5.004_05"},{"date" => "1998-10-31T12:32:20","version" => "5.005_53"},{"date" => "1998-11-22T23:06:16","version" => "5.004_05"},{"date" => "1998-11-30T03:26:39","version" => "5.005_03"},{"date" => "1998-11-30T04:29:11","version" => "5.005_54"},{"date" => "1998-12-03T17:22:19","version" => "5.004_05"},{"date" => "1999-01-03T20:44:49","version" => "5.005_03"},{"date" => "1999-01-17T18:28:14","version" => "5.005_03"},{"date" => "1999-01-26T04:39:36","version" => "5.005_03"},{"date" => "1999-01-29T05:03:44","version" => "5.005_03"},{"date" => "1999-02-16T07:11:42","version" => "5.005_55"},{"date" => "1999-03-01T05:38:00","version" => "5.005_56"},{"date" => "1999-03-05T02:22:53","version" => "5.005_03"},{"date" => "1999-03-29T00:50:43","version" => "5.005_03"},{"date" => "1999-04-27T00:23:40","version" => "5.004_05"},{"date" => "1999-04-29T20:04:24","version" => "5.004_05"},{"date" => "1999-05-25T10:36:40","version" => "5.005_57"},{"date" => "1999-07-27T11:00:38","version" => "5.005_58"},{"date" => "1999-08-02T08:52:25","version" => "5.005_59"},{"date" => "1999-08-02T21:13:44","version" => "5.005_60"},{"date" => "1999-08-22T20:40:16","version" => "5.005_61"},{"date" => "1999-10-15T10:36:17","version" => "5.005_62"},{"date" => "1999-12-09T11:38:49","version" => "5.005_63"},{"date" => "2000-02-02T13:06:00","version" => "v5.5.640"},{"date" => "2000-02-08T08:37:47","version" => "v5.5.650"},{"date" => "2000-02-22T11:41:34","version" => "v5.5.660"},{"date" => "2000-03-01T07:34:59","version" => "v5.5.670"},{"date" => "2000-03-23T06:06:13","version" => "v5.6.0"},{"date" => "2000-09-02T18:07:32","version" => "v5.7.0"},{"date" => "2000-12-18T10:12:29","version" => "v5.6.1"},{"date" => "2001-01-31T16:18:51","version" => "v5.6.1"},{"date" => "2001-03-19T09:36:57","version" => "v5.6.1"},{"date" => "2001-04-09T04:47:17","version" => "v5.6.1"},{"date" => "2001-04-10T02:54:00","version" => "v5.7.1"},{"date" => "2001-07-13T14:50:55","version" => "v5.7.2"},{"date" => "2002-03-05T05:00:31","version" => "v5.7.3"},{"date" => "2002-06-01T19:09:00","version" => "v5.8.0"},{"date" => "2002-06-21T14:56:35","version" => "v5.8.0"},{"date" => "2002-07-14T00:26:18","version" => "v5.8.0"},{"date" => "2002-07-18T23:32:56","version" => "v5.8.0"},{"date" => "2003-07-10T06:52:39","version" => "v5.8.1"},{"date" => "2003-07-11T12:23:20","version" => "v5.8.1"},{"date" => "2003-07-30T20:28:59","version" => "v5.8.1"},{"date" => "2003-08-01T15:49:36","version" => "v5.8.1"},{"date" => "2003-09-22T09:14:19","version" => "v5.8.1"},{"date" => "2003-09-25T11:49:06","version" => "v5.8.1"},{"date" => "2003-10-27T02:59:51","version" => "5.009"},{"date" => "2003-10-27T23:40:16","version" => "5.008001"},{"date" => "2003-11-03T09:03:41","version" => "5.008001"},{"date" => "2003-11-05T23:34:05","version" => "5.008001"},{"date" => "2003-11-08T15:53:25","version" => "v5.6.2"},{"date" => "2003-11-15T12:53:43","version" => "v5.6.2"},{"date" => "2003-12-05T16:42:45","version" => "5.005_03"},{"date" => "2004-01-07T14:40:01","version" => "5.008001"},{"date" => "2004-01-14T19:03:21","version" => "5.008003"},{"date" => "2004-01-20T21:48:04","version" => "5.005_03"},{"date" => "2004-01-27T21:18:43","version" => "5.005_03"},{"date" => "2004-02-04T22:55:06","version" => "5.005_04"},{"date" => "2004-02-18T14:20:15","version" => "5.005"},{"date" => "2004-02-23T14:02:10","version" => "5.005"},{"date" => "2004-03-16T19:35:25","version" => "5.009001"},{"date" => "2004-04-05T21:27:48","version" => "5.008003"},{"date" => "2004-04-15T22:59:51","version" => "5.008003"},{"date" => "2004-04-21T23:03:10","version" => "5.008003"},{"date" => "2004-07-06T21:41:21","version" => "5.008005"},{"date" => "2004-07-08T21:55:05","version" => "5.008005"},{"date" => "2004-07-19T21:56:20","version" => "5.008005"},{"date" => "2004-11-11T19:56:33","version" => "5.008006"},{"date" => "2004-11-27T23:56:17","version" => "5.008006"},{"date" => "2005-04-01T09:53:24","version" => "5.009002"},{"date" => "2005-05-18T16:35:37","version" => "5.008007"},{"date" => "2005-05-30T22:19:23","version" => "5.008007"},{"date" => "2006-01-20T10:09:18","version" => "5.008008"},{"date" => "2006-01-28T11:11:38","version" => "5.009003"},{"date" => "2006-02-01T00:00:59","version" => "5.008008"},{"date" => "2006-08-15T13:48:30","version" => "5.009004"},{"date" => "2007-07-07T16:13:57","version" => "5.009005"},{"date" => "2007-11-17T15:31:20","version" => "5.009005"},{"date" => "2007-11-25T18:22:18","version" => "5.010000"},{"date" => "2007-12-18T17:41:41","version" => "5.010000"},{"date" => "2008-11-10T23:14:59","version" => "5.008009"},{"date" => "2008-12-06T22:50:35","version" => "5.008009"},{"date" => "2008-12-14T23:08:28","version" => "5.008009"},{"date" => "2009-08-06T16:11:03","version" => "5.010001"},{"date" => "2009-08-18T23:45:03","version" => "5.010001"},{"date" => "2009-08-23T14:21:38","version" => "5.010001"},{"date" => "2009-10-02T20:51:46","version" => "5.011000"},{"date" => "2009-10-20T17:51:38","version" => "5.011001"},{"date" => "2009-11-20T07:20:52","version" => "5.011002"},{"date" => "2009-12-21T04:49:14","version" => "5.011003"},{"date" => "2010-01-20T16:48:28","version" => "5.011004"},{"date" => "2010-02-21T00:45:26","version" => "5.011005"},{"date" => "2010-03-21T20:41:11","version" => "5.012000"},{"date" => "2010-03-29T18:29:49","version" => "5.012000"},{"date" => "2010-04-01T02:38:12","version" => "5.012000"},{"date" => "2010-04-03T02:40:48","version" => "5.012000"},{"date" => "2010-04-07T05:39:46","version" => "5.012000"},{"date" => "2010-04-10T03:46:04","version" => "5.012000"},{"date" => "2010-04-12T22:38:37","version" => "5.012000"},{"date" => "2010-04-20T20:06:02","version" => "5.013000"},{"date" => "2010-05-10T02:43:48","version" => "5.012001"},{"date" => "2010-05-13T22:31:41","version" => "5.012001"},{"date" => "2010-05-16T22:40:16","version" => "5.012001"},{"date" => "2010-05-20T14:03:45","version" => "5.013001"},{"date" => "2010-06-22T21:39:26","version" => "5.013002"},{"date" => "2010-07-20T10:23:23","version" => "5.013003"},{"date" => "2010-08-20T15:39:07","version" => "5.013004"},{"date" => "2010-08-31T16:48:01","version" => "5.012002"},{"date" => "2010-09-07T01:41:31","version" => "5.012002"},{"date" => "2010-09-19T21:22:47","version" => "5.013005"},{"date" => "2010-10-21T01:41:01","version" => "5.013006"},{"date" => "2010-11-21T01:14:06","version" => "5.013007"},{"date" => "2010-12-19T23:06:25","version" => "5.013008"},{"date" => "2011-01-10T02:12:53","version" => "5.012003"},{"date" => "2011-01-15T04:05:30","version" => "5.012003"},{"date" => "2011-01-18T02:13:17","version" => "5.012003"},{"date" => "2011-01-21T01:42:07","version" => "5.013009"},{"date" => "2011-01-22T03:35:35","version" => "5.012003"},{"date" => "2011-02-20T19:18:02","version" => "5.013010"},{"date" => "2011-03-20T19:49:16","version" => "5.013011"},{"date" => "2011-04-20T11:53:32","version" => "5.014000"},{"date" => "2011-05-04T16:42:27","version" => "5.014000"},{"date" => "2011-05-11T15:49:42","version" => "5.014000"},{"date" => "2011-05-14T20:34:05","version" => "5.014000"},{"date" => "2011-06-08T13:19:36","version" => "5.012004"},{"date" => "2011-06-09T23:48:04","version" => "5.014001"},{"date" => "2011-06-15T17:00:36","version" => "5.012004"},{"date" => "2011-06-17T02:42:01","version" => "5.014001"},{"date" => "2011-06-20T10:41:26","version" => "5.012004"},{"date" => "2011-06-20T23:26:37","version" => "5.015000"},{"date" => "2011-07-20T21:15:08","version" => "5.015001"},{"date" => "2011-08-21T00:05:23","version" => "5.015002"},{"date" => "2011-09-19T11:23:55","version" => "5.014002"},{"date" => "2011-09-21T03:05:05","version" => "5.015003"},{"date" => "2011-09-26T14:56:49","version" => "5.014002"},{"date" => "2011-10-20T21:17:45","version" => "5.015004"},{"date" => "2011-11-20T20:41:00","version" => "5.015005"},{"date" => "2011-12-20T17:55:58","version" => "5.015006"},{"date" => "2012-01-20T20:08:28","version" => "5.015007"},{"date" => "2012-02-20T22:38:13","version" => "5.015008"},{"date" => "2012-03-20T19:16:38","version" => "5.015009"},{"date" => "2012-05-11T03:41:02","version" => "5.016000"},{"date" => "2012-05-15T02:51:48","version" => "5.016000"},{"date" => "2012-05-16T03:22:59","version" => "5.016000"},{"date" => "2012-05-20T22:51:12","version" => "5.016000"},{"date" => "2012-05-26T16:24:02","version" => "5.017000"},{"date" => "2012-06-20T17:35:18","version" => "5.017001"},{"date" => "2012-07-20T14:27:59","version" => "5.017002"},{"date" => "2012-08-03T18:59:23","version" => "5.016001"},{"date" => "2012-08-08T22:30:11","version" => "5.016001"},{"date" => "2012-08-20T14:12:02","version" => "5.017003"},{"date" => "2012-09-20T00:39:08","version" => "5.017004"},{"date" => "2012-09-26T22:15:57","version" => "5.014003"},{"date" => "2012-10-10T19:46:29","version" => "5.014003"},{"date" => "2012-10-12T20:25:20","version" => "5.014003"},{"date" => "2012-10-20T16:31:11","version" => "5.017005"},{"date" => "2012-10-27T01:23:09","version" => "5.016002"},{"date" => "2012-11-01T13:44:07","version" => "5.016002"},{"date" => "2012-11-03T17:27:59","version" => "5.012005"},{"date" => "2012-11-08T21:12:17","version" => "5.012005"},{"date" => "2012-11-10T14:02:17","version" => "5.012005"},{"date" => "2012-11-21T00:08:12","version" => "5.017006"},{"date" => "2012-12-18T21:50:28","version" => "5.017007"},{"date" => "2013-01-20T18:48:45","version" => "5.017008"},{"date" => "2013-02-20T22:21:02","version" => "5.017009"},{"date" => "2013-03-05T17:03:49","version" => "5.014004"},{"date" => "2013-03-07T16:03:14","version" => "5.016003"},{"date" => "2013-03-07T19:52:52","version" => "5.014004"},{"date" => "2013-03-10T23:47:40","version" => "5.014004"},{"date" => "2013-03-11T21:08:33","version" => "5.016003"},{"date" => "2013-03-21T23:11:03","version" => "5.017010"},{"date" => "2013-04-21T00:52:16","version" => "5.017011"},{"date" => "2013-05-11T12:29:53","version" => "5.018000"},{"date" => "2013-05-12T23:14:51","version" => "5.018000"},{"date" => "2013-05-14T01:32:05","version" => "5.018000"},{"date" => "2013-05-16T02:53:44","version" => "5.018000"},{"date" => "2013-05-18T13:33:49","version" => "5.018000"},{"date" => "2013-05-20T13:12:38","version" => "5.019000"},{"date" => "2013-06-21T01:24:18","version" => "5.019001"},{"date" => "2013-07-22T05:59:35","version" => "5.019002"},{"date" => "2013-08-02T03:09:02","version" => "5.018001"},{"date" => "2013-08-04T12:34:33","version" => "5.018001"},{"date" => "2013-08-09T02:28:00","version" => "5.018001"},{"date" => "2013-08-12T14:31:08","version" => "5.018001"},{"date" => "2013-08-20T16:09:42","version" => "5.019003"},{"date" => "2013-09-20T15:58:20","version" => "5.019004"},{"date" => "2013-10-20T13:25:55","version" => "5.019005"},{"date" => "2013-11-20T20:37:20","version" => "5.019006"},{"date" => "2013-12-02T22:36:49","version" => "5.018002"},{"date" => "2013-12-07T13:55:43","version" => "5.018002"},{"date" => "2013-12-19T21:27:42","version" => "5.018002"},{"date" => "2013-12-20T20:55:37","version" => "5.019007"},{"date" => "2013-12-22T03:30:43","version" => "5.018002"},{"date" => "2014-01-07T01:52:57","version" => "5.018002"},{"date" => "2014-01-20T21:59:04","version" => "5.019008"},{"date" => "2014-02-20T04:24:45","version" => "5.019009"},{"date" => "2014-03-20T20:40:26","version" => "5.019010"},{"date" => "2014-04-20T15:47:12","version" => "5.019011"},{"date" => "2014-05-17T00:16:49","version" => "5.020000"},{"date" => "2014-05-27T01:35:13","version" => "5.020000"},{"date" => "2014-05-27T14:32:18","version" => "5.021000"},{"date" => "2014-06-20T15:31:10","version" => "5.021001"},{"date" => "2014-07-20T13:48:02","version" => "5.021002"},{"date" => "2014-08-21T02:26:13","version" => "5.021003"},{"date" => "2014-08-25T18:10:32","version" => "5.020001"},{"date" => "2014-09-07T17:01:11","version" => "5.020001"},{"date" => "2014-09-14T13:11:14","version" => "5.020001"},{"date" => "2014-09-17T20:29:53","version" => "5.018003"},{"date" => "2014-09-20T13:33:14","version" => "5.021004"},{"date" => "2014-09-27T12:54:08","version" => "5.018003"},{"date" => "2014-10-01T13:22:50","version" => "5.018003"},{"date" => "2014-10-02T00:48:31","version" => "5.018004"},{"date" => "2014-10-20T16:54:20","version" => "5.021005"},{"date" => "2014-11-20T23:39:06","version" => "5.021006"},{"date" => "2014-12-20T17:34:57","version" => "5.021007"},{"date" => "2015-01-20T20:20:05","version" => "5.021008"},{"date" => "2015-02-01T03:07:56","version" => "5.020002"},{"date" => "2015-02-14T18:26:43","version" => "5.020002"},{"date" => "2015-02-21T05:27:09","version" => "5.021009"},{"date" => "2015-03-20T18:30:20","version" => "5.021010"},{"date" => "2015-04-20T21:28:37","version" => "5.021011"},{"date" => "2015-05-19T14:12:19","version" => "5.022000"},{"date" => "2015-05-21T23:03:22","version" => "5.022000"},{"date" => "2015-06-01T17:51:59","version" => "5.022000"},{"date" => "2015-06-20T20:22:32","version" => "5.023000"},{"date" => "2015-07-20T19:26:31","version" => "5.023001"},{"date" => "2015-08-20T15:36:45","version" => "5.023002"},{"date" => "2015-08-22T22:12:34","version" => "5.020003"},{"date" => "2015-08-29T22:02:43","version" => "5.020003"},{"date" => "2015-09-12T19:09:14","version" => "5.020003"},{"date" => "2015-09-21T02:47:16","version" => "5.023003"},{"date" => "2015-10-20T22:17:48","version" => "5.023004"},{"date" => "2015-10-31T18:42:58","version" => "5.022001"},{"date" => "2015-11-15T15:15:03","version" => "5.022001"},{"date" => "2015-11-20T17:09:38","version" => "5.023005"},{"date" => "2015-12-02T22:07:35","version" => "5.022001"},{"date" => "2015-12-08T21:34:05","version" => "5.022001"},{"date" => "2015-12-13T19:48:31","version" => "5.022001"},{"date" => "2015-12-21T22:40:27","version" => "5.023006"},{"date" => "2016-01-20T21:52:22","version" => "5.023007"},{"date" => "2016-02-20T21:56:31","version" => "5.023008"},{"date" => "2016-03-20T16:45:40","version" => "5.023009"},{"date" => "2016-04-10T17:29:04","version" => "5.022002"},{"date" => "2016-04-14T03:27:48","version" => "5.024000"},{"date" => "2016-04-23T20:56:14","version" => "5.024000"},{"date" => "2016-04-27T01:02:55","version" => "5.024000"},{"date" => "2016-04-29T21:39:25","version" => "5.022002"},{"date" => "2016-05-02T14:41:03","version" => "5.024000"},{"date" => "2016-05-04T22:27:57","version" => "5.024000"},{"date" => "2016-05-09T11:35:29","version" => "5.024000"},{"date" => "2016-05-09T12:02:53","version" => "5.025000"},{"date" => "2016-05-20T21:33:43","version" => "5.025001"},{"date" => "2016-06-20T21:02:44","version" => "5.025002"},{"date" => "2016-07-17T22:27:32","version" => "5.022003"},{"date" => "2016-07-17T22:29:08","version" => "5.024001"},{"date" => "2016-07-20T16:22:41","version" => "5.025003"},{"date" => "2016-07-25T12:58:33","version" => "5.022003"},{"date" => "2016-07-25T13:01:21","version" => "5.024001"},{"date" => "2016-08-11T23:47:40","version" => "5.022003"},{"date" => "2016-08-11T23:50:29","version" => "5.024001"},{"date" => "2016-08-20T20:25:19","version" => "5.025004"},{"date" => "2016-09-20T17:45:06","version" => "5.025005"},{"date" => "2016-10-12T21:39:57","version" => "5.022003"},{"date" => "2016-10-12T21:40:57","version" => "5.024001"},{"date" => "2016-10-20T15:44:55","version" => "5.025006"},{"date" => "2016-11-20T21:20:07","version" => "5.025007"},{"date" => "2016-12-20T19:14:33","version" => "5.025008"},{"date" => "2017-01-02T18:54:51","version" => "5.022003"},{"date" => "2017-01-02T18:57:38","version" => "5.024001"},{"date" => "2017-01-14T20:04:05","version" => "5.022003"},{"date" => "2017-01-14T20:04:30","version" => "5.024001"},{"date" => "2017-01-20T15:25:43","version" => "5.025009"},{"date" => "2017-02-20T21:21:01","version" => "5.025010"},{"date" => "2017-03-20T20:56:49","version" => "5.025011"},{"date" => "2017-04-20T19:32:05","version" => "5.025012"},{"date" => "2017-05-11T17:07:17","version" => "5.026000"},{"date" => "2017-05-23T23:19:34","version" => "5.026000"},{"date" => "2017-05-30T19:42:51","version" => "5.026000"},{"date" => "2017-05-31T21:11:57","version" => "5.027000"},{"date" => "2017-06-20T06:39:54","version" => "5.027001"},{"date" => "2017-07-01T21:50:24","version" => "5.022004"},{"date" => "2017-07-01T21:50:55","version" => "5.024002"},{"date" => "2017-07-15T17:26:52","version" => "5.022004"},{"date" => "2017-07-15T17:29:00","version" => "5.024002"},{"date" => "2017-07-20T19:28:36","version" => "5.027002"},{"date" => "2017-08-21T20:43:51","version" => "5.027003"},{"date" => "2017-09-10T15:37:08","version" => "5.024003"},{"date" => "2017-09-10T15:38:22","version" => "5.026001"},{"date" => "2017-09-20T21:44:22","version" => "5.027004"},{"date" => "2017-09-22T21:29:50","version" => "5.024003"},{"date" => "2017-09-22T21:30:56","version" => "5.026001"},{"date" => "2017-10-20T22:08:15","version" => "5.027005"},{"date" => "2017-11-20T22:39:31","version" => "5.027006"},{"date" => "2017-12-20T22:58:25","version" => "5.027007"},{"date" => "2018-01-20T03:17:50","version" => "5.027008"},{"date" => "2018-02-20T20:46:45","version" => "5.027009"},{"date" => "2018-03-20T21:08:53","version" => "5.027010"},{"date" => "2018-03-24T19:33:50","version" => "5.024004"},{"date" => "2018-03-24T19:37:40","version" => "5.026002"},{"date" => "2018-04-14T11:25:22","version" => "5.024004"},{"date" => "2018-04-14T11:27:18","version" => "5.026002"},{"date" => "2018-04-20T15:10:52","version" => "5.027011"},{"date" => "2018-05-21T13:12:00","version" => "5.028000"},{"date" => "2018-06-06T12:34:00","version" => "5.028000"},{"date" => "2018-06-18T22:47:34","version" => "5.028000"},{"date" => "2018-06-19T20:45:05","version" => "5.028000"},{"date" => "2018-06-23T02:05:28","version" => "5.028000"},{"date" => "2018-06-26T21:25:53","version" => "5.029000"},{"date" => "2018-07-20T15:13:07","version" => "5.029001"},{"date" => "2018-08-20T21:04:27","version" => "5.029002"},{"date" => "2018-09-21T02:58:51","version" => "5.029003"},{"date" => "2018-10-20T14:20:56","version" => "5.029004"},{"date" => "2018-11-20T22:03:07","version" => "5.029005"},{"date" => "2018-11-29T19:03:17","version" => "5.026003"},{"date" => "2018-11-29T19:03:28","version" => "5.028001"},{"date" => "2018-11-30T22:02:29","version" => "5.026003"},{"date" => "2018-11-30T22:03:06","version" => "5.028001"},{"date" => "2018-12-18T12:26:18","version" => "5.029006"},{"date" => "2019-01-20T02:16:52","version" => "5.029007"},{"date" => "2019-02-21T05:30:00","version" => "5.029008"},{"date" => "2019-03-21T11:49:45","version" => "5.029009"},{"date" => "2019-04-05T19:46:23","version" => "5.028002"},{"date" => "2019-04-19T15:07:44","version" => "5.028002"},{"date" => "2019-04-20T18:11:45","version" => "5.029010"},{"date" => "2019-05-11T22:58:31","version" => "5.030000"},{"date" => "2019-05-17T20:44:42","version" => "5.030000"},{"date" => "2019-05-22T09:35:50","version" => "5.030000"},{"date" => "2019-05-24T19:28:47","version" => "5.031000"},{"date" => "2019-06-20T20:19:01","version" => "5.031001"},{"date" => "2019-07-20T17:01:20","version" => "5.031002"},{"date" => "2019-08-20T14:02:01","version" => "5.031003"},{"date" => "2019-09-20T21:27:31","version" => "5.031004"},{"date" => "2019-10-20T14:29:11","version" => "5.031005"},{"date" => "2019-10-27T16:29:27","version" => "5.030001"},{"date" => "2019-11-10T14:14:00","version" => "5.030001"},{"date" => "2019-11-20T22:14:49","version" => "5.031006"},{"date" => "2019-12-21T03:38:57","version" => "5.031007"},{"date" => "2020-01-20T17:17:53","version" => "5.031008"},{"date" => "2020-02-20T23:03:22","version" => "5.031009"},{"date" => "2020-02-29T19:25:07","version" => "5.030002"},{"date" => "2020-03-14T17:04:56","version" => "5.030002"},{"date" => "2020-03-20T20:08:58","version" => "5.031010"},{"date" => "2020-04-28T19:49:59","version" => "5.031011"},{"date" => "2020-05-30T18:47:47","version" => "5.032000"},{"date" => "2020-06-01T19:17:48","version" => "5.028003"},{"date" => "2020-06-01T19:19:30","version" => "5.028003"},{"date" => "2020-06-01T19:19:54","version" => "5.030003"},{"date" => "2020-06-01T19:21:31","version" => "5.030003"},{"date" => "2020-06-07T21:13:05","version" => "5.032000"},{"date" => "2020-06-20T20:38:54","version" => "5.032000"},{"date" => "2020-07-17T19:38:54","version" => "5.033000"},{"date" => "2020-08-20T20:36:01","version" => "5.033001"},{"date" => "2020-09-20T16:29:59","version" => "5.033002"},{"date" => "2020-10-20T21:30:28","version" => "5.033003"},{"date" => "2020-11-20T13:32:10","version" => "5.033004"},{"date" => "2020-12-20T14:00:43","version" => "5.033005"},{"date" => "2021-01-09T16:48:26","version" => "5.032001"},{"date" => "2021-01-21T01:34:41","version" => "5.033006"},{"date" => "2021-01-23T14:56:24","version" => "5.032001"},{"date" => "2021-02-20T09:58:24","version" => "5.033007"},{"date" => "2021-03-21T00:55:24","version" => "5.033008"},{"date" => "2021-04-20T23:37:29","version" => "5.033009"},{"date" => "2021-05-04T23:24:07","version" => "5.034000"},{"date" => "2021-05-15T14:56:00","version" => "5.034000"},{"date" => "2021-05-20T20:07:59","version" => "5.034000"},{"date" => "2021-05-21T02:06:41","version" => "5.035000"},{"date" => "2021-06-20T12:39:44","version" => "5.035001"},{"date" => "2021-07-23T12:53:17","version" => "5.035002"},{"date" => "2021-08-21T03:17:40","version" => "5.035003"},{"date" => "2021-09-20T19:46:41","version" => "5.035004"},{"date" => "2021-10-21T19:32:21","version" => "5.035005"},{"date" => "2021-11-21T00:22:09","version" => "5.035006"},{"date" => "2021-12-20T23:35:42","version" => "5.035007"},{"date" => "2022-01-20T22:39:08","version" => "5.035008"},{"date" => "2022-02-20T12:32:59","version" => "5.035009"},{"date" => "2022-02-27T14:18:13","version" => "5.034001"},{"date" => "2022-03-06T17:23:15","version" => "5.034001"},{"date" => "2022-03-13T08:40:18","version" => "5.034001"},{"date" => "2022-03-20T18:33:42","version" => "5.035010"},{"date" => "2022-04-20T20:33:20","version" => "5.035011"},{"date" => "2022-05-21T00:12:21","version" => "5.036000"},{"date" => "2022-05-22T19:36:07","version" => "5.036000"},{"date" => "2022-05-28T00:26:10","version" => "5.036000"},{"date" => "2022-05-28T02:33:40","version" => "5.037000"},{"date" => "2022-06-20T18:57:04","version" => "5.037001"},{"date" => "2022-07-21T01:37:24","version" => "5.037002"},{"date" => "2022-08-20T18:57:47","version" => "5.037003"},{"date" => "2022-09-21T00:25:19","version" => "5.037004"},{"date" => "2022-10-20T17:33:58","version" => "5.037005"},{"date" => "2022-11-20T11:56:16","version" => "5.037006"},{"date" => "2022-12-20T17:14:30","version" => "5.037007"},{"date" => "2023-01-20T15:20:59","version" => "5.037008"},{"date" => "2023-02-20T20:45:20","version" => "5.037009"},{"date" => "2023-03-21T08:16:37","version" => "5.037010"},{"date" => "2023-04-10T20:07:53","version" => "5.036001"},{"date" => "2023-04-11T19:50:09","version" => "5.036001"},{"date" => "2023-04-16T15:35:15","version" => "5.036001"},{"date" => "2023-04-20T19:05:36","version" => "5.037011"},{"date" => "2023-04-23T15:22:26","version" => "5.036001"},{"date" => "2023-06-16T02:09:05","version" => "5.038000"},{"date" => "2023-06-23T21:17:27","version" => "5.038000"},{"date" => "2023-07-02T23:00:28","version" => "5.038000"},{"date" => "2023-07-20T19:09:13","version" => "5.039001"},{"date" => "2023-08-20T22:46:17","version" => "5.039002"},{"date" => "2023-09-20T16:12:58","version" => "5.039003"},{"date" => "2023-10-25T19:15:57","version" => "5.039004"},{"date" => "2023-11-20T02:49:43","version" => "5.039005"},{"date" => "2023-11-25T15:19:49","version" => "5.034002"},{"date" => "2023-11-25T15:20:11","version" => "5.036002"},{"date" => "2023-11-25T15:21:49","version" => "5.038001"},{"date" => "2023-11-25T15:58:49","version" => "5.034002"},{"date" => "2023-11-25T15:59:01","version" => "5.036002"},{"date" => "2023-11-25T15:59:13","version" => "5.038001"},{"date" => "2023-11-29T13:10:30","version" => "5.034003"},{"date" => "2023-11-29T16:08:59","version" => "5.036003"},{"date" => "2023-11-29T16:10:36","version" => "5.038002"},{"date" => "2023-12-30T21:59:20","version" => "5.039006"},{"date" => "2024-01-20T12:44:12","version" => "5.039007"},{"date" => "2024-02-23T14:25:56","version" => "5.039008"},{"date" => "2024-03-20T16:26:28","version" => "5.039009"},{"date" => "2024-04-27T19:22:49","version" => "5.039010"},{"date" => "2024-05-24T20:45:21","version" => "5.040000"},{"date" => "2024-06-04T21:47:57","version" => "5.040000"},{"date" => "2024-06-09T20:45:37","version" => "5.040000"},{"date" => "2024-07-02T14:28:09","version" => "5.041001"},{"date" => "2024-07-20T20:54:48","version" => "5.041002"},{"date" => "2024-08-29T13:23:40","version" => "5.041003"},{"date" => "2024-09-20T11:18:14","version" => "5.041004"},{"date" => "2024-10-20T20:49:26","version" => "5.041005"},{"date" => "2024-11-20T08:29:25","version" => "5.041006"},{"date" => "2024-12-20T14:31:24","version" => "5.041007"},{"date" => "2025-01-05T20:28:54","version" => "5.038003"},{"date" => "2025-01-05T20:32:07","version" => "5.040001"},{"date" => "2025-01-18T19:43:21","version" => "5.038003"},{"date" => "2025-01-18T19:48:20","version" => "5.040001"},{"date" => "2025-01-20T21:30:07","version" => "5.041008"},{"date" => "2025-02-24T08:19:26","version" => "5.041009"},{"date" => "2025-03-21T12:49:33","version" => "5.041010"},{"date" => "2025-04-13T13:05:54","version" => "5.038004"},{"date" => "2025-04-13T13:06:16","version" => "5.038004"},{"date" => "2025-04-13T13:06:38","version" => "5.040002"},{"date" => "2025-04-13T13:07:01","version" => "5.040002"},{"date" => "2025-04-21T01:51:01","version" => "5.041011"},{"date" => "2025-04-21T22:49:29","version" => "5.041012"},{"date" => "2025-05-28T22:19:58","version" => "5.041013"},{"date" => "2025-06-25T05:03:48","version" => "5.042000"},{"date" => "2025-06-28T06:28:22","version" => "5.042000"},{"date" => "2025-07-01T20:32:04","version" => "5.042000"},{"date" => "2025-07-03T15:23:01","version" => "5.042000"},{"date" => "2025-07-20T21:38:33","version" => "5.043001"},{"date" => "2025-07-21T20:15:44","version" => "5.038005"},{"date" => "2025-07-21T20:16:11","version" => "5.040003"},{"date" => "2025-08-03T10:10:35","version" => "5.038005"},{"date" => "2025-08-03T10:12:20","version" => "5.040003"},{"date" => "2025-08-20T19:40:22","version" => "5.043002"},{"date" => "2025-09-23T06:27:34","version" => "5.043003"},{"date" => "2025-10-23T15:35:36","version" => "5.043004"},{"date" => "2025-11-20T05:48:21","version" => "5.043005"},{"date" => "2025-12-20T17:47:41","version" => "5.043006"},{"date" => "2026-01-19T18:04:21","version" => "5.043007"},{"date" => "2026-02-20T22:33:36","version" => "5.043008"},{"date" => "2026-02-22T12:07:04","version" => "5.042001"},{"date" => "2026-03-08T18:47:44","version" => "5.042001"}]},"perl-ldap" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2020-16093"],"description" => "In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.\n","distribution" => "perl-ldap","fixed_versions" => [],"id" => "CPANSA-Net-LDAPS-2020-16093","references" => ["https://lemonldap-ng.org/download","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250","https://rt.cpan.org/Ticket/Display.html?id=131045"],"reported" => "2022-07-18","severity" => undef}],"main_module" => "Net::LDAP","versions" => [{"date" => "1998-10-31T01:14:57","version" => "1.08"},{"date" => "1998-10-31T01:19:38","version" => "0.08"},{"date" => "1998-12-23T01:16:35","version" => "0.09"},{"date" => "1999-03-18T02:58:45","version" => "0.10"},{"date" => "1999-04-18T22:10:20","version" => "0.11"},{"date" => "1999-06-28T02:40:38","version" => "0.12"},{"date" => "1999-08-15T23:27:41","version" => "0.13"},{"date" => "2000-02-14T10:34:19","version" => "0.14"},{"date" => "2000-03-22T10:46:21","version" => "0.15"},{"date" => "2000-04-27T17:02:43","version" => "0.16"},{"date" => "2000-05-12T10:16:37","version" => "0.17"},{"date" => "2000-05-22T14:53:07","version" => "0.18"},{"date" => "2000-06-08T08:30:48","version" => "0.19"},{"date" => "2000-08-03T17:07:52","version" => "0.20"},{"date" => "2000-09-12T09:32:12","version" => "0.21"},{"date" => "2000-09-14T19:08:19","version" => "0.22"},{"date" => "2001-04-19T23:25:47","version" => "0.23"},{"date" => "2001-07-17T13:01:04","version" => "0.24"},{"date" => "2001-08-25T08:15:47","version" => "0.2401"},{"date" => "2001-10-29T17:35:12","version" => "0.25"},{"date" => "2002-05-28T07:49:00","version" => "0.251"},{"date" => "2002-07-18T13:13:03","version" => "0.26"},{"date" => "2003-01-27T14:48:49","version" => "0.27"},{"date" => "2003-01-27T18:26:51","version" => "0.2701"},{"date" => "2003-05-19T22:40:30","version" => "0.28"},{"date" => "2003-06-24T10:21:09","version" => "0.29"},{"date" => "2003-10-17T21:42:36","version" => "0.30"},{"date" => "2004-01-01T10:47:23","version" => "0.31"},{"date" => "2004-07-01T15:59:03","version" => "0.32"},{"date" => "2004-07-14T21:00:39","version" => "0.3201"},{"date" => "2004-07-19T18:24:58","version" => "0.3202"},{"date" => "2005-04-25T23:02:59","version" => "0.33"},{"date" => "2007-02-10T23:53:48","version" => "0.34"},{"date" => "2008-03-30T18:58:37","version" => "0.35"},{"date" => "2008-04-21T15:21:03","version" => "0.36"},{"date" => "2008-08-28T13:02:29","version" => "0.37"},{"date" => "2008-09-21T14:28:08","version" => "0.38"},{"date" => "2008-10-27T20:10:12","version" => "0.39"},{"date" => "2010-03-12T03:03:48","version" => "0.40"},{"date" => "2010-03-24T20:01:45","version" => "0.4001"},{"date" => "2011-09-03T12:44:01","version" => "0.41"},{"date" => "2011-09-03T12:48:31","version" => "0.42"},{"date" => "2011-09-03T17:55:11","version" => "0.43"},{"date" => "2012-01-29T09:55:22","version" => "0.44"},{"date" => "2012-09-05T09:46:44","version" => "0.45"},{"date" => "2012-09-05T16:17:53","version" => "0.46"},{"date" => "2012-09-16T10:06:08","version" => "0.47"},{"date" => "2012-09-20T08:58:48","version" => "0.48"},{"date" => "2012-10-06T08:15:30","version" => "0.49"},{"date" => "2012-11-17T17:10:16","version" => "0.50_01"},{"date" => "2012-11-24T12:11:37","version" => "0.50"},{"date" => "2012-12-01T13:39:38","version" => "0.51"},{"date" => "2013-01-01T13:03:26","version" => "0.52"},{"date" => "2013-01-26T17:43:28","version" => "0.53"},{"date" => "2013-03-29T11:25:51","version" => "0.54"},{"date" => "2013-04-23T09:38:16","version" => "0.55"},{"date" => "2013-06-08T11:31:48","version" => "0.56"},{"date" => "2013-07-21T17:04:36","version" => "0.57"},{"date" => "2013-12-23T16:50:28","version" => "0.58"},{"date" => "2014-03-04T17:17:26","version" => "0.59"},{"date" => "2014-03-08T13:14:49","version" => "0.60"},{"date" => "2014-03-29T16:44:29","version" => "0.61"},{"date" => "2014-04-06T09:39:40","version" => "0.62"},{"date" => "2014-06-01T10:58:37","version" => "0.63"},{"date" => "2014-06-19T15:59:40","version" => "0.64"},{"date" => "2015-04-06T18:02:34","version" => "0.65"},{"date" => "2019-04-16T09:42:54","version" => "0.66"},{"date" => "2020-12-26T14:37:52","version" => "0.67"},{"date" => "2021-01-03T17:37:50","version" => "0.68"}]},"urxvt-bgdsl" => {"advisories" => [{"affected_versions" => [">=9.25,<=9.26"],"cves" => ["CVE-2022-4170"],"description" => "The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.\n","distribution" => "urxvt-bgdsl","fixed_versions" => [">=9.29"],"id" => "CPANSA-urxvt-bgdsl-2022-4170","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=2151597","https://www.openwall.com/lists/oss-security/2022/12/05/1"],"reported" => "2022-12-09","severity" => undef}],"main_module" => "","versions" => []}},"meta" => {"commit" => "a9f8afbc36f0047a2a60bd8a66160f7ac2facb25","date" => "Wed Mar 11 13:03:14 2026","epoch" => 1773234194,"generator" => "util/generate","repo" => "https://github.com/briandfoy/cpan-security-advisory.git"},"module2dist" => {"APR" => "mod_perl","APR::Base64" => "mod_perl","APR::Brigade" => "mod_perl","APR::Bucket" => "mod_perl","APR::BucketAlloc" => "mod_perl","APR::BucketType" => "mod_perl","APR::Const" => "mod_perl","APR::Date" => "mod_perl","APR::Error" => "mod_perl","APR::Finfo" => "mod_perl","APR::FunctionTable" => "mod_perl","APR::IpSubnet" => "mod_perl","APR::OS" => "mod_perl","APR::PerlIO" => "mod_perl","APR::Pool" => "mod_perl","APR::Request" => "libapreq2","APR::Request::Apache2" => "libapreq2","APR::Request::CGI" => "libapreq2","APR::Request::Cookie" => "libapreq2","APR::Request::Error" => "libapreq2","APR::Request::Param" => "libapreq2","APR::SockAddr" => "mod_perl","APR::Socket" => "mod_perl","APR::Status" => "mod_perl","APR::String" => "mod_perl","APR::Table" => "mod_perl","APR::ThreadMutex" => "mod_perl","APR::ThreadRWLock" => "mod_perl","APR::URI" => "mod_perl","APR::UUID" => "mod_perl","APR::Util" => "mod_perl","APR::XSLoader" => "mod_perl","Agni" => "PApp","Agni::Callback" => "PApp","Alien::FreeImage" => "Alien-FreeImage","Alien::GCrypt" => "Alien-GCrypt","Alien::OTR" => "Alien-OTR","Alien::PCRE2" => "Alien-PCRE2","Alien::SVN" => "Alien-SVN","Amiga::ARexx" => "perl","Amiga::ARexx::Msg" => "perl","Amiga::Exec" => "perl","Amon2::Auth::Site::LINE" => "Amon2-Auth-Site-LINE","AnyDBM_File" => "perl","Apache" => "mod_perl","Apache2::Access" => "mod_perl","Apache2::AuthAny" => "Apache2-AuthAny","Apache2::AuthAny::AuthUtil" => "Apache2-AuthAny","Apache2::AuthAny::AuthenHandler" => "Apache2-AuthAny","Apache2::AuthAny::AuthzHandler" => "Apache2-AuthAny","Apache2::AuthAny::Cookie" => "Apache2-AuthAny","Apache2::AuthAny::DB" => "Apache2-AuthAny","Apache2::AuthAny::FixupHandler" => "Apache2-AuthAny","Apache2::AuthAny::MapToStorageHandler" => "Apache2-AuthAny","Apache2::AuthAny::RequestConfig" => "Apache2-AuthAny","Apache2::Build" => "mod_perl","Apache2::CmdParms" => "mod_perl","Apache2::Command" => "mod_perl","Apache2::Connection" => "mod_perl","Apache2::ConnectionUtil" => "mod_perl","Apache2::ConstantsTable" => "mod_perl","Apache2::Cookie" => "libapreq2","Apache2::Directive" => "mod_perl","Apache2::Filter" => "mod_perl","Apache2::FilterRec" => "mod_perl","Apache2::FunctionTable" => "mod_perl","Apache2::HookRun" => "mod_perl","Apache2::Log" => "mod_perl","Apache2::MPM" => "mod_perl","Apache2::Module" => "mod_perl","Apache2::ParseSource" => "mod_perl","Apache2::ParseSource::Scan" => "mod_perl","Apache2::PerlSections" => "mod_perl","Apache2::PerlSections::Dump" => "mod_perl","Apache2::Process" => "mod_perl","Apache2::Provider" => "mod_perl","Apache2::Request" => "libapreq2","Apache2::RequestIO" => "mod_perl","Apache2::RequestRec" => "mod_perl","Apache2::RequestUtil" => "mod_perl","Apache2::Resource" => "mod_perl","Apache2::Response" => "mod_perl","Apache2::ServerRec" => "mod_perl","Apache2::ServerUtil" => "mod_perl","Apache2::SourceTables" => "mod_perl","Apache2::Status" => "mod_perl","Apache2::Status::_version" => "mod_perl","Apache2::StructureTable" => "mod_perl","Apache2::SubProcess" => "mod_perl","Apache2::SubRequest" => "mod_perl","Apache2::URI" => "mod_perl","Apache2::Upload" => "libapreq2","Apache2::Util" => "mod_perl","Apache2::XSLoader" => "mod_perl","Apache2::compat" => "mod_perl","Apache2::porting" => "mod_perl","Apache::ASP" => "Apache-ASP","Apache::ASP::ApacheCommon" => "Apache-ASP","Apache::ASP::Application" => "Apache-ASP","Apache::ASP::CGI" => "Apache-ASP","Apache::ASP::CGI::Table" => "Apache-ASP","Apache::ASP::CGI::Test" => "Apache-ASP","Apache::ASP::Collection" => "Apache-ASP","Apache::ASP::CollectionItem" => "Apache-ASP","Apache::ASP::Date" => "Apache-ASP","Apache::ASP::GlobalASA" => "Apache-ASP","Apache::ASP::Lang::PerlScript" => "Apache-ASP","Apache::ASP::Load" => "Apache-ASP","Apache::ASP::Request" => "Apache-ASP","Apache::ASP::Response" => "Apache-ASP","Apache::ASP::STDERR" => "Apache-ASP","Apache::ASP::Server" => "Apache-ASP","Apache::ASP::Session" => "Apache-ASP","Apache::ASP::State" => "Apache-ASP","Apache::App" => "App-Context","Apache::AuthCAS" => "Apache-AuthCAS","Apache::Connection" => "mod_perl","Apache::Constants" => "mod_perl","Apache::Constants::Exports" => "mod_perl","Apache::Debug" => "mod_perl","Apache::EP" => "HTML-EP","Apache::ExtUtils" => "mod_perl","Apache::FakeRequest" => "mod_perl","Apache::File" => "mod_perl","Apache::Framework::App" => "App-Context","Apache::Include" => "mod_perl","Apache::Leak" => "mod_perl","Apache::Log" => "mod_perl","Apache::MP3" => "Apache-MP3","Apache::MP3::L10N" => "Apache-MP3","Apache::MP3::L10N::Aliases" => "Apache-MP3","Apache::MP3::L10N::RightToLeft" => "Apache-MP3","Apache::MP3::L10N::ar" => "Apache-MP3","Apache::MP3::L10N::ca" => "Apache-MP3","Apache::MP3::L10N::cs" => "Apache-MP3","Apache::MP3::L10N::de" => "Apache-MP3","Apache::MP3::L10N::en" => "Apache-MP3","Apache::MP3::L10N::es" => "Apache-MP3","Apache::MP3::L10N::fa" => "Apache-MP3","Apache::MP3::L10N::fi" => "Apache-MP3","Apache::MP3::L10N::fr" => "Apache-MP3","Apache::MP3::L10N::ga" => "Apache-MP3","Apache::MP3::L10N::he" => "Apache-MP3","Apache::MP3::L10N::hr" => "Apache-MP3","Apache::MP3::L10N::is" => "Apache-MP3","Apache::MP3::L10N::it" => "Apache-MP3","Apache::MP3::L10N::ja" => "Apache-MP3","Apache::MP3::L10N::ko" => "Apache-MP3","Apache::MP3::L10N::ms" => "Apache-MP3","Apache::MP3::L10N::nb" => "Apache-MP3","Apache::MP3::L10N::nb_no" => "Apache-MP3","Apache::MP3::L10N::nl" => "Apache-MP3","Apache::MP3::L10N::nl_be" => "Apache-MP3","Apache::MP3::L10N::nl_nl" => "Apache-MP3","Apache::MP3::L10N::nn" => "Apache-MP3","Apache::MP3::L10N::nn_no" => "Apache-MP3","Apache::MP3::L10N::no" => "Apache-MP3","Apache::MP3::L10N::no_no" => "Apache-MP3","Apache::MP3::L10N::pl" => "Apache-MP3","Apache::MP3::L10N::ru" => "Apache-MP3","Apache::MP3::L10N::sh" => "Apache-MP3","Apache::MP3::L10N::sk" => "Apache-MP3","Apache::MP3::L10N::sl" => "Apache-MP3","Apache::MP3::L10N::sr" => "Apache-MP3","Apache::MP3::L10N::tr" => "Apache-MP3","Apache::MP3::L10N::uk" => "Apache-MP3","Apache::MP3::L10N::x_marklar" => "Apache-MP3","Apache::MP3::L10N::zh_cn" => "Apache-MP3","Apache::MP3::L10N::zh_tw" => "Apache-MP3","Apache::MP3::Playlist" => "Apache-MP3","Apache::MP3::Resample" => "Apache-MP3","Apache::MP3::Sorted" => "Apache-MP3","Apache::MVC" => "Maypole","Apache::ModuleConfig" => "mod_perl","Apache::Opcode" => "mod_perl","Apache::Options" => "mod_perl","Apache::PerlRun" => "mod_perl","Apache::PerlRunXS" => "mod_perl","Apache::PerlSections" => "mod_perl","Apache::RPC::Server" => "RPC-XML","Apache::RPC::Status" => "RPC-XML","Apache::ReadConfig" => "mod_perl","Apache::RedirectLogFix" => "mod_perl","Apache::Registry" => "mod_perl","Apache::RegistryBB" => "mod_perl","Apache::RegistryLoader" => "mod_perl","Apache::RegistryNG" => "mod_perl","Apache::Resource" => "mod_perl","Apache::SIG" => "mod_perl","Apache::SOAP" => "SOAP-Lite","Apache::Server" => "mod_perl","Apache::Session" => "Apache-Session","Apache::Session::Browseable" => "Apache-Session-Browseable","Apache::Session::Browseable::Cassandra" => "Apache-Session-Browseable","Apache::Session::Browseable::DBI" => "Apache-Session-Browseable","Apache::Session::Browseable::File" => "Apache-Session-Browseable","Apache::Session::Browseable::Informix" => "Apache-Session-Browseable","Apache::Session::Browseable::LDAP" => "Apache-Session-Browseable","Apache::Session::Browseable::MySQL" => "Apache-Session-Browseable","Apache::Session::Browseable::MySQLJSON" => "Apache-Session-Browseable","Apache::Session::Browseable::Oracle" => "Apache-Session-Browseable","Apache::Session::Browseable::Patroni" => "Apache-Session-Browseable","Apache::Session::Browseable::PgHstore" => "Apache-Session-Browseable","Apache::Session::Browseable::PgJSON" => "Apache-Session-Browseable","Apache::Session::Browseable::Postgres" => "Apache-Session-Browseable","Apache::Session::Browseable::Redis" => "Apache-Session-Browseable","Apache::Session::Browseable::SQLite" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Cassandra" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::DBI" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::File" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Informix" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::LDAP" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::MySQL" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Oracle" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Patroni" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Postgres" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Redis" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::SQLite" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Sybase" => "Apache-Session-Browseable","Apache::Session::Browseable::Sybase" => "Apache-Session-Browseable","Apache::Session::DBI" => "Apache-Session","Apache::Session::DBIStore" => "Apache-Session","Apache::Session::DB_File" => "Apache-Session","Apache::Session::Daemon" => "Apache-Session","Apache::Session::DaemonLocker" => "Apache-Session","Apache::Session::Embperl" => "Apache-Session","Apache::Session::File" => "Apache-Session","Apache::Session::FileStore" => "Apache-Session","Apache::Session::Flex" => "Apache-Session","Apache::Session::Generate::MD5" => "Apache-Session","Apache::Session::Generate::ModUniqueId" => "Apache-Session","Apache::Session::Generate::ModUsertrack" => "Apache-Session","Apache::Session::Generate::SHA256" => "Apache-Session-Browseable","Apache::Session::IPC" => "Apache-Session","Apache::Session::Informix" => "Apache-Session","Apache::Session::LDAP" => "Apache-Session-LDAP","Apache::Session::Lock::File" => "Apache-Session","Apache::Session::Lock::MySQL" => "Apache-Session","Apache::Session::Lock::Null" => "Apache-Session","Apache::Session::Lock::Semaphore" => "Apache-Session","Apache::Session::Lock::Sybase" => "Apache-Session","Apache::Session::MemoryStore" => "Apache-Session","Apache::Session::MySQL" => "Apache-Session","Apache::Session::MySQL::NoLock" => "Apache-Session","Apache::Session::NullLocker" => "Apache-Session","Apache::Session::Oracle" => "Apache-Session","Apache::Session::PosixFileLocker" => "Apache-Session","Apache::Session::Postgres" => "Apache-Session","Apache::Session::Serialize::Base64" => "Apache-Session","Apache::Session::Serialize::Hstore" => "Apache-Session-Browseable","Apache::Session::Serialize::JSON" => "Apache-Session-Browseable","Apache::Session::Serialize::Storable" => "Apache-Session","Apache::Session::Serialize::Sybase" => "Apache-Session","Apache::Session::Serialize::UUEncode" => "Apache-Session","Apache::Session::SingleThread" => "Apache-Session","Apache::Session::Store::DBI" => "Apache-Session","Apache::Session::Store::DB_File" => "Apache-Session","Apache::Session::Store::File" => "Apache-Session","Apache::Session::Store::Informix" => "Apache-Session","Apache::Session::Store::LDAP" => "Apache-Session-LDAP","Apache::Session::Store::MySQL" => "Apache-Session","Apache::Session::Store::Oracle" => "Apache-Session","Apache::Session::Store::Postgres" => "Apache-Session","Apache::Session::Store::Sybase" => "Apache-Session","Apache::Session::Sybase" => "Apache-Session","Apache::Session::SysVSemaphoreLocker" => "Apache-Session","Apache::Session::Tree" => "Apache-Session","Apache::Session::TreeStore" => "Apache-Session","Apache::Session::Win32" => "Apache-Session","Apache::SessionX" => "Apache-SessionX","Apache::SessionX::Generate::MD5" => "Apache-SessionX","Apache::SessionX::Manager" => "Apache-SessionX","Apache::SessionX::Store::File" => "Apache-SessionX","Apache::StatINC" => "mod_perl","Apache::Status" => "mod_perl","Apache::Symbol" => "mod_perl","Apache::Symdump" => "mod_perl","Apache::Table" => "mod_perl","Apache::TiedSession" => "Apache-Session","Apache::URI" => "mod_perl","Apache::Util" => "mod_perl","Apache::Wyrd" => "Apache-Wyrd","Apache::Wyrd::Attribute" => "Apache-Wyrd","Apache::Wyrd::Bot" => "Apache-Wyrd","Apache::Wyrd::BrowserSwitch" => "Apache-Wyrd","Apache::Wyrd::CGICond" => "Apache-Wyrd","Apache::Wyrd::CGISetter" => "Apache-Wyrd","Apache::Wyrd::Chart" => "Apache-Wyrd","Apache::Wyrd::Cookie" => "Apache-Wyrd","Apache::Wyrd::DBL" => "Apache-Wyrd","Apache::Wyrd::Datum" => "Apache-Wyrd","Apache::Wyrd::Datum::Blob" => "Apache-Wyrd","Apache::Wyrd::Datum::Char" => "Apache-Wyrd","Apache::Wyrd::Datum::Enum" => "Apache-Wyrd","Apache::Wyrd::Datum::Integer" => "Apache-Wyrd","Apache::Wyrd::Datum::Null" => "Apache-Wyrd","Apache::Wyrd::Datum::Set" => "Apache-Wyrd","Apache::Wyrd::Datum::Text" => "Apache-Wyrd","Apache::Wyrd::Datum::Varchar" => "Apache-Wyrd","Apache::Wyrd::Debug" => "Apache-Wyrd","Apache::Wyrd::Defaults" => "Apache-Wyrd","Apache::Wyrd::ErrField" => "Apache-Wyrd","Apache::Wyrd::ErrTag" => "Apache-Wyrd","Apache::Wyrd::FileSize" => "Apache-Wyrd","Apache::Wyrd::Form" => "Apache-Wyrd","Apache::Wyrd::Form::Preload" => "Apache-Wyrd","Apache::Wyrd::Form::Template" => "Apache-Wyrd","Apache::Wyrd::Form::View" => "Apache-Wyrd","Apache::Wyrd::Handler" => "Apache-Wyrd","Apache::Wyrd::Input" => "Apache-Wyrd","Apache::Wyrd::Input::Complex" => "Apache-Wyrd","Apache::Wyrd::Input::Condenser" => "Apache-Wyrd","Apache::Wyrd::Input::Opt" => "Apache-Wyrd","Apache::Wyrd::Input::Set" => "Apache-Wyrd","Apache::Wyrd::Input::URLInput" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Columnize" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Dater" => "Apache-Wyrd","Apache::Wyrd::Interfaces::GetUser" => "Apache-Wyrd","Apache::Wyrd::Interfaces::IndexUser" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Indexable" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Mother" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Setter" => "Apache-Wyrd","Apache::Wyrd::Interfaces::SmartInput" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Stealth" => "Apache-Wyrd","Apache::Wyrd::Lattice" => "Apache-Wyrd","Apache::Wyrd::Lib" => "Apache-Wyrd","Apache::Wyrd::LogDump" => "Apache-Wyrd","Apache::Wyrd::Lookup" => "Apache-Wyrd","Apache::Wyrd::Loop" => "Apache-Wyrd","Apache::Wyrd::MySQLForm" => "Apache-Wyrd","Apache::Wyrd::Number" => "Apache-Wyrd","Apache::Wyrd::Query" => "Apache-Wyrd","Apache::Wyrd::Redirect" => "Apache-Wyrd","Apache::Wyrd::Request" => "Apache-Wyrd","Apache::Wyrd::SQLForm" => "Apache-Wyrd","Apache::Wyrd::Services::Auth" => "Apache-Wyrd","Apache::Wyrd::Services::CodeRing" => "Apache-Wyrd","Apache::Wyrd::Services::FileCache" => "Apache-Wyrd","Apache::Wyrd::Services::Index" => "Apache-Wyrd","Apache::Wyrd::Services::Key" => "Apache-Wyrd","Apache::Wyrd::Services::LoginServer" => "Apache-Wyrd","Apache::Wyrd::Services::MetaTable" => "Apache-Wyrd","Apache::Wyrd::Services::MySQLIndex" => "Apache-Wyrd","Apache::Wyrd::Services::PreAuth" => "Apache-Wyrd","Apache::Wyrd::Services::SAK" => "Apache-Wyrd","Apache::Wyrd::Services::SearchParser" => "Apache-Wyrd","Apache::Wyrd::Services::TicketPad" => "Apache-Wyrd","Apache::Wyrd::Services::Tree" => "Apache-Wyrd","Apache::Wyrd::ShowParams" => "Apache-Wyrd","Apache::Wyrd::Site::GDButton" => "Apache-Wyrd","Apache::Wyrd::Site::Index" => "Apache-Wyrd","Apache::Wyrd::Site::IndexBot" => "Apache-Wyrd","Apache::Wyrd::Site::Login" => "Apache-Wyrd","Apache::Wyrd::Site::MySQLIndex" => "Apache-Wyrd","Apache::Wyrd::Site::MySQLIndexBot" => "Apache-Wyrd","Apache::Wyrd::Site::NavPull" => "Apache-Wyrd","Apache::Wyrd::Site::Page" => "Apache-Wyrd","Apache::Wyrd::Site::Pull" => "Apache-Wyrd","Apache::Wyrd::Site::SearchResults" => "Apache-Wyrd","Apache::Wyrd::Site::TagPull" => "Apache-Wyrd","Apache::Wyrd::Site::Widget" => "Apache-Wyrd","Apache::Wyrd::Site::WidgetControl" => "Apache-Wyrd","Apache::Wyrd::Site::WidgetIndex" => "Apache-Wyrd","Apache::Wyrd::Template" => "Apache-Wyrd","Apache::Wyrd::User" => "Apache-Wyrd","Apache::Wyrd::Var" => "Apache-Wyrd","Apache::Wyrd::Version" => "Apache-Wyrd","Apache::Wyrd::View" => "Apache-Wyrd","Apache::XAO" => "XAO-Web","Apache::XMLRPC::Lite" => "SOAP-Lite","Apache::ePerl" => "eperl","Apache::fork" => "mod_perl","Apache::httpd_conf" => "mod_perl","Apache::src" => "mod_perl","Apache::testold" => "mod_perl","App" => "App-Context","App::Authentication" => "App-Context","App::Authentication::Htpasswd" => "App-Context","App::Authorization" => "App-Context","App::CallDispatcher" => "App-Context","App::CallDispatcher::HTTPSimple" => "App-Context","App::Conf" => "App-Context","App::Conf::File" => "App-Context","App::Context" => "App-Context","App::Context::ClusterController" => "App-Context","App::Context::ClusterNode" => "App-Context","App::Context::Cmd" => "App-Context","App::Context::HTTP" => "App-Context","App::Context::ModPerl" => "App-Context","App::Context::NetServer" => "App-Context","App::Context::POE" => "App-Context","App::Context::POE::ClusterController" => "App-Context","App::Context::POE::ClusterNode" => "App-Context","App::Context::POE::Server" => "App-Context","App::Context::Server" => "App-Context","App::Cpan" => "CPAN","App::Documentation" => "App-Context","App::Exceptions" => "App-Context","App::Genpass" => "App-Genpass","App::Github::Email" => "App-Github-Email","App::LogChannel" => "App-Context","App::MessageDispatcher" => "App-Context","App::Netdisco" => "App-Netdisco","App::Netdisco::AnyEvent::Nbtstat" => "App-Netdisco","App::Netdisco::Backend::Job" => "App-Netdisco","App::Netdisco::Backend::Role::Manager" => "App-Netdisco","App::Netdisco::Backend::Role::Poller" => "App-Netdisco","App::Netdisco::Backend::Role::Scheduler" => "App-Netdisco","App::Netdisco::Builder" => "App-Netdisco","App::Netdisco::Configuration" => "App-Netdisco","App::Netdisco::DB" => "App-Netdisco","App::Netdisco::DB::ExplicitLocking" => "App-Netdisco","App::Netdisco::DB::Result" => "App-Netdisco","App::Netdisco::DB::Result::AccessControlList" => "App-Netdisco","App::Netdisco::DB::Result::Admin" => "App-Netdisco","App::Netdisco::DB::Result::Community" => "App-Netdisco","App::Netdisco::DB::Result::Device" => "App-Netdisco","App::Netdisco::DB::Result::DeviceBrowser" => "App-Netdisco","App::Netdisco::DB::Result::DeviceIp" => "App-Netdisco","App::Netdisco::DB::Result::DeviceModule" => "App-Netdisco","App::Netdisco::DB::Result::DevicePort" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortLog" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortPower" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortProperties" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortSsid" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortVlan" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortWireless" => "App-Netdisco","App::Netdisco::DB::Result::DevicePower" => "App-Netdisco","App::Netdisco::DB::Result::DeviceSkip" => "App-Netdisco","App::Netdisco::DB::Result::DeviceVlan" => "App-Netdisco","App::Netdisco::DB::Result::Enterprise" => "App-Netdisco","App::Netdisco::DB::Result::Log" => "App-Netdisco","App::Netdisco::DB::Result::Manufacturer" => "App-Netdisco","App::Netdisco::DB::Result::NetmapPositions" => "App-Netdisco","App::Netdisco::DB::Result::Node" => "App-Netdisco","App::Netdisco::DB::Result::NodeIp" => "App-Netdisco","App::Netdisco::DB::Result::NodeMonitor" => "App-Netdisco","App::Netdisco::DB::Result::NodeNbt" => "App-Netdisco","App::Netdisco::DB::Result::NodeWireless" => "App-Netdisco","App::Netdisco::DB::Result::Oui" => "App-Netdisco","App::Netdisco::DB::Result::PortCtlRole" => "App-Netdisco","App::Netdisco::DB::Result::Process" => "App-Netdisco","App::Netdisco::DB::Result::Product" => "App-Netdisco","App::Netdisco::DB::Result::SNMPFilter" => "App-Netdisco","App::Netdisco::DB::Result::SNMPObject" => "App-Netdisco","App::Netdisco::DB::Result::Session" => "App-Netdisco","App::Netdisco::DB::Result::Statistics" => "App-Netdisco","App::Netdisco::DB::Result::Subnet" => "App-Netdisco","App::Netdisco::DB::Result::Topology" => "App-Netdisco","App::Netdisco::DB::Result::User" => "App-Netdisco","App::Netdisco::DB::Result::UserLog" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ACLEntriesWithDNS" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ActiveNode" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ActiveNodeWithAge" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ApRadioChannelPower" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::CidrIps" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DeviceDnsMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DeviceLinks" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePlatforms" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePoeStatus" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePortSpeed" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DuplexMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::FilteredSNMPObject" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::GenericReport" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::LastNode" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeIp4" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeIp6" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeMonitor" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeWithAge" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodesDiscovered" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::OrphanedDevices" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PollerPerformance" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortMacs" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortUtilization" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortVLANMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::SlowDevices" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::SubnetUtilization" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::TastyJobs" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UnDirEdgesAgg" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UndiscoveredNeighbors" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UserRole" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::WalkJobs" => "App-Netdisco","App::Netdisco::DB::ResultSet" => "App-Netdisco","App::Netdisco::DB::ResultSet::Admin" => "App-Netdisco","App::Netdisco::DB::ResultSet::Device" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceBrowser" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceModule" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePort" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePortLog" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePortSsid" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePower" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceSkip" => "App-Netdisco","App::Netdisco::DB::ResultSet::Node" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeIp" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeNbt" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeWireless" => "App-Netdisco","App::Netdisco::DB::ResultSet::PortCtlRole" => "App-Netdisco","App::Netdisco::DB::ResultSet::Subnet" => "App-Netdisco","App::Netdisco::DB::SchemaVersioned" => "App-Netdisco","App::Netdisco::DB::SetOperations" => "App-Netdisco","App::Netdisco::Environment" => "App-Netdisco","App::Netdisco::GenericDB" => "App-Netdisco","App::Netdisco::GenericDB::Result::Virtual::GenericReport" => "App-Netdisco","App::Netdisco::JobQueue" => "App-Netdisco","App::Netdisco::JobQueue::PostgreSQL" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ACE" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ASA" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ASAContext" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Aruba" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ArubaCX" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ArubaCont" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::BigIP" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::CPVSX" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Clavister" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::EOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FTD" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FortiOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FreeBSD" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::GAIAEmbedded" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXE" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXEMac" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXR" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Linux" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::NXOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::OS10" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::PaloAlto" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::VOSS" => "App-Netdisco","App::Netdisco::Transport::Python" => "App-Netdisco","App::Netdisco::Transport::SNMP" => "App-Netdisco","App::Netdisco::Transport::SSH" => "App-Netdisco","App::Netdisco::Util::CustomFields" => "App-Netdisco","App::Netdisco::Util::DNS" => "App-Netdisco","App::Netdisco::Util::Device" => "App-Netdisco","App::Netdisco::Util::DeviceAuth" => "App-Netdisco","App::Netdisco::Util::ExpandParams" => "App-Netdisco","App::Netdisco::Util::FastResolver" => "App-Netdisco","App::Netdisco::Util::Graph" => "App-Netdisco","App::Netdisco::Util::MCE" => "App-Netdisco","App::Netdisco::Util::Nbtstat" => "App-Netdisco","App::Netdisco::Util::Node" => "App-Netdisco","App::Netdisco::Util::NodeMonitor" => "App-Netdisco","App::Netdisco::Util::Noop" => "App-Netdisco","App::Netdisco::Util::Permission" => "App-Netdisco","App::Netdisco::Util::Port" => "App-Netdisco","App::Netdisco::Util::PortAccessEntity" => "App-Netdisco","App::Netdisco::Util::PortMAC" => "App-Netdisco","App::Netdisco::Util::Python" => "App-Netdisco","App::Netdisco::Util::SNMP" => "App-Netdisco","App::Netdisco::Util::Snapshot" => "App-Netdisco","App::Netdisco::Util::Statistics" => "App-Netdisco","App::Netdisco::Util::Web" => "App-Netdisco","App::Netdisco::Util::Worker" => "App-Netdisco","App::Netdisco::Web" => "App-Netdisco","App::Netdisco::Web::API::Objects" => "App-Netdisco","App::Netdisco::Web::API::Queue" => "App-Netdisco","App::Netdisco::Web::AdminTask" => "App-Netdisco","App::Netdisco::Web::Auth::Provider::DBIC" => "App-Netdisco","App::Netdisco::Web::AuthN" => "App-Netdisco","App::Netdisco::Web::CustomFields" => "App-Netdisco","App::Netdisco::Web::Device" => "App-Netdisco","App::Netdisco::Web::GenericReport" => "App-Netdisco","App::Netdisco::Web::Password" => "App-Netdisco","App::Netdisco::Web::Plugin" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::DuplicateDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::JobQueue" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::NodeMonitor" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::OrphanedDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PollerPerformance" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PortCtlRole" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PseudoDevice" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::RolePermissionsEditor" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::SlowDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::TimedOutDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::Topology" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::UndiscoveredNeighbors" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::UserLog" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::Users" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Addresses" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Details" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Modules" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Neighbors" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Ports" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::SNMP" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Vlans" => "App-Netdisco","App::Netdisco::Web::Plugin::Inventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApChannelDist" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApClients" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApRadioChannelPower" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceAddrNoDNS" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceByLocation" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceDnsMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DevicePoeStatus" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DuplexMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::HalfDuplex" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::InventoryByModelByOS" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::IpInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ModuleInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::Netbios" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodeMultiIPs" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodeVendor" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodesDiscovered" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortAdminDown" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortBlocking" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortLog" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortMultiNodes" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortSsid" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortUtilization" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortVLANMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::SsidInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::SubnetUtilization" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::VlanInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Device" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Node" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Port" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::VLAN" => "App-Netdisco","App::Netdisco::Web::PortControl" => "App-Netdisco","App::Netdisco::Web::Report" => "App-Netdisco","App::Netdisco::Web::Search" => "App-Netdisco","App::Netdisco::Web::Static" => "App-Netdisco","App::Netdisco::Web::Statistics" => "App-Netdisco","App::Netdisco::Web::TypeAhead" => "App-Netdisco","App::Netdisco::Worker::Loader" => "App-Netdisco","App::Netdisco::Worker::Plugin" => "App-Netdisco","App::Netdisco::Worker::Plugin::AddPseudoDevice" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Nodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Subnets" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::Contact" => "App-Netdisco","App::Netdisco::Worker::Plugin::Delete" => "App-Netdisco","App::Netdisco::Worker::Plugin::Delete::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::CanonicalIP" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Entities" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Neighbors" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Neighbors::DOCSIS" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::NextHopNeighbors" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::PortPower" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::PortProperties" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Properties" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Properties::Tags" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::VLANs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Wireless" => "App-Netdisco","App::Netdisco::Worker::Plugin::DiscoverAll" => "App-Netdisco","App::Netdisco::Worker::Plugin::DumpConfig" => "App-Netdisco","App::Netdisco::Worker::Plugin::DumpInfoCache" => "App-Netdisco","App::Netdisco::Worker::Plugin::Expire" => "App-Netdisco","App::Netdisco::Worker::Plugin::ExpireNodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::GetAPIKey" => "App-Netdisco","App::Netdisco::Worker::Plugin::Graph" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook::Exec" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook::HTTP" => "App-Netdisco","App::Netdisco::Worker::Plugin::Internal::BackendFQDN" => "App-Netdisco","App::Netdisco::Worker::Plugin::Internal::SNMPFastDiscover" => "App-Netdisco","App::Netdisco::Worker::Plugin::Linter" => "App-Netdisco","App::Netdisco::Worker::Plugin::LoadMIBs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Location" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::InterfacesStatus" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::Nodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::PortAccessEntity" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::WirelessNodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::MakeRancidConf" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtstat" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtstat::Core" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::NodeMonitor" => "App-Netdisco","App::Netdisco::Worker::Plugin::PingSweep" => "App-Netdisco","App::Netdisco::Worker::Plugin::PortControl" => "App-Netdisco","App::Netdisco::Worker::Plugin::PortName" => "App-Netdisco","App::Netdisco::Worker::Plugin::Power" => "App-Netdisco","App::Netdisco::Worker::Plugin::PrimeSkiplist" => "App-Netdisco","App::Netdisco::Worker::Plugin::Psql" => "App-Netdisco","App::Netdisco::Worker::Plugin::PythonShim" => "App-Netdisco","App::Netdisco::Worker::Plugin::Renumber" => "App-Netdisco","App::Netdisco::Worker::Plugin::Scheduler" => "App-Netdisco","App::Netdisco::Worker::Plugin::Show" => "App-Netdisco","App::Netdisco::Worker::Plugin::Snapshot" => "App-Netdisco","App::Netdisco::Worker::Plugin::Stats" => "App-Netdisco","App::Netdisco::Worker::Plugin::TastyJobs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Vlan" => "App-Netdisco","App::Netdisco::Worker::Plugin::Vlan::Core" => "App-Netdisco","App::Netdisco::Worker::Runner" => "App-Netdisco","App::Netdisco::Worker::Status" => "App-Netdisco","App::Packer::Backend::PAR" => "PAR","App::Packer::PAR" => "PAR-Packer","App::Packer::Temp" => "PAR","App::Pinto" => "Pinto","App::Pinto::Command" => "Pinto","App::Pinto::Command::add" => "Pinto","App::Pinto::Command::clean" => "Pinto","App::Pinto::Command::copy" => "Pinto","App::Pinto::Command::default" => "Pinto","App::Pinto::Command::delete" => "Pinto","App::Pinto::Command::diff" => "Pinto","App::Pinto::Command::help" => "Pinto","App::Pinto::Command::init" => "Pinto","App::Pinto::Command::install" => "Pinto","App::Pinto::Command::kill" => "Pinto","App::Pinto::Command::list" => "Pinto","App::Pinto::Command::lock" => "Pinto","App::Pinto::Command::log" => "Pinto","App::Pinto::Command::look" => "Pinto","App::Pinto::Command::manual" => "Pinto","App::Pinto::Command::merge" => "Pinto","App::Pinto::Command::migrate" => "Pinto","App::Pinto::Command::new" => "Pinto","App::Pinto::Command::nop" => "Pinto","App::Pinto::Command::pin" => "Pinto","App::Pinto::Command::props" => "Pinto","App::Pinto::Command::pull" => "Pinto","App::Pinto::Command::register" => "Pinto","App::Pinto::Command::rename" => "Pinto","App::Pinto::Command::reset" => "Pinto","App::Pinto::Command::revert" => "Pinto","App::Pinto::Command::roots" => "Pinto","App::Pinto::Command::stacks" => "Pinto","App::Pinto::Command::statistics" => "Pinto","App::Pinto::Command::thanks" => "Pinto","App::Pinto::Command::unlock" => "Pinto","App::Pinto::Command::unpin" => "Pinto","App::Pinto::Command::unregister" => "Pinto","App::Pinto::Command::update" => "Pinto","App::Pinto::Command::verify" => "Pinto","App::Reference" => "App-Context","App::Request" => "App-Context","App::Request::CGI" => "App-Context","App::ResourceLocker" => "App-Context","App::ResourceLocker::IPCLocker" => "App-Context","App::ResourceLocker::IPCSemaphore" => "App-Context","App::Response" => "App-Context","App::Security" => "App-Context","App::Serializer" => "App-Context","App::Serializer::Html" => "App-Context","App::Serializer::Ini" => "App-Context","App::Serializer::Json" => "App-Context","App::Serializer::OneLine" => "App-Context","App::Serializer::Perl" => "App-Context","App::Serializer::Properties" => "App-Context","App::Serializer::Scalar" => "App-Context","App::Serializer::Storable" => "App-Context","App::Serializer::TextArray" => "App-Context","App::Serializer::XMLDumper" => "App-Context","App::Serializer::XMLSimple" => "App-Context","App::Serializer::Xml" => "App-Context","App::Serializer::Yaml" => "App-Context","App::Service" => "App-Context","App::Session" => "App-Context","App::Session::Cookie" => "App-Context","App::Session::HTMLHidden" => "App-Context","App::SessionObject" => "App-Context","App::SharedDatastore" => "App-Context","App::UserAgent" => "App-Context","App::ValueDomain" => "App-Context","App::cpanminus" => "App-cpanminus","App::japerl" => "App-japerl","App::perlall" => "App-perlall","App::revealup" => "App-revealup","App::revealup::base" => "App-revealup","App::revealup::builder" => "App-revealup","App::revealup::cli" => "App-revealup","App::revealup::cli::export" => "App-revealup","App::revealup::cli::export::html" => "App-revealup","App::revealup::cli::export::theme" => "App-revealup","App::revealup::cli::serve" => "App-revealup","App::revealup::cli::server" => "App-revealup","App::revealup::cli::theme" => "App-revealup","App::revealup::util" => "App-revealup","Archive::Tar" => "Archive-Tar","Archive::Tar::Constant" => "Archive-Tar","Archive::Tar::File" => "Archive-Tar","Archive::Tar::Std" => "Archive-Tar","Archive::Tar::Std::_io" => "Archive-Tar","Archive::Tar::Win32" => "Archive-Tar","Archive::Tar::_io" => "Archive-Tar","Archive::Unzip::Burst" => "Archive-Unzip-Burst","Archive::Zip" => "Archive-Zip","Archive::Zip::Archive" => "Archive-Zip","Archive::Zip::BufferedFileHandle" => "Archive-Zip","Archive::Zip::DirectoryMember" => "Archive-Zip","Archive::Zip::FileMember" => "Archive-Zip","Archive::Zip::Member" => "Archive-Zip","Archive::Zip::MemberRead" => "Archive-Zip","Archive::Zip::MockFileHandle" => "Archive-Zip","Archive::Zip::NewFileMember" => "Archive-Zip","Archive::Zip::StringMember" => "Archive-Zip","Archive::Zip::Tree" => "Archive-Zip","Archive::Zip::ZipFileMember" => "Archive-Zip","Authen::DigestMD5" => "Authen-DigestMD5","Authen::DigestMD5::Packet" => "Authen-DigestMD5","Authen::DigestMD5::Request" => "Authen-DigestMD5","Authen::DigestMD5::Response" => "Authen-DigestMD5","Authen::SASL" => "Authen-SASL","Authen::SASL::CRAM_MD5" => "Authen-SASL","Authen::SASL::EXTERNAL" => "Authen-SASL","Authen::SASL::Perl" => "Authen-SASL","Authen::SASL::Perl::ANONYMOUS" => "Authen-SASL","Authen::SASL::Perl::CRAM_MD5" => "Authen-SASL","Authen::SASL::Perl::DIGEST_MD5" => "Authen-SASL","Authen::SASL::Perl::EXTERNAL" => "Authen-SASL","Authen::SASL::Perl::GSSAPI" => "Authen-SASL","Authen::SASL::Perl::LOGIN" => "Authen-SASL","Authen::SASL::Perl::Layer" => "Authen-SASL","Authen::SASL::Perl::OAUTHBEARER" => "Authen-SASL","Authen::SASL::Perl::PLAIN" => "Authen-SASL","Authen::SASL::Perl::XOAUTH2" => "Authen-SASL","Axis" => "perl","B" => "perl","B::Concise" => "perl","B::Deparse" => "perl","B::Lint::Plugin::Test" => "perl","B::OBJECT" => "perl","B::Op_private" => "perl","B::Section" => "perl","B::Showlex" => "perl","B::Terse" => "perl","B::Xref" => "perl","BSON::XS" => "BSON-XS","Batch::Batchrun" => "Batch-Batchrun","Batch::Batchrun::BuildFile" => "Batch-Batchrun","Batch::Batchrun::Dbfunctions" => "Batch-Batchrun","Batch::Batchrun::Extract" => "Batch-Batchrun","Batch::Batchrun::Initialize" => "Batch-Batchrun","Batch::Batchrun::Load" => "Batch-Batchrun","Batch::Batchrun::Mail" => "Batch-Batchrun","Batch::Batchrun::ProcessSteps" => "Batch-Batchrun","Batch::Batchrun::Pwlookup" => "Batch-Batchrun","Batch::Batchrun::Retain" => "Batch-Batchrun","Batch::Batchrun::TableFunctions" => "Batch-Batchrun","BeerDB" => "Maypole","BeerDB::Base" => "Maypole","BeerDB::Beer" => "Maypole","BeerDB::Brewery" => "Maypole","BeerDB::Drinker" => "Maypole","Benchmark" => "perl","Bio::DB::GFF::Aggregator::match_gap" => "GBrowse","Bio::DB::GFF::Aggregator::reftranscript" => "GBrowse","Bio::DB::GFF::Aggregator::waba_alignment" => "GBrowse","Bio::DB::GFF::Aggregator::wormbase_gene" => "GBrowse","Bio::DB::SeqFeature::Store::Alias" => "GBrowse","Bio::DB::SeqFeature::Store::Alias::Iterator" => "GBrowse","Bio::DB::SeqFeature::Store::Alias::Segment" => "GBrowse","Bio::DB::SeqFeature::Store::BedLoader" => "GBrowse","Bio::DB::Tagger" => "GBrowse","Bio::DB::Tagger::Iterator" => "GBrowse","Bio::DB::Tagger::Tag" => "GBrowse","Bio::DB::Tagger::mysql" => "GBrowse","Bio::Graphics::Browser2" => "GBrowse","Bio::Graphics::Browser2::Action" => "GBrowse","Bio::Graphics::Browser2::AdminTracks" => "GBrowse","Bio::Graphics::Browser2::AuthorizedFeatureFile" => "GBrowse","Bio::Graphics::Browser2::CAlign" => "GBrowse","Bio::Graphics::Browser2::CachedTrack" => "GBrowse","Bio::Graphics::Browser2::DataBase" => "GBrowse","Bio::Graphics::Browser2::DataLoader" => "GBrowse","Bio::Graphics::Browser2::DataLoader::archive" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bam" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bed" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bigbed" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bigwig" => "GBrowse","Bio::Graphics::Browser2::DataLoader::featurefile" => "GBrowse","Bio::Graphics::Browser2::DataLoader::generic" => "GBrowse","Bio::Graphics::Browser2::DataLoader::gff" => "GBrowse","Bio::Graphics::Browser2::DataLoader::gff3" => "GBrowse","Bio::Graphics::Browser2::DataLoader::sam" => "GBrowse","Bio::Graphics::Browser2::DataLoader::useq" => "GBrowse","Bio::Graphics::Browser2::DataLoader::wig2bigwig" => "GBrowse","Bio::Graphics::Browser2::DataLoader::wiggle" => "GBrowse","Bio::Graphics::Browser2::DataSource" => "GBrowse","Bio::Graphics::Browser2::ExternalData" => "GBrowse","Bio::Graphics::Browser2::GFFhelper" => "GBrowse","Bio::Graphics::Browser2::I18n" => "GBrowse","Bio::Graphics::Browser2::Markup" => "GBrowse","Bio::Graphics::Browser2::MetaDB" => "GBrowse","Bio::Graphics::Browser2::MetaSegment" => "GBrowse","Bio::Graphics::Browser2::MetaSegment::Iterator" => "GBrowse","Bio::Graphics::Browser2::OptionPick" => "GBrowse","Bio::Graphics::Browser2::PadAlignment" => "GBrowse","Bio::Graphics::Browser2::Plugin" => "GBrowse","Bio::Graphics::Browser2::Plugin::AuthPlugin" => "GBrowse","Bio::Graphics::Browser2::PluginSet" => "GBrowse","Bio::Graphics::Browser2::Realign" => "GBrowse","Bio::Graphics::Browser2::Region" => "GBrowse","Bio::Graphics::Browser2::RegionSearch" => "GBrowse","Bio::Graphics::Browser2::RemoteSet" => "GBrowse","Bio::Graphics::Browser2::Render" => "GBrowse","Bio::Graphics::Browser2::Render::HTML" => "GBrowse","Bio::Graphics::Browser2::Render::HTML::TrackListing" => "GBrowse","Bio::Graphics::Browser2::Render::HTML::TrackListing::Categories" => "GBrowse","Bio::Graphics::Browser2::Render::Login" => "GBrowse","Bio::Graphics::Browser2::Render::Slave" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::AWS_Balancer" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::StagingServer" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::Status" => "GBrowse","Bio::Graphics::Browser2::Render::SnapshotManager" => "GBrowse","Bio::Graphics::Browser2::Render::TrackConfig" => "GBrowse","Bio::Graphics::Browser2::RenderPanels" => "GBrowse","Bio::Graphics::Browser2::SendMail" => "GBrowse","Bio::Graphics::Browser2::Session" => "GBrowse","Bio::Graphics::Browser2::Shellwords" => "GBrowse","Bio::Graphics::Browser2::SubtrackTable" => "GBrowse","Bio::Graphics::Browser2::TrackDumper" => "GBrowse","Bio::Graphics::Browser2::TrackDumper::RichSeqMaker" => "GBrowse","Bio::Graphics::Browser2::UserConf" => "GBrowse","Bio::Graphics::Browser2::UserDB" => "GBrowse","Bio::Graphics::Browser2::UserTracks" => "GBrowse","Bio::Graphics::Browser2::UserTracks::Database" => "GBrowse","Bio::Graphics::Browser2::UserTracks::Filesystem" => "GBrowse","Bio::Graphics::Browser2::Util" => "GBrowse","Bio::Graphics::GBrowseFeature" => "GBrowse","Bio::Graphics::Karyotype" => "GBrowse","Bio::Graphics::Wiggle::Loader::Nosample" => "GBrowse","Boost::Graph" => "Boost-Graph","Boost::Graph::Directed" => "Boost-Graph","Boost::Graph::Undirected" => "Boost-Graph","Bundle::Apache" => "mod_perl","Bundle::Apache2" => "mod_perl","Bundle::Apache::ASP" => "Apache-ASP","Bundle::Apache::ASP::Extra" => "Apache-ASP","Bundle::DBD::Pg" => "DBD-Pg","Bundle::DBD::mysql" => "DBD-mysql","Bundle::DBI" => "DBI","Bundle::HTML::EP" => "HTML-EP","Bundle::Image::Info::Everything" => "Image-Info","Bundle::Image::Info::PNG" => "Image-Info","Bundle::Image::Info::SVG" => "Image-Info","Bundle::Image::Info::XBM" => "Image-Info","Bundle::Image::Info::XPM" => "Image-Info","Bundle::LWP" => "libwww-perl","Bundle::Net::LDAP" => "perl-ldap","Bundle::PlRPC" => "PlRPC","CBC" => "Crypt-CBC","CBOR::XS" => "CBOR-XS","CGI" => "CGI","CGI::Application" => "CGI-Application","CGI::Application::Dispatch" => "CGI-Application-Dispatch","CGI::Application::Dispatch::PSGI" => "CGI-Application-Dispatch","CGI::Application::Dispatch::Regexp" => "CGI-Application-Dispatch","CGI::Application::Mailform" => "CGI-Application","CGI::Application::Plugin::AutoRunmode" => "CGI-Application-Plugin-AutoRunmode","CGI::Application::Plugin::AutoRunmode::FileDelegate" => "CGI-Application-Plugin-AutoRunmode","CGI::Application::Plugin::CAPTCHA" => "CGI-Application-Plugin-CAPTCHA","CGI::Application::Plugin::RunmodeDeclare" => "CGI-Application-Plugin-RunmodeDeclare","CGI::Carp" => "CGI","CGI::Cookie" => "CGI","CGI::File::Temp" => "CGI","CGI::HTML::Functions" => "CGI","CGI::Maypole" => "Maypole","CGI::MultipartBuffer" => "CGI","CGI::Pretty" => "CGI","CGI::Push" => "CGI","CGI::Session" => "CGI-Session","CGI::Session::BluePrint" => "CGI-Session","CGI::Session::CookBook" => "CGI-Session","CGI::Session::DB_File" => "CGI-Session","CGI::Session::Driver" => "CGI-Session","CGI::Session::Driver::DBI" => "CGI-Session","CGI::Session::Driver::db_file" => "CGI-Session","CGI::Session::Driver::file" => "CGI-Session","CGI::Session::Driver::mysql" => "CGI-Session","CGI::Session::Driver::postgresql" => "CGI-Session","CGI::Session::Driver::sqlite" => "CGI-Session","CGI::Session::ErrorHandler" => "CGI-Session","CGI::Session::Example" => "CGI-Session","CGI::Session::File" => "CGI-Session","CGI::Session::ID::SHA1" => "CGI-Session","CGI::Session::ID::incr" => "CGI-Session","CGI::Session::ID::md5" => "CGI-Session","CGI::Session::ID::static" => "CGI-Session","CGI::Session::MySQL" => "CGI-Session","CGI::Session::PostgreSQL" => "CGI-Session","CGI::Session::Query" => "CGI-Session","CGI::Session::Serialize::default" => "CGI-Session","CGI::Session::Serialize::freezethaw" => "CGI-Session","CGI::Session::Serialize::json" => "CGI-Session","CGI::Session::Serialize::storable" => "CGI-Session","CGI::Session::Test::Default" => "CGI-Session","CGI::Session::Test::SimpleObjectClass" => "CGI-Session","CGI::Session::Tutorial" => "CGI-Session","CGI::Simple" => "CGI-Simple","CGI::Simple::Cookie" => "CGI-Simple","CGI::Simple::Standard" => "CGI-Simple","CGI::Simple::Util" => "CGI-Simple","CGI::Toggle" => "GBrowse","CGI::Untaint::Maypole" => "Maypole","CGI::Util" => "CGI","CGI::apacheSSI" => "CGI-apacheSSI","CGI::apacheSSI::Gmt" => "CGI-apacheSSI","CGI::apacheSSI::LMOD" => "CGI-apacheSSI","CGI::apacheSSI::Local" => "CGI-apacheSSI","CGI::mod_perl" => "mod_perl","CPAN" => "CPAN","CPAN::Admin" => "CPAN","CPAN::Author" => "CPAN","CPAN::Bundle" => "CPAN","CPAN::CacheMgr" => "CPAN","CPAN::Checksums" => "CPAN-Checksums","CPAN::Complete" => "CPAN","CPAN::Debug" => "CPAN","CPAN::DeferredCode" => "CPAN","CPAN::Distribution" => "CPAN","CPAN::Distroprefs" => "CPAN","CPAN::Distroprefs::Iterator" => "CPAN","CPAN::Distroprefs::Pref" => "CPAN","CPAN::Distroprefs::Result" => "CPAN","CPAN::Distroprefs::Result::Error" => "CPAN","CPAN::Distroprefs::Result::Fatal" => "CPAN","CPAN::Distroprefs::Result::Success" => "CPAN","CPAN::Distroprefs::Result::Warning" => "CPAN","CPAN::Distrostatus" => "CPAN","CPAN::Eval" => "CPAN","CPAN::Exception::RecursiveDependency" => "CPAN","CPAN::Exception::RecursiveDependency::na" => "CPAN","CPAN::Exception::blocked_urllist" => "CPAN","CPAN::Exception::yaml_not_installed" => "CPAN","CPAN::Exception::yaml_process_error" => "CPAN","CPAN::FTP" => "CPAN","CPAN::FTP::netrc" => "CPAN","CPAN::FirstTime" => "CPAN","CPAN::HTTP::Client" => "CPAN","CPAN::HTTP::Credentials" => "CPAN","CPAN::HandleConfig" => "CPAN","CPAN::Index" => "CPAN","CPAN::InfoObj" => "CPAN","CPAN::Kwalify" => "CPAN","CPAN::LWP::UserAgent" => "CPAN","CPAN::Mirrored::By" => "CPAN","CPAN::Mirrors" => "CPAN","CPAN::Module" => "CPAN","CPAN::Nox" => "CPAN","CPAN::Plugin" => "CPAN","CPAN::Plugin::Specfile" => "CPAN","CPAN::Prompt" => "CPAN","CPAN::Queue" => "CPAN","CPAN::Queue::Item" => "CPAN","CPAN::Shell" => "CPAN","CPAN::Tarzip" => "CPAN","CPAN::URL" => "CPAN","CPAN::Version" => "CPAN","Capture::Tiny" => "Capture-Tiny","Catalyst" => "Catalyst-Runtime","Catalyst::Action" => "Catalyst-Runtime","Catalyst::Action::Deserialize" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::Callback" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::JSON" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::JSON::XS" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::View" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::XML::Simple" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::YAML" => "Catalyst-Action-REST","Catalyst::Action::DeserializeMultiPart" => "Catalyst-Action-REST","Catalyst::Action::REST" => "Catalyst-Action-REST","Catalyst::Action::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Action::Serialize" => "Catalyst-Action-REST","Catalyst::Action::Serialize::Callback" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSON" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSON::XS" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSONP" => "Catalyst-Action-REST","Catalyst::Action::Serialize::View" => "Catalyst-Action-REST","Catalyst::Action::Serialize::XML::Simple" => "Catalyst-Action-REST","Catalyst::Action::Serialize::YAML" => "Catalyst-Action-REST","Catalyst::Action::Serialize::YAML::HTML" => "Catalyst-Action-REST","Catalyst::Action::SerializeBase" => "Catalyst-Action-REST","Catalyst::ActionChain" => "Catalyst-Runtime","Catalyst::ActionContainer" => "Catalyst-Runtime","Catalyst::ActionRole::ConsumesContent" => "Catalyst-Runtime","Catalyst::ActionRole::HTTPMethods" => "Catalyst-Runtime","Catalyst::ActionRole::QueryMatching" => "Catalyst-Runtime","Catalyst::ActionRole::Scheme" => "Catalyst-Runtime","Catalyst::Authentication::Credential::HTTP" => "Catalyst-Authentication-Credential-HTTP","Catalyst::Authentication::Credential::HTTP::Nonce" => "Catalyst-Authentication-Credential-HTTP","Catalyst::Authentication::Store::LDAP" => "Catalyst-Authentication-Store-LDAP","Catalyst::Authentication::Store::LDAP::Backend" => "Catalyst-Authentication-Store-LDAP","Catalyst::Authentication::Store::LDAP::User" => "Catalyst-Authentication-Store-LDAP","Catalyst::Base" => "Catalyst-Runtime","Catalyst::ClassData" => "Catalyst-Runtime","Catalyst::Component" => "Catalyst-Runtime","Catalyst::Component::ApplicationAttribute" => "Catalyst-Runtime","Catalyst::Component::ContextClosure" => "Catalyst-Runtime","Catalyst::Controller" => "Catalyst-Runtime","Catalyst::Controller::Combine" => "Catalyst-Controller-Combine","Catalyst::Controller::REST" => "Catalyst-Action-REST","Catalyst::DispatchType" => "Catalyst-Runtime","Catalyst::DispatchType::Chained" => "Catalyst-Runtime","Catalyst::DispatchType::Default" => "Catalyst-Runtime","Catalyst::DispatchType::Index" => "Catalyst-Runtime","Catalyst::DispatchType::Path" => "Catalyst-Runtime","Catalyst::Dispatcher" => "Catalyst-Runtime","Catalyst::Engine" => "Catalyst-Runtime","Catalyst::Engine::CGI" => "Catalyst-Runtime","Catalyst::Engine::FastCGI" => "Catalyst-Runtime","Catalyst::Engine::HTTP" => "Catalyst-Runtime","Catalyst::Engine::HTTP::Restarter" => "Catalyst-Runtime","Catalyst::Engine::HTTP::Restarter::Watcher" => "Catalyst-Runtime","Catalyst::EngineLoader" => "Catalyst-Runtime","Catalyst::Exception" => "Catalyst-Runtime","Catalyst::Exception::Base" => "Catalyst-Runtime","Catalyst::Exception::Basic" => "Catalyst-Runtime","Catalyst::Exception::Detach" => "Catalyst-Runtime","Catalyst::Exception::Go" => "Catalyst-Runtime","Catalyst::Exception::Interface" => "Catalyst-Runtime","Catalyst::Helper::Controller::Combine" => "Catalyst-Controller-Combine","Catalyst::Log" => "Catalyst-Runtime","Catalyst::Middleware::Stash" => "Catalyst-Runtime","Catalyst::Model" => "Catalyst-Runtime","Catalyst::Plugin::Session" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::State" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Store" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Store::Dummy" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Test::Store" => "Catalyst-Plugin-Session","Catalyst::Plugin::Static" => "Catalyst-Plugin-Static","Catalyst::Plugin::Static::Simple" => "Catalyst-Plugin-Static-Simple","Catalyst::Plugin::Unicode::Encoding" => "Catalyst-Runtime","Catalyst::Request" => "Catalyst-Runtime","Catalyst::Request::PartData" => "Catalyst-Runtime","Catalyst::Request::REST" => "Catalyst-Action-REST","Catalyst::Request::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Request::Upload" => "Catalyst-Runtime","Catalyst::Response" => "Catalyst-Runtime","Catalyst::Response::Writer" => "Catalyst-Runtime","Catalyst::Runtime" => "Catalyst-Runtime","Catalyst::Script::CGI" => "Catalyst-Runtime","Catalyst::Script::Create" => "Catalyst-Runtime","Catalyst::Script::FastCGI" => "Catalyst-Runtime","Catalyst::Script::Server" => "Catalyst-Runtime","Catalyst::Script::Test" => "Catalyst-Runtime","Catalyst::ScriptRole" => "Catalyst-Runtime","Catalyst::ScriptRunner" => "Catalyst-Runtime","Catalyst::Stats" => "Catalyst-Runtime","Catalyst::Test" => "Catalyst-Runtime","Catalyst::TraitFor::Request::REST" => "Catalyst-Action-REST","Catalyst::TraitFor::Request::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Utils" => "Catalyst-Runtime","Catalyst::View" => "Catalyst-Runtime","CatalystX::Controller::OpenSearch" => "Search-OpenSearch-Server","Chat::Controllers" => "Squatting","Chat::Views" => "Squatting","Class::Struct" => "perl","Class::Struct::Tie_ISA" => "perl","Clipboard" => "Clipboard","Clipboard::MacPasteboard" => "Clipboard","Clipboard::Pb" => "Clipboard","Clipboard::WaylandClipboard" => "Clipboard","Clipboard::Win32" => "Clipboard","Clipboard::Xclip" => "Clipboard","Clipboard::Xsel" => "Clipboard","Cmd::Dwarf" => "Cmd-Dwarf","Command" => "UR","Command::Common" => "UR","Command::DynamicSubCommands" => "UR","Command::Shell" => "UR","Command::SubCommandFactory" => "UR","Command::Test" => "UR","Command::Test::Echo" => "UR","Command::Test::Tree1" => "UR","Command::Test::Tree1::Echo1" => "UR","Command::Test::Tree1::Echo2" => "UR","Command::Tree" => "UR","Command::V1" => "UR","Command::V2" => "UR","Compress::LZ4" => "Compress-LZ4","Compress::Raw::Bunzip2" => "Compress-Raw-Bzip2","Compress::Raw::Bzip2" => "Compress-Raw-Bzip2","Compress::Raw::Zlib" => "Compress-Raw-Zlib","Compress::Zlib" => "IO-Compress","Concierge::Sessions" => "Concierge-Sessions","Concierge::Sessions::Base" => "Concierge-Sessions","Concierge::Sessions::File" => "Concierge-Sessions","Concierge::Sessions::SQLite" => "Concierge-Sessions","Concierge::Sessions::Session" => "Concierge-Sessions","Config::Extensions" => "perl","Config::IniFiles" => "Config-IniFiles","Config::Model" => "Config-Model","Config::Model::Annotation" => "Config-Model","Config::Model::AnyId" => "Config-Model","Config::Model::AnyThing" => "Config-Model","Config::Model::Backend::Any" => "Config-Model","Config::Model::Backend::CdsFile" => "Config-Model","Config::Model::Backend::Fstab" => "Config-Model","Config::Model::Backend::IniFile" => "Config-Model","Config::Model::Backend::Json" => "Config-Model","Config::Model::Backend::PerlFile" => "Config-Model","Config::Model::Backend::PlainFile" => "Config-Model","Config::Model::Backend::ShellVar" => "Config-Model","Config::Model::BackendMgr" => "Config-Model","Config::Model::BackendTrackOrder" => "Config-Model","Config::Model::CheckList" => "Config-Model","Config::Model::DeprecatedHandle" => "Config-Model","Config::Model::Describe" => "Config-Model","Config::Model::DumpAsData" => "Config-Model","Config::Model::Dumper" => "Config-Model","Config::Model::Exception" => "Config-Model","Config::Model::Exception::AncestorClass" => "Config-Model","Config::Model::Exception::Any" => "Config-Model","Config::Model::Exception::ConfigFile" => "Config-Model","Config::Model::Exception::ConfigFile::Missing" => "Config-Model","Config::Model::Exception::Fatal" => "Config-Model","Config::Model::Exception::Formula" => "Config-Model","Config::Model::Exception::Internal" => "Config-Model","Config::Model::Exception::Load" => "Config-Model","Config::Model::Exception::LoadData" => "Config-Model","Config::Model::Exception::Model" => "Config-Model","Config::Model::Exception::ModelDeclaration" => "Config-Model","Config::Model::Exception::ObsoleteElement" => "Config-Model","Config::Model::Exception::Syntax" => "Config-Model","Config::Model::Exception::UnavailableElement" => "Config-Model","Config::Model::Exception::UnknownElement" => "Config-Model","Config::Model::Exception::UnknownId" => "Config-Model","Config::Model::Exception::User" => "Config-Model","Config::Model::Exception::WarpError" => "Config-Model","Config::Model::Exception::WrongType" => "Config-Model","Config::Model::Exception::WrongValue" => "Config-Model","Config::Model::FuseUI" => "Config-Model","Config::Model::HashId" => "Config-Model","Config::Model::IdElementReference" => "Config-Model","Config::Model::Instance" => "Config-Model","Config::Model::Iterator" => "Config-Model","Config::Model::ListId" => "Config-Model","Config::Model::Lister" => "Config-Model","Config::Model::Loader" => "Config-Model","Config::Model::Node" => "Config-Model","Config::Model::ObjTreeScanner" => "Config-Model","Config::Model::Report" => "Config-Model","Config::Model::Role::ComputeFunction" => "Config-Model","Config::Model::Role::Constants" => "Config-Model","Config::Model::Role::FileHandler" => "Config-Model","Config::Model::Role::Grab" => "Config-Model","Config::Model::Role::HelpAsText" => "Config-Model","Config::Model::Role::NodeLoader" => "Config-Model","Config::Model::Role::Utils" => "Config-Model","Config::Model::Role::WarpMaster" => "Config-Model","Config::Model::SearchElement" => "Config-Model","Config::Model::SimpleUI" => "Config-Model","Config::Model::TermUI" => "Config-Model","Config::Model::TreeSearcher" => "Config-Model","Config::Model::TypeConstraints" => "Config-Model","Config::Model::Utils::GenClassPod" => "Config-Model","Config::Model::Value" => "Config-Model","Config::Model::Value::LayeredInclude" => "Config-Model","Config::Model::Value::Update" => "Config-Model","Config::Model::Value::UpdateFromFile" => "Config-Model","Config::Model::ValueComputer" => "Config-Model","Config::Model::WarpedNode" => "Config-Model","Config::Model::Warper" => "Config-Model","Convert::ASN1" => "Convert-ASN1","Convert::UUlib" => "Convert-UUlib","CouchWiki" => "Squatting","CouchWiki::Controllers" => "Squatting","CouchWiki::Models" => "Squatting","CouchWiki::Views" => "Squatting","Counter::Controllers" => "Squatting","Cpanel::JSON::XS" => "Cpanel-JSON-XS","Cpanel::JSON::XS::Type" => "Cpanel-JSON-XS","Crypt::AuthEnc" => "CryptX","Crypt::AuthEnc::CCM" => "CryptX","Crypt::AuthEnc::ChaCha20Poly1305" => "CryptX","Crypt::AuthEnc::EAX" => "CryptX","Crypt::AuthEnc::GCM" => "CryptX","Crypt::AuthEnc::OCB" => "CryptX","Crypt::CBC" => "Crypt-CBC","Crypt::CBC::PBKDF" => "Crypt-CBC","Crypt::CBC::PBKDF::none" => "Crypt-CBC","Crypt::CBC::PBKDF::opensslv1" => "Crypt-CBC","Crypt::CBC::PBKDF::opensslv2" => "Crypt-CBC","Crypt::CBC::PBKDF::pbkdf2" => "Crypt-CBC","Crypt::CBC::PBKDF::randomiv" => "Crypt-CBC","Crypt::Checksum" => "CryptX","Crypt::Checksum::Adler32" => "CryptX","Crypt::Checksum::CRC32" => "CryptX","Crypt::Cipher" => "CryptX","Crypt::Cipher::AES" => "CryptX","Crypt::Cipher::Anubis" => "CryptX","Crypt::Cipher::Blowfish" => "CryptX","Crypt::Cipher::CAST5" => "CryptX","Crypt::Cipher::Camellia" => "CryptX","Crypt::Cipher::DES" => "CryptX","Crypt::Cipher::DES_EDE" => "CryptX","Crypt::Cipher::IDEA" => "CryptX","Crypt::Cipher::KASUMI" => "CryptX","Crypt::Cipher::Khazad" => "CryptX","Crypt::Cipher::MULTI2" => "CryptX","Crypt::Cipher::Noekeon" => "CryptX","Crypt::Cipher::RC2" => "CryptX","Crypt::Cipher::RC5" => "CryptX","Crypt::Cipher::RC6" => "CryptX","Crypt::Cipher::SAFERP" => "CryptX","Crypt::Cipher::SAFER_K128" => "CryptX","Crypt::Cipher::SAFER_K64" => "CryptX","Crypt::Cipher::SAFER_SK128" => "CryptX","Crypt::Cipher::SAFER_SK64" => "CryptX","Crypt::Cipher::SEED" => "CryptX","Crypt::Cipher::Serpent" => "CryptX","Crypt::Cipher::Skipjack" => "CryptX","Crypt::Cipher::Twofish" => "CryptX","Crypt::Cipher::XTEA" => "CryptX","Crypt::DSA" => "Crypt-DSA","Crypt::DSA::Key" => "Crypt-DSA","Crypt::DSA::Key::PEM" => "Crypt-DSA","Crypt::DSA::Key::SSH2" => "Crypt-DSA","Crypt::DSA::KeyChain" => "Crypt-DSA","Crypt::DSA::Signature" => "Crypt-DSA","Crypt::DSA::Util" => "Crypt-DSA","Crypt::Digest" => "CryptX","Crypt::Digest::BLAKE2b_160" => "CryptX","Crypt::Digest::BLAKE2b_256" => "CryptX","Crypt::Digest::BLAKE2b_384" => "CryptX","Crypt::Digest::BLAKE2b_512" => "CryptX","Crypt::Digest::BLAKE2s_128" => "CryptX","Crypt::Digest::BLAKE2s_160" => "CryptX","Crypt::Digest::BLAKE2s_224" => "CryptX","Crypt::Digest::BLAKE2s_256" => "CryptX","Crypt::Digest::CHAES" => "CryptX","Crypt::Digest::Keccak224" => "CryptX","Crypt::Digest::Keccak256" => "CryptX","Crypt::Digest::Keccak384" => "CryptX","Crypt::Digest::Keccak512" => "CryptX","Crypt::Digest::MD2" => "CryptX","Crypt::Digest::MD4" => "CryptX","Crypt::Digest::MD5" => "CryptX","Crypt::Digest::RIPEMD128" => "CryptX","Crypt::Digest::RIPEMD160" => "CryptX","Crypt::Digest::RIPEMD256" => "CryptX","Crypt::Digest::RIPEMD320" => "CryptX","Crypt::Digest::SHA1" => "CryptX","Crypt::Digest::SHA224" => "CryptX","Crypt::Digest::SHA256" => "CryptX","Crypt::Digest::SHA384" => "CryptX","Crypt::Digest::SHA3_224" => "CryptX","Crypt::Digest::SHA3_256" => "CryptX","Crypt::Digest::SHA3_384" => "CryptX","Crypt::Digest::SHA3_512" => "CryptX","Crypt::Digest::SHA512" => "CryptX","Crypt::Digest::SHA512_224" => "CryptX","Crypt::Digest::SHA512_256" => "CryptX","Crypt::Digest::SHAKE" => "CryptX","Crypt::Digest::Tiger192" => "CryptX","Crypt::Digest::Whirlpool" => "CryptX","Crypt::JWT" => "Crypt-JWT","Crypt::KeyDerivation" => "CryptX","Crypt::KeyWrap" => "Crypt-JWT","Crypt::Mac" => "CryptX","Crypt::Mac::BLAKE2b" => "CryptX","Crypt::Mac::BLAKE2s" => "CryptX","Crypt::Mac::F9" => "CryptX","Crypt::Mac::HMAC" => "CryptX","Crypt::Mac::OMAC" => "CryptX","Crypt::Mac::PMAC" => "CryptX","Crypt::Mac::Pelican" => "CryptX","Crypt::Mac::Poly1305" => "CryptX","Crypt::Mac::XCBC" => "CryptX","Crypt::Misc" => "CryptX","Crypt::Mode" => "CryptX","Crypt::Mode::CBC" => "CryptX","Crypt::Mode::CFB" => "CryptX","Crypt::Mode::CTR" => "CryptX","Crypt::Mode::ECB" => "CryptX","Crypt::Mode::OFB" => "CryptX","Crypt::NaCl::Sodium" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::aead" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::auth" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::box" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::generichash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::hash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::onetimeauth" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::pwhash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::scalarmult" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::secretbox" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::shorthash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::sign" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::stream" => "Crypt-NaCl-Sodium","Crypt::OpenSSL::DSA" => "Crypt-OpenSSL-DSA","Crypt::OpenSSL::RSA" => "Crypt-OpenSSL-RSA","Crypt::PK" => "CryptX","Crypt::PK::DH" => "CryptX","Crypt::PK::DSA" => "CryptX","Crypt::PK::ECC" => "CryptX","Crypt::PK::Ed25519" => "CryptX","Crypt::PK::RSA" => "CryptX","Crypt::PK::X25519" => "CryptX","Crypt::PRNG" => "CryptX","Crypt::PRNG::ChaCha20" => "CryptX","Crypt::PRNG::Fortuna" => "CryptX","Crypt::PRNG::RC4" => "CryptX","Crypt::PRNG::Sober128" => "CryptX","Crypt::PRNG::Yarrow" => "CryptX","Crypt::Passwd::XS" => "Crypt-Passwd-XS","Crypt::Perl" => "Crypt-Perl","Crypt::Perl::ASN1" => "Crypt-Perl","Crypt::Perl::ASN1::BitString" => "Crypt-Perl","Crypt::Perl::ASN1::Encodee" => "Crypt-Perl","Crypt::Perl::ASN1::Signatures" => "Crypt-Perl","Crypt::Perl::BigInt" => "Crypt-Perl","Crypt::Perl::ECDSA" => "Crypt-Perl","Crypt::Perl::ECDSA::Deterministic" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::Curve" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::CurvesDB" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::DB" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::FieldElement" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::Point" => "Crypt-Perl","Crypt::Perl::ECDSA::ECParameters" => "Crypt-Perl","Crypt::Perl::ECDSA::EncodedPoint" => "Crypt-Perl","Crypt::Perl::ECDSA::Generate" => "Crypt-Perl","Crypt::Perl::ECDSA::KeyBase" => "Crypt-Perl","Crypt::Perl::ECDSA::Math" => "Crypt-Perl","Crypt::Perl::ECDSA::NIST" => "Crypt-Perl","Crypt::Perl::ECDSA::Parse" => "Crypt-Perl","Crypt::Perl::ECDSA::PrivateKey" => "Crypt-Perl","Crypt::Perl::ECDSA::PublicKey" => "Crypt-Perl","Crypt::Perl::ECDSA::Utils" => "Crypt-Perl","Crypt::Perl::Ed25519" => "Crypt-Perl","Crypt::Perl::Ed25519::KeyBase" => "Crypt-Perl","Crypt::Perl::Ed25519::Math" => "Crypt-Perl","Crypt::Perl::Ed25519::Parse" => "Crypt-Perl","Crypt::Perl::Ed25519::PrivateKey" => "Crypt-Perl","Crypt::Perl::Ed25519::PublicKey" => "Crypt-Perl","Crypt::Perl::JWK" => "Crypt-Perl","Crypt::Perl::KeyBase" => "Crypt-Perl","Crypt::Perl::Math" => "Crypt-Perl","Crypt::Perl::PK" => "Crypt-Perl","Crypt::Perl::PKCS10" => "Crypt-Perl","Crypt::Perl::PKCS10::ASN1" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute::challengePassword" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute::extensionRequest" => "Crypt-Perl","Crypt::Perl::PKCS10::Attributes" => "Crypt-Perl","Crypt::Perl::PKCS8" => "Crypt-Perl","Crypt::Perl::RNG" => "Crypt-Perl","Crypt::Perl::RSA" => "Crypt-Perl","Crypt::Perl::RSA::Generate" => "Crypt-Perl","Crypt::Perl::RSA::KeyBase" => "Crypt-Perl","Crypt::Perl::RSA::PKCS1_v1_5" => "Crypt-Perl","Crypt::Perl::RSA::Parse" => "Crypt-Perl","Crypt::Perl::RSA::PrivateKey" => "Crypt-Perl","Crypt::Perl::RSA::PublicKey" => "Crypt-Perl","Crypt::Perl::RSA::Template" => "Crypt-Perl","Crypt::Perl::ToDER" => "Crypt-Perl","Crypt::Perl::X" => "Crypt-Perl","Crypt::Perl::X509::Extension" => "Crypt-Perl","Crypt::Perl::X509::Extension::acmeValidation_v1" => "Crypt-Perl","Crypt::Perl::X509::Extension::authorityInfoAccess" => "Crypt-Perl","Crypt::Perl::X509::Extension::authorityKeyIdentifier" => "Crypt-Perl","Crypt::Perl::X509::Extension::basicConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::cRLDistributionPoints" => "Crypt-Perl","Crypt::Perl::X509::Extension::certificatePolicies" => "Crypt-Perl","Crypt::Perl::X509::Extension::ct_precert_poison" => "Crypt-Perl","Crypt::Perl::X509::Extension::ct_precert_scts" => "Crypt-Perl","Crypt::Perl::X509::Extension::extKeyUsage" => "Crypt-Perl","Crypt::Perl::X509::Extension::freshestCRL" => "Crypt-Perl","Crypt::Perl::X509::Extension::inhibitAnyPolicy" => "Crypt-Perl","Crypt::Perl::X509::Extension::issuerAltName" => "Crypt-Perl","Crypt::Perl::X509::Extension::keyUsage" => "Crypt-Perl","Crypt::Perl::X509::Extension::nameConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::noCheck" => "Crypt-Perl","Crypt::Perl::X509::Extension::policyConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::policyMappings" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectAltName" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectDirectoryAttributes" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectInfoAccess" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectKeyIdentifier" => "Crypt-Perl","Crypt::Perl::X509::Extension::tlsFeature" => "Crypt-Perl","Crypt::Perl::X509::Extensions" => "Crypt-Perl","Crypt::Perl::X509::GeneralName" => "Crypt-Perl","Crypt::Perl::X509::GeneralNames" => "Crypt-Perl","Crypt::Perl::X509::InfoAccessBase" => "Crypt-Perl","Crypt::Perl::X509::Name" => "Crypt-Perl","Crypt::Perl::X509::RelativeDistinguishedName" => "Crypt-Perl","Crypt::Perl::X509::SCT" => "Crypt-Perl","Crypt::Perl::X509v3" => "Crypt-Perl","Crypt::Perl::X::ASN1::Decode" => "Crypt-Perl","Crypt::Perl::X::ASN1::Encode" => "Crypt-Perl","Crypt::Perl::X::ASN1::Find" => "Crypt-Perl","Crypt::Perl::X::ASN1::Prepare" => "Crypt-Perl","Crypt::Perl::X::Base" => "Crypt-Perl","Crypt::Perl::X::ECDSA::CharacteristicTwoUnsupported" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForNISTName" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForName" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForOID" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForParameters" => "Crypt-Perl","Crypt::Perl::X::Generic" => "Crypt-Perl","Crypt::Perl::X::InvalidJWK" => "Crypt-Perl","Crypt::Perl::X::TooLongToSign" => "Crypt-Perl","Crypt::Perl::X::UnknownHash" => "Crypt-Perl","Crypt::Perl::X::UnknownJWKkty" => "Crypt-Perl","Crypt::Primes" => "Crypt-Primes","Crypt::Random" => "Crypt-Random","Crypt::Random::Generator" => "Crypt-Random","Crypt::Random::Provider::File" => "Crypt-Random","Crypt::Random::Provider::Win32API" => "Crypt-Random","Crypt::Random::Provider::devrandom" => "Crypt-Random","Crypt::Random::Provider::devurandom" => "Crypt-Random","Crypt::Random::Provider::egd" => "Crypt-Random","Crypt::Random::Provider::rand" => "Crypt-Random","Crypt::Random::Source" => "Crypt-Random-Source","Crypt::Random::Source::Base" => "Crypt-Random-Source","Crypt::Random::Source::Base::File" => "Crypt-Random-Source","Crypt::Random::Source::Base::Handle" => "Crypt-Random-Source","Crypt::Random::Source::Base::Proc" => "Crypt-Random-Source","Crypt::Random::Source::Base::RandomDevice" => "Crypt-Random-Source","Crypt::Random::Source::Factory" => "Crypt-Random-Source","Crypt::Random::Source::Strong" => "Crypt-Random-Source","Crypt::Random::Source::Strong::devrandom" => "Crypt-Random-Source","Crypt::Random::Source::Weak" => "Crypt-Random-Source","Crypt::Random::Source::Weak::devurandom" => "Crypt-Random-Source","Crypt::RandomEncryption" => "Crypt-RandomEncryption","Crypt::Salt" => "Crypt-Salt","Crypt::Sodium::XS" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Base" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Base64" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Core" => "Crypt-Sodium-XS","Crypt::Sodium::XS::MemVault" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::Base" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::aead" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::auth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::box" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::curve25519" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::generichash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::hash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::hkdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::ipcrypt" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::kdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::kx" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::onetimeauth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::pwhash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::scalarmult" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::secretbox" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::secretstream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::shorthash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::sign" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::stream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::ProtMem" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Util" => "Crypt-Sodium-XS","Crypt::Sodium::XS::aead" => "Crypt-Sodium-XS","Crypt::Sodium::XS::auth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::box" => "Crypt-Sodium-XS","Crypt::Sodium::XS::curve25519" => "Crypt-Sodium-XS","Crypt::Sodium::XS::generichash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::hash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::hkdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::ipcrypt" => "Crypt-Sodium-XS","Crypt::Sodium::XS::kdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::kx" => "Crypt-Sodium-XS","Crypt::Sodium::XS::onetimeauth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::pwhash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::scalarmult" => "Crypt-Sodium-XS","Crypt::Sodium::XS::secretbox" => "Crypt-Sodium-XS","Crypt::Sodium::XS::secretstream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::shorthash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::sign" => "Crypt-Sodium-XS","Crypt::Sodium::XS::stream" => "Crypt-Sodium-XS","Crypt::Stream::ChaCha" => "CryptX","Crypt::Stream::RC4" => "CryptX","Crypt::Stream::Rabbit" => "CryptX","Crypt::Stream::Salsa20" => "CryptX","Crypt::Stream::Sober128" => "CryptX","Crypt::Stream::Sosemanuk" => "CryptX","Crypt::SysRandom::XS" => "Crypt-SysRandom-XS","Crypt::URandom" => "Crypt-URandom","CryptX" => "CryptX","Cwd" => "PathTools","DBD::DBM" => "DBI","DBD::DBM::Statement" => "DBI","DBD::DBM::Table" => "DBI","DBD::DBM::db" => "DBI","DBD::DBM::dr" => "DBI","DBD::DBM::st" => "DBI","DBD::ExampleP" => "DBI","DBD::ExampleP::db" => "DBI","DBD::ExampleP::dr" => "DBI","DBD::ExampleP::st" => "DBI","DBD::File" => "DBI","DBD::File::DataSource::File" => "DBI","DBD::File::DataSource::Stream" => "DBI","DBD::File::Statement" => "DBI","DBD::File::Table" => "DBI","DBD::File::TableSource::FileSystem" => "DBI","DBD::File::db" => "DBI","DBD::File::dr" => "DBI","DBD::File::st" => "DBI","DBD::Gofer" => "DBI","DBD::Gofer::Policy::Base" => "DBI","DBD::Gofer::Policy::classic" => "DBI","DBD::Gofer::Policy::pedantic" => "DBI","DBD::Gofer::Policy::rush" => "DBI","DBD::Gofer::Transport::Base" => "DBI","DBD::Gofer::Transport::corostream" => "DBI","DBD::Gofer::Transport::null" => "DBI","DBD::Gofer::Transport::pipeone" => "DBI","DBD::Gofer::Transport::stream" => "DBI","DBD::Gofer::db" => "DBI","DBD::Gofer::dr" => "DBI","DBD::Gofer::st" => "DBI","DBD::MariaDB" => "DBD-MariaDB","DBD::Mem" => "DBI","DBD::Mem::DataSource" => "DBI","DBD::Mem::Statement" => "DBI","DBD::Mem::Table" => "DBI","DBD::Mem::db" => "DBI","DBD::Mem::dr" => "DBI","DBD::Mem::st" => "DBI","DBD::NullP" => "DBI","DBD::NullP::db" => "DBI","DBD::NullP::dr" => "DBI","DBD::NullP::st" => "DBI","DBD::Pg" => "DBD-Pg","DBD::Proxy" => "DBI","DBD::Proxy::RPC::PlClient" => "DBI","DBD::Proxy::db" => "DBI","DBD::Proxy::dr" => "DBI","DBD::Proxy::st" => "DBI","DBD::SQLite" => "DBD-SQLite","DBD::SQLite::Constants" => "DBD-SQLite","DBD::SQLite::GetInfo" => "DBD-SQLite","DBD::SQLite::VirtualTable" => "DBD-SQLite","DBD::SQLite::VirtualTable::Cursor" => "DBD-SQLite","DBD::SQLite::VirtualTable::FileContent" => "DBD-SQLite","DBD::SQLite::VirtualTable::FileContent::Cursor" => "DBD-SQLite","DBD::SQLite::VirtualTable::PerlData" => "DBD-SQLite","DBD::SQLite::VirtualTable::PerlData::Cursor" => "DBD-SQLite","DBD::Sponge" => "DBI","DBD::Sponge::db" => "DBI","DBD::Sponge::dr" => "DBI","DBD::Sponge::st" => "DBI","DBD::mysql" => "DBD-mysql","DBD::mysql::GetInfo" => "DBD-mysql","DBD::mysql::db" => "DBD-mysql","DBD::mysql::dr" => "DBD-mysql","DBD::mysql::st" => "DBD-mysql","DBD::mysqlPP" => "DBD-mysqlPP","DBD::mysqlPP::db" => "DBD-mysqlPP","DBD::mysqlPP::dr" => "DBD-mysqlPP","DBD::mysqlPP::st" => "DBD-mysqlPP","DBDI" => "DBI","DBI" => "DBI","DBI::Const::GetInfo::ANSI" => "DBI","DBI::Const::GetInfo::ODBC" => "DBI","DBI::Const::GetInfoReturn" => "DBI","DBI::Const::GetInfoType" => "DBI","DBI::DBD" => "DBI","DBI::DBD::Metadata" => "DBI","DBI::DBD::SqlEngine" => "DBI","DBI::DBD::SqlEngine::DataSource" => "DBI","DBI::DBD::SqlEngine::Statement" => "DBI","DBI::DBD::SqlEngine::Table" => "DBI","DBI::DBD::SqlEngine::TableSource" => "DBI","DBI::DBD::SqlEngine::TieMeta" => "DBI","DBI::DBD::SqlEngine::TieTables" => "DBI","DBI::DBD::SqlEngine::db" => "DBI","DBI::DBD::SqlEngine::dr" => "DBI","DBI::DBD::SqlEngine::st" => "DBI","DBI::FAQ" => "DBI","DBI::Gofer::Execute" => "DBI","DBI::Gofer::Request" => "DBI","DBI::Gofer::Response" => "DBI","DBI::Gofer::Serializer::Base" => "DBI","DBI::Gofer::Serializer::DataDumper" => "DBI","DBI::Gofer::Serializer::Storable" => "DBI","DBI::Gofer::Transport::Base" => "DBI","DBI::Gofer::Transport::pipeone" => "DBI","DBI::Gofer::Transport::stream" => "DBI","DBI::Library" => "MySQL-Admin","DBI::Library::Database" => "MySQL-Admin","DBI::Library::Database::db" => "MySQL-Admin","DBI::Library::Database::st" => "MySQL-Admin","DBI::Library::db" => "MySQL-Admin","DBI::Library::st" => "MySQL-Admin","DBI::Profile" => "DBI","DBI::ProfileData" => "DBI","DBI::ProfileDumper" => "DBI","DBI::ProfileDumper::Apache" => "DBI","DBI::ProfileSubs" => "DBI","DBI::ProxyServer" => "DBI","DBI::ProxyServer::db" => "DBI","DBI::ProxyServer::dr" => "DBI","DBI::ProxyServer::st" => "DBI","DBI::SQL::Nano" => "DBI","DBI::SQL::Nano::Statement_" => "DBI","DBI::SQL::Nano::Table_" => "DBI","DBI::Util::CacheMemory" => "DBI","DBI::Util::_accessor" => "DBI","DBI::common" => "DBI","DBIx::Class::EncodedColumn" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt::Eksblowfish::Bcrypt" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt::OpenPGP" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Digest" => "DBIx-Class-EncodedColumn","DBIx::Class::Valiant" => "Valiant","DBIx::Class::Valiant::Result" => "Valiant","DBIx::Class::Valiant::Result::HTML::FormFields" => "Valiant","DBIx::Class::Valiant::ResultSet" => "Valiant","DBIx::Class::Valiant::Util::Exception" => "Valiant","DBIx::Class::Valiant::Util::Exception::BadParameterFK" => "Valiant","DBIx::Class::Valiant::Util::Exception::BadParameters" => "Valiant","DBIx::Class::Valiant::Util::Exception::TooManyRows" => "Valiant","DBIx::Class::Valiant::Validates" => "Valiant","DBIx::Class::Valiant::Validator::Result" => "Valiant","DBIx::Class::Valiant::Validator::ResultSet" => "Valiant","DBIx::Class::Valiant::Validator::SetSize" => "Valiant","DBIx::Custom" => "DBIx-Custom","DBIx::Custom::Mapper" => "DBIx-Custom","DBIx::Custom::Model" => "DBIx-Custom","DBIx::Custom::NotExists" => "DBIx-Custom","DBIx::Custom::Order" => "DBIx-Custom","DBIx::Custom::Query" => "DBIx-Custom","DBIx::Custom::Result" => "DBIx-Custom","DBIx::Custom::Util" => "DBIx-Custom","DBIx::Custom::Where" => "DBIx-Custom","DBIx::Otogiri" => "Otogiri","DBIx::Otogiri::Iterator" => "Otogiri","DBM_Filter" => "perl","DBM_Filter::compress" => "perl","DBM_Filter::encode" => "perl","DBM_Filter::int32" => "perl","DBM_Filter::null" => "perl","DBM_Filter::utf8" => "perl","Dancer" => "Dancer","Dancer2" => "Dancer2","Dancer2::CLI" => "Dancer2","Dancer2::CLI::Command::gen" => "Dancer2","Dancer2::CLI::Command::version" => "Dancer2","Dancer2::CLI::Gen" => "Dancer2","Dancer2::CLI::Version" => "Dancer2","Dancer2::ConfigReader" => "Dancer2","Dancer2::ConfigReader::Config::Any" => "Dancer2","Dancer2::ConfigUtils" => "Dancer2","Dancer2::Core" => "Dancer2","Dancer2::Core::App" => "Dancer2","Dancer2::Core::Cookie" => "Dancer2","Dancer2::Core::DSL" => "Dancer2","Dancer2::Core::Dispatcher" => "Dancer2","Dancer2::Core::Error" => "Dancer2","Dancer2::Core::Factory" => "Dancer2","Dancer2::Core::HTTP" => "Dancer2","Dancer2::Core::Hook" => "Dancer2","Dancer2::Core::MIME" => "Dancer2","Dancer2::Core::Request" => "Dancer2","Dancer2::Core::Request::Upload" => "Dancer2","Dancer2::Core::Response" => "Dancer2","Dancer2::Core::Response::Delayed" => "Dancer2","Dancer2::Core::Role::ConfigReader" => "Dancer2","Dancer2::Core::Role::DSL" => "Dancer2","Dancer2::Core::Role::Engine" => "Dancer2","Dancer2::Core::Role::Handler" => "Dancer2","Dancer2::Core::Role::HasConfig" => "Dancer2","Dancer2::Core::Role::HasEnvironment" => "Dancer2","Dancer2::Core::Role::HasLocation" => "Dancer2","Dancer2::Core::Role::Hookable" => "Dancer2","Dancer2::Core::Role::Logger" => "Dancer2","Dancer2::Core::Role::Serializer" => "Dancer2","Dancer2::Core::Role::SessionFactory" => "Dancer2","Dancer2::Core::Role::SessionFactory::File" => "Dancer2","Dancer2::Core::Role::StandardResponses" => "Dancer2","Dancer2::Core::Role::Template" => "Dancer2","Dancer2::Core::Route" => "Dancer2","Dancer2::Core::Runner" => "Dancer2","Dancer2::Core::Session" => "Dancer2","Dancer2::Core::Time" => "Dancer2","Dancer2::Core::Types" => "Dancer2","Dancer2::FileUtils" => "Dancer2","Dancer2::Handler::AutoPage" => "Dancer2","Dancer2::Handler::File" => "Dancer2","Dancer2::Logger::Capture" => "Dancer2","Dancer2::Logger::Capture::Trap" => "Dancer2","Dancer2::Logger::Console" => "Dancer2","Dancer2::Logger::Diag" => "Dancer2","Dancer2::Logger::File" => "Dancer2","Dancer2::Logger::Note" => "Dancer2","Dancer2::Logger::Null" => "Dancer2","Dancer2::Plugin" => "Dancer2","Dancer2::Serializer::Dumper" => "Dancer2","Dancer2::Serializer::JSON" => "Dancer2","Dancer2::Serializer::Mutable" => "Dancer2","Dancer2::Serializer::YAML" => "Dancer2","Dancer2::Session::Simple" => "Dancer2","Dancer2::Session::YAML" => "Dancer2","Dancer2::Template::Implementation::ForkedTiny" => "Dancer2","Dancer2::Template::TemplateToolkit" => "Dancer2","Dancer2::Template::Tiny" => "Dancer2","Dancer2::Test" => "Dancer2","Dancer::App" => "Dancer","Dancer::Config" => "Dancer","Dancer::Config::Object" => "Dancer","Dancer::Continuation" => "Dancer","Dancer::Continuation::Halted" => "Dancer","Dancer::Continuation::Route" => "Dancer","Dancer::Continuation::Route::ErrorSent" => "Dancer","Dancer::Continuation::Route::FileSent" => "Dancer","Dancer::Continuation::Route::Forwarded" => "Dancer","Dancer::Continuation::Route::Passed" => "Dancer","Dancer::Continuation::Route::Templated" => "Dancer","Dancer::Cookie" => "Dancer","Dancer::Cookies" => "Dancer","Dancer::Deprecation" => "Dancer","Dancer::Engine" => "Dancer","Dancer::Error" => "Dancer","Dancer::Exception" => "Dancer","Dancer::Exception::Base" => "Dancer","Dancer::Exceptions" => "Dancer","Dancer::Factory::Hook" => "Dancer","Dancer::FileUtils" => "Dancer","Dancer::GetOpt" => "Dancer","Dancer::HTTP" => "Dancer","Dancer::Handler" => "Dancer","Dancer::Handler::Debug" => "Dancer","Dancer::Handler::PSGI" => "Dancer","Dancer::Handler::Standalone" => "Dancer","Dancer::Hook" => "Dancer","Dancer::Hook::Properties" => "Dancer","Dancer::Logger" => "Dancer","Dancer::Logger::Abstract" => "Dancer","Dancer::Logger::Capture" => "Dancer","Dancer::Logger::Capture::Trap" => "Dancer","Dancer::Logger::Console" => "Dancer","Dancer::Logger::Diag" => "Dancer","Dancer::Logger::File" => "Dancer","Dancer::Logger::Note" => "Dancer","Dancer::Logger::Null" => "Dancer","Dancer::MIME" => "Dancer","Dancer::ModuleLoader" => "Dancer","Dancer::Object" => "Dancer","Dancer::Object::Singleton" => "Dancer","Dancer::Plugin" => "Dancer","Dancer::Plugin::Ajax" => "Dancer","Dancer::Renderer" => "Dancer","Dancer::Request" => "Dancer","Dancer::Request::Upload" => "Dancer","Dancer::Response" => "Dancer","Dancer::Route" => "Dancer","Dancer::Route::Cache" => "Dancer","Dancer::Route::Registry" => "Dancer","Dancer::Serializer" => "Dancer","Dancer::Serializer::Abstract" => "Dancer","Dancer::Serializer::Dumper" => "Dancer","Dancer::Serializer::JSON" => "Dancer","Dancer::Serializer::JSONP" => "Dancer","Dancer::Serializer::Mutable" => "Dancer","Dancer::Serializer::XML" => "Dancer","Dancer::Serializer::YAML" => "Dancer","Dancer::Session" => "Dancer","Dancer::Session::Abstract" => "Dancer","Dancer::Session::Simple" => "Dancer","Dancer::Session::YAML" => "Dancer","Dancer::SharedData" => "Dancer","Dancer::Template" => "Dancer","Dancer::Template::Abstract" => "Dancer","Dancer::Template::NetdiscoTemplateToolkit" => "App-Netdisco","Dancer::Template::Simple" => "Dancer","Dancer::Template::TemplateToolkit" => "Dancer","Dancer::Test" => "Dancer","Dancer::Timer" => "Dancer","Data::BytesLocker" => "Crypt-NaCl-Sodium","Data::Dumper" => "Data-Dumper","Data::Entropy" => "Data-Entropy","Data::Entropy::Algorithms" => "Data-Entropy","Data::Entropy::RawSource::CryptCounter" => "Data-Entropy","Data::Entropy::RawSource::Local" => "Data-Entropy","Data::Entropy::RawSource::RandomOrg" => "Data-Entropy","Data::Entropy::RawSource::RandomnumbersInfo" => "Data-Entropy","Data::Entropy::Source" => "Data-Entropy","Data::FormValidator" => "Data-FormValidator","Data::FormValidator::Constraints" => "Data-FormValidator","Data::FormValidator::Constraints::Dates" => "Data-FormValidator","Data::FormValidator::Constraints::RegexpCommon" => "Data-FormValidator","Data::FormValidator::Constraints::Upload" => "Data-FormValidator","Data::FormValidator::ConstraintsFactory" => "Data-FormValidator","Data::FormValidator::Filters" => "Data-FormValidator","Data::FormValidator::Results" => "Data-FormValidator","Data::UUID" => "Data-UUID","Data::Validate::IP" => "Data-Validate-IP","DemoASP" => "Apache-ASP","Devel::PPPort" => "Devel-PPPort","Devel::PatchPerl::Plugin::Asan" => "App-perlall","Devel::PatchPerl::Plugin::Compiler" => "App-perlall","Devel::PatchPerl::Plugin::General" => "App-perlall","Devel::Peek" => "perl","Devel::StackTrace" => "Devel-StackTrace","Devel::StackTrace::Frame" => "Devel-StackTrace","Devel::callsfrom" => "UR","Dezi" => "Dezi","Dezi::Config" => "Dezi","Dezi::Server" => "Dezi","Dezi::Server::About" => "Dezi","Digest" => "Digest","Digest::MD5" => "Digest-MD5","Digest::SHA" => "Digest-SHA","Digest::base" => "Digest","Digest::file" => "Digest","DirHandle" => "perl","Dpkg" => "Dpkg","Dpkg::Arch" => "Dpkg","Dpkg::Archive::Ar" => "Dpkg","Dpkg::Build::Env" => "Dpkg","Dpkg::Build::Info" => "Dpkg","Dpkg::Build::Types" => "Dpkg","Dpkg::BuildAPI" => "Dpkg","Dpkg::BuildDriver" => "Dpkg","Dpkg::BuildDriver::DebianRules" => "Dpkg","Dpkg::BuildEnv" => "Dpkg","Dpkg::BuildFlags" => "Dpkg","Dpkg::BuildInfo" => "Dpkg","Dpkg::BuildOptions" => "Dpkg","Dpkg::BuildProfiles" => "Dpkg","Dpkg::BuildTree" => "Dpkg","Dpkg::BuildTypes" => "Dpkg","Dpkg::Changelog" => "Dpkg","Dpkg::Changelog::Debian" => "Dpkg","Dpkg::Changelog::Entry" => "Dpkg","Dpkg::Changelog::Entry::Debian" => "Dpkg","Dpkg::Changelog::Parse" => "Dpkg","Dpkg::Checksums" => "Dpkg","Dpkg::Compression" => "Dpkg","Dpkg::Compression::FileHandle" => "Dpkg","Dpkg::Compression::Process" => "Dpkg","Dpkg::Conf" => "Dpkg","Dpkg::Control" => "Dpkg","Dpkg::Control::Changelog" => "Dpkg","Dpkg::Control::Fields" => "Dpkg","Dpkg::Control::FieldsCore" => "Dpkg","Dpkg::Control::Hash" => "Dpkg","Dpkg::Control::HashCore" => "Dpkg","Dpkg::Control::HashCore::Tie" => "Dpkg","Dpkg::Control::Info" => "Dpkg","Dpkg::Control::Tests" => "Dpkg","Dpkg::Control::Tests::Entry" => "Dpkg","Dpkg::Control::Types" => "Dpkg","Dpkg::Deps" => "Dpkg","Dpkg::Deps::AND" => "Dpkg","Dpkg::Deps::KnownFacts" => "Dpkg","Dpkg::Deps::Multiple" => "Dpkg","Dpkg::Deps::OR" => "Dpkg","Dpkg::Deps::Simple" => "Dpkg","Dpkg::Deps::Union" => "Dpkg","Dpkg::Dist::Files" => "Dpkg","Dpkg::Email::Address" => "Dpkg","Dpkg::Email::AddressList" => "Dpkg","Dpkg::ErrorHandling" => "Dpkg","Dpkg::Exit" => "Dpkg","Dpkg::File" => "Dpkg","Dpkg::Getopt" => "Dpkg","Dpkg::Gettext" => "Dpkg","Dpkg::IPC" => "Dpkg","Dpkg::Index" => "Dpkg","Dpkg::Interface::Storable" => "Dpkg","Dpkg::Lock" => "Dpkg","Dpkg::OpenPGP" => "Dpkg","Dpkg::OpenPGP::Backend" => "Dpkg","Dpkg::OpenPGP::Backend::GnuPG" => "Dpkg","Dpkg::OpenPGP::Backend::SOP" => "Dpkg","Dpkg::OpenPGP::Backend::Sequoia" => "Dpkg","Dpkg::OpenPGP::ErrorCodes" => "Dpkg","Dpkg::OpenPGP::KeyHandle" => "Dpkg","Dpkg::Package" => "Dpkg","Dpkg::Path" => "Dpkg","Dpkg::Shlibs" => "Dpkg","Dpkg::Shlibs::Cppfilt" => "Dpkg","Dpkg::Shlibs::Objdump" => "Dpkg","Dpkg::Shlibs::Objdump::Object" => "Dpkg","Dpkg::Shlibs::Symbol" => "Dpkg","Dpkg::Shlibs::SymbolFile" => "Dpkg","Dpkg::Source::Archive" => "Dpkg","Dpkg::Source::BinaryFiles" => "Dpkg","Dpkg::Source::Format" => "Dpkg","Dpkg::Source::Functions" => "Dpkg","Dpkg::Source::Package" => "Dpkg","Dpkg::Source::Package::V1" => "Dpkg","Dpkg::Source::Package::V2" => "Dpkg","Dpkg::Source::Package::V3::Bzr" => "Dpkg","Dpkg::Source::Package::V3::Custom" => "Dpkg","Dpkg::Source::Package::V3::Git" => "Dpkg","Dpkg::Source::Package::V3::Native" => "Dpkg","Dpkg::Source::Package::V3::Quilt" => "Dpkg","Dpkg::Source::Patch" => "Dpkg","Dpkg::Source::Quilt" => "Dpkg","Dpkg::Substvars" => "Dpkg","Dpkg::SysInfo" => "Dpkg","Dpkg::Vars" => "Dpkg","Dpkg::Vendor" => "Dpkg","Dpkg::Vendor::Debian" => "Dpkg","Dpkg::Vendor::Default" => "Dpkg","Dpkg::Vendor::Devuan" => "Dpkg","Dpkg::Vendor::PureOS" => "Dpkg","Dpkg::Vendor::Ubuntu" => "Dpkg","Dpkg::Version" => "Dpkg","Dwarf" => "Cmd-Dwarf","EV::Hiredis" => "EV-Hiredis","Elive" => "Elive","Elive::Connection" => "Elive","Elive::Connection::SDK" => "Elive","Elive::DAO" => "Elive","Elive::DAO::Array" => "Elive","Elive::DAO::Singleton" => "Elive","Elive::DAO::_Base" => "Elive","Elive::Entity" => "Elive","Elive::Entity::Group" => "Elive","Elive::Entity::Group::Members" => "Elive","Elive::Entity::InvitedGuest" => "Elive","Elive::Entity::Meeting" => "Elive","Elive::Entity::MeetingParameters" => "Elive","Elive::Entity::Participant" => "Elive","Elive::Entity::ParticipantList" => "Elive","Elive::Entity::Participants" => "Elive","Elive::Entity::Preload" => "Elive","Elive::Entity::Preloads" => "Elive","Elive::Entity::Recording" => "Elive","Elive::Entity::Report" => "Elive","Elive::Entity::Role" => "Elive","Elive::Entity::ServerDetails" => "Elive","Elive::Entity::ServerParameters" => "Elive","Elive::Entity::Session" => "Elive","Elive::Entity::User" => "Elive","Elive::Util" => "Elive","Elive::Util::Type" => "Elive","Elive::View::Session" => "Elive","Email::Address" => "Email-Address","Email::MIME" => "Email-MIME","Email::MIME::Creator" => "Email-MIME","Email::MIME::Encode" => "Email-MIME","Email::MIME::Header" => "Email-MIME","Email::MIME::Header::AddressList" => "Email-MIME","Email::MIME::Modifier" => "Email-MIME","EnableModule" => "perl","Encode" => "Encode","Encode::Alias" => "Encode","Encode::Byte" => "Encode","Encode::CJKConstants" => "Encode","Encode::CN" => "Encode","Encode::CN::HZ" => "Encode","Encode::Config" => "Encode","Encode::EBCDIC" => "Encode","Encode::Encoder" => "Encode","Encode::Encoding" => "Encode","Encode::GSM0338" => "Encode","Encode::Guess" => "Encode","Encode::Internal" => "Encode","Encode::JP" => "Encode","Encode::JP::H2Z" => "Encode","Encode::JP::JIS7" => "Encode","Encode::KR" => "Encode","Encode::KR::2022_KR" => "Encode","Encode::MIME::Header" => "Encode","Encode::MIME::Header::ISO_2022_JP" => "Encode","Encode::MIME::Name" => "Encode","Encode::Symbol" => "Encode","Encode::TW" => "Encode","Encode::UTF_EBCDIC" => "Encode","Encode::Unicode" => "Encode","Encode::Unicode::UTF7" => "Encode","Encode::XS" => "Encode","Encode::utf8" => "Encode","English" => "perl","Example::Controllers" => "Squatting","Example::Views" => "Squatting","ExtUtils::Command" => "ExtUtils-MakeMaker","ExtUtils::Command::MM" => "ExtUtils-MakeMaker","ExtUtils::Embed" => "perl","ExtUtils::Liblist" => "ExtUtils-MakeMaker","ExtUtils::Liblist::Kid" => "ExtUtils-MakeMaker","ExtUtils::MM" => "ExtUtils-MakeMaker","ExtUtils::MM_AIX" => "ExtUtils-MakeMaker","ExtUtils::MM_Any" => "ExtUtils-MakeMaker","ExtUtils::MM_BeOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Cygwin" => "ExtUtils-MakeMaker","ExtUtils::MM_DOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Darwin" => "ExtUtils-MakeMaker","ExtUtils::MM_MacOS" => "ExtUtils-MakeMaker","ExtUtils::MM_NW5" => "ExtUtils-MakeMaker","ExtUtils::MM_OS2" => "ExtUtils-MakeMaker","ExtUtils::MM_OS390" => "ExtUtils-MakeMaker","ExtUtils::MM_QNX" => "ExtUtils-MakeMaker","ExtUtils::MM_UWIN" => "ExtUtils-MakeMaker","ExtUtils::MM_Unix" => "ExtUtils-MakeMaker","ExtUtils::MM_VMS" => "ExtUtils-MakeMaker","ExtUtils::MM_VOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Win32" => "ExtUtils-MakeMaker","ExtUtils::MM_Win95" => "ExtUtils-MakeMaker","ExtUtils::MY" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::Config" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::Locale" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::_version" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::charstar" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version::regex" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version::vpp" => "ExtUtils-MakeMaker","ExtUtils::Miniperl" => "perl","ExtUtils::Mkbootstrap" => "ExtUtils-MakeMaker","ExtUtils::Mksymlists" => "ExtUtils-MakeMaker","ExtUtils::ParseXS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Constants" => "ExtUtils-ParseXS","ExtUtils::ParseXS::CountLines" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Eval" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ALIAS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ALIAS_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ATTRS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::BOOT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CASE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CLEANUP" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CODE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_ARGS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_POD" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_code" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_postamble" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::EXPORT_XSUB_SYMBOLS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::FALLBACK" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INCLUDE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INCLUDE_COMMAND" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INIT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INPUT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INPUT_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INTERFACE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INTERFACE_MACRO" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::IO_Param" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::MODULE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::NOT_IMPLEMENTED_YET" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OUTPUT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OUTPUT_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OVERLOAD" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::POSTCALL" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PPCODE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PREINIT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PROTOTYPE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PROTOTYPES" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Param" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Params" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::REQUIRE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ReturnType" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::SCOPE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Sig" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::TYPEMAP" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::VERSIONCHECK" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::XS_file" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::autocall" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::boot_xsub" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::cleanup_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::code_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::codeblock" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::cpp_scope" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::enable" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::global_cpp_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::init_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::input_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::keyline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::keylines" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::multiline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::multiline_merged" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::oneline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::output_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::pre_boot" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::preamble" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xbody" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xsub" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xsub_decl" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Utilities" => "ExtUtils-ParseXS","ExtUtils::Typemaps" => "ExtUtils-ParseXS","ExtUtils::Typemaps::Cmd" => "ExtUtils-ParseXS","ExtUtils::Typemaps::InputMap" => "ExtUtils-ParseXS","ExtUtils::Typemaps::OutputMap" => "ExtUtils-ParseXS","ExtUtils::Typemaps::Type" => "ExtUtils-ParseXS","ExtUtils::XSSymSet" => "perl","ExtUtils::testlib" => "ExtUtils-MakeMaker","FCGI" => "FCGI","FCGI::Stream" => "FCGI","Fake::Encode" => "Fake-Encode","Fake::Our" => "Fake-Our","FakeHomol" => "GBrowse","Fcntl" => "perl","Fh" => "CGI","File::Basename" => "perl","File::Compare" => "perl","File::Copy" => "perl","File::DataClass" => "File-DataClass","File::DataClass::Cache" => "File-DataClass","File::DataClass::Constants" => "File-DataClass","File::DataClass::Exception" => "File-DataClass","File::DataClass::Functions" => "File-DataClass","File::DataClass::IO" => "File-DataClass","File::DataClass::List" => "File-DataClass","File::DataClass::Result" => "File-DataClass","File::DataClass::ResultSet" => "File-DataClass","File::DataClass::ResultSource" => "File-DataClass","File::DataClass::Schema" => "File-DataClass","File::DataClass::Storage" => "File-DataClass","File::DataClass::Storage::Any" => "File-DataClass","File::DataClass::Storage::JSON" => "File-DataClass","File::DataClass::Types" => "File-DataClass","File::DosGlob" => "perl","File::Find" => "perl","File::Find::Rule" => "File-Find-Rule","File::Find::Rule::Test::ATeam" => "File-Find-Rule","File::Glob" => "perl","File::GlobMapper" => "IO-Compress","File::KeePass" => "File-KeePass","File::Path" => "File-Path","File::RandomAccess" => "Image-ExifTool","File::Slurp" => "File-Slurp","File::Spec" => "PathTools","File::Spec::AmigaOS" => "PathTools","File::Spec::Cygwin" => "PathTools","File::Spec::Epoc" => "PathTools","File::Spec::Functions" => "PathTools","File::Spec::Mac" => "PathTools","File::Spec::OS2" => "PathTools","File::Spec::Unix" => "PathTools","File::Spec::VMS" => "PathTools","File::Spec::Win32" => "PathTools","File::Temp" => "File-Temp","File::stat" => "perl","FileCache" => "perl","FileHandle" => "perl","FileSlurp_12" => "File-Slurp","Filesys::SmbClientParser" => "Filesys-SmbClientParser","FindExt" => "perl","GD" => "GD","GD::Group" => "GD","GD::Image" => "GD","GD::Polygon" => "GD","GD::Polyline" => "GD","GD::Simple" => "GD","GDBM_File" => "perl","GPIB" => "GPIB","GPIB::hp33120a" => "GPIB","GPIB::hp3585a" => "GPIB","GPIB::hp59306a" => "GPIB","GPIB::hpe3631a" => "GPIB","GPIB::hpserial" => "GPIB","GPIB::llp" => "GPIB","GPIB::ni" => "GPIB","GPIB::rmt" => "GPIB","Galileo" => "Galileo","Galileo::Admin" => "Galileo","Galileo::Command::dump" => "Galileo","Galileo::Command::setup" => "Galileo","Galileo::DB::Deploy" => "Galileo","Galileo::DB::Schema" => "Galileo","Galileo::DB::Schema::Result::Menu" => "Galileo","Galileo::DB::Schema::Result::Page" => "Galileo","Galileo::DB::Schema::Result::User" => "Galileo","Galileo::File" => "Galileo","Galileo::Menu" => "Galileo","Galileo::Page" => "Galileo","Galileo::Plugin::Deploy" => "Galileo","Galileo::Plugin::Modal" => "Galileo","Galileo::User" => "Galileo","Getopt::Std" => "perl","Git::Raw" => "Git-Raw","Git::Raw::AnnotatedCommit" => "Git-Raw","Git::Raw::Blame" => "Git-Raw","Git::Raw::Blame::Hunk" => "Git-Raw","Git::Raw::Blob" => "Git-Raw","Git::Raw::Branch" => "Git-Raw","Git::Raw::Cert" => "Git-Raw","Git::Raw::Cert::HostKey" => "Git-Raw","Git::Raw::Cert::X509" => "Git-Raw","Git::Raw::Commit" => "Git-Raw","Git::Raw::Config" => "Git-Raw","Git::Raw::Cred" => "Git-Raw","Git::Raw::Diff" => "Git-Raw","Git::Raw::Diff::Delta" => "Git-Raw","Git::Raw::Diff::File" => "Git-Raw","Git::Raw::Diff::Hunk" => "Git-Raw","Git::Raw::Diff::Stats" => "Git-Raw","Git::Raw::Error" => "Git-Raw","Git::Raw::Error::Category" => "Git-Raw","Git::Raw::Filter" => "Git-Raw","Git::Raw::Filter::List" => "Git-Raw","Git::Raw::Filter::Source" => "Git-Raw","Git::Raw::Graph" => "Git-Raw","Git::Raw::Index" => "Git-Raw","Git::Raw::Index::Conflict" => "Git-Raw","Git::Raw::Index::Entry" => "Git-Raw","Git::Raw::Indexer" => "Git-Raw","Git::Raw::Mempack" => "Git-Raw","Git::Raw::Merge::File::Result" => "Git-Raw","Git::Raw::Note" => "Git-Raw","Git::Raw::Object" => "Git-Raw","Git::Raw::Odb" => "Git-Raw","Git::Raw::Odb::Backend" => "Git-Raw","Git::Raw::Odb::Backend::Loose" => "Git-Raw","Git::Raw::Odb::Backend::OnePack" => "Git-Raw","Git::Raw::Odb::Backend::Pack" => "Git-Raw","Git::Raw::Odb::Object" => "Git-Raw","Git::Raw::Packbuilder" => "Git-Raw","Git::Raw::Patch" => "Git-Raw","Git::Raw::PathSpec" => "Git-Raw","Git::Raw::PathSpec::MatchList" => "Git-Raw","Git::Raw::Rebase" => "Git-Raw","Git::Raw::Rebase::Operation" => "Git-Raw","Git::Raw::RefSpec" => "Git-Raw","Git::Raw::Reference" => "Git-Raw","Git::Raw::Reflog" => "Git-Raw","Git::Raw::Reflog::Entry" => "Git-Raw","Git::Raw::Remote" => "Git-Raw","Git::Raw::Repository" => "Git-Raw","Git::Raw::Signature" => "Git-Raw","Git::Raw::Stash" => "Git-Raw","Git::Raw::Stash::Progress" => "Git-Raw","Git::Raw::Submodule" => "Git-Raw","Git::Raw::Tag" => "Git-Raw","Git::Raw::TransferProgress" => "Git-Raw","Git::Raw::Tree" => "Git-Raw","Git::Raw::Tree::Builder" => "Git-Raw","Git::Raw::Tree::Entry" => "Git-Raw","Git::Raw::Walker" => "Git-Raw","Git::Raw::Worktree" => "Git-Raw","Git::XS" => "Git-XS","GitLab::API::v4" => "GitLab-API-v4","GitLab::API::v4::Config" => "GitLab-API-v4","GitLab::API::v4::Constants" => "GitLab-API-v4","GitLab::API::v4::Mock" => "GitLab-API-v4","GitLab::API::v4::Mock::Engine" => "GitLab-API-v4","GitLab::API::v4::Mock::RESTClient" => "GitLab-API-v4","GitLab::API::v4::Paginator" => "GitLab-API-v4","GitLab::API::v4::RESTClient" => "GitLab-API-v4","GitLab::API::v4::WWWClient" => "GitLab-API-v4","GitUtils" => "perl","Graphics::ColorNames" => "Graphics-ColorNames","Graphics::ColorNames::X" => "Graphics-ColorNames","Guess::Controllers" => "Squatting","HTML::EP" => "HTML-EP","HTML::EP::CGIEncryptForm" => "HTML-EP","HTML::EP::EditTable" => "HTML-EP","HTML::EP::Examples::Admin" => "HTML-EP","HTML::EP::Examples::Glimpse" => "HTML-EP","HTML::EP::Examples::POP3Client" => "HTML-EP","HTML::EP::Install" => "HTML-EP","HTML::EP::Locale" => "HTML-EP","HTML::EP::Parser" => "HTML-EP","HTML::EP::Session" => "HTML-EP","HTML::EP::Session::Cookie" => "HTML-EP","HTML::EP::Session::DBI" => "HTML-EP","HTML::EP::Session::DBIq" => "HTML-EP","HTML::EP::Session::Dumper" => "HTML-EP","HTML::EP::Shop" => "HTML-EP","HTML::EP::Tokens" => "HTML-EP","HTML::Editor" => "MySQL-Admin","HTML::Editor::Markdown" => "MySQL-Admin","HTML::Entities" => "HTML-Parser","HTML::Filter" => "HTML-Parser","HTML::HeadParser" => "HTML-Parser","HTML::LinkExtor" => "HTML-Parser","HTML::Menu::Pages" => "MySQL-Admin","HTML::Parser" => "HTML-Parser","HTML::Perlinfo" => "HTML-Perlinfo","HTML::Perlinfo::Apache" => "HTML-Perlinfo","HTML::Perlinfo::Base" => "HTML-Perlinfo","HTML::Perlinfo::Common" => "HTML-Perlinfo","HTML::Perlinfo::General" => "HTML-Perlinfo","HTML::Perlinfo::Loaded" => "HTML-Perlinfo","HTML::Perlinfo::Modules" => "HTML-Perlinfo","HTML::Perlinfo::_version" => "HTML-Perlinfo","HTML::PullParser" => "HTML-Parser","HTML::Scrubber" => "HTML-Scrubber","HTML::StripScripts" => "HTML-StripScripts","HTML::Template::Pro" => "HTML-Template-Pro","HTML::Template::Pro::WrapAssociate" => "HTML-Template-Pro","HTML::TokeParser" => "HTML-Parser","HTTP::Body" => "HTTP-Body","HTTP::Body::MultiPart" => "HTTP-Body","HTTP::Body::OctetStream" => "HTTP-Body","HTTP::Body::UrlEncoded" => "HTTP-Body","HTTP::Body::XForms" => "HTTP-Body","HTTP::Body::XFormsMultipart" => "HTTP-Body","HTTP::Daemon" => "HTTP-Daemon","HTTP::Daemon::ClientConn" => "HTTP-Daemon","HTTP::Message::PSGI" => "Plack","HTTP::Server::PSGI" => "Plack","HTTP::Session2" => "HTTP-Session2","HTTP::Session2::Base" => "HTTP-Session2","HTTP::Session2::ClientStore" => "HTTP-Session2","HTTP::Session2::ClientStore2" => "HTTP-Session2","HTTP::Session2::Expired" => "HTTP-Session2","HTTP::Session2::Random" => "HTTP-Session2","HTTP::Session2::ServerStore" => "HTTP-Session2","HTTP::Tiny" => "HTTP-Tiny","HTTP::Tiny::NoProxy" => "Dancer","HTTPAuth" => "Squatting","HTTPAuth::Controllers" => "Squatting","HTTPAuth::Views" => "Squatting","Haiku" => "perl","HarfBuzz::Shaper" => "HarfBuzz-Shaper","Hash::Util" => "perl","Hash::Util::FieldHash" => "perl","HeaderParser" => "perl","I18N::LangTags" => "perl","I18N::LangTags::Detect" => "perl","I18N::LangTags::List" => "perl","I18N::Langinfo" => "perl","IO::Compress" => "IO-Compress","IO::Compress::Adapter::Bzip2" => "IO-Compress","IO::Compress::Adapter::Deflate" => "IO-Compress","IO::Compress::Adapter::Identity" => "IO-Compress","IO::Compress::Base" => "IO-Compress","IO::Compress::Base::Common" => "IO-Compress","IO::Compress::Brotli" => "IO-Compress-Brotli","IO::Compress::Bzip2" => "IO-Compress","IO::Compress::Deflate" => "IO-Compress","IO::Compress::Gzip" => "IO-Compress","IO::Compress::Gzip::Constants" => "IO-Compress","IO::Compress::RawDeflate" => "IO-Compress","IO::Compress::Zip" => "IO-Compress","IO::Compress::Zip::Constants" => "IO-Compress","IO::Compress::Zlib::Constants" => "IO-Compress","IO::Compress::Zlib::Extra" => "IO-Compress","IO::Socket::SSL" => "IO-Socket-SSL","IO::Socket::SSL::Intercept" => "IO-Socket-SSL","IO::Socket::SSL::OCSP_Cache" => "IO-Socket-SSL","IO::Socket::SSL::OCSP_Resolver" => "IO-Socket-SSL","IO::Socket::SSL::PublicSuffix" => "IO-Socket-SSL","IO::Socket::SSL::SSL_Context" => "IO-Socket-SSL","IO::Socket::SSL::SSL_HANDLE" => "IO-Socket-SSL","IO::Socket::SSL::Session_Cache" => "IO-Socket-SSL","IO::Socket::SSL::Trace" => "IO-Socket-SSL","IO::Socket::SSL::Utils" => "IO-Socket-SSL","IO::Uncompress::Adapter::Bunzip2" => "IO-Compress","IO::Uncompress::Adapter::Identity" => "IO-Compress","IO::Uncompress::Adapter::Inflate" => "IO-Compress","IO::Uncompress::AnyInflate" => "IO-Compress","IO::Uncompress::AnyUncompress" => "IO-Compress","IO::Uncompress::Base" => "IO-Compress","IO::Uncompress::Brotli" => "IO-Compress-Brotli","IO::Uncompress::Bunzip2" => "IO-Compress","IO::Uncompress::Gunzip" => "IO-Compress","IO::Uncompress::Inflate" => "IO-Compress","IO::Uncompress::RawInflate" => "IO-Compress","IO::Uncompress::Unzip" => "IO-Compress","IPC::Cmd" => "IPC-Cmd","IPC::Cmd::System" => "IPC-Cmd","IPC::Open2" => "perl","IPC::Open3" => "perl","IPC::Run" => "IPC-Run","IPC::Run::Debug" => "IPC-Run","IPC::Run::IO" => "IPC-Run","IPC::Run::Timer" => "IPC-Run","IPC::Run::Win32Helper" => "IPC-Run","IPC::Run::Win32IO" => "IPC-Run","IPC::Run::Win32Process" => "IPC-Run","IPC::Run::Win32Pump" => "IPC-Run","IPTables::Parse" => "IPTables-Parse","Image::ExifTool" => "Image-ExifTool","Image::ExifTool::7Z" => "Image-ExifTool","Image::ExifTool::AAC" => "Image-ExifTool","Image::ExifTool::AES" => "Image-ExifTool","Image::ExifTool::AFCP" => "Image-ExifTool","Image::ExifTool::AIFF" => "Image-ExifTool","Image::ExifTool::APE" => "Image-ExifTool","Image::ExifTool::APP12" => "Image-ExifTool","Image::ExifTool::ASF" => "Image-ExifTool","Image::ExifTool::Apple" => "Image-ExifTool","Image::ExifTool::Audible" => "Image-ExifTool","Image::ExifTool::BMP" => "Image-ExifTool","Image::ExifTool::BPG" => "Image-ExifTool","Image::ExifTool::BZZ" => "Image-ExifTool","Image::ExifTool::BigTIFF" => "Image-ExifTool","Image::ExifTool::BuildTagLookup" => "Image-ExifTool","Image::ExifTool::CBOR" => "Image-ExifTool","Image::ExifTool::Canon" => "Image-ExifTool","Image::ExifTool::CanonCustom" => "Image-ExifTool","Image::ExifTool::CanonRaw" => "Image-ExifTool","Image::ExifTool::CanonVRD" => "Image-ExifTool","Image::ExifTool::CaptureOne" => "Image-ExifTool","Image::ExifTool::Casio" => "Image-ExifTool","Image::ExifTool::Charset" => "Image-ExifTool","Image::ExifTool::DICOM" => "Image-ExifTool","Image::ExifTool::DJI" => "Image-ExifTool","Image::ExifTool::DNG" => "Image-ExifTool","Image::ExifTool::DPX" => "Image-ExifTool","Image::ExifTool::DSF" => "Image-ExifTool","Image::ExifTool::DV" => "Image-ExifTool","Image::ExifTool::DarwinCore" => "Image-ExifTool","Image::ExifTool::DjVu" => "Image-ExifTool","Image::ExifTool::EXE" => "Image-ExifTool","Image::ExifTool::Exif" => "Image-ExifTool","Image::ExifTool::FITS" => "Image-ExifTool","Image::ExifTool::FLAC" => "Image-ExifTool","Image::ExifTool::FLIF" => "Image-ExifTool","Image::ExifTool::FLIR" => "Image-ExifTool","Image::ExifTool::Fixup" => "Image-ExifTool","Image::ExifTool::Flash" => "Image-ExifTool","Image::ExifTool::FlashPix" => "Image-ExifTool","Image::ExifTool::Font" => "Image-ExifTool","Image::ExifTool::FotoStation" => "Image-ExifTool","Image::ExifTool::FujiFilm" => "Image-ExifTool","Image::ExifTool::GE" => "Image-ExifTool","Image::ExifTool::GIF" => "Image-ExifTool","Image::ExifTool::GIMP" => "Image-ExifTool","Image::ExifTool::GM" => "Image-ExifTool","Image::ExifTool::GPS" => "Image-ExifTool","Image::ExifTool::GeoTiff" => "Image-ExifTool","Image::ExifTool::Geolocation" => "Image-ExifTool","Image::ExifTool::Geotag" => "Image-ExifTool","Image::ExifTool::GoPro" => "Image-ExifTool","Image::ExifTool::Google" => "Image-ExifTool","Image::ExifTool::H264" => "Image-ExifTool","Image::ExifTool::HP" => "Image-ExifTool","Image::ExifTool::HTML" => "Image-ExifTool","Image::ExifTool::HtmlDump" => "Image-ExifTool","Image::ExifTool::ICC_Profile" => "Image-ExifTool","Image::ExifTool::ICO" => "Image-ExifTool","Image::ExifTool::ID3" => "Image-ExifTool","Image::ExifTool::IPTC" => "Image-ExifTool","Image::ExifTool::ISO" => "Image-ExifTool","Image::ExifTool::ITC" => "Image-ExifTool","Image::ExifTool::Import" => "Image-ExifTool","Image::ExifTool::InDesign" => "Image-ExifTool","Image::ExifTool::InfiRay" => "Image-ExifTool","Image::ExifTool::JPEG" => "Image-ExifTool","Image::ExifTool::JPEGDigest" => "Image-ExifTool","Image::ExifTool::JSON" => "Image-ExifTool","Image::ExifTool::JVC" => "Image-ExifTool","Image::ExifTool::Jpeg2000" => "Image-ExifTool","Image::ExifTool::Kandao" => "Image-ExifTool","Image::ExifTool::Kodak" => "Image-ExifTool","Image::ExifTool::KyoceraRaw" => "Image-ExifTool","Image::ExifTool::LIF" => "Image-ExifTool","Image::ExifTool::LNK" => "Image-ExifTool","Image::ExifTool::Lang::cs" => "Image-ExifTool","Image::ExifTool::Lang::de" => "Image-ExifTool","Image::ExifTool::Lang::en_ca" => "Image-ExifTool","Image::ExifTool::Lang::en_gb" => "Image-ExifTool","Image::ExifTool::Lang::es" => "Image-ExifTool","Image::ExifTool::Lang::fi" => "Image-ExifTool","Image::ExifTool::Lang::fr" => "Image-ExifTool","Image::ExifTool::Lang::it" => "Image-ExifTool","Image::ExifTool::Lang::ja" => "Image-ExifTool","Image::ExifTool::Lang::ko" => "Image-ExifTool","Image::ExifTool::Lang::nl" => "Image-ExifTool","Image::ExifTool::Lang::pl" => "Image-ExifTool","Image::ExifTool::Lang::ru" => "Image-ExifTool","Image::ExifTool::Lang::sk" => "Image-ExifTool","Image::ExifTool::Lang::sv" => "Image-ExifTool","Image::ExifTool::Lang::tr" => "Image-ExifTool","Image::ExifTool::Lang::zh_cn" => "Image-ExifTool","Image::ExifTool::Lang::zh_tw" => "Image-ExifTool","Image::ExifTool::Leaf" => "Image-ExifTool","Image::ExifTool::LigoGPS" => "Image-ExifTool","Image::ExifTool::Lytro" => "Image-ExifTool","Image::ExifTool::M2TS" => "Image-ExifTool","Image::ExifTool::MIE" => "Image-ExifTool","Image::ExifTool::MIFF" => "Image-ExifTool","Image::ExifTool::MISB" => "Image-ExifTool","Image::ExifTool::MNG" => "Image-ExifTool","Image::ExifTool::MOI" => "Image-ExifTool","Image::ExifTool::MPC" => "Image-ExifTool","Image::ExifTool::MPEG" => "Image-ExifTool","Image::ExifTool::MPF" => "Image-ExifTool","Image::ExifTool::MRC" => "Image-ExifTool","Image::ExifTool::MWG" => "Image-ExifTool","Image::ExifTool::MXF" => "Image-ExifTool","Image::ExifTool::MacOS" => "Image-ExifTool","Image::ExifTool::MakerNotes" => "Image-ExifTool","Image::ExifTool::Matroska" => "Image-ExifTool","Image::ExifTool::Microsoft" => "Image-ExifTool","Image::ExifTool::Minolta" => "Image-ExifTool","Image::ExifTool::MinoltaRaw" => "Image-ExifTool","Image::ExifTool::Motorola" => "Image-ExifTool","Image::ExifTool::Nikon" => "Image-ExifTool","Image::ExifTool::NikonCapture" => "Image-ExifTool","Image::ExifTool::NikonCustom" => "Image-ExifTool","Image::ExifTool::NikonSettings" => "Image-ExifTool","Image::ExifTool::Nintendo" => "Image-ExifTool","Image::ExifTool::OOXML" => "Image-ExifTool","Image::ExifTool::Ogg" => "Image-ExifTool","Image::ExifTool::Olympus" => "Image-ExifTool","Image::ExifTool::OpenEXR" => "Image-ExifTool","Image::ExifTool::Opus" => "Image-ExifTool","Image::ExifTool::Other" => "Image-ExifTool","Image::ExifTool::PCAP" => "Image-ExifTool","Image::ExifTool::PCX" => "Image-ExifTool","Image::ExifTool::PDF" => "Image-ExifTool","Image::ExifTool::PGF" => "Image-ExifTool","Image::ExifTool::PICT" => "Image-ExifTool","Image::ExifTool::PLIST" => "Image-ExifTool","Image::ExifTool::PLUS" => "Image-ExifTool","Image::ExifTool::PNG" => "Image-ExifTool","Image::ExifTool::PPM" => "Image-ExifTool","Image::ExifTool::PSP" => "Image-ExifTool","Image::ExifTool::Palm" => "Image-ExifTool","Image::ExifTool::Panasonic" => "Image-ExifTool","Image::ExifTool::PanasonicRaw" => "Image-ExifTool","Image::ExifTool::Parrot" => "Image-ExifTool","Image::ExifTool::Pentax" => "Image-ExifTool","Image::ExifTool::PhaseOne" => "Image-ExifTool","Image::ExifTool::PhotoCD" => "Image-ExifTool","Image::ExifTool::PhotoMechanic" => "Image-ExifTool","Image::ExifTool::Photoshop" => "Image-ExifTool","Image::ExifTool::Plot" => "Image-ExifTool","Image::ExifTool::PostScript" => "Image-ExifTool","Image::ExifTool::PrintIM" => "Image-ExifTool","Image::ExifTool::Protobuf" => "Image-ExifTool","Image::ExifTool::Qualcomm" => "Image-ExifTool","Image::ExifTool::QuickTime" => "Image-ExifTool","Image::ExifTool::RIFF" => "Image-ExifTool","Image::ExifTool::RSRC" => "Image-ExifTool","Image::ExifTool::RTF" => "Image-ExifTool","Image::ExifTool::Radiance" => "Image-ExifTool","Image::ExifTool::Rawzor" => "Image-ExifTool","Image::ExifTool::Real" => "Image-ExifTool","Image::ExifTool::Reconyx" => "Image-ExifTool","Image::ExifTool::Red" => "Image-ExifTool","Image::ExifTool::Ricoh" => "Image-ExifTool","Image::ExifTool::Samsung" => "Image-ExifTool","Image::ExifTool::Sanyo" => "Image-ExifTool","Image::ExifTool::Scalado" => "Image-ExifTool","Image::ExifTool::Shortcuts" => "Image-ExifTool","Image::ExifTool::Sigma" => "Image-ExifTool","Image::ExifTool::SigmaRaw" => "Image-ExifTool","Image::ExifTool::Sony" => "Image-ExifTool","Image::ExifTool::SonyIDC" => "Image-ExifTool","Image::ExifTool::Stim" => "Image-ExifTool","Image::ExifTool::TNEF" => "Image-ExifTool","Image::ExifTool::TagInfoXML" => "Image-ExifTool","Image::ExifTool::TagLookup" => "Image-ExifTool","Image::ExifTool::Text" => "Image-ExifTool","Image::ExifTool::Theora" => "Image-ExifTool","Image::ExifTool::Torrent" => "Image-ExifTool","Image::ExifTool::Trailer" => "Image-ExifTool","Image::ExifTool::Unknown" => "Image-ExifTool","Image::ExifTool::VCard" => "Image-ExifTool","Image::ExifTool::Validate" => "Image-ExifTool","Image::ExifTool::Vorbis" => "Image-ExifTool","Image::ExifTool::WPG" => "Image-ExifTool","Image::ExifTool::WTV" => "Image-ExifTool","Image::ExifTool::WavPack" => "Image-ExifTool","Image::ExifTool::XISF" => "Image-ExifTool","Image::ExifTool::XMP" => "Image-ExifTool","Image::ExifTool::ZIP" => "Image-ExifTool","Image::ExifTool::ZISRAW" => "Image-ExifTool","Image::ExifTool::iWork" => "Image-ExifTool","Image::Info" => "Image-Info","Image::Info::AVIF" => "Image-Info","Image::Info::BMP" => "Image-Info","Image::Info::GIF" => "Image-Info","Image::Info::ICO" => "Image-Info","Image::Info::JPEG" => "Image-Info","Image::Info::PNG" => "Image-Info","Image::Info::PPM" => "Image-Info","Image::Info::Result" => "Image-Info","Image::Info::SVG" => "Image-Info","Image::Info::SVG::XMLLibXMLReader" => "Image-Info","Image::Info::SVG::XMLSimple" => "Image-Info","Image::Info::TIFF" => "Image-Info","Image::Info::WBMP" => "Image-Info","Image::Info::WEBP" => "Image-Info","Image::Info::XBM" => "Image-Info","Image::Info::XPM" => "Image-Info","Image::PNG::Simple" => "Image-PNG-Simple","Image::TIFF" => "Image-Info","Image::TIFF::Rational" => "Image-Info","Imager" => "Imager","Imager::Color" => "Imager","Imager::Color::Float" => "Imager","Imager::Color::Table" => "Imager","Imager::CountColor" => "Imager","Imager::Expr" => "Imager","Imager::Expr::Assem" => "Imager","Imager::Expr::Infix" => "Imager","Imager::Expr::Postfix" => "Imager","Imager::ExtUtils" => "Imager","Imager::FORMATS" => "Imager","Imager::File::CUR" => "Imager","Imager::File::ICO" => "Imager","Imager::File::SGI" => "Imager","Imager::Fill" => "Imager","Imager::Filter::DynTest" => "Imager","Imager::Filter::Flines" => "Imager","Imager::Filter::Mandelbrot" => "Imager","Imager::Font" => "Imager","Imager::Font::BBox" => "Imager","Imager::Font::FreeType2" => "Imager","Imager::Font::Image" => "Imager","Imager::Font::Test" => "Imager","Imager::Font::Truetype" => "Imager","Imager::Font::Type1" => "Imager","Imager::Font::Wrap" => "Imager","Imager::Fountain" => "Imager","Imager::IO" => "Imager","Imager::Matrix2d" => "Imager","Imager::Preprocess" => "Imager","Imager::Probe" => "Imager","Imager::Regops" => "Imager","Imager::Test" => "Imager","Imager::Test::OverUtf8" => "Imager","Imager::Transform" => "Imager","Imager::TrimColorList" => "Imager","Inline::Pugs" => "Perl6-Pugs","JNI" => "perl","JPL::AutoLoader" => "perl","JPL::Class" => "perl","JPL::Compile" => "perl","JS::jQuery" => "JS-jQuery","JSON::SIMD" => "JSON-SIMD","JSON::Syck" => "YAML-Syck","JSON::XS" => "JSON-XS","JavaScript::Duktape" => "JavaScript-Duktape","JavaScript::Duktape::Bool" => "JavaScript-Duktape","JavaScript::Duktape::Buffer" => "JavaScript-Duktape","JavaScript::Duktape::Data" => "JavaScript-Duktape","JavaScript::Duktape::Function" => "JavaScript-Duktape","JavaScript::Duktape::NULL" => "JavaScript-Duktape","JavaScript::Duktape::Object" => "JavaScript-Duktape","JavaScript::Duktape::Util" => "JavaScript-Duktape","JavaScript::Duktape::Vm" => "JavaScript-Duktape","JavaScript::Duktape::XS" => "JavaScript-Duktape-XS","Jifty" => "Jifty","Jifty::API" => "Jifty","Jifty::Action" => "Jifty","Jifty::Action::AboutMe" => "Jifty","Jifty::Action::Autocomplete" => "Jifty","Jifty::Action::Record" => "Jifty","Jifty::Action::Record::Bulk" => "Jifty","Jifty::Action::Record::Create" => "Jifty","Jifty::Action::Record::Delete" => "Jifty","Jifty::Action::Record::Execute" => "Jifty","Jifty::Action::Record::Search" => "Jifty","Jifty::Action::Record::Update" => "Jifty","Jifty::Action::Redirect" => "Jifty","Jifty::Bootstrap" => "Jifty","Jifty::CAS" => "Jifty","Jifty::CAS::Blob" => "Jifty","Jifty::CAS::Store" => "Jifty","Jifty::CAS::Store::LocalFile" => "Jifty","Jifty::CAS::Store::Memcached" => "Jifty","Jifty::CAS::Store::Memory" => "Jifty","Jifty::CAS::Store::Nested" => "Jifty","Jifty::ClassLoader" => "Jifty","Jifty::Client" => "Jifty","Jifty::Collection" => "Jifty","Jifty::Config" => "Jifty","Jifty::Continuation" => "Jifty","Jifty::CurrentUser" => "Jifty","Jifty::DBI" => "Jifty-DBI","Jifty::DBI::Collection" => "Jifty-DBI","Jifty::DBI::Collection::Union" => "Jifty-DBI","Jifty::DBI::Collection::Unique" => "Jifty-DBI","Jifty::DBI::Column" => "Jifty-DBI","Jifty::DBI::Filter" => "Jifty-DBI","Jifty::DBI::Filter::Boolean" => "Jifty-DBI","Jifty::DBI::Filter::Date" => "Jifty-DBI","Jifty::DBI::Filter::DateTime" => "Jifty-DBI","Jifty::DBI::Filter::Duration" => "Jifty-DBI","Jifty::DBI::Filter::SaltHash" => "Jifty-DBI","Jifty::DBI::Filter::Storable" => "Jifty-DBI","Jifty::DBI::Filter::Time" => "Jifty-DBI","Jifty::DBI::Filter::Truncate" => "Jifty-DBI","Jifty::DBI::Filter::URI" => "Jifty-DBI","Jifty::DBI::Filter::YAML" => "Jifty-DBI","Jifty::DBI::Filter::base64" => "Jifty-DBI","Jifty::DBI::Filter::utf8" => "Jifty-DBI","Jifty::DBI::Handle" => "Jifty-DBI","Jifty::DBI::Handle::Informix" => "Jifty-DBI","Jifty::DBI::Handle::ODBC" => "Jifty-DBI","Jifty::DBI::Handle::Oracle" => "Jifty-DBI","Jifty::DBI::Handle::Pg" => "Jifty-DBI","Jifty::DBI::Handle::SQLite" => "Jifty-DBI","Jifty::DBI::Handle::Sybase" => "Jifty-DBI","Jifty::DBI::Handle::mysql" => "Jifty-DBI","Jifty::DBI::Handle::mysqlPP" => "Jifty-DBI","Jifty::DBI::HasFilters" => "Jifty-DBI","Jifty::DBI::Record" => "Jifty-DBI","Jifty::DBI::Record::Cachable" => "Jifty-DBI","Jifty::DBI::Record::Memcached" => "Jifty-DBI","Jifty::DBI::Record::Plugin" => "Jifty-DBI","Jifty::DBI::Schema" => "Jifty-DBI","Jifty::DBI::SchemaGenerator" => "Jifty-DBI","Jifty::DateTime" => "Jifty","Jifty::Dispatcher" => "Jifty","Jifty::Everything" => "Jifty","Jifty::Filter::DateTime" => "Jifty","Jifty::Filter::JSON" => "Jifty","Jifty::Handle" => "Jifty","Jifty::Handler" => "Jifty","Jifty::I18N" => "Jifty","Jifty::I18N::en" => "Jifty","Jifty::JSON" => "Jifty","Jifty::LetMe" => "Jifty","Jifty::Logger" => "Jifty","Jifty::Model::Metadata" => "Jifty","Jifty::Model::Session" => "Jifty","Jifty::Model::SessionCollection" => "Jifty","Jifty::Module::Pluggable" => "Jifty","Jifty::Notification" => "Jifty","Jifty::Object" => "Jifty","Jifty::Param" => "Jifty","Jifty::Param::Schema" => "Jifty","Jifty::Plugin" => "Jifty","Jifty::Plugin::ActorMetadata" => "Jifty","Jifty::Plugin::ActorMetadata::Mixin::Model::ActorMetadata" => "Jifty","Jifty::Plugin::AdminUI" => "Jifty","Jifty::Plugin::AdminUI::Dispatcher" => "Jifty","Jifty::Plugin::AdminUI::View" => "Jifty","Jifty::Plugin::Authentication::Password" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ConfirmEmail" => "Jifty","Jifty::Plugin::Authentication::Password::Action::GeneratePasswordToken" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Login" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Logout" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ResendConfirmation" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ResetLostPassword" => "Jifty","Jifty::Plugin::Authentication::Password::Action::SendAccountConfirmation" => "Jifty","Jifty::Plugin::Authentication::Password::Action::SendPasswordReminder" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Signup" => "Jifty","Jifty::Plugin::Authentication::Password::Dispatcher" => "Jifty","Jifty::Plugin::Authentication::Password::Mixin::Model::User" => "Jifty","Jifty::Plugin::Authentication::Password::Notification::ConfirmEmail" => "Jifty","Jifty::Plugin::Authentication::Password::Notification::ConfirmLostPassword" => "Jifty","Jifty::Plugin::Authentication::Password::View" => "Jifty","Jifty::Plugin::CSSQuery" => "Jifty","Jifty::Plugin::ClassLoader" => "Jifty","Jifty::Plugin::Compat" => "Jifty","Jifty::Plugin::Compat::Apache" => "Jifty","Jifty::Plugin::Compat::CGI" => "Jifty","Jifty::Plugin::CompressedCSSandJS" => "Jifty","Jifty::Plugin::CompressedCSSandJS::Dispatcher" => "Jifty","Jifty::Plugin::Config" => "Jifty","Jifty::Plugin::Config::Action::AddConfig" => "Jifty","Jifty::Plugin::Config::Action::Config" => "Jifty","Jifty::Plugin::Config::Action::Restart" => "Jifty","Jifty::Plugin::Config::Dispatcher" => "Jifty","Jifty::Plugin::Config::View" => "Jifty","Jifty::Plugin::Deflater" => "Jifty","Jifty::Plugin::ErrorTemplates" => "Jifty","Jifty::Plugin::ErrorTemplates::View" => "Jifty","Jifty::Plugin::Halo" => "Jifty","Jifty::Plugin::Halo::Mason" => "Jifty","Jifty::Plugin::I18N" => "Jifty","Jifty::Plugin::I18N::Action::SetLang" => "Jifty","Jifty::Plugin::IEFixes" => "Jifty","Jifty::Plugin::LetMe" => "Jifty","Jifty::Plugin::LetMe::Dispatcher" => "Jifty","Jifty::Plugin::OnlineDocs" => "Jifty","Jifty::Plugin::OnlineDocs::Dispatcher" => "Jifty","Jifty::Plugin::Prototypism" => "Jifty","Jifty::Plugin::PubSub" => "Jifty","Jifty::Plugin::PubSub::Bus" => "Jifty","Jifty::Plugin::PubSub::Connection" => "Jifty","Jifty::Plugin::PubSub::Subscriptions" => "Jifty","Jifty::Plugin::REST" => "Jifty","Jifty::Plugin::REST::Dispatcher" => "Jifty","Jifty::Plugin::RPC" => "Jifty","Jifty::Plugin::RequestInspector" => "Jifty","Jifty::Plugin::RequestInspector::Model::Request" => "Jifty","Jifty::Plugin::RequestInspector::View" => "Jifty","Jifty::Plugin::SQLQueries" => "Jifty","Jifty::Plugin::SQLQueries::View" => "Jifty","Jifty::Plugin::SetupWizard" => "Jifty","Jifty::Plugin::SetupWizard::Action::TestDatabaseConnectivity" => "Jifty","Jifty::Plugin::SetupWizard::View" => "Jifty","Jifty::Plugin::SinglePage" => "Jifty","Jifty::Plugin::SinglePage::Dispatcher" => "Jifty","Jifty::Plugin::SkeletonApp" => "Jifty","Jifty::Plugin::SkeletonApp::Dispatcher" => "Jifty","Jifty::Plugin::SkeletonApp::View" => "Jifty","Jifty::Plugin::TestServerWarnings" => "Jifty","Jifty::Plugin::TestServerWarnings::Appender" => "Jifty","Jifty::Plugin::TestServerWarnings::View" => "Jifty","Jifty::Plugin::User" => "Jifty","Jifty::Plugin::User::Mixin::Model::User" => "Jifty","Jifty::Plugin::ViewDeclarePage" => "Jifty","Jifty::Plugin::ViewDeclarePage::Page" => "Jifty","Jifty::Record" => "Jifty","Jifty::Request" => "Jifty","Jifty::Request::Action" => "Jifty","Jifty::Request::Fragment" => "Jifty","Jifty::Request::Mapper" => "Jifty","Jifty::Request::StateVariable" => "Jifty","Jifty::Response" => "Jifty","Jifty::Result" => "Jifty","Jifty::RightsFrom" => "Jifty","Jifty::Schema" => "Jifty","Jifty::Script" => "Jifty","Jifty::Script::Action" => "Jifty","Jifty::Script::Adopt" => "Jifty","Jifty::Script::App" => "Jifty","Jifty::Script::Env" => "Jifty","Jifty::Script::FastCGI" => "Jifty","Jifty::Script::Help" => "Jifty","Jifty::Script::ModPerl2" => "Jifty","Jifty::Script::Model" => "Jifty","Jifty::Script::Plugin" => "Jifty","Jifty::Script::Po" => "Jifty","Jifty::Script::Schema" => "Jifty","Jifty::Script::Script" => "Jifty","Jifty::Script::Server" => "Jifty","Jifty::Script::WriteCCJS" => "Jifty","Jifty::Server" => "Jifty","Jifty::Server::Fork" => "Jifty","Jifty::Server::Fork::NetServer" => "Jifty","Jifty::Server::Prefork" => "Jifty","Jifty::Server::Prefork::NetServer" => "Jifty","Jifty::Test" => "Jifty","Jifty::Test::Dist" => "Jifty","Jifty::Test::Email" => "Jifty","Jifty::Test::WWW::Declare" => "Jifty","Jifty::Test::WWW::Mechanize" => "Jifty","Jifty::Test::WWW::Selenium" => "Jifty","Jifty::Test::WWW::WebDriver" => "Jifty","Jifty::TestServer" => "Jifty","Jifty::TestServer::Apache" => "Jifty","Jifty::TestServer::Inline" => "Jifty","Jifty::Upgrade" => "Jifty","Jifty::Upgrade::Internal" => "Jifty","Jifty::Util" => "Jifty","Jifty::View" => "Jifty","Jifty::View::Declare" => "Jifty","Jifty::View::Declare::BaseClass" => "Jifty","Jifty::View::Declare::CRUD" => "Jifty","Jifty::View::Declare::CoreTemplates" => "Jifty","Jifty::View::Declare::Handler" => "Jifty","Jifty::View::Declare::Helpers" => "Jifty","Jifty::View::Declare::Page" => "Jifty","Jifty::View::Mason::Halo" => "Jifty","Jifty::View::Mason::Handler" => "Jifty","Jifty::View::Mason::Request" => "Jifty","Jifty::View::Static::Handler" => "Jifty","Jifty::Web" => "Jifty","Jifty::Web::FileUpload" => "Jifty","Jifty::Web::Form" => "Jifty","Jifty::Web::Form::Clickable" => "Jifty","Jifty::Web::Form::Element" => "Jifty","Jifty::Web::Form::Field" => "Jifty","Jifty::Web::Form::Field::Button" => "Jifty","Jifty::Web::Form::Field::Checkbox" => "Jifty","Jifty::Web::Form::Field::Checkboxes" => "Jifty","Jifty::Web::Form::Field::Collection" => "Jifty","Jifty::Web::Form::Field::Combobox" => "Jifty","Jifty::Web::Form::Field::Date" => "Jifty","Jifty::Web::Form::Field::DateTime" => "Jifty","Jifty::Web::Form::Field::Hidden" => "Jifty","Jifty::Web::Form::Field::InlineButton" => "Jifty","Jifty::Web::Form::Field::OrderedList" => "Jifty","Jifty::Web::Form::Field::Password" => "Jifty","Jifty::Web::Form::Field::Radio" => "Jifty","Jifty::Web::Form::Field::ResetButton" => "Jifty","Jifty::Web::Form::Field::Select" => "Jifty","Jifty::Web::Form::Field::Text" => "Jifty","Jifty::Web::Form::Field::Textarea" => "Jifty","Jifty::Web::Form::Field::Time" => "Jifty","Jifty::Web::Form::Field::Unrendered" => "Jifty","Jifty::Web::Form::Field::Upload" => "Jifty","Jifty::Web::Form::Field::Uploads" => "Jifty","Jifty::Web::Form::Link" => "Jifty","Jifty::Web::Menu" => "Jifty","Jifty::Web::PageRegion" => "Jifty","Jifty::Web::Session" => "Jifty","Jifty::Web::Session::ApacheSession" => "Jifty","Jifty::Web::Session::ClientSide" => "Jifty","Jifty::Web::Session::JDBI" => "Jifty","Jifty::Web::Session::None" => "Jifty","Jifty::YAML" => "Jifty","Kelp" => "Kelp","Kelp::Base" => "Kelp","Kelp::Context" => "Kelp","Kelp::Exception" => "Kelp","Kelp::Generator" => "Kelp","Kelp::Less" => "Kelp","Kelp::Middleware" => "Kelp","Kelp::Module" => "Kelp","Kelp::Module::Config" => "Kelp","Kelp::Module::Config::Less" => "Kelp","Kelp::Module::Config::Null" => "Kelp","Kelp::Module::Config::Sandbox" => "Kelp","Kelp::Module::Encoder" => "Kelp","Kelp::Module::JSON" => "Kelp","Kelp::Module::Logger" => "Kelp","Kelp::Module::Logger::Simple" => "Kelp","Kelp::Module::Null" => "Kelp","Kelp::Module::Routes" => "Kelp","Kelp::Module::Template" => "Kelp","Kelp::Module::Template::Null" => "Kelp","Kelp::Request" => "Kelp","Kelp::Response" => "Kelp","Kelp::Routes" => "Kelp","Kelp::Routes::Controller" => "Kelp","Kelp::Routes::Location" => "Kelp","Kelp::Routes::Pattern" => "Kelp","Kelp::Template" => "Kelp","Kelp::Test" => "Kelp","Kelp::Test::CookieJar" => "Kelp","Kelp::Util" => "Kelp","Kossy" => "Kossy","Kossy::Assets" => "Kossy","Kossy::BodyParser" => "Kossy","Kossy::BodyParser::JSON" => "Kossy","Kossy::BodyParser::MultiPart" => "Kossy","Kossy::BodyParser::OctetStream" => "Kossy","Kossy::BodyParser::UrlEncoded" => "Kossy","Kossy::Connection" => "Kossy","Kossy::Exception" => "Kossy","Kossy::Request" => "Kossy","Kossy::Response" => "Kossy","Kwid::AST" => "Perl6-Pugs","Kwid::Base" => "Perl6-Pugs","Kwid::HTML" => "Perl6-Pugs","Kwid::Loader" => "Perl6-Pugs","Kwid::Parser" => "Perl6-Pugs","LRUCache" => "GBrowse","LWP" => "libwww-perl","LWP::Authen::Basic" => "libwww-perl","LWP::Authen::Digest" => "libwww-perl","LWP::Authen::Ntlm" => "libwww-perl","LWP::ConnCache" => "libwww-perl","LWP::Debug" => "libwww-perl","LWP::Debug::TraceHTTP" => "libwww-perl","LWP::DebugFile" => "libwww-perl","LWP::MemberMixin" => "libwww-perl","LWP::Protocol" => "libwww-perl","LWP::Protocol::Net::Curl" => "LWP-Protocol-Net-Curl","LWP::Protocol::cpan" => "libwww-perl","LWP::Protocol::data" => "libwww-perl","LWP::Protocol::file" => "libwww-perl","LWP::Protocol::ftp" => "libwww-perl","LWP::Protocol::gopher" => "libwww-perl","LWP::Protocol::http" => "libwww-perl","LWP::Protocol::https" => "LWP-Protocol-https","LWP::Protocol::https::Socket" => "LWP-Protocol-https","LWP::Protocol::ldap" => "perl-ldap","LWP::Protocol::ldapi" => "perl-ldap","LWP::Protocol::ldaps" => "perl-ldap","LWP::Protocol::loopback" => "libwww-perl","LWP::Protocol::mailto" => "libwww-perl","LWP::Protocol::nntp" => "libwww-perl","LWP::Protocol::nogo" => "libwww-perl","LWP::RobotUA" => "libwww-perl","LWP::Simple" => "libwww-perl","LWP::UserAgent" => "libwww-perl","LWP::UserAgent::AtomClient" => "XML-Atom","Legacy::DB::SyntenyBlock" => "GBrowse","Legacy::DB::SyntenyIO" => "GBrowse","Legacy::Graphics::Browser" => "GBrowse","Legacy::Graphics::Browser::I18n" => "GBrowse","Legacy::Graphics::Browser::PageSettings" => "GBrowse","Legacy::Graphics::Browser::Synteny" => "GBrowse","Legacy::Graphics::Browser::Util" => "GBrowse","Legacy::Graphics::BrowserConfig" => "GBrowse","Lemonldap::NG::Common" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Generate::SHA256" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Lock" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::SOAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Serialize::JSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Store" => "Lemonldap-NG-Common","Lemonldap::NG::Common::AuditLogger::UserLoggerCompat" => "Lemonldap-NG-Common","Lemonldap::NG::Common::AuditLogger::UserLoggerJSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Cli" => "Lemonldap-NG-Common","Lemonldap::NG::Common::CliSessions" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Combination::Parser" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::AccessLib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::CDBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::File" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::JSONFile" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::LDAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Local" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::MongoDB" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Overlay" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Patroni" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::RDBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::SOAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::YAMLFile" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::_DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Compact" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::DefaultValues" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::RESTServer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::ReConstants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::SAML::Metadata" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Serializer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Wrapper" => "Lemonldap-NG-Common","Lemonldap::NG::Common::CrowdSec" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Crypto" => "Lemonldap-NG-Common","Lemonldap::NG::Common::EmailAddress" => "Lemonldap-NG-Common","Lemonldap::NG::Common::EmailTransport" => "Lemonldap-NG-Common","Lemonldap::NG::Common::FormEncode" => "Lemonldap-NG-Common","Lemonldap::NG::Common::IPv6" => "Lemonldap-NG-Common","Lemonldap::NG::Common::JWT" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Languages" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Lib::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Apache2" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Dispatch" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Log4perl" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Loki" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::MessageBroker" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Null" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Sentry" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Std" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Syslog" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::_Duplicate" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::MQTT" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::NoBroker" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Pg" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Redis" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Web" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Module" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::File" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::JSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::LDAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::XML" => "Lemonldap-NG-Common","Lemonldap::NG::Common::OpenIDConnect::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::OpenIDConnect::Metadata" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Cli::Lib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Request" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Router" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::SOAPServer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::SOAPService" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Regexp" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Safelib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session::Purge" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::TOTP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::UserAgent" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Util" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Util::Crypto" => "Lemonldap-NG-Common","Lemonldap::NG::DBI::Failed" => "Lemonldap-NG-Common","Lemonldap::NG::Handler" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::FCGIClient" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Menu" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Request" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::PSGI" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::Status" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::StatusConstants" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Init" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::MsgActions" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Reload" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Run" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::SharedVariables" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Router" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Try" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Nginx" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Traefik" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Manager" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::2ndFA" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::2F" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Common" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::History" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Menu::App" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Menu::Cat" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Misc" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::CasApp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::OidcRp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::SamlSp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Attributes" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::Attributes" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::CTrees" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::OpenApi" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::PortalConstants" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::Tree" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli::Lib" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli::Request" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Diff" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Parser" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Tests" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Zero" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Notifications" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Plugin" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Sessions" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Viewer" => "Lemonldap-NG-Manager","Lemonldap::NG::Portal" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Engines::Default" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Ext2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Mail2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Okta" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Password" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Generic" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Password" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::TOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Yubikey" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::TOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::UTOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Yubikey" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Apache" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Facebook" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::GPG" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::GitHub" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Kerberos" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::LinkedIn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::PAM" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Proxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::SSL" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Twitter" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::WebID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::_Ajax" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::_WebForm" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CDC" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::ReCaptcha" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::ReCaptcha3" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::SecurityImage" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::Get" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::JitsiMeetTokens" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::2fDevices" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Captcha" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Code2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Combination::UserLogger" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CrowdSec" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CrowdSecFilter" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CustomModule" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Key" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::LazyLoadedConfiguration" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Net::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Notifications::JSON" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Notifications::XML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OIDCTokenExchange" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Okta" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OneTimeToken" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenID::SREG" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenID::Server" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OtherSessions" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OverConf" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::RESTProxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SMTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SOAPProxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Wrapper" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::_tokenRule" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Auth" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Constants" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Display" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Init" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Issuer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Menu" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Plugin" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Plugins" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Process" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Request" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Run" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::SecondFactor" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::UserDB" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::MenuTab" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AdaptativeAuthenticationLevel" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AdminLogout" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AuthOidcPkce" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AutoSignin" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::BasePasswordPolicy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::BruteForceProtection" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CDA" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CertificateResetByMail" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckDevOps" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckEntropy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckHIBP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckState" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckUser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::ContextSwitching" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CrowdSec" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CrowdSecAgent" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::DecryptValue" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::FindUser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::ForceAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::GlobalLogout" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::GrantSession" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::History" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Impersonation" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::InitializePasswordReset" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::LocationDetect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::MailPasswordReset" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::NewLocationWarning" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Notifications" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OIDCInternalTokenExchange" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OIDCNativeSso" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OidcOfflineTokens" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::PublicNotifications" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::PublicPages" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::RESTServer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Refresh" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Register" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::RememberAuthChoice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SOAPServer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SamlFederation" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SingleSession" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Status" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::StayConnected" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::TrustedBrowser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Upgrade" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::WebCron" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Facebook" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Proxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::WebID" => "Lemonldap-NG-Portal","Lemonldap::NG::SSOaaS::Apache::Client" => "Lemonldap-NG-Handler","Linux::Statm::Tiny" => "Linux-Statm-Tiny","Linux::Statm::Tiny::Mite" => "Linux-Statm-Tiny","Locale::Maketext" => "Locale-Maketext","Locale::Maketext::Guts" => "Locale-Maketext","Locale::Maketext::GutsLoader" => "Locale-Maketext","Log::Any" => "Log-Any","Log::Any::Adapter" => "Log-Any","Log::Any::Adapter::Base" => "Log-Any","Log::Any::Adapter::Capture" => "Log-Any","Log::Any::Adapter::Core" => "Log-Any","Log::Any::Adapter::File" => "Log-Any","Log::Any::Adapter::Multiplex" => "Log-Any","Log::Any::Adapter::Null" => "Log-Any","Log::Any::Adapter::Stderr" => "Log-Any","Log::Any::Adapter::Stdout" => "Log-Any","Log::Any::Adapter::Syslog" => "Log-Any","Log::Any::Adapter::Test" => "Log-Any","Log::Any::Adapter::Util" => "Log-Any","Log::Any::Manager" => "Log-Any","Log::Any::Proxy" => "Log-Any","Log::Any::Proxy::Null" => "Log-Any","Log::Any::Proxy::Test" => "Log-Any","Log::Any::Proxy::WithStackTrace" => "Log-Any","Log::Any::Test" => "Log-Any","MARC::File::XML" => "MARC-File-XML","MDK::Common" => "MDK-Common","MDK::Common::DataStructure" => "MDK-Common","MDK::Common::File" => "MDK-Common","MDK::Common::Func" => "MDK-Common","MDK::Common::Math" => "MDK-Common","MDK::Common::String" => "MDK-Common","MDK::Common::System" => "MDK-Common","MDK::Common::Various" => "MDK-Common","MHonArc::Char" => "MHonArc","MHonArc::Char::JP" => "MHonArc","MHonArc::Char::KR" => "MHonArc","MHonArc::CharEnt" => "MHonArc","MHonArc::CharEnt::AppleArabic" => "MHonArc","MHonArc::CharEnt::AppleCenteuro" => "MHonArc","MHonArc::CharEnt::AppleCroatian" => "MHonArc","MHonArc::CharEnt::AppleCyrillic" => "MHonArc","MHonArc::CharEnt::AppleGreek" => "MHonArc","MHonArc::CharEnt::AppleHebrew" => "MHonArc","MHonArc::CharEnt::AppleIceland" => "MHonArc","MHonArc::CharEnt::AppleRoman" => "MHonArc","MHonArc::CharEnt::AppleRomanian" => "MHonArc","MHonArc::CharEnt::AppleThai" => "MHonArc","MHonArc::CharEnt::AppleTurkish" => "MHonArc","MHonArc::CharEnt::BIG5_ETEN" => "MHonArc","MHonArc::CharEnt::BIG5_HKSCS" => "MHonArc","MHonArc::CharEnt::CP1250" => "MHonArc","MHonArc::CharEnt::CP1251" => "MHonArc","MHonArc::CharEnt::CP1252" => "MHonArc","MHonArc::CharEnt::CP1253" => "MHonArc","MHonArc::CharEnt::CP1254" => "MHonArc","MHonArc::CharEnt::CP1255" => "MHonArc","MHonArc::CharEnt::CP1256" => "MHonArc","MHonArc::CharEnt::CP1257" => "MHonArc","MHonArc::CharEnt::CP1258" => "MHonArc","MHonArc::CharEnt::CP866" => "MHonArc","MHonArc::CharEnt::CP932" => "MHonArc","MHonArc::CharEnt::CP936" => "MHonArc","MHonArc::CharEnt::CP949" => "MHonArc","MHonArc::CharEnt::CP950" => "MHonArc","MHonArc::CharEnt::EUC_JP" => "MHonArc","MHonArc::CharEnt::GB2312" => "MHonArc","MHonArc::CharEnt::GOST19768_87" => "MHonArc","MHonArc::CharEnt::HP_ROMAN8" => "MHonArc","MHonArc::CharEnt::ISO8859_1" => "MHonArc","MHonArc::CharEnt::ISO8859_10" => "MHonArc","MHonArc::CharEnt::ISO8859_11" => "MHonArc","MHonArc::CharEnt::ISO8859_13" => "MHonArc","MHonArc::CharEnt::ISO8859_14" => "MHonArc","MHonArc::CharEnt::ISO8859_15" => "MHonArc","MHonArc::CharEnt::ISO8859_16" => "MHonArc","MHonArc::CharEnt::ISO8859_2" => "MHonArc","MHonArc::CharEnt::ISO8859_3" => "MHonArc","MHonArc::CharEnt::ISO8859_4" => "MHonArc","MHonArc::CharEnt::ISO8859_5" => "MHonArc","MHonArc::CharEnt::ISO8859_6" => "MHonArc","MHonArc::CharEnt::ISO8859_7" => "MHonArc","MHonArc::CharEnt::ISO8859_8" => "MHonArc","MHonArc::CharEnt::ISO8859_9" => "MHonArc","MHonArc::CharEnt::KOI8_A" => "MHonArc","MHonArc::CharEnt::KOI8_B" => "MHonArc","MHonArc::CharEnt::KOI8_E" => "MHonArc","MHonArc::CharEnt::KOI8_F" => "MHonArc","MHonArc::CharEnt::KOI8_R" => "MHonArc","MHonArc::CharEnt::KOI8_U" => "MHonArc","MHonArc::CharEnt::KOI_0" => "MHonArc","MHonArc::CharEnt::KOI_7" => "MHonArc","MHonArc::CharEnt::VISCII" => "MHonArc","MHonArc::CharMaps" => "MHonArc","MHonArc::Encode" => "MHonArc","MHonArc::RFC822" => "MHonArc","MHonArc::UTF8" => "MHonArc","MHonArc::UTF8::AppleArabic" => "MHonArc","MHonArc::UTF8::AppleCenteuro" => "MHonArc","MHonArc::UTF8::AppleCroatian" => "MHonArc","MHonArc::UTF8::AppleCyrillic" => "MHonArc","MHonArc::UTF8::AppleGreek" => "MHonArc","MHonArc::UTF8::AppleHebrew" => "MHonArc","MHonArc::UTF8::AppleIceland" => "MHonArc","MHonArc::UTF8::AppleRoman" => "MHonArc","MHonArc::UTF8::AppleRomanian" => "MHonArc","MHonArc::UTF8::AppleThai" => "MHonArc","MHonArc::UTF8::AppleTurkish" => "MHonArc","MHonArc::UTF8::BIG5_ETEN" => "MHonArc","MHonArc::UTF8::BIG5_HKSCS" => "MHonArc","MHonArc::UTF8::CP1250" => "MHonArc","MHonArc::UTF8::CP1251" => "MHonArc","MHonArc::UTF8::CP1252" => "MHonArc","MHonArc::UTF8::CP1253" => "MHonArc","MHonArc::UTF8::CP1254" => "MHonArc","MHonArc::UTF8::CP1255" => "MHonArc","MHonArc::UTF8::CP1256" => "MHonArc","MHonArc::UTF8::CP1257" => "MHonArc","MHonArc::UTF8::CP1258" => "MHonArc","MHonArc::UTF8::CP866" => "MHonArc","MHonArc::UTF8::CP932" => "MHonArc","MHonArc::UTF8::CP936" => "MHonArc","MHonArc::UTF8::CP949" => "MHonArc","MHonArc::UTF8::CP950" => "MHonArc","MHonArc::UTF8::EUC_JP" => "MHonArc","MHonArc::UTF8::Encode" => "MHonArc","MHonArc::UTF8::GB2312" => "MHonArc","MHonArc::UTF8::GOST19768_87" => "MHonArc","MHonArc::UTF8::HP_ROMAN8" => "MHonArc","MHonArc::UTF8::ISO8859_1" => "MHonArc","MHonArc::UTF8::ISO8859_10" => "MHonArc","MHonArc::UTF8::ISO8859_11" => "MHonArc","MHonArc::UTF8::ISO8859_13" => "MHonArc","MHonArc::UTF8::ISO8859_14" => "MHonArc","MHonArc::UTF8::ISO8859_15" => "MHonArc","MHonArc::UTF8::ISO8859_16" => "MHonArc","MHonArc::UTF8::ISO8859_2" => "MHonArc","MHonArc::UTF8::ISO8859_3" => "MHonArc","MHonArc::UTF8::ISO8859_4" => "MHonArc","MHonArc::UTF8::ISO8859_5" => "MHonArc","MHonArc::UTF8::ISO8859_6" => "MHonArc","MHonArc::UTF8::ISO8859_7" => "MHonArc","MHonArc::UTF8::ISO8859_8" => "MHonArc","MHonArc::UTF8::ISO8859_9" => "MHonArc","MHonArc::UTF8::KOI8_A" => "MHonArc","MHonArc::UTF8::KOI8_B" => "MHonArc","MHonArc::UTF8::KOI8_E" => "MHonArc","MHonArc::UTF8::KOI8_F" => "MHonArc","MHonArc::UTF8::KOI8_R" => "MHonArc","MHonArc::UTF8::KOI8_U" => "MHonArc","MHonArc::UTF8::KOI_0" => "MHonArc","MHonArc::UTF8::KOI_7" => "MHonArc","MHonArc::UTF8::MapUTF8" => "MHonArc","MHonArc::UTF8::MhaEncode" => "MHonArc","MHonArc::UTF8::VISCII" => "MHonArc","MIME::Body" => "MIME-tools","MIME::Body::File" => "MIME-tools","MIME::Body::InCore" => "MIME-tools","MIME::Body::Scalar" => "MIME-tools","MIME::Decoder" => "MIME-tools","MIME::Decoder::Base64" => "MIME-tools","MIME::Decoder::BinHex" => "MIME-tools","MIME::Decoder::Binary" => "MIME-tools","MIME::Decoder::Gzip64" => "MIME-tools","MIME::Decoder::NBit" => "MIME-tools","MIME::Decoder::QuotedPrint" => "MIME-tools","MIME::Decoder::UU" => "MIME-tools","MIME::Entity" => "MIME-tools","MIME::Field::ConTraEnc" => "MIME-tools","MIME::Field::ContDisp" => "MIME-tools","MIME::Field::ContType" => "MIME-tools","MIME::Field::ParamVal" => "MIME-tools","MIME::Head" => "MIME-tools","MIME::Parser" => "MIME-tools","MIME::Parser::FileInto" => "MIME-tools","MIME::Parser::FileUnder" => "MIME-tools","MIME::Parser::Filer" => "MIME-tools","MIME::Parser::InnerFile" => "MIME-tools","MIME::Parser::Reader" => "MIME-tools","MIME::Parser::Results" => "MIME-tools","MIME::ToolUtils" => "MIME-tools","MIME::Tools" => "MIME-tools","MIME::WordDecoder" => "MIME-tools","MIME::WordDecoder::ISO_8859" => "MIME-tools","MIME::WordDecoder::US_ASCII" => "MIME-tools","MIME::WordDecoder::UTF_8" => "MIME-tools","MIME::Words" => "MIME-tools","MM" => "ExtUtils-MakeMaker","MY" => "ExtUtils-MakeMaker","Mail::Address" => "MailTools","Mail::Audit" => "Mail-Audit","Mail::Audit::KillDups" => "Mail-Audit","Mail::Audit::MAPS" => "Mail-Audit","Mail::Audit::MailInternet" => "Mail-Audit","Mail::Audit::MimeEntity" => "Mail-Audit","Mail::Audit::Util::Tempdir" => "Mail-Audit","Mail::Audit::Vacation" => "Mail-Audit","Mail::Cap" => "MailTools","Mail::Field" => "MailTools","Mail::Field::AddrList" => "MailTools","Mail::Field::Date" => "MailTools","Mail::Field::Generic" => "MailTools","Mail::Filter" => "MailTools","Mail::Header" => "MailTools","Mail::Internet" => "MailTools","Mail::Mailer" => "MailTools","Mail::Mailer::qmail" => "MailTools","Mail::Mailer::rfc822" => "MailTools","Mail::Mailer::sendmail" => "MailTools","Mail::Mailer::smtp" => "MailTools","Mail::Mailer::smtp::pipe" => "MailTools","Mail::Mailer::smtps" => "MailTools","Mail::Mailer::smtps::pipe" => "MailTools","Mail::Mailer::testfile" => "MailTools","Mail::Mailer::testfile::pipe" => "MailTools","Mail::Send" => "MailTools","Mail::Util" => "MailTools","MailTools" => "MailTools","Maintainers" => "perl","MarpaX::ESLIF" => "MarpaX-ESLIF","MarpaX::ESLIF::Base" => "MarpaX-ESLIF","MarpaX::ESLIF::Event::Type" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Rule::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Symbol::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Decoder" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Decoder::RecognizerInterface" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Encoder" => "MarpaX-ESLIF","MarpaX::ESLIF::Logger::Level" => "MarpaX-ESLIF","MarpaX::ESLIF::Recognizer" => "MarpaX-ESLIF","MarpaX::ESLIF::RegexCallout" => "MarpaX-ESLIF","MarpaX::ESLIF::Rule::PropertyBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::String" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::EventBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::PropertyBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::Type" => "MarpaX-ESLIF","MarpaX::ESLIF::Value" => "MarpaX-ESLIF","MarpaX::ESLIF::Value::Type" => "MarpaX-ESLIF","Math::BigInt::LTM" => "CryptX","Maypole" => "Maypole","Maypole::Application" => "Maypole","Maypole::CLI" => "Maypole","Maypole::Config" => "Maypole","Maypole::Constants" => "Maypole","Maypole::Headers" => "Maypole","Maypole::Model::Base" => "Maypole","Maypole::Model::CDBI" => "Maypole","Maypole::Model::CDBI::AsForm" => "Maypole","Maypole::Model::CDBI::Base" => "Maypole","Maypole::Model::CDBI::DFV" => "Maypole","Maypole::Model::CDBI::FromCGI" => "Maypole","Maypole::Model::CDBI::Plain" => "Maypole","Maypole::Session" => "Maypole","Maypole::View::Base" => "Maypole","Maypole::View::TT" => "Maypole","MicroWiki::Controllers" => "Squatting","MicroWiki::Views" => "Squatting","Mite" => "Mite","Mite::App" => "Mite","Mite::App::Command" => "Mite","Mite::App::Command::clean" => "Mite","Mite::App::Command::compile" => "Mite","Mite::App::Command::exec" => "Mite","Mite::App::Command::init" => "Mite","Mite::App::Command::preview" => "Mite","Mite::Attribute" => "Mite","Mite::Attribute::SHV::CodeGen" => "Mite","Mite::Class" => "Mite","Mite::Compiled" => "Mite","Mite::Config" => "Mite","Mite::MakeMaker" => "Mite","Mite::Miteception" => "Mite","Mite::ModuleBuild" => "Mite","Mite::Package" => "Mite","Mite::Project" => "Mite","Mite::Role" => "Mite","Mite::Role::Tiny" => "Mite","Mite::Shim" => "Mite","Mite::Signature" => "Mite","Mite::Signature::Compiler" => "Mite","Mite::Source" => "Mite","Mite::Trait::HasAttributes" => "Mite","Mite::Trait::HasConstructor" => "Mite","Mite::Trait::HasDestructor" => "Mite","Mite::Trait::HasMOP" => "Mite","Mite::Trait::HasMethods" => "Mite","Mite::Trait::HasRequiredMethods" => "Mite","Mite::Trait::HasRoles" => "Mite","Mite::Trait::HasSuperclasses" => "Mite","Mite::Types" => "Mite","ModPerl::BuildMM" => "mod_perl","ModPerl::BuildOptions" => "mod_perl","ModPerl::CScan" => "mod_perl","ModPerl::Code" => "mod_perl","ModPerl::Config" => "mod_perl","ModPerl::FunctionMap" => "mod_perl","ModPerl::FunctionTable" => "mod_perl","ModPerl::Global" => "mod_perl","ModPerl::InterpPool" => "mod_perl","ModPerl::Interpreter" => "mod_perl","ModPerl::MM" => "mod_perl","ModPerl::Manifest" => "mod_perl","ModPerl::MapBase" => "mod_perl","ModPerl::MapUtil" => "mod_perl","ModPerl::MethodLookup" => "mod_perl","ModPerl::ParseSource" => "mod_perl","ModPerl::PerlRun" => "mod_perl","ModPerl::PerlRunPrefork" => "mod_perl","ModPerl::Registry" => "mod_perl","ModPerl::RegistryBB" => "mod_perl","ModPerl::RegistryCooker" => "mod_perl","ModPerl::RegistryLoader" => "mod_perl","ModPerl::RegistryPrefork" => "mod_perl","ModPerl::StructureMap" => "mod_perl","ModPerl::TestConfig" => "mod_perl","ModPerl::TestReport" => "mod_perl","ModPerl::TestRun" => "mod_perl","ModPerl::TiPool" => "mod_perl","ModPerl::TiPoolConfig" => "mod_perl","ModPerl::TypeMap" => "mod_perl","ModPerl::Util" => "mod_perl","ModPerl::WrapXS" => "mod_perl","Module::Load::Conditional" => "Module-Load-Conditional","Module::Metadata" => "Module-Metadata","Module::Provision" => "Module-Provision","Module::Provision::Base" => "Module-Provision","Module::Provision::Config" => "Module-Provision","Module::Provision::MetaData" => "Module-Provision","Module::Provision::TraitFor::AddingFiles" => "Module-Provision","Module::Provision::TraitFor::Badges" => "Module-Provision","Module::Provision::TraitFor::CPANDistributions" => "Module-Provision","Module::Provision::TraitFor::CreatingDistributions" => "Module-Provision","Module::Provision::TraitFor::EnvControl" => "Module-Provision","Module::Provision::TraitFor::PrereqDifferences" => "Module-Provision","Module::Provision::TraitFor::Rendering" => "Module-Provision","Module::Provision::TraitFor::UpdatingContent" => "Module-Provision","Module::Provision::TraitFor::VCS" => "Module-Provision","Module::ScanDeps" => "Module-ScanDeps","Module::Signature" => "Module-Signature","Mojo" => "Mojolicious","Mojo::Asset" => "Mojolicious","Mojo::Asset::File" => "Mojolicious","Mojo::Asset::Memory" => "Mojolicious","Mojo::Base" => "Mojolicious","Mojo::BaseUtil" => "Mojolicious","Mojo::ByteStream" => "Mojolicious","Mojo::Cache" => "Mojolicious","Mojo::Collection" => "Mojolicious","Mojo::Collection::Role::Extra" => "Mojo-DOM-Role-Analyzer","Mojo::Content" => "Mojolicious","Mojo::Content::MultiPart" => "Mojolicious","Mojo::Content::Single" => "Mojolicious","Mojo::Cookie" => "Mojolicious","Mojo::Cookie::Request" => "Mojolicious","Mojo::Cookie::Response" => "Mojolicious","Mojo::DOM" => "Mojolicious","Mojo::DOM::CSS" => "Mojolicious","Mojo::DOM::HTML" => "Mojolicious","Mojo::DOM::Role::Analyzer" => "Mojo-DOM-Role-Analyzer","Mojo::Date" => "Mojolicious","Mojo::DynamicMethods" => "Mojolicious","Mojo::EventEmitter" => "Mojolicious","Mojo::Exception" => "Mojolicious","Mojo::Exception::_Guard" => "Mojolicious","Mojo::File" => "Mojolicious","Mojo::Headers" => "Mojolicious","Mojo::HelloWorld" => "Mojolicious","Mojo::Home" => "Mojolicious","Mojo::IOLoop" => "Mojolicious","Mojo::IOLoop::Client" => "Mojolicious","Mojo::IOLoop::Server" => "Mojolicious","Mojo::IOLoop::Stream" => "Mojolicious","Mojo::IOLoop::Subprocess" => "Mojolicious","Mojo::IOLoop::TLS" => "Mojolicious","Mojo::JSON" => "Mojolicious","Mojo::JSON::Pointer" => "Mojolicious","Mojo::Loader" => "Mojolicious","Mojo::Log" => "Mojolicious","Mojo::Message" => "Mojolicious","Mojo::Message::Request" => "Mojolicious","Mojo::Message::Response" => "Mojolicious","Mojo::Parameters" => "Mojolicious","Mojo::Path" => "Mojolicious","Mojo::Promise" => "Mojolicious","Mojo::Reactor" => "Mojolicious","Mojo::Reactor::EV" => "Mojolicious","Mojo::Reactor::Poll" => "Mojolicious","Mojo::SSE" => "Mojolicious","Mojo::Server" => "Mojolicious","Mojo::Server::CGI" => "Mojolicious","Mojo::Server::Daemon" => "Mojolicious","Mojo::Server::Hypnotoad" => "Mojolicious","Mojo::Server::Morbo" => "Mojolicious","Mojo::Server::Morbo::Backend" => "Mojolicious","Mojo::Server::Morbo::Backend::Poll" => "Mojolicious","Mojo::Server::PSGI" => "Mojolicious","Mojo::Server::PSGI::_IO" => "Mojolicious","Mojo::Server::Prefork" => "Mojolicious","Mojo::Template" => "Mojolicious","Mojo::Transaction" => "Mojolicious","Mojo::Transaction::HTTP" => "Mojolicious","Mojo::Transaction::WebSocket" => "Mojolicious","Mojo::URL" => "Mojolicious","Mojo::Upload" => "Mojolicious","Mojo::UserAgent" => "Mojolicious","Mojo::UserAgent::CookieJar" => "Mojolicious","Mojo::UserAgent::Proxy" => "Mojolicious","Mojo::UserAgent::Server" => "Mojolicious","Mojo::UserAgent::Transactor" => "Mojolicious","Mojo::Util" => "Mojolicious","Mojo::WebSocket" => "Mojolicious","MojoMojo" => "MojoMojo","MojoMojo::Controller::Admin" => "MojoMojo","MojoMojo::Controller::Attachment" => "MojoMojo","MojoMojo::Controller::Comment" => "MojoMojo","MojoMojo::Controller::Export" => "MojoMojo","MojoMojo::Controller::Gallery" => "MojoMojo","MojoMojo::Controller::Image" => "MojoMojo","MojoMojo::Controller::JSON" => "MojoMojo","MojoMojo::Controller::Journal" => "MojoMojo","MojoMojo::Controller::Jsrpc" => "MojoMojo","MojoMojo::Controller::Page" => "MojoMojo","MojoMojo::Controller::PageAdmin" => "MojoMojo","MojoMojo::Controller::Root" => "MojoMojo","MojoMojo::Controller::Tag" => "MojoMojo","MojoMojo::Controller::User" => "MojoMojo","MojoMojo::Declaw" => "MojoMojo","MojoMojo::Extension" => "MojoMojo","MojoMojo::Extensions::Counter" => "MojoMojo","MojoMojo::Formatter" => "MojoMojo","MojoMojo::Formatter::Amazon" => "MojoMojo","MojoMojo::Formatter::CPANHyperlink" => "MojoMojo","MojoMojo::Formatter::Comment" => "MojoMojo","MojoMojo::Formatter::Defang" => "MojoMojo","MojoMojo::Formatter::Dir" => "MojoMojo","MojoMojo::Formatter::DocBook" => "MojoMojo","MojoMojo::Formatter::DocBook::Colorize" => "MojoMojo","MojoMojo::Formatter::Emote" => "MojoMojo","MojoMojo::Formatter::File" => "MojoMojo","MojoMojo::Formatter::File::DocBook" => "MojoMojo","MojoMojo::Formatter::File::Image" => "MojoMojo","MojoMojo::Formatter::File::Pod" => "MojoMojo","MojoMojo::Formatter::File::Test" => "MojoMojo","MojoMojo::Formatter::File::Text" => "MojoMojo","MojoMojo::Formatter::Gist" => "MojoMojo","MojoMojo::Formatter::GoogleCalendar" => "MojoMojo","MojoMojo::Formatter::GoogleSearch" => "MojoMojo","MojoMojo::Formatter::IDLink" => "MojoMojo","MojoMojo::Formatter::IRCLog" => "MojoMojo","MojoMojo::Formatter::Include" => "MojoMojo","MojoMojo::Formatter::Main" => "MojoMojo","MojoMojo::Formatter::Markdown" => "MojoMojo","MojoMojo::Formatter::Pod" => "MojoMojo","MojoMojo::Formatter::Pod::Simple::HTML" => "MojoMojo","MojoMojo::Formatter::RSS" => "MojoMojo","MojoMojo::Formatter::Redirect" => "MojoMojo","MojoMojo::Formatter::SyntaxHighlight" => "MojoMojo","MojoMojo::Formatter::TOC" => "MojoMojo","MojoMojo::Formatter::Text" => "MojoMojo","MojoMojo::Formatter::Textile" => "MojoMojo","MojoMojo::Formatter::Wiki" => "MojoMojo","MojoMojo::Formatter::WikipediaLink" => "MojoMojo","MojoMojo::Formatter::YouTube" => "MojoMojo","MojoMojo::I18N" => "MojoMojo","MojoMojo::Model::DBIC" => "MojoMojo","MojoMojo::Model::Search" => "MojoMojo","MojoMojo::Model::Themes" => "MojoMojo","MojoMojo::Schema" => "MojoMojo","MojoMojo::Schema::Base::Result" => "MojoMojo","MojoMojo::Schema::Base::ResultSet" => "MojoMojo","MojoMojo::Schema::Result::Attachment" => "MojoMojo","MojoMojo::Schema::Result::Comment" => "MojoMojo","MojoMojo::Schema::Result::Content" => "MojoMojo","MojoMojo::Schema::Result::Entry" => "MojoMojo","MojoMojo::Schema::Result::Journal" => "MojoMojo","MojoMojo::Schema::Result::Link" => "MojoMojo","MojoMojo::Schema::Result::Page" => "MojoMojo","MojoMojo::Schema::Result::PageVersion" => "MojoMojo","MojoMojo::Schema::Result::PathPermissions" => "MojoMojo","MojoMojo::Schema::Result::Person" => "MojoMojo","MojoMojo::Schema::Result::Photo" => "MojoMojo","MojoMojo::Schema::Result::Preference" => "MojoMojo","MojoMojo::Schema::Result::Role" => "MojoMojo","MojoMojo::Schema::Result::RoleMember" => "MojoMojo","MojoMojo::Schema::Result::RolePrivilege" => "MojoMojo","MojoMojo::Schema::Result::Tag" => "MojoMojo","MojoMojo::Schema::Result::WantedPage" => "MojoMojo","MojoMojo::Schema::ResultSet::Attachment" => "MojoMojo","MojoMojo::Schema::ResultSet::Content" => "MojoMojo","MojoMojo::Schema::ResultSet::Page" => "MojoMojo","MojoMojo::Schema::ResultSet::Person" => "MojoMojo","MojoMojo::Schema::ResultSet::Role" => "MojoMojo","MojoMojo::Schema::ResultSet::Tag" => "MojoMojo","MojoMojo::View::Email" => "MojoMojo","MojoMojo::View::JSON" => "MojoMojo","MojoMojo::View::TT" => "MojoMojo","MojoMojo::WordDiff" => "MojoMojo","Mojolicious" => "Mojolicious","Mojolicious::Command" => "Mojolicious","Mojolicious::Command::Author::cpanify" => "Mojolicious","Mojolicious::Command::Author::generate" => "Mojolicious","Mojolicious::Command::Author::generate::app" => "Mojolicious","Mojolicious::Command::Author::generate::dockerfile" => "Mojolicious","Mojolicious::Command::Author::generate::lite_app" => "Mojolicious","Mojolicious::Command::Author::generate::makefile" => "Mojolicious","Mojolicious::Command::Author::generate::plugin" => "Mojolicious","Mojolicious::Command::Author::inflate" => "Mojolicious","Mojolicious::Command::cgi" => "Mojolicious","Mojolicious::Command::cpanify" => "Mojolicious","Mojolicious::Command::daemon" => "Mojolicious","Mojolicious::Command::eval" => "Mojolicious","Mojolicious::Command::generate" => "Mojolicious","Mojolicious::Command::generate::app" => "Mojolicious","Mojolicious::Command::generate::lite_app" => "Mojolicious","Mojolicious::Command::generate::makefile" => "Mojolicious","Mojolicious::Command::generate::plugin" => "Mojolicious","Mojolicious::Command::get" => "Mojolicious","Mojolicious::Command::inflate" => "Mojolicious","Mojolicious::Command::prefork" => "Mojolicious","Mojolicious::Command::psgi" => "Mojolicious","Mojolicious::Command::routes" => "Mojolicious","Mojolicious::Command::test" => "Mojolicious","Mojolicious::Command::version" => "Mojolicious","Mojolicious::Commands" => "Mojolicious","Mojolicious::Controller" => "Mojolicious","Mojolicious::Lite" => "Mojolicious","Mojolicious::Plugin" => "Mojolicious","Mojolicious::Plugin::CSRF" => "Mojolicious-Plugin-CSRF","Mojolicious::Plugin::CSRF::Base" => "Mojolicious-Plugin-CSRF","Mojolicious::Plugin::CaptchaPNG" => "Mojolicious-Plugin-CaptchaPNG","Mojolicious::Plugin::Config" => "Mojolicious","Mojolicious::Plugin::Config::Sandbox" => "Mojolicious","Mojolicious::Plugin::DefaultHelpers" => "Mojolicious","Mojolicious::Plugin::EPLRenderer" => "Mojolicious","Mojolicious::Plugin::EPRenderer" => "Mojolicious","Mojolicious::Plugin::HeaderCondition" => "Mojolicious","Mojolicious::Plugin::JSONConfig" => "Mojolicious","Mojolicious::Plugin::Mount" => "Mojolicious","Mojolicious::Plugin::NotYAMLConfig" => "Mojolicious","Mojolicious::Plugin::OAuth2" => "Mojolicious-Plugin-OAuth2","Mojolicious::Plugin::OAuth2::Mock" => "Mojolicious-Plugin-OAuth2","Mojolicious::Plugin::PODRenderer" => "Mojolicious","Mojolicious::Plugin::TagHelpers" => "Mojolicious","Mojolicious::Plugin::Yancy" => "Yancy","Mojolicious::Plugins" => "Mojolicious","Mojolicious::Renderer" => "Mojolicious","Mojolicious::Routes" => "Mojolicious","Mojolicious::Routes::Match" => "Mojolicious","Mojolicious::Routes::Pattern" => "Mojolicious","Mojolicious::Routes::Route" => "Mojolicious","Mojolicious::Sessions" => "Mojolicious","Mojolicious::Static" => "Mojolicious","Mojolicious::Types" => "Mojolicious","Mojolicious::Validator" => "Mojolicious","Mojolicious::Validator::Validation" => "Mojolicious","Moped::Msg" => "perl","Moxy" => "Moxy","Moxy::Attribute::CarrierHook" => "Moxy","Moxy::Component::Context" => "Moxy","Moxy::Plugin" => "Moxy","Moxy::Plugin::AuthorizationCutter" => "Moxy","Moxy::Plugin::Bookmark" => "Moxy","Moxy::Plugin::ControlPanel" => "Moxy","Moxy::Plugin::CookieCutter" => "Moxy","Moxy::Plugin::DisableTableTag" => "Moxy","Moxy::Plugin::DisplayWidth" => "Moxy","Moxy::Plugin::FlashUseImgTag" => "Moxy","Moxy::Plugin::GPS" => "Moxy","Moxy::Plugin::GPS::AirHPhone" => "Moxy","Moxy::Plugin::GPS::DoCoMo" => "Moxy","Moxy::Plugin::GPS::EZweb" => "Moxy","Moxy::Plugin::GPS::ThirdForce" => "Moxy","Moxy::Plugin::HTTPHeader" => "Moxy","Moxy::Plugin::Hosts" => "Moxy","Moxy::Plugin::LocationBar" => "Moxy","Moxy::Plugin::OpenSocial" => "Moxy","Moxy::Plugin::Pictogram" => "Moxy","Moxy::Plugin::QRCode" => "Moxy","Moxy::Plugin::RefererCutter" => "Moxy","Moxy::Plugin::RelativeLocation" => "Moxy","Moxy::Plugin::ResponseTime" => "Moxy","Moxy::Plugin::Scrubber" => "Moxy","Moxy::Plugin::ShowHTMLSource" => "Moxy","Moxy::Plugin::ShowHTTPHeaders" => "Moxy","Moxy::Plugin::Status::401" => "Moxy","Moxy::Plugin::Status::404" => "Moxy","Moxy::Plugin::Status::500" => "Moxy","Moxy::Plugin::StripScripts" => "Moxy","Moxy::Plugin::UserAgentSwitcher" => "Moxy","Moxy::Plugin::UserID" => "Moxy","Moxy::Plugin::XMLisHTML" => "Moxy","Moxy::Request" => "Moxy","Moxy::Session::State::BasicAuth" => "Moxy","Moxy::Util" => "Moxy","Mozilla::CA" => "Mozilla-CA","My::Chat" => "SOAP-Lite","My::Examples" => "SOAP-Lite","My::Parameters" => "SOAP-Lite","My::PersistentIterator" => "SOAP-Lite","My::PingPong" => "SOAP-Lite","My::SessionIterator" => "SOAP-Lite","My::TAP::Parser::Iterator::Process::LSF" => "UR","My::TAP::Parser::IteratorFactory::LSF" => "UR","My::TAP::Parser::Multiplexer" => "UR","My::TAP::Parser::Scheduler" => "UR","My::TAP::Parser::Timer" => "UR","MyFeatureFileLoader" => "GBrowse","MySQL::Admin" => "MySQL-Admin","MySQL::Admin::Actions" => "MySQL-Admin","MySQL::Admin::Config" => "MySQL-Admin","MySQL::Admin::Documentation" => "MySQL-Admin","MySQL::Admin::GUI" => "MySQL-Admin","MySQL::Admin::Session" => "MySQL-Admin","MySQL::Admin::Settings" => "MySQL-Admin","MySQL::Admin::Translate" => "MySQL-Admin","MySession" => "App-Netdisco","MyStripScripts" => "HTML-StripScripts","MyTestModule" => "perl","Mysql" => "DBD-mysql","Mysql::Statement" => "DBD-mysql","Mysql::db" => "DBD-mysql","Mysql::dr" => "DBD-mysql","Mysql::st" => "DBD-mysql","NDBM_File" => "perl","Net::CIDR" => "Net-CIDR","Net::CIDR::Lite" => "Net-CIDR-Lite","Net::CIDR::Lite::Span" => "Net-CIDR-Lite","Net::CIDR::Set" => "Net-CIDR-Set","Net::CIDR::Set::IPv4" => "Net-CIDR-Set","Net::CIDR::Set::IPv6" => "Net-CIDR-Set","Net::DNS" => "Net-DNS","Net::DNS::Domain" => "Net-DNS","Net::DNS::DomainName" => "Net-DNS","Net::DNS::DomainName1035" => "Net-DNS","Net::DNS::DomainName2535" => "Net-DNS","Net::DNS::Header" => "Net-DNS","Net::DNS::Mailbox" => "Net-DNS","Net::DNS::Mailbox1035" => "Net-DNS","Net::DNS::Mailbox2535" => "Net-DNS","Net::DNS::Nameserver" => "Net-DNS","Net::DNS::Packet" => "Net-DNS","Net::DNS::Parameters" => "Net-DNS","Net::DNS::Question" => "Net-DNS","Net::DNS::RR" => "Net-DNS","Net::DNS::RR::A" => "Net-DNS","Net::DNS::RR::AAAA" => "Net-DNS","Net::DNS::RR::AFSDB" => "Net-DNS","Net::DNS::RR::AMTRELAY" => "Net-DNS","Net::DNS::RR::APL" => "Net-DNS","Net::DNS::RR::APL::Item" => "Net-DNS","Net::DNS::RR::CAA" => "Net-DNS","Net::DNS::RR::CDNSKEY" => "Net-DNS","Net::DNS::RR::CDS" => "Net-DNS","Net::DNS::RR::CERT" => "Net-DNS","Net::DNS::RR::CNAME" => "Net-DNS","Net::DNS::RR::CSYNC" => "Net-DNS","Net::DNS::RR::DELEG" => "Net-DNS","Net::DNS::RR::DELEGI" => "Net-DNS","Net::DNS::RR::DHCID" => "Net-DNS","Net::DNS::RR::DLV" => "Net-DNS","Net::DNS::RR::DNAME" => "Net-DNS","Net::DNS::RR::DNSKEY" => "Net-DNS","Net::DNS::RR::DS" => "Net-DNS","Net::DNS::RR::DSYNC" => "Net-DNS","Net::DNS::RR::EUI48" => "Net-DNS","Net::DNS::RR::EUI64" => "Net-DNS","Net::DNS::RR::GPOS" => "Net-DNS","Net::DNS::RR::HINFO" => "Net-DNS","Net::DNS::RR::HIP" => "Net-DNS","Net::DNS::RR::HTTPS" => "Net-DNS","Net::DNS::RR::IPSECKEY" => "Net-DNS","Net::DNS::RR::ISDN" => "Net-DNS","Net::DNS::RR::KEY" => "Net-DNS","Net::DNS::RR::KX" => "Net-DNS","Net::DNS::RR::L32" => "Net-DNS","Net::DNS::RR::L64" => "Net-DNS","Net::DNS::RR::LOC" => "Net-DNS","Net::DNS::RR::LP" => "Net-DNS","Net::DNS::RR::MB" => "Net-DNS","Net::DNS::RR::MG" => "Net-DNS","Net::DNS::RR::MINFO" => "Net-DNS","Net::DNS::RR::MR" => "Net-DNS","Net::DNS::RR::MX" => "Net-DNS","Net::DNS::RR::NAPTR" => "Net-DNS","Net::DNS::RR::NID" => "Net-DNS","Net::DNS::RR::NS" => "Net-DNS","Net::DNS::RR::NSEC" => "Net-DNS","Net::DNS::RR::NSEC3" => "Net-DNS","Net::DNS::RR::NSEC3PARAM" => "Net-DNS","Net::DNS::RR::NULL" => "Net-DNS","Net::DNS::RR::OPENPGPKEY" => "Net-DNS","Net::DNS::RR::OPT" => "Net-DNS","Net::DNS::RR::OPT::CHAIN" => "Net-DNS","Net::DNS::RR::OPT::CLIENT_SUBNET" => "Net-DNS","Net::DNS::RR::OPT::COOKIE" => "Net-DNS","Net::DNS::RR::OPT::DAU" => "Net-DNS","Net::DNS::RR::OPT::DHU" => "Net-DNS","Net::DNS::RR::OPT::EXPIRE" => "Net-DNS","Net::DNS::RR::OPT::EXTENDED_ERROR" => "Net-DNS","Net::DNS::RR::OPT::KEY_TAG" => "Net-DNS","Net::DNS::RR::OPT::N3U" => "Net-DNS","Net::DNS::RR::OPT::NSID" => "Net-DNS","Net::DNS::RR::OPT::PADDING" => "Net-DNS","Net::DNS::RR::OPT::REPORT_CHANNEL" => "Net-DNS","Net::DNS::RR::OPT::TCP_KEEPALIVE" => "Net-DNS","Net::DNS::RR::OPT::ZONEVERSION" => "Net-DNS","Net::DNS::RR::PTR" => "Net-DNS","Net::DNS::RR::PX" => "Net-DNS","Net::DNS::RR::RESINFO" => "Net-DNS","Net::DNS::RR::RP" => "Net-DNS","Net::DNS::RR::RRSIG" => "Net-DNS","Net::DNS::RR::RT" => "Net-DNS","Net::DNS::RR::SIG" => "Net-DNS","Net::DNS::RR::SMIMEA" => "Net-DNS","Net::DNS::RR::SOA" => "Net-DNS","Net::DNS::RR::SPF" => "Net-DNS","Net::DNS::RR::SRV" => "Net-DNS","Net::DNS::RR::SSHFP" => "Net-DNS","Net::DNS::RR::SVCB" => "Net-DNS","Net::DNS::RR::TKEY" => "Net-DNS","Net::DNS::RR::TLSA" => "Net-DNS","Net::DNS::RR::TSIG" => "Net-DNS","Net::DNS::RR::TXT" => "Net-DNS","Net::DNS::RR::URI" => "Net-DNS","Net::DNS::RR::X25" => "Net-DNS","Net::DNS::RR::ZONEMD" => "Net-DNS","Net::DNS::Resolver" => "Net-DNS","Net::DNS::Resolver::Base" => "Net-DNS","Net::DNS::Resolver::MSWin32" => "Net-DNS","Net::DNS::Resolver::Recurse" => "Net-DNS","Net::DNS::Resolver::UNIX" => "Net-DNS","Net::DNS::Resolver::android" => "Net-DNS","Net::DNS::Resolver::cygwin" => "Net-DNS","Net::DNS::Resolver::os2" => "Net-DNS","Net::DNS::Resolver::os390" => "Net-DNS","Net::DNS::Text" => "Net-DNS","Net::DNS::Update" => "Net-DNS","Net::DNS::ZoneFile" => "Net-DNS","Net::DNS::ZoneFile::Generator" => "Net-DNS","Net::DNS::ZoneFile::Text" => "Net-DNS","Net::Dropbear" => "Net-Dropbear","Net::Dropbear::SSH" => "Net-Dropbear","Net::Dropbear::SSHd" => "Net-Dropbear","Net::Dropbear::XS" => "Net-Dropbear","Net::Dropbear::XS::AuthState" => "Net-Dropbear","Net::Dropbear::XS::SessionAccept" => "Net-Dropbear","Net::Dropbox::API" => "Net-Dropbox-API","Net::EasyTCP" => "EasyTCP","Net::IP::LPM" => "Net-IP-LPM","Net::IPAddress::Util" => "Net-IPAddress-Util","Net::IPAddress::Util::Collection" => "Net-IPAddress-Util","Net::IPAddress::Util::Collection::Tie" => "Net-IPAddress-Util","Net::IPAddress::Util::Range" => "Net-IPAddress-Util","Net::IPv4Addr" => "Net-IPv4Addr","Net::LDAP" => "perl-ldap","Net::LDAP::ASN" => "perl-ldap","Net::LDAP::Bind" => "perl-ldap","Net::LDAP::Constant" => "perl-ldap","Net::LDAP::Control" => "perl-ldap","Net::LDAP::Control::Assertion" => "perl-ldap","Net::LDAP::Control::DontUseCopy" => "perl-ldap","Net::LDAP::Control::EntryChange" => "perl-ldap","Net::LDAP::Control::ManageDsaIT" => "perl-ldap","Net::LDAP::Control::MatchedValues" => "perl-ldap","Net::LDAP::Control::NoOp" => "perl-ldap","Net::LDAP::Control::Paged" => "perl-ldap","Net::LDAP::Control::PasswordPolicy" => "perl-ldap","Net::LDAP::Control::PersistentSearch" => "perl-ldap","Net::LDAP::Control::PostRead" => "perl-ldap","Net::LDAP::Control::PreRead" => "perl-ldap","Net::LDAP::Control::ProxyAuth" => "perl-ldap","Net::LDAP::Control::Relax" => "perl-ldap","Net::LDAP::Control::Sort" => "perl-ldap","Net::LDAP::Control::SortResult" => "perl-ldap","Net::LDAP::Control::Subentries" => "perl-ldap","Net::LDAP::Control::SyncDone" => "perl-ldap","Net::LDAP::Control::SyncRequest" => "perl-ldap","Net::LDAP::Control::SyncState" => "perl-ldap","Net::LDAP::Control::TreeDelete" => "perl-ldap","Net::LDAP::Control::VLV" => "perl-ldap","Net::LDAP::Control::VLVResponse" => "perl-ldap","Net::LDAP::DSML" => "perl-ldap","Net::LDAP::DSML::output" => "perl-ldap","Net::LDAP::DSML::pp" => "perl-ldap","Net::LDAP::Entry" => "perl-ldap","Net::LDAP::Extension" => "perl-ldap","Net::LDAP::Extension::Cancel" => "perl-ldap","Net::LDAP::Extension::Refresh" => "perl-ldap","Net::LDAP::Extension::SetPassword" => "perl-ldap","Net::LDAP::Extension::WhoAmI" => "perl-ldap","Net::LDAP::Extra" => "perl-ldap","Net::LDAP::Extra::AD" => "perl-ldap","Net::LDAP::Extra::eDirectory" => "perl-ldap","Net::LDAP::Filter" => "perl-ldap","Net::LDAP::FilterList" => "perl-ldap","Net::LDAP::FilterMatch" => "perl-ldap","Net::LDAP::Intermediate" => "perl-ldap","Net::LDAP::Intermediate::SyncInfo" => "perl-ldap","Net::LDAP::LDIF" => "perl-ldap","Net::LDAP::Message" => "perl-ldap","Net::LDAP::Message::Dummy" => "perl-ldap","Net::LDAP::Reference" => "perl-ldap","Net::LDAP::RootDSE" => "perl-ldap","Net::LDAP::Schema" => "perl-ldap","Net::LDAP::Search" => "perl-ldap","Net::LDAP::Util" => "perl-ldap","Net::LDAPI" => "perl-ldap","Net::LDAPS" => "perl-ldap","Net::NSCA::Client" => "Net-NSCA-Client","Net::NSCA::Client::Connection" => "Net-NSCA-Client","Net::NSCA::Client::Connection::TLS" => "Net-NSCA-Client","Net::NSCA::Client::DataPacket" => "Net-NSCA-Client","Net::NSCA::Client::InitialPacket" => "Net-NSCA-Client","Net::NSCA::Client::Library" => "Net-NSCA-Client","Net::NSCA::Client::ServerConfig" => "Net-NSCA-Client","Net::NSCA::Client::Utils" => "Net-NSCA-Client","Net::Netmask" => "Net-Netmask","Net::OAuth" => "Net-OAuth","Net::OAuth::AccessToken" => "Net-OAuth","Net::OAuth::AccessTokenRequest" => "Net-OAuth","Net::OAuth::AccessTokenResponse" => "Net-OAuth","Net::OAuth::Client" => "Net-OAuth","Net::OAuth::ConsumerRequest" => "Net-OAuth","Net::OAuth::Message" => "Net-OAuth","Net::OAuth::ProtectedResourceRequest" => "Net-OAuth","Net::OAuth::Request" => "Net-OAuth","Net::OAuth::RequestTokenRequest" => "Net-OAuth","Net::OAuth::RequestTokenResponse" => "Net-OAuth","Net::OAuth::Response" => "Net-OAuth","Net::OAuth::SignatureMethod::HMAC_SHA1" => "Net-OAuth","Net::OAuth::SignatureMethod::HMAC_SHA256" => "Net-OAuth","Net::OAuth::SignatureMethod::PLAINTEXT" => "Net-OAuth","Net::OAuth::SignatureMethod::RSA_SHA1" => "Net-OAuth","Net::OAuth::UserAuthRequest" => "Net-OAuth","Net::OAuth::UserAuthResponse" => "Net-OAuth","Net::OAuth::V1_0A::AccessTokenRequest" => "Net-OAuth","Net::OAuth::V1_0A::RequestTokenRequest" => "Net-OAuth","Net::OAuth::V1_0A::RequestTokenResponse" => "Net-OAuth","Net::OAuth::V1_0A::UserAuthResponse" => "Net-OAuth","Net::OAuth::XauthAccessTokenRequest" => "Net-OAuth","Net::OAuth::YahooAccessTokenRefreshRequest" => "Net-OAuth","Net::OpenID::Association" => "Net-OpenID-Consumer","Net::OpenID::ClaimedIdentity" => "Net-OpenID-Consumer","Net::OpenID::Consumer" => "Net-OpenID-Consumer","Net::OpenID::VerifiedIdentity" => "Net-OpenID-Consumer","Net::Ping::External" => "Net-Ping-External","Net::SNMP" => "Net-SNMP","Net::SNMP::Dispatcher" => "Net-SNMP","Net::SNMP::Message" => "Net-SNMP","Net::SNMP::MessageProcessing" => "Net-SNMP","Net::SNMP::PDU" => "Net-SNMP","Net::SNMP::Security" => "Net-SNMP","Net::SNMP::Security::Community" => "Net-SNMP","Net::SNMP::Security::USM" => "Net-SNMP","Net::SNMP::Transport" => "Net-SNMP","Net::SNMP::Transport::IPv4" => "Net-SNMP","Net::SNMP::Transport::IPv4::TCP" => "Net-SNMP","Net::SNMP::Transport::IPv4::UDP" => "Net-SNMP","Net::SNMP::Transport::IPv6" => "Net-SNMP","Net::SNMP::Transport::IPv6::TCP" => "Net-SNMP","Net::SNMP::Transport::IPv6::UDP" => "Net-SNMP","Net::SNMP::Transport::TCP" => "Net-SNMP","Net::SNMP::Transport::TCP6" => "Net-SNMP","Net::SNMP::Transport::UDP" => "Net-SNMP","Net::SNMP::Transport::UDP6" => "Net-SNMP","Net::SSLeay" => "Net-SSLeay","Net::SSLeay::Handle" => "Net-SSLeay","Net::Server" => "Net-Server","Net::Server::Coro" => "Net-Server-Coro","Net::Server::Daemonize" => "Net-Server","Net::Server::Fork" => "Net-Server","Net::Server::HTTP" => "Net-Server","Net::Server::INET" => "Net-Server","Net::Server::INET::Handle" => "Net-Server","Net::Server::IP" => "Net-Server","Net::Server::Log::Log::Log4perl" => "Net-Server","Net::Server::Log::Sys::Syslog" => "Net-Server","Net::Server::MultiType" => "Net-Server","Net::Server::Multiplex" => "Net-Server","Net::Server::Multiplex::MUX" => "Net-Server","Net::Server::PSGI" => "Net-Server","Net::Server::PreFork" => "Net-Server","Net::Server::PreForkSimple" => "Net-Server","Net::Server::Proto" => "Net-Server","Net::Server::Proto::Coro" => "Net-Server-Coro","Net::Server::Proto::Coro::FH" => "Net-Server-Coro","Net::Server::Proto::SSL" => "Net-Server","Net::Server::Proto::SSLEAY" => "Net-Server","Net::Server::Proto::TCP" => "Net-Server","Net::Server::Proto::UDP" => "Net-Server","Net::Server::Proto::UNIX" => "Net-Server","Net::Server::Proto::UNIXDGRAM" => "Net-Server","Net::Server::SIG" => "Net-Server","Net::Server::Single" => "Net-Server","Net::Server::Thread" => "Net-Server","Net::Server::TiedHandle" => "Net-Server","Net::Xero" => "Net-Xero","Net::hostent" => "perl","Net::netent" => "perl","Net::protoent" => "perl","Net::servent" => "perl","Nginx" => "Nginx-Perl","Nginx::Perl" => "Nginx-Perl","Nginx::Test" => "Nginx-Perl","Nginx::Test::Child" => "Nginx-Perl","NginxPerlTest" => "Nginx-Perl","O" => "perl","ODBM_File" => "perl","OS2::DLL" => "perl","OS2::DLL::dll" => "perl","OS2::ExtAttr" => "perl","OS2::PrfDB" => "perl","OS2::PrfDB::Hini" => "perl","OS2::PrfDB::Sub" => "perl","OS2::Process" => "perl","OS2::REXX" => "perl","OS2::REXX::_ARRAY" => "perl","OS2::REXX::_HASH" => "perl","OS2::REXX::_SCALAR" => "perl","OS2::localMorphPM" => "perl","Opcode" => "perl","OptreeCheck" => "perl","Otogiri" => "Otogiri","OverloadedClass" => "CGI-Session","OverloadedObjectClass" => "CGI-Session","PAR" => "PAR","PAR::Filter" => "PAR-Packer","PAR::Filter::Bleach" => "PAR-Packer","PAR::Filter::Bytecode" => "PAR-Packer","PAR::Filter::Obfuscate" => "PAR-Packer","PAR::Filter::PatchContent" => "PAR-Packer","PAR::Filter::PodStrip" => "PAR-Packer","PAR::Heavy" => "PAR","PAR::Packer" => "PAR-Packer","PAR::SetupProgname" => "PAR","PAR::SetupTemp" => "PAR","PAR::StrippedPARL::Base" => "PAR-Packer","PApp" => "PApp","PApp::Admin" => "PApp","PApp::Application" => "PApp","PApp::Application::Agni" => "PApp","PApp::CGI" => "PApp","PApp::CGI::Connection" => "PApp","PApp::CGI::Request" => "PApp","PApp::Callback" => "PApp","PApp::Callback::Function" => "PApp","PApp::Config" => "PApp","PApp::DataRef" => "PApp","PApp::DataRef::Base" => "PApp","PApp::DataRef::DB_row" => "PApp","PApp::DataRef::Hash::Proxy" => "PApp","PApp::DataRef::Scalar" => "PApp","PApp::DataRef::Scalar::Proxy" => "PApp","PApp::ECMAScript" => "PApp","PApp::ECMAScript::Layer" => "PApp","PApp::EditForm" => "PApp","PApp::Env" => "PApp","PApp::Event" => "PApp","PApp::Exception" => "PApp","PApp::FormBuffer" => "PApp","PApp::HTML" => "PApp","PApp::I18n" => "PApp","PApp::I18n::PO_Reader" => "PApp","PApp::I18n::PO_Writer" => "PApp","PApp::Lock" => "PApp","PApp::Log" => "PApp","PApp::MimeType" => "PApp","PApp::PCode" => "PApp","PApp::Prefs" => "PApp","PApp::Preprocessor" => "PApp","PApp::Recode" => "PApp","PApp::SCGI" => "PApp","PApp::SCGI::PApp" => "PApp","PApp::SCGI::Worker" => "PApp","PApp::Session" => "PApp","PApp::Storable" => "PApp","PApp::User" => "PApp","PApp::UserObs" => "PApp","PApp::Util" => "PApp","PApp::XBox" => "PApp","PApp::XML" => "PApp","PApp::XML::Pod2xml" => "PApp","PApp::XML::Template" => "PApp","PApp::XPCSE" => "PApp","PApp::XSLT" => "PApp","PApp::XSLT::LibXSLT" => "PApp","PApp::XSLT::Sablotron" => "PApp","PGObject::Util::DBAdmin" => "PGObject-Util-DBAdmin","PODServer" => "Squatting","PODServer::Controllers" => "Squatting","PODServer::Views" => "Squatting","POE::Component::IRC" => "POE-Component-IRC","POE::Component::IRC::Common" => "POE-Component-IRC","POE::Component::IRC::Constants" => "POE-Component-IRC","POE::Component::IRC::Plugin" => "POE-Component-IRC","POE::Component::IRC::Plugin::AutoJoin" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotAddressed" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotCommand" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotTraffic" => "POE-Component-IRC","POE::Component::IRC::Plugin::CTCP" => "POE-Component-IRC","POE::Component::IRC::Plugin::Connector" => "POE-Component-IRC","POE::Component::IRC::Plugin::Console" => "POE-Component-IRC","POE::Component::IRC::Plugin::CycleEmpty" => "POE-Component-IRC","POE::Component::IRC::Plugin::DCC" => "POE-Component-IRC","POE::Component::IRC::Plugin::FollowTail" => "POE-Component-IRC","POE::Component::IRC::Plugin::ISupport" => "POE-Component-IRC","POE::Component::IRC::Plugin::Logger" => "POE-Component-IRC","POE::Component::IRC::Plugin::NickReclaim" => "POE-Component-IRC","POE::Component::IRC::Plugin::NickServID" => "POE-Component-IRC","POE::Component::IRC::Plugin::PlugMan" => "POE-Component-IRC","POE::Component::IRC::Plugin::Proxy" => "POE-Component-IRC","POE::Component::IRC::Plugin::Whois" => "POE-Component-IRC","POE::Component::IRC::Qnet" => "POE-Component-IRC","POE::Component::IRC::Qnet::State" => "POE-Component-IRC","POE::Component::IRC::State" => "POE-Component-IRC","POE::Filter::IRC" => "POE-Component-IRC","POE::Filter::IRC::Compat" => "POE-Component-IRC","POSIX" => "perl","POSIX::2008" => "POSIX-2008","POSIX::SigAction" => "perl","POSIX::SigRt" => "perl","POSIX::SigSet" => "perl","PalImg" => "Perlbal","PaletteModify" => "Perlbal","Parallel::ForkManager" => "Parallel-ForkManager","Parallel::ForkManager::Child" => "Parallel-ForkManager","Parse::ePerl" => "eperl","Perl6::MakeMaker" => "Perl6-Pugs","Perl6::Pugs" => "Perl6-Pugs","Perl6::Pugs::Config" => "Perl6-Pugs","Perl6::Pugs::Config::MiniYAML" => "Perl6-Pugs","Perl::Tidy" => "Perl-Tidy","Perl::Tidy::Debugger" => "Perl-Tidy","Perl::Tidy::DevNull" => "Perl-Tidy","Perl::Tidy::Diagnostics" => "Perl-Tidy","Perl::Tidy::FileWriter" => "Perl-Tidy","Perl::Tidy::Formatter" => "Perl-Tidy","Perl::Tidy::HtmlWriter" => "Perl-Tidy","Perl::Tidy::IOScalar" => "Perl-Tidy","Perl::Tidy::IOScalarArray" => "Perl-Tidy","Perl::Tidy::IndentationItem" => "Perl-Tidy","Perl::Tidy::LineBuffer" => "Perl-Tidy","Perl::Tidy::LineSink" => "Perl-Tidy","Perl::Tidy::LineSource" => "Perl-Tidy","Perl::Tidy::Logger" => "Perl-Tidy","Perl::Tidy::Tokenizer" => "Perl-Tidy","Perl::Tidy::VerticalAligner" => "Perl-Tidy","Perl::Tidy::VerticalAligner::Alignment" => "Perl-Tidy","Perl::Tidy::VerticalAligner::Line" => "Perl-Tidy","Perl::Version" => "Perl-Version","PerlIO" => "perl","PerlIO::encoding" => "perl","PerlIO::mmap" => "perl","PerlIO::scalar" => "perl","PerlIO::via" => "perl","PerlTmp" => "Batch-Batchrun","Perlbal" => "Perlbal","Perlbal::AIO" => "Perlbal","Perlbal::BackendHTTP" => "Perlbal","Perlbal::Cache" => "Perlbal","Perlbal::ChunkedUploadState" => "Perlbal","Perlbal::ClientHTTP" => "Perlbal","Perlbal::ClientHTTPBase" => "Perlbal","Perlbal::ClientManage" => "Perlbal","Perlbal::ClientProxy" => "Perlbal","Perlbal::CommandContext" => "Perlbal","Perlbal::Fields" => "Perlbal","Perlbal::HTTPHeaders" => "Perlbal","Perlbal::ManageCommand" => "Perlbal","Perlbal::Plugin::AccessControl" => "Perlbal","Perlbal::Plugin::AutoRemoveLeadingDir" => "Perlbal","Perlbal::Plugin::Cgilike" => "Perlbal","Perlbal::Plugin::Cgilike::Request" => "Perlbal","Perlbal::Plugin::EchoService" => "Perlbal","Perlbal::Plugin::EchoService::Client" => "Perlbal","Perlbal::Plugin::FlvStreaming" => "Perlbal","Perlbal::Plugin::Highpri" => "Perlbal","Perlbal::Plugin::Include" => "Perlbal","Perlbal::Plugin::LazyCDN" => "Perlbal","Perlbal::Plugin::MaxContentLength" => "Perlbal","Perlbal::Plugin::NotModified" => "Perlbal","Perlbal::Plugin::Palimg" => "Perlbal","Perlbal::Plugin::Queues" => "Perlbal","Perlbal::Plugin::Redirect" => "Perlbal","Perlbal::Plugin::Stats" => "Perlbal","Perlbal::Plugin::Stats::Storage" => "Perlbal","Perlbal::Plugin::Throttle" => "Perlbal","Perlbal::Plugin::Throttle::Store" => "Perlbal","Perlbal::Plugin::Throttle::Store::Memcached" => "Perlbal","Perlbal::Plugin::Throttle::Store::Memory" => "Perlbal","Perlbal::Plugin::Vhosts" => "Perlbal","Perlbal::Plugin::Vpaths" => "Perlbal","Perlbal::Plugin::XFFExtras" => "Perlbal","Perlbal::Pool" => "Perlbal","Perlbal::ReproxyManager" => "Perlbal","Perlbal::Service" => "Perlbal","Perlbal::Socket" => "Perlbal","Perlbal::SocketSSL" => "Perlbal","Perlbal::SocketSSL2" => "Perlbal","Perlbal::TCPListener" => "Perlbal","Perlbal::Test" => "Perlbal","Perlbal::Test::WebClient" => "Perlbal","Perlbal::Test::WebServer" => "Perlbal","Perlbal::UploadListener" => "Perlbal","Perlbal::Util" => "Perlbal","Perldoc::Server" => "Perldoc-Server","Perldoc::Server::Controller::Ajax" => "Perldoc-Server","Perldoc::Server::Controller::Ajax::PerlSyntax" => "Perldoc-Server","Perldoc::Server::Controller::Functions" => "Perldoc-Server","Perldoc::Server::Controller::Index" => "Perldoc-Server","Perldoc::Server::Controller::Index::Modules" => "Perldoc-Server","Perldoc::Server::Controller::Root" => "Perldoc-Server","Perldoc::Server::Controller::Search" => "Perldoc-Server","Perldoc::Server::Controller::Source" => "Perldoc-Server","Perldoc::Server::Controller::View" => "Perldoc-Server","Perldoc::Server::Convert::html" => "Perldoc-Server","Perldoc::Server::Model::Index" => "Perldoc-Server","Perldoc::Server::Model::PerlFunc" => "Perldoc-Server","Perldoc::Server::Model::Pod" => "Perldoc-Server","Perldoc::Server::Model::Section" => "Perldoc-Server","Perldoc::Server::View::Function" => "Perldoc-Server","Perldoc::Server::View::OpenThoughtTT" => "Perldoc-Server","Perldoc::Server::View::Pod2HTML" => "Perldoc-Server","Perldoc::Server::View::Pod2Source" => "Perldoc-Server","Perldoc::Server::View::TT" => "Perldoc-Server","PhonyClipboard" => "Clipboard","Pinto" => "Pinto","Pinto::Action" => "Pinto","Pinto::Action::Add" => "Pinto","Pinto::Action::Clean" => "Pinto","Pinto::Action::Copy" => "Pinto","Pinto::Action::Default" => "Pinto","Pinto::Action::Delete" => "Pinto","Pinto::Action::Diff" => "Pinto","Pinto::Action::Install" => "Pinto","Pinto::Action::Kill" => "Pinto","Pinto::Action::List" => "Pinto","Pinto::Action::Lock" => "Pinto","Pinto::Action::Log" => "Pinto","Pinto::Action::Look" => "Pinto","Pinto::Action::Merge" => "Pinto","Pinto::Action::New" => "Pinto","Pinto::Action::Nop" => "Pinto","Pinto::Action::Pin" => "Pinto","Pinto::Action::Props" => "Pinto","Pinto::Action::Pull" => "Pinto","Pinto::Action::Register" => "Pinto","Pinto::Action::Rename" => "Pinto","Pinto::Action::Reset" => "Pinto","Pinto::Action::Revert" => "Pinto","Pinto::Action::Roots" => "Pinto","Pinto::Action::Stacks" => "Pinto","Pinto::Action::Statistics" => "Pinto","Pinto::Action::Unlock" => "Pinto","Pinto::Action::Unpin" => "Pinto","Pinto::Action::Unregister" => "Pinto","Pinto::Action::Update" => "Pinto","Pinto::Action::Verify" => "Pinto","Pinto::ArchiveUnpacker" => "Pinto","Pinto::Chrome" => "Pinto","Pinto::Chrome::Net" => "Pinto","Pinto::Chrome::Term" => "Pinto","Pinto::CommitMessage" => "Pinto","Pinto::Config" => "Pinto","Pinto::Constants" => "Pinto","Pinto::Database" => "Pinto","Pinto::Difference" => "Pinto","Pinto::DifferenceEntry" => "Pinto","Pinto::DistributionSpec" => "Pinto","Pinto::Editor" => "Pinto","Pinto::Editor::Clip" => "Pinto","Pinto::Editor::Edit" => "Pinto","Pinto::Exception" => "Pinto","Pinto::Globals" => "Pinto","Pinto::IndexCache" => "Pinto","Pinto::IndexReader" => "Pinto","Pinto::IndexWriter" => "Pinto","Pinto::Initializer" => "Pinto","Pinto::Locator" => "Pinto","Pinto::Locator::Mirror" => "Pinto","Pinto::Locator::Multiplex" => "Pinto","Pinto::Locator::Stratopan" => "Pinto","Pinto::Locker" => "Pinto","Pinto::Manual" => "Pinto","Pinto::Manual::Installing" => "Pinto","Pinto::Manual::Introduction" => "Pinto","Pinto::Manual::QuickStart" => "Pinto","Pinto::Manual::Thanks" => "Pinto","Pinto::Manual::Tutorial" => "Pinto","Pinto::Migrator" => "Pinto","Pinto::ModlistWriter" => "Pinto","Pinto::PackageExtractor" => "Pinto","Pinto::PackageSpec" => "Pinto","Pinto::PrerequisiteWalker" => "Pinto","Pinto::Remote" => "Pinto","Pinto::Remote::Action" => "Pinto","Pinto::Remote::Action::Add" => "Pinto","Pinto::Remote::Action::Install" => "Pinto","Pinto::Remote::Result" => "Pinto","Pinto::Repository" => "Pinto","Pinto::Result" => "Pinto","Pinto::RevisionWalker" => "Pinto","Pinto::Role::Committable" => "Pinto","Pinto::Role::FileFetcher" => "Pinto","Pinto::Role::Installer" => "Pinto","Pinto::Role::PauseConfig" => "Pinto","Pinto::Role::Plated" => "Pinto","Pinto::Role::Puller" => "Pinto","Pinto::Role::Schema::Result" => "Pinto","Pinto::Role::Transactional" => "Pinto","Pinto::Role::UserAgent" => "Pinto","Pinto::Schema" => "Pinto","Pinto::Schema::Result::Ancestry" => "Pinto","Pinto::Schema::Result::Distribution" => "Pinto","Pinto::Schema::Result::Package" => "Pinto","Pinto::Schema::Result::Prerequisite" => "Pinto","Pinto::Schema::Result::Registration" => "Pinto","Pinto::Schema::Result::RegistrationChange" => "Pinto","Pinto::Schema::Result::Revision" => "Pinto","Pinto::Schema::Result::Stack" => "Pinto","Pinto::Schema::ResultSet::Distribution" => "Pinto","Pinto::Schema::ResultSet::Package" => "Pinto","Pinto::Schema::ResultSet::Registration" => "Pinto","Pinto::Server" => "Pinto","Pinto::Server::Responder" => "Pinto","Pinto::Server::Responder::Action" => "Pinto","Pinto::Server::Responder::File" => "Pinto","Pinto::Server::Router" => "Pinto","Pinto::Shell" => "Pinto","Pinto::SpecFactory" => "Pinto","Pinto::Statistics" => "Pinto","Pinto::Store" => "Pinto","Pinto::Target" => "Pinto","Pinto::Target::Distribution" => "Pinto","Pinto::Target::Package" => "Pinto","Pinto::Types" => "Pinto","Pinto::Util" => "Pinto","Plack" => "Plack","Plack::App::CGIBin" => "Plack","Plack::App::Cascade" => "Plack","Plack::App::Debugger" => "Plack-Debugger","Plack::App::Directory" => "Plack","Plack::App::File" => "Plack","Plack::App::PSGIBin" => "Plack","Plack::App::URLMap" => "Plack","Plack::App::WrapCGI" => "Plack","Plack::App::XAO" => "XAO-Web","Plack::Builder" => "Plack","Plack::Component" => "Plack","Plack::Debugger" => "Plack-Debugger","Plack::Debugger::Panel" => "Plack-Debugger","Plack::Debugger::Panel::AJAX" => "Plack-Debugger","Plack::Debugger::Panel::Environment" => "Plack-Debugger","Plack::Debugger::Panel::Memory" => "Plack-Debugger","Plack::Debugger::Panel::ModuleVersions" => "Plack-Debugger","Plack::Debugger::Panel::Parameters" => "Plack-Debugger","Plack::Debugger::Panel::PerlConfig" => "Plack-Debugger","Plack::Debugger::Panel::PlackRequest" => "Plack-Debugger","Plack::Debugger::Panel::PlackResponse" => "Plack-Debugger","Plack::Debugger::Panel::Timer" => "Plack-Debugger","Plack::Debugger::Panel::Warnings" => "Plack-Debugger","Plack::Debugger::Storage" => "Plack-Debugger","Plack::HTTPParser" => "Plack","Plack::HTTPParser::PP" => "Plack","Plack::Handler" => "Plack","Plack::Handler::Apache1" => "Plack","Plack::Handler::Apache2" => "Plack","Plack::Handler::Apache2::Registry" => "Plack","Plack::Handler::CGI" => "Plack","Plack::Handler::CGI::Writer" => "Plack","Plack::Handler::FCGI" => "Plack","Plack::Handler::HTTP::Server::PSGI" => "Plack","Plack::Handler::Standalone" => "Plack","Plack::LWPish" => "Plack","Plack::Loader" => "Plack","Plack::Loader::Delayed" => "Plack","Plack::Loader::Restarter" => "Plack","Plack::Loader::Shotgun" => "Plack","Plack::MIME" => "Plack","Plack::Middleware" => "Plack","Plack::Middleware::AccessLog" => "Plack","Plack::Middleware::AccessLog::Timed" => "Plack","Plack::Middleware::Auth::Basic" => "Plack","Plack::Middleware::Auth::LemonldapNG" => "Lemonldap-NG-Handler","Plack::Middleware::Bootstrap" => "Plack-Middleware-Bootstrap","Plack::Middleware::BufferedStreaming" => "Plack","Plack::Middleware::Chunked" => "Plack","Plack::Middleware::Conditional" => "Plack","Plack::Middleware::ConditionalGET" => "Plack","Plack::Middleware::ContentLength" => "Plack","Plack::Middleware::ContentMD5" => "Plack","Plack::Middleware::Debugger::Collector" => "Plack-Debugger","Plack::Middleware::Debugger::Injector" => "Plack-Debugger","Plack::Middleware::ErrorDocument" => "Plack","Plack::Middleware::HTTPExceptions" => "Plack","Plack::Middleware::Head" => "Plack","Plack::Middleware::IIS6ScriptNameFix" => "Plack","Plack::Middleware::IIS7KeepAliveFix" => "Plack","Plack::Middleware::JSONP" => "Plack","Plack::Middleware::LighttpdScriptNameFix" => "Plack","Plack::Middleware::Lint" => "Plack","Plack::Middleware::Log4perl" => "Plack","Plack::Middleware::LogDispatch" => "Plack","Plack::Middleware::NullLogger" => "Plack","Plack::Middleware::RearrangeHeaders" => "Plack","Plack::Middleware::Recursive" => "Plack","Plack::Middleware::Refresh" => "Plack","Plack::Middleware::Runtime" => "Plack","Plack::Middleware::Session" => "Plack-Middleware-Session","Plack::Middleware::Session::Cookie" => "Plack-Middleware-Session","Plack::Middleware::Session::Simple" => "Plack-Middleware-Session-Simple","Plack::Middleware::Session::Simple::Session" => "Plack-Middleware-Session-Simple","Plack::Middleware::SimpleContentFilter" => "Plack","Plack::Middleware::SimpleLogger" => "Plack","Plack::Middleware::StackTrace" => "Plack","Plack::Middleware::Static" => "Plack","Plack::Middleware::StaticShared" => "Plack-Middleware-StaticShared","Plack::Middleware::Statsd" => "Plack-Middleware-Statsd","Plack::Middleware::Writer" => "Plack","Plack::Middleware::XFramework" => "Plack","Plack::Middleware::XSRFBlock" => "Plack-Middleware-XSRFBlock","Plack::Middleware::XSendfile" => "Plack","Plack::Recursive::ForwardRequest" => "Plack","Plack::Request" => "Plack","Plack::Request::Upload" => "Plack","Plack::Response" => "Plack","Plack::Runner" => "Plack","Plack::Server" => "Plack","Plack::Server::Apache1" => "Plack","Plack::Server::Apache2" => "Plack","Plack::Server::CGI" => "Plack","Plack::Server::FCGI" => "Plack","Plack::Server::ServerSimple" => "Plack","Plack::Server::Standalone" => "Plack","Plack::Server::Standalone::Prefork" => "Plack","Plack::Session" => "Plack-Middleware-Session","Plack::Session::Cleanup" => "Plack-Middleware-Session","Plack::Session::State" => "Plack-Middleware-Session","Plack::Session::State::Cookie" => "Plack-Middleware-Session","Plack::Session::Store" => "Plack-Middleware-Session","Plack::Session::Store::Cache" => "Plack-Middleware-Session","Plack::Session::Store::DBI" => "Plack-Middleware-Session","Plack::Session::Store::File" => "Plack-Middleware-Session","Plack::Session::Store::Null" => "Plack-Middleware-Session","Plack::TempBuffer" => "Plack","Plack::TempBuffer::Auto" => "Plack","Plack::TempBuffer::File" => "Plack","Plack::TempBuffer::PerlIO" => "Plack","Plack::Test" => "Plack","Plack::Test::Debugger" => "Plack-Debugger","Plack::Test::Debugger::ResultGenerator" => "Plack-Debugger","Plack::Test::MockHTTP" => "Plack","Plack::Test::MockHTTP::WithCleanupHandlers" => "Plack-Debugger","Plack::Test::Server" => "Plack","Plack::Test::Suite" => "Plack","Plack::Util" => "Plack","Plack::Util::Accessor" => "Plack","Plack::Util::IOWithPath" => "Plack","Plack::Util::Prototype" => "Plack","Pod::Html" => "perl","Pod::Html::Util" => "perl","Pod::Perldoc" => "Pod-Perldoc","Pod::Perldoc::BaseTo" => "Pod-Perldoc","Pod::Perldoc::GetOptsOO" => "Pod-Perldoc","Pod::Perldoc::ToANSI" => "Pod-Perldoc","Pod::Perldoc::ToChecker" => "Pod-Perldoc","Pod::Perldoc::ToMan" => "Pod-Perldoc","Pod::Perldoc::ToNroff" => "Pod-Perldoc","Pod::Perldoc::ToPod" => "Pod-Perldoc","Pod::Perldoc::ToRtf" => "Pod-Perldoc","Pod::Perldoc::ToTerm" => "Pod-Perldoc","Pod::Perldoc::ToText" => "Pod-Perldoc","Pod::Perldoc::ToTk" => "Pod-Perldoc","Pod::Perldoc::ToXml" => "Pod-Perldoc","Pod::Simple::XHTML::LocalPodLinks" => "perl","Porting::updateAUTHORS" => "perl","Proc::Daemon" => "Proc-Daemon","Proc::Killall" => "Proc-ProcessTable","Proc::Killfam" => "Proc-ProcessTable","Proc::ProcessTable" => "Proc-ProcessTable","Proc::ProcessTable::Process" => "Proc-ProcessTable","Pugs::MakeMaker" => "Perl6-Pugs","PugsConfig" => "Perl6-Pugs","RDF::Redland" => "Redland","RDF::Redland::BlankNode" => "Redland","RDF::Redland::CORE" => "Redland","RDF::Redland::COREc" => "Redland","RDF::Redland::Iterator" => "Redland","RDF::Redland::LiteralNode" => "Redland","RDF::Redland::Model" => "Redland","RDF::Redland::Node" => "Redland","RDF::Redland::Parser" => "Redland","RDF::Redland::Query" => "Redland","RDF::Redland::QueryResults" => "Redland","RDF::Redland::RSS" => "Redland","RDF::Redland::RSS::Node" => "Redland","RDF::Redland::Serializer" => "Redland","RDF::Redland::Statement" => "Redland","RDF::Redland::Storage" => "Redland","RDF::Redland::Stream" => "Redland","RDF::Redland::URI" => "Redland","RDF::Redland::URINode" => "Redland","RDF::Redland::World" => "Redland","RDF::Redland::XMLLiteralNode" => "Redland","RPC::PlClient" => "PlRPC","RPC::PlClient::Comm" => "PlRPC","RPC::PlClient::Object" => "PlRPC","RPC::PlServer" => "PlRPC","RPC::PlServer::Comm" => "PlRPC","RPC::PlServer::Test" => "PlRPC","RPC::XML" => "RPC-XML","RPC::XML::Client" => "RPC-XML","RPC::XML::Function" => "RPC-XML","RPC::XML::Method" => "RPC-XML","RPC::XML::Parser" => "RPC-XML","RPC::XML::Parser::XMLLibXML" => "RPC-XML","RPC::XML::Parser::XMLParser" => "RPC-XML","RPC::XML::ParserFactory" => "RPC-XML","RPC::XML::Procedure" => "RPC-XML","RPC::XML::Server" => "RPC-XML","RPC::XML::array" => "RPC-XML","RPC::XML::base64" => "RPC-XML","RPC::XML::boolean" => "RPC-XML","RPC::XML::datatype" => "RPC-XML","RPC::XML::datetime_iso8601" => "RPC-XML","RPC::XML::double" => "RPC-XML","RPC::XML::fault" => "RPC-XML","RPC::XML::i4" => "RPC-XML","RPC::XML::i8" => "RPC-XML","RPC::XML::int" => "RPC-XML","RPC::XML::nil" => "RPC-XML","RPC::XML::request" => "RPC-XML","RPC::XML::response" => "RPC-XML","RPC::XML::simple_type" => "RPC-XML","RPC::XML::string" => "RPC-XML","RPC::XML::struct" => "RPC-XML","RT::Authen::ExternalAuth" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::DBI" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::DBI::Cookie" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::LDAP" => "RT-Authen-ExternalAuth","RT::Extension::MobileUI" => "RT-Extension-MobileUI","RTMP::Client" => "RTMP-Client","Redis::Fast" => "Redis-Fast","Redis::Fast::Hash" => "Redis-Fast","Redis::Fast::List" => "Redis-Fast","Redis::Fast::Sentinel" => "Redis-Fast","Redis::hiredis" => "Redis-hiredis","Resource::Pack::jQuery" => "Resource-Pack-jQuery","SDBM_File" => "perl","SOAP::Apache" => "SOAP-Lite","SOAP::Cloneable" => "SOAP-Lite","SOAP::Constants" => "SOAP-Lite","SOAP::Custom::XML::Data" => "SOAP-Lite","SOAP::Custom::XML::Deserializer" => "SOAP-Lite","SOAP::Data" => "SOAP-Lite","SOAP::Deserializer" => "SOAP-Lite","SOAP::Fault" => "SOAP-Lite","SOAP::Header" => "SOAP-Lite","SOAP::Lite" => "SOAP-Lite","SOAP::Lite::COM" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchema1999" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchema2001" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchemaSOAP1_1" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchemaSOAP1_2" => "SOAP-Lite","SOAP::Lite::Packager" => "SOAP-Lite","SOAP::Lite::Packager::DIME" => "SOAP-Lite","SOAP::Lite::Packager::MIME" => "SOAP-Lite","SOAP::Lite::Utils" => "SOAP-Lite","SOAP::MIMEParser" => "SOAP-Lite","SOAP::Packager" => "SOAP-Lite","SOAP::Packager::DIME" => "SOAP-Lite","SOAP::Packager::MIME" => "SOAP-Lite","SOAP::SOM" => "SOAP-Lite","SOAP::Schema" => "SOAP-Lite","SOAP::Schema::Deserializer" => "SOAP-Lite","SOAP::Schema::WSDL" => "SOAP-Lite","SOAP::Server" => "SOAP-Lite","SOAP::Server::Object" => "SOAP-Lite","SOAP::Server::Parameters" => "SOAP-Lite","SOAP::Test" => "SOAP-Lite","SOAP::Test::Server" => "SOAP-Lite","SOAP::Trace" => "SOAP-Lite","SOAP::Transport" => "SOAP-Lite","SOAP::Transport::HTTP" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon::ForkAfterProcessing" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon::ForkOnAccept" => "SOAP-Lite","SOAP::Transport::HTTP::FCGI" => "SOAP-Lite","SOAP::Transport::IO" => "SOAP-Lite","SOAP::Transport::IO::Server" => "SOAP-Lite","SOAP::Transport::LOCAL" => "SOAP-Lite","SOAP::Transport::LOCAL::Client" => "SOAP-Lite","SOAP::Transport::LOOPBACK" => "SOAP-Lite","SOAP::Transport::LOOPBACK::Client" => "SOAP-Lite","SOAP::Transport::MAILTO" => "SOAP-Lite","SOAP::Transport::MAILTO::Client" => "SOAP-Lite","SOAP::Transport::POP3" => "SOAP-Lite","SOAP::Transport::POP3::Server" => "SOAP-Lite","SOAP::Transport::TCP" => "SOAP-Lite","SOAP::Transport::TCP::Client" => "SOAP-Lite","SOAP::Transport::TCP::Server" => "SOAP-Lite","SOAP::Utils" => "SOAP-Lite","SOAP::XMLSchema1999::Deserializer" => "SOAP-Lite","SOAP::XMLSchema1999::Serializer" => "SOAP-Lite","SOAP::XMLSchema2001::Deserializer" => "SOAP-Lite","SOAP::XMLSchema2001::Serializer" => "SOAP-Lite","SOAP::XMLSchema::Serializer" => "SOAP-Lite","SOAP::XMLSchemaApacheSOAP::Deserializer" => "SOAP-Lite","SOAP::XMLSchemaSOAP1_1::Deserializer" => "SOAP-Lite","SOAP::XMLSchemaSOAP1_2::Deserializer" => "SOAP-Lite","SSL_Context" => "IO-Socket-SSL","SSL_HANDLE" => "IO-Socket-SSL","SSL_SSL" => "IO-Socket-SSL","SVG::Sparkline" => "SVG-Sparkline","SVG::Sparkline::Area" => "SVG-Sparkline","SVG::Sparkline::Bar" => "SVG-Sparkline","SVG::Sparkline::Line" => "SVG-Sparkline","SVG::Sparkline::RangeArea" => "SVG-Sparkline","SVG::Sparkline::RangeBar" => "SVG-Sparkline","SVG::Sparkline::Utils" => "SVG-Sparkline","SVG::Sparkline::Whisker" => "SVG-Sparkline","SVN::Base" => "Alien-SVN","SVN::Client" => "Alien-SVN","SVN::Core" => "Alien-SVN","SVN::Delta" => "Alien-SVN","SVN::Fs" => "Alien-SVN","SVN::Look" => "SVN-Look","SVN::Ra" => "Alien-SVN","SVN::Repos" => "Alien-SVN","SVN::Wc" => "Alien-SVN","Safe" => "Safe","Search::OpenSearch::Result" => "Search-OpenSearch-Server","Search::OpenSearch::Server" => "Search-OpenSearch-Server","Search::OpenSearch::Server::Catalyst" => "Search-OpenSearch-Server","Search::OpenSearch::Server::Plack" => "Search-OpenSearch-Server","SelectSaver" => "perl","Sereal::Decoder" => "Sereal-Decoder","Sereal::Decoder::Constants" => "Sereal-Decoder","Sereal::Encoder" => "Sereal-Encoder","Sereal::Encoder::Constants" => "Sereal-Encoder","Sereal::Performance" => "Sereal-Decoder","Sidef" => "Sidef","Sidef::Deparse::Perl" => "Sidef","Sidef::Deparse::Sidef" => "Sidef","Sidef::Math::Math" => "Sidef","Sidef::Module::Func" => "Sidef","Sidef::Module::OO" => "Sidef","Sidef::Object::Convert" => "Sidef","Sidef::Object::Enumerator" => "Sidef","Sidef::Object::Lazy" => "Sidef","Sidef::Object::LazyMethod" => "Sidef","Sidef::Object::Object" => "Sidef","Sidef::Optimizer" => "Sidef","Sidef::Parser" => "Sidef","Sidef::Perl::Perl" => "Sidef","Sidef::Sys::Sig" => "Sidef","Sidef::Sys::Sys" => "Sidef","Sidef::Time::Date" => "Sidef","Sidef::Time::Gmtime" => "Sidef","Sidef::Time::Localtime" => "Sidef","Sidef::Time::Time" => "Sidef","Sidef::Types::Array::Array" => "Sidef","Sidef::Types::Array::Matrix" => "Sidef","Sidef::Types::Array::Pair" => "Sidef","Sidef::Types::Array::Vector" => "Sidef","Sidef::Types::Block::Block" => "Sidef","Sidef::Types::Block::Fork" => "Sidef","Sidef::Types::Block::Try" => "Sidef","Sidef::Types::Bool::Bool" => "Sidef","Sidef::Types::Glob::Backtick" => "Sidef","Sidef::Types::Glob::Dir" => "Sidef","Sidef::Types::Glob::DirHandle" => "Sidef","Sidef::Types::Glob::File" => "Sidef","Sidef::Types::Glob::FileHandle" => "Sidef","Sidef::Types::Glob::Pipe" => "Sidef","Sidef::Types::Glob::Socket" => "Sidef","Sidef::Types::Glob::SocketHandle" => "Sidef","Sidef::Types::Glob::Stat" => "Sidef","Sidef::Types::Hash::Hash" => "Sidef","Sidef::Types::Null::Null" => "Sidef","Sidef::Types::Number::Complex" => "Sidef","Sidef::Types::Number::Fraction" => "Sidef","Sidef::Types::Number::Gauss" => "Sidef","Sidef::Types::Number::Mod" => "Sidef","Sidef::Types::Number::Number" => "Sidef","Sidef::Types::Number::Polynomial" => "Sidef","Sidef::Types::Number::PolynomialMod" => "Sidef","Sidef::Types::Number::Quadratic" => "Sidef","Sidef::Types::Number::Quaternion" => "Sidef","Sidef::Types::Perl::Perl" => "Sidef","Sidef::Types::Range::Range" => "Sidef","Sidef::Types::Range::RangeNumber" => "Sidef","Sidef::Types::Range::RangeString" => "Sidef","Sidef::Types::Regex::Match" => "Sidef","Sidef::Types::Regex::Regex" => "Sidef","Sidef::Types::Set::Bag" => "Sidef","Sidef::Types::Set::Set" => "Sidef","Sidef::Types::String::String" => "Sidef","Sidef::Variable::GetOpt" => "Sidef","Sidef::Variable::NamedParam" => "Sidef","SimpleObjectClass" => "CGI-Session","Smolder" => "Smolder","Smolder::AuthHandler" => "Smolder","Smolder::AuthInfo" => "Smolder","Smolder::Build" => "Smolder","Smolder::Conf" => "Smolder","Smolder::Constraints" => "Smolder","Smolder::Control" => "Smolder","Smolder::Control::Admin" => "Smolder","Smolder::Control::Admin::Developers" => "Smolder","Smolder::Control::Admin::Projects" => "Smolder","Smolder::Control::Developer" => "Smolder","Smolder::Control::Developer::Prefs" => "Smolder","Smolder::Control::Graphs" => "Smolder","Smolder::Control::Projects" => "Smolder","Smolder::Control::Public" => "Smolder","Smolder::Control::Public::Auth" => "Smolder","Smolder::DB" => "Smolder","Smolder::DB::Developer" => "Smolder","Smolder::DB::Preference" => "Smolder","Smolder::DB::Project" => "Smolder","Smolder::DB::ProjectDeveloper" => "Smolder","Smolder::DB::SmokeReport" => "Smolder","Smolder::DB::TestFile" => "Smolder","Smolder::DB::TestFileComment" => "Smolder","Smolder::DB::TestFileResult" => "Smolder","Smolder::Debug" => "Smolder","Smolder::Dispatch" => "Smolder","Smolder::Email" => "Smolder","Smolder::Manual" => "Smolder","Smolder::Mech" => "Smolder","Smolder::Redirect" => "Smolder","Smolder::Server" => "Smolder","Smolder::Server::Control" => "Smolder","Smolder::Server::PreFork" => "Smolder","Smolder::TAPHTMLMatrix" => "Smolder","Smolder::TestData" => "Smolder","Smolder::TestScript" => "Smolder","Smolder::Upgrade" => "Smolder","Smolder::Upgrade::V0_1" => "Smolder","Smolder::Upgrade::V0_3" => "Smolder","Smolder::Upgrade::V1_1" => "Smolder","Smolder::Upgrade::V1_21" => "Smolder","Smolder::Upgrade::V1_24" => "Smolder","Smolder::Upgrade::V1_30" => "Smolder","Smolder::Upgrade::V1_37" => "Smolder","Smolder::Upgrade::V1_50" => "Smolder","Smolder::Util" => "Smolder","SockJS" => "SockJS","SockJS::Connection" => "SockJS","SockJS::Exception" => "SockJS","SockJS::Handle" => "SockJS","SockJS::Middleware::Cache" => "SockJS","SockJS::Middleware::Cors" => "SockJS","SockJS::Middleware::Http10" => "SockJS","SockJS::Middleware::JSessionID" => "SockJS","SockJS::Session" => "SockJS","SockJS::Transport" => "SockJS","SockJS::Transport::Base" => "SockJS","SockJS::Transport::EventSource" => "SockJS","SockJS::Transport::HtmlFile" => "SockJS","SockJS::Transport::JSONPPolling" => "SockJS","SockJS::Transport::JSONPSend" => "SockJS","SockJS::Transport::WebSocket" => "SockJS","SockJS::Transport::XHRPolling" => "SockJS","SockJS::Transport::XHRSend" => "SockJS","SockJS::Transport::XHRStreaming" => "SockJS","Socket" => "Socket","Spoon" => "Spoon","Spoon::Base" => "Spoon","Spoon::CGI" => "Spoon","Spoon::Command" => "Spoon","Spoon::Config" => "Spoon","Spoon::ContentObject" => "Spoon","Spoon::Cookie" => "Spoon","Spoon::DataObject" => "Spoon","Spoon::Formatter" => "Spoon","Spoon::Formatter::Block" => "Spoon","Spoon::Formatter::Container" => "Spoon","Spoon::Formatter::Phrase" => "Spoon","Spoon::Formatter::Wafl" => "Spoon","Spoon::Headers" => "Spoon","Spoon::Hook" => "Spoon","Spoon::Hooked" => "Spoon","Spoon::Hooks" => "Spoon","Spoon::Hub" => "Spoon","Spoon::IndexList" => "Spoon","Spoon::Installer" => "Spoon","Spoon::Lookup" => "Spoon","Spoon::MetadataObject" => "Spoon","Spoon::Plugin" => "Spoon","Spoon::Registry" => "Spoon","Spoon::Template" => "Spoon","Spoon::Template::TT2" => "Spoon","Spoon::Trace" => "Spoon","Spoon::Utils" => "Spoon","Spreadsheet::ParseExcel" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Cell" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Dump" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtDefault" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtJapan" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtJapan2" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtUnicode" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Font" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Format" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser::Workbook" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser::Worksheet" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Utility" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Workbook" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Worksheet" => "Spreadsheet-ParseExcel","Spreadsheet::ParseXLSX" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Cell" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor::Agile" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor::Standard" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Worksheet" => "Spreadsheet-ParseXLSX","Squatting" => "Squatting","Squatting::Controller" => "Squatting","Squatting::H" => "Squatting","Squatting::Log" => "Squatting","Squatting::Mapper" => "Squatting","Squatting::On::CGI" => "Squatting","Squatting::On::Catalyst" => "Squatting","Squatting::On::Continuity" => "Squatting","Squatting::On::Jifty" => "Squatting","Squatting::On::MP13" => "Squatting","Squatting::On::MP20" => "Squatting","Squatting::Q" => "Squatting","Squatting::View" => "Squatting","Squatting::With::AccessTrace" => "Squatting","Squatting::With::Coro::Debug" => "Squatting","Squatting::With::Log" => "Squatting","Squatting::With::MockRequest" => "Squatting","Squatting::With::Mount" => "Squatting","Squatting::With::PerHostConfig" => "Squatting","Starch" => "Starch","Starch::Factory" => "Starch","Starch::Manager" => "Starch","Starch::Plugin::AlwaysLoad" => "Starch","Starch::Plugin::Bundle" => "Starch","Starch::Plugin::CookieArgs" => "Starch","Starch::Plugin::CookieArgs::Manager" => "Starch","Starch::Plugin::CookieArgs::State" => "Starch","Starch::Plugin::DisableStore" => "Starch","Starch::Plugin::ForManager" => "Starch","Starch::Plugin::ForState" => "Starch","Starch::Plugin::ForStore" => "Starch","Starch::Plugin::LogStoreExceptions" => "Starch","Starch::Plugin::RenewExpiration" => "Starch","Starch::Plugin::RenewExpiration::Manager" => "Starch","Starch::Plugin::RenewExpiration::State" => "Starch","Starch::Plugin::ThrottleStore" => "Starch","Starch::Plugin::Trace" => "Starch","Starch::Plugin::Trace::Manager" => "Starch","Starch::Plugin::Trace::State" => "Starch","Starch::Plugin::Trace::Store" => "Starch","Starch::Role::Log" => "Starch","Starch::State" => "Starch","Starch::Store" => "Starch","Starch::Store::Layered" => "Starch","Starch::Store::Memory" => "Starch","Starch::Util" => "Starch","Stardust" => "Stardust","Stardust::Controllers" => "Stardust","Stardust::Demo" => "Stardust","Stardust::Demo::Controllers" => "Stardust","Stardust::Demo::Views" => "Stardust","Storable" => "Storable","String::Compare::ConstantTime" => "String-Compare-ConstantTime","Sub::HandlesVia" => "Sub-HandlesVia","Sub::HandlesVia::CodeGenerator" => "Sub-HandlesVia","Sub::HandlesVia::Declare" => "Sub-HandlesVia","Sub::HandlesVia::Handler" => "Sub-HandlesVia","Sub::HandlesVia::Handler::CodeRef" => "Sub-HandlesVia","Sub::HandlesVia::Handler::Traditional" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Array" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Blessed" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Bool" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Code" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Counter" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Enum" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Hash" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Number" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Scalar" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::String" => "Sub-HandlesVia","Sub::HandlesVia::Mite" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mite" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moo" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose::PackageTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose::RoleTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse::PackageTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse::RoleTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::ObjectPad" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Plain" => "Sub-HandlesVia","Symbol" => "perl","Sys::Hostname" => "perl","Sys::Syslog" => "Sys-Syslog","Sys::Syslog::Win32" => "Sys-Syslog","Tcl" => "Tcl","Tcl::Cmdbase" => "Tcl","Tcl::Code" => "Tcl","Tcl::List" => "Tcl","Tcl::Var" => "Tcl","Template::Declare::Exception" => "Jifty","Template::Quick" => "MySQL-Admin","Term::ReadLine::Gnu" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::AU" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::Var" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::XS" => "Term-ReadLine-Gnu","Test::Dpkg" => "Dpkg","Test::Mojo" => "Mojolicious","Test::Simply" => "Fake-Our","Test::Starch" => "Starch","TestChunks" => "Perl6-Pugs","Testing" => "perl","Text::SmartyPants" => "MojoMojo","Text::Wikispaces2Markdown" => "MojoMojo","Thread" => "perl","Thread::Signal" => "perl","Thread::Specific" => "perl","Tie::Array" => "perl","Tie::ExtraHash" => "perl","Tie::Handle" => "perl","Tie::Hash" => "perl","Tie::Hash::NamedCapture" => "perl","Tie::Memoize" => "perl","Tie::Scalar" => "perl","Tie::StdArray" => "perl","Tie::StdHandle" => "perl","Tie::StdHash" => "perl","Tie::StdScalar" => "perl","Tie::SubstrHash" => "perl","Tie::Watch" => "Tk","Time::gmtime" => "perl","Time::localtime" => "perl","Time::tm" => "perl","Tk" => "Tk","Tk::Adjuster" => "Tk","Tk::Adjuster::Item" => "Tk","Tk::After" => "Tk","Tk::Animation" => "Tk","Tk::Balloon" => "Tk","Tk::Bitmap" => "Tk","Tk::BrowseEntry" => "Tk","Tk::Button" => "Tk","Tk::Canvas" => "Tk","Tk::Checkbutton" => "Tk","Tk::Clipboard" => "Tk","Tk::CmdLine" => "Tk","Tk::ColorDialog" => "Tk","Tk::ColorEditor" => "Tk","Tk::ColorSelect" => "Tk","Tk::Compound" => "Tk","Tk::Configure" => "Tk","Tk::Derived" => "Tk","Tk::Dialog" => "Tk","Tk::DialogBox" => "Tk","Tk::DirTree" => "Tk","Tk::DirTreeDialog" => "Tk","Tk::Dirlist" => "Tk","Tk::DragDrop" => "Tk","Tk::DragDrop::Common" => "Tk","Tk::DragDrop::Local" => "Tk","Tk::DragDrop::Rect" => "Tk","Tk::DragDrop::SunConst" => "Tk","Tk::DragDrop::SunDrop" => "Tk","Tk::DragDrop::SunSite" => "Tk","Tk::DragDrop::Win32Drop" => "Tk","Tk::DragDrop::Win32Site" => "Tk","Tk::DragDrop::XDNDDrop" => "Tk","Tk::DragDrop::XDNDSite" => "Tk","Tk::DropSite" => "Tk","Tk::DummyEncode" => "Tk","Tk::DummyEncode::iso8859_1" => "Tk","Tk::English" => "Tk","Tk::Entry" => "Tk","Tk::ErrorDialog" => "Tk","Tk::Event" => "Tk","Tk::Event::IO" => "Tk","Tk::FBox" => "Tk","Tk::FileSelect" => "Tk","Tk::FloatEntry" => "Tk","Tk::Font" => "Tk","Tk::Frame" => "Tk","Tk::HList" => "Tk","Tk::IO" => "Tk","Tk::IconList" => "Tk","Tk::Image" => "Tk","Tk::InputO" => "Tk","Tk::ItemStyle" => "Tk","Tk::JPEG" => "Tk","Tk::LabEntry" => "Tk","Tk::LabFrame" => "Tk","Tk::LabRadiobutton" => "Tk","Tk::Label" => "Tk","Tk::LabeledEntryLabeledRadiobutton" => "Tk","Tk::Labelframe" => "Tk","Tk::Listbox" => "Tk","Tk::MMtry" => "Tk","Tk::MMutil" => "Tk","Tk::MainWindow" => "Tk","Tk::MakeDepend" => "Tk","Tk::Menu" => "Tk","Tk::Menu::Button" => "Tk","Tk::Menu::Cascade" => "Tk","Tk::Menu::Checkbutton" => "Tk","Tk::Menu::Item" => "Tk","Tk::Menu::Radiobutton" => "Tk","Tk::Menu::Separator" => "Tk","Tk::Menubar" => "Tk","Tk::Menubutton" => "Tk","Tk::Message" => "Tk","Tk::MsgBox" => "Tk","Tk::Mwm" => "Tk","Tk::NBFrame" => "Tk","Tk::NoteBook" => "Tk","Tk::Optionmenu" => "Tk","Tk::PNG" => "Tk","Tk::Pane" => "Tk","Tk::Panedwindow" => "Tk","Tk::Photo" => "Tk","Tk::Pixmap" => "Tk","Tk::Pretty" => "Tk","Tk::ProgressBar" => "Tk","Tk::ROText" => "Tk","Tk::Radiobutton" => "Tk","Tk::Region" => "Tk","Tk::Reindex" => "Tk","Tk::ReindexedROText" => "Tk","Tk::ReindexedText" => "Tk","Tk::Scale" => "Tk","Tk::Scrollbar" => "Tk","Tk::Spinbox" => "Tk","Tk::Stats" => "Tk","Tk::Stdio" => "PAR","Tk::Stdio::Handle" => "PAR","Tk::Submethods" => "Tk","Tk::TList" => "Tk","Tk::Table" => "Tk","Tk::Text" => "Tk","Tk::Text::Tag" => "Tk","Tk::TextEdit" => "Tk","Tk::TextList" => "Tk","Tk::TextUndo" => "Tk","Tk::Tiler" => "Tk","Tk::TixGrid" => "Tk","Tk::Toplevel" => "Tk","Tk::Trace" => "Tk","Tk::Tree" => "Tk","Tk::Widget" => "Tk","Tk::WinPhoto" => "Tk","Tk::Wm" => "Tk","Tk::X" => "Tk","Tk::X11Font" => "Tk","Tk::Xlib" => "Tk","Tk::Xrm" => "Tk","Tk::install" => "Tk","Tk::widgets" => "Tk","U64" => "IO-Compress","UDDI::Constants" => "SOAP-Lite","UI::Dialog" => "UI-Dialog","UI::Dialog::Backend" => "UI-Dialog","UI::Dialog::Backend::ASCII" => "UI-Dialog","UI::Dialog::Backend::CDialog" => "UI-Dialog","UI::Dialog::Backend::GDialog" => "UI-Dialog","UI::Dialog::Backend::KDialog" => "UI-Dialog","UI::Dialog::Backend::Nautilus" => "UI-Dialog","UI::Dialog::Backend::NotifySend" => "UI-Dialog","UI::Dialog::Backend::Whiptail" => "UI-Dialog","UI::Dialog::Backend::XDialog" => "UI-Dialog","UI::Dialog::Backend::XOSD" => "UI-Dialog","UI::Dialog::Backend::Zenity" => "UI-Dialog","UI::Dialog::Console" => "UI-Dialog","UI::Dialog::GNOME" => "UI-Dialog","UI::Dialog::Gauged" => "UI-Dialog","UI::Dialog::KDE" => "UI-Dialog","UI::Dialog::Screen::Druid" => "UI-Dialog","UI::Dialog::Screen::Menu" => "UI-Dialog","UNIVERSAL" => "perl","UR" => "UR","UR::All" => "UR","UR::AttributeHandlers" => "UR","UR::BoolExpr" => "UR","UR::BoolExpr::BxParser" => "UR","UR::BoolExpr::BxParser::Yapp::Driver" => "UR","UR::BoolExpr::Parser::ParseYappDriver" => "UR","UR::BoolExpr::Template" => "UR","UR::BoolExpr::Template::And" => "UR","UR::BoolExpr::Template::Composite" => "UR","UR::BoolExpr::Template::Or" => "UR","UR::BoolExpr::Template::PropertyComparison" => "UR","UR::BoolExpr::Template::PropertyComparison::Between" => "UR","UR::BoolExpr::Template::PropertyComparison::Equals" => "UR","UR::BoolExpr::Template::PropertyComparison::False" => "UR","UR::BoolExpr::Template::PropertyComparison::GreaterOrEqual" => "UR","UR::BoolExpr::Template::PropertyComparison::GreaterThan" => "UR","UR::BoolExpr::Template::PropertyComparison::In" => "UR","UR::BoolExpr::Template::PropertyComparison::Isa" => "UR","UR::BoolExpr::Template::PropertyComparison::LessOrEqual" => "UR","UR::BoolExpr::Template::PropertyComparison::LessThan" => "UR","UR::BoolExpr::Template::PropertyComparison::Like" => "UR","UR::BoolExpr::Template::PropertyComparison::Matches" => "UR","UR::BoolExpr::Template::PropertyComparison::NotBetween" => "UR","UR::BoolExpr::Template::PropertyComparison::NotEquals" => "UR","UR::BoolExpr::Template::PropertyComparison::NotIn" => "UR","UR::BoolExpr::Template::PropertyComparison::NotLike" => "UR","UR::BoolExpr::Template::PropertyComparison::True" => "UR","UR::BoolExpr::Util" => "UR","UR::BoolExpr::Util::clonedThing" => "UR","UR::Change" => "UR","UR::Context" => "UR","UR::Context::AutoUnloadPool" => "UR","UR::Context::DefaultRoot" => "UR","UR::Context::LoadingIterator" => "UR","UR::Context::ObjectFabricator" => "UR","UR::Context::Process" => "UR","UR::Context::Root" => "UR","UR::Context::Transaction" => "UR","UR::DBI" => "UR","UR::DBI::Report" => "UR","UR::DBI::db" => "UR","UR::DBI::st" => "UR","UR::DataSource" => "UR","UR::DataSource::CSV" => "UR","UR::DataSource::Code" => "UR","UR::DataSource::Default" => "UR","UR::DataSource::File" => "UR","UR::DataSource::FileMux" => "UR","UR::DataSource::Filesystem" => "UR","UR::DataSource::Meta" => "UR","UR::DataSource::MySQL" => "UR","UR::DataSource::Oracle" => "UR","UR::DataSource::Pg" => "UR","UR::DataSource::Pg::Operator::False" => "UR","UR::DataSource::Pg::Operator::True" => "UR","UR::DataSource::QueryPlan" => "UR","UR::DataSource::RDBMS" => "UR","UR::DataSource::RDBMS::BitmapIndex" => "UR","UR::DataSource::RDBMS::Entity" => "UR","UR::DataSource::RDBMS::FkConstraint" => "UR","UR::DataSource::RDBMS::FkConstraintColumn" => "UR","UR::DataSource::RDBMS::Operator::Between" => "UR","UR::DataSource::RDBMS::Operator::Equals" => "UR","UR::DataSource::RDBMS::Operator::False" => "UR","UR::DataSource::RDBMS::Operator::GreaterOrEqual" => "UR","UR::DataSource::RDBMS::Operator::GreaterThan" => "UR","UR::DataSource::RDBMS::Operator::In" => "UR","UR::DataSource::RDBMS::Operator::LessOrEqual" => "UR","UR::DataSource::RDBMS::Operator::LessThan" => "UR","UR::DataSource::RDBMS::Operator::Like" => "UR","UR::DataSource::RDBMS::Operator::NotBetween" => "UR","UR::DataSource::RDBMS::Operator::NotEquals" => "UR","UR::DataSource::RDBMS::Operator::NotIn" => "UR","UR::DataSource::RDBMS::Operator::NotLike" => "UR","UR::DataSource::RDBMS::Operator::True" => "UR","UR::DataSource::RDBMS::PkConstraintColumn" => "UR","UR::DataSource::RDBMS::Table" => "UR","UR::DataSource::RDBMS::Table::View::Default::Text" => "UR","UR::DataSource::RDBMS::TableColumn" => "UR","UR::DataSource::RDBMS::TableColumn::View::Default::Text" => "UR","UR::DataSource::RDBMS::UniqueConstraintColumn" => "UR","UR::DataSource::RDBMSRetriableOperations" => "UR","UR::DataSource::SQLite" => "UR","UR::DataSource::ValueDomain" => "UR","UR::Debug" => "UR","UR::DeletedRef" => "UR","UR::Doc::Pod2Html" => "UR","UR::Doc::Section" => "UR","UR::Doc::Writer" => "UR","UR::Doc::Writer::Html" => "UR","UR::Doc::Writer::Pod" => "UR","UR::Env::UR_COMMAND_DUMP_DEBUG_MESSAGES" => "UR","UR::Env::UR_COMMAND_DUMP_STATUS_MESSAGES" => "UR","UR::Env::UR_CONTEXT_BASE" => "UR","UR::Env::UR_CONTEXT_CACHE_SIZE_HIGHWATER" => "UR","UR::Env::UR_CONTEXT_CACHE_SIZE_LOWWATER" => "UR","UR::Env::UR_CONTEXT_LIBS" => "UR","UR::Env::UR_CONTEXT_MONITOR_QUERY" => "UR","UR::Env::UR_CONTEXT_ROOT" => "UR","UR::Env::UR_DBI_DUMP_STACK_ON_CONNECT" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_CALLSTACK" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_IF" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_MATCH" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_SLOW" => "UR","UR::Env::UR_DBI_MONITOR_DML" => "UR","UR::Env::UR_DBI_MONITOR_EVERY_FETCH" => "UR","UR::Env::UR_DBI_MONITOR_SQL" => "UR","UR::Env::UR_DBI_NO_COMMIT" => "UR","UR::Env::UR_DBI_SUMMARIZE_SQL" => "UR","UR::Env::UR_DEBUG_OBJECT_PRUNING" => "UR","UR::Env::UR_DEBUG_OBJECT_RELEASE" => "UR","UR::Env::UR_DUMP_DEBUG_MESSAGES" => "UR","UR::Env::UR_DUMP_STATUS_MESSAGES" => "UR","UR::Env::UR_IGNORE" => "UR","UR::Env::UR_MOOSE" => "UR","UR::Env::UR_NO_REQUIRE_USER_VERIFY" => "UR","UR::Env::UR_NR_CPU" => "UR","UR::Env::UR_RUN_LONG_TESTS" => "UR","UR::Env::UR_STACK_DUMP_ON_DIE" => "UR","UR::Env::UR_STACK_DUMP_ON_WARN" => "UR","UR::Env::UR_TEST_QUIET" => "UR","UR::Env::UR_USED_MODS" => "UR","UR::Env::UR_USE_ANY" => "UR","UR::Env::UR_USE_DUMMY_AUTOGENERATED_IDS" => "UR","UR::Exit" => "UR","UR::Iterator" => "UR","UR::ModuleBase" => "UR","UR::ModuleBase::Message" => "UR","UR::ModuleBuild" => "UR","UR::ModuleConfig" => "UR","UR::ModuleLoader" => "UR","UR::Moose" => "UR","UR::Namespace" => "UR","UR::Namespace::Command" => "UR","UR::Namespace::Command::Base" => "UR","UR::Namespace::Command::Define" => "UR","UR::Namespace::Command::Define::Class" => "UR","UR::Namespace::Command::Define::Datasource" => "UR","UR::Namespace::Command::Define::Datasource::File" => "UR","UR::Namespace::Command::Define::Datasource::Mysql" => "UR","UR::Namespace::Command::Define::Datasource::Oracle" => "UR","UR::Namespace::Command::Define::Datasource::Pg" => "UR","UR::Namespace::Command::Define::Datasource::Rdbms" => "UR","UR::Namespace::Command::Define::Datasource::RdbmsWithAuth" => "UR","UR::Namespace::Command::Define::Datasource::Sqlite" => "UR","UR::Namespace::Command::Define::Db" => "UR","UR::Namespace::Command::Define::Namespace" => "UR","UR::Namespace::Command::Describe" => "UR","UR::Namespace::Command::Init" => "UR","UR::Namespace::Command::List" => "UR","UR::Namespace::Command::List::Classes" => "UR","UR::Namespace::Command::List::Modules" => "UR","UR::Namespace::Command::List::Objects" => "UR","UR::Namespace::Command::Old" => "UR","UR::Namespace::Command::Old::DiffRewrite" => "UR","UR::Namespace::Command::Old::DiffUpdate" => "UR","UR::Namespace::Command::Old::ExportDbicClasses" => "UR","UR::Namespace::Command::Old::Info" => "UR","UR::Namespace::Command::Old::Redescribe" => "UR","UR::Namespace::Command::RunsOnModulesInTree" => "UR","UR::Namespace::Command::Show" => "UR","UR::Namespace::Command::Show::Properties" => "UR","UR::Namespace::Command::Show::Schema" => "UR","UR::Namespace::Command::Show::Subclasses" => "UR","UR::Namespace::Command::Sys" => "UR","UR::Namespace::Command::Sys::ClassBrowser" => "UR","UR::Namespace::Command::Sys::ClassBrowser::TreeItem" => "UR","UR::Namespace::Command::Test" => "UR","UR::Namespace::Command::Test::Callcount" => "UR","UR::Namespace::Command::Test::Callcount::List" => "UR","UR::Namespace::Command::Test::Compile" => "UR","UR::Namespace::Command::Test::Eval" => "UR","UR::Namespace::Command::Test::Run" => "UR","UR::Namespace::Command::Test::TrackObjectRelease" => "UR","UR::Namespace::Command::Test::Use" => "UR","UR::Namespace::Command::Test::Window" => "UR","UR::Namespace::Command::Test::Window::Tk" => "UR","UR::Namespace::Command::Update" => "UR","UR::Namespace::Command::Update::ClassDiagram" => "UR","UR::Namespace::Command::Update::ClassesFromDb" => "UR","UR::Namespace::Command::Update::Doc" => "UR","UR::Namespace::Command::Update::Pod" => "UR","UR::Namespace::Command::Update::RenameClass" => "UR","UR::Namespace::Command::Update::RewriteClassHeader" => "UR","UR::Namespace::Command::Update::SchemaDiagram" => "UR","UR::Namespace::Command::Update::TabCompletionSpec" => "UR","UR::Object" => "UR","UR::Object::Accessorized" => "UR","UR::Object::Command::FetchAndDo" => "UR","UR::Object::Command::List" => "UR","UR::Object::Command::List::Csv" => "UR","UR::Object::Command::List::Html" => "UR","UR::Object::Command::List::Newtext" => "UR","UR::Object::Command::List::Pretty" => "UR","UR::Object::Command::List::Style" => "UR","UR::Object::Command::List::Text" => "UR","UR::Object::Command::List::Tsv" => "UR","UR::Object::Command::List::Xml" => "UR","UR::Object::Ghost" => "UR","UR::Object::Index" => "UR","UR::Object::Iterator" => "UR","UR::Object::Join" => "UR","UR::Object::Property" => "UR","UR::Object::Property::View::Default::Text" => "UR","UR::Object::Property::View::DescriptionLineItem::Text" => "UR","UR::Object::Property::View::ReferenceDescription::Text" => "UR","UR::Object::Set" => "UR","UR::Object::Set::View::Default::Html" => "UR","UR::Object::Set::View::Default::Json" => "UR","UR::Object::Set::View::Default::Text" => "UR","UR::Object::Set::View::Default::Xml" => "UR","UR::Object::Tag" => "UR","UR::Object::Type" => "UR","UR::Object::Type::AccessorWriter" => "UR","UR::Object::Type::AccessorWriter::Product" => "UR","UR::Object::Type::AccessorWriter::Sum" => "UR","UR::Object::Type::Initializer" => "UR","UR::Object::Type::ModuleWriter" => "UR","UR::Object::Type::View::AvailableViews::Json" => "UR","UR::Object::Type::View::AvailableViews::Xml" => "UR","UR::Object::Type::View::Default::Text" => "UR","UR::Object::Type::View::Default::Umlet" => "UR","UR::Object::Type::View::Default::Xml" => "UR","UR::Object::Umlet" => "UR","UR::Object::Umlet::Class" => "UR","UR::Object::Umlet::Diagram" => "UR","UR::Object::Umlet::Other" => "UR","UR::Object::Umlet::PictureElement" => "UR","UR::Object::Umlet::Relation" => "UR","UR::Object::Value" => "UR","UR::Object::View" => "UR","UR::Object::View::Aspect" => "UR","UR::Object::View::Default::Gtk" => "UR","UR::Object::View::Default::Gtk2" => "UR","UR::Object::View::Default::Html" => "UR","UR::Object::View::Default::Json" => "UR","UR::Object::View::Default::Text" => "UR","UR::Object::View::Default::Xml" => "UR","UR::Object::View::Default::Xsl" => "UR","UR::Object::View::Lister::Text" => "UR","UR::Object::View::Static::Html" => "UR","UR::Object::View::Toolkit" => "UR","UR::Object::View::Toolkit::Text" => "UR","UR::Object::View::Toolkit::Umlet" => "UR","UR::Observer" => "UR","UR::Role" => "UR","UR::Role::Instance" => "UR","UR::Role::MethodModifier" => "UR","UR::Role::MethodModifier::After" => "UR","UR::Role::MethodModifier::Around" => "UR","UR::Role::MethodModifier::Before" => "UR","UR::Role::Param" => "UR","UR::Role::Prototype" => "UR","UR::Role::PrototypeWithParams" => "UR","UR::Service::JsonRpcServer" => "UR","UR::Service::RPC::Executer" => "UR","UR::Service::RPC::Message" => "UR","UR::Service::RPC::Server" => "UR","UR::Service::RPC::TcpConnectionListener" => "UR","UR::Service::UrlRouter" => "UR","UR::Service::WebServer" => "UR","UR::Service::WebServer::Server" => "UR","UR::Service::XMLCommandExecutor" => "UR","UR::Singleton" => "UR","UR::Time" => "UR","UR::Util" => "UR","UR::Util::ArrayRefIterator" => "UR","UR::Value" => "UR","UR::Value::ARRAY" => "UR","UR::Value::Blob" => "UR","UR::Value::Boolean" => "UR","UR::Value::Boolean::View::Default::Text" => "UR","UR::Value::CODE" => "UR","UR::Value::CSV" => "UR","UR::Value::DateTime" => "UR","UR::Value::Decimal" => "UR","UR::Value::DirectoryPath" => "UR","UR::Value::FOF" => "UR","UR::Value::FilePath" => "UR","UR::Value::FilesystemPath" => "UR","UR::Value::Float" => "UR","UR::Value::GLOB" => "UR","UR::Value::HASH" => "UR","UR::Value::Integer" => "UR","UR::Value::Iterator" => "UR","UR::Value::JSON" => "UR","UR::Value::Number" => "UR","UR::Value::PerlReference" => "UR","UR::Value::REF" => "UR","UR::Value::SCALAR" => "UR","UR::Value::Set" => "UR","UR::Value::SloppyPrimitive" => "UR","UR::Value::String" => "UR","UR::Value::Text" => "UR","UR::Value::Timestamp" => "UR","UR::Value::Type" => "UR","UR::Value::URL" => "UR","UR::Value::View::Default::Html" => "UR","UR::Value::View::Default::Json" => "UR","UR::Value::View::Default::Text" => "UR","UR::Value::View::Default::Xml" => "UR","UR::Vocabulary" => "UR","URI::jabber" => "SOAP-Lite","UTF_8" => "Squatting","UTF_8::Controllers" => "Squatting","UTF_8::Views" => "Squatting","Ukigumo::Agent" => "Ukigumo-Agent","Ukigumo::Agent::Cleaner" => "Ukigumo-Agent","Ukigumo::Agent::Dispatcher" => "Ukigumo-Agent","Ukigumo::Agent::Logger" => "Ukigumo-Agent","Ukigumo::Agent::Manager" => "Ukigumo-Agent","Ukigumo::Agent::View" => "Ukigumo-Agent","Ukigumo::Server" => "Ukigumo-Server","Ukigumo::Server::API" => "Ukigumo-Server","Ukigumo::Server::API::Dispatcher" => "Ukigumo-Server","Ukigumo::Server::Command::Branch" => "Ukigumo-Server","Ukigumo::Server::Command::Docs" => "Ukigumo-Server","Ukigumo::Server::Command::Report" => "Ukigumo-Server","Ukigumo::Server::DB" => "Ukigumo-Server","Ukigumo::Server::DB::Schema" => "Ukigumo-Server","Ukigumo::Server::L10N" => "Ukigumo-Server","Ukigumo::Server::Launcher" => "Ukigumo-Server","Ukigumo::Server::Schema" => "Ukigumo-Server","Ukigumo::Server::Util" => "Ukigumo-Server","Ukigumo::Server::Web" => "Ukigumo-Server","Ukigumo::Server::Web::Dispatcher" => "Ukigumo-Server","Ukigumo::Server::Web::ViewFunctions" => "Ukigumo-Server","UnQLite" => "UnQLite","UnQLite::Cursor" => "UnQLite","UniCodePoints" => "Squatting","UniCodePoints::Controllers" => "Squatting","UniCodePoints::Views" => "Squatting","Unicode::UCD" => "perl","UnicodeCD" => "perl","User::grent" => "perl","User::pwent" => "perl","VMS::DCLsym" => "perl","VMS::Filespec" => "perl","VMS::Stdio" => "perl","Valiant" => "Valiant","Valiant::Error" => "Valiant","Valiant::Errors" => "Valiant","Valiant::Filter" => "Valiant","Valiant::Filter::Collapse" => "Valiant","Valiant::Filter::Collection" => "Valiant","Valiant::Filter::Each" => "Valiant","Valiant::Filter::Flatten" => "Valiant","Valiant::Filter::HtmlEscape" => "Valiant","Valiant::Filter::Lower" => "Valiant","Valiant::Filter::Numberize" => "Valiant","Valiant::Filter::Template" => "Valiant","Valiant::Filter::Title" => "Valiant","Valiant::Filter::ToArray" => "Valiant","Valiant::Filter::Trim" => "Valiant","Valiant::Filter::UcFirst" => "Valiant","Valiant::Filter::Upper" => "Valiant","Valiant::Filter::With" => "Valiant","Valiant::Filterable" => "Valiant","Valiant::Filters" => "Valiant","Valiant::HTML::BaseComponent" => "Valiant","Valiant::HTML::Component" => "Valiant","Valiant::HTML::Components" => "Valiant","Valiant::HTML::ContentComponent" => "Valiant","Valiant::HTML::Form" => "Valiant","Valiant::HTML::FormBuilder" => "Valiant","Valiant::HTML::FormBuilder::Checkbox" => "Valiant","Valiant::HTML::FormBuilder::DefaultModel" => "Valiant","Valiant::HTML::FormBuilder::Model" => "Valiant","Valiant::HTML::FormBuilder::Model::TextField" => "Valiant","Valiant::HTML::FormBuilder::Proxy" => "Valiant","Valiant::HTML::FormBuilder::RadioButton" => "Valiant","Valiant::HTML::FormBuilder::Renderer::TextField" => "Valiant","Valiant::HTML::FormTags" => "Valiant","Valiant::HTML::PagerBuilder" => "Valiant","Valiant::HTML::SafeString" => "Valiant","Valiant::HTML::Tag" => "Valiant","Valiant::HTML::TagBuilder" => "Valiant","Valiant::HTML::Util::Collection" => "Valiant","Valiant::HTML::Util::Collection::HashItem" => "Valiant","Valiant::HTML::Util::Collection::Item" => "Valiant","Valiant::HTML::Util::Form" => "Valiant","Valiant::HTML::Util::Form::FormObject" => "Valiant","Valiant::HTML::Util::FormTags" => "Valiant","Valiant::HTML::Util::Pager" => "Valiant","Valiant::HTML::Util::TagBuilder" => "Valiant","Valiant::HTML::Util::TagBuilder::_tags" => "Valiant","Valiant::HTML::Util::View" => "Valiant","Valiant::I18N" => "Valiant","Valiant::I18N::Tag" => "Valiant","Valiant::JSON::JSONBuilder" => "Valiant","Valiant::JSON::Util" => "Valiant","Valiant::Name" => "Valiant","Valiant::Naming" => "Valiant","Valiant::NestedError" => "Valiant","Valiant::Proxy" => "Valiant","Valiant::Proxy::Array" => "Valiant","Valiant::Proxy::Hash" => "Valiant","Valiant::Proxy::Object" => "Valiant","Valiant::Translation" => "Valiant","Valiant::Util" => "Valiant","Valiant::Util::Ancestors" => "Valiant","Valiant::Util::Exception" => "Valiant","Valiant::Util::Exception::General" => "Valiant","Valiant::Util::Exception::InvalidFilterArgs" => "Valiant","Valiant::Util::Exception::InvalidValidatorArgs" => "Valiant","Valiant::Util::Exception::MissingCountKey" => "Valiant","Valiant::Util::Exception::MissingMethod" => "Valiant","Valiant::Util::Exception::NameNotFilter" => "Valiant","Valiant::Util::Exception::NameNotValidator" => "Valiant","Valiant::Util::Exception::Strict" => "Valiant","Valiant::Util::Exception::UnexpectedUseModuleError" => "Valiant","Valiant::Validates" => "Valiant","Valiant::Validations" => "Valiant","Valiant::Validator" => "Valiant","Valiant::Validator::Absence" => "Valiant","Valiant::Validator::Array" => "Valiant","Valiant::Validator::Boolean" => "Valiant","Valiant::Validator::Check" => "Valiant","Valiant::Validator::Collection" => "Valiant","Valiant::Validator::Confirmation" => "Valiant","Valiant::Validator::Date" => "Valiant","Valiant::Validator::Each" => "Valiant","Valiant::Validator::Exclusion" => "Valiant","Valiant::Validator::Format" => "Valiant","Valiant::Validator::Hash" => "Valiant","Valiant::Validator::Inclusion" => "Valiant","Valiant::Validator::Length" => "Valiant","Valiant::Validator::Numericality" => "Valiant","Valiant::Validator::Object" => "Valiant","Valiant::Validator::OnlyOf" => "Valiant","Valiant::Validator::Presence" => "Valiant","Valiant::Validator::Scalar" => "Valiant","Valiant::Validator::Unique" => "Valiant","Valiant::Validator::With" => "Valiant","WWW::Mechanize" => "WWW-Mechanize","WWW::Mechanize::Image" => "WWW-Mechanize","WWW::Mechanize::Link" => "WWW-Mechanize","WWW::OAuth" => "WWW-OAuth","WWW::OAuth::Request" => "WWW-OAuth","WWW::OAuth::Request::Basic" => "WWW-OAuth","WWW::OAuth::Request::HTTP_Request" => "WWW-OAuth","WWW::OAuth::Request::Mojo" => "WWW-OAuth","WWW::OAuth::Util" => "WWW-OAuth","WWW::ORCID" => "WWW-ORCID","WWW::ORCID::API" => "WWW-ORCID","WWW::ORCID::API::Common" => "WWW-ORCID","WWW::ORCID::API::Pub" => "WWW-ORCID","WWW::ORCID::API::v2_0" => "WWW-ORCID","WWW::ORCID::API::v2_0_public" => "WWW-ORCID","WWW::ORCID::Base" => "WWW-ORCID","WWW::ORCID::MemberAPI" => "WWW-ORCID","WWW::ORCID::Transport" => "WWW-ORCID","WWW::ORCID::Transport::HTTP::Tiny" => "WWW-ORCID","WWW::ORCID::Transport::LWP" => "WWW-ORCID","WWW::UsePerl::Server" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Controller::Root" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Model::DB" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Comment" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Journal" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Story" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::User" => "WWW-UsePerl-Server","WWW::UsePerl::Server::View::TT" => "WWW-UsePerl-Server","Web::API" => "Web-API","WebService::Xero" => "WebService-Xero","WebService::Xero::Agent" => "WebService-Xero","WebService::Xero::Agent::PrivateApplication" => "WebService-Xero","WebService::Xero::Agent::PublicApplication" => "WebService-Xero","WebService::Xero::Contact" => "WebService-Xero","WebService::Xero::Invoice" => "WebService-Xero","WebService::Xero::Item" => "WebService-Xero","WebService::Xero::Organisation" => "WebService-Xero","WidgetDemo" => "Tk","Wight::Chart" => "Wight-Chart","Wight::Chart::ChartJS" => "Wight-Chart","Wight::Chart::Google" => "Wight-Chart","Win32::File::Summary" => "Win32-File-Summary","Win32::Printer" => "Win32-Printer","Win32::Printer::Direct" => "Win32-Printer","Win32::Printer::Enum" => "Win32-Printer","Win32CORE" => "perl","X509_Certificate" => "IO-Socket-SSL","XAO::DO::CGI" => "XAO-Web","XAO::DO::Context" => "XAO-Web","XAO::DO::Web::Action" => "XAO-Web","XAO::DO::Web::Benchmark" => "XAO-Web","XAO::DO::Web::CgiParam" => "XAO-Web","XAO::DO::Web::Clipboard" => "XAO-Web","XAO::DO::Web::Condition" => "XAO-Web","XAO::DO::Web::Config" => "XAO-Web","XAO::DO::Web::Cookie" => "XAO-Web","XAO::DO::Web::Date" => "XAO-Web","XAO::DO::Web::Debug" => "XAO-Web","XAO::DO::Web::Default" => "XAO-Web","XAO::DO::Web::FS" => "XAO-Web","XAO::DO::Web::FilloutForm" => "XAO-Web","XAO::DO::Web::Footer" => "XAO-Web","XAO::DO::Web::Header" => "XAO-Web","XAO::DO::Web::IdentifyAgent" => "XAO-Web","XAO::DO::Web::IdentifyUser" => "XAO-Web","XAO::DO::Web::Mailer" => "XAO-Web","XAO::DO::Web::Math" => "XAO-Web","XAO::DO::Web::MenuBuilder" => "XAO-Web","XAO::DO::Web::MultiPageNav" => "XAO-Web","XAO::DO::Web::Page" => "XAO-Web","XAO::DO::Web::Redirect" => "XAO-Web","XAO::DO::Web::Search" => "XAO-Web","XAO::DO::Web::SetArg" => "XAO-Web","XAO::DO::Web::Styler" => "XAO-Web","XAO::DO::Web::TextTable" => "XAO-Web","XAO::DO::Web::URL" => "XAO-Web","XAO::DO::Web::Utility" => "XAO-Web","XAO::PageSupport" => "XAO-Web","XAO::PluginUtils" => "XAO-Web","XAO::PreLoad" => "XAO-Web","XAO::Templates" => "XAO-Web","XAO::Web" => "XAO-Web","XAO::testcases::Web::base" => "XAO-Web","XML::Atom" => "XML-Atom","XML::Atom::Base" => "XML-Atom","XML::Atom::Category" => "XML-Atom","XML::Atom::Client" => "XML-Atom","XML::Atom::Content" => "XML-Atom","XML::Atom::Entry" => "XML-Atom","XML::Atom::ErrorHandler" => "XML-Atom","XML::Atom::Feed" => "XML-Atom","XML::Atom::Link" => "XML-Atom","XML::Atom::Namespace" => "XML-Atom","XML::Atom::Person" => "XML-Atom","XML::Atom::Server" => "XML-Atom","XML::Atom::Thing" => "XML-Atom","XML::Atom::Util" => "XML-Atom","XML::DT" => "XML-DT","XML::LibXML" => "XML-LibXML","XML::LibXML::Attr" => "XML-LibXML","XML::LibXML::AttributeHash" => "XML-LibXML","XML::LibXML::Boolean" => "XML-LibXML","XML::LibXML::CDATASection" => "XML-LibXML","XML::LibXML::Comment" => "XML-LibXML","XML::LibXML::Common" => "XML-LibXML","XML::LibXML::Devel" => "XML-LibXML","XML::LibXML::Document" => "XML-LibXML","XML::LibXML::DocumentFragment" => "XML-LibXML","XML::LibXML::Dtd" => "XML-LibXML","XML::LibXML::Element" => "XML-LibXML","XML::LibXML::ErrNo" => "XML-LibXML","XML::LibXML::Error" => "XML-LibXML","XML::LibXML::InputCallback" => "XML-LibXML","XML::LibXML::Literal" => "XML-LibXML","XML::LibXML::NamedNodeMap" => "XML-LibXML","XML::LibXML::Namespace" => "XML-LibXML","XML::LibXML::Node" => "XML-LibXML","XML::LibXML::NodeList" => "XML-LibXML","XML::LibXML::Number" => "XML-LibXML","XML::LibXML::PI" => "XML-LibXML","XML::LibXML::Pattern" => "XML-LibXML","XML::LibXML::Reader" => "XML-LibXML","XML::LibXML::RegExp" => "XML-LibXML","XML::LibXML::RelaxNG" => "XML-LibXML","XML::LibXML::SAX" => "XML-LibXML","XML::LibXML::SAX::AttributeNode" => "XML-LibXML","XML::LibXML::SAX::Builder" => "XML-LibXML","XML::LibXML::SAX::Generator" => "XML-LibXML","XML::LibXML::SAX::Parser" => "XML-LibXML","XML::LibXML::Schema" => "XML-LibXML","XML::LibXML::Text" => "XML-LibXML","XML::LibXML::XPathContext" => "XML-LibXML","XML::LibXML::XPathExpression" => "XML-LibXML","XML::LibXML::_SAXParser" => "XML-LibXML","XML::Sig" => "XML-Sig","XML::Simple" => "XML-Simple","XML::Twig" => "XML-Twig","XML::Twig::Elt" => "XML-Twig","XML::Twig::Entity" => "XML-Twig","XML::Twig::Entity_list" => "XML-Twig","XML::Twig::Notation" => "XML-Twig","XML::Twig::Notation_list" => "XML-Twig","XML::Twig::XPath" => "XML-Twig","XML::Twig::XPath::Attribute" => "XML-Twig","XML::Twig::XPath::Elt" => "XML-Twig","XML::Twig::XPath::Namespace" => "XML-Twig","XS::APItest" => "perl","XS::Typemap" => "perl","YAML" => "YAML","YAML::Any" => "YAML","YAML::Dumper" => "YAML","YAML::Dumper::Base" => "YAML","YAML::Dumper::Syck" => "YAML-Syck","YAML::Error" => "YAML","YAML::LibYAML" => "YAML-LibYAML","YAML::Loader" => "YAML","YAML::Loader::Base" => "YAML","YAML::Loader::Syck" => "YAML-Syck","YAML::Marshall" => "YAML","YAML::Mo" => "YAML","YAML::Node" => "YAML","YAML::Syck" => "YAML-Syck","YAML::Tag" => "YAML","YAML::Type::blessed" => "YAML","YAML::Type::code" => "YAML","YAML::Type::glob" => "YAML","YAML::Type::ref" => "YAML","YAML::Type::regexp" => "YAML","YAML::Type::undef" => "YAML","YAML::Types" => "YAML","YAML::Warning" => "YAML","YAML::XS" => "YAML-LibYAML","YAML::XS::LibYAML" => "YAML-LibYAML","YATT::Lite" => "YATT-Lite","YATT::Lite::Breakpoint" => "YATT-Lite","YATT::Lite::CGen" => "YATT-Lite","YATT::Lite::CGen::ArgMacro" => "YATT-Lite","YATT::Lite::CGen::Perl" => "YATT-Lite","YATT::Lite::Connection" => "YATT-Lite","YATT::Lite::Constants" => "YATT-Lite","YATT::Lite::Core" => "YATT-Lite","YATT::Lite::Entities" => "YATT-Lite","YATT::Lite::Error" => "YATT-Lite","YATT::Lite::Factory" => "YATT-Lite","YATT::Lite::Inc" => "YATT-Lite","YATT::Lite::Inspector" => "YATT-Lite","YATT::Lite::LRXML" => "YATT-Lite","YATT::Lite::LRXML::AltTree" => "YATT-Lite","YATT::Lite::LRXML::FormatEntpath" => "YATT-Lite","YATT::Lite::LRXML::ParseBody" => "YATT-Lite","YATT::Lite::LRXML::ParseEntpath" => "YATT-Lite","YATT::Lite::LanguageServer" => "YATT-Lite","YATT::Lite::LanguageServer::Generic" => "YATT-Lite","YATT::Lite::LanguageServer::Protocol" => "YATT-Lite","YATT::Lite::LanguageServer::Spec2Types" => "YATT-Lite","YATT::Lite::LanguageServer::SpecParser" => "YATT-Lite","YATT::Lite::MFields" => "YATT-Lite","YATT::Lite::MFields::Decl" => "YATT-Lite","YATT::Lite::Macro" => "YATT-Lite","YATT::Lite::NSBuilder" => "YATT-Lite","YATT::Lite::Object" => "YATT-Lite","YATT::Lite::PSGIEnv" => "YATT-Lite","YATT::Lite::Partial" => "YATT-Lite","YATT::Lite::Partial::AppPath" => "YATT-Lite","YATT::Lite::Partial::ErrorReporter" => "YATT-Lite","YATT::Lite::Partial::Gettext" => "YATT-Lite","YATT::Lite::Partial::MarkAfterNew" => "YATT-Lite","YATT::Lite::RegexpNames" => "YATT-Lite","YATT::Lite::Test::TestFCGI" => "YATT-Lite","YATT::Lite::Test::TestUtil" => "YATT-Lite","YATT::Lite::Test::XHFTest" => "YATT-Lite","YATT::Lite::Test::XHFTest2" => "YATT-Lite","YATT::Lite::Test::XHFTest::Item" => "YATT-Lite","YATT::Lite::Types" => "YATT-Lite","YATT::Lite::Types::TypeDesc" => "YATT-Lite","YATT::Lite::Util" => "YATT-Lite","YATT::Lite::Util::AllowRedundantSprintf" => "YATT-Lite","YATT::Lite::Util::AsBase" => "YATT-Lite","YATT::Lite::Util::CGICompat" => "YATT-Lite","YATT::Lite::Util::CmdLine" => "YATT-Lite","YATT::Lite::Util::CycleDetector" => "YATT-Lite","YATT::Lite::Util::Enum" => "YATT-Lite","YATT::Lite::Util::File" => "YATT-Lite","YATT::Lite::Util::FindMethods" => "YATT-Lite","YATT::Lite::VFS" => "YATT-Lite","YATT::Lite::VarMaker" => "YATT-Lite","YATT::Lite::VarTypes" => "YATT-Lite","YATT::Lite::VarTypes::t_delegate" => "YATT-Lite","YATT::Lite::VarTypes::t_html" => "YATT-Lite","YATT::Lite::Walker" => "YATT-Lite","YATT::Lite::WebMVC0::Connection" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema::DBIC" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema::DBIC::DBIC_SCHEMA" => "YATT-Lite","YATT::Lite::WebMVC0::DirApp" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::LangSwitch" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session2" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session3" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp::CGI" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp::FCGI" => "YATT-Lite","YATT::Lite::WebMVC0::SubRoutes" => "YATT-Lite","YATT::Lite::XHF" => "YATT-Lite","YATT::Lite::XHF::Dumper" => "YATT-Lite","YATT::Lite::XHF::StoreDir" => "YATT-Lite","Yancy" => "Yancy","Yancy::Backend" => "Yancy","Yancy::Backend::Dbic" => "Yancy","Yancy::Backend::Memory" => "Yancy","Yancy::Backend::MojoDB" => "Yancy","Yancy::Backend::Mysql" => "Yancy","Yancy::Backend::Pg" => "Yancy","Yancy::Backend::Role::DBI" => "Yancy","Yancy::Backend::Role::MojoAsync" => "Yancy","Yancy::Backend::Role::Relational" => "Yancy","Yancy::Backend::Role::Sync" => "Yancy","Yancy::Backend::Sqlite" => "Yancy","Yancy::Command::backend" => "Yancy","Yancy::Command::backend::copy" => "Yancy","Yancy::Controller::Yancy" => "Yancy","Yancy::Controller::Yancy::API" => "Yancy","Yancy::Controller::Yancy::MultiTenant" => "Yancy","Yancy::I18N" => "Yancy","Yancy::I18N::en" => "Yancy","Yancy::Model" => "Yancy","Yancy::Model::Item" => "Yancy","Yancy::Model::Schema" => "Yancy","Yancy::Plugin::Auth" => "Yancy","Yancy::Plugin::Auth::Basic" => "Yancy","Yancy::Plugin::Auth::Github" => "Yancy","Yancy::Plugin::Auth::OAuth2" => "Yancy","Yancy::Plugin::Auth::Password" => "Yancy","Yancy::Plugin::Auth::Role::RequireUser" => "Yancy","Yancy::Plugin::Auth::Token" => "Yancy","Yancy::Plugin::Editor" => "Yancy","Yancy::Plugin::File" => "Yancy","Yancy::Plugin::Form" => "Yancy","Yancy::Plugin::Form::Bootstrap4" => "Yancy","Yancy::Plugin::Roles" => "Yancy","Yancy::Util" => "Yancy","Yote" => "Yote","Yote::Array" => "Yote","Yote::ArrayGatekeeper" => "Yote","Yote::BigHash" => "Yote","Yote::Hash" => "Yote","Yote::Obj" => "Yote","Yote::ObjStore" => "Yote","Yote::YoteDB" => "Yote","Yukki" => "Yukki","Yukki::Error" => "Yukki","Yukki::Error::Fixup" => "Yukki","Yukki::Model" => "Yukki","Yukki::Model::File" => "Yukki","Yukki::Model::FilePreview" => "Yukki","Yukki::Model::Repository" => "Yukki","Yukki::Model::User" => "Yukki","Yukki::Role::App" => "Yukki","Yukki::Settings" => "Yukki","Yukki::Settings::Anonymous" => "Yukki","Yukki::Settings::Repository" => "Yukki","Yukki::Types" => "Yukki","Yukki::Web" => "Yukki","Yukki::Web::Context" => "Yukki","Yukki::Web::Controller" => "Yukki","Yukki::Web::Controller::Attachment" => "Yukki","Yukki::Web::Controller::Login" => "Yukki","Yukki::Web::Controller::Page" => "Yukki","Yukki::Web::Controller::Redirect" => "Yukki","Yukki::Web::Plugin" => "Yukki","Yukki::Web::Plugin::Attachment" => "Yukki","Yukki::Web::Plugin::Role::FormatHelper" => "Yukki","Yukki::Web::Plugin::Role::Formatter" => "Yukki","Yukki::Web::Plugin::Spreadsheet" => "Yukki","Yukki::Web::Plugin::SyntaxHighlight" => "Yukki","Yukki::Web::Plugin::Viewer" => "Yukki","Yukki::Web::Plugin::YukkiText" => "Yukki","Yukki::Web::Request" => "Yukki","Yukki::Web::Response" => "Yukki","Yukki::Web::Router" => "Yukki","Yukki::Web::Router::Route" => "Yukki","Yukki::Web::Router::Route::Match" => "Yukki","Yukki::Web::Settings" => "Yukki","Yukki::Web::View" => "Yukki","Yukki::Web::View::Attachment" => "Yukki","Yukki::Web::View::Login" => "Yukki","Yukki::Web::View::Page" => "Yukki","Zabbix::Reporter" => "Zabbix-Reporter","Zabbix::Reporter::Cmd" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command::actions" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command::list" => "Zabbix-Reporter","Zabbix::Reporter::Web" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::Demo" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::History" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::List" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::Selftest" => "Zabbix-Reporter","Zlib::OldDeflate" => "IO-Compress","Zlib::OldInflate" => "IO-Compress","Zonemaster::Backend" => "Zonemaster-Backend","Zonemaster::Backend::Config" => "Zonemaster-Backend","Zonemaster::Backend::Config::DCPlugin" => "Zonemaster-Backend","Zonemaster::Backend::DB" => "Zonemaster-Backend","Zonemaster::Backend::DB::MySQL" => "Zonemaster-Backend","Zonemaster::Backend::DB::PostgreSQL" => "Zonemaster-Backend","Zonemaster::Backend::DB::SQLite" => "Zonemaster-Backend","Zonemaster::Backend::Error" => "Zonemaster-Backend","Zonemaster::Backend::Error::Conflict" => "Zonemaster-Backend","Zonemaster::Backend::Error::Internal" => "Zonemaster-Backend","Zonemaster::Backend::Error::JsonError" => "Zonemaster-Backend","Zonemaster::Backend::Error::PermissionDenied" => "Zonemaster-Backend","Zonemaster::Backend::Error::ResourceNotFound" => "Zonemaster-Backend","Zonemaster::Backend::Log" => "Zonemaster-Backend","Zonemaster::Backend::Metrics" => "Zonemaster-Backend","Zonemaster::Backend::RPCAPI" => "Zonemaster-Backend","Zonemaster::Backend::TestAgent" => "Zonemaster-Backend","Zonemaster::Backend::Translator" => "Zonemaster-Backend","Zonemaster::Backend::Validator" => "Zonemaster-Backend","above" => "UR","arybase" => "perl","attributes" => "perl","attrs" => "perl","back_tick_a_command" => "PAR","blib" => "perl","builtin" => "perl","bytes" => "perl","charnames" => "perl","class_name" => "UR","cppAdaptive1" => "cppAdaptive1","cppAdaptive2" => "cppAdaptive2","cppAdaptive2::Inline" => "cppAdaptive2","deprecate" => "perl","diagnostics" => "perl","encoding" => "Encode","feature" => "perl","filetest" => "perl","for" => "perl","in" => "perl","integer" => "perl","java::lang::String" => "perl","less" => "perl","locale" => "perl","mod_perl" => "mod_perl","mod_perl2" => "mod_perl","mro" => "perl","of" => "perl","ojo" => "Mojolicious","open" => "perl","ops" => "perl","overload" => "perl","overload::numbers" => "perl","overloading" => "perl","pipe_a_command" => "PAR","pp" => "PAR-Packer","prior_to_test" => "PAR","pugs" => "Perl6-Pugs","re" => "perl","remove_file_and_try_executable_again" => "PAR","sigtrap" => "perl","site" => "Apache-ASP","sort" => "perl","source::encoding" => "perl","strict" => "perl","subs" => "perl","t::BHK" => "perl","t::Markers" => "perl","test_in_further_subdir" => "PAR","testcases::base" => "XAO-Web","testcases::requires" => "XAO-Web","utf8" => "perl","vars" => "perl","vmsish" => "perl","warnings" => "perl","warnings::register" => "perl","yaml_mapping" => "YAML","yaml_scalar" => "YAML","yaml_sequence" => "YAML"}}
+	{"dists" => {"ActivePerl" => {"advisories" => [{"affected_versions" => ["==5.16.1.1601"],"cves" => ["CVE-2012-5377"],"description" => "Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\\Perl\\Site\\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2012-5377","references" => ["https://www.htbridge.com/advisory/HTB23108","http://osvdb.org/86177"],"reported" => "2012-10-11","severity" => undef},{"affected_versions" => ["==5.8.8.817"],"cves" => ["CVE-2006-2856"],"description" => "ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with \"Users\" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2006-2856","references" => ["http://secunia.com/advisories/20328","http://www.securityfocus.com/bid/18269","http://www.osvdb.org/25974","http://www.vupen.com/english/advisories/2006/2140","https://exchange.xforce.ibmcloud.com/vulnerabilities/26915"],"reported" => "2006-06-06","severity" => undef},{"affected_versions" => ["<=5.8.1"],"cves" => ["CVE-2004-2286"],"description" => "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-2286","references" => ["http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html","http://www.securityfocus.com/bid/10380","https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"],"reported" => "2004-12-31","severity" => undef},{"affected_versions" => ["<5.10"],"cves" => ["CVE-2004-2022"],"description" => "ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow.  NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-2022","references" => ["http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt","http://www.perlmonks.org/index.pl?node_id=354145","http://www.securityfocus.com/bid/10375","http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html","http://marc.info/?l=full-disclosure&m=108489112131099&w=2","http://marc.info/?l=full-disclosure&m=108482796105922&w=2","http://marc.info/?l=full-disclosure&m=108483058514596&w=2","http://marc.info/?l=bugtraq&m=108489894009025&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/16169"],"reported" => "2004-12-31","severity" => undef},{"affected_versions" => [],"cves" => ["CVE-2004-0377"],"description" => "Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2004-0377","references" => ["http://www.kb.cert.org/vuls/id/722414","http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html","http://public.activestate.com/cgi-bin/perlbrowse?patch=22552","http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities","http://marc.info/?l=bugtraq&m=108118694327979&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/15732"],"reported" => "2004-05-04","severity" => undef},{"affected_versions" => ["<=5.6.1.629"],"cves" => ["CVE-2001-0815"],"description" => "Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.\n","distribution" => "ActivePerl","fixed_versions" => [],"id" => "CPANSA-ActivePerl-2001-0815","references" => ["http://bugs.activestate.com/show_bug.cgi?id=18062","http://www.securityfocus.com/bid/3526","http://www.osvdb.org/678","http://marc.info/?l=bugtraq&m=100583978302585&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/7539"],"reported" => "2001-12-06","severity" => undef}],"main_module" => "","versions" => []},"Alien-FreeImage" => {"advisories" => [{"affected_versions" => [">=0.001,<=0.011"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Alien-FreeImage","fixed_versions" => [],"id" => "CPANSA-Alien-FreeImage-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=1.000_1,<=1.001"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Alien-FreeImage","fixed_versions" => [],"id" => "CPANSA-Alien-FreeImage-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef}],"main_module" => "Alien::FreeImage","versions" => [{"date" => "2014-11-27T21:33:19","version" => "0.001"},{"date" => "2014-11-27T23:23:17","version" => "0.002"},{"date" => "2014-11-28T06:50:21","version" => "0.003"},{"date" => "2014-11-28T08:16:43","version" => "0.004"},{"date" => "2014-11-28T09:42:55","version" => "0.005"},{"date" => "2014-11-29T17:54:12","version" => "0.006"},{"date" => "2014-11-29T22:00:16","version" => "0.007"},{"date" => "2014-11-29T22:04:22","version" => "0.008"},{"date" => "2014-11-30T21:50:53","version" => "0.009"},{"date" => "2014-12-08T22:22:02","version" => "0.010"},{"date" => "2014-12-09T21:26:56","version" => "0.011"},{"date" => "2017-06-25T21:05:55","version" => "1.000_1"},{"date" => "2017-06-26T17:54:11","version" => "1.000_2"},{"date" => "2017-06-27T08:30:16","version" => "1.000_3"},{"date" => "2017-07-11T11:46:10","version" => "1.001"}]},"Alien-GCrypt" => {"advisories" => [{"affected_versions" => [">=1.6.2.0,<=1.6.2.1"],"cves" => ["CVE-2018-0495"],"description" => "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.\n","distribution" => "Alien-GCrypt","fixed_versions" => [],"id" => "CPANSA-Alien-GCrypt-2018-0495-libgcrypt","references" => ["https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://dev.gnupg.org/T4011","https://www.debian.org/security/2018/dsa-4231","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3689-1/","http://www.securitytracker.com/id/1041147","http://www.securitytracker.com/id/1041144","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3692-1/","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237"],"reported" => "2018-06-13","severity" => "medium"},{"affected_versions" => ["==1.6.5.0"],"cves" => ["CVE-2018-0495"],"description" => "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.\n","distribution" => "Alien-GCrypt","fixed_versions" => [],"id" => "CPANSA-Alien-GCrypt-2018-0495-libgcrypt","references" => ["https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://dev.gnupg.org/T4011","https://www.debian.org/security/2018/dsa-4231","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3689-1/","http://www.securitytracker.com/id/1041147","http://www.securitytracker.com/id/1041144","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3692-1/","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237"],"reported" => "2018-06-13","severity" => "medium"}],"main_module" => "Alien::GCrypt","versions" => [{"date" => "2014-11-19T00:20:20","version" => "1.6.2.0"},{"date" => "2014-11-21T22:25:49","version" => "1.6.2.1"},{"date" => "2016-03-11T00:00:36","version" => "1.6.5.0"}]},"Alien-OTR" => {"advisories" => [{"affected_versions" => [">=4.0.0.0,<=4.0.0.1"],"cves" => ["CVE-2016-2851"],"description" => "Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.\n","distribution" => "Alien-OTR","fixed_versions" => [],"id" => "CPANSA-Alien-OTR-2016-2851-libotr","references" => ["https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/","http://www.debian.org/security/2016/dsa-3512","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html","https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html","http://seclists.org/fulldisclosure/2016/Mar/21","http://www.securityfocus.com/bid/84285","http://www.ubuntu.com/usn/USN-2926-1","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html","https://security.gentoo.org/glsa/201701-10","https://www.exploit-db.com/exploits/39550/","http://www.securityfocus.com/archive/1/537745/100/0/threaded"],"reported" => "2016-04-07","severity" => "critical"},{"affected_versions" => ["==4.1.0.0"],"cves" => ["CVE-2016-2851"],"description" => "Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.\n","distribution" => "Alien-OTR","fixed_versions" => [],"id" => "CPANSA-Alien-OTR-2016-2851-libotr","references" => ["https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/","http://www.debian.org/security/2016/dsa-3512","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html","https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html","http://seclists.org/fulldisclosure/2016/Mar/21","http://www.securityfocus.com/bid/84285","http://www.ubuntu.com/usn/USN-2926-1","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html","https://security.gentoo.org/glsa/201701-10","https://www.exploit-db.com/exploits/39550/","http://www.securityfocus.com/archive/1/537745/100/0/threaded"],"reported" => "2016-04-07","severity" => "critical"}],"main_module" => "Alien::OTR","versions" => [{"date" => "2014-02-04T00:25:37","version" => "4.0.0.0"},{"date" => "2014-06-16T00:29:25","version" => "4.0.0.1"},{"date" => "2014-11-19T00:30:34","version" => "4.1.0.0"},{"date" => "2016-03-10T23:38:55","version" => "4.1.1.0"}]},"Alien-PCRE2" => {"advisories" => [{"affected_versions" => ["<0.016000"],"comment" => "This Alien module fetches libpcre2 sources from the network. It tries to get the latest unless you set environment variables to get a different version.\n","cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "Alien-PCRE2","fixed_versions" => [">=0.016000"],"id" => "CPANSA-Alien-PCRE2-2019-20454","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"}],"main_module" => "Alien::PCRE2","versions" => [{"date" => "2017-06-30T23:18:21","version" => "0.001000"},{"date" => "2017-07-01T02:48:02","version" => "0.002000"},{"date" => "2017-07-02T04:51:35","version" => "0.003000"},{"date" => "2017-07-02T06:53:29","version" => "0.004000"},{"date" => "2017-07-02T09:21:41","version" => "0.005000"},{"date" => "2017-07-03T01:03:23","version" => "0.006000"},{"date" => "2017-07-12T17:40:07","version" => "0.007000"},{"date" => "2017-07-13T07:43:28","version" => "0.008000"},{"date" => "2017-07-15T10:31:20","version" => "0.009000"},{"date" => "2017-07-17T04:44:54","version" => "0.010000"},{"date" => "2017-07-18T18:30:06","version" => "0.011000"},{"date" => "2017-07-19T05:07:21","version" => "0.012000"},{"date" => "2017-07-23T04:43:01","version" => "0.013000"},{"date" => "2017-11-01T02:50:14","version" => "0.014000"},{"date" => "2017-11-08T00:42:33","version" => "0.015000"},{"date" => "2022-05-08T20:22:53","version" => "0.016000"},{"date" => "2023-02-04T00:21:59","version" => "0.017000"}]},"Alien-SVN" => {"advisories" => [{"affected_versions" => [">=1.4.5.0,<=1.4.5.3"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.4.5.0,<=1.4.5.3"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.4.6.0,<=1.4.6.0"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.4.6.0,<=1.4.6.0"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.6.12.0,<=1.6.12.1"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.6.12.0,<=1.6.12.1"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.7.3.0,<=1.17.3.0"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.7.3.0,<=1.17.3.0"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.7.17.0,<=1.17.1.0"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.7.17.0,<=1.17.1.0"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => ["==1.7.19.0"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => ["==1.7.19.0"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2016-2167"],"description" => "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2167-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://www.securitytracker.com/id/1035706","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://subversion.apache.org/security/CVE-2016-2167-advisory.txt","http://www.securityfocus.com/bid/89417","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2016-2168"],"description" => "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2016-2168-subversion","references" => ["http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA\@mail.gmail.com%3E","http://www.debian.org/security/2016/dsa-3561","http://subversion.apache.org/security/CVE-2016-2168-advisory.txt","http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ\@mail.gmail.com%3E","http://www.securitytracker.com/id/1035707","http://www.securityfocus.com/bid/89320","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496","http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html","https://security.gentoo.org/glsa/201610-05","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2016-05-05","severity" => "medium"},{"affected_versions" => [">=1.4.5.0,<=1.4.5.3"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"},{"affected_versions" => ["==1.4.6.0"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"},{"affected_versions" => [">=1.6.12.0,<=1.6.12.1"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"},{"affected_versions" => [">=1.7.17.0,<=1.7.17.1"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"},{"affected_versions" => ["==1.7.19.0"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"},{"affected_versions" => [">=1.7.3.0,<=1.7.3.1"],"cves" => ["CVE-2013-1968"],"description" => "Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2013-1968-svn","references" => ["http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html","https://subversion.apache.org/security/CVE-2013-1968-advisory.txt","http://www.ubuntu.com/usn/USN-1893-1","http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E","http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E","http://www.debian.org/security/2013/dsa-2703","http://rhn.redhat.com/errata/RHSA-2014-0255.html","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986"],"reported" => "2013-07-31","severity" => undef},{"affected_versions" => ["==1.8.11.0"],"cves" => ["CVE-2017-9800"],"description" => "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\n","distribution" => "Alien-SVN","fixed_versions" => [],"id" => "CPANSA-Alien-SVN-2017-9800-svn","references" => ["https://subversion.apache.org/security/CVE-2017-9800-advisory.txt","https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63\@%3Cannounce.apache.org%3E","http://www.securitytracker.com/id/1039127","http://www.securityfocus.com/bid/100259","https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html","http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html","https://security.gentoo.org/glsa/201709-09","https://support.apple.com/HT208103","http://www.debian.org/security/2017/dsa-3932","https://access.redhat.com/errata/RHSA-2017:2480","http://www.securityfocus.com/archive/1/540999/100/0/threaded","https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76\@%3Ccommits.subversion.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html"],"reported" => "2017-08-11","severity" => "critical"}],"main_module" => "Alien::SVN","versions" => [{"date" => "2007-09-12T10:21:02","version" => "1.4.5.0"},{"date" => "2007-09-21T01:13:48","version" => "1.4.5.1"},{"date" => "2007-09-21T11:45:13","version" => "1.4.5.2"},{"date" => "2007-12-26T09:04:20","version" => "1.4.5.3"},{"date" => "2007-12-27T05:34:26","version" => "1.4.6.0"},{"date" => "2010-08-18T07:45:18","version" => "v1.6.12.0"},{"date" => "2011-02-23T00:51:22","version" => "v1.6.12.1"},{"date" => "2012-03-02T00:57:20","version" => "v1.7.3.0"},{"date" => "2012-03-18T22:14:33","version" => "v1.7.3.1"},{"date" => "2014-06-12T04:08:38","version" => "v1.7.17.0"},{"date" => "2014-06-12T17:19:44","version" => "v1.7.17.1"},{"date" => "2015-01-12T23:26:41","version" => "v1.7.19.0"},{"date" => "2015-01-13T00:12:19","version" => "v1.8.11.0"}]},"Amon2-Auth-Site-LINE" => {"advisories" => [{"affected_versions" => ["<0.05"],"cves" => ["CVE-2024-57835"],"description" => "Amon2::Auth::Site::LINE uses the String::Random module\x{a0}to generate nonce values.\x{a0}  String::Random\x{a0}defaults to Perl's built-in predictable\x{a0}random number generator,\x{a0}the rand() function, which is not cryptographically secure","distribution" => "Amon2-Auth-Site-LINE","fixed_versions" => [">=0.05"],"id" => "CPANSA-Amon2-Auth-Site-LINE-2024-57835","references" => ["https://metacpan.org/release/SHLOMIF/String-Random-0.32/source/lib/String/Random.pm#L377","https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L235","https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L255","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://jvndb.jvn.jp/ja/contents/2025/JVNDB-2025-003449.html"],"reported" => "2025-04-05","severity" => "moderate"}],"main_module" => "Amon2::Auth::Site::LINE","versions" => [{"date" => "2020-11-21T06:34:32","version" => "0.01"},{"date" => "2020-11-23T00:05:03","version" => "0.02"},{"date" => "2020-11-25T01:33:35","version" => "0.03"},{"date" => "2020-11-26T07:04:40","version" => "0.04"},{"date" => "2025-05-20T12:14:56","version" => "0.05"}]},"Apache-ASP" => {"advisories" => [{"affected_versions" => ["<1.95"],"cves" => [],"description" => "A bug would allow a malicious user possible writing of files in the same directory as the source.asp script.\n","distribution" => "Apache-ASP","fixed_versions" => [">=1.95"],"id" => "CPANSA-Apache-ASP-2000-01","references" => ["https://metacpan.org/release/CHAMAS/Apache-ASP-2.63/source/README"],"reported" => "2000-07-10","severity" => undef}],"main_module" => "Apache::ASP","versions" => [{"date" => "1998-06-24T02:10:51","version" => "0.01"},{"date" => "1998-07-11T01:48:14","version" => "0.02"},{"date" => "1998-09-14T11:13:32","version" => "0.03"},{"date" => "1998-10-12T07:50:56","version" => "0.04"},{"date" => "1998-10-18T21:29:19","version" => "0.05"},{"date" => "1999-02-06T06:04:50","version" => "0.08"},{"date" => "1999-04-22T08:30:57","version" => "0.09"},{"date" => "1999-06-24T20:04:52","version" => "0.11"},{"date" => "1999-07-02T07:05:05","version" => "0.12"},{"date" => "1999-07-29T10:58:20","version" => "0.14"},{"date" => "1999-08-25T02:02:31","version" => "0.15"},{"date" => "1999-09-22T20:54:01","version" => "0.16"},{"date" => "1999-11-16T04:44:48","version" => "0.17"},{"date" => "2000-02-04T02:14:14","version" => "0.18"},{"date" => "2000-07-03T13:08:54","version" => "1.91"},{"date" => "2000-07-03T22:43:45","version" => "1.93"},{"date" => "2000-07-11T01:44:02","version" => "1.95"},{"date" => "2000-07-16T07:17:39","version" => "2.00"},{"date" => "2000-07-22T23:31:36","version" => "2.01"},{"date" => "2000-08-02T00:11:15","version" => "2.03"},{"date" => "2000-11-26T19:15:48","version" => "2.07"},{"date" => "2001-01-31T04:03:17","version" => "2.09"},{"date" => "2001-05-30T01:37:39","version" => "2.11"},{"date" => "2001-06-12T00:41:33","version" => "2.15"},{"date" => "2001-06-18T02:35:48","version" => "2.17"},{"date" => "2001-07-11T05:27:22","version" => "2.19"},{"date" => "2001-08-05T23:01:50","version" => "2.21"},{"date" => "2001-10-11T07:54:39","version" => "2.23"},{"date" => "2001-10-11T23:34:01","version" => "2.25"},{"date" => "2001-11-01T01:11:12","version" => "2.27"},{"date" => "2001-11-19T21:41:12","version" => "2.29"},{"date" => "2002-01-22T09:52:49","version" => "2.31"},{"date" => "2002-04-30T09:12:20","version" => "2.33"},{"date" => "2002-05-30T19:47:22","version" => "2.35"},{"date" => "2002-07-03T21:11:15","version" => "2.37"},{"date" => "2002-09-12T08:16:20","version" => "2.39"},{"date" => "2002-09-30T06:35:47","version" => "2.41"},{"date" => "2002-10-14T04:01:36","version" => "2.45"},{"date" => "2002-11-07T02:03:41","version" => "2.47"},{"date" => "2002-11-11T07:15:21","version" => "2.49"},{"date" => "2003-02-10T21:11:34","version" => "2.51"},{"date" => "2003-04-10T16:27:14","version" => "2.53"},{"date" => "2003-08-10T07:39:57","version" => "2.55"},{"date" => "2004-01-29T08:30:48","version" => "2.57"},{"date" => "2005-05-24T05:52:39","version" => "2.59"},{"date" => "2008-05-25T23:07:57","version" => "2.61"},{"date" => "2011-10-02T19:18:10","version" => "2.62"},{"date" => "2012-02-13T23:15:04","version" => "2.62"},{"date" => "2018-03-15T05:28:37","version" => "2.63"}]},"Apache-AuthCAS" => {"advisories" => [{"affected_versions" => ["<0.5"],"cves" => ["CVE-2007-6342"],"description" => "A tainted cookie could be sent by a malicious user and it would be used in an SQL query without protection against SQL injection.\n","distribution" => "Apache-AuthCAS","fixed_versions" => [">=0.5"],"id" => "CPANSA-Apache-AuthCAS-2007-01","references" => ["https://metacpan.org/changes/distribution/Apache-AuthCAS","https://cxsecurity.com/issue/WLB-2007120031"],"reported" => "2007-12-13","severity" => "high"}],"main_module" => "Apache::AuthCAS","versions" => [{"date" => "2004-09-15T19:17:43","version" => "0.1"},{"date" => "2004-09-15T20:11:40","version" => "0.2"},{"date" => "2004-10-05T22:51:50","version" => "0.3"},{"date" => "2004-10-13T00:45:52","version" => "0.4"},{"date" => "2008-03-23T23:03:16","version" => "0.5"}]},"Apache-AuthenHook" => {"advisories" => [{"affected_versions" => [">=2.00_04"],"cves" => ["CVE-2010-3845"],"description" => "libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.\n","distribution" => "Apache-AuthenHook","fixed_versions" => [],"id" => "CPANSA-Apache-AuthenHook-2010-3845","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=62040","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712","http://seclists.org/oss-sec/2010/q4/63"],"reported" => "2017-08-08","severity" => "critical"}],"main_module" => "Apache::AuthenHook","versions" => [{"date" => "2003-06-20T19:05:21","version" => "2.00_01"},{"date" => "2004-04-06T01:20:10","version" => "2.00_03"},{"date" => "2005-04-14T12:57:55","version" => "2.00_04"}]},"Apache-MP3" => {"advisories" => [{"affected_versions" => ["<2.15"],"cves" => [],"description" => "A security bug allowed people to bypass the AllowDownload setting.\n","distribution" => "Apache-MP3","fixed_versions" => [">=2.15"],"id" => "CPANSA-Apache-MP3-2001-01","references" => ["https://metacpan.org/dist/Apache-MP3/changes"],"reported" => "2001-01-01","severity" => undef}],"main_module" => "Apache::MP3","versions" => [{"date" => "2000-03-20T13:00:07","version" => "1.00"},{"date" => "2000-05-27T04:19:21","version" => "2.00"},{"date" => "2000-05-27T04:34:42","version" => "2.01"},{"date" => "2000-05-28T16:17:59","version" => "2.02"},{"date" => "2000-08-23T13:46:23","version" => "2.04"},{"date" => "2000-08-25T14:45:54","version" => "2.05"},{"date" => "2000-08-26T03:41:07","version" => "2.06"},{"date" => "2000-08-31T20:28:28","version" => "2.08"},{"date" => "2000-09-03T18:31:17","version" => "2.10"},{"date" => "2000-09-09T22:12:04","version" => "2.11"},{"date" => "2000-11-21T22:15:07","version" => "2.12"},{"date" => "2000-12-31T04:29:03","version" => "2.14"},{"date" => "2001-01-02T03:37:33","version" => "2.15"},{"date" => "2001-05-01T02:43:47","version" => "2.16"},{"date" => "2001-06-10T22:02:46","version" => "2.18"},{"date" => "2001-07-17T01:39:59","version" => "2.19"},{"date" => "2001-09-26T01:14:42","version" => "2.20"},{"date" => "2002-01-06T20:38:33","version" => "2.22"},{"date" => "2002-05-31T01:12:04","version" => "2.26"},{"date" => "2002-08-16T04:18:25","version" => "3.00"},{"date" => "2002-08-18T17:41:46","version" => "3.01"},{"date" => "2002-10-14T03:26:03","version" => "3.03"},{"date" => "2003-02-15T00:51:19","version" => "3.04"},{"date" => "2003-10-06T14:12:34","version" => "3.05"},{"date" => "2006-04-15T01:26:38","version" => "4.00"}]},"Apache-Session" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40931"],"description" => "Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.  Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache-Session","fixed_versions" => [],"id" => "CPANSA-Apache-Session-2025-40931","references" => ["https://metacpan.org/dist/Apache-Session/source/lib/Apache/Session/Generate/MD5.pm#L27","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Apache::Session","versions" => [{"date" => "1998-05-20T21:03:28","version" => "0.10"},{"date" => "1998-06-26T23:12:16","version" => "0.12"},{"date" => "1998-07-08T11:14:44","version" => "0.13"},{"date" => "1998-07-20T07:21:32","version" => "0.14"},{"date" => "1998-09-15T21:29:50","version" => "0.16"},{"date" => "1998-09-29T05:20:47","version" => "v0.16.1"},{"date" => "1998-11-14T20:39:57","version" => "0.17"},{"date" => "1998-12-09T18:17:21","version" => "v0.17.1"},{"date" => "1999-01-28T19:45:49","version" => "v0.99.0"},{"date" => "1999-02-14T21:44:23","version" => "v0.99.3"},{"date" => "1999-02-16T05:47:59","version" => "v0.99.5"},{"date" => "1999-03-01T05:57:39","version" => "v0.99.6"},{"date" => "1999-03-03T23:57:45","version" => "v0.99.7"},{"date" => "1999-04-05T04:51:55","version" => "v0.99.8"},{"date" => "1999-08-16T02:06:04","version" => "1.00"},{"date" => "1999-09-12T04:35:00","version" => "1.03"},{"date" => "2000-05-26T16:31:41","version" => "1.50"},{"date" => "2000-05-26T22:31:44","version" => "1.51"},{"date" => "2000-07-24T03:48:07","version" => "1.52"},{"date" => "2000-09-01T22:43:07","version" => "1.53"},{"date" => "2001-10-11T18:37:18","version" => "1.54"},{"date" => "2004-02-24T19:58:32","version" => "1.6"},{"date" => "2004-09-01T18:55:04","version" => "1.70_01"},{"date" => "2005-10-06T22:17:32","version" => "1.80"},{"date" => "2006-05-23T16:03:15","version" => "1.81"},{"date" => "2007-02-12T17:53:50","version" => "1.81_01"},{"date" => "2007-02-21T13:35:35","version" => "1.82"},{"date" => "2007-03-10T11:45:09","version" => "1.82_01"},{"date" => "2007-03-11T15:30:47","version" => "1.82_02"},{"date" => "2007-03-12T22:00:28","version" => "1.82_03"},{"date" => "2007-04-27T20:08:58","version" => "1.82_04"},{"date" => "2007-05-14T09:03:50","version" => "1.82_05"},{"date" => "2007-05-25T11:28:49","version" => "1.83"},{"date" => "2007-08-03T21:02:51","version" => "1.83_01"},{"date" => "2007-10-02T12:53:28","version" => "1.84"},{"date" => "2007-11-26T22:09:17","version" => "1.84_01"},{"date" => "2007-12-21T22:28:51","version" => "1.85"},{"date" => "2008-01-24T15:00:36","version" => "1.85_01"},{"date" => "2008-02-01T12:14:19","version" => "1.86"},{"date" => "2008-06-20T09:48:31","version" => "1.86_01"},{"date" => "2008-06-27T20:54:45","version" => "1.86_02"},{"date" => "2008-08-03T11:34:12","version" => "1.86_03"},{"date" => "2008-08-08T09:28:24","version" => "1.87"},{"date" => "2008-12-20T21:04:01","version" => "1.88"},{"date" => "2010-09-21T22:56:17","version" => "1.89"},{"date" => "2013-01-27T13:38:31","version" => "1.90"},{"date" => "2014-01-06T22:44:40","version" => "1.91"},{"date" => "2014-03-08T23:03:33","version" => "1.92"},{"date" => "2014-04-12T19:35:25","version" => "1.93"},{"date" => "2020-09-18T22:00:45","version" => "1.94"}]},"Apache-Session-Browseable" => {"advisories" => [{"affected_versions" => ["<1.3.6"],"cves" => ["CVE-2020-36659"],"description" => "In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n","distribution" => "Apache-Session-Browseable","fixed_versions" => [">=1.3.6"],"id" => "CPANSA-Apache-Session-Browseable-2020-36659","references" => ["https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f","https://lists.debian.org/debian-lts-announce/2023/01/msg00025.html"],"reported" => "2023-01-27","severity" => undef}],"main_module" => "Apache::Session::Browseable","versions" => [{"date" => "2009-10-31T08:09:42","version" => "0.1"},{"date" => "2009-11-01T09:10:13","version" => "0.2"},{"date" => "2009-11-01T16:21:16","version" => "0.3"},{"date" => "2010-08-16T15:26:19","version" => "0.4"},{"date" => "2010-12-06T21:08:25","version" => "0.5"},{"date" => "2010-12-08T15:45:21","version" => "0.6"},{"date" => "2012-06-24T07:14:37","version" => "0.7"},{"date" => "2012-10-13T16:15:41","version" => "0.8"},{"date" => "2013-02-28T06:05:09","version" => "0.9"},{"date" => "2013-08-28T04:42:23","version" => "1.0"},{"date" => "2013-08-30T04:47:02","version" => "1.0"},{"date" => "2013-10-20T05:39:14","version" => "v1.0.2"},{"date" => "2015-06-12T15:56:45","version" => "1.1"},{"date" => "2016-03-09T05:31:13","version" => "1.2"},{"date" => "2016-03-10T06:30:41","version" => "v1.2.1"},{"date" => "2016-04-01T11:34:51","version" => "v1.2.2"},{"date" => "2016-06-07T13:59:19","version" => "v1.2.3"},{"date" => "2017-02-19T07:34:18","version" => "v1.2.4"},{"date" => "2017-04-04T05:18:26","version" => "v1.2.5"},{"date" => "2017-09-12T09:35:30","version" => "v1.2.5"},{"date" => "2017-10-03T05:00:07","version" => "v1.2.7"},{"date" => "2017-10-03T10:42:35","version" => "v1.2.8"},{"date" => "2019-02-08T06:29:20","version" => "v1.2.9"},{"date" => "2019-02-08T09:31:22","version" => "v1.3.0"},{"date" => "2019-05-04T10:55:48","version" => "v1.3.1"},{"date" => "2019-07-04T18:30:30","version" => "v1.3.2"},{"date" => "2019-09-19T20:44:43","version" => "v1.3.3"},{"date" => "2019-11-20T19:43:04","version" => "v1.3.4"},{"date" => "2020-01-21T10:20:26","version" => "v1.3.5"},{"date" => "2020-09-04T13:23:31","version" => "v1.3.6"},{"date" => "2020-09-04T13:39:40","version" => "v1.3.7"},{"date" => "2020-09-06T21:03:06","version" => "v1.3.8"},{"date" => "2021-08-10T04:44:06","version" => "v1.3.9"},{"date" => "2022-03-08T13:51:31","version" => "v1.3.10"},{"date" => "2022-09-26T16:41:24","version" => "v1.3.11"},{"date" => "2023-07-06T10:43:25","version" => "v1.3.12"},{"date" => "2023-07-06T11:38:32","version" => "v1.3.13"},{"date" => "2024-12-19T07:59:19","version" => "v1.3.13"},{"date" => "2025-04-10T19:24:48","version" => "v1.3.15"},{"date" => "2025-04-12T10:31:56","version" => "v1.3.16"},{"date" => "2025-06-18T12:49:41","version" => "v1.3.17"},{"date" => "2025-09-23T10:46:46","version" => "v1.3.18"}]},"Apache-Session-LDAP" => {"advisories" => [{"affected_versions" => ["<0.5"],"cves" => ["CVE-2020-36658"],"description" => "In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n","distribution" => "Apache-Session-LDAP","fixed_versions" => [">=0.5"],"id" => "CPANSA-Apache-Session-LDAP-2020-36658","references" => ["https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f","https://lists.debian.org/debian-lts-announce/2023/01/msg00024.html"],"reported" => "2023-01-27","severity" => undef}],"main_module" => "Apache::Session::LDAP","versions" => [{"date" => "2009-04-18T17:09:10","version" => "0.01"},{"date" => "2009-04-18T19:43:50","version" => "0.02"},{"date" => "2010-12-08T15:30:51","version" => "0.1"},{"date" => "2012-06-26T04:22:47","version" => "0.2"},{"date" => "2014-10-24T12:21:07","version" => "0.2"},{"date" => "2015-06-12T15:47:40","version" => "0.4"},{"date" => "2020-09-06T13:13:20","version" => "0.2"}]},"Apache-SessionX" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40932"],"description" => "Apache::SessionX versions through 2.01 for Perl create insecure session id.  Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache-SessionX","fixed_versions" => [],"id" => "CPANSA-Apache-SessionX-2005-01","references" => ["https://metacpan.org/release/GRICHTER/Apache-SessionX-2.01/source/SessionX/Generate/MD5.pm#L29","https://metacpan.org/changes/distribution/Apache-SessionX"],"reported" => "2005-11-15","severity" => undef}],"main_module" => "Apache::SessionX","versions" => [{"date" => "2001-11-20T15:36:53","version" => "2.00"},{"date" => "2003-03-02T14:18:57","version" => "2.00"},{"date" => "2005-11-15T05:21:49","version" => "2.01"}]},"Apache-Wyrd" => {"advisories" => [{"affected_versions" => ["<0.97"],"cves" => [],"description" => "User-submitted data cab be executed if it is displayed on a page, if the data contains a string that can be interpreted as a Wyrd.\n","distribution" => "Apache-Wyrd","fixed_versions" => [">=0.97"],"id" => "CPANSA-Apache-Wyrd-2008-01","references" => ["https://metacpan.org/dist/Apache-Wyrd/changes"],"reported" => "2008-04-14","severity" => undef}],"main_module" => "Apache::Wyrd","versions" => [{"date" => "2004-03-17T21:36:52","version" => "0.8"},{"date" => "2004-03-18T22:52:04","version" => "0.81"},{"date" => "2004-03-25T23:52:49","version" => "0.82"},{"date" => "2004-08-19T15:42:55","version" => "0.83"},{"date" => "2004-09-03T19:44:01","version" => "0.84"},{"date" => "2004-09-22T16:08:23","version" => "0.85"},{"date" => "2004-09-23T02:04:43","version" => "0.86"},{"date" => "2004-10-31T20:59:42","version" => "0.87"},{"date" => "2004-12-16T20:56:33","version" => "0.90"},{"date" => "2005-01-09T21:52:49","version" => "0.91"},{"date" => "2005-01-13T17:42:18","version" => "0.92"},{"date" => "2005-03-25T21:22:56","version" => "0.93"},{"date" => "2006-10-22T22:57:04","version" => "0.94"},{"date" => "2007-04-30T23:02:05","version" => "0.95"},{"date" => "2007-05-01T15:20:02","version" => "0.96"},{"date" => "2008-04-14T18:49:14","version" => "0.97"},{"date" => "2008-04-15T21:32:47","version" => "0.98"}]},"Apache2-AuthAny" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40933"],"description" => "Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely.  Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Apache2-AuthAny","fixed_versions" => [],"id" => "CPANSA-Apache2-AuthAny-2025-40933","references" => ["https://metacpan.org/release/KGOLDOV/Apache2-AuthAny-0.201/source/lib/Apache2/AuthAny/Cookie.pm"],"reported" => "2025-09-17","severity" => undef}],"main_module" => "Apache2::AuthAny","versions" => [{"date" => "2011-05-09T22:32:29","version" => "0.20"},{"date" => "2011-05-16T18:32:03","version" => "0.201"}]},"App-Context" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.968"],"cves" => ["CVE-2012-6141"],"description" => "The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.\n","distribution" => "App-Context","fixed_versions" => [">0.968"],"id" => "CPANSA-App-Context-2012-6141","references" => ["http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84198"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "App::Context","versions" => [{"date" => "2002-10-10T21:31:39","version" => "0.01"},{"date" => "2004-09-02T21:17:44","version" => "0.90"},{"date" => "2005-01-07T14:02:06","version" => "0.93"},{"date" => "2005-08-09T20:05:02","version" => "0.95"},{"date" => "2006-03-10T04:24:13","version" => "0.96"},{"date" => "2006-03-12T01:30:11","version" => "0.962"},{"date" => "2006-07-25T02:30:21","version" => "0.963"},{"date" => "2006-09-04T19:41:12","version" => "0.964"},{"date" => "2007-04-17T13:33:24","version" => "0.965"},{"date" => "2008-02-27T03:13:41","version" => "0.966"},{"date" => "2008-02-27T14:19:23","version" => "0.9661"},{"date" => "2009-09-11T14:31:52","version" => "0.967"},{"date" => "2010-06-09T21:33:19","version" => "0.968"}]},"App-Genpass" => {"advisories" => [{"affected_versions" => ["<0.2400"],"cves" => [],"description" => "App-genpass before v0.2400 generated passwords using build in rand()\n","distribution" => "App-Genpass","fixed_versions" => [">=0.2400"],"id" => "CPANSA-App-Genpass-2024-001","references" => ["https://metacpan.org/dist/App-Genpass/changes","https://github.com/xsawyerx/app-genpass/pull/5","https://github.com/briandfoy/cpan-security-advisory/issues/178"],"reported" => undef,"severity" => undef}],"main_module" => "App::Genpass","versions" => [{"date" => "2009-12-14T22:15:31","version" => "0.03"},{"date" => "2010-01-01T18:06:50","version" => "0.04"},{"date" => "2010-01-02T07:45:49","version" => "0.05"},{"date" => "2010-05-28T21:46:01","version" => "0.06"},{"date" => "2010-05-29T21:37:11","version" => "0.07"},{"date" => "2010-05-30T08:35:54","version" => "0.08"},{"date" => "2010-05-31T18:39:55","version" => "0.09"},{"date" => "2010-06-07T10:16:54","version" => "0.10"},{"date" => "2010-07-16T21:15:53","version" => "0.11"},{"date" => "2010-07-16T22:36:16","version" => "1.00"},{"date" => "2010-07-18T15:20:18","version" => "1.01"},{"date" => "2011-02-17T10:52:08","version" => "2.00"},{"date" => "2011-03-10T12:26:49","version" => "2.01"},{"date" => "2011-08-03T11:58:46","version" => "2.02"},{"date" => "2011-08-03T16:05:37","version" => "2.03"},{"date" => "2011-08-06T07:36:59","version" => "2.04"},{"date" => "2011-08-08T12:51:57","version" => "2.10"},{"date" => "2011-11-27T17:45:15","version" => "2.20"},{"date" => "2012-03-26T19:55:19","version" => "2.30"},{"date" => "2012-06-26T08:16:36","version" => "2.31"},{"date" => "2012-06-30T23:12:23","version" => "2.32"},{"date" => "2012-11-20T08:48:46","version" => "2.33"},{"date" => "2014-08-04T20:00:26","version" => "2.34"},{"date" => "2016-10-12T08:56:56","version" => "2.400"},{"date" => "2016-10-14T21:27:13","version" => "2.401"}]},"App-Github-Email" => {"advisories" => [{"affected_versions" => ["<0.3.3"],"cves" => ["CVE-2015-7686"],"description" => "Insecure dependency on Email::Address.\n","distribution" => "App-Github-Email","fixed_versions" => [">=0.3.3"],"id" => "CPANSA-App-Github-Email-2018-01","references" => ["https://metacpan.org/changes/distribution/App-Github-Email","https://github.com/faraco/App-Github-Email/commit/b7f052280d1c8ae97bdefc106ca3cbba4aea7213"],"reported" => "2018-01-20"}],"main_module" => "App::Github::Email","versions" => [{"date" => "2017-01-16T08:03:02","version" => "0.0.1"},{"date" => "2017-01-16T12:56:51","version" => "0.0.2"},{"date" => "2017-01-16T17:38:16","version" => "0.0.3"},{"date" => "2017-03-11T10:45:23","version" => "0.0.4"},{"date" => "2017-04-05T11:19:02","version" => "0.0.5"},{"date" => "2017-04-15T17:35:18","version" => "0.0.6"},{"date" => "2017-05-19T05:05:24","version" => "0.0.7"},{"date" => "2017-12-18T14:11:19","version" => "0.1.0"},{"date" => "2017-12-21T08:24:12","version" => "0.1.1"},{"date" => "2018-01-15T03:18:05","version" => "0.2.0"},{"date" => "2018-01-20T12:55:34","version" => "0.2.1"},{"date" => "2018-08-30T16:07:18","version" => "0.3.1"},{"date" => "2018-08-30T16:13:54","version" => "0.3.2"},{"date" => "2018-08-31T03:49:31","version" => "0.3.3"}]},"App-Netdisco" => {"advisories" => [{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.001000_001,<=2.007000_001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.007000_002,<=2.055001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=2.028008,<=2.052002"],"cves" => ["CVE-2022-24785"],"description" => "Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.\n","distribution" => "App-Netdisco","fixed_versions" => [],"id" => "CPANSA-App-Netdisco-2022-24785-momentjs","references" => ["https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5","https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4","https://www.tenable.com/security/tns-2022-09","https://security.netapp.com/advisory/ntap-20220513-0006/"],"reported" => "2022-04-04","severity" => "high"}],"main_module" => "App::Netdisco","versions" => [{"date" => "2012-12-20T21:16:29","version" => "2.00_011"},{"date" => "2012-12-21T08:21:35","version" => "2.00_012"},{"date" => "2013-01-05T16:14:21","version" => "2.00_012"},{"date" => "2013-01-06T01:16:03","version" => "2.00_012"},{"date" => "2013-01-06T02:03:22","version" => "2.00_012"},{"date" => "2013-01-14T22:16:29","version" => "2.00_012"},{"date" => "2013-01-30T13:23:14","version" => "2.004002"},{"date" => "2013-02-09T22:37:41","version" => "2.005000_001"},{"date" => "2013-02-10T21:39:04","version" => "2.005000_001"},{"date" => "2013-03-05T23:03:41","version" => "2.005000_003"},{"date" => "2013-03-05T23:21:44","version" => "2.005000_004"},{"date" => "2013-03-07T21:52:05","version" => "2.006000"},{"date" => "2013-03-17T14:50:06","version" => "2.007000_001"},{"date" => "2013-06-03T19:54:38","version" => "2.007000_002"},{"date" => "2013-06-08T20:22:28","version" => "2.007000_003"},{"date" => "2013-06-09T10:31:46","version" => "2.007000_004"},{"date" => "2013-06-09T13:10:45","version" => "2.007000_005"},{"date" => "2013-06-09T14:45:42","version" => "2.008000"},{"date" => "2013-06-11T12:39:12","version" => "2.008001"},{"date" => "2013-06-11T21:55:59","version" => "2.008002"},{"date" => "2013-06-16T17:29:20","version" => "2.009000_001"},{"date" => "2013-06-17T07:18:07","version" => "2.010000"},{"date" => "2013-06-17T22:10:21","version" => "2.010001_001"},{"date" => "2013-06-20T12:55:28","version" => "2.010001_002"},{"date" => "2013-06-20T12:58:16","version" => "2.010001_003"},{"date" => "2013-07-23T23:02:00","version" => "2.010002"},{"date" => "2013-07-24T22:50:05","version" => "2.010004"},{"date" => "2013-07-29T07:04:27","version" => "2.011000"},{"date" => "2013-08-06T17:37:28","version" => "2.012000"},{"date" => "2013-08-06T17:42:25","version" => "2.012001"},{"date" => "2013-08-07T09:06:31","version" => "2.012002"},{"date" => "2013-08-16T16:28:13","version" => "2.012003_001"},{"date" => "2013-08-16T16:48:37","version" => "2.012004"},{"date" => "2013-08-16T16:51:08","version" => "2.012005"},{"date" => "2013-08-23T05:52:12","version" => "2.012006"},{"date" => "2013-08-23T10:29:04","version" => "2.013000"},{"date" => "2013-08-23T11:34:38","version" => "2.013001"},{"date" => "2013-08-26T21:44:14","version" => "2.014000"},{"date" => "2013-09-05T23:57:20","version" => "2.015000"},{"date" => "2013-09-10T22:33:43","version" => "2.016000"},{"date" => "2013-09-11T21:38:31","version" => "2.016001"},{"date" => "2013-09-11T22:15:54","version" => "2.016002"},{"date" => "2013-09-12T07:28:46","version" => "2.016003"},{"date" => "2013-09-23T19:49:48","version" => "2.017000"},{"date" => "2013-10-06T22:38:36","version" => "2.017001_001"},{"date" => "2013-10-07T20:55:41","version" => "2.017001_002"},{"date" => "2013-10-07T22:36:36","version" => "2.017001_003"},{"date" => "2013-10-08T10:28:21","version" => "2.018000"},{"date" => "2013-10-16T22:57:00","version" => "2.018000_001"},{"date" => "2013-10-22T12:44:58","version" => "2.018000_002"},{"date" => "2013-10-22T13:19:30","version" => "2.019000"},{"date" => "2013-10-22T14:41:32","version" => "2.019001"},{"date" => "2013-10-24T04:57:13","version" => "2.019002"},{"date" => "2013-10-27T03:07:39","version" => "2.019003"},{"date" => "2013-12-08T19:46:22","version" => "2.020000"},{"date" => "2013-12-08T21:49:04","version" => "2.020001"},{"date" => "2013-12-11T15:59:18","version" => "2.020002"},{"date" => "2013-12-29T21:34:57","version" => "2.020003_001"},{"date" => "2014-01-01T23:33:18","version" => "2.020003_002"},{"date" => "2014-01-06T20:49:38","version" => "2.020003_003"},{"date" => "2014-01-12T17:36:59","version" => "2.021000"},{"date" => "2014-01-13T00:42:23","version" => "2.021000_001"},{"date" => "2014-01-13T14:02:33","version" => "2.021000_002"},{"date" => "2014-01-13T18:50:36","version" => "2.021000_004"},{"date" => "2014-01-26T13:49:10","version" => "2.022000"},{"date" => "2014-02-10T21:24:32","version" => "2.023000"},{"date" => "2014-02-14T19:41:51","version" => "2.023001"},{"date" => "2014-02-17T13:23:06","version" => "2.023002"},{"date" => "2014-02-22T19:18:19","version" => "2.024000"},{"date" => "2014-02-25T22:36:15","version" => "2.024001"},{"date" => "2014-02-27T17:39:32","version" => "2.024002"},{"date" => "2014-02-27T17:52:08","version" => "2.024003"},{"date" => "2014-03-02T23:30:02","version" => "2.024003_001"},{"date" => "2014-03-04T22:23:50","version" => "2.024004"},{"date" => "2014-03-28T07:32:33","version" => "2.025000_001"},{"date" => "2014-04-08T18:51:46","version" => "2.025001"},{"date" => "2014-04-10T20:17:35","version" => "2.026000"},{"date" => "2014-04-17T06:01:16","version" => "2.026001_001"},{"date" => "2014-04-18T22:35:47","version" => "2.026001_002"},{"date" => "2014-04-20T22:48:43","version" => "2.026001_003"},{"date" => "2014-04-28T21:01:11","version" => "2.026001_004"},{"date" => "2014-05-03T07:27:54","version" => "2.027001"},{"date" => "2014-05-04T09:01:14","version" => "2.027002"},{"date" => "2014-05-15T07:12:35","version" => "2.027003"},{"date" => "2014-05-15T15:55:07","version" => "2.027004"},{"date" => "2014-05-21T20:21:35","version" => "2.027005_001"},{"date" => "2014-05-27T06:05:59","version" => "2.027006"},{"date" => "2014-05-27T09:45:15","version" => "2.027007"},{"date" => "2014-06-23T12:59:01","version" => "2.027008_001"},{"date" => "2014-07-02T08:20:20","version" => "2.028000"},{"date" => "2014-07-13T17:55:04","version" => "2.028001"},{"date" => "2014-07-13T20:59:54","version" => "2.028002_001"},{"date" => "2014-07-15T16:10:41","version" => "2.028003"},{"date" => "2014-07-16T07:05:29","version" => "2.028004"},{"date" => "2014-07-17T13:25:34","version" => "2.028005"},{"date" => "2014-07-21T08:09:06","version" => "2.028006"},{"date" => "2014-07-22T07:01:44","version" => "2.028008"},{"date" => "2014-07-22T21:40:24","version" => "2.028010"},{"date" => "2014-07-22T21:49:10","version" => "2.028011"},{"date" => "2014-07-22T22:21:11","version" => "2.028012"},{"date" => "2014-07-30T23:57:34","version" => "2.028013"},{"date" => "2014-08-08T06:35:55","version" => "2.029000_001"},{"date" => "2014-08-08T21:43:46","version" => "2.029000_002"},{"date" => "2014-08-10T20:21:10","version" => "2.029001"},{"date" => "2014-08-10T20:37:39","version" => "2.029002"},{"date" => "2014-08-11T15:14:59","version" => "2.029003"},{"date" => "2014-08-11T21:04:08","version" => "2.029004"},{"date" => "2014-08-13T10:48:53","version" => "2.029005"},{"date" => "2014-08-25T16:24:00","version" => "2.029006"},{"date" => "2014-09-12T13:09:36","version" => "2.029007"},{"date" => "2014-09-23T19:32:12","version" => "2.029008"},{"date" => "2014-09-27T10:37:24","version" => "2.029009"},{"date" => "2014-10-07T07:39:18","version" => "2.029010"},{"date" => "2014-10-07T17:50:07","version" => "2.029011"},{"date" => "2014-10-09T16:01:27","version" => "2.029012"},{"date" => "2014-11-14T00:16:10","version" => "2.029013_001"},{"date" => "2014-11-14T23:58:24","version" => "2.029013_002"},{"date" => "2014-11-20T08:04:38","version" => "2.029014"},{"date" => "2015-01-08T11:10:55","version" => "2.030000"},{"date" => "2015-02-04T15:28:08","version" => "2.031000"},{"date" => "2015-02-04T18:45:47","version" => "2.031001"},{"date" => "2015-02-04T19:01:00","version" => "2.031002"},{"date" => "2015-02-04T22:47:46","version" => "2.031003"},{"date" => "2015-02-05T14:19:47","version" => "2.031004"},{"date" => "2015-02-06T10:20:08","version" => "2.031005"},{"date" => "2015-02-15T15:40:46","version" => "2.031006"},{"date" => "2015-02-19T08:51:44","version" => "2.031007"},{"date" => "2015-02-22T09:43:23","version" => "2.031008"},{"date" => "2015-02-25T21:21:31","version" => "2.031009"},{"date" => "2015-02-25T22:12:31","version" => "2.031010"},{"date" => "2015-02-27T08:35:31","version" => "2.031011"},{"date" => "2015-02-28T11:59:22","version" => "2.031012"},{"date" => "2015-03-07T17:12:38","version" => "2.032000_001"},{"date" => "2015-03-24T22:46:31","version" => "2.032001"},{"date" => "2015-04-03T19:21:56","version" => "2.032002"},{"date" => "2015-05-05T19:42:05","version" => "2.032003"},{"date" => "2015-05-17T21:09:24","version" => "2.032004"},{"date" => "2015-05-18T09:25:35","version" => "2.032005"},{"date" => "2015-07-19T11:40:08","version" => "2.032006"},{"date" => "2015-07-30T16:33:06","version" => "2.032007"},{"date" => "2015-08-26T11:27:02","version" => "2.033000"},{"date" => "2015-08-27T14:50:17","version" => "2.033001"},{"date" => "2015-09-29T08:56:31","version" => "2.033002"},{"date" => "2015-10-13T21:37:21","version" => "2.033003"},{"date" => "2015-11-16T21:41:13","version" => "2.033004"},{"date" => "2016-02-02T09:11:15","version" => "2.033005"},{"date" => "2016-03-20T13:17:57","version" => "2.033005"},{"date" => "2016-10-03T15:58:17","version" => "2.034000"},{"date" => "2016-11-20T17:51:25","version" => "2.034001"},{"date" => "2017-01-06T14:35:56","version" => "2.034002"},{"date" => "2017-04-19T20:59:13","version" => "2.035000"},{"date" => "2017-04-19T21:18:39","version" => "2.035001"},{"date" => "2017-04-24T11:50:12","version" => "2.035002"},{"date" => "2017-04-24T13:44:38","version" => "2.035003"},{"date" => "2017-04-25T09:54:37","version" => "2.035004"},{"date" => "2017-04-29T08:13:48","version" => "2.035005"},{"date" => "2017-04-29T08:31:09","version" => "2.035006"},{"date" => "2017-05-17T06:44:07","version" => "2.035999_001"},{"date" => "2017-05-27T14:50:21","version" => "2.035999_002"},{"date" => "2017-05-29T16:22:27","version" => "2.035999_003"},{"date" => "2017-05-30T10:40:20","version" => "2.035999_004"},{"date" => "2017-05-30T11:05:45","version" => "2.035999_005"},{"date" => "2017-05-30T15:03:49","version" => "2.035999_006"},{"date" => "2017-05-30T20:27:22","version" => "2.035999_007"},{"date" => "2017-06-13T06:23:11","version" => "2.035999_008"},{"date" => "2017-06-18T22:37:11","version" => "2.035999_009"},{"date" => "2017-06-19T17:50:27","version" => "2.035999_010"},{"date" => "2017-06-22T07:36:42","version" => "2.036000"},{"date" => "2017-06-22T11:25:23","version" => "2.036001"},{"date" => "2017-06-26T18:58:33","version" => "2.036002"},{"date" => "2017-06-28T15:44:41","version" => "2.036003"},{"date" => "2017-07-02T08:56:33","version" => "2.036004"},{"date" => "2017-07-05T05:07:47","version" => "2.036005"},{"date" => "2017-07-09T13:28:10","version" => "2.036006"},{"date" => "2017-07-12T06:01:03","version" => "2.036007"},{"date" => "2017-07-14T12:52:34","version" => "2.036008"},{"date" => "2017-08-01T09:30:17","version" => "2.036009"},{"date" => "2017-10-08T13:22:48","version" => "2.036010"},{"date" => "2017-10-09T07:01:31","version" => "2.036011"},{"date" => "2017-10-11T17:33:31","version" => "2.036012_001"},{"date" => "2017-11-19T13:49:04","version" => "2.036012_002"},{"date" => "2017-11-28T21:49:40","version" => "2.036012_003"},{"date" => "2017-12-14T21:49:14","version" => "2.037000"},{"date" => "2017-12-14T21:57:42","version" => "2.037001"},{"date" => "2017-12-17T20:22:25","version" => "2.037002"},{"date" => "2017-12-18T17:35:24","version" => "2.037003"},{"date" => "2017-12-21T20:06:32","version" => "2.037004"},{"date" => "2017-12-22T23:46:44","version" => "2.037005"},{"date" => "2017-12-31T09:54:24","version" => "2.038000"},{"date" => "2018-01-02T13:10:42","version" => "2.038001"},{"date" => "2018-01-02T22:07:51","version" => "2.038002_001"},{"date" => "2018-01-04T20:21:13","version" => "2.038002_002"},{"date" => "2018-01-04T22:38:07","version" => "2.038002_003"},{"date" => "2018-01-04T22:53:29","version" => "2.038003"},{"date" => "2018-01-05T17:43:24","version" => "2.038004"},{"date" => "2018-01-05T20:22:23","version" => "2.038005"},{"date" => "2018-01-08T14:14:33","version" => "2.038006"},{"date" => "2018-01-09T09:57:13","version" => "2.038007"},{"date" => "2018-01-09T15:38:57","version" => "2.038008"},{"date" => "2018-01-10T01:16:32","version" => "2.038009"},{"date" => "2018-01-15T11:34:50","version" => "2.038028"},{"date" => "2018-01-23T22:56:08","version" => "2.038031"},{"date" => "2018-01-28T20:04:09","version" => "2.038032"},{"date" => "2018-01-31T15:06:37","version" => "2.038033"},{"date" => "2018-01-31T20:00:58","version" => "2.038034"},{"date" => "2018-02-02T14:54:43","version" => "2.039000"},{"date" => "2018-02-02T18:35:11","version" => "2.039001"},{"date" => "2018-02-07T23:03:50","version" => "2.039002"},{"date" => "2018-02-12T21:11:07","version" => "2.039003"},{"date" => "2018-02-15T08:29:55","version" => "2.039004"},{"date" => "2018-02-15T19:55:25","version" => "2.039005"},{"date" => "2018-02-15T20:17:31","version" => "2.039006"},{"date" => "2018-02-16T08:23:49","version" => "2.039007"},{"date" => "2018-02-22T22:06:19","version" => "2.039008"},{"date" => "2018-02-22T22:23:38","version" => "2.039009"},{"date" => "2018-02-22T22:52:04","version" => "2.039010"},{"date" => "2018-02-25T09:28:46","version" => "2.039011"},{"date" => "2018-03-02T13:12:05","version" => "2.039012"},{"date" => "2018-03-02T14:18:44","version" => "2.039013"},{"date" => "2018-03-04T09:58:06","version" => "2.039014"},{"date" => "2018-03-05T23:01:48","version" => "2.039015"},{"date" => "2018-03-19T23:12:52","version" => "2.039016"},{"date" => "2018-03-20T10:12:42","version" => "2.039017"},{"date" => "2018-03-22T21:46:51","version" => "2.039018"},{"date" => "2018-03-23T09:55:03","version" => "2.039019"},{"date" => "2018-03-26T21:59:24","version" => "2.039020"},{"date" => "2018-04-10T20:47:57","version" => "2.039021"},{"date" => "2018-04-18T21:24:35","version" => "2.039022"},{"date" => "2018-04-19T07:27:07","version" => "2.039023"},{"date" => "2018-04-22T17:54:24","version" => "2.039024"},{"date" => "2018-04-27T12:27:18","version" => "2.039025"},{"date" => "2018-04-28T12:11:41","version" => "2.039026"},{"date" => "2018-04-28T21:16:54","version" => "2.039027"},{"date" => "2018-05-05T15:29:52","version" => "2.039028"},{"date" => "2018-05-09T05:55:14","version" => "2.039029"},{"date" => "2018-05-09T06:00:13","version" => "2.039030"},{"date" => "2018-06-17T20:58:47","version" => "2.039031"},{"date" => "2018-10-19T14:38:26","version" => "2.039032"},{"date" => "2018-10-19T20:36:53","version" => "2.039033"},{"date" => "2018-12-28T17:07:03","version" => "2.040000"},{"date" => "2018-12-30T10:53:04","version" => "2.040001"},{"date" => "2018-12-30T10:59:07","version" => "2.040002"},{"date" => "2019-01-18T07:10:03","version" => "2.040003"},{"date" => "2019-03-03T14:56:07","version" => "2.040004"},{"date" => "2019-03-04T10:02:25","version" => "2.040005"},{"date" => "2019-03-04T12:04:34","version" => "2.040006"},{"date" => "2019-03-06T18:44:33","version" => "2.040007"},{"date" => "2019-03-12T19:59:49","version" => "2.041000"},{"date" => "2019-03-15T05:34:08","version" => "2.041001"},{"date" => "2019-03-17T09:37:27","version" => "2.041002"},{"date" => "2019-03-17T20:32:01","version" => "2.042000"},{"date" => "2019-03-18T21:28:43","version" => "2.042001"},{"date" => "2019-03-20T12:26:14","version" => "2.042002"},{"date" => "2019-03-21T16:19:51","version" => "2.042003"},{"date" => "2019-03-28T23:00:19","version" => "2.042004"},{"date" => "2019-04-03T13:56:55","version" => "2.042005"},{"date" => "2019-04-16T16:48:15","version" => "2.042006"},{"date" => "2019-04-28T19:57:19","version" => "2.042007"},{"date" => "2019-04-30T10:51:06","version" => "2.042008"},{"date" => "2019-05-30T06:13:10","version" => "2.042009"},{"date" => "2019-06-02T06:55:13","version" => "2.042010"},{"date" => "2019-09-03T19:27:26","version" => "2.043000"},{"date" => "2019-09-04T12:36:05","version" => "2.043001"},{"date" => "2019-09-23T13:58:04","version" => "2.044000"},{"date" => "2019-09-26T14:01:50","version" => "2.044001"},{"date" => "2019-10-01T09:43:52","version" => "2.044002"},{"date" => "2019-10-15T17:57:05","version" => "2.044003"},{"date" => "2019-10-30T19:52:42","version" => "2.044004"},{"date" => "2020-01-19T15:31:55","version" => "2.044005"},{"date" => "2020-01-22T21:20:09","version" => "2.044006"},{"date" => "2020-01-22T21:25:34","version" => "2.044007"},{"date" => "2020-01-23T18:44:49","version" => "2.044008"},{"date" => "2020-01-23T18:48:48","version" => "2.044009"},{"date" => "2020-01-25T18:09:41","version" => "2.044010"},{"date" => "2020-01-26T21:46:22","version" => "2.044011"},{"date" => "2020-02-01T13:27:10","version" => "2.044012"},{"date" => "2020-02-04T21:35:18","version" => "2.044013"},{"date" => "2020-02-09T10:03:07","version" => "2.044014"},{"date" => "2020-02-12T16:56:14","version" => "2.044015"},{"date" => "2020-04-15T20:25:36","version" => "2.045000"},{"date" => "2020-04-18T08:50:13","version" => "2.045001"},{"date" => "2020-04-19T17:03:54","version" => "2.045002"},{"date" => "2020-05-15T11:02:33","version" => "2.045003"},{"date" => "2020-05-18T11:34:20","version" => "2.045005"},{"date" => "2020-05-24T18:43:31","version" => "2.045006"},{"date" => "2020-06-05T08:11:31","version" => "2.045007"},{"date" => "2020-07-08T21:29:53","version" => "2.046000"},{"date" => "2020-07-10T21:30:48","version" => "2.046001"},{"date" => "2020-08-07T10:02:15","version" => "2.046002"},{"date" => "2020-10-17T12:15:43","version" => "2.046003"},{"date" => "2020-10-17T13:29:56","version" => "2.046004"},{"date" => "2020-10-17T13:40:12","version" => "2.046005"},{"date" => "2020-10-31T11:15:17","version" => "2.046006"},{"date" => "2020-12-23T11:58:41","version" => "2.047000"},{"date" => "2020-12-29T13:08:42","version" => "2.047001"},{"date" => "2020-12-30T20:42:02","version" => "2.047002"},{"date" => "2021-02-14T14:05:50","version" => "2.047003"},{"date" => "2021-02-15T22:13:51","version" => "2.047004"},{"date" => "2021-02-24T10:48:16","version" => "2.047005"},{"date" => "2021-07-14T11:34:50","version" => "2.047006"},{"date" => "2021-07-14T12:15:22","version" => "2.047007"},{"date" => "2021-07-21T08:54:04","version" => "2.047008"},{"date" => "2021-08-14T12:38:48","version" => "2.048000"},{"date" => "2021-08-22T13:29:25","version" => "2.049000"},{"date" => "2021-08-22T19:32:21","version" => "2.049001"},{"date" => "2021-09-03T05:26:59","version" => "2.049002"},{"date" => "2021-09-03T07:11:01","version" => "2.049003"},{"date" => "2021-09-03T20:36:58","version" => "2.049004"},{"date" => "2021-09-09T07:52:58","version" => "2.049005"},{"date" => "2021-10-03T07:55:21","version" => "2.049006"},{"date" => "2021-10-05T16:38:38","version" => "2.049007"},{"date" => "2021-10-06T15:53:00","version" => "2.049008"},{"date" => "2021-10-06T21:33:32","version" => "2.049009"},{"date" => "2021-10-11T20:34:00","version" => "2.049010"},{"date" => "2021-10-12T07:43:57","version" => "2.049011"},{"date" => "2021-10-12T12:28:03","version" => "2.050000"},{"date" => "2021-10-12T14:28:01","version" => "2.050001"},{"date" => "2021-10-19T08:13:11","version" => "2.050003"},{"date" => "2021-11-14T19:39:02","version" => "2.051001"},{"date" => "2021-11-23T16:10:12","version" => "2.051002"},{"date" => "2021-11-24T13:15:54","version" => "2.051003"},{"date" => "2021-11-25T11:53:35","version" => "2.051004"},{"date" => "2021-11-25T20:20:22","version" => "2.051005"},{"date" => "2021-11-30T05:19:10","version" => "2.052000"},{"date" => "2022-02-01T20:51:26","version" => "2.052001"},{"date" => "2022-02-28T18:14:51","version" => "2.052002"},{"date" => "2022-04-13T19:12:04","version" => "2.052003"},{"date" => "2022-04-22T08:58:41","version" => "2.052005"},{"date" => "2022-05-17T21:06:21","version" => "2.052006"},{"date" => "2022-06-03T21:24:35","version" => "2.052007"},{"date" => "2022-07-12T08:18:54","version" => "2.052008"},{"date" => "2022-07-26T21:00:56","version" => "2.052009"},{"date" => "2022-07-27T21:54:42","version" => "2.052010"},{"date" => "2022-08-01T16:54:16","version" => "2.052011"},{"date" => "2022-08-02T16:05:09","version" => "2.052012"},{"date" => "2022-08-02T20:51:15","version" => "2.053000"},{"date" => "2022-08-02T21:21:25","version" => "2.053001"},{"date" => "2022-08-03T17:05:56","version" => "2.053002"},{"date" => "2022-08-03T21:05:28","version" => "2.053003"},{"date" => "2022-08-04T22:02:30","version" => "2.053004"},{"date" => "2022-08-04T22:11:32","version" => "2.053005"},{"date" => "2022-08-07T22:32:50","version" => "2.053006"},{"date" => "2022-08-09T09:32:35","version" => "2.053007"},{"date" => "2022-08-15T12:46:43","version" => "2.054000"},{"date" => "2022-08-17T10:15:23","version" => "2.055000"},{"date" => "2022-09-02T08:05:05","version" => "2.055001"},{"date" => "2022-09-24T19:09:03","version" => "2.056000"},{"date" => "2022-09-24T19:09:14","version" => "2.057000"},{"date" => "2022-09-24T19:09:26","version" => "2.057001"},{"date" => "2022-09-24T21:42:34","version" => "2.057002"},{"date" => "2022-09-27T15:34:42","version" => "2.057004"},{"date" => "2022-09-28T14:20:19","version" => "2.057005"},{"date" => "2022-09-30T21:07:39","version" => "2.057006"},{"date" => "2022-10-04T12:22:31","version" => "2.057007"},{"date" => "2022-10-18T12:00:41","version" => "2.057008"},{"date" => "2022-11-04T10:29:49","version" => "2.058000"},{"date" => "2022-11-04T15:42:53","version" => "2.058001"},{"date" => "2022-11-04T15:54:41","version" => "2.058003"},{"date" => "2022-11-25T15:29:29","version" => "2.059000"},{"date" => "2022-11-26T20:37:56","version" => "2.059001"},{"date" => "2022-12-09T10:32:14","version" => "2.060000"},{"date" => "2022-12-11T16:58:49","version" => "2.060001"},{"date" => "2022-12-13T15:34:56","version" => "2.060002"},{"date" => "2022-12-14T16:55:04","version" => "2.060003"},{"date" => "2023-01-11T15:14:43","version" => "2.060004"},{"date" => "2023-02-21T14:22:36","version" => "2.060005"},{"date" => "2023-03-03T15:43:58","version" => "2.060007"},{"date" => "2023-03-08T17:21:35","version" => "2.060008"},{"date" => "2023-03-10T18:09:47","version" => "2.060009"},{"date" => "2023-03-10T18:12:29","version" => "2.060010"},{"date" => "2023-03-29T10:43:01","version" => "2.061000"},{"date" => "2023-04-27T15:33:52","version" => "2.061001"},{"date" => "2023-05-30T08:58:07","version" => "2.062000"},{"date" => "2023-06-05T17:02:14","version" => "2.062001"},{"date" => "2023-06-06T06:07:49","version" => "2.062002"},{"date" => "2023-06-20T09:11:03","version" => "2.062003"},{"date" => "2023-06-26T17:00:40","version" => "2.062004"},{"date" => "2023-06-26T18:35:55","version" => "2.062005"},{"date" => "2023-06-28T09:03:56","version" => "2.063000"},{"date" => "2023-06-28T16:06:44","version" => "2.063001"},{"date" => "2023-07-14T21:25:14","version" => "2.063002"},{"date" => "2023-07-15T10:11:43","version" => "2.063004"},{"date" => "2023-07-22T09:17:38","version" => "2.064000"},{"date" => "2023-07-25T12:03:07","version" => "2.064001"},{"date" => "2023-08-13T15:06:31","version" => "2.065000"},{"date" => "2023-08-13T18:47:39","version" => "2.065001"},{"date" => "2023-09-03T08:12:02","version" => "2.065002"},{"date" => "2023-09-19T18:11:32","version" => "2.066000"},{"date" => "2023-09-27T13:20:00","version" => "2.067001"},{"date" => "2023-09-27T13:27:43","version" => "2.067002"},{"date" => "2023-10-27T14:38:37","version" => "2.068000"},{"date" => "2023-11-01T21:58:28","version" => "2.068001"},{"date" => "2023-11-12T07:36:25","version" => "2.069000"},{"date" => "2023-11-14T19:10:46","version" => "2.070000"},{"date" => "2023-11-15T11:29:20","version" => "2.070001"},{"date" => "2023-11-21T16:01:49","version" => "2.070002"},{"date" => "2023-11-24T20:50:38","version" => "2.070003"},{"date" => "2023-12-07T08:00:38","version" => "2.071000"},{"date" => "2023-12-07T15:51:30","version" => "2.071001"},{"date" => "2024-01-06T14:13:03","version" => "2.071002"},{"date" => "2024-01-10T20:49:02","version" => "2.071003"},{"date" => "2024-01-14T16:49:02","version" => "2.072000"},{"date" => "2024-01-15T20:04:01","version" => "2.072001"},{"date" => "2024-01-21T11:04:41","version" => "2.072002"},{"date" => "2024-02-14T21:31:03","version" => "2.072003"},{"date" => "2024-03-13T15:45:46","version" => "2.073000"},{"date" => "2024-03-13T16:54:38","version" => "2.073001"},{"date" => "2024-03-19T09:53:20","version" => "2.074000"},{"date" => "2024-03-19T17:08:31","version" => "2.074001"},{"date" => "2024-04-08T18:12:37","version" => "2.075000"},{"date" => "2024-04-09T10:16:31","version" => "2.075001"},{"date" => "2024-04-10T10:43:31","version" => "2.075002"},{"date" => "2024-04-12T10:31:45","version" => "2.075003"},{"date" => "2024-04-22T16:27:19","version" => "2.076000"},{"date" => "2024-04-24T20:20:10","version" => "2.076001"},{"date" => "2024-04-30T16:36:08","version" => "2.076002"},{"date" => "2024-05-03T14:28:39","version" => "2.076004"},{"date" => "2024-05-20T18:19:33","version" => "2.076005"},{"date" => "2024-08-10T18:36:30","version" => "2.076006"},{"date" => "2024-08-15T09:14:32","version" => "2.077000"},{"date" => "2024-08-15T10:17:44","version" => "2.077001"},{"date" => "2024-08-15T10:52:40","version" => "2.077002"},{"date" => "2024-08-15T19:54:33","version" => "2.077003"},{"date" => "2024-08-15T21:20:21","version" => "2.077004"},{"date" => "2024-08-16T00:14:40","version" => "2.077005"},{"date" => "2024-08-18T06:35:14","version" => "2.077006"},{"date" => "2024-08-18T12:19:30","version" => "2.077007"},{"date" => "2024-08-19T06:08:24","version" => "2.077008"},{"date" => "2024-08-19T11:03:29","version" => "2.077009"},{"date" => "2024-08-23T09:20:50","version" => "2.077010"},{"date" => "2024-08-23T10:06:31","version" => "2.077011"},{"date" => "2024-08-27T08:13:19","version" => "2.078000"},{"date" => "2024-09-12T20:31:33","version" => "2.079000"},{"date" => "2024-09-13T12:33:44","version" => "2.079001"},{"date" => "2024-10-29T18:29:18","version" => "2.080000"},{"date" => "2024-10-29T22:40:05","version" => "2.080001"},{"date" => "2024-10-30T10:32:44","version" => "2.080002"},{"date" => "2024-10-30T14:56:55","version" => "2.080003"},{"date" => "2024-12-30T11:04:42","version" => "2.081000"},{"date" => "2024-12-30T22:06:11","version" => "2.081001"},{"date" => "2024-12-31T14:05:40","version" => "2.081002"},{"date" => "2024-12-31T18:13:01","version" => "2.081003"},{"date" => "2025-01-19T11:32:49","version" => "2.081004"},{"date" => "2025-01-29T09:05:34","version" => "2.082000"},{"date" => "2025-01-29T09:05:46","version" => "2.082001"},{"date" => "2025-02-02T21:01:02","version" => "2.082002"},{"date" => "2025-02-04T20:24:13","version" => "2.082003"},{"date" => "2025-02-06T12:37:52","version" => "2.083000"},{"date" => "2025-02-06T13:18:05","version" => "2.083001"},{"date" => "2025-03-05T17:35:07","version" => "2.084000"},{"date" => "2025-03-09T18:50:08","version" => "2.084001"},{"date" => "2025-04-19T14:09:15","version" => "2.084002"},{"date" => "2025-04-26T18:03:12","version" => "2.085000"},{"date" => "2025-05-02T11:38:20","version" => "2.085001"},{"date" => "2025-05-22T04:57:55","version" => "2.085002"},{"date" => "2025-05-24T17:59:36","version" => "2.085003"},{"date" => "2025-06-03T17:29:52","version" => "2.086000"},{"date" => "2025-06-04T16:09:11","version" => "2.086001"},{"date" => "2025-06-18T16:02:11","version" => "2.086002"},{"date" => "2025-06-21T21:19:20","version" => "2.086003"},{"date" => "2025-07-14T06:58:58","version" => "2.087000"},{"date" => "2025-08-20T08:48:08","version" => "2.087001"},{"date" => "2025-08-26T19:48:48","version" => "2.088000"},{"date" => "2025-08-26T20:55:03","version" => "2.088001"},{"date" => "2025-08-31T18:25:51","version" => "2.088002"},{"date" => "2025-09-02T16:27:31","version" => "2.088003"},{"date" => "2025-09-05T14:23:42","version" => "2.088004"},{"date" => "2025-09-07T21:39:05","version" => "2.089000"},{"date" => "2025-09-07T22:24:00","version" => "2.089001"},{"date" => "2025-09-12T08:53:38","version" => "2.089002"},{"date" => "2025-09-21T12:24:20","version" => "2.089003"},{"date" => "2025-09-21T17:24:33","version" => "2.089004"},{"date" => "2025-09-21T19:32:52","version" => "2.090000"},{"date" => "2025-09-25T11:53:09","version" => "2.090001"},{"date" => "2025-09-25T14:07:38","version" => "2.090002"},{"date" => "2025-09-30T18:57:58","version" => "2.091000"},{"date" => "2025-10-09T13:32:39","version" => "2.091001"},{"date" => "2025-10-19T21:09:39","version" => "2.092000"},{"date" => "2025-10-21T13:26:48","version" => "2.092001"},{"date" => "2025-10-22T15:55:40","version" => "2.092002"},{"date" => "2025-10-24T15:11:24","version" => "2.093000"},{"date" => "2025-10-24T15:34:57","version" => "2.093001"},{"date" => "2025-10-25T18:33:51","version" => "2.094000"},{"date" => "2025-10-29T13:02:15","version" => "2.094001"},{"date" => "2025-10-29T21:19:58","version" => "2.094002"},{"date" => "2025-11-03T21:28:10","version" => "2.094003"},{"date" => "2025-11-15T12:44:12","version" => "2.095000"},{"date" => "2025-11-15T17:24:25","version" => "2.095001"},{"date" => "2025-11-16T18:08:46","version" => "2.095002"},{"date" => "2025-11-18T20:13:49","version" => "2.095003"},{"date" => "2025-11-23T19:49:42","version" => "2.095004"},{"date" => "2025-11-30T16:31:48","version" => "2.095005"},{"date" => "2025-11-30T18:18:11","version" => "2.095006"},{"date" => "2025-12-07T20:39:51","version" => "2.096000"},{"date" => "2025-12-13T16:24:36","version" => "2.096001"},{"date" => "2025-12-16T12:26:36","version" => "2.097000"},{"date" => "2026-01-08T22:37:02","version" => "2.097001"},{"date" => "2026-01-09T10:32:45","version" => "2.097002"},{"date" => "2026-02-21T11:16:58","version" => "2.097003"}]},"App-cpanminus" => {"advisories" => [{"affected_versions" => ["<=1.7044"],"cves" => ["CVE-2020-16154"],"description" => "The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.\n","distribution" => "App-cpanminus","fixed_versions" => [">=1.7045"],"id" => "CPANSA-App-cpanminus-2020-01","references" => ["https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/","https://metacpan.org/pod/App::cpanminus","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","https://access.redhat.com/security/cve/cve-2020-16154","https://security-tracker.debian.org/tracker/CVE-2020-16154","https://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html","https://github.com/miyagawa/cpanminus/pull/638"],"reported" => "2020-07-30"},{"affected_versions" => [">0"],"cves" => ["CVE-2024-45321"],"description" => "The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.\n","distribution" => "App-cpanminus","fixed_versions" => [],"id" => "CPANSA-App-cpanminus-2024-45321","references" => ["https://github.com/miyagawa/cpanminus/issues/611","https://github.com/miyagawa/cpanminus/pull/674","https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html"],"reported" => "2024-08-27"}],"main_module" => "App::cpanminus","versions" => [{"date" => "2010-02-20T02:27:00","version" => "0.01"},{"date" => "2010-02-20T03:14:10","version" => "0.02"},{"date" => "2010-02-20T03:39:56","version" => "0.03"},{"date" => "2010-02-20T05:04:01","version" => "0.04"},{"date" => "2010-02-20T05:16:03","version" => "0.05"},{"date" => "2010-02-20T05:48:44","version" => "0.06"},{"date" => "2010-02-20T20:20:08","version" => "0.07"},{"date" => "2010-02-20T23:41:01","version" => "0.08"},{"date" => "2010-02-21T07:48:49","version" => "0.09"},{"date" => "2010-02-23T20:52:46","version" => "0.99_01"},{"date" => "2010-02-24T06:20:33","version" => "0.99_02"},{"date" => "2010-02-24T07:05:47","version" => "0.99_03"},{"date" => "2010-02-25T17:20:05","version" => "0.99_04"},{"date" => "2010-02-25T22:42:22","version" => "0.99_05"},{"date" => "2010-02-25T22:51:43","version" => "0.99_06"},{"date" => "2010-02-28T05:14:30","version" => "0.99_07"},{"date" => "2010-03-01T05:59:15","version" => "0.9910"},{"date" => "2010-03-02T00:29:51","version" => "0.9911"},{"date" => "2010-03-03T02:55:22","version" => "0.9912"},{"date" => "2010-03-03T03:21:59","version" => "0.9913"},{"date" => "2010-03-04T08:42:03","version" => "0.9914"},{"date" => "2010-03-04T09:58:11","version" => "0.9915"},{"date" => "2010-03-04T19:35:22","version" => "0.9916"},{"date" => "2010-03-09T13:58:32","version" => "0.9917"},{"date" => "2010-03-10T02:26:03","version" => "0.9918"},{"date" => "2010-03-10T02:41:31","version" => "0.9919"},{"date" => "2010-03-10T09:49:22","version" => "0.99_20"},{"date" => "2010-03-10T15:03:38","version" => "0.9921"},{"date" => "2010-03-11T02:01:28","version" => "0.9922"},{"date" => "2010-03-16T00:07:01","version" => "0.9923"},{"date" => "2010-03-22T05:05:33","version" => "0.99_24"},{"date" => "2010-03-23T02:54:44","version" => "0.99_25"},{"date" => "2010-03-23T03:24:34","version" => "0.99_26"},{"date" => "2010-03-23T18:24:55","version" => "0.9927"},{"date" => "2010-03-26T05:09:12","version" => "0.9928"},{"date" => "2010-03-27T04:42:41","version" => "0.9929"},{"date" => "2010-03-30T21:29:41","version" => "0.9930"},{"date" => "2010-04-05T01:18:12","version" => "0.9931"},{"date" => "2010-04-05T23:28:11","version" => "0.9932"},{"date" => "2010-04-11T07:51:27","version" => "0.99_33"},{"date" => "2010-04-11T11:55:44","version" => "0.9934"},{"date" => "2010-04-12T11:09:47","version" => "0.999_01"},{"date" => "2010-04-13T07:11:08","version" => "0.999_02"},{"date" => "2010-04-14T09:29:25","version" => "0.999_03"},{"date" => "2010-04-14T09:30:52","version" => "0.9935"},{"date" => "2010-04-19T06:23:01","version" => "0.999_04"},{"date" => "2010-04-21T11:40:46","version" => "0.999_05"},{"date" => "2010-04-21T11:53:47","version" => "0.9936"},{"date" => "2010-04-24T08:23:24","version" => "1.0000"},{"date" => "2010-04-24T08:26:40","version" => "1.0001"},{"date" => "2010-05-02T03:51:09","version" => "1.0002"},{"date" => "2010-05-04T23:16:18","version" => "1.0003"},{"date" => "2010-05-14T23:10:54","version" => "1.0004"},{"date" => "2010-07-02T23:39:32","version" => "1.0005"},{"date" => "2010-07-02T23:54:14","version" => "1.0006"},{"date" => "2010-07-30T19:55:47","version" => "1.0010"},{"date" => "2010-08-18T23:42:36","version" => "1.0011"},{"date" => "2010-08-20T19:58:19","version" => "1.0012"},{"date" => "2010-09-12T19:54:17","version" => "1.0013"},{"date" => "2010-09-21T19:43:20","version" => "1.0014"},{"date" => "2010-09-24T23:52:00","version" => "1.0015"},{"date" => "2010-11-12T07:57:33","version" => "1.1000"},{"date" => "2010-11-12T20:37:49","version" => "1.1001"},{"date" => "2010-11-17T02:28:44","version" => "1.1002"},{"date" => "2010-11-25T09:18:34","version" => "1.1003"},{"date" => "2010-11-30T18:07:12","version" => "1.1004"},{"date" => "2010-12-14T23:08:40","version" => "1.1005"},{"date" => "2010-12-16T19:32:01","version" => "1.1006"},{"date" => "2011-01-18T17:40:16","version" => "1.1007"},{"date" => "2011-01-18T20:54:34","version" => "1.19_01"},{"date" => "2011-01-18T22:11:52","version" => "1.19_02"},{"date" => "2011-01-26T22:08:11","version" => "1.1008"},{"date" => "2011-02-16T18:11:52","version" => "1.2000"},{"date" => "2011-02-16T18:55:46","version" => "1.2001"},{"date" => "2011-03-01T02:59:25","version" => "1.29_01"},{"date" => "2011-03-02T00:09:00","version" => "1.29_02"},{"date" => "2011-03-02T22:41:40","version" => "1.3000"},{"date" => "2011-03-04T02:35:03","version" => "1.3001"},{"date" => "2011-03-04T03:54:53","version" => "1.30_02"},{"date" => "2011-03-04T08:32:56","version" => "1.30_03"},{"date" => "2011-03-04T08:53:22","version" => "1.30_04"},{"date" => "2011-03-04T09:41:34","version" => "1.30_05"},{"date" => "2011-03-04T22:57:43","version" => "1.30_06"},{"date" => "2011-03-04T23:20:45","version" => "1.30_07"},{"date" => "2011-03-05T00:07:44","version" => "1.30_08"},{"date" => "2011-03-05T02:16:54","version" => "1.30_09"},{"date" => "2011-03-05T22:57:38","version" => "1.30_10"},{"date" => "2011-03-06T09:37:36","version" => "1.30_11"},{"date" => "2011-03-07T03:00:09","version" => "1.30_12"},{"date" => "2011-03-07T18:54:03","version" => "1.30_13"},{"date" => "2011-03-08T09:11:33","version" => "1.4000"},{"date" => "2011-03-08T18:11:57","version" => "1.4001"},{"date" => "2011-03-09T01:57:18","version" => "1.4002"},{"date" => "2011-03-10T02:15:19","version" => "1.4003"},{"date" => "2011-03-10T18:09:34","version" => "1.4004"},{"date" => "2011-05-11T19:49:38","version" => "1.4005"},{"date" => "2011-05-16T17:17:29","version" => "1.4006"},{"date" => "2011-05-17T17:54:45","version" => "1.4007"},{"date" => "2011-06-16T01:00:00","version" => "1.4008"},{"date" => "2011-06-26T17:59:17","version" => "1.49_01"},{"date" => "2011-10-12T09:57:03","version" => "1.49_02"},{"date" => "2011-10-13T06:40:49","version" => "1.5000"},{"date" => "2011-10-13T15:21:16","version" => "1.5001"},{"date" => "2011-10-18T00:13:36","version" => "1.5002"},{"date" => "2011-10-19T07:31:10","version" => "1.5003"},{"date" => "2011-11-08T22:29:31","version" => "1.5004"},{"date" => "2011-11-22T21:31:21","version" => "1.5005"},{"date" => "2011-11-29T19:49:42","version" => "1.5006"},{"date" => "2011-12-20T18:18:50","version" => "1.5007"},{"date" => "2012-03-18T01:23:40","version" => "1.5008"},{"date" => "2012-03-30T16:45:43","version" => "1.5009"},{"date" => "2012-03-31T11:01:47","version" => "1.5010"},{"date" => "2012-04-12T09:59:39","version" => "1.5011"},{"date" => "2012-05-11T03:50:22","version" => "1.5012"},{"date" => "2012-05-12T03:18:19","version" => "1.5013"},{"date" => "2012-06-13T01:34:12","version" => "1.5014"},{"date" => "2012-06-24T22:37:49","version" => "1.5015"},{"date" => "2012-07-17T19:02:48","version" => "1.5016"},{"date" => "2012-07-18T15:41:26","version" => "1.5017"},{"date" => "2012-09-19T05:42:19","version" => "1.5018"},{"date" => "2012-12-22T17:22:02","version" => "1.5019"},{"date" => "2013-01-29T18:32:26","version" => "1.5020"},{"date" => "2013-01-31T08:45:31","version" => "1.5021"},{"date" => "2013-01-31T18:07:46","version" => "1.59_01"},{"date" => "2013-02-01T03:12:10","version" => "1.59_02"},{"date" => "2013-02-01T18:54:58","version" => "1.59_03"},{"date" => "2013-02-03T17:07:16","version" => "1.59_04"},{"date" => "2013-02-04T19:52:48","version" => "1.59_05"},{"date" => "2013-02-05T20:40:30","version" => "1.59_06"},{"date" => "2013-02-06T19:17:51","version" => "1.59_07"},{"date" => "2013-02-06T19:32:27","version" => "1.59_08"},{"date" => "2013-02-07T09:59:04","version" => "1.59_09"},{"date" => "2013-02-08T00:29:16","version" => "1.59_10"},{"date" => "2013-02-11T22:12:12","version" => "1.59_11"},{"date" => "2013-02-14T02:15:12","version" => "1.59_12"},{"date" => "2013-02-25T20:16:34","version" => "1.59_13"},{"date" => "2013-02-26T17:57:00","version" => "1.6000"},{"date" => "2013-02-27T01:04:54","version" => "1.6001"},{"date" => "2013-02-27T20:13:45","version" => "1.6002"},{"date" => "2013-03-08T19:03:47","version" => "1.6003"},{"date" => "2013-03-08T19:32:25","version" => "1.6004"},{"date" => "2013-03-08T19:48:06","version" => "1.6005"},{"date" => "2013-03-14T06:00:27","version" => "1.6006"},{"date" => "2013-03-17T21:34:17","version" => "1.6007"},{"date" => "2013-03-19T17:03:36","version" => "1.6008"},{"date" => "2013-03-25T04:10:51","version" => "1.6100"},{"date" => "2013-03-25T20:41:37","version" => "1.6101"},{"date" => "2013-03-28T00:16:09","version" => "1.6102"},{"date" => "2013-03-30T21:36:49","version" => "1.6103"},{"date" => "2013-04-03T01:04:42","version" => "1.6104"},{"date" => "2013-04-05T05:17:38","version" => "1.6105"},{"date" => "2013-04-06T21:19:18","version" => "1.6106"},{"date" => "2013-04-07T04:19:16","version" => "1.6107"},{"date" => "2013-04-13T06:32:52","version" => "1.6108"},{"date" => "2013-04-13T11:48:43","version" => "1.6190"},{"date" => "2013-04-14T03:09:40","version" => "1.6191"},{"date" => "2013-04-14T08:17:32","version" => "1.6192"},{"date" => "2013-04-15T07:37:08","version" => "1.6193"},{"date" => "2013-04-15T07:42:51","version" => "1.6900"},{"date" => "2013-04-21T00:50:44","version" => "1.6901"},{"date" => "2013-04-21T01:06:02","version" => "1.6109"},{"date" => "2013-04-21T01:18:10","version" => "1.6902"},{"date" => "2013-04-22T01:07:09","version" => "1.6903"},{"date" => "2013-04-24T02:24:37","version" => "1.6904"},{"date" => "2013-04-24T03:05:21","version" => "1.6905"},{"date" => "2013-04-25T06:20:23","version" => "1.6906"},{"date" => "2013-04-26T18:40:08","version" => "1.6907"},{"date" => "2013-04-27T01:12:17","version" => "1.6908"},{"date" => "2013-04-29T08:49:53","version" => "1.6909"},{"date" => "2013-05-03T07:29:32","version" => "1.6910"},{"date" => "2013-05-04T20:28:02","version" => "1.6911"},{"date" => "2013-05-06T20:59:52","version" => "1.6912"},{"date" => "2013-05-10T00:05:10","version" => "1.6913"},{"date" => "2013-05-12T23:03:52","version" => "1.6914"},{"date" => "2013-05-16T02:01:33","version" => "1.6915"},{"date" => "2013-06-04T10:55:37","version" => "1.6916"},{"date" => "2013-06-05T01:07:33","version" => "1.6917"},{"date" => "2013-06-10T20:03:21","version" => "1.6918"},{"date" => "2013-06-12T15:33:22","version" => "1.6919"},{"date" => "2013-06-14T21:09:54","version" => "1.6920"},{"date" => "2013-06-18T10:19:43","version" => "1.6921"},{"date" => "2013-06-19T20:57:09","version" => "1.6922"},{"date" => "2013-07-04T05:17:11","version" => "1.6923"},{"date" => "2013-07-16T18:38:21","version" => "1.6924"},{"date" => "2013-07-20T05:08:06","version" => "1.6925"},{"date" => "2013-07-20T16:03:14","version" => "1.6926"},{"date" => "2013-07-23T07:45:33","version" => "1.6927"},{"date" => "2013-07-23T21:07:02","version" => "1.6928"},{"date" => "2013-07-24T18:46:29","version" => "1.6929"},{"date" => "2013-07-24T20:48:14","version" => "1.6930"},{"date" => "2013-07-24T21:51:33","version" => "1.6931"},{"date" => "2013-07-24T22:29:04","version" => "1.6932"},{"date" => "2013-07-25T16:58:24","version" => "1.6933"},{"date" => "2013-07-26T23:17:21","version" => "1.6934"},{"date" => "2013-07-31T18:36:57","version" => "1.6935"},{"date" => "2013-08-05T04:37:54","version" => "1.6936"},{"date" => "2013-08-06T01:55:29","version" => "1.6937"},{"date" => "2013-08-06T06:12:45","version" => "1.6938"},{"date" => "2013-08-06T09:55:55","version" => "1.6939"},{"date" => "2013-08-08T19:36:34","version" => "1.6940"},{"date" => "2013-08-20T18:32:44","version" => "1.6941"},{"date" => "2013-08-27T18:11:47","version" => "1.6942"},{"date" => "2013-09-03T23:40:37","version" => "1.6943"},{"date" => "2013-09-04T22:02:21","version" => "1.7000"},{"date" => "2013-09-08T20:12:16","version" => "1.7001"},{"date" => "2013-09-19T05:31:34","version" => "1.7100"},{"date" => "2013-09-19T11:15:59","version" => "1.7101"},{"date" => "2013-09-20T04:33:50","version" => "1.7102"},{"date" => "2014-04-27T05:46:31","version" => "1.7002"},{"date" => "2014-04-27T15:11:46","version" => "1.7003"},{"date" => "2014-04-27T16:23:35","version" => "1.7004"},{"date" => "2014-09-02T04:00:49","version" => "1.7005"},{"date" => "2014-09-02T06:27:35","version" => "1.7006"},{"date" => "2014-09-05T12:04:41","version" => "1.7005"},{"date" => "2014-09-05T22:45:37","version" => "1.7006"},{"date" => "2014-09-09T16:26:54","version" => "1.7007"},{"date" => "2014-09-10T08:19:24","version" => "1.7008"},{"date" => "2014-09-10T08:44:00","version" => "1.7009"},{"date" => "2014-09-17T09:28:23","version" => "1.7010"},{"date" => "2014-09-22T06:08:51","version" => "1.7011"},{"date" => "2014-09-27T02:29:33","version" => "1.7012"},{"date" => "2014-10-07T06:52:45","version" => "1.7013"},{"date" => "2014-10-08T03:54:02","version" => "1.7014"},{"date" => "2014-11-14T21:14:40","version" => "1.7015"},{"date" => "2014-11-16T19:47:26","version" => "1.7016"},{"date" => "2014-11-25T22:01:56","version" => "1.7017"},{"date" => "2014-11-25T22:08:49","version" => "1.7018"},{"date" => "2014-12-04T20:52:24","version" => "1.7019"},{"date" => "2014-12-09T01:54:37","version" => "1.7020"},{"date" => "2014-12-12T05:43:01","version" => "1.7021"},{"date" => "2014-12-13T00:42:15","version" => "1.7022"},{"date" => "2015-01-04T23:00:30","version" => "1.7023"},{"date" => "2015-01-12T21:32:45","version" => "1.7024"},{"date" => "2015-02-07T06:59:17","version" => "1.7025"},{"date" => "2015-02-14T01:12:18","version" => "1.7026"},{"date" => "2015-02-14T20:15:20","version" => "1.7027"},{"date" => "2015-04-17T17:24:16","version" => "1.7028"},{"date" => "2015-04-18T22:16:17","version" => "1.7029"},{"date" => "2015-04-19T12:15:59","version" => "1.7030"},{"date" => "2015-04-22T21:14:17","version" => "1.7031"},{"date" => "2015-04-30T01:52:49","version" => "1.7032"},{"date" => "2015-05-02T00:18:54","version" => "1.7033"},{"date" => "2015-05-07T21:21:07","version" => "1.7034"},{"date" => "2015-06-05T17:51:53","version" => "1.7035"},{"date" => "2015-06-06T05:08:20","version" => "1.7036"},{"date" => "2015-06-18T21:38:47","version" => "1.7037"},{"date" => "2015-06-23T01:05:25","version" => "1.7038"},{"date" => "2015-06-29T01:06:18","version" => "1.7039"},{"date" => "2016-01-07T19:29:19","version" => "1.7040"},{"date" => "2016-05-08T18:29:30","version" => "1.7041"},{"date" => "2016-05-24T07:49:34","version" => "1.7042"},{"date" => "2017-04-03T03:57:15","version" => "1.7043"},{"date" => "2018-04-19T11:54:56","version" => "1.7044"},{"date" => "2018-04-20T12:17:48","version" => "1.7900"},{"date" => "2018-04-20T12:20:35","version" => "1.7901"},{"date" => "2018-04-20T12:43:24","version" => "1.7902"},{"date" => "2018-04-20T14:54:30","version" => "1.7903"},{"date" => "2018-04-20T21:22:56","version" => "1.7904"},{"date" => "2018-04-21T09:40:47","version" => "1.7905"},{"date" => "2018-04-21T10:57:20","version" => "1.9015"},{"date" => "2018-04-21T11:17:58","version" => "1.9016"},{"date" => "2018-04-21T17:31:13","version" => "1.9017"},{"date" => "2018-04-22T13:54:32","version" => "1.9018"},{"date" => "2018-04-25T09:27:31","version" => "1.7906"},{"date" => "2018-04-26T11:36:59","version" => "1.7907"},{"date" => "2022-01-27T03:05:02","version" => "1.7045"},{"date" => "2022-04-27T06:01:26","version" => "1.7046"},{"date" => "2023-07-30T06:01:02","version" => "1.7047"},{"date" => "2024-10-29T18:49:03","version" => "1.7048"},{"date" => "2026-03-17T00:38:08","version" => "1.7049"}]},"App-japerl" => {"advisories" => [{"affected_versions" => ["<0.09"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "App-japerl","fixed_versions" => [">=0.09"],"id" => "CPANSA-App-japerl-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "App::japerl","versions" => [{"date" => "2018-09-07T15:19:24","version" => "0.10"},{"date" => "2018-09-08T15:07:20","version" => "0.11"},{"date" => "2019-07-14T03:35:18","version" => "0.12"},{"date" => "2021-02-18T14:03:58","version" => "0.13"},{"date" => "2021-09-18T18:20:37","version" => "0.14"},{"date" => "2023-03-25T01:04:11","version" => "0.15"}]},"App-perlall" => {"advisories" => [{"affected_versions" => ["<0.33"],"cves" => ["CVE-2013-1667"],"description" => "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.\n","distribution" => "App-perlall","fixed_versions" => [">=0.33"],"id" => "CPANSA-App-perlall-2013-1667","references" => ["http://www.securityfocus.com/bid/58311","http://perl5.git.perl.org/perl.git/commitdiff/d59e31f","http://perl5.git.perl.org/perl.git/commitdiff/9d83adc","http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html","http://www.debian.org/security/2013/dsa-2641","http://secunia.com/advisories/52499","http://secunia.com/advisories/52472","https://bugzilla.redhat.com/show_bug.cgi?id=912276","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296","http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5","http://osvdb.org/90892","http://www.ubuntu.com/usn/USN-1770-1","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html","http://marc.info/?l=bugtraq&m=137891988921058&w=2","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/82598","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"],"reported" => "2013-03-14","severity" => undef}],"main_module" => "App::perlall","versions" => [{"date" => "2011-12-23T21:52:22","version" => "0.01"},{"date" => "2011-12-24T00:56:03","version" => "0.02"},{"date" => "2012-01-06T17:07:08","version" => "0.03"},{"date" => "2012-01-09T22:05:35","version" => "0.04"},{"date" => "2012-01-31T21:18:20","version" => "0.05"},{"date" => "2012-02-06T23:12:27","version" => "0.06"},{"date" => "2012-02-07T20:52:55","version" => "0.07"},{"date" => "2012-02-23T10:35:50","version" => "0.08"},{"date" => "2012-03-22T18:24:53","version" => "0.09"},{"date" => "2012-05-03T13:44:26","version" => "0.10"},{"date" => "2012-05-05T02:22:56","version" => "0.11"},{"date" => "2012-05-05T14:18:09","version" => "0.12"},{"date" => "2012-05-29T15:34:02","version" => "0.13"},{"date" => "2012-06-07T16:07:09","version" => "0.14"},{"date" => "2012-07-18T17:55:03","version" => "0.15"},{"date" => "2012-07-18T18:05:33","version" => "0.15_01"},{"date" => "2012-07-19T19:07:14","version" => "0.16"},{"date" => "2012-08-06T15:11:54","version" => "0.17"},{"date" => "2012-11-06T22:12:59","version" => "0.18"},{"date" => "2012-11-08T15:37:31","version" => "0.19"},{"date" => "2012-11-08T15:50:30","version" => "0.20"},{"date" => "2012-11-08T18:53:37","version" => "0.21"},{"date" => "2012-11-09T22:04:21","version" => "0.22"},{"date" => "2012-11-11T19:50:41","version" => "0.23"},{"date" => "2012-11-13T20:46:09","version" => "0.25"},{"date" => "2012-11-13T22:45:49","version" => "0.26"},{"date" => "2012-11-15T16:26:40","version" => "0.27"},{"date" => "2012-12-13T20:09:18","version" => "0.28"},{"date" => "2012-12-20T22:29:59","version" => "0.29"},{"date" => "2013-01-09T20:22:21","version" => "0.30"},{"date" => "2013-02-04T19:58:18","version" => "0.31"},{"date" => "2013-02-23T21:35:31","version" => "0.32"},{"date" => "2013-03-05T01:04:28","version" => "0.33"},{"date" => "2013-03-05T15:34:37","version" => "0.34"},{"date" => "2013-03-22T22:34:57","version" => "0.35"},{"date" => "2013-07-11T19:58:07","version" => "0.36"},{"date" => "2013-07-13T19:53:25","version" => "0.37"},{"date" => "2013-10-23T15:58:48","version" => "0.39"},{"date" => "2013-11-18T16:12:38","version" => "0.40"},{"date" => "2013-12-03T17:08:11","version" => "0.41"},{"date" => "2013-12-06T18:40:51","version" => "0.42"},{"date" => "2013-12-09T18:31:19","version" => "0.43"},{"date" => "2014-01-11T23:39:19","version" => "0.44"},{"date" => "2014-07-25T13:36:23","version" => "0.45"},{"date" => "2014-08-10T01:42:03","version" => "0.46"},{"date" => "2015-07-08T07:43:56","version" => "0.47"},{"date" => "2015-10-06T09:33:35","version" => "0.48"},{"date" => "2015-11-27T15:53:11","version" => "0.49"},{"date" => "2016-06-12T12:48:37","version" => "0.50"},{"date" => "2019-12-10T20:02:45","version" => "0.51"}]},"App-revealup" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.19"],"cves" => ["CVE-2020-8127"],"description" => "Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2020-8127-revealjs","references" => ["https://hackerone.com/reports/691977"],"reported" => "2020-02-28","severity" => "medium"},{"affected_versions" => [">=0.20,<=0.21"],"cves" => ["CVE-2020-8127"],"description" => "Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2020-8127-revealjs","references" => ["https://hackerone.com/reports/691977"],"reported" => "2020-02-28","severity" => "medium"},{"affected_versions" => ["==0.22"],"cves" => ["CVE-2022-0776"],"description" => "Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.\n","distribution" => "App-revealup","fixed_versions" => [],"id" => "CPANSA-App-revealup-2022-0776-revealjs","references" => ["https://github.com/hakimel/reveal.js/commit/32cdd3b1872ba8e2267c9e87ae216cb55f40f4d2","https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001","https://github.com/yusukebe/App-revealup/issues/12#issuecomment-1169417411","https://github.com/yusukebe/App-revealup/commit/c8fea67994b1aa6d734066bff9ada4e834b09cb7"],"reported" => "2022-03-01","severity" => "medium"}],"main_module" => "App::revealup","versions" => [{"date" => "2014-05-25T10:34:08","version" => "0.01"},{"date" => "2014-05-25T11:39:22","version" => "0.02"},{"date" => "2014-06-06T08:03:43","version" => "0.03"},{"date" => "2014-06-06T22:08:16","version" => "0.04"},{"date" => "2014-06-11T05:44:23","version" => "0.05"},{"date" => "2014-06-11T06:22:41","version" => "0.06"},{"date" => "2014-06-11T11:27:29","version" => "0.07"},{"date" => "2014-06-16T01:22:48","version" => "0.08"},{"date" => "2014-06-17T02:53:12","version" => "0.09"},{"date" => "2014-07-05T21:47:41","version" => "0.10"},{"date" => "2014-07-05T21:54:30","version" => "0.11"},{"date" => "2014-09-03T20:57:24","version" => "0.12"},{"date" => "2014-09-16T03:40:03","version" => "0.13"},{"date" => "2014-11-07T16:32:52","version" => "0.14"},{"date" => "2014-11-24T06:40:45","version" => "0.15"},{"date" => "2014-12-19T06:25:32","version" => "0.16"},{"date" => "2014-12-19T20:12:33","version" => "0.17"},{"date" => "2014-12-21T22:32:08","version" => "0.18"},{"date" => "2014-12-21T22:43:49","version" => "0.19"},{"date" => "2015-07-07T15:34:28","version" => "0.20"},{"date" => "2015-08-28T12:57:12","version" => "0.21"},{"date" => "2020-02-06T12:53:05","version" => "0.22"},{"date" => "2022-06-29T00:31:20","version" => "0.23"}]},"Archive-Tar" => {"advisories" => [{"affected_versions" => ["<2.28"],"cves" => ["CVE-2018-12015"],"description" => "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.\n","distribution" => "Archive-Tar","fixed_versions" => [">=2.28"],"id" => "CPANSA-Archive-Tar-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-12015","https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5"],"reported" => "2018-06-12","severity" => "medium"},{"affected_versions" => ["<=1.36"],"cves" => ["CVE-2007-4829"],"description" => "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.\n","distribution" => "Archive-Tar","fixed_versions" => [">1.36"],"id" => "CPANSA-Archive-Tar-2007-4829","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=29517","https://bugzilla.redhat.com/show_bug.cgi?id=295021","http://rt.cpan.org/Public/Bug/Display.html?id=30380","https://issues.rpath.com/browse/RPL-1716","http://www.securityfocus.com/bid/26355","http://secunia.com/advisories/27539","http://osvdb.org/40410","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-2","http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml","http://secunia.com/advisories/33116","http://www.vupen.com/english/advisories/2007/3755","https://exchange.xforce.ibmcloud.com/vulnerabilities/38285","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"],"reported" => "2007-11-02","severity" => undef},{"affected_versions" => ["<2.10"],"cves" => ["CVE-2016-1238"],"description" => "'(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.'\n","distribution" => "Archive-Tar","fixed_versions" => [">=2.10"],"id" => "CPANSA-Archive-Tar-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Archive::Tar","versions" => [{"date" => "1998-02-02T06:13:59","version" => "0.071"},{"date" => "1998-04-10T17:07:35","version" => "0.072"},{"date" => "1998-07-30T00:56:03","version" => "0.08"},{"date" => "1999-01-10T02:22:23","version" => "0.20"},{"date" => "1999-02-02T19:01:41","version" => "0.21"},{"date" => "2000-04-28T00:37:46","version" => "0.22"},{"date" => "2003-01-21T23:07:30","version" => "0.23"},{"date" => "2003-03-18T17:08:50","version" => "0.99_01"},{"date" => "2003-03-26T14:57:35","version" => "0.99_02"},{"date" => "2003-04-28T16:01:24","version" => "0.99_03"},{"date" => "2003-04-28T16:57:58","version" => "0.99_04"},{"date" => "2003-04-30T12:52:19","version" => "0.99_05"},{"date" => "2003-05-05T12:06:35","version" => "0.99_06"},{"date" => "2003-05-31T09:27:33","version" => "1.00"},{"date" => "2003-06-08T10:46:56","version" => "1.01"},{"date" => "2003-06-12T09:47:58","version" => "1.02"},{"date" => "2003-06-26T12:52:19","version" => "1.03"},{"date" => "2003-07-27T17:07:50","version" => "1.04"},{"date" => "2003-08-25T13:38:44","version" => "1.05"},{"date" => "2003-10-15T14:35:12","version" => "1.06"},{"date" => "2003-10-17T11:42:14","version" => "1.07"},{"date" => "2004-01-05T12:59:23","version" => "1.08"},{"date" => "2004-05-22T12:32:02","version" => "1.09"},{"date" => "2004-06-11T19:24:06","version" => "1.10"},{"date" => "2004-11-09T16:12:40","version" => "1.20"},{"date" => "2004-11-10T16:04:13","version" => "1.21"},{"date" => "2004-11-21T10:09:52","version" => "1.22"},{"date" => "2004-12-03T15:53:06","version" => "1.23"},{"date" => "2005-05-03T13:11:19","version" => "1.24"},{"date" => "2005-08-20T10:14:40","version" => "1.25"},{"date" => "2005-08-22T09:29:53","version" => "1.26"},{"date" => "2006-01-19T13:31:53","version" => "1.28"},{"date" => "2006-03-03T13:56:20","version" => "1.29"},{"date" => "2006-08-02T15:00:41","version" => "1.30"},{"date" => "2007-05-18T12:18:49","version" => "1.31"},{"date" => "2007-05-25T09:32:48","version" => "1.32"},{"date" => "2007-08-15T14:20:33","version" => "1.34"},{"date" => "2007-09-16T09:13:21","version" => "1.36"},{"date" => "2007-11-11T11:59:00","version" => "1.37_01"},{"date" => "2007-12-24T11:02:07","version" => "1.38"},{"date" => "2008-08-22T16:33:49","version" => "1.39_01"},{"date" => "2008-08-25T03:56:58","version" => "1.39_02"},{"date" => "2008-08-25T22:07:56","version" => "1.39_03"},{"date" => "2008-09-08T12:14:37","version" => "1.39_04"},{"date" => "2008-10-13T13:42:10","version" => "1.40"},{"date" => "2008-12-13T17:10:15","version" => "1.42"},{"date" => "2009-01-19T17:08:08","version" => "1.44"},{"date" => "2009-03-05T16:10:06","version" => "1.46"},{"date" => "2009-04-20T17:07:30","version" => "1.48"},{"date" => "2009-06-12T12:01:54","version" => "1.50"},{"date" => "2009-06-13T11:29:50","version" => "1.52"},{"date" => "2009-09-10T12:13:03","version" => "1.54"},{"date" => "2010-02-03T14:40:15","version" => "1.56"},{"date" => "2010-02-17T21:47:16","version" => "1.58"},{"date" => "2010-04-23T14:12:31","version" => "1.60"},{"date" => "2010-06-28T21:02:59","version" => "1.62"},{"date" => "2010-07-09T11:04:45","version" => "1.64"},{"date" => "2010-07-26T08:44:00","version" => "1.66"},{"date" => "2010-08-17T16:06:19","version" => "1.68"},{"date" => "2010-11-15T22:02:53","version" => "1.70"},{"date" => "2010-11-18T19:22:01","version" => "1.72"},{"date" => "2010-12-18T21:19:51","version" => "1.74"},{"date" => "2011-01-07T22:27:40","version" => "1.76"},{"date" => "2011-09-08T22:13:33","version" => "1.78"},{"date" => "2011-10-13T10:25:39","version" => "1.80"},{"date" => "2011-11-21T12:14:43","version" => "1.82"},{"date" => "2012-03-03T00:00:05","version" => "1.84"},{"date" => "2012-05-24T11:38:09","version" => "1.86"},{"date" => "2012-06-01T11:06:25","version" => "1.88"},{"date" => "2012-09-05T18:19:00","version" => "1.90"},{"date" => "2013-06-18T15:13:27","version" => "1.92"},{"date" => "2013-10-22T14:28:22","version" => "0.93_01"},{"date" => "2013-10-22T14:36:08","version" => "1.93_02"},{"date" => "2013-10-24T18:02:48","version" => "1.94"},{"date" => "2013-10-24T19:10:34","version" => "1.96"},{"date" => "2014-06-14T17:12:02","version" => "1.98"},{"date" => "2014-06-15T14:59:24","version" => "2.00"},{"date" => "2014-09-14T18:03:23","version" => "2.02"},{"date" => "2014-12-14T20:13:33","version" => "2.04"},{"date" => "2016-04-24T14:05:11","version" => "2.06"},{"date" => "2016-05-12T08:57:35","version" => "2.08"},{"date" => "2016-07-27T12:40:29","version" => "2.10"},{"date" => "2016-10-16T11:27:58","version" => "2.12"},{"date" => "2016-10-20T12:38:57","version" => "2.14"},{"date" => "2016-11-01T19:19:36","version" => "2.16"},{"date" => "2016-11-07T13:36:15","version" => "2.18"},{"date" => "2016-12-15T10:54:40","version" => "2.20"},{"date" => "2016-12-16T09:46:28","version" => "2.22"},{"date" => "2016-12-16T15:27:38","version" => "2.24"},{"date" => "2017-05-12T12:46:05","version" => "2.26"},{"date" => "2018-06-08T10:57:04","version" => "2.28"},{"date" => "2018-06-19T11:55:28","version" => "2.30"},{"date" => "2018-09-13T07:17:10","version" => "2.32"},{"date" => "2020-02-01T16:41:47","version" => "2.34"},{"date" => "2020-02-02T13:34:34","version" => "2.36"},{"date" => "2020-06-25T07:51:56","version" => "2.38"},{"date" => "2021-07-27T09:51:54","version" => "2.40"},{"date" => "2023-03-25T12:10:20","version" => "3.00"},{"date" => "2023-04-12T23:09:11","version" => "3.02"},{"date" => "2025-02-25T20:25:09","version" => "3.04"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "1.26_01"},{"date" => "2006-08-15T00:00:00","dual_lived" => 1,"perl_release" => "5.009004","version" => "1.30_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.04_01"},{"date" => "2018-11-29T00:00:00","dual_lived" => 1,"perl_release" => "5.026003","version" => "2.24_01"},{"date" => "2023-12-30T00:00:00","dual_lived" => 1,"perl_release" => "5.039006","version" => "3.02_001"}]},"Archive-Unzip-Burst" => {"advisories" => [{"affected_versions" => [">=0.01"],"comment" => "0.09 is the latest version, so all versions are affected","cves" => ["CVE-2022-4976"],"description" => "Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities.  The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2022-4976","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=143547"],"reported" => "2025-06-12","severity" => undef},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8141"],"description" => "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8141-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174856","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8140"],"description" => "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8140-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174851","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02_02"],"cves" => ["CVE-2014-8139"],"description" => "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8139-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174844"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8141"],"description" => "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8141-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174856","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8140"],"description" => "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8140-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","https://bugzilla.redhat.com/show_bug.cgi?id=1174851","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700"],"reported" => "2020-01-31","severity" => "high"},{"affected_versions" => [">=0.03,<=0.09"],"cves" => ["CVE-2014-8139"],"description" => "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n","distribution" => "Archive-Unzip-Burst","fixed_versions" => [],"id" => "CPANSA-Archive-Unzip-Burst-2014-8139-unzip","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143547","http://www.securitytracker.com/id/1031433","http://www.ocert.org/advisories/ocert-2014-011.html","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174844"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Archive::Unzip::Burst","versions" => [{"date" => "2007-07-29T11:01:34","version" => "0.01"},{"date" => "2007-08-30T13:06:24","version" => "0.02"},{"date" => "2007-09-05T15:27:53","version" => "0.02_01"},{"date" => "2008-05-16T12:03:35","version" => "0.02_02"},{"date" => "2015-01-15T02:22:44","version" => "0.03"},{"date" => "2016-05-01T14:28:01","version" => "0.04"},{"date" => "2016-05-02T04:28:22","version" => "0.05"},{"date" => "2016-05-07T01:31:26","version" => "0.06"},{"date" => "2016-05-08T17:38:43","version" => "0.07"},{"date" => "2016-05-08T17:42:49","version" => "0.08"},{"date" => "2018-03-16T20:38:14","version" => "0.09"},{"date" => "2025-05-19T13:29:32","version" => "0.03"}]},"Archive-Zip" => {"advisories" => [{"affected_versions" => ["<1.61"],"cves" => ["CVE-2018-10860"],"description" => "perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.\n","distribution" => "Archive-Zip","fixed_versions" => [],"id" => "CPANSA-Archive-Zip-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-10860","https://github.com/redhotpenguin/perl-Archive-Zip/pull/33"],"reported" => "2018-06-28","severity" => "medium"},{"affected_versions" => ["<1.14"],"cves" => ["CVE-2004-1096"],"description" => "Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.\n","distribution" => "Archive-Zip","fixed_versions" => [],"id" => "CPANSA-Archive-Zip-2004-1096","references" => ["http://www.securityfocus.com/bid/11448","http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml","http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true","http://www.kb.cert.org/vuls/id/492545","http://secunia.com/advisories/13038/","http://www.mandriva.com/security/advisories?name=MDKSA-2004:118","https://exchange.xforce.ibmcloud.com/vulnerabilities/17761"],"reported" => "2005-01-10","severity" => undef}],"main_module" => "Archive::Zip","versions" => [{"date" => "2000-03-22T00:10:21","version" => "0.06"},{"date" => "2000-03-29T17:03:46","version" => "0.07"},{"date" => "2000-06-16T16:48:41","version" => "0.09"},{"date" => "2000-08-08T20:56:31","version" => "0.10"},{"date" => "2001-01-17T08:06:58","version" => "0.11"},{"date" => "2002-04-22T15:32:49","version" => "1.00"},{"date" => "2002-05-11T02:45:20","version" => "1.01"},{"date" => "2002-08-24T00:19:19","version" => "1.02"},{"date" => "2002-09-03T04:40:33","version" => "1.03"},{"date" => "2002-09-11T15:17:37","version" => "1.04"},{"date" => "2002-09-11T19:35:26","version" => "1.05"},{"date" => "2003-07-17T18:18:14","version" => "1.06"},{"date" => "2003-10-20T13:59:00","version" => "1.07"},{"date" => "2003-10-21T17:04:03","version" => "1.08"},{"date" => "2003-11-27T18:02:03","version" => "1.09"},{"date" => "2004-03-25T14:39:05","version" => "1.10"},{"date" => "2004-07-05T23:25:19","version" => "1_11"},{"date" => "2004-07-08T17:31:27","version" => "1.11"},{"date" => "2004-07-08T19:14:46","version" => "1.12"},{"date" => "2004-07-27T22:50:39","version" => "1.12_02"},{"date" => "2004-07-29T15:15:49","version" => "1.12_03"},{"date" => "2004-08-23T15:39:23","version" => "1.13"},{"date" => "2004-10-21T15:28:12","version" => "1.14"},{"date" => "2005-03-10T04:34:04","version" => "1.15_01"},{"date" => "2005-03-12T15:29:48","version" => "1.15_02"},{"date" => "2005-06-22T18:29:34","version" => "1.15"},{"date" => "2005-07-04T17:55:17","version" => "1.16"},{"date" => "2006-04-30T03:53:15","version" => "1.17_01"},{"date" => "2006-05-07T02:49:30","version" => "1.17_02"},{"date" => "2006-09-15T15:56:10","version" => "1.17_03"},{"date" => "2006-10-24T15:06:32","version" => "1.17_05"},{"date" => "2006-10-25T12:24:52","version" => "1.18"},{"date" => "2007-06-05T01:50:42","version" => "1.20"},{"date" => "2007-11-01T02:59:20","version" => "1.21"},{"date" => "2007-11-02T01:52:47","version" => "1.22"},{"date" => "2007-11-07T13:04:41","version" => "1.23"},{"date" => "2008-08-23T23:35:50","version" => "1.24"},{"date" => "2008-10-10T05:28:17","version" => "1.25"},{"date" => "2008-10-12T14:13:05","version" => "1.26"},{"date" => "2008-12-16T13:23:21","version" => "1.27_01"},{"date" => "2009-06-16T10:09:03","version" => "1.28"},{"date" => "2009-06-29T13:27:17","version" => "1.29"},{"date" => "2009-06-30T14:13:29","version" => "1.30"},{"date" => "2010-03-05T05:11:20","version" => "1.31_01"},{"date" => "2011-03-08T15:52:02","version" => "1.31_02"},{"date" => "2011-08-23T03:42:14","version" => "1.31_03"},{"date" => "2012-01-23T06:28:16","version" => "1.31_04"},{"date" => "2013-11-09T00:05:06","version" => "1.32"},{"date" => "2013-11-10T03:50:45","version" => "1.33"},{"date" => "2013-12-02T22:16:54","version" => "1.34"},{"date" => "2013-12-30T19:16:52","version" => "1.35"},{"date" => "2013-12-30T22:12:14","version" => "1.36"},{"date" => "2014-01-13T18:32:19","version" => "1.37"},{"date" => "2014-09-02T23:23:11","version" => "1.38"},{"date" => "2014-10-22T04:17:15","version" => "1.39"},{"date" => "2015-01-05T05:58:46","version" => "1.40"},{"date" => "2015-01-10T02:47:42","version" => "1.41"},{"date" => "2015-01-12T00:46:36","version" => "1.42"},{"date" => "2015-01-15T06:37:32","version" => "1.43"},{"date" => "2015-01-24T06:12:21","version" => "1.44"},{"date" => "2015-01-27T07:51:17","version" => "1.45"},{"date" => "2015-03-25T05:19:23","version" => "1.46"},{"date" => "2015-06-17T18:26:02","version" => "1.47"},{"date" => "2015-06-18T21:13:37","version" => "1.48"},{"date" => "2015-07-31T19:01:40","version" => "1.49"},{"date" => "2015-08-26T00:11:35","version" => "1.50"},{"date" => "2015-09-22T06:03:54","version" => "1.51"},{"date" => "2015-09-23T17:43:44","version" => "1.53"},{"date" => "2015-12-04T19:36:41","version" => "1.55"},{"date" => "2015-12-17T18:29:06","version" => "1.56"},{"date" => "2016-04-01T18:06:36","version" => "1.57"},{"date" => "2016-08-02T17:50:20","version" => "1.58"},{"date" => "2016-08-11T20:09:16","version" => "1.59"},{"date" => "2017-12-19T18:44:16","version" => "1.60"},{"date" => "2018-08-19T03:35:10","version" => "1.61"},{"date" => "2018-08-20T03:29:01","version" => "1.62"},{"date" => "2018-08-22T15:42:15","version" => "1.63"},{"date" => "2018-09-12T15:50:29","version" => "1.64"},{"date" => "2019-09-08T05:20:03","version" => "1.65"},{"date" => "2019-09-17T04:37:32","version" => "1.66"},{"date" => "2019-10-07T04:30:05","version" => "1.67"},{"date" => "2020-03-12T17:59:46","version" => "1.68"}]},"Authen-DigestMD5" => {"advisories" => [{"affected_versions" => [">=0.01"],"comment" => "The report incorrectly reports 0.02, although this problem is present in 0.04, which is the latest version","cves" => ["CVE-2025-40919"],"description" => "Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.  The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  According to RFC 2831, \"The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.\"","distribution" => "Authen-DigestMD5","fixed_versions" => [],"id" => "CPANSA-Authen-DigestMD5-2025-40919","references" => ["https://datatracker.ietf.org/doc/html/rfc2831","https://metacpan.org/release/SALVA/Authen-DigestMD5-0.01/source/DigestMD5.pm#L126"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Authen::DigestMD5","versions" => [{"date" => "2003-10-29T00:00:32","version" => "0.01"},{"date" => "2003-10-29T17:18:03","version" => "0.02"},{"date" => "2003-11-08T21:21:26","version" => "0.03"},{"date" => "2003-11-08T22:58:09","version" => "0.04"}]},"Authen-SASL" => {"advisories" => [{"affected_versions" => [">=2.04,<=2.1900"],"cves" => ["CVE-2025-40918"],"description" => "Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.  The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation  depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.","distribution" => "Authen-SASL","fixed_versions" => [">=2.1900"],"id" => "CPANSA-Authen-SASL-2025-40918","references" => ["https://datatracker.ietf.org/doc/html/rfc2831","https://github.com/gbarr/perl-authen-sasl/pull/22","https://metacpan.org/dist/Authen-SASL/source/lib/Authen/SASL/Perl/DIGEST_MD5.pm#L263","https://security.metacpan.org/patches/A/Authen-SASL/2.1800/CVE-2025-40918-r1.patch"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Authen::SASL","versions" => [{"date" => "2002-01-31T17:03:51","version" => "2.00"},{"date" => "2002-03-31T14:44:21","version" => "2.01"},{"date" => "2002-05-28T14:24:59","version" => "2.02"},{"date" => "2003-01-21T19:16:46","version" => "2.03"},{"date" => "2003-05-19T21:44:39","version" => "2.04"},{"date" => "2003-10-17T21:16:45","version" => "2.05"},{"date" => "2003-11-01T21:26:08","version" => "2.06"},{"date" => "2004-04-10T08:18:07","version" => "2.07"},{"date" => "2004-05-25T10:31:46","version" => "2.08"},{"date" => "2005-04-26T13:37:18","version" => "2.09"},{"date" => "2006-03-25T23:40:21","version" => "2.10"},{"date" => "2008-04-21T15:43:42","version" => "2.11"},{"date" => "2008-07-01T02:59:22","version" => "2.12"},{"date" => "2009-09-24T22:36:34","version" => "2.13"},{"date" => "2010-03-11T15:12:30","version" => "2.14"},{"date" => "2010-03-29T19:28:04","version" => "2.1401"},{"date" => "2010-06-02T18:58:54","version" => "2.15"},{"date" => "2012-09-04T16:12:29","version" => "2.16"},{"date" => "2023-08-09T22:53:31","version" => "2.1700"},{"date" => "2023-08-10T10:19:40","version" => "2.1700"},{"date" => "2025-04-25T16:10:56","version" => "2.1800"},{"date" => "2025-08-05T13:23:40","version" => "2.1900"},{"date" => "2026-01-28T22:01:16","version" => "2.2000"}]},"BSON-XS" => {"advisories" => [{"affected_versions" => ["<=0.8.4"],"cves" => ["CVE-2025-40906","CVE-2017-14227","CVE-2018-16790","CVE-2023-0437","CVE-2024-6381","CVE-2024-6383","CVE-2025-0755"],"description" => "BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.\nThose include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755.\nBSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.\n","distribution" => "BSON-XS","fixed_versions" => [],"id" => "CPANSA-BSON-XS-2025-40906","references" => ["https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html","https://www.mongodb.com/community/forums/t/mongodb-perl-driver-end-of-life/7890"],"reported" => "2025-05-16","severity" => "critical"},{"affected_versions" => [">=0.2.0,<=0.8.4"],"cves" => ["CVE-2024-6383"],"description" => "The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1\n","distribution" => "BSON-XS","fixed_versions" => [],"id" => "CPANSA-BSON-XS-2024-6383-libbson","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2024-6383","https://jira.mongodb.org/browse/CDRIVER-5628"],"reported" => "2024-07-03","severity" => "moderate"}],"main_module" => "BSON::XS","versions" => [{"date" => "2016-10-25T01:44:04","version" => "v0.2.0"},{"date" => "2016-10-27T14:29:08","version" => "v0.2.1"},{"date" => "2016-10-27T21:57:22","version" => "v0.2.2"},{"date" => "2018-05-17T20:38:16","version" => "v0.4.0"},{"date" => "2018-05-25T17:23:21","version" => "v0.4.1"},{"date" => "2018-06-13T14:02:45","version" => "v0.4.2"},{"date" => "2018-07-10T13:54:25","version" => "v0.4.3"},{"date" => "2018-09-13T03:31:32","version" => "v0.4.4"},{"date" => "2018-10-12T01:39:57","version" => "v0.4.5"},{"date" => "2018-10-12T15:51:36","version" => "v0.4.6"},{"date" => "2018-11-29T22:12:13","version" => "v0.6.0"},{"date" => "2019-07-12T18:08:23","version" => "v0.8.0"},{"date" => "2019-08-13T12:22:17","version" => "v0.8.1"},{"date" => "2019-12-05T18:59:17","version" => "v0.8.2"},{"date" => "2020-04-13T14:58:34","version" => "v0.8.3"},{"date" => "2020-08-13T14:54:04","version" => "v0.8.4"}]},"Batch-Batchrun" => {"advisories" => [{"affected_versions" => [">=1.03"],"cves" => ["CVE-2011-4117"],"description" => "The Batch::Batchrun module 1.03 for Perl does not properly handle temporary files.\n","distribution" => "Batch-Batchrun","fixed_versions" => [],"id" => "CPANSA-Batch-Batchrun-2011-4117","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://rt.cpan.org/Public/Bug/Display.html?id=69594"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Batch::Batchrun","versions" => [{"date" => "1999-08-21T20:25:47","version" => "1.03"}]},"Boost-Graph" => {"advisories" => [{"affected_versions" => [">=1.1,<=1.4"],"cves" => ["CVE-2008-0171"],"description" => "regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.\n","distribution" => "Boost-Graph","fixed_versions" => [],"id" => "CPANSA-Boost-Graph-2008-0171-boost","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=205955","http://svn.boost.org/trac/boost/changeset/42674","http://svn.boost.org/trac/boost/changeset/42745","https://issues.rpath.com/browse/RPL-2143","http://www.ubuntu.com/usn/usn-570-1","http://www.securityfocus.com/bid/27325","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html","http://secunia.com/advisories/28545","http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032","http://secunia.com/advisories/28705","http://secunia.com/advisories/28511","http://secunia.com/advisories/28527","http://wiki.rpath.com/Advisories:rPSA-2008-0063","http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml","http://secunia.com/advisories/28943","http://secunia.com/advisories/28860","http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html","http://secunia.com/advisories/29323","http://www.vupen.com/english/advisories/2008/0249","http://secunia.com/advisories/48099","http://www.securityfocus.com/archive/1/488102/100/0/threaded"],"reported" => "2008-01-17","severity" => undef},{"affected_versions" => [">=1.1,<=1.4"],"cves" => ["CVE-2008-0172"],"description" => "The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.\n","distribution" => "Boost-Graph","fixed_versions" => [],"id" => "CPANSA-Boost-Graph-2008-0172-boost","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=205955","http://svn.boost.org/trac/boost/changeset/42674","http://svn.boost.org/trac/boost/changeset/42745","https://issues.rpath.com/browse/RPL-2143","http://www.ubuntu.com/usn/usn-570-1","http://www.securityfocus.com/bid/27325","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html","http://secunia.com/advisories/28545","http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032","http://secunia.com/advisories/28705","http://secunia.com/advisories/28511","http://secunia.com/advisories/28527","http://wiki.rpath.com/Advisories:rPSA-2008-0063","http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml","http://secunia.com/advisories/28943","http://secunia.com/advisories/28860","http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html","http://secunia.com/advisories/29323","http://www.vupen.com/english/advisories/2008/0249","http://secunia.com/advisories/48099","http://www.securityfocus.com/archive/1/488102/100/0/threaded"],"reported" => "2008-01-17","severity" => undef}],"main_module" => "Boost::Graph","versions" => [{"date" => "2006-05-15T23:21:14","version" => "1.1"},{"date" => "2006-06-19T20:32:45","version" => "1.2"},{"date" => "2006-11-13T18:58:01","version" => "1.2"},{"date" => "2007-07-11T18:07:27","version" => "1.4"},{"date" => "2013-11-05T09:24:41","version" => "1.4_001"}]},"CBOR-XS" => {"advisories" => [{"affected_versions" => ["<1.7"],"cves" => [],"description" => "An out-of bound sharedref or stringref index could cause an out of bounds access - might be exploitable. A decoding error during indefinite array or hash decoding could cause an endless loop.\n","distribution" => "CBOR-XS","fixed_versions" => [">=1.7"],"id" => "CPANSA-CBOR-XS-2017-01","references" => ["https://metacpan.org/dist/CBOR-XS/changes"],"reported" => "2017-07-27","severity" => undef}],"main_module" => "CBOR::XS","versions" => [{"date" => "2013-10-25T23:10:42","version" => "0.01"},{"date" => "2013-10-26T11:09:56","version" => "0.02"},{"date" => "2013-10-26T23:04:01","version" => "0.03"},{"date" => "2013-10-27T22:48:22","version" => "0.04"},{"date" => "2013-10-28T21:28:30","version" => "0.05"},{"date" => "2013-10-29T15:57:13","version" => "0.06"},{"date" => "2013-10-29T22:05:30","version" => "0.07"},{"date" => "2013-10-30T10:11:46","version" => "0.08"},{"date" => "2013-11-22T16:19:26","version" => "0.09"},{"date" => "2013-11-28T16:09:19","version" => "1.0"},{"date" => "2013-11-30T18:42:59","version" => "1.1"},{"date" => "2013-12-01T17:11:47","version" => "1.11"},{"date" => "2013-12-03T10:25:03","version" => "1.12"},{"date" => "2013-12-10T21:07:58","version" => "1.2"},{"date" => "2014-01-05T14:25:36","version" => "1.25"},{"date" => "2014-10-25T06:37:38","version" => "1.26"},{"date" => "2015-04-27T20:22:15","version" => "1.3"},{"date" => "2016-02-08T04:38:25","version" => "1.4"},{"date" => "2016-02-25T14:23:47","version" => "1.41"},{"date" => "2016-04-27T09:40:38","version" => "1.5"},{"date" => "2016-12-07T14:14:49","version" => "1.6"},{"date" => "2017-06-27T02:03:48","version" => "1.7"},{"date" => "2018-11-15T19:53:50","version" => "1.71"},{"date" => "2020-11-29T21:36:13","version" => "1.8"},{"date" => "2020-11-30T18:31:32","version" => "1.81"},{"date" => "2020-12-01T01:50:49","version" => "1.82"},{"date" => "2020-12-08T08:30:59","version" => "1.83"},{"date" => "2021-10-21T01:16:11","version" => "1.84"},{"date" => "2021-10-23T03:00:48","version" => "1.85"},{"date" => "2021-11-04T16:50:24","version" => "1.86"},{"date" => "2023-09-10T20:45:43","version" => "1.87"}]},"CGI" => {"advisories" => [{"affected_versions" => ["<3.63"],"cves" => ["CVE-2012-5526"],"description" => "CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.\n","distribution" => "CGI","fixed_versions" => [">=3.63"],"id" => "CPANSA-CGI-2012-5526","references" => ["http://www.securityfocus.com/bid/56562","http://www.openwall.com/lists/oss-security/2012/11/15/6","https://github.com/markstos/CGI.pm/pull/23","http://www.securitytracker.com/id?1027780","http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://www.debian.org/security/2012/dsa-2586","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://secunia.com/advisories/55314","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/80098"],"reported" => "2012-11-21","severity" => undef},{"affected_versions" => ["<3.56"],"cves" => ["CVE-2011-2766"],"description" => "Usage of deprecated FCGI.pm API.\n","distribution" => "CGI","fixed_versions" => [">=3.56"],"id" => "CPANSA-CGI-2011-2766","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=68380","http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766"],"reported" => "2011-11-08"},{"affected_versions" => ["<3.50"],"cves" => [],"description" => "Non-random MIME boundary.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-02","reported" => "2010-11-08"},{"affected_versions" => ["<3.49"],"cves" => [],"description" => "Newlines in headers.\n","distribution" => "CGI","fixed_versions" => [">=3.49"],"id" => "CPANSA-CGI-2010-01","reported" => "2010-02-05"},{"affected_versions" => ["<3.50"],"cves" => ["CVE-2010-4411"],"description" => "Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors.  NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-4411","references" => ["http://openwall.com/lists/oss-security/2010/12/01/3","http://www.mandriva.com/security/advisories?name=MDVSA-2011:008","http://www.vupen.com/english/advisories/2011/0106","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.vupen.com/english/advisories/2011/0271","http://www.vupen.com/english/advisories/2011/0212","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://secunia.com/advisories/43068","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"],"reported" => "2010-12-06","severity" => undef},{"affected_versions" => ["<3.50"],"cves" => ["CVE-2010-2761"],"description" => "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.\n","distribution" => "CGI","fixed_versions" => [">=3.50"],"id" => "CPANSA-CGI-2010-2761","references" => ["https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380","http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes","http://openwall.com/lists/oss-security/2010/12/01/1","http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html","http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm","http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1","http://openwall.com/lists/oss-security/2010/12/01/2","http://openwall.com/lists/oss-security/2010/12/01/3","https://bugzilla.mozilla.org/show_bug.cgi?id=600464","http://osvdb.org/69588","http://osvdb.org/69589","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:237","http://www.vupen.com/english/advisories/2011/0076","http://www.mandriva.com/security/advisories?name=MDVSA-2010:250","http://secunia.com/advisories/42877","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html","http://secunia.com/advisories/43147","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html","http://www.vupen.com/english/advisories/2011/0249","http://www.vupen.com/english/advisories/2011/0271","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://www.vupen.com/english/advisories/2011/0212","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://secunia.com/advisories/43068","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2010-12-06","severity" => undef}],"main_module" => "CGI","versions" => [{"date" => "1995-11-25T09:21:00","version" => "2.10"},{"date" => "1995-12-28T09:08:00","version" => "2.13"},{"date" => "1996-05-22T22:30:00","version" => "2.20"},{"date" => "1996-05-31T05:31:00","version" => "2.21"},{"date" => "1996-08-07T09:24:00","version" => "2.22"},{"date" => "1996-08-14T08:17:00","version" => "2.23"},{"date" => "1996-08-21T09:09:00","version" => "2.24"},{"date" => "1996-09-10T14:23:00","version" => "2.25"},{"date" => "1996-10-22T11:17:00","version" => "2.26"},{"date" => "1996-10-24T18:21:00","version" => "2.27"},{"date" => "1996-12-02T11:48:00","version" => "2.28"},{"date" => "1996-12-09T13:39:00","version" => "2.29"},{"date" => "1997-01-02T16:40:00","version" => "2.30"},{"date" => "1997-02-15T15:36:00","version" => "2.31"},{"date" => "1997-03-25T08:58:00","version" => "2.32"},{"date" => "1997-04-04T20:45:00","version" => "2.33"},{"date" => "1997-04-10T15:41:00","version" => "2.34"},{"date" => "1997-04-20T18:29:00","version" => "2.35"},{"date" => "1997-05-09T09:33:00","version" => "2.36"},{"date" => "1997-08-29T04:42:00","version" => "2.37"},{"date" => "1997-09-15T17:51:00","version" => "2.37"},{"date" => "1997-10-01T04:15:00","version" => "2.37"},{"date" => "1997-10-12T07:10:00","version" => "2.37"},{"date" => "1997-11-23T11:37:00","version" => "2.37"},{"date" => "1997-12-20T09:57:00","version" => "2.37"},{"date" => "1998-01-16T12:22:00","version" => "2.37"},{"date" => "1998-01-19T11:34:00","version" => "2.37"},{"date" => "1998-01-26T11:00:00","version" => "2.37"},{"date" => "1998-01-29T19:48:00","version" => "2.37"},{"date" => "1998-02-02T13:37:00","version" => "2.37"},{"date" => "1998-02-05T08:25:00","version" => "2.37"},{"date" => "1998-02-09T13:58:00","version" => "2.37"},{"date" => "1998-02-16T16:21:00","version" => "2.37"},{"date" => "1998-02-23T08:33:00","version" => "2.37"},{"date" => "1998-02-24T16:52:00","version" => "2.37"},{"date" => "1998-03-13T15:33:00","version" => "2.37"},{"date" => "1998-03-22T21:12:00","version" => "2.38"},{"date" => "1998-03-24T22:37:08","version" => "2.39"},{"date" => "1998-05-20T09:17:00","version" => "2.40"},{"date" => "1998-05-28T15:03:00","version" => "2.41"},{"date" => "1998-06-09T09:00:00","version" => "2.42"},{"date" => "1998-10-14T19:06:31","version" => "2.43"},{"date" => "1998-11-24T19:41:41","version" => "2.44"},{"date" => "1998-11-26T11:07:27","version" => "2.45"},{"date" => "1998-12-06T10:22:46","version" => "2.46"},{"date" => "1999-02-18T03:50:16","version" => "2.47"},{"date" => "1999-02-19T14:10:25","version" => "2.48"},{"date" => "1999-02-23T22:00:33","version" => "2.49"},{"date" => "1999-06-08T15:13:15","version" => "2.52"},{"date" => "1999-06-09T14:56:06","version" => "2.53"},{"date" => "1999-08-09T14:18:33","version" => "2.54"},{"date" => "1999-08-31T17:11:00","version" => "2.55"},{"date" => "1999-09-13T21:11:51","version" => "2.56"},{"date" => "2000-03-23T23:00:12","version" => "2.58"},{"date" => "2000-03-24T12:31:52","version" => "2.59"},{"date" => "2000-03-27T22:11:34","version" => "2.60"},{"date" => "2000-03-28T02:50:18","version" => "2.61"},{"date" => "2000-03-28T21:38:03","version" => "2.62"},{"date" => "2000-04-10T15:19:54","version" => "2.63"},{"date" => "2000-04-11T15:25:13","version" => "2.64"},{"date" => "2000-04-11T15:55:40","version" => "2.65"},{"date" => "2000-04-12T20:16:46","version" => "2.66"},{"date" => "2000-05-16T01:38:08","version" => "2.67"},{"date" => "2000-05-18T17:55:55","version" => "2.68"},{"date" => "2000-07-28T03:06:11","version" => "2.69"},{"date" => "2000-08-04T19:37:27","version" => "2.70"},{"date" => "2000-08-13T16:09:25","version" => "2.71"},{"date" => "2000-08-20T17:35:50","version" => "2.72"},{"date" => "2000-08-24T13:33:37","version" => "3."},{"date" => "2000-09-13T02:55:51","version" => "2.73"},{"date" => "2000-09-13T16:35:14","version" => "2.74"},{"date" => "2001-02-02T15:43:07","version" => "2.75"},{"date" => "2001-02-02T15:50:53","version" => "2.751"},{"date" => "2001-02-04T23:49:27","version" => "2.752"},{"date" => "2001-03-12T17:00:13","version" => "2.753"},{"date" => "2001-06-15T15:33:28","version" => "3.02"},{"date" => "2001-06-29T14:47:39","version" => "3.02_"},{"date" => "2001-07-05T16:13:55","version" => "3.03_01"},{"date" => "2001-07-26T21:29:22","version" => "2.76"},{"date" => "2001-08-07T12:33:22","version" => "2.77"},{"date" => "2001-09-26T02:26:36","version" => "2.78"},{"date" => "2001-12-09T21:39:11","version" => "2.79"},{"date" => "2002-01-12T02:47:17","version" => "2.80"},{"date" => "2002-04-10T19:39:49","version" => "2.81"},{"date" => "2002-09-11T12:27:48","version" => "2.84"},{"date" => "2002-09-11T14:01:02","version" => "2.85"},{"date" => "2002-09-12T03:58:40","version" => "2.86"},{"date" => "2002-10-07T02:00:58","version" => "2.87"},{"date" => "2002-10-14T13:58:09","version" => "2.88"},{"date" => "2002-10-16T17:50:26","version" => "2.89"},{"date" => "2002-11-22T23:03:39","version" => 0},{"date" => "2003-02-10T20:11:57","version" => "2.90"},{"date" => "2003-02-11T14:15:15","version" => "2.91"},{"date" => "2003-04-28T00:44:10","version" => "2.92"},{"date" => "2003-04-28T13:37:43","version" => "2.93"},{"date" => "2003-06-09T12:15:29","version" => "2.94"},{"date" => "2003-06-13T02:35:42","version" => "2.95"},{"date" => "2003-06-16T18:42:38","version" => "2.96"},{"date" => "2003-06-17T23:32:52","version" => "2.97"},{"date" => "2003-07-16T17:06:29","version" => "2.98"},{"date" => "2003-08-01T14:43:54","version" => "2.99"},{"date" => "2003-08-18T17:51:48","version" => "3.00"},{"date" => "2003-12-10T17:05:47","version" => "3.01"},{"date" => "2004-01-13T16:34:47","version" => "3.03"},{"date" => "2004-01-19T12:44:30","version" => "3.04"},{"date" => "2004-04-12T20:39:57","version" => "3.05"},{"date" => "2005-03-09T21:06:46","version" => "3.06"},{"date" => "2005-03-14T16:34:03","version" => "3.07"},{"date" => "2005-04-20T15:31:11","version" => "3.08"},{"date" => "2005-05-05T20:16:55","version" => "3.09"},{"date" => "2005-05-13T21:48:46","version" => "3.10"},{"date" => "2005-08-03T21:17:14","version" => "3.11"},{"date" => "2005-12-04T16:46:53","version" => "3.12"},{"date" => "2005-12-05T13:54:26","version" => "3.13"},{"date" => "2005-12-06T22:14:19","version" => "3.14"},{"date" => "2005-12-07T20:16:49","version" => "3.15"},{"date" => "2006-02-08T18:50:56","version" => "3.16"},{"date" => "2006-02-24T19:04:58","version" => "3.17"},{"date" => "2006-04-17T13:56:06","version" => "3.19"},{"date" => "2006-04-23T14:27:55","version" => "3.20"},{"date" => "2006-08-21T19:12:36","version" => "3.21"},{"date" => "2006-08-23T15:24:41","version" => "3.22"},{"date" => "2006-08-24T11:53:26","version" => "3.23"},{"date" => "2006-09-28T17:09:45","version" => "3.25"},{"date" => "2007-02-27T15:42:54","version" => "3.27"},{"date" => "2007-03-29T15:38:01","version" => "3.28"},{"date" => "2007-04-16T17:00:18","version" => "3.29"},{"date" => "2007-11-30T19:06:19","version" => "3.31"},{"date" => "2007-12-27T18:41:32","version" => "3.32"},{"date" => "2008-01-03T15:03:17","version" => "3.33"},{"date" => "2008-03-18T16:04:41","version" => "3.34"},{"date" => "2008-03-27T14:26:48","version" => "3.35"},{"date" => "2008-04-23T13:09:44","version" => "3.37"},{"date" => "2008-06-25T14:58:32","version" => "3.38"},{"date" => "2008-07-29T15:01:52","version" => "3.39"},{"date" => "2008-08-06T18:21:51","version" => "3.40"},{"date" => "2008-08-26T13:56:27","version" => "3.41"},{"date" => "2008-09-08T14:15:41","version" => "3.42"},{"date" => "2009-04-06T18:35:19","version" => "3.43"},{"date" => "2009-07-30T16:34:17","version" => "3.44"},{"date" => "2009-08-14T13:37:12","version" => "3.45"},{"date" => "2009-09-09T15:39:42","version" => "3.46"},{"date" => "2009-09-09T20:03:01","version" => "3.47"},{"date" => "2009-09-25T15:07:03","version" => "3.48"},{"date" => "2010-02-05T16:24:53","version" => "3.49"},{"date" => "2010-11-08T21:53:26","version" => "3.50"},{"date" => "2011-01-05T18:28:41","version" => "3.51"},{"date" => "2011-01-25T04:30:05","version" => "3.52"},{"date" => "2011-04-25T23:01:21","version" => "3.53"},{"date" => "2011-04-28T14:36:41","version" => "3.54"},{"date" => "2011-06-03T15:39:16","version" => "3.55"},{"date" => "2011-11-09T02:00:20","version" => "3.56"},{"date" => "2011-11-09T15:59:18","version" => "3.57"},{"date" => "2011-11-12T03:36:07","version" => "3.58"},{"date" => "2011-12-30T13:35:35","version" => "3.59"},{"date" => "2012-08-16T03:21:13","version" => "3.60"},{"date" => "2012-11-03T02:10:42","version" => "3.61"},{"date" => "2012-11-10T01:40:50","version" => "3.62"},{"date" => "2012-11-14T23:45:29","version" => "3.63"},{"date" => "2013-11-24T01:22:00","version" => "3.64"},{"date" => "2014-02-12T03:13:58","version" => "3.65"},{"date" => "2014-05-15T12:59:58","version" => "3.65_01"},{"date" => "2014-05-16T11:43:33","version" => "3.65_02"},{"date" => "2014-05-20T12:31:46","version" => "3.65_03"},{"date" => "2014-05-22T19:58:14","version" => "4.00"},{"date" => "2014-05-27T13:13:51","version" => "4.01"},{"date" => "2014-06-09T13:55:49","version" => "4.02"},{"date" => "2014-07-02T14:53:06","version" => "4.03"},{"date" => "2014-07-28T18:30:34","version" => "4.03_01"},{"date" => "2014-07-30T14:26:40","version" => "4.03_02"},{"date" => "2014-08-13T11:40:14","version" => "4.03_03"},{"date" => "2014-09-04T14:42:14","version" => "4.04"},{"date" => "2014-09-20T16:08:55","version" => "4.04_01"},{"date" => "2014-09-28T19:57:05","version" => "4.04_02"},{"date" => "2014-09-29T09:50:07","version" => "4.04_03"},{"date" => "2014-10-06T12:01:14","version" => "4.04_04"},{"date" => "2014-10-06T12:24:10","version" => "4.04_05"},{"date" => "2014-10-08T07:42:49","version" => "4.05"},{"date" => "2014-10-10T11:35:49","version" => "4.06"},{"date" => "2014-10-12T16:29:35","version" => "4.07"},{"date" => "2014-10-18T11:00:38","version" => "4.08"},{"date" => "2014-10-21T07:33:36","version" => "4.09"},{"date" => "2014-11-25T21:06:50","version" => "4.09_01"},{"date" => "2014-11-27T12:53:51","version" => "4.10"},{"date" => "2014-11-30T12:12:26","version" => "4.10_01"},{"date" => "2014-12-03T07:25:15","version" => "4.11"},{"date" => "2014-12-18T08:35:52","version" => "4.12"},{"date" => "2014-12-18T09:21:52","version" => "4.13"},{"date" => "2015-02-12T14:19:13","version" => "4.13_01"},{"date" => "2015-02-13T08:01:29","version" => "4.13_02"},{"date" => "2015-03-01T13:28:25","version" => "4.13_03"},{"date" => "2015-03-08T16:09:21","version" => "4.13_04"},{"date" => "2015-03-25T17:55:15","version" => "4.13_05"},{"date" => "2015-04-01T06:51:57","version" => "4.14"},{"date" => "2015-04-17T14:27:39","version" => "4.14_01"},{"date" => "2015-04-20T07:15:45","version" => "4.15"},{"date" => "2015-05-29T14:48:42","version" => "4.20"},{"date" => "2015-06-22T07:50:02","version" => "4.21"},{"date" => "2015-10-16T09:46:31","version" => "4.22"},{"date" => "2015-12-20T18:33:35","version" => "4.24"},{"date" => "2015-12-21T09:29:19","version" => "4.25"},{"date" => "2016-02-04T16:37:12","version" => "4.26"},{"date" => "2016-03-02T08:03:46","version" => "4.27"},{"date" => "2016-03-14T07:21:48","version" => "4.28"},{"date" => "2016-05-22T12:23:19","version" => "4.28_01"},{"date" => "2016-05-22T12:54:23","version" => "4.28_02"},{"date" => "2016-05-23T08:25:25","version" => "4.28_03"},{"date" => "2016-06-09T12:01:20","version" => "4.29"},{"date" => "2016-06-09T12:11:54","version" => "4.30"},{"date" => "2016-06-14T07:14:00","version" => "4.31"},{"date" => "2016-07-19T07:05:46","version" => "4.32"},{"date" => "2016-09-16T09:47:49","version" => "4.33"},{"date" => "2016-10-13T11:58:55","version" => "4.34"},{"date" => "2016-10-13T13:56:21","version" => "4.35"},{"date" => "2017-03-29T08:56:26","version" => "4.35_01"},{"date" => "2017-04-06T14:42:12","version" => "4.36"},{"date" => "2017-11-01T10:17:40","version" => "4.37"},{"date" => "2017-12-01T08:41:02","version" => "4.38"},{"date" => "2018-08-13T15:57:52","version" => "4.39"},{"date" => "2018-08-15T08:39:39","version" => "4.40"},{"date" => "2019-03-26T15:58:49","version" => "4.41"},{"date" => "2019-03-26T16:33:27","version" => "4.42"},{"date" => "2019-05-01T14:28:45","version" => "4.43"},{"date" => "2019-06-03T09:00:55","version" => "4.44"},{"date" => "2020-01-13T07:03:55","version" => "4.45"},{"date" => "2020-02-03T14:49:22","version" => "4.46"},{"date" => "2020-05-01T13:01:44","version" => "4.47"},{"date" => "2020-06-02T08:22:41","version" => "4.48"},{"date" => "2020-06-08T09:46:25","version" => "4.49"},{"date" => "2020-06-22T07:35:25","version" => "4.50"},{"date" => "2020-10-05T06:14:39","version" => "4.51"},{"date" => "2021-05-04T08:02:27","version" => "4.52"},{"date" => "2021-06-03T06:45:55","version" => "4.53"},{"date" => "2022-02-03T07:52:34","version" => "4.54"},{"date" => "2023-01-03T07:45:53","version" => "4.55"},{"date" => "2023-03-03T08:51:51","version" => "4.56"},{"date" => "2023-05-02T13:16:01","version" => "4.57"},{"date" => "2023-10-02T07:08:45","version" => "4.58"},{"date" => "2023-10-02T07:14:30","version" => "4.59"},{"date" => "2023-11-01T07:57:12","version" => "4.60"},{"date" => "2024-01-08T15:17:04","version" => "4.61"},{"date" => "2024-03-01T13:46:49","version" => "4.62"},{"date" => "2024-03-06T15:20:30","version" => "4.63"},{"date" => "2024-03-18T12:10:48","version" => "4.64"},{"date" => "2024-06-04T15:15:17","version" => "4.65"},{"date" => "2024-06-19T08:59:52","version" => "4.66"},{"date" => "2025-01-08T15:27:45","version" => "4.67"},{"date" => "2025-04-01T09:38:18","version" => "4.68"},{"date" => "2025-06-11T06:21:57","version" => "4.69"},{"date" => "2025-07-07T11:59:39","version" => "4.70"},{"date" => "2025-10-01T08:09:27","version" => "4.71"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "3.15_01"}]},"CGI-Application" => {"advisories" => [{"affected_versions" => ["<4.50_51"],"cves" => ["CVE-2013-7329"],"description" => "The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.\n","distribution" => "CGI-Application","fixed_versions" => [],"id" => "CPANSA-CGI-Application-2013-7329","references" => ["https://github.com/markstos/CGI--Application/pull/15","http://openwall.com/lists/oss-security/2014/02/19/11","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129436.html","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129444.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739505","http://www.securityfocus.com/bid/65687","https://rt.cpan.org/Public/Bug/Display.html?id=84403","https://bugzilla.redhat.com/show_bug.cgi?id=1067180","https://exchange.xforce.ibmcloud.com/vulnerabilities/91735"],"reported" => "2014-10-06","severity" => undef}],"main_module" => "CGI::Application","versions" => [{"date" => "2000-07-11T04:23:51","version" => "1.0"},{"date" => "2000-07-12T15:21:41","version" => "1.1"},{"date" => "2000-07-18T21:11:44","version" => "1.2"},{"date" => "2001-05-21T12:03:59","version" => "1.3"},{"date" => "2001-05-28T18:29:06","version" => "1.31"},{"date" => "2001-06-25T03:17:50","version" => "2.0"},{"date" => "2001-08-11T22:18:28","version" => "2.1"},{"date" => "2002-05-06T03:21:57","version" => "2.2"},{"date" => "2002-05-06T11:57:30","version" => "2.3"},{"date" => "2002-05-27T01:01:18","version" => "2.4"},{"date" => "2002-07-18T11:59:16","version" => "2.5"},{"date" => "2002-10-07T13:03:27","version" => "2.6"},{"date" => "2003-02-01T13:52:45","version" => "3.0"},{"date" => "2003-06-02T13:01:50","version" => "3.1"},{"date" => "2004-02-04T03:23:56","version" => "3.2"},{"date" => "2004-02-04T15:53:56","version" => "3.2"},{"date" => "2004-02-14T01:47:53","version" => "3.22"},{"date" => "2004-09-26T19:22:20","version" => "3.30"},{"date" => "2004-09-26T19:35:26","version" => "3.31"},{"date" => "2005-03-19T14:42:14","version" => "4.0_2"},{"date" => "2005-06-07T03:25:55","version" => "4.0_4"},{"date" => "2005-06-11T04:00:57","version" => "4.0"},{"date" => "2005-06-13T19:15:12","version" => "4.01_01"},{"date" => "2005-06-14T14:37:30","version" => "4.01"},{"date" => "2005-07-24T19:08:18","version" => "4.02_1"},{"date" => "2005-07-31T03:11:25","version" => "4.02"},{"date" => "2005-08-04T23:45:52","version" => "4.03"},{"date" => "2005-09-01T02:54:00","version" => "4.04_01"},{"date" => "2005-09-09T01:12:21","version" => "4.04_02"},{"date" => "2005-10-12T02:12:18","version" => "4.04"},{"date" => "2006-03-02T01:58:41","version" => "4.05"},{"date" => "2006-04-13T02:34:40","version" => "4.06"},{"date" => "2006-07-02T05:05:34","version" => "4.07_01"},{"date" => "2007-10-31T23:34:31","version" => "4.07_02"},{"date" => "2008-06-16T20:09:18","version" => "4.07_03"},{"date" => "2008-06-18T03:30:33","version" => "4.10"},{"date" => "2008-08-10T15:36:00","version" => "4.11"},{"date" => "2008-09-27T04:18:05","version" => "4.11"},{"date" => "2008-11-02T00:43:18","version" => "4.11"},{"date" => "2009-01-03T16:13:59","version" => "4.21"},{"date" => "2009-07-30T01:35:48","version" => "4.30"},{"date" => "2009-07-30T01:42:34","version" => "4.31"},{"date" => "2010-02-14T00:33:00","version" => "4.32_1"},{"date" => "2011-06-16T17:07:16","version" => "4.50"},{"date" => "2015-01-23T12:19:21","version" => "4.50_50"},{"date" => "2015-07-18T12:57:01","version" => "4.50_51"},{"date" => "2018-02-28T13:57:05","version" => "4.60"},{"date" => "2018-03-01T13:29:17","version" => "4.60_1"},{"date" => "2018-03-02T09:20:24","version" => "4.61"}]},"CGI-Application-Dispatch" => {"advisories" => [{"affected_versions" => ["<1.02"],"cves" => [],"description" => "Untainted module names.\n","distribution" => "CGI-Application-Dispatch","fixed_versions" => [">=1.02"],"id" => "CPANSA-CGI-Application-Dispatch-2005-001","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Dispatch"],"reported" => "2005-01-20"}],"main_module" => "CGI::Application::Dispatch","versions" => [{"date" => "2004-09-13T01:35:58","version" => "0.01"},{"date" => "2004-10-19T18:26:01","version" => "0.02"},{"date" => "2004-10-29T16:53:40","version" => "0.03"},{"date" => "2005-01-06T15:34:49","version" => "1.00"},{"date" => "2005-01-08T12:42:00","version" => "1.01"},{"date" => "2005-01-20T14:43:28","version" => "1.02"},{"date" => "2005-03-04T16:28:16","version" => "1.03"},{"date" => "2005-07-12T21:44:54","version" => "1.04"},{"date" => "2006-01-12T15:56:53","version" => "2.00_02"},{"date" => "2006-02-06T15:50:52","version" => "2.00_03"},{"date" => "2006-02-14T15:41:25","version" => "2.00_04"},{"date" => "2006-04-12T14:18:22","version" => "2.00_05"},{"date" => "2006-06-27T04:29:04","version" => "2.00_06"},{"date" => "2006-07-03T15:52:12","version" => "2.00"},{"date" => "2006-08-14T14:14:10","version" => "2.01"},{"date" => "2006-08-17T14:57:55","version" => "2.02"},{"date" => "2006-09-30T02:13:40","version" => "2.03"},{"date" => "2007-01-03T18:12:57","version" => "2.10_01"},{"date" => "2007-01-11T18:55:41","version" => "2.10_02"},{"date" => "2007-01-15T14:08:30","version" => "2.10"},{"date" => "2007-12-28T20:23:49","version" => "2.11"},{"date" => "2007-12-31T20:43:51","version" => "2.12_01"},{"date" => "2008-01-03T14:39:57","version" => "2.12"},{"date" => "2008-03-08T18:33:34","version" => "2.13_01"},{"date" => "2008-03-11T16:41:27","version" => "2.13_02"},{"date" => "2008-09-17T00:44:02","version" => "2.13"},{"date" => "2008-11-03T01:33:21","version" => "2.14"},{"date" => "2008-12-04T16:00:05","version" => "2.15"},{"date" => "2009-03-24T02:03:51","version" => "2.16"},{"date" => "2009-12-30T19:06:27","version" => "2.17"},{"date" => "2011-01-05T03:42:59","version" => "2.18"},{"date" => "2011-06-16T17:42:14","version" => "3.00"},{"date" => "2011-06-24T02:53:20","version" => "3.01"},{"date" => "2011-06-24T22:33:01","version" => "3.02"},{"date" => "2011-06-26T03:52:14","version" => "3.03"},{"date" => "2011-06-29T13:45:53","version" => "3.04"},{"date" => "2011-09-07T22:21:15","version" => "3.05"},{"date" => "2011-09-09T15:29:58","version" => "3.06"},{"date" => "2011-09-09T17:32:11","version" => "3.07"},{"date" => "2012-09-03T04:04:19","version" => "3.10"},{"date" => "2012-09-14T01:02:58","version" => "3.11"},{"date" => "2012-09-14T01:19:52","version" => "3.12"}]},"CGI-Application-Plugin-AutoRunmode" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "Non-word characters are allowed in runmode name.\n","distribution" => "CGI-Application-Plugin-AutoRunmode","fixed_versions" => [">=0.04"],"id" => "CPANSA-CGI-Application-Plugin-AutoRunmode-2005-01","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Plugin-AutoRunmode"],"reported" => "2005-03-04"}],"main_module" => "CGI::Application::Plugin::AutoRunmode","versions" => [{"date" => "2005-03-04T06:59:51","version" => "0.04"},{"date" => "2005-03-10T07:22:55","version" => "0.05"},{"date" => "2005-06-15T10:20:17","version" => "0.06"},{"date" => "2005-06-18T02:09:08","version" => "0.07"},{"date" => "2005-07-17T00:49:10","version" => "0.08"},{"date" => "2005-09-22T12:31:22","version" => "0.09"},{"date" => "2005-10-16T00:17:47","version" => "0.10"},{"date" => "2005-10-18T13:23:50","version" => "0.11"},{"date" => "2005-11-03T01:10:37","version" => "0.12"},{"date" => "2006-04-08T07:18:44","version" => "0.13"},{"date" => "2006-05-21T05:04:48","version" => "0.14"},{"date" => "2006-12-17T07:46:24","version" => "0.15"},{"date" => "2009-02-14T09:16:39","version" => "0.16"},{"date" => "2010-05-21T04:24:45","version" => "0.17"},{"date" => "2011-02-18T09:23:15","version" => "0.18"}]},"CGI-Application-Plugin-CAPTCHA" => {"advisories" => [{"affected_versions" => ["<0.02"],"cves" => [],"description" => "A malicious programmer creating an application to use the service can just have his application send along a cookie that he has created himself, and with that supply an appropriate verification string for his cookie. To avoid that you need to include som kind of hidden server-side password in the string being encrypted, and also include it when you verify.\n","distribution" => "CGI-Application-Plugin-CAPTCHA","fixed_versions" => [">=0.02"],"id" => "CPANSA-CGI-Application-Plugin-CAPTCHA-2024-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=30759","https://metacpan.org/release/CROMEDOME/CGI-Application-Plugin-CAPTCHA-0.02/changes","https://github.com/cromedome/cgi-application-plugin-captcha/commit/9acb5b6561a9983787ad85f55b01c69a895014e6"],"reported" => undef,"severity" => undef}],"main_module" => "CGI::Application::Plugin::CAPTCHA","versions" => [{"date" => "2005-08-28T18:31:21","version" => "0.01"},{"date" => "2011-01-05T05:07:55","version" => "0.02"},{"date" => "2011-01-05T05:10:54","version" => "0.03"},{"date" => "2011-01-06T14:08:56","version" => "0.04"}]},"CGI-Application-Plugin-RunmodeDeclare" => {"advisories" => [{"affected_versions" => ["<0.03"],"cves" => [],"description" => "Wrong order of arguments.\n","distribution" => "CGI-Application-Plugin-RunmodeDeclare","fixed_versions" => [">=0.03"],"id" => "CPANSA-CGI-Application-Plugin-RunmodeDeclare-2008-01","references" => ["https://metacpan.org/changes/distribution/CGI-Application-Plugin-RunmodeDeclare"],"reported" => "2008-10-20"}],"main_module" => "CGI::Application::Plugin::RunmodeDeclare","versions" => [{"date" => "2008-09-26T19:59:14","version" => "0.01"},{"date" => "2008-09-26T21:37:11","version" => "0.02"},{"date" => "2008-10-19T23:22:06","version" => "0.03"},{"date" => "2008-10-23T14:18:23","version" => "0.03_01"},{"date" => "2008-10-24T13:32:43","version" => "0.03_02"},{"date" => "2008-10-24T16:20:27","version" => "0.03_03"},{"date" => "2008-10-25T10:54:25","version" => "0.04"},{"date" => "2008-10-25T11:46:28","version" => "0.05"},{"date" => "2008-10-25T16:39:34","version" => "0.06"},{"date" => "2009-01-10T02:32:39","version" => "0.07"},{"date" => "2009-05-17T22:29:18","version" => "0.08"},{"date" => "2010-01-07T13:24:09","version" => "0.09"},{"date" => "2012-02-10T00:53:54","version" => "0.10"}]},"CGI-Auth-Basic" => {"advisories" => [{"affected_versions" => ["<1.11"],"cves" => [],"description" => "TBD\n","distribution" => "CGI-Auth-Basic","fixed_versions" => [">=1.11"],"id" => "CPANSA-CGI-Auth-Basic-2007-01","references" => ["https://metacpan.org/changes/distribution/CGI-Auth-Basic"],"reported" => "2007-12-30"}],"main_module" => "CGI::Auth::Basic","versions" => [{"date" => "2004-02-21T14:58:09","version" => "1.0"},{"date" => "2004-08-31T13:29:28","version" => "1.01"},{"date" => "2004-11-07T03:34:32","version" => "1.02"},{"date" => "2006-06-18T01:12:15","version" => "1.10"},{"date" => "2007-12-30T20:53:33","version" => "1.11"},{"date" => "2009-04-18T04:22:51","version" => "1.20"},{"date" => "2009-04-23T17:00:50","version" => "1.21"},{"date" => "2009-04-24T15:07:48","version" => "1.21"},{"date" => "2012-08-27T01:50:53","version" => "1.22"},{"date" => "2015-01-21T00:26:01","version" => "1.23"},{"date" => "2018-12-23T21:03:03","version" => "1.24"}]},"CGI-Session" => {"advisories" => [{"affected_versions" => ["<4.10"],"cves" => ["CVE-2006-1279"],"description" => "CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite.\n","distribution" => "CGI-Session","fixed_versions" => [],"id" => "CPANSA-CGI-Session-2006-1279","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555","http://secunia.com/advisories/19211","http://www.securityfocus.com/bid/17177","http://www.osvdb.org/23865","http://www.vupen.com/english/advisories/2006/0946","https://exchange.xforce.ibmcloud.com/vulnerabilities/25285"],"reported" => "2006-03-19","severity" => undef},{"affected_versions" => ["<4.12"],"cves" => [],"description" => "possible SQL injection attack\n","distribution" => "CGI-Session","fixed_versions" => [">=4.12"],"id" => "CPANSA-CGI-Session-2006-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=18578"],"reported" => "2006-04-06","severity" => undef}],"main_module" => "CGI::Session","versions" => [{"date" => "2001-10-30T08:59:10","version" => "0.01"},{"date" => "2002-05-10T12:04:15","version" => "2.0"},{"date" => "2002-05-10T17:38:46","version" => "2.1"},{"date" => "2002-05-14T18:21:39","version" => "2.2"},{"date" => "2002-05-17T18:02:23","version" => "2.4"},{"date" => "2002-05-27T09:52:46","version" => "2.7"},{"date" => "2002-06-06T08:08:21","version" => "2.9"},{"date" => "2002-06-06T08:36:26","version" => "2.91"},{"date" => "2002-06-18T18:15:57","version" => "2.92"},{"date" => "2002-08-26T08:23:54","version" => "2.94"},{"date" => "2002-11-27T07:20:47","version" => "3.1"},{"date" => "2002-11-27T12:27:59","version" => "3.2"},{"date" => "2002-11-28T03:19:31","version" => "v3.2.2.1"},{"date" => "2002-11-28T03:26:41","version" => "3.3"},{"date" => "2002-11-28T03:44:39","version" => "3.4"},{"date" => "2002-11-28T06:55:29","version" => "3.5"},{"date" => "2002-11-28T17:12:32","version" => "3.6"},{"date" => "2002-11-29T21:29:53","version" => "3.7"},{"date" => "2002-12-03T16:26:55","version" => "3.8"},{"date" => "2002-12-04T07:37:02","version" => "3.9"},{"date" => "2002-12-09T09:02:18","version" => "3.10"},{"date" => "2002-12-09T20:09:24","version" => "3.11"},{"date" => "2003-03-09T11:26:21","version" => "3.91"},{"date" => "2003-03-10T02:42:16","version" => "3.92"},{"date" => "2003-03-14T13:21:20","version" => "3.93"},{"date" => "2003-05-02T20:12:40","version" => "3.94"},{"date" => "2003-07-26T13:51:31","version" => "3.95"},{"date" => "2005-02-09T08:35:23","version" => "4.00_01"},{"date" => "2005-02-09T09:54:17","version" => "4.00_02"},{"date" => "2005-02-11T08:23:00","version" => "4.00_03"},{"date" => "2005-02-17T03:24:21","version" => "4.00_04"},{"date" => "2005-02-22T17:56:43","version" => "4.00_05"},{"date" => "2005-02-24T18:46:45","version" => "4.00_06"},{"date" => "2005-03-13T19:18:37","version" => "4.00_07"},{"date" => "2005-03-15T16:48:17","version" => "4.00_08"},{"date" => "2005-07-22T02:00:21","version" => "4.00_09"},{"date" => "2005-09-01T05:57:49","version" => "4.00"},{"date" => "2005-09-01T16:25:46","version" => "4.01"},{"date" => "2005-09-02T15:51:20","version" => "4.02"},{"date" => "2005-09-24T02:12:22","version" => "4.02_01"},{"date" => "2005-10-05T23:22:54","version" => "4.03"},{"date" => "2006-03-02T03:00:28","version" => "4.04"},{"date" => "2006-03-04T00:08:26","version" => "4.05"},{"date" => "2006-03-09T03:13:06","version" => "4.06"},{"date" => "2006-03-09T12:09:28","version" => "4.07"},{"date" => "2006-03-16T02:38:25","version" => "4.08"},{"date" => "2006-03-17T04:08:57","version" => "4.09"},{"date" => "2006-03-28T07:00:52","version" => "4.10"},{"date" => "2006-04-03T19:33:30","version" => "4.11"},{"date" => "2006-04-07T14:34:06","version" => "4.12"},{"date" => "2006-04-12T17:05:18","version" => "4.13"},{"date" => "2006-06-11T11:36:57","version" => "4.14"},{"date" => "2006-11-24T14:10:38","version" => "4.20_1"},{"date" => "2006-12-05T02:08:37","version" => "4.20"},{"date" => "2008-03-22T02:42:57","version" => "4.29_1"},{"date" => "2008-03-28T01:45:56","version" => "4.29_2"},{"date" => "2008-04-26T01:31:34","version" => "4.30"},{"date" => "2008-06-16T14:44:06","version" => "4.31"},{"date" => "2008-06-17T21:35:03","version" => "4.32"},{"date" => "2008-07-08T01:27:59","version" => "4.33"},{"date" => "2008-07-13T02:39:59","version" => "4.34"},{"date" => "2008-07-16T00:36:46","version" => "4.35"},{"date" => "2008-09-13T15:45:06","version" => "4.36"},{"date" => "2008-10-23T02:57:30","version" => "4.37"},{"date" => "2008-11-01T03:47:46","version" => "4.38"},{"date" => "2008-12-16T01:22:42","version" => "4.39"},{"date" => "2009-01-03T01:18:15","version" => "4.40"},{"date" => "2009-03-21T02:01:09","version" => "4.41"},{"date" => "2009-08-26T13:38:39","version" => "4.42"},{"date" => "2010-12-12T00:32:27","version" => "4.43"},{"date" => "2011-06-06T20:48:07","version" => "4.44"},{"date" => "2011-07-02T01:33:33","version" => "4.45"},{"date" => "2011-07-08T14:34:42","version" => "4.46"},{"date" => "2011-07-08T19:31:44","version" => "4.47"},{"date" => "2011-07-11T13:02:37","version" => "4.48"},{"date" => "2021-02-08T07:00:20","version" => "4.49"}]},"CGI-Simple" => {"advisories" => [{"affected_versions" => ["<1.113"],"cves" => ["CVE-2010-4410"],"description" => "Newlines in headers, which could lead to header injection attacks.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-02","references" => ["https://metacpan.org/changes/distribution/CGI-Simple"],"reported" => "2010-12-27"},{"affected_versions" => ["<1.113"],"cves" => [],"description" => "Non-random multipart boundary.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-01","references" => ["https://metacpan.org/changes/distribution/CGI-Simple"],"reported" => "2010-12-27"},{"affected_versions" => ["<=1.112"],"cves" => ["CVE-2010-2761"],"description" => "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.\n","distribution" => "CGI-Simple","fixed_versions" => [">=1.113"],"id" => "CPANSA-CGI-Simple-2010-2761","references" => ["https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380","http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes","http://openwall.com/lists/oss-security/2010/12/01/1","http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html","http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm","http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1","http://openwall.com/lists/oss-security/2010/12/01/2","http://openwall.com/lists/oss-security/2010/12/01/3","https://bugzilla.mozilla.org/show_bug.cgi?id=600464","http://osvdb.org/69588","http://osvdb.org/69589","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:237","http://www.vupen.com/english/advisories/2011/0076","http://www.mandriva.com/security/advisories?name=MDVSA-2010:250","http://secunia.com/advisories/42877","https://bugzilla.mozilla.org/show_bug.cgi?id=591165","http://www.vupen.com/english/advisories/2011/0207","http://www.bugzilla.org/security/3.2.9/","http://secunia.com/advisories/43033","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html","http://secunia.com/advisories/43147","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html","http://www.vupen.com/english/advisories/2011/0249","http://www.vupen.com/english/advisories/2011/0271","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html","http://www.vupen.com/english/advisories/2011/0212","http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html","http://secunia.com/advisories/43165","http://secunia.com/advisories/43068","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2010-12-06","severity" => undef},{"affected_versions" => ["<=1.282"],"cves" => ["CVE-2025-40927"],"description" => "CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting\x{a0}flaw in CGI::Simple\x{a0}that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions.  Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters.    As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks.  The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete.  Impact  By injecting %0A\x{a0}(newline) into a query string parameter, an attacker can:    *  Break the current HTTP header   *  Inject a new header or entire body   *  Deliver a script payload that is reflected in the server\x{2019}s response That can lead to the following attacks:    *  reflected XSS   *  open redirect   *  cache poisoning   *  header manipulation","distribution" => "CGI-Simple","fixed_versions" => [">=1.282"],"id" => "CPANSA-CGI-Simple-2025-40927","references" => ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2320","https://datatracker.ietf.org/doc/html/rfc7230#section-3","https://metacpan.org/release/MANWAR/CGI-Simple-1.281/diff/MANWAR/CGI-Simple-1.282/lib/CGI/Simple.pm","https://metacpan.org/release/MANWAR/CGI-Simple-1.281/source/lib/CGI/Simple.pm#L1031-1035","https://owasp.org/www-community/attacks/HTTP_Response_Splitting","https://rt.perl.org/Public/Bug/Display.html?id=21951"],"reported" => "2025-08-29","severity" => undef}],"main_module" => "CGI::Simple","versions" => [{"date" => "2007-01-09T22:31:27","version" => "0.078"},{"date" => "2007-02-23T16:22:19","version" => "0.079"},{"date" => "2007-03-30T20:15:35","version" => "0.080"},{"date" => "2007-05-20T19:19:40","version" => "0.081"},{"date" => "2007-05-22T18:43:01","version" => "0.082"},{"date" => "2007-05-22T18:54:06","version" => "0.83"},{"date" => "2007-05-24T03:15:01","version" => "1.0"},{"date" => "2007-07-13T18:58:16","version" => "1.1"},{"date" => "2007-07-31T01:57:01","version" => "1.1.1"},{"date" => "2007-07-31T02:04:25","version" => "1.1.2"},{"date" => "2007-07-31T02:10:47","version" => "1.103"},{"date" => "2008-05-13T15:46:18","version" => "1.104"},{"date" => "2008-05-16T14:37:31","version" => "1.105"},{"date" => "2008-09-14T13:29:51","version" => "1.106"},{"date" => "2009-03-07T21:24:59","version" => "1.107"},{"date" => "2009-03-13T14:06:24","version" => "1.108"},{"date" => "2009-04-16T17:54:13","version" => "1.109"},{"date" => "2009-05-24T21:25:22","version" => "1.110"},{"date" => "2009-05-28T18:02:08","version" => "1.111"},{"date" => "2009-05-31T10:43:56","version" => "1.112"},{"date" => "2010-12-27T13:11:56","version" => "1.113"},{"date" => "2014-10-19T12:53:24","version" => "1.115"},{"date" => "2018-03-01T15:09:42","version" => "1.13"},{"date" => "2018-03-03T10:42:06","version" => "1.14"},{"date" => "2018-03-04T03:42:20","version" => "1.15"},{"date" => "2018-07-25T15:17:39","version" => "1.16"},{"date" => "2018-10-02T09:48:08","version" => "1.17"},{"date" => "2018-10-03T14:21:12","version" => "1.18"},{"date" => "2018-10-04T12:05:58","version" => "1.19"},{"date" => "2018-10-05T11:30:05","version" => "1.20"},{"date" => "2018-10-06T07:21:31","version" => "1.21"},{"date" => "2019-09-07T04:28:17","version" => "1.22"},{"date" => "2020-02-06T06:12:09","version" => "1.23"},{"date" => "2020-02-07T11:11:56","version" => "1.24"},{"date" => "2020-02-10T13:00:54","version" => "1.25"},{"date" => "2022-01-02T18:00:56","version" => "1.26"},{"date" => "2022-01-06T16:00:18","version" => "1.27"},{"date" => "2022-01-11T15:16:20","version" => "1.280"},{"date" => "2024-01-31T14:19:02","version" => "1.281"},{"date" => "2025-08-28T19:12:51","version" => "1.282"}]},"CGI-apacheSSI" => {"advisories" => [{"affected_versions" => ["<0.95"],"cves" => [],"description" => "Security and parsing problems with \"include\" calls.\n","distribution" => "CGI-apacheSSI","fixed_versions" => [">=0.95"],"id" => "CPANSA-CGI-apacheSSI-2016-01","references" => ["https://metacpan.org/changes/distribution/CGI-apacheSSI"],"reported" => "2016-01-31"}],"main_module" => "CGI::apacheSSI","versions" => [{"date" => "2014-08-20T22:55:20","version" => "0.93"},{"date" => "2016-01-30T12:57:47","version" => "0.94"},{"date" => "2016-01-31T22:48:55","version" => "0.95"},{"date" => "2016-02-01T00:36:49","version" => "0.96"}]},"CPAN" => {"advisories" => [{"affected_versions" => ["<2.35"],"cves" => ["CVE-2023-31484"],"description" => "The verify_SSL flag is missing from HTTP::Tiny, and allows a network attacker to MITM the connection if it is used by the CPAN client\n","distribution" => "CPAN","fixed_versions" => [">=2.35"],"id" => "CPANSA-CPAN-2023-31484","previous_id" => ["CPANSA-CPAN-2023-01"],"references" => ["https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0","https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://github.com/andk/cpanpm/pull/175","https://www.openwall.com/lists/oss-security/2023/04/18/14"],"reported" => "2023-02-28"},{"affected_versions" => ["<1.93"],"cves" => [],"description" => "Archive::Tar preserves permissions in the tarball; extracted file permissions will be set from users umask instead.\n","distribution" => "CPAN","fixed_versions" => [">=1.93"],"id" => "CPANSA-CPAN-2009-01","references" => ["https://github.com/andk/cpanpm/commit/079fa2e7ee77d626eab8bb06d0465c6a05f6c8b6","https://rt.cpan.org/Ticket/Display.html?id=46384"],"reported" => "2009-09-23"},{"affected_versions" => ["<2.28"],"cves" => ["CVE-2020-16156"],"description" => "CPAN 2.28 allows Signature Verification Bypass.","distribution" => "CPAN","fixed_versions" => [">=2.29"],"id" => "CPANSA-CPAN-2020-16156","references" => ["https://metacpan.org/pod/distribution/CPAN/scripts/cpan","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/"],"reported" => "2021-12-13","severity" => "high"}],"main_module" => "CPAN","versions" => [{"date" => "1996-09-10T17:13:59","version" => "0.17"},{"date" => "1996-09-10T20:51:00","version" => "0.20"},{"date" => "1996-09-12T05:53:35","version" => "0.26"},{"date" => "1996-09-12T14:01:39","version" => "0.27"},{"date" => "1996-09-16T20:18:59","version" => "0.28"},{"date" => "1996-09-17T17:14:51","version" => "0.29"},{"date" => "1996-09-19T05:24:17","version" => "0.30"},{"date" => "1996-09-20T10:40:01","version" => "0.31"},{"date" => "1996-09-22T19:30:33","version" => "0.35"},{"date" => "1996-09-23T12:55:23","version" => "0.36"},{"date" => "1996-09-23T14:05:44","version" => "0.37"},{"date" => "1996-09-27T12:52:07","version" => "0.39"},{"date" => "1996-09-28T20:51:31","version" => "0.40"},{"date" => "1996-10-01T21:14:27","version" => "0.41"},{"date" => "1996-11-17T07:56:02","version" => "0.42"},{"date" => "1996-11-17T14:51:59","version" => "0.43"},{"date" => "1996-11-30T17:04:28","version" => "0.44"},{"date" => "1996-12-01T12:19:19","version" => "0.45"},{"date" => "1996-12-01T18:24:17","version" => "0.46"},{"date" => "1996-12-10T00:58:25","version" => "1.00"},{"date" => "1996-12-10T10:17:15","version" => "1.01"},{"date" => "1996-12-11T01:31:55","version" => "1.02"},{"date" => "1996-12-21T03:10:23","version" => "1.03"},{"date" => "1996-12-21T20:08:49","version" => "1.04"},{"date" => "1996-12-22T13:04:58","version" => "1.05"},{"date" => "1996-12-22T14:16:08","version" => "1.06"},{"date" => "1996-12-23T04:05:01","version" => "1.07"},{"date" => "1996-12-23T13:18:01","version" => "1.08"},{"date" => "1996-12-24T00:46:19","version" => "1.09"},{"date" => "1997-01-17T02:29:49","version" => "1.09_01"},{"date" => "1997-01-21T01:06:40","version" => "1.10"},{"date" => "1997-01-22T18:50:00","version" => "1.11"},{"date" => "1997-01-23T00:07:58","version" => "1.12"},{"date" => "1997-01-24T01:07:44","version" => "1.14"},{"date" => "1997-01-24T12:32:12","version" => "1.15"},{"date" => "1997-02-02T13:51:48","version" => "1.16_01"},{"date" => "1997-02-02T21:05:12","version" => "1.17"},{"date" => "1997-02-03T00:38:36","version" => "1.18"},{"date" => "1997-02-03T09:13:48","version" => "1.19"},{"date" => "1997-02-05T09:38:00","version" => "1.20"},{"date" => "1997-02-11T06:32:42","version" => "1.21"},{"date" => "1997-03-13T23:14:59","version" => "1.22_01"},{"date" => "1997-03-31T12:03:55","version" => "1.23"},{"date" => "1997-03-31T22:47:11","version" => "1.24"},{"date" => "1997-06-30T18:13:23","version" => "1.25"},{"date" => "1997-07-28T13:58:09","version" => "1.27"},{"date" => "1997-08-04T06:09:33","version" => "1.28"},{"date" => "1997-08-11T23:33:58","version" => "1.29"},{"date" => "1997-08-29T14:34:37","version" => "1.30"},{"date" => "1997-09-21T08:53:03","version" => "1.31"},{"date" => "1997-09-23T18:45:50","version" => "1.3101"},{"date" => "1998-01-02T18:22:35","version" => "1.32"},{"date" => "1998-01-10T18:24:23","version" => "1.33"},{"date" => "1998-02-03T18:06:41","version" => "1.35"},{"date" => "1998-02-08T08:55:55","version" => "1.36"},{"date" => "1998-06-12T06:51:25","version" => "1.37"},{"date" => "1998-06-14T20:18:08","version" => "1.38"},{"date" => "1998-07-24T20:13:41","version" => "1.40"},{"date" => "1998-12-01T02:20:32","version" => "1.41"},{"date" => "1998-12-01T07:58:35","version" => "1.42"},{"date" => "1998-12-01T22:16:27","version" => "1.43"},{"date" => "1998-12-03T17:07:54","version" => "1.43"},{"date" => "1999-01-09T18:38:33","version" => "1.44"},{"date" => "1999-01-10T19:38:27","version" => "1.44_51"},{"date" => "1999-01-13T12:15:42","version" => "1.44_52"},{"date" => "1999-01-15T09:26:40","version" => "1.44_53"},{"date" => "1999-01-15T09:27:45","version" => "1.44_54"},{"date" => "1999-01-23T14:56:16","version" => "1.45"},{"date" => "1999-01-25T01:43:42","version" => "1.46"},{"date" => "1999-01-25T13:11:23","version" => "1.47"},{"date" => "1999-03-06T19:34:54","version" => "1.48"},{"date" => "1999-05-22T16:45:00","version" => "1.49"},{"date" => "1999-05-23T14:32:20","version" => "1.50"},{"date" => "1999-10-23T03:06:39","version" => "1.50_01"},{"date" => "1999-12-29T22:30:22","version" => "1.51"},{"date" => "2000-01-08T15:32:55","version" => "1.52"},{"date" => "2000-03-23T23:39:41","version" => "1.53"},{"date" => "2000-03-25T22:51:15","version" => "1.54"},{"date" => "2000-07-30T11:15:04","version" => "1.55"},{"date" => "2000-08-01T20:47:09","version" => "1.56"},{"date" => "2000-08-16T12:54:07","version" => "1.57"},{"date" => "2000-08-21T19:44:18","version" => "1.57_51"},{"date" => "2000-08-27T22:09:36","version" => "1.57_53"},{"date" => "2000-08-30T16:54:50","version" => "1.57_54"},{"date" => "2000-08-31T08:11:01","version" => "1.57_55"},{"date" => "2000-08-31T22:16:21","version" => "1.57_56"},{"date" => "2000-09-01T12:18:43","version" => "1.57_57"},{"date" => "2000-09-03T22:19:20","version" => "1.57_58"},{"date" => "2000-09-05T09:44:05","version" => "1.57_59"},{"date" => "2000-09-05T19:55:34","version" => "1.57_60"},{"date" => "2000-09-06T10:54:07","version" => "1.57_61"},{"date" => "2000-09-08T02:19:06","version" => "1.57_62"},{"date" => "2000-09-10T08:54:37","version" => "1.57_65"},{"date" => "2000-09-12T08:46:40","version" => "1.57_66"},{"date" => "2000-09-17T10:24:31","version" => "1.57_67"},{"date" => "2000-10-08T14:25:04","version" => "1.57_68"},{"date" => "2000-10-18T14:53:45","version" => "1.58"},{"date" => "2000-10-21T14:21:06","version" => "1.58_51"},{"date" => "2000-10-25T07:05:38","version" => "1.58_52"},{"date" => "2000-10-26T11:03:29","version" => "1.58_53"},{"date" => "2000-10-26T15:34:21","version" => "1.58_54"},{"date" => "2000-10-27T07:59:03","version" => "1.58_55"},{"date" => "2000-11-04T09:36:53","version" => "1.58_56"},{"date" => "2000-11-06T19:30:27","version" => "1.58_57"},{"date" => "2000-11-08T08:10:51","version" => "1.58_90"},{"date" => "2000-11-13T10:26:38","version" => "1.58_91"},{"date" => "2000-11-14T18:24:18","version" => "1.58_92"},{"date" => "2000-11-15T07:19:56","version" => "1.58_93"},{"date" => "2000-12-01T06:05:58","version" => "1.59"},{"date" => "2000-12-01T08:19:58","version" => "1.59_51"},{"date" => "2000-12-26T13:54:06","version" => "1.59_52"},{"date" => "2001-01-02T16:37:24","version" => "1.59_53"},{"date" => "2001-02-09T21:44:55","version" => "1.59_54"},{"date" => "2002-04-19T13:29:54","version" => "1.60"},{"date" => "2002-04-20T02:18:41","version" => "1.60"},{"date" => "2002-04-21T11:31:25","version" => "1.60"},{"date" => "2002-05-07T10:38:54","version" => "1.61"},{"date" => "2002-07-28T10:51:47","version" => "1.62"},{"date" => "2002-08-30T08:58:10","version" => "1.63"},{"date" => "2003-02-06T10:04:06","version" => "1.64"},{"date" => "2003-02-08T17:10:13","version" => "1.65"},{"date" => "2003-03-04T19:38:21","version" => "1.70"},{"date" => "2003-04-11T04:33:18","version" => "1.70_52"},{"date" => "2003-04-13T12:43:40","version" => "1.70_53"},{"date" => "2003-05-15T21:04:52","version" => "1.70_54"},{"date" => "2003-07-04T09:48:08","version" => "1.71"},{"date" => "2003-07-27T20:35:05","version" => "1.72"},{"date" => "2003-07-28T08:21:47","version" => "1.73"},{"date" => "2003-07-28T22:58:08","version" => "1.74"},{"date" => "2003-07-29T15:14:13","version" => "1.75"},{"date" => "2003-07-31T15:14:02","version" => "1.76"},{"date" => "2003-09-21T21:25:41","version" => "1.76_01"},{"date" => "2005-09-19T06:37:38","version" => "1.76_51"},{"date" => "2005-09-22T07:02:02","version" => "1.76_52"},{"date" => "2005-09-22T07:09:48","version" => "1.76_53"},{"date" => "2005-10-01T08:23:38","version" => "1.76_54"},{"date" => "2005-10-19T06:10:58","version" => "1.76_55"},{"date" => "2005-10-21T04:59:36","version" => "1.76_56"},{"date" => "2005-10-27T07:08:29","version" => "1.76_57"},{"date" => "2005-11-02T04:03:28","version" => "1.76_58"},{"date" => "2005-11-03T06:37:52","version" => "1.76_59"},{"date" => "2005-11-03T07:38:40","version" => "1.76_60"},{"date" => "2005-11-06T10:36:53","version" => "1.76_61"},{"date" => "2005-11-07T04:22:19","version" => "1.76_62"},{"date" => "2005-11-07T04:47:05","version" => "1.76_63"},{"date" => "2005-11-07T21:58:06","version" => "1.76_64"},{"date" => "2005-11-07T22:18:44","version" => "1.76_65"},{"date" => "2005-12-03T10:12:08","version" => "1.80"},{"date" => "2005-12-18T11:29:26","version" => "1.80_51"},{"date" => "2005-12-21T12:13:15","version" => "1.80_53"},{"date" => "2005-12-22T08:42:59","version" => "1.80_54"},{"date" => "2005-12-24T07:25:34","version" => "1.80_55"},{"date" => "2005-12-24T09:59:47","version" => "1.80_56"},{"date" => "2005-12-31T11:58:10","version" => "1.80_57"},{"date" => "2006-01-01T09:01:43","version" => "1.80_58"},{"date" => "2006-01-02T23:15:15","version" => "1.81"},{"date" => "2006-01-04T07:47:25","version" => "1.82"},{"date" => "2006-01-05T08:03:36","version" => "1.83"},{"date" => "2006-01-08T13:35:16","version" => "1.83_51"},{"date" => "2006-01-10T05:00:26","version" => "1.83_52"},{"date" => "2006-01-12T07:54:36","version" => "1.83_53"},{"date" => "2006-01-13T08:20:42","version" => "1.83_54"},{"date" => "2006-01-14T11:34:47","version" => "1.83_55"},{"date" => "2006-01-18T06:03:44","version" => "1.83_56"},{"date" => "2006-01-19T08:00:02","version" => "1.83_57"},{"date" => "2006-01-22T12:05:01","version" => "1.83_58"},{"date" => "2006-01-25T13:10:20","version" => "1.83_59"},{"date" => "2006-01-30T10:35:47","version" => "1.83_60"},{"date" => "2006-01-30T23:18:09","version" => "1.83_61"},{"date" => "2006-01-31T10:28:57","version" => "1.83_62"},{"date" => "2006-02-01T07:49:36","version" => "1.83_63"},{"date" => "2006-02-02T09:17:39","version" => "1.83_64"},{"date" => "2006-02-04T11:20:05","version" => "1.83_65"},{"date" => "2006-02-04T17:05:00","version" => "1.83_66"},{"date" => "2006-02-06T00:46:27","version" => "1.83_67"},{"date" => "2006-02-08T07:43:36","version" => "1.83_68"},{"date" => "2006-02-14T08:17:55","version" => "1.83_69"},{"date" => "2006-02-15T07:01:02","version" => "1.84"},{"date" => "2006-02-19T17:05:36","version" => "1.85"},{"date" => "2006-02-20T08:36:51","version" => "1.86"},{"date" => "2006-02-21T06:05:05","version" => "1.86_51"},{"date" => "2006-02-22T22:29:54","version" => "1.86_52"},{"date" => "2006-02-24T08:24:09","version" => "1.86_53"},{"date" => "2006-02-27T07:01:10","version" => "1.87"},{"date" => "2006-03-06T08:02:28","version" => "1.87_51"},{"date" => "2006-07-21T22:33:11","version" => "1.87_52"},{"date" => "2006-07-22T18:55:13","version" => "1.87_53"},{"date" => "2006-07-23T21:37:11","version" => "1.87_54"},{"date" => "2006-07-29T19:36:50","version" => "1.87_55"},{"date" => "2006-08-24T05:57:41","version" => "1.87_56"},{"date" => "2006-08-26T17:05:56","version" => "1.87_57"},{"date" => "2006-08-31T06:50:49","version" => "1.87_58"},{"date" => "2006-09-03T21:05:29","version" => "1.87_59"},{"date" => "2006-09-10T11:57:33","version" => "1.87_61"},{"date" => "2006-09-11T21:24:18","version" => "1.87_62"},{"date" => "2006-09-13T05:44:15","version" => "1.87_63"},{"date" => "2006-09-16T11:02:25","version" => "1.87_64"},{"date" => "2006-09-19T03:44:51","version" => "1.87_65"},{"date" => "2006-09-21T20:30:41","version" => "1.88"},{"date" => "2006-09-22T20:40:40","version" => "1.8801"},{"date" => "2006-09-30T10:41:20","version" => "1.88_51"},{"date" => "2006-10-03T09:51:49","version" => "1.88_52"},{"date" => "2006-10-09T19:31:56","version" => "1.88_53"},{"date" => "2006-10-14T09:37:15","version" => "1.88_54"},{"date" => "2006-10-16T06:59:27","version" => "1.88_55"},{"date" => "2006-10-22T10:34:16","version" => "1.88_56"},{"date" => "2006-10-23T07:17:30","version" => "1.8802"},{"date" => "2006-10-24T07:18:16","version" => "1.88_57"},{"date" => "2006-10-28T15:00:07","version" => "1.88_58"},{"date" => "2006-11-05T21:24:52","version" => "1.88_59"},{"date" => "2006-11-10T08:39:55","version" => "1.88_61"},{"date" => "2006-11-13T07:44:27","version" => "1.88_62"},{"date" => "2006-11-29T08:11:50","version" => "1.88_63"},{"date" => "2006-12-04T07:53:37","version" => "1.88_64"},{"date" => "2006-12-11T21:36:04","version" => "1.88_65"},{"date" => "2006-12-19T08:21:17","version" => "1.88_66"},{"date" => "2006-12-31T17:18:53","version" => "1.88_67"},{"date" => "2007-01-07T21:22:12","version" => "1.88_68"},{"date" => "2007-01-08T03:42:56","version" => "1.88_69"},{"date" => "2007-01-27T16:57:49","version" => "1.88_71"},{"date" => "2007-01-31T07:11:33","version" => "1.88_72"},{"date" => "2007-02-13T05:24:13","version" => "1.88_73"},{"date" => "2007-02-15T07:12:17","version" => "1.88_74"},{"date" => "2007-02-18T16:52:49","version" => "1.88_75"},{"date" => "2007-02-19T06:20:20","version" => "1.88_76"},{"date" => "2007-02-19T21:26:47","version" => "1.88_77"},{"date" => "2007-03-05T23:26:57","version" => "1.88_78"},{"date" => "2007-03-16T01:54:55","version" => "1.88_79"},{"date" => "2007-04-07T07:41:18","version" => "1.90"},{"date" => "2007-04-19T07:03:03","version" => "1.91"},{"date" => "2007-04-23T00:09:11","version" => "1.9101"},{"date" => "2007-05-08T20:35:04","version" => "1.9102"},{"date" => "2007-07-07T16:15:40","version" => "1.91_51"},{"date" => "2007-07-14T18:45:58","version" => "1.91_52"},{"date" => "2007-08-09T06:49:38","version" => "1.91_53"},{"date" => "2007-09-14T21:18:33","version" => "1.91_54"},{"date" => "2007-09-15T07:14:26","version" => "1.91_55"},{"date" => "2007-09-23T11:15:08","version" => "1.92"},{"date" => "2007-09-27T07:11:10","version" => "1.9201"},{"date" => "2007-09-28T06:58:04","version" => "1.9202"},{"date" => "2007-09-28T07:13:26","version" => "1.9203"},{"date" => "2007-11-04T23:04:18","version" => "1.92_51"},{"date" => "2007-11-05T23:30:06","version" => "1.9204"},{"date" => "2007-11-11T11:27:20","version" => "1.92_52"},{"date" => "2007-11-11T18:49:37","version" => "1.9205"},{"date" => "2007-12-09T23:27:18","version" => "1.92_53"},{"date" => "2007-12-27T04:57:34","version" => "1.92_54"},{"date" => "2007-12-30T15:24:13","version" => "1.92_55"},{"date" => "2008-02-04T21:56:28","version" => "1.92_56"},{"date" => "2008-02-27T05:13:49","version" => "1.92_57"},{"date" => "2008-03-12T07:56:18","version" => "1.92_58"},{"date" => "2008-03-16T18:57:04","version" => "1.92_59"},{"date" => "2008-03-26T07:53:08","version" => "1.92_60"},{"date" => "2008-04-25T04:47:52","version" => "1.92_61"},{"date" => "2008-05-23T04:07:04","version" => "1.92_62"},{"date" => "2008-06-19T06:42:18","version" => "1.92_63"},{"date" => "2008-09-03T05:27:35","version" => "1.92_64"},{"date" => "2008-09-14T09:54:03","version" => "1.92_65"},{"date" => "2008-09-29T23:15:10","version" => "1.92_66"},{"date" => "2008-10-12T16:07:51","version" => "1.93"},{"date" => "2008-10-13T19:37:43","version" => "1.9301"},{"date" => "2009-01-11T22:07:01","version" => "1.93_02"},{"date" => "2009-02-01T12:38:23","version" => "1.93_03"},{"date" => "2009-02-01T21:06:21","version" => "1.93_51"},{"date" => "2009-02-28T15:58:39","version" => "1.9304"},{"date" => "2009-04-13T19:24:43","version" => "1.93_52"},{"date" => "2009-05-04T06:11:28","version" => "1.93_53"},{"date" => "2009-05-07T20:13:16","version" => "1.93_54"},{"date" => "2009-05-24T05:37:28","version" => "1.94"},{"date" => "2009-06-14T19:53:52","version" => "1.94_01"},{"date" => "2009-06-27T02:55:22","version" => "1.9402"},{"date" => "2009-09-14T02:47:24","version" => "1.94_51"},{"date" => "2009-10-15T19:33:19","version" => "1.94_52"},{"date" => "2009-12-18T07:00:09","version" => "1.94_53"},{"date" => "2010-01-14T08:01:42","version" => "1.94_54"},{"date" => "2010-02-03T03:43:49","version" => "1.94_55"},{"date" => "2010-02-17T13:39:33","version" => "1.94_56"},{"date" => "2010-05-24T19:33:41","version" => "1.94_57"},{"date" => "2010-06-24T06:34:13","version" => "1.94_58"},{"date" => "2010-09-26T20:23:30","version" => "1.94_59"},{"date" => "2010-09-28T20:44:58","version" => "1.94_60"},{"date" => "2010-10-03T17:29:37","version" => "1.94_61"},{"date" => "2010-10-26T06:43:51","version" => "1.94_62"},{"date" => "2011-01-16T17:58:10","version" => "1.94_63"},{"date" => "2011-01-21T04:58:35","version" => "1.94_64"},{"date" => "2011-02-14T12:10:12","version" => "1.94_65"},{"date" => "2011-03-12T11:30:03","version" => "1.9600"},{"date" => "2011-06-27T06:56:01","version" => "1.97_51"},{"date" => "2011-08-07T09:40:33","version" => "1.9800"},{"date" => "2012-10-16T21:42:49","version" => "1.99_51"},{"date" => "2013-02-06T07:41:54","version" => "2.00-TRIAL"},{"date" => "2013-04-12T16:57:44","version" => "2.00"},{"date" => "2013-06-22T20:27:32","version" => "2.01-TRIAL"},{"date" => "2013-06-23T07:33:40","version" => "2.02-TRIAL"},{"date" => "2013-09-15T09:42:33","version" => "2.03-TRIAL"},{"date" => "2014-03-18T22:33:22","version" => "2.04-TRIAL"},{"date" => "2014-03-31T20:55:24","version" => "2.05-TRIAL"},{"date" => "2014-04-04T02:07:20","version" => "2.05-TRIAL2"},{"date" => "2014-04-18T13:35:51","version" => "2.05"},{"date" => "2014-08-06T19:32:53","version" => "2.06-TRIAL"},{"date" => "2015-01-04T18:54:54","version" => "2.06-TRIAL"},{"date" => "2015-01-05T06:31:55","version" => "2.08-TRIAL"},{"date" => "2015-02-02T04:41:02","version" => "2.09-TRIAL"},{"date" => "2015-02-22T15:57:42","version" => "2.10-TRIAL"},{"date" => "2015-03-13T07:45:04","version" => "2.10"},{"date" => "2015-12-31T11:00:08","version" => "2.12-TRIAL"},{"date" => "2016-05-16T09:56:01","version" => "2.13-TRIAL"},{"date" => "2016-06-04T14:41:28","version" => "2.14-TRIAL"},{"date" => "2016-06-25T04:32:45","version" => "2.14"},{"date" => "2016-07-17T12:10:30","version" => "2.15-TRIAL"},{"date" => "2017-01-16T16:20:27","version" => "2.16-TRIAL"},{"date" => "2017-01-16T21:27:06","version" => "2.16-TRIAL2"},{"date" => "2017-02-14T16:22:20","version" => "2.16"},{"date" => "2017-02-15T09:37:10","version" => "2.17-TRIAL"},{"date" => "2017-02-16T09:48:46","version" => "2.17-TRIAL2"},{"date" => "2017-03-30T21:38:23","version" => "2.18-TRIAL"},{"date" => "2017-11-04T23:27:47","version" => "2.19-TRIAL"},{"date" => "2017-11-26T22:10:39","version" => "2.20-TRIAL"},{"date" => "2018-09-22T20:46:35","version" => "2.21-TRIAL"},{"date" => "2018-12-16T10:35:04","version" => "2.22-TRIAL"},{"date" => "2018-12-23T09:11:29","version" => "2.22"},{"date" => "2019-02-10T20:28:53","version" => "2.23-TRIAL"},{"date" => "2019-02-14T21:21:03","version" => "2.24-TRIAL"},{"date" => "2019-02-16T05:56:23","version" => "2.25-TRIAL"},{"date" => "2019-03-03T06:27:10","version" => "2.25"},{"date" => "2019-03-19T00:04:34","version" => "2.26"},{"date" => "2019-05-31T21:11:50","version" => "2.27-TRIAL"},{"date" => "2019-06-09T05:48:20","version" => "2.27-TRIAL2"},{"date" => "2019-07-03T20:15:40","version" => "2.27"},{"date" => "2020-04-03T02:52:43","version" => "2.28-TRIAL"},{"date" => "2020-06-13T04:57:39","version" => "2.28"},{"date" => "2021-11-23T16:58:45","version" => "2.29"},{"date" => "2021-12-12T09:16:03","version" => "2.30-TRIAL"},{"date" => "2021-12-14T20:52:30","version" => "2.31-TRIAL"},{"date" => "2021-12-26T21:35:55","version" => "2.32-TRIAL"},{"date" => "2022-01-21T04:09:07","version" => "2.33-TRIAL"},{"date" => "2022-03-27T17:53:47","version" => "2.33"},{"date" => "2022-04-03T19:19:13","version" => "2.34-TRIAL"},{"date" => "2022-04-17T17:40:25","version" => "2.34"},{"date" => "2023-04-15T14:44:27","version" => "2.35-TRIAL"},{"date" => "2023-04-27T13:05:07","version" => "2.35"},{"date" => "2023-05-10T07:08:30","version" => "2.36-TRIAL"},{"date" => "2023-05-14T19:36:11","version" => "2.36"},{"date" => "2024-08-18T17:03:50","version" => "2.37-TRIAL"},{"date" => "2024-08-30T17:18:31","version" => "2.37"},{"date" => "2024-10-03T10:21:39","version" => "2.38-TRIAL"},{"date" => "2024-10-13T11:32:53","version" => "2.38-TRIAL2"},{"date" => "2024-11-17T19:52:34","version" => "2.38"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.2401"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "1.3901"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.59_56"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.76_02"},{"date" => "2009-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011003","version" => "1.94_5301"},{"date" => "2011-09-26T00:00:00","dual_lived" => 1,"perl_release" => "5.014002","version" => "1.9600_01"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.03"},{"date" => "2014-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.01901","version" => "2.04"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "2.11"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.11_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "2.14_01"},{"date" => "2017-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02501","version" => "2.17"},{"date" => "2017-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025012","version" => "2.18"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "2.20"},{"date" => "2018-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029004","version" => "2.21"}]},"CPAN-Checksums" => {"advisories" => [{"affected_versions" => ["<=2.12"],"cves" => ["CVE-2020-16155"],"description" => "The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.\n","distribution" => "CPAN-Checksums","fixed_versions" => [">=2.13"],"id" => "CPANSA-CPAN-Checksums-2020-16155","references" => ["https://metacpan.org/pod/CPAN::Checksums","https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/"],"reported" => "2021-12-13","severity" => "medium"}],"main_module" => "CPAN::Checksums","versions" => [{"date" => "2000-12-10T09:31:19","version" => "1.003"},{"date" => "2000-12-11T08:49:05","version" => "1.004"},{"date" => "2000-12-11T10:20:16","version" => "1.006"},{"date" => "2000-12-11T13:38:18","version" => "1.007"},{"date" => "2000-12-13T11:24:09","version" => "1.008"},{"date" => "2002-03-31T20:27:49","version" => "1.009"},{"date" => "2002-10-06T17:22:35","version" => "1.0"},{"date" => "2002-10-07T08:56:12","version" => "1.011"},{"date" => "2003-02-02T10:26:00","version" => "1.014"},{"date" => "2003-02-03T15:44:57","version" => "1.015"},{"date" => "2003-02-03T19:21:46","version" => "1.016"},{"date" => "2005-01-24T07:59:41","version" => "1.018"},{"date" => "2005-10-31T07:27:02","version" => "1.032"},{"date" => "2005-11-11T07:16:04","version" => "1.039"},{"date" => "2006-05-01T13:34:41","version" => "1.048"},{"date" => "2006-05-09T03:30:39","version" => "1.050"},{"date" => "2007-08-05T12:10:58","version" => "1.061"},{"date" => "2007-10-09T03:09:45","version" => "1.064"},{"date" => "2008-05-17T05:26:24","version" => "2.00"},{"date" => "2008-09-03T19:33:28","version" => "2.01"},{"date" => "2008-10-31T06:54:59","version" => "2.02"},{"date" => "2009-09-20T01:50:36","version" => "2.03"},{"date" => "2009-09-28T04:10:09","version" => "2.04"},{"date" => "2010-01-23T05:39:17","version" => "2.05"},{"date" => "2010-10-24T12:13:44","version" => "2.06"},{"date" => "2010-11-20T22:18:39","version" => "2.07"},{"date" => "2011-08-30T06:32:02","version" => "2.08"},{"date" => "2014-04-04T04:06:11","version" => "2.09"},{"date" => "2015-04-11T05:48:38","version" => "2.10"},{"date" => "2016-04-09T05:42:27","version" => "2.11"},{"date" => "2016-06-14T02:42:03","version" => "2.12"},{"date" => "2021-11-23T16:57:18","version" => "2.13"},{"date" => "2021-12-04T10:00:42","version" => "2.14"}]},"Capture-Tiny" => {"advisories" => [{"affected_versions" => ["<0.24"],"cves" => ["CVE-2014-1875"],"description" => "The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.\n","distribution" => "Capture-Tiny","fixed_versions" => [">=0.24"],"id" => "CPANSA-Capture-Tiny-2014-1875","references" => ["http://osvdb.org/102963","https://bugzilla.redhat.com/show_bug.cgi?id=1062424","http://www.securityfocus.com/bid/65475","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737835","https://github.com/dagolden/Capture-Tiny/issues/16","http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128882.html","https://github.com/dagolden/Capture-Tiny/commit/635c9eabd52ab8042b0c841823bd6e692de87924","http://cpansearch.perl.org/src/DAGOLDEN/Capture-Tiny-0.24/Changes","http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128823.html","http://seclists.org/oss-sec/2014/q1/272","http://seclists.org/oss-sec/2014/q1/267","http://secunia.com/advisories/56823","https://exchange.xforce.ibmcloud.com/vulnerabilities/91464"],"reported" => "2014-10-06","severity" => undef}],"main_module" => "Capture::Tiny","versions" => [{"date" => "2009-02-14T04:25:26","version" => "0.01"},{"date" => "2009-02-17T22:26:18","version" => "0.02"},{"date" => "2009-02-20T18:09:46","version" => "0.03"},{"date" => "2009-02-25T14:29:32","version" => "0.04"},{"date" => "2009-03-03T11:58:12","version" => "0.05"},{"date" => "2009-04-21T11:07:47","version" => "0.05_51"},{"date" => "2009-05-07T10:57:33","version" => "0.06"},{"date" => "2010-01-24T05:21:56","version" => "0.07"},{"date" => "2010-06-20T23:17:16","version" => "0.08"},{"date" => "2011-01-28T04:53:00","version" => "0.09"},{"date" => "2011-02-07T12:02:15","version" => "0.10"},{"date" => "2011-05-20T03:35:28","version" => "0.11"},{"date" => "2011-12-01T22:00:04","version" => "0.12"},{"date" => "2011-12-02T18:40:05","version" => "0.13"},{"date" => "2011-12-22T15:16:31","version" => "0.14"},{"date" => "2011-12-23T16:12:30","version" => "0.15"},{"date" => "2012-02-13T02:06:15","version" => "0.16"},{"date" => "2012-02-22T13:09:42","version" => "0.17"},{"date" => "2012-03-07T23:25:31","version" => "0.17_51"},{"date" => "2012-03-09T16:46:53","version" => "0.17_52"},{"date" => "2012-05-04T20:33:43","version" => "0.18"},{"date" => "2012-08-07T00:28:08","version" => "0.19"},{"date" => "2012-09-19T17:22:24","version" => "0.20"},{"date" => "2012-11-15T00:13:08","version" => "0.21"},{"date" => "2013-03-27T19:52:10","version" => "0.22"},{"date" => "2013-10-20T15:28:15","version" => "0.23"},{"date" => "2014-02-06T22:18:06","version" => "0.24"},{"date" => "2014-08-16T14:09:48","version" => "0.25"},{"date" => "2014-11-04T11:57:19","version" => "0.26"},{"date" => "2014-11-05T04:12:33","version" => "0.27"},{"date" => "2015-02-11T11:41:44","version" => "0.28"},{"date" => "2015-04-19T16:44:50","version" => "0.29"},{"date" => "2015-05-16T00:45:01","version" => "0.30"},{"date" => "2016-02-14T14:39:55","version" => "0.31"},{"date" => "2016-02-18T15:14:06","version" => "0.32"},{"date" => "2016-02-19T04:29:41","version" => "0.34"},{"date" => "2016-02-29T02:38:12","version" => "0.36"},{"date" => "2016-05-02T11:09:27","version" => "0.37"},{"date" => "2016-05-02T14:24:23","version" => "0.39"},{"date" => "2016-05-23T15:45:16","version" => "0.40"},{"date" => "2016-05-23T16:01:05","version" => "0.41"},{"date" => "2016-05-31T16:41:30","version" => "0.42"},{"date" => "2016-08-05T18:02:43","version" => "0.44"},{"date" => "2017-02-23T18:32:44","version" => "0.45"},{"date" => "2017-02-25T19:26:54","version" => "0.46"},{"date" => "2017-07-26T14:36:03","version" => "0.47"},{"date" => "2018-04-22T07:09:08","version" => "0.48"},{"date" => "2024-12-16T13:11:27","version" => "0.49"},{"date" => "2024-12-19T13:16:05","version" => "0.50"}]},"Catalyst-Action-REST" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "YAML and YAML::HTML parsers are a potential security hole, as they may allow arbitrary Perl objects to be instantiated.\n","distribution" => "Catalyst-Action-REST","fixed_versions" => [">=1.12"],"id" => "CPANSA-Catalyst-Action-REST-2013-01","references" => ["https://metacpan.org/dist/Catalyst-Action-REST/changes"],"reported" => "2013-09-03","severity" => undef}],"main_module" => "Catalyst::Action::REST","versions" => [{"date" => "2006-11-20T03:15:08","version" => "0.1"},{"date" => "2006-12-01T01:42:22","version" => "0.2"},{"date" => "2006-12-04T00:22:45","version" => "0.30"},{"date" => "2006-12-06T08:48:49","version" => "0.31"},{"date" => "2007-03-10T00:44:35","version" => "0.40"},{"date" => "2007-05-24T21:09:40","version" => "0.41"},{"date" => "2007-07-07T19:33:22","version" => "0.50"},{"date" => "2008-01-04T01:33:04","version" => "0.60"},{"date" => "2008-06-30T19:30:56","version" => "0.61"},{"date" => "2008-07-02T15:25:10","version" => "0.62"},{"date" => "2008-08-07T17:14:34","version" => "0.63"},{"date" => "2008-08-14T16:09:53","version" => "0.64"},{"date" => "2008-08-20T17:45:46","version" => "0.65"},{"date" => "2008-08-22T18:24:57","version" => "0.66"},{"date" => "2009-03-25T16:38:07","version" => "0.67_01"},{"date" => "2009-03-26T05:04:33","version" => "0.67"},{"date" => "2009-03-26T05:37:53","version" => "0.68"},{"date" => "2009-03-26T21:19:43","version" => "0.69"},{"date" => "2009-03-28T06:23:19","version" => "0.70"},{"date" => "2009-03-28T16:19:10","version" => "0.71"},{"date" => "2009-06-25T18:56:47","version" => "0.72"},{"date" => "2009-06-28T00:22:51","version" => "0.73"},{"date" => "2009-07-22T23:12:44","version" => "0.74"},{"date" => "2009-08-17T13:11:15","version" => "0.75"},{"date" => "2009-08-21T20:42:44","version" => "0.76"},{"date" => "2009-08-27T01:26:49","version" => "0.77"},{"date" => "2009-09-28T14:05:11","version" => "0.78"},{"date" => "2009-12-11T01:11:49","version" => "0.79"},{"date" => "2009-12-19T14:59:13","version" => "0.80"},{"date" => "2010-01-14T20:56:56","version" => "0.81"},{"date" => "2010-02-04T22:35:05","version" => "0.82"},{"date" => "2010-02-08T22:24:29","version" => "0.83"},{"date" => "2010-05-06T08:34:09","version" => "0.84"},{"date" => "2010-05-13T08:15:30","version" => "0.85"},{"date" => "2010-09-01T22:17:14","version" => "0.86"},{"date" => "2010-11-03T19:48:23","version" => "0.87"},{"date" => "2011-01-11T23:12:42","version" => "0.88"},{"date" => "2011-01-24T21:59:02","version" => "0.89"},{"date" => "2011-02-25T13:58:06","version" => "0.90"},{"date" => "2011-08-04T12:46:05","version" => "0.91"},{"date" => "2011-10-01T10:11:59","version" => "0.91"},{"date" => "2011-10-12T18:35:31","version" => "0.93"},{"date" => "2011-12-09T08:51:25","version" => "0.94"},{"date" => "2012-01-04T19:54:14","version" => "0.95"},{"date" => "2012-01-30T11:32:44","version" => "0.96"},{"date" => "2012-02-21T10:06:13","version" => "0.97"},{"date" => "2012-02-21T11:44:32","version" => "0.98"},{"date" => "2012-02-28T09:14:17","version" => "0.99"},{"date" => "2012-04-13T08:37:31","version" => "1.00"},{"date" => "2012-05-29T20:02:44","version" => "1.01"},{"date" => "2012-06-05T21:45:05","version" => "1.02"},{"date" => "2012-06-27T23:52:31","version" => "1.03"},{"date" => "2012-06-30T09:32:24","version" => "1.04"},{"date" => "2012-07-02T19:16:30","version" => "1.05"},{"date" => "2012-12-11T22:13:48","version" => "1.06"},{"date" => "2013-04-11T19:25:51","version" => "1.07"},{"date" => "2013-04-16T07:36:02","version" => "1.08"},{"date" => "2013-04-19T12:43:57","version" => "1.09"},{"date" => "2013-04-22T13:43:09","version" => "1.10"},{"date" => "2013-06-16T14:28:48","version" => "1.11"},{"date" => "2013-09-11T17:50:54","version" => "1.12"},{"date" => "2013-11-08T15:49:54","version" => "1.13"},{"date" => "2013-12-27T21:33:09","version" => "1.14"},{"date" => "2014-05-07T14:04:03","version" => "1.15"},{"date" => "2014-09-12T18:22:35","version" => "1.16"},{"date" => "2014-10-24T00:59:39","version" => "1.17"},{"date" => "2015-01-20T18:22:02","version" => "1.18"},{"date" => "2015-02-06T15:40:56","version" => "1.19"},{"date" => "2015-10-29T20:34:02","version" => "1.20"},{"date" => "2017-12-05T15:16:47","version" => "1.21"}]},"Catalyst-Authentication-Credential-HTTP" => {"advisories" => [{"affected_versions" => ["<=1.018"],"cves" => ["CVE-2025-40920"],"description" => "Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.   *  Data::UUID does not use a strong cryptographic source for generating UUIDs.   *  Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.   *  The nonces should be generated from a strong cryptographic source, as per RFC 7616.","distribution" => "Catalyst-Authentication-Credential-HTTP","fixed_versions" => [">=1.019"],"id" => "CPANSA-Catalyst-Authentication-Credential-HTTP-2025-40920","references" => ["https://datatracker.ietf.org/doc/html/rfc7616#section-5.12","https://datatracker.ietf.org/doc/html/rfc9562#name-security-considerations","https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1","https://metacpan.org/release/ETHER/Catalyst-Authentication-Credential-HTTP-1.018/source/lib/Catalyst/Authentication/Credential/HTTP.pm#L391","https://security.metacpan.org/patches/C/Catalyst-Authentication-Credential-HTTP/1.018/CVE-2025-40920-r1.patch"],"reported" => "2025-08-11","severity" => undef}],"main_module" => "Catalyst::Authentication::Credential::HTTP","versions" => [{"date" => "2008-09-01T13:41:15","version" => "1.000"},{"date" => "2008-09-02T18:15:58","version" => "1.001"},{"date" => "2008-09-03T00:16:26","version" => "1.002"},{"date" => "2008-09-11T14:35:17","version" => "1.003"},{"date" => "2008-09-11T18:06:53","version" => "0.12"},{"date" => "2008-09-12T18:21:26","version" => "1.004"},{"date" => "2008-09-25T22:13:58","version" => "1.005"},{"date" => "2008-10-06T18:56:06","version" => "1.006"},{"date" => "2008-11-19T09:41:15","version" => "1.007"},{"date" => "2008-12-10T23:58:04","version" => "1.008"},{"date" => "2009-01-04T21:37:39","version" => "1.009"},{"date" => "2009-05-14T08:34:09","version" => "1.010"},{"date" => "2009-06-27T04:00:10","version" => "1.011"},{"date" => "2010-03-07T21:07:20","version" => "1.012"},{"date" => "2010-12-14T22:03:35","version" => "1.013"},{"date" => "2012-02-05T18:51:03","version" => "1.014"},{"date" => "2012-06-27T18:43:56","version" => "1.015"},{"date" => "2013-07-27T20:38:37","version" => "1.016"},{"date" => "2017-06-27T23:22:26","version" => "1.017"},{"date" => "2017-06-28T00:29:58","version" => "1.018"},{"date" => "2025-08-20T17:38:38","version" => "1.019"}]},"Catalyst-Authentication-Store-LDAP" => {"advisories" => [{"affected_versions" => ["<1.013"],"cves" => [],"description" => "Incorrect password check binds to the unauthenticated user.\n","distribution" => "Catalyst-Authentication-Store-LDAP","fixed_versions" => [">=1.013"],"id" => "CPANSA-Catalyst-Authentication-Store-LDAP-2012-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=81908"],"reported" => "2012-12-11","severity" => "high"}],"main_module" => "Catalyst::Authentication::Store::LDAP","versions" => [{"date" => "2008-02-05T18:18:24","version" => "0.1000"},{"date" => "2008-04-10T02:06:58","version" => "0.1001"},{"date" => "2008-07-09T20:45:43","version" => "0.1002"},{"date" => "2008-09-10T13:21:33","version" => "0.1003"},{"date" => "2008-10-22T01:57:27","version" => "0.1003"},{"date" => "2009-05-01T02:34:18","version" => "0.1005"},{"date" => "2009-12-11T18:54:26","version" => "1.006"},{"date" => "2010-03-19T10:07:13","version" => "1.007"},{"date" => "2010-04-03T03:04:13","version" => "1.008"},{"date" => "2010-05-15T07:14:41","version" => "1.009"},{"date" => "2010-07-06T21:39:55","version" => "1.010"},{"date" => "2010-07-07T20:41:22","version" => "1.011"},{"date" => "2010-10-05T08:11:56","version" => "1.012"},{"date" => "2013-01-09T14:58:46","version" => "1.013"},{"date" => "2013-04-26T19:51:28","version" => "1.014"},{"date" => "2015-02-20T18:07:31","version" => "1.015"},{"date" => "2016-02-11T17:50:52","version" => "1.016"},{"date" => "2021-05-26T09:59:28","version" => "1.017"}]},"Catalyst-Controller-Combine" => {"advisories" => [{"affected_versions" => ["<0.12"],"cves" => [],"description" => "Allows to use url-encoded path-parts to crawl along the file system and read files outside the intended directory.\n","distribution" => "Catalyst-Controller-Combine","fixed_versions" => [">=0.12"],"id" => "CPANSA-Catalyst-Controller-Combine-2010-01","references" => ["https://metacpan.org/changes/distribution/Catalyst-Controller-Combine"],"reported" => "2010-05-21"}],"main_module" => "Catalyst::Controller::Combine","versions" => [{"date" => "2009-07-11T17:58:25","version" => "0.06"},{"date" => "2009-07-13T06:49:00","version" => "0.07"},{"date" => "2009-10-24T12:48:21","version" => "0.08"},{"date" => "2010-03-13T19:31:13","version" => "0.09"},{"date" => "2010-03-27T18:44:05","version" => "0.10"},{"date" => "2010-06-21T20:47:02","version" => "0.12"},{"date" => "2011-07-28T19:53:12","version" => "0.13"},{"date" => "2012-02-20T20:59:00","version" => "0.14"},{"date" => "2012-05-04T10:43:12","version" => "0.15"}]},"Catalyst-Plugin-Session" => {"advisories" => [{"affected_versions" => ["<0.44"],"cves" => ["CVE-2025-40924"],"description" => "Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.  The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Catalyst-Plugin-Session","fixed_versions" => [">=0.44"],"id" => "CPANSA-Catalyst-Plugin-Session-2025-40924","references" => ["https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/c0e2b4ab1e42ebce1008286db8c571b6ee98c22c.patch","https://github.com/perl-catalyst/Catalyst-Plugin-Session/pull/5","https://metacpan.org/release/HAARG/Catalyst-Plugin-Session-0.43/source/lib/Catalyst/Plugin/Session.pm#L632"],"reported" => "2025-07-17","severity" => undef}],"main_module" => "Catalyst::Plugin::Session","versions" => [{"date" => "2005-11-14T20:45:06","version" => "0.01"},{"date" => "2005-11-23T12:29:16","version" => "0.02"},{"date" => "2005-12-26T08:24:04","version" => "0.03"},{"date" => "2005-12-28T11:51:50","version" => "0.04"},{"date" => "2006-01-01T10:45:07","version" => "0.05"},{"date" => "2006-07-29T16:35:24","version" => "0.06"},{"date" => "2006-07-31T11:24:16","version" => "0.07"},{"date" => "2006-07-31T12:11:58","version" => "0.08"},{"date" => "2006-07-31T18:24:07","version" => "0.09"},{"date" => "2006-08-01T08:08:13","version" => "0.10"},{"date" => "2006-08-10T15:03:04","version" => "0.11"},{"date" => "2006-08-26T17:55:09","version" => "0.12"},{"date" => "2006-10-12T19:54:32","version" => "0.13"},{"date" => "2007-01-31T11:24:20","version" => "0.14"},{"date" => "2007-06-24T15:17:44","version" => "0.15"},{"date" => "2007-07-03T14:40:50","version" => "0.16"},{"date" => "2007-07-16T10:20:50","version" => "0.17"},{"date" => "2007-08-15T18:06:22","version" => "0.18"},{"date" => "2007-10-08T18:18:10","version" => "0.19"},{"date" => "2009-01-09T02:13:40","version" => "0.19_01"},{"date" => "2009-02-05T14:50:15","version" => "0.20"},{"date" => "2009-04-30T20:54:07","version" => "0.21"},{"date" => "2009-05-13T21:00:18","version" => "0.22"},{"date" => "2009-06-16T19:43:53","version" => "0.23"},{"date" => "2009-06-23T08:20:00","version" => "0.24"},{"date" => "2009-07-08T21:54:31","version" => "0.25"},{"date" => "2009-08-19T21:23:25","version" => "0.26"},{"date" => "2009-10-06T08:45:28","version" => "0.26_01"},{"date" => "2009-10-08T21:38:42","version" => "0.27"},{"date" => "2009-10-29T09:59:18","version" => "0.28"},{"date" => "2009-11-04T23:43:22","version" => "0.29"},{"date" => "2010-06-24T12:54:05","version" => "0.30"},{"date" => "2010-10-08T14:39:33","version" => "0.31"},{"date" => "2011-06-08T12:05:42","version" => "0.32"},{"date" => "2012-03-26T10:03:59","version" => "0.33"},{"date" => "2012-04-02T14:51:39","version" => "0.34"},{"date" => "2012-04-24T08:24:54","version" => "0.35"},{"date" => "2012-10-19T22:40:25","version" => "0.36"},{"date" => "2013-02-25T14:04:31","version" => "0.37"},{"date" => "2013-09-18T14:03:08","version" => "0.38"},{"date" => "2013-10-16T15:09:02","version" => "0.39"},{"date" => "2015-01-27T01:20:24","version" => "0.40"},{"date" => "2018-12-06T02:31:20","version" => "0.41"},{"date" => "2022-05-31T00:20:53","version" => "0.42"},{"date" => "2022-06-03T14:15:38","version" => "0.43"},{"date" => "2025-07-16T14:18:57","version" => "0.44"}]},"Catalyst-Plugin-Static" => {"advisories" => [{"affected_versions" => ["<0.10"],"cves" => [],"description" => "Serving files outside of \$config->{root} directory.\n","distribution" => "Catalyst-Plugin-Static","fixed_versions" => [">=0.10"],"id" => "CPANSA-Catalyst-Plugin-Static-2005-01","reported" => "2005-11-14"}],"main_module" => "Catalyst::Plugin::Static","versions" => [{"date" => "2005-01-29T00:00:20","version" => "0.01"},{"date" => "2005-02-19T20:28:50","version" => "0.02"},{"date" => "2005-03-17T01:01:03","version" => "0.03"},{"date" => "2005-03-17T19:10:36","version" => "0.04"},{"date" => "2005-03-21T13:34:27","version" => "0.05"},{"date" => "2005-03-23T06:48:05","version" => "0.05"},{"date" => "2005-04-15T16:58:18","version" => "0.06"},{"date" => "2005-04-17T14:50:45","version" => "0.07"},{"date" => "2005-09-06T13:42:42","version" => "0.08"},{"date" => "2005-11-14T08:38:35","version" => "0.09"},{"date" => "2005-11-14T10:26:31","version" => "0.10"},{"date" => "2009-10-18T18:13:00","version" => "0.11"}]},"Catalyst-Plugin-Static-Simple" => {"advisories" => [{"affected_versions" => ["<0.34"],"cves" => ["CVE-2017-16248"],"description" => "The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.\n","distribution" => "Catalyst-Plugin-Static-Simple","fixed_versions" => [">=0.34"],"id" => "CPANSA-Catalyst-Plugin-Static-Simple-2017-01","references" => ["https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/","https://metacpan.org/pod/CPAN::Checksums"],"reported" => "2017-10-31"}],"main_module" => "Catalyst::Plugin::Static::Simple","versions" => [{"date" => "2005-08-12T01:37:04","version" => "0.01"},{"date" => "2005-08-16T22:09:54","version" => "0.02"},{"date" => "2005-08-22T03:44:24","version" => "0.03"},{"date" => "2005-08-22T15:59:08","version" => "0.04"},{"date" => "2005-08-26T15:58:06","version" => "0.05"},{"date" => "2005-09-05T19:36:58","version" => "0.06"},{"date" => "2005-09-06T01:07:28","version" => "0.07"},{"date" => "2005-09-07T22:52:21","version" => "0.08"},{"date" => "2005-10-07T17:40:16","version" => "0.09"},{"date" => "2005-10-19T21:19:04","version" => "0.10"},{"date" => "2005-11-14T00:28:01","version" => "0.11"},{"date" => "2005-12-15T14:56:40","version" => "0.13"},{"date" => "2006-03-24T16:18:59","version" => "0.14"},{"date" => "2006-07-05T16:35:54","version" => "0.14"},{"date" => "2006-12-09T03:25:57","version" => "0.15"},{"date" => "2007-04-30T18:48:25","version" => "0.16"},{"date" => "2007-05-11T14:52:16","version" => "0.17"},{"date" => "2007-07-01T04:12:31","version" => "0.18"},{"date" => "2007-07-02T20:54:05","version" => "0.19"},{"date" => "2007-09-24T13:50:15","version" => "0.20"},{"date" => "2009-03-29T18:47:56","version" => "0.21"},{"date" => "2009-08-21T16:21:17","version" => "0.22"},{"date" => "2009-10-06T16:51:19","version" => "0.23"},{"date" => "2009-10-18T18:12:48","version" => "0.24"},{"date" => "2009-10-22T20:49:26","version" => "0.25"},{"date" => "2009-12-06T12:32:46","version" => "0.26"},{"date" => "2010-01-03T14:56:26","version" => "0.27"},{"date" => "2010-01-04T13:18:25","version" => "0.28"},{"date" => "2010-02-01T18:48:45","version" => "0.29"},{"date" => "2012-05-04T17:17:29","version" => "0.30"},{"date" => "2013-09-09T14:32:43","version" => "0.31"},{"date" => "2014-06-05T12:44:48","version" => "0.32"},{"date" => "2014-10-29T16:02:17","version" => "0.33"},{"date" => "2017-08-02T17:00:14","version" => "0.34"},{"date" => "2018-03-14T12:13:30","version" => "0.35"},{"date" => "2018-03-15T11:41:17","version" => "0.36"},{"date" => "2021-05-05T14:30:07","version" => "0.37"}]},"Catalyst-Runtime" => {"advisories" => [{"affected_versions" => ["<5.90020"],"cves" => [],"description" => "Passing a special host to the redirect page link makes it vulnerable to XSS attack.\n","distribution" => "Catalyst-Runtime","fixed_versions" => [">=5.90020"],"id" => "CPANSA-Catalyst-Runtime-2013-01","references" => ["http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/Catalyst-Runtime.git;a=commitdiff;h=7af54927870a7c6f89323ac1876d49f92e7841f5"],"reported" => "2013-01-23"},{"affected_versions" => ["<5.58"],"cves" => [],"description" => "Path traversal in Static::Simple plugin.\n","distribution" => "Catalyst-Runtime","fixed_versions" => [">=5.58"],"id" => "CPANSA-Catalyst-Runtime-2005-01","reported" => "2005-11-24"}],"main_module" => "Catalyst::Runtime","versions" => [{"date" => "2006-06-25T19:20:53","version" => "5.70_01"},{"date" => "2006-06-27T18:10:20","version" => "5.70_02"},{"date" => "2006-06-28T21:50:30","version" => "5.70_03"},{"date" => "2006-07-07T22:47:30","version" => "5.7000"},{"date" => "2006-07-20T06:00:58","version" => "5.7001"},{"date" => "2006-09-19T07:36:29","version" => "5.7002"},{"date" => "2006-09-23T17:43:12","version" => "5.7003"},{"date" => "2006-11-06T23:28:40","version" => "5.7004"},{"date" => "2006-11-07T19:43:56","version" => "5.7005"},{"date" => "2006-11-15T08:27:59","version" => "5.7006"},{"date" => "2007-03-14T11:13:37","version" => "5.7007"},{"date" => "2007-08-13T06:36:11","version" => "5.7008"},{"date" => "2007-08-21T22:23:53","version" => "5.7009"},{"date" => "2007-08-22T05:51:41","version" => "5.7010"},{"date" => "2007-10-18T18:11:24","version" => "5.7011"},{"date" => "2007-12-17T08:19:28","version" => "5.7012"},{"date" => "2008-05-17T12:41:13","version" => "5.7013"},{"date" => "2008-05-25T21:16:45","version" => "5.7013"},{"date" => "2008-06-25T20:43:41","version" => "5.7099_01"},{"date" => "2008-07-18T11:41:25","version" => "5.7099_02"},{"date" => "2008-07-20T08:15:02","version" => "5.7099_02"},{"date" => "2008-10-13T20:55:41","version" => "5.7099_02"},{"date" => "2008-10-14T06:06:06","version" => "5.7099_02"},{"date" => "2008-10-15T21:44:15","version" => "5.7015"},{"date" => "2008-10-17T12:42:53","version" => "5.8000_03"},{"date" => "2008-12-05T15:11:14","version" => "5.8000_04"},{"date" => "2009-01-12T15:46:59","version" => "5.7099_04"},{"date" => "2009-01-19T17:36:04","version" => "5.71000"},{"date" => "2009-01-29T08:56:09","version" => "5.8000_05"},{"date" => "2009-02-04T20:08:22","version" => "5.8000_06"},{"date" => "2009-03-27T09:21:12","version" => "5.71001"},{"date" => "2009-04-13T19:03:36","version" => "5.8000_07"},{"date" => "2009-04-18T20:26:00","version" => "5.80001"},{"date" => "2009-04-21T23:45:45","version" => "5.80002"},{"date" => "2009-04-29T14:39:21","version" => "5.80003"},{"date" => "2009-05-18T15:16:38","version" => "5.80004"},{"date" => "2009-06-06T12:49:15","version" => "5.80005"},{"date" => "2009-06-29T22:11:48","version" => "5.80006"},{"date" => "2009-06-30T22:11:36","version" => "5.80007"},{"date" => "2009-08-21T16:14:33","version" => "5.80008"},{"date" => "2009-08-21T20:29:33","version" => "5.80009"},{"date" => "2009-08-21T21:42:08","version" => "5.80010"},{"date" => "2009-08-23T11:57:26","version" => "5.80011"},{"date" => "2009-09-09T18:01:32","version" => "5.80012"},{"date" => "2009-09-17T09:35:20","version" => "5.80013"},{"date" => "2009-11-21T02:32:20","version" => "5.80014"},{"date" => "2009-11-22T20:24:47","version" => "5.80014_01"},{"date" => "2009-12-01T01:14:00","version" => "5.80014_02"},{"date" => "2009-12-02T15:42:50","version" => "5.80015"},{"date" => "2009-12-11T23:37:44","version" => "5.80016"},{"date" => "2010-01-10T02:01:50","version" => "5.80017"},{"date" => "2010-01-12T21:39:47","version" => "5.80018"},{"date" => "2010-01-29T00:18:07","version" => "5.80019"},{"date" => "2010-02-04T06:19:31","version" => "5.80020"},{"date" => "2010-03-03T23:16:29","version" => "5.80021"},{"date" => "2010-03-28T19:25:48","version" => "5.80022"},{"date" => "2010-05-07T22:07:08","version" => "5.80023"},{"date" => "2010-05-15T09:57:52","version" => "5.80024"},{"date" => "2010-07-29T00:59:16","version" => "5.80025"},{"date" => "2010-09-01T15:10:42","version" => "5.80026"},{"date" => "2010-09-02T11:33:03","version" => "5.80027"},{"date" => "2010-09-28T20:14:11","version" => "5.80028"},{"date" => "2010-10-03T16:24:08","version" => "5.80029"},{"date" => "2011-01-04T12:56:30","version" => "5.80030"},{"date" => "2011-01-24T10:50:27","version" => "5.89000"},{"date" => "2011-01-31T08:25:21","version" => "5.80031"},{"date" => "2011-02-23T08:28:58","version" => "5.80032"},{"date" => "2011-03-01T14:56:37","version" => "5.89001"},{"date" => "2011-03-02T10:37:42","version" => "5.89002"},{"date" => "2011-07-24T15:58:37","version" => "5.80033"},{"date" => "2011-07-28T20:05:01","version" => "5.89003"},{"date" => "2011-08-15T21:35:34","version" => "5.9000"},{"date" => "2011-08-15T21:59:58","version" => "5.90001"},{"date" => "2011-08-22T20:55:10","version" => "5.90002"},{"date" => "2011-10-05T07:48:57","version" => "5.90003"},{"date" => "2011-10-11T15:19:05","version" => "5.90004"},{"date" => "2011-10-22T21:01:24","version" => "5.90005"},{"date" => "2011-10-25T17:54:34","version" => "5.90006"},{"date" => "2011-11-22T20:40:44","version" => "5.90007"},{"date" => "2012-02-06T21:08:28","version" => "5.90008"},{"date" => "2012-02-16T09:29:44","version" => "5.90009"},{"date" => "2012-02-18T00:49:30","version" => "5.90010"},{"date" => "2012-03-08T21:53:00","version" => "5.90011"},{"date" => "2012-05-19T07:13:21","version" => "5.90012"},{"date" => "2012-06-08T00:37:40","version" => "5.90013"},{"date" => "2012-06-21T20:41:41","version" => "5.90013"},{"date" => "2012-06-26T14:34:56","version" => "5.90014"},{"date" => "2012-06-30T18:00:53","version" => "5.90015"},{"date" => "2012-08-17T01:39:42","version" => "5.90016"},{"date" => "2012-10-19T21:51:54","version" => "5.90017"},{"date" => "2012-10-24T01:01:44","version" => "5.90018"},{"date" => "2012-12-04T22:04:19","version" => "5.90019"},{"date" => "2013-02-22T14:05:39","version" => "5.90020"},{"date" => "2013-04-12T17:09:27","version" => "5.90030"},{"date" => "2013-06-12T21:26:14","version" => "5.90040"},{"date" => "2013-06-15T02:10:17","version" => "5.90041"},{"date" => "2013-06-16T01:57:47","version" => "5.90042"},{"date" => "2013-07-26T19:13:01","version" => "5.90049_001"},{"date" => "2013-08-21T02:39:45","version" => "5.90049_002"},{"date" => "2013-09-20T19:03:54","version" => "5.90049_003"},{"date" => "2013-10-18T22:19:33","version" => "5.90049_004"},{"date" => "2013-10-31T20:48:42","version" => "5.90049_005"},{"date" => "2013-11-05T03:25:31","version" => "5.90049_006"},{"date" => "2013-11-05T22:35:22","version" => "5.90050"},{"date" => "2013-11-07T17:14:35","version" => "5.90051"},{"date" => "2013-12-18T20:03:22","version" => "5.90052"},{"date" => "2013-12-19T14:33:08","version" => "5.90059_001"},{"date" => "2013-12-22T16:18:16","version" => "5.90053"},{"date" => "2013-12-22T16:34:11","version" => "5.90059_002"},{"date" => "2013-12-27T02:27:08","version" => "5.90059_003"},{"date" => "2014-01-27T17:20:51","version" => "5.90059_004"},{"date" => "2014-01-28T19:36:58","version" => "5.90059_005"},{"date" => "2014-02-06T20:41:25","version" => "5.90059_006"},{"date" => "2014-02-08T03:11:11","version" => "5.90060"},{"date" => "2014-03-10T14:46:10","version" => "5.90061"},{"date" => "2014-04-14T18:53:26","version" => "5.90062"},{"date" => "2014-05-02T00:15:16","version" => "5.90063"},{"date" => "2014-05-05T14:55:25","version" => "5.90064"},{"date" => "2014-05-27T18:08:08","version" => "5.90069_001"},{"date" => "2014-06-05T12:44:59","version" => "5.90065"},{"date" => "2014-06-10T00:22:42","version" => "5.90069_002"},{"date" => "2014-08-06T15:09:29","version" => "5.90069_003"},{"date" => "2014-08-07T15:59:15","version" => "5.90069_004"},{"date" => "2014-08-07T21:49:59","version" => "5.90070"},{"date" => "2014-08-10T13:15:52","version" => "5.90071"},{"date" => "2014-09-15T16:30:58","version" => "5.90072"},{"date" => "2014-09-23T17:24:54","version" => "5.90073"},{"date" => "2014-10-01T21:45:12","version" => "5.90074"},{"date" => "2014-10-07T00:07:51","version" => "5.90075"},{"date" => "2014-11-14T00:20:16","version" => "5.90076"},{"date" => "2014-11-19T00:28:27","version" => "5.90077"},{"date" => "2014-12-02T21:50:30","version" => "5.90079_001"},{"date" => "2014-12-02T23:22:07","version" => "5.90079_002"},{"date" => "2014-12-03T19:45:16","version" => "5.90079_003"},{"date" => "2014-12-26T23:05:46","version" => "5.90079_004"},{"date" => "2014-12-31T16:26:20","version" => "5.90078"},{"date" => "2014-12-31T21:04:56","version" => "5.90079_005"},{"date" => "2015-01-02T15:11:55","version" => "5.90079_006"},{"date" => "2015-01-02T18:11:38","version" => "5.90079"},{"date" => "2015-01-07T20:01:40","version" => "5.90079_007"},{"date" => "2015-01-07T23:26:17","version" => "5.90079_008"},{"date" => "2015-01-09T17:04:47","version" => "5.90080"},{"date" => "2015-01-10T22:39:56","version" => "5.90081"},{"date" => "2015-01-10T23:33:56","version" => "5.90082"},{"date" => "2015-02-17T02:29:50","version" => "5.90083"},{"date" => "2015-02-23T22:24:50","version" => "5.90084"},{"date" => "2015-03-25T18:58:11","version" => "5.90085"},{"date" => "2015-03-26T21:30:15","version" => "5.90089_001"},{"date" => "2015-04-17T21:32:30","version" => "5.90089_002"},{"date" => "2015-04-27T20:20:40","version" => "5.90089_003"},{"date" => "2015-04-28T18:24:12","version" => "5.90089_004"},{"date" => "2015-04-29T14:04:24","version" => "5.90090"},{"date" => "2015-05-08T20:36:59","version" => "5.90091"},{"date" => "2015-05-19T16:48:30","version" => "5.90092"},{"date" => "2015-05-29T17:06:23","version" => "5.90093"},{"date" => "2015-07-24T20:17:46","version" => "5.90094"},{"date" => "2015-07-27T14:32:30","version" => "5.90095"},{"date" => "2015-07-27T15:44:59","version" => "5.90096"},{"date" => "2015-07-28T20:33:41","version" => "5.90097"},{"date" => "2015-08-24T16:30:12","version" => "5.90100"},{"date" => "2015-09-04T22:57:40","version" => "5.90101"},{"date" => "2015-10-29T19:39:24","version" => "5.90102"},{"date" => "2015-11-12T10:19:42","version" => "5.90103"},{"date" => "2016-04-04T17:18:38","version" => "5.90104"},{"date" => "2016-06-08T20:06:53","version" => "5.90105"},{"date" => "2016-07-06T01:21:42","version" => "5.90106"},{"date" => "2016-07-20T19:12:32","version" => "5.90110"},{"date" => "2016-07-20T20:07:16","version" => "5.90111"},{"date" => "2016-07-25T21:03:05","version" => "5.90112"},{"date" => "2016-12-15T21:35:30","version" => "5.90113"},{"date" => "2016-12-19T16:54:08","version" => "5.90114"},{"date" => "2017-05-01T16:42:46","version" => "5.90115"},{"date" => "2018-01-19T20:55:15","version" => "5.90116"},{"date" => "2018-01-21T23:47:21","version" => "5.90117"},{"date" => "2018-05-01T09:59:20","version" => "5.90118"},{"date" => "2018-09-24T00:25:48","version" => "5.90119"},{"date" => "2018-10-19T06:13:58","version" => "5.90120"},{"date" => "2018-10-22T20:39:48","version" => "5.90_121"},{"date" => "2018-11-03T14:52:06","version" => "5.90122"},{"date" => "2018-11-27T15:39:35","version" => "5.90123"},{"date" => "2019-01-18T22:36:07","version" => "5.90124"},{"date" => "2020-01-19T01:11:05","version" => "5.90125"},{"date" => "2020-01-20T01:40:16","version" => "5.90126"},{"date" => "2020-07-27T01:25:21","version" => "5.90_127"},{"date" => "2020-09-11T12:38:26","version" => "5.90128"},{"date" => "2022-07-23T13:13:34","version" => "5.90129"},{"date" => "2022-11-09T15:37:01","version" => "5.90130"},{"date" => "2023-07-20T23:09:29","version" => "5.90131"},{"date" => "2024-11-08T19:56:41","version" => "5.90132"}]},"Clipboard" => {"advisories" => [{"affected_versions" => ["<0.16"],"cves" => ["CVE-2014-5509"],"description" => "clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit\$\$.\n","distribution" => "Clipboard","fixed_versions" => [">=0.16"],"id" => "CPANSA-Clipboard-2014-5509","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=98435","https://bugzilla.redhat.com/show_bug.cgi?id=1135624","http://www.securityfocus.com/bid/69473","http://www.openwall.com/lists/oss-security/2014/08/30/2"],"reported" => "2018-01-08","severity" => "medium"}],"main_module" => "Clipboard","versions" => [{"date" => "2005-05-01T17:19:57","version" => "0.01"},{"date" => "2005-05-02T06:17:33","version" => "0.02"},{"date" => "2005-05-04T06:17:44","version" => "0.03"},{"date" => "2005-05-08T05:54:44","version" => "0.04"},{"date" => "2005-06-01T17:00:34","version" => "0.06"},{"date" => "2005-06-02T05:06:37","version" => "0.07"},{"date" => "2005-06-22T17:05:15","version" => "0.08"},{"date" => "2005-11-19T06:12:48","version" => "0.09"},{"date" => "2010-10-07T01:39:10","version" => "0.10"},{"date" => "2010-10-07T04:49:39","version" => "0.11"},{"date" => "2010-10-11T06:13:22","version" => "0.12"},{"date" => "2010-10-13T04:46:50","version" => "0.13"},{"date" => "2019-01-30T10:47:45","version" => "0.14"},{"date" => "2019-01-30T11:00:22","version" => "0.15"},{"date" => "2019-01-30T11:22:23","version" => "0.16"},{"date" => "2019-01-30T14:00:52","version" => "0.17"},{"date" => "2019-01-30T20:12:11","version" => "0.18"},{"date" => "2019-01-31T11:00:20","version" => "0.19"},{"date" => "2019-04-17T20:55:35","version" => "0.20"},{"date" => "2019-12-02T06:04:27","version" => "0.21"},{"date" => "2020-01-28T18:10:34","version" => "0.22"},{"date" => "2020-03-06T15:43:11","version" => "0.23"},{"date" => "2020-03-07T08:25:07","version" => "0.24"},{"date" => "2020-05-14T06:33:28","version" => "0.25"},{"date" => "2020-05-16T07:56:58","version" => "0.26"},{"date" => "2021-02-13T18:13:34","version" => "0.27"},{"date" => "2021-02-23T07:47:20","version" => "0.28"},{"date" => "2024-04-07T03:11:57","version" => "0.29"},{"date" => "2024-06-16T12:03:21","version" => "0.30"},{"date" => "2025-01-21T17:04:47","version" => "0.31"},{"date" => "2025-02-10T08:24:16","version" => "0.32"}]},"Cmd-Dwarf" => {"advisories" => [{"affected_versions" => ["<1.20"],"cves" => [],"description" => "JSON highjacking possibility.\n","distribution" => "Cmd-Dwarf","fixed_versions" => [">=1.20"],"id" => "CPANSA-Cmd-Dwarf-2014-01","references" => ["https://github.com/seagirl/dwarf/commit/14cf7a1d55db635a07f4838e16f3d9a28e63f529","https://metacpan.org/changes/distribution/Cmd-Dwarf"],"reported" => "2014-12-03"}],"main_module" => "Cmd::Dwarf","versions" => [{"date" => "2015-07-30T06:48:35","version" => "1.27"},{"date" => "2015-08-26T13:27:51","version" => "1.28"},{"date" => "2015-08-28T08:58:33","version" => "1.29"},{"date" => "2015-09-17T08:17:32","version" => "1.30"},{"date" => "2016-01-20T06:39:15","version" => "1.31"},{"date" => "2016-10-25T05:56:33","version" => "1.41"},{"date" => "2017-03-29T04:42:05","version" => "1.42"},{"date" => "2017-06-21T07:06:05","version" => "1.50"},{"date" => "2017-10-05T08:08:01","version" => "1.60"},{"date" => "2018-03-17T07:35:19","version" => "1.70"},{"date" => "2018-08-18T11:43:10","version" => "1.80"},{"date" => "2019-04-05T05:22:33","version" => "1.81"},{"date" => "2019-04-05T05:36:46","version" => "1.82"},{"date" => "2019-04-05T09:06:55","version" => "1.83"}]},"Compress-LZ4" => {"advisories" => [{"affected_versions" => ["<0.20"],"cves" => [],"description" => "Outdated LZ4 source code with security issue on 32bit systems.\n","distribution" => "Compress-LZ4","fixed_versions" => [">=0.20"],"id" => "CPANSA-Compress-LZ4-2014-01","references" => ["https://metacpan.org/changes/distribution/Compress-LZ4","https://github.com/gray/compress-lz4/commit/fc503812b4cbba16429658e1dfe20ad8bbfd77a0"],"reported" => "2014-07-07"}],"main_module" => "Compress::LZ4","versions" => [{"date" => "2012-02-11T16:33:26","version" => "0.01"},{"date" => "2012-02-20T21:26:48","version" => "0.02"},{"date" => "2012-03-02T04:47:50","version" => "0.03"},{"date" => "2012-03-18T07:09:30","version" => "0.04"},{"date" => "2012-03-18T19:45:25","version" => "0.05"},{"date" => "2012-03-22T09:23:45","version" => "0.06"},{"date" => "2012-03-22T16:12:43","version" => "0.07"},{"date" => "2012-03-23T16:29:14","version" => "0.08"},{"date" => "2012-03-23T17:27:12","version" => "0.09"},{"date" => "2012-03-26T11:28:24","version" => "0.10"},{"date" => "2012-04-03T21:36:24","version" => "0.11"},{"date" => "2012-04-04T12:55:22","version" => "0.12"},{"date" => "2012-06-01T18:55:41","version" => "0.13"},{"date" => "2012-08-10T00:21:56","version" => "0.14"},{"date" => "2012-08-11T16:37:53","version" => "0.15"},{"date" => "2012-09-08T18:18:41","version" => "0.16"},{"date" => "2013-03-19T00:39:07","version" => "0.17"},{"date" => "2013-11-19T00:56:57","version" => "0.18"},{"date" => "2014-02-08T00:35:09","version" => "0.19"},{"date" => "2014-07-07T21:08:49","version" => "0.20"},{"date" => "2015-05-12T19:01:36","version" => "0.21"},{"date" => "2015-05-20T06:16:53","version" => "0.22"},{"date" => "2016-07-25T20:45:05","version" => "0.23"},{"date" => "2017-03-23T04:34:45","version" => "0.24"},{"date" => "2017-04-06T16:38:31","version" => "0.25"}]},"Compress-Raw-Bzip2" => {"advisories" => [{"affected_versions" => ["<2.031"],"cves" => ["CVE-2010-0405"],"description" => "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.\n","distribution" => "Compress-Raw-Bzip2","fixed_versions" => [">=2.031"],"id" => "CPANSA-Compress-Raw-Bzip2-2010-0405","references" => ["https://metacpan.org/changes/distribution/Compress-Raw-Bzip2"],"reported" => "2010-01-27"},{"affected_versions" => ["<2.018"],"cves" => ["CVE-2009-1884"],"description" => "Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.\n","distribution" => "Compress-Raw-Bzip2","fixed_versions" => [">=2.018"],"id" => "CPANSA-Compress-Raw-Bzip2-2009-1884","references" => ["http://security.gentoo.org/glsa/glsa-200908-07.xml","https://bugs.gentoo.org/show_bug.cgi?id=281955","https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html","https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html","http://www.securityfocus.com/bid/36082","http://secunia.com/advisories/36386","https://bugzilla.redhat.com/show_bug.cgi?id=518278","http://secunia.com/advisories/36415","https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"],"reported" => "2009-08-19","severity" => undef}],"main_module" => "Compress::Raw::Bzip2","versions" => [{"date" => "2006-03-13T16:14:00","version" => "2.000_10"},{"date" => "2006-04-15T21:23:09","version" => "2.000_11"},{"date" => "2006-05-17T12:43:30","version" => "2.000_12"},{"date" => "2006-06-20T12:43:47","version" => "2.000_13"},{"date" => "2006-10-26T14:15:45","version" => "2.000_14"},{"date" => "2006-11-01T10:35:27","version" => "2.001"},{"date" => "2006-12-29T20:40:23","version" => "2.002"},{"date" => "2007-01-02T13:03:45","version" => "2.003"},{"date" => "2007-03-03T15:50:04","version" => "2.004"},{"date" => "2007-07-01T00:06:51","version" => "2.005"},{"date" => "2007-09-01T19:44:48","version" => "2.006"},{"date" => "2007-11-10T11:59:25","version" => "2.008"},{"date" => "2008-04-20T14:41:25","version" => "2.009"},{"date" => "2008-05-05T17:18:15","version" => "2.010"},{"date" => "2008-05-17T11:16:17","version" => "2.011"},{"date" => "2008-07-15T22:23:56","version" => "2.012"},{"date" => "2008-09-02T20:20:05","version" => "2.014"},{"date" => "2008-09-03T20:47:15","version" => "2.015"},{"date" => "2009-04-04T09:47:36","version" => "2.017"},{"date" => "2009-05-03T16:26:57","version" => "2.018"},{"date" => "2009-05-04T09:42:06","version" => "2.019"},{"date" => "2009-06-03T17:48:18","version" => "2.020"},{"date" => "2009-08-30T20:25:24","version" => "2.021"},{"date" => "2009-11-09T23:25:19","version" => "2.023"},{"date" => "2010-01-09T17:56:12","version" => "2.024"},{"date" => "2010-03-28T12:56:33","version" => "2.025"},{"date" => "2010-04-07T19:49:29","version" => "2.026"},{"date" => "2010-04-24T19:15:32","version" => "2.027"},{"date" => "2010-07-24T14:29:17","version" => "2.030"},{"date" => "2010-09-21T19:44:52","version" => "2.031"},{"date" => "2011-01-06T11:26:00","version" => "2.032"},{"date" => "2011-01-11T14:02:05","version" => "2.033"},{"date" => "2011-05-02T21:50:15","version" => "2.034"},{"date" => "2011-05-07T08:30:09","version" => "2.035"},{"date" => "2011-06-18T21:45:13","version" => "2.036"},{"date" => "2011-06-22T07:17:56","version" => "2.037"},{"date" => "2011-10-28T14:27:59","version" => "2.039"},{"date" => "2011-10-28T22:18:59","version" => "2.040"},{"date" => "2011-11-17T23:44:58","version" => "2.042"},{"date" => "2011-11-20T21:31:34","version" => "2.043"},{"date" => "2011-12-03T22:48:47","version" => "2.044"},{"date" => "2011-12-04T19:19:58","version" => "2.045"},{"date" => "2012-01-28T23:26:44","version" => "2.047"},{"date" => "2012-01-29T16:58:55","version" => "2.048"},{"date" => "2012-02-18T15:56:34","version" => "2.049"},{"date" => "2012-04-29T12:40:06","version" => "2.052"},{"date" => "2012-08-05T20:35:37","version" => "2.055"},{"date" => "2012-11-10T19:08:29","version" => "2.057"},{"date" => "2012-11-12T22:14:16","version" => "2.058"},{"date" => "2012-11-25T13:38:19","version" => "2.059"},{"date" => "2013-01-07T20:02:08","version" => "2.060"},{"date" => "2013-05-27T09:54:30","version" => "2.061"},{"date" => "2013-08-12T19:06:20","version" => "2.062"},{"date" => "2013-11-02T17:14:54","version" => "2.063"},{"date" => "2014-02-01T23:19:50","version" => "2.064"},{"date" => "2014-09-21T12:40:58","version" => "2.066"},{"date" => "2014-12-08T15:12:21","version" => "2.067"},{"date" => "2014-12-23T17:44:34","version" => "2.068"},{"date" => "2015-09-27T14:33:57","version" => "2.069"},{"date" => "2016-12-28T23:07:42","version" => "2.070"},{"date" => "2017-02-12T20:39:20","version" => "2.072"},{"date" => "2017-02-19T20:35:17","version" => "2.073"},{"date" => "2017-02-19T22:11:17","version" => "2.074"},{"date" => "2018-04-03T18:20:04","version" => "2.080"},{"date" => "2018-04-08T15:01:21","version" => "2.081"},{"date" => "2018-12-30T22:38:05","version" => "2.083"},{"date" => "2019-01-06T08:56:52","version" => "2.084"},{"date" => "2019-03-31T19:13:22","version" => "2.086"},{"date" => "2019-08-10T18:11:44","version" => "2.087"},{"date" => "2019-11-03T08:56:50","version" => "2.088"},{"date" => "2019-11-03T19:53:42","version" => "2.089"},{"date" => "2019-11-09T18:35:48","version" => "2.090"},{"date" => "2019-11-23T19:34:12","version" => "2.091"},{"date" => "2019-12-04T22:08:25","version" => "2.092"},{"date" => "2019-12-07T16:05:12","version" => "2.093"},{"date" => "2020-07-13T10:53:44","version" => "2.094"},{"date" => "2020-07-20T19:13:40","version" => "2.095"},{"date" => "2020-07-31T20:50:12","version" => "2.096"},{"date" => "2021-01-07T13:00:00","version" => "2.100"},{"date" => "2021-02-20T14:08:53","version" => "2.101"},{"date" => "2022-04-03T19:48:28","version" => "2.103"},{"date" => "2022-06-25T09:02:32","version" => "2.201"},{"date" => "2023-02-08T19:23:39","version" => "2.204"},{"date" => "2023-07-16T15:36:44","version" => "2.205"},{"date" => "2023-07-25T15:36:59","version" => "2.206"},{"date" => "2024-02-18T22:19:11","version" => "2.207"},{"date" => "2024-02-19T09:28:45","version" => "2.208"},{"date" => "2024-02-20T13:23:07","version" => "2.209"},{"date" => "2024-02-26T09:33:37","version" => "2.210"},{"date" => "2024-04-06T13:40:27","version" => "2.211"},{"date" => "2024-04-27T12:52:31","version" => "2.212"},{"date" => "2024-08-28T15:29:28","version" => "2.213"},{"date" => "2025-10-24T16:23:16","version" => "2.214"},{"date" => "2026-01-31T23:47:12","version" => "2.217"},{"date" => "2026-03-08T13:51:32","version" => "2.218"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.05201"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038","version" => "2.204_001"}]},"Compress-Raw-Zlib" => {"advisories" => [{"affected_versions" => ["<2.017"],"cves" => ["CVE-2009-1391"],"description" => "Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [">=2.017"],"id" => "CPANSA-Compress-Raw-Zlib-2009-1391","references" => ["http://article.gmane.org/gmane.mail.virus.amavis.user/33635","http://article.gmane.org/gmane.mail.virus.amavis.user/33638","http://www.securityfocus.com/bid/35307","http://secunia.com/advisories/35422","https://bugzilla.redhat.com/show_bug.cgi?id=504386","http://www.vupen.com/english/advisories/2009/1571","http://thread.gmane.org/gmane.mail.virus.amavis.user/33635","http://osvdb.org/55041","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35876","http://secunia.com/advisories/35685","https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html","http://secunia.com/advisories/35689","http://www.mandriva.com/security/advisories?name=MDVSA-2009:157","http://security.gentoo.org/glsa/glsa-200908-07.xml","https://bugs.gentoo.org/show_bug.cgi?id=273141","https://exchange.xforce.ibmcloud.com/vulnerabilities/51062","https://usn.ubuntu.com/794-1/"],"reported" => "2009-06-16","severity" => undef},{"affected_versions" => ["<=2.219"],"cves" => ["CVE-2026-3381"],"description" => "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.  Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.","distribution" => "Compress-Raw-Zlib","fixed_versions" => [">=2.220"],"id" => "CPANSA-Compress-Raw-Zlib-2026-3381","references" => ["https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/","https://github.com/madler/zlib","https://github.com/madler/zlib/releases/tag/v1.3.2","https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes","https://www.cve.org/CVERecord?id=CVE-2026-27171","https://www.zlib.net/"],"reported" => "2026-03-05","severity" => undef},{"affected_versions" => [">=2.025,<=2.048"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.049,<=2.052"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.053,<=2.060"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.061,<=2.074"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=2.075,<=2.101"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Compress-Raw-Zlib","fixed_versions" => [],"id" => "CPANSA-Compress-Raw-Zlib-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Compress::Raw::Zlib","versions" => [{"date" => "2006-03-03T23:06:38","version" => "2.000_09"},{"date" => "2006-03-13T16:14:20","version" => "2.000_10"},{"date" => "2006-04-15T21:23:24","version" => "2.000_11"},{"date" => "2006-05-17T12:43:41","version" => "2.000_12"},{"date" => "2006-06-20T12:45:30","version" => "2.000_13"},{"date" => "2006-10-26T14:15:34","version" => "2.000_09"},{"date" => "2006-11-01T10:35:38","version" => "2.001"},{"date" => "2006-12-29T20:40:35","version" => "2.002"},{"date" => "2007-01-02T13:03:57","version" => "2.003"},{"date" => "2007-03-03T15:50:15","version" => "2.004"},{"date" => "2007-07-01T00:07:02","version" => "2.005"},{"date" => "2007-09-01T19:44:59","version" => "2.006"},{"date" => "2007-11-10T11:59:36","version" => "2.008"},{"date" => "2008-04-20T14:42:52","version" => "2.009"},{"date" => "2008-05-05T17:18:27","version" => "2.010"},{"date" => "2008-05-17T11:16:28","version" => "2.011"},{"date" => "2008-07-15T22:24:07","version" => "2.012"},{"date" => "2008-09-02T20:20:16","version" => "2.014"},{"date" => "2008-09-03T20:47:27","version" => "2.015"},{"date" => "2009-04-04T09:49:03","version" => "2.017"},{"date" => "2009-05-03T16:27:08","version" => "2.018"},{"date" => "2009-05-04T09:42:17","version" => "2.019"},{"date" => "2009-06-03T17:48:30","version" => "2.020"},{"date" => "2009-08-30T20:25:35","version" => "2.021"},{"date" => "2009-11-09T23:26:59","version" => "2.023"},{"date" => "2010-01-09T17:56:35","version" => "2.024"},{"date" => "2010-03-28T12:57:08","version" => "2.025"},{"date" => "2010-04-07T19:51:09","version" => "2.026"},{"date" => "2010-04-24T19:15:54","version" => "2.027"},{"date" => "2010-07-24T14:31:01","version" => "2.030"},{"date" => "2011-01-06T11:23:45","version" => "2.032"},{"date" => "2011-01-11T14:03:45","version" => "2.033"},{"date" => "2011-05-02T22:05:37","version" => "2.034"},{"date" => "2011-05-07T08:31:57","version" => "2.035"},{"date" => "2011-06-18T21:45:36","version" => "2.036"},{"date" => "2011-06-22T07:18:22","version" => "2.037"},{"date" => "2011-10-28T14:28:35","version" => "2.039"},{"date" => "2011-10-28T22:20:38","version" => "2.040"},{"date" => "2011-11-17T23:45:21","version" => "2.042"},{"date" => "2011-11-20T21:33:33","version" => "2.043"},{"date" => "2011-12-03T22:49:10","version" => "2.044"},{"date" => "2011-12-04T19:21:36","version" => "2.045"},{"date" => "2012-01-28T23:28:28","version" => "2.047"},{"date" => "2012-01-29T17:00:33","version" => "2.048"},{"date" => "2012-02-18T15:58:12","version" => "2.049"},{"date" => "2012-02-21T19:35:18","version" => "2.050"},{"date" => "2012-02-22T20:43:23","version" => "2.051"},{"date" => "2012-04-29T12:41:57","version" => "2.052"},{"date" => "2012-05-06T08:40:06","version" => "2.053"},{"date" => "2012-05-08T19:22:47","version" => "2.054"},{"date" => "2012-08-05T20:36:06","version" => "2.055"},{"date" => "2012-08-10T22:20:09","version" => "2.056"},{"date" => "2012-11-10T19:08:56","version" => "2.057"},{"date" => "2012-11-12T22:14:42","version" => "2.058"},{"date" => "2012-11-25T13:38:42","version" => "2.059"},{"date" => "2013-01-07T20:02:22","version" => "2.060"},{"date" => "2013-05-27T09:54:54","version" => "2.061"},{"date" => "2013-08-12T19:08:05","version" => "2.062"},{"date" => "2013-11-02T17:15:17","version" => "2.063"},{"date" => "2014-02-01T23:21:28","version" => "2.064"},{"date" => "2014-02-03T20:23:00","version" => "2.065"},{"date" => "2014-09-21T12:42:35","version" => "2.066"},{"date" => "2014-12-08T15:14:00","version" => "2.067"},{"date" => "2014-12-23T17:44:57","version" => "2.068"},{"date" => "2015-09-26T18:41:58","version" => "2.069"},{"date" => "2016-12-28T23:09:21","version" => "2.070"},{"date" => "2016-12-30T22:58:08","version" => "2.071"},{"date" => "2017-02-12T20:41:25","version" => "2.072"},{"date" => "2017-02-19T20:37:20","version" => "2.073"},{"date" => "2017-02-19T22:11:41","version" => "2.074"},{"date" => "2017-11-14T15:43:26","version" => "2.075"},{"date" => "2017-11-21T22:29:23","version" => "2.076"},{"date" => "2018-04-03T18:22:06","version" => "2.080"},{"date" => "2018-04-08T15:02:55","version" => "2.081"},{"date" => "2018-12-30T22:40:08","version" => "2.083"},{"date" => "2019-01-06T08:57:15","version" => "2.084"},{"date" => "2019-03-31T19:11:54","version" => "2.086"},{"date" => "2019-08-10T18:12:03","version" => "2.087"},{"date" => "2019-11-03T08:55:23","version" => "2.088"},{"date" => "2019-11-03T19:54:04","version" => "2.089"},{"date" => "2019-11-09T15:58:48","version" => "2.090"},{"date" => "2019-11-23T19:34:34","version" => "2.091"},{"date" => "2019-12-04T22:08:37","version" => "2.092"},{"date" => "2019-12-07T16:05:34","version" => "2.093"},{"date" => "2020-07-13T10:54:06","version" => "2.094"},{"date" => "2020-07-21T06:57:01","version" => "2.095"},{"date" => "2020-07-31T20:48:45","version" => "2.096"},{"date" => "2021-01-07T13:00:23","version" => "2.100"},{"date" => "2021-02-20T14:10:43","version" => "2.101"},{"date" => "2022-04-03T19:48:50","version" => "2.103"},{"date" => "2022-05-13T06:30:30","version" => "2.104"},{"date" => "2022-05-14T14:24:32","version" => "2.105"},{"date" => "2022-06-21T21:19:21","version" => "2.200"},{"date" => "2022-06-25T09:04:10","version" => "2.201"},{"date" => "2022-06-27T08:18:10","version" => "2.202"},{"date" => "2023-02-08T19:26:25","version" => "2.204"},{"date" => "2023-07-16T15:32:41","version" => "2.205"},{"date" => "2023-07-25T15:35:40","version" => "2.206"},{"date" => "2024-02-18T22:16:24","version" => "2.207"},{"date" => "2024-02-19T09:27:19","version" => "2.208"},{"date" => "2024-02-26T16:11:33","version" => "2.209"},{"date" => "2024-04-06T13:41:58","version" => "2.211"},{"date" => "2024-04-27T12:55:28","version" => "2.212"},{"date" => "2024-08-28T15:27:59","version" => "2.213"},{"date" => "2025-10-24T16:23:27","version" => "2.214"},{"date" => "2026-01-31T22:31:04","version" => "2.217"},{"date" => "2026-02-03T10:45:59","version" => "2.218"},{"date" => "2026-02-23T15:24:28","version" => "2.219"},{"date" => "2026-02-27T10:04:09","version" => "2.220"},{"date" => "2026-02-27T13:17:42","version" => "2.221"},{"date" => "2026-03-08T12:34:59","version" => "2.222"},{"date" => "2010-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013003","version" => "2.027_01"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.05401"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "2.068_01"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038","version" => "2.204_001"}]},"Concierge-Sessions" => {"advisories" => [{"affected_versions" => [">=0.8.1,<0.8.5"],"cves" => ["CVE-2026-2439"],"description" => "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,    *  There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.   *  The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.   *  UUIDs are identifiers whose mere possession grants access, as per RFC 9562.   *  The output of the built-in rand() function is predictable and unsuitable for security applications.","distribution" => "Concierge-Sessions","fixed_versions" => [">=0.8.5"],"id" => "CPANSA-Concierge-Sessions-2026-2439","references" => ["https://github.com/bwva/Concierge-Sessions/commit/20bb28e92e8fba307c4ff8264701c215be65e73b","https://metacpan.org/release/BVA/Concierge-Sessions-v0.8.4/diff/BVA/Concierge-Sessions-v0.8.5#lib/Concierge/Sessions/Base.pm","https://perldoc.perl.org/5.42.0/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://www.rfc-editor.org/rfc/rfc9562.html#name-security-considerations"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Concierge::Sessions","versions" => [{"date" => "2026-02-11T23:31:48","version" => "v0.8.1"},{"date" => "2026-02-12T04:02:53","version" => "v0.8.2"},{"date" => "2026-02-12T08:43:53","version" => "v0.8.3"},{"date" => "2026-02-12T09:47:28","version" => "v0.8.4"},{"date" => "2026-02-12T16:49:19","version" => "v0.8.5"},{"date" => "2026-02-13T04:18:00","version" => "v0.8.6"},{"date" => "2026-02-13T15:38:42","version" => "v0.8.7"},{"date" => "2026-02-13T17:47:48","version" => "v0.8.8"},{"date" => "2026-02-13T22:10:44","version" => "v0.8.9"},{"date" => "2026-02-13T22:32:58","version" => "v0.9.0"},{"date" => "2026-02-15T04:14:21","version" => "v0.10.0"},{"date" => "2026-02-15T18:14:32","version" => "v0.11.0"}]},"Config-IniFiles" => {"advisories" => [{"affected_versions" => ["<2.71"],"cves" => ["CVE-2012-2451"],"description" => "The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.  NOTE: some of these details are obtained from third party information.  NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.\n","distribution" => "Config-IniFiles","fixed_versions" => [],"id" => "CPANSA-Config-IniFiles-2012-2451","references" => ["http://www.openwall.com/lists/oss-security/2012/05/02/6","http://www.osvdb.org/81671","http://secunia.com/advisories/48990","https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59","https://bugzilla.redhat.com/show_bug.cgi?id=818386","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html","http://www.securityfocus.com/bid/53361","http://www.ubuntu.com/usn/USN-1543-1","https://exchange.xforce.ibmcloud.com/vulnerabilities/75328"],"reported" => "2012-06-27","severity" => undef}],"main_module" => "Config::IniFiles","versions" => [{"date" => "2000-06-20T02:07:11","version" => "0.05"},{"date" => "2000-06-26T02:38:13","version" => "0.06"},{"date" => "2000-07-31T01:32:53","version" => "0.08"},{"date" => "2000-07-31T01:51:15","version" => "0.09"},{"date" => "2000-09-17T03:29:50","version" => "0.11"},{"date" => "2000-09-20T01:06:10","version" => "1.6"},{"date" => "2000-10-17T02:01:37","version" => "1.8"},{"date" => "2000-11-25T03:36:14","version" => "1.11"},{"date" => "2000-11-28T14:09:00","version" => "1.12"},{"date" => "2000-11-28T14:09:15","version" => "1.13"},{"date" => "2000-12-13T17:45:25","version" => "2.10"},{"date" => "2000-12-18T17:56:28","version" => "2.13"},{"date" => "2001-01-08T18:27:24","version" => "2.14"},{"date" => "2001-03-24T21:54:18","version" => "2.17"},{"date" => "2001-03-30T04:48:27","version" => "2.18"},{"date" => "2001-04-05T01:06:51","version" => "2.19"},{"date" => "2001-08-28T11:05:35","version" => "2.21"},{"date" => "2001-12-06T17:15:03","version" => "2.22"},{"date" => "2001-12-07T16:24:14","version" => "2.23"},{"date" => "2001-12-07T17:27:08","version" => "2.24"},{"date" => "2001-12-12T20:50:06","version" => "2.25"},{"date" => "2001-12-19T22:26:32","version" => "2.26"},{"date" => "2001-12-20T16:11:24","version" => "2.27"},{"date" => "2002-08-15T21:41:35","version" => "2.29"},{"date" => "2002-10-15T18:59:21","version" => "2.30"},{"date" => "2002-12-18T01:58:55","version" => "2.36"},{"date" => "2003-01-31T23:06:08","version" => "2.37"},{"date" => "2003-05-14T01:38:13","version" => "2.38"},{"date" => "2005-04-29T20:33:23","version" => "2.39"},{"date" => "2008-12-04T17:02:19","version" => "2.43"},{"date" => "2008-12-25T09:47:08","version" => "2.44"},{"date" => "2008-12-27T15:25:59","version" => "2.45"},{"date" => "2009-01-17T14:40:26","version" => "2.46"},{"date" => "2009-01-21T09:41:11","version" => "2.47"},{"date" => "2009-04-07T12:26:44","version" => "2.48"},{"date" => "2009-05-02T14:27:53","version" => "2.49"},{"date" => "2009-05-31T11:58:04","version" => "2.50"},{"date" => "2009-06-08T09:41:11","version" => "2.51"},{"date" => "2009-06-28T13:21:57","version" => "2.52"},{"date" => "2009-11-13T09:58:28","version" => "2.53"},{"date" => "2009-11-18T11:15:13","version" => "2.54"},{"date" => "2009-12-22T15:48:07","version" => "2.55"},{"date" => "2009-12-31T04:57:40","version" => "2.56"},{"date" => "2010-03-01T13:51:57","version" => "2.57"},{"date" => "2010-05-17T07:45:33","version" => "2.58"},{"date" => "2010-11-12T11:33:52","version" => "2.59"},{"date" => "2010-11-13T07:22:50","version" => "2.60"},{"date" => "2010-11-14T08:57:26","version" => "2.61"},{"date" => "2010-11-19T13:37:37","version" => "2.62"},{"date" => "2010-11-19T14:54:12","version" => "2.63"},{"date" => "2010-11-20T09:55:05","version" => "2.64"},{"date" => "2010-11-25T18:48:52","version" => "2.65"},{"date" => "2011-01-29T16:40:18","version" => "2.66"},{"date" => "2011-06-21T11:59:37","version" => "2.67"},{"date" => "2011-06-21T19:18:33","version" => "2.68"},{"date" => "2012-04-05T09:10:11","version" => "2.69"},{"date" => "2012-04-06T09:52:14","version" => "2.70"},{"date" => "2012-05-02T08:05:15","version" => "2.71"},{"date" => "2012-05-05T16:56:55","version" => "2.72"},{"date" => "2012-05-14T07:49:33","version" => "2.73"},{"date" => "2012-05-23T21:47:46","version" => "2.74"},{"date" => "2012-05-25T12:29:48","version" => "2.75"},{"date" => "2012-06-15T14:47:10","version" => "2.76"},{"date" => "2012-06-21T16:39:23","version" => "2.77"},{"date" => "2012-10-21T11:18:39","version" => "2.78"},{"date" => "2013-05-06T07:10:33","version" => "2.79"},{"date" => "2013-05-14T19:25:07","version" => "2.80"},{"date" => "2013-05-16T10:36:17","version" => "2.81"},{"date" => "2013-05-21T15:35:10","version" => "2.82"},{"date" => "2014-01-27T09:01:28","version" => "2.83"},{"date" => "2015-04-13T18:40:30","version" => "2.84"},{"date" => "2015-04-13T19:08:57","version" => "2.85"},{"date" => "2015-04-14T07:55:59","version" => "2.86"},{"date" => "2015-06-16T09:06:37","version" => "2.87"},{"date" => "2015-07-10T08:38:11","version" => "2.88"},{"date" => "2016-05-03T09:14:13","version" => "2.89"},{"date" => "2016-06-02T13:09:19","version" => "2.90"},{"date" => "2016-06-03T03:11:38","version" => "2.91"},{"date" => "2016-06-17T09:34:08","version" => "2.92"},{"date" => "2016-07-24T08:34:00","version" => "2.93"},{"date" => "2016-11-29T17:31:38","version" => "2.94"},{"date" => "2018-03-16T11:14:39","version" => "2.95"},{"date" => "2018-04-07T08:45:56","version" => "2.96"},{"date" => "2018-04-21T09:13:56","version" => "2.97"},{"date" => "2018-04-21T11:50:34","version" => "2.98"},{"date" => "2018-09-13T07:11:41","version" => "3.000000"},{"date" => "2019-01-16T09:54:40","version" => "3.000001"},{"date" => "2019-03-14T13:34:40","version" => "3.000002"},{"date" => "2020-03-24T15:45:08","version" => "3.000003"}]},"Config-Model" => {"advisories" => [{"affected_versions" => ["<2.102"],"cves" => ["CVE-2017-0373"],"description" => "The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous \"use lib\" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-03","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/9bd64d9ec6c0939166a2216a37d58dd19a725951"],"reported" => "2017-05-10"},{"affected_versions" => ["<2.102"],"cves" => ["CVE-2017-0374"],"description" => "Loads models from a local directory, making it possible to substitute the model.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-02","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/4d37c75b0c4f9633b67999f8260b08027a6bc524"],"reported" => "2017-05-10"},{"affected_versions" => ["<2.102"],"cves" => [],"description" => "YAML or YAML::XS can be loaded automatically making it possible to run arbitrary code loading a specially crafted YAML file.\n","distribution" => "Config-Model","fixed_versions" => [">=2.102"],"id" => "CPANSA-Config-Model-2017-01","references" => ["https://metacpan.org/changes/distribution/Config-Model","https://github.com/dod38fr/config-model/commit/01d212348bfbadf31bd74aadd26b1e391ff2fd92"],"reported" => "2017-05-10"}],"main_module" => "Config::Model","versions" => [{"date" => "2006-04-21T12:27:44","version" => "0.505"},{"date" => "2006-05-19T13:32:14","version" => "0.506"},{"date" => "2006-06-15T12:10:38","version" => "0.507"},{"date" => "2006-07-20T12:28:36","version" => "0.601"},{"date" => "2006-09-07T12:06:17","version" => "0.602"},{"date" => "2006-10-19T11:24:40","version" => "0.603"},{"date" => "2006-12-06T12:58:35","version" => "0.604"},{"date" => "2007-01-08T13:16:42","version" => "0.605"},{"date" => "2007-01-11T12:42:09","version" => "0.606"},{"date" => "2007-01-12T13:06:38","version" => "0.607"},{"date" => "2007-02-23T13:00:34","version" => "0.608"},{"date" => "2007-05-14T11:41:18","version" => "0.609"},{"date" => "2007-06-06T12:28:06","version" => "0.610"},{"date" => "2007-07-03T15:35:21","version" => "0.611"},{"date" => "2007-07-27T11:38:57","version" => "0.612"},{"date" => "2007-10-01T15:52:56","version" => "0.613"},{"date" => "2007-10-23T16:10:29","version" => "0.614"},{"date" => "2007-11-15T12:36:18","version" => "0.615"},{"date" => "2007-12-04T12:41:22","version" => "0.616"},{"date" => "2008-01-28T11:55:50","version" => "0.617"},{"date" => "2008-02-14T12:56:25","version" => "0.618"},{"date" => "2008-02-29T12:08:41","version" => "0.619"},{"date" => "2008-03-18T17:40:57","version" => "0.620"},{"date" => "2008-03-20T07:49:00","version" => "0.6201"},{"date" => "2008-04-04T11:38:49","version" => "0.621"},{"date" => "2008-04-25T16:23:31","version" => "0.622"},{"date" => "2008-05-19T11:47:46","version" => "0.623"},{"date" => "2008-07-25T11:35:07","version" => "0.624"},{"date" => "2008-07-30T12:02:43","version" => "0.625"},{"date" => "2008-09-22T12:20:00","version" => "0.626"},{"date" => "2008-09-23T11:05:58","version" => "0.627"},{"date" => "2008-09-29T12:35:05","version" => "0.628"},{"date" => "2008-10-13T15:09:27","version" => "0.629"},{"date" => "2008-10-21T11:59:27","version" => "0.630"},{"date" => "2008-11-10T14:37:44","version" => "0.631"},{"date" => "2008-12-16T13:32:26","version" => "0.632"},{"date" => "2008-12-23T15:36:48","version" => "0.633"},{"date" => "2009-03-05T13:06:32","version" => "0.634"},{"date" => "2009-04-20T12:21:46","version" => "0.635"},{"date" => "2009-05-30T16:19:54","version" => "0.636"},{"date" => "2009-06-23T12:07:41","version" => "0.637"},{"date" => "2009-06-30T11:31:35","version" => "0.638"},{"date" => "2009-09-08T11:35:25","version" => "0.639"},{"date" => "2009-09-09T16:10:41","version" => "0.640"},{"date" => "2010-01-20T17:30:14","version" => "0.641"},{"date" => "2010-01-21T17:17:34","version" => "0.642"},{"date" => "2010-02-25T13:04:52","version" => "0.643"},{"date" => "2010-03-12T15:24:45","version" => "0.644"},{"date" => "2010-03-28T14:53:46","version" => "1.001"},{"date" => "2010-04-22T12:22:00","version" => "1.202"},{"date" => "2010-06-03T11:09:45","version" => "1.203"},{"date" => "2010-06-03T11:20:09","version" => "1.204"},{"date" => "2010-06-07T16:04:03","version" => "1.205"},{"date" => "2010-08-13T10:53:09","version" => "1.206"},{"date" => "2010-09-14T16:14:40","version" => "1.207"},{"date" => "2010-09-16T11:46:11","version" => "1.208"},{"date" => "2010-09-20T12:29:12","version" => "1.209"},{"date" => "2010-09-30T16:34:27","version" => "1.210"},{"date" => "2010-10-08T10:46:45","version" => "1.211"},{"date" => "2010-10-15T11:08:52","version" => "1.212"},{"date" => "2010-10-19T12:29:03","version" => "1.213"},{"date" => "2010-10-19T15:17:01","version" => "1.214"},{"date" => "2010-10-19T15:28:56","version" => "1.215"},{"date" => "2010-10-26T12:16:51","version" => "1.216"},{"date" => "2010-10-30T12:44:11","version" => "1.217"},{"date" => "2010-11-05T11:53:14","version" => "1.218"},{"date" => "2010-11-09T13:20:51","version" => "1.219"},{"date" => "2010-11-10T08:41:22","version" => "1.220"},{"date" => "2010-11-21T17:40:10","version" => "1.221"},{"date" => "2010-11-22T14:01:55","version" => "1.222"},{"date" => "2010-11-28T17:34:03","version" => "1.223"},{"date" => "2010-12-06T13:18:53","version" => "1.224"},{"date" => "2010-12-07T08:01:43","version" => "1.225"},{"date" => "2010-12-08T18:48:08","version" => "1.226"},{"date" => "2011-01-07T18:12:45","version" => "1.227"},{"date" => "2011-01-09T12:27:15","version" => "1.228"},{"date" => "2011-01-10T19:57:53","version" => "1.229"},{"date" => "2011-01-20T16:47:27","version" => "1.230"},{"date" => "2011-01-30T11:30:23","version" => "1.231"},{"date" => "2011-01-30T13:51:34","version" => "1.232"},{"date" => "2011-02-11T12:25:32","version" => "1.233"},{"date" => "2011-02-21T17:11:22","version" => "1.234"},{"date" => "2011-03-01T13:06:28","version" => "1.235"},{"date" => "2011-04-01T14:09:03","version" => "1.236"},{"date" => "2011-04-04T12:57:04","version" => "1.237"},{"date" => "2011-04-05T14:45:45","version" => "1.238"},{"date" => "2011-04-05T17:40:17","version" => "1.240"},{"date" => "2011-04-07T18:09:49","version" => "1.241"},{"date" => "2011-04-25T15:28:14","version" => "1.242"},{"date" => "2011-05-02T12:33:33","version" => "1.243"},{"date" => "2011-05-16T15:52:46","version" => "1.244"},{"date" => "2011-06-17T12:10:22","version" => "1.245"},{"date" => "2011-06-20T12:32:24","version" => "1.246"},{"date" => "2011-06-27T14:14:52","version" => "1.247"},{"date" => "2011-07-05T15:48:52","version" => "1.248"},{"date" => "2011-07-12T09:54:39","version" => "1.249"},{"date" => "2011-07-22T12:40:47","version" => "1.250"},{"date" => "2011-08-30T12:16:32","version" => "1.251"},{"date" => "2011-09-01T16:06:19","version" => "1.252"},{"date" => "2011-09-02T16:03:35","version" => "1.253"},{"date" => "2011-09-04T15:21:52","version" => "1.254"},{"date" => "2011-09-15T15:23:39","version" => "1.255"},{"date" => "2011-09-16T12:28:51","version" => "1.256"},{"date" => "2011-09-23T10:52:00","version" => "1.257"},{"date" => "2011-10-14T14:45:06","version" => "1.258"},{"date" => "2011-10-16T10:17:53","version" => "1.259"},{"date" => "2011-10-28T13:28:02","version" => "1.260"},{"date" => "2011-11-18T17:02:26","version" => "1.261"},{"date" => "2011-11-19T11:55:30","version" => "1.262"},{"date" => "2011-11-29T15:43:38","version" => "1.263"},{"date" => "2011-11-30T07:50:25","version" => "1.264"},{"date" => "2011-12-06T18:26:54","version" => "1.265"},{"date" => "2012-02-06T11:55:29","version" => "2.001"},{"date" => "2012-02-08T09:49:49","version" => "2.002"},{"date" => "2012-02-08T13:14:22","version" => "2.003"},{"date" => "2012-02-09T11:28:18","version" => "2.004"},{"date" => "2012-02-23T18:25:32","version" => "2.005"},{"date" => "2012-02-25T11:30:41","version" => "2.006"},{"date" => "2012-02-26T16:34:50","version" => "2.007"},{"date" => "2012-03-01T12:40:23","version" => "2.008"},{"date" => "2012-03-13T13:11:49","version" => "2.009"},{"date" => "2012-03-13T13:15:03","version" => "2.010"},{"date" => "2012-03-19T21:41:44","version" => "2.011"},{"date" => "2012-04-05T11:41:54","version" => "2.012"},{"date" => "2012-04-06T12:10:46","version" => "2.013"},{"date" => "2012-05-04T13:57:13","version" => "2.014"},{"date" => "2012-05-14T10:06:13","version" => "2.015"},{"date" => "2012-05-20T08:38:36","version" => "2.016"},{"date" => "2012-05-21T10:56:35","version" => "2.017"},{"date" => "2012-05-29T13:53:06","version" => "2.018"},{"date" => "2012-06-05T12:34:15","version" => "2.019"},{"date" => "2012-06-18T08:34:26","version" => "2.020"},{"date" => "2012-06-27T14:44:55","version" => "2.021_01"},{"date" => "2012-06-28T15:30:52","version" => "2.021"},{"date" => "2012-07-03T14:47:31","version" => "2.022"},{"date" => "2012-07-04T13:50:37","version" => "2.023"},{"date" => "2012-09-04T11:30:02","version" => "2.024"},{"date" => "2012-09-10T10:52:02","version" => "2.025"},{"date" => "2012-09-20T17:12:09","version" => "2.026_1"},{"date" => "2012-09-21T10:38:47","version" => "2.026_2"},{"date" => "2012-09-27T11:53:42","version" => "2.026"},{"date" => "2012-10-30T12:48:16","version" => "2.027"},{"date" => "2012-11-27T12:44:55","version" => "2.028"},{"date" => "2012-11-28T13:31:04","version" => "2.029"},{"date" => "2013-02-27T18:37:05","version" => "2.030_01"},{"date" => "2013-03-23T09:47:53","version" => "2.030"},{"date" => "2013-04-03T17:22:28","version" => "2.031"},{"date" => "2013-04-15T11:28:33","version" => "2.032"},{"date" => "2013-04-15T19:27:14","version" => "2.033"},{"date" => "2013-04-17T19:29:52","version" => "2.034"},{"date" => "2013-04-27T15:05:09","version" => "2.035"},{"date" => "2013-05-25T17:53:04","version" => "2.036"},{"date" => "2013-06-15T17:46:45","version" => "2.037"},{"date" => "2013-07-03T19:30:32","version" => "2.038"},{"date" => "2013-07-18T18:12:07","version" => "2.039"},{"date" => "2013-07-20T09:46:11","version" => "2.040"},{"date" => "2013-08-14T17:58:40","version" => "2.041"},{"date" => "2013-09-15T17:41:45","version" => "2.042"},{"date" => "2013-09-20T17:35:06","version" => "2.043"},{"date" => "2013-10-13T16:02:40","version" => "2.044"},{"date" => "2013-10-18T17:48:15","version" => "2.045"},{"date" => "2013-12-15T13:07:37","version" => "2.046"},{"date" => "2014-01-25T15:54:37","version" => "2.047"},{"date" => "2014-02-23T18:02:19","version" => "2.048"},{"date" => "2014-02-26T19:45:44","version" => "2.049"},{"date" => "2014-02-27T18:12:32","version" => "2.050"},{"date" => "2014-03-06T18:23:11","version" => "2.051"},{"date" => "2014-03-23T16:20:43","version" => "2.052"},{"date" => "2014-03-25T19:11:57","version" => "2.053"},{"date" => "2014-04-01T17:51:50","version" => "2.054"},{"date" => "2014-05-02T11:33:28","version" => "2.055"},{"date" => "2014-05-18T19:34:53","version" => "2.056"},{"date" => "2014-06-12T19:32:47","version" => "2.057"},{"date" => "2014-06-19T19:43:18","version" => "2.058"},{"date" => "2014-06-29T15:08:02","version" => "2.059"},{"date" => "2014-08-19T12:43:59","version" => "2.060"},{"date" => "2014-09-23T19:21:04","version" => "2.061"},{"date" => "2014-11-23T19:45:05","version" => "2.062"},{"date" => "2014-11-28T17:55:21","version" => "2.063"},{"date" => "2014-12-04T18:47:05","version" => "2.064"},{"date" => "2015-01-06T20:16:15","version" => "2.065"},{"date" => "2015-02-15T16:13:00","version" => "2.066"},{"date" => "2015-03-01T18:38:28","version" => "2.067"},{"date" => "2015-03-29T13:39:56","version" => "2.068"},{"date" => "2015-04-25T19:29:15","version" => "2.069"},{"date" => "2015-05-03T14:00:52","version" => "2.070"},{"date" => "2015-05-23T11:15:16","version" => "2.071"},{"date" => "2015-07-18T19:31:43","version" => "2.072"},{"date" => "2015-07-19T07:35:51","version" => "2.073"},{"date" => "2015-09-30T18:56:39","version" => "2.074"},{"date" => "2015-11-22T20:11:19","version" => "2.075"},{"date" => "2016-01-14T18:13:20","version" => "2.076"},{"date" => "2016-01-20T19:55:36","version" => "2.077"},{"date" => "2016-01-24T18:48:46","version" => "2.078"},{"date" => "2016-02-12T20:44:28","version" => "2.079"},{"date" => "2016-02-27T17:59:55","version" => "2.080"},{"date" => "2016-02-29T19:01:45","version" => "2.081"},{"date" => "2016-03-29T18:22:30","version" => "2.082"},{"date" => "2016-04-20T18:32:29","version" => "2.083"},{"date" => "2016-05-26T17:35:53","version" => "2.084"},{"date" => "2016-05-29T17:13:14","version" => "2.085"},{"date" => "2016-06-04T19:28:08","version" => "2.086"},{"date" => "2016-06-29T17:35:35","version" => "2.087"},{"date" => "2016-07-09T18:06:03","version" => "2.088"},{"date" => "2016-09-04T13:17:52","version" => "2.089"},{"date" => "2016-09-10T16:07:07","version" => "2.090"},{"date" => "2016-09-13T17:05:56","version" => "2.091"},{"date" => "2016-09-23T17:46:04","version" => "2.092"},{"date" => "2016-11-08T18:33:39","version" => "2.093"},{"date" => "2016-11-09T18:23:05","version" => "2.094"},{"date" => "2016-12-06T18:01:00","version" => "2.095"},{"date" => "2016-12-11T20:28:14","version" => "2.096"},{"date" => "2016-12-22T17:35:34","version" => "2.097"},{"date" => "2017-02-26T18:58:23","version" => "2.098"},{"date" => "2017-03-05T17:09:37","version" => "2.099"},{"date" => "2017-03-18T12:06:34","version" => "2.100"},{"date" => "2017-04-28T17:40:56","version" => "2.101"},{"date" => "2017-05-14T19:10:40","version" => "2.102"},{"date" => "2017-05-25T08:15:17","version" => "2.103"},{"date" => "2017-06-03T13:23:33","version" => "2.104"},{"date" => "2017-06-09T17:26:55","version" => "2.105"},{"date" => "2017-07-16T14:07:23","version" => "2.106"},{"date" => "2017-08-30T19:12:10","version" => "2.107"},{"date" => "2017-08-31T17:23:43","version" => "2.108"},{"date" => "2017-09-18T17:52:57","version" => "2.109"},{"date" => "2017-09-21T19:12:32","version" => "2.110"},{"date" => "2017-09-22T18:41:04","version" => "2.111"},{"date" => "2017-10-01T09:12:45","version" => "2.112"},{"date" => "2017-10-12T19:07:46","version" => "2.113"},{"date" => "2017-11-11T16:35:03","version" => "2.114"},{"date" => "2017-12-14T18:03:18","version" => "2.115"},{"date" => "2017-12-16T09:52:09","version" => "2.116"},{"date" => "2018-02-03T18:09:35","version" => "2.117"},{"date" => "2018-03-26T18:33:19","version" => "2.118"},{"date" => "2018-04-02T16:55:50","version" => "2.119"},{"date" => "2018-04-08T07:56:03","version" => "2.120"},{"date" => "2018-04-15T17:08:18","version" => "2.121"},{"date" => "2018-04-17T17:20:14","version" => "2.122"},{"date" => "2018-05-01T17:18:09","version" => "2.123"},{"date" => "2018-06-09T17:16:59","version" => "2.124"},{"date" => "2018-06-24T12:47:24","version" => "2.125"},{"date" => "2018-08-20T13:10:09","version" => "2.126"},{"date" => "2018-09-30T16:44:13","version" => "2.127"},{"date" => "2018-11-21T19:33:41","version" => "2.128"},{"date" => "2018-12-05T18:44:58","version" => "2.129"},{"date" => "2018-12-07T19:02:10","version" => "2.130"},{"date" => "2018-12-16T18:32:58","version" => "2.131"},{"date" => "2018-12-22T17:50:27","version" => "2.132"},{"date" => "2019-01-13T20:17:07","version" => "2.133"},{"date" => "2019-05-05T10:51:38","version" => "2.134"},{"date" => "2019-06-05T17:21:24","version" => "2.135"},{"date" => "2019-07-29T15:44:09","version" => "2.136"},{"date" => "2019-12-01T17:32:00","version" => "2.137"},{"date" => "2019-12-27T14:43:21","version" => "2.138"},{"date" => "2020-07-18T14:38:14","version" => "2.139"},{"date" => "2020-07-31T08:24:37","version" => "2.140"},{"date" => "2021-01-17T18:04:01","version" => "2.141"},{"date" => "2021-04-07T17:08:47","version" => "2.142"},{"date" => "2021-10-31T17:28:44","version" => "2.143"},{"date" => "2021-11-04T17:26:40","version" => "2.144"},{"date" => "2021-11-06T18:23:25","version" => "2.145"},{"date" => "2021-11-28T18:13:47","version" => "2.146"},{"date" => "2021-11-29T18:42:25","version" => "2.147"},{"date" => "2022-01-09T15:02:17","version" => "2.148"},{"date" => "2022-01-13T16:42:50","version" => "2.149"},{"date" => "2022-05-08T15:10:12","version" => "2.150"},{"date" => "2022-07-26T14:32:41","version" => "2.151"},{"date" => "2022-07-28T08:07:07","version" => "2.152"},{"date" => "2023-07-14T14:05:14","version" => "2.153"},{"date" => "2023-07-14T17:35:53","version" => "2.153"},{"date" => "2024-06-15T14:47:56","version" => "2.154"},{"date" => "2024-11-24T15:11:43","version" => "2.155"},{"date" => "2026-02-02T15:05:59","version" => "2.156"},{"date" => "2026-03-03T18:24:07","version" => "2.157"},{"date" => "2026-03-04T18:23:59","version" => "2.158"},{"date" => "2026-03-08T15:55:43","version" => "2.159"}]},"Convert-ASN1" => {"advisories" => [{"affected_versions" => ["<0.27"],"cves" => ["CVE-2013-7488"],"description" => "perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.\n","distribution" => "Convert-ASN1","fixed_versions" => [],"id" => "CPANSA-Convert-ASN1-2013-7488","references" => ["https://github.com/gbarr/perl-Convert-ASN1/issues/14","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ONNQSW4SSKMG5RUEFZJZA5T5R2WXEGQF/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/6V3PJEQOT47ZO77263XPGS3Y3AJROI4X/"],"reported" => "2020-04-07","severity" => "high"}],"main_module" => "Convert::ASN1","versions" => [{"date" => "2000-04-03T21:52:45","version" => "0.04"},{"date" => "2000-05-12T10:14:51","version" => "0.05"},{"date" => "2000-05-22T11:08:54","version" => "0.06"},{"date" => "2000-05-30T14:31:54","version" => "0.07"},{"date" => "2001-02-05T22:44:53","version" => "0.08"},{"date" => "2001-04-19T23:07:25","version" => "0.09"},{"date" => "2001-04-20T06:40:05","version" => "0.10"},{"date" => "2001-06-11T13:37:41","version" => "0.11"},{"date" => "2001-07-31T17:11:59","version" => "0.12"},{"date" => "2001-08-26T07:23:52","version" => "0.13"},{"date" => "2001-09-10T18:07:31","version" => "0.14"},{"date" => "2002-01-22T11:33:25","version" => "0.15"},{"date" => "2002-08-20T00:05:24","version" => "0.16"},{"date" => "2003-05-12T17:52:00","version" => "0.17"},{"date" => "2003-10-08T14:31:56","version" => "0.18"},{"date" => "2005-04-19T00:51:07","version" => "0.19"},{"date" => "2006-02-22T01:29:15","version" => "0.20"},{"date" => "2007-02-03T02:50:32","version" => "0.21"},{"date" => "2008-09-15T19:39:08","version" => "0.22"},{"date" => "2012-05-03T21:33:29","version" => "0.23"},{"date" => "2012-06-04T22:12:03","version" => "0.24"},{"date" => "2012-06-09T00:32:31","version" => "0.25"},{"date" => "2012-06-09T18:31:05","version" => "0.26"},{"date" => "2014-06-25T18:49:11","version" => "0.27"},{"date" => "2021-05-23T21:05:04","version" => "0.28"},{"date" => "2021-05-24T21:29:37","version" => "0.29"},{"date" => "2021-05-30T00:58:54","version" => "0.30"},{"date" => "2021-06-03T01:30:40","version" => "0.31"},{"date" => "2021-09-21T21:46:25","version" => "0.32"},{"date" => "2021-09-22T22:51:23","version" => "0.33"},{"date" => "2023-08-07T22:47:22","version" => "0.34"}]},"Convert-UUlib" => {"advisories" => [{"affected_versions" => ["<1.051"],"cves" => ["CVE-2005-1349"],"description" => "Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.\n","distribution" => "Convert-UUlib","fixed_versions" => [],"id" => "CPANSA-Convert-UUlib-2005-1349","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200504-26.xml","http://secunia.com/advisories/15130","http://www.securityfocus.com/bid/13401","http://www.mandriva.com/security/advisories?name=MDKSA-2006:022","https://exchange.xforce.ibmcloud.com/vulnerabilities/20275"],"reported" => "2005-05-02","severity" => undef}],"main_module" => "Convert::UUlib","versions" => [{"date" => "1999-05-08T20:44:28","version" => "0.03"},{"date" => "1999-05-25T19:26:16","version" => "0.05"},{"date" => "1999-07-29T21:35:05","version" => "0.06"},{"date" => "2000-07-16T20:52:56","version" => "0.11"},{"date" => "2001-05-04T21:14:40","version" => "0.111"},{"date" => "2001-06-14T16:49:29","version" => "0.2"},{"date" => "2001-09-16T01:45:11","version" => "0.201"},{"date" => "2002-03-31T22:10:15","version" => "0.21"},{"date" => "2002-03-31T22:52:00","version" => "0.21"},{"date" => "2002-04-05T22:18:55","version" => "0.211"},{"date" => "2002-04-06T02:39:32","version" => "0.212"},{"date" => "2002-07-27T19:20:26","version" => "0.213"},{"date" => "2002-10-13T18:14:28","version" => "0.3"},{"date" => "2002-10-15T23:26:09","version" => "0.31"},{"date" => "2003-11-24T16:10:49","version" => "1.0"},{"date" => "2004-03-16T20:05:14","version" => "1.01"},{"date" => "2004-04-18T14:51:27","version" => "1.02"},{"date" => "2004-04-18T20:16:15","version" => "1.03"},{"date" => "2004-12-28T14:12:40","version" => "1.04"},{"date" => "2005-03-03T17:52:16","version" => "1.051"},{"date" => "2005-12-05T23:58:50","version" => "1.06"},{"date" => "2006-12-10T16:45:11","version" => "1.07"},{"date" => "2006-12-16T22:31:30","version" => "1.08"},{"date" => "2007-05-25T17:40:35","version" => "1.09"},{"date" => "2008-06-13T13:27:38","version" => "1.10"},{"date" => "2008-06-13T13:34:18","version" => "1.11"},{"date" => "2008-10-13T12:13:26","version" => "1.12"},{"date" => "2009-08-28T23:26:34","version" => "1.3"},{"date" => "2009-09-16T07:05:05","version" => "1.31"},{"date" => "2009-09-16T18:10:46","version" => "1.32"},{"date" => "2009-10-28T08:05:40","version" => "1.33"},{"date" => "2010-12-14T21:21:33","version" => "1.34"},{"date" => "2011-05-29T15:23:57","version" => "1.4"},{"date" => "2015-07-11T01:57:19","version" => "1.5"},{"date" => "2019-10-24T15:19:15","version" => "1.6"},{"date" => "2020-02-17T22:21:21","version" => "1.62"},{"date" => "2020-02-29T21:09:26","version" => "1.7"},{"date" => "2020-03-16T23:54:43","version" => "1.71"},{"date" => "2020-12-17T01:25:02","version" => "1.8"}]},"Cpanel-JSON-XS" => {"advisories" => [{"affected_versions" => ["<3.0225"],"cves" => [],"description" => "Overflow during processing of ill-formed UTF-8 strings.\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=3.0225"],"id" => "CPANSA-Cpanel-JSON-XS-2016-02","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/commit/f71768984ba7f50b0476c17a4f3b3f2ca88a6951","https://github.com/dankogai/p5-encode/issues/64"],"reported" => "2016-11-23"},{"affected_versions" => ["<3.0218"],"cves" => [],"description" => "Possible overflows in av and hv length types.\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=3.0218"],"id" => "CPANSA-Cpanel-JSON-XS-2016-01","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/commit/6554531b39fac236321d8601d35eaaa75ae45e20"],"reported" => undef},{"affected_versions" => ["<4.033"],"cves" => ["CVE-2022-48623"],"description" => "Wrong error messages/sometimes crashes or endless loops with invalid JSON in relaxed mode\n","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=4.033"],"id" => "CPANSA-Cpanel-JSON-XS-2023-01","references" => ["https://metacpan.org/changes/distribution/Cpanel-JSON-XS","https://github.com/rurban/Cpanel-JSON-XS/issues/208","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.33/changes","https://nvd.nist.gov/vuln/detail/CVE-2022-48623","https://github.com/rurban/Cpanel-JSON-XS/commit/41f32396eee9395a40f9ed80145c37622560de9b","https://github.com/advisories/GHSA-44qr-8pf6-6q33"],"reported" => "2023-02-21"},{"affected_versions" => ["<4.40"],"cves" => ["CVE-2025-40929"],"description" => "Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact","distribution" => "Cpanel-JSON-XS","fixed_versions" => [">=4.40"],"id" => "CPANSA-Cpanel-JSON-XS-2025-40929","references" => ["https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713","https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "Cpanel::JSON::XS","versions" => [{"date" => "2013-03-01T00:52:41","version" => "2.33_03"},{"date" => "2013-03-01T22:07:06","version" => "2.33_04"},{"date" => "2013-03-27T16:53:34","version" => "2.3305"},{"date" => "2013-03-27T17:17:51","version" => "2.3306"},{"date" => "2013-03-27T22:58:47","version" => "2.3307"},{"date" => "2013-03-28T14:28:56","version" => "2.3308"},{"date" => "2013-03-28T15:12:42","version" => "2.3309"},{"date" => "2013-03-28T17:33:21","version" => "2.3310"},{"date" => "2013-06-26T16:24:40","version" => "2.3313"},{"date" => "2013-09-09T05:54:40","version" => "2.3314"},{"date" => "2013-10-02T20:06:47","version" => "2.3401"},{"date" => "2013-11-02T14:42:20","version" => "2.3402"},{"date" => "2013-11-02T15:17:41","version" => "2.3403"},{"date" => "2014-01-30T15:58:58","version" => "2.3404"},{"date" => "2014-04-15T21:17:11","version" => "3.0101"},{"date" => "2014-04-17T18:37:34","version" => "3.0102"},{"date" => "2014-04-21T17:49:09","version" => "3.0103"},{"date" => "2014-04-26T16:04:39","version" => "3.0104"},{"date" => "2014-11-06T10:38:31","version" => "3.0105"},{"date" => "2014-11-11T21:57:49","version" => "3.0106"},{"date" => "2014-11-28T12:16:29","version" => "3.0107"},{"date" => "2014-12-11T17:02:07","version" => "3.0108"},{"date" => "2014-12-12T10:24:33","version" => "3.0109"},{"date" => "2014-12-12T22:35:37","version" => "3.0110"},{"date" => "2014-12-13T18:40:06","version" => "3.0111"},{"date" => "2014-12-14T16:34:01","version" => "3.0112"},{"date" => "2014-12-15T12:23:32","version" => "3.0113"},{"date" => "2015-01-04T14:06:03","version" => "3.0114"},{"date" => "2015-01-31T21:42:51","version" => "3.0115"},{"date" => "2015-11-26T08:58:33","version" => "3.0201"},{"date" => "2015-11-26T13:16:40","version" => "3.0202"},{"date" => "2015-11-26T13:42:02","version" => "3.0203"},{"date" => "2015-11-26T22:30:26","version" => "3.0204"},{"date" => "2015-11-29T14:09:00","version" => "3.0205"},{"date" => "2015-11-30T16:16:48","version" => "3.0206"},{"date" => "2015-12-02T16:34:35","version" => "3.0207"},{"date" => "2015-12-02T22:46:58","version" => "3.0208"},{"date" => "2015-12-03T09:45:04","version" => "3.0209"},{"date" => "2015-12-03T11:59:24","version" => "3.0210"},{"date" => "2016-01-10T17:38:25","version" => "3.0211"},{"date" => "2016-02-27T13:30:04","version" => "3.0212"},{"date" => "2016-03-02T10:28:37","version" => "3.0213"},{"date" => "2016-04-12T08:40:05","version" => "3.0213_01"},{"date" => "2016-04-13T10:40:03","version" => "3.0213_02"},{"date" => "2016-06-02T16:18:51","version" => "3.0214"},{"date" => "2016-06-06T13:28:49","version" => "3.0215"},{"date" => "2016-06-12T12:14:20","version" => "3.0216"},{"date" => "2016-06-18T09:59:27","version" => "3.0217"},{"date" => "2016-10-04T10:11:33","version" => "3.0217_01"},{"date" => "2016-10-04T14:47:29","version" => "3.0217_02"},{"date" => "2016-10-06T08:46:17","version" => "3.0217_03"},{"date" => "2016-10-07T12:11:03","version" => "3.0217_04"},{"date" => "2016-10-07T17:22:48","version" => "3.0217_05"},{"date" => "2016-10-08T08:01:50","version" => "3.0217_06"},{"date" => "2016-10-13T12:47:31","version" => "3.0218"},{"date" => "2016-10-26T11:45:35","version" => "3.0219"},{"date" => "2016-10-28T08:34:28","version" => "3.0220"},{"date" => "2016-10-30T12:27:36","version" => "3.0221"},{"date" => "2016-10-30T15:04:32","version" => "3.0222"},{"date" => "2016-11-16T11:47:38","version" => "3.0223"},{"date" => "2016-11-20T11:31:34","version" => "3.0224"},{"date" => "2016-11-23T18:43:00","version" => "3.0225"},{"date" => "2017-02-11T13:24:48","version" => "3.0226"},{"date" => "2017-02-13T10:57:06","version" => "3.0227"},{"date" => "2017-03-07T23:57:39","version" => "3.0228"},{"date" => "2017-03-10T14:08:07","version" => "3.0229"},{"date" => "2017-03-12T09:52:13","version" => "3.0230"},{"date" => "2017-03-29T09:51:51","version" => "3.0231"},{"date" => "2017-05-01T05:35:12","version" => "3.0232"},{"date" => "2017-05-01T14:54:56","version" => "3.0233"},{"date" => "2017-07-27T15:43:41","version" => "3.0234"},{"date" => "2017-07-27T16:21:47","version" => "3.0235"},{"date" => "2017-07-27T20:15:25","version" => "3.0236"},{"date" => "2017-07-28T11:15:05","version" => "3.0237"},{"date" => "2017-08-25T20:53:56","version" => "3.0238"},{"date" => "2017-08-28T20:48:37","version" => "3.0239"},{"date" => "2018-01-30T11:52:27","version" => "3.99_01"},{"date" => "2018-01-31T12:58:24","version" => "3.99_02"},{"date" => "2018-01-31T17:18:58","version" => "3.99_03"},{"date" => "2018-02-02T01:57:54","version" => "4.00"},{"date" => "2018-02-03T11:50:36","version" => "4.01"},{"date" => "2018-02-27T16:08:55","version" => "4.02"},{"date" => "2018-06-21T11:16:14","version" => "4.03"},{"date" => "2018-06-22T17:37:07","version" => "4.04"},{"date" => "2018-08-19T16:55:22","version" => "4.05"},{"date" => "2018-08-23T07:50:22","version" => "4.06"},{"date" => "2018-11-02T09:51:34","version" => "4.07"},{"date" => "2018-11-28T14:26:40","version" => "4.08"},{"date" => "2019-02-15T10:09:53","version" => "4.09"},{"date" => "2019-03-18T07:50:15","version" => "4.10"},{"date" => "2019-03-26T16:46:53","version" => "4.11"},{"date" => "2019-06-11T08:04:04","version" => "4.12"},{"date" => "2019-10-14T14:14:37","version" => "4.13"},{"date" => "2019-10-15T15:16:21","version" => "4.14"},{"date" => "2019-10-22T07:01:03","version" => "4.15"},{"date" => "2019-11-04T15:51:01","version" => "4.16"},{"date" => "2019-11-05T13:48:29","version" => "4.17"},{"date" => "2019-12-13T15:54:58","version" => "4.18"},{"date" => "2020-02-06T15:07:47","version" => "4.19"},{"date" => "2020-08-12T12:18:46","version" => "4.20"},{"date" => "2020-08-13T06:56:18","version" => "4.21"},{"date" => "2020-09-04T19:26:28","version" => "4.22"},{"date" => "2020-09-05T10:21:25","version" => "4.23"},{"date" => "2020-10-02T09:05:37","version" => "4.24"},{"date" => "2020-10-28T07:04:49","version" => "4.25"},{"date" => "2021-04-12T06:34:32","version" => "4.26"},{"date" => "2021-10-14T19:19:01","version" => "4.27"},{"date" => "2022-05-05T14:46:07","version" => "4.28"},{"date" => "2022-05-27T15:32:51","version" => "4.29"},{"date" => "2022-06-16T19:19:38","version" => "4.30"},{"date" => "2022-08-10T14:25:08","version" => "4.31"},{"date" => "2022-08-13T07:13:40","version" => "4.32"},{"date" => "2023-02-21T16:34:10","version" => "4.33"},{"date" => "2023-02-21T18:39:09","version" => "4.34"},{"date" => "2023-02-22T15:40:53","version" => "4.35"},{"date" => "2023-03-02T15:11:52","version" => "4.36"},{"date" => "2023-07-04T10:35:53","version" => "4.37"},{"date" => "2024-05-28T07:42:37","version" => "4.38"},{"date" => "2024-12-12T21:17:16","version" => "4.39"},{"date" => "2025-09-08T14:02:35","version" => "4.40"}]},"Crypt-CBC" => {"advisories" => [{"affected_versions" => ["<3.04"],"cves" => [],"description" => "Fixed bug involving manually-specified IV not being used in some circumstances.\n","distribution" => "Crypt-CBC","fixed_versions" => [">=3.04"],"id" => "CPANSA-Crypt-CBC-2021-0001","references" => ["https://metacpan.org/changes/distribution/Crypt-CBC","https://github.com/briandfoy/cpan-security-advisory/issues/165"],"reported" => "2021-05-17","severity" => undef},{"affected_versions" => ["<2.17"],"cves" => ["CVE-2006-0898"],"description" => "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.\n","distribution" => "Crypt-CBC","fixed_versions" => [">=2.17"],"id" => "CPANSA-Crypt-CBC-2006-0898","references" => ["https://metacpan.org/changes/distribution/Crypt-CBC","http://www.securityfocus.com/bid/16802","http://secunia.com/advisories/18755","http://www.debian.org/security/2006/dsa-996","http://secunia.com/advisories/19187","http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml","http://secunia.com/advisories/19303","http://www.novell.com/linux/security/advisories/2006_38_security.html","http://secunia.com/advisories/20899","http://securityreason.com/securityalert/488","http://www.redhat.com/support/errata/RHSA-2008-0261.html","http://secunia.com/advisories/31493","http://rhn.redhat.com/errata/RHSA-2008-0630.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/24954","http://www.securityfocus.com/archive/1/425966/100/0/threaded"],"reported" => "2006-02-25","severity" => undef},{"affected_versions" => [">=1.21,<3.07"],"cves" => ["CVE-2025-2814"],"description" => "Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  This issue affects operating systems where \"/dev/urandom'\" is unavailable.\x{a0} In that case, Crypt::CBC will fallback to use the insecure rand() function.","distribution" => "Crypt-CBC","fixed_versions" => [">=3.07"],"id" => "CPANSA-Crypt-CBC-2025-2814","references" => ["https://metacpan.org/dist/Crypt-CBC/source/lib/Crypt/CBC.pm#L777","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://github.com/lstein/Lib-Crypt-CBC/issues/9"],"reported" => "2025-04-13","severity" => undef}],"main_module" => "Crypt::CBC","versions" => [{"date" => "1998-06-19T19:48:52","version" => "1.00"},{"date" => "1998-09-22T18:30:35","version" => "1.10"},{"date" => "1998-12-20T23:36:49","version" => "1.20"},{"date" => "2000-01-27T00:27:56","version" => "1.22"},{"date" => "2000-02-22T15:20:56","version" => "1.23"},{"date" => "2000-06-07T18:55:59","version" => "1.24"},{"date" => "2000-06-08T15:59:07","version" => "1.25"},{"date" => "2001-12-10T17:16:25","version" => "2.01"},{"date" => "2002-01-24T05:30:16","version" => "2.02"},{"date" => "2002-06-02T18:40:15","version" => "2.03"},{"date" => "2002-06-12T02:20:51","version" => "2.04"},{"date" => "2002-06-22T13:02:09","version" => "2.05"},{"date" => "2002-08-08T18:47:49","version" => "2.07"},{"date" => "2002-09-11T12:17:23","version" => "2.08"},{"date" => "2004-05-27T15:20:52","version" => "2.09"},{"date" => "2004-05-29T17:29:19","version" => "2.10"},{"date" => "2004-06-03T16:22:32","version" => "2.11"},{"date" => "2004-06-17T15:55:19","version" => "2.11"},{"date" => "2005-05-05T20:11:50","version" => "2.14"},{"date" => "2005-08-01T14:02:45","version" => "2.15"},{"date" => "2006-02-16T14:08:57","version" => "2.17"},{"date" => "2006-06-06T23:22:02","version" => "2.18"},{"date" => "2006-08-12T19:52:11","version" => "2.19"},{"date" => "2006-10-16T23:40:13","version" => "2.21"},{"date" => "2006-10-29T21:55:34","version" => "2.22"},{"date" => "2007-09-28T15:25:53","version" => "2.24"},{"date" => "2008-03-28T14:17:29","version" => "2.27"},{"date" => "2008-03-31T14:56:52","version" => "2.28"},{"date" => "2008-04-22T14:27:07","version" => "2.29"},{"date" => "2008-09-30T15:17:58","version" => "2.30"},{"date" => "2012-10-30T11:08:06","version" => "2.31"},{"date" => "2012-12-14T19:30:14","version" => "2.32"},{"date" => "2013-07-30T20:03:53","version" => "2.33"},{"date" => "2021-02-07T15:30:51","version" => "3.00"},{"date" => "2021-02-08T21:38:16","version" => "3.01"},{"date" => "2021-04-11T22:16:48","version" => "3.02"},{"date" => "2021-04-19T02:59:12","version" => "3.03"},{"date" => "2021-05-17T15:03:53","version" => "3.04"},{"date" => "2025-07-21T00:57:11","version" => "3.05"},{"date" => "2025-07-26T16:23:53","version" => "3.06"},{"date" => "2025-07-27T14:50:49","version" => "3.07"}]},"Crypt-DSA" => {"advisories" => [{"affected_versions" => ["<1.18"],"cves" => ["CVE-2011-3599"],"description" => "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.\n","distribution" => "Crypt-DSA","fixed_versions" => [],"id" => "CPANSA-Crypt-DSA-2011-3599","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=71421","https://bugzilla.redhat.com/show_bug.cgi?id=743567","http://www.openwall.com/lists/oss-security/2011/10/05/9","http://www.openwall.com/lists/oss-security/2011/10/05/5","http://secunia.com/advisories/46275","http://www.securityfocus.com/bid/49928","http://osvdb.org/76025"],"reported" => "2011-10-10","severity" => undef}],"main_module" => "Crypt::DSA","versions" => [{"date" => "2001-03-24T01:21:08","version" => "0.02"},{"date" => "2001-04-07T07:44:41","version" => "0.03"},{"date" => "2001-04-23T00:09:38","version" => "0.10"},{"date" => "2001-05-02T23:26:09","version" => "0.11"},{"date" => "2001-05-04T06:12:08","version" => "0.12"},{"date" => "2005-05-26T16:19:59","version" => "0.13"},{"date" => "2006-05-08T18:43:01","version" => "0.14"},{"date" => "2009-08-19T11:11:31","version" => "0.15_01"},{"date" => "2009-09-11T12:47:36","version" => "1.16"},{"date" => "2011-06-17T01:49:57","version" => "1.17"},{"date" => "2024-12-04T04:25:53","version" => "1.18"},{"date" => "2024-12-04T13:54:34","version" => "1.18"},{"date" => "2024-12-04T14:50:02","version" => "1.19"}]},"Crypt-JWT" => {"advisories" => [{"affected_versions" => ["<0.023"],"cves" => ["CVE-2019-1010263"],"description" => "Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c.\n","distribution" => "Crypt-JWT","fixed_versions" => [">=0.023"],"id" => "CPANSA-Crypt-JWT-2019-01","references" => ["https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c","https://www.openwall.com/lists/oss-security/2018/09/07/1"],"reported" => "2019-03-20","severity" => "high"},{"affected_versions" => ["<0.022"],"cves" => ["CVE-2019-1010161"],"description" => "perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.\n","distribution" => "Crypt-JWT","fixed_versions" => [">=0.022"],"id" => "CPANSA-Crypt-JWT-2019-01","references" => ["https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483"],"reported" => "2019-03-20","severity" => "high"}],"main_module" => "Crypt::JWT","versions" => [{"date" => "2015-07-02T22:24:01","version" => "0.004"},{"date" => "2015-07-02T22:54:29","version" => "0.005"},{"date" => "2015-07-07T19:43:45","version" => "0.010"},{"date" => "2015-10-22T07:08:48","version" => "0.011"},{"date" => "2016-05-02T17:33:01","version" => "0.012"},{"date" => "2016-05-03T07:10:15","version" => "0.013"},{"date" => "2016-05-04T05:48:13","version" => "0.014"},{"date" => "2016-05-12T05:38:49","version" => "0.015"},{"date" => "2016-05-12T08:03:49","version" => "0.016"},{"date" => "2016-06-03T10:17:48","version" => "0.017"},{"date" => "2016-08-31T19:49:41","version" => "0.018"},{"date" => "2018-01-26T16:07:54","version" => "0.019"},{"date" => "2018-02-02T15:02:28","version" => "0.020"},{"date" => "2018-03-15T11:59:25","version" => "0.021"},{"date" => "2018-06-24T20:29:50","version" => "0.022"},{"date" => "2018-09-01T16:09:10","version" => "0.023"},{"date" => "2019-03-26T11:11:25","version" => "0.024"},{"date" => "2019-09-29T15:23:58","version" => "0.025"},{"date" => "2020-02-02T08:44:56","version" => "0.026"},{"date" => "2020-06-04T22:35:39","version" => "0.027"},{"date" => "2020-06-14T18:17:45","version" => "0.028"},{"date" => "2020-06-22T13:13:53","version" => "0.029"},{"date" => "2021-01-08T14:22:56","version" => "0.030"},{"date" => "2021-01-10T14:18:25","version" => "0.031"},{"date" => "2021-03-18T21:02:33","version" => "0.032"},{"date" => "2021-05-01T17:18:31","version" => "0.033"},{"date" => "2021-11-28T22:08:38","version" => "0.034"},{"date" => "2023-10-03T10:20:23","version" => "0.035"},{"date" => "2025-01-26T10:17:48","version" => "0.036"},{"date" => "2025-04-27T15:02:48","version" => "0.037"}]},"Crypt-NaCl-Sodium" => {"advisories" => [{"affected_versions" => ["<2.002"],"cves" => ["CVE-2026-2588"],"description" => "Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems.  Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions.  On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 64-bits.","distribution" => "Crypt-NaCl-Sodium","fixed_versions" => [">=2.002"],"id" => "CPANSA-Crypt-NaCl-Sodium-2026-2588","references" => ["https://github.com/cpan-authors/crypt-nacl-sodium/commit/557388bdb4da416a56663cda0154b80cd524395c.patch","https://github.com/cpan-authors/crypt-nacl-sodium/commit/8cf7f66ba922443e131c9deae1ee00fafe4f62e4.patch","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.001/source/Sodium.xs#L2119"],"reported" => "2026-02-23","severity" => undef},{"affected_versions" => ["<2.003"],"cves" => ["CVE-2026-30909"],"description" => "Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows.  bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer.  Encountering this issue is unlikely as the message length would need to be very large.  For bin2hex() the bin_len would have to be > SIZE_MAX / 2 For encrypt() the msg_len would need to be > SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be > SIZE_MAX - 16U For seal() the enc_len would need to be > SIZE_MAX - 64U","distribution" => "Crypt-NaCl-Sodium","fixed_versions" => [">=2.003"],"id" => "CPANSA-Crypt-NaCl-Sodium-2026-30909","references" => ["https://github.com/cpan-authors/crypt-nacl-sodium/pull/24.patch","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L2116","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L2310","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L3304","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L942","https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.003/source/Changes","http://www.openwall.com/lists/oss-security/2026/03/08/1"],"reported" => "2026-03-08","severity" => undef}],"main_module" => "Crypt::NaCl::Sodium","versions" => [{"date" => "2015-05-11T23:46:38","version" => "0.01"},{"date" => "2015-05-12T00:36:27","version" => "0.02"},{"date" => "2015-05-12T21:28:08","version" => "0.03"},{"date" => "2015-05-17T23:32:58","version" => "0.04"},{"date" => "2015-05-19T21:42:19","version" => "0.05"},{"date" => "2015-05-20T21:42:03","version" => "0.06"},{"date" => "2015-07-13T21:38:48","version" => "0.07"},{"date" => "2015-07-16T23:17:55","version" => "0.08"},{"date" => "2015-11-22T23:01:21","version" => "1.0.6.0"},{"date" => "2015-11-25T23:52:50","version" => "1.0.6.1"},{"date" => "2015-12-24T02:46:57","version" => "1.0.7.0"},{"date" => "2015-12-27T21:47:41","version" => "1.0.8.0"},{"date" => "2026-02-11T00:21:19","version" => "2.000"},{"date" => "2026-02-12T23:20:54","version" => "2.001"},{"date" => "2026-02-22T23:28:45","version" => "2.002"},{"date" => "2026-03-08T01:06:53","version" => "2.003"}]},"Crypt-OpenSSL-DSA" => {"advisories" => [{"affected_versions" => ["<0.14"],"cves" => ["CVE-2009-0129"],"description" => "Missing error check in do_verify, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.\n","distribution" => "Crypt-OpenSSL-DSA","fixed_versions" => [">=0.14"],"id" => "CPANSA-Crypt-OpenSSL-DSA-2009-01","references" => ["https://metacpan.org/changes/distribution/Crypt-OpenSSL-DSA","https://www.openwall.com/lists/oss-security/2009/01/12/4","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519"],"reported" => "2009-01-15"}],"main_module" => "Crypt::OpenSSL::DSA","versions" => [{"date" => "2001-09-19T04:45:14","version" => "0.01"},{"date" => "2001-09-24T17:32:49","version" => "0.02"},{"date" => "2002-02-07T05:57:36","version" => "0.03"},{"date" => "2002-09-24T04:52:06","version" => "0.04"},{"date" => "2002-09-26T00:21:17","version" => "0.10"},{"date" => "2003-01-06T19:08:08","version" => "0.11"},{"date" => "2005-05-23T01:44:36","version" => "0.12"},{"date" => "2005-10-15T21:37:10","version" => "0.13"},{"date" => "2012-10-16T22:55:16","version" => "0.14"},{"date" => "2015-02-03T21:57:37","version" => "0.15"},{"date" => "2016-10-27T11:25:18","version" => "0.16"},{"date" => "2016-10-27T18:54:42","version" => "0.17"},{"date" => "2016-11-17T10:33:35","version" => "0.18"},{"date" => "2017-01-13T08:24:56","version" => "0.19"},{"date" => "2021-03-20T12:31:50","version" => "0.20"}]},"Crypt-OpenSSL-RSA" => {"advisories" => [{"affected_versions" => ["<0.35"],"cves" => ["CVE-2024-2467"],"description" => "A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.\n","distribution" => "Crypt-OpenSSL-RSA","fixed_versions" => [">=0.35"],"id" => "CPANSA-Crypt-OpenSSL-RSA-2024-2467","references" => ["https://access.redhat.com/security/cve/CVE-2024-2467","https://bugzilla.redhat.com/show_bug.cgi?id=2269567","https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42","https://people.redhat.com/~hkario/marvin/"],"reported" => "2024-04-25","severity" => undef}],"main_module" => "Crypt::OpenSSL::RSA","versions" => [{"date" => "2001-04-02T04:24:26","version" => "0.08"},{"date" => "2001-04-02T16:43:12","version" => "0.09"},{"date" => "2001-04-10T20:56:43","version" => "0.10"},{"date" => "2001-04-11T02:58:01","version" => "0.11"},{"date" => "2001-09-07T03:14:26","version" => "0.12"},{"date" => "2002-03-22T04:46:17","version" => "0.13"},{"date" => "2002-05-19T16:54:53","version" => "0.14"},{"date" => "2002-06-07T13:25:40","version" => "0.15"},{"date" => "2002-06-12T02:15:47","version" => "0.16"},{"date" => "2003-01-07T04:08:58","version" => "0.17"},{"date" => "2003-02-24T02:27:12","version" => "0.18"},{"date" => "2003-04-27T22:48:40","version" => "0.19"},{"date" => "2004-02-15T20:43:41","version" => "0.20"},{"date" => "2004-02-16T02:19:45","version" => "0.21"},{"date" => "2005-06-06T10:51:24","version" => "0.22"},{"date" => "2005-11-15T04:34:15","version" => "0.22"},{"date" => "2006-04-13T04:38:04","version" => "0.23"},{"date" => "2006-11-13T15:34:59","version" => "0.24"},{"date" => "2007-05-20T19:06:56","version" => "0.25"},{"date" => "2009-11-22T20:40:31","version" => "0.26"},{"date" => "2011-06-29T18:49:35","version" => "0.26_01"},{"date" => "2011-07-03T20:14:52","version" => "0.27"},{"date" => "2011-08-24T23:04:56","version" => "0.28"},{"date" => "2017-11-27T03:36:04","version" => "0.28"},{"date" => "2018-04-14T05:01:11","version" => "0.29_01"},{"date" => "2018-04-15T18:55:41","version" => "0.29_02"},{"date" => "2018-04-16T20:47:56","version" => "0.29_03"},{"date" => "2018-05-01T16:37:12","version" => "0.30"},{"date" => "2018-09-24T17:36:24","version" => "0.31"},{"date" => "2021-09-08T15:50:47","version" => "0.32"},{"date" => "2022-07-08T11:25:11","version" => "0.33"},{"date" => "2025-05-03T12:48:15","version" => "0.34_01"},{"date" => "2025-05-04T13:50:42","version" => "0.34_02"},{"date" => "2025-05-04T14:18:26","version" => "0.34_03"},{"date" => "2025-05-05T13:44:07","version" => "0.34"},{"date" => "2025-05-07T16:52:11","version" => "0.35"},{"date" => "2025-10-29T21:22:55","version" => "0.36"},{"date" => "2025-10-29T21:41:15","version" => "0.37"}]},"Crypt-Passwd-XS" => {"advisories" => [{"affected_versions" => ["<0.601"],"cves" => ["CVE-2012-2143"],"description" => "The crypt_des (aka DES-based crypt) function does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.\n","distribution" => "Crypt-Passwd-XS","fixed_versions" => [">=0.601"],"id" => "CPANSA-Crypt-Passwd-XS-2012-01","references" => ["https://metacpan.org/changes/distribution/Crypt-Passwd-XS"],"reported" => "2012-05-07"}],"main_module" => "Crypt::Passwd::XS","versions" => [{"date" => "2010-11-14T21:18:18","version" => "0.4"},{"date" => "2010-11-17T02:03:54","version" => "0.501"},{"date" => "2010-11-17T23:25:17","version" => "0.503"},{"date" => "2010-11-20T00:37:33","version" => "0.504"},{"date" => "2010-11-24T00:59:34","version" => "0.505"},{"date" => "2011-03-09T16:18:01","version" => "0.506"},{"date" => "2011-03-09T21:40:38","version" => "0.507"},{"date" => "2011-07-26T16:37:20","version" => "0.600"},{"date" => "2012-12-06T19:57:57","version" => "0.601"}]},"Crypt-Perl" => {"advisories" => [{"affected_versions" => ["<0.33"],"cves" => ["CVE-2020-17478"],"description" => "ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.\n","distribution" => "Crypt-Perl","fixed_versions" => [">=0.33"],"id" => "CPANSA-Crypt-Perl-2020-01","references" => ["https://github.com/FGasper/p5-Crypt-Perl/compare/0.32...0.33"],"reported" => "2020-08-10","severity" => "high"},{"affected_versions" => ["<0.32"],"cves" => ["CVE-2020-13895"],"description" => "Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.\n","distribution" => "Crypt-Perl","fixed_versions" => [">=0.32"],"id" => "CPANSA-Crypt-Perl-2020-02","references" => ["https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2","https://github.com/FGasper/p5-Crypt-Perl/issues/14"],"reported" => "2020-06-07","severity" => "high"}],"main_module" => "Crypt::Perl","versions" => [{"date" => "2016-12-14T06:20:54","version" => "0.01"},{"date" => "2016-12-17T05:33:45","version" => "0.02"},{"date" => "2016-12-19T14:55:23","version" => "0.021"},{"date" => "2016-12-19T22:19:39","version" => "0.022"},{"date" => "2016-12-20T08:45:47","version" => "0.03"},{"date" => "2016-12-20T18:44:49","version" => "0.031"},{"date" => "2016-12-21T05:18:09","version" => "0.032"},{"date" => "2016-12-23T05:59:32","version" => "0.033"},{"date" => "2016-12-29T16:03:59","version" => "0.1"},{"date" => "2016-12-31T06:23:01","version" => "0.11"},{"date" => "2017-01-02T21:24:31","version" => "0.12"},{"date" => "2017-01-03T14:55:13","version" => "0.13"},{"date" => "2017-01-03T16:30:45","version" => "0.14"},{"date" => "2017-01-04T00:12:29","version" => "0.15"},{"date" => "2017-02-02T09:09:40","version" => "0.15_1"},{"date" => "2017-02-03T03:31:34","version" => "0.16_rc1"},{"date" => "2017-02-03T03:38:07","version" => "0.15_2"},{"date" => "2017-02-03T07:21:32","version" => "0.15_3"},{"date" => "2017-02-07T04:16:06","version" => "0.16"},{"date" => "2017-02-08T07:56:45","version" => "0.16_1"},{"date" => "2017-02-08T09:25:41","version" => "0.17"},{"date" => "2017-02-09T04:07:34","version" => "0.17_1"},{"date" => "2018-06-18T01:48:20","version" => "0.18-TRIAL1"},{"date" => "2018-06-18T02:52:52","version" => "0.18-TRIAL2"},{"date" => "2018-06-18T12:03:17","version" => "0.18-TRIAL3"},{"date" => "2018-06-18T15:07:20","version" => "0.18-TRIAL4"},{"date" => "2018-06-18T20:34:04","version" => "0.18-TRIAL5"},{"date" => "2018-06-18T21:06:07","version" => "0.18-TRIAL6"},{"date" => "2018-06-18T21:47:43","version" => "0.18-TRIAL7"},{"date" => "2018-06-18T22:42:19","version" => "0.18"},{"date" => "2018-06-19T04:25:06","version" => "0.19"},{"date" => "2018-06-19T06:14:32","version" => "0.20-TRIAL1"},{"date" => "2018-06-19T14:23:57","version" => "0.20-TRIAL2"},{"date" => "2018-06-19T15:50:08","version" => "0.20"},{"date" => "2018-06-19T15:56:15","version" => "0.21"},{"date" => "2018-06-21T03:33:59","version" => "0.22-TRIAL1"},{"date" => "2018-06-21T13:31:18","version" => "0.22-TRIAL2"},{"date" => "2018-06-22T14:43:21","version" => "0.22"},{"date" => "2018-06-23T00:40:40","version" => "0.23-TRIAL1"},{"date" => "2018-06-25T14:35:15","version" => "0.23"},{"date" => "2018-07-23T03:11:37","version" => "0.24_TRIAL1"},{"date" => "2018-07-23T03:13:05","version" => "0.24_TRIAL2"},{"date" => "2018-07-23T03:16:58","version" => "0.24-TRIAL3"},{"date" => "2018-07-23T12:12:48","version" => "0.24-TRIAL4"},{"date" => "2018-07-24T22:03:18","version" => "0.24"},{"date" => "2018-07-25T01:54:45","version" => "0.25"},{"date" => "2018-07-28T19:52:07","version" => "0.26-TRIAL1"},{"date" => "2018-07-28T22:07:05","version" => "0.26"},{"date" => "2018-07-28T22:26:02","version" => "0.27-TRIAL1"},{"date" => "2018-07-29T02:05:05","version" => "0.27"},{"date" => "2018-08-25T00:24:23","version" => "0.28"},{"date" => "2018-08-25T02:38:45","version" => "0.29"},{"date" => "2018-12-22T02:29:37","version" => "0.30-TRIAL1"},{"date" => "2018-12-22T15:18:25","version" => "0.30-TRIAL2"},{"date" => "2018-12-24T03:14:46","version" => "0.30-TRIAL3"},{"date" => "2019-09-12T03:13:59","version" => "0.30"},{"date" => "2020-02-11T00:54:58","version" => "0.31_01"},{"date" => "2020-02-11T02:50:09","version" => "0.31_02"},{"date" => "2020-02-12T01:19:36","version" => "0.31"},{"date" => "2020-06-04T12:31:25","version" => "0.32_01"},{"date" => "2020-06-04T12:56:11","version" => "0.32_02"},{"date" => "2020-06-05T02:53:59","version" => "0.32"},{"date" => "2020-08-10T15:39:12","version" => "0.33"},{"date" => "2020-09-24T07:31:56","version" => "0.34_02"},{"date" => "2020-09-24T07:37:16","version" => "0.34_03"},{"date" => "2020-09-25T01:38:34","version" => "0.34_04"},{"date" => "2020-09-26T03:44:57","version" => "0.34_05"},{"date" => "2020-09-26T12:38:56","version" => "0.34_06"},{"date" => "2020-09-26T18:03:25","version" => "0.34_07"},{"date" => "2020-09-27T13:00:26","version" => "0.34_08"},{"date" => "2020-09-27T23:51:08","version" => "0.34_09"},{"date" => "2020-09-28T07:22:06","version" => "0.34"},{"date" => "2021-11-17T15:13:58","version" => "0.35_02"},{"date" => "2021-11-18T03:39:19","version" => "0.35"},{"date" => "2021-11-18T03:44:32","version" => "0.36"},{"date" => "2021-11-20T13:20:35","version" => "0.37_01"},{"date" => "2021-11-21T03:44:48","version" => "0.37_02"},{"date" => "2021-11-22T04:28:59","version" => "0.37_03"},{"date" => "2021-11-29T02:09:35","version" => "0.37_04"},{"date" => "2021-11-30T02:16:10","version" => "0.37_05"},{"date" => "2021-11-30T16:09:14","version" => "0.37_06"},{"date" => "2021-12-01T01:39:08","version" => "0.37_07"},{"date" => "2021-12-02T21:42:02","version" => "0.37_08"},{"date" => "2021-12-06T15:38:41","version" => "0.37_09"},{"date" => "2021-12-08T01:12:53","version" => "0.37_10"},{"date" => "2021-12-09T13:42:15","version" => "0.37_11"},{"date" => "2021-12-14T02:08:33","version" => "0.37_12"},{"date" => "2021-12-15T05:19:53","version" => "0.37_13"},{"date" => "2021-12-17T19:36:38","version" => "0.37"},{"date" => "2022-10-17T15:04:13","version" => "0.38"}]},"Crypt-Primes" => {"advisories" => [{"affected_versions" => ["<0.52"],"cves" => [],"description" => "bin/largeprimes uses a custom shebang, which allows it to load modules from several locations: '..', '../lib', 'lib'. This could lead to load modules from an unpredictable location depending from where the script is run and what user is running it.\n","distribution" => "Crypt-Primes","fixed_versions" => [">=0.52"],"id" => "CPANSA-Crypt-Primes-2024-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=128058","https://github.com/atoomic/Crypt-Primes/pull/2","https://github.com/perl-Crypt-OpenPGP/Crypt-Primes/blob/main/Changes"],"reported" => undef,"severity" => undef}],"main_module" => "Crypt::Primes","versions" => [{"date" => "2000-11-09T23:33:04","version" => "0.38"},{"date" => "2001-03-05T09:29:12","version" => "0.46"},{"date" => "2001-06-11T09:15:28","version" => "0.49"},{"date" => "2003-01-16T20:11:04","version" => "0.50"},{"date" => "2025-01-25T02:41:34","version" => "0.51"},{"date" => "2025-01-25T13:14:32","version" => "0.52"}]},"Crypt-Random" => {"advisories" => [{"affected_versions" => [">0"],"cves" => [],"description" => "The makerandom program that comes with Crypt::Random adds module search paths in its shebang line, potentially leading to issues with unexpected modules being loaded\n","distribution" => "Crypt-Random","fixed_versions" => [],"id" => "CPANSA-Crypt-Random-2024-001","references" => ["https://metacpan.org/dist/Crypt-Random/changes","https://rt.cpan.org/Ticket/Display.html?id=128062","https://github.com/atoomic/Crypt-Random/pull/1"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.05,<=1.55"],"cves" => ["CVE-2025-1828"],"description" => "Crypt::Random Perl package 1.05 through 1.55 may use rand() function,\x{a0}which is not\x{a0}cryptographically strong,\x{a0}for cryptographic functions.  If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available\x{a0}Crypt::Random will default to use the insecure\x{a0}Crypt::Random::rand provider.  In particular, Windows versions of perl will encounter this issue by default.","distribution" => "Crypt-Random","fixed_versions" => [">1.55"],"id" => "CPANSA-Crypt-Random-2025-1828","references" => ["https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05","https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1","https://perldoc.perl.org/functions/rand"],"reported" => "2025-03-11","severity" => undef}],"main_module" => "Crypt::Random","versions" => [{"date" => "1999-04-09T19:08:40","version" => "0.17"},{"date" => "1999-10-13T23:27:57","version" => "0.18"},{"date" => "2000-09-18T22:56:56","version" => "0.23"},{"date" => "2001-02-14T08:55:34","version" => "0.32"},{"date" => "2001-03-05T09:27:27","version" => "0.33"},{"date" => "2001-04-17T22:01:25","version" => "0.34"},{"date" => "2001-06-22T22:11:42","version" => "1.07"},{"date" => "2001-06-23T02:22:55","version" => "1.08"},{"date" => "2001-07-09T19:07:34","version" => "1.10"},{"date" => "2001-07-12T16:02:21","version" => "1.11"},{"date" => "2003-01-08T13:41:34","version" => "1.12"},{"date" => "2003-03-11T18:44:11","version" => "1.13"},{"date" => "2004-05-21T21:18:13","version" => "1.20"},{"date" => "2004-05-24T23:04:52","version" => "1.21"},{"date" => "2004-06-01T22:58:47","version" => "1.22"},{"date" => "2004-06-02T18:52:24","version" => "1.23"},{"date" => "2005-03-07T23:05:09","version" => "1.24"},{"date" => "2005-03-07T23:18:08","version" => "1.25"},{"date" => "2018-12-22T16:21:07","version" => "1.51"},{"date" => "2018-12-22T19:30:28","version" => "1.52"},{"date" => "2021-06-03T18:19:46","version" => "1.53"},{"date" => "2021-06-03T18:31:44","version" => "1.54"},{"date" => "2025-01-30T05:20:08","version" => "1.55"},{"date" => "2025-02-05T01:49:00","version" => "1.56"},{"date" => "2025-02-10T23:28:24","version" => "1.57"}]},"Crypt-Random-Source" => {"advisories" => [{"affected_versions" => ["<=0.12"],"cves" => ["CVE-2018-25107"],"description" => "In versions prior to 0.13, rand could be used as a result of calling get_weak, or get, if no random device was available. This implies that not explicitly asking for get_strong on a non POSIX operating system (e.g. Win32 without the Win32 backend) could have resulted in non cryptographically random data.\n","distribution" => "Crypt-Random-Source","fixed_versions" => [">=0.13"],"id" => "CPANSA-Crypt-Random-Source-2024-001","references" => ["https://metacpan.org/dist/Crypt-Random-Source/changes","https://nvd.nist.gov/vuln/detail/CVE-2018-25107","https://github.com/karenetheridge/Crypt-Random-Source/pull/3","https://metacpan.org/release/ETHER/Crypt-Random-Source-0.13/changes"],"reported" => undef,"severity" => undef}],"main_module" => "Crypt::Random::Source","versions" => [{"date" => "2008-06-17T00:15:09","version" => "0.01_01"},{"date" => "2008-06-17T01:51:37","version" => "0.01"},{"date" => "2008-06-17T01:53:15","version" => "0.02"},{"date" => "2008-06-17T06:01:16","version" => "0.03"},{"date" => "2009-11-25T17:09:48","version" => "0.04"},{"date" => "2009-11-25T17:11:14","version" => "0.05"},{"date" => "2010-12-23T03:04:46","version" => "0.06"},{"date" => "2011-01-05T08:42:20","version" => "0.07"},{"date" => "2014-08-05T00:05:07","version" => "0.08"},{"date" => "2014-08-30T17:12:48","version" => "0.09"},{"date" => "2014-08-31T18:06:40","version" => "0.10"},{"date" => "2015-10-24T04:00:11","version" => "0.11"},{"date" => "2016-03-11T03:43:41","version" => "0.12"},{"date" => "2018-04-08T01:09:20","version" => "0.13"},{"date" => "2018-04-10T02:58:59","version" => "0.14"}]},"Crypt-RandomEncryption" => {"advisories" => [{"affected_versions" => [">=0.01"],"cves" => ["CVE-2024-58040"],"description" => "Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.","distribution" => "Crypt-RandomEncryption","fixed_versions" => [],"id" => "CPANSA-Crypt-RandomEncryption-2024-58040","references" => ["https://metacpan.org/release/QWER/Crypt-RandomEncryption-0.01/source/lib/Crypt/RandomEncryption.pm#L33","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-09-30","severity" => undef}],"main_module" => "Crypt::RandomEncryption","versions" => [{"date" => "2013-05-16T18:07:28","version" => "0.01"}]},"Crypt-Salt" => {"advisories" => [{"affected_versions" => ["<=0.01"],"cves" => ["CVE-2025-1805"],"description" => "Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.","distribution" => "Crypt-Salt","fixed_versions" => [],"id" => "CPANSA-Crypt-Salt-2025-1805","references" => ["https://metacpan.org/release/HACHI/Crypt-Salt-0.01/source/lib/Crypt/Salt.pm#L76","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-02","severity" => undef}],"main_module" => "Crypt::Salt","versions" => [{"date" => "2003-11-12T06:13:44","version" => "0.01"}]},"Crypt-Sodium-XS" => {"advisories" => [{"affected_versions" => ["<0.000042"],"cves" => ["CVE-2025-15444"],"description" => "Crypt::Sodium::XS module versions prior to\x{a0}0.000042,\x{a0}for Perl, include a vulnerable version of libsodium  libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277\x{a0} https://www.cve.org/CVERecord?id=CVE-2025-69277 .  The libsodium vulnerability states:  In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.  0.000042 includes a version of\x{a0}libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.","distribution" => "Crypt-Sodium-XS","embedded_vulnerability" => {"distributed_version" => "<-1.0.20","name" => "libsodium"},"fixed_versions" => [">=0.000042"],"id" => "CPANSA-Crypt-Sodium-XS-2025-15444","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://metacpan.org/dist/Crypt-Sodium-XS/changes"],"reported" => "2026-01-06","severity" => undef},{"affected_versions" => ["<0.001001"],"cves" => ["CVE-2026-30910"],"description" => "Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.  Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow.  Encountering this issue is unlikely as the message length would need to be very large.  For bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U","distribution" => "Crypt-Sodium-XS","fixed_versions" => [">=0.001001"],"id" => "CPANSA-Crypt-Sodium-XS-2026-30910","references" => ["https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes","http://www.openwall.com/lists/oss-security/2026/03/08/2"],"reported" => "2026-03-08","severity" => undef},{"affected_versions" => [">=0.000018,<=0.000027"],"cves" => ["CVE-2025-69277"],"description" => "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.\n","distribution" => "Crypt-Sodium-XS","fixed_versions" => [],"id" => "CPANSA-Crypt-Sodium-XS-2025-69277-libsodium","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7","https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf","https://github.com/pyca/pynacl/issues/920","https://ianix.com/pub/ed25519-deployment.html","https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html","https://news.ycombinator.com/item?id=46435614"],"reported" => "2025-12-31","severity" => "medium"},{"affected_versions" => [">=0.000028,<=0.000041"],"cves" => ["CVE-2025-69277"],"description" => "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.\n","distribution" => "Crypt-Sodium-XS","fixed_versions" => [],"id" => "CPANSA-Crypt-Sodium-XS-2025-69277-libsodium","references" => ["https://00f.net/2025/12/30/libsodium-vulnerability/","https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae","https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7","https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf","https://github.com/pyca/pynacl/issues/920","https://ianix.com/pub/ed25519-deployment.html","https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html","https://news.ycombinator.com/item?id=46435614"],"reported" => "2025-12-31","severity" => "medium"}],"main_module" => "Crypt::Sodium::XS","versions" => [{"date" => "2025-07-06T21:01:50","version" => "0.000018"},{"date" => "2025-07-07T16:16:33","version" => "0.000019"},{"date" => "2025-07-08T01:32:47","version" => "0.000020"},{"date" => "2025-07-08T02:22:03","version" => "0.000021"},{"date" => "2025-07-08T06:45:10","version" => "0.000022"},{"date" => "2025-07-08T22:14:02","version" => "0.000024"},{"date" => "2025-07-09T20:24:46","version" => "0.000025"},{"date" => "2025-07-09T21:42:18","version" => "0.000026"},{"date" => "2025-07-12T16:33:41","version" => "0.000027"},{"date" => "2025-07-15T19:55:23","version" => "0.000028"},{"date" => "2025-07-17T00:10:50","version" => "0.000029"},{"date" => "2025-07-19T21:47:23","version" => "0.000030"},{"date" => "2025-07-21T15:02:40","version" => "0.000031"},{"date" => "2025-07-23T23:48:57","version" => "0.000032"},{"date" => "2025-07-24T20:46:46","version" => "0.000033"},{"date" => "2025-08-01T19:01:56","version" => "0.000034"},{"date" => "2025-08-02T00:09:58","version" => "0.000035"},{"date" => "2025-08-03T14:55:38","version" => "0.000036"},{"date" => "2025-08-05T21:41:13","version" => "0.000037"},{"date" => "2025-08-09T18:31:17","version" => "0.000038"},{"date" => "2025-08-21T06:03:08","version" => "0.000039"},{"date" => "2025-12-04T06:38:40","version" => "0.000040"},{"date" => "2025-12-05T05:32:25","version" => "0.000041"},{"date" => "2026-01-04T09:58:53","version" => "0.000042"},{"date" => "2026-01-21T04:10:41","version" => "0.001000"},{"date" => "2026-03-07T22:47:08","version" => "0.001001"}]},"Crypt-SysRandom-XS" => {"advisories" => [{"affected_versions" => ["<0.010"],"cves" => ["CVE-2026-2597"],"description" => "Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes().  The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to chosen random function (e.g. getrandom) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service).  In common usage, the length argument is typically hardcoded by the caller, which reduces the likelihood of attacker-controlled exploitation. Applications that pass untrusted input to this parameter may be affected.","distribution" => "Crypt-SysRandom-XS","fixed_versions" => [">=0.010"],"id" => "CPANSA-Crypt-SysRandom-XS-2026-2597","references" => ["https://metacpan.org/dist/Crypt-SysRandom-XS/changes","https://metacpan.org/release/LEONT/Crypt-SysRandom-XS-0.011/source/lib/Crypt/SysRandom/XS.xs#L51-52"],"reported" => "2026-02-27","severity" => undef}],"main_module" => "Crypt::SysRandom::XS","versions" => [{"date" => "2025-02-04T01:59:42","version" => "0.006"},{"date" => "2025-02-05T19:46:04","version" => "0.007"},{"date" => "2025-02-20T12:52:45","version" => "0.008"},{"date" => "2025-04-11T16:46:48","version" => "0.009"},{"date" => "2026-02-16T20:43:40","version" => "0.010"},{"date" => "2026-02-16T23:58:52","version" => "0.011"}]},"Crypt-URandom" => {"advisories" => [{"affected_versions" => [">=0.41,<0.55"],"cves" => ["CVE-2026-2474"],"description" => "Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom().  The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to getrandom(data, length, GRND_NONBLOCK) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service).  In common usage, the length argument is typically hardcoded by the caller, which reduces the likelihood of attacker-controlled exploitation. Applications that pass untrusted input to this parameter may be affected.","distribution" => "Crypt-URandom","fixed_versions" => [">=0.55"],"id" => "CPANSA-Crypt-URandom-2026-2474","references" => ["https://metacpan.org/release/DDICK/Crypt-URandom-0.54/source/URandom.xs#L35-79","https://metacpan.org/release/DDICK/Crypt-URandom-0.55/source/Changes"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Crypt::URandom","versions" => [{"date" => "2011-04-19T21:19:07","version" => "0.0.27"},{"date" => "2011-09-03T08:32:28","version" => "0.28"},{"date" => "2013-02-14T08:52:19","version" => "0.29"},{"date" => "2013-02-26T10:34:54","version" => "0.30"},{"date" => "2013-03-01T07:59:28","version" => "0.31"},{"date" => "2013-03-09T04:25:55","version" => "0.32"},{"date" => "2013-03-09T04:32:35","version" => "0.33"},{"date" => "2013-03-10T09:20:53","version" => "0.34"},{"date" => "2015-05-13T20:12:12","version" => "0.35"},{"date" => "2015-06-01T11:45:38","version" => "0.36"},{"date" => "2023-05-10T11:55:21","version" => "0.37"},{"date" => "2023-05-10T19:57:07","version" => "0.38"},{"date" => "2023-05-21T09:05:01","version" => "0.39"},{"date" => "2024-02-24T09:03:35","version" => "0.40"},{"date" => "2024-12-29T23:34:13","version" => "0.41_01"},{"date" => "2024-12-30T00:00:05","version" => "0.41_02"},{"date" => "2025-01-01T22:58:00","version" => "0.41"},{"date" => "2025-01-02T23:56:10","version" => "0.42"},{"date" => "2025-01-03T09:04:23","version" => "0.43"},{"date" => "2025-01-03T20:47:27","version" => "0.44"},{"date" => "2025-01-03T22:28:26","version" => "0.45"},{"date" => "2025-01-04T08:47:50","version" => "0.46"},{"date" => "2025-01-06T10:45:06","version" => "0.47"},{"date" => "2025-01-06T21:08:58","version" => "0.48"},{"date" => "2025-01-07T21:28:34","version" => "0.49"},{"date" => "2025-01-08T21:56:14","version" => "0.50"},{"date" => "2025-01-19T07:28:53","version" => "0.51_01"},{"date" => "2025-01-19T07:57:30","version" => "0.51_02"},{"date" => "2025-01-22T11:25:07","version" => "0.51"},{"date" => "2025-01-22T19:39:34","version" => "0.52"},{"date" => "2025-02-08T09:07:55","version" => "0.53"},{"date" => "2025-03-15T09:46:36","version" => "0.54"},{"date" => "2026-02-16T20:08:04","version" => "0.55"}]},"CryptX" => {"advisories" => [{"affected_versions" => ["<0.062"],"cves" => ["CVE-2018-25099"],"description" => "A user can pass anything as the tag into gcm_decrypt_verify() and it will return decrypted plaintext.\n","distribution" => "CryptX","fixed_versions" => [">=0.062"],"id" => "CPANSA-CryptX-2018-01","references" => ["https://github.com/DCIT/perl-CryptX/issues/47","https://github.com/libtom/libtomcrypt/pull/451"],"reported" => "2018-10-26","severity" => undef},{"affected_versions" => ["<0.065"],"cves" => ["CVE-2025-40912","CVE-2019-17362"],"description" => "CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.  CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.","distribution" => "CryptX","embedded_vulnerability" => {"distributed_version" => undef,"name" => "libtomcrypt"},"fixed_versions" => [">=0.065"],"id" => "CPANSA-CryptX-2025-40912","references" => ["https://github.com/libtom/libtomcrypt/issues/507"],"reported" => "2025-06-11","severity" => undef},{"affected_versions" => ["<0.087"],"cves" => ["CVE-2025-40914","CVE-2023-36328"],"description" => "Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.  CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.","distribution" => "CryptX","embedded_vulnerability" => {"distributed_version" => undef,"name" => "libtommath"},"fixed_versions" => [">=0.087"],"id" => "CPANSA-CryptX-2025-40914","references" => ["https://github.com/advisories/GHSA-j3xv-6967-cv88","https://github.com/libtom/libtommath/pull/546","https://metacpan.org/release/MIK/CryptX-0.086/source/src/ltm/bn_mp_grow.c","https://www.cve.org/CVERecord?id=CVE-2023-36328"],"reported" => "2025-06-11","severity" => undef}],"main_module" => "CryptX","versions" => [{"date" => "2013-04-11T15:10:25","version" => "0.002"},{"date" => "2013-04-16T07:29:07","version" => "0.003"},{"date" => "2013-04-16T07:37:29","version" => "0.004"},{"date" => "2013-04-18T12:09:09","version" => "0.005"},{"date" => "2013-04-19T09:05:57","version" => "0.006"},{"date" => "2013-04-23T10:03:54","version" => "0.007"},{"date" => "2013-05-02T08:52:42","version" => "0.008"},{"date" => "2013-05-19T20:25:17","version" => "0.009"},{"date" => "2013-06-14T22:37:18","version" => "0.011"},{"date" => "2013-06-17T20:00:17","version" => "0.012"},{"date" => "2013-08-28T07:12:15","version" => "0.013"},{"date" => "2013-09-11T14:31:01","version" => "0.013_1"},{"date" => "2013-09-11T21:11:18","version" => "0.014"},{"date" => "2013-09-12T08:21:21","version" => "0.014_1"},{"date" => "2013-09-12T09:12:21","version" => "0.014_2"},{"date" => "2013-09-12T09:32:06","version" => "0.015"},{"date" => "2013-09-15T19:36:52","version" => "0.016"},{"date" => "2013-09-22T19:20:20","version" => "0.016_1"},{"date" => "2013-09-23T14:24:27","version" => "0.016_2"},{"date" => "2013-09-24T05:00:07","version" => "0.016_3"},{"date" => "2013-09-24T08:54:42","version" => "0.017"},{"date" => "2013-10-18T13:21:35","version" => "0.018"},{"date" => "2013-10-20T21:13:35","version" => "0.019"},{"date" => "2014-01-14T21:30:37","version" => "0.019_1"},{"date" => "2014-01-15T21:59:30","version" => "0.019_2"},{"date" => "2014-01-16T21:26:19","version" => "0.019_3"},{"date" => "2014-01-17T09:42:29","version" => "0.019_4"},{"date" => "2014-01-18T08:29:06","version" => "0.020"},{"date" => "2014-01-23T15:47:50","version" => "0.021"},{"date" => "2015-04-17T01:18:47","version" => "0.021_1"},{"date" => "2015-04-17T10:12:01","version" => "0.021_3"},{"date" => "2015-05-06T07:55:21","version" => "0.021_4"},{"date" => "2015-05-11T21:56:39","version" => "0.021_5"},{"date" => "2015-05-12T05:52:15","version" => "0.021_6"},{"date" => "2015-05-12T07:10:42","version" => "0.021_7"},{"date" => "2015-05-14T09:27:41","version" => "0.021_8"},{"date" => "2015-05-15T11:08:26","version" => "0.021_9"},{"date" => "2015-05-22T16:57:26","version" => "0.022"},{"date" => "2015-06-10T20:37:54","version" => "0.023"},{"date" => "2015-06-26T06:13:25","version" => "0.023_1"},{"date" => "2015-06-26T09:18:06","version" => "0.023_2"},{"date" => "2015-06-29T20:09:16","version" => "0.024"},{"date" => "2015-07-08T07:56:50","version" => "0.025"},{"date" => "2015-10-22T15:14:53","version" => "0.025_01"},{"date" => "2015-11-28T18:58:17","version" => "0.026"},{"date" => "2015-12-29T21:20:15","version" => "0.026_01"},{"date" => "2015-12-29T21:20:27","version" => "0.026_02"},{"date" => "2016-01-02T14:38:13","version" => "0.026_05"},{"date" => "2016-01-02T15:57:58","version" => "0.026_06"},{"date" => "2016-01-03T14:36:53","version" => "0.026_08"},{"date" => "2016-01-10T09:47:31","version" => "0.026_15"},{"date" => "2016-01-10T09:47:43","version" => "0.026_16"},{"date" => "2016-01-10T11:52:21","version" => "0.026_18"},{"date" => "2016-01-10T11:53:48","version" => "0.026_19"},{"date" => "2016-01-10T17:03:45","version" => "0.026_23"},{"date" => "2016-01-10T17:03:56","version" => "0.026_24"},{"date" => "2016-01-10T19:02:14","version" => "0.026_28"},{"date" => "2016-01-10T20:49:06","version" => "0.026_29"},{"date" => "2016-01-12T22:25:58","version" => "0.026_30"},{"date" => "2016-01-12T22:37:33","version" => "0.026_31"},{"date" => "2016-01-13T23:53:06","version" => "0.026_32"},{"date" => "2016-01-14T19:29:18","version" => "0.026_33"},{"date" => "2016-01-14T19:30:45","version" => "0.026_34"},{"date" => "2016-01-14T21:16:15","version" => "0.026_35"},{"date" => "2016-01-14T21:19:01","version" => "0.026_36"},{"date" => "2016-01-22T23:01:16","version" => "0.026_39"},{"date" => "2016-01-24T22:12:32","version" => "0.026_40"},{"date" => "2016-01-24T22:36:42","version" => "0.026_41"},{"date" => "2016-01-25T20:44:46","version" => "0.027"},{"date" => "2016-01-25T21:42:58","version" => "0.027_01"},{"date" => "2016-01-26T10:06:26","version" => "0.027_05"},{"date" => "2016-03-15T09:51:01","version" => "0.027_06"},{"date" => "2016-03-23T19:44:54","version" => "0.028"},{"date" => "2016-03-28T14:31:13","version" => "0.028_01"},{"date" => "2016-03-28T19:32:58","version" => "0.028_02"},{"date" => "2016-03-31T12:07:46","version" => "0.028_03"},{"date" => "2016-04-13T09:30:27","version" => "0.029"},{"date" => "2016-04-13T09:46:59","version" => "0.030"},{"date" => "2016-05-01T16:53:05","version" => "0.031"},{"date" => "2016-05-04T17:45:30","version" => "0.032"},{"date" => "2016-05-09T20:20:49","version" => "0.033"},{"date" => "2016-05-10T22:31:32","version" => "0.034"},{"date" => "2016-06-03T10:17:59","version" => "0.035"},{"date" => "2016-06-07T19:22:05","version" => "0.036"},{"date" => "2016-06-16T17:04:27","version" => "0.037"},{"date" => "2016-07-06T18:27:46","version" => "0.038"},{"date" => "2016-08-03T05:53:42","version" => "0.039"},{"date" => "2016-09-12T08:42:39","version" => "0.040"},{"date" => "2016-10-12T09:32:48","version" => "0.041"},{"date" => "2016-10-19T10:25:05","version" => "0.041_001"},{"date" => "2016-11-02T09:00:59","version" => "0.041_002"},{"date" => "2016-11-02T09:19:09","version" => "0.041_003"},{"date" => "2016-11-12T15:21:01","version" => "0.042"},{"date" => "2016-11-27T21:19:27","version" => "0.043"},{"date" => "2016-11-28T07:45:32","version" => "0.044"},{"date" => "2017-02-21T21:54:33","version" => "0.044_001"},{"date" => "2017-02-23T15:58:42","version" => "0.044_003"},{"date" => "2017-02-23T20:35:46","version" => "0.044_004"},{"date" => "2017-02-23T20:44:50","version" => "0.044_005"},{"date" => "2017-02-28T12:22:27","version" => "0.044_006"},{"date" => "2017-02-28T13:58:51","version" => "0.044_007"},{"date" => "2017-03-01T09:26:34","version" => "0.044_008"},{"date" => "2017-03-01T09:49:29","version" => "0.044_009"},{"date" => "2017-03-01T10:02:35","version" => "0.044_010"},{"date" => "2017-03-31T09:28:10","version" => "0.045"},{"date" => "2017-04-04T09:08:33","version" => "0.046"},{"date" => "2017-04-05T20:09:35","version" => "0.047"},{"date" => "2017-04-07T18:22:15","version" => "0.047_001"},{"date" => "2017-04-07T21:40:24","version" => "0.047_002"},{"date" => "2017-04-10T08:16:03","version" => "0.047_003"},{"date" => "2017-04-24T15:23:29","version" => "0.047_004"},{"date" => "2017-04-26T15:36:02","version" => "0.047_005"},{"date" => "2017-05-01T19:11:50","version" => "0.047_006"},{"date" => "2017-05-31T20:22:56","version" => "0.048"},{"date" => "2017-07-09T19:38:38","version" => "0.048_001"},{"date" => "2017-07-14T17:43:25","version" => "0.048_002"},{"date" => "2017-07-18T05:56:42","version" => "0.049"},{"date" => "2017-07-18T20:37:45","version" => "0.050"},{"date" => "2017-08-08T08:14:05","version" => "0.051"},{"date" => "2017-09-15T12:32:56","version" => "0.053"},{"date" => "2017-09-19T07:51:19","version" => "0.053_001"},{"date" => "2017-09-19T18:46:56","version" => "0.053_002"},{"date" => "2017-09-20T09:56:04","version" => "0.053_003"},{"date" => "2017-10-10T21:04:53","version" => "0.053_004"},{"date" => "2017-10-12T07:27:42","version" => "0.054"},{"date" => "2017-10-23T13:18:12","version" => "0.054_001"},{"date" => "2017-10-23T17:44:49","version" => "0.054_002"},{"date" => "2017-10-25T07:43:53","version" => "0.054_003"},{"date" => "2017-10-30T17:53:14","version" => "0.054_004"},{"date" => "2017-10-31T18:27:22","version" => "0.054_005"},{"date" => "2017-11-20T18:51:03","version" => "0.054_006"},{"date" => "2017-11-24T08:15:31","version" => "0.054_007"},{"date" => "2017-11-24T14:21:46","version" => "0.054_008"},{"date" => "2017-11-24T16:33:40","version" => "0.054_009"},{"date" => "2017-11-28T10:19:52","version" => "0.055"},{"date" => "2017-12-18T19:05:35","version" => "0.055_001"},{"date" => "2017-12-22T13:22:16","version" => "0.056"},{"date" => "2018-01-26T16:05:07","version" => "0.056_001"},{"date" => "2018-01-29T06:18:08","version" => "0.056_002"},{"date" => "2018-01-29T10:02:58","version" => "0.056_003"},{"date" => "2018-01-29T23:05:27","version" => "0.056_004"},{"date" => "2018-01-30T10:23:40","version" => "0.056_005"},{"date" => "2018-01-30T14:11:33","version" => "0.056_006"},{"date" => "2018-01-30T16:08:38","version" => "0.056_007"},{"date" => "2018-01-30T16:29:41","version" => "0.056_008"},{"date" => "2018-01-30T16:43:48","version" => "0.056_009"},{"date" => "2018-01-31T08:56:12","version" => "0.057"},{"date" => "2018-02-27T17:13:52","version" => "0.058"},{"date" => "2018-03-08T09:30:22","version" => "0.058_001"},{"date" => "2018-03-18T16:27:43","version" => "0.058_002"},{"date" => "2018-03-25T15:45:36","version" => "0.059"},{"date" => "2018-04-27T17:14:03","version" => "0.059_001"},{"date" => "2018-04-28T20:59:58","version" => "0.059_002"},{"date" => "2018-04-29T18:12:50","version" => "0.059_003"},{"date" => "2018-05-01T09:32:27","version" => "0.060"},{"date" => "2018-05-27T19:05:34","version" => "0.060_001"},{"date" => "2018-05-28T07:18:37","version" => "0.060_002"},{"date" => "2018-06-06T15:49:28","version" => "0.060_003"},{"date" => "2018-06-07T05:25:50","version" => "0.061"},{"date" => "2018-10-24T20:35:24","version" => "0.061_001"},{"date" => "2018-10-26T17:10:16","version" => "0.061_002"},{"date" => "2018-10-29T10:46:25","version" => "0.061_003"},{"date" => "2018-10-30T06:27:48","version" => "0.062"},{"date" => "2018-11-22T10:43:01","version" => "0.062_001"},{"date" => "2018-11-28T10:48:28","version" => "0.063"},{"date" => "2019-06-06T09:36:14","version" => "0.063_001"},{"date" => "2019-06-06T17:35:59","version" => "0.063_002"},{"date" => "2019-06-10T17:24:53","version" => "0.063_003"},{"date" => "2019-06-12T13:33:28","version" => "0.063_004"},{"date" => "2019-06-12T23:12:09","version" => "0.063_005"},{"date" => "2019-06-14T07:01:03","version" => "0.064"},{"date" => "2019-10-19T18:49:19","version" => "0.065"},{"date" => "2019-10-20T16:30:22","version" => "0.066"},{"date" => "2020-01-26T20:23:46","version" => "0.066_001"},{"date" => "2020-01-30T10:21:29","version" => "0.066_002"},{"date" => "2020-02-01T13:24:27","version" => "0.067"},{"date" => "2020-03-08T19:21:55","version" => "0.067_001"},{"date" => "2020-03-10T13:04:08","version" => "0.068"},{"date" => "2020-08-02T08:51:06","version" => "0.068_001"},{"date" => "2020-08-25T07:12:43","version" => "0.069"},{"date" => "2021-02-12T14:44:41","version" => "0.070"},{"date" => "2021-03-30T09:39:33","version" => "0.071"},{"date" => "2021-04-29T08:23:01","version" => "0.072"},{"date" => "2021-07-12T16:40:01","version" => "0.072_001"},{"date" => "2021-07-13T07:03:12","version" => "0.072_002"},{"date" => "2021-07-13T20:54:22","version" => "0.072_003"},{"date" => "2021-07-18T12:16:09","version" => "0.073"},{"date" => "2021-10-04T18:34:39","version" => "0.073_001"},{"date" => "2021-10-10T18:41:04","version" => "0.073_002"},{"date" => "2021-10-13T18:32:43","version" => "0.073_003"},{"date" => "2021-11-06T09:26:22","version" => "0.074"},{"date" => "2021-12-25T09:39:17","version" => "0.075"},{"date" => "2022-01-01T00:36:25","version" => "0.075_001"},{"date" => "2022-01-01T13:19:24","version" => "0.075_002"},{"date" => "2022-01-01T19:48:49","version" => "0.075_003"},{"date" => "2022-01-07T20:55:06","version" => "0.076"},{"date" => "2022-06-09T18:18:34","version" => "0.076_001"},{"date" => "2022-08-20T15:42:12","version" => "0.076_002"},{"date" => "2022-08-20T18:14:10","version" => "0.076_003"},{"date" => "2022-08-21T07:46:06","version" => "0.077"},{"date" => "2023-04-28T12:31:25","version" => "0.078"},{"date" => "2023-07-25T18:36:58","version" => "0.078_001"},{"date" => "2023-10-01T12:20:32","version" => "0.079"},{"date" => "2023-10-01T17:35:55","version" => "0.079_002"},{"date" => "2023-10-01T17:36:06","version" => "0.079_003"},{"date" => "2023-10-02T07:47:50","version" => "0.079_004"},{"date" => "2023-10-02T11:22:48","version" => "0.079_005"},{"date" => "2023-10-02T15:06:17","version" => "0.079_006"},{"date" => "2023-10-03T10:16:25","version" => "0.079_007"},{"date" => "2023-10-04T11:07:16","version" => "0.080"},{"date" => "2023-10-07T11:45:30","version" => "0.080_001"},{"date" => "2024-08-17T10:06:21","version" => "0.080_003"},{"date" => "2024-08-17T17:16:06","version" => "0.080_004"},{"date" => "2024-08-17T20:28:14","version" => "0.080_005"},{"date" => "2024-08-30T18:43:56","version" => "0.080_006"},{"date" => "2024-09-01T08:32:21","version" => "0.080_007"},{"date" => "2024-09-01T09:26:40","version" => "0.080_008"},{"date" => "2024-09-01T11:23:19","version" => "0.080_009"},{"date" => "2024-09-02T14:51:29","version" => "0.080_010"},{"date" => "2024-09-03T11:32:03","version" => "0.080_011"},{"date" => "2024-09-03T18:01:58","version" => "0.080_012"},{"date" => "2024-09-08T16:12:50","version" => "0.081"},{"date" => "2024-10-03T11:12:24","version" => "0.081_001"},{"date" => "2024-10-07T13:31:29","version" => "0.082"},{"date" => "2024-10-14T11:36:41","version" => "0.082_001"},{"date" => "2024-10-15T09:31:49","version" => "0.083"},{"date" => "2024-10-15T15:09:00","version" => "0.083_001"},{"date" => "2024-10-16T11:23:26","version" => "0.084"},{"date" => "2025-01-25T22:45:03","version" => "0.084_001"},{"date" => "2025-02-08T10:02:22","version" => "0.085"},{"date" => "2025-02-20T21:06:09","version" => "0.085_001"},{"date" => "2025-04-27T15:46:56","version" => "0.085_002"},{"date" => "2025-04-27T17:37:48","version" => "0.085_003"},{"date" => "2025-05-02T21:40:16","version" => "0.086"},{"date" => "2025-06-08T22:06:49","version" => "0.086_001"},{"date" => "2025-06-09T18:09:54","version" => "0.086_002"},{"date" => "2025-06-09T21:44:43","version" => "0.086_003"},{"date" => "2025-06-10T05:57:40","version" => "0.086_004"},{"date" => "2025-06-11T10:52:53","version" => "0.086_005"},{"date" => "2025-06-11T13:52:26","version" => "0.087"},{"date" => "2025-10-05T16:50:53","version" => "0.087_001"}]},"DBD-MariaDB" => {"advisories" => [{"affected_versions" => ["<1.00"],"cves" => ["CVE-2018-2767"],"description" => "SSL problems of MySQL and MariaDB clients.\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2018-01","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"},{"affected_versions" => ["<1.00"],"cves" => ["CVE-2017-10788"],"description" => "Use-after-free after calling mysql_stmt_close().\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2017-02","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"},{"affected_versions" => ["<1.00"],"cves" => ["CVE-2017-3302"],"description" => "Leaking dangling pointers.\n","distribution" => "DBD-MariaDB","fixed_versions" => [">=1.00"],"id" => "CPANSA-DBD-MariaDB-2017-01","references" => ["https://metacpan.org/changes/distribution/DBD-MariaDB"],"reported" => "2017-07-01"}],"main_module" => "DBD::MariaDB","versions" => [{"date" => "2018-06-26T14:23:29","version" => "0.90_01"},{"date" => "2018-07-12T13:36:05","version" => "1.00"},{"date" => "2018-12-05T12:21:26","version" => "1.10"},{"date" => "2019-01-02T15:38:57","version" => "1.11"},{"date" => "2019-02-22T16:31:33","version" => "1.20"},{"date" => "2019-02-27T11:08:40","version" => "1.21"},{"date" => "2022-04-21T23:16:33","version" => "1.22"},{"date" => "2023-09-10T14:27:09","version" => "1.23"},{"date" => "2025-05-04T19:33:22","version" => "1.24"}]},"DBD-Pg" => {"advisories" => [{"affected_versions" => ["<2.19.0"],"cves" => ["CVE-2012-1151"],"description" => "Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.\n","distribution" => "DBD-Pg","fixed_versions" => [],"id" => "CPANSA-DBD-Pg-2012-1151","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536","https://rt.cpan.org/Public/Bug/Display.html?id=75642","http://secunia.com/advisories/48319","https://bugzilla.redhat.com/show_bug.cgi?id=801733","http://www.openwall.com/lists/oss-security/2012/03/10/4","http://secunia.com/advisories/48307","http://www.debian.org/security/2012/dsa-2431","http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes","http://www.openwall.com/lists/oss-security/2012/03/09/6","http://rhn.redhat.com/errata/RHSA-2012-1116.html","http://secunia.com/advisories/48824","http://security.gentoo.org/glsa/glsa-201204-08.xml","http://www.mandriva.com/security/advisories?name=MDVSA-2012:112","https://exchange.xforce.ibmcloud.com/vulnerabilities/73855","https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"],"reported" => "2012-09-09","severity" => undef},{"affected_versions" => ["==1.49"],"cves" => ["CVE-2009-0663"],"description" => "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.\n","distribution" => "DBD-Pg","fixed_versions" => [],"id" => "CPANSA-DBD-Pg-2009-0663","references" => ["http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz","https://launchpad.net/bugs/cve/2009-0663","http://www.debian.org/security/2009/dsa-1780","http://secunia.com/advisories/34909","http://www.securityfocus.com/bid/34755","http://www.redhat.com/support/errata/RHSA-2009-0479.html","http://secunia.com/advisories/35058","http://www.redhat.com/support/errata/RHSA-2009-1067.html","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35685","https://exchange.xforce.ibmcloud.com/vulnerabilities/50467","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"],"reported" => "2009-04-30","severity" => undef},{"affected_versions" => ["<2.0.0"],"cves" => ["CVE-2009-1341"],"description" => "Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.\n","distribution" => "DBD-Pg","fixed_versions" => [">=2.0.0"],"id" => "CPANSA-DBD-Pg-2009-1341","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=21392","https://launchpad.net/bugs/cve/2009-1341","http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz","http://www.debian.org/security/2009/dsa-1780","http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes","http://secunia.com/advisories/34909","http://www.securityfocus.com/bid/34757","http://www.redhat.com/support/errata/RHSA-2009-0479.html","http://secunia.com/advisories/35058","http://www.redhat.com/support/errata/RHSA-2009-1067.html","http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","http://secunia.com/advisories/35685","https://exchange.xforce.ibmcloud.com/vulnerabilities/50387","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680"],"reported" => "2009-04-30","severity" => undef}],"main_module" => "DBD::Pg","versions" => [{"date" => "1997-03-13T21:11:59","version" => "0.1"},{"date" => "1997-04-28T20:48:18","version" => "0.3"},{"date" => "1997-08-10T20:45:01","version" => "0.5"},{"date" => "1997-08-16T06:48:54","version" => "0.51"},{"date" => "1997-08-17T09:14:26","version" => "0.52"},{"date" => "1997-08-23T20:41:48","version" => "0.61"},{"date" => "1997-08-26T21:39:36","version" => "0.62"},{"date" => "1997-10-05T18:41:32","version" => "0.63"},{"date" => "1998-02-02T21:05:57","version" => "0.64"},{"date" => "1998-02-15T09:59:55","version" => "0.65"},{"date" => "1998-02-19T21:13:44","version" => "0.66"},{"date" => "1998-02-21T16:49:34","version" => "0.67"},{"date" => "1998-03-03T21:22:18","version" => "0.68"},{"date" => "1998-03-06T22:15:44","version" => "0.69"},{"date" => "1998-04-20T20:14:28","version" => "0.72"},{"date" => "1998-06-03T15:15:54","version" => "0.73"},{"date" => "1998-11-05T21:41:28","version" => "0.89"},{"date" => "1999-01-16T06:10:32","version" => "0.90"},{"date" => "1999-02-14T20:41:05","version" => "0.91"},{"date" => "1999-06-16T19:06:21","version" => "0.92"},{"date" => "1999-09-29T21:25:02","version" => "0.93"},{"date" => "2000-07-07T10:45:34","version" => "0.94"},{"date" => "2000-07-10T18:07:30","version" => "0.95"},{"date" => "2001-04-09T17:58:20","version" => "0.96"},{"date" => "2001-04-20T21:11:46","version" => "0.97"},{"date" => "2001-04-25T14:13:22","version" => "0.98"},{"date" => "2001-05-24T17:36:05","version" => "0.99"},{"date" => "2001-05-27T14:14:13","version" => "1.00"},{"date" => "2001-06-27T18:03:08","version" => "1.01"},{"date" => "2002-03-06T23:05:52","version" => "1.10"},{"date" => "2002-03-07T01:34:18","version" => "1.11"},{"date" => "2002-04-10T02:03:57","version" => "1.12"},{"date" => "2002-04-27T20:50:11","version" => "1.13"},{"date" => "2002-11-27T17:57:11","version" => "1.20"},{"date" => "2003-01-13T06:46:43","version" => "1.21"},{"date" => "2003-03-27T04:46:08","version" => "1.22"},{"date" => "2003-09-10T02:12:07","version" => "1.31_5"},{"date" => "2003-10-29T21:33:29","version" => "1.31_7"},{"date" => "2003-11-10T03:52:37","version" => "1.31_8"},{"date" => "2003-11-14T22:17:30","version" => "1.31_9"},{"date" => "2003-11-18T18:34:28","version" => "1.31"},{"date" => "2004-02-13T18:57:25","version" => "1.32_1"},{"date" => "2004-02-19T02:40:51","version" => "1.32_2"},{"date" => "2004-02-25T19:23:08","version" => "1.32"},{"date" => "2005-02-06T21:18:12","version" => "1.39_02"},{"date" => "2005-02-22T06:07:17","version" => "1.40"},{"date" => "2005-03-31T12:35:04","version" => "1.40_1"},{"date" => "2005-03-31T23:34:15","version" => "1.40_2"},{"date" => "2005-04-01T23:56:01","version" => "1.40_03"},{"date" => "2005-04-05T02:47:47","version" => "1.40_04"},{"date" => "2005-04-06T22:53:50","version" => "1.41"},{"date" => "2005-05-07T18:48:36","version" => "1.41_1"},{"date" => "2005-05-19T03:23:24","version" => "1.41_2"},{"date" => "2005-05-21T14:56:23","version" => "1.42"},{"date" => "2005-06-22T00:42:23","version" => "1.42_1"},{"date" => "2005-06-23T12:09:13","version" => "1.43"},{"date" => "2005-09-13T01:39:06","version" => "1.43_1"},{"date" => "2006-02-13T03:50:51","version" => "1.43_2"},{"date" => "2006-02-22T03:00:40","version" => "1.44"},{"date" => "2006-02-26T19:15:10","version" => "1.45"},{"date" => "2006-03-17T17:17:03","version" => "1.46"},{"date" => "2006-03-19T21:19:12","version" => "1.47"},{"date" => "2006-04-05T15:39:30","version" => "1.48"},{"date" => "2006-05-05T16:40:59","version" => "1.49"},{"date" => "2008-01-17T14:34:38","version" => "2.0.0"},{"date" => "2008-01-17T22:47:38","version" => "2.0.0_2"},{"date" => "2008-01-18T04:21:25","version" => "2.0.0_3"},{"date" => "2008-01-18T16:25:19","version" => "2.0.0_4"},{"date" => "2008-01-19T19:05:27","version" => "2.0.0_5"},{"date" => "2008-01-23T19:19:45","version" => "2.0.0_6"},{"date" => "2008-01-26T17:48:03","version" => "2.0.0_7"},{"date" => "2008-01-28T17:08:31","version" => "2.0.0_8"},{"date" => "2008-01-28T21:21:19","version" => "2.0.0_9"},{"date" => "2008-02-10T19:34:31","version" => "2.0.0"},{"date" => "2008-02-17T04:58:29","version" => "2.0.0_1"},{"date" => "2008-02-17T13:10:04","version" => "2.0.0_2"},{"date" => "2008-02-17T18:17:25","version" => "2.0.1_1"},{"date" => "2008-02-18T02:28:30","version" => "2.0.1_2"},{"date" => "2008-02-18T23:52:09","version" => "2.0.1_3"},{"date" => "2008-02-19T02:09:09","version" => "2.1.0"},{"date" => "2008-02-19T04:45:29","version" => "2.1.1"},{"date" => "2008-02-19T15:36:06","version" => "2.1.1_1"},{"date" => "2008-02-20T02:56:37","version" => "2.1.2"},{"date" => "2008-02-21T00:31:43","version" => "2.1.3"},{"date" => "2008-02-26T01:59:20","version" => "2.1.3_1"},{"date" => "2008-02-26T13:50:47","version" => "2.1.3_2"},{"date" => "2008-02-28T04:08:34","version" => "2.2.0"},{"date" => "2008-03-02T03:01:12","version" => "2.2.1"},{"date" => "2008-03-03T17:14:01","version" => "2.2.2"},{"date" => "2008-03-19T14:50:06","version" => "2.3.0"},{"date" => "2008-03-21T16:41:42","version" => "2.4.0"},{"date" => "2008-03-23T16:55:36","version" => "2.5.0"},{"date" => "2008-04-07T19:16:57","version" => "2.5.1"},{"date" => "2008-04-14T15:57:23","version" => "2.5.2_1"},{"date" => "2008-04-16T18:16:11","version" => "2.6.0"},{"date" => "2008-04-22T18:06:55","version" => "2.6.1"},{"date" => "2008-04-28T21:15:56","version" => "2.6.1_1"},{"date" => "2008-04-30T23:18:14","version" => "2.6.2"},{"date" => "2008-05-01T16:03:12","version" => "2.6.3"},{"date" => "2008-05-02T17:09:20","version" => "2.6.4"},{"date" => "2008-05-07T14:10:57","version" => "2.6.5"},{"date" => "2008-05-07T20:41:03","version" => "2.6.6"},{"date" => "2008-05-10T22:37:02","version" => "2.7.0"},{"date" => "2008-05-11T20:58:52","version" => "2.7.1"},{"date" => "2008-05-14T13:19:24","version" => "2.7.2"},{"date" => "2008-06-02T01:33:26","version" => "2.8.0"},{"date" => "2008-06-12T04:06:28","version" => "2.8.1"},{"date" => "2008-06-30T02:21:03","version" => "2.8.2"},{"date" => "2008-07-07T02:09:01","version" => "2.8.3"},{"date" => "2008-07-10T18:18:54","version" => "2.8.4"},{"date" => "2008-07-13T14:41:49","version" => "2.8.5"},{"date" => "2008-07-21T15:23:39","version" => "2.8.6"},{"date" => "2008-07-24T05:27:41","version" => "2.8.7"},{"date" => "2008-08-03T19:48:22","version" => "2.9.0"},{"date" => "2008-08-18T03:49:13","version" => "2.9.1"},{"date" => "2008-08-18T14:00:03","version" => "2.9.2"},{"date" => "2008-08-27T02:46:34","version" => "2.10.0"},{"date" => "2008-08-31T16:29:33","version" => "2.10.1"},{"date" => "2008-09-01T01:40:52","version" => "2.10.2"},{"date" => "2008-09-01T01:48:43","version" => "2.10.3"},{"date" => "2008-09-16T15:35:48","version" => "2.10.4"},{"date" => "2008-09-16T15:43:37","version" => "2.10.5"},{"date" => "2008-09-19T13:38:32","version" => "2.10.6"},{"date" => "2008-09-23T03:13:47","version" => "2.10.7"},{"date" => "2008-10-13T11:50:18","version" => "2.11.0"},{"date" => "2008-10-14T04:21:14","version" => "2.11.1"},{"date" => "2008-10-16T00:55:38","version" => "2.11.2"},{"date" => "2008-11-03T13:51:55","version" => "2.11.3"},{"date" => "2008-11-12T22:11:37","version" => "2.11.4"},{"date" => "2008-11-24T23:56:25","version" => "2.11.5"},{"date" => "2008-11-30T23:05:28","version" => "2.11.6"},{"date" => "2008-12-13T17:02:24","version" => "2.11.7"},{"date" => "2008-12-28T19:24:29","version" => "2.11.8"},{"date" => "2009-03-24T02:23:04","version" => "2.11.8_1"},{"date" => "2009-03-26T18:53:00","version" => "2.11.8_2"},{"date" => "2009-03-28T14:56:16","version" => "2.12.0"},{"date" => "2009-04-14T02:14:44","version" => "2.13.0"},{"date" => "2009-04-23T16:30:10","version" => "2.13.1"},{"date" => "2009-07-13T19:43:16","version" => "2.13.1_1"},{"date" => "2009-07-14T14:34:31","version" => "2.13.1_2"},{"date" => "2009-07-15T21:12:47","version" => "2.13.1_3"},{"date" => "2009-07-17T01:15:13","version" => "2.13.1_4"},{"date" => "2009-07-20T23:54:06","version" => "2.13.1_5"},{"date" => "2009-07-21T16:03:25","version" => "2.13.1_6"},{"date" => "2009-07-21T21:43:56","version" => "2.13.1_7"},{"date" => "2009-07-27T22:45:52","version" => "2.14.0"},{"date" => "2009-07-28T17:05:35","version" => "2.14.1"},{"date" => "2009-08-04T04:08:56","version" => "2.14.1_1"},{"date" => "2009-08-04T18:18:51","version" => "2.15.0"},{"date" => "2009-08-07T15:05:27","version" => "2.15.1"},{"date" => "2009-12-17T15:41:55","version" => "2.8.8"},{"date" => "2009-12-17T17:14:41","version" => "2.16.0"},{"date" => "2010-01-20T21:13:23","version" => "2.16.1"},{"date" => "2010-04-06T18:56:34","version" => "2.17.0"},{"date" => "2010-04-08T15:32:24","version" => "2.17.1"},{"date" => "2010-11-21T05:14:52","version" => "2.17.2"},{"date" => "2011-03-27T03:53:00","version" => "2.17.2_1"},{"date" => "2011-03-29T00:36:37","version" => "2.18.0"},{"date" => "2011-05-09T16:40:13","version" => "2.18.1"},{"date" => "2011-06-19T18:46:40","version" => "2.99.9_1"},{"date" => "2011-06-20T20:47:06","version" => "2.99.9_2"},{"date" => "2012-03-09T22:51:54","version" => "2.19.0"},{"date" => "2012-03-11T03:28:47","version" => "2.19.1"},{"date" => "2012-03-12T20:58:56","version" => "2.19.2"},{"date" => "2012-08-21T17:18:39","version" => "2.19.3"},{"date" => "2013-11-16T03:47:03","version" => "2.20.1_1"},{"date" => "2013-11-21T03:22:26","version" => "2.20.1_2"},{"date" => "2013-11-26T19:03:57","version" => "2.20.1_3"},{"date" => "2013-11-27T19:35:07","version" => "2.20.1_4"},{"date" => "2014-01-11T20:31:09","version" => "2.20.1_6"},{"date" => "2014-02-04T01:38:37","version" => "3.0.0"},{"date" => "2014-04-05T11:08:15","version" => "3.1.0"},{"date" => "2014-04-06T13:17:49","version" => "3.1.1"},{"date" => "2014-05-15T17:20:49","version" => "3.2.0"},{"date" => "2014-05-20T16:38:44","version" => "3.2.1"},{"date" => "2014-05-31T18:50:07","version" => "3.3.0"},{"date" => "2014-08-16T19:09:15","version" => "3.4.0"},{"date" => "2014-08-20T20:38:19","version" => "3.4.1"},{"date" => "2014-09-25T21:16:23","version" => "3.4.2"},{"date" => "2015-01-06T20:41:04","version" => "3.5.0"},{"date" => "2015-02-07T13:09:54","version" => "3.5.0_1"},{"date" => "2015-02-16T19:17:14","version" => "3.5.0_2"},{"date" => "2015-02-17T21:20:22","version" => "3.5.1"},{"date" => "2015-09-29T15:46:33","version" => "3.5.2"},{"date" => "2015-10-01T14:06:04","version" => "3.5.3"},{"date" => "2017-04-05T10:23:22","version" => "3.5.9_1"},{"date" => "2017-04-17T13:34:12","version" => "3.6.0"},{"date" => "2017-05-22T16:49:32","version" => "3.6.1"},{"date" => "2017-05-23T14:25:49","version" => "3.6.2"},{"date" => "2017-09-22T16:30:49","version" => "3.6.9_1"},{"date" => "2017-09-23T02:10:34","version" => "3.6.9_2"},{"date" => "2017-09-24T19:30:09","version" => "3.7.0"},{"date" => "2018-02-11T19:23:39","version" => "3.7.1"},{"date" => "2018-02-12T13:39:58","version" => "v3.7.3"},{"date" => "2018-02-13T04:10:10","version" => "3.7.4"},{"date" => "2019-04-26T02:20:41","version" => "3.8.0"},{"date" => "2019-07-06T19:44:25","version" => "3.8.1"},{"date" => "2019-07-25T15:48:44","version" => "3.8.9_1"},{"date" => "2019-08-13T21:10:51","version" => "3.9.0"},{"date" => "2019-08-15T19:46:43","version" => "3.9.1"},{"date" => "2019-09-03T15:18:09","version" => "3.10.0"},{"date" => "2020-01-14T03:27:38","version" => "3.10.1"},{"date" => "2020-01-17T22:34:46","version" => "3.10.2"},{"date" => "2020-01-20T21:01:45","version" => "3.10.3"},{"date" => "2020-02-03T17:19:38","version" => "3.10.4"},{"date" => "2020-03-23T17:47:23","version" => "3.10.5"},{"date" => "2020-04-23T16:46:52","version" => "3.11.0"},{"date" => "2020-04-28T15:12:38","version" => "3.11.1"},{"date" => "2020-05-07T18:35:28","version" => "3.12.0"},{"date" => "2020-06-03T13:39:22","version" => "3.12.1"},{"date" => "2020-06-04T15:30:54","version" => "3.12.2"},{"date" => "2020-06-05T17:59:13","version" => "3.12.3"},{"date" => "2020-06-08T20:38:00","version" => "3.12.3_1"},{"date" => "2020-06-15T21:25:55","version" => "3.12.3_2"},{"date" => "2020-06-17T15:53:25","version" => "3.13.0"},{"date" => "2020-07-20T00:24:23","version" => "3.14.0"},{"date" => "2020-08-12T16:17:33","version" => "3.14.1"},{"date" => "2020-08-13T13:36:09","version" => "3.14.2"},{"date" => "2021-05-21T21:20:28","version" => "3.15.0"},{"date" => "2022-02-14T15:39:15","version" => "3.15.1"},{"date" => "2022-08-08T18:03:02","version" => "3.16.0"},{"date" => "2023-03-06T00:06:35","version" => "3.16.1"},{"date" => "2023-04-04T19:49:11","version" => "3.16.2"},{"date" => "2023-04-04T20:43:26","version" => "3.16.3"},{"date" => "2023-08-24T00:42:24","version" => "3.17.0"},{"date" => "2023-12-06T23:47:13","version" => "3.18.0"},{"date" => "2026-03-14T17:02:30","version" => "3.19.0"}]},"DBD-SQLite" => {"advisories" => [{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-15358"],"description" => "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-15358","references" => ["https://www.sqlite.org/src/info/10fa79d00f8091e5","https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2","https://www.sqlite.org/src/tktview?name=8f157e8010","https://security.netapp.com/advisory/ntap-20200709-0001/","https://security.gentoo.org/glsa/202007-26","https://usn.ubuntu.com/4438-1/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211847","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpujan2021.html","https://support.apple.com/kb/HT212147","http://seclists.org/fulldisclosure/2021/Feb/14","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-06-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13632"],"description" => "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13632","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/a4dd148928ea65bd","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13631"],"description" => "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13631","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/eca0ba2cf4c0fdf7","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c\@%3Cissues.guacamole.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13630"],"description" => "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13630","references" => ["https://bugs.chromium.org/p/chromium/issues/detail?id=1080459","https://sqlite.org/src/info/0d69f76f0865f962","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.netapp.com/advisory/ntap-20200608-0002/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-05-27","severity" => "high"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13435"],"description" => "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13435","references" => ["https://www.sqlite.org/src/info/7a5279a25c57adf1","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-13434"],"description" => "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-13434","references" => ["https://www.sqlite.org/src/info/23439ea582241138","https://www.sqlite.org/src/info/d08d3405878d394e","https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html","https://security.netapp.com/advisory/ntap-20200528-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-05-24","severity" => "medium"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-11656","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-11655","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => ["<1.65_03"],"cves" => ["CVE-2020-9327"],"description" => "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2020-9327","references" => ["https://www.sqlite.org/cgi/src/info/4374860b29383380","https://www.sqlite.org/cgi/src/info/abc473fb8fb99900","https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e","https://security.netapp.com/advisory/ntap-20200313-0002/","https://security.gentoo.org/glsa/202003-16","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-02-21","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-20218"],"description" => "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-20218","references" => ["https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://security.gentoo.org/glsa/202007-26","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html"],"reported" => "2020-01-02","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19959"],"description" => "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19959","references" => ["https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec","https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1","https://security.netapp.com/advisory/ntap-20200204-0001/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"reported" => "2020-01-03","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19926","CVE-2019-19880"],"description" => "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19926","references" => ["https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4298-2/","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-23","severity" => "high"},{"affected_versions" => [">=1.19_01,<1.63_03"],"cves" => ["CVE-2019-8457"],"description" => "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.63_04"],"id" => "CPANSA-DBD-SQLite-2019-8457","references" => ["https://www.sqlite.org/src/info/90acdbfce9c08858","https://www.sqlite.org/releaselog/3_28_0.html","https://usn.ubuntu.com/4004-1/","https://usn.ubuntu.com/4004-2/","https://security.netapp.com/advisory/ntap-20190606-0002/","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2019-05-30","severity" => "critical"},{"affected_versions" => [">=1.61_03,<1.63_03"],"cves" => ["CVE-2019-5018"],"description" => "An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.63_04"],"id" => "CPANSA-DBD-SQLite-2019-5018","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777","http://www.securityfocus.com/bid/108294","http://packetstormsecurity.com/files/152809/Sqlite3-Window-Function-Remote-Code-Execution.html","https://security.netapp.com/advisory/ntap-20190521-0001/","https://security.gentoo.org/glsa/201908-09","https://usn.ubuntu.com/4205-1/"],"reported" => "2019-05-10","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19925"],"description" => "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19925","references" => ["https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19924"],"description" => "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19924","references" => ["https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3","https://security.netapp.com/advisory/ntap-20200114-0003/","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "medium"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19923"],"description" => "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19923","references" => ["https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35","https://security.netapp.com/advisory/ntap-20200114-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-24","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19880"],"description" => "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19880","references" => ["https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54","https://security.netapp.com/advisory/ntap-20200114-0001/","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","https://access.redhat.com/errata/RHSA-2020:0514","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://www.debian.org/security/2020/dsa-4638","https://usn.ubuntu.com/4298-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-18","severity" => "high"},{"affected_versions" => ["<=1.65_02"],"cves" => ["CVE-2019-19646"],"description" => "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19646","references" => ["https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd","https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3","https://www.sqlite.org/","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "critical"},{"affected_versions" => ["<=1.65_02"],"cves" => ["CVE-2019-19645"],"description" => "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19645","references" => ["https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4394-1/","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "medium"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19603"],"description" => "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19603","references" => ["https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13","https://www.sqlite.org/","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://usn.ubuntu.com/4394-1/","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c\@%3Cissues.guacamole.apache.org%3E","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-09","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19317"],"description" => "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19317","references" => ["https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8","https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3","https://security.netapp.com/advisory/ntap-20191223-0001/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-12-05","severity" => "critical"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19244"],"description" => "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19244","references" => ["https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-25","severity" => "high"},{"affected_versions" => ["==1.65_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.65_03"],"id" => "CPANSA-DBD-SQLite-2019-19242","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["<1.61_01"],"cves" => ["CVE-2018-20506"],"description" => "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.61_01"],"id" => "CPANSA-DBD-SQLite-2018-20506","references" => ["https://support.apple.com/kb/HT209451","https://support.apple.com/kb/HT209450","https://support.apple.com/kb/HT209448","https://support.apple.com/kb/HT209447","https://support.apple.com/kb/HT209446","https://support.apple.com/kb/HT209443","https://sqlite.org/src/info/940f2adc8541a838","https://seclists.org/bugtraq/2019/Jan/39","https://seclists.org/bugtraq/2019/Jan/33","https://seclists.org/bugtraq/2019/Jan/32","https://seclists.org/bugtraq/2019/Jan/31","https://seclists.org/bugtraq/2019/Jan/29","https://seclists.org/bugtraq/2019/Jan/28","http://www.securityfocus.com/bid/106698","http://seclists.org/fulldisclosure/2019/Jan/69","http://seclists.org/fulldisclosure/2019/Jan/68","http://seclists.org/fulldisclosure/2019/Jan/67","http://seclists.org/fulldisclosure/2019/Jan/66","http://seclists.org/fulldisclosure/2019/Jan/64","http://seclists.org/fulldisclosure/2019/Jan/62","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html","https://security.netapp.com/advisory/ntap-20190502-0004/","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2019-04-03","severity" => "high"},{"affected_versions" => ["==1.59_02"],"cves" => ["CVE-2018-20505"],"description" => "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.59_03"],"id" => "CPANSA-DBD-SQLite-2018-20505","references" => ["https://support.apple.com/kb/HT209451","https://support.apple.com/kb/HT209450","https://support.apple.com/kb/HT209448","https://support.apple.com/kb/HT209447","https://support.apple.com/kb/HT209446","https://support.apple.com/kb/HT209443","https://sqlite.org/src/info/1a84668dcfdebaf12415d","https://seclists.org/bugtraq/2019/Jan/39","https://seclists.org/bugtraq/2019/Jan/33","https://seclists.org/bugtraq/2019/Jan/32","https://seclists.org/bugtraq/2019/Jan/31","https://seclists.org/bugtraq/2019/Jan/29","https://seclists.org/bugtraq/2019/Jan/28","http://www.securityfocus.com/bid/106698","http://seclists.org/fulldisclosure/2019/Jan/69","http://seclists.org/fulldisclosure/2019/Jan/68","http://seclists.org/fulldisclosure/2019/Jan/67","http://seclists.org/fulldisclosure/2019/Jan/66","http://seclists.org/fulldisclosure/2019/Jan/64","http://seclists.org/fulldisclosure/2019/Jan/62","https://security.netapp.com/advisory/ntap-20190502-0004/","https://usn.ubuntu.com/4019-1/"],"reported" => "2019-04-03","severity" => "high"},{"affected_versions" => ["<1.61_01"],"cves" => ["CVE-2018-20346"],"description" => "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.61_01"],"id" => "CPANSA-DBD-SQLite-2018-20346","references" => ["https://www.sqlite.org/releaselog/3_25_3.html","https://www.mail-archive.com/sqlite-users\@mailinglists.sqlite.org/msg113218.html","https://crbug.com/900910","https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://bugzilla.redhat.com/show_bug.cgi?id=1659677","https://bugzilla.redhat.com/show_bug.cgi?id=1659379","https://blade.tencent.com/magellan/index_en.html","https://access.redhat.com/articles/3758321","https://worthdoingbadly.com/sqlitebug/","https://sqlite.org/src/info/d44318f59044162e","https://sqlite.org/src/info/940f2adc8541a838","https://news.ycombinator.com/item?id=18685296","https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html","https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html","https://www.synology.com/security/advisory/Synology_SA_18_61","http://www.securityfocus.com/bid/106323","https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html","https://security.gentoo.org/glsa/201904-21","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://support.apple.com/HT209448","https://support.apple.com/HT209447","https://support.apple.com/HT209446","https://support.apple.com/HT209451","https://support.apple.com/HT209443","https://support.apple.com/HT209450","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10365"],"reported" => "2018-12-21","severity" => "high"},{"affected_versions" => ["<1.59_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.59_01"],"id" => "CPANSA-DBD-SQLite-2018-8740","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["==1.55_06","<=1.55_03"],"cves" => ["CVE-2017-10989"],"description" => "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.55_07"],"id" => "CPANSA-DBD-SQLite-2017-10989","references" => ["https://sqlite.org/src/info/66de6f4a","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405","https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26","http://marc.info/?l=sqlite-users&m=149933696214713&w=2","http://www.securityfocus.com/bid/99502","http://www.securitytracker.com/id/1039427","https://support.apple.com/HT208144","https://support.apple.com/HT208115","https://support.apple.com/HT208113","https://support.apple.com/HT208112","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/"],"reported" => "2017-07-07","severity" => "critical"},{"affected_versions" => ["<=1.55_01"],"cves" => ["CVE-2016-6153"],"description" => "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.55_01"],"id" => "CPANSA-DBD-SQLite-2016-6153","references" => ["http://www.openwall.com/lists/oss-security/2016/07/01/1","http://www.securityfocus.com/bid/91546","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/","https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt","https://www.sqlite.org/releaselog/3_13_0.html","http://www.sqlite.org/cgi/src/info/67985761aa93fb61","http://www.openwall.com/lists/oss-security/2016/07/01/2","http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html","https://www.tenable.com/security/tns-2016-20","https://usn.ubuntu.com/4019-1/","https://usn.ubuntu.com/4019-2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://github.com/briandfoy/cpan-security-advisory/issues/187","https://rt.cpan.org/Public/Bug/Display.html?id=118395"],"reported" => "2016-09-26","severity" => "medium"},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3416"],"description" => "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3416","references" => ["http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://rhn.redhat.com/errata/RHSA-2015-1634.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3415"],"description" => "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3415","references" => ["https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["<=1.47_01"],"cves" => ["CVE-2015-3414"],"description" => "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2015-3414","references" => ["https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2","http://seclists.org/fulldisclosure/2015/Apr/31","http://www.debian.org/security/2015/dsa-3252","http://www.mandriva.com/security/advisories?name=MDVSA-2015:217","http://www.ubuntu.com/usn/USN-2698-1","https://support.apple.com/HT205267","http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html","https://support.apple.com/HT205213","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securitytracker.com/id/1033703","https://security.gentoo.org/glsa/201507-05","http://rhn.redhat.com/errata/RHSA-2015-1635.html","http://www.securityfocus.com/bid/74228","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"],"reported" => "2015-04-24","severity" => undef},{"affected_versions" => ["==1.47_01"],"cves" => ["CVE-2013-7443"],"description" => "Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.\n","distribution" => "DBD-SQLite","fixed_versions" => [">=1.47_02"],"id" => "CPANSA-DBD-SQLite-2013-7443","references" => ["https://www.sqlite.org/src/info/520070ec7fbaac73eda0e0123596b7bb3e9a6897","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1448758","https://www.sqlite.org/src/info/ac5852d6403c9c9628ca0aa7be135c702f000698","http://ubuntu.com/usn/usn-2698-1","http://www.openwall.com/lists/oss-security/2015/07/14/5","http://www.openwall.com/lists/oss-security/2015/07/15/4","http://www.securityfocus.com/bid/76089"],"reported" => "2015-08-12","severity" => undef},{"affected_versions" => [">=1.00,<=1.02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.03,<=1.04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.07"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.08"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.09"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.10,<=1.11"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.12"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.13"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.14"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.19_01,<=1.22_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.22_05,<=1.26_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.26_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.26_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.26_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.26_05,<=1.26_06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.26_07,<=1.27"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.28_01,<=1.28_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.29,<=1.30_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.30_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.30_04,<=1.31"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.32_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.32_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.32_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.32_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.33"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.34_01,<=1.34_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.36_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.36_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.36_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.36_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.37"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.38_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.38_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.38_03,<=1.40"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.41_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.41_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.41_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.41_04,<=1.41_05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.41_06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.41_07,<=1.43_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.43_03,<=1.43_07"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.43_08,<=1.44"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.45_01,<=1.45_05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.45_06,<=1.46"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.47_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.47_02,<1.47_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.47_05,<=1.48"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.49_01,<=1.49_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.49_03,<=1.49_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.49_05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.49_06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.49_07,<=1.50"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.51_01,<=1.51_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.51_04"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.51_05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.51_06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.51_07,<=1.54"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.55_01"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.55_02"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.55_03"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.55_04,<=1.55_05"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.55_06"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => [">=1.55_07,<=1.58"],"cves" => ["CVE-2018-8740"],"description" => "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-8740-sqlite","references" => ["https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema","https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964","https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b","http://www.securityfocus.com/bid/103466","https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/","https://usn.ubuntu.com/4205-1/","https://usn.ubuntu.com/4394-1/","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4\@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b\@%3Cissues.bookkeeper.apache.org%3E"],"reported" => "2018-03-17","severity" => "high"},{"affected_versions" => ["=1.59_01"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["=1.59_01"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.59_02,<=1.60"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => [">=1.59_02,<=1.60"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.61_01,<=1.61_02"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => [">=1.61_01,<=1.61_02"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.61_03,<=1.63_01"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => [">=1.61_03,<=1.63_01"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.63_02,<=1.63_03"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => [">=1.63_02,<=1.63_03"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => ["=1.63_04"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["=1.63_04"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.63_05,<=1.64"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => [">=1.63_05,<=1.64"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => ["=1.65_01"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["=1.65_01"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => ["=1.65_02"],"cves" => ["CVE-2020-11656"],"description" => "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11656-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/b64674919f673602","https://www.sqlite.org/src/info/d09f8c3621d5f7f8","https://security.netapp.com/advisory/ntap-20200416-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "critical"},{"affected_versions" => ["=1.65_02"],"cves" => ["CVE-2020-11655"],"description" => "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-11655-sqlite","references" => ["https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11","https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c","https://security.netapp.com/advisory/ntap-20200416-0001/","https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpujul2020.html","https://security.gentoo.org/glsa/202007-26","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2020-04-09","severity" => "high"},{"affected_versions" => [">=1.65_03,<=1.66"],"cves" => ["CVE-2020-15358"],"description" => "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2020-15358-sqlite","references" => ["https://www.sqlite.org/src/info/10fa79d00f8091e5","https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2","https://www.sqlite.org/src/tktview?name=8f157e8010","https://security.netapp.com/advisory/ntap-20200709-0001/","https://security.gentoo.org/glsa/202007-26","https://usn.ubuntu.com/4438-1/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211847","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/22","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Dec/32","https://www.oracle.com/security-alerts/cpujan2021.html","https://support.apple.com/kb/HT212147","http://seclists.org/fulldisclosure/2021/Feb/14","https://www.oracle.com/security-alerts/cpuApr2021.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-06-27","severity" => "medium"},{"affected_versions" => ["=1.67_01"],"cves" => ["CVE-2021-20223"],"description" => "An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode \"control-characters\" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20223-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b","https://www.sqlite.org/forum/forumpost/09609d7e22","https://sqlite.org/src/info/b7b7bde9b7a03665"],"reported" => "2022-08-25","severity" => "critical"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.67_02"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.67_03"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.67_04,<=1.67_06"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.67_07,<=1.70"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.71_01"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => ["=1.71_02"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.71_03,<=1.71_06"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2019-19242"],"description" => "SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2019-19242-sqlite","references" => ["https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"],"reported" => "2019-11-27","severity" => "medium"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2018-3906"],"description" => "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2018-3906-sqlite","references" => ["https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576"],"reported" => "2018-09-21","severity" => "high"},{"affected_versions" => [">=1.71_07,<=1.72"],"cves" => ["CVE-2021-20227"],"description" => "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.\n","distribution" => "DBD-SQLite","fixed_versions" => [],"id" => "CPANSA-DBD-SQLite-2021-20227-sqlite","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1924886","https://www.sqlite.org/releaselog/3_34_1.html","https://security.gentoo.org/glsa/202103-04","https://security.netapp.com/advisory/ntap-20210423-0010/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202210-40"],"reported" => "2021-03-23","severity" => "medium"}],"main_module" => "DBD::SQLite","versions" => [{"date" => "2002-02-19T18:56:55","version" => "0.05"},{"date" => "2002-02-22T07:29:26","version" => "0.06"},{"date" => "2002-02-23T11:19:51","version" => "0.07"},{"date" => "2002-02-25T12:59:46","version" => "0.08"},{"date" => "2002-02-27T19:46:01","version" => "0.09"},{"date" => "2002-02-28T11:11:10","version" => "0.10"},{"date" => "2002-03-13T12:16:23","version" => "0.11"},{"date" => "2002-03-21T16:49:25","version" => "0.12"},{"date" => "2002-03-26T22:39:39","version" => "0.13"},{"date" => "2002-03-28T15:59:02","version" => "0.14"},{"date" => "2002-04-02T10:48:10","version" => "0.15"},{"date" => "2002-06-17T23:50:53","version" => "0.16"},{"date" => "2002-06-26T13:59:05","version" => "0.17"},{"date" => "2002-07-12T13:46:37","version" => "0.18"},{"date" => "2002-08-13T22:19:45","version" => "0.19"},{"date" => "2002-10-17T16:25:57","version" => "0.20"},{"date" => "2002-10-18T07:08:42","version" => "0.21"},{"date" => "2002-12-18T18:02:11","version" => "0.22"},{"date" => "2002-12-29T16:25:29","version" => "0.23"},{"date" => "2003-01-29T16:47:23","version" => "0.24"},{"date" => "2003-03-06T22:24:48","version" => "0.25"},{"date" => "2003-07-31T15:16:06","version" => "0.26"},{"date" => "2003-08-18T20:17:31","version" => "0.27"},{"date" => "2003-08-25T13:42:07","version" => "0.28"},{"date" => "2003-12-05T15:42:05","version" => "0.29"},{"date" => "2004-02-08T18:45:02","version" => "0.30"},{"date" => "2004-02-14T19:18:16","version" => "0.31"},{"date" => "2004-07-21T21:19:33","version" => "1.00"},{"date" => "2004-08-01T04:49:09","version" => "1.01"},{"date" => "2004-08-02T18:35:42","version" => "1.02"},{"date" => "2004-08-09T15:43:59","version" => "1.03"},{"date" => "2004-08-23T15:14:21","version" => "1.04"},{"date" => "2004-09-10T15:46:34","version" => "1.05"},{"date" => "2004-09-21T17:26:28","version" => "1.06"},{"date" => "2004-10-12T09:07:33","version" => "1.07"},{"date" => "2005-02-26T13:47:33","version" => "1.08"},{"date" => "2005-06-20T15:42:32","version" => "1.09"},{"date" => "2005-12-01T20:56:30","version" => "1.10"},{"date" => "2005-12-02T19:13:29","version" => "1.11"},{"date" => "2006-04-10T02:24:08","version" => "1.12"},{"date" => "2006-09-08T05:02:06","version" => "1.13"},{"date" => "2007-09-19T19:25:09","version" => "1.14"},{"date" => "2009-03-27T11:11:41","version" => "1.19_01"},{"date" => "2009-03-28T16:46:41","version" => "1.19_02"},{"date" => "2009-03-30T21:58:59","version" => "1.19_03"},{"date" => "2009-03-31T20:31:37","version" => "1.19_04"},{"date" => "2009-04-02T04:24:12","version" => "1.19_05"},{"date" => "2009-04-03T19:21:54","version" => "1.19_06"},{"date" => "2009-04-04T00:49:42","version" => "1.19_07"},{"date" => "2009-04-04T04:29:03","version" => "1.19_08"},{"date" => "2009-04-05T03:16:37","version" => "1.19_09"},{"date" => "2009-04-05T19:43:04","version" => "1.19_10"},{"date" => "2009-04-07T14:00:36","version" => "1.20"},{"date" => "2009-04-08T01:24:11","version" => "1.21"},{"date" => "2009-04-08T02:05:13","version" => "1.22_01"},{"date" => "2009-04-08T11:49:36","version" => "1.22_02"},{"date" => "2009-04-09T09:40:39","version" => "1.22_03"},{"date" => "2009-04-11T01:58:53","version" => "1.22_04"},{"date" => "2009-04-14T15:52:05","version" => "1.22_05"},{"date" => "2009-04-15T14:59:20","version" => "1.22_06"},{"date" => "2009-04-16T05:40:28","version" => "1.22_07"},{"date" => "2009-04-17T09:08:15","version" => "1.22_08"},{"date" => "2009-04-19T09:53:00","version" => "1.23"},{"date" => "2009-04-22T02:14:33","version" => "1.24_01"},{"date" => "2009-04-23T00:50:02","version" => "1.24_02"},{"date" => "2009-04-23T10:20:49","version" => "1.25"},{"date" => "2009-05-05T06:04:00","version" => "1.26_01"},{"date" => "2009-06-19T06:56:29","version" => "1.26_02"},{"date" => "2009-08-12T06:01:13","version" => "1.26_03"},{"date" => "2009-10-06T06:23:40","version" => "1.26_04"},{"date" => "2009-10-15T04:05:19","version" => "1.26_05"},{"date" => "2009-10-28T11:16:12","version" => "1.26_06"},{"date" => "2009-11-16T01:47:37","version" => "1.26_07"},{"date" => "2009-11-23T11:15:09","version" => "1.27"},{"date" => "2009-12-23T11:44:07","version" => "1.28_01"},{"date" => "2010-01-03T05:56:21","version" => "1.28_02"},{"date" => "2010-01-08T09:14:18","version" => "1.29"},{"date" => "2010-03-10T15:55:37","version" => "1.30_01"},{"date" => "2010-03-30T11:45:57","version" => "1.30_02"},{"date" => "2010-05-31T03:13:24","version" => "1.30_03"},{"date" => "2010-08-25T09:25:41","version" => "1.30_04"},{"date" => "2010-08-27T15:31:59","version" => "1.30_05"},{"date" => "2010-09-09T01:49:17","version" => "1.30_06"},{"date" => "2010-09-15T07:30:11","version" => "1.31"},{"date" => "2010-12-10T05:14:51","version" => "1.32_01"},{"date" => "2011-03-07T06:57:51","version" => "1.32_02"},{"date" => "2011-05-12T05:05:38","version" => "1.32_03"},{"date" => "2011-05-20T02:39:29","version" => "1.32_04"},{"date" => "2011-05-30T07:39:31","version" => "1.33"},{"date" => "2011-09-21T16:26:23","version" => "1.34_01"},{"date" => "2011-10-21T06:13:45","version" => "1.34_02"},{"date" => "2011-11-01T03:51:19","version" => "1.34_03"},{"date" => "2011-11-29T00:16:47","version" => "1.35"},{"date" => "2012-01-19T06:15:08","version" => "1.36_01"},{"date" => "2012-02-23T04:11:05","version" => "1.36_02"},{"date" => "2012-05-07T22:56:21","version" => "1.36_03"},{"date" => "2012-05-19T09:46:14","version" => "1.36_04"},{"date" => "2012-06-09T14:43:03","version" => "1.37"},{"date" => "2012-09-24T10:18:25","version" => "1.38_01"},{"date" => "2013-04-09T05:03:21","version" => "1.38_02"},{"date" => "2013-05-21T05:14:23","version" => "1.38_03"},{"date" => "2013-05-29T07:11:57","version" => "1.38_04"},{"date" => "2013-05-31T04:39:53","version" => "1.38_05"},{"date" => "2013-06-09T15:10:40","version" => "1.39"},{"date" => "2013-07-28T05:31:53","version" => "1.40"},{"date" => "2013-08-27T06:41:37","version" => "1.41_01"},{"date" => "2013-08-29T18:53:29","version" => "1.41_02"},{"date" => "2013-09-04T17:57:50","version" => "1.41_03"},{"date" => "2014-01-12T01:19:09","version" => "1.41_04"},{"date" => "2014-01-22T03:53:26","version" => "1.41_05"},{"date" => "2014-02-12T02:53:38","version" => "1.41_06"},{"date" => "2014-03-13T13:44:52","version" => "1.41_07"},{"date" => "2014-03-19T15:29:13","version" => "1.42"},{"date" => "2014-03-25T18:50:08","version" => "1.43_01"},{"date" => "2014-03-25T19:58:13","version" => "1.43_02"},{"date" => "2014-06-12T05:01:15","version" => "1.43_03"},{"date" => "2014-07-21T01:13:47","version" => "1.43_04"},{"date" => "2014-07-21T05:45:41","version" => "1.43_05"},{"date" => "2014-07-22T00:31:31","version" => "1.43_06"},{"date" => "2014-07-29T17:03:09","version" => "1.43_07"},{"date" => "2014-08-21T09:01:11","version" => "1.43_08"},{"date" => "2014-10-20T07:50:46","version" => "1.43_09"},{"date" => "2014-10-22T14:15:00","version" => "1.44"},{"date" => "2014-10-22T15:33:37","version" => "1.45_01"},{"date" => "2014-10-23T08:21:27","version" => "1.45_02"},{"date" => "2014-10-24T17:57:53","version" => "1.45_03"},{"date" => "2014-10-28T08:28:00","version" => "1.45_04"},{"date" => "2014-11-25T04:07:43","version" => "1.45_05"},{"date" => "2014-11-26T08:52:49","version" => "1.45_06"},{"date" => "2014-12-10T06:23:03","version" => "1.46"},{"date" => "2015-02-17T07:00:46","version" => "1.47_01"},{"date" => "2015-04-16T13:30:38","version" => "1.47_02"},{"date" => "2015-04-16T14:45:00","version" => "1.47_03"},{"date" => "2015-05-01T17:37:17","version" => "1.47_04"},{"date" => "2015-05-08T13:49:32","version" => "1.47_05"},{"date" => "2015-06-11T16:10:44","version" => "1.48"},{"date" => "2015-08-04T11:18:05","version" => "1.49_01"},{"date" => "2015-10-10T03:43:45","version" => "1.49_02"},{"date" => "2015-11-05T05:52:27","version" => "1.49_03"},{"date" => "2015-11-24T12:59:11","version" => "1.49_04"},{"date" => "2016-01-11T13:32:43","version" => "1.49_05"},{"date" => "2016-01-15T03:40:44","version" => "1.49_06"},{"date" => "2016-01-21T01:11:59","version" => "1.49_07"},{"date" => "2016-01-30T00:55:58","version" => "1.49_08"},{"date" => "2016-02-10T15:04:42","version" => "1.50"},{"date" => "2016-02-20T01:03:50","version" => "1.51_01"},{"date" => "2016-02-20T01:49:29","version" => "1.51_02"},{"date" => "2016-02-20T11:06:51","version" => "1.51_03"},{"date" => "2016-03-07T04:33:35","version" => "1.51_04"},{"date" => "2016-06-23T01:22:57","version" => "1.51_05"},{"date" => "2016-10-15T00:21:14","version" => "1.51_06"},{"date" => "2016-10-16T05:16:29","version" => "1.51_07"},{"date" => "2016-11-15T13:02:35","version" => "1.52"},{"date" => "2016-11-26T01:34:30","version" => "1.53_01"},{"date" => "2016-12-24T02:36:45","version" => "1.54"},{"date" => "2017-01-03T15:42:47","version" => "1.55_01"},{"date" => "2017-01-07T16:49:21","version" => "1.55_02"},{"date" => "2017-02-14T01:31:43","version" => "1.55_03"},{"date" => "2017-11-21T17:07:32","version" => "1.55_04"},{"date" => "2017-12-15T18:52:29","version" => "1.55_05"},{"date" => "2018-01-27T07:33:51","version" => "1.55_06"},{"date" => "2018-01-27T07:42:58","version" => "1.55_07"},{"date" => "2018-02-28T09:01:25","version" => "1.56"},{"date" => "2018-03-21T06:45:29","version" => "1.57_01"},{"date" => "2018-03-28T11:56:19","version" => "1.58"},{"date" => "2018-09-16T19:25:50","version" => "1.59_01"},{"date" => "2018-09-30T06:09:34","version" => "1.59_02"},{"date" => "2018-11-03T12:14:20","version" => "1.59_03"},{"date" => "2018-12-01T02:42:29","version" => "1.60"},{"date" => "2018-12-01T08:01:30","version" => "1.61_01"},{"date" => "2018-12-01T09:10:18","version" => "1.61_02"},{"date" => "2018-12-19T13:03:22","version" => "1.61_03"},{"date" => "2018-12-22T06:37:21","version" => "1.61_04"},{"date" => "2018-12-28T17:59:27","version" => "1.62"},{"date" => "2019-01-25T22:31:45","version" => "1.63_01"},{"date" => "2019-02-13T19:09:44","version" => "1.63_02"},{"date" => "2019-02-14T16:56:40","version" => "1.63_03"},{"date" => "2019-05-24T16:39:18","version" => "1.63_04"},{"date" => "2019-07-11T17:50:51","version" => "1.63_05"},{"date" => "2019-08-12T09:02:59","version" => "1.64"},{"date" => "2020-01-18T01:56:18","version" => "1.65_01"},{"date" => "2020-02-08T13:02:59","version" => "1.65_02"},{"date" => "2020-07-26T16:42:08","version" => "1.65_03"},{"date" => "2020-08-30T02:14:15","version" => "1.66"},{"date" => "2020-11-24T12:57:56","version" => "1.67_01"},{"date" => "2020-12-05T17:06:24","version" => "1.67_02"},{"date" => "2021-03-30T21:37:13","version" => "1.67_03"},{"date" => "2021-05-30T22:56:01","version" => "1.67_04"},{"date" => "2021-06-12T23:39:11","version" => "1.67_05"},{"date" => "2021-06-14T03:49:54","version" => "1.67_06"},{"date" => "2021-06-19T00:57:41","version" => "1.67_07"},{"date" => "2021-07-22T05:30:17","version" => "1.68"},{"date" => "2021-07-29T21:09:19","version" => "1.69_01"},{"date" => "2021-07-30T14:21:39","version" => "1.69_02"},{"date" => "2021-08-01T10:20:33","version" => "1.70"},{"date" => "2021-12-01T17:03:29","version" => "1.71_01"},{"date" => "2022-01-06T20:51:05","version" => "1.71_02"},{"date" => "2022-02-23T10:49:28","version" => "1.71_03"},{"date" => "2022-02-26T00:59:40","version" => "1.71_04"},{"date" => "2022-02-26T02:49:09","version" => "1.71_05"},{"date" => "2022-03-12T02:54:15","version" => "1.71_06"},{"date" => "2022-10-25T18:36:30","version" => "1.71_07"},{"date" => "2022-11-03T16:28:17","version" => "1.72"},{"date" => "2023-07-09T01:04:52","version" => "1.73_01"},{"date" => "2023-09-19T17:26:03","version" => "1.74"},{"date" => "2024-09-17T14:05:40","version" => "1.75_01"},{"date" => "2024-10-19T04:47:07","version" => "1.76"},{"date" => "2025-11-24T04:21:58","version" => "1.77_01"},{"date" => "2025-11-24T08:08:46","version" => "1.77_02"},{"date" => "2025-12-27T02:02:17","version" => "1.77_03"},{"date" => "2026-01-02T01:23:08","version" => "1.78"}]},"DBD-mysql" => {"advisories" => [{"affected_versions" => ["<4.044"],"cves" => ["CVE-2017-10788"],"description" => "The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.044"],"id" => "CPANSA-DBD-mysql-2017-02","references" => ["https://github.com/perl5-dbi/DBD-mysql/issues/120","http://www.securityfocus.com/bid/99374","http://seclists.org/oss-sec/2017/q2/443"],"reported" => "2017-04-13"},{"affected_versions" => ["<4.044"],"cves" => ["CVE-2017-10789"],"description" => "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.044"],"id" => "CPANSA-DBD-mysql-2017-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/pull/114"],"reported" => "2017-03-23"},{"affected_versions" => [">=2.9003,<4.039"],"cves" => ["CVE-2016-1249"],"description" => "Out-of-bounds read.\n","distribution" => "DBD-mysql","fixed_versions" => ["<2.9003,>=4.039"],"id" => "CPANSA-DBD-mysql-2016-03","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe"],"reported" => "2016-11-16"},{"affected_versions" => ["<4.037"],"cves" => ["CVE-2016-1246"],"description" => "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.037"],"id" => "CPANSA-DBD-mysql-2016-02","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2","http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"],"reported" => "2016-10-02"},{"affected_versions" => ["<4.034"],"cves" => ["CVE-2015-8949"],"description" => "Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.034"],"id" => "CPANSA-DBD-mysql-2016-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156"],"reported" => "2016-08-19"},{"affected_versions" => ["<4.041"],"cves" => ["CVE-2016-1251"],"description" => "There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.041"],"id" => "CPANSA-DBD-mysql-2015-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1"],"reported" => "2015-12-27"},{"affected_versions" => ["<4.028"],"cves" => ["CVE-2014-9906"],"description" => "Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.\n","distribution" => "DBD-mysql","fixed_versions" => [">=4.028"],"id" => "CPANSA-DBD-mysql-2014-01","references" => ["https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc","https://rt.cpan.org/Public/Bug/Display.html?id=97625"],"reported" => "2014-07-30"}],"main_module" => "DBD::mysql","versions" => [{"date" => "2000-04-15T20:17:36","version" => "v1.2212."},{"date" => "2001-05-06T21:47:46","version" => "2.0900"},{"date" => "2001-05-25T21:24:45","version" => "2.0901"},{"date" => "2001-07-09T21:10:17","version" => "2.0902"},{"date" => "2001-10-28T22:53:19","version" => "2.0903"},{"date" => "2001-10-31T04:01:07","version" => "2.1000"},{"date" => "2001-11-04T17:55:04","version" => "2.1001"},{"date" => "2001-11-04T18:22:30","version" => "2.1002"},{"date" => "2001-11-05T20:14:34","version" => "2.1003"},{"date" => "2001-11-13T01:24:26","version" => "2.1004"},{"date" => "2001-12-13T09:07:53","version" => "2.1005"},{"date" => "2001-12-27T18:10:04","version" => "2.1007"},{"date" => "2001-12-27T18:10:21","version" => "2.1006"},{"date" => "2001-12-28T17:06:05","version" => "2.1008"},{"date" => "2002-01-01T20:02:26","version" => "2.1009"},{"date" => "2002-01-07T21:33:21","version" => "2.1010"},{"date" => "2002-02-12T11:09:53","version" => "2.1011"},{"date" => "2002-04-12T07:21:06","version" => "2.1012"},{"date" => "2002-04-15T07:49:36","version" => "2.1013"},{"date" => "2002-04-17T21:24:26","version" => "2.1014"},{"date" => "2002-04-29T20:53:41","version" => "2.1015"},{"date" => "2002-05-01T20:07:05","version" => "2.1016"},{"date" => "2002-05-02T20:59:04","version" => "2.1017"},{"date" => "2002-08-13T17:52:25","version" => "2.1018"},{"date" => "2002-09-16T18:42:20","version" => "2.1019"},{"date" => "2002-09-23T20:42:50","version" => "2.1020"},{"date" => "2002-12-17T20:46:14","version" => "2.1021"},{"date" => "2003-01-03T02:46:24","version" => "2.1022"},{"date" => "2003-01-19T21:19:03","version" => "2.1023"},{"date" => "2003-01-20T12:08:27","version" => "2.1024"},{"date" => "2003-02-07T21:09:44","version" => "2.1025"},{"date" => "2003-03-03T20:46:27","version" => "2.1026"},{"date" => "2003-05-31T18:08:15","version" => "2.1027"},{"date" => "2003-06-25T16:12:36","version" => "2.1028"},{"date" => "2003-06-27T04:32:05","version" => "2.9002"},{"date" => "2003-09-12T17:04:42","version" => "2.9003_1"},{"date" => "2003-10-27T03:39:04","version" => "2.9003"},{"date" => "2004-07-01T03:24:14","version" => "2.9004_2"},{"date" => "2004-07-14T03:07:34","version" => "2.9004"},{"date" => "2004-10-20T17:27:25","version" => "2.9005_1"},{"date" => "2004-10-28T00:39:25","version" => "2.9005_3"},{"date" => "2005-03-29T02:43:14","version" => "2.9005"},{"date" => "2005-04-04T04:27:00","version" => "2.9006"},{"date" => "2005-04-27T00:13:49","version" => "2.9015_3"},{"date" => "2005-04-27T00:14:06","version" => "2.9007"},{"date" => "2005-06-06T01:39:20","version" => "2.9008"},{"date" => "2005-07-01T01:48:20","version" => "3.0000"},{"date" => "2005-07-03T21:56:11","version" => "3.0000_0"},{"date" => "2005-07-04T15:53:40","version" => "3.0001_0"},{"date" => "2005-07-04T16:16:00","version" => "3.0001_1"},{"date" => "2005-07-07T01:14:17","version" => "3.0001"},{"date" => "2005-07-07T01:22:39","version" => "3.0001_2"},{"date" => "2005-07-08T05:37:13","version" => "3.0001_3"},{"date" => "2005-07-11T16:49:47","version" => "3.0002"},{"date" => "2005-08-04T02:50:35","version" => "3.0002_1"},{"date" => "2005-09-26T23:22:57","version" => "3.0002_2"},{"date" => "2005-09-28T18:58:55","version" => "3.0002_3"},{"date" => "2005-11-06T21:47:29","version" => "3.0002_4"},{"date" => "2006-02-01T23:20:01","version" => "3.0002_5"},{"date" => "2006-05-04T17:49:06","version" => "3.0003"},{"date" => "2006-05-04T17:49:23","version" => "3.0003_1"},{"date" => "2006-05-21T17:28:22","version" => "3.0004"},{"date" => "2006-05-21T17:28:33","version" => "3.0004_1"},{"date" => "2006-06-10T01:21:49","version" => "3.0005_1"},{"date" => "2006-06-10T01:22:01","version" => "3.0005"},{"date" => "2006-06-11T17:05:25","version" => "3.0006"},{"date" => "2006-06-11T17:05:36","version" => "3.0006_1"},{"date" => "2006-09-08T23:12:02","version" => "3.0007"},{"date" => "2006-09-08T23:13:45","version" => "3.0007_1"},{"date" => "2006-10-07T12:59:23","version" => "3.0007_2"},{"date" => "2006-10-16T13:42:13","version" => "3.0008"},{"date" => "2006-10-16T13:42:24","version" => "3.0008_1"},{"date" => "2006-12-24T14:11:04","version" => "4.00"},{"date" => "2007-01-08T01:11:12","version" => "4.001"},{"date" => "2007-03-02T03:32:59","version" => "4.002"},{"date" => "2007-03-02T14:13:37","version" => "4.003"},{"date" => "2007-03-22T22:31:22","version" => "4.004"},{"date" => "2007-06-08T15:33:34","version" => "4.005"},{"date" => "2007-12-26T22:50:48","version" => "4.006"},{"date" => "2008-05-11T15:56:07","version" => "4.007"},{"date" => "2008-08-15T14:06:50","version" => "4.008"},{"date" => "2008-10-22T01:05:54","version" => "4.009"},{"date" => "2008-10-24T14:00:41","version" => "4.010"},{"date" => "2009-04-14T02:40:31","version" => "4.011"},{"date" => "2009-06-19T02:08:06","version" => "4.012"},{"date" => "2009-09-16T18:37:29","version" => "4.013"},{"date" => "2010-04-15T03:17:58","version" => "4.014"},{"date" => "2010-07-09T19:48:58","version" => "4.015"},{"date" => "2010-07-10T16:50:49","version" => "4.016"},{"date" => "2010-08-12T05:50:17","version" => "4.017"},{"date" => "2010-10-26T16:59:27","version" => "4.018"},{"date" => "2011-05-09T01:28:25","version" => "4.019"},{"date" => "2011-08-20T18:45:49","version" => "4.020"},{"date" => "2012-04-28T14:18:16","version" => "4.021"},{"date" => "2012-08-30T02:00:19","version" => "4.022"},{"date" => "2013-04-12T21:48:10","version" => "4.023"},{"date" => "2013-09-17T16:04:11","version" => "4.024"},{"date" => "2013-11-04T18:29:18","version" => "4.025"},{"date" => "2014-01-16T01:33:03","version" => "4.026"},{"date" => "2014-03-19T14:25:36","version" => "4.027"},{"date" => "2014-08-01T19:59:28","version" => "4.028"},{"date" => "2014-12-09T02:39:44","version" => "4.029"},{"date" => "2015-01-28T03:53:42","version" => "4.030_01"},{"date" => "2015-03-02T20:44:31","version" => "4.030_02"},{"date" => "2015-03-06T20:12:05","version" => "4.031"},{"date" => "2015-04-16T22:28:43","version" => "4.032_01"},{"date" => "2015-07-21T12:15:24","version" => "4.032"},{"date" => "2015-10-25T19:59:17","version" => "4.032_03"},{"date" => "2015-10-27T03:37:29","version" => "4.033"},{"date" => "2015-12-15T07:16:36","version" => "4.033_01"},{"date" => "2015-12-18T07:00:41","version" => "4.033_02"},{"date" => "2016-07-04T19:32:50","version" => "4.033_03"},{"date" => "2016-07-06T06:32:05","version" => "4.034"},{"date" => "2016-07-09T05:50:13","version" => "4.035"},{"date" => "2016-08-01T06:29:25","version" => "4.035_01"},{"date" => "2016-08-11T08:11:18","version" => "4.035_02"},{"date" => "2016-08-19T15:52:10","version" => "4.035_03"},{"date" => "2016-08-23T05:59:26","version" => "4.036"},{"date" => "2016-10-03T07:00:29","version" => "4.037"},{"date" => "2016-10-14T20:56:49","version" => "4.037_01"},{"date" => "2016-10-19T19:37:55","version" => "4.037_02"},{"date" => "2016-10-20T02:33:04","version" => "4.038"},{"date" => "2016-10-30T08:45:31","version" => "4.038_01"},{"date" => "2016-11-16T03:57:57","version" => "4.039"},{"date" => "2016-11-19T19:56:51","version" => "4.040"},{"date" => "2016-11-28T20:40:41","version" => "4.041"},{"date" => "2016-12-13T06:59:09","version" => "4.041_01"},{"date" => "2017-02-28T20:57:20","version" => "4.041_02"},{"date" => "2017-03-08T20:32:52","version" => "4.042"},{"date" => "2017-06-29T21:12:09","version" => "4.043"},{"date" => "2018-01-23T01:53:30","version" => "4.044"},{"date" => "2018-02-07T21:43:00","version" => "4.044"},{"date" => "2018-02-08T20:30:55","version" => "4.045"},{"date" => "2018-02-08T20:48:11","version" => "4.046"},{"date" => "2018-03-09T20:27:44","version" => "4.046_01"},{"date" => "2018-09-09T03:02:20","version" => "4.047"},{"date" => "2018-09-15T12:46:51","version" => "4.048"},{"date" => "2018-11-17T18:58:09","version" => "4.049"},{"date" => "2019-01-09T09:07:15","version" => "4.050"},{"date" => "2019-10-07T10:06:13","version" => "4.018_01"},{"date" => "2023-10-04T07:10:45","version" => "4.051"},{"date" => "2023-10-04T07:20:03","version" => "5.001"},{"date" => "2023-10-24T09:02:42","version" => "5.002"},{"date" => "2023-12-01T07:13:15","version" => "4.052"},{"date" => "2023-12-01T07:14:42","version" => "5.003"},{"date" => "2024-03-19T08:16:14","version" => "5.004"},{"date" => "2024-05-01T09:04:33","version" => "5.005"},{"date" => "2024-06-04T19:59:44","version" => "5.006"},{"date" => "2024-07-01T06:02:18","version" => "5.007"},{"date" => "2024-07-30T07:47:38","version" => "5.008"},{"date" => "2024-09-19T08:35:24","version" => "5.009"},{"date" => "2024-11-11T06:43:01","version" => "5.010"},{"date" => "2025-01-06T06:52:30","version" => "4.053"},{"date" => "2025-01-06T06:55:27","version" => "5.011"},{"date" => "2025-04-11T16:18:15","version" => "5.012"},{"date" => "2025-08-03T08:51:10","version" => "4.054"},{"date" => "2025-08-03T08:51:21","version" => "5.013"},{"date" => "2026-02-23T07:39:11","version" => "4.055"}]},"DBD-mysqlPP" => {"advisories" => [{"affected_versions" => ["<0.93"],"cves" => [],"description" => "SQL injection.\n","distribution" => "DBD-mysqlPP","fixed_versions" => [">=0.03"],"id" => "CPANSA-DBD-mysqlPP-2011-01","references" => ["https://metacpan.org/changes/distribution/DBD-mysqlPP","https://jvn.jp/en/jp/JVN51216285/index.html"],"reported" => "2011-10-14","severity" => "high"}],"main_module" => "DBD::mysqlPP","versions" => [{"date" => "2002-04-04T07:20:36","version" => "0.02"},{"date" => "2002-04-15T10:26:39","version" => "0.03"},{"date" => "2003-01-24T11:14:14","version" => "0.04"},{"date" => "2011-10-21T23:07:07","version" => "0.05"},{"date" => "2011-10-26T22:17:22","version" => "0.06"},{"date" => "2011-11-17T22:24:50","version" => "0.07"}]},"DBI" => {"advisories" => [{"affected_versions" => ["<1.643"],"cves" => ["CVE-2020-14393"],"description" => "A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-01","references" => ["https://metacpan.org/changes/distribution/DBI","https://bugzilla.redhat.com/show_bug.cgi?id=1877409"],"reported" => "2020-09-16","severity" => "high"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2020-14392"],"description" => "An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-03","references" => ["https://metacpan.org/changes/distribution/DBI","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://bugzilla.redhat.com/show_bug.cgi?id=1877402","https://bugzilla.redhat.com/show_bug.cgi?id=1877402","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html","https://usn.ubuntu.com/4503-1/"],"reported" => "2020-06-17","severity" => "high"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2019-20919"],"description" => "An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.\n","distribution" => "DBI","fixed_versions" => [">=1.643"],"id" => "CPANSA-DBI-2020-02","references" => ["https://metacpan.org/changes/distribution/DBI","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20919","https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff","https://bugzilla.redhat.com/show_bug.cgi?id=1877405","https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html","https://lists.opensuse.org/archives/list/security-announce\@lists.opensuse.org/message/US6VXPKVAYHOKNFSAFLM3FWNYZSJKQHS/","https://lists.opensuse.org/archives/list/security-announce\@lists.opensuse.org/message/KJN7E27GD6QQ2CRGEJ3TNW2DJFXA2AKN/","https://ubuntu.com/security/notices/USN-4534-1"],"reported" => "2020-09-17","severity" => "high"},{"affected_versions" => ["<1.632"],"cves" => [],"description" => "DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.\n","distribution" => "DBI","fixed_versions" => [">=1.632"],"id" => "CPANSA-DBI-2014-01","references" => ["https://metacpan.org/changes/distribution/DBI","https://rt.cpan.org/Public/Bug/Display.html?id=99508"],"reported" => "2014-10-15","severity" => "high"},{"affected_versions" => ["<1.47"],"cves" => ["CVE-2005-0077"],"description" => "Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.\n","distribution" => "DBI","fixed_versions" => [">=1.47"],"id" => "CPANSA-DBI-2005-01","references" => ["https://metacpan.org/changes/distribution/DBI"],"reported" => "2005-05-02"},{"affected_versions" => ["<1.643"],"cves" => ["CVE-2014-10402"],"description" => "An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.\n","distribution" => "DBI","fixed_versions" => [">=1.644"],"id" => "CPANSA-DBI-2014-10402","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590","https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes"],"reported" => "2020-09-16","severity" => "medium"},{"affected_versions" => ["<1.632"],"cves" => ["CVE-2014-10401"],"description" => "An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.\n","distribution" => "DBI","fixed_versions" => [">=1.644"],"id" => "CPANSA-DBI-2014-10401","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=99508","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014","https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a","https://usn.ubuntu.com/4509-1/","https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes"],"reported" => "2020-09-11","severity" => "medium"},{"affected_versions" => ["<1.628"],"cves" => ["CVE-2013-7491"],"description" => "An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.\n","distribution" => "DBI","fixed_versions" => [">=1.628"],"id" => "CPANSA-DBI-2013-7491","references" => ["https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.628-22nd-July-2013","https://rt.cpan.org/Public/Bug/Display.html?id=85562"],"reported" => "2020-09-11","severity" => "medium"},{"affected_versions" => ["<1.632"],"cves" => ["CVE-2013-7490"],"description" => "An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.\n","distribution" => "DBI","fixed_versions" => [">=1.632"],"id" => "CPANSA-DBI-2013-7490","references" => ["https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766","https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014","https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941","https://usn.ubuntu.com/4509-1/"],"reported" => "2020-09-11","severity" => "medium"}],"main_module" => "DBI","versions" => [{"date" => "1995-10-27T08:14:00","version" => "0.64"},{"date" => "1996-02-15T22:07:00","version" => "0.67"},{"date" => "1996-04-22T10:22:00","version" => "0.68"},{"date" => "1996-05-07T19:46:00","version" => "0.69"},{"date" => "1996-06-16T21:08:00","version" => "0.70"},{"date" => "1996-07-10T00:49:00","version" => "0.71"},{"date" => "1996-09-23T16:33:00","version" => "0.72"},{"date" => "1996-10-15T00:58:00","version" => "0.73"},{"date" => "1997-01-14T16:59:00","version" => "0.74"},{"date" => "1997-01-27T21:59:00","version" => "0.75"},{"date" => "1997-02-03T18:54:00","version" => "0.76"},{"date" => "1997-02-21T14:27:00","version" => "0.77"},{"date" => "1997-03-28T14:36:00","version" => "0.78"},{"date" => "1997-04-07T18:28:00","version" => "0.79"},{"date" => "1997-05-07T11:45:00","version" => "0.80"},{"date" => "1997-05-07T14:05:00","version" => "0.81"},{"date" => "1997-05-23T15:56:00","version" => "0.82"},{"date" => "1997-06-11T21:40:00","version" => "0.83"},{"date" => "1997-06-20T15:36:00","version" => "0.84"},{"date" => "1997-06-25T10:25:00","version" => "0.85"},{"date" => "1997-07-16T16:38:00","version" => "0.001"},{"date" => "1997-07-18T11:27:00","version" => "0.87"},{"date" => "1997-07-22T21:27:00","version" => "0.88"},{"date" => "1997-07-25T13:46:55","version" => "0.89"},{"date" => "1997-09-05T19:38:52","version" => "0.90"},{"date" => "1997-12-10T17:15:14","version" => "0.91"},{"date" => "1998-02-05T20:45:45","version" => "0.92"},{"date" => "1998-02-13T15:21:52","version" => "0.93"},{"date" => "1998-08-10T03:23:46","version" => "0.94"},{"date" => "1998-08-11T13:21:19","version" => "0.95"},{"date" => "1998-08-14T20:38:42","version" => "1.00"},{"date" => "1998-09-02T14:59:47","version" => "1.01"},{"date" => "1998-09-04T12:29:52","version" => "1.02"},{"date" => "1999-01-18T21:52:15","version" => "1.06"},{"date" => "1999-05-13T01:49:11","version" => "1.08"},{"date" => "1999-06-02T13:44:40","version" => "1.08"},{"date" => "1999-06-09T20:57:59","version" => "1.09"},{"date" => "1999-06-13T23:52:03","version" => "1.10"},{"date" => "1999-06-17T13:22:36","version" => "1.11"},{"date" => "1999-06-29T23:07:41","version" => "1.12"},{"date" => "1999-07-12T03:28:41","version" => "1.13"},{"date" => "2000-06-11T02:39:59","version" => "1.03_80"},{"date" => "2000-06-14T20:30:57","version" => "1.14"},{"date" => "2001-03-30T15:03:31","version" => "1.15"},{"date" => "2001-05-29T23:25:57","version" => "1.16"},{"date" => "2001-06-04T17:12:30","version" => "1.17"},{"date" => "2001-06-04T19:00:37","version" => "1.18"},{"date" => "2001-07-20T22:29:24","version" => "1.19"},{"date" => "2001-08-24T23:32:10","version" => "1.20"},{"date" => "2002-01-10T15:25:45","version" => "1.201"},{"date" => "2002-02-07T03:30:16","version" => "1.21"},{"date" => "2002-03-13T14:18:00","version" => "1.21"},{"date" => "2002-05-22T13:42:15","version" => "1.22"},{"date" => "2002-05-25T17:38:03","version" => "1.23"},{"date" => "2002-06-05T03:32:38","version" => "1.24"},{"date" => "2002-06-05T22:42:04","version" => "1.25"},{"date" => "2002-06-13T12:30:47","version" => "1.26"},{"date" => "2002-06-13T15:19:06","version" => "1.27"},{"date" => "2002-06-14T13:13:53","version" => "1.28"},{"date" => "2002-06-26T09:34:24","version" => "1.28"},{"date" => "2002-07-15T11:24:40","version" => "1.29"},{"date" => "2002-07-18T14:27:25","version" => "1.30"},{"date" => "2002-11-30T00:49:54","version" => "1.31"},{"date" => "2002-12-01T23:01:26","version" => "1.32"},{"date" => "2002-12-20T16:23:29","version" => "1.32"},{"date" => "2003-02-26T18:01:24","version" => "1.32_90"},{"date" => "2003-02-27T00:25:32","version" => "1.33"},{"date" => "2003-02-28T17:53:35","version" => "1.34"},{"date" => "2003-03-07T22:02:20","version" => "1.35"},{"date" => "2003-05-14T11:13:39","version" => "1.36"},{"date" => "2003-05-15T18:02:26","version" => "1.37"},{"date" => "2003-08-25T20:36:26","version" => "1.38"},{"date" => "2003-11-27T23:46:40","version" => "1.39"},{"date" => "2004-01-08T14:04:59","version" => "1.39"},{"date" => "2004-02-23T14:54:21","version" => "1.41"},{"date" => "2004-03-12T16:40:08","version" => "1.41"},{"date" => "2004-07-05T10:02:05","version" => "1.43"},{"date" => "2004-10-05T21:27:23","version" => "1.44"},{"date" => "2004-10-06T13:49:20","version" => "1.45"},{"date" => "2004-11-16T12:38:32","version" => "1.46"},{"date" => "2005-02-02T11:28:46","version" => "1.47"},{"date" => "2005-03-14T17:03:33","version" => "1.48"},{"date" => "2005-11-29T19:59:40","version" => "1.49"},{"date" => "2005-12-14T16:55:16","version" => "1.50"},{"date" => "2006-04-19T15:56:38","version" => "1.45"},{"date" => "2006-06-06T12:08:36","version" => "1.51"},{"date" => "2006-08-08T21:13:32","version" => "1.52"},{"date" => "2006-11-02T00:38:01","version" => "1.53"},{"date" => "2007-02-23T17:15:23","version" => "1.54"},{"date" => "2007-05-04T14:56:38","version" => "1.55"},{"date" => "2007-05-10T14:04:04","version" => "1.56"},{"date" => "2007-05-13T22:00:58","version" => "1.56"},{"date" => "2007-06-13T16:45:34","version" => "1.57"},{"date" => "2007-06-15T17:06:42","version" => "1.57"},{"date" => "2007-06-18T15:15:31","version" => "1.57"},{"date" => "2007-06-25T22:11:47","version" => "1.58"},{"date" => "2007-08-22T17:02:10","version" => "1.59"},{"date" => "2007-08-23T12:22:26","version" => "1.59"},{"date" => "2007-08-23T13:59:53","version" => "1.59"},{"date" => "2007-08-24T09:19:29","version" => "1.59"},{"date" => "2007-10-16T13:12:55","version" => "1.601"},{"date" => "2007-10-21T22:12:52","version" => "1.601"},{"date" => "2008-02-09T22:06:13","version" => "1.602"},{"date" => "2008-03-22T00:11:03","version" => "1.603"},{"date" => "2008-03-24T14:11:41","version" => "1.604"},{"date" => "2008-06-16T19:19:43","version" => "1.605"},{"date" => "2008-07-22T21:01:09","version" => "1.606"},{"date" => "2008-07-22T21:50:54","version" => "1.607"},{"date" => "2009-05-02T22:58:48","version" => "1.608"},{"date" => "2009-05-05T12:05:19","version" => "1.608"},{"date" => "2009-06-05T22:57:34","version" => "1.609"},{"date" => "2009-06-08T10:29:18","version" => "1.609"},{"date" => "2010-03-02T21:26:39","version" => "1.611"},{"date" => "2010-04-22T11:06:31","version" => "1.611"},{"date" => "2010-04-27T15:13:32","version" => "1.611"},{"date" => "2010-04-29T19:54:44","version" => "1.611"},{"date" => "2010-05-28T10:29:17","version" => "1.612"},{"date" => "2010-06-15T22:47:23","version" => "1.612"},{"date" => "2010-06-16T19:18:05","version" => "1.612"},{"date" => "2010-07-02T14:26:03","version" => "1.612"},{"date" => "2010-07-15T15:00:53","version" => "1.612"},{"date" => "2010-07-16T19:36:42","version" => "1.612"},{"date" => "2010-07-22T17:34:16","version" => "1.613"},{"date" => "2010-07-25T15:50:15","version" => "1.613"},{"date" => "2010-07-30T14:17:33","version" => "1.614"},{"date" => "2010-08-16T16:34:58","version" => "1.614"},{"date" => "2010-08-30T20:11:00","version" => "1.614"},{"date" => "2010-08-30T20:26:37","version" => "1.614"},{"date" => "2010-08-30T20:56:09","version" => "1.614"},{"date" => "2010-09-02T15:44:21","version" => "1.614"},{"date" => "2010-09-09T10:24:11","version" => "1.614"},{"date" => "2010-09-16T16:23:50","version" => "1.614"},{"date" => "2010-09-17T09:48:02","version" => "1.614"},{"date" => "2010-09-21T10:14:29","version" => "1.615"},{"date" => "2010-09-22T12:28:20","version" => "1.615"},{"date" => "2010-12-18T21:51:52","version" => "1.616"},{"date" => "2010-12-21T23:26:46","version" => "1.616"},{"date" => "2010-12-29T14:39:48","version" => "1.616"},{"date" => "2010-12-30T10:26:51","version" => "1.616"},{"date" => "2012-01-02T17:12:53","version" => "1.617"},{"date" => "2012-01-28T09:34:18","version" => "1.617"},{"date" => "2012-01-30T10:06:49","version" => "1.617"},{"date" => "2012-02-07T22:54:02","version" => "1.618"},{"date" => "2012-02-13T18:24:33","version" => "1.618"},{"date" => "2012-02-23T11:05:45","version" => "1.618"},{"date" => "2012-02-25T14:24:39","version" => "1.618"},{"date" => "2012-04-18T11:57:55","version" => "1.619"},{"date" => "2012-04-20T20:21:54","version" => "1.619"},{"date" => "2012-04-23T22:09:14","version" => "1.619"},{"date" => "2012-04-25T12:46:54","version" => "1.620"},{"date" => "2012-05-21T13:06:09","version" => "1.621"},{"date" => "2012-05-22T22:17:06","version" => "1.621"},{"date" => "2012-06-06T16:51:00","version" => "1.622"},{"date" => "2012-07-13T15:24:35","version" => "1.623"},{"date" => "2012-10-30T13:01:14","version" => "1.623"},{"date" => "2012-11-19T23:27:04","version" => "1.623"},{"date" => "2012-12-13T16:26:23","version" => "1.623"},{"date" => "2012-12-21T17:22:01","version" => "1.623"},{"date" => "2013-01-02T10:09:42","version" => "1.623"},{"date" => "2013-03-22T20:41:50","version" => "1.624"},{"date" => "2013-03-28T21:59:38","version" => "1.625"},{"date" => "2013-05-15T11:28:03","version" => "1.626"},{"date" => "2013-05-16T20:30:50","version" => "1.627"},{"date" => "2013-06-24T21:56:27","version" => "1.628"},{"date" => "2013-06-24T22:12:23","version" => "1.628"},{"date" => "2013-06-30T19:08:08","version" => "1.628"},{"date" => "2013-07-02T11:27:23","version" => "1.628"},{"date" => "2013-07-22T13:22:40","version" => "1.628"},{"date" => "2013-10-11T12:28:12","version" => "1.629"},{"date" => "2013-10-13T16:02:52","version" => "1.629"},{"date" => "2013-10-15T12:24:53","version" => "1.629"},{"date" => "2013-10-22T11:58:53","version" => "1.629_50"},{"date" => "2013-10-28T12:51:39","version" => "1.630"},{"date" => "2014-01-13T13:51:01","version" => "1.631"},{"date" => "2014-01-16T11:34:34","version" => "1.631"},{"date" => "2014-01-20T11:12:44","version" => "1.631"},{"date" => "2014-10-23T14:08:22","version" => "1.631"},{"date" => "2014-11-05T11:15:07","version" => "1.632"},{"date" => "2015-01-08T14:31:52","version" => "1.632"},{"date" => "2015-01-11T13:26:05","version" => "1.633"},{"date" => "2015-07-18T13:16:07","version" => "1.633"},{"date" => "2015-07-19T14:34:22","version" => "1.633_91"},{"date" => "2015-07-22T15:27:59","version" => "1.633_92"},{"date" => "2015-08-02T16:52:48","version" => "1.633_93"},{"date" => "2015-08-03T14:52:56","version" => "1.634"},{"date" => "2016-04-23T15:28:02","version" => "1.634"},{"date" => "2016-04-24T11:57:03","version" => "1.635"},{"date" => "2016-04-24T22:20:56","version" => "1.636"},{"date" => "2017-08-14T10:10:55","version" => "1.637"},{"date" => "2017-08-16T09:02:40","version" => "1.637"},{"date" => "2017-12-28T14:40:44","version" => "1.639"},{"date" => "2018-01-28T20:50:53","version" => "1.640"},{"date" => "2018-03-19T18:06:08","version" => "1.641"},{"date" => "2018-10-28T15:08:54","version" => "1.641_90"},{"date" => "2018-10-29T10:43:41","version" => "1.642"},{"date" => "2020-01-26T20:48:52","version" => "1.642_90"},{"date" => "2020-01-31T19:02:41","version" => "1.643"},{"date" => "2024-08-20T11:29:56","version" => "1.643_01"},{"date" => "2024-08-22T07:09:52","version" => "1.643_02"},{"date" => "2024-08-23T17:54:09","version" => "1.644"},{"date" => "2024-09-03T09:25:33","version" => "1.645"},{"date" => "2025-01-11T12:59:58","version" => "1.646"},{"date" => "2025-01-20T08:14:47","version" => "1.647"}]},"DBIx-Class-EncodedColumn" => {"advisories" => [{"affected_versions" => ["<0.11"],"cves" => ["CVE-2025-27551"],"description" => "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.  This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm.  This issue affects DBIx::Class::EncodedColumn until 0.00032.","distribution" => "DBIx-Class-EncodedColumn","fixed_versions" => [">=0.11"],"id" => "CPANSA-DBIx-Class-EncodedColumn-2025-27551","references" => ["https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-03-26","severity" => undef},{"affected_versions" => ["<0.11"],"cves" => ["CVE-2025-27552"],"description" => "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.  This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.  This issue affects DBIx::Class::EncodedColumn until 0.00032.","distribution" => "DBIx-Class-EncodedColumn","fixed_versions" => [">=0.11"],"id" => "CPANSA-DBIx-Class-EncodedColumn-2025-27552","references" => ["https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-03-26","severity" => undef}],"main_module" => "DBIx::Class::EncodedColumn","versions" => [{"date" => "2008-01-29T23:47:22","version" => "0.00001_01"},{"date" => "2008-01-31T23:21:56","version" => "0.00001_02"},{"date" => "2008-02-01T00:17:42","version" => "0.00001_03"},{"date" => "2008-02-01T18:52:21","version" => "0.00001"},{"date" => "2008-07-28T22:45:39","version" => "0.00002"},{"date" => "2009-09-01T15:45:04","version" => "0.00003"},{"date" => "2009-09-03T18:11:37","version" => "0.00004"},{"date" => "2009-10-11T15:06:19","version" => "0.00005"},{"date" => "2010-01-16T00:39:59","version" => "0.00006"},{"date" => "2010-04-30T00:12:56","version" => "0.00007"},{"date" => "2010-04-30T17:51:03","version" => "0.00008"},{"date" => "2010-05-17T20:20:11","version" => "0.00009_1"},{"date" => "2010-05-18T14:56:30","version" => "0.00009"},{"date" => "2010-08-27T18:36:04","version" => "0.00010"},{"date" => "2011-04-11T20:21:16","version" => "0.00011"},{"date" => "2013-04-29T14:32:51","version" => "0.00012"},{"date" => "2014-02-27T13:50:24","version" => "0.00013"},{"date" => "2016-05-31T13:31:04","version" => "0.00014"},{"date" => "2016-06-01T14:04:39","version" => "0.00015"},{"date" => "2019-06-12T12:59:07","version" => "0.00016"},{"date" => "2019-09-03T21:54:20","version" => "0.00017"},{"date" => "2019-09-16T18:10:46","version" => "0.00018"},{"date" => "2019-09-19T18:13:13","version" => "0.00019"},{"date" => "2019-09-25T12:34:33","version" => "0.00020"},{"date" => "2025-03-25T14:30:45","version" => "0.00030"},{"date" => "2025-03-25T17:55:22","version" => "0.00031"},{"date" => "2025-03-25T18:05:54","version" => "0.00032"},{"date" => "2025-03-26T11:34:06","version" => "0.1.0"},{"date" => "2025-03-26T11:40:46","version" => "0.11"}]},"DBIx-Custom" => {"advisories" => [{"affected_versions" => ["<0.1641"],"cves" => [],"description" => "SQL injection when passing special column names.\n","distribution" => "DBIx-Custom","fixed_versions" => [">=0.1641"],"id" => "CPANSA-DBIx-Custom-2011-01","references" => ["https://metacpan.org/changes/distribution/DBIx-Custom","https://github.com/yuki-kimoto/DBIx-Custom/commit/5b00b9f9a966e7abecabd91710c8fa893784d919"],"reported" => "2011-01-27","severity" => "high"}],"main_module" => "DBIx::Custom","versions" => [{"date" => "2009-11-08T04:18:19","version" => "0.0101"},{"date" => "2009-11-09T10:46:44","version" => "0.0201"},{"date" => "2009-11-12T14:12:47","version" => "0.0301"},{"date" => "2009-11-15T11:43:40","version" => "0.0401"},{"date" => "2009-11-16T11:10:52","version" => "0.0501"},{"date" => "2009-11-17T12:37:33","version" => "0.0502"},{"date" => "2009-11-19T12:05:50","version" => "0.0601"},{"date" => "2009-11-19T13:37:39","version" => "0.0602"},{"date" => "2009-11-20T12:08:31","version" => "0.0603"},{"date" => "2009-11-23T13:39:53","version" => "0.0604"},{"date" => "2009-11-23T14:45:46","version" => "0.0605"},{"date" => "2009-11-25T13:57:52","version" => "0.0701"},{"date" => "2009-12-01T07:30:25","version" => "0.0702"},{"date" => "2009-12-02T13:59:36","version" => "0.0801"},{"date" => "2009-12-09T14:27:53","version" => "0.0901"},{"date" => "2009-12-22T13:40:07","version" => "0.0902"},{"date" => "2010-01-18T12:42:57","version" => "0.0903"},{"date" => "2010-01-21T14:29:12","version" => "0.0904"},{"date" => "2010-01-22T12:51:23","version" => "0.0905"},{"date" => "2010-01-24T09:49:30","version" => "0.0906"},{"date" => "2010-01-30T00:15:17","version" => "0.1001"},{"date" => "2010-01-30T03:51:04","version" => "0.1101"},{"date" => "2010-05-01T13:02:19","version" => "0.1301"},{"date" => "2010-05-01T23:29:22","version" => "0.1401"},{"date" => "2010-05-02T06:04:57","version" => "0.1402"},{"date" => "2010-05-26T15:13:04","version" => "0.1501"},{"date" => "2010-05-27T14:00:04","version" => "0.1502"},{"date" => "2010-05-28T13:28:16","version" => "0.1503"},{"date" => "2010-06-25T12:11:33","version" => "0.1602"},{"date" => "2010-07-14T13:55:33","version" => "0.1603"},{"date" => "2010-08-03T14:43:14","version" => "0.1604"},{"date" => "2010-08-05T15:17:49","version" => "0.1605"},{"date" => "2010-08-05T15:24:36","version" => "0.1606"},{"date" => "2010-08-06T14:57:35","version" => "0.1607"},{"date" => "2010-08-07T05:49:19","version" => "0.1608"},{"date" => "2010-08-08T04:45:12","version" => "0.1609"},{"date" => "2010-08-08T12:44:43","version" => "0.1610"},{"date" => "2010-08-09T12:08:31","version" => "0.1611"},{"date" => "2010-08-10T11:19:41","version" => "0.1612"},{"date" => "2010-08-10T12:35:17","version" => "0.1613"},{"date" => "2010-08-12T15:01:01","version" => "0.1614"},{"date" => "2010-08-15T04:00:44","version" => "0.1615"},{"date" => "2010-08-24T10:18:06","version" => "0.1616"},{"date" => "2010-09-07T12:12:04","version" => "0.1617"},{"date" => "2010-10-17T05:44:56","version" => "0.1618"},{"date" => "2010-10-20T15:01:35","version" => "0.1619"},{"date" => "2010-10-21T14:38:05","version" => "0.1620"},{"date" => "2010-11-10T06:54:46","version" => "0.1621"},{"date" => "2010-12-20T14:58:38","version" => "0.1622"},{"date" => "2010-12-21T16:10:25","version" => "0.1623"},{"date" => "2010-12-22T08:41:09","version" => "0.1624"},{"date" => "2011-01-01T16:08:48","version" => "0.1625"},{"date" => "2011-01-02T04:21:11","version" => "0.1626"},{"date" => "2011-01-04T15:18:21","version" => "0.1627"},{"date" => "2011-01-12T07:29:29","version" => "0.1628"},{"date" => "2011-01-12T15:35:11","version" => "0.1629"},{"date" => "2011-01-13T15:41:25","version" => "0.1630"},{"date" => "2011-01-17T15:53:44","version" => "0.1631"},{"date" => "2011-01-18T14:43:16","version" => "0.1632"},{"date" => "2011-01-18T15:22:37","version" => "0.1633"},{"date" => "2011-01-19T14:52:48","version" => "0.1634"},{"date" => "2011-01-21T14:04:02","version" => "0.1635"},{"date" => "2011-01-22T13:02:55","version" => "0.1636"},{"date" => "2011-01-24T12:58:40","version" => "0.1637"},{"date" => "2011-01-25T12:32:26","version" => "0.1638"},{"date" => "2011-01-26T09:23:22","version" => "0.1639"},{"date" => "2011-01-26T13:59:10","version" => "0.1640"},{"date" => "2011-01-27T05:19:14","version" => "0.1641"},{"date" => "2011-01-28T12:18:42","version" => "0.1642"},{"date" => "2011-02-09T08:54:11","version" => "0.1643"},{"date" => "2011-02-11T14:07:25","version" => "0.1644"},{"date" => "2011-02-14T15:24:30","version" => "0.1645"},{"date" => "2011-02-18T17:48:52","version" => "0.1646"},{"date" => "2011-02-19T00:30:41","version" => "0.1647"},{"date" => "2011-02-21T16:13:29","version" => "0.1648"},{"date" => "2011-02-22T14:53:08","version" => "0.1649"},{"date" => "2011-02-24T05:45:44","version" => "0.1650"},{"date" => "2011-02-24T14:35:20","version" => "0.1651"},{"date" => "2011-02-25T14:39:56","version" => "0.1652"},{"date" => "2011-02-28T13:18:03","version" => "0.1653"},{"date" => "2011-03-06T14:32:11","version" => "0.1654"},{"date" => "2011-03-08T14:59:08","version" => "0.1655"},{"date" => "2011-03-09T13:44:35","version" => "0.1656"},{"date" => "2011-03-10T15:44:50","version" => "0.1657"},{"date" => "2011-03-11T16:23:11","version" => "0.1658"},{"date" => "2011-03-12T08:20:07","version" => "0.1659"},{"date" => "2011-03-14T11:16:27","version" => "0.1660"},{"date" => "2011-03-15T16:32:52","version" => "0.1661"},{"date" => "2011-03-19T14:40:50","version" => "0.1662"},{"date" => "2011-03-21T03:53:25","version" => "0.1663"},{"date" => "2011-03-24T14:45:52","version" => "0.1664"},{"date" => "2011-03-25T14:25:43","version" => "0.1665"},{"date" => "2011-03-29T17:26:27","version" => "0.1666"},{"date" => "2011-03-30T08:03:39","version" => "0.1667"},{"date" => "2011-03-30T15:04:03","version" => "0.1668"},{"date" => "2011-03-30T15:25:45","version" => "0.1669"},{"date" => "2011-04-01T15:29:33","version" => "0.1670"},{"date" => "2011-04-02T16:31:44","version" => "0.1671"},{"date" => "2011-04-04T13:37:34","version" => "0.1672"},{"date" => "2011-04-05T11:45:54","version" => "0.1673"},{"date" => "2011-04-05T11:59:11","version" => "0.1674"},{"date" => "2011-04-11T13:47:34","version" => "0.1675"},{"date" => "2011-04-11T14:55:38","version" => "0.1676"},{"date" => "2011-04-12T15:17:24","version" => "0.1677"},{"date" => "2011-04-18T13:36:31","version" => "0.1678"},{"date" => "2011-04-19T11:07:27","version" => "0.1679"},{"date" => "2011-04-25T14:05:23","version" => "0.1680"},{"date" => "2011-04-26T14:07:02","version" => "0.1681"},{"date" => "2011-05-23T14:40:41","version" => "0.1682"},{"date" => "2011-06-06T11:52:44","version" => "0.1683"},{"date" => "2011-06-07T13:07:20","version" => "0.1684"},{"date" => "2011-06-08T10:32:35","version" => "0.1685"},{"date" => "2011-06-08T12:24:07","version" => "0.1686"},{"date" => "2011-06-09T13:59:44","version" => "0.1687"},{"date" => "2011-06-10T13:26:20","version" => "0.1688"},{"date" => "2011-06-12T03:22:26","version" => "0.1689"},{"date" => "2011-06-12T12:01:43","version" => "0.1690"},{"date" => "2011-06-13T13:31:21","version" => "0.1691"},{"date" => "2011-06-14T13:27:31","version" => "0.1692"},{"date" => "2011-06-15T08:51:43","version" => "0.1693"},{"date" => "2011-06-17T14:38:23","version" => "0.1694"},{"date" => "2011-06-20T13:08:47","version" => "0.1695"},{"date" => "2011-06-21T13:12:38","version" => "0.1696"},{"date" => "2011-06-24T13:42:00","version" => "0.1697"},{"date" => "2011-06-27T13:23:13","version" => "0.1698"},{"date" => "2011-06-28T14:39:21","version" => "0.1699"},{"date" => "2011-07-01T11:04:37","version" => "0.1700"},{"date" => "2011-07-11T13:19:20","version" => "0.1701"},{"date" => "2011-07-26T14:09:43","version" => "0.1702"},{"date" => "2011-07-28T04:59:20","version" => "0.1703"},{"date" => "2011-07-29T13:45:24","version" => "0.1704"},{"date" => "2011-07-29T14:35:38","version" => "0.1705"},{"date" => "2011-07-30T04:25:21","version" => "0.1706"},{"date" => "2011-07-30T05:16:05","version" => "0.1707"},{"date" => "2011-07-30T14:32:34","version" => "0.1708"},{"date" => "2011-08-01T12:48:52","version" => "0.1709"},{"date" => "2011-08-02T13:30:15","version" => "0.1710"},{"date" => "2011-08-09T14:11:24","version" => "0.1711"},{"date" => "2011-08-10T16:16:52","version" => "0.1712"},{"date" => "2011-08-12T13:45:58","version" => "0.1713"},{"date" => "2011-08-13T13:38:02","version" => "0.1714"},{"date" => "2011-08-14T03:47:28","version" => "0.1715"},{"date" => "2011-08-15T14:00:28","version" => "0.1716"},{"date" => "2011-08-16T04:03:16","version" => "0.1717"},{"date" => "2011-08-20T09:40:46","version" => "0.1718"},{"date" => "2011-08-22T13:43:21","version" => "0.1720"},{"date" => "2011-08-26T14:11:53","version" => "0.1721"},{"date" => "2011-09-02T15:12:10","version" => "0.1722"},{"date" => "2011-09-12T12:24:14","version" => "0.1723"},{"date" => "2011-09-16T15:15:54","version" => "0.1724"},{"date" => "2011-09-27T11:48:33","version" => "0.1725"},{"date" => "2011-09-30T11:21:45","version" => "0.1726"},{"date" => "2011-10-03T10:43:32","version" => "0.1727"},{"date" => "2011-10-05T04:10:35","version" => "0.1728"},{"date" => "2011-10-05T08:12:55","version" => "0.1729"},{"date" => "2011-10-10T11:35:23","version" => "0.1730"},{"date" => "2011-10-11T14:30:46","version" => "0.1731"},{"date" => "2011-10-20T11:56:08","version" => "0.1732"},{"date" => "2011-10-21T22:47:50","version" => "0.1733"},{"date" => "2011-10-22T22:02:37","version" => "0.1734"},{"date" => "2011-10-23T00:11:48","version" => "0.1735"},{"date" => "2011-10-23T13:08:15","version" => "0.1736"},{"date" => "2011-10-24T14:07:44","version" => "0.1737"},{"date" => "2011-10-25T14:31:15","version" => "0.1738"},{"date" => "2011-10-26T01:14:58","version" => "0.1739"},{"date" => "2011-10-27T12:59:00","version" => "0.1740"},{"date" => "2011-10-28T11:49:57","version" => "0.1741"},{"date" => "2011-10-31T15:37:07","version" => "0.1742"},{"date" => "2011-11-01T12:02:38","version" => "0.1743"},{"date" => "2011-11-03T13:38:04","version" => "0.1744"},{"date" => "2011-11-04T14:16:11","version" => "0.1745"},{"date" => "2011-11-07T12:19:53","version" => "0.1746"},{"date" => "2011-11-11T11:59:27","version" => "0.1747"},{"date" => "2011-11-16T00:36:45","version" => "0.20_01"},{"date" => "2011-11-16T08:50:11","version" => "0.2100"},{"date" => "2011-11-21T11:05:36","version" => "0.2101"},{"date" => "2011-11-25T14:34:26","version" => "0.2102"},{"date" => "2011-11-28T10:38:56","version" => "0.2103"},{"date" => "2011-11-29T13:48:49","version" => "0.2104"},{"date" => "2012-01-14T13:39:10","version" => "0.2105"},{"date" => "2012-01-20T15:16:34","version" => "0.2106"},{"date" => "2012-01-25T08:56:44","version" => "0.2107"},{"date" => "2012-01-29T14:30:53","version" => "0.2108"},{"date" => "2012-02-07T13:31:49","version" => "0.2109"},{"date" => "2012-02-10T14:51:17","version" => "0.2110"},{"date" => "2012-02-11T14:45:41","version" => "0.2111"},{"date" => "2012-02-28T14:33:03","version" => "0.22"},{"date" => "2012-03-01T00:07:11","version" => "0.23"},{"date" => "2012-03-02T14:57:03","version" => "0.24"},{"date" => "2012-03-19T11:58:43","version" => "0.25"},{"date" => "2012-07-11T08:20:53","version" => "0.26"},{"date" => "2012-09-17T13:15:26","version" => "0.27"},{"date" => "2013-03-04T11:25:17","version" => "0.28"},{"date" => "2014-02-03T09:21:29","version" => "0.29"},{"date" => "2014-02-04T00:17:32","version" => "0.30"},{"date" => "2015-01-13T01:36:24","version" => "0.31"},{"date" => "2015-01-13T05:24:10","version" => "0.32"},{"date" => "2015-01-13T07:52:20","version" => "0.33"},{"date" => "2015-01-15T02:04:26","version" => "0.34"},{"date" => "2015-05-23T05:44:25","version" => "0.35"},{"date" => "2015-05-25T02:52:16","version" => "0.36"},{"date" => "2016-05-21T07:00:46","version" => "0.37"},{"date" => "2017-03-16T07:48:58","version" => "0.38"},{"date" => "2017-03-29T02:29:03","version" => "0.39"},{"date" => "2017-03-30T01:41:11","version" => "0.40"},{"date" => "2017-11-06T15:17:26","version" => "0.41"},{"date" => "2019-10-15T04:14:26","version" => "0.41_99"},{"date" => "2019-10-19T08:52:17","version" => "0.42"},{"date" => "2020-04-01T05:39:43","version" => "0.43"},{"date" => "2020-08-03T00:46:29","version" => "0.44"},{"date" => "2021-12-16T00:31:02","version" => "0.45"}]},"Dancer" => {"advisories" => [{"affected_versions" => ["<1.3114"],"cves" => ["CVE-2012-5572"],"description" => "CRLF injection vulnerability in the cookie method allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name.\n","distribution" => "Dancer","fixed_versions" => [">=1.3114"],"id" => "CPANSA-Dancer-2014-01","references" => ["https://metacpan.org/changes/distribution/Dancer","https://github.com/PerlDancer/Dancer/commit/46ef9124f3149f697455061499ac7cee40930349"],"reported" => "2014-05-30"},{"affected_versions" => ["<1.3051"],"cves" => ["CVE-2011-1589"],"description" => "Directory traversal vulnerability (Mojolicious report, but Dancer was vulnerable as well).\n","distribution" => "Dancer","fixed_versions" => [">=1.3051"],"id" => "CPANSA-Dancer-2011-01","references" => ["https://metacpan.org/changes/distribution/Dancer","https://github.com/PerlDancer/Dancer/commit/91d0bf6a36705b0971b18f7d38fa2f3df8c7b994"],"reported" => "2011-04-05"}],"main_module" => "Dancer","versions" => [{"date" => "2009-07-27T13:18:07","version" => "20090727.1315"},{"date" => "2009-07-27T14:14:13","version" => "0_0.99"},{"date" => "2009-08-01T13:48:20","version" => "0.9901"},{"date" => "2009-08-04T10:01:54","version" => "0.9902"},{"date" => "2009-08-07T12:29:03","version" => "0.9003"},{"date" => "2009-09-19T15:30:19","version" => "0.9904"},{"date" => "2009-09-23T21:33:51","version" => "0.9905"},{"date" => "2009-11-20T11:14:20","version" => "1.000"},{"date" => "2010-01-06T13:53:28","version" => "1.100"},{"date" => "2010-01-11T09:46:45","version" => "1.110"},{"date" => "2010-01-15T16:03:35","version" => "1.120"},{"date" => "2010-01-15T17:53:08","version" => "1.121"},{"date" => "2010-01-20T07:48:38","version" => "1.122"},{"date" => "2010-01-29T17:29:24","version" => "1.130"},{"date" => "2010-02-09T07:55:18","version" => "1.140"},{"date" => "2010-02-17T15:09:48","version" => "1.150"},{"date" => "2010-03-07T17:50:01","version" => "1.160"},{"date" => "2010-03-24T11:19:00","version" => "1.170"},{"date" => "2010-03-24T13:44:04","version" => "1.171"},{"date" => "2010-03-28T15:09:59","version" => "1.172"},{"date" => "2010-04-01T14:13:30","version" => "1.173"},{"date" => "2010-04-04T11:03:53","version" => "1.173_01"},{"date" => "2010-04-08T13:49:39","version" => "1.174"},{"date" => "2010-04-11T10:49:39","version" => "1.175"},{"date" => "2010-04-19T08:43:22","version" => "1.175_01"},{"date" => "2010-04-22T20:29:56","version" => "1.176"},{"date" => "2010-05-05T12:21:26","version" => "1.178_01"},{"date" => "2010-05-16T10:28:47","version" => "1.1800"},{"date" => "2010-05-19T14:17:57","version" => "1.1801"},{"date" => "2010-05-19T17:32:52","version" => "1.1802"},{"date" => "2010-05-23T20:45:17","version" => "1.1803"},{"date" => "2010-06-18T11:59:20","version" => "1.1804"},{"date" => "2010-06-22T06:41:58","version" => "1.1805"},{"date" => "2010-07-07T06:15:55","version" => "1.1806_01"},{"date" => "2010-08-14T16:37:45","version" => "1.1806_02"},{"date" => "2010-08-23T17:47:12","version" => "1.1807"},{"date" => "2010-08-24T06:23:38","version" => "1.1808"},{"date" => "2010-08-25T05:41:15","version" => "1.1809"},{"date" => "2010-09-01T06:19:20","version" => "1.1810"},{"date" => "2010-09-03T09:23:14","version" => "1.1811"},{"date" => "2010-09-21T12:19:35","version" => "1.1812"},{"date" => "2010-09-24T14:25:44","version" => "1.1901"},{"date" => "2010-10-14T09:25:03","version" => "1.1999_01"},{"date" => "2010-10-28T15:41:17","version" => "1.1999_02"},{"date" => "2010-11-02T14:14:32","version" => "1.1902"},{"date" => "2010-11-02T14:25:04","version" => "1.1902"},{"date" => "2010-11-03T17:07:29","version" => "1.1903"},{"date" => "2010-11-04T11:16:17","version" => "1.1904"},{"date" => "2010-11-11T07:43:21","version" => "1.1999_03"},{"date" => "2010-11-14T08:08:56","version" => "1.1999_04"},{"date" => "2010-11-18T15:54:33","version" => "1.200"},{"date" => "2010-11-18T16:52:47","version" => "1.2000"},{"date" => "2010-11-29T22:05:38","version" => "1.2000_01"},{"date" => "2010-11-30T10:00:23","version" => "1.2000_02"},{"date" => "2010-11-30T19:59:09","version" => "1.2001"},{"date" => "2010-12-02T12:18:12","version" => "1.2001_01"},{"date" => "2010-12-03T20:28:56","version" => "1.2002"},{"date" => "2010-12-07T18:05:50","version" => "1.2002_01"},{"date" => "2010-12-08T21:38:17","version" => "1.2002_02"},{"date" => "2010-12-10T18:28:16","version" => "1.2003"},{"date" => "2010-12-22T17:57:55","version" => "1.3000_01"},{"date" => "2011-01-03T15:17:14","version" => "1.3000_02"},{"date" => "2011-01-27T10:00:22","version" => "1.2004"},{"date" => "2011-01-27T10:09:31","version" => "1.3001"},{"date" => "2011-02-02T15:42:28","version" => "1.3002"},{"date" => "2011-02-05T17:07:15","version" => "1.2005"},{"date" => "2011-02-06T13:12:28","version" => "1.3003"},{"date" => "2011-02-10T20:48:48","version" => "1.3010"},{"date" => "2011-02-12T12:50:18","version" => "1.3010_01"},{"date" => "2011-02-14T15:58:10","version" => "1.3011"},{"date" => "2011-03-01T19:00:52","version" => "1.3012"},{"date" => "2011-03-03T08:41:00","version" => "1.3013"},{"date" => "2011-03-04T12:56:36","version" => "1.3014"},{"date" => "2011-03-10T14:16:24","version" => "1.3014_01"},{"date" => "2011-03-13T13:17:43","version" => "1.3019_01"},{"date" => "2011-03-14T07:44:57","version" => "1.3019_02"},{"date" => "2011-03-21T13:44:17","version" => "1.3020"},{"date" => "2011-04-01T15:22:58","version" => "1.3029_01"},{"date" => "2011-04-08T20:07:26","version" => "1.3029_02"},{"date" => "2011-04-10T08:18:44","version" => "1.3029_03"},{"date" => "2011-04-13T08:26:50","version" => "1.3030"},{"date" => "2011-04-27T14:58:57","version" => "1.3039_01"},{"date" => "2011-05-01T14:55:49","version" => "1.3040"},{"date" => "2011-05-14T15:03:00","version" => "1.3049_01"},{"date" => "2011-05-20T10:57:10","version" => "1.3050"},{"date" => "2011-05-27T12:57:27","version" => "1.3051"},{"date" => "2011-05-27T13:07:51","version" => "1.3059_01"},{"date" => "2011-05-29T14:06:24","version" => "1.3059_02"},{"date" => "2011-06-11T14:02:50","version" => "1.3059_03"},{"date" => "2011-06-12T17:31:55","version" => "1.3059_04"},{"date" => "2011-06-15T10:35:07","version" => "1.3060"},{"date" => "2011-07-07T13:19:45","version" => "1.3069_01"},{"date" => "2011-07-10T16:14:53","version" => "1.3069_02"},{"date" => "2011-07-14T13:47:19","version" => "1.3070"},{"date" => "2011-07-26T16:21:51","version" => "1.3071"},{"date" => "2011-08-17T15:27:53","version" => "1.3079_01"},{"date" => "2011-08-23T09:55:46","version" => "1.3072"},{"date" => "2011-08-28T14:13:40","version" => "1.3079_02"},{"date" => "2011-09-10T15:10:29","version" => "1.3079_03"},{"date" => "2011-10-02T16:07:02","version" => "1.3079_04"},{"date" => "2011-10-18T14:43:22","version" => "1.3079_05"},{"date" => "2011-10-25T21:16:42","version" => "1.3080"},{"date" => "2011-11-27T06:51:43","version" => "1.3089_01"},{"date" => "2011-12-13T14:41:24","version" => "1.3090"},{"date" => "2011-12-17T11:09:48","version" => "1.3091"},{"date" => "2012-01-27T14:38:05","version" => "1.3092"},{"date" => "2012-02-29T14:34:55","version" => "1.3093"},{"date" => "2012-03-31T09:57:40","version" => "1.3094"},{"date" => "2012-04-01T19:22:56","version" => "1.3095"},{"date" => "2012-06-22T20:18:54","version" => "1.3095_01"},{"date" => "2012-07-03T07:27:28","version" => "1.3095_02"},{"date" => "2012-07-05T23:09:20","version" => "1.3096"},{"date" => "2012-07-08T18:36:14","version" => "1.3097"},{"date" => "2012-07-28T14:40:15","version" => "1.3098"},{"date" => "2012-08-11T13:54:49","version" => "1.3099"},{"date" => "2012-08-25T19:42:47","version" => "1.3100"},{"date" => "2012-10-06T13:24:53","version" => "1.3110"},{"date" => "2012-12-24T13:17:58","version" => "1.9999_01"},{"date" => "2012-12-24T13:48:35","version" => "1.9999_02"},{"date" => "2013-01-22T21:38:11","version" => "2.0000_01"},{"date" => "2013-02-22T15:33:14","version" => "2.000001"},{"date" => "2013-02-24T22:51:59","version" => "1.3111"},{"date" => "2013-03-30T16:33:05","version" => "1.3111_01"},{"date" => "2013-04-01T22:31:08","version" => "1.3111_02"},{"date" => "2013-04-11T01:04:37","version" => "1.3112"},{"date" => "2013-05-09T00:36:16","version" => "1.3113"},{"date" => "2013-06-02T16:49:58","version" => "1.3114"},{"date" => "2013-06-09T23:54:16","version" => "1.3115"},{"date" => "2013-07-04T01:35:27","version" => "1.3116"},{"date" => "2013-07-31T22:40:52","version" => "1.3117"},{"date" => "2013-09-01T16:45:13","version" => "1.3118"},{"date" => "2013-10-26T19:42:59","version" => "1.3119"},{"date" => "2013-12-24T16:23:20","version" => "1.3120"},{"date" => "2014-02-02T22:26:53","version" => "1.3121"},{"date" => "2014-04-10T23:16:40","version" => "1.3122"},{"date" => "2014-04-12T15:47:53","version" => "1.3123"},{"date" => "2014-05-10T16:15:17","version" => "1.3124"},{"date" => "2014-07-12T17:19:08","version" => "1.3125"},{"date" => "2014-07-15T02:01:21","version" => "1.3126"},{"date" => "2014-09-09T00:49:19","version" => "1.3127"},{"date" => "2014-09-09T11:47:21","version" => "1.3128"},{"date" => "2014-09-10T00:50:37","version" => "1.3129"},{"date" => "2014-09-16T01:21:25","version" => "1.3130"},{"date" => "2014-10-11T18:59:22","version" => "1.3131_0"},{"date" => "2014-10-13T23:25:36","version" => "1.3131_1"},{"date" => "2014-10-20T23:14:23","version" => "1.3132"},{"date" => "2014-11-26T22:20:35","version" => "1.3133"},{"date" => "2015-02-23T01:33:08","version" => "1.3134"},{"date" => "2015-04-23T01:54:25","version" => "1.3135"},{"date" => "2015-05-24T15:48:19","version" => "1.3136"},{"date" => "2015-06-05T20:05:21","version" => "1.3137"},{"date" => "2015-06-12T20:55:50","version" => "1.3138"},{"date" => "2015-06-25T20:13:45","version" => "1.3139"},{"date" => "2015-07-03T13:56:32","version" => "1.3140"},{"date" => "2015-09-07T15:15:26","version" => "1.3141"},{"date" => "2015-09-15T00:52:23","version" => "1.3142"},{"date" => "2015-10-26T21:15:31","version" => "1.3143"},{"date" => "2015-11-04T12:36:07","version" => "1.3144"},{"date" => "2015-11-06T22:12:42","version" => "1.3200"},{"date" => "2015-11-07T19:27:25","version" => "1.3201"},{"date" => "2015-11-07T21:52:17","version" => "1.3202"},{"date" => "2016-02-15T21:33:45","version" => "1.3300"},{"date" => "2016-02-16T22:42:44","version" => "1.3301"},{"date" => "2018-05-20T19:52:07","version" => "1.3203"},{"date" => "2018-05-23T13:43:34","version" => "1.3204"},{"date" => "2018-06-13T22:02:36","version" => "1.3205"},{"date" => "2018-06-15T22:11:45","version" => "1.3400"},{"date" => "2018-10-01T11:53:31","version" => "1.3401"},{"date" => "2018-10-10T10:44:29","version" => "1.3402"},{"date" => "2018-10-11T22:45:37","version" => "1.3403"},{"date" => "2018-10-12T20:33:54","version" => "1.3500"},{"date" => "2019-03-14T19:27:25","version" => "1.3501"},{"date" => "2019-03-19T14:49:14","version" => "1.3510"},{"date" => "2019-03-29T11:18:31","version" => "1.3511"},{"date" => "2019-03-31T19:16:29","version" => "1.3512"},{"date" => "2020-01-29T21:03:12","version" => "1.3513"},{"date" => "2020-06-29T16:44:22","version" => "1.3514"},{"date" => "2020-10-02T20:51:17","version" => "1.3514_02"},{"date" => "2020-10-06T21:24:49","version" => "1.3514_03"},{"date" => "2022-06-29T22:00:04","version" => "1.3514_04"},{"date" => "2023-01-02T10:57:26","version" => "1.3520"},{"date" => "2023-02-05T23:40:49","version" => "1.3521"},{"date" => "2023-02-08T20:58:09","version" => "1.3521"},{"date" => "2026-01-26T22:30:00","version" => "1.3522"}]},"Dancer2" => {"advisories" => [{"affected_versions" => ["<0.206000"],"cves" => [],"description" => "There is a potential RCE with regards to Storable. We have added session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE.\n","distribution" => "Dancer2","fixed_versions" => [">=0.206000"],"id" => "CPANSA-Dancer2-2018-01","references" => ["https://metacpan.org/changes/distribution/Dancer2","http://lists.preshweb.co.uk/pipermail/dancer-users/2018-April/005952.html","https://github.com/PerlDancer/Dancer2/commit/3580f5d0874a9abf5483528f73bda9a7fd9ec7f1"],"reported" => "2018-01-30","severity" => "critical"}],"main_module" => "Dancer2","versions" => [{"date" => "2013-02-22T15:39:46","version" => "0.01"},{"date" => "2013-02-24T11:04:25","version" => "0.02"},{"date" => "2013-03-07T17:30:37","version" => "0.03"},{"date" => "2013-04-22T19:58:02","version" => "0.04"},{"date" => "2013-07-20T16:53:37","version" => "0.05"},{"date" => "2013-07-30T14:29:42","version" => "0.06"},{"date" => "2013-08-03T22:17:54","version" => "0.07"},{"date" => "2013-08-18T12:24:31","version" => "0.08"},{"date" => "2013-09-01T21:19:26","version" => "0.09"},{"date" => "2013-09-28T13:29:35","version" => "0.10"},{"date" => "2013-12-15T13:21:28","version" => "0.11"},{"date" => "2014-04-07T21:05:16","version" => "0.12"},{"date" => "2014-04-13T17:20:22","version" => "0.13"},{"date" => "2014-04-28T21:16:57","version" => "0.140000"},{"date" => "2014-05-01T08:50:43","version" => "0.140001"},{"date" => "2014-06-07T20:35:57","version" => "0.140900_01"},{"date" => "2014-06-08T20:29:28","version" => "0.141000"},{"date" => "2014-06-24T19:18:07","version" => "0.142000"},{"date" => "2014-07-05T19:43:17","version" => "0.143000"},{"date" => "2014-07-23T19:34:51","version" => "0.149000_01"},{"date" => "2014-08-10T11:53:37","version" => "0.149000_02"},{"date" => "2014-08-16T23:38:39","version" => "0.150000"},{"date" => "2014-10-08T19:51:49","version" => "0.151000"},{"date" => "2014-10-14T02:33:06","version" => "0.152000"},{"date" => "2014-10-23T21:48:36","version" => "0.153000"},{"date" => "2014-10-29T21:41:13","version" => "0.153001"},{"date" => "2014-10-30T08:29:15","version" => "0.153002"},{"date" => "2014-11-17T14:41:14","version" => "0.154000"},{"date" => "2014-11-28T00:21:55","version" => "0.155000"},{"date" => "2014-11-28T16:44:27","version" => "0.155001"},{"date" => "2014-12-02T22:02:03","version" => "0.155002"},{"date" => "2014-12-03T21:35:35","version" => "0.155003"},{"date" => "2014-12-04T10:57:08","version" => "0.155004"},{"date" => "2014-12-07T17:07:21","version" => "0.156000"},{"date" => "2014-12-08T22:08:30","version" => "0.156001"},{"date" => "2014-12-14T17:25:53","version" => "0.157000"},{"date" => "2014-12-21T19:42:24","version" => "0.157001"},{"date" => "2015-01-01T17:11:48","version" => "0.158000"},{"date" => "2015-02-24T03:54:24","version" => "0.159000"},{"date" => "2015-02-25T14:33:59","version" => "0.159001"},{"date" => "2015-03-03T18:25:28","version" => "0.159002"},{"date" => "2015-03-23T14:00:19","version" => "0.159003"},{"date" => "2015-04-26T22:15:22","version" => "0.160000"},{"date" => "2015-05-14T18:46:02","version" => "0.160001"},{"date" => "2015-06-04T11:07:02","version" => "0.160002"},{"date" => "2015-06-06T09:11:43","version" => "0.160003"},{"date" => "2015-07-08T13:04:02","version" => "0.161000"},{"date" => "2015-08-28T13:32:02","version" => "0.161000_01"},{"date" => "2015-09-06T11:13:10","version" => "0.162000"},{"date" => "2015-10-13T15:08:16","version" => "0.162000_01"},{"date" => "2015-10-15T11:00:10","version" => "0.163000"},{"date" => "2015-12-16T22:44:32","version" => "0.164000"},{"date" => "2015-12-17T08:23:24","version" => "0.165000"},{"date" => "2016-01-12T18:04:57","version" => "0.166000"},{"date" => "2016-01-22T06:57:11","version" => "0.166001"},{"date" => "2016-04-19T19:52:27","version" => "0.166001_01"},{"date" => "2016-04-29T14:45:41","version" => "0.166001_02"},{"date" => "2016-05-27T11:25:55","version" => "0.166001_03"},{"date" => "2016-05-27T12:57:04","version" => "0.166001_04"},{"date" => "2016-05-31T13:29:37","version" => "0.200000"},{"date" => "2016-06-16T14:00:23","version" => "0.200001"},{"date" => "2016-06-22T14:41:29","version" => "0.200002"},{"date" => "2016-07-05T19:36:46","version" => "0.200003"},{"date" => "2016-07-11T15:21:33","version" => "0.200003"},{"date" => "2016-07-22T04:41:26","version" => "0.200004"},{"date" => "2016-07-22T13:28:45","version" => "0.201000"},{"date" => "2016-08-13T18:53:07","version" => "0.202000"},{"date" => "2016-08-25T03:12:19","version" => "0.203000"},{"date" => "2016-09-04T02:01:29","version" => "0.203001"},{"date" => "2016-10-11T01:59:49","version" => "0.204000"},{"date" => "2016-10-17T13:32:25","version" => "0.204001"},{"date" => "2016-12-21T21:47:24","version" => "0.204002"},{"date" => "2017-01-25T21:23:22","version" => "0.204003"},{"date" => "2017-01-26T17:31:30","version" => "0.204004"},{"date" => "2017-03-10T21:40:43","version" => "0.205000"},{"date" => "2017-07-11T13:04:56","version" => "0.205001"},{"date" => "2017-10-17T21:10:03","version" => "0.205002"},{"date" => "2018-04-09T00:54:25","version" => "0.206000_01"},{"date" => "2018-04-10T01:50:18","version" => "0.206000_02"},{"date" => "2018-04-20T02:12:22","version" => "0.206000"},{"date" => "2018-11-14T22:26:15","version" => "0.207000"},{"date" => "2019-06-19T14:23:06","version" => "0.208000"},{"date" => "2019-08-05T01:12:14","version" => "0.208001"},{"date" => "2019-12-14T21:13:32","version" => "0.208002"},{"date" => "2019-12-24T05:57:09","version" => "0.300000"},{"date" => "2020-04-06T16:18:33","version" => "0.300001"},{"date" => "2020-04-07T15:49:22","version" => "0.300002"},{"date" => "2020-04-09T14:42:55","version" => "0.300003"},{"date" => "2020-05-27T00:54:55","version" => "0.300004"},{"date" => "2021-01-26T20:59:33","version" => "0.300005"},{"date" => "2021-03-15T23:12:49","version" => "0.301000"},{"date" => "2021-03-17T12:56:09","version" => "0.301001"},{"date" => "2021-04-18T19:33:05","version" => "0.301002"},{"date" => "2021-06-03T13:29:26","version" => "0.301003"},{"date" => "2021-06-06T17:32:08","version" => "0.301004"},{"date" => "2022-03-14T02:18:12","version" => "0.400000"},{"date" => "2023-02-05T23:42:54","version" => "0.400001"},{"date" => "2023-10-09T14:11:25","version" => "1.0.0"},{"date" => "2023-12-12T01:29:05","version" => "1.1.0"},{"date" => "2024-07-18T23:49:14","version" => "1.1.1"},{"date" => "2024-11-25T13:36:09","version" => "1.1.2"},{"date" => "2025-09-15T21:50:07","version" => "2.0.0"},{"date" => "2025-10-22T22:14:58","version" => "2.0.1"},{"date" => "2026-03-12T01:31:28","version" => "2.1.0"}]},"Data-Dumper" => {"advisories" => [{"affected_versions" => ["<2.154"],"cves" => ["CVE-2014-4330"],"description" => "Infinite recursion.\n","distribution" => "Data-Dumper","fixed_versions" => [">=2.154"],"id" => "CPANSA-Data-Dumper-2014-01","references" => ["https://metacpan.org/changes/distribution/Data-Dumper"],"reported" => "2014-09-30"}],"main_module" => "Data::Dumper","versions" => [{"date" => "1995-11-19T22:29:08","version" => "1.21"},{"date" => "1995-11-23T05:45:27","version" => "1.22"},{"date" => "1995-12-04T03:12:16","version" => "1.23"},{"date" => "1996-04-09T15:54:26","version" => "2.00"},{"date" => "1996-04-10T04:25:17","version" => "2.01"},{"date" => "1996-04-13T07:14:35","version" => "2.02"},{"date" => "1996-08-26T14:36:59","version" => "2.03"},{"date" => "1996-08-28T20:11:49","version" => "2.04"},{"date" => "1996-12-02T13:42:49","version" => "2.05"},{"date" => "1996-12-02T23:07:56","version" => "2.06"},{"date" => "1996-12-07T17:28:27","version" => "2.07"},{"date" => "1997-12-07T21:27:09","version" => "2.08"},{"date" => "1998-01-15T20:36:46","version" => "2.081"},{"date" => "1998-03-06T21:08:49","version" => "2.081"},{"date" => "1998-07-17T05:23:08","version" => "2.09"},{"date" => "1998-07-21T12:08:19","version" => "2.09"},{"date" => "1998-10-31T12:10:30","version" => "2.10"},{"date" => "1999-05-01T02:01:03","version" => "2.101"},{"date" => "1999-06-02T01:30:55","version" => "2.101"},{"date" => "2003-07-20T16:59:48","version" => "2.12_01"},{"date" => "2003-07-31T19:12:44","version" => "2.12_02"},{"date" => "2003-08-25T11:49:41","version" => "2.121"},{"date" => "2009-06-06T14:45:36","version" => "2.121_20"},{"date" => "2009-06-09T15:49:12","version" => "2.122"},{"date" => "2009-06-11T08:07:01","version" => "2.123"},{"date" => "2009-06-13T15:22:32","version" => "2.124"},{"date" => "2009-08-08T10:33:01","version" => "2.125"},{"date" => "2010-04-15T19:55:01","version" => "2.126"},{"date" => "2010-09-06T14:28:10","version" => "2.126_01"},{"date" => "2010-09-10T07:08:41","version" => "2.127"},{"date" => "2010-09-10T07:11:52","version" => "2.128"},{"date" => "2011-05-20T15:53:12","version" => "2.130_03"},{"date" => "2011-05-27T14:19:03","version" => "2.131"},{"date" => "2011-12-19T08:23:05","version" => "2.135_01"},{"date" => "2011-12-29T17:09:49","version" => "2.135_02"},{"date" => "2012-08-07T06:59:51","version" => "2.135_07"},{"date" => "2012-10-04T07:35:07","version" => "2.136"},{"date" => "2012-12-12T06:30:48","version" => "2.139"},{"date" => "2013-02-26T06:57:29","version" => "2.143"},{"date" => "2013-03-15T09:46:49","version" => "2.145"},{"date" => "2014-03-07T09:28:44","version" => "2.151"},{"date" => "2014-09-18T15:47:37","version" => "2.154"},{"date" => "2016-07-03T19:17:57","version" => "2.160"},{"date" => "2016-07-11T20:13:06","version" => "2.161"},{"date" => "2017-07-31T15:31:28","version" => "2.167_01"},{"date" => "2017-08-04T08:05:22","version" => "2.167_02"},{"date" => "2018-09-19T14:41:58","version" => "2.172"},{"date" => "2018-11-10T10:10:30","version" => "2.173"},{"date" => "2021-05-14T12:47:34","version" => "2.179_50"},{"date" => "2021-05-17T05:53:02","version" => "2.180"},{"date" => "2021-05-22T09:51:29","version" => "2.180_50"},{"date" => "2021-05-23T14:14:12","version" => "2.180_51"},{"date" => "2021-05-24T08:03:55","version" => "2.180_52"},{"date" => "2021-05-25T05:20:34","version" => "2.180_53"},{"date" => "2021-05-26T06:46:41","version" => "2.181"},{"date" => "2021-06-29T10:42:11","version" => "2.181_50"},{"date" => "2021-06-30T09:36:34","version" => "2.182"},{"date" => "2021-07-01T07:05:45","version" => "2.182_50"},{"date" => "2021-07-03T13:07:49","version" => "2.182_51"},{"date" => "2021-07-05T07:07:44","version" => "2.183"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "2.102"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.12"},{"date" => "2004-11-27T00:00:00","dual_lived" => 1,"perl_release" => "5.008006","version" => "2.121_02"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "2.121_04"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "2.121_08"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.121_17"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "2.121_13"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.010000","version" => "2.121_14"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "2.129"},{"date" => "2010-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013007","version" => "2.130_01"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "2.130_02"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "2.132"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "2.134"},{"date" => "2012-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015007","version" => "2.135_03"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "2.135_05"},{"date" => "2012-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015009","version" => "2.135_06"},{"date" => "2012-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017006","version" => "2.137"},{"date" => "2013-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017008","version" => "2.141"},{"date" => "2013-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017009","version" => "2.142"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.146"},{"date" => "2013-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.019002","version" => "2.147"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "2.148"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.149"},{"date" => "2013-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019007","version" => "2.150"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "2.151_01"},{"date" => "2014-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021001","version" => "2.152"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "2.155"},{"date" => "2015-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021008","version" => "2.156"},{"date" => "2015-02-21T00:00:00","dual_lived" => 1,"perl_release" => "5.021009","version" => "2.157"},{"date" => "2015-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02101","version" => "2.158"},{"date" => "2015-12-21T00:00:00","dual_lived" => 1,"perl_release" => "5.023006","version" => "2.159"},{"date" => "2016-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025006","version" => "2.162"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "2.165"},{"date" => "2016-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025008","version" => "2.166"},{"date" => "2017-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025009","version" => "2.167"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "2.169"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "2.170"},{"date" => "2018-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029002","version" => "2.171"},{"date" => "2019-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029010","version" => "2.174"},{"date" => "2021-01-23T00:00:00","dual_lived" => 1,"perl_release" => "5.032001","version" => "2.174_01"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "2.175"},{"date" => "2020-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033003","version" => "2.176"},{"date" => "2021-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033008","version" => "2.177"},{"date" => "2021-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033009","version" => "2.178"},{"date" => "2021-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.034","version" => "2.179"},{"date" => "2022-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035008","version" => "2.184"},{"date" => "2022-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037001","version" => "2.185"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "2.186"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "2.187"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037010","version" => "2.188"},{"date" => "2023-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039003","version" => "2.189"},{"date" => "2024-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.041001","version" => "2.190"},{"date" => "2025-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041008","version" => "2.191"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "2.192"}]},"Data-Entropy" => {"advisories" => [{"affected_versions" => ["<=0.007"],"cves" => ["CVE-2025-1860"],"description" => "Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not\x{a0}cryptographically secure,\x{a0}for cryptographic functions.","distribution" => "Data-Entropy","fixed_versions" => [">0.007"],"id" => "CPANSA-Data-Entropy-2025-1860","references" => ["https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80","https://perldoc.perl.org/functions/rand","https://lists.debian.org/debian-lts-announce/2025/03/msg00026.html"],"reported" => "2025-03-28","severity" => undef}],"main_module" => "Data::Entropy","versions" => [{"date" => "2006-07-19T01:09:30","version" => "0.000"},{"date" => "2006-08-03T20:27:12","version" => "0.001"},{"date" => "2006-08-05T09:15:08","version" => "0.002"},{"date" => "2007-01-21T00:51:31","version" => "0.003"},{"date" => "2007-09-03T21:25:09","version" => "0.004"},{"date" => "2009-03-03T20:31:03","version" => "0.005"},{"date" => "2009-11-21T14:01:52","version" => "0.006"},{"date" => "2011-04-27T20:03:17","version" => "0.007"},{"date" => "2025-03-27T19:11:37","version" => "0.008"}]},"Data-FormValidator" => {"advisories" => [{"affected_versions" => ["<=4.66"],"cves" => ["CVE-2011-2201"],"description" => "The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.\n","distribution" => "Data-FormValidator","fixed_versions" => [">4.66"],"id" => "CPANSA-Data-FormValidator-2011-2201","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511","http://www.openwall.com/lists/oss-security/2011/06/13/13","https://bugzilla.redhat.com/show_bug.cgi?id=712694","http://www.openwall.com/lists/oss-security/2011/06/12/3","http://www.securityfocus.com/bid/48167","https://rt.cpan.org/Public/Bug/Display.html?id=61792","http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html","http://www.openwall.com/lists/oss-security/2011/06/13/5"],"reported" => "2011-09-14","severity" => undef}],"main_module" => "Data::FormValidator","versions" => [{"date" => "2001-06-19T21:43:01","version" => "1.3"},{"date" => "2001-06-22T16:36:08","version" => "1.4"},{"date" => "2001-06-25T17:02:43","version" => "1.4"},{"date" => "2001-06-28T15:13:01","version" => "1.5"},{"date" => "2001-07-18T14:23:17","version" => "v1.5.1"},{"date" => "2001-09-23T22:42:22","version" => "1.6"},{"date" => "2001-11-03T18:16:00","version" => "1.7"},{"date" => "2002-02-14T22:45:46","version" => "1.8"},{"date" => "2002-02-18T02:20:12","version" => "1.9"},{"date" => "2002-04-21T13:42:36","version" => "1.10"},{"date" => "2002-06-29T21:04:14","version" => "1.11"},{"date" => "2002-10-07T02:06:39","version" => "1.91"},{"date" => "2002-12-23T23:36:37","version" => "1.92"},{"date" => "2003-03-08T13:10:33","version" => "1.93"},{"date" => "2003-03-23T03:01:57","version" => "2.00"},{"date" => "2003-04-02T15:18:15","version" => "2.01"},{"date" => "2003-04-09T15:54:50","version" => "2.02"},{"date" => "2003-04-10T16:12:40","version" => "2.03"},{"date" => "2003-04-12T02:58:35","version" => "2.04"},{"date" => "2003-04-20T22:23:44","version" => "2.10"},{"date" => "2003-04-24T02:51:03","version" => "2.10"},{"date" => "2003-05-11T21:29:55","version" => "3.00"},{"date" => "2003-05-16T04:06:05","version" => "3.01"},{"date" => "2003-05-26T23:18:18","version" => "3.1"},{"date" => "2003-05-27T19:41:01","version" => "3.11"},{"date" => "2003-06-23T01:27:03","version" => "3.12"},{"date" => "2003-11-02T21:19:10","version" => "3.13"},{"date" => "2003-11-03T17:59:41","version" => "3.14"},{"date" => "2003-11-30T20:36:41","version" => "3.15"},{"date" => "2004-01-04T01:37:01","version" => "3.49_1"},{"date" => "2004-01-12T22:04:27","version" => "3.50"},{"date" => "2004-02-27T04:19:47","version" => "3.51"},{"date" => "2004-03-21T17:42:11","version" => "3.52"},{"date" => "2004-03-23T02:33:53","version" => "3.53"},{"date" => "2004-03-24T14:55:49","version" => "3.54"},{"date" => "2004-04-17T02:30:02","version" => "3.56"},{"date" => "2004-04-22T02:26:41","version" => "3.57"},{"date" => "2004-05-05T21:55:00","version" => "3.58"},{"date" => "2004-07-02T17:48:51","version" => "3.59"},{"date" => "2004-09-28T02:25:35","version" => "3.61"},{"date" => "2004-10-09T04:00:51","version" => "3.62"},{"date" => "2004-11-17T22:27:13","version" => "3.63"},{"date" => "2005-05-20T01:25:45","version" => "4.00_01"},{"date" => "2005-07-03T19:37:11","version" => "4.00_02"},{"date" => "2005-07-20T02:07:36","version" => "3.70"},{"date" => "2005-07-31T17:36:02","version" => "3.71"},{"date" => "2005-08-14T16:09:26","version" => "4.00"},{"date" => "2005-08-20T18:20:14","version" => "4.01"},{"date" => "2005-09-01T02:31:29","version" => "4.02"},{"date" => "2005-12-23T01:00:49","version" => "4.10"},{"date" => "2006-01-03T23:49:53","version" => "4.11"},{"date" => "2006-01-06T02:14:25","version" => "4.12"},{"date" => "2006-02-10T02:48:33","version" => "4.13"},{"date" => "2006-02-17T18:48:14","version" => "4.14"},{"date" => "2006-06-13T01:12:23","version" => "4.20"},{"date" => "2006-07-01T15:42:37","version" => "4.21_01"},{"date" => "2006-07-11T01:45:51","version" => "4.30"},{"date" => "2006-08-21T23:43:58","version" => "4.40"},{"date" => "2006-10-03T18:16:57","version" => "4.49_1"},{"date" => "2006-12-05T02:41:19","version" => "4.50"},{"date" => "2007-07-14T03:36:00","version" => "4.51"},{"date" => "2007-10-19T19:41:46","version" => "4.52"},{"date" => "2007-10-20T20:02:19","version" => "4.50"},{"date" => "2007-10-21T13:30:20","version" => "4.54"},{"date" => "2007-10-21T15:50:42","version" => "4.55"},{"date" => "2007-10-31T16:49:55","version" => "4.56"},{"date" => "2007-11-02T02:55:19","version" => "4.57"},{"date" => "2008-06-16T18:28:54","version" => "4.60"},{"date" => "2008-06-16T18:46:47","version" => "4.61"},{"date" => "2009-01-03T17:14:18","version" => "4.62"},{"date" => "2009-01-03T17:49:48","version" => "4.63"},{"date" => "2009-12-31T03:22:00","version" => "4.65"},{"date" => "2010-02-24T14:33:48","version" => "4.66"},{"date" => "2011-11-12T02:18:45","version" => "4.67"},{"date" => "2011-11-12T03:11:55","version" => "4.70"},{"date" => "2012-10-02T20:40:09","version" => "4.71"},{"date" => "2012-11-01T15:14:05","version" => "4.80"},{"date" => "2013-07-19T12:31:06","version" => "4.81"},{"date" => "2017-02-23T15:15:37","version" => "4.82"},{"date" => "2017-02-23T16:39:53","version" => "4.83"},{"date" => "2017-02-25T15:12:25","version" => "4.84"},{"date" => "2017-02-25T20:34:08","version" => "4.85"},{"date" => "2017-03-26T19:39:49","version" => "4.86"},{"date" => "2017-08-28T12:41:42","version" => "4.88"}]},"Data-UUID" => {"advisories" => [{"affected_versions" => [">1.219,<1.227"],"cves" => ["CVE-2013-4184"],"description" => "Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks\n","distribution" => "Data-UUID","fixed_versions" => [">=1.227"],"id" => "CPANSA-Data-UUID-2013-4184","references" => ["https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4184","http://www.openwall.com/lists/oss-security/2013/07/31/4","http://www.securityfocus.com/bid/61534","https://exchange.xforce.ibmcloud.com/vulnerabilities/86103","https://security-tracker.debian.org/tracker/CVE-2013-4184","https://access.redhat.com/security/cve/cve-2013-4184","https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4184"],"reported" => "2019-12-10","severity" => "medium"}],"main_module" => "Data::UUID","versions" => [{"date" => "2001-10-30T17:35:43","version" => "0.01"},{"date" => "2001-10-31T17:16:07","version" => "0.02"},{"date" => "2001-11-05T17:56:17","version" => "0.03"},{"date" => "2001-12-12T21:23:28","version" => "0.04"},{"date" => "2002-02-13T19:57:54","version" => "0.05"},{"date" => "2002-03-11T15:42:56","version" => "0.06"},{"date" => "2002-06-12T21:38:06","version" => "0.07"},{"date" => "2002-11-29T17:19:21","version" => "0.08"},{"date" => "2003-02-26T21:56:46","version" => "0.09"},{"date" => "2003-07-17T21:55:38","version" => "0.10"},{"date" => "2003-08-27T20:17:10","version" => "0.11"},{"date" => "2006-02-24T00:44:57","version" => "0.12_01"},{"date" => "2006-02-25T20:45:33","version" => "0.13"},{"date" => "2006-03-18T13:42:09","version" => "0.14"},{"date" => "2006-09-06T02:19:07","version" => "0.141"},{"date" => "2006-09-06T02:46:59","version" => "0.142"},{"date" => "2006-09-18T02:16:47","version" => "0.143"},{"date" => "2006-09-19T22:29:33","version" => "0.145"},{"date" => "2006-11-15T01:22:33","version" => "0.146"},{"date" => "2006-11-16T14:16:50","version" => "0.147_01"},{"date" => "2006-11-16T15:25:08","version" => "0.148"},{"date" => "2007-03-08T16:05:15","version" => "1.148"},{"date" => "2008-11-01T16:36:57","version" => "1.149"},{"date" => "2008-11-02T03:21:27","version" => "1.200_01"},{"date" => "2008-11-11T21:40:52","version" => "1.200_02"},{"date" => "2009-04-18T18:12:28","version" => "1.201"},{"date" => "2009-06-15T22:47:18","version" => "1.202"},{"date" => "2009-11-03T21:49:20","version" => "1.203"},{"date" => "2010-05-07T01:57:28","version" => "1.210"},{"date" => "2010-05-07T12:00:52","version" => "1.211"},{"date" => "2010-05-07T22:59:24","version" => "1.212"},{"date" => "2010-05-09T19:29:59","version" => "1.213"},{"date" => "2010-05-15T01:06:55","version" => "1.214"},{"date" => "2010-05-25T02:47:15","version" => "1.215"},{"date" => "2010-09-04T18:14:56","version" => "1.216"},{"date" => "2010-09-14T01:48:04","version" => "1.217"},{"date" => "2012-08-01T03:25:46","version" => "1.218"},{"date" => "2013-07-07T03:00:13","version" => "1.219"},{"date" => "2014-12-16T00:07:05","version" => "1.220"},{"date" => "2015-08-10T12:37:32","version" => "1.221"},{"date" => "2018-04-29T22:11:17","version" => "1.222"},{"date" => "2019-02-25T22:28:34","version" => "1.223"},{"date" => "2019-03-02T14:20:33","version" => "1.224"},{"date" => "2020-04-12T18:42:29","version" => "1.225"},{"date" => "2020-04-12T18:43:57","version" => "1.226"},{"date" => "2024-03-18T19:39:28","version" => "1.227"}]},"Data-Validate-IP" => {"advisories" => [{"affected_versions" => ["<=0.29"],"cves" => ["CVE-2021-29662"],"description" => "The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Data-Validate-IP","fixed_versions" => [">0.29"],"id" => "CPANSA-Data-Validate-IP-2021-01","references" => ["https://security.netapp.com/advisory/ntap-20210604-0002/","https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/houseabsolute/Data-Validate-IP","https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e","https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md","https://sick.codes/sick-2021-018/"],"reported" => "2021-03-31"}],"main_module" => "Data::Validate::IP","versions" => [{"date" => "2005-03-04T16:46:50","version" => "0.02"},{"date" => "2005-03-04T20:06:14","version" => "0.03"},{"date" => "2005-04-28T15:11:20","version" => "0.04"},{"date" => "2007-03-06T19:45:16","version" => "0.05"},{"date" => "2007-05-16T16:08:59","version" => "0.06"},{"date" => "2007-05-18T02:42:07","version" => "0.07"},{"date" => "2007-12-06T18:48:53","version" => "0.08"},{"date" => "2009-06-04T17:52:28","version" => "0.10"},{"date" => "2010-03-01T19:40:48","version" => "0.11"},{"date" => "2010-12-29T21:23:08","version" => "0.12"},{"date" => "2011-01-06T14:25:53","version" => "0.13"},{"date" => "2011-01-06T14:45:14","version" => "0.14"},{"date" => "2013-02-05T00:19:11","version" => "0.15"},{"date" => "2013-02-06T15:18:38","version" => "0.16"},{"date" => "2013-02-19T15:58:21","version" => "0.17"},{"date" => "2013-02-20T00:31:32","version" => "0.18"},{"date" => "2013-03-13T15:48:07","version" => "0.19"},{"date" => "2013-07-13T19:21:15","version" => "0.20"},{"date" => "2013-12-05T21:16:41","version" => "0.21"},{"date" => "2013-12-05T22:47:38","version" => "0.22"},{"date" => "2014-03-09T16:00:20","version" => "0.23"},{"date" => "2014-08-28T16:00:00","version" => "0.24"},{"date" => "2016-02-02T16:17:46","version" => "0.25"},{"date" => "2016-05-31T17:31:50","version" => "0.26"},{"date" => "2016-11-17T18:05:57","version" => "0.27"},{"date" => "2021-03-29T17:01:17","version" => "0.28"},{"date" => "2021-03-29T17:07:58","version" => "0.29"},{"date" => "2021-03-29T21:50:39","version" => "0.30"},{"date" => "2022-11-28T18:19:55","version" => "0.31"}]},"Devel-PPPort" => {"advisories" => [{"affected_versions" => ["<3.41"],"cves" => [],"description" => "Function croak() takes first parameter printf-like format. Arbitrary string from the variable \$\@ can cause perl crash when contains one or more '%'.\n","distribution" => "Devel-PPPort","fixed_versions" => [">=3.41"],"id" => "CPANSA-Devel-PPPort-2017-01","references" => ["https://metacpan.org/dist/Devel-PPPort/changes","https://github.com/Dual-Life/Devel-PPPort/pull/47"],"reported" => "2017-02-14","severity" => undef}],"main_module" => "Devel::PPPort","versions" => [{"date" => "1999-03-01T05:05:50","version" => "1.0004"},{"date" => "1999-03-08T02:57:01","version" => "1.0005"},{"date" => "1999-03-24T16:17:40","version" => "1.0006"},{"date" => "1999-03-29T16:29:09","version" => "1.0007"},{"date" => "2004-08-07T14:09:53","version" => "2.99_01"},{"date" => "2004-08-08T17:24:46","version" => "2.99_02"},{"date" => "2004-08-09T20:40:45","version" => "2.99_03"},{"date" => "2004-08-10T21:37:23","version" => "2.99_04"},{"date" => "2004-08-10T21:52:34","version" => "2.99_05"},{"date" => "2004-08-11T21:14:33","version" => "2.99_06"},{"date" => "2004-08-13T11:05:16","version" => "2.99_07"},{"date" => "2004-08-16T09:37:21","version" => "3.00"},{"date" => "2004-08-17T21:45:21","version" => "3.00_01"},{"date" => "2004-08-19T11:23:25","version" => "3.00_02"},{"date" => "2004-08-20T13:31:59","version" => "3.00_03"},{"date" => "2004-08-23T05:52:31","version" => "3.01"},{"date" => "2004-09-08T19:25:27","version" => "3.02"},{"date" => "2004-09-08T20:39:17","version" => "3.03"},{"date" => "2004-12-29T14:03:53","version" => "3.04"},{"date" => "2005-01-31T18:29:11","version" => "3.05"},{"date" => "2005-02-02T21:53:39","version" => "3.06"},{"date" => "2005-06-25T16:59:34","version" => "3.06_01"},{"date" => "2005-10-18T19:59:34","version" => "3.06_02"},{"date" => "2005-10-18T21:43:58","version" => "3.06_03"},{"date" => "2005-10-30T11:10:01","version" => "3.06_04"},{"date" => "2006-01-16T18:10:31","version" => "3.07"},{"date" => "2006-01-19T18:40:04","version" => "3.08"},{"date" => "2006-05-20T11:11:00","version" => "3.08_01"},{"date" => "2006-05-22T11:17:01","version" => "3.08_02"},{"date" => "2006-05-25T15:33:51","version" => "3.08_03"},{"date" => "2006-05-29T17:44:18","version" => "3.08_04"},{"date" => "2006-06-23T19:00:30","version" => "3.08_05"},{"date" => "2006-06-25T08:09:51","version" => "3.08_06"},{"date" => "2006-07-03T21:36:39","version" => "3.08_07"},{"date" => "2006-07-08T16:22:49","version" => "3.09"},{"date" => "2006-07-21T17:25:17","version" => "3.09_01"},{"date" => "2006-07-25T18:45:27","version" => "3.09_02"},{"date" => "2006-08-14T19:31:33","version" => "3.10"},{"date" => "2006-12-02T16:26:47","version" => "3.10_01"},{"date" => "2006-12-02T17:23:57","version" => "3.10_02"},{"date" => "2007-02-14T13:10:03","version" => "3.11"},{"date" => "2007-03-23T17:09:16","version" => "3.11_01"},{"date" => "2007-08-12T23:08:25","version" => "3.11_02"},{"date" => "2007-08-14T19:14:20","version" => "3.11_03"},{"date" => "2007-08-20T16:31:23","version" => "3.11_04"},{"date" => "2007-08-20T17:29:16","version" => "3.11_05"},{"date" => "2007-09-11T21:41:31","version" => "3.11_06"},{"date" => "2007-09-22T08:00:55","version" => "3.12"},{"date" => "2007-10-04T10:33:11","version" => "3.13"},{"date" => "2008-01-04T14:09:17","version" => "3.13_01"},{"date" => "2008-04-13T13:11:47","version" => "3.13_02"},{"date" => "2008-05-13T19:07:49","version" => "3.13_03"},{"date" => "2008-06-01T12:08:17","version" => "3.14"},{"date" => "2008-07-11T20:42:44","version" => "3.14_01"},{"date" => "2008-10-12T19:49:45","version" => "3.14_02"},{"date" => "2008-10-21T21:20:59","version" => "3.14_03"},{"date" => "2008-10-30T18:55:01","version" => "3.14_04"},{"date" => "2008-10-31T07:20:25","version" => "3.14_05"},{"date" => "2009-01-18T13:49:22","version" => "3.15"},{"date" => "2009-01-23T17:33:31","version" => "3.16"},{"date" => "2009-03-15T15:45:38","version" => "3.17"},{"date" => "2009-06-12T11:05:52","version" => "3.18"},{"date" => "2009-06-12T11:25:31","version" => "3.18_01"},{"date" => "2009-06-14T09:59:59","version" => "3.19"},{"date" => "2010-02-20T18:48:07","version" => "3.19_01"},{"date" => "2010-03-07T12:51:00","version" => "3.19_02"},{"date" => "2011-04-13T07:49:49","version" => "3.19_03"},{"date" => "2011-09-10T19:32:27","version" => "3.20"},{"date" => "2013-08-17T13:27:59","version" => "3.21"},{"date" => "2014-03-20T02:17:15","version" => "3.22"},{"date" => "2014-04-13T00:04:17","version" => "3.23"},{"date" => "2014-05-09T00:15:50","version" => "3.24"},{"date" => "2014-12-02T13:08:04","version" => "3.25"},{"date" => "2015-01-08T02:42:03","version" => "3.26"},{"date" => "2015-01-13T15:02:40","version" => "3.27"},{"date" => "2015-01-16T12:33:46","version" => "3.28"},{"date" => "2015-03-05T13:22:18","version" => "3.29"},{"date" => "2015-03-05T20:29:10","version" => "3.30"},{"date" => "2015-03-12T14:27:15","version" => "3.31"},{"date" => "2015-09-30T16:31:45","version" => "3.32"},{"date" => "2016-05-06T11:01:12","version" => "3.32_01"},{"date" => "2016-05-24T13:59:25","version" => "3.32_02"},{"date" => "2016-06-03T13:47:32","version" => "3.33"},{"date" => "2016-06-12T23:09:20","version" => "3.34"},{"date" => "2016-06-17T18:22:04","version" => "3.35"},{"date" => "2017-05-14T08:53:44","version" => "3.36"},{"date" => "2018-04-21T12:18:05","version" => "3.41"},{"date" => "2018-04-21T14:45:37","version" => "3.42"},{"date" => "2018-09-19T14:47:44","version" => "3.43"},{"date" => "2018-10-12T17:16:24","version" => "3.43_04"},{"date" => "2019-02-20T23:05:14","version" => "3.44"},{"date" => "2019-03-19T20:55:38","version" => "3.45"},{"date" => "2019-04-26T19:50:59","version" => "3.46"},{"date" => "2019-04-28T05:30:49","version" => "3.47"},{"date" => "2019-04-28T21:43:34","version" => "3.48"},{"date" => "2019-04-28T21:57:51","version" => "3.48"},{"date" => "2019-04-29T17:48:49","version" => "3.49"},{"date" => "2019-04-30T19:05:34","version" => "3.50"},{"date" => "2019-04-30T23:09:43","version" => "3.51"},{"date" => "2019-05-14T17:18:17","version" => "3.52"},{"date" => "2019-06-09T16:13:03","version" => "3.52_04"},{"date" => "2019-06-11T07:57:30","version" => "3.53_04"},{"date" => "2019-09-28T00:25:55","version" => "3.53"},{"date" => "2019-09-28T00:35:17","version" => "3.54"},{"date" => "2019-11-07T21:15:22","version" => "3.55"},{"date" => "2019-11-25T17:04:32","version" => "3.56"},{"date" => "2020-01-31T20:46:51","version" => "3.57"},{"date" => "2020-02-10T22:15:17","version" => "3.57_01"},{"date" => "2020-03-04T21:32:50","version" => "3.57_02"},{"date" => "2020-03-09T20:42:29","version" => "3.58"},{"date" => "2020-08-06T22:31:34","version" => "3.58_01"},{"date" => "2020-08-10T16:51:52","version" => "3.59"},{"date" => "2020-08-11T19:44:32","version" => "3.60"},{"date" => "2020-09-30T23:22:16","version" => "3.60_01"},{"date" => "2020-10-07T14:59:47","version" => "3.60_02"},{"date" => "2020-10-12T23:25:45","version" => "3.61"},{"date" => "2020-10-16T20:01:45","version" => "3.62"},{"date" => "2021-07-07T00:08:28","version" => "3.63"},{"date" => "2022-02-01T18:16:40","version" => "3.64"},{"date" => "2022-03-02T22:12:02","version" => "3.65"},{"date" => "2022-03-02T22:41:01","version" => "3.66"},{"date" => "2022-03-08T19:25:43","version" => "3.67"},{"date" => "2022-03-18T22:08:30","version" => "3.68"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.0002"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "2.007"},{"date" => "2003-11-05T00:00:00","dual_lived" => 1,"perl_release" => "5.008002","version" => "2.009"},{"date" => "2004-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008003","version" => "2.011"},{"date" => "2003-10-27T00:00:00","dual_lived" => 1,"perl_release" => "5.009","version" => "2.008"},{"date" => "2004-03-16T00:00:00","dual_lived" => 1,"perl_release" => "5.009001","version" => "2.011_01"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "3.37"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "3.38"},{"date" => "2018-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027009","version" => "3.39"},{"date" => "2018-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027011","version" => "3.40"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.69"},{"date" => "2023-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037009","version" => "3.70"},{"date" => "2023-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037011","version" => "3.71"},{"date" => "2023-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039003","version" => "3.72"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.73"}]},"Devel-StackTrace" => {"advisories" => [{"affected_versions" => ["<1.19"],"cves" => ["CVE-2008-3502"],"description" => "Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.\n","distribution" => "Devel-StackTrace","fixed_versions" => [">=1.19"],"id" => "CPANSA-Devel-StackTrace-2008-3502","references" => ["http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html","http://www.securityfocus.com/bid/29925","http://secunia.com/advisories/30830","https://exchange.xforce.ibmcloud.com/vulnerabilities/43337"],"reported" => "2008-08-06","severity" => undef}],"main_module" => "Devel::StackTrace","versions" => [{"date" => "2000-06-27T19:21:12","version" => "0.7"},{"date" => "2000-07-04T16:34:23","version" => "0.75"},{"date" => "2000-09-03T02:55:27","version" => "0.8"},{"date" => "2000-09-03T04:10:13","version" => "0.85"},{"date" => "2001-11-24T06:37:34","version" => "0.9"},{"date" => "2002-08-23T09:12:26","version" => "1.00"},{"date" => "2002-09-18T16:19:28","version" => "1.01"},{"date" => "2002-09-19T22:12:09","version" => "1.02"},{"date" => "2003-01-22T20:33:08","version" => "1.03"},{"date" => "2003-09-25T19:15:23","version" => "1.04"},{"date" => "2004-02-17T20:35:35","version" => "1.05"},{"date" => "2004-02-22T00:14:28","version" => "1.06"},{"date" => "2004-02-22T00:30:48","version" => "1.07"},{"date" => "2004-02-23T15:25:26","version" => "1.08"},{"date" => "2004-02-26T22:30:00","version" => "1.09"},{"date" => "2004-03-10T21:25:04","version" => "1.10"},{"date" => "2004-04-12T05:11:33","version" => "1.11"},{"date" => "2005-09-30T05:47:47","version" => "1.12"},{"date" => "2006-04-01T04:51:47","version" => "1.13"},{"date" => "2007-03-16T15:29:38","version" => "1.14"},{"date" => "2007-04-28T20:07:57","version" => "1.15"},{"date" => "2008-02-02T06:09:06","version" => "1.16"},{"date" => "2008-03-30T17:20:19","version" => "1.17"},{"date" => "2008-03-31T14:16:23","version" => "1.18"},{"date" => "2008-06-13T18:07:37","version" => "1.19"},{"date" => "2008-06-13T23:46:42","version" => "1.1901"},{"date" => "2008-07-16T13:20:57","version" => "1.1902"},{"date" => "2008-10-26T01:44:25","version" => "1.20"},{"date" => "2009-07-02T04:50:03","version" => "1.21"},{"date" => "2009-07-15T19:51:37","version" => "1.22"},{"date" => "2010-08-28T01:47:36","version" => "1.23"},{"date" => "2010-09-03T14:18:22","version" => "1.24"},{"date" => "2010-09-06T14:54:15","version" => "1.25"},{"date" => "2010-10-15T15:25:58","version" => "1.26"},{"date" => "2011-01-16T18:57:01","version" => "1.27"},{"date" => "2012-11-16T16:59:05","version" => "1.28"},{"date" => "2012-11-16T17:47:00","version" => "1.29"},{"date" => "2012-11-20T05:07:49","version" => "1.30"},{"date" => "2014-01-16T22:37:16","version" => "1.31"},{"date" => "2014-05-05T08:01:10","version" => "1.32"},{"date" => "2014-06-26T20:43:33","version" => "1.33"},{"date" => "2014-06-26T21:50:12","version" => "1.34"},{"date" => "2014-11-01T18:06:29","version" => "2.00"},{"date" => "2016-03-02T17:23:15","version" => "2.01"},{"date" => "2016-12-07T19:51:47","version" => "2.02"},{"date" => "2017-11-18T17:10:57","version" => "2.03"},{"date" => "2019-05-24T18:54:07","version" => "2.04"},{"date" => "2024-01-08T04:48:56","version" => "2.05"}]},"Dezi" => {"advisories" => [{"affected_versions" => ["<0.002002"],"cves" => [],"description" => "Bypassing authentication on the /index URL app with non-idempotent requests to /search URL.\n","distribution" => "Dezi","fixed_versions" => [">=0.002002"],"id" => "CPANSA-Dezi-2012-01","references" => ["https://metacpan.org/changes/distribution/Dezi","https://github.com/karpet/Dezi/commit/f1ad292b4dd988d1a38202c804bb7a2a3bcca3c8"],"reported" => "2012-09-13"}],"main_module" => "Dezi","versions" => [{"date" => "2011-06-22T04:53:57","version" => "0.001000"},{"date" => "2011-08-03T02:42:22","version" => "0.001001"},{"date" => "2011-09-30T03:35:08","version" => "0.001002"},{"date" => "2011-10-23T02:12:02","version" => "0.001003"},{"date" => "2012-03-17T02:40:15","version" => "0.001004"},{"date" => "2012-07-11T03:20:40","version" => "0.001005"},{"date" => "2012-08-18T02:43:23","version" => "0.001006"},{"date" => "2012-08-22T03:58:33","version" => "0.001007"},{"date" => "2012-09-04T02:05:34","version" => "0.001008"},{"date" => "2012-09-12T03:51:13","version" => "0.002000"},{"date" => "2012-09-13T01:50:59","version" => "0.002001"},{"date" => "2012-09-13T14:10:02","version" => "0.002002"},{"date" => "2012-10-16T00:57:46","version" => "0.002003"},{"date" => "2012-10-18T03:15:21","version" => "0.002004"},{"date" => "2012-12-19T05:25:13","version" => "0.002005"},{"date" => "2013-02-03T02:49:07","version" => "0.002006"},{"date" => "2013-02-05T15:02:54","version" => "0.002007"},{"date" => "2013-02-09T05:37:41","version" => "0.002008"},{"date" => "2013-02-13T02:30:33","version" => "0.002009"},{"date" => "2013-02-13T04:31:49","version" => "0.002010"},{"date" => "2013-11-13T17:08:03","version" => "0.002011"},{"date" => "2014-02-27T18:08:30","version" => "0.002012"},{"date" => "2014-06-05T06:59:12","version" => "0.002998_01"},{"date" => "2014-06-08T04:59:17","version" => "0.003000"},{"date" => "2014-07-30T20:40:24","version" => "0.004000"},{"date" => "2014-09-02T02:45:00","version" => "0.004001"},{"date" => "2015-04-30T22:01:11","version" => "0.004002"},{"date" => "2018-05-16T02:24:24","version" => "0.004003"}]},"Digest" => {"advisories" => [{"affected_versions" => ["<1.17"],"cves" => ["CVE-2011-3597"],"description" => "Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.\n","distribution" => "Digest","fixed_versions" => [">=0.17"],"id" => "CPANSA-Digest-2011-3597","references" => ["http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc","http://www.redhat.com/support/errata/RHSA-2011-1797.html","http://www.redhat.com/support/errata/RHSA-2011-1424.html","https://bugzilla.redhat.com/show_bug.cgi?id=743010","http://www.securityfocus.com/bid/49911","http://secunia.com/advisories/46279","http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes","http://www.mandriva.com/security/advisories?name=MDVSA-2012:009","http://www.mandriva.com/security/advisories?name=MDVSA-2012:008","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446"],"reported" => "2012-01-13","reviewed_by" => [{"date" => "2022-07-05","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => ["<1.19"],"cves" => ["CVE-2016-1238"],"description" => "Includes . in \@INC which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Digest","fixed_versions" => [">=1.19"],"id" => "CPANSA-Digest-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Digest","versions" => [{"date" => "2001-03-14T06:33:08","version" => "1.00"},{"date" => "2003-01-05T01:23:53","version" => "1.01"},{"date" => "2003-01-19T04:35:36","version" => "1.02"},{"date" => "2003-11-28T12:29:42","version" => "1.03"},{"date" => "2003-11-29T12:08:20","version" => "1.04"},{"date" => "2003-12-01T07:58:06","version" => "1.05"},{"date" => "2004-04-01T10:55:24","version" => "1.06"},{"date" => "2004-04-25T14:39:53","version" => "1.07"},{"date" => "2004-04-29T07:56:42","version" => "1.08"},{"date" => "2004-11-05T12:20:28","version" => "1.09"},{"date" => "2004-11-08T09:41:14","version" => "1.10"},{"date" => "2005-09-11T11:14:33","version" => "1.11"},{"date" => "2005-09-29T10:20:20","version" => "1.12"},{"date" => "2005-10-18T11:59:24","version" => "1.13"},{"date" => "2005-11-26T10:10:21","version" => "1.14"},{"date" => "2006-03-20T15:18:01","version" => "1.15"},{"date" => "2009-06-09T18:58:26","version" => "1.16"},{"date" => "2011-10-02T10:14:32","version" => "1.17"},{"date" => "2020-10-13T19:16:47","version" => "1.18"},{"date" => "2020-10-13T20:02:35","version" => "1.19"},{"date" => "2021-08-24T13:51:51","version" => "1.20"},{"date" => "2012-10-12T00:00:00","dual_lived" => 1,"perl_release" => "5.014003","version" => "1.16_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "1.17_01"}]},"Digest-MD5" => {"advisories" => [{"affected_versions" => ["<2.25"],"cves" => ["CVE-2002-0703"],"description" => "An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.\n","distribution" => "Digest-MD5","fixed_versions" => [],"id" => "CPANSA-Digest-MD5-2002-0703","references" => ["http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php","http://www.iss.net/security_center/static/9051.php","http://www.securityfocus.com/bid/4716","http://rhn.redhat.com/errata/RHSA-2002-081.html"],"reported" => "2002-07-26","severity" => undef}],"main_module" => "Digest::MD5","versions" => [{"date" => "1998-10-23T12:30:56","version" => "1.99_53"},{"date" => "1998-10-24T13:58:24","version" => "1.99_54"},{"date" => "1998-10-24T22:44:03","version" => "1.99_55"},{"date" => "1998-10-24T23:07:15","version" => "1.99_56"},{"date" => "1998-10-27T21:09:37","version" => "1.99_57"},{"date" => "1998-10-28T14:11:30","version" => "1.99_58"},{"date" => "1998-10-28T20:57:10","version" => "1.99_59"},{"date" => "1998-10-30T17:23:27","version" => "1.99_60"},{"date" => "1998-11-04T22:27:42","version" => "2.00"},{"date" => "1998-12-30T04:01:06","version" => "2.01"},{"date" => "1999-01-31T16:44:38","version" => "2.02"},{"date" => "1999-02-01T20:25:06","version" => "2.02"},{"date" => "1999-02-27T21:39:24","version" => "2.03"},{"date" => "1999-03-05T21:17:35","version" => "2.04"},{"date" => "1999-03-15T10:58:32","version" => "2.05"},{"date" => "1999-03-19T05:05:36","version" => "2.05"},{"date" => "1999-03-26T13:51:38","version" => "2.06"},{"date" => "1999-04-26T09:45:43","version" => "2.07"},{"date" => "1999-06-02T13:44:41","version" => "2.07"},{"date" => "1999-07-28T10:55:54","version" => "2.08"},{"date" => "1999-08-05T23:29:15","version" => "2.09"},{"date" => "1999-09-02T12:45:17","version" => "2.09"},{"date" => "2000-08-18T08:49:59","version" => "2.10"},{"date" => "2000-08-19T17:39:04","version" => "2.11"},{"date" => "2000-09-18T15:10:45","version" => "2.12"},{"date" => "2001-01-19T06:08:47","version" => "2.12"},{"date" => "2001-03-14T05:56:41","version" => "2.13"},{"date" => "2001-03-17T04:35:32","version" => "2.13"},{"date" => "2001-06-24T07:37:20","version" => "2.13"},{"date" => "2001-07-18T13:40:13","version" => "2.14"},{"date" => "2001-08-27T17:53:29","version" => "2.15"},{"date" => "2001-08-29T06:32:30","version" => "2.15"},{"date" => "2001-09-07T05:52:46","version" => "2.16"},{"date" => "2002-04-25T17:24:14","version" => "2.17"},{"date" => "2002-05-01T23:34:50","version" => "2.18"},{"date" => "2002-05-02T03:21:40","version" => "2.19"},{"date" => "2002-05-06T05:20:38","version" => "2.20"},{"date" => "2002-12-28T05:33:19","version" => "2.21"},{"date" => "2003-01-05T01:04:07","version" => "2.22"},{"date" => "2003-01-19T04:55:24","version" => "2.23"},{"date" => "2003-03-09T15:26:49","version" => "2.24"},{"date" => "2003-07-05T05:33:54","version" => "2.25"},{"date" => "2003-07-22T06:15:03","version" => "2.26"},{"date" => "2003-08-05T06:12:31","version" => "2.27"},{"date" => "2003-10-06T13:16:20","version" => "2.28"},{"date" => "2003-10-06T17:37:30","version" => "2.29"},{"date" => "2003-10-09T09:40:47","version" => "2.30"},{"date" => "2003-11-28T13:10:59","version" => "2.31"},{"date" => "2003-12-05T10:15:43","version" => "2.32"},{"date" => "2003-12-07T10:31:15","version" => "2.33"},{"date" => "2005-11-26T10:05:19","version" => "2.34"},{"date" => "2005-11-26T11:15:35","version" => "2.35"},{"date" => "2005-11-30T13:55:38","version" => "2.36"},{"date" => "2008-11-12T09:36:42","version" => "2.37"},{"date" => "2008-11-14T13:50:45","version" => "2.38"},{"date" => "2009-06-09T20:21:55","version" => "2.39"},{"date" => "2010-07-03T14:01:25","version" => "2.40"},{"date" => "2010-09-25T22:12:42","version" => "2.50"},{"date" => "2010-09-30T19:46:29","version" => "2.51"},{"date" => "2012-06-07T22:37:00","version" => "2.52"},{"date" => "2013-07-02T17:56:06","version" => "2.53"},{"date" => "2015-01-12T21:19:42","version" => "2.54"},{"date" => "2016-03-09T21:17:10","version" => "2.55"},{"date" => "2020-10-05T17:19:37","version" => "2.56"},{"date" => "2020-10-05T17:42:48","version" => "2.57"},{"date" => "2020-10-05T21:53:32","version" => "2.58"},{"date" => "2023-12-30T21:01:56","version" => "2.59"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "2.36_01"},{"date" => "2019-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031005","version" => "2.55_01"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038","version" => "2.58_01"}]},"Digest-SHA" => {"advisories" => [{"affected_versions" => ["<5.96"],"cves" => ["CVE-2016-1238"],"description" => "Digest::SHA before 5.96 with perls earlier than v5.26 included the current working directory in the module search path, which could lead to the inadvernant loading of unexpected versions of a module. The current directory was removed from the default module search path in perls from v5.26 and later.\n","distribution" => "Digest-SHA","fixed_versions" => [">=5.96"],"id" => "CPANSA-Digest-SHA-2016-1238","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=116513","https://github.com/advisories/GHSA-hm5v-6984-hfqp","https://metacpan.org/release/MSHELOR/Digest-SHA-5.96/diff/MSHELOR/Digest-SHA-5.95","https://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","https://lists.debian.org/debian-security-announce/2016/msg00206.html","https://security.gentoo.org/glsa/201701-75"],"reported" => undef,"severity" => "high"}],"main_module" => "Digest::SHA","versions" => [{"date" => "2003-10-11T09:45:19","version" => "0.9"},{"date" => "2003-10-20T09:50:18","version" => "1.0"},{"date" => "2003-10-25T11:31:51","version" => "1.01"},{"date" => "2003-11-01T21:22:08","version" => "2.0"},{"date" => "2003-11-09T11:06:19","version" => "2.1"},{"date" => "2003-11-16T11:08:06","version" => "2.2"},{"date" => "2003-11-19T11:54:09","version" => "2.3"},{"date" => "2003-11-23T00:52:20","version" => "2.4"},{"date" => "2003-11-26T12:32:09","version" => "3.0"},{"date" => "2003-11-30T07:47:28","version" => "v4.0.0"},{"date" => "2003-11-30T16:19:28","version" => "3.1-alpha1"},{"date" => "2003-12-01T13:27:50","version" => "4.0.2"},{"date" => "2003-12-03T11:20:55","version" => "v4.0.3"},{"date" => "2003-12-04T07:54:40","version" => "v4.0.4"},{"date" => "2003-12-06T09:23:46","version" => "v4.0.5"},{"date" => "2003-12-11T11:30:14","version" => "v4.0.6"},{"date" => "2003-12-13T09:30:39","version" => "v4.0.7"},{"date" => "2003-12-19T07:30:18","version" => "v4.0.8"},{"date" => "2003-12-24T10:37:28","version" => "v4.0.9"},{"date" => "2003-12-25T08:13:32","version" => "v4.1.0"},{"date" => "2003-12-28T00:09:30","version" => "v4.2.0"},{"date" => "2004-01-24T08:43:05","version" => "v4.2.1"},{"date" => "2004-02-01T08:52:29","version" => "v4.2.2"},{"date" => "2004-02-07T10:45:32","version" => "v4.3.0"},{"date" => "2004-03-04T10:41:51","version" => "v4.3.1"},{"date" => "2004-04-28T11:30:19","version" => "4.3.2"},{"date" => "2004-05-05T07:56:21","version" => "4.3.3"},{"date" => "2004-05-14T12:08:55","version" => "5.00"},{"date" => "2004-05-21T20:20:18","version" => "5.01"},{"date" => "2004-07-29T10:13:58","version" => "5.02"},{"date" => "2004-07-31T07:34:46","version" => "5.03"},{"date" => "2004-08-06T09:44:08","version" => "5.10"},{"date" => "2004-08-15T12:25:38","version" => "5.20"},{"date" => "2004-08-23T12:35:36","version" => "5.21"},{"date" => "2004-09-08T08:01:56","version" => "5.22"},{"date" => "2004-09-10T06:51:39","version" => "5.23"},{"date" => "2004-09-12T11:33:41","version" => "5.24"},{"date" => "2004-09-13T02:27:16","version" => "5.25"},{"date" => "2004-10-10T09:13:00","version" => "5.26"},{"date" => "2004-10-24T11:25:48","version" => "5.27"},{"date" => "2004-11-17T09:23:50","version" => "5.28"},{"date" => "2005-08-15T09:20:59","version" => "5.29"},{"date" => "2005-08-21T00:35:30","version" => "5.30"},{"date" => "2005-09-05T08:36:39","version" => "5.31"},{"date" => "2005-12-02T10:13:07","version" => "5.32"},{"date" => "2006-02-03T02:22:56","version" => "5.34"},{"date" => "2006-05-08T01:10:50","version" => "5.35"},{"date" => "2006-05-08T11:19:00","version" => "5.36"},{"date" => "2006-05-15T11:31:17","version" => "5.37"},{"date" => "2006-05-25T10:10:52","version" => "5.38"},{"date" => "2006-05-28T10:49:11","version" => "5.39"},{"date" => "2006-06-02T21:45:07","version" => "5.40"},{"date" => "2006-06-03T09:31:44","version" => "5.41"},{"date" => "2006-07-24T11:22:26","version" => "5.42"},{"date" => "2006-08-05T10:13:57","version" => "5.43"},{"date" => "2006-10-14T07:59:30","version" => "5.44"},{"date" => "2007-06-26T10:20:05","version" => "5.45"},{"date" => "2008-04-09T12:40:29","version" => "5.46"},{"date" => "2008-04-30T11:17:26","version" => "5.47"},{"date" => "2010-01-05T02:07:18","version" => "5.48"},{"date" => "2010-12-12T14:44:43","version" => "5.49"},{"date" => "2010-12-14T13:46:10","version" => "5.50"},{"date" => "2011-03-03T13:19:38","version" => "5.60"},{"date" => "2011-03-09T12:56:01","version" => "5.61"},{"date" => "2011-05-14T11:11:34","version" => "5.62"},{"date" => "2011-11-08T13:27:54","version" => "5.63"},{"date" => "2011-12-14T10:18:37","version" => "5.70"},{"date" => "2012-02-29T11:11:59","version" => "5.71"},{"date" => "2012-09-25T01:14:59","version" => "5.72"},{"date" => "2012-10-31T11:42:32","version" => "5.73"},{"date" => "2012-11-24T11:40:47","version" => "5.74"},{"date" => "2012-12-10T21:21:06","version" => "5.80"},{"date" => "2013-01-14T14:32:22","version" => "5.81"},{"date" => "2013-01-24T12:06:14","version" => "5.82"},{"date" => "2013-03-04T16:22:03","version" => "5.83"},{"date" => "2013-03-10T00:42:51","version" => "5.84"},{"date" => "2013-06-26T11:11:56","version" => "5.85"},{"date" => "2014-01-30T15:40:50","version" => "5.86"},{"date" => "2014-02-18T01:26:20","version" => "5.87"},{"date" => "2014-03-17T16:05:33","version" => "5.88"},{"date" => "2014-04-19T13:09:10","version" => "5.89"},{"date" => "2014-05-07T15:54:15","version" => "5.90"},{"date" => "2014-05-16T17:36:12","version" => "5.91"},{"date" => "2014-06-01T07:25:04","version" => "5.92"},{"date" => "2014-10-26T13:15:37","version" => "5.93"},{"date" => "2015-01-10T09:49:55","version" => "5.94"},{"date" => "2015-01-10T20:24:40","version" => "5.95"},{"date" => "2016-07-28T11:11:53","version" => "5.96"},{"date" => "2017-09-06T09:38:45","version" => "5.97"},{"date" => "2017-10-04T08:38:13","version" => "5.98"},{"date" => "2017-12-09T06:04:13","version" => "6.00"},{"date" => "2017-12-25T07:41:55","version" => "6.01"},{"date" => "2018-04-20T23:47:19","version" => "6.02"},{"date" => "2022-08-08T18:56:41","version" => "6.03"},{"date" => "2023-02-25T19:06:34","version" => "6.04"},{"date" => "2013-08-12T00:00:00","dual_lived" => 1,"perl_release" => "5.018001","version" => "5.84_01"},{"date" => "2014-10-01T00:00:00","dual_lived" => 1,"perl_release" => "5.018003","version" => "5.84_02"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "5.95_01"}]},"Dpkg" => {"advisories" => [{"affected_versions" => ["<1.21.8"],"cves" => ["CVE-2022-1664"],"description" => "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.\n","distribution" => "Dpkg","fixed_versions" => [">=1.21.8"],"id" => "CPANSA-Dpkg-2022-1664","references" => ["https://lists.debian.org/debian-security-announce/2022/msg00115.html","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b","https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5","https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"],"reported" => "2022-05-26","severity" => "critical"},{"affected_versions" => ["<1.18.24"],"cves" => ["CVE-2017-8283"],"description" => "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.24"],"id" => "CPANSA-Dpkg-2017-8283","references" => ["http://www.openwall.com/lists/oss-security/2017/04/20/2","http://www.securityfocus.com/bid/98064"],"reported" => "2017-04-26","severity" => "critical"},{"affected_versions" => ["<1.18.11"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.11"],"id" => "CPANSA-Dpkg-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => ["<1.18.4"],"cves" => ["CVE-2015-0860"],"description" => "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow.\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.4"],"id" => "CPANSA-Dpkg-2015-0860","references" => ["http://www.ubuntu.com/usn/USN-2820-1","http://www.debian.org/security/2015/dsa-3407","https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324","https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d","https://security.gentoo.org/glsa/201612-07"],"reported" => "2015-12-03","severity" => undef},{"affected_versions" => ["<1.18.0"],"cves" => ["CVE-2015-0840"],"description" => "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).\n","distribution" => "Dpkg","fixed_versions" => [">=1.18.0"],"id" => "CPANSA-Dpkg-2015-0840","references" => ["http://www.ubuntu.com/usn/USN-2566-1","http://www.debian.org/security/2015/dsa-3217","http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html"],"reported" => "2015-04-13","severity" => undef},{"affected_versions" => ["<1.17.22"],"cves" => ["CVE-2014-8625"],"description" => "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.22"],"id" => "CPANSA-Dpkg-2014-8625","references" => ["http://seclists.org/oss-sec/2014/q4/539","https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135","http://seclists.org/oss-sec/2014/q4/622","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485","http://seclists.org/oss-sec/2014/q4/551","http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/98551"],"reported" => "2015-01-20","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3127"],"description" => "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3127","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306","http://www.securityfocus.com/bid/67181","http://seclists.org/oss-sec/2014/q2/227","http://seclists.org/oss-sec/2014/q2/191","http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"],"reported" => "2014-05-14","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3864"],"description" => "Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3864","references" => ["http://openwall.com/lists/oss-security/2014/05/25/2","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498","http://www.securityfocus.com/bid/67725","http://www.ubuntu.com/usn/USN-2242-1","http://www.debian.org/security/2014/dsa-2953"],"reported" => "2014-05-30","severity" => undef},{"affected_versions" => ["<1.17.10"],"cves" => ["CVE-2014-3865"],"description" => "Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.10"],"id" => "CPANSA-Dpkg-2014-3865","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749183","http://openwall.com/lists/oss-security/2014/05/25/2","http://www.securityfocus.com/bid/67727","http://www.ubuntu.com/usn/USN-2242-1","http://www.debian.org/security/2014/dsa-2953"],"reported" => "2014-05-30","severity" => undef},{"affected_versions" => ["<1.17.9"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.9"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.17.9"],"cves" => ["CVE-2014-3127"],"description" => "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.9"],"id" => "CPANSA-Dpkg-2014-3127","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306","http://www.securityfocus.com/bid/67181","http://seclists.org/oss-sec/2014/q2/227","http://seclists.org/oss-sec/2014/q2/191","http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"],"reported" => "2014-05-14","severity" => undef},{"affected_versions" => ["<1.17.8"],"cves" => ["CVE-2014-0471"],"description" => "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"\n","distribution" => "Dpkg","fixed_versions" => [">=1.17.8"],"id" => "CPANSA-Dpkg-2014-0471","references" => ["http://www.debian.org/security/2014/dsa-2915","http://www.ubuntu.com/usn/USN-2183-1","http://www.securityfocus.com/bid/67106"],"reported" => "2014-04-30","severity" => undef},{"affected_versions" => ["<1.15.8.8"],"cves" => ["CVE-2010-1679"],"description" => "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.8.8"],"id" => "CPANSA-Dpkg-2010-1679","references" => ["http://www.vupen.com/english/advisories/2011/0044","http://secunia.com/advisories/42831","http://secunia.com/advisories/42826","http://www.ubuntu.com/usn/USN-1038-1","http://www.debian.org/security/2011/dsa-2142","http://www.vupen.com/english/advisories/2011/0040","http://osvdb.org/70368","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html","http://secunia.com/advisories/43054","http://www.securityfocus.com/bid/45703","http://www.vupen.com/english/advisories/2011/0196","https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"],"reported" => "2011-01-11","severity" => undef},{"affected_versions" => ["<1.15.6"],"cves" => ["CVE-2010-0396"],"description" => "Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.6"],"id" => "CPANSA-Dpkg-2010-0396","references" => ["http://www.debian.org/security/2010/dsa-2011","http://www.vupen.com/english/advisories/2010/0582","http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz","https://exchange.xforce.ibmcloud.com/vulnerabilities/56887"],"reported" => "2010-03-15","severity" => undef},{"affected_versions" => ["==1.9.21"],"cves" => ["CVE-2004-2768"],"description" => "dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.\n","distribution" => "Dpkg","fixed_versions" => [">=1.9.22"],"id" => "CPANSA-Dpkg-2004-2768","references" => ["http://www.hackinglinuxexposed.com/articles/20031214.html","http://lists.jammed.com/ISN/2003/12/0056.html","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692","https://bugzilla.redhat.com/show_bug.cgi?id=598775","https://exchange.xforce.ibmcloud.com/vulnerabilities/59428"],"reported" => "2010-06-08","severity" => undef},{"affected_versions" => ["<1.15.10"],"cves" => ["CVE-2011-0402"],"description" => "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.\n","distribution" => "Dpkg","fixed_versions" => [">=1.15.10"],"id" => "CPANSA-Dpkg-2011-0402","references" => ["http://www.ubuntu.com/usn/USN-1038-1","http://secunia.com/advisories/42831","http://www.debian.org/security/2011/dsa-2142","http://secunia.com/advisories/42826","http://www.vupen.com/english/advisories/2011/0040","http://www.vupen.com/english/advisories/2011/0044","http://osvdb.org/70367","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html","http://www.vupen.com/english/advisories/2011/0196","http://www.securityfocus.com/bid/45703","http://secunia.com/advisories/43054","https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"],"reported" => "2011-01-11","severity" => undef}],"main_module" => "Dpkg","versions" => [{"date" => "2018-09-26T18:53:52","version" => "v1.19.1"},{"date" => "2018-10-08T10:54:58","version" => "v1.19.2"},{"date" => "2019-01-22T18:41:25","version" => "v1.19.3"},{"date" => "2019-02-23T17:40:31","version" => "v1.19.5"},{"date" => "2019-03-25T14:54:21","version" => "v1.19.6"},{"date" => "2019-06-03T21:51:58","version" => "v1.19.7"},{"date" => "2020-03-08T03:05:24","version" => "v1.20.0"},{"date" => "2020-06-27T01:26:33","version" => "v1.20.1"},{"date" => "2020-06-27T23:35:03","version" => "v1.20.2"},{"date" => "2020-06-29T11:02:10","version" => "v1.20.3"},{"date" => "2020-07-07T06:22:23","version" => "v1.20.4"},{"date" => "2020-07-08T03:55:55","version" => "v1.20.5"},{"date" => "2021-01-08T04:23:50","version" => "v1.20.6"},{"date" => "2021-01-09T00:19:44","version" => "v1.20.7"},{"date" => "2021-04-13T21:44:34","version" => "v1.20.8"},{"date" => "2021-04-13T23:33:15","version" => "v1.20.9"},{"date" => "2021-12-05T18:08:48","version" => "v1.21.0"},{"date" => "2021-12-06T20:23:10","version" => "v1.21.1"},{"date" => "2022-03-13T20:07:04","version" => "v1.21.2"},{"date" => "2022-03-24T20:19:38","version" => "v1.21.3"},{"date" => "2022-03-26T12:56:21","version" => "v1.21.4"},{"date" => "2022-03-29T01:07:10","version" => "v1.21.5"},{"date" => "2022-05-25T15:21:07","version" => "v1.21.8"},{"date" => "2022-07-01T09:48:45","version" => "v1.21.9"},{"date" => "2022-12-01T12:08:26","version" => "v1.21.10"},{"date" => "2022-12-02T23:34:17","version" => "v1.21.11"},{"date" => "2022-12-19T01:27:49","version" => "v1.21.13"},{"date" => "2023-01-01T23:04:24","version" => "v1.21.14"},{"date" => "2023-01-25T22:18:51","version" => "v1.21.19"},{"date" => "2023-05-16T22:34:01","version" => "v1.21.22"},{"date" => "2023-08-30T10:44:22","version" => "v1.22.0"},{"date" => "2023-10-30T03:47:45","version" => "v1.22.1"},{"date" => "2023-12-18T03:09:08","version" => "v1.22.2"},{"date" => "2024-01-24T12:39:35","version" => "v1.22.4"},{"date" => "2024-02-27T03:56:46","version" => "v1.22.5"},{"date" => "2024-03-10T21:52:57","version" => "v1.22.6"},{"date" => "2024-07-16T23:58:08","version" => "v1.22.7"},{"date" => "2024-07-21T18:44:31","version" => "v1.22.8"},{"date" => "2024-08-01T11:07:53","version" => "v1.22.11"},{"date" => "2025-01-02T03:22:30","version" => "v1.22.12"},{"date" => "2025-01-03T11:09:37","version" => "v1.22.13"},{"date" => "2025-03-07T02:57:57","version" => "v1.22.16"},{"date" => "2025-03-09T18:23:59","version" => "v1.22.18"},{"date" => "2025-05-18T22:53:57","version" => "v1.22.19"},{"date" => "2025-06-04T23:18:14","version" => "v1.22.20"},{"date" => "2025-07-02T00:09:01","version" => "v1.22.21"},{"date" => "2025-12-16T22:55:42","version" => "v1.23.0"},{"date" => "2025-12-17T12:41:12","version" => "v1.23.1"},{"date" => "2026-01-18T17:58:28","version" => "v1.23.4"}]},"EV-Hiredis" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.04"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "EV-Hiredis","fixed_versions" => [],"id" => "CPANSA-EV-Hiredis-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"}],"main_module" => "EV::Hiredis","versions" => [{"date" => "2013-01-09T10:22:05","version" => "0.01"},{"date" => "2013-03-13T06:16:24","version" => "0.02"},{"date" => "2014-09-18T09:39:46","version" => "0.03"},{"date" => "2017-04-23T10:09:14","version" => "0.04"},{"date" => "2022-09-11T04:29:22","version" => "0.05"},{"date" => "2023-04-25T22:39:52","version" => "0.06"},{"date" => "2023-05-03T14:14:01","version" => "0.07"}]},"EasyTCP" => {"advisories" => [{"affected_versions" => ["<0.15"],"cves" => ["CVE-2002-20002"],"description" => "The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.\n","distribution" => "EasyTCP","fixed_versions" => [">=0.15"],"id" => "CPANSA-EasyTCP-2002-20002","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/184","https://metacpan.org/release/MNAGUIB/EasyTCP-0.15/view/EasyTCP.pm","https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"],"reported" => "2025-01-02","severity" => "moderate"},{"affected_versions" => [">=0.15"],"cves" => ["CVE-2024-56830"],"description" => "The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.\n","distribution" => "EasyTCP","fixed_versions" => [],"id" => "CPANSA-EasyTCP-2024-56830","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/184","https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"],"reported" => "2025-01-02","severity" => "moderate"}],"main_module" => "Net::EasyTCP","versions" => [{"date" => "2002-01-03T20:21:16","version" => "0.01"},{"date" => "2002-01-10T23:58:29","version" => "0.02"},{"date" => "2002-01-12T22:23:25","version" => "0.03"},{"date" => "2002-01-14T20:13:58","version" => "0.04"},{"date" => "2002-01-16T16:30:59","version" => "0.05"},{"date" => "2002-01-18T04:48:03","version" => "0.06"},{"date" => "2002-01-21T20:26:09","version" => "0.07"},{"date" => "2002-01-22T21:08:52","version" => "0.08"},{"date" => "2002-01-31T16:33:35","version" => "0.09"},{"date" => "2002-02-01T02:09:00","version" => "0.10"},{"date" => "2002-02-05T20:35:47","version" => "0.11"},{"date" => "2002-02-22T19:51:44","version" => "0.12"},{"date" => "2002-03-22T20:47:32","version" => "0.13"},{"date" => "2002-09-07T05:21:49","version" => "0.14"},{"date" => "2002-09-25T03:02:37","version" => "0.15"},{"date" => "2002-09-30T20:20:38","version" => "0.16"},{"date" => "2002-11-11T19:38:16","version" => "0.17"},{"date" => "2003-02-26T22:15:03","version" => "0.18"},{"date" => "2003-03-02T05:47:04","version" => "0.19"},{"date" => "2003-05-14T19:40:01","version" => "0.20"},{"date" => "2003-05-14T20:22:30","version" => "0.21"},{"date" => "2003-05-15T13:10:31","version" => "0.22"},{"date" => "2003-05-24T13:19:56","version" => "0.23"},{"date" => "2003-07-15T01:11:20","version" => "0.24"},{"date" => "2003-08-07T12:19:25","version" => "0.25"},{"date" => "2004-04-06T02:50:22","version" => "0.26"}]},"Elive" => {"advisories" => [{"affected_versions" => ["<1.20"],"cves" => [],"description" => "Elive::DAO->set() did not die on tainted data.\n","distribution" => "Elive","fixed_versions" => [">=1.20"],"id" => "CPANSA-Elive-2011-01","references" => ["https://metacpan.org/dist/Elive/changes"],"reported" => "2011-10-15","severity" => undef}],"main_module" => "Elive","versions" => [{"date" => "2009-03-17T06:37:43","version" => "0.01"},{"date" => "2009-04-13T23:51:59","version" => "0.02"},{"date" => "2009-04-14T20:26:27","version" => "0.03"},{"date" => "2009-04-15T22:30:08","version" => "0.04"},{"date" => "2009-04-17T07:27:23","version" => "0.05"},{"date" => "2009-04-17T22:04:55","version" => "0.06"},{"date" => "2009-04-22T00:14:13","version" => "0.07"},{"date" => "2009-04-22T03:10:13","version" => "0.08"},{"date" => "2009-04-24T22:26:35","version" => "0.09"},{"date" => "2009-04-28T07:30:45","version" => "0.10"},{"date" => "2009-04-29T21:49:12","version" => "0.11"},{"date" => "2009-05-01T23:15:47","version" => "0.12"},{"date" => "2009-05-04T22:19:09","version" => "0.13"},{"date" => "2009-05-05T20:09:18","version" => "0.14"},{"date" => "2009-05-08T22:04:14","version" => "0.15"},{"date" => "2009-05-11T20:38:56","version" => "0.16"},{"date" => "2009-05-13T21:31:52","version" => "0.17"},{"date" => "2009-05-15T03:47:36","version" => "0.18"},{"date" => "2009-05-18T21:43:03","version" => "0.19"},{"date" => "2009-05-24T00:13:36","version" => "0.20"},{"date" => "2009-05-24T20:48:19","version" => "0.21"},{"date" => "2009-05-27T22:05:37","version" => "0.22"},{"date" => "2009-05-29T05:09:57","version" => "0.23"},{"date" => "2009-06-03T04:48:43","version" => "0.24"},{"date" => "2009-06-03T22:18:02","version" => "0.25"},{"date" => "2009-06-12T22:36:31","version" => "0.26"},{"date" => "2009-06-19T21:34:40","version" => "0.27"},{"date" => "2009-06-22T03:47:43","version" => "0.28"},{"date" => "2009-06-24T04:14:37","version" => "0.29"},{"date" => "2009-06-26T23:24:47","version" => "0.30"},{"date" => "2009-07-03T06:18:23","version" => "0.31"},{"date" => "2009-07-17T22:56:55","version" => "0.32"},{"date" => "2009-07-22T03:22:18","version" => "0.33"},{"date" => "2009-07-28T06:46:45","version" => "0.34"},{"date" => "2009-08-02T22:36:31","version" => "0.35"},{"date" => "2009-08-03T22:44:25","version" => "0.36"},{"date" => "2009-08-05T21:02:32","version" => "0.37"},{"date" => "2009-08-21T08:29:37","version" => "0.38"},{"date" => "2009-08-31T02:24:45","version" => "0.39"},{"date" => "2009-09-10T01:20:54","version" => "0.40"},{"date" => "2009-09-11T21:34:13","version" => "0.41"},{"date" => "2009-10-08T00:53:22","version" => "0.42"},{"date" => "2009-10-20T23:09:46","version" => "0.43"},{"date" => "2009-10-22T00:05:22","version" => "0.44"},{"date" => "2009-10-26T04:15:36","version" => "0.45"},{"date" => "2009-10-28T08:27:27","version" => "0.46"},{"date" => "2009-10-28T21:26:06","version" => "0.47"},{"date" => "2009-10-29T00:00:43","version" => "0.48"},{"date" => "2009-11-02T21:37:24","version" => "0.48_01"},{"date" => "2009-11-06T20:36:30","version" => "0.49"},{"date" => "2009-11-09T21:34:02","version" => "0.50"},{"date" => "2009-11-16T00:26:26","version" => "0.51"},{"date" => "2009-11-30T20:38:39","version" => "0.52"},{"date" => "2009-12-14T23:14:43","version" => "0.53"},{"date" => "2009-12-18T00:24:06","version" => "0.53_1"},{"date" => "2009-12-18T22:36:34","version" => "0.54"},{"date" => "2009-12-20T20:02:22","version" => "0.55"},{"date" => "2010-01-04T06:35:00","version" => "0.56"},{"date" => "2010-01-04T21:18:52","version" => "0.57"},{"date" => "2010-01-14T00:08:40","version" => "0.58"},{"date" => "2010-01-21T22:46:27","version" => "0.59"},{"date" => "2010-01-24T21:24:09","version" => "0.60"},{"date" => "2010-01-26T22:38:54","version" => "0.61"},{"date" => "2010-02-15T23:06:41","version" => "0.62"},{"date" => "2010-03-06T22:34:53","version" => "0.63"},{"date" => "2010-03-11T22:45:28","version" => "0.64"},{"date" => "2010-05-17T00:40:50","version" => "0.65"},{"date" => "2010-05-21T23:54:39","version" => "0.66"},{"date" => "2010-05-27T22:12:29","version" => "0.67"},{"date" => "2010-06-02T07:33:50","version" => "0.68"},{"date" => "2010-06-11T00:12:21","version" => "0.69"},{"date" => "2010-06-22T05:13:22","version" => "0.70"},{"date" => "2010-06-22T22:20:27","version" => "0.71"},{"date" => "2010-08-13T01:10:30","version" => "0.72"},{"date" => "2010-09-03T03:48:51","version" => "0.73"},{"date" => "2010-10-14T20:54:08","version" => "0.74_2"},{"date" => "2010-10-18T01:49:41","version" => "0.74"},{"date" => "2010-10-27T23:52:59","version" => "0.75"},{"date" => "2010-11-09T23:46:08","version" => "0.76"},{"date" => "2010-12-08T21:27:13","version" => "0.77"},{"date" => "2010-12-08T23:17:00","version" => "0.78"},{"date" => "2011-01-20T02:01:43","version" => "0.79"},{"date" => "2011-01-27T19:56:34","version" => "0.80"},{"date" => "2011-02-03T03:17:09","version" => "0.81"},{"date" => "2011-02-10T00:02:08","version" => "0.82"},{"date" => "2011-03-10T05:19:08","version" => "0.83"},{"date" => "2011-03-11T01:11:39","version" => "0.84"},{"date" => "2011-03-14T00:55:18","version" => "0.85"},{"date" => "2011-03-14T21:15:08","version" => "0.86"},{"date" => "2011-04-11T00:59:22","version" => "0.87"},{"date" => "2011-04-11T19:19:42","version" => "0.87.1"},{"date" => "2011-04-15T02:12:50","version" => "0.87.2"},{"date" => "2011-04-27T02:43:51","version" => "0.88"},{"date" => "2011-05-20T00:15:55","version" => "0.89"},{"date" => "2011-06-08T23:34:06","version" => "0.90"},{"date" => "2011-06-14T23:35:27","version" => "0.91"},{"date" => "2011-06-28T07:09:46","version" => "0.95"},{"date" => "2011-06-29T21:42:38","version" => "0.96"},{"date" => "2011-07-05T06:35:18","version" => "0.97"},{"date" => "2011-07-08T00:35:18","version" => "0.98"},{"date" => "2011-07-14T03:25:12","version" => "0.99"},{"date" => "2011-07-19T00:14:00","version" => "1.00"},{"date" => "2011-07-20T01:14:39","version" => "1.01"},{"date" => "2011-07-21T05:49:47","version" => "1.02"},{"date" => "2011-07-23T23:23:35","version" => "1.03"},{"date" => "2011-07-29T00:14:06","version" => "1.04"},{"date" => "2011-08-01T02:20:53","version" => "1.05"},{"date" => "2011-08-05T21:36:24","version" => "1.06"},{"date" => "2011-08-07T01:43:31","version" => "1.07"},{"date" => "2011-08-09T00:51:44","version" => "1.08"},{"date" => "2011-08-10T05:13:13","version" => "1.09"},{"date" => "2011-08-10T21:06:42","version" => "1.10"},{"date" => "2011-08-11T22:27:24","version" => "1.11"},{"date" => "2011-08-15T00:58:40","version" => "1.12"},{"date" => "2011-08-19T00:21:11","version" => "1.13"},{"date" => "2011-08-20T22:44:01","version" => "1.14"},{"date" => "2011-08-23T21:43:48","version" => "1.15"},{"date" => "2011-08-26T22:25:28","version" => "1.16"},{"date" => "2011-09-08T22:32:49","version" => "1.17"},{"date" => "2011-09-16T00:00:34","version" => "1.18"},{"date" => "2011-09-28T07:09:24","version" => "1.19"},{"date" => "2011-11-15T01:28:33","version" => "1.20"},{"date" => "2011-12-03T01:49:03","version" => "1.21"},{"date" => "2012-01-05T04:04:10","version" => "1.22"},{"date" => "2012-01-25T20:01:01","version" => "1.23"},{"date" => "2012-02-28T01:03:16","version" => "1.24"},{"date" => "2012-04-18T04:53:06","version" => "1.25"},{"date" => "2012-05-04T04:11:34","version" => "1.26"},{"date" => "2012-07-13T21:59:27","version" => "1.27"},{"date" => "2012-10-12T02:45:37","version" => "1.28"},{"date" => "2012-10-26T21:16:49","version" => "1.29"},{"date" => "2013-01-04T01:33:50","version" => "1.30"},{"date" => "2013-03-28T02:39:54","version" => "1.31"},{"date" => "2014-02-28T16:40:50","version" => "1.32"},{"date" => "2015-01-21T21:14:50","version" => "1.33"},{"date" => "2015-04-03T22:38:32","version" => "1.34"},{"date" => "2015-06-29T02:59:33","version" => "1.35"},{"date" => "2015-12-03T20:48:05","version" => "1.36"},{"date" => "2015-12-04T02:58:35","version" => "1.37"}]},"Email-Address" => {"advisories" => [{"affected_versions" => ["<1.905"],"cves" => ["CVE-2014-0477"],"description" => "Inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.\n","distribution" => "Email-Address","fixed_versions" => [">=1.905"],"id" => "CPANSA-Email-Address-2014-01","references" => ["https://metacpan.org/changes/distribution/Email-Address"],"reported" => "2014-07-03"},{"affected_versions" => ["<1.909"],"cves" => ["CVE-2018-12558"],"description" => "The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters (\"\\f\").\n","distribution" => "Email-Address","fixed_versions" => [">=1.909"],"id" => "CPANSA-Email-Address-2014-01","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873","http://www.openwall.com/lists/oss-security/2018/06/19/3","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00012.html"],"reported" => "2018-06-19"},{"affected_versions" => ["<1.904"],"cves" => ["CVE-2014-4720"],"description" => "Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to \"backtracking into the phrase,\" a different vulnerability than CVE-2014-0477.\n","distribution" => "Email-Address","fixed_versions" => [">=1.904"],"id" => "CPANSA-Email-Address-2014-4720","references" => ["https://github.com/rjbs/Email-Address/blob/master/Changes","http://seclists.org/oss-sec/2014/q2/563"],"reported" => "2014-07-06","severity" => undef}],"main_module" => "Email::Address","versions" => [{"date" => "2004-05-27T03:19:56","version" => "1.1"},{"date" => "2004-06-02T16:35:30","version" => "1.2"},{"date" => "2004-08-16T21:39:58","version" => "1.3"},{"date" => "2004-10-05T18:10:42","version" => "1.5"},{"date" => "2004-10-05T18:20:42","version" => "1.6"},{"date" => "2004-10-13T10:21:17","version" => "1.7"},{"date" => "2004-10-22T16:37:27","version" => "1.80"},{"date" => "2006-07-11T15:04:28","version" => "1.85"},{"date" => "2006-07-22T00:42:17","version" => "1.86"},{"date" => "2006-08-10T16:48:44","version" => "1.870"},{"date" => "2006-10-12T19:35:04","version" => "1.861"},{"date" => "2006-10-12T22:16:28","version" => "1.871"},{"date" => "2006-11-11T16:01:38","version" => "1.880"},{"date" => "2006-11-19T21:19:02","version" => "1.881"},{"date" => "2006-11-22T01:26:44","version" => "1.882"},{"date" => "2006-11-25T13:53:46","version" => "1.883"},{"date" => "2006-12-05T03:41:39","version" => "1.884"},{"date" => "2007-03-01T01:08:16","version" => "1.885"},{"date" => "2007-03-01T20:18:53","version" => "1.886"},{"date" => "2007-04-01T19:15:49","version" => "1.887"},{"date" => "2007-06-23T01:27:24","version" => "1.888"},{"date" => "2007-12-19T22:14:37","version" => "1.889"},{"date" => "2010-08-22T19:03:33","version" => "1.890"},{"date" => "2010-08-31T00:56:53","version" => "1.891"},{"date" => "2010-09-03T23:45:13","version" => "1.892"},{"date" => "2012-01-03T03:55:12","version" => "1.893"},{"date" => "2012-01-14T16:17:56","version" => "1.894"},{"date" => "2012-01-15T18:41:33","version" => "1.895"},{"date" => "2012-08-01T03:07:33","version" => "1.896"},{"date" => "2012-12-17T15:16:33","version" => "1.897"},{"date" => "2013-02-07T21:41:48","version" => "1.898"},{"date" => "2013-08-02T14:54:13","version" => "1.899"},{"date" => "2013-08-08T18:46:07","version" => "1.900"},{"date" => "2014-01-29T03:43:28","version" => "1.901"},{"date" => "2014-04-17T15:19:31","version" => "1.902"},{"date" => "2014-04-18T01:07:10","version" => "1.903"},{"date" => "2014-06-14T04:22:22","version" => "1.904"},{"date" => "2014-06-18T02:55:59","version" => "1.905"},{"date" => "2015-02-03T21:49:39","version" => "1.906"},{"date" => "2015-02-03T22:48:46","version" => "1.907"},{"date" => "2015-09-20T02:55:12","version" => "1.908"},{"date" => "2018-03-05T03:26:56","version" => "1.909"},{"date" => "2018-12-18T02:29:23","version" => "1.910"},{"date" => "2018-12-22T16:31:37","version" => "1.911"},{"date" => "2018-12-31T19:51:36","version" => "1.912"},{"date" => "2023-01-10T00:42:33","version" => "1.913"}]},"Email-MIME" => {"advisories" => [{"affected_versions" => ["<1.954"],"cves" => ["CVE-2024-4140"],"description" => "An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.\n","distribution" => "Email-MIME","fixed_versions" => [">=1.954"],"id" => "CPANSA-Email-MIME-2024-4140","references" => ["https://bugs.debian.org/960062","https://github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2","https://github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8","https://github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531","https://github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2d","https://github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1","https://github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63","https://github.com/rjbs/Email-MIME/issues/66","https://github.com/rjbs/Email-MIME/pull/80","https://www.cve.org/CVERecord?id=CVE-2024-4140"],"reported" => "2024-05-02","severity" => undef}],"main_module" => "Email::MIME","versions" => [{"date" => "2004-01-23T12:04:54","version" => "1.0_01"},{"date" => "2004-03-24T16:01:33","version" => "1.1"},{"date" => "2004-04-02T08:52:35","version" => "1.2"},{"date" => "2004-04-05T16:27:42","version" => "1.3"},{"date" => "2004-07-01T17:38:00","version" => "1.4"},{"date" => "2004-07-01T17:40:06","version" => "1.5"},{"date" => "2004-07-04T20:17:06","version" => "1.6"},{"date" => "2004-07-05T21:56:19","version" => "1.7"},{"date" => "2004-08-25T09:58:28","version" => "1.8"},{"date" => "2004-10-30T00:19:03","version" => "1.81"},{"date" => "2004-11-18T01:02:46","version" => "1.82"},{"date" => "2006-07-13T12:09:00","version" => "1.85"},{"date" => "2006-08-22T12:15:01","version" => "1.851"},{"date" => "2006-09-06T03:22:24","version" => "1.852"},{"date" => "2006-10-12T19:23:59","version" => "1.853"},{"date" => "2006-10-15T12:57:06","version" => "1.854"},{"date" => "2006-10-19T19:26:56","version" => "1.855"},{"date" => "2006-11-28T01:54:55","version" => "1.856"},{"date" => "2006-11-28T02:45:42","version" => "1.857"},{"date" => "2007-02-10T03:53:13","version" => "1.858"},{"date" => "2007-03-21T02:13:51","version" => "1.859"},{"date" => "2007-07-14T02:17:11","version" => "1.860"},{"date" => "2007-11-06T02:03:23","version" => "1.861"},{"date" => "2008-09-08T22:24:06","version" => "1.861_01"},{"date" => "2009-01-24T03:09:24","version" => "1.862"},{"date" => "2009-01-30T13:35:20","version" => "1.863"},{"date" => "2009-11-03T20:49:02","version" => "1.900"},{"date" => "2009-11-05T19:29:16","version" => "1.901"},{"date" => "2009-11-11T20:53:15","version" => "1.902"},{"date" => "2009-12-23T14:14:45","version" => "1.903"},{"date" => "2010-09-04T22:05:49","version" => "1.904"},{"date" => "2010-09-06T13:25:51","version" => "1.905"},{"date" => "2010-10-08T01:06:33","version" => "1.906"},{"date" => "2011-02-02T22:52:42","version" => "1.907"},{"date" => "2011-06-02T03:16:50","version" => "1.908"},{"date" => "2011-09-08T19:27:38","version" => "1.909"},{"date" => "2011-09-12T16:45:52","version" => "1.910"},{"date" => "2012-07-22T23:12:42","version" => "1.911"},{"date" => "2013-04-08T19:42:09","version" => "1.912_01"},{"date" => "2013-06-17T15:24:37","version" => "1.920"},{"date" => "2013-07-02T02:51:36","version" => "1.921"},{"date" => "2013-07-10T12:45:29","version" => "1.922"},{"date" => "2013-08-09T02:00:30","version" => "1.923"},{"date" => "2013-08-11T03:25:40","version" => "1.924"},{"date" => "2013-11-08T12:02:21","version" => "1.925"},{"date" => "2014-01-29T04:29:29","version" => "1.926"},{"date" => "2014-12-04T15:22:49","version" => "1.927"},{"date" => "2014-12-16T02:49:06","version" => "1.928"},{"date" => "2015-02-17T14:32:33","version" => "1.929"},{"date" => "2015-03-26T03:00:09","version" => "1.930"},{"date" => "2015-07-12T21:32:56","version" => "1.931"},{"date" => "2015-07-25T02:25:32","version" => "1.932"},{"date" => "2015-07-25T13:33:07","version" => "1.933"},{"date" => "2015-08-02T00:35:40","version" => "1.934"},{"date" => "2015-08-31T20:49:57","version" => "1.935"},{"date" => "2015-09-11T02:48:33","version" => "1.936"},{"date" => "2016-01-28T18:33:58","version" => "1.937"},{"date" => "2017-01-02T01:04:29","version" => "1.938"},{"date" => "2017-01-14T19:59:46","version" => "1.939"},{"date" => "2017-01-29T15:34:49","version" => "1.940"},{"date" => "2017-03-05T00:18:30","version" => "1.941"},{"date" => "2017-03-05T13:16:39","version" => "1.942"},{"date" => "2017-06-09T23:01:41","version" => "1.943"},{"date" => "2017-07-25T16:40:42","version" => "1.944"},{"date" => "2017-07-25T18:18:48","version" => "1.945"},{"date" => "2017-08-31T13:31:14","version" => "1.946"},{"date" => "2020-05-09T18:30:39","version" => "1.947"},{"date" => "2020-05-09T19:06:22","version" => "1.948"},{"date" => "2020-05-24T14:27:02","version" => "1.949"},{"date" => "2020-11-03T00:22:52","version" => "1.950"},{"date" => "2021-12-14T14:43:29","version" => "1.951"},{"date" => "2021-12-14T14:58:13","version" => "1.952"},{"date" => "2023-01-09T00:03:49","version" => "1.953"},{"date" => "2024-05-02T21:13:55","version" => "1.954"}]},"Encode" => {"advisories" => [{"affected_versions" => ["<2.85"],"cves" => ["CVE-2016-1238"],"description" => "Loading optional modules from . (current directory).\n","distribution" => "Encode","fixed_versions" => [">=2.85"],"id" => "CPANSA-Encode-2016-01","references" => ["https://metacpan.org/changes/distribution/Encode","https://github.com/dankogai/p5-encode/pull/58/commits/12be15d64ce089154c4367dc1842cd0dc0993ec6"],"reported" => "2016-07-27","severity" => "high"},{"affected_versions" => [">=3.05","<=3.11"],"cves" => ["CVE-2021-36770"],"description" => "Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates \@INC in a scalar context, and thus \@INC has only an integer value.\n","distribution" => "Encode","fixed_versions" => [">3.11"],"id" => "CPANSA-Encode-2021-01","references" => ["https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9","https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74","https://metacpan.org/dist/Encode/changes","https://news.cpanel.com/unscheduled-tsr-10-august-2021/","https://security.netapp.com/advisory/ntap-20210909-0003/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/","https://security-tracker.debian.org/tracker/CVE-2021-36770"],"reported" => "2021-07-17"},{"affected_versions" => ["<2.44"],"cves" => ["CVE-2011-2939"],"description" => "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.\n","distribution" => "Encode","fixed_versions" => [">=2.44"],"id" => "CPANSA-Encode-2011-2939","references" => ["http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5","https://bugzilla.redhat.com/show_bug.cgi?id=731246","http://www.openwall.com/lists/oss-security/2011/08/19/17","http://www.redhat.com/support/errata/RHSA-2011-1424.html","http://www.openwall.com/lists/oss-security/2011/08/18/8","http://secunia.com/advisories/46989","http://www.mandriva.com/security/advisories?name=MDVSA-2012:008","http://secunia.com/advisories/51457","http://www.ubuntu.com/usn/USN-1643-1","http://www.securityfocus.com/bid/49858","http://secunia.com/advisories/46172","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://secunia.com/advisories/55314","http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)"],"reported" => "2012-01-13","severity" => undef,"x-commit" => "Encode CVE-2011-2939 GitHub #13"}],"main_module" => "Encode","versions" => [{"date" => "2002-03-20T08:30:40","version" => "0.93"},{"date" => "2002-03-20T20:15:52","version" => "0.94"},{"date" => "2002-03-21T16:07:21","version" => "0.95"},{"date" => "2002-03-22T22:33:15","version" => "0.96"},{"date" => "2002-03-23T20:36:05","version" => "0.97"},{"date" => "2002-03-24T16:07:09","version" => "0.98"},{"date" => "2002-03-25T19:45:16","version" => "0.99"},{"date" => "2002-03-28T23:39:49","version" => "1.00"},{"date" => "2002-03-29T21:43:17","version" => "1.01"},{"date" => "2002-03-31T21:40:25","version" => "1.10"},{"date" => "2002-03-31T22:27:07","version" => "1.11"},{"date" => "2002-04-04T20:02:40","version" => "1.20"},{"date" => "2002-04-07T15:36:48","version" => "1.26"},{"date" => "2002-04-07T18:49:41","version" => "1.27"},{"date" => "2002-04-07T19:05:34","version" => "1.28"},{"date" => "2002-04-08T02:49:31","version" => "1.30"},{"date" => "2002-04-08T18:51:14","version" => "1.31"},{"date" => "2002-04-09T20:26:37","version" => "1.32"},{"date" => "2002-04-10T22:44:19","version" => "1.33"},{"date" => "2002-04-14T22:49:10","version" => "1.40"},{"date" => "2002-04-16T23:47:16","version" => "1.41"},{"date" => "2002-04-19T06:18:26","version" => "1.50"},{"date" => "2002-04-20T10:08:39","version" => "1.51"},{"date" => "2002-04-20T23:55:45","version" => "1.52"},{"date" => "2002-04-22T09:56:04","version" => "1.56"},{"date" => "2002-04-22T20:37:12","version" => "1.57"},{"date" => "2002-04-23T00:22:06","version" => "1.58"},{"date" => "2002-04-24T20:23:42","version" => "1.60"},{"date" => "2002-04-26T03:19:40","version" => "1.61"},{"date" => "2002-04-27T11:43:39","version" => "1.62"},{"date" => "2002-04-27T19:52:51","version" => "1.63"},{"date" => "2002-04-29T07:20:38","version" => "1.64"},{"date" => "2002-04-30T16:40:07","version" => "1.65"},{"date" => "2002-05-01T05:51:35","version" => "1.66"},{"date" => "2002-05-02T07:43:35","version" => "1.67"},{"date" => "2002-05-03T12:29:47","version" => "1.68"},{"date" => "2002-05-04T16:50:40","version" => "1.69"},{"date" => "2002-05-06T10:36:39","version" => "1.70"},{"date" => "2002-05-07T16:30:42","version" => "1.71"},{"date" => "2002-05-20T16:04:48","version" => "1.72"},{"date" => "2002-05-28T18:41:36","version" => "1.74"},{"date" => "2002-06-01T18:17:49","version" => "1.75"},{"date" => "2002-08-25T15:18:49","version" => "1.76"},{"date" => "2002-10-06T03:59:19","version" => "1.77"},{"date" => "2002-10-20T15:55:16","version" => "1.78"},{"date" => "2002-10-21T06:11:36","version" => "1.79"},{"date" => "2002-10-21T20:42:56","version" => "1.80"},{"date" => "2002-11-08T18:42:11","version" => "1.81"},{"date" => "2002-11-14T23:17:11","version" => "1.82"},{"date" => "2002-11-18T18:06:47","version" => "1.83"},{"date" => "2003-01-10T12:09:05","version" => "1.84"},{"date" => "2003-01-21T22:23:28","version" => "1.85"},{"date" => "2003-01-22T03:36:42","version" => "1.86"},{"date" => "2003-02-06T02:01:00","version" => "1.87"},{"date" => "2003-02-20T14:46:12","version" => "1.88"},{"date" => "2003-02-28T01:45:53","version" => "1.89"},{"date" => "2003-03-09T17:54:26","version" => "1.90"},{"date" => "2003-03-09T20:12:08","version" => "1.91"},{"date" => "2003-03-31T03:51:31","version" => "1.92"},{"date" => "2003-04-24T17:50:54","version" => "1.93"},{"date" => "2003-05-10T18:31:48","version" => "1.94"},{"date" => "2003-05-21T09:22:43","version" => "1.95"},{"date" => "2003-06-18T09:41:21","version" => "1.96"},{"date" => "2003-07-08T22:01:28","version" => "1.97"},{"date" => "2003-08-25T11:47:32","version" => "1.98"},{"date" => "2003-12-29T02:52:28","version" => "1.99"},{"date" => "2004-05-16T21:05:06","version" => "2.00"},{"date" => "2004-05-25T16:31:35","version" => "2.01"},{"date" => "2004-08-31T11:01:51","version" => "2.02"},{"date" => "2004-10-06T06:50:47","version" => "2.03"},{"date" => "2004-10-16T21:26:58","version" => "2.04"},{"date" => "2004-10-19T05:03:32","version" => "2.05"},{"date" => "2004-10-22T06:29:14","version" => "2.06"},{"date" => "2004-10-22T19:43:19","version" => "2.07"},{"date" => "2004-10-24T13:04:29","version" => "2.08"},{"date" => "2004-12-03T19:21:42","version" => "2.09"},{"date" => "2005-05-16T18:54:53","version" => "2.10"},{"date" => "2005-08-05T11:26:06","version" => "2.11"},{"date" => "2005-09-08T14:23:38","version" => "2.12"},{"date" => "2006-01-15T15:12:01","version" => "2.13"},{"date" => "2006-01-15T15:57:41","version" => "2.14"},{"date" => "2006-04-06T16:01:30","version" => "2.15"},{"date" => "2006-05-03T18:38:44","version" => "2.16"},{"date" => "2006-05-09T17:14:04","version" => "2.17"},{"date" => "2006-06-03T20:34:08","version" => "2.18"},{"date" => "2007-04-06T13:05:52","version" => "2.19"},{"date" => "2007-04-22T15:17:34","version" => "2.20"},{"date" => "2007-05-12T06:50:09","version" => "2.21"},{"date" => "2007-05-29T07:43:07","version" => "2.22"},{"date" => "2007-05-29T18:21:25","version" => "2.23"},{"date" => "2008-03-12T10:12:18","version" => "2.24"},{"date" => "2008-05-07T21:06:08","version" => "2.25"},{"date" => "2008-07-01T21:03:33","version" => "2.26"},{"date" => "2009-01-21T23:01:50","version" => "2.27"},{"date" => "2009-02-01T13:16:44","version" => "2.29"},{"date" => "2009-02-15T17:48:01","version" => "2.30"},{"date" => "2009-02-16T06:25:32","version" => "2.31"},{"date" => "2009-03-07T07:45:00","version" => "2.32"},{"date" => "2009-03-25T08:01:10","version" => "2.33"},{"date" => "2009-07-08T13:53:25","version" => "2.34"},{"date" => "2009-07-13T02:32:45","version" => "2.35"},{"date" => "2009-09-06T09:20:21","version" => "2.36"},{"date" => "2009-09-06T14:37:23","version" => "2.37"},{"date" => "2009-11-16T14:34:43","version" => "2.38"},{"date" => "2009-11-26T09:31:02","version" => "2.39"},{"date" => "2010-09-18T18:47:17","version" => "2.40"},{"date" => "2010-12-23T11:12:33","version" => "2.41"},{"date" => "2010-12-31T22:52:35","version" => "2.42"},{"date" => "2011-05-21T23:21:24","version" => "2.43"},{"date" => "2011-08-09T08:01:30","version" => "2.44"},{"date" => "2012-08-05T23:15:11","version" => "2.45"},{"date" => "2012-08-12T05:52:45","version" => "2.46"},{"date" => "2012-08-15T05:40:21","version" => "2.47"},{"date" => "2013-02-18T02:43:35","version" => "2.48"},{"date" => "2013-03-05T03:19:15","version" => "2.49"},{"date" => "2013-04-26T18:36:59","version" => "2.50"},{"date" => "2013-04-29T22:21:31","version" => "2.51"},{"date" => "2013-08-14T02:33:46","version" => "2.52"},{"date" => "2013-08-29T15:27:02","version" => "2.53"},{"date" => "2013-08-29T16:50:08","version" => "2.54"},{"date" => "2013-09-14T07:58:54","version" => "2.55"},{"date" => "2013-12-22T04:12:07","version" => "2.56"},{"date" => "2014-01-03T04:55:36","version" => "2.57"},{"date" => "2014-03-28T02:41:54","version" => "2.58"},{"date" => "2014-04-06T17:41:19","version" => "2.59"},{"date" => "2014-04-29T16:34:10","version" => "2.60"},{"date" => "2014-05-31T09:55:56","version" => "2.61"},{"date" => "2014-05-31T12:20:28","version" => "2.62"},{"date" => "2014-10-19T07:13:44","version" => "2.63"},{"date" => "2014-10-29T15:42:04","version" => "2.64"},{"date" => "2014-11-27T14:12:57","version" => "2.65"},{"date" => "2014-12-02T23:37:28","version" => "2.66"},{"date" => "2014-12-04T20:28:33","version" => "2.67"},{"date" => "2015-01-22T10:29:46","version" => "2.68"},{"date" => "2015-02-05T10:43:34","version" => "2.69"},{"date" => "2015-02-05T10:56:52","version" => "2.70"},{"date" => "2015-03-12T00:14:19","version" => "2.71"},{"date" => "2015-03-14T02:51:25","version" => "2.72"},{"date" => "2015-04-15T23:27:13","version" => "2.73"},{"date" => "2015-06-25T00:59:20","version" => "2.74"},{"date" => "2015-06-30T10:10:03","version" => "2.75"},{"date" => "2015-07-31T02:26:51","version" => "2.76"},{"date" => "2015-09-15T14:03:35","version" => "2.77"},{"date" => "2015-09-24T02:29:52","version" => "2.78"},{"date" => "2016-01-22T07:08:25","version" => "2.79"},{"date" => "2016-01-25T15:04:42","version" => "2.80"},{"date" => "2016-02-06T19:34:58","version" => "2.81"},{"date" => "2016-02-06T20:21:37","version" => "2.82"},{"date" => "2016-03-24T08:00:30","version" => "2.83"},{"date" => "2016-04-11T07:24:26","version" => "2.84"},{"date" => "2016-08-04T03:37:23","version" => "2.85"},{"date" => "2016-08-10T18:25:39","version" => "2.86"},{"date" => "2016-10-28T05:15:33","version" => "2.87"},{"date" => "2016-11-29T23:38:19","version" => "2.88"},{"date" => "2017-04-21T05:24:59","version" => "2.89"},{"date" => "2017-06-10T17:46:11","version" => "2.90"},{"date" => "2017-06-22T08:18:22","version" => "2.91"},{"date" => "2017-07-18T07:23:39","version" => "2.92"},{"date" => "2017-10-06T22:33:35","version" => "2.93"},{"date" => "2018-01-09T06:04:38","version" => "2.94"},{"date" => "2018-02-08T00:41:02","version" => "2.95"},{"date" => "2018-02-11T05:41:37","version" => "2.96"},{"date" => "2018-02-21T12:30:05","version" => "2.97"},{"date" => "2018-04-22T09:14:59","version" => "2.98"},{"date" => "2019-01-21T03:28:35","version" => "2.99"},{"date" => "2019-01-31T04:42:29","version" => "2.100"},{"date" => "2019-01-31T05:05:06","version" => "3.00"},{"date" => "2019-03-13T00:45:28","version" => "3.01"},{"date" => "2019-12-25T09:47:36","version" => "3.02"},{"date" => "2020-03-02T04:45:26","version" => "3.03"},{"date" => "2020-03-10T22:40:35","version" => "3.04"},{"date" => "2020-03-18T05:03:23","version" => "3.05"},{"date" => "2020-05-02T02:40:38","version" => "3.06"},{"date" => "2020-07-25T13:08:13","version" => "3.07"},{"date" => "2020-12-02T09:20:23","version" => "3.08"},{"date" => "2021-05-14T11:03:11","version" => "3.09"},{"date" => "2021-05-18T07:51:48","version" => "3.10"},{"date" => "2021-07-23T02:41:38","version" => "3.11"},{"date" => "2021-08-09T14:30:33","version" => "3.12"},{"date" => "2021-10-06T00:57:50","version" => "3.13"},{"date" => "2021-10-08T00:35:29","version" => "3.14"},{"date" => "2021-10-08T15:45:44","version" => "3.15"},{"date" => "2021-10-13T08:39:09","version" => "3.16"},{"date" => "2022-04-07T03:18:23","version" => "3.17"},{"date" => "2022-06-25T02:14:35","version" => "3.18"},{"date" => "2022-08-04T04:51:01","version" => "3.19"},{"date" => "2023-11-10T01:26:15","version" => "3.20"},{"date" => "2024-02-25T23:19:43","version" => "3.21"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "0.40"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.9801"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "1.99_01"},{"date" => "2006-08-15T00:00:00","dual_lived" => 1,"perl_release" => "5.009004","version" => "2.18_01"},{"date" => "2012-11-10T00:00:00","dual_lived" => 1,"perl_release" => "5.012005","version" => "2.39_01"},{"date" => "2011-09-26T00:00:00","dual_lived" => 1,"perl_release" => "5.014002","version" => "2.42_01"},{"date" => "2013-03-10T00:00:00","dual_lived" => 1,"perl_release" => "5.014004","version" => "2.42_02"},{"date" => "2013-03-11T00:00:00","dual_lived" => 1,"perl_release" => "5.016003","version" => "2.44_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.72_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "2.80_01"},{"date" => "2022-03-13T00:00:00","dual_lived" => 1,"perl_release" => "5.034001","version" => "3.08_01"}]},"ExtUtils-MakeMaker" => {"advisories" => [{"affected_versions" => ["<7.22"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "ExtUtils-MakeMaker","fixed_versions" => [">=7.22"],"id" => "CPANSA-ExtUtils-MakeMaker-2016-01","references" => ["https://metacpan.org/changes/distribution/ExtUtils-MakeMaker","https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/commit/3e9df17d11c40f2561c23ec79693c8c390e0ae88"],"reported" => "2016-08-07","severity" => "high"}],"main_module" => "ExtUtils::MakeMaker","versions" => [{"date" => "2001-07-06T08:23:56","version" => "5.47_01"},{"date" => "2002-01-16T20:19:18","version" => "5.48_01"},{"date" => "2002-01-18T04:56:33","version" => "5.48_03"},{"date" => "2002-01-22T00:33:31","version" => "5.48_04"},{"date" => "2002-02-04T08:46:04","version" => "5.49_01"},{"date" => "2002-03-05T04:53:40","version" => "5.50_01"},{"date" => "2002-03-25T07:53:14","version" => "5.51_01"},{"date" => "2002-03-26T05:56:07","version" => "5.52_01"},{"date" => "2002-03-31T03:55:52","version" => "5.54_01"},{"date" => "2002-04-05T05:01:52","version" => "5.55_01"},{"date" => "2002-04-06T08:29:20","version" => "5.55_02"},{"date" => "2002-04-07T03:04:18","version" => "5.55_03"},{"date" => "2002-04-11T05:32:04","version" => "5.90_01"},{"date" => "2002-04-24T04:21:44","version" => "5.91_01"},{"date" => "2002-04-30T03:43:53","version" => "5.92_01"},{"date" => "2002-05-06T06:02:08","version" => "5.93_01"},{"date" => "2002-05-17T19:04:41","version" => "5.94_01"},{"date" => "2002-05-17T21:24:13","version" => "5.94_02"},{"date" => "2002-05-18T18:43:02","version" => "5.95_01"},{"date" => "2002-05-23T21:01:02","version" => "5.96_01"},{"date" => "2002-05-26T01:25:25","version" => "6.00"},{"date" => "2002-05-30T19:02:20","version" => "6.01"},{"date" => "2002-06-16T05:41:28","version" => "6.02"},{"date" => "2002-06-19T21:24:32","version" => "6.03"},{"date" => "2002-08-27T01:42:36","version" => "6.04"},{"date" => "2002-08-27T23:24:30","version" => "6.05"},{"date" => "2002-12-19T08:42:01","version" => "6.06_01"},{"date" => "2002-12-24T04:54:53","version" => "6.06_02"},{"date" => "2003-03-30T03:49:59","version" => "6.06_03"},{"date" => "2003-03-31T04:37:55","version" => "6.06_04"},{"date" => "2003-03-31T10:50:00","version" => "6.06_05"},{"date" => "2003-04-07T02:46:10","version" => "6.10_01"},{"date" => "2003-04-07T08:33:23","version" => "6.10_02"},{"date" => "2003-04-11T07:27:36","version" => "6.10_03"},{"date" => "2003-05-23T09:05:27","version" => "6.10_04"},{"date" => "2003-06-07T01:32:29","version" => "6.10_05"},{"date" => "2003-06-07T08:00:14","version" => "6.10_06"},{"date" => "2003-07-05T23:40:34","version" => "6.10_07"},{"date" => "2003-07-22T01:23:46","version" => "6.10_08"},{"date" => "2003-07-28T04:00:19","version" => "6.11"},{"date" => "2003-07-30T05:28:47","version" => "6.12"},{"date" => "2003-07-31T23:51:40","version" => "6.13"},{"date" => "2003-08-03T23:27:51","version" => "6.14"},{"date" => "2003-08-03T23:46:11","version" => "6.15"},{"date" => "2003-08-18T08:43:08","version" => "6.16"},{"date" => "2003-09-15T22:23:01","version" => "6.17"},{"date" => "2003-11-04T04:12:53","version" => "6.18"},{"date" => "2003-11-04T07:03:30","version" => "6.19"},{"date" => "2003-11-06T10:37:47","version" => "6.20"},{"date" => "2003-11-11T08:26:17","version" => "6.21"},{"date" => "2004-04-03T21:33:45","version" => "6.21_03"},{"date" => "2004-11-24T04:06:20","version" => "6.22"},{"date" => "2004-11-26T21:15:45","version" => "6.23"},{"date" => "2004-11-30T20:42:14","version" => "6.24"},{"date" => "2004-12-09T06:00:53","version" => "6.24_01"},{"date" => "2004-12-15T12:05:50","version" => "6.25"},{"date" => "2004-12-18T02:34:56","version" => "6.25_01"},{"date" => "2004-12-20T08:36:56","version" => "6.25_02"},{"date" => "2004-12-21T04:17:27","version" => "6.25_03"},{"date" => "2004-12-21T05:58:10","version" => "6.25_04"},{"date" => "2004-12-22T13:05:53","version" => "6.25_05"},{"date" => "2004-12-26T22:26:26","version" => "6.25_06"},{"date" => "2004-12-31T08:53:31","version" => "6.25_07"},{"date" => "2005-02-08T14:21:17","version" => "6.25_08"},{"date" => "2005-03-12T18:29:26","version" => "6.25_09"},{"date" => "2005-03-14T00:17:26","version" => "6.25_10"},{"date" => "2005-03-15T10:05:07","version" => "6.25_11"},{"date" => "2005-03-19T00:19:47","version" => "6.25_12"},{"date" => "2005-03-22T22:50:34","version" => "6.26"},{"date" => "2005-03-29T05:48:40","version" => "6.26_01"},{"date" => "2005-04-04T23:55:46","version" => "6.27"},{"date" => "2005-04-12T23:23:53","version" => "6.28"},{"date" => "2005-05-19T21:22:00","version" => "6.29"},{"date" => "2005-05-20T23:14:45","version" => "6.30"},{"date" => "2005-08-17T06:59:11","version" => "6.30_01"},{"date" => "2006-09-01T19:07:28","version" => "6.30_02"},{"date" => "2006-09-01T21:06:57","version" => "6.30_03"},{"date" => "2006-09-11T20:20:27","version" => "6.30_04"},{"date" => "2006-10-10T01:04:44","version" => "6.31"},{"date" => "2007-02-21T16:02:09","version" => "6.32"},{"date" => "2007-06-29T22:18:15","version" => "6.33"},{"date" => "2007-06-30T16:10:15","version" => "6.34"},{"date" => "2007-07-02T03:56:25","version" => "6.35"},{"date" => "2007-07-03T08:10:57","version" => "6.36"},{"date" => "2007-11-26T01:10:14","version" => "6.37_01"},{"date" => "2007-11-26T07:35:50","version" => "6.37_02"},{"date" => "2007-11-26T22:18:55","version" => "6.37_03"},{"date" => "2007-11-29T00:04:35","version" => "6.38"},{"date" => "2007-12-06T11:08:15","version" => "6.40"},{"date" => "2007-12-08T01:02:26","version" => "6.42"},{"date" => "2008-01-02T00:09:23","version" => "6.43_01"},{"date" => "2008-02-29T00:08:42","version" => "6.44"},{"date" => "2008-09-06T10:22:44","version" => "6.45_01"},{"date" => "2008-09-07T21:18:05","version" => "6.45_02"},{"date" => "2008-09-27T21:37:54","version" => "6.46"},{"date" => "2008-10-14T16:41:49","version" => "6.47_01"},{"date" => "2008-10-16T23:18:52","version" => "6.47_02"},{"date" => "2008-10-20T18:20:40","version" => "6.48"},{"date" => "2009-02-20T01:11:08","version" => "6.49_01"},{"date" => "2009-03-22T19:30:00","version" => "6.50"},{"date" => "2009-04-10T21:33:29","version" => "6.51_01"},{"date" => "2009-04-14T04:22:58","version" => "6.51_02"},{"date" => "2009-05-24T05:41:35","version" => "6.51_03"},{"date" => "2009-05-24T21:07:28","version" => "6.51_04"},{"date" => "2009-05-30T18:41:35","version" => "6.52"},{"date" => "2009-06-08T02:05:24","version" => "6.53_01"},{"date" => "2009-06-08T02:28:24","version" => "6.53_02"},{"date" => "2009-07-02T21:55:25","version" => "6.53_03"},{"date" => "2009-07-07T23:53:09","version" => "6.54"},{"date" => "2009-07-14T23:02:39","version" => "6.55_01"},{"date" => "2009-08-05T07:40:59","version" => "6.55_02"},{"date" => "2009-12-05T07:09:23","version" => "6.55_03"},{"date" => "2009-12-17T22:06:47","version" => "6.56"},{"date" => "2010-08-24T08:38:36","version" => "6.57_01"},{"date" => "2010-09-07T23:43:49","version" => "6.57_02"},{"date" => "2010-09-08T22:33:36","version" => "6.57_03"},{"date" => "2010-09-09T23:52:37","version" => "6.57_04"},{"date" => "2010-09-11T20:25:23","version" => "6.57_05"},{"date" => "2010-10-06T10:53:43","version" => "6.57_06"},{"date" => "2011-03-25T03:41:39","version" => "6.57_07"},{"date" => "2011-03-27T11:00:41","version" => "6.57_08"},{"date" => "2011-03-28T00:15:59","version" => "6.57_09"},{"date" => "2011-04-04T05:33:46","version" => "6.57_10"},{"date" => "2011-05-20T00:34:23","version" => "6.57_11"},{"date" => "2011-07-06T21:22:27","version" => "6.58"},{"date" => "2011-08-03T20:25:34","version" => "6.58_01"},{"date" => "2011-08-05T13:07:58","version" => "6.59"},{"date" => "2011-09-25T05:23:43","version" => "6.61_01"},{"date" => "2011-10-23T23:48:06","version" => "6.62"},{"date" => "2011-10-24T00:40:49","version" => "6.63_01"},{"date" => "2011-11-02T00:07:43","version" => "6.63_02"},{"date" => "2012-11-02T03:58:40","version" => "6.63_03"},{"date" => "2012-11-22T21:25:35","version" => "6.63_04"},{"date" => "2012-12-17T02:35:20","version" => "6.64"},{"date" => "2013-03-18T23:21:28","version" => "6.65_01"},{"date" => "2013-04-14T09:59:15","version" => "6.65_02"},{"date" => "2013-04-15T12:50:31","version" => "6.65_03"},{"date" => "2013-04-19T17:52:08","version" => "6.66"},{"date" => "2013-04-25T20:08:31","version" => "6.67_01"},{"date" => "2013-06-02T17:31:16","version" => "6.67_02"},{"date" => "2013-06-05T21:09:00","version" => "6.67_03"},{"date" => "2013-06-10T19:25:22","version" => "6.67_04"},{"date" => "2013-06-13T20:55:25","version" => "6.67_05"},{"date" => "2013-06-14T22:35:24","version" => "6.68"},{"date" => "2013-06-20T12:00:00","version" => "6.69_01"},{"date" => "2013-07-02T12:16:23","version" => "6.69_02"},{"date" => "2013-07-09T21:47:07","version" => "6.69_03"},{"date" => "2013-07-10T10:50:08","version" => "6.69_04"},{"date" => "2013-07-11T21:20:53","version" => "6.69_05"},{"date" => "2013-07-12T13:51:50","version" => "6.69_06"},{"date" => "2013-07-16T14:34:32","version" => "6.69_07"},{"date" => "2013-07-16T23:40:44","version" => "6.69_08"},{"date" => "2013-07-21T08:26:44","version" => "6.69_09"},{"date" => "2013-07-23T21:42:47","version" => "6.70"},{"date" => "2013-07-24T08:33:58","version" => "6.71_01"},{"date" => "2013-07-24T17:42:20","version" => "6.72"},{"date" => "2013-07-24T22:53:41","version" => "6.73_01"},{"date" => "2013-07-26T12:34:19","version" => "6.73_02"},{"date" => "2013-07-30T21:12:02","version" => "6.73_03"},{"date" => "2013-08-01T21:41:12","version" => "6.73_04"},{"date" => "2013-08-05T16:45:38","version" => "6.73_05"},{"date" => "2013-08-05T23:52:18","version" => "6.73_06"},{"date" => "2013-08-07T15:09:12","version" => "6.73_07"},{"date" => "2013-08-09T18:52:24","version" => "6.73_08"},{"date" => "2013-08-09T19:00:18","version" => "6.73_09"},{"date" => "2013-08-16T15:43:35","version" => "6.73_10"},{"date" => "2013-08-17T21:57:55","version" => "6.73_11"},{"date" => "2013-08-23T09:52:43","version" => "6.73_12"},{"date" => "2013-08-27T11:45:55","version" => "6.74"},{"date" => "2013-08-29T14:09:22","version" => "6.75_01"},{"date" => "2013-09-01T20:52:29","version" => "6.75_02"},{"date" => "2013-09-02T23:26:56","version" => "6.75_03"},{"date" => "2013-09-05T11:10:20","version" => "6.75_04"},{"date" => "2013-09-06T12:40:59","version" => "6.76"},{"date" => "2013-09-10T14:22:45","version" => "6.77_01"},{"date" => "2013-09-12T20:23:49","version" => "6.77_02"},{"date" => "2013-09-16T11:23:59","version" => "6.77_03"},{"date" => "2013-09-18T18:25:33","version" => "6.77_04"},{"date" => "2013-09-19T13:12:32","version" => "6.77_05"},{"date" => "2013-09-19T14:43:24","version" => "6.77_06"},{"date" => "2013-09-21T08:48:44","version" => "6.77_07"},{"date" => "2013-09-22T17:46:50","version" => "6.77_08"},{"date" => "2013-09-23T12:47:39","version" => "6.78"},{"date" => "2013-10-01T14:01:33","version" => "6.79_01"},{"date" => "2013-10-11T12:01:23","version" => "6.79_02"},{"date" => "2013-10-11T13:00:29","version" => "6.79_03"},{"date" => "2013-10-11T17:59:30","version" => "6.79_04"},{"date" => "2013-10-15T15:08:06","version" => "6.80"},{"date" => "2013-10-16T08:04:29","version" => "6.81_01"},{"date" => "2013-10-17T11:24:19","version" => "6.81_02"},{"date" => "2013-10-24T19:54:34","version" => "6.81_03"},{"date" => "2013-11-01T19:56:13","version" => "6.81_04"},{"date" => "2013-11-02T21:44:06","version" => "6.81_05"},{"date" => "2013-11-04T19:24:38","version" => "6.82"},{"date" => "2013-11-05T11:45:54","version" => "6.83_01"},{"date" => "2013-11-12T11:15:21","version" => "6.83_02"},{"date" => "2013-11-15T09:49:39","version" => "6.83_03"},{"date" => "2013-11-17T11:44:01","version" => "6.83_04"},{"date" => "2013-11-25T22:52:46","version" => "6.83_05"},{"date" => "2013-11-29T21:55:40","version" => "6.83_06"},{"date" => "2013-11-30T15:27:01","version" => "6.84"},{"date" => "2013-12-16T13:18:35","version" => "6.85_01"},{"date" => "2013-12-17T10:17:50","version" => "6.85_02"},{"date" => "2013-12-23T14:59:36","version" => "6.85_03"},{"date" => "2013-12-23T15:02:38","version" => "6.85_04"},{"date" => "2013-12-29T11:28:14","version" => "6.85_05"},{"date" => "2013-12-30T23:18:09","version" => "6.85_06"},{"date" => "2014-01-01T19:00:36","version" => "6.85_07"},{"date" => "2014-01-04T12:21:05","version" => "6.86"},{"date" => "2014-01-12T10:34:38","version" => "6.87_01"},{"date" => "2014-01-18T13:30:15","version" => "6.87_02"},{"date" => "2014-01-19T17:53:19","version" => "6.87_03"},{"date" => "2014-01-26T19:33:34","version" => "6.87_04"},{"date" => "2014-01-28T14:00:44","version" => "6.87_05"},{"date" => "2014-01-31T20:59:13","version" => "6.88"},{"date" => "2014-02-17T16:23:55","version" => "6.89_01"},{"date" => "2014-02-20T20:49:24","version" => "6.90"},{"date" => "2014-03-06T13:52:24","version" => "6.91_01"},{"date" => "2014-03-13T16:34:37","version" => "6.92"},{"date" => "2014-03-24T16:57:01","version" => "6.93_01"},{"date" => "2014-03-25T20:38:21","version" => "6.94"},{"date" => "2014-04-02T20:52:53","version" => "6.95_01"},{"date" => "2014-04-07T14:29:26","version" => "6.95_02"},{"date" => "2014-04-11T21:09:21","version" => "6.96"},{"date" => "2014-04-24T13:29:12","version" => "6.97_01"},{"date" => "2014-04-28T10:55:44","version" => "6.97_02"},{"date" => "2014-04-29T20:41:00","version" => "6.98"},{"date" => "2014-06-03T21:19:42","version" => "6.99_01"},{"date" => "2014-06-05T11:18:25","version" => "6.99_02"},{"date" => "2014-07-04T10:15:23","version" => "6.99_03"},{"date" => "2014-07-12T11:54:35","version" => "6.99_04"},{"date" => "2014-07-22T11:42:12","version" => "6.99_05"},{"date" => "2014-07-28T14:07:14","version" => "6.99_06"},{"date" => "2014-07-30T16:44:02","version" => "6.99_07"},{"date" => "2014-08-18T13:19:18","version" => "6.99_08"},{"date" => "2014-08-28T10:13:30","version" => "6.99_09"},{"date" => "2014-09-04T14:04:55","version" => "6.99_10"},{"date" => "2014-09-08T13:39:46","version" => "6.99_11"},{"date" => "2014-09-11T14:32:19","version" => "6.99_12"},{"date" => "2014-09-15T19:11:34","version" => "6.99_13"},{"date" => "2014-09-19T14:06:14","version" => "6.99_14"},{"date" => "2014-09-21T12:23:58","version" => "6.99_15"},{"date" => "2014-10-02T18:50:08","version" => "6.99_16"},{"date" => "2014-10-12T18:41:24","version" => "6.99_17"},{"date" => "2014-10-20T09:14:39","version" => "6.99_18"},{"date" => "2014-10-22T19:48:56","version" => "7.00"},{"date" => "2014-10-25T12:49:55","version" => "7.01_01"},{"date" => "2014-10-25T16:49:40","version" => "7.01_02"},{"date" => "2014-10-30T19:48:04","version" => "7.01_03"},{"date" => "2014-10-31T10:13:56","version" => "7.01_04"},{"date" => "2014-11-03T12:53:43","version" => "7.01_05"},{"date" => "2014-11-03T20:55:23","version" => "7.01_06"},{"date" => "2014-11-04T19:40:07","version" => "7.01_07"},{"date" => "2014-11-04T20:29:00","version" => "7.01_08"},{"date" => "2014-11-06T21:59:55","version" => "7.01_09"},{"date" => "2014-11-08T10:39:16","version" => "7.02"},{"date" => "2014-11-18T21:47:11","version" => "7.03_01"},{"date" => "2014-11-24T13:26:46","version" => "7.03_02"},{"date" => "2014-11-25T16:43:06","version" => "7.03_03"},{"date" => "2014-11-27T14:42:51","version" => "7.03_04"},{"date" => "2014-11-28T18:32:48","version" => "7.03_05"},{"date" => "2014-12-01T15:37:46","version" => "7.03_06"},{"date" => "2014-12-02T12:56:02","version" => "7.04"},{"date" => "2014-12-06T16:58:07","version" => "7.05_01"},{"date" => "2014-12-15T20:13:08","version" => "7.05_02"},{"date" => "2014-12-24T12:12:00","version" => "7.05_03"},{"date" => "2014-12-24T14:49:46","version" => "7.05_04"},{"date" => "2014-12-31T23:21:05","version" => "7.05_05"},{"date" => "2015-01-08T19:09:29","version" => "7.05_06"},{"date" => "2015-01-09T16:23:43","version" => "7.05_07"},{"date" => "2015-01-20T10:13:21","version" => "7.05_08"},{"date" => "2015-01-23T10:51:30","version" => "7.05_09"},{"date" => "2015-01-26T15:19:01","version" => "7.05_10"},{"date" => "2015-01-31T16:40:19","version" => "7.05_11"},{"date" => "2015-02-07T15:19:11","version" => "7.05_12"},{"date" => "2015-02-18T22:49:29","version" => "7.05_13"},{"date" => "2015-02-20T17:32:55","version" => "7.05_14"},{"date" => "2015-03-05T19:44:02","version" => "7.05_15"},{"date" => "2015-03-09T11:35:12","version" => "7.05_16"},{"date" => "2015-03-24T12:27:52","version" => "7.05_17"},{"date" => "2015-03-27T12:20:03","version" => "7.05_18"},{"date" => "2015-03-27T16:59:34","version" => "7.05_19"},{"date" => "2015-04-04T15:53:36","version" => "7.05_20"},{"date" => "2015-06-13T14:19:26","version" => "7.05_21"},{"date" => "2015-06-14T13:44:56","version" => "7.05_22"},{"date" => "2015-06-24T19:51:24","version" => "7.05_23"},{"date" => "2015-07-01T18:30:38","version" => "7.05_24"},{"date" => "2015-07-07T17:18:36","version" => "7.05_25"},{"date" => "2015-08-04T19:41:25","version" => "7.05_26"},{"date" => "2015-08-05T09:35:40","version" => "7.05_27"},{"date" => "2015-08-19T18:10:20","version" => "7.05_28"},{"date" => "2015-08-24T15:26:22","version" => "7.05_29"},{"date" => "2015-08-31T18:06:48","version" => "7.06"},{"date" => "2015-09-02T11:55:33","version" => "7.07_01"},{"date" => "2015-09-08T19:59:05","version" => "7.08"},{"date" => "2015-09-10T18:55:41","version" => "7.10"},{"date" => "2015-11-12T12:35:03","version" => "7.11_01"},{"date" => "2015-11-21T20:23:22","version" => "7.11_02"},{"date" => "2015-11-25T15:40:06","version" => "7.11_03"},{"date" => "2016-02-15T11:40:55","version" => "7.11_04"},{"date" => "2016-03-19T10:07:11","version" => "7.11_05"},{"date" => "2016-03-29T18:44:47","version" => "7.11_06"},{"date" => "2016-04-19T11:41:10","version" => "7.12"},{"date" => "2016-04-23T16:35:56","version" => "7.13_01"},{"date" => "2016-04-24T13:20:40","version" => "7.14"},{"date" => "2016-04-27T18:27:25","version" => "7.15_01"},{"date" => "2016-04-28T12:15:28","version" => "7.15_02"},{"date" => "2016-05-01T13:29:10","version" => "7.15_03"},{"date" => "2016-05-07T10:28:49","version" => "7.16"},{"date" => "2016-05-09T19:14:54","version" => "7.17_01"},{"date" => "2016-05-09T23:07:33","version" => "7.17_02"},{"date" => "2016-05-11T18:22:21","version" => "7.17_03"},{"date" => "2016-05-23T15:39:08","version" => "7.18"},{"date" => "2016-06-02T14:01:28","version" => "7.19_01"},{"date" => "2016-06-13T09:11:52","version" => "7.19_02"},{"date" => "2016-06-13T13:44:33","version" => "7.19_03"},{"date" => "2016-06-14T11:35:43","version" => "7.19_04"},{"date" => "2016-06-20T14:40:57","version" => "7.19_05"},{"date" => "2016-06-27T12:04:29","version" => "7.19_06"},{"date" => "2016-07-03T14:30:23","version" => "7.19_07"},{"date" => "2016-07-28T12:26:56","version" => "7.19_08"},{"date" => "2016-08-05T08:57:09","version" => "7.20"},{"date" => "2016-08-07T09:54:04","version" => "7.21_01"},{"date" => "2016-08-08T08:42:10","version" => "7.22"},{"date" => "2016-08-19T09:24:06","version" => "7.23_01"},{"date" => "2016-08-20T12:35:27","version" => "7.24"},{"date" => "2017-02-03T15:21:22","version" => "7.25_01"},{"date" => "2017-05-11T11:19:49","version" => "7.25_02"},{"date" => "2017-05-11T17:09:16","version" => "7.25_03"},{"date" => "2017-05-12T12:25:54","version" => "7.25_04"},{"date" => "2017-05-15T09:41:49","version" => "7.25_05"},{"date" => "2017-05-23T19:31:28","version" => "7.25_06"},{"date" => "2017-05-27T20:21:06","version" => "7.26"},{"date" => "2017-05-28T10:50:55","version" => "7.27_01"},{"date" => "2017-05-30T08:56:32","version" => "7.27_02"},{"date" => "2017-05-30T21:26:23","version" => "7.28"},{"date" => "2017-05-31T08:32:44","version" => "7.29_01"},{"date" => "2017-06-11T11:17:55","version" => "7.29_02"},{"date" => "2017-06-12T12:31:08","version" => "7.30"},{"date" => "2017-06-14T15:10:23","version" => "7.31_01"},{"date" => "2017-06-26T13:14:10","version" => "7.31_02"},{"date" => "2017-07-10T09:02:35","version" => "7.31_03"},{"date" => "2017-10-05T12:19:00","version" => "7.31_04"},{"date" => "2017-11-25T09:37:04","version" => "7.31_05"},{"date" => "2018-01-16T13:28:46","version" => "7.31_06"},{"date" => "2018-01-16T16:24:23","version" => "7.31_07"},{"date" => "2018-02-12T12:32:45","version" => "7.31_08"},{"date" => "2018-02-16T20:25:44","version" => "7.32"},{"date" => "2018-02-20T10:44:19","version" => "7.33_01"},{"date" => "2018-02-24T14:05:00","version" => "7.33_02"},{"date" => "2018-02-24T20:21:42","version" => "7.33_03"},{"date" => "2018-03-19T10:51:54","version" => "7.34"},{"date" => "2018-04-19T12:46:01","version" => "7.35_01"},{"date" => "2018-04-24T11:01:35","version" => "7.35_02"},{"date" => "2018-04-27T13:59:23","version" => "7.35_03"},{"date" => "2018-07-09T09:50:43","version" => "7.35_04"},{"date" => "2018-07-10T09:18:31","version" => "7.35_05"},{"date" => "2018-07-19T19:49:08","version" => "7.35_06"},{"date" => "2018-11-23T11:59:44","version" => "7.35_07"},{"date" => "2018-12-06T10:56:33","version" => "7.35_08"},{"date" => "2019-02-18T10:27:00","version" => "7.35_09"},{"date" => "2019-02-20T10:06:48","version" => "7.35_10"},{"date" => "2019-04-25T11:10:29","version" => "7.35_11"},{"date" => "2019-04-27T22:17:58","version" => "7.35_12"},{"date" => "2019-04-28T11:23:25","version" => "7.35_13"},{"date" => "2019-04-28T13:15:57","version" => "7.35_14"},{"date" => "2019-04-28T15:48:41","version" => "7.36"},{"date" => "2019-06-07T10:55:49","version" => "7.37_01"},{"date" => "2019-06-27T10:35:57","version" => "7.37_02"},{"date" => "2019-08-03T12:27:47","version" => "7.37_03"},{"date" => "2019-08-22T14:34:47","version" => "7.37_04"},{"date" => "2019-09-11T09:16:48","version" => "7.38"},{"date" => "2019-09-16T06:54:51","version" => "7.39_01"},{"date" => "2019-11-07T10:03:13","version" => "7.39_02"},{"date" => "2019-11-17T20:12:14","version" => "7.39_03"},{"date" => "2019-11-18T15:20:20","version" => "7.39_04"},{"date" => "2019-11-21T12:10:17","version" => "7.39_05"},{"date" => "2019-12-16T20:02:27","version" => "7.40"},{"date" => "2019-12-16T21:53:56","version" => "7.41_01"},{"date" => "2019-12-17T22:30:33","version" => "7.42"},{"date" => "2020-01-05T13:00:40","version" => "7.43_01"},{"date" => "2020-01-14T16:54:08","version" => "7.44"},{"date" => "2020-05-28T16:58:08","version" => "7.45_01"},{"date" => "2020-06-23T10:14:10","version" => "7.46"},{"date" => "2020-06-26T10:13:17","version" => "7.47_01"},{"date" => "2020-07-07T07:38:50","version" => "7.47_02"},{"date" => "2020-07-08T21:54:35","version" => "7.47_03"},{"date" => "2020-07-28T19:00:26","version" => "7.47_04"},{"date" => "2020-07-31T09:57:33","version" => "7.47_05"},{"date" => "2020-08-01T13:53:05","version" => "7.47_06"},{"date" => "2020-08-03T21:39:02","version" => "7.47_07"},{"date" => "2020-08-31T09:02:22","version" => "7.47_08"},{"date" => "2020-09-14T13:50:45","version" => "7.47_09"},{"date" => "2020-09-15T18:45:02","version" => "7.47_10"},{"date" => "2020-09-20T09:20:24","version" => "7.47_11"},{"date" => "2020-09-30T15:40:12","version" => "7.47_12"},{"date" => "2020-10-04T10:56:39","version" => "7.48"},{"date" => "2020-10-06T17:29:16","version" => "7.49_01"},{"date" => "2020-10-08T12:03:50","version" => "7.49_02"},{"date" => "2020-10-09T20:46:22","version" => "7.49_03"},{"date" => "2020-10-13T18:34:34","version" => "7.49_04"},{"date" => "2020-10-21T18:14:52","version" => "7.50"},{"date" => "2020-11-04T00:05:13","version" => "7.51_01"},{"date" => "2020-11-04T19:51:52","version" => "7.52"},{"date" => "2020-11-10T03:50:49","version" => "7.53_01"},{"date" => "2020-11-12T19:50:41","version" => "7.54"},{"date" => "2020-11-18T18:25:16","version" => "7.55_01"},{"date" => "2020-11-19T20:00:09","version" => "7.56"},{"date" => "2020-12-18T13:45:54","version" => "7.57_01"},{"date" => "2020-12-18T23:07:45","version" => "7.57_02"},{"date" => "2020-12-21T18:31:44","version" => "7.58"},{"date" => "2021-02-02T10:13:35","version" => "7.59_01"},{"date" => "2021-02-17T11:05:23","version" => "7.60"},{"date" => "2021-03-21T15:00:35","version" => "7.61_01"},{"date" => "2021-04-13T18:13:28","version" => "7.62"},{"date" => "2021-05-25T18:00:03","version" => "7.63_01"},{"date" => "2021-06-03T19:05:10","version" => "7.63_02"},{"date" => "2021-06-22T13:53:51","version" => "7.63_03"},{"date" => "2021-06-30T14:30:46","version" => "7.63_04"},{"date" => "2021-08-14T08:19:32","version" => "7.63_05"},{"date" => "2021-11-03T01:44:47","version" => "7.63_06"},{"date" => "2021-11-27T11:51:29","version" => "7.63_07"},{"date" => "2021-11-27T17:31:21","version" => "7.63_08"},{"date" => "2021-12-08T22:35:25","version" => "7.63_09"},{"date" => "2021-12-13T16:54:00","version" => "7.63_10"},{"date" => "2021-12-14T17:00:18","version" => "7.63_11"},{"date" => "2021-12-17T19:24:34","version" => "7.64"},{"date" => "2022-05-30T10:07:14","version" => "7.65_01"},{"date" => "2022-07-22T13:01:08","version" => "7.65_02"},{"date" => "2022-12-24T00:32:29","version" => "7.65_03"},{"date" => "2022-12-25T09:06:33","version" => "7.66"},{"date" => "2023-03-01T13:47:08","version" => "7.67_01"},{"date" => "2023-03-06T11:17:11","version" => "7.67_02"},{"date" => "2023-03-14T21:41:23","version" => "7.68"},{"date" => "2023-03-25T11:45:00","version" => "7.69_01"},{"date" => "2023-03-26T13:29:08","version" => "7.70"},{"date" => "2024-06-24T19:34:30","version" => "7.71_01"},{"date" => "2024-11-22T19:08:50","version" => "7.71_02"},{"date" => "2025-02-19T01:40:18","version" => "7.71_03"},{"date" => "2025-02-24T15:29:06","version" => "7.71_04"},{"date" => "2025-02-28T18:43:37","version" => "7.71_05"},{"date" => "2025-03-03T16:59:13","version" => "7.71_06"},{"date" => "2025-03-05T21:46:33","version" => "7.71_07"},{"date" => "2025-03-08T23:59:14","version" => "7.71_08"},{"date" => "2025-03-14T11:11:41","version" => "7.72"},{"date" => "2025-03-30T10:57:25","version" => "7.73_01"},{"date" => "2025-04-09T12:39:45","version" => "7.74"},{"date" => "2025-05-23T14:13:25","version" => "7.75_01"},{"date" => "2025-05-23T19:17:36","version" => "7.76"},{"date" => "2025-07-28T18:05:55","version" => "7.77_01"},{"date" => "2025-08-20T11:28:18","version" => "7.77_02"},{"date" => "2026-03-02T17:45:14","version" => "7.77_03"},{"date" => "2026-03-03T20:35:04","version" => "7.78"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "5.21"},{"date" => "1996-10-10T00:00:00","dual_lived" => 1,"perl_release" => "5.00307","version" => "5.38"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "5.4002"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "5.42"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "5.4301"},{"date" => "1999-03-28T00:00:00","dual_lived" => 1,"perl_release" => "5.00503","version" => "5.4302"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006","version" => "5.45"},{"date" => "2004-03-16T00:00:00","dual_lived" => 1,"perl_release" => "5.009001","version" => "6.21_02"},{"date" => "2010-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013","version" => "6.5601"},{"date" => "2015-06-01T00:00:00","dual_lived" => 1,"perl_release" => "5.022000","version" => "7.04_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "7.04_02"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "7.10_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "7.10_02"}]},"ExtUtils-ParseXS" => {"advisories" => [{"affected_versions" => ["<3.35"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.","distribution" => "ExtUtils-ParseXS","fixed_versions" => [">=3.35"],"id" => "CPANSA-ExtUtils-ParseXS-2016-1238","references" => ["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "ExtUtils::ParseXS","versions" => [{"date" => "2002-12-09T00:53:36","version" => "1.98_01"},{"date" => "2003-02-05T18:22:19","version" => "1.99"},{"date" => "2003-02-23T22:45:04","version" => "2.00"},{"date" => "2003-03-20T15:25:07","version" => "2.01"},{"date" => "2003-03-31T00:25:32","version" => "2.02"},{"date" => "2003-08-16T22:57:00","version" => "2.03"},{"date" => "2003-09-04T18:14:59","version" => "2.04"},{"date" => "2003-09-29T15:35:39","version" => "2.05"},{"date" => "2003-12-26T15:05:42","version" => "2.06"},{"date" => "2004-01-25T23:04:13","version" => "2.07"},{"date" => "2004-02-21T03:46:57","version" => "2.08"},{"date" => "2005-03-27T17:18:20","version" => "2.09"},{"date" => "2005-05-31T02:37:25","version" => "2.10"},{"date" => "2005-06-14T04:04:10","version" => "2.11"},{"date" => "2005-08-25T01:07:16","version" => "2.12"},{"date" => "2005-10-04T03:02:19","version" => "2.13"},{"date" => "2005-10-09T01:52:46","version" => "2.14"},{"date" => "2005-10-10T15:09:54","version" => "2.15"},{"date" => "2006-09-16T03:35:22","version" => "2.16"},{"date" => "2006-11-20T23:08:18","version" => "2.17"},{"date" => "2007-01-30T02:58:43","version" => "2.18"},{"date" => "2008-02-17T20:29:31","version" => "2.19"},{"date" => "2008-08-07T03:20:09","version" => "2.19_02"},{"date" => "2009-06-28T03:01:41","version" => "2.19_03"},{"date" => "2009-06-29T15:51:33","version" => "2.19_04"},{"date" => "2009-07-01T17:49:20","version" => "2.20"},{"date" => "2009-07-08T16:47:56","version" => "2.20_01"},{"date" => "2009-07-18T21:23:28","version" => "2.2002"},{"date" => "2009-07-24T03:16:46","version" => "2.20_03"},{"date" => "2009-08-10T15:44:42","version" => "2.20_04"},{"date" => "2009-08-23T01:50:17","version" => "2.20_05"},{"date" => "2009-09-15T02:36:48","version" => "2.200401"},{"date" => "2009-10-02T05:28:52","version" => "2.200402"},{"date" => "2009-10-02T06:06:00","version" => "2.200403"},{"date" => "2009-10-03T03:49:34","version" => "2.20_06"},{"date" => "2009-10-03T15:28:29","version" => "2.20_07"},{"date" => "2009-10-05T15:25:07","version" => "2.21"},{"date" => "2009-12-19T12:43:55","version" => "2.21_01"},{"date" => "2009-12-19T15:58:28","version" => "2.21_02"},{"date" => "2010-01-11T20:03:31","version" => "2.22"},{"date" => "2010-01-25T21:14:41","version" => "2.2201"},{"date" => "2010-01-27T20:07:51","version" => "2.2202"},{"date" => "2010-02-11T19:04:49","version" => "2.2203"},{"date" => "2010-03-10T19:27:43","version" => "2.2204"},{"date" => "2010-03-10T23:17:47","version" => "2.2205"},{"date" => "2010-07-04T19:53:47","version" => "2.2206"},{"date" => "2011-07-12T20:42:45","version" => "3.00_01"},{"date" => "2011-07-14T13:21:26","version" => "3.00_02"},{"date" => "2011-07-23T15:09:23","version" => "3.00_03"},{"date" => "2011-07-27T20:24:26","version" => "3.00_04"},{"date" => "2011-07-27T20:57:56","version" => "3.00_05"},{"date" => "2011-08-04T16:06:39","version" => "3.01"},{"date" => "2011-08-04T18:09:18","version" => "3.02"},{"date" => "2011-08-11T06:25:52","version" => "3.03"},{"date" => "2011-08-21T11:40:28","version" => "3.03_02"},{"date" => "2011-08-24T17:51:31","version" => "3.03_03"},{"date" => "2011-08-25T06:33:30","version" => "3.04"},{"date" => "2011-08-28T15:57:42","version" => "3.04_01"},{"date" => "2011-09-03T13:31:37","version" => "3.04_02"},{"date" => "2011-09-04T16:55:05","version" => "3.04_03"},{"date" => "2011-09-12T06:28:10","version" => "3.04_04"},{"date" => "2011-10-05T06:18:44","version" => "3.05"},{"date" => "2011-12-07T07:35:08","version" => "3.06"},{"date" => "2011-12-07T13:15:12","version" => "3.07"},{"date" => "2011-12-19T17:10:40","version" => "3.08"},{"date" => "2011-12-28T18:05:57","version" => "3.09"},{"date" => "2011-12-29T17:00:16","version" => "3.11"},{"date" => "2012-01-28T12:07:45","version" => "3.13_01"},{"date" => "2012-02-01T17:51:52","version" => "3.14"},{"date" => "2012-02-02T07:15:27","version" => "3.15"},{"date" => "2012-11-19T06:42:48","version" => "3.18"},{"date" => "2013-04-11T18:19:45","version" => "3.18_01"},{"date" => "2013-04-15T05:41:18","version" => "3.18_02"},{"date" => "2013-04-19T16:47:41","version" => "3.18_03"},{"date" => "2013-06-20T15:51:15","version" => "3.18_04"},{"date" => "2013-08-09T17:14:04","version" => "3.21"},{"date" => "2013-08-29T17:31:29","version" => "3.22"},{"date" => "2014-03-07T09:35:16","version" => "3.24"},{"date" => "2015-08-10T08:49:21","version" => "3.29_01"},{"date" => "2015-08-31T08:44:00","version" => "3.30"},{"date" => "2017-07-31T15:52:17","version" => "3.35"},{"date" => "2017-12-18T12:31:00","version" => "3.36_03"},{"date" => "2021-04-17T17:48:59","version" => "3.43_02"},{"date" => "2022-01-06T23:02:34","version" => "3.44"},{"date" => "2023-09-02T13:28:52","version" => "3.51"},{"date" => "2025-05-02T15:03:49","version" => "3.52"},{"date" => "2025-05-02T15:06:38","version" => "3.53"},{"date" => "2025-05-02T15:17:11","version" => "3.54"},{"date" => "2025-05-02T15:38:05","version" => "3.55"},{"date" => "2025-05-02T15:40:54","version" => "3.56"},{"date" => "2025-05-02T15:45:00","version" => "3.57"},{"date" => "2025-07-20T19:24:38","version" => "3.58"},{"date" => "2025-09-05T13:37:50","version" => "3.59"},{"date" => "2025-09-26T22:20:43","version" => "3.60"},{"date" => "2026-01-09T17:11:34","version" => "3.61"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "2.15_02"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.010000","version" => "2.18_02"},{"date" => "2010-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013004","version" => "2.2207"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "2.2208"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "2.2209"},{"date" => "2011-05-14T00:00:00","dual_lived" => 1,"perl_release" => "5.014","version" => "2.2210"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "3.03_01"},{"date" => "2012-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015007","version" => "3.12"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "3.16"},{"date" => "2012-05-26T00:00:00","dual_lived" => 1,"perl_release" => "5.017000","version" => "3.17"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "3.19"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "3.23"},{"date" => "2014-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021001","version" => "3.25"},{"date" => "2014-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021006","version" => "3.26"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "3.27"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "3.28"},{"date" => "2015-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023002","version" => "3.29"},{"date" => "2016-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023007","version" => "3.31"},{"date" => "2016-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025002","version" => "3.32"},{"date" => "2016-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025003","version" => "3.33"},{"date" => "2017-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025011","version" => "3.34"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "3.36"},{"date" => "2018-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027009","version" => "3.38"},{"date" => "2018-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027010","version" => "3.39"},{"date" => "2018-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.029006","version" => "3.40"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "3.41"},{"date" => "2020-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033005","version" => "3.42"},{"date" => "2021-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033009","version" => "3.43"},{"date" => "2022-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.03501","version" => "3.45"},{"date" => "2022-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037004","version" => "3.46"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.48"},{"date" => "2022-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037007","version" => "3.49"},{"date" => "2023-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037011","version" => "3.50"}]},"FCGI" => {"advisories" => [{"affected_versions" => ["<0.74"],"cves" => ["CVE-2011-2766"],"description" => "Leaking information across requests when using the deprecated and undocumented old FCGI interface.\n","distribution" => "FCGI","fixed_versions" => [">=0.74"],"id" => "CPANSA-FCGI-2011-01","references" => ["https://metacpan.org/changes/distribution/FCGI","https://github.com/perl-catalyst/FCGI/commit/297693dc8362d25bb25e473899c72508a0f71d2e"],"reported" => "2011-09-24"},{"affected_versions" => [">=0.44"],"cves" => ["CVE-2025-40907"],"description" => "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.  The included FastCGI library is affected by  CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.","distribution" => "FCGI","fixed_versions" => [],"id" => "CPANSA-FCGI-2025-40907","references" => ["http://www.openwall.com/lists/oss-security/2025/04/23/4","https://github.com/FastCGI-Archives/fcgi2/issues/67","https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5","https://github.com/perl-catalyst/FCGI/issues/14","https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch","https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library"],"reported" => "2025-05-16","severity" => undef}],"main_module" => "FCGI","versions" => [{"date" => "1996-09-25T17:48:57","version" => "0.25"},{"date" => "1996-10-15T21:51:06","version" => "0.26"},{"date" => "1997-02-20T08:55:44","version" => "0.27"},{"date" => "1997-02-25T07:14:13","version" => "0.28"},{"date" => "1997-06-10T18:16:17","version" => "0.29"},{"date" => "1997-06-24T17:17:05","version" => "0.30"},{"date" => "1997-07-24T11:05:43","version" => "0.31"},{"date" => "1998-06-17T10:24:17","version" => "0.34"},{"date" => "1998-06-22T15:38:51","version" => "0.35"},{"date" => "1998-06-24T19:42:57","version" => "0.36"},{"date" => "1998-06-27T16:08:39","version" => "0.37"},{"date" => "1998-07-15T15:24:00","version" => "0.40"},{"date" => "1998-07-29T16:05:51","version" => "0.41"},{"date" => "1998-08-28T15:30:49","version" => "0.42"},{"date" => "1998-12-22T22:34:14","version" => "0.43"},{"date" => "1998-12-23T11:28:39","version" => "0.44"},{"date" => "1999-03-08T17:04:02","version" => "0.45"},{"date" => "1999-07-30T08:26:31","version" => "0.46"},{"date" => "1999-07-31T21:58:01","version" => "0.47"},{"date" => "1999-08-27T13:41:54","version" => "0.48"},{"date" => "2000-04-09T18:58:32","version" => "0.49"},{"date" => "2000-04-10T07:04:43","version" => "0.50"},{"date" => "2000-04-12T12:27:09","version" => "0.51"},{"date" => "2000-04-12T14:10:02","version" => "0.52"},{"date" => "2000-07-10T10:01:51","version" => "0.53"},{"date" => "2000-10-08T19:52:29","version" => "0.54"},{"date" => "2000-10-18T21:22:46","version" => "0.55"},{"date" => "2000-11-03T15:44:28","version" => "0.56"},{"date" => "2000-11-12T15:15:01","version" => "0.57"},{"date" => "2000-11-14T23:20:24","version" => "0.58"},{"date" => "2000-12-31T22:05:44","version" => "0.59"},{"date" => "2001-06-08T15:19:08","version" => "0.60"},{"date" => "2001-09-20T12:34:13","version" => "0.61"},{"date" => "2001-09-21T16:19:42","version" => "0.62"},{"date" => "2001-09-24T20:43:48","version" => "0.63"},{"date" => "2001-09-25T08:26:24","version" => "0.64"},{"date" => "2002-02-19T14:16:27","version" => "0.65"},{"date" => "2002-09-05T16:23:07","version" => "0.66"},{"date" => "2002-12-23T10:21:36","version" => "0.67"},{"date" => "2009-12-20T21:05:48","version" => "0.67_01"},{"date" => "2010-01-06T10:07:05","version" => "0.68"},{"date" => "2010-01-10T01:35:11","version" => "0.68_01"},{"date" => "2010-01-13T19:25:40","version" => "0.68_02"},{"date" => "2010-02-15T23:08:12","version" => "0.69"},{"date" => "2010-03-22T14:35:03","version" => "0.70"},{"date" => "2010-04-01T00:55:33","version" => "0.71"},{"date" => "2010-08-24T21:32:56","version" => "0.71_01"},{"date" => "2011-04-28T08:50:09","version" => "0.71_02"},{"date" => "2011-04-28T09:05:42","version" => "0.71_03"},{"date" => "2011-05-19T09:06:02","version" => "0.72"},{"date" => "2011-05-28T01:35:17","version" => "0.73"},{"date" => "2011-09-24T08:31:47","version" => "0.74"},{"date" => "2014-07-17T00:19:02","version" => "0.75"},{"date" => "2014-08-05T01:29:06","version" => "0.76"},{"date" => "2014-08-05T15:53:28","version" => "0.77"},{"date" => "2016-03-07T00:08:23","version" => "0.78"},{"date" => "2019-12-14T18:29:19","version" => "0.79"},{"date" => "2021-07-25T04:54:49","version" => "0.80"},{"date" => "2021-07-30T23:19:01","version" => "0.81"},{"date" => "2021-07-31T03:26:34","version" => "0.82"}]},"Fake-Encode" => {"advisories" => [{"affected_versions" => ["<0.08"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "Fake-Encode","fixed_versions" => [">=0.08"],"id" => "CPANSA-Fake-Encode-2017-01","references" => ["https://metacpan.org/changes/distribution/Fake-Encode"],"reported" => "2017-01-23"}],"main_module" => "Fake::Encode","versions" => [{"date" => "2016-05-31T14:11:49","version" => "0.01"},{"date" => "2017-01-23T12:34:23","version" => "0.02"},{"date" => "2017-01-25T15:52:13","version" => "0.03"},{"date" => "2017-01-26T15:17:01","version" => "0.04"},{"date" => "2017-03-06T16:01:40","version" => "0.05"},{"date" => "2017-09-08T17:54:14","version" => "0.06"},{"date" => "2017-09-09T15:27:50","version" => "0.07"},{"date" => "2018-02-03T14:50:49","version" => "0.08"},{"date" => "2018-02-19T12:21:04","version" => "0.09"},{"date" => "2019-07-11T16:26:06","version" => "0.10"},{"date" => "2023-03-25T02:26:13","version" => "0.11"}]},"Fake-Our" => {"advisories" => [{"affected_versions" => ["<0.06"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "Fake-Our","fixed_versions" => [">=0.06"],"id" => "CPANSA-Fake-Our-2017-01","references" => ["https://metacpan.org/changes/distribution/Fake-Our"],"reported" => "2017-01-23"}],"main_module" => "Fake::Our","versions" => [{"date" => "2014-02-09T05:36:09","version" => "0.01"},{"date" => "2014-08-06T17:33:15","version" => "0.02"},{"date" => "2014-08-09T02:35:25","version" => "0.03"},{"date" => "2014-08-10T15:33:58","version" => "0.04"},{"date" => "2015-06-21T04:09:47","version" => "0.05"},{"date" => "2017-01-23T12:34:34","version" => "0.06"},{"date" => "2017-01-26T15:21:45","version" => "0.07"},{"date" => "2017-01-27T15:18:56","version" => "0.08"},{"date" => "2017-01-28T15:07:50","version" => "0.09"},{"date" => "2017-03-06T16:01:51","version" => "0.10"},{"date" => "2018-02-03T11:05:49","version" => "0.11"},{"date" => "2018-02-16T17:54:00","version" => "0.12"},{"date" => "2018-02-17T01:35:58","version" => "0.13"},{"date" => "2018-02-18T15:32:17","version" => "0.14"},{"date" => "2019-07-11T16:27:42","version" => "0.15"},{"date" => "2019-07-14T00:51:24","version" => "0.16"},{"date" => "2023-03-25T02:32:44","version" => "0.17"}]},"File-DataClass" => {"advisories" => [{"affected_versions" => ["<0.72.1"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "File-DataClass","fixed_versions" => [">=0.72.1"],"id" => "CPANSA-File-DataClass-2017-01","references" => ["https://metacpan.org/changes/distribution/File-DataClass"],"reported" => "2017-04-01"}],"main_module" => "File::DataClass","versions" => [{"date" => "2010-09-29T16:37:04","version" => "0.1.228"},{"date" => "2010-10-06T14:20:31","version" => "0.2.234"},{"date" => "2011-01-26T18:14:50","version" => "0.3.238"},{"date" => "2011-02-27T23:09:38","version" => "0.3.239"},{"date" => "2011-04-12T19:44:59","version" => "0.3.259"},{"date" => "2011-05-15T17:45:09","version" => "0.4.268"},{"date" => "2011-05-30T01:47:40","version" => "0.5.271"},{"date" => "2011-07-11T13:39:10","version" => "0.6.286"},{"date" => "2011-11-30T00:05:18","version" => "0.7.321"},{"date" => "2011-12-02T04:40:20","version" => "0.7.325"},{"date" => "2011-12-02T22:39:25","version" => "0.7.326"},{"date" => "2011-12-03T18:43:58","version" => "0.7.328"},{"date" => "2012-02-22T18:28:29","version" => "0.7.330"},{"date" => "2012-02-23T11:00:24","version" => "0.7.331"},{"date" => "2012-02-24T10:52:18","version" => "0.7.332"},{"date" => "2012-03-12T17:34:58","version" => "0.7.335"},{"date" => "2012-03-20T18:24:26","version" => "0.7.336"},{"date" => "2012-03-21T22:43:50","version" => "0.7.338"},{"date" => "2012-03-22T13:48:59","version" => "0.7.339"},{"date" => "2012-03-24T00:37:31","version" => "0.7.343"},{"date" => "2012-03-28T23:58:41","version" => "0.8.351"},{"date" => "2012-03-29T22:05:21","version" => "0.8.355"},{"date" => "2012-04-03T00:26:12","version" => "0.8.357"},{"date" => "2012-04-04T15:19:03","version" => "0.8.360"},{"date" => "2012-04-17T18:57:01","version" => "0.9.368"},{"date" => "2012-05-19T21:05:56","version" => "0.10.380"},{"date" => "2012-07-10T00:34:23","version" => "0.11.401"},{"date" => "2012-09-02T13:43:37","version" => "0.12.406"},{"date" => "2012-09-06T14:02:06","version" => "0.12.409"},{"date" => "2012-11-07T07:49:39","version" => "0.13.416"},{"date" => "2012-11-13T20:16:27","version" => "0.13.418"},{"date" => "2012-12-12T23:25:16","version" => "0.13.420"},{"date" => "2012-12-14T17:58:08","version" => "0.13.421"},{"date" => "2012-12-19T22:23:08","version" => "0.13.422"},{"date" => "2012-12-21T20:48:41","version" => "0.13.424"},{"date" => "2012-12-30T03:05:28","version" => "0.13.427"},{"date" => "2013-01-07T00:52:48","version" => "0.14.429"},{"date" => "2013-04-01T01:14:44","version" => "0.15.431"},{"date" => "2013-04-02T14:21:13","version" => "0.15.434"},{"date" => "2013-04-14T16:15:55","version" => "v0.16.438"},{"date" => "2013-04-15T20:42:56","version" => "v0.16.442"},{"date" => "2013-04-24T03:47:54","version" => "v0.16.445"},{"date" => "2013-04-29T17:12:37","version" => "v0.17.450"},{"date" => "2013-04-30T22:15:36","version" => "v0.18.6"},{"date" => "2013-05-02T14:14:57","version" => "v0.19.1"},{"date" => "2013-05-07T23:33:06","version" => "v0.20.6"},{"date" => "2013-05-10T14:58:03","version" => "v0.20.7"},{"date" => "2013-05-14T13:32:28","version" => "v0.20.8"},{"date" => "2013-05-15T20:03:34","version" => "v0.20.9"},{"date" => "2013-05-16T00:11:50","version" => "v0.20.10"},{"date" => "2013-05-17T16:07:41","version" => "v0.20.12"},{"date" => "2013-06-08T13:26:40","version" => "v0.20.13"},{"date" => "2013-07-28T17:41:14","version" => "v0.22.1"},{"date" => "2013-07-29T11:39:49","version" => "v0.22.2"},{"date" => "2013-07-29T11:46:28","version" => "v0.22.3"},{"date" => "2013-07-29T18:37:14","version" => "v0.22.4"},{"date" => "2013-07-30T10:19:23","version" => "v0.22.5"},{"date" => "2013-07-30T16:25:59","version" => "v0.22.7"},{"date" => "2013-07-31T09:54:30","version" => "v0.22.8"},{"date" => "2013-08-02T19:06:49","version" => "v0.22.9"},{"date" => "2013-08-06T17:19:31","version" => "v0.23.1"},{"date" => "2013-08-07T13:14:13","version" => "v0.23.2"},{"date" => "2013-08-13T18:01:24","version" => "0.24.1"},{"date" => "2013-08-16T22:49:23","version" => "0.24.3"},{"date" => "2013-09-03T13:11:17","version" => "0.25.1"},{"date" => "2013-09-26T16:04:18","version" => "0.26.1"},{"date" => "2013-11-22T09:42:00","version" => "0.27.1"},{"date" => "2014-01-01T15:02:23","version" => "0.28.1"},{"date" => "2014-01-01T17:03:18","version" => "0.29.1"},{"date" => "2014-01-02T02:33:28","version" => "0.30.1"},{"date" => "2014-01-13T18:41:29","version" => "0.31.1"},{"date" => "2014-01-24T20:56:21","version" => "0.33.1"},{"date" => "2014-04-04T10:52:59","version" => "0.34.1"},{"date" => "2014-05-01T14:40:32","version" => "0.35.1"},{"date" => "2014-05-13T10:03:54","version" => "0.36.1"},{"date" => "2014-05-13T21:08:07","version" => "0.37.1"},{"date" => "2014-05-15T00:11:43","version" => "0.38.1"},{"date" => "2014-05-16T08:19:01","version" => "0.39.1"},{"date" => "2014-05-22T09:37:34","version" => "0.40.1"},{"date" => "2014-05-22T14:10:49","version" => "0.40.2"},{"date" => "2014-05-28T10:28:42","version" => "0.41.1"},{"date" => "2014-07-03T23:27:53","version" => "0.42.1"},{"date" => "2014-07-04T09:25:10","version" => "0.42.2"},{"date" => "2014-07-04T12:19:02","version" => "0.43.1"},{"date" => "2014-07-16T12:39:03","version" => "0.44.1"},{"date" => "2014-08-18T23:00:05","version" => "0.45.1"},{"date" => "2014-08-26T12:43:14","version" => "0.45.5"},{"date" => "2014-08-26T16:41:35","version" => "0.46.1"},{"date" => "2014-08-27T16:17:50","version" => "0.47.1"},{"date" => "2014-09-03T22:25:51","version" => "0.48.1"},{"date" => "2014-10-02T17:39:13","version" => "0.48.3"},{"date" => "2014-10-02T19:59:28","version" => "0.49.1"},{"date" => "2014-11-07T18:51:52","version" => "0.50.1"},{"date" => "2014-11-08T21:45:45","version" => "0.50.2"},{"date" => "2014-11-09T13:19:50","version" => "0.50.3"},{"date" => "2014-11-09T15:52:41","version" => "0.51.1"},{"date" => "2014-11-10T12:44:49","version" => "0.52.1"},{"date" => "2014-12-19T11:49:49","version" => "0.53.1"},{"date" => "2014-12-19T22:54:41","version" => "0.54.1"},{"date" => "2015-02-05T00:04:33","version" => "0.55.1"},{"date" => "2015-03-19T14:59:03","version" => "0.56.1"},{"date" => "2015-04-04T20:00:58","version" => "0.57.1"},{"date" => "2015-04-04T20:16:31","version" => "0.58.1"},{"date" => "2015-04-05T17:58:31","version" => "0.59.1"},{"date" => "2015-04-08T23:10:28","version" => "0.60.1"},{"date" => "2015-05-11T12:15:05","version" => "0.61.1"},{"date" => "2015-05-24T11:52:28","version" => "0.62.1"},{"date" => "2015-06-21T21:42:17","version" => "0.63.1"},{"date" => "2015-08-29T08:58:54","version" => "0.66.1"},{"date" => "2016-02-01T00:18:43","version" => "0.67.1"},{"date" => "2016-02-01T14:33:11","version" => "0.68.1"},{"date" => "2016-07-05T00:36:52","version" => "0.69.1"},{"date" => "2016-07-29T15:24:24","version" => "0.70.1"},{"date" => "2016-07-29T18:59:13","version" => "0.71.1"},{"date" => "2017-04-02T08:23:47","version" => "0.72.1"},{"date" => "2017-06-02T00:03:17","version" => "0.73.1"}]},"File-Find-Rule" => {"advisories" => [{"affected_versions" => ["<=0.34"],"cves" => ["CVE-2011-10007"],"description" => "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.  A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.  Example:  \$ mkdir /tmp/poc; echo > \"/tmp/poc/|id\" \$ perl -MFile::Find::Rule \\ \x{a0} \x{a0} -E 'File::Find::Rule->grep(\"foo\")->in(\"/tmp/poc\")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)","distribution" => "File-Find-Rule","fixed_versions" => [">=0.35"],"id" => "CPANSA-File-Find-Rule-2011-10007","references" => ["https://github.com/richardc/perl-file-find-rule/commit/df58128bcee4c1da78c34d7f3fe1357e575ad56f.patch","https://github.com/richardc/perl-file-find-rule/pull/4","https://metacpan.org/release/RCLAMP/File-Find-Rule-0.34/source/lib/File/Find/Rule.pm#L423","https://rt.cpan.org/Public/Bug/Display.html?id=64504","http://www.openwall.com/lists/oss-security/2025/06/05/4","http://www.openwall.com/lists/oss-security/2025/06/06/1","http://www.openwall.com/lists/oss-security/2025/06/06/3","https://lists.debian.org/debian-lts-announce/2025/06/msg00006.html","https://github.com/richardc/perl-file-find-rule/pull/4"],"reported" => "2025-06-05","severity" => undef}],"main_module" => "File::Find::Rule","versions" => [{"date" => "2002-07-26T13:03:10","version" => "0.01"},{"date" => "2002-08-14T22:28:12","version" => "0.02"},{"date" => "2002-08-24T17:34:12","version" => "0.03"},{"date" => "2002-09-10T08:54:04","version" => "0.04"},{"date" => "2002-10-21T16:37:18","version" => "0.05"},{"date" => "2002-10-22T07:30:31","version" => "0.06"},{"date" => "2002-10-25T15:54:13","version" => "0.07"},{"date" => "2002-12-04T13:55:56","version" => "0.08"},{"date" => "2003-01-21T10:56:48","version" => "0.09"},{"date" => "2003-03-10T02:07:24","version" => "0.10"},{"date" => "2003-06-22T21:04:15","version" => "0.20_01"},{"date" => "2003-06-25T11:36:22","version" => "0.20_02"},{"date" => "2003-07-29T19:24:32","version" => "0.11"},{"date" => "2003-08-04T09:27:12","version" => "0.20_03"},{"date" => "2003-09-08T17:44:26","version" => "0.20"},{"date" => "2003-09-15T12:16:58","version" => "0.21"},{"date" => "2003-10-03T19:33:19","version" => "0.22"},{"date" => "2003-10-03T22:57:25","version" => "0.23"},{"date" => "2003-10-04T11:20:43","version" => "0.24_01"},{"date" => "2003-10-06T14:22:20","version" => "0.24"},{"date" => "2003-10-22T17:11:46","version" => "0.25"},{"date" => "2003-11-10T22:10:06","version" => "0.26"},{"date" => "2004-02-25T10:55:36","version" => "0.27"},{"date" => "2004-05-18T20:37:58","version" => "0.28"},{"date" => "2006-05-16T14:28:43","version" => "0.29"},{"date" => "2006-06-01T15:39:35","version" => "0.30"},{"date" => "2009-11-27T22:58:10","version" => "0.31"},{"date" => "2009-11-28T00:47:34","version" => "0.32"},{"date" => "2011-09-19T11:56:02","version" => "0.33"},{"date" => "2015-12-03T14:31:54","version" => "0.34"},{"date" => "2025-06-05T15:35:41","version" => "0.35"}]},"File-KeePass" => {"advisories" => [{"affected_versions" => [">0"],"cves" => [],"description" => "The module is making use of the perl rand function for key and iv generation (for Crypt::Rijndael).\n","distribution" => "File-KeePass","fixed_versions" => [],"id" => "CPANSA-File-KeePass-2016-01","references" => ["https://rt.cpan.org/Ticket/Display.html?id=117836"],"reported" => "2016-09-14","severity" => undef}],"main_module" => "File::KeePass","versions" => [{"date" => "2010-06-29T14:52:50","version" => "0.01"},{"date" => "2010-12-04T04:33:41","version" => "0.02"},{"date" => "2010-12-07T06:06:57","version" => "0.03"},{"date" => "2012-09-13T04:48:56","version" => "2.00"},{"date" => "2012-09-13T14:17:11","version" => "2.01"},{"date" => "2012-09-13T15:22:40","version" => "2.02"},{"date" => "2012-09-15T22:25:43","version" => "2.03"}]},"File-Path" => {"advisories" => [{"affected_versions" => ["<2.13"],"cves" => ["CVE-2017-6512"],"description" => "Race condition in the rmtree and remove_tree functions allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.\n","distribution" => "File-Path","fixed_versions" => [">=2.13"],"id" => "CPANSA-File-Path-2017-01","references" => ["https://metacpan.org/changes/distribution/File-Path","https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2"],"reported" => "2017-05-02"},{"affected_versions" => ["<=1.08"],"cves" => ["CVE-2008-5303"],"description" => "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2008-5303","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905","http://www.openwall.com/lists/oss-security/2008/11/28/2","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36","http://www.gossamer-threads.com/lists/perl/porters/233695#233695","http://www.debian.org/security/2008/dsa-1678","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://secunia.com/advisories/32980","http://support.apple.com/kb/HT4077","http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://secunia.com/advisories/40052","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/47044","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-12-01","severity" => undef},{"affected_versions" => ["==1.08","==2.07"],"cves" => ["CVE-2008-5302"],"description" => "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448.  It is different from CVE-2008-5303 due to affected versions.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2008-5302","references" => ["http://www.gossamer-threads.com/lists/perl/porters/233695#233695","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905","http://www.openwall.com/lists/oss-security/2008/11/28/2","http://www.debian.org/security/2008/dsa-1678","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-1","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","http://secunia.com/advisories/32980","http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","http://support.apple.com/kb/HT4077","http://secunia.com/advisories/40052","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/47043","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-12-01","severity" => undef},{"affected_versions" => [">=2.04,<2.07"],"cves" => ["CVE-2008-2827"],"description" => "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.\n","distribution" => "File-Path","fixed_versions" => [">=2.07"],"id" => "CPANSA-File-Path-2008-2827","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319","http://rt.cpan.org/Public/Bug/Display.html?id=36982","http://www.securityfocus.com/bid/29902","http://secunia.com/advisories/30790","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","http://www.mandriva.com/security/advisories?name=MDVSA-2008:165","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html","http://secunia.com/advisories/30837","http://secunia.com/advisories/31687","http://www.securitytracker.com/id?1020373","https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"],"reported" => "2008-06-23","severity" => undef},{"affected_versions" => ["<1.07"],"cves" => ["CVE-2005-0448"],"description" => "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2005-0448","references" => ["http://www.debian.org/security/2005/dsa-696","http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml","http://www.redhat.com/support/errata/RHSA-2005-881.html","http://secunia.com/advisories/18075","http://www.securityfocus.com/bid/12767","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://secunia.com/advisories/14531","http://secunia.com/advisories/18517","http://fedoranews.org/updates/FEDORA--.shtml","http://www.redhat.com/support/errata/RHSA-2005-674.html","http://secunia.com/advisories/17079","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://www.mandriva.com/security/advisories?name=MDKSA-2005:079","http://www.securityfocus.com/advisories/8704","http://secunia.com/advisories/55314","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475","https://usn.ubuntu.com/94-1/"],"reported" => "2005-05-02","severity" => undef},{"affected_versions" => [">=1.06,<=1.404"],"cves" => ["CVE-2004-0452"],"description" => "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.\n","distribution" => "File-Path","fixed_versions" => [],"id" => "CPANSA-File-Path-2004-0452","references" => ["http://www.debian.org/security/2004/dsa-620","http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://www.securityfocus.com/bid/12072","http://secunia.com/advisories/12991","http://secunia.com/advisories/18517","http://fedoranews.org/updates/FEDORA--.shtml","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://secunia.com/advisories/55314","http://marc.info/?l=bugtraq&m=110547693019788&w=2","https://www.ubuntu.com/usn/usn-44-1/","https://exchange.xforce.ibmcloud.com/vulnerabilities/18650","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"],"reported" => "2004-12-21","severity" => undef}],"main_module" => "File::Path","versions" => [{"date" => "2007-05-17T13:46:15","version" => "1.99_01"},{"date" => "2007-05-27T09:29:48","version" => "1.99_02"},{"date" => "2007-06-27T19:23:09","version" => "2.00_05"},{"date" => "2007-07-04T21:37:13","version" => "2.00_06"},{"date" => "2007-07-09T19:37:02","version" => "2.00_07"},{"date" => "2007-08-01T00:10:43","version" => "2.00_08"},{"date" => "2007-08-20T18:15:55","version" => "2.00_09"},{"date" => "2007-09-04T17:20:45","version" => "2.00_10"},{"date" => "2007-09-08T12:53:07","version" => "2.00_11"},{"date" => "2007-09-29T10:29:32","version" => "2.01"},{"date" => "2007-10-24T10:36:09","version" => "2.02"},{"date" => "2007-11-04T18:36:19","version" => "2.03"},{"date" => "2007-11-24T09:53:23","version" => "2.04"},{"date" => "2008-05-07T08:25:05","version" => "2.05"},{"date" => "2008-05-08T09:36:50","version" => "2.06"},{"date" => "2008-05-10T21:02:47","version" => "2.06_01"},{"date" => "2008-05-12T10:07:46","version" => "2.06_02"},{"date" => "2008-05-12T21:43:43","version" => "2.06_03"},{"date" => "2008-05-13T14:40:30","version" => "2.06_04"},{"date" => "2008-10-01T20:41:37","version" => "2.06_05"},{"date" => "2008-10-05T21:59:58","version" => "2.06_06"},{"date" => "2008-10-29T17:55:36","version" => "2.06_07"},{"date" => "2008-11-05T00:12:29","version" => "2.06_08"},{"date" => "2008-11-09T13:11:17","version" => "2.07"},{"date" => "2009-06-21T13:23:32","version" => "2.07_03"},{"date" => "2009-10-04T10:31:05","version" => "2.08"},{"date" => "2013-01-16T21:36:05","version" => "2.09"},{"date" => "2015-06-24T17:03:22","version" => "2.10_001"},{"date" => "2015-06-26T17:28:20","version" => "2.10_002"},{"date" => "2015-07-08T16:59:11","version" => "2.10_003"},{"date" => "2015-07-10T11:34:44","version" => "2.10_004"},{"date" => "2015-07-17T15:03:07","version" => "2.10_005"},{"date" => "2015-07-18T02:28:14","version" => "2.11"},{"date" => "2015-07-24T23:01:36","version" => "2.11_001"},{"date" => "2015-07-25T09:56:18","version" => "2.11_002"},{"date" => "2015-08-03T18:07:05","version" => "2.11_003"},{"date" => "2015-10-01T19:34:07","version" => "2.11_004"},{"date" => "2015-10-09T12:11:52","version" => "2.12"},{"date" => "2016-09-18T13:35:39","version" => "2.12_001"},{"date" => "2017-03-12T22:09:35","version" => "2.12_002"},{"date" => "2017-04-07T13:59:30","version" => "2.12_003"},{"date" => "2017-04-18T18:37:56","version" => "2.12_004"},{"date" => "2017-04-21T12:03:20","version" => "2.12_005"},{"date" => "2017-04-21T21:58:56","version" => "2.12_006"},{"date" => "2017-04-22T20:09:24","version" => "2.12_007"},{"date" => "2017-05-07T17:48:35","version" => "2.12_008"},{"date" => "2017-05-31T23:44:51","version" => "2.13"},{"date" => "2017-06-07T21:34:52","version" => "2.14"},{"date" => "2017-07-30T02:40:36","version" => "2.15"},{"date" => "2018-08-31T13:04:13","version" => "2.16"},{"date" => "2020-07-18T18:29:28","version" => "2.17"},{"date" => "2020-11-04T12:38:02","version" => "2.18_001"},{"date" => "2020-11-05T01:30:15","version" => "2.18"},{"date" => "1995-03-14T00:00:00","dual_lived" => 1,"perl_release" => "5.001","version" => undef},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "1.01"},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.04"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "1.0402"},{"date" => "1998-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.005","version" => "1.0401"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006","version" => "1.0403"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "1.0404"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.05"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.06"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "1.07"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.08"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.07_02"},{"date" => "2009-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011003","version" => "2.08_01"},{"date" => "2016-05-09T00:00:00","dual_lived" => 1,"perl_release" => "5.024","version" => "2.12_01"}]},"File-Slurp" => {"advisories" => [{"affected_versions" => ["<9999.26"],"cves" => [],"description" => "Use of sysread treats any :encoding(...) as effectively :utf8.\n","distribution" => "File-Slurp","fixed_versions" => [">=9999.26"],"id" => "CPANSA-File-Slurp-2013-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=83126","https://rt.perl.org/Ticket/Display.html?id=121870"],"reported" => "2013-02-04"}],"main_module" => "File::Slurp","versions" => [{"date" => "1996-04-22T21:18:00","version" => "96.042202"},{"date" => "1998-07-19T16:25:00","version" => "98.071901"},{"date" => "2001-11-04T03:17:00","version" => "2001.1103"},{"date" => "2002-03-08T05:22:00","version" => "2002.0305"},{"date" => "2002-11-01T03:14:00","version" => "2002.1031"},{"date" => "2003-09-04T16:28:00","version" => "2004.0904"},{"date" => "2003-11-24T07:45:57","version" => "0.01"},{"date" => "2003-11-24T08:02:47","version" => "9999.01"},{"date" => "2003-12-17T09:20:57","version" => "9999.02"},{"date" => "2003-12-22T06:54:57","version" => "9999.03"},{"date" => "2004-02-23T19:27:53","version" => "9999.04"},{"date" => "2004-09-21T05:23:58","version" => "9999.06"},{"date" => "2005-01-30T10:01:07","version" => "9999.07"},{"date" => "2005-04-16T05:06:09","version" => "9999.08"},{"date" => "2005-04-29T06:09:11","version" => "9999.09"},{"date" => "2006-01-19T18:29:42","version" => "9999.10"},{"date" => "2006-01-20T06:45:13","version" => "9999.11"},{"date" => "2006-03-07T07:13:42","version" => "9999.12"},{"date" => "2008-01-24T04:57:12","version" => "9999.13"},{"date" => "2011-03-22T22:41:08","version" => "9999.14"},{"date" => "2011-03-24T22:52:42","version" => "9999.15"},{"date" => "2011-04-24T04:26:18","version" => "9999.16"},{"date" => "2011-05-13T06:23:08","version" => "9999.17"},{"date" => "2011-05-13T07:03:44","version" => "9999.18"},{"date" => "2011-06-07T08:08:06","version" => "9999.19"},{"date" => "2018-09-28T01:57:50","version" => "9999.20_01"},{"date" => "2018-10-05T01:23:09","version" => "9999.20_02"},{"date" => "2018-10-08T21:16:27","version" => "9999.21"},{"date" => "2018-10-16T03:15:39","version" => "9999.22"},{"date" => "2018-10-20T20:06:53","version" => "9999.23"},{"date" => "2018-10-30T02:45:09","version" => "9999.24"},{"date" => "2018-11-16T16:11:34","version" => "9999.25"},{"date" => "2019-02-13T16:35:40","version" => "9999.26"},{"date" => "2019-04-05T13:28:05","version" => "9999.27"},{"date" => "2019-09-13T00:36:22","version" => "9999.28"},{"date" => "2019-11-27T20:40:47","version" => "9999.29"},{"date" => "2020-03-09T14:31:40","version" => "9999.30"},{"date" => "2020-06-28T22:33:21","version" => "9999.31"},{"date" => "2020-07-01T00:34:08","version" => "9999.32"}]},"File-Temp" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2011-4116"],"description" => "_is_safe in the File::Temp module for Perl does not properly handle symlinks.\n","distribution" => "File-Temp","fixed_versions" => [],"id" => "CPANSA-File-Temp-2011-4116","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","https://rt.cpan.org/Public/Bug/Display.html?id=69106","https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://seclists.org/oss-sec/2011/q4/238"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "File::Temp","versions" => [{"date" => "2000-03-14T20:15:55","version" => "0.05"},{"date" => "2000-04-28T04:48:55","version" => "0.07"},{"date" => "2000-05-16T01:10:28","version" => "0.08"},{"date" => "2000-07-26T20:30:30","version" => "0.09"},{"date" => "2000-12-12T21:04:53","version" => "0.11"},{"date" => "2001-02-23T00:37:44","version" => "0.12"},{"date" => "2003-08-16T04:06:11","version" => "0.13"},{"date" => "2003-08-17T04:42:50","version" => "0.14"},{"date" => "2005-02-22T05:40:33","version" => "0.15"},{"date" => "2005-02-22T21:42:47","version" => "0.16"},{"date" => "2006-08-18T22:40:10","version" => "0.17"},{"date" => "2007-01-22T00:18:40","version" => "0.18"},{"date" => "2007-11-20T08:28:08","version" => "0.19"},{"date" => "2007-12-21T00:46:29","version" => "0.20"},{"date" => "2008-11-14T01:30:09","version" => "0.21"},{"date" => "2009-06-29T07:41:24","version" => "0.22"},{"date" => "2013-02-07T17:03:45","version" => "0.22_90"},{"date" => "2013-03-14T21:57:42","version" => "0.23"},{"date" => "2013-04-11T15:31:13","version" => "0.2301"},{"date" => "2013-09-26T13:48:13","version" => "0.2302"},{"date" => "2013-10-09T13:59:01","version" => "0.2303"},{"date" => "2013-10-10T13:17:32","version" => "0.2304"},{"date" => "2018-04-19T12:01:34","version" => "0.2305"},{"date" => "2018-06-24T19:34:31","version" => "0.2306"},{"date" => "2018-06-24T19:41:28","version" => "0.2307"},{"date" => "2018-07-11T21:07:49","version" => "0.2308"},{"date" => "2019-01-06T20:32:53","version" => "0.2309"},{"date" => "2020-09-26T17:39:38","version" => "0.2310"},{"date" => "2020-10-03T04:04:55","version" => "0.2311"},{"date" => "2025-09-01T18:57:33","version" => "0.2312"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "0.16_01"}]},"Filesys-SmbClientParser" => {"advisories" => [{"affected_versions" => ["<=2.7"],"cves" => ["CVE-2008-3285"],"description" => "The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.\n","distribution" => "Filesys-SmbClientParser","fixed_versions" => [],"id" => "CPANSA-Filesys-SmbClientParser-2008-3285","references" => ["http://www.securityfocus.com/bid/30290","http://secunia.com/advisories/31175","http://securityreason.com/securityalert/4027","https://exchange.xforce.ibmcloud.com/vulnerabilities/43910","http://www.securityfocus.com/archive/1/494536/100/0/threaded"],"reported" => "2008-07-24","severity" => undef}],"main_module" => "Filesys::SmbClientParser","versions" => [{"date" => "2000-11-19T21:10:38","version" => "0.01"},{"date" => "2000-11-20T19:41:09","version" => "0.2"},{"date" => "2001-01-12T00:31:50","version" => "0.3"},{"date" => "2001-04-15T22:37:14","version" => "1.2"},{"date" => "2001-04-19T17:38:19","version" => "1.3"},{"date" => "2001-05-30T08:04:44","version" => "1.4"},{"date" => "2002-01-25T12:18:47","version" => "2.0"},{"date" => "2002-04-19T21:56:09","version" => "2.1"},{"date" => "2002-08-09T11:24:20","version" => "2.2"},{"date" => "2002-08-13T14:55:48","version" => "2.3"},{"date" => "2002-11-08T23:57:07","version" => "2.4"},{"date" => "2002-11-12T18:59:33","version" => "2.5"},{"date" => "2004-01-28T23:06:58","version" => "2.6"},{"date" => "2004-04-14T21:56:02","version" => "2.7"}]},"GBrowse" => {"advisories" => [{"affected_versions" => ["<2.56"],"cves" => [],"description" => "An attacker is able to delete other users' accounts.  No httponly cookie flag.  Cross-site scripting vulnerability in generation of citation text.\n","distribution" => "GBrowse","fixed_versions" => [">=2.56"],"id" => "CPANSA-GBrowse-2017-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2017-01-15"},{"affected_versions" => ["<1.62"],"cves" => [],"description" => "Cross-site scripting.\n","distribution" => "GBrowse","fixed_versions" => [">=1.62"],"id" => "CPANSA-GBrowse-2004-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2004-04-05"},{"affected_versions" => ["<1.54"],"cves" => [],"description" => "Path traversal.\n","distribution" => "GBrowse","fixed_versions" => [">=1.54"],"id" => "CPANSA-GBrowse-2003-01","references" => ["https://metacpan.org/changes/distribution/GBrowse"],"reported" => "2003-08-23"}],"main_module" => "CGI::Toggle","versions" => [{"date" => "2008-12-29T15:38:27","version" => "1.981"},{"date" => "2008-12-29T17:21:12","version" => "1.982"},{"date" => "2009-01-06T07:42:56","version" => "1.983"},{"date" => "2009-01-06T09:17:54","version" => "1.984"},{"date" => "2009-01-10T12:37:42","version" => "1.985"},{"date" => "2009-01-12T16:58:20","version" => "1.986"},{"date" => "2009-01-22T19:49:50","version" => "1.987"},{"date" => "2009-01-30T00:12:57","version" => "1.988"},{"date" => "2009-03-10T19:24:17","version" => "1.989"},{"date" => "2009-04-03T19:29:22","version" => "1.99"},{"date" => "2009-05-04T05:30:31","version" => "1.991"},{"date" => "2009-05-05T23:40:00","version" => "1.992"},{"date" => "2009-05-07T14:11:11","version" => "1.993"},{"date" => "2009-05-30T22:07:17","version" => "1.994"},{"date" => "2009-06-08T21:27:08","version" => "1.995"},{"date" => "2009-07-06T14:12:57","version" => "1.996"},{"date" => "2009-07-30T16:40:54","version" => "1.997"},{"date" => "2009-08-19T19:19:44","version" => "1.9971"},{"date" => "2009-12-09T21:39:37","version" => "1.998"},{"date" => "2009-12-15T15:59:37","version" => "1.9982"},{"date" => "2009-12-18T19:25:25","version" => "1.9983"},{"date" => "2009-12-22T21:20:40","version" => "1.9984"},{"date" => "2009-12-23T21:56:31","version" => "1.999"},{"date" => "2010-01-28T02:58:41","version" => "2.00"},{"date" => "2010-02-09T18:13:33","version" => "2.01"},{"date" => "2010-03-10T05:56:50","version" => "2.02"},{"date" => "2010-03-25T16:06:21","version" => "2.03"},{"date" => "2010-04-18T21:44:27","version" => "2.04"},{"date" => "2010-05-13T03:30:32","version" => "2.05"},{"date" => "2010-05-13T21:17:05","version" => "2.06"},{"date" => "2010-05-17T14:49:41","version" => "2.07"},{"date" => "2010-05-21T02:52:47","version" => "2.08"},{"date" => "2010-06-10T20:17:32","version" => "2.09"},{"date" => "2010-06-15T14:20:30","version" => "2.10"},{"date" => "2010-06-30T19:15:37","version" => "2.11"},{"date" => "2010-06-30T19:30:03","version" => "2.12"},{"date" => "2010-07-05T20:17:39","version" => "2.13"},{"date" => "2010-08-27T15:06:04","version" => "2.14"},{"date" => "2010-09-13T22:17:44","version" => "2.15"},{"date" => "2010-11-01T16:24:01","version" => "2.16"},{"date" => "2010-11-18T17:08:57","version" => "2.17"},{"date" => "2011-01-18T22:35:59","version" => "2.20"},{"date" => "2011-01-22T17:17:34","version" => "2.21"},{"date" => "2011-01-26T14:31:35","version" => "2.22"},{"date" => "2011-01-30T20:03:25","version" => "2.23"},{"date" => "2011-01-31T17:19:08","version" => "2.24"},{"date" => "2011-02-02T18:53:40","version" => "2.25"},{"date" => "2011-02-04T18:51:54","version" => "2.26"},{"date" => "2011-04-10T21:07:42","version" => "2.27"},{"date" => "2011-04-10T21:32:05","version" => "2.28"},{"date" => "2011-05-02T16:12:11","version" => "2.29"},{"date" => "2011-05-03T12:17:18","version" => "2.30"},{"date" => "2011-05-03T15:50:21","version" => "2.31"},{"date" => "2011-05-04T18:47:51","version" => "2.32"},{"date" => "2011-05-07T03:27:32","version" => "2.33"},{"date" => "2011-06-01T15:19:47","version" => "2.34"},{"date" => "2011-06-03T13:41:28","version" => "2.35"},{"date" => "2011-06-04T14:58:14","version" => "2.36"},{"date" => "2011-06-06T21:24:59","version" => "2.37"},{"date" => "2011-06-09T16:00:48","version" => "2.38"},{"date" => "2011-06-29T17:45:00","version" => "2.39"},{"date" => "2011-09-30T16:56:29","version" => "2.40"},{"date" => "2011-10-07T13:31:48","version" => "2.41"},{"date" => "2011-10-12T19:33:22","version" => "2.42"},{"date" => "2011-10-24T16:43:23","version" => "2.43"},{"date" => "2011-12-08T23:09:26","version" => "2.44"},{"date" => "2012-01-03T21:35:41","version" => "2.45"},{"date" => "2012-02-10T17:28:20","version" => "2.46"},{"date" => "2012-02-16T12:40:04","version" => "2.47"},{"date" => "2012-02-24T21:06:10","version" => "2.48"},{"date" => "2012-04-17T23:48:26","version" => "2.49"},{"date" => "2012-09-04T16:22:21","version" => "2.50"},{"date" => "2012-09-18T03:01:31","version" => "2.51"},{"date" => "2012-09-26T02:54:36","version" => "2.52"},{"date" => "2012-12-10T11:23:34","version" => "2.53"},{"date" => "2012-12-11T15:49:03","version" => "2.54"},{"date" => "2013-07-10T14:51:25","version" => "2.55"},{"date" => "2017-01-15T21:29:11","version" => "2.56"}]},"GD" => {"advisories" => [{"affected_versions" => ["<2.72"],"cves" => ["CVE-2019-6977"],"description" => "gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.\n","distribution" => "GD","fixed_versions" => [">=2.72"],"id" => "CPANSA-GD-2019-6977","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2019-6977","https://bugs.php.net/bug.php?id=77270","http://php.net/ChangeLog-7.php","http://php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/106731","https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html","https://www.debian.org/security/2019/dsa-4384","https://usn.ubuntu.com/3900-1/","https://security.netapp.com/advisory/ntap-20190315-0003/","https://security.gentoo.org/glsa/201903-18","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html","http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html","https://www.exploit-db.com/exploits/46677/","https://access.redhat.com/errata/RHSA-2019:2519","https://access.redhat.com/errata/RHSA-2019:3299","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"],"reported" => "2019-01-27","severity" => "high"}],"main_module" => "GD","versions" => [{"date" => "1996-05-17T08:12:00","version" => "1.00"},{"date" => "1996-07-17T10:16:00","version" => "1.01"},{"date" => "1996-09-07T16:53:00","version" => "1.10"},{"date" => "1996-09-09T10:37:00","version" => "1.11"},{"date" => "1996-09-10T12:04:00","version" => "1.12"},{"date" => "1996-09-11T07:27:00","version" => "1.13"},{"date" => "1996-09-12T16:11:00","version" => "1.14"},{"date" => "1997-11-19T21:13:00","version" => "1.15"},{"date" => "1997-12-19T14:26:00","version" => "1.16"},{"date" => "1998-01-16T13:34:00","version" => "1.17"},{"date" => "1998-01-26T08:44:00","version" => "1.18"},{"date" => "1998-03-08T16:43:26","version" => "1.18"},{"date" => "1999-01-31T17:52:34","version" => "1.18"},{"date" => "1999-04-26T20:35:55","version" => "1.19"},{"date" => "1999-06-02T13:44:43","version" => "1.19"},{"date" => "1999-08-31T03:38:46","version" => "1.20"},{"date" => "1999-08-31T14:55:24","version" => "1.21"},{"date" => "1999-09-30T21:46:47","version" => "1.22"},{"date" => "1999-11-11T14:26:14","version" => "1.23"},{"date" => "2000-02-15T19:54:37","version" => "1.24"},{"date" => "2000-02-22T15:20:41","version" => "1.25"},{"date" => "2000-03-18T23:21:50","version" => "1.26"},{"date" => "2000-03-22T19:41:56","version" => "1.27"},{"date" => "2000-06-23T12:15:51","version" => "1.28"},{"date" => "2000-06-23T18:26:31","version" => "1.29"},{"date" => "2000-07-07T02:42:47","version" => "1.30"},{"date" => "2000-11-10T16:00:09","version" => "1.32"},{"date" => "2001-04-05T04:42:53","version" => "1.33"},{"date" => "2001-09-26T05:19:41","version" => "1.31"},{"date" => "2001-12-06T22:57:11","version" => "1.35"},{"date" => "2001-12-17T19:13:23","version" => "1.36"},{"date" => "2001-12-19T21:34:33","version" => "1.37"},{"date" => "2002-01-04T15:33:18","version" => "1.38"},{"date" => "2002-06-12T02:09:05","version" => "1.39"},{"date" => "2002-06-19T12:11:07","version" => "1.40"},{"date" => "2002-07-22T07:33:14","version" => "1.41"},{"date" => "2002-08-09T16:31:00","version" => "2.00"},{"date" => "2002-08-09T16:39:49","version" => "2.01"},{"date" => "2002-10-14T13:07:59","version" => "2.02"},{"date" => "2002-11-01T15:46:28","version" => "2.04"},{"date" => "2002-11-05T00:55:52","version" => "2.041"},{"date" => "2002-11-25T01:35:10","version" => "2.05"},{"date" => "2003-01-08T16:49:15","version" => "2.06"},{"date" => "2003-04-24T05:06:33","version" => "2.07"},{"date" => "2003-10-06T23:04:15","version" => "2.10"},{"date" => "2003-10-07T22:33:21","version" => "2.11"},{"date" => "2004-02-06T14:33:56","version" => "2.12"},{"date" => "2004-07-22T20:32:01","version" => "2.15"},{"date" => "2004-07-27T00:47:05","version" => "2.16"},{"date" => "2004-11-10T19:15:39","version" => "2.17"},{"date" => "2004-11-12T15:19:40","version" => "2.18"},{"date" => "2004-11-16T13:36:22","version" => "2.19"},{"date" => "2005-02-09T18:50:44","version" => "2.21"},{"date" => "2005-03-07T18:09:39","version" => "2.22"},{"date" => "2005-03-09T21:04:40","version" => "2.23"},{"date" => "2005-07-15T18:47:39","version" => "2.25"},{"date" => "2005-08-04T13:34:01","version" => "2.26"},{"date" => "2005-08-06T14:52:27","version" => "2.27"},{"date" => "2005-08-08T17:28:37","version" => "2.28"},{"date" => "2005-10-19T05:44:52","version" => "2.29"},{"date" => "2005-10-19T07:51:48","version" => "2.30"},{"date" => "2006-02-20T19:48:20","version" => "2.31"},{"date" => "2006-03-08T20:19:06","version" => "2.32"},{"date" => "2006-06-01T20:02:57","version" => "2.34"},{"date" => "2006-08-23T15:31:17","version" => "2.35"},{"date" => "2008-04-21T14:15:26","version" => "2.39"},{"date" => "2008-08-07T18:48:46","version" => "2.40"},{"date" => "2008-08-07T19:17:19","version" => "2.41"},{"date" => "2009-06-10T14:44:33","version" => "2.43"},{"date" => "2009-07-10T18:12:58","version" => "2.44"},{"date" => "2010-04-30T18:52:21","version" => "2.45"},{"date" => "2011-05-01T17:47:22","version" => "2.46"},{"date" => "2013-02-26T10:54:32","version" => "2.48"},{"date" => "2013-02-26T11:04:16","version" => "2.49"},{"date" => "2013-07-02T20:48:59","version" => "2.50"},{"date" => "2014-02-04T16:53:54","version" => "2.51"},{"date" => "2014-02-19T04:29:23","version" => "2.52"},{"date" => "2014-04-01T14:26:31","version" => "2.53"},{"date" => "2014-10-27T02:29:14","version" => "2.55"},{"date" => "2014-10-28T01:35:39","version" => "2.56"},{"date" => "2017-04-19T14:45:56","version" => "2.56_01"},{"date" => "2017-04-19T14:56:35","version" => "2.56_02"},{"date" => "2017-04-19T15:19:33","version" => "2.56_03"},{"date" => "2017-04-21T06:22:54","version" => "2.57"},{"date" => "2017-04-21T08:38:24","version" => "2.58"},{"date" => "2017-04-21T10:35:21","version" => "2.59"},{"date" => "2017-04-21T22:11:18","version" => "2.60"},{"date" => "2017-04-22T15:52:15","version" => "2.61"},{"date" => "2017-04-22T22:27:02","version" => "2.62"},{"date" => "2017-04-23T08:23:06","version" => "2.63"},{"date" => "2017-04-23T09:03:18","version" => "2.64"},{"date" => "2017-04-23T10:36:23","version" => "2.65"},{"date" => "2017-04-23T13:08:08","version" => "2.66"},{"date" => "2017-11-15T08:33:16","version" => "2.67"},{"date" => "2018-02-18T19:56:41","version" => "2.68"},{"date" => "2018-08-26T15:40:02","version" => "2.69"},{"date" => "2019-01-10T12:57:08","version" => "2.70"},{"date" => "2019-02-12T11:53:42","version" => "2.71"},{"date" => "2020-07-18T06:02:50","version" => "2.72"},{"date" => "2020-09-24T13:01:57","version" => "2.73"},{"date" => "2022-01-23T15:34:48","version" => "2.74"},{"date" => "2022-01-25T16:54:22","version" => "2.75"},{"date" => "2022-02-01T14:50:45","version" => "2.76"},{"date" => "2023-05-29T07:10:47","version" => "2.77"},{"date" => "2023-07-04T09:13:52","version" => "2.78"},{"date" => "2024-04-29T19:57:07","version" => "2.79"},{"date" => "2024-05-03T11:16:48","version" => "2.80"},{"date" => "2024-05-03T17:02:57","version" => "2.81"},{"date" => "2024-05-27T10:31:38","version" => "2.82"},{"date" => "2024-06-23T15:46:01","version" => "2.83"},{"date" => "2026-01-04T19:40:59","version" => "2.84"}]},"GPIB" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2006-1565"],"description" => "Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.\n","distribution" => "GPIB","fixed_versions" => [],"id" => "CPANSA-GPIB-2006-1565","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359239","http://www.securityfocus.com/bid/17288","https://exchange.xforce.ibmcloud.com/vulnerabilities/25681"],"reported" => "2006-03-31","severity" => undef}],"main_module" => "GPIB","versions" => [{"date" => "2002-01-02T03:13:38","version" => "0_30"}]},"Galileo" => {"advisories" => [{"affected_versions" => ["<0.043"],"cves" => ["CVE-2019-7410"],"description" => "There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via \$page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).\n","distribution" => "Galileo","fixed_versions" => [">=0.043"],"id" => "CPANSA-Galileo-2019-7410","references" => ["https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMS_v0.042.txt","https://metacpan.org/changes/distribution/Galileo","https://github.com/jberger/Galileo/pull/55/files","https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_Vulnerability_in_Galileo_CMS_v0.042.txt"],"reported" => "2020-08-14","severity" => "medium"}],"main_module" => "Galileo","versions" => [{"date" => "2012-07-30T17:03:42","version" => "0.001"},{"date" => "2012-07-30T17:38:19","version" => "0.002"},{"date" => "2012-07-30T20:36:06","version" => "0.003"},{"date" => "2012-07-31T15:41:59","version" => "0.004"},{"date" => "2012-08-06T21:26:17","version" => "0.005"},{"date" => "2012-08-09T20:39:14","version" => "0.006"},{"date" => "2012-09-10T17:57:20","version" => "0.007"},{"date" => "2012-10-27T17:40:15","version" => "0.008"},{"date" => "2012-10-28T18:03:00","version" => "0.009"},{"date" => "2012-10-28T18:10:15","version" => "0.01"},{"date" => "2012-10-31T22:10:19","version" => "0.011"},{"date" => "2013-01-15T15:10:42","version" => "0.012"},{"date" => "2013-01-15T21:07:00","version" => "0.013"},{"date" => "2013-01-16T21:37:32","version" => "0.014"},{"date" => "2013-01-19T03:59:45","version" => "0.015"},{"date" => "2013-01-26T21:28:59","version" => "0.016"},{"date" => "2013-02-05T03:32:32","version" => "0.017"},{"date" => "2013-02-06T02:47:47","version" => "0.018"},{"date" => "2013-02-06T03:09:27","version" => "0.019"},{"date" => "2013-02-11T23:33:00","version" => "0.020"},{"date" => "2013-02-17T01:24:51","version" => "0.021"},{"date" => "2013-02-17T02:44:14","version" => "0.022"},{"date" => "2013-03-04T18:25:01","version" => "0.023"},{"date" => "2013-03-12T15:24:22","version" => "0.024"},{"date" => "2013-03-12T18:48:22","version" => "0.025"},{"date" => "2013-03-15T15:18:18","version" => "0.026"},{"date" => "2013-04-03T20:04:15","version" => "0.027"},{"date" => "2013-05-14T15:59:46","version" => "0.028"},{"date" => "2013-06-29T03:30:18","version" => "0.029"},{"date" => "2013-08-27T03:43:39","version" => "0.030"},{"date" => "2013-11-28T18:36:10","version" => "0.031"},{"date" => "2014-04-06T16:17:22","version" => "0.032"},{"date" => "2014-05-10T19:38:50","version" => "0.033"},{"date" => "2014-05-31T13:06:42","version" => "0.034"},{"date" => "2014-08-16T22:10:46","version" => "0.035"},{"date" => "2014-08-31T15:31:15","version" => "0.036"},{"date" => "2014-10-14T04:03:53","version" => "0.037"},{"date" => "2015-01-25T18:08:54","version" => "0.038"},{"date" => "2015-09-28T18:25:31","version" => "0.039"},{"date" => "2016-01-07T16:33:46","version" => "0.040"},{"date" => "2016-08-13T18:15:17","version" => "0.041"},{"date" => "2017-03-16T03:14:04","version" => "0.042"},{"date" => "2020-08-06T16:26:58","version" => "0.043"}]},"Git-Raw" => {"advisories" => [{"affected_versions" => [">=0.08,<=0.24"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.25,<=0.28"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.29,<=0.40"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.41,<=0.50"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.51,<=0.53"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.54,<=0.58"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.59,<=0.60"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10128"],"description" => "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10128-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834","https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95338"],"reported" => "2017-03-24","severity" => "critical"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10129"],"description" => "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10129-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037","https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95339"],"reported" => "2017-03-24","severity" => "high"},{"affected_versions" => [">=0.61,<=0.74"],"cves" => ["CVE-2016-10130"],"description" => "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2016-10130-libgit2","references" => ["https://libgit2.github.com/security/","https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211","https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22","http://www.openwall.com/lists/oss-security/2017/01/11/6","http://www.openwall.com/lists/oss-security/2017/01/10/5","http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html","http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html","http://www.securityfocus.com/bid/95359"],"reported" => "2017-03-24","severity" => "medium"},{"affected_versions" => ["==0.75"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.76,<=0.82"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.83,<=0.84"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.85,<=0.87"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => ["==0.88"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => ["==0.89"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.08,<=0.40"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=0.41,<=0.75"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"},{"affected_versions" => [">=0.76,<=0.88"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-Raw","fixed_versions" => [],"id" => "CPANSA-Git-Raw-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Git::Raw","versions" => [{"date" => "2012-08-05T11:44:00","version" => "0.01"},{"date" => "2012-08-05T20:19:35","version" => "0.02"},{"date" => "2012-08-06T16:46:15","version" => "0.03"},{"date" => "2012-08-08T21:43:23","version" => "0.04"},{"date" => "2012-08-09T15:57:26","version" => "0.05"},{"date" => "2012-08-17T14:13:37","version" => "0.06"},{"date" => "2012-08-20T19:03:21","version" => "0.07"},{"date" => "2012-08-21T15:15:44","version" => "0.08"},{"date" => "2012-08-22T17:57:45","version" => "0.09"},{"date" => "2012-08-22T18:54:02","version" => "0.10"},{"date" => "2012-08-23T09:42:11","version" => "0.11"},{"date" => "2012-09-22T17:26:43","version" => "0.12"},{"date" => "2012-10-02T16:28:54","version" => "0.13"},{"date" => "2012-10-19T10:29:16","version" => "0.14"},{"date" => "2012-10-30T21:41:51","version" => "0.15"},{"date" => "2012-11-30T11:44:22","version" => "0.16"},{"date" => "2012-12-04T12:50:53","version" => "0.17"},{"date" => "2012-12-14T17:41:07","version" => "0.18"},{"date" => "2013-01-03T18:26:04","version" => "0.19"},{"date" => "2013-01-26T12:47:33","version" => "0.20"},{"date" => "2013-02-20T16:43:28","version" => "0.21"},{"date" => "2013-02-23T14:21:03","version" => "0.22"},{"date" => "2013-03-25T13:12:14","version" => "0.23"},{"date" => "2013-03-31T11:09:03","version" => "0.24"},{"date" => "2013-10-09T13:20:24","version" => "0.25"},{"date" => "2013-10-09T14:13:40","version" => "0.26"},{"date" => "2013-10-23T10:37:15","version" => "0.27"},{"date" => "2013-11-18T14:02:54","version" => "0.28"},{"date" => "2013-11-24T19:20:25","version" => "0.29"},{"date" => "2014-01-26T13:41:14","version" => "0.30"},{"date" => "2014-02-08T18:10:43","version" => "0.31"},{"date" => "2014-03-16T14:06:42","version" => "0.32"},{"date" => "2014-04-14T10:32:15","version" => "0.33"},{"date" => "2014-04-27T10:41:00","version" => "0.34"},{"date" => "2014-04-28T16:45:42","version" => "0.35"},{"date" => "2014-05-02T14:01:36","version" => "0.36"},{"date" => "2014-06-08T15:27:13","version" => "0.37"},{"date" => "2014-06-11T18:05:33","version" => "0.38"},{"date" => "2014-06-12T16:08:55","version" => "0.39"},{"date" => "2014-06-25T19:08:19","version" => "0.40"},{"date" => "2014-08-03T16:09:58","version" => "0.41"},{"date" => "2014-08-09T13:22:08","version" => "0.42"},{"date" => "2014-08-14T13:21:12","version" => "0.43"},{"date" => "2014-08-18T08:35:38","version" => "0.44"},{"date" => "2014-09-18T21:31:44","version" => "0.45"},{"date" => "2014-09-19T10:44:04","version" => "0.46"},{"date" => "2014-09-30T11:08:31","version" => "0.47"},{"date" => "2014-10-13T21:10:25","version" => "0.48"},{"date" => "2014-10-24T10:06:17","version" => "0.49"},{"date" => "2014-11-15T18:12:53","version" => "0.50"},{"date" => "2015-02-09T07:56:23","version" => "0.51"},{"date" => "2015-03-19T11:47:40","version" => "0.52"},{"date" => "2015-04-14T18:26:22","version" => "0.53"},{"date" => "2015-11-12T19:30:27","version" => "0.54"},{"date" => "2015-11-14T09:21:11","version" => "0.55"},{"date" => "2015-11-17T11:54:04","version" => "0.56"},{"date" => "2015-11-21T13:30:25","version" => "0.57"},{"date" => "2015-11-23T05:52:12","version" => "0.58"},{"date" => "2016-05-23T04:45:30","version" => "0.59"},{"date" => "2016-06-09T17:50:00","version" => "0.60"},{"date" => "2016-12-05T17:51:20","version" => "0.61"},{"date" => "2016-12-06T16:59:22","version" => "0.62"},{"date" => "2016-12-08T18:31:51","version" => "0.63"},{"date" => "2016-12-16T12:56:55","version" => "0.64"},{"date" => "2016-12-21T16:02:45","version" => "0.65"},{"date" => "2016-12-28T16:06:29","version" => "0.66"},{"date" => "2016-12-28T17:03:40","version" => "0.67"},{"date" => "2016-12-30T08:07:24","version" => "0.68"},{"date" => "2016-12-30T08:11:44","version" => "0.69"},{"date" => "2016-12-30T19:19:00","version" => "0.70"},{"date" => "2017-01-09T06:53:53","version" => "0.71"},{"date" => "2017-01-10T05:12:24","version" => "0.72"},{"date" => "2017-03-22T16:43:32","version" => "0.73"},{"date" => "2017-03-24T09:07:21","version" => "0.74"},{"date" => "2018-01-25T18:54:11","version" => "0.75"},{"date" => "2018-03-08T16:00:17","version" => "0.76"},{"date" => "2018-03-09T04:57:30","version" => "0.77"},{"date" => "2018-03-09T13:30:01","version" => "0.78"},{"date" => "2018-03-23T18:40:02","version" => "0.79"},{"date" => "2018-06-17T08:47:43","version" => "0.80"},{"date" => "2018-06-27T17:23:13","version" => "0.81"},{"date" => "2018-12-12T15:18:03","version" => "0.82"},{"date" => "2019-05-20T13:42:02","version" => "0.83"},{"date" => "2019-08-19T20:36:03","version" => "0.84"},{"date" => "2020-04-19T11:32:47","version" => "0.85"},{"date" => "2020-04-25T11:27:33","version" => "0.86"},{"date" => "2020-08-30T12:19:25","version" => "0.87"},{"date" => "2021-08-08T12:37:22","version" => "0.88"},{"date" => "2022-10-23T16:31:07","version" => "0.89"},{"date" => "2022-10-27T08:52:11","version" => "0.90"}]},"Git-XS" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.08,<=0.17"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.17"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.17,<=0.88"],"cves" => ["CVE-2018-7159"],"description" => "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.'\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-7159-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","https://access.redhat.com/errata/RHSA-2019:2258","https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp;utm_medium=RSS"],"reported" => "2018-05-17","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.88"],"cves" => ["CVE-2018-12121"],"description" => "Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-12121-http-parser","references" => ["https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://security.gentoo.org/glsa/202003-48"],"reported" => "2018-11-28","severity" => "high"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2014-9390"],"description" => "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2014-9390-libgit2","references" => ["https://news.ycombinator.com/item?id=8769667","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","https://github.com/blog/1938-git-client-vulnerability-announced","http://securitytracker.com/id?1031404","http://article.gmane.org/gmane.linux.kernel/1853266","http://mercurial.selenic.com/wiki/WhatsNew","http://support.apple.com/kb/HT204147","https://libgit2.org/security/","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"],"reported" => "2020-02-12","severity" => "critical"},{"affected_versions" => [">=0.01,<=0.02"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "Git-XS","fixed_versions" => [],"id" => "CPANSA-Git-XS-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "Git::XS","versions" => [{"date" => "2011-12-27T05:42:38","version" => "0.01"},{"date" => "2011-12-27T23:09:56","version" => "0.02"}]},"GitLab-API-v4" => {"advisories" => [{"affected_versions" => [">=0.26"],"cves" => ["CVE-2023-31485"],"description" => "GitLab::API::v4 is missing the verify_SSL=>1 flag in HTTP::Tiny, allowing a network attacker to MITM connections to the GitLab server.\n","distribution" => "GitLab-API-v4","fixed_versions" => [],"id" => "CPANSA-GitLab-API-v4-2023-31485","references" => ["https://github.com/bluefeet/GitLab-API-v4/pull/57","https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://www.openwall.com/lists/oss-security/2023/04/18/14","https://github.com/chansen/p5-http-tiny/pull/151"],"reported" => "2023-02-28"}],"main_module" => "GitLab::API::v4","versions" => [{"date" => "2017-12-11T18:40:52","version" => "0.01"},{"date" => "2017-12-16T00:11:18","version" => "0.02"},{"date" => "2018-01-12T21:26:23","version" => "0.03"},{"date" => "2018-02-03T23:15:40","version" => "0.04"},{"date" => "2018-03-06T18:26:52","version" => "0.05"},{"date" => "2018-04-09T20:06:01","version" => "0.06"},{"date" => "2018-05-10T21:33:05","version" => "0.07"},{"date" => "2018-05-14T17:33:39","version" => "0.08"},{"date" => "2018-05-29T04:48:13","version" => "0.09"},{"date" => "2018-06-06T06:47:41","version" => "0.10"},{"date" => "2018-09-02T05:24:51","version" => "0.11"},{"date" => "2018-09-12T01:04:05","version" => "0.12"},{"date" => "2018-11-08T13:44:56","version" => "0.13"},{"date" => "2018-12-04T20:39:42","version" => "0.14"},{"date" => "2019-01-09T18:13:46","version" => "0.15"},{"date" => "2019-02-18T06:21:38","version" => "0.16"},{"date" => "2019-02-20T22:49:13","version" => "0.17"},{"date" => "2019-04-01T04:36:27","version" => "0.18"},{"date" => "2019-05-17T20:41:31","version" => "0.19"},{"date" => "2019-07-23T21:42:57","version" => "0.20"},{"date" => "2019-08-24T18:56:25","version" => "0.21"},{"date" => "2019-09-13T15:03:00","version" => "0.22"},{"date" => "2019-10-18T19:55:54","version" => "0.23"},{"date" => "2020-02-12T22:10:58","version" => "0.24"},{"date" => "2020-02-12T22:21:40","version" => "0.25"},{"date" => "2021-01-30T07:11:26","version" => "0.26"},{"date" => "2023-06-07T20:51:14","version" => "0.27"}]},"Graphics-ColorNames" => {"advisories" => [{"affected_versions" => [">=2.0_01,<=3.1.2"],"cves" => ["CVE-2024-55918"],"description" => "A specially-named file may lead to HTML injection attacks.\n","distribution" => "Graphics-ColorNames","fixed_versions" => [">3.1.2"],"id" => "CPANSA-Graphics-ColorNames-2010-02","references" => ["https://metacpan.org/changes/distribution/Graphics-ColorNames","https://rt.cpan.org/Public/Bug/Display.html?id=54500"],"reported" => "2010-02-11"}],"main_module" => "Graphics::ColorNames","versions" => [{"date" => "2001-02-20T03:47:48","version" => "0.10"},{"date" => "2001-04-12T02:32:22","version" => "0.20"},{"date" => "2001-04-13T04:37:27","version" => "0.21"},{"date" => "2001-04-15T14:26:41","version" => "0.22"},{"date" => "2001-04-18T03:13:51","version" => "0.23"},{"date" => "2001-04-28T16:09:48","version" => "0.24"},{"date" => "2001-10-05T02:42:20","version" => "0.30"},{"date" => "2002-10-24T01:17:51","version" => "0.31"},{"date" => "2002-12-05T03:07:24","version" => "0.32"},{"date" => "2004-07-22T00:41:35","version" => "0.3901"},{"date" => "2004-07-22T20:01:47","version" => "0.39_02"},{"date" => "2004-07-23T01:52:58","version" => "0.39_03"},{"date" => "2004-07-26T06:36:47","version" => "0.39_04"},{"date" => "2004-08-01T01:21:33","version" => "1.00"},{"date" => "2004-08-18T20:32:07","version" => "1.01"},{"date" => "2004-08-24T15:53:20","version" => "1.02"},{"date" => "2004-08-26T21:51:46","version" => "1.03"},{"date" => "2004-09-03T06:56:23","version" => "1.04"},{"date" => "2004-09-03T07:00:16","version" => "1.05"},{"date" => "2005-03-29T23:06:41","version" => "1.06"},{"date" => "2005-04-04T15:17:24","version" => "2.0_01"},{"date" => "2005-04-07T16:08:52","version" => "2.0_02"},{"date" => "2005-04-08T16:48:24","version" => "2.0_03"},{"date" => "2006-10-24T13:58:29","version" => "2.0_04"},{"date" => "2007-12-16T15:33:27","version" => "2.01"},{"date" => "2007-12-16T16:04:00","version" => "2.02"},{"date" => "2007-12-17T12:49:37","version" => "2.03"},{"date" => "2007-12-17T20:01:53","version" => "2.04"},{"date" => "2007-12-20T16:01:35","version" => "2.10_01"},{"date" => "2008-01-04T15:55:53","version" => "2.10_02"},{"date" => "2008-01-05T13:14:32","version" => "2.10_03"},{"date" => "2008-01-06T21:52:18","version" => "2.10_04"},{"date" => "2008-01-08T16:20:38","version" => "2.10_05"},{"date" => "2008-01-10T21:43:53","version" => "2.11"},{"date" => "2018-09-27T23:02:17","version" => "v3.0.0"},{"date" => "2018-09-28T12:40:06","version" => "v3.0.1"},{"date" => "2018-09-28T16:56:39","version" => "v3.0.2"},{"date" => "2018-09-30T12:37:45","version" => "v3.1.0"},{"date" => "2018-10-01T16:51:16","version" => "v3.1.1"},{"date" => "2018-10-01T22:15:39","version" => "v3.1.2"},{"date" => "2018-10-03T23:36:26","version" => "v3.2.0"},{"date" => "2018-10-06T10:00:38","version" => "v3.2.1"},{"date" => "2018-10-23T20:30:22","version" => "v3.3.0"},{"date" => "2018-10-24T15:03:58","version" => "v3.3.1"},{"date" => "2018-10-27T16:33:30","version" => "v3.3.2"},{"date" => "2018-10-27T18:31:44","version" => "v3.3.3"},{"date" => "2018-11-11T15:13:51","version" => "v3.3.4"},{"date" => "2018-11-18T19:13:42","version" => "v3.4.0"},{"date" => "2019-06-06T20:30:43","version" => "v3.5.0"}]},"HTML-EP" => {"advisories" => [{"affected_versions" => [">=0.2011"],"cves" => ["CVE-2012-6142"],"description" => "HTML::EP::Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "HTML-EP","fixed_versions" => [],"id" => "CPANSA-HTML-EP-2012-6142","references" => ["http://www.securityfocus.com/bid/59833","http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84199"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "HTML::EP","versions" => [{"date" => "1998-06-24T20:39:44","version" => "0.1000"},{"date" => "1998-06-26T12:21:47","version" => "0.1002"},{"date" => "1998-07-17T21:28:11","version" => "0.1005"},{"date" => "1998-07-18T16:05:32","version" => "0.1006"},{"date" => "1998-07-24T20:40:11","version" => "0.1100"},{"date" => "1998-09-12T20:26:57","version" => "0.1106"},{"date" => "1998-09-14T00:09:23","version" => "0.1107"},{"date" => "1998-09-18T01:41:54","version" => "0.1108"},{"date" => "1998-10-06T09:42:57","version" => "0.1109"},{"date" => "1998-10-13T16:57:33","version" => "0.1111"},{"date" => "1998-10-15T19:02:15","version" => "0.1112"},{"date" => "1998-10-21T21:58:15","version" => "0.1113"},{"date" => "1998-11-06T20:01:59","version" => "0.1116"},{"date" => "1998-11-29T18:25:07","version" => "0.1117"},{"date" => "1998-12-03T17:11:04","version" => "0.1118"},{"date" => "1999-01-26T02:07:08","version" => "0.1123"},{"date" => "1999-02-01T00:08:19","version" => "0.1124"},{"date" => "1999-02-07T20:07:50","version" => "0.1125"},{"date" => "1999-02-13T12:36:36","version" => "0.1126"},{"date" => "1999-02-23T18:47:31","version" => "0.1127"},{"date" => "1999-02-26T18:27:47","version" => "0.1128"},{"date" => "1999-05-04T22:59:11","version" => "0.1130"},{"date" => "1999-08-26T15:05:04","version" => "0.11321"},{"date" => "1999-08-27T11:29:51","version" => "0.1133"},{"date" => "1999-08-31T11:04:44","version" => "0.1134"},{"date" => "1999-09-21T10:22:21","version" => "0.1135"},{"date" => "1999-09-26T13:27:28","version" => "0.20_00"},{"date" => "1999-09-27T10:28:51","version" => "0.20_01"},{"date" => "1999-11-05T11:38:40","version" => "0.2003"},{"date" => "1999-11-08T15:38:12","version" => "0.2004"},{"date" => "1999-11-08T18:18:11","version" => "0.2005"},{"date" => "1999-11-17T12:28:55","version" => "0.2006"},{"date" => "1999-11-17T17:23:52","version" => "0.2007"},{"date" => "1999-11-25T10:15:38","version" => "0.2008"},{"date" => "1999-12-07T20:43:46","version" => "0.2009"},{"date" => "1999-12-15T22:41:39","version" => "0.2010"},{"date" => "2001-01-05T13:26:37","version" => "0.2011"},{"date" => "2001-01-05T13:27:07","version" => 0}]},"HTML-Parser" => {"advisories" => [{"affected_versions" => ["<3.63"],"cves" => ["CVE-2009-3627"],"description" => "The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.\n","distribution" => "HTML-Parser","fixed_versions" => [">=3.63"],"id" => "CPANSA-HTML-Parser-2009-3627","references" => ["https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225","http://www.openwall.com/lists/oss-security/2009/10/23/9","http://secunia.com/advisories/37155","http://www.securityfocus.com/bid/36807","https://bugzilla.redhat.com/show_bug.cgi?id=530604","http://www.vupen.com/english/advisories/2009/3022","http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c","https://exchange.xforce.ibmcloud.com/vulnerabilities/53941"],"reported" => "2009-10-29","severity" => undef}],"main_module" => "HTML::Parser","versions" => [{"date" => "1998-03-31T22:25:05","version" => "2.14"},{"date" => "1998-04-02T11:40:38","version" => "2.16"},{"date" => "1998-04-28T08:35:12","version" => "2.17"},{"date" => "1998-06-22T19:45:24","version" => "2.18"},{"date" => "1998-07-06T23:12:33","version" => "2.19"},{"date" => "1998-07-08T13:05:04","version" => "2.20"},{"date" => "1998-11-13T21:48:08","version" => "2.21"},{"date" => "1999-06-09T10:34:35","version" => "2.23"},{"date" => "1999-11-03T07:10:32","version" => "2.24"},{"date" => "1999-11-05T09:46:11","version" => "2.25"},{"date" => "1999-12-14T23:01:49","version" => "3.00"},{"date" => "1999-12-19T07:07:38","version" => "3.01"},{"date" => "1999-12-21T09:55:56","version" => "3.02"},{"date" => "2000-01-15T16:25:39","version" => "3.04"},{"date" => "2000-01-22T16:14:25","version" => "3.05"},{"date" => "2000-03-06T14:00:15","version" => "3.06"},{"date" => "2000-03-20T12:47:48","version" => "3.07"},{"date" => "2000-05-23T10:59:19","version" => "3.08"},{"date" => "2000-06-28T08:49:09","version" => "3.09"},{"date" => "2000-06-29T07:52:47","version" => "3.10"},{"date" => "2000-08-22T10:04:28","version" => "3.11"},{"date" => "2000-09-14T18:22:47","version" => "3.12"},{"date" => "2000-09-17T01:55:45","version" => "3.13"},{"date" => "2000-12-04T06:05:39","version" => "3.14"},{"date" => "2000-12-26T09:04:53","version" => "3.15"},{"date" => "2001-02-23T07:21:20","version" => "3.16"},{"date" => "2001-02-24T06:32:38","version" => "3.17"},{"date" => "2001-02-25T04:51:50","version" => "3.18"},{"date" => "2001-03-10T04:32:27","version" => "3.19"},{"date" => "2001-03-13T19:44:52","version" => "3.19_90"},{"date" => "2001-03-16T02:29:32","version" => "3.19"},{"date" => "2001-03-19T19:26:50","version" => "3.19_91"},{"date" => "2001-03-26T15:37:39","version" => "3.19_92"},{"date" => "2001-03-27T19:44:20","version" => "3.19_93"},{"date" => "2001-03-30T08:24:11","version" => "3.19_94"},{"date" => "2001-04-03T00:18:14","version" => "3.20"},{"date" => "2001-04-10T22:34:03","version" => "3.21"},{"date" => "2001-04-18T05:31:23","version" => "3.22"},{"date" => "2001-05-02T04:18:51","version" => "3.23"},{"date" => "2001-05-05T06:18:21","version" => "3.23"},{"date" => "2001-05-09T07:23:34","version" => "3.24"},{"date" => "2001-05-11T17:26:39","version" => "3.25"},{"date" => "2001-06-12T08:35:06","version" => "3.25"},{"date" => "2002-03-17T20:11:55","version" => "3.26"},{"date" => "2003-01-18T13:08:01","version" => "3.27"},{"date" => "2003-04-17T03:56:32","version" => "3.28"},{"date" => "2003-08-15T06:11:17","version" => "3.29"},{"date" => "2003-08-18T05:48:21","version" => "3.30"},{"date" => "2003-08-19T14:56:07","version" => "3.31"},{"date" => "2003-10-10T14:31:48","version" => "3.32"},{"date" => "2003-10-14T10:53:29","version" => "3.33"},{"date" => "2003-10-27T21:23:09","version" => "3.34"},{"date" => "2003-12-12T14:27:23","version" => "3.35"},{"date" => "2004-04-01T12:21:44","version" => "3.36"},{"date" => "2004-11-10T18:56:54","version" => "3.37"},{"date" => "2004-11-11T10:19:56","version" => "3.38"},{"date" => "2004-11-17T14:33:49","version" => "3.39_90"},{"date" => "2004-11-23T11:46:30","version" => "3.39_91"},{"date" => "2004-11-23T22:25:21","version" => "3.39_92"},{"date" => "2004-11-29T11:14:34","version" => "3.40"},{"date" => "2004-11-30T09:30:56","version" => "3.41"},{"date" => "2004-12-04T11:54:54","version" => "3.42"},{"date" => "2004-12-06T09:19:28","version" => "3.43"},{"date" => "2004-12-28T14:07:28","version" => "3.44"},{"date" => "2005-01-06T09:09:45","version" => "3.45"},{"date" => "2005-10-24T12:34:04","version" => "3.46"},{"date" => "2005-11-22T21:50:09","version" => "3.47"},{"date" => "2005-12-02T17:41:00","version" => "3.48"},{"date" => "2006-02-08T10:58:39","version" => "3.49"},{"date" => "2006-02-14T18:32:51","version" => "3.50"},{"date" => "2006-03-22T09:26:15","version" => "3.51"},{"date" => "2006-04-26T08:43:13","version" => "3.52"},{"date" => "2006-04-27T11:55:34","version" => "3.53"},{"date" => "2006-04-28T08:21:04","version" => "3.54"},{"date" => "2006-07-10T09:16:22","version" => "3.55"},{"date" => "2007-01-12T11:00:07","version" => "3.56"},{"date" => "2008-11-16T21:45:07","version" => "3.57"},{"date" => "2008-11-17T11:35:37","version" => "3.58"},{"date" => "2008-11-24T09:15:09","version" => "3.59"},{"date" => "2009-02-09T11:26:08","version" => "3.60"},{"date" => "2009-06-20T09:34:17","version" => "3.61"},{"date" => "2009-08-13T21:01:27","version" => "3.62"},{"date" => "2009-10-22T20:11:52","version" => "3.63"},{"date" => "2009-10-25T12:24:11","version" => "3.64"},{"date" => "2010-04-04T20:44:00","version" => "3.65"},{"date" => "2010-07-09T13:27:13","version" => "3.66"},{"date" => "2010-08-17T17:15:19","version" => "3.67"},{"date" => "2010-09-01T21:28:52","version" => "3.68"},{"date" => "2011-10-15T15:35:01","version" => "3.69"},{"date" => "2013-03-28T22:21:30","version" => "3.70"},{"date" => "2013-05-08T22:23:29","version" => "3.71"},{"date" => "2016-01-19T17:44:02","version" => "3.72"},{"date" => "2020-08-25T17:40:17","version" => "3.73"},{"date" => "2020-08-30T18:40:48","version" => "3.74"},{"date" => "2020-08-30T19:58:22","version" => "3.75"},{"date" => "2021-03-04T18:06:59","version" => "3.76"},{"date" => "2022-03-14T22:12:49","version" => "3.77"},{"date" => "2022-03-28T15:23:23","version" => "3.78"},{"date" => "2022-10-12T15:41:58","version" => "3.79"},{"date" => "2022-11-01T14:19:26","version" => "3.80"},{"date" => "2023-01-31T03:13:18","version" => "3.81"},{"date" => "2024-03-13T20:11:51","version" => "3.82"},{"date" => "2024-07-30T16:42:50","version" => "3.83"}]},"HTML-Perlinfo" => {"advisories" => [{"affected_versions" => ["<1.52"],"cves" => [],"description" => "Possibility of denial-of-service attack.\n","distribution" => "HTML-Perlinfo","fixed_versions" => [">=1.52"],"id" => "CPANSA-HTML-Perlinfo-2008-01","references" => ["https://metacpan.org/changes/release/ACCARDO/HTML-Perlinfo-1.52"],"reported" => "2008-07-04"}],"main_module" => "HTML::Perlinfo","versions" => [{"date" => "2005-08-18T21:39:08","version" => "1.00"},{"date" => "2005-09-19T20:41:07","version" => "1.05"},{"date" => "2006-01-14T05:25:20","version" => "1.25"},{"date" => "2006-08-13T03:42:36","version" => "1.40"},{"date" => "2006-08-13T09:29:45","version" => "1.41"},{"date" => "2006-08-15T01:04:34","version" => "1.42"},{"date" => "2006-08-25T07:51:28","version" => "1.43"},{"date" => "2006-09-10T23:20:13","version" => "1.44"},{"date" => "2006-09-24T02:22:48","version" => "1.45"},{"date" => "2006-09-27T20:08:12","version" => "1.46"},{"date" => "2006-10-02T19:30:30","version" => "1.47"},{"date" => "2008-03-16T03:15:04","version" => "1.48"},{"date" => "2008-04-26T04:17:07","version" => "1.49"},{"date" => "2008-04-30T20:44:40","version" => "1.50"},{"date" => "2008-06-08T21:07:29","version" => "1.51"},{"date" => "2008-07-03T23:57:26","version" => "1.52"},{"date" => "2008-07-21T22:24:22","version" => "1.53"},{"date" => "2008-07-27T23:52:36","version" => "1.54"},{"date" => "2009-04-08T01:09:54","version" => "1.55"},{"date" => "2009-04-08T19:06:59","version" => "1.56"},{"date" => "2009-04-16T15:57:34","version" => "1.57"},{"date" => "2009-04-17T02:41:48","version" => "1.58"},{"date" => "2009-04-22T03:29:45","version" => "1.59"},{"date" => "2009-05-02T20:48:38","version" => "1.60"},{"date" => "2009-05-02T22:21:42","version" => "1.60"},{"date" => "2009-05-03T23:02:35","version" => "1.61"},{"date" => "2011-06-13T19:28:39","version" => "1.62"},{"date" => "2014-08-19T21:37:30","version" => "1.63"},{"date" => "2014-08-19T22:29:15","version" => "1.64"},{"date" => "2015-06-06T23:25:41","version" => "1.65"},{"date" => "2015-06-08T18:20:03","version" => "1.66"},{"date" => "2015-06-08T20:22:33","version" => "1.67"},{"date" => "2015-06-12T02:03:18","version" => "1.68"},{"date" => "2016-11-29T19:21:00","version" => "1.69"},{"date" => "2019-06-24T15:33:44","version" => "1.70"},{"date" => "2019-06-25T02:15:30","version" => "1.71"},{"date" => "2019-07-02T19:22:14","version" => "1.72"},{"date" => "2019-07-02T20:41:23","version" => "1.73"}]},"HTML-Scrubber" => {"advisories" => [{"affected_versions" => ["<0.15"],"cves" => ["CVE-2015-5667"],"description" => "Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.\n","distribution" => "HTML-Scrubber","fixed_versions" => [">=0.15"],"id" => "CPANSA-HTML-Scrubber-2015-5667","references" => ["http://jvn.jp/en/jp/JVN53973084/index.html","http://jvndb.jvn.jp/jvndb/JVNDB-2015-000171","https://metacpan.org/release/HTML-Scrubber","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172997.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172983.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172934.html"],"reported" => "2015-10-31","severity" => undef}],"main_module" => "HTML::Scrubber","versions" => [{"date" => "2003-04-18T14:10:19","version" => "0.02"},{"date" => "2003-07-21T14:57:02","version" => "0.03"},{"date" => "2003-10-30T02:31:36","version" => "0.04"},{"date" => "2003-10-31T07:27:00","version" => "0.05"},{"date" => "2003-11-02T11:10:49","version" => "0.06"},{"date" => "2004-03-18T14:35:12","version" => "0.07"},{"date" => "2004-04-01T22:12:20","version" => "0.08"},{"date" => "2011-04-01T15:36:18","version" => "0.09"},{"date" => "2013-09-27T14:06:41","version" => "0.10"},{"date" => "2013-10-11T14:13:11","version" => "0.11"},{"date" => "2015-03-14T18:25:35","version" => "0.12"},{"date" => "2015-03-19T16:31:12","version" => "0.13"},{"date" => "2015-04-02T16:20:48","version" => "0.14"},{"date" => "2015-10-10T14:02:08","version" => "0.15"},{"date" => "2017-06-25T19:31:24","version" => "0.16"},{"date" => "2017-06-27T13:04:46","version" => "0.17"},{"date" => "2019-09-22T11:11:50","version" => "0.18"},{"date" => "2019-09-24T12:28:19","version" => "0.19"}]},"HTML-StripScripts" => {"advisories" => [{"affected_versions" => ["<=1.06"],"cves" => ["CVE-2023-24038"],"description" => "The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.\n","distribution" => "HTML-StripScripts","fixed_versions" => [],"id" => "CPANSA-HTML-StripScripts-2023-24038","references" => ["https://github.com/clintongormley/perl-html-stripscripts/issues/3","https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html","https://www.debian.org/security/2023/dsa-5339"],"reported" => "2023-01-21","severity" => "high"}],"main_module" => "HTML::StripScripts","versions" => [{"date" => "2003-03-30T10:08:51","version" => "0.01"},{"date" => "2003-07-25T18:13:42","version" => "0.02"},{"date" => "2004-04-27T16:45:34","version" => "0.03"},{"date" => "2007-05-28T11:57:07","version" => "0.90"},{"date" => "2007-05-28T12:31:03","version" => "0.99"},{"date" => "2007-05-29T13:15:46","version" => "0.991"},{"date" => "2007-06-05T12:44:56","version" => "1.00"},{"date" => "2007-10-22T14:30:52","version" => "1.01"},{"date" => "2007-10-22T15:47:44","version" => "1.02"},{"date" => "2007-10-22T17:21:36","version" => "1.03"},{"date" => "2007-11-16T17:53:46","version" => "1.04"},{"date" => "2009-11-05T10:25:59","version" => "1.05"},{"date" => "2016-05-12T09:44:35","version" => "1.06"}]},"HTML-Template-Pro" => {"advisories" => [{"affected_versions" => ["<0.9507"],"cves" => ["CVE-2011-4616"],"description" => "Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.\n","distribution" => "HTML-Template-Pro","fixed_versions" => [">=0.9507"],"id" => "CPANSA-HTML-Template-Pro-2011-4616","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587","http://openwall.com/lists/oss-security/2011/12/19/1","http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507","http://secunia.com/advisories/47184","http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes","http://www.securityfocus.com/bid/51117","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html"],"reported" => "2012-01-06","severity" => undef}],"main_module" => "HTML::Template::Pro","versions" => [{"date" => "2005-06-09T11:07:59","version" => "0.38"},{"date" => "2005-06-22T09:55:37","version" => "0.39"},{"date" => "2005-07-07T09:11:59","version" => "0.40"},{"date" => "2005-07-26T16:58:29","version" => "0.41"},{"date" => "2005-08-04T15:58:27","version" => "0.42"},{"date" => "2005-08-04T17:36:21","version" => "0.43"},{"date" => "2005-08-12T16:32:44","version" => "0.44"},{"date" => "2005-08-19T19:10:08","version" => "0.45"},{"date" => "2005-08-26T18:24:23","version" => "0.46"},{"date" => "2005-08-31T17:43:09","version" => "0.48"},{"date" => "2005-09-08T17:43:14","version" => "0.50"},{"date" => "2005-09-30T15:59:34","version" => "0.52"},{"date" => "2005-10-06T17:14:51","version" => "0.53"},{"date" => "2005-10-17T13:37:05","version" => "0.54"},{"date" => "2005-10-26T12:18:18","version" => "0.55"},{"date" => "2005-11-03T16:46:06","version" => "0.56"},{"date" => "2005-11-13T16:12:39","version" => "0.57"},{"date" => "2005-12-02T08:10:18","version" => "0.58"},{"date" => "2006-01-22T20:07:54","version" => "0.59"},{"date" => "2006-02-02T16:32:55","version" => "0.60"},{"date" => "2006-02-06T20:45:02","version" => "0.61"},{"date" => "2006-02-22T20:05:55","version" => "0.62"},{"date" => "2006-04-18T20:24:51","version" => "0.64"},{"date" => "2007-06-01T14:46:48","version" => "0.65"},{"date" => "2007-10-04T11:08:55","version" => "0.66"},{"date" => "2007-12-02T23:20:56","version" => "0.67"},{"date" => "2008-01-08T18:01:32","version" => "0.68"},{"date" => "2008-01-08T20:03:26","version" => "0.68"},{"date" => "2008-03-01T19:46:47","version" => "0.69"},{"date" => "2008-06-09T09:06:12","version" => "0.70"},{"date" => "2008-09-05T19:36:06","version" => "0.71"},{"date" => "2008-12-19T08:16:12","version" => "0.72"},{"date" => "2009-04-02T20:36:25","version" => "0.73"},{"date" => "2009-04-10T20:41:07","version" => "0.74"},{"date" => "2009-07-05T16:40:09","version" => "0.75"},{"date" => "2009-07-13T08:33:36","version" => "0.76"},{"date" => "2009-07-23T17:37:10","version" => "0.80"},{"date" => "2009-07-28T15:58:37","version" => "0.81"},{"date" => "2009-08-04T15:46:34","version" => "0.82"},{"date" => "2009-08-05T20:27:52","version" => "0.83"},{"date" => "2009-08-08T18:13:20","version" => "0.84"},{"date" => "2009-08-09T16:45:02","version" => "0.85"},{"date" => "2009-08-24T08:00:34","version" => "0.86"},{"date" => "2009-08-29T19:22:41","version" => "0.87"},{"date" => "2009-09-11T16:53:57","version" => "0.90"},{"date" => "2009-09-24T15:48:49","version" => "0.91"},{"date" => "2009-09-29T20:14:35","version" => "0.92"},{"date" => "2009-11-23T20:25:34","version" => "0.93"},{"date" => "2010-03-26T19:12:55","version" => "0.94"},{"date" => "2010-05-21T19:34:29","version" => "0.95"},{"date" => "2010-06-16T19:00:45","version" => "0.9501"},{"date" => "2010-06-24T18:50:34","version" => "0.9502"},{"date" => "2010-08-29T12:45:12","version" => "0.9503"},{"date" => "2010-09-29T07:16:03","version" => "0.9504"},{"date" => "2011-07-01T10:40:21","version" => "0.9505"},{"date" => "2011-10-04T20:31:16","version" => "0.9506"},{"date" => "2011-12-09T07:59:17","version" => "0.9507"},{"date" => "2011-12-26T21:57:41","version" => "0.9508"},{"date" => "2012-02-28T19:59:05","version" => "0.9509"},{"date" => "2013-05-13T08:40:09","version" => "0.9510"},{"date" => "2021-11-30T23:21:23","version" => "0.9520"},{"date" => "2021-12-02T07:27:12","version" => "0.9521"},{"date" => "2021-12-06T17:53:48","version" => "0.9522"},{"date" => "2021-12-15T09:50:03","version" => "0.9523"},{"date" => "2022-01-16T20:42:34","version" => "0.9524"}]},"HTTP-Body" => {"advisories" => [{"affected_versions" => [">=1.08,<1.23"],"cves" => ["CVE-2013-4407"],"description" => "HTTP::Body::Multipart in the HTTP-Body 1.08, 1.22, and earlier module for Perl uses the part of the uploaded file's name after the first \".\" character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.\n","distribution" => "HTTP-Body","fixed_versions" => [">=1.23"],"id" => "CPANSA-HTTP-Body-2013-4407","references" => ["https://www.openwall.com/lists/oss-security/2024/04/07/1","https://security-tracker.debian.org/tracker/CVE-2013-4407","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634"],"reported" => "2013-09-02","severity" => "moderate"}],"main_module" => "HTTP::Body","versions" => [{"date" => "2005-10-06T23:31:10","version" => "0.01"},{"date" => "2005-10-07T19:39:00","version" => "0.2"},{"date" => "2005-10-28T00:04:21","version" => "0.03"},{"date" => "2005-11-09T06:02:28","version" => "0.4"},{"date" => "2005-11-17T04:03:44","version" => "0.5"},{"date" => "2006-01-06T11:55:08","version" => "0.6"},{"date" => "2007-03-23T17:02:39","version" => "0.7"},{"date" => "2007-03-24T01:48:23","version" => "0.8"},{"date" => "2007-03-27T17:55:21","version" => "0.9"},{"date" => "2008-02-23T16:03:17","version" => "1.00"},{"date" => "2008-02-23T16:16:09","version" => "1.01"},{"date" => "2008-02-27T22:08:06","version" => "1.02"},{"date" => "2008-04-07T14:20:46","version" => "1.03"},{"date" => "2008-06-23T19:41:56","version" => "1.04"},{"date" => "2008-12-01T22:14:51","version" => "1.05"},{"date" => "2010-01-09T18:23:07","version" => "1.06"},{"date" => "2010-01-24T19:42:49","version" => "1.07"},{"date" => "2010-08-19T19:02:08","version" => "1.08"},{"date" => "2010-08-19T23:11:46","version" => "1.09"},{"date" => "2010-10-08T14:52:40","version" => "1.10"},{"date" => "2010-10-26T14:38:59","version" => "1.11"},{"date" => "2011-03-20T00:58:03","version" => "1.12"},{"date" => "2011-11-04T18:44:06","version" => "1.14"},{"date" => "2011-12-05T03:02:21","version" => "1.15"},{"date" => "2012-10-03T15:19:24","version" => "1.16"},{"date" => "2012-10-03T22:04:49","version" => "1.17"},{"date" => "2013-12-06T15:06:26","version" => "1.18"},{"date" => "2013-12-06T15:07:56","version" => "1.19"},{"date" => "2015-01-28T15:21:00","version" => "1.20"},{"date" => "2015-01-29T03:50:10","version" => "1.21"},{"date" => "2015-01-29T03:53:01","version" => "1.22"},{"date" => "2024-03-30T03:28:24","version" => "1.23"}]},"HTTP-Daemon" => {"advisories" => [{"affected_versions" => ["<6.15"],"cves" => ["CVE-2022-31081"],"description" => "HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my \$rqst = \$conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my \$cl = \$rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected.\n","distribution" => "HTTP-Daemon","fixed_versions" => [">=6.15"],"id" => "CPANSA-HTTP-Daemon-2022-31081","references" => ["https://github.com/libwww-perl/HTTP-Daemon/commit/e84475de51d6fd7b29354a997413472a99db70b2","https://github.com/libwww-perl/HTTP-Daemon/commit/8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0","https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn","https://datatracker.ietf.org/doc/html/rfc7230#section-9.5","https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf","http://metacpan.org/release/HTTP-Daemon/","https://cwe.mitre.org/data/definitions/444.html","https://github.com/libwww-perl/HTTP-Daemon/issues/56","https://github.com/NixOS/nixpkgs/pull/181632"],"reported" => "2022-06-27","severity" => "medium"}],"main_module" => "HTTP::Daemon","versions" => [{"date" => "2011-02-27T22:49:28","version" => "6.00"},{"date" => "2012-02-18T12:26:43","version" => "6.01"},{"date" => "2019-04-01T16:05:05","version" => "6.02"},{"date" => "2019-04-01T20:58:35","version" => "6.03"},{"date" => "2019-04-02T13:12:12","version" => "6.04"},{"date" => "2019-07-26T20:42:43","version" => "6.05"},{"date" => "2019-08-29T14:24:33","version" => "6.06"},{"date" => "2020-05-19T19:20:38","version" => "6.07"},{"date" => "2020-05-22T15:27:22","version" => "6.08"},{"date" => "2020-05-25T16:53:41","version" => "6.09"},{"date" => "2020-05-26T16:22:18","version" => "6.10"},{"date" => "2020-06-03T14:48:37","version" => "6.11"},{"date" => "2020-06-04T16:03:28","version" => "6.12"},{"date" => "2022-02-09T20:41:36","version" => "6.13"},{"date" => "2022-03-03T20:49:07","version" => "6.14"},{"date" => "2023-02-22T22:03:32","version" => "6.15"},{"date" => "2023-02-24T03:09:01","version" => "6.16"}]},"HTTP-Session2" => {"advisories" => [{"affected_versions" => ["<1.10"],"cves" => ["CVE-2018-25160"],"description" => "HTTP::Session2 1.09 does not validate session id, this causes RCE depending on the session store you use.\n","distribution" => "HTTP-Session2","fixed_versions" => [">=1.10"],"id" => "CPANSA-HTTP-Session2-2018-01","references" => ["https://metacpan.org/changes/distribution/HTTP-Session2","https://github.com/tokuhirom/HTTP-Session2/commit/813838f6d08034b6a265a70e53b59b941b5d3e6d"],"reported" => "2018-01-26","severity" => "critical"},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2026-3255"],"description" => "HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function.  The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand() function is unsuitable for cryptographic usage.  HTTP::Session2 after version 1.02 will attempt to use the /dev/urandom device to generate a session id, but if the device is unavailable (for example, under Windows), then it will revert to the insecure method described above.","distribution" => "HTTP-Session2","fixed_versions" => [">=1.12"],"id" => "CPANSA-HTTP-Session2-2026-3255","references" => ["https://github.com/tokuhirom/HTTP-Session2/commit/9cfde4d7e0965172aef5dcfa3b03bb48df93e636.patch","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.01/source/lib/HTTP/Session2/ServerStore.pm#L68","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.11/source/lib/HTTP/Session2/Random.pm#L35","https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.12/changes","http://www.openwall.com/lists/oss-security/2026/02/27/12"],"reported" => "2026-02-27","severity" => undef}],"main_module" => "HTTP::Session2","versions" => [{"date" => "2013-10-28T03:20:09","version" => "0.01"},{"date" => "2013-10-30T00:17:21","version" => "0.02"},{"date" => "2013-10-31T01:21:27","version" => "0.03"},{"date" => "2013-11-01T01:10:52","version" => "0.04"},{"date" => "2014-03-18T18:53:09","version" => "0.05"},{"date" => "2014-07-28T04:10:11","version" => "1.00"},{"date" => "2014-07-28T11:44:05","version" => "1.01"},{"date" => "2014-07-31T21:17:23","version" => "1.02"},{"date" => "2014-08-01T11:04:00","version" => "1.03"},{"date" => "2014-08-01T11:10:56","version" => "1.04"},{"date" => "2014-08-01T11:20:46","version" => "1.05"},{"date" => "2014-08-01T14:04:04","version" => "1.06"},{"date" => "2014-08-01T14:08:11","version" => "1.07"},{"date" => "2014-08-03T07:23:00","version" => "1.08"},{"date" => "2014-09-01T02:26:38","version" => "1.09"},{"date" => "2018-01-26T05:02:08","version" => "1.10"},{"date" => "2026-02-25T16:30:30","version" => "1.11"},{"date" => "2026-02-26T14:47:32","version" => "1.12"}]},"HTTP-Tiny" => {"advisories" => [{"affected_versions" => ["<0.083"],"cves" => ["CVE-2023-31486"],"description" => "HTTP::Tiny v0.082, a Perl core module since v5.13.9 and available standalone on CPAN, does not verify TLS certs by default. Users must opt-in with the verify_SSL=>1 flag to verify certs when using HTTPS.\n\nResulting in a CWE-1188: Insecure Default Initialization of Resource weakness.\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.083"],"id" => "CPANSA-HTTP-Tiny-2023-31486","references" => ["https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/","https://github.com/chansen/p5-http-tiny/issues/152","https://github.com/chansen/p5-http-tiny/pull/151","https://hackeriet.github.io/cpan-http-tiny-overview/","https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/","https://github.com/NixOS/nixpkgs/pull/187480","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089","https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92.patch","https://github.com/chansen/p5-http-tiny/issues/134","https://github.com/chansen/p5-http-tiny/issues/68"],"reported" => "2023-02-14"},{"affected_versions" => ["<0.059"],"cves" => ["CVE-2016-1238"],"description" => "Loading modules from . (current directory).\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.059"],"id" => "CPANSA-HTTP-Tiny-2016-1238","references" => ["https://metacpan.org/changes/distribution/HTTP-Tiny","https://github.com/chansen/p5-http-tiny/commit/b239c95ea7a256cfee9b8848f1bd4d1df6e66444"],"reported" => "2016-07-29"},{"affected_versions" => ["<0.039"],"cves" => [],"description" => "Temporary file creating during mirror()  not opened exclusively.\n","distribution" => "HTTP-Tiny","fixed_versions" => [">=0.039"],"id" => "CPANSA-HTTP-Tiny-2013-01","references" => ["https://metacpan.org/dist/HTTP-Tiny/changes"],"reported" => "2013-11-27"}],"main_module" => "HTTP::Tiny","versions" => [{"date" => "2010-12-11T12:59:31","version" => "0.001"},{"date" => "2010-12-14T02:59:37","version" => "0.002"},{"date" => "2010-12-15T17:30:49","version" => "0.003"},{"date" => "2010-12-16T03:53:33","version" => "0.004"},{"date" => "2011-01-08T11:32:21","version" => "0.005"},{"date" => "2011-01-10T12:27:39","version" => "0.006"},{"date" => "2011-01-12T09:56:28","version" => "0.007"},{"date" => "2011-01-14T11:34:51","version" => "0.008"},{"date" => "2011-01-17T21:29:27","version" => "0.009"},{"date" => "2011-02-04T07:45:53","version" => "0.010"},{"date" => "2011-03-20T00:49:53","version" => "0.011"},{"date" => "2011-03-31T19:49:33","version" => "0.012"},{"date" => "2011-07-18T03:15:12","version" => "0.013"},{"date" => "2011-10-20T17:55:01","version" => "0.014"},{"date" => "2011-10-26T20:42:15","version" => "0.015"},{"date" => "2011-10-27T03:06:06","version" => "0.016"},{"date" => "2012-02-23T02:58:42","version" => "0.017"},{"date" => "2012-04-18T13:41:15","version" => "0.018"},{"date" => "2012-05-14T11:15:52","version" => "0.019"},{"date" => "2012-05-14T19:25:57","version" => "0.020"},{"date" => "2012-05-16T02:39:55","version" => "0.021"},{"date" => "2012-06-02T03:32:21","version" => "0.022"},{"date" => "2012-09-19T16:06:37","version" => "0.023"},{"date" => "2012-10-10T00:45:59","version" => "0.024"},{"date" => "2012-12-26T17:11:23","version" => "0.025"},{"date" => "2013-03-05T03:54:12","version" => "0.026"},{"date" => "2013-03-05T17:04:07","version" => "0.027"},{"date" => "2013-03-05T19:13:42","version" => "0.028"},{"date" => "2013-04-17T17:51:23","version" => "0.029"},{"date" => "2013-06-13T15:47:33","version" => "0.030"},{"date" => "2013-06-17T03:18:45","version" => "0.031"},{"date" => "2013-06-20T15:42:26","version" => "0.032"},{"date" => "2013-06-21T10:27:45","version" => "0.033"},{"date" => "2013-06-26T23:03:50","version" => "0.034"},{"date" => "2013-09-10T16:30:04","version" => "0.035"},{"date" => "2013-09-25T16:11:04","version" => "0.036"},{"date" => "2013-10-28T17:50:02","version" => "0.037"},{"date" => "2013-11-18T17:57:17","version" => "0.038"},{"date" => "2013-11-28T00:49:36","version" => "0.039"},{"date" => "2014-02-17T18:05:10","version" => "0.040"},{"date" => "2014-02-17T18:09:12","version" => "0.041"},{"date" => "2014-02-18T16:24:50","version" => "0.042"},{"date" => "2014-02-21T01:42:05","version" => "0.043"},{"date" => "2014-07-17T03:47:41","version" => "0.044"},{"date" => "2014-07-20T23:24:33","version" => "0.045"},{"date" => "2014-07-21T14:33:53","version" => "0.046"},{"date" => "2014-07-29T18:13:01","version" => "0.047"},{"date" => "2014-08-21T17:20:45","version" => "0.048"},{"date" => "2014-09-02T15:21:17","version" => "0.049"},{"date" => "2014-09-23T19:32:00","version" => "0.050"},{"date" => "2014-11-18T03:59:56","version" => "0.051"},{"date" => "2014-12-11T20:25:19","version" => "0.052"},{"date" => "2014-12-12T04:43:37","version" => "0.053"},{"date" => "2015-01-27T12:18:58","version" => "0.054"},{"date" => "2015-05-07T22:15:24","version" => "0.055"},{"date" => "2015-05-19T10:01:27","version" => "0.056"},{"date" => "2016-04-18T14:19:09","version" => "0.057"},{"date" => "2016-05-03T17:49:33","version" => "0.058"},{"date" => "2016-07-29T20:12:12","version" => "0.059"},{"date" => "2016-08-05T16:12:02","version" => "0.061"},{"date" => "2016-08-08T16:20:33","version" => "0.063"},{"date" => "2016-08-17T01:43:01","version" => "0.064"},{"date" => "2016-09-10T02:43:48","version" => "0.065"},{"date" => "2016-09-14T15:45:04","version" => "0.067"},{"date" => "2016-09-23T20:15:05","version" => "0.068"},{"date" => "2016-10-05T15:37:11","version" => "0.069"},{"date" => "2016-10-10T03:25:33","version" => "0.070"},{"date" => "2018-07-24T15:35:02","version" => "0.073"},{"date" => "2018-07-30T19:37:29","version" => "0.074"},{"date" => "2018-08-01T11:10:11","version" => "0.075"},{"date" => "2018-08-06T01:09:54","version" => "0.076"},{"date" => "2021-07-22T17:08:36","version" => "0.077"},{"date" => "2021-08-02T13:26:31","version" => "0.078"},{"date" => "2021-11-04T16:34:59","version" => "0.079"},{"date" => "2021-11-05T12:17:42","version" => "0.080"},{"date" => "2022-07-17T13:02:38","version" => "0.081"},{"date" => "2022-07-25T13:47:22","version" => "0.082"},{"date" => "2023-06-11T11:06:38","version" => "0.083"},{"date" => "2023-06-14T10:35:44","version" => "0.084"},{"date" => "2023-06-22T14:07:29","version" => "0.086"},{"date" => "2023-07-11T12:54:02","version" => "0.088"},{"date" => "2024-10-21T07:38:21","version" => "0.089"},{"date" => "2024-11-12T10:52:55","version" => "0.090"},{"date" => "2025-12-13T05:27:26","version" => "0.091"},{"date" => "2025-12-27T19:51:28","version" => "0.092"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.054_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "0.056_001"}]},"HarfBuzz-Shaper" => {"advisories" => [{"affected_versions" => ["<0.032"],"cves" => ["CVE-2026-0943"],"description" => "HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.\x{a0}  Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.","distribution" => "HarfBuzz-Shaper","embedded_vulnerability" => {"distributed_version" => "8.4.0","name" => "harfbuzz"},"fixed_versions" => [">=0.032"],"id" => "CPANSA-HarfBuzz-Shaper-2026-0943","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=2429296","https://metacpan.org/release/JV/HarfBuzz-Shaper-0.032/changes","https://www.cve.org/CVERecord?id=CVE-2026-22693"],"reported" => "2026-01-19","severity" => undef},{"affected_versions" => [">0.017.1,<0.018.1"],"cves" => ["CVE-0000-0000"],"description" => "When debug messaging is enabled using hb_buffer_set_message_func, a maliciously crafted font can trigger a buffer overflow using a complicated sequence lookup, leading to unauthorised overwriting of other data.","distribution" => "HarfBuzz-Shaper","fixed_versions" => [],"id" => "CPANSA-HarfBuzz-Shaper-0000-0000-harfbuzz","references" => ["https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-p965-5rr7-9mhq"],"reported" => undef,"severity" => undef}],"main_module" => "HarfBuzz::Shaper","versions" => [{"date" => "2020-01-25T20:50:26","version" => "0.01"},{"date" => "2020-01-25T21:11:12","version" => "0.011"},{"date" => "2020-01-26T11:27:35","version" => "0.012"},{"date" => "2020-01-26T18:54:44","version" => "0.013"},{"date" => "2020-01-26T20:44:49","version" => "0.014"},{"date" => "2020-01-26T21:23:20","version" => "0.015"},{"date" => "2020-01-27T11:11:25","version" => "0.016"},{"date" => "2020-01-29T20:06:05","version" => "0.017"},{"date" => "2020-01-29T22:48:07","version" => "v0.017.1"},{"date" => "2020-01-30T08:56:56","version" => "0.018"},{"date" => "2020-01-30T23:01:26","version" => "v0.018.1"},{"date" => "2020-01-31T08:41:35","version" => "v0.018.2"},{"date" => "2020-01-31T14:42:22","version" => "v0.018.3"},{"date" => "2020-02-02T09:24:58","version" => "v0.018.4"},{"date" => "2020-02-06T15:32:38","version" => "0.019"},{"date" => "2020-02-07T08:52:42","version" => "0.020"},{"date" => "2020-02-08T21:13:09","version" => "0.021"},{"date" => "2020-06-05T11:33:14","version" => "0.022"},{"date" => "2020-07-11T20:50:43","version" => "0.023"},{"date" => "2021-04-12T09:07:33","version" => "0.024"},{"date" => "2021-12-24T07:18:44","version" => "0.025"},{"date" => "2022-01-07T19:55:32","version" => "0.026"},{"date" => "2024-05-07T12:06:56","version" => "0.027"},{"date" => "2025-01-29T09:03:21","version" => "0.028"},{"date" => "2025-01-30T05:18:06","version" => "0.029"},{"date" => "2025-01-31T14:13:59","version" => "0.030"},{"date" => "2025-01-31T19:34:57","version" => "0.031"},{"date" => "2026-01-14T23:19:07","version" => "0.032"},{"date" => "2026-01-19T21:24:52","version" => "0.033"}]},"IO-Compress" => {"advisories" => [{"affected_versions" => ["<2.070"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "IO-Compress","fixed_versions" => [">=2.070"],"id" => "CPANSA-IO-Compress-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "IO::Compress","versions" => [{"date" => "2009-04-04T09:49:11","version" => "2.017"},{"date" => "2009-05-03T16:27:20","version" => "2.018"},{"date" => "2009-05-04T09:43:44","version" => "2.019"},{"date" => "2009-06-03T17:48:41","version" => "2.020"},{"date" => "2009-08-30T20:27:02","version" => "2.021"},{"date" => "2009-10-09T21:56:08","version" => "2.022"},{"date" => "2009-11-09T23:43:07","version" => "2.023"},{"date" => "2010-01-09T17:56:46","version" => "2.024"},{"date" => "2010-03-28T12:57:23","version" => "2.025"},{"date" => "2010-04-07T19:51:37","version" => "2.026"},{"date" => "2010-04-24T19:16:06","version" => "2.027"},{"date" => "2010-07-24T14:46:19","version" => "2.030"},{"date" => "2011-01-06T11:24:01","version" => "2.032"},{"date" => "2011-01-11T14:03:58","version" => "2.033"},{"date" => "2011-05-02T21:50:29","version" => "2.034"},{"date" => "2011-05-07T08:32:12","version" => "2.035"},{"date" => "2011-06-18T21:45:50","version" => "2.036"},{"date" => "2011-06-22T07:19:49","version" => "2.037"},{"date" => "2011-10-28T14:28:46","version" => "2.039"},{"date" => "2011-10-28T22:20:49","version" => "2.040"},{"date" => "2011-11-17T23:45:33","version" => "2.042"},{"date" => "2011-11-20T21:34:13","version" => "2.043"},{"date" => "2011-12-03T22:49:21","version" => "2.044"},{"date" => "2011-12-04T19:21:48","version" => "2.045"},{"date" => "2011-12-18T22:38:32","version" => "2.046"},{"date" => "2012-01-28T23:28:39","version" => "2.047"},{"date" => "2012-01-29T17:00:45","version" => "2.048"},{"date" => "2012-02-18T15:58:24","version" => "2.049"},{"date" => "2012-04-29T12:42:10","version" => "2.052"},{"date" => "2012-08-05T20:37:36","version" => "2.055"},{"date" => "2012-11-10T19:09:13","version" => "2.057"},{"date" => "2012-11-12T22:15:00","version" => "2.058"},{"date" => "2012-12-15T13:41:23","version" => "2.059"},{"date" => "2013-01-07T20:02:34","version" => "2.060"},{"date" => "2013-05-27T09:55:05","version" => "2.061"},{"date" => "2013-08-12T19:08:16","version" => "2.062"},{"date" => "2013-11-02T17:15:29","version" => "2.063"},{"date" => "2014-02-01T23:21:32","version" => "2.064"},{"date" => "2014-09-21T12:42:45","version" => "2.066"},{"date" => "2014-12-08T15:14:06","version" => "2.067"},{"date" => "2014-12-23T17:46:25","version" => "2.068"},{"date" => "2015-09-26T18:42:09","version" => "2.069"},{"date" => "2016-12-28T23:09:27","version" => "2.070"},{"date" => "2017-02-12T20:41:37","version" => "2.072"},{"date" => "2017-02-19T20:37:27","version" => "2.073"},{"date" => "2017-02-19T22:11:53","version" => "2.074"},{"date" => "2018-04-03T18:22:13","version" => "2.080"},{"date" => "2018-04-08T15:03:07","version" => "2.081"},{"date" => "2018-12-30T22:40:20","version" => "2.083"},{"date" => "2019-01-06T08:57:26","version" => "2.084"},{"date" => "2019-03-31T19:16:41","version" => "2.086"},{"date" => "2019-08-10T18:12:14","version" => "2.087"},{"date" => "2019-11-03T09:29:00","version" => "2.088"},{"date" => "2019-11-03T19:54:15","version" => "2.089"},{"date" => "2019-11-09T16:00:26","version" => "2.090"},{"date" => "2019-11-23T19:44:59","version" => "2.091"},{"date" => "2019-12-04T22:10:26","version" => "2.092"},{"date" => "2019-12-07T16:05:46","version" => "2.093"},{"date" => "2020-07-14T15:32:09","version" => "2.094"},{"date" => "2020-07-20T19:25:09","version" => "2.095"},{"date" => "2020-07-31T20:53:32","version" => "2.096"},{"date" => "2021-01-07T13:57:52","version" => "2.100"},{"date" => "2021-02-20T14:25:27","version" => "2.101"},{"date" => "2021-02-28T08:57:41","version" => "2.102"},{"date" => "2022-04-03T19:50:28","version" => "2.103"},{"date" => "2022-04-09T15:43:24","version" => "2.104"},{"date" => "2022-04-09T21:36:46","version" => "2.105"},{"date" => "2022-04-12T16:10:04","version" => "2.106"},{"date" => "2022-06-25T09:04:18","version" => "2.201"},{"date" => "2023-02-08T21:49:30","version" => "2.204"},{"date" => "2023-07-16T19:41:51","version" => "2.205"},{"date" => "2023-07-25T15:56:21","version" => "2.206"},{"date" => "2024-02-18T22:20:49","version" => "2.207"},{"date" => "2024-03-31T15:17:06","version" => "2.208"},{"date" => "2024-04-06T13:44:44","version" => "2.211"},{"date" => "2024-04-27T12:55:39","version" => "2.212"},{"date" => "2024-08-28T15:36:27","version" => "2.213"},{"date" => "2025-10-24T16:29:27","version" => "2.214"},{"date" => "2026-01-30T17:09:53","version" => "2.215"},{"date" => "2026-01-30T22:29:53","version" => "2.216"},{"date" => "2026-02-01T11:12:56","version" => "2.217"},{"date" => "2026-03-08T15:13:32","version" => "2.218"},{"date" => "2026-03-09T13:58:06","version" => "2.219"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => undef}]},"IO-Compress-Brotli" => {"advisories" => [{"affected_versions" => [">=0.002,<=0.002001"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => [">=0.002_002,<=0.003"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => [">=0.003_001,<=0.004"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => ["==0.004001"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"},{"affected_versions" => ["==0.004_002"],"cves" => ["CVE-2020-8927"],"description" => "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.\n","distribution" => "IO-Compress-Brotli","fixed_versions" => [],"id" => "CPANSA-IO-Compress-Brotli-2020-8927-brotli","references" => ["https://github.com/google/brotli/releases/tag/v1.0.9","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","https://usn.ubuntu.com/4568-1/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","https://www.debian.org/security/2020/dsa-4801","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"],"reported" => "2020-09-15","severity" => "medium"}],"main_module" => "IO::Compress::Brotli","versions" => [{"date" => "2015-12-31T19:03:44","version" => "0.001"},{"date" => "2016-01-01T09:33:21","version" => "0.001001"},{"date" => "2016-08-27T23:37:42","version" => "0.002"},{"date" => "2016-09-08T22:12:55","version" => "0.002001"},{"date" => "2017-09-09T17:15:27","version" => "0.002_002"},{"date" => "2017-09-16T20:41:00","version" => "0.003"},{"date" => "2017-09-23T19:24:01","version" => "0.003_001"},{"date" => "2017-10-14T17:57:14","version" => "0.003_002"},{"date" => "2017-10-28T19:51:35","version" => "0.004"},{"date" => "2018-05-19T19:01:07","version" => "0.004001"},{"date" => "2019-06-11T13:08:10","version" => "0.004_002"},{"date" => "2023-10-22T02:32:43","version" => "0.005"},{"date" => "2023-10-25T01:07:09","version" => "0.006"},{"date" => "2023-10-26T23:39:09","version" => "0.007"},{"date" => "2023-10-27T20:59:46","version" => "0.008"},{"date" => "2023-10-28T01:38:26","version" => "0.009"},{"date" => "2023-10-28T13:52:29","version" => "0.010"},{"date" => "2023-10-29T00:01:12","version" => "0.011"},{"date" => "2023-10-29T12:50:49","version" => "0.012"},{"date" => "2023-10-29T16:08:16","version" => "0.013"},{"date" => "2023-10-29T22:30:42","version" => "0.014"},{"date" => "2023-10-30T20:23:25","version" => "0.015"},{"date" => "2023-10-31T01:19:01","version" => "0.016"},{"date" => "2023-10-31T19:55:10","version" => "0.017"},{"date" => "2023-10-31T23:58:30","version" => "0.018"},{"date" => "2024-11-30T18:35:29","version" => "0.019"},{"date" => "2025-11-18T03:02:17","version" => "0.020"}]},"IO-Socket-SSL" => {"advisories" => [{"affected_versions" => ["<=1.35"],"cves" => ["CVE-2010-4334"],"description" => "The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.\n","distribution" => "IO-Socket-SSL","fixed_versions" => [">1.35"],"id" => "CPANSA-IO-Socket-SSL-2010-4334","references" => ["http://osvdb.org/69626","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058","http://www.securityfocus.com/bid/45189","http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes","http://secunia.com/advisories/42508","http://secunia.com/advisories/42757","http://www.openwall.com/lists/oss-security/2010/12/09/8","http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052594.html","http://www.openwall.com/lists/oss-security/2010/12/24/1","http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052601.html","http://www.mandriva.com/security/advisories?name=MDVSA-2011:092"],"reported" => "2011-01-14","severity" => undef},{"affected_versions" => [">=1.14","<=1.25"],"cves" => ["CVE-2009-3024"],"description" => "The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.\n","distribution" => "IO-Socket-SSL","fixed_versions" => [">=1.26"],"id" => "CPANSA-IO-Socket-SSL-2009-3024","references" => ["http://www.openwall.com/lists/oss-security/2009/08/31/4","http://www.openwall.com/lists/oss-security/2009/08/28/1","http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.30/Changes","http://www.openwall.com/lists/oss-security/2009/08/29/1","http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html","http://www.vupen.com/english/advisories/2011/0118","http://www.gentoo.org/security/en/glsa/glsa-201101-06.xml","http://secunia.com/advisories/42893"],"reported" => "2009-08-31","severity" => undef}],"main_module" => "IO::Socket::SSL","versions" => [{"date" => "1999-06-18T14:54:49","version" => "0.70"},{"date" => "1999-07-21T19:45:05","version" => "0.72"},{"date" => "1999-07-29T17:28:04","version" => "0.73"},{"date" => "2000-07-04T11:46:51","version" => "0.74"},{"date" => "2000-08-08T06:59:10","version" => "0.75"},{"date" => "2000-11-17T14:26:45","version" => "0.76"},{"date" => "2001-01-15T13:57:06","version" => "0.77"},{"date" => "2001-04-24T07:00:38","version" => "0.78"},{"date" => "2001-06-04T08:01:01","version" => "0.79"},{"date" => "2001-08-19T08:28:53","version" => "0.80"},{"date" => "2002-04-10T12:43:43","version" => "0.81"},{"date" => "2002-08-13T21:42:55","version" => "0.90"},{"date" => "2002-08-19T15:28:09","version" => "0.901"},{"date" => "2002-09-01T01:13:14","version" => "0.91"},{"date" => "2002-10-22T06:15:30","version" => "0.92"},{"date" => "2003-06-24T19:24:37","version" => "0.93"},{"date" => "2003-06-26T19:41:04","version" => "0.94"},{"date" => "2003-08-25T22:47:30","version" => "0.95"},{"date" => "2004-04-30T17:43:07","version" => "0.96"},{"date" => "2005-07-17T09:20:02","version" => "0.97"},{"date" => "2006-06-12T14:37:33","version" => "0.98"},{"date" => "2006-06-12T14:48:30","version" => "0.98"},{"date" => "2006-07-17T15:05:06","version" => "0.99"},{"date" => "2006-07-18T13:33:27","version" => "0.99"},{"date" => "2006-07-20T05:59:15","version" => "0.99"},{"date" => "2006-07-20T08:35:45","version" => "0.99"},{"date" => "2006-07-24T14:27:43","version" => "0.99"},{"date" => "2006-08-02T07:30:04","version" => "0.99"},{"date" => "2006-08-02T07:37:59","version" => "0.99"},{"date" => "2006-08-02T20:43:25","version" => "0.99"},{"date" => "2006-08-11T10:01:10","version" => "0.99"},{"date" => "2006-08-15T20:22:28","version" => "0.99"},{"date" => "2006-09-12T14:16:38","version" => "0.99"},{"date" => "2006-09-13T11:10:06","version" => "0.99"},{"date" => "2006-12-01T09:57:52","version" => "0.99"},{"date" => "2007-03-06T18:12:09","version" => "0.99"},{"date" => "2007-03-28T19:06:21","version" => "0.99"},{"date" => "2007-04-16T19:35:58","version" => "0.99"},{"date" => "2007-04-30T07:45:00","version" => "0.99"},{"date" => "2007-06-03T19:46:51","version" => "0.99"},{"date" => "2007-06-06T13:59:06","version" => "0.99"},{"date" => "2007-08-10T09:07:39","version" => "0.99"},{"date" => "2007-09-13T19:40:43","version" => "0.99"},{"date" => "2007-10-09T21:18:11","version" => "0.99"},{"date" => "2007-10-10T18:49:29","version" => "0.99"},{"date" => "2007-10-26T06:29:26","version" => "0.99"},{"date" => "2008-01-11T17:59:06","version" => "0.99"},{"date" => "2008-01-28T06:44:08","version" => "0.99"},{"date" => "2008-02-22T09:07:12","version" => "0.99"},{"date" => "2008-02-24T09:42:37","version" => "0.99"},{"date" => "2008-02-25T21:18:02","version" => "0.99"},{"date" => "2008-03-10T08:46:06","version" => "0.99"},{"date" => "2008-07-16T09:27:07","version" => "0.99"},{"date" => "2008-08-28T20:03:28","version" => "0.99"},{"date" => "2008-09-19T06:34:13","version" => "0.99"},{"date" => "2008-09-19T16:54:30","version" => "0.99"},{"date" => "2008-09-24T07:52:48","version" => "0.99"},{"date" => "2008-09-25T09:24:39","version" => "0.99"},{"date" => "2008-10-13T09:06:13","version" => "0.99"},{"date" => "2008-11-17T17:21:39","version" => "0.99"},{"date" => "2008-12-31T14:47:59","version" => "0.99"},{"date" => "2009-01-15T20:52:54","version" => "0.99"},{"date" => "2009-01-22T20:59:47","version" => "0.99"},{"date" => "2009-01-24T06:34:00","version" => "0.99"},{"date" => "2009-02-23T09:59:39","version" => "1.23"},{"date" => "2009-04-01T08:02:14","version" => "1.24"},{"date" => "2009-07-02T18:15:35","version" => "1.25"},{"date" => "2009-07-03T07:36:23","version" => "1.26"},{"date" => "2009-07-24T06:37:32","version" => "1.27"},{"date" => "2009-08-19T10:46:35","version" => "1.28"},{"date" => "2009-08-19T10:54:30","version" => "1.29"},{"date" => "2009-08-19T14:41:37","version" => "1.30"},{"date" => "2009-09-01T07:44:10","version" => "1.30_2"},{"date" => "2009-09-02T05:57:30","version" => "1.30_3"},{"date" => "2009-09-25T19:10:53","version" => "1.31"},{"date" => "2010-02-22T09:39:43","version" => "1.32"},{"date" => "2010-03-17T12:53:27","version" => "1.33"},{"date" => "2010-11-01T08:55:36","version" => "1.34"},{"date" => "2010-12-06T08:16:23","version" => "1.35"},{"date" => "2010-12-08T19:28:31","version" => "1.36"},{"date" => "2010-12-09T08:38:47","version" => "1.37"},{"date" => "2011-01-18T08:45:03","version" => "1.38"},{"date" => "2011-03-03T11:39:29","version" => "1.39"},{"date" => "2011-05-02T10:32:52","version" => "1.40"},{"date" => "2011-05-10T05:14:22","version" => "1.41"},{"date" => "2011-05-10T14:15:57","version" => "1.42"},{"date" => "2011-05-11T08:23:15","version" => "1.43"},{"date" => "2011-05-12T19:35:25","version" => "1.43_1"},{"date" => "2011-05-27T11:46:14","version" => "1.44"},{"date" => "2011-10-13T08:42:32","version" => "1.45"},{"date" => "2011-10-18T06:30:07","version" => "1.46"},{"date" => "2011-10-21T07:09:03","version" => "1.47"},{"date" => "2011-10-26T16:35:42","version" => "1.48"},{"date" => "2011-10-28T08:26:49","version" => "1.49"},{"date" => "2011-12-06T21:14:17","version" => "1.50"},{"date" => "2011-12-06T21:25:05","version" => "1.51"},{"date" => "2011-12-07T08:12:01","version" => "1.52"},{"date" => "2011-12-11T21:45:13","version" => "1.53"},{"date" => "2012-01-11T08:15:23","version" => "1.54"},{"date" => "2012-02-20T06:49:04","version" => "1.55"},{"date" => "2012-02-22T15:49:39","version" => "1.56"},{"date" => "2012-02-26T21:57:54","version" => "1.57"},{"date" => "2012-02-26T22:09:30","version" => "1.58"},{"date" => "2012-03-08T10:44:05","version" => "1.59"},{"date" => "2012-03-20T18:59:41","version" => "1.60"},{"date" => "2012-03-27T14:34:36","version" => "1.61"},{"date" => "2012-03-28T05:53:19","version" => "1.62"},{"date" => "2012-04-06T20:33:58","version" => "1.63"},{"date" => "2012-04-06T21:04:54","version" => "1.64"},{"date" => "2012-04-16T16:51:54","version" => "1.65"},{"date" => "2012-04-16T18:52:52","version" => "1.66"},{"date" => "2012-05-07T09:39:11","version" => "1.67"},{"date" => "2012-05-07T13:01:38","version" => "1.68"},{"date" => "2012-05-08T08:24:35","version" => "1.69"},{"date" => "2012-05-08T09:18:24","version" => "1.70"},{"date" => "2012-05-09T08:41:48","version" => "1.71"},{"date" => "2012-05-10T11:10:15","version" => "1.72"},{"date" => "2012-05-11T19:29:42","version" => "1.73"},{"date" => "2012-05-13T15:19:26","version" => "1.74"},{"date" => "2012-06-07T17:42:47","version" => "1.74_1"},{"date" => "2012-06-07T21:59:28","version" => "1.74_2"},{"date" => "2012-06-15T12:42:21","version" => "1.75"},{"date" => "2012-06-18T06:20:09","version" => "1.76"},{"date" => "2012-10-05T05:36:56","version" => "1.77"},{"date" => "2012-11-25T14:08:27","version" => "1.78"},{"date" => "2012-11-25T15:50:09","version" => "1.79"},{"date" => "2012-11-30T07:47:23","version" => "1.80"},{"date" => "2012-12-06T09:14:04","version" => "1.81"},{"date" => "2013-01-28T07:41:50","version" => "1.82"},{"date" => "2013-02-03T19:04:27","version" => "1.83"},{"date" => "2013-02-14T08:05:20","version" => "1.831"},{"date" => "2013-02-15T20:48:12","version" => "1.84"},{"date" => "2013-04-14T08:59:30","version" => "1.85"},{"date" => "2013-04-17T11:31:18","version" => "1.86"},{"date" => "2013-04-24T18:16:01","version" => "1.87"},{"date" => "2013-05-02T05:59:47","version" => "1.88"},{"date" => "2013-05-14T13:36:49","version" => "1.89"},{"date" => "2013-05-29T18:58:35","version" => "1.90"},{"date" => "2013-05-30T09:36:07","version" => "1.91"},{"date" => "2013-05-30T19:20:11","version" => "1.92"},{"date" => "2013-05-31T06:14:58","version" => "1.93"},{"date" => "2013-06-01T12:46:14","version" => "1.94"},{"date" => "2013-07-03T08:44:53","version" => "1.950"},{"date" => "2013-07-03T10:02:42","version" => "1.951"},{"date" => "2013-07-11T20:14:18","version" => "1.952"},{"date" => "2013-07-22T06:34:31","version" => "1.953"},{"date" => "2013-09-15T13:05:33","version" => "1.954"},{"date" => "2013-10-11T16:54:45","version" => "1.955"},{"date" => "2013-11-10T18:00:08","version" => "1.956"},{"date" => "2013-11-11T08:42:30","version" => "1.957"},{"date" => "2013-11-11T18:28:16","version" => "1.958"},{"date" => "2013-11-12T15:39:42","version" => "1.959"},{"date" => "2013-11-13T00:10:43","version" => "1.960"},{"date" => "2013-11-26T14:47:11","version" => "1.961"},{"date" => "2013-11-27T21:19:25","version" => "1.962"},{"date" => "2014-01-13T13:05:48","version" => "1.963"},{"date" => "2014-01-15T11:36:49","version" => "1.964"},{"date" => "2014-01-16T19:11:32","version" => "1.965"},{"date" => "2014-01-21T16:53:39","version" => "1.966"},{"date" => "2014-02-06T22:06:14","version" => "1.967"},{"date" => "2014-03-13T06:38:27","version" => "1.968"},{"date" => "2014-03-16T16:41:39","version" => "1.969"},{"date" => "2014-03-19T05:04:51","version" => "1.970"},{"date" => "2014-03-22T19:54:06","version" => "1.971"},{"date" => "2014-03-23T06:48:23","version" => "1.972"},{"date" => "2014-03-26T07:10:22","version" => "1.973"},{"date" => "2014-04-02T06:53:53","version" => "1.974"},{"date" => "2014-04-02T10:14:38","version" => "1.975"},{"date" => "2014-04-04T04:36:04","version" => "1.976"},{"date" => "2014-04-04T13:25:28","version" => "1.977"},{"date" => "2014-04-04T14:21:32","version" => "1.978"},{"date" => "2014-04-06T06:24:29","version" => "1.979"},{"date" => "2014-04-08T01:25:10","version" => "1.980"},{"date" => "2014-04-08T11:09:59","version" => "1.981"},{"date" => "2014-04-24T20:14:47","version" => "1.982"},{"date" => "2014-04-27T12:02:16","version" => "1.982_1"},{"date" => "2014-05-04T08:03:37","version" => "1.983"},{"date" => "2014-05-10T13:11:17","version" => "1.984"},{"date" => "2014-05-15T06:30:28","version" => "1.985"},{"date" => "2014-05-16T17:41:46","version" => "1.986"},{"date" => "2014-05-17T15:03:37","version" => "1.987"},{"date" => "2014-05-17T22:15:10","version" => "1.988"},{"date" => "2014-05-24T08:16:00","version" => "1.989"},{"date" => "2014-05-26T05:46:04","version" => "1.989_1"},{"date" => "2014-05-27T11:00:11","version" => "1.990"},{"date" => "2014-05-27T19:43:31","version" => "1.991"},{"date" => "2014-06-01T21:47:49","version" => "1.992"},{"date" => "2014-06-13T20:45:52","version" => "1.993"},{"date" => "2014-06-22T09:53:11","version" => "1.994"},{"date" => "2014-07-11T21:50:48","version" => "1.995"},{"date" => "2014-07-12T11:49:12","version" => "1.996"},{"date" => "2014-07-12T17:24:04","version" => "1.997"},{"date" => "2014-09-07T14:59:47","version" => "1.998"},{"date" => "2014-10-09T19:56:19","version" => "1.999"},{"date" => "2014-10-16T05:05:11","version" => "2.000"},{"date" => "2014-10-21T09:46:39","version" => "2.001"},{"date" => "2014-10-21T21:00:54","version" => "2.002"},{"date" => "2014-11-14T20:12:08","version" => "2.003"},{"date" => "2014-11-15T10:05:06","version" => "2.004"},{"date" => "2014-11-15T10:14:17","version" => "2.004_1"},{"date" => "2014-11-15T16:29:13","version" => "2.005"},{"date" => "2014-11-15T16:34:37","version" => "2.005_1"},{"date" => "2014-11-22T20:51:08","version" => "2.006"},{"date" => "2014-11-26T22:00:05","version" => "2.007"},{"date" => "2014-12-16T06:36:16","version" => "2.008"},{"date" => "2015-01-12T10:48:21","version" => "2.009"},{"date" => "2015-01-14T20:13:41","version" => "2.010"},{"date" => "2015-02-01T16:00:22","version" => "2.011"},{"date" => "2015-02-02T07:46:57","version" => "2.012"},{"date" => "2015-05-01T15:39:14","version" => "2.013"},{"date" => "2015-05-05T06:31:37","version" => "2.014"},{"date" => "2015-05-13T20:43:55","version" => "2.015"},{"date" => "2015-05-26T21:15:38","version" => "2.015_001"},{"date" => "2015-05-27T05:39:14","version" => "2.015_002"},{"date" => "2015-05-27T17:24:09","version" => "2.015_003"},{"date" => "2015-05-28T07:07:25","version" => "2.015_004"},{"date" => "2015-05-29T06:01:37","version" => "2.015_005"},{"date" => "2015-06-02T19:35:20","version" => "2.015_006"},{"date" => "2015-06-02T20:41:45","version" => "2.016"},{"date" => "2015-06-04T14:38:29","version" => "2.016_001"},{"date" => "2015-06-14T17:05:06","version" => "2.016_002"},{"date" => "2015-08-24T15:45:30","version" => "2.017"},{"date" => "2015-08-27T11:31:55","version" => "2.018"},{"date" => "2015-09-01T05:32:47","version" => "2.019"},{"date" => "2015-09-20T10:33:59","version" => "2.020"},{"date" => "2015-12-02T19:55:29","version" => "2.021"},{"date" => "2015-12-10T07:12:46","version" => "2.022"},{"date" => "2016-01-30T11:12:14","version" => "2.023"},{"date" => "2016-02-06T19:38:18","version" => "2.024"},{"date" => "2016-04-04T07:23:02","version" => "2.025"},{"date" => "2016-04-20T06:11:37","version" => "2.026"},{"date" => "2016-04-20T14:22:50","version" => "2.027"},{"date" => "2016-06-27T14:22:02","version" => "2.028"},{"date" => "2016-06-27T15:53:16","version" => "2.029"},{"date" => "2016-07-08T08:53:04","version" => "2.030"},{"date" => "2016-07-08T11:40:31","version" => "2.031"},{"date" => "2016-07-12T13:12:57","version" => "2.032"},{"date" => "2016-07-15T09:00:38","version" => "2.033"},{"date" => "2016-08-08T08:19:05","version" => "2.034"},{"date" => "2016-08-11T14:25:18","version" => "2.035"},{"date" => "2016-08-11T19:03:38","version" => "2.036"},{"date" => "2016-08-22T17:39:32","version" => "2.037"},{"date" => "2016-09-17T09:36:29","version" => "2.038"},{"date" => "2016-11-20T21:01:59","version" => "2.039"},{"date" => "2016-12-17T15:18:35","version" => "2.040"},{"date" => "2017-01-04T05:17:55","version" => "2.041"},{"date" => "2017-01-05T18:32:13","version" => "2.042"},{"date" => "2017-01-06T13:27:56","version" => "2.043"},{"date" => "2017-01-26T10:46:57","version" => "2.044"},{"date" => "2017-02-13T15:26:59","version" => "2.045"},{"date" => "2017-02-15T18:41:05","version" => "2.046"},{"date" => "2017-02-16T19:01:01","version" => "2.047"},{"date" => "2017-04-16T18:33:09","version" => "2.048"},{"date" => "2017-06-12T05:15:34","version" => "2.049"},{"date" => "2017-08-18T06:07:18","version" => "2.050"},{"date" => "2017-09-05T09:28:25","version" => "2.051"},{"date" => "2017-10-22T08:48:29","version" => "2.052"},{"date" => "2018-01-21T19:41:38","version" => "2.053"},{"date" => "2018-01-22T05:11:45","version" => "2.054"},{"date" => "2018-02-15T13:45:54","version" => "2.055"},{"date" => "2018-02-19T06:35:28","version" => "2.056"},{"date" => "2018-07-18T19:16:28","version" => "2.057"},{"date" => "2018-07-19T07:54:24","version" => "2.058"},{"date" => "2018-08-15T16:13:05","version" => "2.059"},{"date" => "2018-09-16T19:15:07","version" => "2.060"},{"date" => "2019-02-23T02:08:16","version" => "2.061"},{"date" => "2019-02-24T00:14:55","version" => "2.062"},{"date" => "2019-03-01T14:48:40","version" => "2.063"},{"date" => "2019-03-04T12:28:12","version" => "2.064"},{"date" => "2019-03-05T18:50:40","version" => "2.065"},{"date" => "2019-03-06T06:55:56","version" => "2.066"},{"date" => "2020-02-14T17:49:51","version" => "2.067"},{"date" => "2020-03-31T06:15:39","version" => "2.068"},{"date" => "2021-01-22T16:55:49","version" => "2.069"},{"date" => "2021-02-26T08:03:24","version" => "2.070"},{"date" => "2021-05-23T08:12:02","version" => "2.071"},{"date" => "2021-08-16T13:06:40","version" => "2.072"},{"date" => "2021-12-22T19:30:42","version" => "2.073"},{"date" => "2022-01-07T15:09:53","version" => "2.074"},{"date" => "2022-09-02T18:18:33","version" => "2.075"},{"date" => "2022-11-14T13:41:15","version" => "2.076"},{"date" => "2022-11-21T11:44:16","version" => "2.077"},{"date" => "2022-12-11T20:10:13","version" => "2.078"},{"date" => "2023-01-16T06:28:01","version" => "2.079"},{"date" => "2023-01-18T16:28:53","version" => "2.080"},{"date" => "2023-01-25T10:49:10","version" => "2.081"},{"date" => "2023-05-17T20:41:22","version" => "2.082"},{"date" => "2023-05-18T09:15:20","version" => "2.083"},{"date" => "2023-11-06T21:02:36","version" => "2.084"},{"date" => "2024-01-22T19:07:08","version" => "2.085"},{"date" => "2024-07-03T12:14:36","version" => "2.086"},{"date" => "2024-07-08T05:33:53","version" => "2.087"},{"date" => "2024-07-14T05:05:54","version" => "2.088"},{"date" => "2024-08-29T14:46:00","version" => "2.089"},{"date" => "2025-06-03T04:11:54","version" => "2.090"},{"date" => "2025-06-11T17:38:14","version" => "2.091"},{"date" => "2025-06-16T13:32:00","version" => "2.092"},{"date" => "2025-06-17T06:49:47","version" => "2.093"},{"date" => "2025-06-18T19:37:41","version" => "2.094"},{"date" => "2025-07-10T16:57:04","version" => "2.095"},{"date" => "2026-01-04T17:47:18","version" => "2.096"},{"date" => "2026-01-06T17:52:56","version" => "2.097"},{"date" => "2026-01-06T19:20:57","version" => "2.098"}]},"IPC-Cmd" => {"advisories" => [{"affected_versions" => ["<0.96"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "IPC-Cmd","fixed_versions" => [">=0.96"],"id" => "CPANSA-IPC-Cmd-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "IPC::Cmd","versions" => [{"date" => "2003-05-10T16:57:39","version" => "0.02"},{"date" => "2003-05-11T08:50:33","version" => "0.03"},{"date" => "2003-09-25T10:34:58","version" => "0.04"},{"date" => "2004-06-18T11:43:01","version" => "0.20"},{"date" => "2004-08-16T10:26:03","version" => "0.22"},{"date" => "2004-12-03T15:53:45","version" => "0.23"},{"date" => "2004-12-09T09:56:18","version" => "0.24"},{"date" => "2006-09-06T15:57:50","version" => "0.25"},{"date" => "2006-10-05T14:42:36","version" => "0.29_01"},{"date" => "2006-10-11T11:11:24","version" => "0.30"},{"date" => "2006-10-13T11:18:04","version" => "0.32"},{"date" => "2006-10-20T13:16:49","version" => "0.34"},{"date" => "2006-11-24T14:01:10","version" => "0.36"},{"date" => "2007-10-11T15:17:44","version" => "0.38"},{"date" => "2007-10-17T09:29:57","version" => "0.40"},{"date" => "2008-05-18T15:50:12","version" => "0.41_01"},{"date" => "2008-06-29T15:41:17","version" => "0.41_02"},{"date" => "2008-07-13T13:08:43","version" => "0.41_03"},{"date" => "2008-07-14T13:57:54","version" => "0.41_04"},{"date" => "2008-09-22T13:12:26","version" => "0.41_05"},{"date" => "2008-09-24T15:46:32","version" => "0.41_06"},{"date" => "2008-10-05T16:24:49","version" => "0.41_07"},{"date" => "2008-10-10T09:47:07","version" => "0.42"},{"date" => "2009-05-04T08:15:08","version" => "0.44"},{"date" => "2009-06-12T11:38:40","version" => "0.46"},{"date" => "2009-09-07T14:15:59","version" => "0.48"},{"date" => "2009-09-07T15:21:24","version" => "0.50"},{"date" => "2009-11-08T23:24:39","version" => "0.51_01"},{"date" => "2009-11-13T16:17:59","version" => "0.52"},{"date" => "2009-11-15T22:04:56","version" => "0.54"},{"date" => "2010-02-03T14:21:25","version" => "0.56"},{"date" => "2010-04-29T20:06:40","version" => "0.58"},{"date" => "2010-07-05T08:10:45","version" => "0.60"},{"date" => "2010-10-19T14:53:57","version" => "0.62"},{"date" => "2010-10-19T18:09:00","version" => "0.64"},{"date" => "2010-11-23T12:11:55","version" => "0.66"},{"date" => "2011-01-07T22:28:30","version" => "0.68"},{"date" => "2011-01-31T20:40:13","version" => "0.70"},{"date" => "2011-05-10T13:07:15","version" => "0.71_01"},{"date" => "2011-05-26T12:01:30","version" => "0.71_02"},{"date" => "2011-05-26T12:46:44","version" => "0.71_03"},{"date" => "2011-06-22T11:34:08","version" => "0.72"},{"date" => "2012-01-30T10:35:24","version" => "0.74"},{"date" => "2012-01-30T11:34:12","version" => "0.76"},{"date" => "2012-04-30T18:52:04","version" => "0.78"},{"date" => "2013-03-02T22:15:43","version" => "0.80"},{"date" => "2013-06-29T21:17:06","version" => "0.82"},{"date" => "2013-08-06T09:28:59","version" => "0.84"},{"date" => "2013-09-05T19:34:47","version" => "0.85_01"},{"date" => "2013-10-10T13:09:11","version" => "0.85_02"},{"date" => "2013-11-04T14:18:01","version" => "0.86"},{"date" => "2013-11-15T14:47:57","version" => "0.88"},{"date" => "2013-11-18T15:12:15","version" => "0.90"},{"date" => "2014-01-22T20:01:22","version" => "0.92"},{"date" => "2016-02-12T19:01:25","version" => "0.94"},{"date" => "2016-07-28T10:19:44","version" => "0.96"},{"date" => "2017-05-12T16:05:02","version" => "0.98"},{"date" => "2018-02-14T16:21:01","version" => "1.00"},{"date" => "2018-05-03T08:53:01","version" => "1.02"},{"date" => "2019-07-13T09:17:39","version" => "1.04"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "0.36_01"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.010000","version" => "0.40_1"},{"date" => "2013-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019005","version" => "0.84_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.92_01"}]},"IPC-Run" => {"advisories" => [{"affected_versions" => ["<0.90","==0.90_01","==0.90_02"],"cves" => [],"description" => "INADDR_ANY can be your external ip, IPC::Run should only listen on localhost.\n","distribution" => "IPC-Run","fixed_versions" => [">=0.90"],"id" => "CPANSA-IPC-Run-2009-01","references" => ["https://metacpan.org/dist/IPC-Run/changes","https://rt.cpan.org/Public/Bug/Display.html?id=49693"],"reported" => "2009-09-14"}],"main_module" => "IPC::Run","versions" => [{"date" => "2000-05-22T05:10:41","version" => "0.1"},{"date" => "2000-06-01T06:12:25","version" => "0.2"},{"date" => "2000-06-02T16:53:04","version" => "0.21"},{"date" => "2000-06-03T12:34:23","version" => "0.3"},{"date" => "2000-06-06T18:48:56","version" => "0.32"},{"date" => "2000-06-08T10:24:28","version" => "0.33"},{"date" => "2000-06-08T10:41:19","version" => "0.34"},{"date" => "2000-06-15T19:06:43","version" => "0.4"},{"date" => "2000-08-17T14:33:30","version" => "0.42"},{"date" => "2000-10-02T21:20:49","version" => "0.44"},{"date" => "2001-11-11T04:21:36","version" => "0.5"},{"date" => "2001-11-12T07:19:27","version" => "0.51"},{"date" => "2001-12-01T06:05:11","version" => "0.54"},{"date" => "2001-12-01T21:54:11","version" => "0.55"},{"date" => "2001-12-02T13:48:12","version" => "0.56"},{"date" => "2001-12-06T20:33:30","version" => "0.6"},{"date" => "2001-12-07T09:31:12","version" => "0.61"},{"date" => "2002-01-01T20:42:40","version" => "0.62"},{"date" => "2002-02-27T17:14:16","version" => "0.63"},{"date" => "2002-03-14T17:14:53","version" => "0.64"},{"date" => "2002-03-27T11:42:32","version" => "0.66"},{"date" => "2002-04-26T15:04:45","version" => "0.7"},{"date" => "2002-05-06T13:23:28","version" => "0.71"},{"date" => "2002-05-09T15:58:13","version" => "0.72"},{"date" => "2002-05-22T13:20:13","version" => "0.73"},{"date" => "2002-05-23T13:48:23","version" => "0.74"},{"date" => "2003-01-28T17:59:36","version" => "0.75"},{"date" => "2003-09-26T19:35:48","version" => "0.77"},{"date" => "2004-03-09T06:22:24","version" => "0.78"},{"date" => "2005-01-19T23:50:56","version" => "0.79"},{"date" => "2006-03-10T15:30:59","version" => "0.80_91"},{"date" => "2006-05-10T20:00:28","version" => "0.80"},{"date" => "2008-10-15T09:59:57","version" => "0.81_01"},{"date" => "2008-12-18T12:01:25","version" => "0.82"},{"date" => "2009-07-09T16:38:18","version" => "0.83"},{"date" => "2009-07-13T00:59:41","version" => "0.84"},{"date" => "2010-03-23T05:12:54","version" => "0.85"},{"date" => "2010-03-24T20:11:05","version" => "0.86"},{"date" => "2010-03-29T18:03:50","version" => "0.87"},{"date" => "2010-03-30T18:14:22","version" => "0.88"},{"date" => "2010-04-01T04:48:26","version" => "0.89"},{"date" => "2011-06-03T04:41:40","version" => "0.90_01"},{"date" => "2011-06-29T04:15:08","version" => "0.90_02"},{"date" => "2011-07-01T04:18:30","version" => "0.90_03"},{"date" => "2011-07-03T20:10:42","version" => "0.90"},{"date" => "2012-01-25T05:16:00","version" => "0.91_01"},{"date" => "2012-02-15T04:50:23","version" => "0.91"},{"date" => "2012-08-22T15:00:56","version" => "0.92_01"},{"date" => "2012-08-30T15:26:42","version" => "0.92"},{"date" => "2014-12-11T05:59:50","version" => "0.93"},{"date" => "2014-12-11T07:48:28","version" => "0.93_01"},{"date" => "2014-12-14T07:23:31","version" => "0.94"},{"date" => "2016-04-13T03:11:26","version" => "0.94_01"},{"date" => "2016-04-14T05:15:22","version" => "0.94_02"},{"date" => "2017-04-25T01:29:03","version" => "0.95"},{"date" => "2017-05-12T13:48:34","version" => "0.96"},{"date" => "2018-03-26T21:45:38","version" => "0.97"},{"date" => "2018-03-29T18:52:43","version" => "0.98"},{"date" => "2018-03-30T22:49:37","version" => "0.99"},{"date" => "2018-05-23T17:24:25","version" => "20180523.0"},{"date" => "2020-05-05T20:57:23","version" => "20200505.0"},{"date" => "2022-08-07T12:50:57","version" => "20220807.0"},{"date" => "2023-10-03T01:09:01","version" => "20231003.0"},{"date" => "2025-07-15T17:03:00","version" => "20250715.0_01"},{"date" => "2025-08-10T01:54:10","version" => "20250809.0"}]},"IPTables-Parse" => {"advisories" => [{"affected_versions" => ["<1.6"],"cves" => ["CVE-2015-8326"],"description" => "The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.\n","distribution" => "IPTables-Parse","fixed_versions" => [],"id" => "CPANSA-IPTables-Parse-2015-8326","references" => ["https://metacpan.org/source/MRASH/IPTables-Parse-1.6/Changes","https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87","https://bugzilla.redhat.com/show_bug.cgi?id=1267962","http://www.openwall.com/lists/oss-security/2015/11/24/10"],"reported" => "2017-06-07","severity" => "medium"}],"main_module" => "IPTables::Parse","versions" => [{"date" => "2008-10-26T23:15:50","version" => "0.7"},{"date" => "2012-02-27T02:20:58","version" => "0.8"},{"date" => "2012-02-27T02:22:29","version" => "0.9"},{"date" => "2012-02-29T02:51:44","version" => "1.0"},{"date" => "2012-03-03T03:56:08","version" => "1.1"},{"date" => "2015-02-25T02:08:58","version" => "1.1"},{"date" => "2015-03-01T20:15:52","version" => "1.3.1"},{"date" => "2015-03-01T20:50:07","version" => "1.4"},{"date" => "2015-09-09T13:53:26","version" => "1.5"},{"date" => "2015-11-07T21:08:49","version" => "1.6"},{"date" => "2015-11-30T01:16:22","version" => "1.6.1"}]},"Image-ExifTool" => {"advisories" => [{"affected_versions" => ["<=12.37"],"cves" => ["CVE-2022-23935"],"description" => "lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a \$file =~ /\\|\$/ check, leading to command injection.\n","distribution" => "Image-ExifTool","fixed_versions" => [">12.38"],"id" => "CPANSA-Image-ExifTool-2022-23935","references" => ["https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582","https://gist.github.com/ert-plus/1414276e4cb5d56dd431c2f0429e4429"],"reported" => "2022-01-25","severity" => "critical"},{"affected_versions" => [">=7.44,<=12.23"],"cves" => ["CVE-2021-22204"],"description" => "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image\n","distribution" => "Image-ExifTool","fixed_versions" => [">12.23"],"id" => "CPANSA-Image-ExifTool-2021-22204","references" => ["http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html","http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html","http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html","http://www.openwall.com/lists/oss-security/2021/05/09/1","http://www.openwall.com/lists/oss-security/2021/05/10/5","https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800","https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json","https://hackerone.com/reports/1154542","https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/","https://www.debian.org/security/2021/dsa-4910"],"reported" => "2021-04-23","severity" => undef},{"affected_versions" => ["==8.32"],"cves" => ["CVE-2018-20211"],"description" => "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\\\par-%username%\\\\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).\n","distribution" => "Image-ExifTool","fixed_versions" => [">8"],"id" => "CPANSA-Image-ExifTool-2018-20211","references" => ["http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html","http://seclists.org/fulldisclosure/2018/Dec/44"],"reported" => "2019-01-02","severity" => undef}],"main_module" => "Image::ExifTool","versions" => [{"date" => "2004-10-04T15:37:06","version" => "3.60"},{"date" => "2004-11-02T12:46:54","version" => "3.72"},{"date" => "2004-11-05T12:41:52","version" => "3.74"},{"date" => "2004-11-11T18:24:18","version" => "3.82"},{"date" => "2004-11-24T18:42:42","version" => "3.93"},{"date" => "2004-11-25T16:34:47","version" => "3.94"},{"date" => "2005-01-24T13:15:55","version" => "4.36"},{"date" => "2005-02-07T15:56:43","version" => "4.53"},{"date" => "2005-02-18T00:42:59","version" => "4.64"},{"date" => "2005-03-01T19:23:29","version" => "4.73"},{"date" => "2005-03-15T12:09:56","version" => "4.87"},{"date" => "2005-04-02T19:46:41","version" => "4.93"},{"date" => "2005-04-20T12:41:30","version" => "5.05"},{"date" => "2005-05-16T15:54:07","version" => "5.18"},{"date" => "2005-06-03T19:21:17","version" => "5.25"},{"date" => "2005-06-15T17:21:33","version" => "5.32"},{"date" => "2005-07-19T18:16:02","version" => "5.46"},{"date" => "2005-08-24T14:58:18","version" => "5.55"},{"date" => "2005-10-13T13:15:01","version" => "5.67"},{"date" => "2005-11-18T13:04:29","version" => "5.77"},{"date" => "2005-12-22T16:42:56","version" => "5.87"},{"date" => "2006-02-19T20:26:14","version" => "6.00"},{"date" => "2006-05-12T12:10:32","version" => "6.17"},{"date" => "2006-07-24T13:18:05","version" => "6.29"},{"date" => "2006-09-06T20:26:16","version" => "6.36"},{"date" => "2006-09-21T15:39:52","version" => "6.42"},{"date" => "2006-11-20T13:52:55","version" => "6.57"},{"date" => "2006-12-20T13:07:23","version" => "6.66"},{"date" => "2007-02-14T13:28:50","version" => "6.75"},{"date" => "2007-02-16T13:21:27","version" => "6.76"},{"date" => "2007-05-10T18:53:15","version" => "6.90"},{"date" => "2007-10-24T11:39:52","version" => "7.00"},{"date" => "2008-02-05T17:21:39","version" => "7.15"},{"date" => "2008-03-12T12:24:57","version" => "7.21"},{"date" => "2008-04-18T13:09:00","version" => "7.25"},{"date" => "2008-05-31T11:39:35","version" => "7.30"},{"date" => "2008-10-26T19:00:34","version" => "7.50"},{"date" => "2008-10-27T13:48:39","version" => "7.51"},{"date" => "2009-01-06T13:48:18","version" => "7.60"},{"date" => "2009-02-09T14:25:12","version" => "7.67"},{"date" => "2009-07-02T15:42:38","version" => "7.82"},{"date" => "2009-08-18T01:30:53","version" => "7.88"},{"date" => "2009-08-18T12:03:19","version" => "7.89"},{"date" => "2009-11-20T19:06:24","version" => "8.00"},{"date" => "2010-02-08T20:49:00","version" => "8.10"},{"date" => "2010-03-18T14:09:58","version" => "8.15"},{"date" => "2010-07-13T12:35:33","version" => "8.25"},{"date" => "2010-11-21T21:29:00","version" => "8.40"},{"date" => "2011-03-01T12:43:02","version" => "8.50"},{"date" => "2011-06-27T11:52:50","version" => "8.60"},{"date" => "2011-09-24T10:53:29","version" => "8.65"},{"date" => "2012-01-08T13:48:19","version" => "8.75"},{"date" => "2012-01-27T14:19:10","version" => "8.77"},{"date" => "2012-03-25T12:07:06","version" => "8.85"},{"date" => "2012-04-28T12:06:48","version" => "8.90"},{"date" => "2012-08-25T12:28:04","version" => "9.01"},{"date" => "2012-11-03T16:37:48","version" => "9.04"},{"date" => "2013-01-02T21:07:34","version" => "9.11"},{"date" => "2013-01-03T01:49:33","version" => "9.12"},{"date" => "2013-01-10T15:05:11","version" => "9.13"},{"date" => "2013-04-06T11:38:39","version" => "9.25"},{"date" => "2013-04-15T11:20:13","version" => "9.27"},{"date" => "2014-01-11T22:58:56","version" => "9.46"},{"date" => "2014-02-22T14:40:30","version" => "9.53"},{"date" => "2014-05-11T13:34:36","version" => "9.60"},{"date" => "2014-09-03T12:19:55","version" => "9.70"},{"date" => "2014-11-15T15:14:24","version" => "9.76"},{"date" => "2015-03-14T11:33:58","version" => "9.90"},{"date" => "2015-08-18T13:30:08","version" => "10.00"},{"date" => "2016-01-22T15:51:06","version" => "10.10"},{"date" => "2016-04-20T13:25:01","version" => "10.15"},{"date" => "2016-06-13T14:05:58","version" => "10.20"},{"date" => "2016-11-24T16:55:55","version" => "10.36"},{"date" => "2017-01-13T16:02:53","version" => "10.39"},{"date" => "2017-01-14T17:30:45","version" => "10.40"},{"date" => "2017-04-20T12:54:29","version" => "10.50"},{"date" => "2017-06-05T14:41:23","version" => "10.55"},{"date" => "2018-02-22T13:27:40","version" => "10.80"},{"date" => "2018-06-07T11:44:16","version" => "11.00"},{"date" => "2018-06-11T12:18:41","version" => "11.01"},{"date" => "2018-09-28T01:34:43","version" => "11.11"},{"date" => "2019-03-06T15:14:28","version" => "11.30"},{"date" => "2019-06-11T15:29:41","version" => "11.50"},{"date" => "2019-10-10T13:04:36","version" => "11.70"},{"date" => "2020-01-28T15:40:58","version" => "11.85"},{"date" => "2020-06-11T20:36:48","version" => "12.00"},{"date" => "2021-01-18T14:03:50","version" => "12.15"},{"date" => "2021-01-21T17:51:28","version" => "12.16"},{"date" => "2021-05-21T00:37:46","version" => "12.26"},{"date" => "2021-08-12T13:13:43","version" => "12.30"},{"date" => "2022-06-07T11:39:06","version" => "12.42"},{"date" => "2022-06-07T20:05:13","version" => "12.42"},{"date" => "2022-11-09T11:41:50","version" => "12.50"},{"date" => "2023-04-05T15:01:59","version" => "12.60"},{"date" => "2023-11-19T16:15:22","version" => "12.70"},{"date" => "2024-01-31T01:08:08","version" => "12.75"},{"date" => "2024-01-31T15:31:14","version" => "12.76"},{"date" => "2024-10-29T17:10:24","version" => "13.00"},{"date" => "2024-12-20T16:49:20","version" => "13.10"},{"date" => "2025-03-11T12:01:50","version" => "13.25"},{"date" => "2025-05-25T18:10:41","version" => "13.30"},{"date" => "2025-09-06T12:17:12","version" => "13.35"},{"date" => "2025-09-09T18:09:15","version" => "13.36"},{"date" => "2025-12-15T20:40:08","version" => "13.44"},{"date" => "2026-02-07T18:48:19","version" => "13.50"}]},"Image-Info" => {"advisories" => [{"affected_versions" => ["<1.39"],"cves" => ["CVE-2016-9181"],"description" => "perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.\n","distribution" => "Image-Info","fixed_versions" => [">=1.39"],"id" => "CPANSA-Image-Info-2016-01","references" => ["http://www.securityfocus.com/bid/94220","http://www.openwall.com/lists/oss-security/2016/11/04/2"],"reported" => "2016-11-04"}],"main_module" => "Image::Info","versions" => [{"date" => "1999-12-19T07:09:24","version" => "0.01"},{"date" => "1999-12-22T00:03:22","version" => "0.02"},{"date" => "1999-12-25T22:43:22","version" => "0.03"},{"date" => "2000-01-07T18:20:42","version" => "0.04"},{"date" => "2000-08-24T09:09:25","version" => "0.05"},{"date" => "2000-10-18T19:55:02","version" => "1.00"},{"date" => "2000-10-31T17:32:56","version" => "1.01"},{"date" => "2000-11-10T18:21:41","version" => "1.02"},{"date" => "2000-11-13T19:44:44","version" => "1.03"},{"date" => "2000-11-30T20:25:46","version" => "1.04"},{"date" => "2001-03-24T20:20:31","version" => "0.06"},{"date" => "2001-03-24T20:40:20","version" => "1.05"},{"date" => "2001-03-26T19:28:11","version" => "1.06"},{"date" => "2001-04-11T00:53:39","version" => "1.07"},{"date" => "2001-08-24T18:29:39","version" => "1.08"},{"date" => "2001-12-14T23:07:08","version" => "1.09"},{"date" => "2002-05-29T00:04:22","version" => "1.10"},{"date" => "2002-07-04T17:37:20","version" => "1.11"},{"date" => "2002-12-31T00:09:32","version" => "1.12"},{"date" => "2003-10-06T17:27:43","version" => "1.13"},{"date" => "2003-10-06T21:50:56","version" => "1.14"},{"date" => "2003-10-06T22:10:09","version" => "1.15"},{"date" => "2004-01-07T12:47:37","version" => "1.16"},{"date" => "2006-01-28T12:41:59","version" => "1.17"},{"date" => "2006-03-03T15:31:07","version" => "1.18"},{"date" => "2006-03-05T09:19:05","version" => "1.18"},{"date" => "2006-03-13T20:52:28","version" => "1.18"},{"date" => "2006-05-01T14:33:54","version" => "1.18"},{"date" => "2006-07-16T12:43:58","version" => "1.18"},{"date" => "2006-09-30T12:35:03","version" => "1.23"},{"date" => "2007-02-25T12:39:30","version" => "1.24"},{"date" => "2007-05-14T19:11:49","version" => "1.25"},{"date" => "2007-09-09T11:23:15","version" => "1.26"},{"date" => "2007-12-15T13:50:50","version" => "1.27"},{"date" => "2008-03-30T19:16:37","version" => "1.28"},{"date" => "2009-07-08T20:39:39","version" => "1.28_50"},{"date" => "2009-07-09T22:26:22","version" => "1.28_51"},{"date" => "2009-07-17T18:24:54","version" => "1.28_52"},{"date" => "2009-07-31T21:09:25","version" => "1.29"},{"date" => "2009-08-14T20:25:31","version" => "1.29_50"},{"date" => "2009-09-14T19:04:17","version" => "1.29_51"},{"date" => "2009-09-16T19:23:40","version" => "1.29_51"},{"date" => "2009-10-23T20:45:13","version" => "1.29_51"},{"date" => "2009-10-31T09:21:38","version" => "1.29_51"},{"date" => "2009-11-14T16:30:54","version" => "1.30_50"},{"date" => "2009-11-22T22:10:25","version" => "1.30_51"},{"date" => "2010-02-09T20:08:40","version" => "1.30_52"},{"date" => "2010-02-09T20:43:56","version" => "1.30_53"},{"date" => "2010-09-25T15:42:44","version" => "1.31"},{"date" => "2011-12-28T21:32:21","version" => "1.31_50"},{"date" => "2011-12-28T21:53:50","version" => "1.31_51"},{"date" => "2012-02-21T21:03:11","version" => "1.32"},{"date" => "2012-10-23T19:59:15","version" => "1.32_50"},{"date" => "2012-10-24T20:24:17","version" => "1.32_51"},{"date" => "2012-10-25T21:49:45","version" => "1.32_52"},{"date" => "2012-11-03T19:12:43","version" => "1.33"},{"date" => "2013-01-27T13:49:04","version" => "1.33_50"},{"date" => "2013-01-28T11:15:59","version" => "1.33_51"},{"date" => "2013-01-29T16:18:27","version" => "1.34"},{"date" => "2013-04-03T20:29:08","version" => "1.34_50"},{"date" => "2013-04-10T19:22:43","version" => "1.35"},{"date" => "2013-05-06T10:32:44","version" => "1.35_50"},{"date" => "2013-06-28T08:29:45","version" => "1.35_51"},{"date" => "2013-07-05T08:23:26","version" => "1.36"},{"date" => "2014-12-19T23:10:31","version" => "1.36_51"},{"date" => "2014-12-29T22:23:42","version" => "1.36_52"},{"date" => "2014-12-31T08:44:32","version" => "1.37"},{"date" => "2015-04-20T05:00:55","version" => "1.38"},{"date" => "2016-10-01T15:35:13","version" => "1.38_50"},{"date" => "2016-10-01T17:43:27","version" => "1.38_51"},{"date" => "2016-10-08T09:00:58","version" => "1.39"},{"date" => "2017-03-19T20:16:19","version" => "1.39_50"},{"date" => "2017-03-21T19:05:30","version" => "1.40"},{"date" => "2017-06-30T17:22:28","version" => "1.40_50"},{"date" => "2017-07-12T16:34:02","version" => "1.41"},{"date" => "2019-10-16T19:12:33","version" => "1.41_50"},{"date" => "2019-10-19T06:46:49","version" => "1.42"},{"date" => "2022-07-17T15:58:54","version" => "1.42_50"},{"date" => "2022-10-03T17:54:30","version" => "1.43"},{"date" => "2023-07-25T18:26:43","version" => "1.43_50"},{"date" => "2023-08-03T17:14:43","version" => "1.44"},{"date" => "2024-11-20T08:40:18","version" => "1.44_50"},{"date" => "2024-11-23T10:43:42","version" => "1.44_51"},{"date" => "2024-11-24T09:58:13","version" => "1.45"}]},"Image-PNG-Simple" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.07"],"cves" => ["CVE-2019-7317"],"description" => "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.\n","distribution" => "Image-PNG-Simple","fixed_versions" => [],"id" => "CPANSA-Image-PNG-Simple-2019-7317-libpng","references" => ["https://github.com/glennrp/libpng/issues/275","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","https://seclists.org/bugtraq/2019/Apr/30","http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","https://www.debian.org/security/2019/dsa-4435","https://seclists.org/bugtraq/2019/Apr/36","https://usn.ubuntu.com/3962-1/","https://usn.ubuntu.com/3991-1/","https://seclists.org/bugtraq/2019/May/56","https://seclists.org/bugtraq/2019/May/59","https://www.debian.org/security/2019/dsa-4448","https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","https://access.redhat.com/errata/RHSA-2019:1265","https://access.redhat.com/errata/RHSA-2019:1269","https://access.redhat.com/errata/RHSA-2019:1267","https://www.debian.org/security/2019/dsa-4451","https://seclists.org/bugtraq/2019/May/67","https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","https://usn.ubuntu.com/3997-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","https://access.redhat.com/errata/RHSA-2019:1310","https://access.redhat.com/errata/RHSA-2019:1309","https://access.redhat.com/errata/RHSA-2019:1308","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","http://www.securityfocus.com/bid/108098","https://security.netapp.com/advisory/ntap-20190719-0005/","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/","https://security.gentoo.org/glsa/201908-02","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"reported" => "2019-02-04","severity" => "medium"}],"main_module" => "Image::PNG::Simple","versions" => [{"date" => "2015-07-30T11:31:38","version" => "0.01"},{"date" => "2015-08-01T00:08:18","version" => "0.02"},{"date" => "2015-08-03T05:20:49","version" => "0.03"},{"date" => "2015-08-04T02:01:32","version" => "0.04"},{"date" => "2015-08-04T12:30:46","version" => "0.05"},{"date" => "2015-08-05T02:29:57","version" => "0.06"},{"date" => "2015-08-06T02:51:43","version" => "0.07"}]},"Imager" => {"advisories" => [{"affected_versions" => ["<1.006"],"cves" => ["CVE-2016-1238"],"description" => "Imager would search the default current directory entry in \@INC when searching for file format support modules.\n","distribution" => "Imager","fixed_versions" => [">=1.006"],"id" => "CPANSA-Imager-2016-1238","references" => ["https://metacpan.org/dist/Imager/changes","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => "high"},{"affected_versions" => [">=0.42,<=0.63"],"cves" => ["CVE-2008-1928"],"description" => "Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels.\n","distribution" => "Imager","fixed_versions" => [">=0.64"],"id" => "CPANSA-Imager-2008-1928","references" => ["https://metacpan.org/dist/Imager/changes","http://rt.cpan.org/Public/Bug/Display.html?id=35324","http://imager.perl.org/i/release064/Imager_0_64","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00569.html","http://www.securityfocus.com/bid/28980","http://secunia.com/advisories/30030","http://secunia.com/advisories/30011","http://www.vupen.com/english/advisories/2008/1387/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41986"],"reported" => "2008-04-24","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => [">=0.21,<=0.56"],"cves" => ["CVE-2007-2459"],"description" => "Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.\n","distribution" => "Imager","fixed_versions" => [">=0.57"],"id" => "CPANSA-Imager-2007-2459","references" => ["http://imager.perl.org/a/65.html","http://rt.cpan.org/Public/Bug/Display.html?id=26811","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421582","http://www.debian.org/security/2008/dsa-1498","http://www.securityfocus.com/bid/23711","http://secunia.com/advisories/25038","http://secunia.com/advisories/28868","http://osvdb.org/39846","http://www.vupen.com/english/advisories/2007/1587","http://osvdb.org/35470","https://exchange.xforce.ibmcloud.com/vulnerabilities/34010"],"reported" => "2007-05-02","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => ["<0.98"],"cves" => [],"description" => "When drawing on an image with an alpha channel where the source minimum is greater than zero, Imager would read from beyond the end of a malloc() allocated buffer.  In rare circumstances this could lead to some of the source image not being written to the target image, or possibly to a segmentation fault.\n","distribution" => "Imager","fixed_versions" => [">=0.98"],"id" => "CPANSA-Imager-2014-01","references" => ["https://metacpan.org/dist/Imager/changes"],"reported" => "2014-01-03","severity" => undef},{"affected_versions" => ["<=1.024"],"cves" => ["CVE-2024-53901"],"description" => "\"invalid next size\" backtrace on use of trim on certain images\n","distribution" => "Imager","fixed_versions" => [">1.024"],"id" => "CPANSA-Imager-2024-001","references" => ["https://metacpan.org/dist/Imager/changes","https://github.com/tonycoz/imager/issues/534"],"reported" => "2024-11-17","severity" => "moderate"},{"affected_versions" => ["<0.50"],"cves" => ["CVE-2006-0053"],"description" => "Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.\n","distribution" => "Imager","fixed_versions" => [">=0.50"],"id" => "CPANSA-Imager-2006-0053","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661","http://rt.cpan.org/Public/Bug/Display.html?id=18397","http://secunia.com/advisories/19575","http://secunia.com/advisories/19577","http://www.debian.org/security/2006/dsa-1028","http://www.securityfocus.com/bid/17415","http://www.vupen.com/english/advisories/2006/1294","https://exchange.xforce.ibmcloud.com/vulnerabilities/25717","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661","http://rt.cpan.org/Public/Bug/Display.html?id=18397","http://secunia.com/advisories/19575","http://secunia.com/advisories/19577","http://www.debian.org/security/2006/dsa-1028","http://www.securityfocus.com/bid/17415","http://www.vupen.com/english/advisories/2006/1294","https://exchange.xforce.ibmcloud.com/vulnerabilities/25717"],"reported" => "2006-04-10","severity" => undef}],"main_module" => "Imager","versions" => [{"date" => "1999-07-19T14:26:37","version" => "0.21"},{"date" => "2000-01-03T20:14:03","version" => "0.27"},{"date" => "2000-01-04T11:16:56","version" => "0.28"},{"date" => "2000-01-05T10:48:05","version" => "0.29"},{"date" => "2000-01-16T12:52:22","version" => "0.31"},{"date" => "2000-03-04T13:28:32","version" => "0.32"},{"date" => "2001-01-29T00:50:14","version" => "0.35"},{"date" => "2001-01-29T15:06:27","version" => "0.36"},{"date" => "2001-01-31T05:02:15","version" => "0.37"},{"date" => "2001-05-21T16:21:08","version" => "0.38"},{"date" => "2001-11-02T21:39:20","version" => "0.39"},{"date" => "2002-04-11T15:09:57","version" => "0.40"},{"date" => "2002-04-12T12:07:29","version" => "0.41"},{"date" => "2004-01-04T12:47:37","version" => "0.42"},{"date" => "2004-02-17T07:53:52","version" => "0.43"},{"date" => "2004-12-07T23:58:16","version" => "0.43_03"},{"date" => "2004-12-15T13:02:40","version" => "0.44"},{"date" => "2005-05-24T07:08:15","version" => "0.44_01"},{"date" => "2005-05-30T04:41:43","version" => "0.45"},{"date" => "2005-12-12T04:07:30","version" => "0.45_02"},{"date" => "2005-12-20T00:13:31","version" => "0.46"},{"date" => "2005-12-30T06:05:50","version" => "0.47"},{"date" => "2006-02-21T06:09:30","version" => "0.47_01"},{"date" => "2006-03-03T05:06:46","version" => "0.48"},{"date" => "2006-03-07T01:04:03","version" => "0.49"},{"date" => "2006-03-28T04:31:56","version" => "0.49_01"},{"date" => "2006-03-29T00:31:03","version" => "0.50"},{"date" => "2006-04-23T14:29:42","version" => "0.51"},{"date" => "2006-06-28T13:38:48","version" => "0.51_01"},{"date" => "2006-07-04T14:03:23","version" => "0.51_02"},{"date" => "2006-07-19T00:58:22","version" => "0.51_03"},{"date" => "2006-07-25T05:09:08","version" => "0.52"},{"date" => "2006-07-27T01:01:57","version" => "0.53"},{"date" => "2006-09-14T07:58:27","version" => "0.54"},{"date" => "2006-12-16T22:31:19","version" => "0.55"},{"date" => "2007-04-01T12:30:34","version" => "0.56"},{"date" => "2007-04-30T08:49:39","version" => "0.57"},{"date" => "2007-05-11T11:00:18","version" => "0.57_01"},{"date" => "2007-05-16T12:49:23","version" => "0.58"},{"date" => "2007-06-14T07:33:05","version" => "0.59"},{"date" => "2007-08-30T07:51:36","version" => "0.60"},{"date" => "2007-11-05T07:53:45","version" => "0.61"},{"date" => "2007-11-28T10:06:27","version" => "0.61_02"},{"date" => "2007-12-10T08:31:12","version" => "0.62"},{"date" => "2008-04-07T08:49:14","version" => "0.63"},{"date" => "2008-04-23T04:10:18","version" => "0.64"},{"date" => "2008-05-20T06:34:48","version" => "0.65"},{"date" => "2008-12-12T11:57:40","version" => "0.67"},{"date" => "2009-09-02T07:05:11","version" => "0.67_01"},{"date" => "2009-09-07T05:14:24","version" => "0.68"},{"date" => "2009-09-08T09:23:38","version" => "0.69"},{"date" => "2009-09-21T03:36:15","version" => "0.70"},{"date" => "2009-11-16T04:15:54","version" => "0.71"},{"date" => "2009-11-30T07:17:33","version" => "0.71_01"},{"date" => "2009-12-01T09:06:53","version" => "0.71_02"},{"date" => "2009-12-04T14:21:49","version" => "0.71_03"},{"date" => "2009-12-10T00:44:51","version" => "0.72"},{"date" => "2010-03-15T07:24:59","version" => "0.73"},{"date" => "2010-05-06T14:29:21","version" => "0.74"},{"date" => "2010-06-20T10:47:23","version" => "0.75"},{"date" => "2010-08-06T10:49:44","version" => "0.75_01"},{"date" => "2010-08-07T01:48:37","version" => "0.75_02"},{"date" => "2010-08-09T12:49:36","version" => "0.75_03"},{"date" => "2010-08-11T09:33:24","version" => "0.77"},{"date" => "2010-09-13T10:48:57","version" => "0.77_01"},{"date" => "2010-09-27T04:59:03","version" => "0.77_02"},{"date" => "2010-10-04T09:00:26","version" => "0.78"},{"date" => "2010-12-11T01:09:12","version" => "0.79"},{"date" => "2011-01-17T07:43:35","version" => "0.80"},{"date" => "2011-02-14T08:22:57","version" => "0.81"},{"date" => "2011-03-14T12:18:07","version" => "0.82"},{"date" => "2011-05-17T11:15:02","version" => "0.82_01"},{"date" => "2011-05-20T14:07:44","version" => "0.83"},{"date" => "2011-06-20T12:54:05","version" => "0.84"},{"date" => "2011-08-08T12:39:58","version" => "0.84_01"},{"date" => "2011-08-22T09:28:25","version" => "0.84_02"},{"date" => "2011-08-29T09:19:04","version" => "0.85"},{"date" => "2011-10-10T07:22:51","version" => "0.85_01"},{"date" => "2011-10-24T10:14:57","version" => "0.85_02"},{"date" => "2011-10-31T10:37:15","version" => "0.86"},{"date" => "2012-01-03T05:27:14","version" => "0.87"},{"date" => "2012-02-22T05:13:09","version" => "0.88"},{"date" => "2012-03-18T01:45:35","version" => "0.89"},{"date" => "2012-04-30T09:09:02","version" => "0.90"},{"date" => "2012-06-04T12:27:17","version" => "0.91"},{"date" => "2012-08-14T09:53:38","version" => "0.92"},{"date" => "2012-08-18T01:41:22","version" => "0.92_01"},{"date" => "2012-10-15T10:15:07","version" => "0.93"},{"date" => "2012-11-12T10:44:54","version" => "0.93_01"},{"date" => "2012-11-25T00:13:16","version" => "0.93_02"},{"date" => "2012-12-14T22:59:55","version" => "0.94"},{"date" => "2013-03-02T08:34:07","version" => "0.94_01"},{"date" => "2013-04-05T06:19:32","version" => "0.94_02"},{"date" => "2013-04-19T12:13:27","version" => "0.95"},{"date" => "2013-05-19T04:27:19","version" => "0.96"},{"date" => "2013-07-01T13:21:32","version" => "0.96_01"},{"date" => "2013-07-09T13:46:48","version" => "0.96_02"},{"date" => "2013-07-15T09:52:06","version" => "0.97"},{"date" => "2014-01-02T22:22:03","version" => "0.98"},{"date" => "2014-06-25T11:36:29","version" => "0.99"},{"date" => "2014-06-29T05:06:45","version" => "0.99_01"},{"date" => "2014-07-21T09:16:17","version" => "0.99_02"},{"date" => "2014-07-29T09:13:55","version" => "1.000"},{"date" => "2015-01-02T03:34:59","version" => "1.001"},{"date" => "2015-04-03T01:31:26","version" => "1.002"},{"date" => "2015-05-12T08:11:18","version" => "1.003"},{"date" => "2015-11-08T09:45:59","version" => "1.004"},{"date" => "2016-03-16T08:35:26","version" => "1.004_001"},{"date" => "2016-03-20T01:27:53","version" => "1.004_002"},{"date" => "2016-03-23T09:34:13","version" => "1.004_003"},{"date" => "2016-04-15T05:58:07","version" => "1.004_004"},{"date" => "2016-04-16T00:01:33","version" => "1.005"},{"date" => "2017-08-26T04:27:06","version" => "1.006"},{"date" => "2018-11-24T01:47:34","version" => "1.007"},{"date" => "2018-12-31T10:04:02","version" => "1.008"},{"date" => "2019-01-11T09:10:13","version" => "1.009"},{"date" => "2019-02-13T08:14:07","version" => "1.010"},{"date" => "2019-03-07T03:20:03","version" => "1.011"},{"date" => "2020-06-14T03:26:02","version" => "1.012"},{"date" => "2022-04-27T05:18:23","version" => "1.013"},{"date" => "2022-04-28T07:22:51","version" => "1.014"},{"date" => "2022-05-07T04:35:16","version" => "1.015"},{"date" => "2022-06-12T05:27:23","version" => "1.016"},{"date" => "2022-06-14T09:55:03","version" => "1.017"},{"date" => "2022-06-19T12:04:12","version" => "1.018"},{"date" => "2022-07-09T03:41:29","version" => "1.019"},{"date" => "2023-11-12T06:55:05","version" => "1.020"},{"date" => "2023-12-01T06:53:47","version" => "1.021"},{"date" => "2023-12-02T23:32:54","version" => "1.022"},{"date" => "2024-01-19T03:18:43","version" => "1.023"},{"date" => "2024-04-06T02:24:09","version" => "1.024"},{"date" => "2024-04-14T12:28:26","version" => "1.024_001"},{"date" => "2024-04-20T07:15:38","version" => "1.024_002"},{"date" => "2024-04-22T12:51:23","version" => "1.024_003"},{"date" => "2024-04-24T08:35:58","version" => "1.024_004"},{"date" => "2024-04-27T01:24:42","version" => "1.024_005"},{"date" => "2024-06-11T11:35:22","version" => "1.024_006"},{"date" => "2024-06-12T09:58:08","version" => "1.024_007"},{"date" => "2024-06-13T10:45:14","version" => "1.024_008"},{"date" => "2024-11-16T05:30:21","version" => "1.025"},{"date" => "2025-02-08T05:03:18","version" => "1.026"},{"date" => "2025-03-02T10:22:16","version" => "1.027"},{"date" => "2025-06-08T08:16:50","version" => "1.027_001"},{"date" => "2025-06-16T09:35:19","version" => "1.028"},{"date" => "2025-10-06T07:54:07","version" => "1.029"}]},"JS-jQuery" => {"advisories" => [{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.2.3.001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.2.6.001"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "JS-jQuery","fixed_versions" => [],"id" => "CPANSA-JS-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "JS::jQuery","versions" => [{"date" => "2008-03-11T01:54:48","version" => "1.2.3.001"},{"date" => "2008-08-28T06:54:56","version" => "1.2.6.001"}]},"JSON-SIMD" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2025-40930"],"description" => "JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact.","distribution" => "JSON-SIMD","fixed_versions" => [],"id" => "CPANSA-JSON-SIMD-2025-40930","references" => ["https://github.com/pjuhasz/JSON-SIMD/commit/9a87de7331c9fa5198cae404a83b17649cf7b918.patch","https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.06/source/SIMD.xs#L248","https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.07/changes"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "JSON::SIMD","versions" => [{"date" => "2023-04-17T17:13:41","version" => "1.00"},{"date" => "2023-04-17T17:37:46","version" => "1.01"},{"date" => "2023-04-17T18:04:21","version" => "1.02"},{"date" => "2023-04-18T18:56:08","version" => "1.03"},{"date" => "2023-04-20T18:02:37","version" => "1.04"},{"date" => "2023-04-22T20:28:17","version" => "1.05"},{"date" => "2023-04-27T16:22:59","version" => "1.06"},{"date" => "2025-09-08T14:44:06","version" => "1.07"}]},"JSON-XS" => {"advisories" => [{"affected_versions" => ["<4.04"],"cves" => ["CVE-2025-40928"],"description" => "JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact","distribution" => "JSON-XS","fixed_versions" => [">=4.04"],"id" => "CPANSA-JSON-XS-2025-40928","references" => ["https://metacpan.org/release/MLEHMANN/JSON-XS-4.03/source/XS.xs#L256","https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch"],"reported" => "2025-09-08","severity" => undef}],"main_module" => "JSON::XS","versions" => [{"date" => "2007-03-22T21:14:45","version" => "0.1"},{"date" => "2007-03-22T23:25:44","version" => "0.2"},{"date" => "2007-03-23T18:34:15","version" => "0.3"},{"date" => "2007-03-24T01:15:56","version" => "0.31"},{"date" => "2007-03-24T19:43:37","version" => "0.5"},{"date" => "2007-03-25T00:48:00","version" => "0.7"},{"date" => "2007-03-25T22:12:20","version" => "0.8"},{"date" => "2007-03-29T02:46:46","version" => "1.0"},{"date" => "2007-03-31T14:24:01","version" => "1.01"},{"date" => "2007-04-04T00:02:20","version" => "1.1"},{"date" => "2007-04-09T05:11:06","version" => "1.11"},{"date" => "2007-05-09T16:36:29","version" => "1.2"},{"date" => "2007-05-09T16:41:26","version" => "1.21"},{"date" => "2007-05-23T22:07:54","version" => "1.22"},{"date" => "2007-06-06T18:17:55","version" => "1.23"},{"date" => "2007-06-11T03:45:26","version" => "1.24"},{"date" => "2007-06-23T23:50:26","version" => "1.3"},{"date" => "2007-07-02T08:08:00","version" => "1.4"},{"date" => "2007-07-10T16:23:43","version" => "1.41"},{"date" => "2007-07-23T22:58:05","version" => "1.42"},{"date" => "2007-07-26T11:33:40","version" => "1.43"},{"date" => "2007-08-21T23:03:31","version" => "1.44"},{"date" => "2007-08-28T02:07:48","version" => "1.5"},{"date" => "2007-10-13T01:58:29","version" => "1.51"},{"date" => "2007-10-15T01:23:45","version" => "1.52"},{"date" => "2007-11-13T22:59:42","version" => "1.53"},{"date" => "2007-12-04T10:37:49","version" => "2.0"},{"date" => "2007-12-05T11:00:12","version" => "2.01"},{"date" => "2008-03-19T22:31:09","version" => "2.1"},{"date" => "2008-04-16T18:38:21","version" => "2.2"},{"date" => "2008-06-03T06:44:13","version" => "2.21"},{"date" => "2008-07-15T11:30:13","version" => "2.22"},{"date" => "2008-07-19T04:22:25","version" => "2.222"},{"date" => "2008-07-20T17:55:32","version" => "2.2222"},{"date" => "2008-09-29T03:09:52","version" => "2.23"},{"date" => "2008-11-20T04:00:26","version" => "2.231"},{"date" => "2009-02-19T01:13:45","version" => "2.2311"},{"date" => "2009-02-22T10:13:47","version" => "2.232"},{"date" => "2009-05-30T06:27:00","version" => "2.24"},{"date" => "2009-08-08T10:06:47","version" => "2.25"},{"date" => "2009-10-10T01:49:08","version" => "2.26"},{"date" => "2010-01-07T06:36:46","version" => "2.27"},{"date" => "2010-03-11T19:31:59","version" => "2.28"},{"date" => "2010-03-17T01:45:55","version" => "2.29"},{"date" => "2010-08-17T23:27:33","version" => "2.3"},{"date" => "2011-07-27T15:54:57","version" => "2.31"},{"date" => "2011-08-11T17:07:26","version" => "2.32"},{"date" => "2012-08-01T19:04:47","version" => "2.33"},{"date" => "2013-05-23T09:33:09","version" => "2.34"},{"date" => "2013-10-29T06:25:52","version" => "3.0"},{"date" => "2013-10-29T15:57:01","version" => "3.01"},{"date" => "2016-02-26T21:47:56","version" => "3.02"},{"date" => "2016-11-16T19:22:12","version" => "3.03"},{"date" => "2017-08-17T03:49:01","version" => "3.04"},{"date" => "2018-11-15T23:08:35","version" => "4.0_00"},{"date" => "2018-11-19T10:28:12","version" => "4.0"},{"date" => "2019-02-24T04:08:23","version" => "4.01"},{"date" => "2019-03-06T07:32:09","version" => "4.02"},{"date" => "2020-10-27T18:06:42","version" => "4.03"},{"date" => "2025-09-08T16:00:30","version" => "4.04"}]},"JavaScript-Duktape" => {"advisories" => [{"affected_versions" => [">=2.1.0,<=2.1.1"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.1.2,<=2.1.4"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.1.5,<=2.2.1"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => [">=2.3.0,<=2.4.2"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"},{"affected_versions" => ["==2.5.0"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"}],"main_module" => "JavaScript::Duktape","versions" => [{"date" => "2015-05-06T22:56:32","version" => "v0.0.1_1"},{"date" => "2015-05-18T00:23:07","version" => "v0.0.1_2"},{"date" => "2015-05-20T21:48:48","version" => "v0.0.2_1"},{"date" => "2015-06-13T19:03:59","version" => "v0.0.3"},{"date" => "2015-07-03T17:56:13","version" => "v0.0.4"},{"date" => "2015-07-16T19:16:14","version" => "v0.0.5"},{"date" => "2015-10-24T00:09:54","version" => "v0.1.1"},{"date" => "2015-11-02T17:01:15","version" => "v0.2.0"},{"date" => "2015-11-03T16:48:04","version" => "v0.2.1"},{"date" => "2015-11-09T10:12:50","version" => "v0.3.0"},{"date" => "2016-04-01T20:02:28","version" => "v1.0.0"},{"date" => "2016-04-07T17:41:05","version" => "v1.0.1"},{"date" => "2016-05-03T17:13:29","version" => "v1.0.2"},{"date" => "2017-02-24T00:39:47","version" => "v2.1.0"},{"date" => "2017-03-10T12:24:35","version" => "v2.1.1"},{"date" => "2017-03-23T03:16:11","version" => "v2.1.2"},{"date" => "2017-03-25T17:49:27","version" => "v2.1.3"},{"date" => "2017-05-20T14:17:44","version" => "v2.1.4"},{"date" => "2017-05-27T15:04:29","version" => "v2.1.5"},{"date" => "2017-06-02T20:31:52","version" => "v2.2.0"},{"date" => "2017-06-21T22:08:07","version" => "v2.2.1"},{"date" => "2017-12-16T15:41:31","version" => "v2.3.0"},{"date" => "2017-12-16T19:24:58","version" => "v2.4.0"},{"date" => "2017-12-16T20:38:04","version" => "v2.4.1"},{"date" => "2017-12-17T20:04:05","version" => "v2.4.2"},{"date" => "2018-09-04T11:14:29","version" => "v2.5.0"}]},"JavaScript-Duktape-XS" => {"advisories" => [{"affected_versions" => [">=0.000030,<=0.000078"],"cves" => ["CVE-2021-46322"],"description" => "Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.\n","distribution" => "JavaScript-Duktape-XS","fixed_versions" => [],"id" => "CPANSA-JavaScript-Duktape-XS-2021-46322-duktape","references" => ["https://github.com/svaarala/duktape/issues/2448","https://github.com/gonzus/JavaScript-Duktape-XS/issues/33"],"reported" => "2022-01-20","severity" => "medium"}],"main_module" => "JavaScript::Duktape::XS","versions" => [{"date" => "2018-03-22T19:58:59","version" => "0.000030"},{"date" => "2018-03-23T11:49:50","version" => "0.000031"},{"date" => "2018-03-26T11:02:50","version" => "0.000032"},{"date" => "2018-03-29T14:31:21","version" => "0.000034"},{"date" => "2018-03-30T07:15:32","version" => "0.000035"},{"date" => "2018-04-04T09:33:24","version" => "0.000036"},{"date" => "2018-04-10T12:34:39","version" => "0.000037"},{"date" => "2018-04-10T15:15:12","version" => "0.000038"},{"date" => "2018-04-12T10:11:24","version" => "0.000039"},{"date" => "2018-04-12T11:44:15","version" => "0.000040"},{"date" => "2018-04-12T12:11:45","version" => "0.000041"},{"date" => "2018-04-13T08:53:34","version" => "0.000042"},{"date" => "2018-04-16T10:13:44","version" => "0.000043"},{"date" => "2018-04-17T07:52:14","version" => "0.000044"},{"date" => "2018-04-18T15:14:31","version" => "0.000045"},{"date" => "2018-04-19T06:55:16","version" => "0.000046"},{"date" => "2018-04-19T13:05:20","version" => "0.000047"},{"date" => "2018-04-19T15:00:21","version" => "0.000048"},{"date" => "2018-04-23T10:31:54","version" => "0.000049"},{"date" => "2018-04-23T15:11:03","version" => "0.000050"},{"date" => "2018-04-25T08:52:03","version" => "0.000051"},{"date" => "2018-05-13T22:52:47","version" => "0.000052"},{"date" => "2018-05-30T08:29:51","version" => "0.000060"},{"date" => "2018-05-30T14:48:38","version" => "0.000061"},{"date" => "2018-06-07T17:38:20","version" => "0.000062"},{"date" => "2018-06-08T07:14:07","version" => "0.000063"},{"date" => "2018-06-08T13:01:42","version" => "0.000064"},{"date" => "2018-06-08T15:37:05","version" => "0.000065"},{"date" => "2018-06-26T08:28:00","version" => "0.000066"},{"date" => "2018-06-26T10:34:38","version" => "0.000067"},{"date" => "2018-07-11T14:18:40","version" => "0.000068"},{"date" => "2018-07-27T11:54:29","version" => "0.000069"},{"date" => "2018-07-30T07:57:07","version" => "0.000070"},{"date" => "2018-08-28T14:01:07","version" => "0.000071"},{"date" => "2018-09-10T12:53:10","version" => "0.000073"},{"date" => "2018-09-11T08:44:24","version" => "0.000074"},{"date" => "2019-01-31T15:24:38","version" => "0.000075"},{"date" => "2019-04-08T08:53:49","version" => "0.000076"},{"date" => "2019-06-28T06:54:32","version" => "0.000077"},{"date" => "2019-08-14T11:05:18","version" => "0.000078"},{"date" => "2021-09-02T10:21:33","version" => "0.000079"},{"date" => "2025-02-19T09:44:22","version" => "0.000081"}]},"Jifty" => {"advisories" => [{"affected_versions" => ["<1.10518"],"cves" => [],"description" => "The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations.  This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.\n","distribution" => "Jifty","fixed_versions" => [">=1.10518"],"id" => "CPANSA-Jifty-2011-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2011-03-17"},{"affected_versions" => ["<0.90409"],"cves" => [],"description" => "The REST plugin would let you call any method on the model.\n","distribution" => "Jifty","fixed_versions" => [">=0.90409"],"id" => "CPANSA-Jifty-2009-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2009-04-09"},{"affected_versions" => ["<0.70408"],"cves" => [],"description" => "Allowed all actions on GET.\n","distribution" => "Jifty","fixed_versions" => [">=0.80408"],"id" => "CPANSA-Jifty-2008-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2009-04-08"},{"affected_versions" => ["<0.60706"],"cves" => [],"description" => "Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the \"standalone\" webserver in production, the attacker could gain read only access to local files.\n","distribution" => "Jifty","fixed_versions" => [">=0.60706"],"id" => "CPANSA-Jifty-2006-01","references" => ["https://metacpan.org/dist/Jifty/changes"],"reported" => "2006-07-06"}],"main_module" => "Jifty","versions" => [{"date" => "2005-12-25T08:19:39","version" => "0.51225"},{"date" => "2005-12-28T17:23:39","version" => "0.51228"},{"date" => "2006-02-14T04:15:03","version" => "0.60213"},{"date" => "2006-02-22T04:57:24","version" => "0.60213"},{"date" => "2006-03-21T23:10:58","version" => "0.60213"},{"date" => "2006-05-05T18:56:21","version" => "0.60321"},{"date" => "2006-05-08T14:38:03","version" => "0.60507"},{"date" => "2006-06-15T14:01:15","version" => "0.60714"},{"date" => "2006-06-16T12:16:03","version" => "0.60616"},{"date" => "2006-07-07T04:32:27","version" => "0.60706"},{"date" => "2006-07-07T05:54:06","version" => "0.60707"},{"date" => "2006-07-23T00:27:10","version" => "0.60722"},{"date" => "2006-09-13T00:25:58","version" => "0.60912"},{"date" => "2006-11-24T03:39:06","version" => "0.61123_01"},{"date" => "2007-01-17T04:52:58","version" => "0.70116"},{"date" => "2007-01-17T20:49:04","version" => "0.70117"},{"date" => "2007-04-17T18:45:55","version" => "0.70415"},{"date" => "2007-04-23T01:08:41","version" => "0.70422"},{"date" => "2007-08-24T04:20:59","version" => "0.70824"},{"date" => "2007-11-29T22:13:17","version" => "0.71129"},{"date" => "2008-04-08T21:15:29","version" => "0.80408"},{"date" => "2009-04-09T23:10:34","version" => "0.90409"},{"date" => "2009-05-20T01:14:48","version" => "0.90519"},{"date" => "2009-06-30T17:41:18","version" => "0.90519"},{"date" => "2009-07-01T19:08:14","version" => "0.90519"},{"date" => "2009-11-18T00:08:35","version" => "0.90701"},{"date" => "2010-12-09T23:08:09","version" => "1.01209"},{"date" => "2011-02-14T22:10:50","version" => "1.10214"},{"date" => "2011-02-28T16:22:26","version" => "1.10228"},{"date" => "2011-05-18T18:12:42","version" => "1.10518"},{"date" => "2015-04-30T20:48:27","version" => "1.50430"}]},"Jifty-DBI" => {"advisories" => [{"affected_versions" => ["<0.68"],"cves" => [],"description" => "SQL injection in column names, operators, order and group by.\n","distribution" => "Jifty-DBI","fixed_versions" => [">=0.68"],"id" => "CPANSA-Jifty-DBI-2011-01","references" => ["https://metacpan.org/dist/Jifty-DBI/changes","https://metacpan.org/dist/Jifty/changes"],"reported" => "2011-04-04"}],"main_module" => "Jifty::DBI","versions" => [{"date" => "2005-11-08T21:32:52","version" => "0.02"},{"date" => "2005-11-26T07:21:20","version" => "0.05_01"},{"date" => "2005-12-23T20:48:59","version" => "0.06"},{"date" => "2005-12-24T04:29:10","version" => "0.06"},{"date" => "2005-12-25T19:37:31","version" => "0.08"},{"date" => "2005-12-29T13:31:40","version" => "0.09"},{"date" => "2006-01-08T10:05:05","version" => "0.10"},{"date" => "2006-01-15T17:22:14","version" => "0.11"},{"date" => "2006-03-05T01:55:32","version" => "0.15"},{"date" => "2006-03-05T02:07:03","version" => "0.15"},{"date" => "2006-03-31T13:22:16","version" => "0.18"},{"date" => "2006-04-02T10:05:36","version" => "0.19"},{"date" => "2006-04-21T16:27:47","version" => "0.20"},{"date" => "2006-05-03T18:26:47","version" => "0.20"},{"date" => "2006-06-15T12:17:00","version" => "0.21"},{"date" => "2006-09-12T22:56:59","version" => "0.25"},{"date" => "2006-11-13T16:15:30","version" => "0.25"},{"date" => "2006-11-24T03:15:46","version" => "0.25"},{"date" => "2007-01-17T20:34:50","version" => "0.25"},{"date" => "2007-01-26T11:55:26","version" => "0.31"},{"date" => "2007-01-26T12:22:07","version" => "0.39_99"},{"date" => "2007-01-26T12:56:35","version" => "0.32"},{"date" => "2007-01-26T13:34:03","version" => "0.39_999"},{"date" => "2007-01-28T13:30:21","version" => "0.32"},{"date" => "2007-04-15T15:26:52","version" => "0.39_9999"},{"date" => "2007-04-16T20:21:33","version" => "0.41"},{"date" => "2007-08-24T04:20:36","version" => "0.43"},{"date" => "2007-10-26T16:48:22","version" => "0.43"},{"date" => "2007-11-07T17:27:17","version" => "0.46"},{"date" => "2007-11-16T21:28:33","version" => "0.46"},{"date" => "2007-11-29T21:38:34","version" => "0.46"},{"date" => "2008-04-08T03:05:48","version" => "0.49"},{"date" => "2009-03-25T19:32:29","version" => "0.53"},{"date" => "2009-05-19T12:33:45","version" => "0.53"},{"date" => "2009-07-14T07:29:33","version" => "0.53"},{"date" => "2009-11-19T01:16:21","version" => "0.59"},{"date" => "2010-01-04T18:04:58","version" => "0.60"},{"date" => "2010-12-08T20:15:10","version" => "0.63"},{"date" => "2010-12-08T20:24:47","version" => "0.64"},{"date" => "2011-02-14T21:27:51","version" => "0.66"},{"date" => "2011-02-28T16:00:37","version" => "0.67"},{"date" => "2011-04-14T16:20:25","version" => "0.68"},{"date" => "2011-05-17T19:54:33","version" => "0.69"},{"date" => "2011-06-15T20:46:39","version" => "0.70"},{"date" => "2011-06-17T20:39:50","version" => "0.71"},{"date" => "2011-10-17T16:45:06","version" => "0.72"},{"date" => "2012-01-25T21:39:16","version" => "0.73"},{"date" => "2012-01-25T21:45:14","version" => "0.74"},{"date" => "2013-01-29T20:18:33","version" => "0.75"},{"date" => "2013-06-17T22:14:37","version" => "0.76"},{"date" => "2013-12-01T18:11:35","version" => "0.77"},{"date" => "2015-04-30T19:16:36","version" => "0.78"}]},"Kelp" => {"advisories" => [{"affected_versions" => ["<0.9001"],"cves" => [],"description" => "X-Real-IP, X-Forwarded-Host and X-Remote-User headers were trusted and used in Kelp::Request\n","distribution" => "Kelp","fixed_versions" => [">=0.9001"],"id" => "CPANSA-Kelp-2014-01","references" => ["https://metacpan.org/dist/Kelp/changes","https://github.com/sgnix/kelp/commit/9f8f5a5215bdc1685a671c1157132a65727aadff"],"reported" => "2014-05-30","reviewed_by" => [{"date" => "2022-06-28","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]}],"main_module" => "Kelp","versions" => [{"date" => "2013-04-12T17:16:52","version" => "0.1"},{"date" => "2013-04-12T17:39:48","version" => "0.11"},{"date" => "2013-04-14T01:05:22","version" => "0.2"},{"date" => "2013-04-16T21:52:38","version" => "0.21"},{"date" => "2013-04-17T04:59:31","version" => "0.215"},{"date" => "2013-04-17T13:16:42","version" => "0.216"},{"date" => "2013-04-17T19:13:12","version" => "0.217"},{"date" => "2013-04-20T01:47:43","version" => "0.218"},{"date" => "2013-04-20T20:27:42","version" => "0.2181"},{"date" => "2013-05-02T16:45:58","version" => "0.2182"},{"date" => "2013-05-06T03:44:19","version" => "0.219"},{"date" => "2013-05-14T20:01:26","version" => "0.2191"},{"date" => "2013-05-25T21:37:51","version" => "0.3001"},{"date" => "2013-06-14T05:59:18","version" => "0.3101"},{"date" => "2013-06-16T15:38:29","version" => "0.3102"},{"date" => "2013-07-03T02:34:18","version" => "0.4001"},{"date" => "2013-07-05T17:36:59","version" => "0.4011"},{"date" => "2013-07-05T22:46:46","version" => "0.4012"},{"date" => "2013-08-15T03:19:01","version" => "0.4501"},{"date" => "2013-11-11T18:10:07","version" => "0.455"},{"date" => "2013-11-20T05:15:34","version" => "0.456"},{"date" => "2014-03-02T17:34:04","version" => "0.457"},{"date" => "2014-03-27T16:29:16","version" => "0.4601"},{"date" => "2014-03-31T22:46:22","version" => "0.4602"},{"date" => "2014-05-31T00:52:57","version" => "0.9001"},{"date" => "2014-07-13T00:41:29","version" => "0.9012"},{"date" => "2014-08-08T17:57:48","version" => "0.9015"},{"date" => "2014-12-15T07:02:58","version" => "0.9021"},{"date" => "2015-04-03T00:32:47","version" => "0.9051"},{"date" => "2015-08-11T06:50:14","version" => "0.9071"},{"date" => "2016-11-09T00:00:02","version" => "0.9081"},{"date" => "2017-12-28T21:08:47","version" => "1.01"},{"date" => "2018-01-08T16:43:42","version" => "1.02"},{"date" => "2021-01-12T14:26:40","version" => "1.03"},{"date" => "2021-01-14T15:00:50","version" => "1.03_1"},{"date" => "2021-01-16T16:53:41","version" => "1.03_2"},{"date" => "2021-01-18T21:15:56","version" => "1.04"},{"date" => "2021-01-21T12:12:36","version" => "1.04_01"},{"date" => "2021-01-21T17:15:38","version" => "1.05"},{"date" => "2022-05-09T21:07:41","version" => "1.06"},{"date" => "2024-06-02T18:49:17","version" => "1.07"},{"date" => "2024-06-05T19:57:13","version" => "1.10_01"},{"date" => "2024-06-08T19:49:17","version" => "2.00_01"},{"date" => "2024-06-09T13:06:47","version" => "2.00_02"},{"date" => "2024-06-09T15:41:33","version" => "2.00_03"},{"date" => "2024-06-09T20:00:29","version" => "2.00_04"},{"date" => "2024-06-10T07:25:19","version" => "2.00_05"},{"date" => "2024-06-10T15:39:47","version" => "2.00"},{"date" => "2024-06-15T11:55:22","version" => "2.01_01"},{"date" => "2024-06-18T16:33:19","version" => "2.01_02"},{"date" => "2024-06-19T19:26:30","version" => "2.01_03"},{"date" => "2024-06-20T06:26:12","version" => "2.01_04"},{"date" => "2024-06-20T20:43:31","version" => "2.01_05"},{"date" => "2024-06-23T19:25:33","version" => "2.10_01"},{"date" => "2024-06-24T05:14:31","version" => "2.10"},{"date" => "2024-06-25T04:15:52","version" => "2.11"},{"date" => "2024-06-26T06:15:21","version" => "2.12"},{"date" => "2024-07-01T06:06:23","version" => "2.13"},{"date" => "2024-07-02T05:28:06","version" => "2.14"},{"date" => "2024-07-03T19:52:27","version" => "2.15"},{"date" => "2024-07-05T19:03:36","version" => "2.16"},{"date" => "2024-07-06T04:18:40","version" => "2.17"},{"date" => "2024-10-08T04:22:01","version" => "2.18"},{"date" => "2024-10-10T20:15:05","version" => "2.19"},{"date" => "2025-03-30T20:44:00","version" => "2.20"},{"date" => "2025-04-02T21:37:22","version" => "2.21"},{"date" => "2025-06-12T19:29:46","version" => "2.22"}]},"Kossy" => {"advisories" => [{"affected_versions" => ["<0.60"],"cves" => ["CVE-2021-47157"],"description" => "Flaw in defense from JSON hijacking.\n","distribution" => "Kossy","fixed_versions" => [">=0.60"],"id" => "CPANSA-Kossy-2021-01","references" => ["https://github.com/kazeburo/Kossy/pull/16","https://metacpan.org/dist/Kossy/changes"],"reported" => "2021-08-29","severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.08,<=0.11"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.17,<=0.60"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.12,<=0.16"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Kossy","fixed_versions" => [],"id" => "CPANSA-Kossy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Kossy","versions" => [{"date" => "2011-11-29T08:45:37","version" => "0.05"},{"date" => "2012-01-05T01:58:20","version" => "0.06"},{"date" => "2012-02-17T03:11:05","version" => "0.07"},{"date" => "2012-04-24T10:06:21","version" => "0.08"},{"date" => "2012-05-17T08:52:24","version" => "0.09"},{"date" => "2012-06-19T02:16:23","version" => "0.10"},{"date" => "2012-07-24T12:51:12","version" => "0.11"},{"date" => "2012-08-24T09:24:50","version" => "0.12"},{"date" => "2012-12-05T02:26:49","version" => "0.13"},{"date" => "2013-03-14T13:28:06","version" => "0.14"},{"date" => "2013-04-04T15:38:05","version" => "0.14"},{"date" => "2013-07-16T04:32:43","version" => "0.16"},{"date" => "2013-07-16T04:40:39","version" => "0.17"},{"date" => "2013-08-08T07:08:09","version" => "0.18"},{"date" => "2013-08-30T07:04:23","version" => "0.19"},{"date" => "2013-10-09T06:49:21","version" => "0.20"},{"date" => "2013-10-10T06:42:16","version" => "0.21"},{"date" => "2013-10-15T02:46:09","version" => "0.22"},{"date" => "2013-10-21T05:21:48","version" => "0.23"},{"date" => "2013-10-31T04:44:36","version" => "0.24"},{"date" => "2013-11-06T02:29:36","version" => "0.25"},{"date" => "2013-11-12T02:17:30","version" => "0.26"},{"date" => "2013-11-12T05:48:05","version" => "0.27"},{"date" => "2013-11-28T01:33:03","version" => "0.28"},{"date" => "2014-02-12T04:48:29","version" => "0.30"},{"date" => "2014-02-12T04:56:17","version" => "0.31"},{"date" => "2014-02-19T06:55:53","version" => "0.32"},{"date" => "2014-02-19T16:20:13","version" => "0.33"},{"date" => "2014-02-19T17:19:43","version" => "0.34"},{"date" => "2014-05-28T15:13:06","version" => "0.34"},{"date" => "2014-05-28T15:51:34","version" => "0.34"},{"date" => "2014-05-28T16:50:27","version" => "0.37"},{"date" => "2014-05-29T06:37:53","version" => "0.38"},{"date" => "2014-10-20T05:47:47","version" => "0.39"},{"date" => "2016-07-19T15:04:31","version" => "0.40"},{"date" => "2021-08-26T13:50:58","version" => "0.50"},{"date" => "2021-09-16T12:04:39","version" => "0.60"},{"date" => "2023-11-06T14:27:18","version" => "0.61"},{"date" => "2023-11-09T08:57:59","version" => "0.62"},{"date" => "2023-11-13T02:24:42","version" => "0.63"}]},"LWP-Protocol-Net-Curl" => {"advisories" => [{"affected_versions" => ["<0.009"],"cves" => [],"description" => "Misconfiguration with libcurl v7.28.1 causes a HTTPS validation issues.\n","distribution" => "LWP-Protocol-Net-Curl","fixed_versions" => [">=0.009"],"id" => "CPANSA-LWP-Protocol-Net-Curl-2012-01","references" => ["https://metacpan.org/changes/distribution/LWP-Protocol-Net-Curl","https://github.com/creaktive/LWP-Protocol-Net-Curl/commit/dc8b183c6520a2b6bcde685de635675ee4a7e019"],"reported" => "2012-11-28"}],"main_module" => "LWP::Protocol::Net::Curl","versions" => [{"date" => "2012-10-24T18:49:20","version" => "0.001"},{"date" => "2012-10-26T20:05:13","version" => "0.002"},{"date" => "2012-10-29T18:55:46","version" => "0.003"},{"date" => "2012-10-31T13:01:46","version" => "0.004"},{"date" => "2012-11-01T15:17:14","version" => "0.005"},{"date" => "2012-11-12T12:23:09","version" => "0.006"},{"date" => "2012-11-13T14:33:10","version" => "0.007"},{"date" => "2012-11-25T22:38:58","version" => "0.008"},{"date" => "2012-11-28T19:03:10","version" => "0.009"},{"date" => "2012-12-07T00:13:55","version" => "0.010"},{"date" => "2012-12-18T12:05:00","version" => "0.011"},{"date" => "2013-02-08T11:00:04","version" => "0.012"},{"date" => "2013-02-11T01:56:30","version" => "0.013"},{"date" => "2013-02-16T12:51:03","version" => "0.014"},{"date" => "2013-05-13T21:41:47","version" => "0.015"},{"date" => "2013-05-18T22:12:03","version" => "0.016"},{"date" => "2013-07-13T12:22:34","version" => "0.017"},{"date" => "2013-08-17T11:34:49","version" => "0.018"},{"date" => "2013-10-11T12:33:53","version" => "0.019"},{"date" => "2013-10-13T09:02:17","version" => "0.020"},{"date" => "2014-01-21T17:46:37","version" => "0.021"},{"date" => "2014-07-09T15:04:06","version" => "0.022"},{"date" => "2014-12-23T17:06:56","version" => "0.023"},{"date" => "2019-07-12T12:27:08","version" => "0.024"},{"date" => "2019-07-15T11:29:17","version" => "0.025"},{"date" => "2019-10-08T12:01:54","version" => "0.026"},{"date" => "2025-01-21T10:57:04","version" => "0.027"}]},"LWP-Protocol-https" => {"advisories" => [{"affected_versions" => [">=6.04,<=6.06"],"cves" => ["CVE-2014-3230"],"description" => "The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.\n","distribution" => "LWP-Protocol-https","fixed_versions" => [">6.06"],"id" => "CPANSA-LWP-Protocol-https-2014-3230","references" => ["http://www.openwall.com/lists/oss-security/2014/05/04/1","http://www.openwall.com/lists/oss-security/2014/05/02/8","http://www.openwall.com/lists/oss-security/2014/05/06/8","https://github.com/libwww-perl/lwp-protocol-https/pull/14","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579"],"reported" => "2020-01-28","severity" => "medium"}],"main_module" => "LWP::Protocol::https","versions" => [{"date" => "2011-03-27T11:59:53","version" => "6.02"},{"date" => "2012-02-18T23:01:32","version" => "6.03"},{"date" => "2013-04-29T21:26:33","version" => "6.04"},{"date" => "2014-04-18T17:03:15","version" => "6.06"},{"date" => "2017-02-20T02:46:43","version" => "6.07"},{"date" => "2020-03-23T20:20:33","version" => "6.08"},{"date" => "2020-07-16T13:33:20","version" => "6.09"},{"date" => "2020-12-17T15:44:24","version" => "6.10"},{"date" => "2023-07-09T15:11:15","version" => "6.11"},{"date" => "2024-01-22T17:51:48","version" => "6.12"},{"date" => "2024-02-06T01:01:15","version" => "6.13"},{"date" => "2024-03-11T01:09:49","version" => "6.14"},{"date" => "2026-02-23T20:37:13","version" => "6.15"}]},"Lemonldap-NG-Common" => {"advisories" => [{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.94"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.94"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.95"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.95"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.12"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Common","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Common-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Common","versions" => [{"date" => "2008-12-25T08:24:58","version" => "0.9"},{"date" => "2008-12-28T09:07:37","version" => "0.91"},{"date" => "2009-02-08T07:12:51","version" => "0.92"},{"date" => "2009-06-29T10:14:12","version" => "0.93"},{"date" => "2009-06-29T11:55:37","version" => "0.94"},{"date" => "2009-10-11T08:25:47","version" => "0.95"},{"date" => "2010-10-13T21:00:29","version" => "0.99"},{"date" => "2010-10-22T05:34:36","version" => "0.99.1"},{"date" => "2010-10-22T05:44:23","version" => "0.991"},{"date" => "2010-10-24T06:31:39","version" => "0.992"},{"date" => "2010-11-26T13:38:09","version" => "1.0.0"},{"date" => "2011-02-28T13:40:38","version" => "1.0.2"},{"date" => "2011-03-07T11:16:29","version" => "1.0.3"},{"date" => "2011-03-23T14:52:32","version" => "1.0.4"},{"date" => "2011-04-15T14:51:05","version" => "1.0.5"},{"date" => "2011-05-30T08:40:05","version" => "1.0.6"},{"date" => "2011-07-08T09:33:02","version" => "1.1.0"},{"date" => "2011-07-29T13:41:39","version" => "1.1.1"},{"date" => "2011-10-07T12:56:16","version" => "1.1.2"},{"date" => "2012-06-18T10:11:39","version" => "1.2.0"},{"date" => "2012-07-06T09:18:20","version" => "1.2.1"},{"date" => "2012-09-17T14:02:30","version" => "1.2.2"},{"date" => "2013-01-25T21:51:20","version" => "1.2.2_01"},{"date" => "2013-02-08T17:09:50","version" => "1.2.3"},{"date" => "2013-04-23T13:19:31","version" => "1.2.4"},{"date" => "2013-08-26T10:37:20","version" => "1.2.5"},{"date" => "2013-11-02T16:29:19","version" => "v1.3.0"},{"date" => "2013-11-10T18:00:20","version" => "v1.3.0_01"},{"date" => "2013-11-11T13:59:28","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:16","version" => "1.3.2"},{"date" => "2014-03-07T13:54:49","version" => "1.3.3"},{"date" => "2014-06-30T12:52:26","version" => "v1.4.0"},{"date" => "2014-07-25T09:53:47","version" => "v1.4.1"},{"date" => "2014-11-05T15:13:39","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:12","version" => "v1.4.3"},{"date" => "2015-04-15T10:04:56","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:36","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:30","version" => "v1.4.6"},{"date" => "2016-03-02T09:49:50","version" => "v1.9.0"},{"date" => "2016-03-22T14:24:49","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:14","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:35","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:02","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:17","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:03","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:00","version" => "v1.9.4"},{"date" => "2016-07-13T09:07:43","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:20","version" => "v1.9.5"},{"date" => "2016-10-10T13:33:58","version" => "v1.4.11"},{"date" => "2016-10-16T12:22:51","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:20","version" => "v1.9.7"},{"date" => "2017-02-28T21:02:38","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:54:49","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:35","version" => "v1.9.99_02"},{"date" => "2017-03-07T05:58:47","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:13","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:20:56","version" => "v1.9.9"},{"date" => "2017-05-19T18:53:04","version" => "v1.9.10"},{"date" => "2017-09-01T10:30:44","version" => "v1.9.11"},{"date" => "2017-09-12T08:39:52","version" => "v1.9.12"},{"date" => "2017-09-29T13:58:45","version" => "v1.9.13"},{"date" => "2017-11-24T19:57:28","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:02","version" => "v1.9.15"},{"date" => "2018-03-16T10:33:38","version" => "v1.9.16"},{"date" => "2018-06-16T09:26:52","version" => "v1.9.17"},{"date" => "2018-10-05T09:39:50","version" => "v1.9.18"},{"date" => "2019-02-12T17:13:05","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:36","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:02","version" => "v2.0.4"},{"date" => "2019-06-29T21:29:43","version" => "v2.0.5"},{"date" => "2019-12-21T21:46:05","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:02","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:18","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:02","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:35","version" => "v2.0.11"},{"date" => "2021-07-22T17:37:52","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:22","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:37","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:02","version" => "v2.0.15"},{"date" => "2022-09-16T08:34:33","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:28:06","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:19","version" => "v2.16.2"},{"date" => "2023-08-30T16:22:52","version" => "v2.17.0"},{"date" => "2023-12-20T21:10:29","version" => "v2.18.0"},{"date" => "2023-12-22T23:40:41","version" => "v2.18.1"},{"date" => "2024-02-06T17:42:02","version" => "v2.18.2"},{"date" => "2024-04-30T15:22:47","version" => "v2.19.0"},{"date" => "2024-07-15T14:44:53","version" => "v2.19.1"},{"date" => "2024-09-04T07:29:59","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:27","version" => "v2.20.0"},{"date" => "2024-11-08T16:33:39","version" => "v2.20.1"},{"date" => "2025-01-22T17:42:14","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:01","version" => "v2.21.0"},{"date" => "2025-06-11T11:14:59","version" => "v2.21.1"},{"date" => "2025-07-11T15:39:59","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:23","version" => "v2.21.3"},{"date" => "2025-10-17T15:26:48","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:08","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:05","version" => "v2.22.2"}]},"Lemonldap-NG-Handler" => {"advisories" => [{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.76"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.76"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.88"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.88"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.92"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.92"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Handler","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Handler-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Handler","versions" => [{"date" => "2005-06-29T18:42:29","version" => "0.01"},{"date" => "2005-07-02T08:47:30","version" => "0.02"},{"date" => "2005-07-27T19:22:32","version" => "0.03"},{"date" => "2005-07-29T14:35:49","version" => "0.04"},{"date" => "2005-07-29T15:36:42","version" => "0.05"},{"date" => "2006-07-13T17:53:49","version" => "0.06"},{"date" => "2006-09-27T16:47:33","version" => "0.07"},{"date" => "2006-09-30T21:30:18","version" => "0.1"},{"date" => "2006-10-07T13:24:25","version" => "0.11"},{"date" => "2006-10-14T13:17:22","version" => "0.3"},{"date" => "2006-10-17T13:58:42","version" => "0.5"},{"date" => "2006-11-02T14:33:27","version" => "0.6"},{"date" => "2006-11-02T15:58:18","version" => "0.61"},{"date" => "2006-11-03T07:14:00","version" => "0.62"},{"date" => "2006-12-05T06:47:36","version" => "0.621"},{"date" => "2006-12-07T21:02:24","version" => "0.63"},{"date" => "2006-12-19T18:22:50","version" => "0.7"},{"date" => "2006-12-31T13:03:21","version" => "0.71"},{"date" => "2007-01-05T20:38:29","version" => "0.73"},{"date" => "2007-02-10T11:16:17","version" => "0.74"},{"date" => "2007-02-28T22:28:56","version" => "0.75"},{"date" => "2007-03-09T20:16:44","version" => "0.76"},{"date" => "2007-03-29T19:52:16","version" => "0.77"},{"date" => "2007-04-14T13:14:29","version" => "0.8"},{"date" => "2007-04-15T12:47:16","version" => "0.81"},{"date" => "2007-06-20T19:44:05","version" => "0.82"},{"date" => "2007-07-22T20:34:59","version" => "0.83"},{"date" => "2007-07-31T05:11:23","version" => "0.84"},{"date" => "2008-02-28T07:11:26","version" => "0.85"},{"date" => "2008-04-11T14:53:16","version" => "0.86"},{"date" => "2008-06-06T05:49:44","version" => "0.87"},{"date" => "2008-06-06T12:59:07","version" => "0.88"},{"date" => "2008-08-25T19:52:13","version" => "0.89"},{"date" => "2008-12-25T08:26:27","version" => "0.9"},{"date" => "2009-06-29T10:14:23","version" => "0.91"},{"date" => "2009-10-11T08:25:58","version" => "0.92"},{"date" => "2010-10-13T21:00:41","version" => "0.99"},{"date" => "2010-10-22T05:34:48","version" => "0.99.1"},{"date" => "2010-10-22T05:44:36","version" => "0.991"},{"date" => "2010-10-24T06:31:51","version" => "0.992"},{"date" => "2010-11-26T13:38:22","version" => "1.0.0"},{"date" => "2011-02-28T13:42:05","version" => "1.0.2"},{"date" => "2011-03-07T11:16:41","version" => "1.0.3"},{"date" => "2011-03-23T14:52:45","version" => "1.0.4"},{"date" => "2011-04-15T14:51:16","version" => "1.0.5"},{"date" => "2011-05-30T08:40:17","version" => "1.0.6"},{"date" => "2011-07-08T09:33:13","version" => "1.1.0"},{"date" => "2011-07-29T13:43:07","version" => "1.1.1"},{"date" => "2011-10-07T12:56:28","version" => "1.1.2"},{"date" => "2012-06-18T10:13:06","version" => "1.2.0"},{"date" => "2012-07-06T09:18:32","version" => "1.2.1"},{"date" => "2012-09-17T14:02:42","version" => "1.2.2"},{"date" => "2013-01-25T21:51:32","version" => "1.2.2_01"},{"date" => "2013-02-08T17:10:02","version" => "1.2.3"},{"date" => "2013-04-23T13:19:34","version" => "1.2.4"},{"date" => "2013-08-26T10:37:32","version" => "1.2.5"},{"date" => "2013-11-02T16:29:31","version" => "v1.3.0"},{"date" => "2013-11-11T14:00:55","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:27","version" => "1.3.2"},{"date" => "2014-03-07T13:55:01","version" => "1.3.3"},{"date" => "2014-06-30T12:52:38","version" => "v1.4.0"},{"date" => "2014-07-25T09:53:58","version" => "v1.4.1"},{"date" => "2014-11-05T15:13:51","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:24","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:08","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:47","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:41","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:01","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:00","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:26","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:47","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:13","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:29","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:15","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:11","version" => "v1.9.4"},{"date" => "2016-07-13T09:07:55","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:31","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:10","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:02","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:32","version" => "v1.9.7"},{"date" => "2017-02-28T21:10:55","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:01","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:46","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:15","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:25","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:08","version" => "v1.9.9"},{"date" => "2017-05-19T18:50:09","version" => "v1.9.10"},{"date" => "2017-09-01T10:30:55","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:03","version" => "v1.9.12"},{"date" => "2017-09-29T13:58:57","version" => "v1.9.13"},{"date" => "2017-11-24T19:57:39","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:13","version" => "v1.9.15"},{"date" => "2018-03-16T10:33:50","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:04","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:02","version" => "v1.9.18"},{"date" => "2018-11-30T10:48:13","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:16","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:47","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:13","version" => "v2.0.4"},{"date" => "2019-06-29T21:29:54","version" => "v2.0.5"},{"date" => "2019-09-24T13:00:38","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:16","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:13","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:30","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:13","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:46","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:04","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:33","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:48","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:13","version" => "v2.0.15"},{"date" => "2022-09-16T08:34:44","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:28:17","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:30","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:18","version" => "v2.17.0"},{"date" => "2023-12-20T21:10:42","version" => "v2.18.0"},{"date" => "2023-12-22T23:40:52","version" => "v2.18.1"},{"date" => "2024-02-06T17:42:13","version" => "v2.18.2"},{"date" => "2024-04-30T15:22:58","version" => "v2.19.0"},{"date" => "2024-07-15T14:45:04","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:10","version" => "v2.19.2"},{"date" => "2024-10-08T15:56:54","version" => "v2.20.0"},{"date" => "2024-11-08T16:33:50","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:18","version" => "v2.20.2"},{"date" => "2025-01-22T17:42:25","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:12","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:10","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:10","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:34","version" => "v2.21.3"},{"date" => "2025-10-17T15:26:59","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:19","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:16","version" => "v2.22.2"}]},"Lemonldap-NG-Manager" => {"advisories" => [{"affected_versions" => ["0.03"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.03"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.511"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.511"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.63"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.72"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.72"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.83"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.85"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.87"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.87"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.91"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Manager","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Manager-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Manager","versions" => [{"date" => "2006-12-10T21:39:02","version" => "0.01"},{"date" => "2006-12-11T07:00:16","version" => "0.02"},{"date" => "2006-12-16T11:32:53","version" => "0.03"},{"date" => "2006-12-19T18:25:24","version" => "0.04"},{"date" => "2006-12-31T13:03:44","version" => "0.1"},{"date" => "2007-01-05T20:38:40","version" => "0.3"},{"date" => "2007-01-13T19:49:19","version" => "0.4"},{"date" => "2007-02-04T14:12:51","version" => "0.43"},{"date" => "2007-02-28T22:29:07","version" => "0.44"},{"date" => "2007-03-04T18:22:09","version" => "0.5"},{"date" => "2007-03-09T20:18:20","version" => "0.51"},{"date" => "2007-03-11T20:25:29","version" => "0.511"},{"date" => "2007-03-29T19:52:20","version" => "0.61"},{"date" => "2007-04-15T11:33:06","version" => "0.63"},{"date" => "2007-05-05T20:35:41","version" => "0.64"},{"date" => "2007-05-06T14:43:00","version" => "0.65"},{"date" => "2007-06-13T13:52:42","version" => "0.7"},{"date" => "2007-06-20T19:43:54","version" => "0.72"},{"date" => "2007-07-03T05:51:25","version" => "0.8"},{"date" => "2007-07-22T20:35:02","version" => "0.82"},{"date" => "2008-02-28T07:11:37","version" => "0.83"},{"date" => "2008-04-11T14:53:27","version" => "0.84"},{"date" => "2008-06-06T05:49:55","version" => "0.85"},{"date" => "2008-08-25T19:53:40","version" => "0.86"},{"date" => "2008-12-25T08:26:37","version" => "0.87"},{"date" => "2009-06-29T10:14:34","version" => "0.89"},{"date" => "2009-06-29T11:57:03","version" => "0.9"},{"date" => "2009-06-29T16:52:14","version" => "0.90"},{"date" => "2009-10-11T08:26:09","version" => "0.91"},{"date" => "2010-10-13T21:00:54","version" => "0.99"},{"date" => "2010-10-22T05:36:18","version" => "0.99.1"},{"date" => "2010-10-22T05:44:52","version" => "0.991"},{"date" => "2010-10-24T06:32:02","version" => "0.992"},{"date" => "2010-11-26T13:38:43","version" => "1.0.0"},{"date" => "2011-02-28T13:42:13","version" => "1.0.2"},{"date" => "2011-03-07T11:16:52","version" => "v1.0.3"},{"date" => "2011-03-23T14:52:57","version" => "1.0.4"},{"date" => "2011-04-15T14:51:27","version" => "1.0.5"},{"date" => "2011-05-30T08:40:28","version" => "1.0.6"},{"date" => "2011-07-08T09:33:24","version" => "1.1.0"},{"date" => "2011-07-29T13:43:25","version" => "1.1.1"},{"date" => "2011-10-07T12:56:39","version" => "1.1.2"},{"date" => "2012-06-18T10:13:16","version" => "1.2.0"},{"date" => "2012-07-06T09:18:43","version" => "1.2.1"},{"date" => "2012-09-17T14:02:56","version" => "1.2.2"},{"date" => "2013-01-25T21:51:43","version" => "1.2.2_01"},{"date" => "2013-02-08T17:11:29","version" => "1.2.3"},{"date" => "2013-04-23T13:19:45","version" => "1.2.4"},{"date" => "2013-08-26T10:38:59","version" => "1.2.5"},{"date" => "2013-11-02T16:29:43","version" => "v1.3.0"},{"date" => "2013-11-11T14:01:06","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:39","version" => "1.3.2"},{"date" => "2014-03-07T13:55:12","version" => "1.3.3"},{"date" => "2014-06-30T12:54:05","version" => "v1.4.0"},{"date" => "2014-07-25T09:55:25","version" => "v1.4.1"},{"date" => "2014-11-05T15:14:02","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:36","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:19","version" => "v1.4.4"},{"date" => "2015-05-22T16:53:59","version" => "v1.4.5"},{"date" => "2015-10-09T09:20:52","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:13","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:12","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:37","version" => "v1.9.1"},{"date" => "2016-04-27T15:22:58","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:25","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:41","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:26","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:23","version" => "v1.9.4"},{"date" => "2016-07-13T09:08:06","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:43","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:21","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:14","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:43","version" => "v1.9.7"},{"date" => "2017-02-28T21:11:07","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:22","version" => "v1.9.8"},{"date" => "2017-03-07T05:47:58","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:17","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:36","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:20","version" => "v1.9.9"},{"date" => "2017-05-19T18:50:21","version" => "v1.9.10"},{"date" => "2017-09-01T10:31:07","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:15","version" => "v1.9.12"},{"date" => "2017-09-29T14:00:24","version" => "v1.9.13"},{"date" => "2017-11-24T19:59:07","version" => "v1.9.14"},{"date" => "2018-01-23T12:49:25","version" => "v1.9.15"},{"date" => "2018-03-16T10:34:01","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:16","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:14","version" => "v1.9.18"},{"date" => "2018-11-30T10:49:40","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:28","version" => "v2.0.2"},{"date" => "2019-04-11T12:22:59","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:24","version" => "v2.0.4"},{"date" => "2019-06-29T21:31:21","version" => "v2.0.5"},{"date" => "2019-09-24T13:00:49","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:27","version" => "v2.0.7"},{"date" => "2020-05-05T16:12:34","version" => "v2.0.8"},{"date" => "2020-09-07T06:19:41","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:24","version" => "v2.0.10"},{"date" => "2021-01-31T14:51:57","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:15","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:44","version" => "v2.0.13"},{"date" => "2022-02-22T18:12:59","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:24","version" => "v2.0.15"},{"date" => "2022-09-16T08:36:11","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:29:43","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:41","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:29","version" => "v2.17.0"},{"date" => "2023-12-20T21:12:09","version" => "v2.18.0"},{"date" => "2023-12-22T23:41:03","version" => "v2.18.1"},{"date" => "2024-02-06T17:49:02","version" => "v2.18.2"},{"date" => "2024-04-30T15:23:09","version" => "v2.19.0"},{"date" => "2024-07-15T14:45:15","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:22","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:38","version" => "v2.20.0"},{"date" => "2024-11-08T16:34:01","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:29","version" => "v2.20.2"},{"date" => "2025-01-22T17:40:23","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:23","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:21","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:21","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:45","version" => "v2.21.3"},{"date" => "2025-10-17T15:27:10","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:30","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:27","version" => "v2.22.2"}]},"Lemonldap-NG-Portal" => {"advisories" => [{"affected_versions" => ["<0.87"],"cves" => [],"description" => "When running on Apache with thread support setMacros and setGroups were not launched with the good datas.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [">=0.87"],"id" => "CPANSA-Lemonldap-NG-Portal-2009-01","references" => ["https://metacpan.org/changes/distribution/Lemonldap-NG-Portal"],"reported" => "2009-02-08"},{"affected_versions" => ["0.42"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.42"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.64"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.64"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.73"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.73"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.74"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.74"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.77"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.81"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.82"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.84"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.86"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.89"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.89"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["0.90"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.1.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.2.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.3.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.4.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.12"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.13"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.14"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.15"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.16"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.17"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.18"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.19"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.20"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.21"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["1.9.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.0"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.1"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.10"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.11"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.13"],"cves" => ["CVE-2021-40874"],"description" => "An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-40874-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2022-07-18","severity" => undef},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.2"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.3"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.4"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.5"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.6"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.7"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.8"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35472"],"description" => "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35472-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags","https://www.debian.org/security/2021/dsa-4943","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => "2021-07-30","severity" => "high"},{"affected_versions" => ["2.0.9"],"cves" => ["CVE-2021-35473"],"description" => "OAuth2 handler does not verify access token validity\n","distribution" => "Lemonldap-NG-Portal","fixed_versions" => [],"id" => "CPANSA-Lemonldap-NG-Portal-2021-35473-lemonldap","references" => ["https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog"],"reported" => undef,"severity" => "low"}],"main_module" => "Lemonldap::NG::Portal","versions" => [{"date" => "2005-06-29T18:44:50","version" => "0.01"},{"date" => "2005-07-02T08:49:37","version" => "0.02"},{"date" => "2006-10-07T13:24:36","version" => "0.1"},{"date" => "2006-10-14T13:26:07","version" => "0.11"},{"date" => "2006-10-14T14:11:06","version" => "0.111"},{"date" => "2006-10-17T13:58:53","version" => "0.2"},{"date" => "2006-11-02T15:23:31","version" => "0.4"},{"date" => "2006-11-03T07:25:06","version" => "0.41"},{"date" => "2006-12-07T21:02:36","version" => "0.42"},{"date" => "2006-12-19T18:26:07","version" => "0.5"},{"date" => "2006-12-31T13:03:32","version" => "0.51"},{"date" => "2007-01-13T19:47:36","version" => "0.6"},{"date" => "2007-02-28T22:29:18","version" => "0.62"},{"date" => "2007-03-04T18:23:52","version" => "0.63"},{"date" => "2007-03-09T20:18:23","version" => "0.64"},{"date" => "2007-03-29T19:52:31","version" => "0.7"},{"date" => "2007-04-01T20:26:10","version" => "0.71"},{"date" => "2007-04-14T20:46:13","version" => "0.72"},{"date" => "2007-04-20T06:51:13","version" => "0.73"},{"date" => "2007-06-13T13:54:26","version" => "0.74"},{"date" => "2007-07-22T20:35:13","version" => "0.76"},{"date" => "2007-07-31T05:11:34","version" => "0.77"},{"date" => "2007-10-15T06:03:56","version" => "0.8"},{"date" => "2008-02-28T07:13:04","version" => "0.81"},{"date" => "2008-04-11T14:53:38","version" => "0.82"},{"date" => "2008-06-06T05:50:06","version" => "0.83"},{"date" => "2008-06-06T12:46:10","version" => "0.84"},{"date" => "2008-08-25T19:53:48","version" => "0.85"},{"date" => "2008-12-25T08:26:49","version" => "0.86"},{"date" => "2009-02-08T07:13:05","version" => "0.87"},{"date" => "2009-06-29T10:14:46","version" => "0.88"},{"date" => "2009-07-05T11:40:59","version" => "0.89"},{"date" => "2009-10-11T08:26:21","version" => "0.90"},{"date" => "2010-10-13T21:02:21","version" => "0.99"},{"date" => "2010-10-22T05:36:29","version" => "0.99.1"},{"date" => "2010-10-22T05:45:04","version" => "0.991"},{"date" => "2010-10-24T06:33:29","version" => "0.992"},{"date" => "2010-11-26T13:38:59","version" => "1.0.0"},{"date" => "2011-02-28T13:42:23","version" => "1.0.2"},{"date" => "2011-03-07T11:17:03","version" => "v1.0.3"},{"date" => "2011-03-23T14:54:26","version" => "1.0.4"},{"date" => "2011-04-15T14:51:44","version" => "1.0.5"},{"date" => "2011-05-30T08:40:46","version" => "1.0.6"},{"date" => "2011-07-08T09:33:35","version" => "1.1.0"},{"date" => "2011-07-29T13:43:35","version" => "1.1.1"},{"date" => "2011-10-07T12:58:06","version" => "1.1.2"},{"date" => "2012-06-18T10:13:31","version" => "1.2.0"},{"date" => "2012-07-06T09:18:54","version" => "1.2.1"},{"date" => "2012-09-17T14:04:26","version" => "1.2.2"},{"date" => "2013-01-25T21:51:54","version" => "1.2.2_01"},{"date" => "2013-02-08T17:11:38","version" => "1.2.3"},{"date" => "2013-04-23T13:19:57","version" => "1.2.4"},{"date" => "2013-08-26T10:39:11","version" => "1.2.5"},{"date" => "2013-11-02T16:31:10","version" => "v1.3.0"},{"date" => "2013-11-10T18:00:31","version" => "v1.3.0_01"},{"date" => "2013-11-11T14:01:21","version" => "v1.3.1"},{"date" => "2014-02-05T09:31:50","version" => "1.3.2"},{"date" => "2014-03-07T13:55:23","version" => "1.3.3"},{"date" => "2014-06-30T12:54:16","version" => "v1.4.0"},{"date" => "2014-07-25T09:55:37","version" => "v1.4.1"},{"date" => "2014-11-05T15:15:30","version" => "v1.4.2"},{"date" => "2014-12-19T10:31:47","version" => "v1.4.3"},{"date" => "2015-04-15T10:05:31","version" => "v1.4.4"},{"date" => "2015-05-22T16:54:10","version" => "v1.4.5"},{"date" => "2015-10-09T09:21:04","version" => "v1.4.6"},{"date" => "2016-03-02T09:50:24","version" => "v1.9.0"},{"date" => "2016-03-22T14:25:24","version" => "v1.4.7"},{"date" => "2016-04-05T16:02:49","version" => "v1.9.1"},{"date" => "2016-04-27T15:23:10","version" => "v1.4.8"},{"date" => "2016-05-01T19:25:36","version" => "v1.9.2"},{"date" => "2016-06-03T14:14:52","version" => "v1.4.9"},{"date" => "2016-06-07T15:48:38","version" => "v1.9.3"},{"date" => "2016-06-14T18:36:34","version" => "v1.9.4"},{"date" => "2016-07-13T09:08:18","version" => "v1.4.10"},{"date" => "2016-07-13T12:58:54","version" => "v1.9.5"},{"date" => "2016-10-10T13:34:33","version" => "v1.4.11"},{"date" => "2016-10-16T12:23:25","version" => "v1.9.6"},{"date" => "2016-12-14T19:57:55","version" => "v1.9.7"},{"date" => "2017-02-28T21:11:18","version" => "v1.9.99_2.0alpha1"},{"date" => "2017-03-02T14:55:34","version" => "v1.9.8"},{"date" => "2017-03-07T05:48:09","version" => "v1.9.99_02"},{"date" => "2017-03-07T06:00:28","version" => "v1.9.99_03"},{"date" => "2017-03-15T05:34:48","version" => "v1.9.991_01"},{"date" => "2017-03-17T07:21:31","version" => "v1.9.9"},{"date" => "2017-05-19T18:48:42","version" => "v1.9.10"},{"date" => "2017-09-01T10:32:34","version" => "v1.9.11"},{"date" => "2017-09-12T08:40:27","version" => "v1.9.12"},{"date" => "2017-09-29T14:00:36","version" => "v1.9.13"},{"date" => "2017-11-24T19:59:18","version" => "v1.9.14"},{"date" => "2018-01-23T12:50:53","version" => "v1.9.15"},{"date" => "2018-03-16T10:34:13","version" => "v1.9.16"},{"date" => "2018-06-16T09:27:27","version" => "v1.9.17"},{"date" => "2018-10-05T09:40:26","version" => "v1.9.18"},{"date" => "2018-11-30T10:49:52","version" => "v2.0.0"},{"date" => "2019-02-12T17:13:39","version" => "v2.0.2"},{"date" => "2019-04-11T12:23:10","version" => "v2.0.3"},{"date" => "2019-05-13T13:07:36","version" => "v2.0.4"},{"date" => "2019-06-29T21:31:33","version" => "v2.0.5"},{"date" => "2019-09-24T13:01:00","version" => "v2.0.6"},{"date" => "2019-12-21T21:46:38","version" => "v2.0.7"},{"date" => "2020-05-05T16:14:25","version" => "v2.0.8"},{"date" => "2020-09-07T06:21:08","version" => "v2.0.9"},{"date" => "2021-01-17T17:24:36","version" => "v2.0.10"},{"date" => "2021-01-31T14:52:09","version" => "v2.0.11"},{"date" => "2021-07-22T17:38:26","version" => "v2.0.12"},{"date" => "2021-08-23T07:09:56","version" => "v2.0.13"},{"date" => "2022-02-22T18:13:11","version" => "v2.0.14"},{"date" => "2022-09-09T17:10:35","version" => "v2.0.15"},{"date" => "2022-09-16T08:36:23","version" => "v2.0.15.1"},{"date" => "2023-02-01T15:29:55","version" => "v2.0.16"},{"date" => "2023-05-12T17:38:52","version" => "v2.16.2"},{"date" => "2023-08-30T16:24:40","version" => "v2.17.0"},{"date" => "2023-12-20T21:12:20","version" => "v2.18.0"},{"date" => "2023-12-22T23:41:14","version" => "v2.18.1"},{"date" => "2024-02-06T17:49:13","version" => "v2.18.2"},{"date" => "2024-04-30T15:23:21","version" => "v2.19.0"},{"date" => "2024-07-15T14:48:13","version" => "v2.19.1"},{"date" => "2024-09-04T07:30:33","version" => "v2.19.2"},{"date" => "2024-10-08T15:53:50","version" => "v2.20.0"},{"date" => "2024-11-08T16:34:12","version" => "v2.20.1"},{"date" => "2025-01-21T17:01:40","version" => "v2.20.2"},{"date" => "2025-01-22T17:40:34","version" => "v2.16.4"},{"date" => "2025-04-07T15:09:34","version" => "v2.21.0"},{"date" => "2025-06-11T11:15:32","version" => "v2.21.1"},{"date" => "2025-07-11T15:40:33","version" => "v2.21.2"},{"date" => "2025-09-08T09:08:56","version" => "v2.21.3"},{"date" => "2025-10-17T15:27:21","version" => "v2.22.0"},{"date" => "2025-11-25T15:05:41","version" => "v2.22.1"},{"date" => "2026-01-30T16:45:38","version" => "v2.22.2"}]},"Linux-Statm-Tiny" => {"advisories" => [{"affected_versions" => ["<0.0701"],"cves" => ["CVE-2025-3051"],"description" => "Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be\x{a0}loaded instead of the intended file, potentially leading to arbitrary\x{a0}code execution.  Linux::Statm::Tiny uses Mite to produce the affected code section due to\x{a0}CVE-2025-30672","distribution" => "Linux-Statm-Tiny","fixed_versions" => [">=0.0701"],"id" => "CPANSA-Linux-Statm-Tiny-2025-3051","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0700/source/lib/Linux/Statm/Tiny/Mite.pm#L82","https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0701/changes"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Linux::Statm::Tiny","versions" => [{"date" => "2015-01-05T12:19:47","version" => "0.0100"},{"date" => "2015-01-05T15:39:13","version" => "0.0200"},{"date" => "2015-01-05T18:23:59","version" => "0.0201"},{"date" => "2015-01-12T11:30:31","version" => "0.0300"},{"date" => "2015-03-27T13:57:06","version" => "0.0400"},{"date" => "2015-04-09T08:05:00","version" => "0.0500"},{"date" => "2015-05-05T16:02:45","version" => "0.0501"},{"date" => "2015-05-05T16:22:04","version" => "0.0502"},{"date" => "2015-05-06T13:21:39","version" => "0.0503"},{"date" => "2015-05-25T13:38:11","version" => "0.0504"},{"date" => "2015-06-23T17:07:45","version" => "0.0505"},{"date" => "2018-10-27T22:38:48","version" => "0.0600"},{"date" => "2019-02-17T18:30:34","version" => "0.0601"},{"date" => "2022-04-04T15:34:50","version" => "0.0602"},{"date" => "2022-04-04T15:41:28","version" => "0.0603"},{"date" => "2022-07-26T16:29:04","version" => "0.0700"},{"date" => "2025-03-31T13:52:42","version" => "0.0701"}]},"Locale-Maketext" => {"advisories" => [{"affected_versions" => ["<1.25"],"cves" => ["CVE-2012-6329"],"description" => "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.\n","distribution" => "Locale-Maketext","fixed_versions" => [],"id" => "CPANSA-Locale-Maketext-2012-6329","references" => ["http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8","http://sourceforge.net/mailarchive/message.php?msg_id=30219695","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224","http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329","http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod","http://openwall.com/lists/oss-security/2012/12/11/4","http://code.activestate.com/lists/perl5-porters/187763/","http://code.activestate.com/lists/perl5-porters/187746/","https://bugzilla.redhat.com/show_bug.cgi?id=884354","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032","http://www.ubuntu.com/usn/USN-2099-1","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/56950","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2013-01-04","severity" => undef},{"affected_versions" => ["<1.28"],"cves" => ["CVE-2016-1238"],"description" => "Does not remove . from \@INC, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Locale-Maketext","fixed_versions" => [">=1.28"],"id" => "CPANSA-Locale-Maketext-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Locale::Maketext","versions" => [{"date" => "1999-03-16T05:22:44","version" => "0.17"},{"date" => "2000-05-14T08:26:33","version" => "0.18"},{"date" => "2001-05-25T14:21:01","version" => "1.01"},{"date" => "2001-06-20T08:28:48","version" => "1.02"},{"date" => "2001-06-22T05:27:18","version" => "1.03"},{"date" => "2003-04-02T20:20:43","version" => "1.04"},{"date" => "2003-04-19T06:11:36","version" => "1.05"},{"date" => "2003-06-22T07:51:14","version" => "1.06"},{"date" => "2004-01-12T04:18:16","version" => "1.07"},{"date" => "2004-01-20T00:14:54","version" => "1.08"},{"date" => "2004-03-31T06:47:07","version" => "1.09"},{"date" => "2005-11-11T03:42:57","version" => "1.10"},{"date" => "2007-05-08T05:03:08","version" => "1.11_01"},{"date" => "2007-11-18T05:22:03","version" => "1.12"},{"date" => "2008-05-28T15:01:40","version" => "1.13"},{"date" => "2009-06-23T18:13:14","version" => "1.13_80"},{"date" => "2009-06-24T00:22:21","version" => "1.13_81"},{"date" => "2009-06-24T02:33:08","version" => "1.13_82"},{"date" => "2010-09-28T22:59:25","version" => "1.15_01"},{"date" => "2010-10-07T14:12:19","version" => "1.15_02"},{"date" => "2010-10-11T18:07:07","version" => "1.16"},{"date" => "2010-10-20T15:54:47","version" => "1.16_01"},{"date" => "2010-10-20T18:42:13","version" => "1.17"},{"date" => "2011-05-25T15:44:55","version" => "1.18_01"},{"date" => "2011-05-31T19:29:50","version" => "1.19"},{"date" => "2011-12-15T04:02:22","version" => "1.19_01"},{"date" => "2011-12-23T15:18:14","version" => "1.21"},{"date" => "2012-01-15T05:02:24","version" => "1.22"},{"date" => "2012-12-04T21:29:08","version" => "1.23"},{"date" => "2014-04-14T03:15:07","version" => "1.25_01"},{"date" => "2014-04-15T20:10:23","version" => "1.25"},{"date" => "2014-12-04T20:57:02","version" => "1.26"},{"date" => "2016-06-22T23:30:00","version" => "1.27"},{"date" => "2016-07-25T17:57:25","version" => "1.28"},{"date" => "2020-01-20T05:04:23","version" => "1.29"},{"date" => "2022-04-01T19:18:30","version" => "1.30"},{"date" => "2022-04-14T21:18:43","version" => "1.31"},{"date" => "2022-08-22T19:20:51","version" => "1.32"},{"date" => "2023-12-30T21:23:51","version" => "1.33"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "1.10_01"},{"date" => "2009-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011002","version" => "1.14"},{"date" => "2010-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013003","version" => "1.15"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "1.18"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "1.20"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "1.24"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "1.26_01"}]},"Log-Any" => {"advisories" => [{"affected_versions" => [">=1.712,<=1.715"],"cves" => [],"description" => "The WithStackTrace proxy may expose sensitive information\n","distribution" => "Log-Any","fixed_versions" => ["1.716"],"id" => "CPANSA-Log-Any-2023-001","references" => ["https://metacpan.org/dist/Log-Any/changes","https://github.com/preaction/Log-Any/pull/97"],"reported" => undef,"severity" => undef}],"main_module" => "Log::Any","versions" => [{"date" => "2009-07-11T14:11:33","version" => "0.01"},{"date" => "2009-07-14T23:34:51","version" => "0.02"},{"date" => "2009-07-18T03:41:02","version" => "0.03"},{"date" => "2009-09-04T00:32:59","version" => "0.03"},{"date" => "2009-10-27T22:26:20","version" => "0.05"},{"date" => "2009-10-31T23:24:23","version" => "0.06"},{"date" => "2009-12-07T17:57:19","version" => "0.07"},{"date" => "2009-12-16T01:31:06","version" => "0.08"},{"date" => "2010-01-05T21:20:31","version" => "0.09"},{"date" => "2010-01-05T21:27:46","version" => "0.10"},{"date" => "2010-02-12T13:08:17","version" => "0.11"},{"date" => "2011-03-23T21:55:43","version" => "0.12"},{"date" => "2011-08-02T13:27:07","version" => "0.13"},{"date" => "2011-08-31T22:51:22","version" => "0.14"},{"date" => "2013-04-10T17:16:43","version" => "0.15"},{"date" => "2014-12-12T22:09:51","version" => "0.90"},{"date" => "2014-12-15T03:15:09","version" => "0.91"},{"date" => "2014-12-15T12:13:47","version" => "0.92"},{"date" => "2014-12-26T03:04:57","version" => "1.00"},{"date" => "2014-12-27T03:26:31","version" => "1.01"},{"date" => "2014-12-28T12:07:41","version" => "1.02"},{"date" => "2015-01-02T03:43:07","version" => "1.03"},{"date" => "2015-03-26T10:09:30","version" => "1.031"},{"date" => "2015-03-26T21:24:48","version" => "1.032"},{"date" => "2016-02-03T15:34:02","version" => "1.033"},{"date" => "2016-02-04T19:48:49","version" => "1.035"},{"date" => "2016-02-06T01:27:07","version" => "1.037"},{"date" => "2016-02-10T21:18:02","version" => "1.038"},{"date" => "2016-02-24T22:48:34","version" => "1.040"},{"date" => "2016-08-18T05:02:37","version" => "1.041"},{"date" => "2016-08-27T04:38:20","version" => "1.042"},{"date" => "2016-11-04T02:48:06","version" => "1.043"},{"date" => "2016-11-06T21:53:19","version" => "1.044"},{"date" => "2016-11-12T03:54:03","version" => "1.045"},{"date" => "2017-01-12T03:44:21","version" => "1.046"},{"date" => "2017-03-23T01:25:09","version" => "1.047"},{"date" => "2017-03-27T20:17:22","version" => "1.048"},{"date" => "2017-03-28T21:03:30","version" => "1.049"},{"date" => "2017-08-04T03:30:12","version" => "1.050"},{"date" => "2017-08-07T01:43:24","version" => "1.051"},{"date" => "2017-09-28T22:00:06","version" => "1.700"},{"date" => "2017-10-02T19:38:09","version" => "1.701"},{"date" => "2017-11-28T21:20:01","version" => "1.702"},{"date" => "2017-11-29T16:57:31","version" => "1.703"},{"date" => "2017-12-18T00:14:35","version" => "1.704"},{"date" => "2018-01-17T19:50:35","version" => "1.705"},{"date" => "2018-07-07T01:21:05","version" => "1.706"},{"date" => "2018-08-02T03:56:11","version" => "1.707"},{"date" => "2020-01-13T03:58:06","version" => "1.708"},{"date" => "2021-02-17T21:17:28","version" => "1.709"},{"date" => "2021-08-02T15:11:51","version" => "1.710"},{"date" => "2022-11-22T17:29:07","version" => "1.711"},{"date" => "2022-12-09T17:06:31","version" => "1.712"},{"date" => "2022-12-12T18:45:32","version" => "1.713"},{"date" => "2023-03-20T16:49:03","version" => "1.714"},{"date" => "2023-05-04T18:09:55","version" => "1.715"},{"date" => "2023-06-26T19:15:29","version" => "1.716"},{"date" => "2023-08-17T15:53:05","version" => "1.717"},{"date" => "2025-06-01T15:00:19","version" => "1.718"},{"date" => "2026-03-16T13:54:31","version" => "1.719"}]},"MARC-File-XML" => {"advisories" => [{"affected_versions" => ["<1.0.2"],"cves" => ["CVE-2014-1626"],"description" => "XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.\n","distribution" => "MARC-File-XML","fixed_versions" => [],"id" => "CPANSA-MARC-File-XML-2014-1626","references" => ["http://www.securityfocus.com/bid/65057","http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html","http://secunia.com/advisories/55404","http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html","https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes","http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html","http://osvdb.org/102367","https://exchange.xforce.ibmcloud.com/vulnerabilities/90620"],"reported" => "2014-01-26","severity" => undef}],"main_module" => "MARC::File::XML","versions" => [{"date" => "2017-05-24T01:18:18","version" => "v1.0.5"}]},"MDK-Common" => {"advisories" => [{"affected_versions" => ["==1.1.11","==1.1.24",">=1.2.9,<=1.2.14"],"cves" => ["CVE-2009-0912"],"description" => "perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via \"special characters\" in unspecified vectors.'\n","distribution" => "MDK-Common","fixed_versions" => [],"id" => "CPANSA-MDK-Common-2009-0912","references" => ["http://www.securityfocus.com/bid/34089","http://www.vupen.com/english/advisories/2009/0688","http://www.mandriva.com/security/advisories?name=MDVSA-2009:072","https://exchange.xforce.ibmcloud.com/vulnerabilities/49220"],"reported" => "2009-03-16","severity" => undef}],"main_module" => "MDK::Common","versions" => [{"date" => "2012-09-14T16:23:25","version" => "1.2.29"},{"date" => "2014-05-06T17:14:10","version" => "v1.2.30"},{"date" => "2017-10-27T22:31:26","version" => "v1.2.32"},{"date" => "2017-10-27T23:18:48","version" => "v1.2.33"},{"date" => "2017-10-28T01:09:39","version" => "v1.2.34"},{"date" => "2017-10-28T03:37:17","version" => "v1.2.34.1"},{"date" => "2017-10-28T04:28:13","version" => "v1.2.34.2"}]},"MHonArc" => {"advisories" => [{"affected_versions" => ["<2.6.17"],"cves" => ["CVE-2010-4524"],"description" => "Improper escaping of certain HTML sequences (XSS).\n","distribution" => "MHonArc","fixed_versions" => [">=2.6.17"],"id" => "CPANSA-MHonArc-2011-01","references" => ["https://metacpan.org/changes/distribution/MHonArc"],"reported" => "2011-01-09"},{"affected_versions" => ["<2.6.17"],"cves" => ["CVE-2010-1677"],"description" => "DoS when processing html messages with deep tag nesting.\n","distribution" => "MHonArc","fixed_versions" => [">=2.6.17"],"id" => "CPANSA-MHonArc-2011-02","references" => ["https://metacpan.org/changes/distribution/MHonArc"],"reported" => "2011-01-09"}],"main_module" => "MHonArc::UTF8","versions" => [{"date" => "1997-12-11T20:44:41","version" => "2.1"},{"date" => "1998-03-04T01:06:00","version" => "v2.2.0"},{"date" => "1998-10-11T02:56:10","version" => "v2.3.0"},{"date" => "1998-10-25T19:27:37","version" => "v2.3.1"},{"date" => "1998-11-01T20:02:48","version" => "v2.3.2"},{"date" => "1998-11-08T21:59:21","version" => "v2.3.3"},{"date" => "1999-06-26T07:57:53","version" => "v2.4.0"},{"date" => "1999-07-26T19:30:51","version" => "v2.4.1"},{"date" => "1999-08-12T07:16:14","version" => "v2.4.2"},{"date" => "1999-08-16T06:25:39","version" => "v2.4.3"},{"date" => "1999-10-01T19:43:07","version" => "v2.4.4"},{"date" => "2000-02-15T03:44:03","version" => "v2.4.5"},{"date" => "2000-04-24T08:35:56","version" => "v2.4.6"},{"date" => "2000-10-29T04:18:32","version" => "v2.4.7"},{"date" => "2000-10-30T06:29:47","version" => "v2.4.7"},{"date" => "2001-04-14T21:48:01","version" => "v2.4.8"},{"date" => "2001-06-11T03:09:13","version" => "v2.4.9"},{"date" => "2001-08-26T19:46:53","version" => "v2.5.0"},{"date" => "2001-09-07T15:24:19","version" => "v2.5.0"},{"date" => "2001-10-17T16:03:13","version" => "v2.5.0"},{"date" => "2001-11-14T05:09:59","version" => "v2.5.1"},{"date" => "2001-11-25T06:46:19","version" => "v2.5.2"},{"date" => "2002-04-18T07:23:29","version" => "v2.5.3"},{"date" => "2002-05-03T05:06:16","version" => "v2.5.4"},{"date" => "2002-05-28T05:43:00","version" => "v2.5.5"},{"date" => "2002-06-18T18:07:38","version" => "v2.5.6"},{"date" => "2002-06-21T22:59:36","version" => "v2.5.7"},{"date" => "2002-06-29T03:22:26","version" => "v2.5.8"},{"date" => "2002-07-20T02:39:53","version" => "v2.5.9"},{"date" => "2002-07-29T00:10:32","version" => "v2.5.10"},{"date" => "2002-08-04T04:25:22","version" => "v2.5.11"},{"date" => "2002-09-04T04:32:14","version" => "v2.5.12"},{"date" => "2002-10-21T17:13:35","version" => "v2.5.13"},{"date" => "2002-12-22T01:07:40","version" => "v2.5.14"},{"date" => "2003-02-10T05:23:02","version" => "v2.6.0"},{"date" => "2003-02-23T00:39:05","version" => "v2.6.1"},{"date" => "2003-03-12T01:55:48","version" => "v2.6.2"},{"date" => "2003-04-06T02:11:59","version" => "v2.6.3"},{"date" => "2003-06-22T21:54:52","version" => "v2.6.4"},{"date" => "2003-07-20T04:51:56","version" => "v2.6.5"},{"date" => "2003-07-21T17:20:07","version" => "v2.6.6"},{"date" => "2003-08-07T23:49:43","version" => "v2.6.7"},{"date" => "2003-08-13T04:47:02","version" => "v2.6.8"},{"date" => "2004-05-17T06:24:46","version" => "v2.6.9"},{"date" => "2004-05-17T06:25:16","version" => "v2.6.10"},{"date" => "2005-05-20T17:15:40","version" => "v2.6.11"},{"date" => "2005-06-09T02:30:11","version" => "v2.6.12"},{"date" => "2005-07-06T05:15:55","version" => "v2.6.13"},{"date" => "2005-07-23T07:15:49","version" => "2.6.14"},{"date" => "2005-07-27T03:46:13","version" => "2.6.15"},{"date" => "2006-06-10T03:21:01","version" => "2.6.16"},{"date" => "2011-01-09T10:04:06","version" => "2.6.17"},{"date" => "2011-01-09T16:35:39","version" => "2.6.18"},{"date" => "2014-04-22T03:33:53","version" => "2.6.19"},{"date" => "2020-09-14T09:22:58","version" => "v2.6.20"},{"date" => "2020-09-14T11:54:14","version" => "v2.6.21"},{"date" => "2020-09-21T07:06:18","version" => "v2.6.22"},{"date" => "2020-11-12T12:54:55","version" => "v2.6.23"},{"date" => "2020-11-16T14:24:54","version" => "v2.6.24"}]},"MIME-tools" => {"advisories" => [{"affected_versions" => ["<4.109"],"cves" => [],"description" => "There was a potential security hole when outputting entities with recommended filenames.\n","distribution" => "MIME-tools","fixed_versions" => [">=4.109"],"id" => "CPANSA-MIME-tools-1998-01","references" => ["https://metacpan.org/dist/MIME-tools/changes"],"reported" => "1998-01-10","severity" => undef}],"main_module" => "MIME::Body","versions" => [{"date" => "1996-10-18T13:57:11","version" => "2.01"},{"date" => "1996-10-23T19:20:59","version" => "2.02"},{"date" => "1996-10-28T18:27:36","version" => "2.03"},{"date" => "1996-11-03T00:35:36","version" => "2.04"},{"date" => "1997-01-13T10:17:14","version" => "2.13"},{"date" => "1997-01-14T07:05:37","version" => "2.14"},{"date" => "1997-01-21T03:40:48","version" => "3.203"},{"date" => "1997-01-22T11:24:13","version" => "3.204"},{"date" => "1998-01-14T15:44:55","version" => "4.111"},{"date" => "1998-01-18T04:23:37","version" => "4.112"},{"date" => "1998-01-20T08:21:18","version" => "4.113"},{"date" => "1998-02-14T21:45:26","version" => "4.116"},{"date" => "1998-05-05T14:32:36","version" => "4.119"},{"date" => "1998-06-04T13:30:01","version" => "4.121"},{"date" => "1999-02-10T05:39:03","version" => "4.122"},{"date" => "1999-05-14T13:29:15","version" => "4.124"},{"date" => "2000-05-24T14:44:21","version" => "5.115"},{"date" => "2000-05-26T04:46:25","version" => "5.116"},{"date" => "2000-06-06T16:14:02","version" => "5.205"},{"date" => "2000-06-08T07:36:13","version" => "5.206"},{"date" => "2000-06-09T03:44:00","version" => "5.207"},{"date" => "2000-06-10T08:12:36","version" => "5.209"},{"date" => "2000-06-20T13:24:34","version" => "5.210"},{"date" => "2000-06-24T06:57:34","version" => "5.211"},{"date" => "2000-07-07T14:46:11","version" => "5.304"},{"date" => "2000-07-20T06:47:41","version" => "5.306"},{"date" => "2000-08-15T14:22:44","version" => "5.310"},{"date" => "2000-08-16T05:28:11","version" => "5.311"},{"date" => "2000-09-05T04:17:48","version" => "5.313"},{"date" => "2000-09-06T04:59:03","version" => "5.314"},{"date" => "2000-09-21T06:14:25","version" => "5.316"},{"date" => "2000-11-05T15:24:04","version" => "5.404"},{"date" => "2000-11-06T00:34:39","version" => "5.405"},{"date" => "2000-11-10T05:27:35","version" => "5.408"},{"date" => "2000-11-20T18:04:43","version" => "5.409"},{"date" => "2000-11-23T05:31:08","version" => "5.410"},{"date" => "2001-06-05T15:21:25","version" => "5.411"},{"date" => "2001-11-16T17:32:32","version" => "5.411"},{"date" => "2003-06-09T16:42:00","version" => "6.200_01"},{"date" => "2003-07-22T20:49:42","version" => "6.200_02"},{"date" => "2004-09-14T14:20:07","version" => "5.412"},{"date" => "2004-09-15T14:11:08","version" => "5.413"},{"date" => "2004-10-06T19:46:54","version" => "5.414"},{"date" => "2004-10-27T12:51:54","version" => "5.415"},{"date" => "2005-01-03T15:45:29","version" => "5.416"},{"date" => "2005-01-20T21:24:25","version" => "5.417"},{"date" => "2005-09-29T19:40:53","version" => "5.418"},{"date" => "2005-12-22T21:52:16","version" => "5.419"},{"date" => "2006-03-17T21:20:12","version" => "5.420"},{"date" => "2007-06-18T20:04:22","version" => "5.420_01"},{"date" => "2007-08-31T18:03:20","version" => "5.420_02"},{"date" => "2007-09-20T21:33:01","version" => "5.421"},{"date" => "2007-09-25T22:31:20","version" => "5.422"},{"date" => "2007-09-27T15:50:17","version" => "5.423"},{"date" => "2007-11-07T15:36:31","version" => "5.424"},{"date" => "2007-11-17T16:20:42","version" => "5.425"},{"date" => "2008-03-18T13:45:38","version" => "5.426"},{"date" => "2008-06-30T18:41:00","version" => "5.426"},{"date" => "2010-04-22T15:31:33","version" => "5.428"},{"date" => "2010-04-30T13:47:59","version" => "5.500"},{"date" => "2011-01-07T15:59:19","version" => "5.500"},{"date" => "2011-02-17T18:37:12","version" => "5.501"},{"date" => "2011-03-08T14:03:11","version" => "5.502"},{"date" => "2012-06-08T13:44:12","version" => "5.503"},{"date" => "2013-01-30T21:01:40","version" => "5.504"},{"date" => "2013-11-14T15:27:15","version" => "5.505"},{"date" => "2015-04-22T17:32:26","version" => "5.506"},{"date" => "2015-09-30T13:21:56","version" => "5.507"},{"date" => "2016-08-29T14:52:28","version" => "5.508"},{"date" => "2017-04-05T18:13:30","version" => "5.508"},{"date" => "2022-07-06T14:20:39","version" => "5.503"},{"date" => "2024-01-02T15:38:07","version" => "5.503"},{"date" => "2024-01-08T18:22:18","version" => "5.503"},{"date" => "2024-01-25T16:28:54","version" => "5.503"},{"date" => "2024-02-06T20:49:02","version" => "5.503"},{"date" => "2024-04-24T15:36:43","version" => "5.515"},{"date" => "2026-02-10T17:09:42","version" => "5.516"},{"date" => "2026-02-11T02:54:45","version" => "5.517"}]},"MT" => {"advisories" => [{"affected_versions" => [">=4.20,<=4.38"],"cves" => ["CVE-2013-0209"],"description" => "lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2013-0209","references" => ["http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt","http://www.movabletype.org/2013/01/movable_type_438_patch.html","http://openwall.com/lists/oss-security/2013/01/22/3","http://www.sec-1.com/blog/?p=402"],"reported" => "2013-01-23","severity" => undef},{"affected_versions" => [">=7,<=7.9.4",">=6,<=6.8.6",">=4,<=5"],"cves" => ["CVE-2022-38078"],"description" => "Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.\n","distribution" => "MT","fixed_versions" => [">=7.9.5",">=6.8.7,<7"],"id" => "CPANSA-MT-2022-38078","references" => ["https://movabletype.org/news/2022/08/mt-795-687-released.html","https://jvn.jp/en/jp/JVN57728859/index.html"],"reported" => "2022-08-24","severity" => "critical"},{"affected_versions" => [">=7,<=7.8.1",">=6,<=6.8.2","<6"],"cves" => ["CVE-2021-20837"],"description" => "Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20837","references" => ["https://jvn.jp/en/jp/JVN41119755/index.html","https://movabletype.org/news/2021/10/mt-782-683-released.html","http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html","http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"],"reported" => "2021-10-26","severity" => "critical"},{"affected_versions" => [">=7,<7.8.0"],"cves" => ["CVE-2021-20814"],"description" => "Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20814","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0"],"cves" => ["CVE-2021-20813"],"description" => "Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20813","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20815"],"description" => "Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20815","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20811"],"description" => "Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20811","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20810"],"description" => "Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20810","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20809"],"description" => "Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20809","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => [">=7,<7.8.0",">=6,<=6.8.0"],"cves" => ["CVE-2021-20808"],"description" => "Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20808","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => ["<=1.37"],"cves" => ["CVE-2020-5669"],"description" => "Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5669","references" => ["https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html","https://jvn.jp/en/jp/JVN94245475/index.html"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5577"],"description" => "Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5577","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "high"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5576"],"description" => "Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5576","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "high"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5575"],"description" => "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5575","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "medium"},{"affected_versions" => [">=7,<7.2.1",">=6,<=6.5.3"],"cves" => ["CVE-2020-5574"],"description" => "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5574","references" => ["https://jvn.jp/en/jp/JVN28806943/index.html","https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"],"reported" => "2020-05-14","severity" => "medium"},{"affected_versions" => [">=7,<7.1.4",">=6,<=6.5.2"],"cves" => ["CVE-2020-5528"],"description" => "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2020-5528","references" => ["https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html","http://jvn.jp/en/jp/JVN94435544/index.html"],"reported" => "2020-02-06","severity" => "medium"},{"affected_versions" => [">=7,<7.1.3",">=6.5.0,<=6.5.1",">=6,<=6.3.9"],"cves" => ["CVE-2019-6025"],"description" => "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2019-6025","references" => ["https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html","http://jvn.jp/en/jp/JVN65280626/index.html"],"reported" => "2019-12-26","severity" => "medium"},{"affected_versions" => ["==6.3.1"],"cves" => ["CVE-2018-0672"],"description" => "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2018-0672","references" => ["http://jvn.jp/en/jp/JVN89550319/index.html"],"reported" => "2018-09-04","severity" => "medium"},{"affected_versions" => [">=6.0.0,<6.1.3",">=6.2.0,<6.2.6","<5.2.13"],"cves" => ["CVE-2016-5742"],"description" => "SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2016-5742","references" => ["https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html","http://www.openwall.com/lists/oss-security/2016/06/22/6","http://www.openwall.com/lists/oss-security/2016/06/22/5","http://www.openwall.com/lists/oss-security/2016/06/22/3","http://www.securitytracker.com/id/1036160"],"reported" => "2017-01-23","severity" => "critical"},{"affected_versions" => ["<5.2.12",">=6.0.0,<=6.0.7"],"cves" => ["CVE-2015-1592"],"description" => "Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2015-1592","references" => ["https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html","http://www.securityfocus.com/bid/72606","http://www.openwall.com/lists/oss-security/2015/02/12/17","http://www.openwall.com/lists/oss-security/2015/02/12/2","https://www.debian.org/security/2015/dsa-3183","http://www.securitytracker.com/id/1031777","https://exchange.xforce.ibmcloud.com/vulnerabilities/100912"],"reported" => "2015-02-19","severity" => undef},{"affected_versions" => ["<5.18",">=5.2.0,<5.2.11",">=6,<6.0.6"],"cves" => ["CVE-2014-9057"],"description" => "SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2014-9057","references" => ["https://movabletype.org/news/2014/12/6.0.6.html","https://movabletype.org/documentation/appendices/release-notes/6.0.6.html","http://secunia.com/advisories/61227","https://www.debian.org/security/2015/dsa-3183"],"reported" => "2014-12-16","severity" => undef},{"affected_versions" => ["<5.2.6"],"cves" => ["CVE-2013-2184"],"description" => "Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2013-2184","references" => ["https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html","http://www.debian.org/security/2015/dsa-3183","http://seclists.org/oss-sec/2013/q2/568","http://seclists.org/oss-sec/2013/q2/560"],"reported" => "2015-03-27","severity" => undef},{"affected_versions" => ["==5.13"],"cves" => ["CVE-2012-1503"],"description" => "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-1503","references" => ["http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html","http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html","http://www.exploit-db.com/exploits/22151","http://osvdb.org/show/osvdb/86729","http://www.securityfocus.com/bid/56160","https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"],"reported" => "2014-08-29","severity" => undef},{"affected_versions" => ["<4.38",">=5,<5.07",">=5.10,<5.13"],"cves" => ["CVE-2012-0320"],"description" => "Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-0320","references" => ["http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html","http://www.movabletype.org/documentation/appendices/release-notes/513.html","http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018","http://jvn.jp/en/jp/JVN20083397/index.html","http://www.securitytracker.com/id?1026738","http://www.securityfocus.com/bid/52138","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-03-03","severity" => undef},{"affected_versions" => ["<4.38",">=5,<5.07",">=5.10,<5.13"],"cves" => ["CVE-2012-0317"],"description" => "Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2012-0317","references" => ["http://jvn.jp/en/jp/JVN70683217/index.html","http://www.movabletype.org/documentation/appendices/release-notes/513.html","http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html","http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015","http://www.securitytracker.com/id?1026738","http://www.securityfocus.com/bid/52138","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-03-03","severity" => undef},{"affected_versions" => [">=4,<4.36",">=5,<5.05"],"cves" => ["CVE-2011-5085"],"description" => "Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2011-5085","references" => ["http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-04-02","severity" => undef},{"affected_versions" => [">=4,<4.36",">=5,<5.05"],"cves" => ["CVE-2011-5084"],"description" => "Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2011-5084","references" => ["http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html","http://www.debian.org/security/2012/dsa-2423"],"reported" => "2012-04-02","severity" => undef},{"affected_versions" => [">=5.0,<=5.01"],"cves" => ["CVE-2010-1985"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2010-1985","references" => ["http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html","http://www.movabletype.com/blog/2010/05/movable-type-502.html","http://www.vupen.com/english/advisories/2010/1136","http://secunia.com/advisories/39741","http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html","http://jvn.jp/en/jp/JVN92854093/index.html"],"reported" => "2010-05-19","severity" => undef},{"affected_versions" => ["<4.261"],"cves" => ["CVE-2009-2492"],"description" => "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-2492","references" => ["http://jvn.jp/en/jp/JVN86472161/index.html","http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html","http://www.vupen.com/english/advisories/2009/1668","http://secunia.com/advisories/35534","http://www.securityfocus.com/bid/35885"],"reported" => "2009-07-17","severity" => undef},{"affected_versions" => ["<4.261"],"cves" => ["CVE-2009-2481"],"description" => "mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-2481","references" => ["http://jvn.jp/en/jp/JVN08369659/index.html","http://www.vupen.com/english/advisories/2009/1668","http://www.securityfocus.com/bid/35471","http://secunia.com/advisories/35534","http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/51330"],"reported" => "2009-07-16","severity" => undef},{"affected_versions" => ["<4.24"],"cves" => ["CVE-2009-0752"],"description" => "Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2009-0752","references" => ["http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html"],"reported" => "2009-03-03","severity" => undef},{"affected_versions" => ["<4.23"],"cves" => ["CVE-2008-5846"],"description" => "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\"\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5846","references" => ["http://www.movabletype.org/mt_423_change_log.html","http://www.securityfocus.com/bid/33133","https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"],"reported" => "2009-01-05","severity" => undef},{"affected_versions" => ["<4.23"],"cves" => ["CVE-2008-5845"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5845","references" => ["http://www.movabletype.org/mt_423_change_log.html","http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html","http://jvn.jp/en/jp/JVN45658190/index.html"],"reported" => "2009-01-05","severity" => undef},{"affected_versions" => [">=3,<=3.38",">=4,<4.23"],"cves" => ["CVE-2008-5808"],"description" => "Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to \"application management.\"\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2008-5808","references" => ["http://secunia.com/advisories/32935","http://www.securityfocus.com/bid/32604","http://jvn.jp/en/jp/JVN02216739/index.html","http://www.movabletype.jp/blog/_movable_type_423.html","http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/47019"],"reported" => "2009-01-02","severity" => undef},{"affected_versions" => [">=7,<=7.7.1"],"cves" => ["CVE-2021-20812"],"description" => "Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2021-20812","references" => ["https://movabletype.org/news/2021/08/mt-780-681-released.html","https://jvn.jp/en/jp/JVN97545738/index.html"],"reported" => "2021-08-26","severity" => "medium"},{"affected_versions" => ["<=7"],"cves" => ["CVE-2022-43660"],"description" => "Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.\n","distribution" => "MT","fixed_versions" => [],"id" => "CPANSA-MT-2022-43660","references" => ["https://movabletype.org/news/2022/11/mt-796-688-released.html","https://jvn.jp/en/jp/JVN37014768/index.html"],"reported" => "2022-12-07","severity" => undef}],"main_module" => "","versions" => []},"Mail-Audit" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2005-4536"],"description" => "Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.\n","distribution" => "Mail-Audit","fixed_versions" => [],"id" => "CPANSA-Mail-Audit-2005-4536","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029","http://www.debian.org/security/2006/dsa-960","http://secunia.com/advisories/18652","http://secunia.com/advisories/18656","http://www.securityfocus.com/bid/16434","http://www.vupen.com/english/advisories/2006/0378","https://exchange.xforce.ibmcloud.com/vulnerabilities/24380"],"reported" => "2005-12-31","severity" => undef}],"main_module" => "Mail::Audit","versions" => [{"date" => "2000-03-25T11:22:17","version" => "1.0"},{"date" => "2000-06-17T08:03:59","version" => "1.1"},{"date" => "2000-06-17T10:56:28","version" => "1.2"},{"date" => "2000-06-17T11:13:20","version" => "1.3"},{"date" => "2001-01-04T20:17:04","version" => "1.4"},{"date" => "2001-01-07T14:23:39","version" => "1.5"},{"date" => "2001-01-13T22:45:20","version" => "1.6"},{"date" => "2001-01-27T11:31:56","version" => "1.7"},{"date" => "2001-02-12T16:34:27","version" => "1.8"},{"date" => "2001-03-21T21:35:00","version" => "1.9"},{"date" => "2001-04-23T15:45:51","version" => "1.10"},{"date" => "2001-05-16T23:20:35","version" => "1.11"},{"date" => "2001-12-10T21:02:24","version" => "2.0"},{"date" => "2002-03-04T19:59:38","version" => "2.1"},{"date" => "2006-05-27T01:36:59","version" => "2.200_01"},{"date" => "2006-05-31T01:58:52","version" => "2.200_02"},{"date" => "2006-06-02T02:17:31","version" => "2.200_03"},{"date" => "2006-06-04T20:18:18","version" => "2.200_04"},{"date" => "2006-06-05T03:39:12","version" => "2.200_05"},{"date" => "2006-07-16T21:50:04","version" => "2.201"},{"date" => "2006-07-21T12:18:37","version" => "2.202"},{"date" => "2006-07-22T00:53:55","version" => "2.203"},{"date" => "2006-09-19T11:26:30","version" => "2.210"},{"date" => "2006-09-19T11:38:19","version" => "2.211"},{"date" => "2006-10-31T15:24:49","version" => "2.212"},{"date" => "2007-02-15T17:05:02","version" => "2.213"},{"date" => "2007-02-15T19:32:24","version" => "2.214"},{"date" => "2007-02-19T21:14:15","version" => "2.215"},{"date" => "2007-02-27T01:52:17","version" => "2.216"},{"date" => "2007-03-05T17:16:08","version" => "2.217"},{"date" => "2007-03-06T16:24:21","version" => "2.218"},{"date" => "2007-06-14T22:28:51","version" => "2.219"},{"date" => "2007-07-14T19:04:32","version" => "2.220"},{"date" => "2007-09-17T13:26:24","version" => "2.221"},{"date" => "2007-11-02T03:23:46","version" => "2.222"},{"date" => "2008-04-17T20:32:32","version" => "2.223"},{"date" => "2009-09-18T17:22:37","version" => "2.224"},{"date" => "2009-11-23T19:27:24","version" => "2.225"},{"date" => "2011-11-11T16:37:46","version" => "2.226"},{"date" => "2011-11-14T19:21:44","version" => "2.227"},{"date" => "2013-09-29T01:21:47","version" => "2.228"}]},"MailTools" => {"advisories" => [{"affected_versions" => ["<1.51"],"cves" => ["CVE-2002-1271"],"description" => "The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.\n","distribution" => "MailTools","fixed_versions" => [">=1.51"],"id" => "CPANSA-Mail-Mailer-2002-1271","references" => ["http://www.iss.net/security_center/static/10548.php","http://www.debian.org/security/2003/dsa-386","http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php","http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html","http://www.securityfocus.com/bid/6104","http://marc.info/?l=bugtraq&m=103659723101369&w=2","http://marc.info/?l=bugtraq&m=103679569705086&w=2"],"reported" => "2002-11-12","severity" => undef}],"main_module" => "MailTools","versions" => [{"date" => "1995-10-21T04:25:33","version" => "1.03"},{"date" => "1995-11-21T11:54:38","version" => "1.04"},{"date" => "1996-08-13T09:42:17","version" => "1.06"},{"date" => "1997-01-02T10:39:44","version" => "1.07"},{"date" => "1997-01-07T13:38:49","version" => "1.08"},{"date" => "1997-02-24T09:04:31","version" => "1.09"},{"date" => "1997-11-13T02:23:35","version" => "1.10"},{"date" => "1997-11-16T16:16:12","version" => "1.1001"},{"date" => "1997-11-18T01:49:48","version" => "1.1002"},{"date" => "1997-11-26T02:32:07","version" => "1.1003"},{"date" => "1998-01-03T03:56:45","version" => "1.11"},{"date" => "1998-09-26T14:47:35","version" => "1.12"},{"date" => "1999-03-31T17:45:02","version" => "1.13"},{"date" => "2000-03-29T12:35:40","version" => "1.14"},{"date" => "2000-04-14T10:53:46","version" => "1.1401"},{"date" => "2000-09-04T14:01:06","version" => "1.15"},{"date" => "2001-08-08T09:13:27","version" => "1.16"},{"date" => "2001-08-24T18:19:52","version" => "1.40"},{"date" => "2001-11-14T10:36:58","version" => "1.41"},{"date" => "2001-12-10T18:28:08","version" => "1.42"},{"date" => "2002-02-08T09:41:37","version" => "1.43"},{"date" => "2002-03-23T09:36:15","version" => "1.44"},{"date" => "2002-05-23T08:17:57","version" => "1.45"},{"date" => "2002-05-29T13:09:54","version" => "1.46"},{"date" => "2002-07-05T10:03:43","version" => "1.47"},{"date" => "2002-08-07T21:07:03","version" => "1.48"},{"date" => "2002-08-28T06:38:30","version" => "1.49"},{"date" => "2002-09-03T22:35:45","version" => "1.50"},{"date" => "2002-10-29T13:24:48","version" => "1.51"},{"date" => "2002-11-29T12:50:47","version" => "1.52"},{"date" => "2002-12-09T16:47:38","version" => "1.53"},{"date" => "2003-01-06T07:02:35","version" => "1.54"},{"date" => "2003-01-06T07:07:36","version" => "1.55"},{"date" => "2003-01-06T16:16:54","version" => "1.56"},{"date" => "2003-01-14T08:49:45","version" => "1.57"},{"date" => "2003-01-14T13:45:20","version" => "1.58"},{"date" => "2003-08-13T06:16:07","version" => "1.59"},{"date" => "2003-09-24T07:21:11","version" => "1.60"},{"date" => "2004-03-10T09:55:12","version" => "1.61"},{"date" => "2004-03-24T12:32:28","version" => "1.62"},{"date" => "2004-08-16T15:30:07","version" => "1.63"},{"date" => "2004-08-17T20:26:08","version" => "1.64"},{"date" => "2004-11-24T15:05:58","version" => "1.65"},{"date" => "2005-01-20T09:18:51","version" => "1.66"},{"date" => "2005-03-31T10:07:53","version" => "1.67"},{"date" => "2006-01-05T09:33:09","version" => "1.68"},{"date" => "2006-01-05T10:19:56","version" => "1.70"},{"date" => "2006-01-05T10:22:10","version" => "1.71"},{"date" => "2006-01-17T08:11:53","version" => "1.72"},{"date" => "2006-01-21T08:58:00","version" => "1.73"},{"date" => "2006-02-28T07:44:59","version" => "1.74"},{"date" => "2007-04-10T07:27:15","version" => "1.76"},{"date" => "2007-05-11T12:17:49","version" => "1.77"},{"date" => "2007-06-20T12:42:21","version" => "2.00_01"},{"date" => "2007-07-21T10:31:51","version" => "2.00_02"},{"date" => "2007-09-25T10:30:00","version" => "2.00_03"},{"date" => "2007-11-28T09:50:07","version" => "2.01"},{"date" => "2007-11-30T09:00:20","version" => "2.02"},{"date" => "2008-04-14T09:14:48","version" => "2.03"},{"date" => "2008-07-29T09:46:50","version" => "2.04"},{"date" => "2009-12-18T22:01:23","version" => "2.05"},{"date" => "2010-01-26T09:04:49","version" => "2.06"},{"date" => "2010-10-01T10:39:38","version" => "2.07"},{"date" => "2011-06-01T11:56:43","version" => "2.08"},{"date" => "2012-02-25T13:51:23","version" => "2.09"},{"date" => "2012-08-28T08:28:08","version" => "2.10"},{"date" => "2012-08-29T07:13:34","version" => "2.11"},{"date" => "2012-12-21T11:27:10","version" => "2.12"},{"date" => "2014-01-05T18:36:21","version" => "2.13"},{"date" => "2014-11-21T16:15:46","version" => "2.14"},{"date" => "2016-04-18T12:11:57","version" => "2.15"},{"date" => "2016-04-18T16:00:17","version" => "2.16"},{"date" => "2016-05-11T15:27:31","version" => "2.17"},{"date" => "2016-05-18T21:54:30","version" => "2.18"},{"date" => "2017-08-22T11:37:34","version" => "2.19"},{"date" => "2018-01-23T12:52:56","version" => "2.20"},{"date" => "2019-05-21T14:28:18","version" => "2.21"},{"date" => "2024-11-18T10:23:29","version" => "2.22"}]},"MarpaX-ESLIF" => {"advisories" => [{"affected_versions" => [">=4.0.0,<6.0.23"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"},{"affected_versions" => [">=2.0.10,<4.0.0"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"},{"affected_versions" => [">=1.053,<2.0.10"],"cves" => ["CVE-2019-20454"],"description" => "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.\n","distribution" => "MarpaX-ESLIF","fixed_versions" => [],"id" => "CPANSA-MarpaX-ESLIF-2019-20454-libpcre2","references" => ["https://bugs.php.net/bug.php?id=78338","https://bugs.exim.org/show_bug.cgi?id=2421","https://bugzilla.redhat.com/show_bug.cgi?id=1735494","https://vcs.pcre.org/pcre2?view=revision&revision=1092","https://security.gentoo.org/glsa/202006-16","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"],"reported" => "2020-02-14","severity" => "high"}],"main_module" => "MarpaX::ESLIF","versions" => [{"date" => "2017-03-26T10:57:12","version" => "1.0.43"},{"date" => "2017-03-28T18:31:33","version" => "1.0.47"},{"date" => "2017-03-29T04:21:35","version" => "1.0.48"},{"date" => "2017-03-29T18:37:45","version" => "1.0.49"},{"date" => "2017-04-02T10:33:46","version" => "1.0.50"},{"date" => "2017-04-03T19:05:28","version" => "1.0.51"},{"date" => "2017-04-13T17:35:13","version" => "1.0.52"},{"date" => "2017-04-14T07:43:59","version" => "1.0.53"},{"date" => "2017-04-29T19:13:38","version" => "2.0.1"},{"date" => "2017-05-05T23:23:22","version" => "2.0.3"},{"date" => "2017-05-07T07:40:42","version" => "2.0.4"},{"date" => "2017-05-10T05:42:35","version" => "2.0.5"},{"date" => "2017-05-10T18:16:00","version" => "2.0.6"},{"date" => "2017-05-10T19:36:06","version" => "2.0.7"},{"date" => "2017-05-10T19:56:35","version" => "2.0.8"},{"date" => "2017-05-11T19:06:11","version" => "2.0.9"},{"date" => "2017-05-12T18:52:12","version" => "2.0.10"},{"date" => "2017-05-13T22:39:09","version" => "2.0.11"},{"date" => "2017-05-31T17:51:29","version" => "2.0.12"},{"date" => "2017-05-31T19:34:51","version" => "2.0.13"},{"date" => "2017-06-27T05:59:02","version" => "2.0.14"},{"date" => "2017-08-14T05:56:46","version" => "2.0.15"},{"date" => "2017-08-14T19:28:19","version" => "2.0.16"},{"date" => "2017-10-20T19:44:53","version" => "2.0.17"},{"date" => "2017-10-25T03:57:11","version" => "2.0.18"},{"date" => "2017-10-25T04:49:24","version" => "2.0.19"},{"date" => "2017-10-28T05:10:19","version" => "2.0.20"},{"date" => "2017-10-29T19:48:03","version" => "2.0.21"},{"date" => "2017-10-30T03:49:16","version" => "2.0.22"},{"date" => "2017-11-04T07:23:55","version" => "2.0.23"},{"date" => "2017-12-27T15:06:03","version" => "2.0.30"},{"date" => "2017-12-31T19:08:47","version" => "2.0.31"},{"date" => "2018-01-19T04:10:03","version" => "2.0.32"},{"date" => "2018-01-25T16:13:07","version" => "2.0.33"},{"date" => "2018-01-30T06:38:42","version" => "2.0.34"},{"date" => "2018-02-21T07:14:12","version" => "2.0.36"},{"date" => "2018-02-25T11:50:02","version" => "2.0.37"},{"date" => "2018-02-25T11:59:32","version" => "2.0.38"},{"date" => "2018-03-12T18:34:09","version" => "2.0.39"},{"date" => "2018-03-13T18:06:17","version" => "2.0.40"},{"date" => "2018-03-15T04:09:56","version" => "2.0.41"},{"date" => "2018-03-21T06:39:42","version" => "2.0.42"},{"date" => "2018-04-04T05:39:12","version" => "2.0.43"},{"date" => "2019-04-07T10:41:47","version" => "3.0.1"},{"date" => "2019-04-07T14:13:23","version" => "3.0.2"},{"date" => "2019-04-07T17:44:04","version" => "3.0.3"},{"date" => "2019-04-10T05:00:51","version" => "3.0.4"},{"date" => "2019-04-11T04:06:12","version" => "3.0.5"},{"date" => "2019-04-11T17:28:27","version" => "3.0.6"},{"date" => "2019-04-13T14:07:12","version" => "3.0.7"},{"date" => "2019-04-14T11:09:19","version" => "3.0.8"},{"date" => "2019-04-18T05:23:29","version" => "3.0.9"},{"date" => "2019-05-12T05:55:11","version" => "3.0.10"},{"date" => "2019-06-09T13:40:40","version" => "3.0.11"},{"date" => "2019-06-13T19:54:54","version" => "3.0.12"},{"date" => "2019-07-21T04:54:47","version" => "3.0.13"},{"date" => "2019-07-22T04:57:08","version" => "3.0.14"},{"date" => "2019-08-03T04:52:02","version" => "3.0.15"},{"date" => "2019-08-04T08:28:03","version" => "3.0.16"},{"date" => "2019-08-08T04:53:38","version" => "3.0.17"},{"date" => "2019-08-28T05:42:34","version" => "3.0.18"},{"date" => "2019-10-13T08:57:33","version" => "3.0.19"},{"date" => "2019-11-17T17:16:55","version" => "3.0.27"},{"date" => "2019-11-17T18:55:54","version" => "3.0.28"},{"date" => "2019-11-21T05:15:21","version" => "3.0.29"},{"date" => "2020-02-22T09:35:43","version" => "3.0.30"},{"date" => "2020-03-02T06:30:41","version" => "3.0.31"},{"date" => "2020-03-03T05:55:13","version" => "3.0.32"},{"date" => "2020-08-14T04:24:47","version" => "4.0.1"},{"date" => "2021-02-09T17:59:43","version" => "5.0.2"},{"date" => "2021-02-10T04:34:01","version" => "5.0.3"},{"date" => "2021-02-10T19:53:29","version" => "5.0.4"},{"date" => "2021-02-11T07:57:27","version" => "5.0.5"},{"date" => "2021-02-13T13:28:54","version" => "5.0.6"},{"date" => "2021-02-14T15:08:27","version" => "5.0.7"},{"date" => "2021-12-05T11:06:06","version" => "6.0.1"},{"date" => "2021-12-12T15:19:09","version" => "6.0.2"},{"date" => "2021-12-13T01:55:29","version" => "6.0.3"},{"date" => "2021-12-13T03:36:47","version" => "6.0.4"},{"date" => "2021-12-15T07:27:24","version" => "6.0.5"},{"date" => "2021-12-22T06:41:38","version" => "6.0.6"},{"date" => "2021-12-23T05:42:39","version" => "6.0.7"},{"date" => "2021-12-24T06:34:17","version" => "6.0.8"},{"date" => "2022-01-01T08:41:06","version" => "6.0.9"},{"date" => "2022-01-02T06:02:38","version" => "6.0.10"},{"date" => "2022-01-10T05:16:06","version" => "6.0.11"},{"date" => "2022-01-17T08:02:35","version" => "6.0.12"},{"date" => "2022-01-18T06:17:30","version" => "6.0.13"},{"date" => "2022-02-25T08:38:59","version" => "6.0.14"},{"date" => "2022-03-06T13:53:19","version" => "6.0.15"},{"date" => "2022-03-29T05:40:00","version" => "6.0.16"},{"date" => "2022-05-01T08:08:14","version" => "6.0.17"},{"date" => "2022-05-02T05:46:40","version" => "6.0.18"},{"date" => "2022-05-04T04:41:47","version" => "6.0.19"},{"date" => "2022-05-10T04:49:43","version" => "6.0.20"},{"date" => "2022-05-15T06:21:08","version" => "6.0.21"},{"date" => "2022-05-20T06:08:02","version" => "6.0.22"},{"date" => "2022-06-15T07:10:22","version" => "6.0.23"},{"date" => "2022-06-16T04:18:25","version" => "6.0.24"},{"date" => "2022-08-05T07:14:05","version" => "6.0.25"},{"date" => "2022-09-15T05:20:07","version" => "6.0.26"},{"date" => "2022-09-25T09:36:30","version" => "6.0.27"},{"date" => "2023-01-08T19:11:51","version" => "6.0.28"},{"date" => "2023-01-14T16:31:10","version" => "6.0.29"},{"date" => "2023-02-14T06:31:07","version" => "6.0.30"},{"date" => "2023-02-14T07:31:33","version" => "6.0.31"},{"date" => "2024-02-20T07:12:44","version" => "6.0.33"},{"date" => "2024-02-22T02:15:03","version" => "6.0.33.1"},{"date" => "2024-02-22T07:23:31","version" => "6.0.33.2"},{"date" => "2024-02-23T00:35:01","version" => "6.0.33.3"},{"date" => "2024-03-01T06:11:32","version" => "6.0.33.4"},{"date" => "2024-04-16T04:53:42","version" => "6.0.35.1"}]},"Maypole" => {"advisories" => [{"affected_versions" => [">=2.10"],"cves" => ["CVE-2025-15578"],"description" => "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.","distribution" => "Maypole","fixed_versions" => [],"id" => "CPANSA-Maypole-2025-15578","references" => ["https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43"],"reported" => "2026-02-16","severity" => undef}],"main_module" => "Maypole","versions" => [{"date" => "2004-02-11T17:41:55","version" => "1.0"},{"date" => "2004-02-25T10:32:37","version" => "1.1"},{"date" => "2004-03-25T12:42:17","version" => "1.2"},{"date" => "2004-03-26T19:19:58","version" => "1.3"},{"date" => "2004-04-16T17:18:54","version" => "1.4"},{"date" => "2004-06-21T13:43:06","version" => "1.5"},{"date" => "2004-07-16T22:54:54","version" => "1.6"},{"date" => "2004-07-17T19:17:16","version" => "1.7"},{"date" => "2004-10-18T08:10:24","version" => "1.99_01"},{"date" => "2004-10-23T19:10:22","version" => "2.0"},{"date" => "2004-10-24T13:04:49","version" => "2.01"},{"date" => "2004-10-25T12:10:08","version" => "2.02"},{"date" => "2004-10-26T14:17:44","version" => "2.03"},{"date" => "2004-10-28T13:53:40","version" => "2.04"},{"date" => "2004-12-24T04:01:58","version" => "2.05"},{"date" => "2004-12-29T01:41:17","version" => "2.06"},{"date" => "2005-01-24T20:48:15","version" => "2.08"},{"date" => "2005-01-25T23:04:10","version" => "2.09"},{"date" => "2005-07-05T18:37:34","version" => "2.10_pre1"},{"date" => "2005-07-08T19:16:47","version" => "2.10_pre2"},{"date" => "2005-07-08T19:23:54","version" => "2.10_pre2a"},{"date" => "2005-07-12T20:29:09","version" => "2.10_pre3"},{"date" => "2005-07-19T18:29:26","version" => "2.10"},{"date" => "2006-04-14T09:53:11","version" => "2.11_pre1"},{"date" => "2006-04-25T13:31:05","version" => "2.11_pre2"},{"date" => "2006-05-03T15:10:36","version" => "2.11_pre3"},{"date" => "2006-07-17T10:20:10","version" => "2.11_pre4"},{"date" => "2006-07-20T12:14:28","version" => "2.11_pre5"},{"date" => "2006-07-31T19:06:36","version" => "2.11"},{"date" => "2007-06-02T15:03:39","version" => "2.111"},{"date" => "2007-06-22T11:40:46","version" => "2.12"},{"date" => "2007-08-29T13:00:02","version" => "2.121"},{"date" => "2008-04-18T10:27:38","version" => "2.13"}]},"Mite" => {"advisories" => [{"affected_versions" => ["<0.013000"],"cves" => ["CVE-2025-30672"],"description" => "Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the \@INC path similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be  loaded instead of the intended file, potentially leading to arbitrary  code execution.  This affects the Mite distribution itself, and other distributions that contain code generated by Mite.","distribution" => "Mite","fixed_versions" => [">=0.013000"],"id" => "CPANSA-Mite-2025-30672","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/release/TOBYINK/Mite-0.013000/changes","https://perldoc.perl.org/perlrun#PERL_USE_UNSAFE_INC","https://wiki.gentoo.org/wiki/Project:Perl/Dot-In-INC-Removal"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Mite","versions" => [{"date" => "2014-07-29T21:10:24","version" => "v0.0.1"},{"date" => "2022-06-21T17:04:26","version" => "v0.0.2"},{"date" => "2022-06-21T20:35:06","version" => "v0.0.3"},{"date" => "2022-06-22T01:18:18","version" => "v0.0.4"},{"date" => "2022-06-22T12:41:26","version" => "v0.0.5"},{"date" => "2022-06-23T13:34:32","version" => "v0.0.6"},{"date" => "2022-06-23T19:39:49","version" => "v0.0.7"},{"date" => "2022-06-24T12:23:18","version" => "v0.0.8"},{"date" => "2022-06-28T12:54:37","version" => "v0.0.9"},{"date" => "2022-06-28T16:33:12","version" => "0.001000"},{"date" => "2022-06-28T23:23:27","version" => "0.001001"},{"date" => "2022-06-29T00:14:33","version" => "0.001002"},{"date" => "2022-06-29T00:23:14","version" => "0.001003"},{"date" => "2022-06-29T09:48:18","version" => "0.001004"},{"date" => "2022-06-29T10:47:18","version" => "0.001005"},{"date" => "2022-06-29T13:26:40","version" => "0.001006"},{"date" => "2022-06-29T15:01:20","version" => "0.001007"},{"date" => "2022-06-29T17:18:46","version" => "0.001008"},{"date" => "2022-06-29T17:24:52","version" => "0.001009"},{"date" => "2022-06-29T22:02:50","version" => "0.001010"},{"date" => "2022-06-29T23:15:21","version" => "0.001011"},{"date" => "2022-06-30T13:09:55","version" => "0.001012"},{"date" => "2022-06-30T20:52:53","version" => "0.001013"},{"date" => "2022-07-01T16:08:26","version" => "0.002000"},{"date" => "2022-07-01T17:12:53","version" => "0.002001"},{"date" => "2022-07-01T20:55:40","version" => "0.002002"},{"date" => "2022-07-02T19:31:17","version" => "0.002003"},{"date" => "2022-07-02T23:37:00","version" => "0.002004"},{"date" => "2022-07-03T08:50:07","version" => "0.003000"},{"date" => "2022-07-03T11:21:56","version" => "0.003001"},{"date" => "2022-07-04T20:27:47","version" => "0.004000"},{"date" => "2022-07-05T18:08:58","version" => "0.005000"},{"date" => "2022-07-06T13:32:59","version" => "0.005001"},{"date" => "2022-07-07T08:21:36","version" => "0.005002"},{"date" => "2022-07-08T12:14:54","version" => "0.005003"},{"date" => "2022-07-08T21:28:24","version" => "0.005004"},{"date" => "2022-07-09T16:14:35","version" => "0.006000"},{"date" => "2022-07-09T18:08:05","version" => "0.006001"},{"date" => "2022-07-10T10:32:50","version" => "0.006002"},{"date" => "2022-07-10T10:36:37","version" => "0.006003"},{"date" => "2022-07-10T11:56:49","version" => "0.006004"},{"date" => "2022-07-10T16:37:45","version" => "0.006005"},{"date" => "2022-07-10T19:55:04","version" => "0.006006"},{"date" => "2022-07-11T08:10:46","version" => "0.006007"},{"date" => "2022-07-11T13:14:24","version" => "0.006008"},{"date" => "2022-07-11T20:17:03","version" => "0.006009"},{"date" => "2022-07-12T12:19:49","version" => "0.006010"},{"date" => "2022-07-12T13:45:58","version" => "0.006011"},{"date" => "2022-07-13T12:26:42","version" => "0.006012"},{"date" => "2022-07-14T20:44:28","version" => "0.006013"},{"date" => "2022-07-16T23:12:32","version" => "0.007000"},{"date" => "2022-07-17T08:15:25","version" => "0.007001"},{"date" => "2022-07-17T08:57:45","version" => "0.007002"},{"date" => "2022-07-17T11:24:15","version" => "0.007003"},{"date" => "2022-07-20T09:23:13","version" => "0.007004"},{"date" => "2022-07-21T13:07:18","version" => "0.007005"},{"date" => "2022-07-21T20:44:59","version" => "0.007006"},{"date" => "2022-08-01T16:50:24","version" => "0.008000"},{"date" => "2022-08-03T14:18:10","version" => "0.008001"},{"date" => "2022-08-03T16:55:42","version" => "0.008002"},{"date" => "2022-08-04T23:53:31","version" => "0.008003"},{"date" => "2022-08-07T16:16:40","version" => "0.009000"},{"date" => "2022-08-08T12:49:01","version" => "0.009001"},{"date" => "2022-08-08T16:16:56","version" => "0.009002"},{"date" => "2022-08-08T18:19:51","version" => "0.009003"},{"date" => "2022-08-09T18:41:15","version" => "0.010000"},{"date" => "2022-08-09T21:40:29","version" => "0.010001"},{"date" => "2022-08-12T10:21:24","version" => "0.010002"},{"date" => "2022-08-12T15:46:11","version" => "0.010003"},{"date" => "2022-08-13T08:14:34","version" => "0.010004"},{"date" => "2022-08-13T13:06:05","version" => "0.010005"},{"date" => "2022-08-14T13:54:50","version" => "0.010006"},{"date" => "2022-08-14T14:03:09","version" => "0.010007"},{"date" => "2022-08-15T14:16:11","version" => "0.010008"},{"date" => "2022-11-09T15:20:39","version" => "0.011000"},{"date" => "2022-12-12T20:44:49","version" => "0.012000"},{"date" => "2025-03-31T10:59:29","version" => "0.013000"}]},"Module-Load-Conditional" => {"advisories" => [{"affected_versions" => ["<0.66"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Module-Load-Conditional","fixed_versions" => [">=0.66"],"id" => "CPANSA-Module-Load-Conditional-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Module::Load::Conditional","versions" => [{"date" => "2003-05-10T16:59:45","version" => "0.02"},{"date" => "2003-05-31T12:30:25","version" => "0.03"},{"date" => "2003-10-05T15:11:11","version" => "0.04"},{"date" => "2004-05-22T14:34:33","version" => "0.05"},{"date" => "2004-12-03T15:53:27","version" => "0.06"},{"date" => "2005-01-13T18:59:45","version" => "0.07"},{"date" => "2005-01-14T17:32:34","version" => "0.08"},{"date" => "2006-08-01T20:05:30","version" => "0.10"},{"date" => "2006-08-13T13:08:40","version" => "0.12"},{"date" => "2007-01-03T17:38:46","version" => "0.14"},{"date" => "2007-01-25T21:40:29","version" => "0.16"},{"date" => "2007-09-15T14:20:27","version" => "0.18"},{"date" => "2007-10-03T15:27:25","version" => "0.20"},{"date" => "2007-10-15T08:19:21","version" => "0.22"},{"date" => "2008-01-02T15:57:46","version" => "0.24"},{"date" => "2008-02-29T16:01:59","version" => "0.26"},{"date" => "2008-12-17T12:56:57","version" => "0.28"},{"date" => "2009-01-19T15:56:22","version" => "0.30"},{"date" => "2009-10-23T09:16:58","version" => "0.31_01"},{"date" => "2009-10-23T20:58:24","version" => "0.32"},{"date" => "2009-10-29T09:27:23","version" => "0.34"},{"date" => "2010-02-09T14:20:49","version" => "0.36"},{"date" => "2010-04-23T15:03:33","version" => "0.38"},{"date" => "2011-01-07T22:28:54","version" => "0.40"},{"date" => "2011-02-09T15:29:28","version" => "0.42"},{"date" => "2011-02-09T21:54:40","version" => "0.44"},{"date" => "2011-09-07T23:02:16","version" => "0.46"},{"date" => "2012-03-15T13:58:36","version" => "0.48"},{"date" => "2012-04-27T21:29:11","version" => "0.50"},{"date" => "2012-07-29T09:13:49","version" => "0.52"},{"date" => "2012-08-12T08:13:47","version" => "0.54"},{"date" => "2013-08-29T20:32:38","version" => "0.56"},{"date" => "2013-09-01T10:25:33","version" => "0.58"},{"date" => "2014-01-16T12:31:47","version" => "0.60"},{"date" => "2014-01-24T15:55:28","version" => "0.62"},{"date" => "2015-01-17T13:36:11","version" => "0.64"},{"date" => "2016-07-27T07:37:34","version" => "0.66"},{"date" => "2016-07-29T07:05:40","version" => "0.68"},{"date" => "2019-11-10T14:37:30","version" => "0.70"},{"date" => "2020-06-25T07:23:00","version" => "0.72"},{"date" => "2020-08-21T08:09:10","version" => "0.74"}]},"Module-Metadata" => {"advisories" => [{"affected_versions" => ["<1.000015"],"cves" => ["CVE-2013-1437"],"description" => "Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the \$Version value.\n","distribution" => "Module-Metadata","fixed_versions" => [">=1.000015"],"id" => "CPANSA-Module-Metadata-2013-1437","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html","https://metacpan.org/changes/distribution/Module-Metadata","http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html"],"reported" => "2020-01-28","reviewed_by" => [{"date" => "2022-07-11","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => "critical"}],"main_module" => "Module::Metadata","versions" => [{"date" => "2010-07-06T21:16:54","version" => "1.000000"},{"date" => "2010-07-08T23:56:47","version" => "1.000001"},{"date" => "2010-12-10T17:07:09","version" => "1.000002"},{"date" => "2011-01-07T02:35:06","version" => "1.000003"},{"date" => "2011-02-03T07:55:40","version" => "1.000004"},{"date" => "2011-08-03T01:41:05","version" => "1.000005"},{"date" => "2011-08-29T19:48:33","version" => "1.000006"},{"date" => "2011-09-07T16:01:55","version" => "1.000007"},{"date" => "2012-02-08T03:31:54","version" => "1.000008"},{"date" => "2012-02-08T17:34:49","version" => "1.000009"},{"date" => "2012-07-29T19:21:55","version" => "1.000010"},{"date" => "2012-08-16T00:07:05","version" => "1.000010_001"},{"date" => "2012-08-16T00:15:02","version" => "1.000010_002"},{"date" => "2012-08-16T04:54:55","version" => "1.000010_003"},{"date" => "2012-08-16T19:57:31","version" => "1.000011"},{"date" => "2013-05-05T04:59:03","version" => "1.000012"},{"date" => "2013-05-08T23:00:33","version" => "1.000013"},{"date" => "2013-05-09T09:02:22","version" => "1.000014"},{"date" => "2013-08-21T15:46:56","version" => "1.000015"},{"date" => "2013-08-22T05:59:11","version" => "1.000016"},{"date" => "2013-09-11T01:06:02","version" => "1.000017"},{"date" => "2013-09-11T16:28:24","version" => "1.000018"},{"date" => "2013-10-06T16:50:13","version" => "1.000019"},{"date" => "2014-04-27T20:57:08","version" => "1.000020"},{"date" => "2014-04-29T18:29:51","version" => "1.000021"},{"date" => "2014-04-29T22:06:21","version" => "1.000022"},{"date" => "2014-06-02T02:39:20","version" => "1.000023"},{"date" => "2014-06-03T01:54:30","version" => "1.000024"},{"date" => "2015-01-04T18:57:40","version" => "1.000025"},{"date" => "2015-01-17T19:23:52","version" => "1.000026"},{"date" => "2015-04-11T00:23:53","version" => "1.000027"},{"date" => "2015-09-11T04:25:25","version" => "1.000028"},{"date" => "2015-09-11T16:26:57","version" => "1.000029"},{"date" => "2015-11-20T03:05:34","version" => "1.000030"},{"date" => "2015-11-24T03:59:40","version" => "1.000031"},{"date" => "2016-04-23T22:38:13","version" => "1.000032"},{"date" => "2016-07-24T23:34:48","version" => "1.000033"},{"date" => "2018-07-19T20:31:14","version" => "1.000034"},{"date" => "2019-04-18T02:44:48","version" => "1.000035"},{"date" => "2019-04-18T18:27:14","version" => "1.000036"},{"date" => "2019-09-07T18:34:09","version" => "1.000037"},{"date" => "2023-04-28T11:27:07","version" => "1.000038"},{"date" => "2011-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015002","version" => "1.000005_01"}]},"Module-Provision" => {"advisories" => [{"affected_versions" => ["<0.42.1"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Module-Provision","fixed_versions" => [">=0.42.1"],"id" => "CPANSA-Module-Provision-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Module::Provision","versions" => [{"date" => "2013-04-14T19:20:34","version" => "v0.3.43"},{"date" => "2013-04-15T12:46:30","version" => "v0.3.44"},{"date" => "2013-04-15T17:33:39","version" => "v0.3.45"},{"date" => "2013-04-21T16:14:43","version" => "v0.4.47"},{"date" => "2013-04-22T15:09:36","version" => "v0.4.51"},{"date" => "2013-04-24T04:13:42","version" => "v0.6.59"},{"date" => "2013-04-24T23:34:41","version" => "v0.7.4"},{"date" => "2013-04-27T01:18:07","version" => "v0.7.6"},{"date" => "2013-04-27T11:36:59","version" => "v0.7.7"},{"date" => "2013-04-30T22:32:47","version" => "v0.8.3"},{"date" => "2013-05-02T18:45:43","version" => "v0.9.5"},{"date" => "2013-05-04T00:14:46","version" => "v0.10.1"},{"date" => "2013-05-04T20:22:41","version" => "v0.11.1"},{"date" => "2013-05-06T15:08:18","version" => "v0.12.1"},{"date" => "2013-05-08T15:51:41","version" => "v0.12.3"},{"date" => "2013-05-09T23:42:20","version" => "v0.12.5"},{"date" => "2013-05-10T19:29:24","version" => "v0.12.6"},{"date" => "2013-05-11T02:15:00","version" => "v0.13.1"},{"date" => "2013-05-11T13:59:50","version" => "v0.14.2"},{"date" => "2013-05-12T18:03:55","version" => "v0.15.3"},{"date" => "2013-05-14T12:49:37","version" => "v0.15.5"},{"date" => "2013-05-15T17:55:40","version" => "v0.15.6"},{"date" => "2013-05-15T20:59:19","version" => "v0.15.7"},{"date" => "2013-05-16T23:02:48","version" => "v0.15.8"},{"date" => "2013-05-19T12:59:15","version" => "v0.15.9"},{"date" => "2013-06-08T17:12:50","version" => "v0.16.1"},{"date" => "2013-07-28T18:42:27","version" => "v0.17.16"},{"date" => "2013-07-29T16:10:28","version" => "v0.17.17"},{"date" => "2013-07-29T23:51:34","version" => "v0.17.18"},{"date" => "2013-07-30T13:06:37","version" => "v0.17.19"},{"date" => "2013-08-07T17:56:55","version" => "v0.18.0"},{"date" => "2013-08-07T17:58:22","version" => "v0.18.1"},{"date" => "2013-08-08T13:39:44","version" => "v0.18.2"},{"date" => "2013-08-10T08:51:08","version" => "v0.18.3"},{"date" => "2013-08-10T21:18:54","version" => "v0.18.4"},{"date" => "2013-08-17T15:47:30","version" => "0.20.1"},{"date" => "2013-08-21T12:36:06","version" => "0.21.1"},{"date" => "2013-08-21T12:56:35","version" => "0.22.1"},{"date" => "2013-09-14T09:38:12","version" => "0.23.1"},{"date" => "2013-09-16T20:23:50","version" => "0.24.1"},{"date" => "2013-11-23T13:38:55","version" => "0.25.1"},{"date" => "2013-11-25T21:30:21","version" => "0.26.1"},{"date" => "2013-12-11T17:25:32","version" => "0.27.1"},{"date" => "2013-12-12T14:23:50","version" => "0.28.1"},{"date" => "2013-12-12T21:54:50","version" => "0.29.1"},{"date" => "2014-01-24T21:05:50","version" => "0.31.2"},{"date" => "2014-05-01T14:42:10","version" => "0.32.1"},{"date" => "2014-05-15T20:55:59","version" => "0.33.1"},{"date" => "2014-05-19T11:47:05","version" => "0.34.1"},{"date" => "2014-10-28T13:51:21","version" => "0.36.1"},{"date" => "2015-02-11T17:52:30","version" => "0.38.1"},{"date" => "2015-02-11T19:03:04","version" => "0.39.1"},{"date" => "2015-06-08T21:47:29","version" => "0.40.1"},{"date" => "2016-04-04T12:15:12","version" => "0.41.1"},{"date" => "2017-05-08T19:30:17","version" => "0.42.1"}]},"Module-ScanDeps" => {"advisories" => [{"affected_versions" => ["<1.36"],"cves" => ["CVE-2024-10224"],"description" => "Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a \"pesky pipe\" (such as passing \"commands|\" as a filename) or by passing arbitrary strings to eval().\n","distribution" => "Module-ScanDeps","fixed_versions" => [">=1.36"],"id" => "CPANSA-Module-ScanDeps-2024-10224","references" => ["https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529","https://www.cve.org/CVERecord?id=CVE-2024-10224","https://www.qualys.com/2024/11/19/needrestart/needrestart.txt","https://lists.debian.org/debian-lts-announce/2024/11/msg00015.html","https://ubuntu.com/security/CVE-2024-10224"],"reported" => "2024-11-19","severity" => undef}],"main_module" => "Module::ScanDeps","versions" => [{"date" => "2002-11-02T02:07:07","version" => "0.01"},{"date" => "2002-11-02T15:56:27","version" => "0.02"},{"date" => "2002-11-03T19:51:24","version" => "0.03"},{"date" => "2002-11-04T12:01:46","version" => "0.10"},{"date" => "2003-01-18T19:35:58","version" => "0.12"},{"date" => "2003-01-18T21:08:58","version" => "0.13"},{"date" => "2003-01-19T15:48:47","version" => "0.14"},{"date" => "2003-02-25T03:23:37","version" => "0.17"},{"date" => "2003-03-20T11:59:13","version" => "0.18"},{"date" => "2003-03-22T13:20:27","version" => "0.19"},{"date" => "2003-07-30T14:59:45","version" => "0.20"},{"date" => "2003-07-30T15:18:11","version" => "0.21"},{"date" => "2003-08-07T18:41:51","version" => "0.22"},{"date" => "2003-08-08T10:19:27","version" => "0.23"},{"date" => "2003-08-10T05:43:06","version" => "0.24"},{"date" => "2003-08-10T15:46:55","version" => "0.25"},{"date" => "2003-08-16T04:48:20","version" => "0.27"},{"date" => "2003-08-17T19:03:59","version" => "0.28"},{"date" => "2003-09-17T09:18:20","version" => "0.29"},{"date" => "2003-09-20T20:36:32","version" => "0.30"},{"date" => "2003-10-17T22:37:35","version" => "0.31"},{"date" => "2003-10-26T10:53:58","version" => "0.32"},{"date" => "2003-12-21T01:21:51","version" => "0.33"},{"date" => "2003-12-30T02:36:30","version" => "0.34"},{"date" => "2003-12-31T12:02:59","version" => "0.35"},{"date" => "2003-12-31T15:33:07","version" => "0.37"},{"date" => "2004-01-08T11:38:10","version" => "0.38"},{"date" => "2004-01-25T16:28:12","version" => "0.39"},{"date" => "2004-02-23T21:14:41","version" => "0.40"},{"date" => "2004-04-18T16:05:29","version" => "0.41"},{"date" => "2004-04-30T20:02:44","version" => "0.42"},{"date" => "2004-06-02T18:05:32","version" => "0.43"},{"date" => "2004-06-08T19:06:29","version" => "0.44"},{"date" => "2004-06-30T08:03:18","version" => "0.45"},{"date" => "2004-07-02T10:35:16","version" => "0.46"},{"date" => "2004-08-30T22:13:57","version" => "0.47"},{"date" => "2004-09-06T20:56:31","version" => "0.48"},{"date" => "2004-09-26T17:45:11","version" => "0.49"},{"date" => "2004-10-03T17:31:23","version" => "0.50"},{"date" => "2005-01-07T20:57:46","version" => "0.51"},{"date" => "2005-12-12T12:05:41","version" => "0.52"},{"date" => "2006-01-09T18:07:40","version" => "0.53"},{"date" => "2006-01-11T03:19:40","version" => "0.54"},{"date" => "2006-02-17T16:39:23","version" => "0.55"},{"date" => "2006-02-20T15:38:03","version" => "0.56"},{"date" => "2006-03-03T19:30:56","version" => "0.57"},{"date" => "2006-04-16T14:54:53","version" => "0.58"},{"date" => "2006-05-03T09:13:49","version" => "0.59"},{"date" => "2006-05-23T15:29:09","version" => "0.60"},{"date" => "2006-06-30T19:12:26","version" => "0.61"},{"date" => "2006-07-16T09:25:37","version" => "0.62"},{"date" => "2006-08-27T17:26:32","version" => "0.63"},{"date" => "2006-09-23T07:46:41","version" => "0.64"},{"date" => "2006-09-24T07:59:07","version" => "0.64"},{"date" => "2006-09-24T09:03:21","version" => "0.66"},{"date" => "2006-10-24T16:12:59","version" => "0.67"},{"date" => "2006-10-25T19:08:27","version" => "0.68"},{"date" => "2006-11-07T18:16:07","version" => "0.69"},{"date" => "2006-11-21T11:00:52","version" => "0.70"},{"date" => "2007-01-04T19:28:34","version" => "0.71"},{"date" => "2007-02-03T10:40:10","version" => "0.72"},{"date" => "2007-03-25T18:35:04","version" => "0.73"},{"date" => "2007-04-14T09:17:51","version" => "0.73_01"},{"date" => "2007-04-30T18:45:05","version" => "0.74"},{"date" => "2007-06-24T17:25:22","version" => "0.75"},{"date" => "2007-07-21T15:40:54","version" => "0.76"},{"date" => "2007-09-20T17:42:07","version" => "0.77"},{"date" => "2007-11-17T04:18:23","version" => "0.78"},{"date" => "2007-11-30T21:08:01","version" => "0.80"},{"date" => "2007-12-07T13:24:35","version" => "0.81"},{"date" => "2008-01-28T16:33:27","version" => "0.82"},{"date" => "2008-03-22T23:35:16","version" => "0.83"},{"date" => "2008-05-13T14:39:03","version" => "0.84"},{"date" => "2008-10-23T13:17:33","version" => "0.86"},{"date" => "2008-10-28T13:10:35","version" => "0.87"},{"date" => "2008-11-02T16:06:00","version" => "0.83"},{"date" => "2008-11-03T21:38:03","version" => "0.83"},{"date" => "2009-05-09T09:09:37","version" => "0.90"},{"date" => "2009-06-22T20:07:07","version" => "0.91"},{"date" => "2009-07-19T08:55:54","version" => "0.92"},{"date" => "2009-07-19T09:51:33","version" => "0.93"},{"date" => "2009-08-10T18:32:02","version" => "0.94"},{"date" => "2009-09-16T09:14:53","version" => "0.95"},{"date" => "2009-11-13T10:36:02","version" => "0.96"},{"date" => "2010-04-10T15:20:47","version" => "0.97"},{"date" => "2010-07-26T19:24:02","version" => "0.98"},{"date" => "2011-02-19T16:00:01","version" => "1.00"},{"date" => "2011-03-26T12:51:17","version" => "1.01"},{"date" => "2011-04-03T19:59:22","version" => "1.02"},{"date" => "2011-07-18T21:29:19","version" => "1.03"},{"date" => "2011-07-21T09:09:46","version" => "1.04"},{"date" => "2011-11-02T18:31:39","version" => "1.05"},{"date" => "2011-11-28T15:50:49","version" => "1.06"},{"date" => "2011-11-29T18:02:00","version" => "1.07"},{"date" => "2012-02-21T16:07:41","version" => "1.08"},{"date" => "2012-09-09T11:14:11","version" => "1.09"},{"date" => "2012-10-20T14:15:34","version" => "1.10"},{"date" => "2013-09-28T10:27:58","version" => "1.11"},{"date" => "2013-12-01T14:49:13","version" => "1.12"},{"date" => "2013-12-21T12:07:54","version" => "1.13"},{"date" => "2014-08-03T11:34:45","version" => "1.14"},{"date" => "2014-08-23T15:39:26","version" => "1.15"},{"date" => "2014-09-28T16:17:32","version" => "1.16"},{"date" => "2014-10-31T11:13:34","version" => "1.17"},{"date" => "2015-01-19T21:56:34","version" => "1.18"},{"date" => "2015-05-27T08:53:42","version" => "1.19"},{"date" => "2015-10-04T13:18:36","version" => "1.20"},{"date" => "2016-04-05T10:11:15","version" => "1.21"},{"date" => "2016-09-17T20:57:48","version" => "1.22"},{"date" => "2016-11-16T19:46:41","version" => "1.23"},{"date" => "2017-06-28T17:13:27","version" => "1.24"},{"date" => "2018-08-17T22:21:56","version" => "1.25"},{"date" => "2018-12-12T17:38:39","version" => "1.26"},{"date" => "2018-12-13T17:16:52","version" => "1.26_001"},{"date" => "2019-01-15T20:08:40","version" => "1.27"},{"date" => "2020-08-06T08:02:24","version" => "1.28"},{"date" => "2020-08-16T12:35:20","version" => "1.29"},{"date" => "2021-01-13T15:02:27","version" => "1.30"},{"date" => "2021-04-21T14:17:01","version" => "1.31"},{"date" => "2023-06-14T09:30:00","version" => "1.31_001"},{"date" => "2023-06-15T11:55:12","version" => "1.31_002"},{"date" => "2023-06-16T09:04:27","version" => "1.31_003"},{"date" => "2023-06-18T10:34:43","version" => "1.31_004"},{"date" => "2023-07-05T15:58:09","version" => "1.32"},{"date" => "2023-08-04T15:50:23","version" => "1.33"},{"date" => "2023-09-24T15:21:05","version" => "1.34"},{"date" => "2023-11-05T12:46:38","version" => "1.35"},{"date" => "2024-11-19T16:12:58","version" => "1.37"}]},"Module-Signature" => {"advisories" => [{"affected_versions" => ["<0.72"],"cves" => ["CVE-2013-2145"],"description" => "The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a \"special unknown cipher\" that references an untrusted module in Digest/.\n","distribution" => "Module-Signature","fixed_versions" => [">=0.72"],"id" => "CPANSA-Module-Signature-2013-01","references" => ["https://metacpan.org/changes/distribution/Module-Signature"],"reported" => "2013-08-19"}],"main_module" => "Module::Signature","versions" => [{"date" => "2002-08-13T14:04:00","version" => "0.02"},{"date" => "2002-08-13T15:48:18","version" => "0.03"},{"date" => "2002-08-14T08:03:45","version" => "0.04"},{"date" => "2002-08-14T09:28:41","version" => "0.05"},{"date" => "2002-10-10T15:22:33","version" => "0.06"},{"date" => "2002-10-11T04:16:01","version" => "0.07"},{"date" => "2002-10-11T19:32:19","version" => "0.08"},{"date" => "2002-10-12T10:33:29","version" => "0.09"},{"date" => "2002-10-12T11:10:21","version" => "0.10"},{"date" => "2002-10-12T19:23:48","version" => "0.11"},{"date" => "2002-10-12T22:55:54","version" => "0.12"},{"date" => "2002-10-13T05:22:45","version" => "0.13"},{"date" => "2002-10-17T06:14:07","version" => "0.14"},{"date" => "2002-10-17T22:01:57","version" => "0.15"},{"date" => "2002-10-28T23:37:00","version" => "0.16"},{"date" => "2002-10-30T07:05:06","version" => "0.17"},{"date" => "2002-11-04T15:08:41","version" => "0.18"},{"date" => "2002-11-04T15:13:45","version" => "0.19"},{"date" => "2002-11-04T15:24:41","version" => "0.20"},{"date" => "2002-11-22T10:28:48","version" => "0.21"},{"date" => "2003-05-15T18:44:28","version" => "0.23"},{"date" => "2003-07-08T02:49:57","version" => "0.24"},{"date" => "2003-07-16T06:31:58","version" => "0.25"},{"date" => "2003-07-17T14:03:19","version" => "0.26"},{"date" => "2003-07-28T14:31:54","version" => "0.27"},{"date" => "2003-07-29T15:30:55","version" => "0.28"},{"date" => "2003-08-08T02:54:01","version" => "0.29"},{"date" => "2003-08-10T13:35:38","version" => "0.30"},{"date" => "2003-08-10T17:17:19","version" => "0.31"},{"date" => "2003-08-11T09:15:13","version" => "0.32"},{"date" => "2003-08-12T04:11:59","version" => "0.33"},{"date" => "2003-08-18T15:32:45","version" => "0.34"},{"date" => "2003-08-27T07:08:31","version" => "0.35"},{"date" => "2003-10-28T04:22:56","version" => "0.36"},{"date" => "2003-11-06T10:55:07","version" => "0.37"},{"date" => "2004-01-01T10:14:15","version" => "0.38"},{"date" => "2004-06-17T15:17:14","version" => "0.39"},{"date" => "2004-07-01T12:18:17","version" => "0.40"},{"date" => "2004-07-04T08:19:11","version" => "0.41"},{"date" => "2004-11-20T06:19:22","version" => "0.42"},{"date" => "2004-12-16T06:45:55","version" => "0.43"},{"date" => "2004-12-16T07:17:30","version" => "0.44"},{"date" => "2005-08-09T04:23:46","version" => "0.45"},{"date" => "2005-08-21T08:16:22","version" => "0.50"},{"date" => "2006-01-01T18:41:57","version" => "0.51"},{"date" => "2006-01-18T16:32:37","version" => "0.52"},{"date" => "2006-01-31T05:02:24","version" => "0.53"},{"date" => "2006-05-11T17:12:46","version" => "0.54"},{"date" => "2006-07-30T01:15:07","version" => "0.55"},{"date" => "2009-11-16T14:59:35","version" => "0.60"},{"date" => "2009-11-18T16:58:07","version" => "0.61"},{"date" => "2010-03-23T21:21:37","version" => "0.62"},{"date" => "2010-03-28T02:49:21","version" => "0.62"},{"date" => "2010-05-08T22:55:43","version" => "0.62"},{"date" => "2010-09-03T19:55:36","version" => "0.65"},{"date" => "2010-09-06T20:58:24","version" => "0.66"},{"date" => "2011-04-17T15:09:22","version" => "0.67"},{"date" => "2011-05-13T09:55:20","version" => "0.68"},{"date" => "2012-11-02T15:20:28","version" => "0.69"},{"date" => "2012-11-28T17:49:21","version" => "0.70"},{"date" => "2013-06-04T10:29:18","version" => "0.71"},{"date" => "2013-06-05T15:21:34","version" => "0.72"},{"date" => "2013-06-05T20:57:10","version" => "0.73"},{"date" => "2015-04-06T18:39:32","version" => "0.74"},{"date" => "2015-04-06T20:58:34","version" => "0.75"},{"date" => "2015-04-08T10:13:11","version" => "0.76"},{"date" => "2015-04-08T11:47:26","version" => "0.77"},{"date" => "2015-04-09T09:00:30","version" => "0.78"},{"date" => "2015-05-18T15:18:02","version" => "0.79"},{"date" => "2016-06-07T06:36:30","version" => "0.80"},{"date" => "2016-09-05T06:41:06","version" => "0.81"},{"date" => "2018-08-26T15:19:13","version" => "0.81"},{"date" => "2018-08-29T08:35:25","version" => "0.83"},{"date" => "2020-06-25T13:01:10","version" => "0.84"},{"date" => "2020-06-25T13:10:23","version" => "0.86"},{"date" => "2020-07-04T07:16:32","version" => "0.87"},{"date" => "2021-12-18T03:39:32","version" => "0.87"},{"date" => "2024-09-14T13:57:16","version" => "0.89"},{"date" => "2024-09-15T22:11:10","version" => "0.89"},{"date" => "2025-06-12T01:04:46","version" => "0.90"},{"date" => "2025-06-12T20:20:16","version" => "0.90"},{"date" => "2025-06-24T15:20:35","version" => "0.91"},{"date" => "2025-06-25T17:30:52","version" => "0.92"},{"date" => "2025-06-27T19:39:37","version" => "0.93"}]},"Mojo-DOM-Role-Analyzer" => {"advisories" => [{"affected_versions" => ["<=0.015"],"cves" => ["CVE-2024-38526"],"description" => "pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.\n","distribution" => "Mojo-DOM-Role-Analyzer","embedded_vulnerability" => {"distributed_version" => undef,"name" => "polyfill.io"},"fixed_versions" => [],"id" => "CPANSA-Mojo-DOM-Role-Analyzer-2024-38526","references" => ["https://github.com/mitmproxy/pdoc/pull/703","https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62","https://sansec.io/research/polyfill-supply-chain-attack","https://github.com/briandfoy/cpan-security-advisory/issues/155","https://github.com/sdondley/Mojo-DOM-Role-Analyzer/issues/10","https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/"],"reported" => "2024-06-26","severity" => undef}],"main_module" => "Mojo::DOM::Role::Analyzer","versions" => [{"date" => "2020-08-04T22:48:59","version" => "0.007"},{"date" => "2020-08-05T13:43:47","version" => "0.008"},{"date" => "2020-08-06T02:47:29","version" => "0.009"},{"date" => "2020-08-08T13:39:18","version" => "0.010"},{"date" => "2020-08-09T13:43:20","version" => "0.011"},{"date" => "2020-08-09T23:37:24","version" => "0.012"},{"date" => "2020-08-12T03:21:57","version" => "0.013"},{"date" => "2020-08-13T21:09:19","version" => "0.014"},{"date" => "2020-08-16T15:39:17","version" => "0.015"}]},"MojoMojo" => {"advisories" => [{"affected_versions" => ["<0.999033"],"cves" => [],"description" => "Anonymous users can delete attachments.\n","distribution" => "MojoMojo","fixed_versions" => [">=0.999033"],"id" => "CPANSA-MojoMojo-2009-01","references" => ["https://metacpan.org/changes/distribution/MojoMojo","https://github.com/mojomojo/mojomojo/commit/a9b9fd4f4f037627d30f3cbaa10abe42a3439637"],"reported" => "2009-08-14"}],"main_module" => "MojoMojo","versions" => [{"date" => "2007-08-29T14:32:52","version" => "0.05"},{"date" => "2007-09-12T21:46:24","version" => "0.05"},{"date" => "2007-09-13T11:28:37","version" => "0.05"},{"date" => "2007-09-18T07:33:43","version" => "0.999004"},{"date" => "2007-09-18T08:02:02","version" => "0.999005"},{"date" => "2007-09-19T20:59:39","version" => "0.999006"},{"date" => "2007-09-23T23:30:59","version" => "0.999007"},{"date" => "2007-11-12T22:25:35","version" => "0.999008"},{"date" => "2008-01-20T23:15:07","version" => "0.999010"},{"date" => "2008-01-23T23:00:05","version" => "0.999011"},{"date" => "2008-02-05T23:20:47","version" => "0.999012"},{"date" => "2008-03-05T00:34:49","version" => "0.999013"},{"date" => "2008-05-02T18:11:49","version" => "0.999014"},{"date" => "2008-05-03T16:10:08","version" => "0.999015"},{"date" => "2008-06-29T13:03:39","version" => "0.999016"},{"date" => "2008-07-09T14:26:56","version" => "0.999017"},{"date" => "2008-07-16T19:26:46","version" => "0.999018"},{"date" => "2008-07-19T21:33:36","version" => "0.999018"},{"date" => "2008-07-29T16:25:08","version" => "0.999018"},{"date" => "2008-11-01T01:04:37","version" => "0.999021"},{"date" => "2008-11-15T09:09:37","version" => "0.999022"},{"date" => "2008-11-23T16:45:05","version" => "0.999023"},{"date" => "2008-12-31T17:53:50","version" => "0.999024"},{"date" => "2009-01-04T22:51:40","version" => "0.999025"},{"date" => "2009-01-07T23:28:15","version" => "0.999026"},{"date" => "2009-01-30T23:29:25","version" => "0.999027"},{"date" => "2009-04-23T10:06:20","version" => "0.999028"},{"date" => "2009-05-09T23:21:10","version" => "0.999029"},{"date" => "2009-07-18T19:39:14","version" => "0.999030"},{"date" => "2009-07-26T19:39:37","version" => "0.999031"},{"date" => "2009-08-02T21:28:51","version" => "0.999032"},{"date" => "2009-08-14T12:50:18","version" => "0.999033"},{"date" => "2009-09-04T18:27:34","version" => "0.999040"},{"date" => "2009-10-26T16:07:25","version" => "0.999041"},{"date" => "2009-12-02T08:22:24","version" => "0.999042"},{"date" => "2010-05-11T22:58:19","version" => "1.00"},{"date" => "2010-05-27T07:44:39","version" => "1.01"},{"date" => "2010-08-30T21:24:41","version" => "1.02"},{"date" => "2011-01-13T12:48:10","version" => "1.03"},{"date" => "2011-03-12T23:37:45","version" => "1.04"},{"date" => "2011-09-14T10:09:05","version" => "1.05"},{"date" => "2012-08-07T10:39:42","version" => "1.06"},{"date" => "2012-11-12T23:30:00","version" => "1.07"},{"date" => "2013-01-06T07:46:41","version" => "1.08"},{"date" => "2013-01-25T16:06:42","version" => "1.09"},{"date" => "2013-05-12T22:59:03","version" => "1.10"},{"date" => "2014-12-25T17:13:24","version" => "1.11"},{"date" => "2017-05-13T13:47:52","version" => "1.12"}]},"Mojolicious" => {"advisories" => [{"affected_versions" => ["<9.31"],"cves" => [],"description" => "Mojo::DOM did not correctly parse <script> tags.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.31"],"id" => "CPANSA-Mojolicious-2022-03","references" => ["https://github.com/mojolicious/mojo/commit/6f195d85db6756022d3599f7d2634975688c9550","https://github.com/mojolicious/mojo/issues/2014","https://github.com/mojolicious/mojo/issues/2015"],"reported" => "2022-12-10","severity" => undef},{"affected_versions" => ["<9.19"],"cves" => [],"description" => "Small sessions could be used as part of a brute-force attack to decode the session secret.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.91"],"id" => "CPANSA-Mojolicious-2021-02","references" => ["https://github.com/mojolicious/mojo/pull/1791"],"reported" => "2021-06-01","severity" => undef},{"affected_versions" => ["<9.11"],"cves" => ["CVE-2021-47208"],"description" => "A bug in format detection can potentially be exploited for a DoS attack.\n","distribution" => "Mojolicious","fixed_versions" => [">=9.11"],"id" => "CPANSA-Mojolicious-2021-01","references" => ["https://github.com/mojolicious/mojo/issues/1736","https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c"],"reported" => "2021-03-16","severity" => undef},{"affected_versions" => [">1.74,<8.65"],"cves" => ["CVE-2020-36829"],"description" => "Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.\n","distribution" => "Mojolicious","fixed_versions" => [">=8.65"],"id" => "CPANSA-Mojolicious-2020-01","references" => ["https://github.com/mojolicious/mojo/pull/1601"],"reported" => "2020-11-10","reviewed_by" => [{"date" => "2022-06-22","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}],"severity" => undef},{"affected_versions" => [">7.83,<7.92"],"cves" => [],"description" => "This release reverts the addition of stream classes (added in 7.83), which have unfortunately resulted in many Mojolicious applications becoming unstable. While there are no known exploits yet, we've chosen to err on the side of cautiousness and will classify this as a security issue.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.92"],"id" => "CPANSA-Mojolicious-2018-04","references" => ["https://github.com/mojolicious/mojo/commit/61f6cbf22c7bf8eb4787bd1014d91ee2416c73e7"],"reported" => "2018-08-09","severity" => "critical"},{"affected_versions" => ["<7.80"],"cves" => [],"description" => "Mojo::UserAgent was not checking peer SSL certificates by default.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.80"],"id" => "CPANSA-Mojolicious-2018-03","references" => ["https://github.com/mojolicious/mojo/pull/1226","https://github.com/mojolicious/mojo/commit/d3cbbad890673612fdbdea63fdd522b516f6104c"],"reported" => "2018-05-19","severity" => "high"},{"affected_versions" => ["<7.78"],"cves" => [],"description" => "GET requests with embedded backslashes can be used to access local files on Windows hosts\n","distribution" => "Mojolicious","fixed_versions" => [">=7.78"],"id" => "CPANSA-Mojolicious-2018-02","references" => ["https://github.com/mojolicious/mojo/pull/1217","https://github.com/mojolicious/mojo/commit/23ebe051d9378f0f122e3c908845fc0c2cae0106"],"reported" => "2018-05-11","severity" => "critical"},{"affected_versions" => ["<7.66"],"cves" => ["CVE-2018-25100"],"description" => "Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.\n","distribution" => "Mojolicious","fixed_versions" => [">=7.66"],"id" => "CPANSA-Mojolicious-2018-01","references" => ["https://github.com/mojolicious/mojo/pull/1192","https://github.com/mojolicious/mojo/issues/1185","https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149"],"reported" => "2018-02-13","severity" => "minor"},{"affected_versions" => ["<5.76"],"cves" => [],"description" => "Directory traversal on Windows\n","distribution" => "Mojolicious","fixed_versions" => [">=5.76"],"id" => "CPANSA-Mojolicious-2015-01","references" => ["https://github.com/mojolicious/mojo/issues/738","https://github.com/mojolicious/mojo/commit/9ffa38fca73a9ddee91cbc70e0696268d500edde"],"reported" => "2015-02-02","severity" => "critical"},{"affected_versions" => ["<5.48"],"cves" => [],"description" => "Context sensitivity of method param could lead to parameter injection attacks.\n","distribution" => "Mojolicious","fixed_versions" => [">=5.48"],"id" => "CPANSA-Mojolicious-2014-01","references" => ["https://github.com/mojolicious/mojo/commit/a815d4797145f872ef6e9f1270841eda1d410afb"],"reported" => "2014-10-07","severity" => "high"},{"affected_versions" => ["<1.16"],"cves" => ["CVE-2011-1589"],"description" => "Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.16"],"id" => "CPANSA-Mojolicious-2011-02","references" => ["https://github.com/mojolicious/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818","https://www.cvedetails.com/cve/CVE-2011-1589/"],"reported" => "2011-04-05","severity" => "critical"},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2011-1841"],"description" => "Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.12"],"id" => "CPANSA-Mojolicious-2011-01","references" => ["https://exchange.xforce.ibmcloud.com/vulnerabilities/67257","https://www.debian.org/security/2011/dsa-2239","https://github.com/mojolicious/mojo/commit/f6801ef7be8c78092e38f870b19fae3da0899d60"],"reported" => "2011-03-10","severity" => "high"},{"affected_versions" => ["<0.999927"],"cves" => ["CVE-2010-4803"],"description" => "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=0.999927"],"id" => "CPANSA-Mojolicious-2010-4803","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952","http://www.debian.org/security/2011/dsa-2239"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<0.999928"],"cves" => ["CVE-2010-4802"],"description" => "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=0.999928"],"id" => "CPANSA-Mojolicious-2010-4802","references" => ["https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952","https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44","http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://www.debian.org/security/2011/dsa-2239"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<1.12"],"cves" => ["CVE-2011-1841"],"description" => "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">=1.12"],"id" => "CPANSA-Mojolicious-2011-1841","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes","http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html","http://www.debian.org/security/2011/dsa-2239","http://www.securityfocus.com/bid/47713","https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => ["<0.991250"],"cves" => ["CVE-2009-5074"],"description" => "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.\n","distribution" => "Mojolicious","fixed_versions" => [">0.991250"],"id" => "CPANSA-Mojolicious-2009-5074","references" => ["http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"],"reported" => "2011-05-03","severity" => undef},{"affected_versions" => [">=0.999922"],"cves" => ["CVE-2024-58134"],"description" => "Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.  These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.","distribution" => "Mojolicious","fixed_versions" => [],"id" => "CPANSA-Mojolicious-2024-58134","references" => ["https://github.com/hashcat/hashcat/pull/4090","https://github.com/mojolicious/mojo/pull/1791","https://github.com/mojolicious/mojo/pull/2200","https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802","https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51","https://www.synacktiv.com/publications/baking-mojolicious-cookies","https://www.cve.org/CVERecord?id=CVE-2024-58134"],"reported" => "2025-05-03","severity" => undef},{"affected_versions" => [">=7.28"],"comment" => "Mojolicious will use CryptX if it is installed, but it falls back to the default behavior otherwise","cves" => ["CVE-2024-58135"],"description" => "Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets.  When creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.","distribution" => "Mojolicious","fixed_versions" => [],"id" => "CPANSA-Mojolicious-2024-58135","references" => ["https://github.com/hashcat/hashcat/pull/4090","https://github.com/mojolicious/mojo/pull/2200","https://metacpan.org/release/SRI/Mojolicious-7.28/source/lib/Mojolicious/Command/generate/app.pm#L220","https://metacpan.org/release/SRI/Mojolicious-9.38/source/lib/Mojolicious/Command/Author/generate/app.pm#L202","https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojo/Util.pm#L181","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-05-03","severity" => undef}],"main_module" => "Mojolicious","versions" => [{"date" => "2010-02-11T02:04:14","version" => "0.999920"},{"date" => "2010-02-11T02:55:03","version" => "0.999921"},{"date" => "2010-02-26T18:50:34","version" => "0.999922"},{"date" => "2010-03-08T20:03:52","version" => "0.999923"},{"date" => "2010-03-20T22:56:55","version" => "0.999924"},{"date" => "2010-06-07T22:33:12","version" => "0.999925"},{"date" => "2010-06-11T10:33:01","version" => "0.999926"},{"date" => "2010-08-15T13:48:19","version" => "0.999927"},{"date" => "2010-08-17T17:41:47","version" => "0.999928"},{"date" => "2010-08-17T17:54:45","version" => "0.999929"},{"date" => "2010-10-19T13:57:49","version" => "0.999930"},{"date" => "2010-10-26T04:44:54","version" => "0.999931"},{"date" => "2010-10-30T00:54:42","version" => "0.999932"},{"date" => "2010-10-30T19:46:09","version" => "0.999933"},{"date" => "2010-11-01T00:33:14","version" => "0.999934"},{"date" => "2010-11-03T20:34:11","version" => "0.999935"},{"date" => "2010-11-04T23:48:46","version" => "0.999936"},{"date" => "2010-11-09T20:13:52","version" => "0.999937"},{"date" => "2010-11-09T21:24:17","version" => "0.999938"},{"date" => "2010-11-15T17:56:49","version" => "0.999939"},{"date" => "2010-11-15T23:18:40","version" => "0.999940"},{"date" => "2010-11-19T14:22:51","version" => "0.999941"},{"date" => "2010-12-01T18:57:50","version" => "0.999950"},{"date" => "2010-12-26T14:55:33","version" => "1.0"},{"date" => "2011-01-06T12:00:46","version" => "1.01"},{"date" => "2011-02-14T03:22:27","version" => "1.1"},{"date" => "2011-02-18T17:07:03","version" => "1.11"},{"date" => "2011-03-10T10:05:32","version" => "1.12"},{"date" => "2011-03-14T11:58:23","version" => "1.13"},{"date" => "2011-03-17T13:24:28","version" => "1.14"},{"date" => "2011-03-18T18:31:34","version" => "1.15"},{"date" => "2011-04-15T09:07:17","version" => "1.16"},{"date" => "2011-04-18T21:49:07","version" => "1.17"},{"date" => "2011-04-19T21:03:20","version" => "1.18"},{"date" => "2011-04-19T22:17:44","version" => "1.19"},{"date" => "2011-04-20T10:39:46","version" => "1.20"},{"date" => "2011-04-20T15:29:17","version" => "1.21"},{"date" => "2011-05-02T07:00:00","version" => "1.22"},{"date" => "2011-05-08T17:00:10","version" => "1.31"},{"date" => "2011-05-11T13:29:59","version" => "1.32"},{"date" => "2011-05-20T12:32:57","version" => "1.33"},{"date" => "2011-05-22T13:20:40","version" => "1.34"},{"date" => "2011-06-02T09:03:36","version" => "1.4"},{"date" => "2011-06-03T10:12:43","version" => "1.41"},{"date" => "2011-06-09T14:12:56","version" => "1.42"},{"date" => "2011-06-13T14:05:24","version" => "1.43"},{"date" => "2011-06-18T18:14:22","version" => "1.44"},{"date" => "2011-06-20T00:25:16","version" => "1.45"},{"date" => "2011-06-21T04:56:47","version" => "1.46"},{"date" => "2011-06-22T13:03:42","version" => "1.47"},{"date" => "2011-06-24T12:01:47","version" => "1.48"},{"date" => "2011-06-30T15:18:18","version" => "1.49"},{"date" => "2011-07-01T10:26:00","version" => "1.50"},{"date" => "2011-07-01T13:59:47","version" => "1.51"},{"date" => "2011-07-01T17:48:50","version" => "1.52"},{"date" => "2011-07-02T11:48:49","version" => "1.53"},{"date" => "2011-07-03T18:04:37","version" => "1.54"},{"date" => "2011-07-04T21:23:51","version" => "1.55"},{"date" => "2011-07-05T20:49:36","version" => "1.56"},{"date" => "2011-07-07T02:00:07","version" => "1.57"},{"date" => "2011-07-07T19:52:59","version" => "1.58"},{"date" => "2011-07-08T04:58:56","version" => "1.59"},{"date" => "2011-07-08T20:44:55","version" => "1.60"},{"date" => "2011-07-09T19:36:58","version" => "1.61"},{"date" => "2011-07-10T00:40:32","version" => "1.62"},{"date" => "2011-07-10T03:19:49","version" => "1.63"},{"date" => "2011-07-10T05:51:47","version" => "1.64"},{"date" => "2011-07-25T18:13:25","version" => "1.65"},{"date" => "2011-07-26T23:14:38","version" => "1.66"},{"date" => "2011-07-27T13:57:06","version" => "1.67"},{"date" => "2011-07-29T18:39:20","version" => "1.68"},{"date" => "2011-08-03T14:32:24","version" => "1.69"},{"date" => "2011-08-04T15:34:41","version" => "1.70"},{"date" => "2011-08-05T04:01:50","version" => "1.71"},{"date" => "2011-08-05T20:07:50","version" => "1.72"},{"date" => "2011-08-09T10:07:19","version" => "1.73"},{"date" => "2011-08-09T12:09:49","version" => "1.74"},{"date" => "2011-08-12T13:14:07","version" => "1.75"},{"date" => "2011-08-12T14:54:00","version" => "1.76"},{"date" => "2011-08-14T20:48:58","version" => "1.77"},{"date" => "2011-08-16T13:22:48","version" => "1.78"},{"date" => "2011-08-17T17:43:58","version" => "1.79"},{"date" => "2011-08-17T19:08:11","version" => "1.80"},{"date" => "2011-08-19T02:48:39","version" => "1.81"},{"date" => "2011-08-19T04:55:49","version" => "1.82"},{"date" => "2011-08-19T05:21:15","version" => "1.83"},{"date" => "2011-08-19T18:08:30","version" => "1.84"},{"date" => "2011-08-20T00:19:42","version" => "1.85"},{"date" => "2011-08-21T18:59:13","version" => "1.86"},{"date" => "2011-08-23T00:49:19","version" => "1.87"},{"date" => "2011-08-23T19:20:37","version" => "1.88"},{"date" => "2011-08-23T21:15:42","version" => "1.89"},{"date" => "2011-08-24T19:01:47","version" => "1.90"},{"date" => "2011-08-25T05:54:05","version" => "1.91"},{"date" => "2011-08-26T00:47:54","version" => "1.92"},{"date" => "2011-08-27T09:11:59","version" => "1.93"},{"date" => "2011-08-27T10:52:14","version" => "1.94"},{"date" => "2011-09-01T20:50:35","version" => "1.95"},{"date" => "2011-09-01T22:42:14","version" => "1.96"},{"date" => "2011-09-03T10:32:15","version" => "1.97"},{"date" => "2011-09-14T18:21:20","version" => "1.98"},{"date" => "2011-09-29T08:27:22","version" => "1.99"},{"date" => "2011-10-17T16:25:55","version" => "2.0"},{"date" => "2011-10-19T12:49:44","version" => "2.01"},{"date" => "2011-10-19T23:41:41","version" => "2.02"},{"date" => "2011-10-20T12:24:36","version" => "2.03"},{"date" => "2011-10-21T15:37:59","version" => "2.04"},{"date" => "2011-10-22T16:36:22","version" => "2.05"},{"date" => "2011-10-22T21:44:31","version" => "2.06"},{"date" => "2011-10-23T00:39:23","version" => "2.07"},{"date" => "2011-10-23T01:30:44","version" => "2.08"},{"date" => "2011-10-23T02:13:30","version" => "2.09"},{"date" => "2011-10-25T02:22:41","version" => "2.10"},{"date" => "2011-10-25T18:47:46","version" => "2.11"},{"date" => "2011-10-27T01:54:39","version" => "2.12"},{"date" => "2011-10-27T19:15:21","version" => "2.13"},{"date" => "2011-10-28T20:28:23","version" => "2.14"},{"date" => "2011-10-29T04:29:30","version" => "2.15"},{"date" => "2011-10-29T20:52:07","version" => "2.16"},{"date" => "2011-10-30T00:55:35","version" => "2.17"},{"date" => "2011-10-30T18:03:30","version" => "2.18"},{"date" => "2011-10-31T09:07:02","version" => "2.19"},{"date" => "2011-11-01T00:40:20","version" => "2.20"},{"date" => "2011-11-02T01:29:01","version" => "2.21"},{"date" => "2011-11-03T15:21:43","version" => "2.22"},{"date" => "2011-11-04T18:45:33","version" => "2.23"},{"date" => "2011-11-05T16:16:00","version" => "2.24"},{"date" => "2011-11-08T21:13:48","version" => "2.25"},{"date" => "2011-11-10T16:53:32","version" => "2.26"},{"date" => "2011-11-16T20:59:52","version" => "2.27"},{"date" => "2011-11-17T23:44:36","version" => "2.28"},{"date" => "2011-11-19T20:10:28","version" => "2.29"},{"date" => "2011-11-20T00:19:04","version" => "2.30"},{"date" => "2011-11-20T22:25:03","version" => "2.31"},{"date" => "2011-11-24T10:31:31","version" => "2.32"},{"date" => "2011-11-28T12:32:13","version" => "2.33"},{"date" => "2011-11-28T14:02:31","version" => "2.34"},{"date" => "2011-12-01T14:19:35","version" => "2.35"},{"date" => "2011-12-05T10:52:35","version" => "2.36"},{"date" => "2011-12-10T18:18:16","version" => "2.37"},{"date" => "2011-12-17T12:03:38","version" => "2.38"},{"date" => "2011-12-22T12:31:43","version" => "2.39"},{"date" => "2011-12-24T13:04:21","version" => "2.40"},{"date" => "2011-12-28T16:09:18","version" => "2.41"},{"date" => "2012-01-02T17:15:52","version" => "2.42"},{"date" => "2012-01-08T03:43:27","version" => "2.43"},{"date" => "2012-01-17T23:21:12","version" => "2.44"},{"date" => "2012-01-18T15:23:03","version" => "2.45"},{"date" => "2012-01-25T18:20:48","version" => "2.46"},{"date" => "2012-02-06T16:28:27","version" => "2.47"},{"date" => "2012-02-09T07:04:28","version" => "2.48"},{"date" => "2012-02-13T19:45:00","version" => "2.49"},{"date" => "2012-02-18T01:18:38","version" => "2.50"},{"date" => "2012-02-19T12:32:58","version" => "2.51"},{"date" => "2012-02-24T15:01:33","version" => "2.52"},{"date" => "2012-02-25T05:53:29","version" => "2.53"},{"date" => "2012-02-27T15:31:19","version" => "2.54"},{"date" => "2012-02-27T19:26:41","version" => "2.55"},{"date" => "2012-03-01T21:07:06","version" => "2.56"},{"date" => "2012-03-03T22:01:50","version" => "2.57"},{"date" => "2012-03-09T18:38:46","version" => "2.58"},{"date" => "2012-03-09T19:02:23","version" => "2.59"},{"date" => "2012-03-13T16:50:25","version" => "2.60"},{"date" => "2012-03-14T00:41:48","version" => "2.61"},{"date" => "2012-03-17T09:05:12","version" => "2.62"},{"date" => "2012-03-20T18:39:51","version" => "2.63"},{"date" => "2012-03-21T01:23:59","version" => "2.64"},{"date" => "2012-03-22T22:06:10","version" => "2.65"},{"date" => "2012-03-23T16:16:55","version" => "2.66"},{"date" => "2012-03-24T14:29:35","version" => "2.67"},{"date" => "2012-03-24T14:59:52","version" => "2.68"},{"date" => "2012-03-27T12:53:44","version" => "2.69"},{"date" => "2012-03-30T21:24:44","version" => "2.70"},{"date" => "2012-04-03T01:46:31","version" => "2.71"},{"date" => "2012-04-03T13:16:07","version" => "2.72"},{"date" => "2012-04-03T17:10:05","version" => "2.73"},{"date" => "2012-04-03T22:33:05","version" => "2.74"},{"date" => "2012-04-05T01:57:10","version" => "2.75"},{"date" => "2012-04-05T03:52:05","version" => "2.76"},{"date" => "2012-04-09T12:36:15","version" => "2.77"},{"date" => "2012-04-09T18:54:51","version" => "2.78"},{"date" => "2012-04-10T10:58:23","version" => "2.79"},{"date" => "2012-04-10T14:25:57","version" => "2.80"},{"date" => "2012-04-15T18:49:31","version" => "2.81"},{"date" => "2012-04-16T21:09:32","version" => "2.82"},{"date" => "2012-04-18T18:51:37","version" => "2.83"},{"date" => "2012-04-18T21:29:14","version" => "2.84"},{"date" => "2012-04-19T15:37:54","version" => "2.85"},{"date" => "2012-04-23T12:21:14","version" => "2.86"},{"date" => "2012-04-23T14:19:09","version" => "2.87"},{"date" => "2012-04-24T02:15:58","version" => "2.88"},{"date" => "2012-04-24T20:08:49","version" => "2.89"},{"date" => "2012-04-25T11:35:38","version" => "2.90"},{"date" => "2012-04-26T19:20:37","version" => "2.91"},{"date" => "2012-04-30T16:50:01","version" => "2.92"},{"date" => "2012-05-05T22:00:26","version" => "2.93"},{"date" => "2012-05-10T03:49:57","version" => "2.94"},{"date" => "2012-05-10T20:08:54","version" => "2.95"},{"date" => "2012-05-21T08:26:37","version" => "2.96"},{"date" => "2012-05-28T12:11:13","version" => "2.97"},{"date" => "2012-05-30T18:21:26","version" => "2.98"},{"date" => "2012-06-26T06:45:51","version" => "3.0"},{"date" => "2012-07-01T10:00:07","version" => "3.01"},{"date" => "2012-07-03T19:21:54","version" => "3.02"},{"date" => "2012-07-06T21:17:36","version" => "3.03"},{"date" => "2012-07-07T11:29:24","version" => "3.04"},{"date" => "2012-07-07T21:49:48","version" => "3.05"},{"date" => "2012-07-11T17:27:01","version" => "3.06"},{"date" => "2012-07-13T00:25:44","version" => "3.07"},{"date" => "2012-07-13T21:53:56","version" => "3.08"},{"date" => "2012-07-16T19:46:15","version" => "3.09"},{"date" => "2012-07-16T20:00:50","version" => "3.10"},{"date" => "2012-07-19T01:44:35","version" => "3.11"},{"date" => "2012-07-20T12:30:03","version" => "3.12"},{"date" => "2012-07-24T17:03:04","version" => "3.13"},{"date" => "2012-07-27T11:05:47","version" => "3.14"},{"date" => "2012-07-28T11:32:31","version" => "3.15"},{"date" => "2012-07-31T18:55:11","version" => "3.16"},{"date" => "2012-08-01T00:38:50","version" => "3.17"},{"date" => "2012-08-01T19:15:21","version" => "3.18"},{"date" => "2012-08-02T15:40:34","version" => "3.19"},{"date" => "2012-08-03T23:32:38","version" => "3.20"},{"date" => "2012-08-05T22:32:21","version" => "3.21"},{"date" => "2012-08-06T19:53:03","version" => "3.22"},{"date" => "2012-08-07T03:37:26","version" => "3.23"},{"date" => "2012-08-07T20:56:45","version" => "3.24"},{"date" => "2012-08-08T00:31:31","version" => "3.25"},{"date" => "2012-08-08T04:04:18","version" => "3.26"},{"date" => "2012-08-08T21:18:27","version" => "3.27"},{"date" => "2012-08-10T12:18:38","version" => "3.28"},{"date" => "2012-08-13T13:42:56","version" => "3.29"},{"date" => "2012-08-13T16:14:35","version" => "3.30"},{"date" => "2012-08-15T09:37:25","version" => "3.31"},{"date" => "2012-08-20T12:37:26","version" => "3.32"},{"date" => "2012-08-23T18:34:00","version" => "3.33"},{"date" => "2012-08-24T01:17:41","version" => "3.34"},{"date" => "2012-08-27T22:52:31","version" => "3.35"},{"date" => "2012-08-30T00:59:43","version" => "3.36"},{"date" => "2012-09-04T20:50:40","version" => "3.37"},{"date" => "2012-09-07T00:05:53","version" => "3.38"},{"date" => "2012-09-10T11:58:00","version" => "3.39"},{"date" => "2012-09-11T18:03:47","version" => "3.40"},{"date" => "2012-09-13T18:22:49","version" => "3.41"},{"date" => "2012-09-16T17:29:48","version" => "3.42"},{"date" => "2012-09-22T19:40:59","version" => "3.43"},{"date" => "2012-09-29T11:20:17","version" => "3.44"},{"date" => "2012-10-09T20:39:26","version" => "3.45"},{"date" => "2012-10-10T20:55:33","version" => "3.46"},{"date" => "2012-10-12T23:10:49","version" => "3.47"},{"date" => "2012-10-16T22:51:05","version" => "3.48"},{"date" => "2012-10-19T16:34:25","version" => "3.49"},{"date" => "2012-10-20T01:34:34","version" => "3.50"},{"date" => "2012-10-23T20:23:54","version" => "3.51"},{"date" => "2012-10-26T14:41:25","version" => "3.52"},{"date" => "2012-10-31T02:41:01","version" => "3.53"},{"date" => "2012-11-01T04:36:00","version" => "3.54"},{"date" => "2012-11-08T11:20:15","version" => "3.55"},{"date" => "2012-11-09T20:09:37","version" => "3.56"},{"date" => "2012-11-12T19:47:57","version" => "3.57"},{"date" => "2012-11-19T16:05:13","version" => "3.58"},{"date" => "2012-11-20T19:53:03","version" => "3.59"},{"date" => "2012-11-22T05:12:27","version" => "3.60"},{"date" => "2012-11-25T04:19:47","version" => "3.61"},{"date" => "2012-11-26T00:57:00","version" => "3.62"},{"date" => "2012-11-28T10:17:51","version" => "3.63"},{"date" => "2012-12-01T16:39:26","version" => "3.64"},{"date" => "2012-12-08T22:47:54","version" => "3.65"},{"date" => "2012-12-14T01:03:29","version" => "3.66"},{"date" => "2012-12-14T23:48:00","version" => "3.67"},{"date" => "2012-12-16T00:55:55","version" => "3.68"},{"date" => "2012-12-20T22:47:53","version" => "3.69"},{"date" => "2012-12-23T22:18:59","version" => "3.70"},{"date" => "2013-01-02T11:57:12","version" => "3.71"},{"date" => "2013-01-04T22:16:16","version" => "3.72"},{"date" => "2013-01-06T22:46:48","version" => "3.73"},{"date" => "2013-01-07T18:47:06","version" => "3.74"},{"date" => "2013-01-08T16:15:03","version" => "3.75"},{"date" => "2013-01-10T00:00:19","version" => "3.76"},{"date" => "2013-01-12T00:36:11","version" => "3.77"},{"date" => "2013-01-12T23:47:49","version" => "3.78"},{"date" => "2013-01-13T00:50:13","version" => "3.79"},{"date" => "2013-01-15T05:02:52","version" => "3.80"},{"date" => "2013-01-17T21:32:48","version" => "3.81"},{"date" => "2013-01-18T15:50:23","version" => "3.82"},{"date" => "2013-01-27T15:28:40","version" => "3.83"},{"date" => "2013-01-30T00:32:12","version" => "3.84"},{"date" => "2013-02-13T00:56:23","version" => "3.85"},{"date" => "2013-02-22T02:01:13","version" => "3.86"},{"date" => "2013-02-23T19:36:00","version" => "3.87"},{"date" => "2013-03-03T21:53:52","version" => "3.88"},{"date" => "2013-03-04T16:12:24","version" => "3.89"},{"date" => "2013-03-14T20:08:14","version" => "3.90"},{"date" => "2013-03-17T22:59:42","version" => "3.91"},{"date" => "2013-04-03T19:48:34","version" => "3.92"},{"date" => "2013-04-05T21:46:38","version" => "3.93"},{"date" => "2013-04-08T21:48:55","version" => "3.94"},{"date" => "2013-04-12T03:49:59","version" => "3.95"},{"date" => "2013-04-22T21:34:16","version" => "3.96"},{"date" => "2013-04-25T21:49:41","version" => "3.97"},{"date" => "2013-05-15T20:02:05","version" => "4.0"},{"date" => "2013-05-19T17:24:38","version" => "4.01"},{"date" => "2013-05-20T16:55:00","version" => "4.02"},{"date" => "2013-05-21T05:24:56","version" => "4.03"},{"date" => "2013-05-23T21:25:32","version" => "4.04"},{"date" => "2013-05-24T02:59:59","version" => "4.05"},{"date" => "2013-05-24T14:23:41","version" => "4.06"},{"date" => "2013-05-25T18:07:30","version" => "4.07"},{"date" => "2013-05-30T21:45:51","version" => "4.08"},{"date" => "2013-05-31T02:24:29","version" => "4.09"},{"date" => "2013-06-01T02:09:07","version" => "4.10"},{"date" => "2013-06-03T04:34:37","version" => "4.11"},{"date" => "2013-06-07T01:51:09","version" => "4.12"},{"date" => "2013-06-09T00:25:21","version" => "4.13"},{"date" => "2013-06-10T00:23:12","version" => "4.14"},{"date" => "2013-06-18T08:02:11","version" => "4.15"},{"date" => "2013-06-19T01:27:29","version" => "4.16"},{"date" => "2013-07-04T16:14:27","version" => "4.17"},{"date" => "2013-07-08T09:17:43","version" => "4.18"},{"date" => "2013-07-21T21:47:46","version" => "4.19"},{"date" => "2013-07-28T12:53:38","version" => "4.20"},{"date" => "2013-07-28T20:17:31","version" => "4.21"},{"date" => "2013-07-29T19:13:38","version" => "4.22"},{"date" => "2013-07-31T20:35:17","version" => "4.23"},{"date" => "2013-08-08T21:10:52","version" => "4.24"},{"date" => "2013-08-17T20:16:56","version" => "4.25"},{"date" => "2013-08-18T15:06:51","version" => "4.26"},{"date" => "2013-08-26T15:29:36","version" => "4.27"},{"date" => "2013-08-29T16:11:59","version" => "4.28"},{"date" => "2013-08-31T02:01:44","version" => "4.29"},{"date" => "2013-09-01T21:48:28","version" => "4.30"},{"date" => "2013-09-04T20:09:26","version" => "4.31"},{"date" => "2013-09-06T21:19:59","version" => "4.32"},{"date" => "2013-09-07T20:38:03","version" => "4.33"},{"date" => "2013-09-08T20:58:54","version" => "4.34"},{"date" => "2013-09-10T21:40:13","version" => "4.35"},{"date" => "2013-09-12T21:31:22","version" => "4.36"},{"date" => "2013-09-13T01:32:54","version" => "4.37"},{"date" => "2013-09-16T22:01:40","version" => "4.38"},{"date" => "2013-09-17T04:53:49","version" => "4.39"},{"date" => "2013-09-21T01:15:17","version" => "4.40"},{"date" => "2013-09-21T17:25:38","version" => "4.41"},{"date" => "2013-09-30T07:46:05","version" => "4.42"},{"date" => "2013-10-02T19:16:26","version" => "4.43"},{"date" => "2013-10-04T21:18:14","version" => "4.44"},{"date" => "2013-10-06T15:46:08","version" => "4.45"},{"date" => "2013-10-12T17:11:54","version" => "4.46"},{"date" => "2013-10-14T23:51:30","version" => "4.47"},{"date" => "2013-10-16T05:28:45","version" => "4.48"},{"date" => "2013-10-17T16:53:59","version" => "4.49"},{"date" => "2013-10-23T01:18:55","version" => "4.50"},{"date" => "2013-10-28T17:20:46","version" => "4.51"},{"date" => "2013-10-29T06:27:25","version" => "4.52"},{"date" => "2013-10-30T00:21:27","version" => "4.53"},{"date" => "2013-11-07T00:45:35","version" => "4.54"},{"date" => "2013-11-07T02:38:24","version" => "4.55"},{"date" => "2013-11-10T02:56:56","version" => "4.56"},{"date" => "2013-11-11T20:30:04","version" => "4.57"},{"date" => "2013-11-19T20:46:01","version" => "4.58"},{"date" => "2013-12-04T21:35:49","version" => "4.59"},{"date" => "2013-12-11T16:33:35","version" => "4.60"},{"date" => "2013-12-16T16:59:25","version" => "4.61"},{"date" => "2013-12-17T20:35:36","version" => "4.62"},{"date" => "2013-12-19T22:59:01","version" => "4.63"},{"date" => "2014-01-01T16:20:28","version" => "4.64"},{"date" => "2014-01-02T22:36:45","version" => "4.65"},{"date" => "2014-01-04T21:48:06","version" => "4.66"},{"date" => "2014-01-11T17:20:18","version" => "4.67"},{"date" => "2014-01-21T22:24:03","version" => "4.68"},{"date" => "2014-01-24T04:06:26","version" => "4.69"},{"date" => "2014-01-26T22:08:54","version" => "4.70"},{"date" => "2014-01-28T03:10:15","version" => "4.71"},{"date" => "2014-01-29T21:29:25","version" => "4.72"},{"date" => "2014-02-01T05:20:38","version" => "4.73"},{"date" => "2014-02-02T04:30:05","version" => "4.74"},{"date" => "2014-02-02T06:54:56","version" => "4.75"},{"date" => "2014-02-04T22:41:32","version" => "4.76"},{"date" => "2014-02-06T23:19:13","version" => "4.77"},{"date" => "2014-02-08T23:02:08","version" => "4.78"},{"date" => "2014-02-11T02:49:44","version" => "4.79"},{"date" => "2014-02-13T04:30:43","version" => "4.80"},{"date" => "2014-02-15T03:27:30","version" => "4.81"},{"date" => "2014-02-19T04:11:47","version" => "4.82"},{"date" => "2014-02-19T06:20:46","version" => "4.83"},{"date" => "2014-02-22T22:59:02","version" => "4.84"},{"date" => "2014-02-26T22:48:41","version" => "4.85"},{"date" => "2014-03-03T05:45:32","version" => "4.86"},{"date" => "2014-03-04T07:14:15","version" => "4.87"},{"date" => "2014-03-09T22:42:42","version" => "4.88"},{"date" => "2014-03-13T21:30:57","version" => "4.89"},{"date" => "2014-03-16T21:22:35","version" => "4.90"},{"date" => "2014-03-29T00:05:17","version" => "4.91"},{"date" => "2014-04-08T20:41:54","version" => "4.92"},{"date" => "2014-04-13T02:17:03","version" => "4.93"},{"date" => "2014-04-19T23:39:22","version" => "4.94"},{"date" => "2014-04-27T03:27:43","version" => "4.95"},{"date" => "2014-04-27T20:04:36","version" => "4.96"},{"date" => "2014-04-29T22:12:52","version" => "4.97"},{"date" => "2014-05-09T01:57:34","version" => "4.98"},{"date" => "2014-05-12T00:46:43","version" => "4.99"},{"date" => "2014-05-29T20:15:51","version" => "5.0"},{"date" => "2014-05-30T14:51:14","version" => "5.01"},{"date" => "2014-05-31T21:51:34","version" => "5.02"},{"date" => "2014-06-02T22:07:46","version" => "5.03"},{"date" => "2014-06-03T21:11:50","version" => "5.04"},{"date" => "2014-06-08T21:50:53","version" => "5.05"},{"date" => "2014-06-12T02:08:01","version" => "5.06"},{"date" => "2014-06-13T19:28:04","version" => "5.07"},{"date" => "2014-06-16T23:44:48","version" => "5.08"},{"date" => "2014-06-24T15:02:21","version" => "5.09"},{"date" => "2014-06-28T23:25:12","version" => "5.10"},{"date" => "2014-07-03T04:01:24","version" => "5.11"},{"date" => "2014-07-03T23:06:55","version" => "5.12"},{"date" => "2014-07-13T00:44:29","version" => "5.13"},{"date" => "2014-07-14T22:01:49","version" => "5.14"},{"date" => "2014-07-17T17:58:05","version" => "5.15"},{"date" => "2014-07-21T16:01:56","version" => "5.16"},{"date" => "2014-07-24T12:40:41","version" => "5.17"},{"date" => "2014-07-25T20:25:29","version" => "5.18"},{"date" => "2014-07-26T21:03:13","version" => "5.19"},{"date" => "2014-07-26T23:36:18","version" => "5.20"},{"date" => "2014-07-27T18:48:25","version" => "5.21"},{"date" => "2014-07-30T16:42:35","version" => "5.22"},{"date" => "2014-07-31T21:32:03","version" => "5.23"},{"date" => "2014-08-02T21:56:32","version" => "5.24"},{"date" => "2014-08-07T01:29:20","version" => "5.25"},{"date" => "2014-08-09T21:26:37","version" => "5.26"},{"date" => "2014-08-11T14:26:47","version" => "5.27"},{"date" => "2014-08-13T00:32:33","version" => "5.28"},{"date" => "2014-08-16T12:40:15","version" => "5.29"},{"date" => "2014-08-17T21:49:15","version" => "5.30"},{"date" => "2014-08-19T17:40:27","version" => "5.31"},{"date" => "2014-08-21T18:19:53","version" => "5.32"},{"date" => "2014-08-23T22:25:32","version" => "5.33"},{"date" => "2014-08-29T21:53:02","version" => "5.34"},{"date" => "2014-08-30T21:57:50","version" => "5.35"},{"date" => "2014-09-02T00:20:21","version" => "5.36"},{"date" => "2014-09-03T20:55:45","version" => "5.37"},{"date" => "2014-09-05T21:57:34","version" => "5.38"},{"date" => "2014-09-07T03:18:45","version" => "5.39"},{"date" => "2014-09-12T01:06:33","version" => "5.40"},{"date" => "2014-09-13T21:24:03","version" => "5.41"},{"date" => "2014-09-17T21:54:39","version" => "5.42"},{"date" => "2014-09-22T00:14:24","version" => "5.43"},{"date" => "2014-09-23T00:49:52","version" => "5.44"},{"date" => "2014-09-27T03:21:55","version" => "5.46"},{"date" => "2014-09-27T03:24:38","version" => "5.45"},{"date" => "2014-09-28T03:31:15","version" => "5.47"},{"date" => "2014-10-07T23:08:14","version" => "5.48"},{"date" => "2014-10-10T21:12:14","version" => "5.49"},{"date" => "2014-10-15T22:00:04","version" => "5.50"},{"date" => "2014-10-17T21:48:17","version" => "5.51"},{"date" => "2014-10-18T20:49:34","version" => "5.52"},{"date" => "2014-10-20T23:34:37","version" => "5.53"},{"date" => "2014-10-23T22:51:06","version" => "5.54"},{"date" => "2014-10-29T00:58:34","version" => "5.55"},{"date" => "2014-10-30T00:23:25","version" => "5.56"},{"date" => "2014-11-02T22:52:07","version" => "5.57"},{"date" => "2014-11-07T00:04:47","version" => "5.58"},{"date" => "2014-11-08T00:26:41","version" => "5.59"},{"date" => "2014-11-12T01:31:36","version" => "5.60"},{"date" => "2014-11-15T00:46:43","version" => "5.61"},{"date" => "2014-11-18T18:24:54","version" => "5.62"},{"date" => "2014-11-22T03:52:56","version" => "5.63"},{"date" => "2014-11-23T02:12:00","version" => "5.64"},{"date" => "2014-11-25T03:23:01","version" => "5.65"},{"date" => "2014-11-27T03:13:19","version" => "5.66"},{"date" => "2014-11-27T06:19:49","version" => "5.67"},{"date" => "2014-12-03T04:36:04","version" => "5.68"},{"date" => "2014-12-13T02:19:36","version" => "5.69"},{"date" => "2014-12-18T00:12:31","version" => "5.70"},{"date" => "2015-01-01T22:44:58","version" => "5.71"},{"date" => "2015-01-11T20:02:04","version" => "5.72"},{"date" => "2015-01-23T16:29:22","version" => "5.73"},{"date" => "2015-01-24T13:32:51","version" => "5.74"},{"date" => "2015-01-27T04:08:19","version" => "5.75"},{"date" => "2015-02-02T19:36:16","version" => "5.76"},{"date" => "2015-02-03T02:37:04","version" => "5.77"},{"date" => "2015-02-13T00:21:48","version" => "5.78"},{"date" => "2015-02-13T05:32:50","version" => "5.79"},{"date" => "2015-02-18T05:24:00","version" => "5.80"},{"date" => "2015-02-21T03:30:18","version" => "5.81"},{"date" => "2015-02-23T03:05:04","version" => "5.82"},{"date" => "2015-02-26T22:17:01","version" => "6.0"},{"date" => "2015-03-03T16:12:16","version" => "6.01"},{"date" => "2015-03-10T02:53:22","version" => "6.02"},{"date" => "2015-03-16T04:43:10","version" => "6.03"},{"date" => "2015-03-23T04:42:27","version" => "6.04"},{"date" => "2015-03-25T05:08:15","version" => "6.05"},{"date" => "2015-04-07T00:55:21","version" => "6.06"},{"date" => "2015-04-07T17:38:01","version" => "6.07"},{"date" => "2015-04-09T22:03:46","version" => "6.08"},{"date" => "2015-04-26T05:10:45","version" => "6.09"},{"date" => "2015-04-27T02:01:03","version" => "6.10"},{"date" => "2015-05-16T22:14:01","version" => "6.11"},{"date" => "2015-06-18T21:48:20","version" => "6.12"},{"date" => "2015-08-20T06:09:39","version" => "6.16"},{"date" => "2015-08-22T19:38:51","version" => "6.17"},{"date" => "2015-09-02T17:26:36","version" => "6.18"},{"date" => "2015-09-12T23:37:29","version" => "6.19"},{"date" => "2015-09-16T22:50:30","version" => "6.20"},{"date" => "2015-09-23T01:05:04","version" => "6.21"},{"date" => "2015-09-27T01:03:32","version" => "6.22"},{"date" => "2015-10-07T18:17:26","version" => "6.23"},{"date" => "2015-10-13T22:54:46","version" => "6.24"},{"date" => "2015-10-22T02:49:47","version" => "6.25"},{"date" => "2015-10-29T00:29:07","version" => "6.26"},{"date" => "2015-10-30T00:07:08","version" => "6.27"},{"date" => "2015-11-02T15:17:16","version" => "6.28"},{"date" => "2015-11-12T02:59:43","version" => "6.30"},{"date" => "2015-11-14T19:38:51","version" => "6.31"},{"date" => "2015-11-18T18:16:15","version" => "6.32"},{"date" => "2015-11-22T16:47:00","version" => "6.33"},{"date" => "2016-01-13T20:08:22","version" => "6.40"},{"date" => "2016-01-24T22:01:52","version" => "6.42"},{"date" => "2016-02-01T16:15:40","version" => "6.43"},{"date" => "2016-02-05T22:42:51","version" => "6.44"},{"date" => "2016-02-09T23:29:35","version" => "6.45"},{"date" => "2016-02-14T00:51:10","version" => "6.46"},{"date" => "2016-02-19T23:09:15","version" => "6.47"},{"date" => "2016-02-24T17:07:45","version" => "6.48"},{"date" => "2016-02-26T22:47:33","version" => "6.49"},{"date" => "2016-02-27T00:12:03","version" => "6.50"},{"date" => "2016-02-29T23:03:44","version" => "6.51"},{"date" => "2016-03-02T22:24:28","version" => "6.52"},{"date" => "2016-03-04T00:58:55","version" => "6.53"},{"date" => "2016-03-07T15:09:42","version" => "6.54"},{"date" => "2016-03-08T20:42:43","version" => "6.55"},{"date" => "2016-03-16T02:42:45","version" => "6.56"},{"date" => "2016-03-23T04:23:41","version" => "6.57"},{"date" => "2016-04-10T17:11:22","version" => "6.58"},{"date" => "2016-04-22T18:45:19","version" => "6.59"},{"date" => "2016-04-26T13:16:04","version" => "6.60"},{"date" => "2016-05-02T17:31:34","version" => "6.61"},{"date" => "2016-05-14T21:05:47","version" => "6.62"},{"date" => "2016-06-03T21:10:48","version" => "6.63"},{"date" => "2016-06-09T16:41:51","version" => "6.64"},{"date" => "2016-06-14T16:15:21","version" => "6.65"},{"date" => "2016-06-16T22:35:28","version" => "6.66"},{"date" => "2016-07-19T06:21:07","version" => "7.0"},{"date" => "2016-08-01T18:46:35","version" => "7.01"},{"date" => "2016-08-17T16:34:19","version" => "7.02"},{"date" => "2016-08-17T16:40:11","version" => "7.03"},{"date" => "2016-08-29T13:59:45","version" => "7.04"},{"date" => "2016-08-29T16:44:18","version" => "7.05"},{"date" => "2016-09-17T21:05:37","version" => "7.06"},{"date" => "2016-09-20T12:30:54","version" => "7.07"},{"date" => "2016-09-23T17:19:00","version" => "7.08"},{"date" => "2016-10-23T09:46:35","version" => "7.09"},{"date" => "2016-11-01T19:02:03","version" => "7.10"},{"date" => "2016-11-30T09:23:48","version" => "7.11"},{"date" => "2016-12-20T08:41:05","version" => "7.12"},{"date" => "2016-12-29T19:40:25","version" => "7.13"},{"date" => "2017-01-04T22:58:20","version" => "7.14"},{"date" => "2017-01-10T11:42:59","version" => "7.15"},{"date" => "2017-01-10T23:52:50","version" => "7.16"},{"date" => "2017-01-11T08:35:01","version" => "7.17"},{"date" => "2017-01-11T22:05:10","version" => "7.18"},{"date" => "2017-01-15T16:05:23","version" => "7.19"},{"date" => "2017-01-18T09:38:55","version" => "7.20"},{"date" => "2017-01-22T14:29:35","version" => "7.21"},{"date" => "2017-01-25T23:09:32","version" => "7.22"},{"date" => "2017-01-29T21:43:19","version" => "7.23"},{"date" => "2017-02-05T21:09:47","version" => "7.24"},{"date" => "2017-02-09T22:51:35","version" => "7.25"},{"date" => "2017-02-15T23:08:52","version" => "7.26"},{"date" => "2017-02-27T17:02:21","version" => "7.27"},{"date" => "2017-03-07T21:36:36","version" => "7.28"},{"date" => "2017-03-14T23:27:54","version" => "7.29"},{"date" => "2017-04-06T12:04:02","version" => "7.30"},{"date" => "2017-04-24T07:50:54","version" => "7.31"},{"date" => "2017-05-30T17:08:40","version" => "7.32"},{"date" => "2017-06-05T22:14:35","version" => "7.33"},{"date" => "2017-07-02T22:04:01","version" => "7.34"},{"date" => "2017-07-05T07:50:23","version" => "7.35"},{"date" => "2017-07-10T07:48:45","version" => "7.36"},{"date" => "2017-07-24T07:55:46","version" => "7.37"},{"date" => "2017-08-01T21:56:47","version" => "7.38"},{"date" => "2017-08-03T08:50:10","version" => "7.39"},{"date" => "2017-08-14T08:32:54","version" => "7.40"},{"date" => "2017-08-16T08:19:30","version" => "7.41"},{"date" => "2017-08-17T11:15:42","version" => "7.42"},{"date" => "2017-08-18T08:26:45","version" => "7.43"},{"date" => "2017-09-03T16:04:13","version" => "7.44"},{"date" => "2017-09-07T08:41:40","version" => "7.45"},{"date" => "2017-09-12T12:27:00","version" => "7.46"},{"date" => "2017-10-12T08:26:53","version" => "7.47"},{"date" => "2017-10-21T13:33:01","version" => "7.48"},{"date" => "2017-10-30T13:18:49","version" => "7.49"},{"date" => "2017-10-30T18:18:13","version" => "7.50"},{"date" => "2017-10-31T19:14:43","version" => "7.51"},{"date" => "2017-11-02T22:29:23","version" => "7.52"},{"date" => "2017-11-04T15:24:07","version" => "7.53"},{"date" => "2017-11-04T22:50:30","version" => "7.54"},{"date" => "2017-11-07T10:58:56","version" => "7.55"},{"date" => "2017-11-16T13:33:27","version" => "7.56"},{"date" => "2017-11-18T16:10:38","version" => "7.57"},{"date" => "2017-12-03T22:14:41","version" => "7.58"},{"date" => "2017-12-17T17:58:55","version" => "7.59"},{"date" => "2018-01-03T14:00:44","version" => "7.60"},{"date" => "2018-01-15T15:35:28","version" => "7.61"},{"date" => "2018-02-03T19:53:39","version" => "7.62"},{"date" => "2018-02-06T20:52:51","version" => "7.63"},{"date" => "2018-02-07T10:17:57","version" => "7.64"},{"date" => "2018-02-11T21:55:33","version" => "7.65"},{"date" => "2018-02-14T08:55:35","version" => "7.66"},{"date" => "2018-02-19T23:11:52","version" => "7.67"},{"date" => "2018-02-23T18:44:15","version" => "7.68"},{"date" => "2018-02-24T21:58:41","version" => "7.69"},{"date" => "2018-02-28T23:47:08","version" => "7.70"},{"date" => "2018-03-16T16:41:58","version" => "7.71"},{"date" => "2018-04-02T21:01:43","version" => "7.72"},{"date" => "2018-04-06T14:10:03","version" => "7.73"},{"date" => "2018-04-07T22:15:16","version" => "7.74"},{"date" => "2018-04-10T16:04:41","version" => "7.75"},{"date" => "2018-04-24T16:55:32","version" => "7.76"},{"date" => "2018-05-01T17:18:20","version" => "7.77"},{"date" => "2018-05-11T16:36:16","version" => "7.78"},{"date" => "2018-05-14T22:13:04","version" => "7.79"},{"date" => "2018-05-20T22:46:20","version" => "7.80"},{"date" => "2018-05-21T22:39:30","version" => "7.81"},{"date" => "2018-05-27T21:59:59","version" => "7.82"},{"date" => "2018-06-03T21:10:42","version" => "7.83"},{"date" => "2018-06-06T14:04:49","version" => "7.84"},{"date" => "2018-06-19T15:57:43","version" => "7.85"},{"date" => "2018-07-03T11:30:46","version" => "7.86"},{"date" => "2018-07-04T10:20:11","version" => "7.87"},{"date" => "2018-07-13T11:00:52","version" => "7.88"},{"date" => "2018-08-07T09:38:35","version" => "7.89"},{"date" => "2018-08-08T22:19:36","version" => "7.90"},{"date" => "2018-08-09T08:39:58","version" => "7.91"},{"date" => "2018-08-09T16:52:45","version" => "7.92"},{"date" => "2018-08-12T14:23:08","version" => "7.93"},{"date" => "2018-08-31T12:53:17","version" => "7.94"},{"date" => "2018-09-14T22:17:06","version" => "8.0"},{"date" => "2018-09-25T16:14:07","version" => "8.01"},{"date" => "2018-10-01T21:34:50","version" => "8.02"},{"date" => "2018-10-16T22:41:46","version" => "8.03"},{"date" => "2018-10-21T20:23:27","version" => "8.04"},{"date" => "2018-11-01T17:15:20","version" => "8.05"},{"date" => "2018-11-08T23:31:57","version" => "8.06"},{"date" => "2018-11-18T22:09:07","version" => "8.07"},{"date" => "2018-12-01T18:26:15","version" => "8.08"},{"date" => "2018-12-04T20:59:01","version" => "8.09"},{"date" => "2018-12-20T10:28:28","version" => "8.10"},{"date" => "2019-01-02T18:04:35","version" => "8.11"},{"date" => "2019-02-01T16:34:38","version" => "8.12"},{"date" => "2019-03-21T22:06:21","version" => "8.13"},{"date" => "2019-04-18T19:11:08","version" => "8.14"},{"date" => "2019-04-26T17:54:06","version" => "8.15"},{"date" => "2019-05-19T19:50:45","version" => "8.16"},{"date" => "2019-05-23T20:50:59","version" => "8.17"},{"date" => "2019-06-28T21:29:47","version" => "8.18"},{"date" => "2019-07-08T10:26:46","version" => "8.19"},{"date" => "2019-07-09T21:02:16","version" => "8.20"},{"date" => "2019-07-14T17:08:55","version" => "8.21"},{"date" => "2019-07-17T10:46:26","version" => "8.22"},{"date" => "2019-08-12T22:52:14","version" => "8.23"},{"date" => "2019-09-11T22:33:49","version" => "8.24"},{"date" => "2019-09-29T13:16:15","version" => "8.25"},{"date" => "2019-11-03T15:48:59","version" => "8.26"},{"date" => "2019-12-04T19:48:08","version" => "8.27"},{"date" => "2019-12-26T16:09:10","version" => "8.28"},{"date" => "2019-12-28T16:58:30","version" => "8.29"},{"date" => "2020-01-09T20:35:42","version" => "8.30"},{"date" => "2020-01-14T20:19:13","version" => "8.31"},{"date" => "2020-01-19T14:35:03","version" => "8.32"},{"date" => "2020-02-11T20:25:08","version" => "8.33"},{"date" => "2020-03-16T17:27:27","version" => "8.34"},{"date" => "2020-03-21T15:12:26","version" => "8.35"},{"date" => "2020-04-02T09:05:58","version" => "8.36"},{"date" => "2020-04-19T19:47:37","version" => "8.37"},{"date" => "2020-04-21T19:54:01","version" => "8.38"},{"date" => "2020-04-22T12:49:38","version" => "8.39"},{"date" => "2020-04-23T09:24:25","version" => "8.40"},{"date" => "2020-05-01T13:34:44","version" => "8.41"},{"date" => "2020-05-04T17:15:38","version" => "8.42"},{"date" => "2020-05-21T12:51:12","version" => "8.43"},{"date" => "2020-05-25T19:06:44","version" => "8.50"},{"date" => "2020-05-31T12:29:16","version" => "8.51"},{"date" => "2020-06-03T20:01:13","version" => "8.52"},{"date" => "2020-06-10T18:02:24","version" => "8.53"},{"date" => "2020-06-14T17:42:03","version" => "8.54"},{"date" => "2020-06-18T09:42:34","version" => "8.55"},{"date" => "2020-06-26T20:08:07","version" => "8.56"},{"date" => "2020-07-17T09:08:51","version" => "8.57"},{"date" => "2020-08-10T18:14:24","version" => "8.58"},{"date" => "2020-09-13T16:04:24","version" => "8.59"},{"date" => "2020-09-27T15:50:48","version" => "8.60"},{"date" => "2020-10-02T11:01:53","version" => "8.61"},{"date" => "2020-10-12T09:57:55","version" => "8.62"},{"date" => "2020-10-13T08:18:36","version" => "8.63"},{"date" => "2020-11-06T18:38:59","version" => "8.64"},{"date" => "2020-11-11T19:55:44","version" => "8.65"},{"date" => "2020-11-30T10:42:18","version" => "8.66"},{"date" => "2020-12-05T16:45:53","version" => "8.67"},{"date" => "2020-12-27T23:38:05","version" => "8.68"},{"date" => "2020-12-28T14:38:20","version" => "8.69"},{"date" => "2020-12-30T14:43:19","version" => "8.70"},{"date" => "2021-01-17T17:06:28","version" => "8.71"},{"date" => "2021-01-27T15:33:24","version" => "8.72"},{"date" => "2021-02-06T16:08:52","version" => "8.73"},{"date" => "2021-02-14T18:44:04","version" => "9.0"},{"date" => "2021-02-16T21:32:29","version" => "9.01"},{"date" => "2021-03-01T19:16:02","version" => "9.02"},{"date" => "2021-03-07T18:49:12","version" => "9.03"},{"date" => "2021-03-11T21:04:03","version" => "9.07"},{"date" => "2021-03-12T16:47:37","version" => "9.08"},{"date" => "2021-03-14T18:32:57","version" => "9.09"},{"date" => "2021-03-15T13:26:22","version" => "9.10"},{"date" => "2021-03-20T16:41:03","version" => "9.11"},{"date" => "2021-03-20T21:25:26","version" => "9.12"},{"date" => "2021-03-22T11:33:00","version" => "9.13"},{"date" => "2021-03-23T22:54:21","version" => "9.14"},{"date" => "2021-04-06T09:10:10","version" => "9.15"},{"date" => "2021-04-09T11:31:09","version" => "9.16"},{"date" => "2021-04-13T10:11:02","version" => "9.17"},{"date" => "2021-05-23T14:06:27","version" => "9.18"},{"date" => "2021-06-02T09:14:48","version" => "9.19"},{"date" => "2021-08-09T17:26:54","version" => "9.20"},{"date" => "2021-08-13T19:14:43","version" => "9.21"},{"date" => "2021-10-21T11:53:53","version" => "9.22"},{"date" => "2022-03-25T11:37:40","version" => "9.23"},{"date" => "2022-04-18T18:28:00","version" => "9.24"},{"date" => "2022-04-28T15:21:32","version" => "9.25"},{"date" => "2022-05-23T15:17:22","version" => "9.26"},{"date" => "2022-09-12T11:10:27","version" => "9.27"},{"date" => "2022-10-14T18:55:13","version" => "9.28"},{"date" => "2022-11-11T10:15:54","version" => "9.29"},{"date" => "2022-11-23T11:52:17","version" => "9.30"},{"date" => "2022-12-21T00:36:31","version" => "9.31"},{"date" => "2023-05-08T22:09:51","version" => "9.32"},{"date" => "2023-06-14T19:25:48","version" => "9.33"},{"date" => "2023-09-11T18:34:53","version" => "9.34"},{"date" => "2023-10-27T17:11:42","version" => "9.35"},{"date" => "2024-03-08T22:16:38","version" => "9.36"},{"date" => "2024-05-13T17:48:56","version" => "9.37"},{"date" => "2024-08-17T14:52:48","version" => "9.38"},{"date" => "2024-11-23T14:16:18","version" => "9.39"},{"date" => "2025-05-12T13:09:01","version" => "9.40"},{"date" => "2025-07-03T12:27:43","version" => "9.41"},{"date" => "2025-10-01T14:47:16","version" => "9.42"}]},"Mojolicious-Plugin-CSRF" => {"advisories" => [{"affected_versions" => ["==1.03"],"cves" => ["CVE-2025-40915"],"description" => "Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.  That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.","distribution" => "Mojolicious-Plugin-CSRF","fixed_versions" => [">=1.03"],"id" => "CPANSA-Mojolicious-Plugin-CSRF-2025-40915","references" => ["https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03"],"reported" => "2025-06-11","severity" => undef}],"main_module" => "Mojolicious::Plugin::CSRF","versions" => [{"date" => "2025-05-18T15:33:39","version" => "1.01"},{"date" => "2025-05-18T17:46:33","version" => "1.02"},{"date" => "2025-06-11T01:38:00","version" => "1.03"},{"date" => "2025-06-11T13:31:36","version" => "1.04"},{"date" => "2025-06-13T17:50:34","version" => "1.05"}]},"Mojolicious-Plugin-CaptchaPNG" => {"advisories" => [{"affected_versions" => ["<1.06"],"cves" => ["CVE-2025-40916"],"description" => "Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.  That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.","distribution" => "Mojolicious-Plugin-CaptchaPNG","fixed_versions" => [">=1.06"],"id" => "CPANSA-Mojolicious-Plugin-CaptchaPNG-2025-40916","references" => ["https://metacpan.org/pod/perlfunc#rand","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.04/diff/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.05/lib/Mojolicious/Plugin/CaptchaPNG.pm","https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.06/changes","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-06-16","severity" => undef}],"main_module" => "Mojolicious::Plugin::CaptchaPNG","versions" => [{"date" => "2025-02-05T00:29:06","version" => "1.02"},{"date" => "2025-02-05T18:58:16","version" => "1.03"},{"date" => "2025-05-18T17:49:30","version" => "1.04"},{"date" => "2025-06-11T01:40:57","version" => "1.05"},{"date" => "2025-06-11T14:08:11","version" => "1.06"},{"date" => "2025-06-13T17:50:45","version" => "1.07"},{"date" => "2025-06-17T16:49:35","version" => "1.08"}]},"Mojolicious-Plugin-LazyImage" => {"advisories" => [{"affected_versions" => ["<=0.01"],"cves" => ["CVE-2024-38526"],"description" => "pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.\n","distribution" => "Mojolicious-Plugin-LazyImage","embedded_vulnerability" => {"distributed_version" => undef,"name" => "polyfill.io"},"fixed_versions" => [],"id" => "CPANSA-Mojolicious-Plugin-LazyImage-2024-38526","references" => ["https://github.com/mitmproxy/pdoc/pull/703","https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62","https://sansec.io/research/polyfill-supply-chain-attack","https://github.com/briandfoy/cpan-security-advisory/issues/155","https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/"],"reported" => "2024-06-26","severity" => undef}],"main_module" => "Mojolicious::Plugin::LazyImage","versions" => [{"date" => "2017-12-28T10:40:31","version" => "0.01"}]},"Mojolicious-Plugin-OAuth2" => {"advisories" => [{"affected_versions" => ["<1.3"],"cves" => [],"description" => "Param injection in case of several parameters of the same name are present.\n","distribution" => "Mojolicious-Plugin-OAuth2","fixed_versions" => [">=1.3"],"id" => "CPANSA-Mojolicious-Plugin-OAuth2-2014-01","references" => ["https://metacpan.org/changes/distribution/Mojolicious-Plugin-OAuth2","https://github.com/marcusramberg/Mojolicious-Plugin-OAuth2/commit/68315d329059b427e13d486c0e10733f728709aa"],"reported" => "2014-10-07"}],"main_module" => "Mojolicious::Plugin::OAuth2","versions" => [{"date" => "2011-01-08T11:03:42","version" => "0.01"},{"date" => "2011-01-09T18:00:14","version" => "0.02"},{"date" => "2011-04-03T16:00:38","version" => "0.1"},{"date" => "2011-08-01T16:56:18","version" => "0.2"},{"date" => "2011-09-04T19:42:29","version" => "0.3"},{"date" => "2011-09-07T16:59:50","version" => "0.4"},{"date" => "2011-10-19T11:55:32","version" => "0.5"},{"date" => "2012-03-09T21:15:39","version" => "0.6"},{"date" => "2012-05-30T11:49:29","version" => "0.7"},{"date" => "2012-08-23T20:18:41","version" => "0.8"},{"date" => "2013-05-20T05:55:18","version" => "0.9"},{"date" => "2013-11-06T13:24:52","version" => "1.0"},{"date" => "2014-03-13T08:18:10","version" => "1.1"},{"date" => "2014-09-06T13:49:59","version" => "1.2"},{"date" => "2014-10-07T05:49:16","version" => "1.3"},{"date" => "2015-03-01T20:09:19","version" => "1.4"},{"date" => "2015-03-02T07:32:59","version" => "1.5"},{"date" => "2015-03-18T16:40:18","version" => "1.51"},{"date" => "2015-04-06T20:46:39","version" => "1.52"},{"date" => "2015-09-08T07:27:41","version" => "1.53"},{"date" => "2018-08-30T10:48:55","version" => "1.54"},{"date" => "2018-09-08T18:30:54","version" => "1.55"},{"date" => "2018-09-23T22:04:16","version" => "1.56"},{"date" => "2018-09-24T08:55:14","version" => "1.57"},{"date" => "2019-07-03T12:24:11","version" => "1.58"},{"date" => "2021-02-16T23:34:41","version" => "1.59"},{"date" => "2021-10-27T10:37:42","version" => "2.00"},{"date" => "2021-10-28T09:30:06","version" => "2.01"},{"date" => "2022-02-08T09:50:33","version" => "2.02"}]},"Moxy" => {"advisories" => [{"affected_versions" => ["<0.25"],"cves" => [],"description" => "Allowed file schema\n","distribution" => "Moxy","fixed_versions" => [">=0.25"],"id" => "CPANSA-Moxy-2008-01","references" => ["https://metacpan.org/dist/Moxy/changes"],"reported" => "2008-04-09","severity" => undef}],"main_module" => "Moxy","versions" => [{"date" => "2008-01-01T18:30:22","version" => "0.04"},{"date" => "2008-01-02T13:16:19","version" => "0.05"},{"date" => "2008-01-19T02:45:48","version" => "0.06"},{"date" => "2008-01-19T04:46:15","version" => "0.07"},{"date" => "2008-01-19T13:40:32","version" => "0.08"},{"date" => "2008-01-20T07:59:32","version" => "0.20"},{"date" => "2008-01-25T07:34:00","version" => "0.22"},{"date" => "2008-01-26T10:16:38","version" => "0.23"},{"date" => "2008-01-27T06:18:24","version" => "0.24"},{"date" => "2008-04-09T15:15:08","version" => "0.25"},{"date" => "2008-04-20T05:07:40","version" => "0.30"},{"date" => "2008-04-20T11:43:55","version" => "0.31"},{"date" => "2008-04-21T02:33:59","version" => "0.32"},{"date" => "2008-05-13T04:32:15","version" => "0.32"},{"date" => "2008-05-14T04:12:27","version" => "0.32"},{"date" => "2008-06-14T07:29:30","version" => "0.32"},{"date" => "2008-08-14T16:20:15","version" => "0.32"},{"date" => "2008-08-22T09:54:45","version" => "0.32"},{"date" => "2008-10-02T10:14:27","version" => "0.32"},{"date" => "2008-11-07T01:24:33","version" => "0.32"},{"date" => "2008-11-07T01:43:45","version" => "0.32"},{"date" => "2008-11-08T01:14:56","version" => "0.32"},{"date" => "2008-11-19T02:50:08","version" => "0.32"},{"date" => "2009-02-10T11:05:56","version" => "0.32"},{"date" => "2009-02-20T09:48:43","version" => "0.51"},{"date" => "2009-03-24T11:22:16","version" => "0.52"},{"date" => "2009-03-31T06:33:35","version" => "0.53"},{"date" => "2009-04-07T10:51:35","version" => "0.54"},{"date" => "2009-04-08T06:23:07","version" => "0.55"},{"date" => "2009-04-08T08:36:37","version" => "0.56"},{"date" => "2011-01-26T08:17:33","version" => "0.60"},{"date" => "2011-05-18T04:36:44","version" => "0.57"},{"date" => "2011-05-18T04:46:01","version" => "0.60"},{"date" => "2011-05-24T01:35:05","version" => "0.60"},{"date" => "2011-05-27T01:48:35","version" => "0.63"},{"date" => "2012-11-06T05:23:15","version" => "0.70"}]},"Mozilla-CA" => {"advisories" => [{"affected_versions" => ["<20110914"],"cves" => [],"description" => "Google Chrome user alibo encountered an active \"man in the middle\" (MITM) attack on secure SSL connections to Google servers. The fraudulent certificate was mis-issued by DigiNotar, a Dutch Certificate Authority. DigiNotar has reported evidence that other fraudulent certificates were issued and in active use but the full extent of the compromise is not known.\n","distribution" => "Mozilla-CA","fixed_versions" => [">=20110914"],"id" => "CPANSA-Mozilla-CA-2011-34","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=70967","https://www.mozilla.org/en-US/security/advisories/mfsa2011-35/","https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/"],"reported" => undef,"severity" => undef},{"affected_versions" => ["<20240730"],"cves" => ["CVE-2024-39689"],"description" => "ECM GlobalTrust 2000 root certificates have been distrusted\n","distribution" => "Mozilla-CA","fixed_versions" => [">=20240730"],"id" => "CPANSA-Mozilla-CA-2024-39689","references" => ["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI","https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ","https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc","https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"],"reported" => "2024-06-11","severity" => "low"}],"main_module" => "Mozilla::CA","versions" => [{"date" => "2011-01-22T12:13:20","version" => 20110122},{"date" => "2011-01-26T19:10:48","version" => 20110126},{"date" => "2011-02-11T22:42:06","version" => 20110209},{"date" => "2011-03-01T23:13:54","version" => 20110301},{"date" => "2011-04-09T21:15:42","version" => 20110409},{"date" => "2011-09-04T03:48:06","version" => 20110904},{"date" => "2011-09-15T08:01:35","version" => 20110914},{"date" => "2011-10-25T06:46:10","version" => 20111025},{"date" => "2012-01-18T06:52:33","version" => 20120118},{"date" => "2012-03-09T01:57:07","version" => 20120309},{"date" => "2012-08-22T00:27:51","version" => 20120822},{"date" => "2012-08-22T06:39:33","version" => 20120823},{"date" => "2013-01-14T18:34:17","version" => 20130114},{"date" => "2014-12-22T00:25:09","version" => 20141217},{"date" => "2015-08-26T05:56:57","version" => 20150826},{"date" => "2016-01-04T01:19:28","version" => 20160104},{"date" => "2018-03-01T11:34:46","version" => 20180117},{"date" => "2020-05-20T04:53:47","version" => 20200520},{"date" => "2021-10-01T21:38:43","version" => 20211001},{"date" => "2022-11-14T10:45:12","version" => 20221114},{"date" => "2023-08-01T15:43:22","version" => 20230801},{"date" => "2023-08-07T12:10:03","version" => 20230807},{"date" => "2023-08-21T18:15:27","version" => 20230821},{"date" => "2023-12-13T20:18:41","version" => 20231213},{"date" => "2024-03-13T15:19:08","version" => 20240313},{"date" => "2024-07-30T16:10:02","version" => 20240730},{"date" => "2024-09-24T02:19:55","version" => 20240924},{"date" => "2025-02-02T15:34:15","version" => 20250202},{"date" => "2025-06-02T17:39:28","version" => 20250602}]},"MySQL-Admin" => {"advisories" => [{"affected_versions" => ["<0.34"],"cves" => [],"description" => "Unspecified security issues.\n","distribution" => "MySQL-Admin","fixed_versions" => [">=0.34"],"id" => "CPANSA-MySQL-Admin-1-1","references" => ["https://metacpan.org/dist/MySQL-Admin/changes"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.14,<=1.18"],"cves" => ["X-CVE-2014-0001"],"description" => "Affected versions of the package are vulnerable to Cross-site Scripting (XSS) via the editor box.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-X-CVE-2014-0001-bootstrap-markdown-editor","references" => ["https://security.snyk.io/vuln/npm:bootstrap-markdown:20140826","https://cwe.mitre.org/data/definitions/79.html"],"reported" => "2014-08-25","severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-20921"],"description" => "bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-20921-bootstrap-select","references" => ["https://github.com/advisories/GHSA-9r7h-6639-v5mw","https://github.com/snapappointments/bootstrap-select/issues/2199","https://www.npmjs.com/advisories/1522","https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457"],"reported" => "2020-09-30","severity" => "medium"},{"affected_versions" => [">=1.14,<=1.18"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.16,<=1.18"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "MySQL-Admin","fixed_versions" => [],"id" => "CPANSA-MySQL-Admin-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "MySQL::Admin","versions" => [{"date" => "2009-04-05T07:27:17","version" => "0.41"},{"date" => "2009-04-25T12:13:07","version" => "0.42"},{"date" => "2009-05-02T16:39:11","version" => "0.43"},{"date" => "2009-05-06T16:32:16","version" => "0.44"},{"date" => "2009-09-20T10:34:08","version" => "0.47"},{"date" => "2009-09-20T17:52:11","version" => "0.48"},{"date" => "2009-09-20T19:27:03","version" => "0.5"},{"date" => "2009-09-23T13:03:36","version" => "0.51"},{"date" => "2009-09-26T10:35:54","version" => "0.52"},{"date" => "2009-09-28T06:12:57","version" => "0.54"},{"date" => "2009-09-29T10:34:19","version" => "0.55"},{"date" => "2009-09-30T16:13:36","version" => "0.56"},{"date" => "2009-10-03T07:37:25","version" => "0.57"},{"date" => "2009-10-04T06:02:37","version" => "0.58"},{"date" => "2009-10-04T09:07:10","version" => "0.59"},{"date" => "2009-10-05T15:31:56","version" => "0.6"},{"date" => "2009-10-13T13:03:13","version" => "0.61"},{"date" => "2009-10-13T13:28:16","version" => "0.62"},{"date" => "2015-03-22T15:18:03","version" => "0.65"},{"date" => "2015-03-24T07:27:33","version" => "0.66"},{"date" => "2015-03-26T19:31:05","version" => "0.67"},{"date" => "2015-03-30T18:13:38","version" => "0.68"},{"date" => "2015-04-01T20:54:59","version" => "0.69"},{"date" => "2015-04-02T18:13:25","version" => "0.7"},{"date" => "2015-04-02T20:01:04","version" => "0.71"},{"date" => "2015-04-06T19:38:13","version" => "0.72"},{"date" => "2015-04-07T17:24:44","version" => "0.73"},{"date" => "2015-04-09T20:30:39","version" => "0.74"},{"date" => "2015-04-12T19:12:02","version" => "0.75"},{"date" => "2015-04-18T10:10:22","version" => "0.76"},{"date" => "2015-04-23T19:09:21","version" => "0.77"},{"date" => "2015-06-19T21:18:27","version" => "0.79"},{"date" => "2015-06-20T15:56:45","version" => "0.8"},{"date" => "2015-06-21T11:51:26","version" => "0.81"},{"date" => "2015-07-09T20:24:39","version" => "0.84"},{"date" => "2015-07-10T12:25:42","version" => "0.85"},{"date" => "2015-07-11T17:51:30","version" => "0.86"},{"date" => "2015-07-26T19:47:51","version" => "0.87"},{"date" => "2015-10-10T14:46:47","version" => "0.89"},{"date" => "2015-10-31T17:56:24","version" => "0.9"},{"date" => "2015-11-01T11:42:27","version" => "0.91"},{"date" => "2015-11-01T13:05:50","version" => "0.92"},{"date" => "2015-12-27T20:50:17","version" => "0.93"},{"date" => "2016-01-25T20:30:24","version" => "0.94"},{"date" => "2016-01-26T09:59:39","version" => "0.95"},{"date" => "2016-01-26T13:59:30","version" => "0.96"},{"date" => "2016-01-28T09:10:44","version" => "0.97"},{"date" => "2016-02-03T21:51:55","version" => "0.98"},{"date" => "2016-02-06T07:24:22","version" => "0.99"},{"date" => "2016-02-06T10:01:55","version" => 1},{"date" => "2016-02-06T17:43:58","version" => "1.01"},{"date" => "2016-02-14T18:20:01","version" => "1.02"},{"date" => "2016-02-23T12:55:34","version" => "1.03"},{"date" => "2016-02-24T14:56:54","version" => "1.04"},{"date" => "2016-05-15T18:28:42","version" => "1.05"},{"date" => "2016-06-25T20:34:51","version" => "1.06"},{"date" => "2016-06-26T11:54:44","version" => "1.07"},{"date" => "2016-10-26T20:01:37","version" => "1.08"},{"date" => "2016-10-26T20:17:36","version" => "1.09"},{"date" => "2017-01-25T20:32:12","version" => "1.1"},{"date" => "2017-01-26T20:40:27","version" => "1.11"},{"date" => "2017-01-29T19:25:00","version" => "1.12"},{"date" => "2018-06-03T15:06:18","version" => "1.13"},{"date" => "2018-06-10T16:38:09","version" => "1.14"},{"date" => "2018-07-01T19:20:11","version" => "1.15"},{"date" => "2018-07-24T05:59:11","version" => "1.16"},{"date" => "2019-04-22T13:37:27","version" => "1.17"},{"date" => "2019-05-26T14:49:11","version" => "1.18"}]},"Net-CIDR" => {"advisories" => [{"affected_versions" => ["<0.25"],"cves" => ["CVE-2021-4456"],"description" => "addr2cidr may output dotted decimal IP address with leading zeros, that some older tools may interpret as octal values.","distribution" => "Net-CIDR","fixed_versions" => [">=0.25"],"id" => "CPANSA-Net-CIDR-2021-4456","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/svarshavchik/Net-CIDR/pull/4","https://github.com/briandfoy/cpan-security-advisory/issues/199","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28918","https://github.com/advisories/GHSA-pch5-whg9-qr2r","https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/"],"reported" => undef,"severity" => undef}],"main_module" => "Net::CIDR","versions" => [{"date" => "2001-07-10T02:31:15","version" => "0.02"},{"date" => "2001-10-25T03:21:00","version" => "0.03"},{"date" => "2001-11-27T18:09:02","version" => "0.04"},{"date" => "2003-05-01T15:22:27","version" => "0.07"},{"date" => "2003-08-14T05:53:06","version" => "0.08"},{"date" => "2003-11-19T00:25:14","version" => "0.09"},{"date" => "2004-07-19T23:49:07","version" => "0.10"},{"date" => "2005-08-10T01:21:28","version" => "0.11"},{"date" => "2009-01-19T18:52:31","version" => "0.13"},{"date" => "2010-06-27T13:49:06","version" => "0.14"},{"date" => "2012-02-16T13:12:52","version" => "0.15"},{"date" => "2012-10-01T03:17:27","version" => "0.16"},{"date" => "2012-10-21T13:44:40","version" => "0.17"},{"date" => "2015-02-04T02:03:45","version" => "0.18"},{"date" => "2018-06-12T02:13:49","version" => "0.19"},{"date" => "2019-04-17T01:46:50","version" => "0.20"},{"date" => "2021-03-31T01:43:37","version" => "0.21"},{"date" => "2025-03-09T12:42:15","version" => "0.22"},{"date" => "2025-03-10T12:02:04","version" => "0.23"},{"date" => "2025-05-20T11:56:28","version" => "0.24"},{"date" => "2025-05-20T14:24:29","version" => "v0.24.1"},{"date" => "2025-05-24T02:12:05","version" => "0.25"},{"date" => "2025-06-21T02:56:12","version" => "0.26"},{"date" => "2025-08-13T00:00:19","version" => "0.27"}]},"Net-CIDR-Lite" => {"advisories" => [{"affected_versions" => ["<0.22"],"cves" => ["CVE-2021-47154"],"description" => "The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-CIDR-Lite","fixed_versions" => [">=0.22"],"id" => "CPANSA-Net-CIDR-Lite-2021-47154","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc","https://metacpan.org/dist/Net-CIDR-Lite/changes","https://metacpan.org/pod/Net::CIDR::Lite"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::CIDR::Lite","versions" => [{"date" => "2001-10-23T22:54:21","version" => "0.02"},{"date" => "2001-10-24T00:14:02","version" => "0.03"},{"date" => "2001-10-24T00:55:11","version" => "0.04"},{"date" => "2001-10-25T17:20:05","version" => "0.05"},{"date" => "2001-10-31T01:40:19","version" => "0.06"},{"date" => "2001-10-31T23:51:49","version" => "0.07"},{"date" => "2001-11-26T23:12:47","version" => "0.08"},{"date" => "2001-11-27T05:47:30","version" => "0.09"},{"date" => "2001-11-27T18:25:47","version" => "0.10"},{"date" => "2002-04-16T05:44:00","version" => "0.11"},{"date" => "2002-07-15T07:07:02","version" => "0.12"},{"date" => "2002-07-15T09:46:34","version" => "0.13"},{"date" => "2002-07-15T16:31:01","version" => "0.14"},{"date" => "2003-04-16T20:20:04","version" => "0.15"},{"date" => "2005-05-18T19:01:44","version" => "0.16"},{"date" => "2005-05-18T19:43:12","version" => "0.17"},{"date" => "2005-05-21T08:14:32","version" => "0.18"},{"date" => "2006-01-30T19:34:31","version" => "0.19"},{"date" => "2006-02-14T00:58:01","version" => "0.20"},{"date" => "2010-03-26T00:38:30","version" => "0.21"},{"date" => "2021-04-04T21:03:12","version" => "0.22"}]},"Net-CIDR-Set" => {"advisories" => [{"affected_versions" => [">=0.10,<=0.13"],"cves" => ["CVE-2025-40911"],"description" => "Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.  Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.  Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.","distribution" => "Net-CIDR-Set","fixed_versions" => [">=0.14"],"id" => "CPANSA-Net-CIDR-Set-2025-40911","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab003a8a.patch","https://metacpan.org/release/RRWO/Net-CIDR-Set-0.14/changes"],"reported" => "2025-05-27","severity" => undef}],"main_module" => "Net::CIDR::Set","versions" => [{"date" => "2009-01-29T15:06:24","version" => "0.10"},{"date" => "2009-01-29T23:03:08","version" => "0.11"},{"date" => "2014-02-24T13:52:37","version" => "0.13"},{"date" => "2025-05-27T15:18:39","version" => "0.14"},{"date" => "2025-05-27T15:38:17","version" => "0.15"},{"date" => "2025-06-03T12:56:20","version" => "0.16"},{"date" => "2025-08-03T10:40:58","version" => "0.17"},{"date" => "2025-08-03T10:46:20","version" => "0.18"},{"date" => "2025-08-05T12:12:04","version" => "0.19"}]},"Net-DNS" => {"advisories" => [{"affected_versions" => ["<0.63"],"cves" => ["CVE-2007-6341"],"description" => "Allows remote attackers to cause a denial of service (program \"croak\") via a crafted DNS response.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.63"],"id" => "CPANSA-Net-DNS-2008-01","references" => ["https://metacpan.org/changes/distribution/Net-DNS"],"reported" => "2008-02-08"},{"affected_versions" => ["<0.60"],"cves" => ["CVE-2007-3409"],"description" => "Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.60"],"id" => "CPANSA-Net-DNS-2007-3409","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=27285","http://www.net-dns.org/docs/Changes.html","http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:146","http://www.redhat.com/support/errata/RHSA-2007-0674.html","ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc","http://www.novell.com/linux/security/advisories/2007_17_sr.html","http://www.trustix.org/errata/2007/0023/","http://www.ubuntu.com/usn/usn-483-1","http://www.securityfocus.com/bid/24669","http://www.securitytracker.com/id?1018376","http://secunia.com/advisories/25829","http://secunia.com/advisories/26014","http://secunia.com/advisories/26055","http://secunia.com/advisories/26012","http://secunia.com/advisories/26075","http://secunia.com/advisories/26211","http://secunia.com/advisories/26231","http://secunia.com/advisories/26417","http://secunia.com/advisories/26543","http://www.debian.org/security/2008/dsa-1515","http://secunia.com/advisories/29354","http://osvdb.org/37054","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10595","http://www.securityfocus.com/archive/1/473871/100/0/threaded"],"reported" => "2007-06-26","severity" => undef},{"affected_versions" => ["<0.60"],"cves" => ["CVE-2007-3377"],"description" => "Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.\n","distribution" => "Net-DNS","fixed_versions" => [">=0.60"],"id" => "CPANSA-Net-DNS-2007-3377","references" => ["http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html","http://rt.cpan.org/Public/Bug/Display.html?id=23961","https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458","http://www.net-dns.org/docs/Changes.html","http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm","http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml","http://www.mandriva.com/security/advisories?name=MDKSA-2007:146","http://www.redhat.com/support/errata/RHSA-2007-0674.html","http://www.redhat.com/support/errata/RHSA-2007-0675.html","ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc","http://www.novell.com/linux/security/advisories/2007_17_sr.html","http://www.trustix.org/errata/2007/0023/","http://www.ubuntu.com/usn/usn-483-1","http://www.securityfocus.com/bid/24669","http://www.securitytracker.com/id?1018377","http://secunia.com/advisories/25829","http://secunia.com/advisories/26014","http://secunia.com/advisories/26055","http://secunia.com/advisories/26012","http://secunia.com/advisories/26075","http://secunia.com/advisories/26211","http://secunia.com/advisories/26231","http://secunia.com/advisories/26417","http://secunia.com/advisories/26508","http://secunia.com/advisories/26543","http://www.debian.org/security/2008/dsa-1515","http://secunia.com/advisories/29354","http://osvdb.org/37053","https://exchange.xforce.ibmcloud.com/vulnerabilities/35112","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9904","http://www.securityfocus.com/archive/1/473871/100/0/threaded"],"reported" => "2007-06-25","severity" => undef}],"main_module" => "Net::DNS","versions" => [{"date" => "1997-02-04T10:03:21","version" => "0.02"},{"date" => "1997-02-05T05:54:07","version" => "0.02"},{"date" => "1997-02-10T16:24:12","version" => "0.03"},{"date" => "1997-02-13T23:50:40","version" => "0.04"},{"date" => "1997-03-28T06:22:18","version" => "0.05"},{"date" => "1997-04-03T06:54:12","version" => "0.06"},{"date" => "1997-04-19T18:07:46","version" => "0.07"},{"date" => "1997-05-13T15:27:34","version" => "0.08"},{"date" => "1997-05-29T22:16:14","version" => "0.09"},{"date" => "1997-06-13T04:35:29","version" => "0.10"},{"date" => "1997-07-06T18:10:05","version" => "0.11"},{"date" => "1997-10-02T05:53:19","version" => "0.12"},{"date" => "2002-02-01T21:32:42","version" => "0.14"},{"date" => "2002-04-11T23:04:19","version" => "0.19"},{"date" => "2002-05-15T00:39:48","version" => "0.20"},{"date" => "2002-06-03T21:44:48","version" => "0.21"},{"date" => "2002-06-06T21:48:08","version" => "0.22"},{"date" => "2002-06-11T22:49:07","version" => "0.23"},{"date" => "2002-07-06T20:17:50","version" => "0.24"},{"date" => "2002-08-01T10:37:46","version" => "0.25"},{"date" => "2002-08-05T20:11:20","version" => "0.26"},{"date" => "2002-08-15T15:55:56","version" => "0.27"},{"date" => "2002-08-21T00:18:55","version" => "0.28"},{"date" => "2002-10-02T06:09:09","version" => "0.29"},{"date" => "2002-11-07T13:19:03","version" => "0.30"},{"date" => "2002-11-18T04:32:09","version" => "0.31"},{"date" => "2003-01-05T21:37:55","version" => "0.32"},{"date" => "2003-01-08T18:31:53","version" => "0.33"},{"date" => "2003-03-06T19:19:53","version" => "0.34"},{"date" => "2003-05-22T02:33:15","version" => "0.34_02"},{"date" => "2003-05-23T01:24:00","version" => "0.34_03"},{"date" => "2003-05-26T07:13:38","version" => "0.35"},{"date" => "2003-05-28T22:24:43","version" => "0.36"},{"date" => "2003-05-28T22:41:56","version" => "0.37"},{"date" => "2003-06-05T23:55:14","version" => "0.38"},{"date" => "2003-06-23T00:19:28","version" => "0.38_01"},{"date" => "2003-07-29T09:34:12","version" => "0.38_02"},{"date" => "2003-08-07T22:35:45","version" => "0.39"},{"date" => "2003-08-12T04:10:01","version" => "0.39_01"},{"date" => "2003-08-28T15:17:51","version" => "0.39_02"},{"date" => "2003-09-01T22:18:39","version" => "0.40"},{"date" => "2003-09-26T22:54:49","version" => "0.40_01"},{"date" => "2003-10-03T15:57:27","version" => "0.41"},{"date" => "2003-10-26T05:42:29","version" => "0.42"},{"date" => "2003-12-01T04:39:24","version" => "0.42_01"},{"date" => "2003-12-11T08:53:09","version" => "0.42_02"},{"date" => "2003-12-12T00:28:17","version" => "0.43"},{"date" => "2003-12-13T01:55:07","version" => "0.44"},{"date" => "2004-01-03T06:49:06","version" => "0.44_01"},{"date" => "2004-01-04T04:51:25","version" => "0.44_02"},{"date" => "2004-01-08T05:56:11","version" => "0.45"},{"date" => "2004-02-10T00:53:47","version" => "0.45_01"},{"date" => "2004-02-21T12:53:34","version" => "0.46"},{"date" => "2004-04-01T07:39:00","version" => "0.47"},{"date" => "2004-05-06T19:18:31","version" => "0.47_01"},{"date" => "2004-08-13T01:11:57","version" => "0.48"},{"date" => "2005-03-07T14:31:55","version" => "0.48_01"},{"date" => "2005-03-14T20:47:20","version" => "0.48_02"},{"date" => "2005-03-22T15:54:51","version" => "0.48_03"},{"date" => "2005-03-29T13:12:16","version" => "0.49"},{"date" => "2005-05-24T08:07:55","version" => "0.49_01"},{"date" => "2005-05-28T07:07:52","version" => "0.49_02"},{"date" => "2005-06-01T20:51:43","version" => "0.49_03"},{"date" => "2005-06-08T14:15:32","version" => "0.50"},{"date" => "2005-06-10T11:00:29","version" => "0.51"},{"date" => "2005-06-14T11:42:54","version" => "0.49_01"},{"date" => "2005-06-22T14:32:45","version" => "0.49_01"},{"date" => "2005-07-01T21:50:47","version" => "0.52"},{"date" => "2005-07-22T12:23:21","version" => "0.53"},{"date" => "2005-07-31T14:40:15","version" => "0.53_01"},{"date" => "2005-10-18T14:39:03","version" => "0.53_02"},{"date" => "2005-12-07T13:15:30","version" => "0.54"},{"date" => "2005-12-14T10:29:42","version" => "0.55"},{"date" => "2006-02-20T15:34:25","version" => "0.56"},{"date" => "2006-02-24T16:21:14","version" => "0.57"},{"date" => "2006-07-04T11:42:41","version" => "0.58"},{"date" => "2006-09-18T19:31:10","version" => "0.59"},{"date" => "2007-06-22T07:31:18","version" => "0.60"},{"date" => "2007-08-01T12:26:55","version" => "0.61"},{"date" => "2007-12-28T19:32:25","version" => "0.62"},{"date" => "2008-02-08T15:49:50","version" => "0.63"},{"date" => "2008-12-30T18:11:35","version" => "0.64"},{"date" => "2009-01-26T18:19:23","version" => "0.65"},{"date" => "2009-12-30T13:58:25","version" => "0.66"},{"date" => "2011-10-25T12:14:24","version" => "0.66_01"},{"date" => "2011-10-27T14:23:38","version" => "0.66_02"},{"date" => "2011-10-28T14:31:06","version" => "0.66_03"},{"date" => "2011-10-28T15:00:15","version" => "0.66_04"},{"date" => "2011-10-31T14:36:02","version" => "0.66_06"},{"date" => "2011-10-31T19:34:01","version" => "0.66_07"},{"date" => "2011-11-02T21:52:59","version" => "0.66_08"},{"date" => "2011-11-07T09:07:56","version" => "0.67"},{"date" => "2012-01-23T13:41:03","version" => "0.67_01"},{"date" => "2012-01-26T10:44:13","version" => "0.67_03"},{"date" => "2012-01-27T08:47:28","version" => "0.67_04"},{"date" => "2012-01-31T21:54:27","version" => "0.68"},{"date" => "2012-01-31T22:11:31","version" => "0.68"},{"date" => "2012-10-29T15:35:55","version" => "0.68_01"},{"date" => "2012-10-31T10:25:57","version" => "0.68_02"},{"date" => "2012-10-31T20:33:53","version" => "0.68_03"},{"date" => "2012-11-12T07:15:13","version" => "0.68_04"},{"date" => "2012-11-12T10:22:31","version" => "0.68_05"},{"date" => "2012-11-19T12:57:25","version" => "0.68_06"},{"date" => "2012-11-21T23:12:34","version" => "0.68_07"},{"date" => "2012-11-23T22:12:01","version" => "0.68_08"},{"date" => "2012-12-04T07:18:08","version" => "0.68_09"},{"date" => "2012-12-05T12:07:43","version" => "0.69"},{"date" => "2012-12-05T14:05:12","version" => "0.69_1"},{"date" => "2012-12-06T11:10:17","version" => "0.70"},{"date" => "2012-12-12T16:04:03","version" => "0.70_1"},{"date" => "2012-12-15T11:18:56","version" => "0.71"},{"date" => "2012-12-24T21:14:23","version" => "0.71_01"},{"date" => "2012-12-28T15:03:57","version" => "0.72"},{"date" => "2013-11-13T15:18:55","version" => "0.72_01"},{"date" => "2013-11-14T16:13:33","version" => "0.72_02"},{"date" => "2013-11-18T10:49:23","version" => "0.72_03"},{"date" => "2013-11-19T21:52:50","version" => "0.72_04"},{"date" => "2013-11-29T13:35:08","version" => "0.73"},{"date" => "2013-12-24T15:21:50","version" => "0.73_1"},{"date" => "2014-01-02T20:32:27","version" => "0.73_2"},{"date" => "2014-01-05T20:31:16","version" => "0.73_3"},{"date" => "2014-01-12T10:25:24","version" => "0.73_4"},{"date" => "2014-01-13T15:59:49","version" => "0.73_5"},{"date" => "2014-01-16T10:23:47","version" => "0.74"},{"date" => "2014-03-03T21:33:39","version" => "0.74_1"},{"date" => "2014-03-10T08:36:19","version" => "0.74_2"},{"date" => "2014-04-03T21:00:45","version" => "0.74_3"},{"date" => "2014-04-30T14:05:59","version" => "0.74_4"},{"date" => "2014-05-05T06:05:46","version" => "0.74_5"},{"date" => "2014-05-06T09:22:01","version" => "0.74_6"},{"date" => "2014-05-08T09:54:21","version" => "0.75"},{"date" => "2014-05-22T20:56:00","version" => "0.75_1"},{"date" => "2014-05-23T22:26:56","version" => "0.76"},{"date" => "2014-05-29T11:26:07","version" => "0.76_1"},{"date" => "2014-06-05T16:04:39","version" => "0.76_2"},{"date" => "2014-06-13T08:31:32","version" => "0.76_3"},{"date" => "2014-06-13T21:57:13","version" => "0.77"},{"date" => "2014-07-02T09:53:03","version" => "0.77_1"},{"date" => "2014-07-09T07:09:44","version" => "0.77_2"},{"date" => "2014-07-10T14:13:33","version" => "0.78"},{"date" => "2014-07-30T21:41:25","version" => "0.78_1"},{"date" => "2014-08-12T22:13:54","version" => "0.78_2"},{"date" => "2014-08-15T14:40:22","version" => "0.78_3"},{"date" => "2014-08-19T13:24:46","version" => "0.78_5"},{"date" => "2014-08-22T22:29:13","version" => "0.79"},{"date" => "2014-09-11T11:42:35","version" => "0.79_1"},{"date" => "2014-09-15T14:51:32","version" => "0.79_2"},{"date" => "2014-09-22T11:51:22","version" => "0.80"},{"date" => "2014-10-20T08:19:15","version" => "0.80_1"},{"date" => "2014-10-24T08:21:15","version" => "0.80_2"},{"date" => "2014-10-29T13:44:16","version" => "0.81"},{"date" => "2015-01-05T10:22:06","version" => "0.81_01"},{"date" => "2015-01-20T14:12:38","version" => "0.82"},{"date" => "2015-02-11T14:26:36","version" => "0.82_01"},{"date" => "2015-02-18T11:05:47","version" => "0.82_02"},{"date" => "2015-02-26T15:48:06","version" => "0.83"},{"date" => "2015-05-27T10:04:50","version" => "1.00_01"},{"date" => "2015-06-11T17:23:10","version" => "1.00_02"},{"date" => "2015-06-15T10:02:08","version" => "1.00_03"},{"date" => "2015-06-23T13:57:29","version" => "1.00_04"},{"date" => "2015-06-26T09:37:11","version" => "1.00_05"},{"date" => "2015-06-29T17:15:06","version" => "1.00_06"},{"date" => "2015-07-01T13:51:22","version" => "1.00_07"},{"date" => "2015-07-02T08:17:44","version" => "1.00_08"},{"date" => "2015-07-06T17:28:32","version" => "1.01"},{"date" => "2015-08-26T20:44:25","version" => "1.01_01"},{"date" => "2015-09-03T06:21:58","version" => "1.01_02"},{"date" => "2015-09-04T20:39:37","version" => "1.01_03"},{"date" => "2015-09-08T08:26:06","version" => "1.01_04"},{"date" => "2015-09-11T11:49:24","version" => "1.01_05"},{"date" => "2015-09-15T18:51:53","version" => "1.01_06"},{"date" => "2015-09-16T10:25:09","version" => "1.02"},{"date" => "2015-09-22T13:39:43","version" => "1.02_01"},{"date" => "2015-10-05T08:30:03","version" => "1.02_02"},{"date" => "2015-10-06T20:39:36","version" => "1.02_03"},{"date" => "2015-10-08T21:24:29","version" => "1.02_04"},{"date" => "2015-10-13T07:30:39","version" => "1.02_05"},{"date" => "2015-10-14T12:44:57","version" => "1.02_06"},{"date" => "2015-10-20T09:59:26","version" => "1.02_07"},{"date" => "2015-10-23T08:32:04","version" => "1.02_08"},{"date" => "2015-10-27T16:07:21","version" => "1.02_09"},{"date" => "2015-11-02T06:00:09","version" => "1.02_10"},{"date" => "2015-11-08T13:49:33","version" => "1.03"},{"date" => "2015-12-01T21:21:55","version" => "1.03_01"},{"date" => "2015-12-02T14:27:42","version" => "1.03_02"},{"date" => "2015-12-02T20:49:07","version" => "1.03_03"},{"date" => "2015-12-08T20:41:10","version" => "1.04"},{"date" => "2016-02-01T16:26:27","version" => "1.04_01"},{"date" => "2016-02-02T08:03:42","version" => "1.04_02"},{"date" => "2016-02-05T12:19:57","version" => "1.04_03"},{"date" => "2016-02-29T12:32:53","version" => "1.04_04"},{"date" => "2016-03-07T21:11:01","version" => "1.05"},{"date" => "2016-03-21T13:15:38","version" => "1.05_01"},{"date" => "2016-03-24T18:45:15","version" => "1.05_02"},{"date" => "2016-04-04T21:53:54","version" => "1.05_03"},{"date" => "2016-04-15T10:11:03","version" => "1.05_04"},{"date" => "2016-04-17T12:05:46","version" => "1.05_05"},{"date" => "2016-05-11T08:58:51","version" => "1.05_06"},{"date" => "2016-05-22T07:54:41","version" => "1.05_07"},{"date" => "2016-05-27T19:12:44","version" => "1.06"},{"date" => "2016-06-22T08:54:06","version" => "1.06_01"},{"date" => "2016-08-24T11:36:13","version" => "1.06_02"},{"date" => "2016-08-25T15:01:31","version" => "1.06_03"},{"date" => "2016-09-17T08:19:30","version" => "1.06_04"},{"date" => "2016-11-12T03:24:33","version" => "1.06_05"},{"date" => "2016-12-23T14:48:42","version" => "1.06_06"},{"date" => "2016-12-29T17:16:20","version" => "1.07"},{"date" => "2017-01-18T21:51:05","version" => "1.07_01"},{"date" => "2017-01-27T10:44:03","version" => "1.07_02"},{"date" => "2017-02-09T10:28:55","version" => "1.07_03"},{"date" => "2017-02-13T10:08:41","version" => "1.07_04"},{"date" => "2017-02-20T11:12:45","version" => "1.08"},{"date" => "2017-03-06T09:33:06","version" => "1.08_02"},{"date" => "2017-03-13T10:02:22","version" => "1.08_03"},{"date" => "2017-03-22T09:48:52","version" => "1.08_04"},{"date" => "2017-03-24T07:00:36","version" => "1.09"},{"date" => "2017-04-19T13:10:57","version" => "1.09_01"},{"date" => "2017-05-05T22:21:10","version" => "1.10"},{"date" => "2017-05-31T09:07:40","version" => "1.10_01"},{"date" => "2017-06-03T20:26:47","version" => "1.10_02"},{"date" => "2017-06-12T12:03:07","version" => "1.10_03"},{"date" => "2017-06-26T12:52:57","version" => "1.11"},{"date" => "2017-07-07T21:50:10","version" => "1.11_01"},{"date" => "2017-07-28T16:17:01","version" => "1.11_02"},{"date" => "2017-08-15T10:33:15","version" => "1.11_03"},{"date" => "2017-08-17T12:48:08","version" => "1.11_04"},{"date" => "2017-08-18T13:15:31","version" => "1.12"},{"date" => "2017-09-12T09:28:26","version" => "1.12_01"},{"date" => "2017-10-06T09:07:45","version" => "1.12_02"},{"date" => "2017-10-10T14:42:38","version" => "1.12_03"},{"date" => "2017-10-18T09:49:20","version" => "1.13"},{"date" => "2017-11-30T11:11:55","version" => "1.13_01"},{"date" => "2017-12-07T10:17:12","version" => "1.13_02"},{"date" => "2017-12-15T12:34:59","version" => "1.14"},{"date" => "2018-01-31T10:11:39","version" => "1.14_01"},{"date" => "2018-02-01T14:14:07","version" => "1.14_02"},{"date" => "2018-02-09T11:42:14","version" => "1.15"},{"date" => "2018-06-11T09:20:56","version" => "1.15_01"},{"date" => "2018-06-14T10:46:39","version" => "1.15_02"},{"date" => "2018-07-03T09:05:15","version" => "1.15_03"},{"date" => "2018-07-06T10:03:02","version" => "1.15_04"},{"date" => "2018-07-16T04:56:07","version" => "1.16"},{"date" => "2018-07-20T16:22:38","version" => "1.16_01"},{"date" => "2018-07-24T15:35:14","version" => "1.16_02"},{"date" => "2018-07-25T07:10:24","version" => "1.17"},{"date" => "2018-09-11T10:24:34","version" => "1.17_01"},{"date" => "2018-09-11T15:32:52","version" => "1.17_02"},{"date" => "2018-09-12T06:15:44","version" => "1.17_03"},{"date" => "2018-09-21T14:49:48","version" => "1.18"},{"date" => "2018-11-08T06:39:55","version" => "1.18_01"},{"date" => "2018-11-15T06:02:14","version" => "1.19"},{"date" => "2018-12-31T12:23:28","version" => "1.19_01"},{"date" => "2019-01-28T09:48:25","version" => "1.19_02"},{"date" => "2019-03-22T08:40:39","version" => "1.19_03"},{"date" => "2019-03-22T14:13:56","version" => "1.20"},{"date" => "2019-07-21T09:20:43","version" => "1.20_01"},{"date" => "2019-07-23T14:51:08","version" => "1.20_02"},{"date" => "2019-08-21T13:49:42","version" => "1.20_03"},{"date" => "2019-08-30T08:37:40","version" => "1.21"},{"date" => "2020-02-02T21:54:31","version" => "1.21_01"},{"date" => "2020-02-13T13:56:48","version" => "1.22"},{"date" => "2020-03-17T09:09:32","version" => "1.22_01"},{"date" => "2020-03-18T14:55:27","version" => "1.23"},{"date" => "2020-05-13T09:04:51","version" => "1.23_01"},{"date" => "2020-05-27T12:47:25","version" => "1.24"},{"date" => "2020-06-19T10:52:05","version" => "1.24_01"},{"date" => "2020-06-23T13:07:04","version" => "1.24_02"},{"date" => "2020-06-26T15:40:24","version" => "1.25"},{"date" => "2020-07-28T12:55:42","version" => "1.25_01"},{"date" => "2020-07-31T08:43:21","version" => "1.25_02"},{"date" => "2020-08-06T15:55:03","version" => "1.26"},{"date" => "2020-08-31T13:51:53","version" => "1.26_01"},{"date" => "2020-09-07T08:02:00","version" => "1.26_02"},{"date" => "2020-09-11T18:53:08","version" => "1.27"},{"date" => "2020-10-08T22:00:15","version" => "1.27_01"},{"date" => "2020-10-16T10:20:24","version" => "1.27_02"},{"date" => "2020-10-19T08:09:59","version" => "1.27_03"},{"date" => "2020-10-23T16:53:49","version" => "1.28"},{"date" => "2020-11-16T16:33:26","version" => "1.28_01"},{"date" => "2020-11-18T13:40:46","version" => "1.29"},{"date" => "2020-12-24T15:37:27","version" => "1.29_01"},{"date" => "2021-03-22T08:38:47","version" => "1.29_02"},{"date" => "2021-03-28T09:38:33","version" => "1.29_03"},{"date" => "2021-03-30T10:06:50","version" => "1.30"},{"date" => "2021-05-02T12:43:26","version" => "1.31"},{"date" => "2021-07-09T09:57:13","version" => "1.31_01"},{"date" => "2021-07-16T14:24:25","version" => "1.32"},{"date" => "2021-08-11T10:07:26","version" => "1.32_01"},{"date" => "2021-12-08T10:42:13","version" => "1.32_02"},{"date" => "2021-12-16T12:22:39","version" => "1.33"},{"date" => "2022-05-21T10:05:03","version" => "1.33_01"},{"date" => "2022-05-30T13:39:34","version" => "1.34"},{"date" => "2022-09-23T13:43:05","version" => "1.34_01"},{"date" => "2022-10-04T13:44:45","version" => "1.34_02"},{"date" => "2022-10-04T20:02:07","version" => "1.35"},{"date" => "2022-12-20T14:45:20","version" => "1.35_01"},{"date" => "2022-12-21T11:28:18","version" => "1.35_02"},{"date" => "2022-12-28T13:12:39","version" => "1.35_03"},{"date" => "2022-12-30T15:53:37","version" => "1.36"},{"date" => "2023-01-30T14:07:07","version" => "1.36_01"},{"date" => "2023-02-20T15:36:17","version" => "1.36_02"},{"date" => "2023-03-06T12:19:36","version" => "1.36_03"},{"date" => "2023-03-13T18:06:16","version" => "1.37"},{"date" => "2023-03-30T19:26:05","version" => "1.37_01"},{"date" => "2023-04-17T12:34:49","version" => "1.37_02"},{"date" => "2023-04-20T12:38:12","version" => "1.37_03"},{"date" => "2023-04-25T20:37:19","version" => "1.37_04"},{"date" => "2023-05-09T10:50:45","version" => "1.38"},{"date" => "2023-05-31T14:12:28","version" => "1.38_01"},{"date" => "2023-06-01T11:46:37","version" => "1.39"},{"date" => "2023-08-23T14:53:17","version" => "1.39_01"},{"date" => "2023-08-25T12:50:35","version" => "1.39_02"},{"date" => "2023-08-30T18:16:07","version" => "1.40"},{"date" => "2023-11-22T08:42:22","version" => "1.40_01"},{"date" => "2023-11-27T13:28:04","version" => "1.41"},{"date" => "2023-12-24T15:48:59","version" => "1.42"},{"date" => "2024-01-04T11:21:08","version" => "1.42_01"},{"date" => "2024-01-08T09:38:46","version" => "1.42_02"},{"date" => "2024-01-10T15:04:01","version" => "1.42_03"},{"date" => "2024-01-17T09:07:40","version" => "1.42_04"},{"date" => "2024-01-25T11:08:34","version" => "1.42_05"},{"date" => "2024-01-26T14:54:33","version" => "1.43"},{"date" => "2024-02-14T09:22:32","version" => "1.43_01"},{"date" => "2024-02-15T13:03:57","version" => "1.44"},{"date" => "2024-04-21T08:24:10","version" => "1.44_01"},{"date" => "2024-05-02T11:03:24","version" => "1.45"},{"date" => "2024-07-26T03:56:44","version" => "1.45_01"},{"date" => "2024-08-12T09:53:41","version" => "1.45_02"},{"date" => "2024-08-19T15:12:15","version" => "1.46"},{"date" => "2024-09-18T20:46:06","version" => "1.47"},{"date" => "2024-11-07T14:13:26","version" => "1.47_01"},{"date" => "2024-11-08T13:27:46","version" => "1.48"},{"date" => "2024-12-16T13:43:49","version" => "1.48_01"},{"date" => "2024-12-18T14:24:48","version" => "1.48_02"},{"date" => "2024-12-27T13:12:51","version" => "1.49"},{"date" => "2025-01-02T16:36:47","version" => "1.49_01"},{"date" => "2025-01-29T09:05:23","version" => "1.49_02"},{"date" => "2025-02-08T16:50:50","version" => "1.49_03"},{"date" => "2025-02-10T13:49:02","version" => "1.49_04"},{"date" => "2025-02-11T15:56:15","version" => "1.49_05"},{"date" => "2025-02-21T08:48:19","version" => "1.50"},{"date" => "2025-07-01T12:01:39","version" => "1.50_01"},{"date" => "2025-07-04T13:49:27","version" => "1.51"},{"date" => "2025-07-18T11:52:46","version" => "1.51_01"},{"date" => "2025-07-19T11:26:47","version" => "1.51_02"},{"date" => "2025-07-22T16:56:24","version" => "1.51_03"},{"date" => "2025-07-28T13:57:39","version" => "1.51_04"},{"date" => "2025-07-29T18:11:00","version" => "1.52"},{"date" => "2025-08-14T12:01:11","version" => "1.52_01"},{"date" => "2025-08-19T09:53:44","version" => "1.52_02"},{"date" => "2025-08-26T09:53:47","version" => "1.52_03"},{"date" => "2025-08-29T12:22:39","version" => "1.53"},{"date" => "2026-01-16T13:17:34","version" => "1.54"}]},"Net-Dropbear" => {"advisories" => [{"affected_versions" => ["<0"],"comment" => "From the author: \"I have reviewed Dropbear's usage of libtomcrypt, and the function in question for CVE-2019-17362, der_decode_utf8_string, is not used in Dropbear. None of the DER parsing from libtomcrypt is used in Dropbear at all, I have confirmed that the flag to include it is not set, and confirmed that the resultant Dropbear.so that is built by Net::Dropbear does not include any of the der_* symbols.\"\n","cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","embedded_vulnerability" => {"affected_versions" => "<0","distributed_version" => "1.8.2","name" => "libtomcrypt"},"fixed_versions" => [">0"],"id" => "CPANSA-Net-Dropbear-2019-17362","references" => ["https://github.com/atrodo/Net-Dropbear/issues/6","https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">0"],"comment" => "embedded library is libtommath","cves" => ["CVE-2025-40913","CVE-2023-36328"],"description" => "Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow.  Net::Dropbear\x{a0}embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2025-40913","references" => ["https://github.com/advisories/GHSA-j3xv-6967-cv88","https://github.com/libtom/libtommath/pull/546","https://metacpan.org/release/ATRODO/Net-Dropbear-0.16/source/dropbear/libtommath/bn_mp_grow.c","https://www.cve.org/CVERecord?id=CVE-2023-36328"],"reported" => "2025-07-16","severity" => undef},{"affected_versions" => [">=0.01,<=0.07"],"cves" => ["CVE-2019-12953"],"description" => "Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-12953-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://matt.ucc.asn.au/dropbear/CHANGES"],"reported" => "2020-12-30","severity" => "medium"},{"affected_versions" => [">=0.08,<=0.10"],"cves" => ["CVE-2019-12953"],"description" => "Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-12953-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://matt.ucc.asn.au/dropbear/CHANGES"],"reported" => "2020-12-30","severity" => "medium"},{"affected_versions" => [">=0.11,<=0.13"],"cves" => ["CVE-2020-36254"],"description" => "scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2020-36254-dropbear","references" => ["https://metacpan.org/release/ATRODO/Net-Dropbear-0.15/changes","https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff"],"reported" => "2021-02-25","severity" => "high"},{"affected_versions" => [">=0.14"],"cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-17362-libtomcrypt","references" => ["https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">=0.11,<=0.13"],"cves" => ["CVE-2019-17362"],"description" => "In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2019-17362-libtomcrypt","references" => ["https://github.com/libtom/libtomcrypt/pull/508","https://github.com/libtom/libtomcrypt/issues/507","https://vuldb.com/?id.142995","https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"],"reported" => "2019-10-09","severity" => "critical"},{"affected_versions" => [">=0.01,<=0.10"],"cves" => ["CVE-2016-6129"],"description" => "The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.\n","distribution" => "Net-Dropbear","fixed_versions" => [],"id" => "CPANSA-Net-Dropbear-2016-6129-libtomcrypt","references" => ["https://www.op-tee.org/advisories/","https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0","https://bugzilla.redhat.com/show_bug.cgi?id=1370955"],"reported" => "2017-02-13","severity" => "high"}],"main_module" => "Net::Dropbear","versions" => [{"date" => "2015-11-03T18:31:23","version" => "0.01"},{"date" => "2015-11-04T04:17:39","version" => "0.02"},{"date" => "2015-11-05T06:49:56","version" => "0.03"},{"date" => "2015-11-07T03:40:31","version" => "0.04"},{"date" => "2015-11-29T00:37:40","version" => "0.06"},{"date" => "2016-01-02T05:57:50","version" => "0.07"},{"date" => "2016-08-04T05:36:45","version" => "0.08"},{"date" => "2016-08-08T05:56:46","version" => "0.09"},{"date" => "2016-08-10T05:05:32","version" => "0.10"},{"date" => "2020-03-17T04:05:13","version" => "0.11"},{"date" => "2020-03-20T02:33:34","version" => "0.12"},{"date" => "2020-03-21T14:51:53","version" => "0.13"},{"date" => "2021-05-28T04:07:12","version" => "0.14"},{"date" => "2022-07-01T04:48:35","version" => "0.15"},{"date" => "2022-07-08T03:18:20","version" => "0.16"}]},"Net-Dropbox-API" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-58036"],"description" => "Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Net-Dropbox-API","fixed_versions" => [],"id" => "CPANSA-Net-Dropbox-API-2024-58036","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L11","https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L385","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Net::Dropbox::API","versions" => [{"date" => "2010-05-12T02:24:44","version" => "0.02"},{"date" => "2010-05-12T03:47:17","version" => "0.3"},{"date" => "2010-05-12T05:20:22","version" => "0.4"},{"date" => "2010-05-13T01:28:14","version" => "0.5"},{"date" => "2010-05-13T01:45:47","version" => "0.6"},{"date" => "2010-09-29T22:44:37","version" => "0.7"},{"date" => "2010-10-17T21:34:59","version" => "0.9"},{"date" => "2011-02-06T21:28:22","version" => "0.10"},{"date" => "2011-02-20T20:23:48","version" => "1.0"},{"date" => "2011-02-23T03:51:46","version" => "1.1"},{"date" => "2011-03-23T19:59:39","version" => "1.2"},{"date" => "2011-04-08T04:53:20","version" => "1.3"},{"date" => "2011-04-12T19:45:12","version" => "1.4"},{"date" => "2011-05-09T07:49:55","version" => "1.5"},{"date" => "2011-05-16T05:45:53","version" => "1.6"},{"date" => "2011-06-16T01:18:02","version" => "1.6.1"},{"date" => "2011-06-28T00:24:02","version" => "1.7"},{"date" => "2012-03-22T23:54:58","version" => "1.8"},{"date" => "2012-10-23T07:31:36","version" => "1.9"}]},"Net-IP-LPM" => {"advisories" => [{"affected_versions" => [">=1.10"],"cves" => ["CVE-2025-40910"],"description" => "Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.  Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.","distribution" => "Net-IP-LPM","fixed_versions" => [],"id" => "CPANSA-Net-IP-LPM-2025-40910","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/TPODER/Net-IP-LPM-1.10/diff/TPODER/Net-IP-LPM-1.09/lib/Net/IP/LPM.pm","https://security.metacpan.org/patches/N/Net-IP-LPM/1.10/CVE-2025-40910-r1.patch"],"reported" => "2025-06-27","severity" => undef}],"main_module" => "Net::IP::LPM","versions" => [{"date" => "2013-01-05T14:28:16","version" => "0.01_01"},{"date" => "2013-01-07T14:50:26","version" => "0.01_02"},{"date" => "2013-01-09T06:10:47","version" => "0.01_03"},{"date" => "2013-01-12T11:32:07","version" => "0.02"},{"date" => "2013-03-08T12:21:31","version" => "0.02_01"},{"date" => "2013-03-16T21:27:03","version" => "0.03"},{"date" => "2013-08-17T04:37:38","version" => "1.01_01"},{"date" => "2013-08-18T06:59:49","version" => "1.01_02"},{"date" => "2013-08-18T14:53:57","version" => "1.01_04"},{"date" => "2013-08-20T06:13:43","version" => "1.02"},{"date" => "2013-08-20T18:42:21","version" => "1.03"},{"date" => "2013-08-26T07:46:02","version" => "1.04"},{"date" => "2013-10-02T16:49:57","version" => "1.05"},{"date" => "2014-11-16T13:18:40","version" => "1.06"},{"date" => "2014-11-20T07:37:55","version" => "1.07"},{"date" => "2014-12-01T21:14:24","version" => "1.09"},{"date" => "2015-08-03T08:40:34","version" => "1.10"}]},"Net-IPAddress-Util" => {"advisories" => [{"affected_versions" => ["<5.000"],"cves" => ["CVE-2021-47156"],"description" => "The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-IPAddress-Util","fixed_versions" => [">=5.000"],"id" => "CPANSA-Net-IPAddress-Util-2021-47156","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/Net-IPAddress-Util","https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::IPAddress::Util","versions" => [{"date" => "2010-03-21T17:13:19","version" => "0.01"},{"date" => "2010-03-21T21:58:11","version" => "0.02"},{"date" => "2010-03-21T23:54:15","version" => "0.03"},{"date" => "2010-03-22T00:50:40","version" => "0.04"},{"date" => "2010-03-23T11:38:32","version" => "0.05"},{"date" => "2010-03-24T10:42:02","version" => "0.06"},{"date" => "2010-03-25T10:58:12","version" => "0.07"},{"date" => "2010-03-26T11:06:58","version" => "0.08"},{"date" => "2010-03-27T15:38:27","version" => "0.09"},{"date" => "2010-04-29T01:26:36","version" => "0.10"},{"date" => "2011-03-26T22:10:10","version" => "0.11"},{"date" => "2011-03-27T00:22:54","version" => "0.12"},{"date" => "2012-05-30T10:03:21","version" => "1.000"},{"date" => "2012-05-31T10:48:35","version" => "1.001"},{"date" => "2012-06-09T08:44:51","version" => "1.002"},{"date" => "2013-10-29T14:27:36","version" => "2.000"},{"date" => "2013-10-29T14:31:44","version" => "2.000_TRIAL"},{"date" => "2013-10-30T03:01:39","version" => "2.001_TRIAL"},{"date" => "2013-10-30T03:32:06","version" => "2.002_TRIAL"},{"date" => "2013-10-30T11:47:01","version" => "2.003_TRIAL"},{"date" => "2013-10-30T15:53:55","version" => "2.004_TRIAL"},{"date" => "2013-11-01T02:53:47","version" => "1.500"},{"date" => "2013-11-02T02:04:49","version" => "3.000"},{"date" => "2014-04-29T10:09:11","version" => "3.001"},{"date" => "2014-06-10T06:38:16","version" => "3.002"},{"date" => "2014-06-14T21:40:33","version" => "3.003"},{"date" => "2014-09-24T11:29:12","version" => "3.010"},{"date" => "2014-09-24T13:12:04","version" => "3.011"},{"date" => "2014-09-26T05:01:04","version" => "3.012"},{"date" => "2014-09-27T15:52:03","version" => "3.013"},{"date" => "2014-09-27T15:59:49","version" => "3.014"},{"date" => "2014-09-30T03:35:57","version" => "3.015"},{"date" => "2014-09-30T03:47:35","version" => "3.016"},{"date" => "2014-09-30T05:30:38","version" => "3.017"},{"date" => "2014-09-30T06:56:39","version" => "3.018"},{"date" => "2015-01-11T03:59:42","version" => "3.019"},{"date" => "2015-01-11T23:29:32","version" => "3.020"},{"date" => "2015-02-18T06:04:51","version" => "3.021"},{"date" => "2015-03-21T16:22:56","version" => "3.022"},{"date" => "2016-03-30T16:54:57","version" => "3.024"},{"date" => "2016-03-30T23:56:29","version" => "3.025"},{"date" => "2016-04-07T19:36:23","version" => "3.026"},{"date" => "2016-04-13T13:40:55","version" => "3.027"},{"date" => "2017-08-17T16:40:13","version" => "3.028"},{"date" => "2017-08-17T21:11:21","version" => "3.029"},{"date" => "2017-08-18T18:07:20","version" => "3.030"},{"date" => "2017-08-18T19:01:22","version" => "3.031"},{"date" => "2017-08-31T16:41:45","version" => "3.032"},{"date" => "2017-08-31T19:39:56","version" => "3.033"},{"date" => "2017-09-20T19:26:27","version" => "3.034"},{"date" => "2017-09-21T10:14:03","version" => "4.000"},{"date" => "2017-09-22T13:04:11","version" => "4.001"},{"date" => "2017-10-04T18:28:54","version" => "4.002"},{"date" => "2017-10-05T18:08:46","version" => "4.003"},{"date" => "2017-10-05T18:44:53","version" => "4.004"},{"date" => "2021-04-05T18:40:34","version" => "5.000"},{"date" => "2021-04-11T04:34:22","version" => "5.001"}]},"Net-IPv4Addr" => {"advisories" => [{"affected_versions" => [">=0.10"],"cves" => ["CVE-2021-47155"],"description" => "The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-IPv4Addr","fixed_versions" => [],"id" => "CPANSA-Net-IPV4Addr-2021-47155","references" => ["https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/release/Net-IPAddress-Util","https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes"],"reported" => "2024-03-18","severity" => undef}],"main_module" => "Net::IPv4Addr","versions" => [{"date" => "1999-10-20T01:18:13","version" => "0.07"},{"date" => "1999-12-17T23:08:34","version" => "0.08"},{"date" => "1999-12-17T23:10:21","version" => "0.8"},{"date" => "2000-05-03T20:24:59","version" => "0.09"},{"date" => "2000-08-07T19:39:33","version" => "0.10"}]},"Net-NSCA-Client" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-57854"],"description" => "Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.  Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.  Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.","distribution" => "Net-NSCA-Client","fixed_versions" => [">=0.009002"],"id" => "CPANSA-Net-NSCA-Client-2024-57854","references" => ["https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119","https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Net::NSCA::Client","versions" => [{"date" => "2009-10-02T00:42:02","version" => "0.001"},{"date" => "2009-10-08T21:34:38","version" => "0.002"},{"date" => "2009-10-31T20:52:06","version" => "0.003"},{"date" => "2009-11-01T00:48:01","version" => "0.004"},{"date" => "2009-11-01T06:39:10","version" => "0.005"},{"date" => "2009-11-03T16:07:59","version" => "0.006"},{"date" => "2010-08-25T02:20:41","version" => "0.007"},{"date" => "2010-08-31T02:16:17","version" => "0.008"},{"date" => "2011-05-03T16:19:48","version" => "0.009"},{"date" => "2011-05-06T02:00:18","version" => "0.009001"},{"date" => "2011-10-24T04:44:41","version" => "0.009002"}]},"Net-Netmask" => {"advisories" => [{"affected_versions" => ["<2.0000"],"cves" => ["CVE-2021-29424"],"description" => "The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.\n","distribution" => "Net-Netmask","fixed_versions" => [">=2.0000"],"id" => "CPANSA-Net-Netmask-2021-01","references" => ["https://security.netapp.com/advisory/ntap-20210604-0007/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/","https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","https://metacpan.org/changes/distribution/Net-Netmask#L11-22"],"reported" => "2021-03-29"}],"main_module" => "Net::Netmask","versions" => [{"date" => "1998-06-08T05:38:00","version" => "1.0"},{"date" => "1998-06-08T22:46:00","version" => "1.2"},{"date" => "1998-06-25T17:03:00","version" => "1.3"},{"date" => "1998-11-29T20:50:00","version" => "1.4"},{"date" => "1999-03-28T03:32:00","version" => "1.6"},{"date" => "1999-09-15T17:44:00","version" => "1.7"},{"date" => "1999-09-21T00:53:00","version" => "1.8"},{"date" => "2001-05-16T09:18:57","version" => "1.9"},{"date" => "2001-09-30T06:14:00","version" => "1.9001"},{"date" => "2001-11-12T18:20:00","version" => "1.9002"},{"date" => "2003-05-27T15:36:25","version" => "1.9003"},{"date" => "2003-05-29T03:36:30","version" => "1.9004"},{"date" => "2003-11-29T22:49:00","version" => "1.9005"},{"date" => "2003-12-05T22:02:00","version" => "1.9006"},{"date" => "2004-01-02T23:56:00","version" => "1.9007"},{"date" => "2004-04-06T20:15:00","version" => "1.9008"},{"date" => "2004-04-12T21:05:00","version" => "1.9009"},{"date" => "2004-05-31T19:48:00","version" => "1.9011"},{"date" => "2005-05-19T15:45:00","version" => "1.9012"},{"date" => "2006-09-06T19:27:00","version" => "1.9013"},{"date" => "2006-10-14T01:20:00","version" => "1.9014"},{"date" => "2006-11-30T21:06:00","version" => "1.9015"},{"date" => "2011-03-23T04:41:06","version" => "1.9016"},{"date" => "2013-09-21T01:56:56","version" => "1.9017"},{"date" => "2013-09-27T01:25:15","version" => "1.9018"},{"date" => "2013-10-02T00:42:56","version" => "1.9019"},{"date" => "2014-07-18T00:15:30","version" => "1.9021"},{"date" => "2015-05-05T03:36:33","version" => "1.9022"},{"date" => "2018-06-04T04:39:04","version" => "1.9100"},{"date" => "2018-06-05T01:21:39","version" => "1.9101"},{"date" => "2018-06-18T16:35:20","version" => "1.9102"},{"date" => "2018-06-18T21:31:04","version" => "1.9103"},{"date" => "2018-07-27T04:52:04","version" => "1.9104"},{"date" => "2018-07-27T23:03:36","version" => "1.9104"},{"date" => "2021-03-29T17:24:43","version" => "2.0000"},{"date" => "2021-03-29T19:31:52","version" => "2.0001"},{"date" => "2022-08-31T18:09:46","version" => "2.0002"},{"date" => "2025-05-17T15:27:37","version" => "2.0003"}]},"Net-OAuth" => {"advisories" => [{"affected_versions" => ["<0.29"],"cves" => ["CVE-2025-22376"],"description" => "In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.\n","distribution" => "Net-OAuth","fixed_versions" => [">=0.29"],"id" => "CPANSA-Net-OAuth-2025-22376","references" => ["https://metacpan.org/release/KGRENNAN/Net-OAuth-0.28/source/lib/Net/OAuth/Client.pm#L260","https://metacpan.org/release/RRWO/Net-OAuth-0.29/changes"],"reported" => "2025-01-03","severity" => "high"}],"main_module" => "Net::OAuth","versions" => [{"date" => "2007-09-30T14:22:46","version" => "0.01"},{"date" => "2007-10-02T07:37:48","version" => "0.02"},{"date" => "2007-10-15T01:37:47","version" => "0.03"},{"date" => "2007-10-19T16:49:05","version" => "0.04"},{"date" => "2007-11-19T03:34:37","version" => "0.05"},{"date" => "2008-03-08T00:52:34","version" => "0.06"},{"date" => "2008-06-01T16:10:24","version" => "0.07"},{"date" => "2008-06-02T17:46:32","version" => "0.08"},{"date" => "2008-06-03T03:48:14","version" => "0.09"},{"date" => "2008-06-04T16:32:57","version" => "0.1"},{"date" => "2008-06-04T16:52:05","version" => "0.11"},{"date" => "2008-07-04T23:04:35","version" => "0.12"},{"date" => "2008-11-13T22:55:38","version" => "0.13"},{"date" => "2008-12-13T17:32:02","version" => "0.14"},{"date" => "2009-06-05T01:27:05","version" => "0.15"},{"date" => "2009-06-15T18:40:40","version" => "0.16"},{"date" => "2009-06-25T17:05:32","version" => "0.17"},{"date" => "2009-06-25T17:21:13","version" => "0.18"},{"date" => "2009-06-26T17:37:04","version" => "0.19"},{"date" => "2009-11-13T19:04:23","version" => "0.20"},{"date" => "2010-03-10T23:07:13","version" => "0.21"},{"date" => "2010-03-11T00:25:24","version" => "0.22"},{"date" => "2010-03-18T17:53:01","version" => "0.23"},{"date" => "2010-03-21T03:44:38","version" => "0.24"},{"date" => "2010-03-21T03:53:29","version" => "0.25"},{"date" => "2010-06-16T20:08:26","version" => "0.26"},{"date" => "2010-06-16T20:47:49","version" => "0.27"},{"date" => "2012-01-06T06:08:03","version" => "0.28"},{"date" => "2025-01-03T09:18:44","version" => "0.29"},{"date" => "2025-01-03T09:48:29","version" => "0.30"},{"date" => "2025-04-03T16:00:58","version" => "0.31"}]},"Net-OpenID-Consumer" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "A potential timing attack when checking signatures.\n","distribution" => "Net-OpenID-Consumer","fixed_versions" => [">=1.12"],"id" => "CPANSA-Net-OpenID-Consumer-2010-01","references" => ["https://metacpan.org/changes/distribution/Net-OpenID-Consumer","https://github.com/wrog/Net-OpenID-Consumer/commit/4e82c7e4b6ad4bc40571c5cfcaa58f9365b147a5","http://lists.openid.net/pipermail/openid-security/2010-July/001156.html"],"reported" => "2010-11-06"},{"affected_versions" => ["<0.06"],"cves" => [],"description" => "Incorrect comparison of system openssl status when doing DSA checks.\n","distribution" => "Net-OpenID-Consumer","fixed_versions" => [">=0.06"],"id" => "CPANSA-Net-OpenID-Consumer-2015-05","references" => ["https://metacpan.org/changes/distribution/Net-OpenID-Consumer"],"reported" => "2015-05-26"}],"main_module" => "Net::OpenID::Consumer","versions" => [{"date" => "2005-05-23T03:02:59","version" => "0.02"},{"date" => "2005-05-23T08:05:35","version" => "0.03"},{"date" => "2005-05-25T05:08:25","version" => "0.04"},{"date" => "2005-05-25T06:14:44","version" => "0.05"},{"date" => "2005-05-26T06:18:39","version" => "0.06"},{"date" => "2005-05-26T06:56:30","version" => "0.07"},{"date" => "2005-05-26T07:18:01","version" => "0.08"},{"date" => "2005-06-23T23:50:47","version" => "0.09"},{"date" => "2005-06-27T04:43:01","version" => "0.10"},{"date" => "2005-06-27T21:59:47","version" => "0.11"},{"date" => "2005-07-13T17:57:27","version" => "0.12"},{"date" => "2007-04-16T17:58:45","version" => "0.13"},{"date" => "2007-08-03T22:07:20","version" => "0.14"},{"date" => "2008-10-13T02:30:05","version" => "1.01"},{"date" => "2008-10-14T04:39:07","version" => "1.02"},{"date" => "2008-11-30T02:02:17","version" => "1.03"},{"date" => "2010-02-18T15:32:06","version" => "1.04"},{"date" => "2010-02-18T16:01:19","version" => "1.05"},{"date" => "2010-03-16T17:38:56","version" => "1.06"},{"date" => "2010-11-06T02:24:29","version" => "1.030099_001"},{"date" => "2010-11-07T11:21:33","version" => "1.030099_002"},{"date" => "2010-11-08T22:35:52","version" => "1.030099_003"},{"date" => "2010-12-17T21:57:03","version" => "1.030099_004"},{"date" => "2011-01-01T01:55:09","version" => "1.030099_005"},{"date" => "2011-10-23T01:35:49","version" => "1.030099_006"},{"date" => "2011-10-25T23:10:00","version" => "1.100099_001"},{"date" => "2011-11-02T10:38:05","version" => "1.100099_002"},{"date" => "2011-11-04T23:01:32","version" => "1.11"},{"date" => "2011-11-07T17:16:08","version" => "1.12"},{"date" => "2011-11-15T03:28:36","version" => "1.13"},{"date" => "2013-04-01T13:17:57","version" => "1.14"},{"date" => "2013-09-06T23:47:04","version" => "1.15"},{"date" => "2014-09-15T21:38:12","version" => "1.16"},{"date" => "2016-01-15T11:45:55","version" => "1.17"},{"date" => "2016-02-08T01:40:13","version" => "1.18"}]},"Net-Ping-External" => {"advisories" => [{"affected_versions" => ["<=0.15"],"cves" => ["CVE-2008-7319"],"description" => "The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.\n","distribution" => "Net-Ping-External","fixed_versions" => [],"id" => "CPANSA-Net-Ping-External-2008-7319","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=33230","https://bugs.debian.org/881097","http://www.openwall.com/lists/oss-security/2017/11/07/4","http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch"],"reported" => "2017-11-07","severity" => "critical"}],"main_module" => "Net::Ping::External","versions" => [{"date" => "2001-03-15T21:53:04","version" => "0.01"},{"date" => "2001-03-22T00:15:08","version" => "0.02"},{"date" => "2001-03-23T08:35:49","version" => "0.03"},{"date" => "2001-04-20T17:33:31","version" => "0.04"},{"date" => "2001-04-20T18:43:34","version" => "0.05"},{"date" => "2001-04-26T02:59:41","version" => "0.06"},{"date" => "2001-09-28T02:20:34","version" => "0.07"},{"date" => "2001-09-30T21:39:47","version" => "0.08"},{"date" => "2001-11-10T06:10:33","version" => "0.09"},{"date" => "2001-11-10T16:19:21","version" => "0.10"},{"date" => "2003-02-11T22:41:33","version" => "0.11"},{"date" => "2006-09-07T10:52:21","version" => "0.12_01"},{"date" => "2007-01-31T22:09:41","version" => "0.12_02"},{"date" => "2007-02-08T16:06:46","version" => "0.12"},{"date" => "2008-12-18T20:27:07","version" => "0.13"},{"date" => "2013-10-29T17:05:01","version" => "0.14"},{"date" => "2014-04-12T21:37:12","version" => "0.15"}]},"Net-SNMP" => {"advisories" => [{"affected_versions" => [">=5.1.4,<6.0.0"],"cves" => ["CVE-2008-2292"],"description" => "Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).\n","distribution" => "Net-SNMP","fixed_versions" => [">=6.0.0"],"id" => "CPANSA-Net-SNMP-2008-2292","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694","http://www.securityfocus.com/bid/29212","http://secunia.com/advisories/30187","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html","http://www.vmware.com/security/advisories/VMSA-2008-0013.html","http://secunia.com/advisories/31334","http://secunia.com/advisories/30647","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html","http://secunia.com/advisories/31155","http://secunia.com/advisories/31351","http://security.gentoo.org/glsa/glsa-200808-02.xml","http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1","http://www.mandriva.com/security/advisories?name=MDVSA-2008:118","http://secunia.com/advisories/31467","https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html","http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm","http://secunia.com/advisories/31568","http://www.debian.org/security/2008/dsa-1663","http://secunia.com/advisories/30615","http://www.redhat.com/support/errata/RHSA-2008-0529.html","http://secunia.com/advisories/32664","http://www.ubuntu.com/usn/usn-685-1","http://secunia.com/advisories/33003","http://www.vupen.com/english/advisories/2008/2361","http://www.vupen.com/english/advisories/2008/2141/references","http://www.vupen.com/english/advisories/2008/1528/references","http://www.securitytracker.com/id?1020527","https://exchange.xforce.ibmcloud.com/vulnerabilities/42430","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261"],"reported" => "2008-05-18","severity" => undef},{"affected_versions" => ["<=5.2.1.2"],"cves" => ["CVE-2005-2811"],"description" => "Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.\n","distribution" => "Net-SNMP","fixed_versions" => [],"id" => "CPANSA-Net-SNMP-2005-2811","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml"],"reported" => "2005-09-07","severity" => undef},{"affected_versions" => ["<=5.7.3"],"cves" => ["CVE-2014-2285"],"description" => "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.\n","distribution" => "Net-SNMP","fixed_versions" => [],"id" => "CPANSA-Net-SNMP-2014-2285","references" => ["http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html","http://comments.gmane.org/gmane.comp.security.oss.general/12284","https://bugzilla.redhat.com/show_bug.cgi?id=1072778","http://sourceforge.net/p/net-snmp/patches/1275/","http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html","https://bugzilla.redhat.com/show_bug.cgi?id=1072044","http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html","http://secunia.com/advisories/59974","http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml","https://rhn.redhat.com/errata/RHSA-2014-0322.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"],"reported" => "2014-04-27","severity" => undef}],"main_module" => "Net::SNMP","versions" => [{"date" => "1998-10-14T13:13:11","version" => "1.10"},{"date" => "1998-11-06T14:25:38","version" => "1.20"},{"date" => "1999-03-17T13:51:17","version" => "1.30"},{"date" => "1999-04-26T13:39:02","version" => "1.40"},{"date" => "1999-05-06T16:25:03","version" => "2.00"},{"date" => "1999-08-12T15:23:21","version" => "2.99"},{"date" => "1999-09-09T13:30:41","version" => "3.00"},{"date" => "2000-01-01T18:12:05","version" => "3.01"},{"date" => "2000-05-06T04:35:25","version" => "3.50"},{"date" => "2000-09-09T15:00:00","version" => "3.60"},{"date" => "2001-09-09T13:33:46","version" => "3.65"},{"date" => "2001-11-09T14:14:48","version" => "v4.0.0"},{"date" => "2002-01-01T14:16:29","version" => "v4.0.1"},{"date" => "2002-05-06T12:51:31","version" => "v4.0.2"},{"date" => "2002-09-09T12:55:22","version" => "v4.0.3"},{"date" => "2003-05-06T11:06:55","version" => "v4.1.0"},{"date" => "2003-09-09T12:50:16","version" => "v4.1.1"},{"date" => "2003-09-11T19:19:45","version" => "v4.1.2"},{"date" => "2004-07-20T13:49:08","version" => "v5.0.0"},{"date" => "2004-09-09T17:06:35","version" => "v5.0.1"},{"date" => "2005-07-20T13:58:05","version" => "v5.1.0"},{"date" => "2005-10-20T14:25:07","version" => "v5.2.0"},{"date" => "2009-09-09T15:17:46","version" => "v6.0.0"},{"date" => "2010-09-10T00:15:52","version" => "v6.0.1"}]},"Net-SSLeay" => {"advisories" => [{"affected_versions" => ["<1.25"],"cves" => ["CVE-2005-0106"],"description" => "SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.\n","distribution" => "Net-SSLeay","fixed_versions" => [">=1.25"],"id" => "CPANSA-Net-SSLeay-2005-0106","references" => ["http://secunia.com/advisories/18639","http://www.securityfocus.com/bid/13471","http://www.mandriva.com/security/advisories?name=MDKSA-2006:023","https://usn.ubuntu.com/113-1/"],"reported" => "2005-05-03","severity" => undef}],"main_module" => "Net::SSLeay","versions" => [{"date" => "2007-07-03T14:02:04","version" => "1.31_01"},{"date" => "2007-07-14T20:12:31","version" => "1.31_02"},{"date" => "2007-09-03T21:16:05","version" => "1.32"},{"date" => "2008-02-14T13:43:47","version" => "1.33_01"},{"date" => "2008-07-24T01:16:26","version" => "1.34"},{"date" => "2008-07-24T22:14:14","version" => "1.35"},{"date" => "2010-01-30T21:16:14","version" => "1.36"},{"date" => "2011-09-15T22:28:53","version" => "1.37"},{"date" => "2011-09-16T11:48:42","version" => "1.38"},{"date" => "2011-09-21T06:57:15","version" => "1.39"},{"date" => "2011-09-23T02:41:56","version" => "1.40"},{"date" => "2011-09-24T22:11:30","version" => "1.41"},{"date" => "2011-10-03T06:27:18","version" => "1.42"},{"date" => "2012-02-23T22:42:58","version" => "1.42"},{"date" => "2012-02-24T21:44:59","version" => "1.42"},{"date" => "2012-02-24T22:54:26","version" => "1.42"},{"date" => "2012-04-02T21:16:31","version" => "1.46"},{"date" => "2012-04-04T00:54:15","version" => "1.47"},{"date" => "2012-04-25T07:03:14","version" => "1.48"},{"date" => "2012-09-24T22:12:48","version" => "1.49"},{"date" => "2012-12-12T21:00:17","version" => "1.49"},{"date" => "2012-12-14T05:38:34","version" => "1.49"},{"date" => "2013-01-08T23:13:16","version" => "1.51"},{"date" => "2013-03-22T07:31:43","version" => "1.51"},{"date" => "2013-03-22T22:14:08","version" => "1.53"},{"date" => "2013-06-07T22:33:01","version" => "1.53"},{"date" => "2014-01-07T22:12:16","version" => "1.56"},{"date" => "2014-01-11T21:39:27","version" => "1.56"},{"date" => "2014-01-14T23:29:28","version" => "1.58"},{"date" => "2014-05-09T22:10:47","version" => "1.59"},{"date" => "2014-05-10T21:41:25","version" => "1.60"},{"date" => "2014-05-12T10:07:16","version" => "1.61"},{"date" => "2014-05-18T21:22:05","version" => "1.61"},{"date" => "2014-05-19T10:44:07","version" => "1.63"},{"date" => "2014-06-11T02:56:20","version" => "1.64"},{"date" => "2014-07-14T10:26:12","version" => "1.65"},{"date" => "2014-08-21T01:09:39","version" => "1.66"},{"date" => "2015-01-16T22:22:07","version" => "1.67"},{"date" => "2015-01-24T00:27:20","version" => "1.68"},{"date" => "2015-06-03T21:47:53","version" => "1.68"},{"date" => "2015-06-25T23:10:05","version" => "1.70"},{"date" => "2015-09-18T03:19:23","version" => "1.71"},{"date" => "2015-09-21T21:54:16","version" => "1.72"},{"date" => "2016-04-11T00:17:37","version" => "1.73"},{"date" => "2016-04-11T21:48:54","version" => "1.74"},{"date" => "2016-07-31T01:22:50","version" => "1.75"},{"date" => "2016-07-31T02:53:16","version" => "1.76"},{"date" => "2016-07-31T20:27:29","version" => "1.77"},{"date" => "2016-08-13T08:42:51","version" => "1.78"},{"date" => "2017-01-03T07:57:10","version" => "1.79"},{"date" => "2017-01-04T21:41:24","version" => "1.80"},{"date" => "2017-03-27T21:02:27","version" => "1.81"},{"date" => "2017-10-31T04:50:54","version" => "1.82"},{"date" => "2018-01-16T04:44:04","version" => "1.83"},{"date" => "2018-01-17T03:12:01","version" => "1.84"},{"date" => "2018-03-13T22:28:12","version" => "1.85"},{"date" => "2018-07-04T20:41:16","version" => "1.86_01"},{"date" => "2018-07-06T12:18:38","version" => "1.86_02"},{"date" => "2018-07-19T19:42:35","version" => "1.86_03"},{"date" => "2018-07-30T17:01:10","version" => "1.86_04"},{"date" => "2018-08-23T08:31:09","version" => "1.86_05"},{"date" => "2018-09-29T15:52:57","version" => "1.86_06"},{"date" => "2018-12-13T09:56:46","version" => "1.86_07"},{"date" => "2019-03-12T14:20:11","version" => "1.86_08"},{"date" => "2019-03-12T21:00:55","version" => "1.86_09"},{"date" => "2019-05-05T01:38:23","version" => "1.86_10"},{"date" => "2019-05-08T16:24:16","version" => "1.86_11"},{"date" => "2019-05-10T20:36:42","version" => "1.88"},{"date" => "2020-03-22T13:48:11","version" => "1.89_01"},{"date" => "2020-08-06T23:48:51","version" => "1.89_02"},{"date" => "2020-12-12T16:47:00","version" => "1.89_03"},{"date" => "2021-01-13T19:01:50","version" => "1.89_04"},{"date" => "2021-01-21T00:51:03","version" => "1.89_05"},{"date" => "2021-01-21T19:08:38","version" => "1.90"},{"date" => "2021-10-24T18:14:27","version" => "1.91_01"},{"date" => "2021-12-29T22:30:53","version" => "1.91_02"},{"date" => "2022-01-10T19:21:16","version" => "1.91_03"},{"date" => "2022-01-12T22:47:57","version" => "1.92"},{"date" => "2022-03-20T18:24:35","version" => "1.93_01"},{"date" => "2023-02-23T01:08:20","version" => "1.93_02"},{"date" => "2024-01-02T14:34:40","version" => "1.93_03"},{"date" => "2024-01-05T00:45:35","version" => "1.93_04"},{"date" => "2024-01-06T18:39:23","version" => "1.93_05"},{"date" => "2024-01-08T01:22:27","version" => "1.94"},{"date" => "2026-02-05T17:57:53","version" => "1.95_01"}]},"Net-Server" => {"advisories" => [{"affected_versions" => ["<=0.87"],"cves" => ["CVE-2005-1127"],"description" => "Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.\n","distribution" => "Net-Server","fixed_versions" => [">0.87"],"id" => "CPANSA-Net-Server-2005-1127","references" => ["http://lists.ee.ethz.ch/postgrey/msg00627.html","http://lists.ee.ethz.ch/postgrey/msg00630.html","http://lists.ee.ethz.ch/postgrey/msg00647.html","http://www.osvdb.org/15517","http://secunia.com/advisories/14958","http://www.debian.org/security/2006/dsa-1121","http://www.debian.org/security/2006/dsa-1122","http://secunia.com/advisories/21164","http://secunia.com/advisories/21152","http://secunia.com/advisories/21149","http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml","http://www.securityfocus.com/bid/13193","http://secunia.com/advisories/21452","http://www.mandriva.com/security/advisories?name=MDKSA-2006:131","http://marc.info/?l=full-disclosure&m=111354538331167&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/20108"],"reported" => "2005-05-02","severity" => undef}],"main_module" => "Net::Server","versions" => [{"date" => "2001-03-05T14:48:26","version" => "0.46"},{"date" => "2001-03-08T14:37:30","version" => "0.47"},{"date" => "2001-03-13T16:35:32","version" => "0.52"},{"date" => "2001-03-20T06:55:22","version" => "0.55"},{"date" => "2001-04-09T16:54:28","version" => "0.58"},{"date" => "2001-05-10T15:05:54","version" => "0.63"},{"date" => "2001-07-05T15:19:21","version" => "0.65"},{"date" => "2001-08-23T17:45:28","version" => "0.75"},{"date" => "2001-08-27T16:15:20","version" => "0.77"},{"date" => "2001-10-24T16:30:10","version" => "0.79"},{"date" => "2001-11-14T17:30:01","version" => "0.80"},{"date" => "2001-11-19T20:57:43","version" => "0.81"},{"date" => "2002-02-05T21:55:06","version" => "0.82"},{"date" => "2002-06-20T20:21:27","version" => "0.84"},{"date" => "2003-03-07T15:29:18","version" => "0.85"},{"date" => "2003-11-06T20:11:03","version" => "0.86"},{"date" => "2004-02-15T06:20:34","version" => "0.87"},{"date" => "2005-05-05T01:51:14","version" => "0.88"},{"date" => "2005-06-21T21:24:27","version" => "0.88"},{"date" => "2005-11-23T08:40:11","version" => "0.89"},{"date" => "2005-12-05T21:19:07","version" => "0.90"},{"date" => "2006-03-08T22:27:33","version" => "0.91"},{"date" => "2006-03-22T17:26:29","version" => "0.92"},{"date" => "2006-03-24T20:03:25","version" => "0.93"},{"date" => "2006-07-12T02:54:02","version" => "0.94"},{"date" => "2007-02-03T08:23:04","version" => "0.95"},{"date" => "2007-03-26T15:01:13","version" => "0.96"},{"date" => "2007-07-25T16:29:47","version" => "0.97"},{"date" => "2010-07-13T19:27:21","version" => "0.99"},{"date" => "2011-07-22T12:36:35","version" => "0.99.6.1"},{"date" => "2012-05-30T15:41:07","version" => "2.000"},{"date" => "2012-05-30T21:48:13","version" => "2.001"},{"date" => "2012-05-31T21:43:35","version" => "2.002"},{"date" => "2012-06-06T19:31:21","version" => "2.003"},{"date" => "2012-06-08T17:22:50","version" => "2.004"},{"date" => "2012-06-12T19:40:55","version" => "2.005"},{"date" => "2012-06-20T22:51:22","version" => "2.006"},{"date" => "2013-01-10T07:47:04","version" => "2.007"},{"date" => "2014-05-12T18:22:26","version" => "2.008"},{"date" => "2017-08-10T21:13:01","version" => "2.009"},{"date" => "2021-03-22T15:23:31","version" => "2.010"},{"date" => "2022-12-02T00:35:10","version" => "2.011"},{"date" => "2022-12-02T04:19:54","version" => "2.012"},{"date" => "2022-12-03T01:57:05","version" => "2.013"},{"date" => "2023-03-14T17:16:00","version" => "2.014"},{"date" => "2026-01-22T06:48:54","version" => "2.015"},{"date" => "2026-01-28T01:58:44","version" => "2.016"},{"date" => "2026-02-09T07:04:13","version" => "2.017"},{"date" => "2026-02-18T03:45:06","version" => "2.018"}]},"Net-Server-Coro" => {"advisories" => [{"affected_versions" => ["<1.0"],"cves" => ["CVE-2011-0411"],"description" => "Remaining contents of the read buffer could allow plaintext injection attacks wherein attackers could cause nominally SSL-only commands to be executed by appending them to the end of a STARTTLS.\n","distribution" => "Net-Server-Coro","fixed_versions" => [">=1.0"],"id" => "CPANSA-Net-Server-Coro-2011-0411","references" => ["https://www.itsecdb.com/oval/definition/oval/org.opensuse.security/def/20110411/CVE-2011-0411.html","https://metacpan.org/dist/Net-Server-Coro/changes"],"reported" => "2011-03-16","severity" => undef}],"main_module" => "Net::Server::Coro","versions" => [{"date" => "2008-03-10T20:46:24","version" => "0.2"},{"date" => "2008-10-22T17:26:30","version" => "0.3"},{"date" => "2008-10-22T17:41:55","version" => "0.4"},{"date" => "2009-10-16T03:46:28","version" => "0.5"},{"date" => "2009-10-16T14:56:53","version" => "0.6"},{"date" => "2009-12-16T03:28:15","version" => "0.7"},{"date" => "2010-01-30T16:11:57","version" => "0.8"},{"date" => "2010-11-15T04:56:09","version" => "0.9"},{"date" => "2011-09-05T05:33:01","version" => "1.0"},{"date" => "2011-09-05T05:37:09","version" => "1.1"},{"date" => "2011-10-29T06:29:11","version" => "1.2"},{"date" => "2012-11-12T08:14:39","version" => "1.3"}]},"Net-Xero" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-56370"],"description" => "Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Net::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Net-Xero","fixed_versions" => [],"id" => "CPANSA-Net-Xero-2024-56370","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L58","https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L9","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Net::Xero","versions" => [{"date" => "2015-06-03T14:39:37","version" => "0.14"},{"date" => "2015-06-05T11:37:55","version" => "0.40"},{"date" => "2015-06-05T11:49:29","version" => "0.41"},{"date" => "2015-06-05T12:59:28","version" => "0.42"},{"date" => "2015-06-05T14:09:46","version" => "0.43"},{"date" => "2017-01-12T17:10:29","version" => "0.44"}]},"Nginx-Engine" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.06"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Engine","fixed_versions" => [],"id" => "CPANSA-Nginx-Engine-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=0.07,<=0.12"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Engine","fixed_versions" => [],"id" => "CPANSA-Nginx-Engine-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"}],"main_module" => "Nginx::Engine","versions" => [{"date" => "2010-12-29T03:17:47","version" => "0.01"},{"date" => "2010-12-29T23:10:29","version" => "0.02"},{"date" => "2011-01-01T23:25:22","version" => "0.03"},{"date" => "2011-01-07T17:59:46","version" => "0.04"},{"date" => "2011-01-11T01:02:07","version" => "0.05"},{"date" => "2011-03-13T21:15:24","version" => "0.06"},{"date" => "2011-06-29T23:21:28","version" => "0.07"},{"date" => "2011-06-30T18:47:28","version" => "0.08"},{"date" => "2011-07-03T02:02:40","version" => "0.09"},{"date" => "2011-07-24T01:46:43","version" => "0.10"},{"date" => "2011-08-16T17:05:53","version" => "0.11"},{"date" => "2011-11-23T00:09:16","version" => "0.12"}]},"Nginx-Perl" => {"advisories" => [{"affected_versions" => ["==1.1.9.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.11.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.13.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.14.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.15.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.16.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.1.17.1"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=1.1.18.1,<=1.1.18.2"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=1.1.19.2,<=1.1.19.3"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.2.0.4,==1.2.0.5"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.2.1.5"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => ["==1.2.2.5"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=1.2.6.5,<=1.2.6.6"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=1.2.9.6,<=1.2.9.7"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"},{"affected_versions" => [">=1.8.1.8,<=1.8.1.10"],"cves" => ["CVE-2016-0742"],"description" => "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\n","distribution" => "Nginx-Perl","fixed_versions" => [],"id" => "CPANSA-Nginx-Perl-2016-0742-nginx","references" => ["http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","http://www.ubuntu.com/usn/USN-2892-1","https://bugzilla.redhat.com/show_bug.cgi?id=1302587","http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","http://www.debian.org/security/2016/dsa-3473","https://bto.bluecoat.com/security-advisory/sa115","http://www.securitytracker.com/id/1034869","https://security.gentoo.org/glsa/201606-06","https://access.redhat.com/errata/RHSA-2016:1425","https://support.apple.com/kb/HT212818","http://seclists.org/fulldisclosure/2021/Sep/36"],"reported" => "2016-02-15","severity" => "high"}],"main_module" => "Nginx::Perl","versions" => [{"date" => "2011-12-22T01:23:05","version" => "1.1.9.1"},{"date" => "2011-12-22T01:59:52","version" => "1.1.11.1"},{"date" => "2012-01-22T03:51:35","version" => "v1.1.13.1"},{"date" => "2012-02-13T18:35:00","version" => "v1.1.14.1"},{"date" => "2012-02-15T22:56:02","version" => "v1.1.15.1"},{"date" => "2012-02-29T17:37:37","version" => "v1.1.16.1"},{"date" => "2012-03-15T15:04:38","version" => "v1.1.17.1"},{"date" => "2012-03-28T14:43:19","version" => "v1.1.18.1"},{"date" => "2012-04-12T13:30:24","version" => "v1.1.18.2"},{"date" => "2012-04-12T13:46:15","version" => "v1.1.19.2"},{"date" => "2012-04-13T01:53:10","version" => "v1.1.19.3"},{"date" => "2012-04-23T14:20:36","version" => "v1.2.0.4"},{"date" => "2012-05-10T23:38:18","version" => "v1.2.0.5"},{"date" => "2012-06-05T14:59:28","version" => "v1.2.1.5"},{"date" => "2012-07-07T14:27:33","version" => "v1.2.2.5"},{"date" => "2013-01-31T00:57:38","version" => "v1.2.2.5"},{"date" => "2013-01-31T06:18:23","version" => "v1.2.6.6"},{"date" => "2013-11-20T01:20:39","version" => "v1.2.6.6"},{"date" => "2013-11-20T02:04:33","version" => "v1.2.9.7"},{"date" => "2016-02-26T21:46:29","version" => "v1.8.1.8"},{"date" => "2016-04-13T19:54:21","version" => "v1.8.1.9"},{"date" => "2016-04-14T00:55:02","version" => "v1.8.1.10"}]},"Otogiri" => {"advisories" => [{"affected_versions" => ["<0.13"],"cves" => [],"description" => "A dependant module SQL::Maker without strict mode is vulnerable to SQL injection.\n","distribution" => "Otogiri","fixed_versions" => [">=0.13"],"id" => "CPANSA-Otogiri-2014-01","references" => ["https://github.com/ytnobody/Otogiri/commit/fac1592b3d153a6871ff1aed8016a6888cff9095","https://metacpan.org/changes/distribution/Otogiri"],"reported" => "2014-07-03"}],"main_module" => "Otogiri","versions" => [{"date" => "2013-10-30T06:45:51","version" => "0.01"},{"date" => "2013-11-08T08:36:50","version" => "0.02"},{"date" => "2013-11-09T05:00:47","version" => "0.03"},{"date" => "2013-12-27T00:15:23","version" => "0.04"},{"date" => "2013-12-28T15:54:15","version" => "0.05"},{"date" => "2014-01-14T09:13:18","version" => "0.06"},{"date" => "2014-02-25T06:25:50","version" => "0.07"},{"date" => "2014-03-18T04:14:12","version" => "0.08"},{"date" => "2014-03-18T05:07:37","version" => "0.09"},{"date" => "2014-05-13T12:58:21","version" => "0.10"},{"date" => "2014-05-30T10:11:18","version" => "0.11"},{"date" => "2014-06-05T08:30:13","version" => "0.12"},{"date" => "2014-07-03T12:40:28","version" => "0.13"},{"date" => "2014-12-18T08:37:33","version" => "0.14"},{"date" => "2015-01-11T04:56:15","version" => "0.15"},{"date" => "2015-11-13T07:18:18","version" => "0.16"},{"date" => "2016-02-02T05:58:26","version" => "0.17"},{"date" => "2017-05-19T01:37:05","version" => "0.18"},{"date" => "2020-01-17T11:12:52","version" => "0.19"},{"date" => "2023-10-15T02:01:31","version" => "0.20"},{"date" => "2023-10-15T02:02:58","version" => "0.21"},{"date" => "2023-12-10T00:23:20","version" => "0.22"},{"date" => "2024-06-08T13:42:18","version" => "0.23"},{"date" => "2025-09-29T08:35:44","version" => "0.24"}]},"PAR" => {"advisories" => [{"affected_versions" => ["<1.003"],"cves" => ["CVE-2011-4114"],"description" => "PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).\n","distribution" => "PAR","fixed_versions" => [">=1.003"],"id" => "CPANSA-PAR-2011-01","references" => ["https://metacpan.org/changes/distribution/PAR","https://rt.cpan.org/Public/Bug/Display.html?id=69560"],"reported" => "2011-07-18"},{"affected_versions" => ["<1.003"],"cves" => ["CVE-2011-5060"],"description" => "The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.\n","distribution" => "PAR","fixed_versions" => [">=1.003"],"id" => "CPANSA-PAR-2011-5060","references" => ["http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog","https://bugzilla.redhat.com/show_bug.cgi?id=753955","https://rt.cpan.org/Public/Bug/Display.html?id=69560","https://exchange.xforce.ibmcloud.com/vulnerabilities/72435"],"reported" => "2012-01-13","severity" => undef}],"main_module" => "PAR","versions" => [{"date" => "2002-10-18T20:38:24","version" => "0.01"},{"date" => "2002-10-18T21:07:35","version" => "0.02"},{"date" => "2002-10-18T22:18:06","version" => "0.03"},{"date" => "2002-10-19T02:46:52","version" => "0.04"},{"date" => "2002-10-19T14:33:26","version" => "0.05"},{"date" => "2002-10-19T15:31:54","version" => "0.06"},{"date" => "2002-10-19T17:38:40","version" => "0.10"},{"date" => "2002-10-19T22:30:34","version" => "0.11"},{"date" => "2002-10-20T13:00:43","version" => "0.12"},{"date" => "2002-10-21T17:29:03","version" => "0.13"},{"date" => "2002-10-27T10:38:32","version" => "0.14"},{"date" => "2002-10-27T17:52:07","version" => "0.15"},{"date" => "2002-11-02T02:20:38","version" => "0.20"},{"date" => "2002-11-02T21:26:48","version" => "0.21"},{"date" => "2002-11-03T13:05:06","version" => "0.22"},{"date" => "2002-11-05T14:36:58","version" => "0.30"},{"date" => "2002-11-05T22:23:36","version" => "0.40"},{"date" => "2002-11-06T12:25:00","version" => "0.41"},{"date" => "2002-11-07T00:48:34","version" => "0.42"},{"date" => "2002-11-07T14:41:31","version" => "0.43"},{"date" => "2002-11-08T15:01:18","version" => "0.44"},{"date" => "2002-11-08T21:01:12","version" => "0.45"},{"date" => "2002-11-09T23:02:45","version" => "0.46"},{"date" => "2002-11-10T06:56:37","version" => "0.47"},{"date" => "2002-11-13T11:32:10","version" => "0.48"},{"date" => "2002-11-23T14:45:40","version" => "0.49"},{"date" => "2002-12-03T01:00:23","version" => "0.50"},{"date" => "2002-12-11T14:30:53","version" => "0.51"},{"date" => "2002-12-17T04:06:52","version" => "0.60"},{"date" => "2002-12-17T11:49:44","version" => "0.61"},{"date" => "2003-01-09T11:16:42","version" => "0.62"},{"date" => "2003-02-06T00:38:33","version" => "0.63"},{"date" => "2003-03-01T15:54:25","version" => "0.64"},{"date" => "2003-03-09T14:31:52","version" => "0.65"},{"date" => "2003-03-19T15:54:32","version" => "0.66"},{"date" => "2003-03-31T19:58:56","version" => "0.66"},{"date" => "2003-05-16T17:35:22","version" => "0.67_89"},{"date" => "2003-05-25T19:09:58","version" => "0.68"},{"date" => "2003-05-31T13:12:53","version" => "0.69"},{"date" => "2003-07-08T15:39:11","version" => "0.69"},{"date" => "2003-07-16T08:20:09","version" => "0.69_91"},{"date" => "2003-07-27T14:13:18","version" => "0.69_93"},{"date" => "2003-07-29T08:21:31","version" => "0.70"},{"date" => "2003-07-30T13:57:01","version" => "0.71"},{"date" => "2003-08-02T13:11:15","version" => "0.72"},{"date" => "2003-08-06T09:16:17","version" => "0.73"},{"date" => "2003-08-25T13:39:35","version" => "0.74"},{"date" => "2003-09-21T10:58:00","version" => "0.75"},{"date" => "2003-10-23T04:45:55","version" => "0.75_99"},{"date" => "2003-10-28T12:21:23","version" => "0.76"},{"date" => "2003-12-11T23:00:26","version" => "0.76_98"},{"date" => "2003-12-28T02:31:29","version" => "0.76_99"},{"date" => "2003-12-31T15:33:24","version" => "0.77"},{"date" => "2004-01-03T17:36:11","version" => "0.77_98"},{"date" => "2004-01-04T20:30:15","version" => "0.77_99"},{"date" => "2004-01-06T21:26:43","version" => "0.78"},{"date" => "2004-01-08T11:35:51","version" => "0.79"},{"date" => "2004-02-15T23:25:34","version" => "0.79_97"},{"date" => "2004-02-27T15:58:33","version" => "0.79_98"},{"date" => "2004-02-27T23:54:39","version" => "0.79_98"},{"date" => "2004-03-03T14:49:47","version" => "0.79_99"},{"date" => "2004-03-16T17:04:25","version" => "0.80"},{"date" => "2004-03-28T14:43:14","version" => "0.80_99"},{"date" => "2004-05-22T19:13:38","version" => "0.81"},{"date" => "2004-05-24T14:59:45","version" => "0.82"},{"date" => "2004-05-29T16:02:03","version" => "0.83"},{"date" => "2004-07-02T10:59:55","version" => "0.85"},{"date" => "2004-08-30T22:49:15","version" => "0.85_01"},{"date" => "2004-12-11T03:49:09","version" => "0.86"},{"date" => "2005-01-30T19:04:55","version" => "0.87"},{"date" => "2005-06-07T09:13:43","version" => "0.88"},{"date" => "2005-06-10T15:49:20","version" => "0.89"},{"date" => "2005-11-25T23:01:00","version" => "0.90"},{"date" => "2006-02-15T09:33:05","version" => "0.91"},{"date" => "2006-03-04T20:16:36","version" => "0.91"},{"date" => "2006-05-19T13:37:12","version" => "0.93"},{"date" => "2006-06-02T10:25:51","version" => "0.93"},{"date" => "2006-06-20T20:44:56","version" => "0.93"},{"date" => "2006-07-22T19:59:13","version" => "0.942"},{"date" => "2006-08-05T11:28:06","version" => "0.950"},{"date" => "2006-08-11T15:51:56","version" => "0.950"},{"date" => "2006-08-12T12:35:34","version" => "0.950"},{"date" => "2006-08-22T14:14:35","version" => "0.952"},{"date" => "2006-09-26T20:18:06","version" => "0.954"},{"date" => "2006-10-03T12:35:05","version" => "0.955"},{"date" => "2006-10-03T12:58:55","version" => "0.956"},{"date" => "2006-10-24T16:42:26","version" => "0.957"},{"date" => "2006-11-11T14:33:23","version" => "0.958"},{"date" => "2006-11-12T11:48:37","version" => "0.959"},{"date" => "2006-11-21T12:02:35","version" => "0.960"},{"date" => "2006-12-01T14:19:55","version" => "0.969_01"},{"date" => "2006-12-03T17:25:33","version" => "0.970"},{"date" => "2007-01-10T17:58:01","version" => "0.970_01"},{"date" => "2007-01-12T11:02:02","version" => "0.971"},{"date" => "2007-01-16T15:23:38","version" => "0.972"},{"date" => "2007-02-03T11:40:25","version" => "0.973"},{"date" => "2007-07-29T11:17:27","version" => "0.976"},{"date" => "2007-12-20T21:17:26","version" => "0.977"},{"date" => "2008-05-13T12:44:22","version" => "0.979"},{"date" => "2008-05-22T11:41:38","version" => "0.980"},{"date" => "2008-08-09T22:17:14","version" => "0.980"},{"date" => "2008-08-10T21:39:41","version" => "0.980"},{"date" => "2008-09-12T15:02:23","version" => "0.983"},{"date" => "2009-01-25T22:31:20","version" => "0.984"},{"date" => "2009-02-02T01:40:36","version" => "0.985_01"},{"date" => "2009-02-19T16:04:27","version" => "0.986"},{"date" => "2009-02-20T14:30:08","version" => "0.987_01"},{"date" => "2009-03-02T14:47:14","version" => "0.988"},{"date" => "2009-03-02T14:56:44","version" => "0.989_01"},{"date" => "2009-03-10T15:11:05","version" => "0.991"},{"date" => "2009-04-05T11:32:48","version" => "0.992"},{"date" => "2009-07-19T16:37:30","version" => "0.993"},{"date" => "2009-07-23T13:08:07","version" => "0.994"},{"date" => "2010-04-10T14:05:52","version" => "1.000"},{"date" => "2010-07-25T09:32:33","version" => "1.001"},{"date" => "2010-07-25T10:07:06","version" => "1.002"},{"date" => "2011-11-28T16:53:29","version" => "1.003"},{"date" => "2011-11-30T22:31:25","version" => "1.004"},{"date" => "2011-12-02T13:53:02","version" => "1.005"},{"date" => "2012-10-14T22:45:17","version" => "1.006"},{"date" => "2012-10-22T21:50:20","version" => "1.007"},{"date" => "2015-01-24T14:11:44","version" => "1.008"},{"date" => "2015-04-22T15:26:50","version" => "1.009"},{"date" => "2015-07-13T10:56:21","version" => "1.010"},{"date" => "2016-09-18T11:33:22","version" => "1.011"},{"date" => "2016-11-25T16:06:43","version" => "1.012"},{"date" => "2016-11-27T16:51:00","version" => "1.013"},{"date" => "2016-12-18T16:36:08","version" => "1.014"},{"date" => "2017-04-13T15:29:12","version" => "1.015"},{"date" => "2019-05-20T18:13:46","version" => "1.016"},{"date" => "2021-01-13T14:51:49","version" => "1.017"},{"date" => "2022-09-28T20:53:07","version" => "1.018"},{"date" => "2023-11-01T13:25:01","version" => "1.019"},{"date" => "2024-03-04T10:49:29","version" => "1.020"},{"date" => "2025-07-31T12:02:34","version" => "1.021"}]},"PAR-Packer" => {"advisories" => [{"affected_versions" => ["<1.011"],"cves" => ["CVE-2011-4114"],"description" => "PAR packed files are extracted to unsafe and predictable temporary directories.\n","distribution" => "PAR-Packer","fixed_versions" => [">=1.011"],"id" => "CPANSA-PAR-Packer-2011-01","references" => ["https://metacpan.org/changes/distribution/PAR-Packer","https://rt.cpan.org/Public/Bug/Display.html?id=69560"],"reported" => "2011-07-18"}],"main_module" => "PAR::Packer","versions" => [{"date" => "2006-12-01T14:20:06","version" => "0.969_01"},{"date" => "2006-12-03T17:36:32","version" => "0.970"},{"date" => "2007-02-03T12:27:07","version" => "0.973"},{"date" => "2007-05-07T18:21:52","version" => "0.975"},{"date" => "2007-07-29T11:50:15","version" => "0.976"},{"date" => "2007-12-20T21:39:30","version" => "0.977"},{"date" => "2008-02-29T18:37:56","version" => "0.978"},{"date" => "2008-05-13T15:45:56","version" => "0.979"},{"date" => "2008-05-14T10:27:09","version" => "0.980"},{"date" => "2008-07-29T15:44:11","version" => "0.982"},{"date" => "2009-03-10T15:55:06","version" => "0.980"},{"date" => "2009-03-21T11:20:02","version" => "0.991"},{"date" => "2009-07-19T16:47:51","version" => "0.992_01"},{"date" => "2009-07-23T13:18:32","version" => "0.992_02"},{"date" => "2009-07-24T18:30:24","version" => "0.992_03"},{"date" => "2009-09-11T07:38:47","version" => "0.992_04"},{"date" => "2009-11-13T09:01:15","version" => "0.992_05"},{"date" => "2009-11-20T13:59:38","version" => "0.992_06"},{"date" => "2009-11-22T13:08:12","version" => "1.000"},{"date" => "2009-11-24T11:16:58","version" => "1.001"},{"date" => "2009-12-17T20:55:25","version" => "1.002"},{"date" => "2010-04-10T17:57:57","version" => "1.003"},{"date" => "2010-04-20T12:10:24","version" => "1.004"},{"date" => "2010-06-05T15:54:54","version" => "1.005"},{"date" => "2010-06-26T11:23:34","version" => "1.006"},{"date" => "2010-09-09T16:42:00","version" => "1.007"},{"date" => "2010-11-21T17:11:43","version" => "1.008"},{"date" => "2011-03-26T13:36:55","version" => "1.009"},{"date" => "2011-07-13T14:10:05","version" => "1.010"},{"date" => "2011-12-01T21:08:37","version" => "1.011"},{"date" => "2011-12-02T17:53:42","version" => "1.012"},{"date" => "2012-02-22T09:58:04","version" => "1.013"},{"date" => "2012-12-21T15:55:13","version" => "1.014"},{"date" => "2013-10-09T12:06:04","version" => "1.015"},{"date" => "2013-11-30T19:03:48","version" => "1.016"},{"date" => "2013-12-03T23:53:51","version" => "1.017"},{"date" => "2014-05-18T16:52:34","version" => "1.018"},{"date" => "2014-07-07T14:25:15","version" => "1.019"},{"date" => "2014-08-24T13:27:57","version" => "1.020"},{"date" => "2014-09-14T13:49:37","version" => "1.021"},{"date" => "2014-09-19T10:07:30","version" => "1.022"},{"date" => "2014-11-02T14:32:42","version" => "1.023"},{"date" => "2014-11-07T09:04:07","version" => "1.024"},{"date" => "2015-01-24T16:52:17","version" => "1.025"},{"date" => "2015-07-19T13:14:40","version" => "1.026"},{"date" => "2015-11-18T16:58:33","version" => "1.027"},{"date" => "2015-11-19T09:05:09","version" => "1.027"},{"date" => "2016-01-12T16:24:46","version" => "1.029"},{"date" => "2016-02-02T14:54:21","version" => "1.029_01"},{"date" => "2016-02-11T14:08:57","version" => "1.029_02"},{"date" => "2016-02-25T08:41:55","version" => "1.029_03"},{"date" => "2016-02-29T08:36:46","version" => "1.029_04"},{"date" => "2016-03-29T08:29:59","version" => "1.030"},{"date" => "2016-04-10T17:15:52","version" => "1.031"},{"date" => "2016-04-29T17:01:57","version" => "1.031_01"},{"date" => "2016-05-07T09:59:28","version" => "1.032"},{"date" => "2016-05-19T09:50:49","version" => "1.033"},{"date" => "2016-07-17T12:38:31","version" => "1.034"},{"date" => "2016-07-23T12:04:14","version" => "1.035"},{"date" => "2016-12-04T17:13:20","version" => "1.035_001"},{"date" => "2016-12-19T19:35:16","version" => "1.035_002"},{"date" => "2016-12-30T11:06:25","version" => "1.036"},{"date" => "2017-03-22T19:29:19","version" => "1.036_001"},{"date" => "2017-05-14T11:54:43","version" => "1.036_002"},{"date" => "2017-05-28T11:33:53","version" => "1.037"},{"date" => "2017-09-27T19:40:44","version" => "1.038"},{"date" => "2017-09-28T05:13:05","version" => "1.039"},{"date" => "2017-10-10T17:00:14","version" => "1.039_001"},{"date" => "2017-10-13T12:05:52","version" => "1.039_002"},{"date" => "2017-10-16T20:46:49","version" => "1.039_003"},{"date" => "2017-10-17T17:07:49","version" => "1.039_004"},{"date" => "2017-10-21T16:09:18","version" => "1.040"},{"date" => "2017-11-08T17:07:11","version" => "1.041"},{"date" => "2018-04-02T21:46:01","version" => "1.042"},{"date" => "2018-04-03T11:26:08","version" => "1.043"},{"date" => "2018-06-06T22:03:32","version" => "1.044"},{"date" => "2018-06-12T19:04:22","version" => "1.045"},{"date" => "2018-08-17T22:20:28","version" => "1.046"},{"date" => "2018-08-19T09:17:57","version" => "1.047"},{"date" => "2019-03-04T09:42:35","version" => "1.047_001"},{"date" => "2019-03-04T15:33:14","version" => "1.047_002"},{"date" => "2019-03-06T17:39:18","version" => "1.047_003"},{"date" => "2019-04-29T11:53:04","version" => "1.048"},{"date" => "2019-05-31T11:58:05","version" => "1.049"},{"date" => "2020-03-08T15:56:09","version" => "1.049_001"},{"date" => "2020-03-08T22:53:16","version" => "1.049_002"},{"date" => "2020-03-08T22:58:32","version" => "1.049_003"},{"date" => "2020-03-10T13:51:31","version" => "1.049_004"},{"date" => "2020-03-18T08:14:29","version" => "1.050"},{"date" => "2020-11-29T22:25:00","version" => "1.051"},{"date" => "2021-01-13T15:44:24","version" => "1.052"},{"date" => "2022-01-25T15:25:10","version" => "1.053"},{"date" => "2022-01-27T11:05:32","version" => "1.054"},{"date" => "2022-07-03T16:27:19","version" => "1.055"},{"date" => "2022-08-31T07:56:09","version" => "1.055_01"},{"date" => "2022-09-05T10:12:07","version" => "1.056"},{"date" => "2022-11-25T09:12:00","version" => "1.056_01"},{"date" => "2022-11-27T15:25:29","version" => "1.056_02"},{"date" => "2022-11-29T11:33:29","version" => "1.057"},{"date" => "2023-05-24T11:53:27","version" => "1.057_001"},{"date" => "2023-06-07T14:56:47","version" => "1.057_002"},{"date" => "2023-06-12T09:14:24","version" => "1.058"},{"date" => "2023-07-20T14:13:30","version" => "1.059"},{"date" => "2023-12-15T14:05:16","version" => "1.061"},{"date" => "2024-03-05T14:01:26","version" => "1.062"},{"date" => "2024-03-10T13:46:23","version" => "1.062_001"},{"date" => "2024-03-11T13:08:45","version" => "1.062_002"},{"date" => "2024-03-15T12:57:23","version" => "1.063"},{"date" => "2024-06-24T09:05:18","version" => "1.063_001"},{"date" => "2025-07-08T11:36:24","version" => "1.064"}]},"PApp" => {"advisories" => [{"affected_versions" => ["<0.11"],"cves" => [],"description" => "Testing for nonexistant access rights always returned true.\n","distribution" => "PApp","fixed_versions" => [">=0.11"],"id" => "CPANSA-PApp-2001-01","references" => ["https://metacpan.org/dist/PApp/changes"],"reported" => "2001-10-27","severity" => undef}],"main_module" => "PApp","versions" => [{"date" => "2000-04-11T19:29:07","version" => "0.02"},{"date" => "2000-04-14T01:33:03","version" => "0.03"},{"date" => "2000-05-11T01:27:39","version" => "0.04"},{"date" => "2000-05-27T20:43:50","version" => "0.05"},{"date" => "2000-06-07T19:56:36","version" => "0.06"},{"date" => "2000-06-09T20:15:48","version" => "0.07"},{"date" => "2000-06-18T21:57:46","version" => "0.08"},{"date" => "2001-02-25T17:23:00","version" => "0.12"},{"date" => "2001-11-30T10:35:30","version" => "0.121"},{"date" => "2001-12-03T18:35:13","version" => "0.122"},{"date" => "2002-04-16T17:20:02","version" => "0.142"},{"date" => "2002-09-27T09:55:48","version" => "0.143"},{"date" => "2002-11-15T19:09:27","version" => "0.2"},{"date" => "2003-11-01T21:22:27","version" => "0.22"},{"date" => "2004-04-24T07:18:03","version" => "0.95"},{"date" => "2004-11-23T17:16:58","version" => 1},{"date" => "2005-09-04T14:32:15","version" => "1.1"},{"date" => "2007-01-06T19:32:19","version" => "1.2"},{"date" => "2008-01-20T12:37:14","version" => "1.4"},{"date" => "2008-01-28T20:07:08","version" => "1.41"},{"date" => "2008-11-26T07:18:45","version" => "1.42"},{"date" => "2008-12-09T17:23:32","version" => "1.43"},{"date" => "2010-01-30T03:08:38","version" => "1.44"},{"date" => "2010-11-21T07:30:21","version" => "1.45"},{"date" => "2013-03-19T12:24:55","version" => "2.0"},{"date" => "2016-02-11T07:21:31","version" => "2.1"},{"date" => "2020-02-17T11:04:59","version" => "2.2"},{"date" => "2023-08-02T22:30:09","version" => "2.3"},{"date" => "2026-01-13T22:30:41","version" => "2.4"}]},"PGObject-Util-DBAdmin" => {"advisories" => [{"affected_versions" => ["<1.6.0"],"cves" => ["CVE-2018-9246"],"description" => "The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.\n","distribution" => "PGObject-Util-DBAdmin","fixed_versions" => [">=1.6.0"],"id" => "CPANSA-PGObject-Util-DBAdmin-2018-01","references" => ["https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"],"reported" => "2018-06-18"}],"main_module" => "PGObject::Util::DBAdmin","versions" => [{"date" => "2014-09-11T11:20:13","version" => "0.01"},{"date" => "2014-09-12T02:45:35","version" => "0.02"},{"date" => "2014-09-13T02:03:16","version" => "0.03"},{"date" => "2014-09-13T14:37:42","version" => "0.04"},{"date" => "2014-09-14T07:48:28","version" => "0.05"},{"date" => "2014-09-17T08:27:06","version" => "0.06"},{"date" => "2015-07-16T14:55:28","version" => "0.07"},{"date" => "2016-02-11T18:01:16","version" => "0.08"},{"date" => "2016-07-18T11:03:07","version" => "0.09"},{"date" => "2016-12-16T21:20:09","version" => "v0.09.0"},{"date" => "2016-12-16T21:36:46","version" => "v0.10.0"},{"date" => "2016-12-16T21:43:21","version" => "v0.100.0"},{"date" => "2018-03-31T14:06:25","version" => "v0.120.0"},{"date" => "2018-05-06T09:28:39","version" => "v0.130.0"},{"date" => "2018-06-05T19:29:29","version" => "v0.130.1"},{"date" => "2019-07-07T08:06:48","version" => "v0.131.0"},{"date" => "2019-07-08T20:46:34","version" => "v1.0.0"},{"date" => "2019-07-09T18:04:14","version" => "v1.0.1"},{"date" => "2019-09-20T06:49:02","version" => "v1.0.2"},{"date" => "2019-09-29T18:24:55","version" => "v1.0.3"},{"date" => "2020-09-21T21:20:33","version" => "v1.1.0"},{"date" => "2020-10-21T20:17:28","version" => "v1.2.0"},{"date" => "2020-10-21T22:24:41","version" => "v1.2.1"},{"date" => "2020-10-23T18:46:24","version" => "v1.2.2"},{"date" => "2020-10-24T07:08:10","version" => "v1.2.3"},{"date" => "2020-10-24T19:58:09","version" => "v1.3.0"},{"date" => "2020-10-25T12:15:26","version" => "v1.4.0"},{"date" => "2021-09-24T12:47:40","version" => "v1.5.0"},{"date" => "2021-11-07T12:22:17","version" => "v1.6.0"},{"date" => "2021-11-07T14:17:22","version" => "v1.6.1"},{"date" => "2024-09-13T19:24:01","version" => "v1.6.2"}]},"POE-Component-IRC" => {"advisories" => [{"affected_versions" => ["<6.32"],"cves" => ["CVE-2010-3438"],"description" => "libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as \\\"some text\\\\rQUIT\\\" to the 'privmsg' handler, which would cause the client to disconnect from the server.\n","distribution" => "POE-Component-IRC","fixed_versions" => [">=6.32"],"id" => "CPANSA-Poe-Component-IRC-2010-3438","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438","https://security-tracker.debian.org/tracker/CVE-2010-3438"],"reported" => "2019-11-12","severity" => "critical"}],"main_module" => "POE::Component::IRC","versions" => [{"date" => "2001-01-14T01:08:55","version" => "1.0"},{"date" => "2001-02-21T23:20:30","version" => "1.0"},{"date" => "2001-03-02T11:10:34","version" => "1.1"},{"date" => "2001-05-24T09:39:58","version" => "1.2"},{"date" => "2001-07-01T00:29:06","version" => "1.3"},{"date" => "2001-07-03T00:23:58","version" => "1.4"},{"date" => "2001-07-05T22:29:01","version" => "1.5"},{"date" => "2001-07-07T02:07:09","version" => "1.6"},{"date" => "2001-07-21T08:09:18","version" => "1.7"},{"date" => "2001-12-11T00:06:53","version" => "1.8"},{"date" => "2001-12-13T07:07:40","version" => "1.9"},{"date" => "2002-02-22T23:26:52","version" => "2.0"},{"date" => "2002-03-05T01:19:43","version" => "2.1"},{"date" => "2002-05-24T20:54:40","version" => "2.2"},{"date" => "2002-09-06T15:29:09","version" => "2.3"},{"date" => "2002-10-10T21:24:56","version" => "2.4"},{"date" => "2002-10-27T19:02:42","version" => "2.5"},{"date" => "2002-12-12T04:30:15","version" => "2.6"},{"date" => "2003-02-02T23:23:52","version" => "2.7"},{"date" => "2003-06-07T23:25:07","version" => "2.8"},{"date" => "2003-07-19T20:38:58","version" => "2.9"},{"date" => "2004-12-31T13:57:37","version" => "3.0"},{"date" => "2005-01-21T12:36:21","version" => "3.1"},{"date" => "2005-02-02T11:58:41","version" => "3.2"},{"date" => "2005-02-02T14:17:25","version" => "3.3"},{"date" => "2005-02-18T15:40:19","version" => "3.4"},{"date" => "2005-02-23T13:35:13","version" => "3.4"},{"date" => "2005-03-01T18:10:05","version" => "3.4"},{"date" => "2005-03-04T17:53:49","version" => "3.4"},{"date" => "2005-03-14T10:31:33","version" => "3.4"},{"date" => "2005-03-21T09:24:00","version" => "3.4"},{"date" => "2005-04-05T09:50:19","version" => "4.0"},{"date" => "2005-04-11T10:31:43","version" => "4.1"},{"date" => "2005-04-14T19:46:49","version" => "4.2"},{"date" => "2005-04-20T08:35:06","version" => "4.3"},{"date" => "2005-04-28T14:23:29","version" => "4.4"},{"date" => "2005-05-22T15:26:46","version" => "4.5"},{"date" => "2005-06-01T14:33:57","version" => "4.6"},{"date" => "2005-06-02T09:53:57","version" => "4.61"},{"date" => "2005-06-02T15:47:47","version" => "4.62"},{"date" => "2005-06-16T21:03:43","version" => "4.63"},{"date" => "2005-07-05T15:28:06","version" => "4.64"},{"date" => "2005-07-13T16:52:52","version" => "4.65"},{"date" => "2005-07-28T17:16:01","version" => "4.66"},{"date" => "2005-08-25T13:31:53","version" => "4.67"},{"date" => "2005-09-02T12:35:28","version" => "4.68"},{"date" => "2005-09-05T11:27:29","version" => "4.69"},{"date" => "2005-09-16T15:59:06","version" => "4.70"},{"date" => "2005-10-13T18:10:10","version" => "4.71"},{"date" => "2005-10-25T18:07:42","version" => "4.72"},{"date" => "2005-10-26T06:43:59","version" => "4.73"},{"date" => "2005-10-26T08:21:25","version" => "4.74"},{"date" => "2005-12-04T17:50:30","version" => "4.75"},{"date" => "2005-12-23T15:22:40","version" => "4.76"},{"date" => "2005-12-26T17:08:35","version" => "4.77"},{"date" => "2006-01-10T22:07:46","version" => "4.78"},{"date" => "2006-01-15T17:09:57","version" => "4.79"},{"date" => "2006-03-16T16:53:54","version" => "4.80"},{"date" => "2006-03-31T16:02:38","version" => "4.81"},{"date" => "2006-04-11T18:38:36","version" => "4.82"},{"date" => "2006-04-11T19:50:58","version" => "4.83"},{"date" => "2006-04-12T13:40:40","version" => "4.84"},{"date" => "2006-04-13T11:43:55","version" => "4.85"},{"date" => "2006-04-27T20:45:17","version" => "4.86"},{"date" => "2006-05-06T16:13:30","version" => "4.87"},{"date" => "2006-05-21T17:09:49","version" => "4.88"},{"date" => "2006-05-22T08:21:25","version" => "4.89"},{"date" => "2006-05-22T12:56:03","version" => "4.90"},{"date" => "2006-06-01T20:15:32","version" => "4.91"},{"date" => "2006-06-11T17:15:17","version" => "4.92"},{"date" => "2006-06-13T18:29:21","version" => "4.93"},{"date" => "2006-07-02T09:10:52","version" => "4.94"},{"date" => "2006-07-05T10:47:35","version" => "4.95"},{"date" => "2006-07-16T13:37:50","version" => "4.96"},{"date" => "2006-07-24T11:55:01","version" => "4.97"},{"date" => "2006-08-18T11:39:13","version" => "4.98"},{"date" => "2006-08-29T16:57:17","version" => "4.99"},{"date" => "2006-09-01T01:32:30","version" => "5.00"},{"date" => "2006-09-07T17:03:08","version" => "5.01"},{"date" => "2006-09-08T15:45:55","version" => "5.02"},{"date" => "2006-09-16T13:33:43","version" => "5.03"},{"date" => "2006-09-25T12:40:35","version" => "5.04"},{"date" => "2006-10-06T14:02:37","version" => "5.05"},{"date" => "2006-10-12T12:29:17","version" => "5.06"},{"date" => "2006-10-17T10:57:25","version" => "5.07"},{"date" => "2006-10-23T12:43:37","version" => "5.08"},{"date" => "2006-10-24T14:15:06","version" => "5.09"},{"date" => "2006-10-24T17:18:06","version" => "5.10"},{"date" => "2006-10-25T15:51:16","version" => "5.11"},{"date" => "2006-11-16T14:01:15","version" => "5.12"},{"date" => "2006-11-19T14:34:09","version" => "5.13"},{"date" => "2006-11-29T11:10:54","version" => "5.14"},{"date" => "2006-12-05T19:42:12","version" => "5.15"},{"date" => "2006-12-06T12:27:38","version" => "5.16"},{"date" => "2006-12-12T23:09:26","version" => "5.17"},{"date" => "2006-12-29T11:08:52","version" => "5.18"},{"date" => "2007-01-31T12:06:39","version" => "5.19"},{"date" => "2007-01-31T17:37:46","version" => "5.20"},{"date" => "2007-02-01T12:39:18","version" => "5.21"},{"date" => "2007-02-02T12:55:07","version" => "5.22"},{"date" => "2007-04-12T15:28:46","version" => "5.23"},{"date" => "2007-04-16T12:51:48","version" => "5.24"},{"date" => "2007-04-29T12:19:32","version" => "5.25"},{"date" => "2007-04-29T14:33:13","version" => "5.26"},{"date" => "2007-05-01T13:21:57","version" => "5.27"},{"date" => "2007-05-01T14:14:27","version" => "5.28"},{"date" => "2007-05-03T12:51:34","version" => "5.29"},{"date" => "2007-05-08T18:38:59","version" => "5.30"},{"date" => "2007-05-18T09:26:43","version" => "5.31_01"},{"date" => "2007-05-31T15:25:34","version" => "5.31_02"},{"date" => "2007-06-01T10:02:23","version" => "5.31_03"},{"date" => "2007-06-05T08:46:20","version" => "5.31_04"},{"date" => "2007-06-11T09:30:57","version" => "5.31_05"},{"date" => "2007-06-12T11:28:18","version" => "5.32"},{"date" => "2007-07-10T17:11:05","version" => "5.33_01"},{"date" => "2007-07-25T10:01:32","version" => "5.34"},{"date" => "2007-11-01T14:32:47","version" => "5.36"},{"date" => "2007-12-05T21:26:00","version" => "5.37_01"},{"date" => "2007-12-06T08:53:09","version" => "5.37_02"},{"date" => "2007-12-06T17:35:01","version" => "5.38"},{"date" => "2007-12-26T11:03:08","version" => "5.40"},{"date" => "2007-12-31T12:44:42","version" => "5.42"},{"date" => "2008-01-01T14:10:56","version" => "5.44"},{"date" => "2008-01-03T15:21:36","version" => "5.46"},{"date" => "2008-01-10T20:32:12","version" => "5.48"},{"date" => "2008-01-13T10:30:41","version" => "5.50"},{"date" => "2008-01-14T08:06:32","version" => "5.52"},{"date" => "2008-01-27T09:43:44","version" => "5.54"},{"date" => "2008-01-31T13:13:54","version" => "5.56"},{"date" => "2008-02-04T08:13:31","version" => "5.58"},{"date" => "2008-02-06T13:54:09","version" => "5.60"},{"date" => "2008-02-07T16:42:54","version" => "5.62"},{"date" => "2008-02-16T08:35:10","version" => "5.64"},{"date" => "2008-02-18T22:11:13","version" => "5.66"},{"date" => "2008-02-20T20:00:00","version" => "5.68"},{"date" => "2008-03-03T10:51:33","version" => "5.70"},{"date" => "2008-03-21T10:56:45","version" => "5.72"},{"date" => "2008-04-02T15:23:28","version" => "5.74"},{"date" => "2008-04-24T15:13:29","version" => "5.76"},{"date" => "2008-05-30T07:16:00","version" => "5.78"},{"date" => "2008-06-12T15:42:21","version" => "5.80"},{"date" => "2008-06-14T08:49:07","version" => "5.82"},{"date" => "2008-06-26T19:16:22","version" => "5.84"},{"date" => "2008-07-22T09:11:40","version" => "5.86"},{"date" => "2008-08-28T15:06:57","version" => "5.88"},{"date" => "2009-01-22T11:04:20","version" => "5.90"},{"date" => "2009-01-27T13:08:53","version" => "5.92"},{"date" => "2009-01-27T21:56:50","version" => "5.94"},{"date" => "2009-01-28T12:02:40","version" => "5.96"},{"date" => "2009-03-02T23:16:08","version" => "5.98"},{"date" => "2009-03-04T23:31:34","version" => "6.00"},{"date" => "2009-03-06T11:07:07","version" => "6.02"},{"date" => "2009-03-07T23:41:08","version" => "6.04"},{"date" => "2009-04-11T09:24:16","version" => "6.05_01"},{"date" => "2009-04-30T12:12:52","version" => "6.06"},{"date" => "2009-05-29T11:58:02","version" => "6.08"},{"date" => "2009-07-09T20:20:10","version" => "6.09_01"},{"date" => "2009-07-10T09:17:48","version" => "6.09_02"},{"date" => "2009-07-10T14:24:17","version" => "6.09_03"},{"date" => "2009-07-12T20:52:44","version" => "6.09_04"},{"date" => "2009-07-16T14:20:12","version" => "6.09_05"},{"date" => "2009-07-17T10:23:41","version" => "6.09_06"},{"date" => "2009-07-21T06:26:37","version" => "6.09_07"},{"date" => "2009-07-27T12:19:55","version" => "6.09_08"},{"date" => "2009-07-29T11:16:27","version" => "6.09_09"},{"date" => "2009-07-30T13:40:56","version" => "6.09_10"},{"date" => "2009-08-07T12:59:58","version" => "6.09_11"},{"date" => "2009-08-14T20:49:04","version" => "6.10"},{"date" => "2009-08-19T09:21:27","version" => "6.11_01"},{"date" => "2009-09-10T09:00:17","version" => "6.12"},{"date" => "2009-09-24T15:13:45","version" => "6.14"},{"date" => "2009-10-11T09:02:32","version" => "6.16"},{"date" => "2009-12-11T19:28:22","version" => "6.18"},{"date" => "2010-01-15T18:42:20","version" => "6.20"},{"date" => "2010-01-20T01:54:34","version" => "6.22"},{"date" => "2010-02-12T02:47:46","version" => "6.24"},{"date" => "2010-03-14T07:34:45","version" => "6.26"},{"date" => "2010-03-14T10:57:17","version" => "6.28"},{"date" => "2010-05-10T14:40:23","version" => "6.30"},{"date" => "2010-05-11T13:45:23","version" => "6.32"},{"date" => "2010-06-21T20:28:42","version" => "6.33"},{"date" => "2010-06-25T18:17:14","version" => "6.34"},{"date" => "2010-06-27T09:33:18","version" => "6.35"},{"date" => "2010-07-26T03:54:08","version" => "6.36"},{"date" => "2010-08-17T23:08:39","version" => "6.37"},{"date" => "2010-09-03T18:33:58","version" => "6.38"},{"date" => "2010-09-04T02:16:21","version" => "6.39"},{"date" => "2010-09-09T06:56:17","version" => "6.40"},{"date" => "2010-09-23T21:34:09","version" => "6.41"},{"date" => "2010-09-25T09:40:47","version" => "6.42"},{"date" => "2010-09-25T21:30:54","version" => "6.43"},{"date" => "2010-09-25T23:35:19","version" => "6.44"},{"date" => "2010-09-26T03:42:36","version" => "6.45"},{"date" => "2010-09-29T04:59:09","version" => "6.46"},{"date" => "2010-10-03T15:29:13","version" => "6.47"},{"date" => "2010-10-03T19:50:31","version" => "6.48"},{"date" => "2010-10-16T19:05:02","version" => "6.49"},{"date" => "2010-11-03T02:06:04","version" => "6.50"},{"date" => "2010-11-05T11:29:30","version" => "6.51"},{"date" => "2010-11-05T17:26:55","version" => "6.52"},{"date" => "2011-03-10T15:39:11","version" => "6.53"},{"date" => "2011-03-10T18:21:18","version" => "6.54"},{"date" => "2011-04-01T18:38:19","version" => "6.55"},{"date" => "2011-04-01T20:05:44","version" => "6.56"},{"date" => "2011-04-02T03:41:42","version" => "6.57"},{"date" => "2011-04-04T17:52:07","version" => "6.58"},{"date" => "2011-04-04T20:23:21","version" => "6.59"},{"date" => "2011-04-15T06:13:37","version" => "6.60"},{"date" => "2011-04-19T17:04:11","version" => "6.61"},{"date" => "2011-05-03T11:00:14","version" => "6.62"},{"date" => "2011-05-15T05:08:04","version" => "6.63"},{"date" => "2011-05-15T10:00:34","version" => "6.64"},{"date" => "2011-05-19T01:55:49","version" => "6.65"},{"date" => "2011-05-19T22:33:07","version" => "6.66"},{"date" => "2011-05-22T16:45:17","version" => "6.67"},{"date" => "2011-05-22T17:02:27","version" => "6.68"},{"date" => "2011-07-29T01:54:20","version" => "6.69"},{"date" => "2011-08-02T03:40:17","version" => "6.70"},{"date" => "2011-09-18T16:08:38","version" => "6.71"},{"date" => "2011-10-07T15:42:11","version" => "6.72"},{"date" => "2011-10-08T04:41:24","version" => "6.73"},{"date" => "2011-10-09T20:16:25","version" => "6.74"},{"date" => "2011-11-13T14:26:23","version" => "6.75"},{"date" => "2011-11-29T03:25:52","version" => "6.76"},{"date" => "2011-12-02T03:56:47","version" => "6.77"},{"date" => "2011-12-07T20:30:42","version" => "6.78"},{"date" => "2012-09-19T13:26:08","version" => "6.79"},{"date" => "2012-09-20T08:55:35","version" => "6.80"},{"date" => "2012-11-23T15:56:03","version" => "6.81"},{"date" => "2013-03-09T22:17:24","version" => "6.82"},{"date" => "2013-05-27T09:43:25","version" => "6.83"},{"date" => "2014-06-17T09:47:20","version" => "6.84"},{"date" => "2014-06-19T09:22:12","version" => "6.85"},{"date" => "2014-06-20T10:14:59","version" => "6.86"},{"date" => "2014-06-21T14:09:46","version" => "6.87"},{"date" => "2014-06-28T12:16:18","version" => "6.88"},{"date" => "2017-09-05T18:14:17","version" => "6.89"},{"date" => "2017-09-05T18:19:13","version" => "6.90"},{"date" => "2021-06-05T12:55:31","version" => "6.91"},{"date" => "2021-06-08T13:32:11","version" => "6.92"},{"date" => "2021-06-15T18:29:10","version" => "6.93"},{"date" => "2025-07-07T00:26:11","version" => "6.94"},{"date" => "2025-07-07T01:32:11","version" => "6.95"}]},"POSIX-2008" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "POSIX::2008's implementation of readlink() and readlinkat(). The underlying syscalls do not add any null terminator byte at the end of the output buffer, but _readlink50c() in 2008.XS also fails to add a null terminator before returning the result string to perl. This results in arbitrary memory contents being visible in the result returned to perl code by readlink() and readlinkat(). At the very least, this causes failures in any downstream code that attempts to access whatever filename (plus the erroneous garbage) was linked to.\n","distribution" => "POSIX-2008","fixed_versions" => [">=0.04"],"id" => "CPANSA-POSIX-2008-001","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=96644"],"reported" => undef,"severity" => undef},{"affected_versions" => ["<0.24"],"cves" => ["CVE-2024-55564"],"description" => "Fixed potential env buffer overflow in _execve50c()\n","distribution" => "POSIX-2008","fixed_versions" => [">=0.24"],"id" => "CPANSA-POSIX-2008-002","references" => ["https://metacpan.org/release/CGPAN/POSIX-2008-0.24/source/Changes"],"reported" => undef,"severity" => undef}],"main_module" => "POSIX::2008","versions" => [{"date" => "2013-09-13T17:14:53","version" => "0.01"},{"date" => "2013-09-14T16:20:56","version" => "0.02"},{"date" => "2013-09-16T09:32:15","version" => "0.03"},{"date" => "2015-05-25T13:51:17","version" => "0.04"},{"date" => "2017-08-25T20:52:28","version" => "0.05"},{"date" => "2017-08-26T17:21:09","version" => "0.06"},{"date" => "2017-08-27T14:55:54","version" => "0.07"},{"date" => "2017-08-31T18:14:24","version" => "0.08"},{"date" => "2017-09-01T10:14:04","version" => "0.09"},{"date" => "2017-09-02T09:15:21","version" => "0.10"},{"date" => "2017-09-02T13:11:19","version" => "0.11"},{"date" => "2017-09-03T20:02:26","version" => "0.12"},{"date" => "2017-09-08T11:50:51","version" => "0.13"},{"date" => "2017-09-09T18:04:53","version" => "0.14"},{"date" => "2017-09-10T12:50:52","version" => "0.15"},{"date" => "2017-09-15T14:59:53","version" => "0.16"},{"date" => "2023-06-01T13:51:43","version" => "0.18"},{"date" => "2023-07-07T13:52:59","version" => "0.19"},{"date" => "2023-07-08T12:09:34","version" => "0.20_01"},{"date" => "2023-07-09T08:25:58","version" => "0.20_02"},{"date" => "2023-07-11T15:26:35","version" => "0.20_03"},{"date" => "2023-07-12T17:47:09","version" => "0.20_04"},{"date" => "2023-07-13T17:26:29","version" => "0.20_05"},{"date" => "2023-07-14T15:57:30","version" => "0.20"},{"date" => "2023-11-16T19:54:40","version" => "0.21"},{"date" => "2024-01-26T16:30:56","version" => "0.22"},{"date" => "2024-01-27T15:34:00","version" => "0.23"},{"date" => "2024-06-14T12:10:38","version" => "0.24"},{"date" => "2025-07-12T16:48:06","version" => "0.25"},{"date" => "2025-07-25T10:05:43","version" => "0.26"}]},"Parallel-ForkManager" => {"advisories" => [{"affected_versions" => ["<1.0.0"],"cves" => ["CVE-2011-4115"],"description" => "Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.\n","distribution" => "Parallel-ForkManager","fixed_versions" => [">1.0.0"],"id" => "CPANSA-Parallel-ForkManager-2011-4115","references" => ["http://www.openwall.com/lists/oss-security/2011/11/04/2","http://www.openwall.com/lists/oss-security/2011/11/04/4","https://rt.cpan.org/Public/Bug/Display.html?id=68298"],"reported" => "2020-01-31","severity" => "high"}],"main_module" => "Parallel::ForkManager","versions" => [{"date" => "2000-10-19T21:52:22","version" => "0.5"},{"date" => "2000-11-30T11:03:55","version" => "0.6"},{"date" => "2001-04-04T11:28:22","version" => "0.7"},{"date" => "2001-05-14T14:34:23","version" => "v0.7.2"},{"date" => "2001-10-24T00:32:21","version" => "v0.7.3"},{"date" => "2002-07-04T21:16:46","version" => "v0.7.4"},{"date" => "2002-12-25T23:14:12","version" => "v0.7.5"},{"date" => "2010-08-15T10:53:20","version" => "0.7.6"},{"date" => "2010-09-27T22:27:36","version" => "0.7.7"},{"date" => "2010-10-25T16:44:43","version" => "0.7.8"},{"date" => "2010-11-01T18:06:12","version" => "0.7.9"},{"date" => "2012-12-23T10:29:10","version" => "v1.0.0"},{"date" => "2012-12-23T19:35:57","version" => "1.01"},{"date" => "2012-12-24T11:30:23","version" => "1.02"},{"date" => "2013-03-06T09:31:14","version" => "1.03"},{"date" => "2013-09-03T06:57:39","version" => "1.04"},{"date" => "2013-09-18T08:58:10","version" => "1.05"},{"date" => "2013-12-24T20:42:36","version" => "1.06"},{"date" => "2014-11-10T07:11:25","version" => "1.07"},{"date" => "2015-01-07T15:27:26","version" => "1.08"},{"date" => "2015-01-08T14:47:12","version" => "1.09"},{"date" => "2015-01-15T15:22:56","version" => "1.10"},{"date" => "2015-01-22T19:09:25","version" => "1.10_1"},{"date" => "2015-01-26T19:32:34","version" => "1.10_2"},{"date" => "2015-01-30T16:16:43","version" => "1.11"},{"date" => "2015-02-23T23:22:38","version" => "1.12"},{"date" => "2015-05-11T22:32:07","version" => "1.13"},{"date" => "2015-05-17T21:19:58","version" => "1.14"},{"date" => "2015-07-08T21:41:39","version" => "1.15"},{"date" => "2015-10-08T22:51:51","version" => "1.16"},{"date" => "2015-11-28T14:50:06","version" => "1.17"},{"date" => "2016-03-29T23:27:09","version" => "1.18"},{"date" => "2016-06-28T23:04:26","version" => "1.19"},{"date" => "2018-07-19T00:48:24","version" => "1.20"},{"date" => "2018-08-23T01:28:34","version" => "2.00"},{"date" => "2018-08-23T23:59:37","version" => "2.01"},{"date" => "2018-10-08T23:21:03","version" => "2.02"},{"date" => "2024-08-24T18:13:26","version" => "2.03"},{"date" => "2025-08-30T16:12:19","version" => "2.04"}]},"PathTools" => {"advisories" => [{"affected_versions" => ["<3.65"],"cves" => ["CVE-2016-1238"],"description" => "Does not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "PathTools","fixed_versions" => [">=3.65"],"id" => "CPANSA-PathTools-2016-02","references" => ["https://metacpan.org/changes/distribution/PathTools"],"reported" => "2016-02-08"},{"affected_versions" => ["<3.62"],"cves" => ["CVE-2015-8607"],"description" => "Does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.\n","distribution" => "PathTools","fixed_versions" => [">=3.62"],"id" => "CPANSA-PathTools-2016-01","references" => ["https://metacpan.org/changes/distribution/PathTools"],"reported" => "2016-01-11"}],"main_module" => "Cwd","versions" => [{"date" => "2004-09-03T03:40:00","version" => "3.00"},{"date" => "2004-09-07T03:39:26","version" => "3.01"},{"date" => "2004-11-19T04:26:35","version" => "3.01_01"},{"date" => "2004-11-29T04:20:10","version" => "3.01_02"},{"date" => "2004-11-30T02:34:46","version" => "3.01_03"},{"date" => "2005-01-10T01:33:05","version" => "3.02"},{"date" => "2005-01-22T03:59:59","version" => "3.03"},{"date" => "2005-02-07T00:28:43","version" => "3.04"},{"date" => "2005-02-28T13:27:37","version" => "3.05"},{"date" => "2005-04-14T02:06:10","version" => "3.06"},{"date" => "2005-05-06T12:50:38","version" => "3.07"},{"date" => "2005-05-28T15:13:27","version" => "3.08"},{"date" => "2005-06-15T23:45:19","version" => "3.09"},{"date" => "2005-08-26T03:29:11","version" => "3.10"},{"date" => "2005-08-28T01:16:38","version" => "3.11"},{"date" => "2005-10-04T03:14:00","version" => "3.12"},{"date" => "2005-11-16T05:58:53","version" => "3.13"},{"date" => "2005-11-18T00:15:37","version" => "3.14"},{"date" => "2005-12-10T04:51:57","version" => "3.14_01"},{"date" => "2005-12-14T05:11:27","version" => "3.14_02"},{"date" => "2005-12-27T20:32:26","version" => "3.15"},{"date" => "2006-01-31T02:52:07","version" => "3.16"},{"date" => "2006-03-03T22:55:18","version" => "3.17"},{"date" => "2006-04-28T03:04:00","version" => "3.18"},{"date" => "2006-07-12T03:43:15","version" => "3.19"},{"date" => "2006-10-05T02:18:51","version" => "3.21"},{"date" => "2006-10-10T02:53:23","version" => "3.22"},{"date" => "2006-10-11T17:13:59","version" => "3.23"},{"date" => "2006-11-20T04:53:56","version" => "3.24"},{"date" => "2007-05-22T02:08:53","version" => "3.25"},{"date" => "2007-10-14T02:15:40","version" => "3.25_01"},{"date" => "2007-12-25T02:34:28","version" => "3.2501"},{"date" => "2008-01-14T12:02:28","version" => "3.26"},{"date" => "2008-01-15T23:27:33","version" => "3.26_01"},{"date" => "2008-01-17T02:21:47","version" => "3.27"},{"date" => "2008-02-12T03:46:01","version" => "3.2701"},{"date" => "2008-07-26T02:19:45","version" => "3.28_01"},{"date" => "2008-10-27T19:27:37","version" => "3.28_02"},{"date" => "2008-10-27T21:16:35","version" => "3.28_03"},{"date" => "2008-10-29T20:11:52","version" => "3.29"},{"date" => "2009-05-07T18:27:46","version" => "3.29_01"},{"date" => "2009-05-10T08:59:46","version" => "3.30"},{"date" => "2009-09-21T12:46:15","version" => "3.30_01"},{"date" => "2009-09-29T06:22:30","version" => "3.30_02"},{"date" => "2009-11-01T14:22:36","version" => "3.31"},{"date" => "2010-07-23T08:10:31","version" => "3.31_02"},{"date" => "2010-09-17T13:24:05","version" => "3.31_03"},{"date" => "2010-09-19T15:53:14","version" => "3.32"},{"date" => "2010-09-20T07:54:00","version" => "3.33"},{"date" => "2011-12-20T07:42:29","version" => "3.39_01"},{"date" => "2013-01-16T06:35:08","version" => "3.40"},{"date" => "2014-05-01T18:34:31","version" => "3.46_01"},{"date" => "2014-05-23T17:00:38","version" => "3.47"},{"date" => "2015-07-11T22:18:08","version" => "3.56_01"},{"date" => "2015-07-16T15:33:27","version" => "3.56_02"},{"date" => "2015-11-09T22:09:25","version" => "3.58_01"},{"date" => "2015-11-13T23:46:00","version" => "3.59"},{"date" => "2015-11-19T02:32:50","version" => "3.60"},{"date" => "2016-01-11T13:49:31","version" => "3.62"},{"date" => "2018-02-18T20:27:27","version" => "3.73"},{"date" => "2018-02-19T08:41:14","version" => "3.74"},{"date" => "2018-08-29T19:53:19","version" => "3.75"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "2.00"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "2.01"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006","version" => "2.02"},{"date" => "2001-04-08T00:00:00","dual_lived" => 1,"perl_release" => "5.006001","version" => "2.04"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.06"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "2.08"},{"date" => "2004-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008003","version" => "2.12"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "2.17"},{"date" => "2004-07-19T00:00:00","dual_lived" => 1,"perl_release" => "5.008005","version" => "2.19"},{"date" => "2009-10-02T00:00:00","dual_lived" => 1,"perl_release" => "5.011000","version" => "3.3002"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "3.34"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "3.35"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "3.36"},{"date" => "2011-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013010","version" => "3.37"},{"date" => "2011-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015006","version" => "3.38"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "3.39_02"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "3.39_03"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "3.41"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "3.44"},{"date" => "2013-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019005","version" => "3.45"},{"date" => "2014-09-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020001","version" => "3.48"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "3.48_01"},{"date" => "2014-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021002","version" => "3.49"},{"date" => "2014-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021004","version" => "3.50"},{"date" => "2014-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021005","version" => "3.51"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "3.54"},{"date" => "2015-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02101","version" => "3.55"},{"date" => "2015-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021011","version" => "3.56"},{"date" => "2015-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023002","version" => "3.57"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "3.58"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "3.63"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "3.63_01"},{"date" => "2016-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025002","version" => "3.64"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "3.65"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "3.66"},{"date" => "2017-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025011","version" => "3.67"},{"date" => "2017-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027002","version" => "3.68"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "3.70"},{"date" => "2017-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027007","version" => "3.71"},{"date" => "2018-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027008","version" => "3.72"},{"date" => "2018-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029005","version" => "3.76"},{"date" => "2019-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029007","version" => "3.77"},{"date" => "2019-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029010","version" => "3.78"},{"date" => "2020-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033004","version" => "3.79"},{"date" => "2020-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033005","version" => "3.80"},{"date" => "2021-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035001","version" => "3.81"},{"date" => "2021-07-23T00:00:00","dual_lived" => 1,"perl_release" => "5.035002","version" => "3.82"},{"date" => "2021-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035007","version" => "3.83"},{"date" => "2022-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.03501","version" => "3.84"},{"date" => "2022-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037001","version" => "3.85"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "3.86"},{"date" => "2022-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037007","version" => "3.88"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037010","version" => "3.89"},{"date" => "2023-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039002","version" => "3.90"},{"date" => "2025-01-18T00:00:00","dual_lived" => 1,"perl_release" => "5.040001","version" => "3.91"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.92"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "3.94"}]},"Perl-Tidy" => {"advisories" => [{"affected_versions" => ["<20170521"],"cves" => ["CVE-2016-10374"],"description" => "perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.","distribution" => "Perl-Tidy","fixed_versions" => [">=20170521"],"id" => "CPANSA-Perl-Tidy-2016-10374","references" => ["https://bugs.debian.org/862667"],"reported" => "2017-05-17","severity" => undef},{"affected_versions" => ["<20140328"],"comment" => "This issue is actually about a temporary file with a a particular, known name (perltidy.TMP), and that expression of the problem was fixed. This does not mean that all similar problems are solved.","cves" => ["CVE-2014-2277"],"description" => "The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.","distribution" => "Perl-Tidy","fixed_versions" => [">=20140328"],"id" => "CPANSA-Perl-Tidy-2014-2277","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130464.html","http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html","http://www.openwall.com/lists/oss-security/2014/03/09/1","http://www.securityfocus.com/bid/66139","https://bugzilla.redhat.com/show_bug.cgi?id=1074720","https://exchange.xforce.ibmcloud.com/vulnerabilities/92104","https://github.com/perltidy/perltidy/issues/193"],"reported" => "2017-10-17","severity" => undef}],"main_module" => "Perl::Tidy","versions" => [{"date" => "2002-12-12T04:04:58","version" => 20021130},{"date" => "2003-07-29T01:16:45","version" => 20030726},{"date" => "2003-10-22T19:58:39","version" => 20031021},{"date" => "2006-06-14T19:23:10","version" => 20060614},{"date" => "2006-07-21T13:54:28","version" => 20060719},{"date" => "2007-04-24T16:01:04","version" => 20070424},{"date" => "2007-05-04T17:15:58","version" => 20070504},{"date" => "2007-05-08T20:58:34","version" => 20070508},{"date" => "2007-08-01T17:28:17","version" => 20070801},{"date" => "2007-12-06T18:43:33","version" => 20071205},{"date" => "2009-06-17T12:24:15","version" => 20090616},{"date" => "2010-12-17T01:14:33","version" => 20101217},{"date" => "2012-06-19T22:24:36","version" => 20120619},{"date" => "2012-07-01T21:48:51","version" => 20120701},{"date" => "2012-07-14T14:05:46","version" => 20120714},{"date" => "2012-12-09T14:22:00","version" => 20121207},{"date" => "2013-07-16T23:57:29","version" => 20130717},{"date" => "2013-08-05T23:43:11","version" => 20130805},{"date" => "2013-08-06T00:53:04","version" => 20130806},{"date" => "2013-09-22T14:50:31","version" => 20130922},{"date" => "2014-03-28T12:47:26","version" => 20140328},{"date" => "2014-07-11T12:19:22","version" => 20140711},{"date" => "2015-08-15T01:10:08","version" => 20150815},{"date" => "2016-02-27T16:37:50","version" => 20160301},{"date" => "2016-03-01T16:02:00","version" => 20160302},{"date" => "2017-05-21T15:50:20","version" => 20170521},{"date" => "2017-12-14T14:28:53","version" => 20171214},{"date" => "2017-12-31T15:46:44","version" => 20180101},{"date" => "2018-02-18T19:39:25","version" => 20180219},{"date" => "2018-02-20T11:53:21","version" => 20180220},{"date" => "2018-11-17T01:59:23","version" => 20181117},{"date" => "2018-11-18T04:52:04","version" => 20181118},{"date" => "2018-11-18T05:56:29","version" => 20181119},{"date" => "2018-11-19T15:37:08","version" => 20181120},{"date" => "2019-05-31T14:47:55","version" => 20190601},{"date" => "2019-09-14T23:41:55","version" => 20190915},{"date" => "2019-12-03T14:34:15","version" => 20191203},{"date" => "2020-01-09T23:28:34","version" => 20200110},{"date" => "2020-06-19T13:05:06","version" => 20200619},{"date" => "2020-08-22T13:34:22","version" => 20200822},{"date" => "2020-09-06T21:51:31","version" => 20200907},{"date" => "2020-09-28T23:43:58","version" => 20201001},{"date" => "2020-12-02T23:45:54","version" => 20201202},{"date" => "2020-12-06T22:05:36","version" => 20201207},{"date" => "2021-01-10T15:32:47","version" => 20210111},{"date" => "2021-04-01T13:13:11","version" => 20210402},{"date" => "2021-06-24T14:09:49","version" => 20210625},{"date" => "2021-07-17T13:21:01","version" => 20210717},{"date" => "2021-10-29T12:52:01","version" => 20211029},{"date" => "2022-02-15T14:21:53","version" => 20220215},{"date" => "2022-02-15T16:27:06","version" => 20220216},{"date" => "2022-02-15T16:54:52","version" => 20220217},{"date" => "2022-06-13T12:51:44","version" => 20220613},{"date" => "2022-11-10T13:56:33","version" => 20221111},{"date" => "2022-11-11T13:33:22","version" => 20221112},{"date" => "2023-03-08T15:07:20","version" => 20230309},{"date" => "2023-07-01T13:11:20","version" => 20230701},{"date" => "2023-09-08T13:48:48","version" => 20230909},{"date" => "2023-09-12T21:49:07","version" => 20230912},{"date" => "2024-02-01T13:55:33","version" => 20240202},{"date" => "2024-05-10T13:16:10","version" => 20240511},{"date" => "2024-09-03T13:06:06","version" => 20240903},{"date" => "2025-01-05T01:48:16","version" => 20250105},{"date" => "2025-02-13T14:45:10","version" => 20250214},{"date" => "2025-03-11T23:43:02","version" => 20250311},{"date" => "2025-06-15T13:30:07","version" => 20250616},{"date" => "2025-07-11T13:09:54","version" => 20250711},{"date" => "2025-09-12T13:54:29","version" => 20250912},{"date" => "2026-01-08T14:58:18","version" => 20260109},{"date" => "2026-02-03T14:43:25","version" => 20260204}]},"Perl-Version" => {"advisories" => [{"affected_versions" => ["<1.013"],"cves" => [],"description" => "Insecure dependency File::Slurp is used.\n","distribution" => "Perl-Version","fixed_versions" => [">=1.013"],"id" => "CPANSA-Perl-Version-2014-01","references" => ["https://metacpan.org/changes/distribution/Perl-Version","https://rt.cpan.org/Public/Bug/Display.html?id=92974"],"reported" => "2014-02-12"}],"main_module" => "Perl::Version","versions" => [{"date" => "2007-02-07T19:41:42","version" => "v0.0.1"},{"date" => "2007-02-23T18:03:11","version" => "v0.0.3"},{"date" => "2007-02-24T18:03:42","version" => "v0.0.4"},{"date" => "2007-02-25T12:41:13","version" => "v0.0.5"},{"date" => "2007-02-27T12:46:07","version" => "v0.0.6"},{"date" => "2007-02-28T01:27:59","version" => "v0.0.7"},{"date" => "2007-06-20T16:09:31","version" => "0.0.8"},{"date" => "2007-09-03T14:28:35","version" => "v1.000"},{"date" => "2007-09-07T15:42:58","version" => "v1.001"},{"date" => "2007-09-07T15:58:18","version" => "v1.002"},{"date" => "2007-11-08T12:14:27","version" => "1.003"},{"date" => "2007-11-08T12:24:59","version" => "1.004"},{"date" => "2008-04-03T14:56:16","version" => "1.005"},{"date" => "2008-04-07T19:14:56","version" => "1.006"},{"date" => "2008-04-07T19:27:24","version" => "1.007"},{"date" => "2009-03-07T16:40:03","version" => "1.008"},{"date" => "2009-03-09T16:22:08","version" => "1.009"},{"date" => "2010-09-19T15:37:48","version" => "1.010"},{"date" => "2011-02-21T21:32:17","version" => "1.011"},{"date" => "2014-02-12T20:58:43","version" => "1.013"},{"date" => "2014-02-14T16:08:42","version" => "1.013_01"},{"date" => "2014-02-18T16:42:57","version" => "1.013_02"},{"date" => "2015-11-21T06:05:48","version" => "1.013_03"},{"date" => "2024-01-04T15:11:21","version" => "1.015"},{"date" => "2024-01-05T13:57:01","version" => "1.016"},{"date" => "2024-03-09T01:38:25","version" => "1.017"},{"date" => "2025-01-27T13:08:16","version" => "1.018"},{"date" => "2026-02-24T23:29:53","version" => "1.019"}]},"Perl6-Pugs" => {"advisories" => [{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2015-2325"],"description" => "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2015-2325-libpcre","references" => ["https://bugs.exim.org/show_bug.cgi?id=1591","https://fortiguard.com/zeroday/FG-VD-15-015","http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html","https://www.pcre.org/original/changelog.txt"],"reported" => "2020-01-14","severity" => "high"},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2015-2326"],"description" => "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\".\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2015-2326-libpcre","references" => ["https://bugs.exim.org/show_bug.cgi?id=1592","https://fortiguard.com/zeroday/FG-VD-15-016","http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html","https://www.pcre.org/original/changelog.txt"],"reported" => "2020-01-14","severity" => "medium"},{"affected_versions" => [">=6.0.12,<=6.2.9"],"cves" => ["CVE-2015-8382"],"description" => "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.\n","distribution" => "Perl6-Pugs","fixed_versions" => [],"id" => "CPANSA-Perl6-Pugs-2015-8382-libpcre","references" => ["https://bugs.exim.org/show_bug.cgi?id=1537","http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup","http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510","https://bugzilla.redhat.com/show_bug.cgi?id=1187225","http://www.openwall.com/lists/oss-security/2015/08/04/3","http://www.openwall.com/lists/oss-security/2015/11/29/1","http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834","http://www.securityfocus.com/bid/76157","https://bto.bluecoat.com/security-advisory/sa128"],"reported" => "2015-12-02","severity" => undef}],"main_module" => "Perl6::Pugs","versions" => [{"date" => "2005-02-06T19:03:38","version" => "6.0.0"},{"date" => "2005-02-07T00:46:57","version" => "6.0.1"},{"date" => "2005-02-09T04:59:47","version" => "6.0.2"},{"date" => "2005-02-11T19:27:50","version" => "6.0.2"},{"date" => "2005-02-12T04:11:20","version" => "6.0.4"},{"date" => "2005-02-14T18:13:02","version" => "6.0.5"},{"date" => "2005-02-17T18:36:41","version" => "6.0.6"},{"date" => "2005-02-17T18:44:09","version" => "6.0.7"},{"date" => "2005-02-20T19:24:21","version" => "6.0.7"},{"date" => "2005-02-28T04:51:23","version" => "6.0.9"},{"date" => "2005-03-05T03:38:25","version" => "6.0.9"},{"date" => "2005-03-13T20:41:30","version" => "6.0.11"},{"date" => "2005-03-20T17:55:40","version" => "6.0.9"},{"date" => "2005-03-27T07:10:11","version" => "6.0.13"},{"date" => "2005-04-04T04:21:37","version" => "6.0.14"},{"date" => "2005-04-12T19:51:15","version" => "6.2.0"},{"date" => "2005-04-23T22:56:30","version" => "6.2.1"},{"date" => "2005-05-01T16:29:36","version" => "6.2.2"},{"date" => "2005-05-12T17:15:04","version" => "6.2.3"},{"date" => "2005-05-23T21:17:12","version" => "6.2.4"},{"date" => "2005-05-23T21:39:42","version" => "6.2.5"},{"date" => "2005-06-02T03:17:03","version" => "6.2.6"},{"date" => "2005-06-13T12:34:18","version" => "6.2.7"},{"date" => "2005-07-13T16:16:05","version" => "6.2.8"},{"date" => "2005-08-03T19:19:38","version" => "6.2.9"},{"date" => "2005-10-10T01:32:18","version" => "6.2.10"},{"date" => "2006-02-01T21:12:47","version" => "6.2.11"},{"date" => "2006-06-26T20:22:01","version" => "6.2.11"},{"date" => "2006-10-17T12:51:53","version" => "6.2.13"}]},"PerlSpeak" => {"advisories" => [{"affected_versions" => ["<=2.01"],"cves" => ["CVE-2020-10674"],"description" => "PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.","distribution" => "PerlSpeak","fixed_versions" => [">2.01"],"id" => "CPANSA-PerlSpeak-2011-10007","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-10674","https://metacpan.org/source/JKAMPHAUS/PerlSpeak-2.01/Changes","https://rt.cpan.org/Public/Bug/Display.html?id=132173","https://github.com/gitpan/PerlSpeak"],"reported" => "2025-06-05","severity" => undef}],"main_module" => "PerlSpeak","versions" => [{"date" => "2007-01-08T06:32:14","version" => "0.01"},{"date" => "2007-01-09T06:00:00","version" => "0.03"},{"date" => "2007-01-20T19:51:59","version" => "0.50"},{"date" => "2007-01-24T19:12:12","version" => "0.50"},{"date" => "2007-06-18T04:41:45","version" => "1.0"},{"date" => "2007-11-02T15:03:33","version" => "1.50"},{"date" => "2008-01-03T02:33:29","version" => "2.01"}]},"Perlbal" => {"advisories" => [{"affected_versions" => ["<1.70"],"cves" => ["CVE-2008-1652"],"description" => "Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter.  NOTE: some of these details are obtained from third party information.\n","distribution" => "Perlbal","fixed_versions" => [],"id" => "CPANSA-Perlbal-2008-1652","references" => ["http://search.cpan.org/src/BRADFITZ/Perlbal-1.70/CHANGES","http://secunia.com/advisories/29565","http://www.vupen.com/english/advisories/2008/1045/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41540"],"reported" => "2008-04-02","severity" => undef}],"main_module" => "Perlbal","versions" => [{"date" => "2005-07-26T20:21:09","version" => "1.3"},{"date" => "2005-08-17T06:04:13","version" => "1.35"},{"date" => "2005-08-19T17:27:29","version" => "1.36"},{"date" => "2005-10-19T16:57:48","version" => "1.38"},{"date" => "2006-02-06T19:25:44","version" => "1.41"},{"date" => "2006-08-04T04:56:17","version" => "1.42"},{"date" => "2006-08-09T18:09:23","version" => "1.43"},{"date" => "2006-08-10T21:49:57","version" => "1.44"},{"date" => "2006-08-10T23:04:14","version" => "1.45"},{"date" => "2006-08-10T23:55:32","version" => "1.46"},{"date" => "2006-08-15T23:17:40","version" => "1.47"},{"date" => "2006-09-08T20:42:55","version" => "1.50"},{"date" => "2006-10-04T18:55:28","version" => "1.51"},{"date" => "2006-11-13T18:01:56","version" => "1.52"},{"date" => "2006-12-05T09:32:56","version" => "1.53"},{"date" => "2007-02-05T20:00:01","version" => "1.54"},{"date" => "2007-03-21T07:32:33","version" => "1.55"},{"date" => "2007-04-16T21:02:13","version" => "1.56"},{"date" => "2007-04-26T20:37:24","version" => "1.57"},{"date" => "2007-05-11T18:20:57","version" => "1.58"},{"date" => "2007-05-22T17:31:31","version" => "1.59"},{"date" => "2007-10-24T04:09:35","version" => "1.60"},{"date" => "2008-03-09T04:28:27","version" => "1.70"},{"date" => "2008-09-14T00:41:35","version" => "1.71"},{"date" => "2008-09-22T01:40:20","version" => "1.72"},{"date" => "2009-10-05T20:51:59","version" => "1.73"},{"date" => "2010-03-20T07:59:03","version" => "1.74"},{"date" => "2010-04-02T22:32:03","version" => "1.75"},{"date" => "2010-06-18T01:52:54","version" => "1.76"},{"date" => "2011-01-16T05:20:16","version" => "1.77"},{"date" => "2011-01-23T05:33:07","version" => "1.78"},{"date" => "2011-06-15T23:59:19","version" => "1.79"},{"date" => "2012-02-27T07:02:28","version" => "1.80"}]},"Perldoc-Server" => {"advisories" => [{"affected_versions" => [">=0.09,<=0.10"],"cves" => ["CVE-2021-23432"],"description" => "This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()\n","distribution" => "Perldoc-Server","fixed_versions" => [],"id" => "CPANSA-Perldoc-Server-2021-23432-mootools","references" => ["https://snyk.io/vuln/SNYK-JS-MOOTOOLS-1325536"],"reported" => "2021-08-24","severity" => "critical"}],"main_module" => "Perldoc::Server","versions" => [{"date" => "2009-03-30T15:26:20","version" => "0.01"},{"date" => "2009-04-01T08:44:34","version" => "0.02"},{"date" => "2009-04-02T11:01:42","version" => "0.03"},{"date" => "2009-04-04T14:26:15","version" => "0.04"},{"date" => "2009-04-05T12:36:37","version" => "0.05"},{"date" => "2009-09-16T12:05:55","version" => "0.07"},{"date" => "2010-04-24T13:51:16","version" => "0.08"},{"date" => "2010-04-28T20:46:28","version" => "0.09"},{"date" => "2011-11-15T17:52:36","version" => "0.10"}]},"Pinto" => {"advisories" => [{"affected_versions" => ["<0.09995"],"cves" => [],"description" => "Pinto server allowed directory traveral.\n","distribution" => "Pinto","fixed_versions" => [">=0.09995"],"id" => "CPANSA-Pinto-2014-01","references" => ["https://metacpan.org/dist/Pinto/changes","https://github.com/thaljef/Pinto/commit/195d46eb4488a7dec6c39d6eb1c48dc872ab2b3b"],"reported" => "2014-08-19","reviewed_by" => [{"date" => "2022-06-28","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]}],"main_module" => "Pinto","versions" => [{"date" => "2011-07-26T21:17:47","version" => "0.001"},{"date" => "2011-07-27T00:22:00","version" => "0.002"},{"date" => "2011-08-04T06:00:27","version" => "0.003"},{"date" => "2011-08-04T07:24:59","version" => "0.004"},{"date" => "2011-08-04T07:46:03","version" => "0.005"},{"date" => "2011-08-04T07:54:24","version" => "0.006"},{"date" => "2011-08-04T15:07:03","version" => "0.007"},{"date" => "2011-08-09T21:49:02","version" => "0.008"},{"date" => "2011-08-13T00:51:56","version" => "0.009"},{"date" => "2011-08-14T20:32:00","version" => "0.010"},{"date" => "2011-08-15T04:14:45","version" => "0.011"},{"date" => "2011-08-17T16:12:20","version" => "0.012"},{"date" => "2011-08-17T23:14:14","version" => "0.014"},{"date" => "2011-08-18T08:57:36","version" => "0.015"},{"date" => "2011-08-18T09:03:09","version" => "0.016"},{"date" => "2011-08-24T07:53:18","version" => "0.017"},{"date" => "2011-08-24T08:48:57","version" => "0.018"},{"date" => "2011-08-24T11:16:38","version" => "0.019"},{"date" => "2011-08-29T03:46:11","version" => "0.020"},{"date" => "2011-08-30T08:20:49","version" => "0.021"},{"date" => "2011-08-31T08:35:52","version" => "0.022"},{"date" => "2011-08-31T21:22:32","version" => "0.023"},{"date" => "2011-09-01T22:29:05","version" => "0.024"},{"date" => "2011-12-02T11:21:54","version" => "0.025_001"},{"date" => "2011-12-02T12:42:45","version" => "0.025_002"},{"date" => "2011-12-03T12:16:42","version" => "0.025_003"},{"date" => "2011-12-07T15:26:36","version" => "0.025_004"},{"date" => "2011-12-07T20:09:02","version" => "0.026"},{"date" => "2011-12-08T23:27:07","version" => "0.027"},{"date" => "2011-12-12T09:32:39","version" => "0.028"},{"date" => "2011-12-15T08:31:43","version" => "0.029"},{"date" => "2012-01-27T06:05:38","version" => "0.030"},{"date" => "2012-02-28T13:23:36","version" => "0.031"},{"date" => "2012-03-01T18:43:41","version" => "0.032"},{"date" => "2012-03-15T14:00:07","version" => "0.033"},{"date" => "2012-04-05T02:08:20","version" => "0.035"},{"date" => "2012-04-09T07:18:50","version" => "0.036"},{"date" => "2012-04-11T03:02:41","version" => "0.037"},{"date" => "2012-04-17T01:21:11","version" => "0.038"},{"date" => "2012-05-01T20:52:05","version" => "0.040_001"},{"date" => "2012-05-04T23:28:00","version" => "0.040_002"},{"date" => "2012-05-05T04:42:35","version" => "0.040_003"},{"date" => "2012-05-15T18:18:01","version" => "0.041"},{"date" => "2012-05-18T04:59:37","version" => "0.042"},{"date" => "2012-06-19T17:58:05","version" => "0.043"},{"date" => "2012-07-15T08:45:52","version" => "0.044"},{"date" => "2012-07-24T06:18:49","version" => "0.045"},{"date" => "2012-08-13T22:50:28","version" => "0.046"},{"date" => "2012-08-14T00:27:03","version" => "0.047"},{"date" => "2012-08-15T16:28:03","version" => "0.048"},{"date" => "2012-08-15T21:30:01","version" => "0.050"},{"date" => "2012-08-16T01:31:42","version" => "0.051"},{"date" => "2012-09-18T23:20:20","version" => "0.052"},{"date" => "2012-09-20T04:03:53","version" => "0.053"},{"date" => "2012-09-20T05:07:44","version" => "0.054"},{"date" => "2012-09-20T20:40:05","version" => "0.055"},{"date" => "2012-09-27T20:45:51","version" => "0.056"},{"date" => "2012-10-07T21:25:33","version" => "0.057"},{"date" => "2012-10-12T06:19:44","version" => "0.058"},{"date" => "2012-10-20T08:01:03","version" => "0.059"},{"date" => "2012-10-23T21:41:47","version" => "0.060"},{"date" => "2012-10-31T00:23:58","version" => "0.061"},{"date" => "2012-11-08T18:57:09","version" => "0.062"},{"date" => "2012-11-12T20:03:29","version" => "0.063"},{"date" => "2012-11-12T21:58:57","version" => "0.064"},{"date" => "2012-11-14T18:00:34","version" => "0.065"},{"date" => "2013-03-15T23:28:13","version" => "0.065_01"},{"date" => "2013-03-16T06:44:49","version" => "0.065_02"},{"date" => "2013-03-19T22:58:08","version" => "0.065_03"},{"date" => "2013-03-20T23:12:44","version" => "0.065_04"},{"date" => "2013-03-20T23:28:07","version" => "0.065_05"},{"date" => "2013-03-23T07:33:37","version" => "0.065_06"},{"date" => "2013-03-26T23:29:22","version" => "0.066"},{"date" => "2013-03-30T07:51:45","version" => "0.067"},{"date" => "2013-04-05T05:47:08","version" => "0.068"},{"date" => "2013-04-21T16:55:30","version" => "0.079_01"},{"date" => "2013-04-23T07:53:34","version" => "0.079_04"},{"date" => "2013-04-26T17:50:55","version" => "0.080"},{"date" => "2013-04-26T21:00:35","version" => "0.081"},{"date" => "2013-04-29T17:02:33","version" => "0.082"},{"date" => "2013-05-13T21:45:43","version" => "0.083"},{"date" => "2013-05-15T00:34:13","version" => "0.084"},{"date" => "2013-06-16T08:05:08","version" => "0.084_01"},{"date" => "2013-06-17T04:08:49","version" => "0.084_02"},{"date" => "2013-06-17T20:09:55","version" => "0.085"},{"date" => "2013-06-18T10:08:10","version" => "0.086"},{"date" => "2013-06-20T01:50:39","version" => "0.087"},{"date" => "2013-07-09T08:19:39","version" => "0.087_01"},{"date" => "2013-07-21T08:38:23","version" => "0.087_03"},{"date" => "2013-07-27T03:21:44","version" => "0.087_04"},{"date" => "2013-07-30T07:00:31","version" => "0.087_05"},{"date" => "2013-08-15T18:00:31","version" => "0.088"},{"date" => "2013-08-19T20:34:32","version" => "0.089"},{"date" => "2013-08-23T22:02:45","version" => "0.090"},{"date" => "2013-10-25T19:22:19","version" => "0.091"},{"date" => "2013-11-20T19:18:40","version" => "0.092"},{"date" => "2013-12-22T00:41:08","version" => "0.093"},{"date" => "2013-12-22T09:07:09","version" => "0.094"},{"date" => "2013-12-23T07:49:14","version" => "0.095"},{"date" => "2014-01-07T18:57:51","version" => "0.096"},{"date" => "2014-01-08T07:10:26","version" => "0.097"},{"date" => "2014-01-17T20:57:05","version" => "0.097_01"},{"date" => "2014-01-23T08:46:47","version" => "0.097_02"},{"date" => "2014-01-23T22:17:10","version" => "0.097_03"},{"date" => "2014-01-25T23:24:17","version" => "0.097_04"},{"date" => "2014-01-28T01:01:18","version" => "0.098"},{"date" => "2014-01-28T10:07:29","version" => "0.098_01"},{"date" => "2014-01-28T20:44:00","version" => "0.099"},{"date" => "2014-02-01T01:30:41","version" => "0.0991"},{"date" => "2014-02-10T10:11:30","version" => "0.0992"},{"date" => "2014-02-23T22:14:22","version" => "0.0993"},{"date" => "2014-03-02T00:14:38","version" => "0.0994"},{"date" => "2014-03-05T09:16:04","version" => "0.0994_01"},{"date" => "2014-03-16T06:18:21","version" => "0.0994_02"},{"date" => "2014-03-16T07:56:27","version" => "0.0994_03"},{"date" => "2014-03-18T04:44:49","version" => "0.0994_04"},{"date" => "2014-03-19T04:24:14","version" => "0.0995"},{"date" => "2014-03-23T04:23:21","version" => "0.0996"},{"date" => "2014-03-24T04:02:32","version" => "0.0997"},{"date" => "2014-03-31T22:44:44","version" => "0.0998"},{"date" => "2014-04-04T06:05:12","version" => "0.0999"},{"date" => "2014-04-05T12:41:39","version" => "0.09991"},{"date" => "2014-04-23T22:27:50","version" => "0.09992"},{"date" => "2014-04-28T17:43:44","version" => "0.09992_01"},{"date" => "2014-04-29T21:34:32","version" => "0.09992_02"},{"date" => "2014-05-03T01:04:46","version" => "0.09993"},{"date" => "2014-08-20T01:44:36","version" => "0.09995"},{"date" => "2014-11-04T19:15:26","version" => "0.09996"},{"date" => "2015-03-24T08:26:01","version" => "0.09997"},{"date" => "2015-06-10T15:22:03","version" => "0.09998"},{"date" => "2015-06-14T05:30:55","version" => "0.09999"},{"date" => "2015-08-12T08:48:47","version" => "0.11"},{"date" => "2016-07-17T05:04:20","version" => "0.11_01"},{"date" => "2016-07-26T04:18:25","version" => "0.12"},{"date" => "2017-08-06T05:59:13","version" => "0.13"},{"date" => "2017-08-06T07:31:17","version" => "0.14"}]},"PlRPC" => {"advisories" => [{"affected_versions" => ["<=0.2020"],"cves" => ["CVE-2013-7284"],"description" => "The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "PlRPC","fixed_versions" => [],"id" => "CPANSA-PlRPC-2013-7284","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1051108","http://seclists.org/oss-sec/2014/q1/56","http://seclists.org/oss-sec/2014/q1/62","https://bugzilla.redhat.com/show_bug.cgi?id=1030572","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789","https://rt.cpan.org/Public/Bug/Display.html?id=90474"],"reported" => "2014-04-29","severity" => undef}],"main_module" => "Bundle::PlRPC","versions" => [{"date" => "1998-10-28T23:03:06","version" => "0.2001"},{"date" => "1999-01-15T09:26:43","version" => "0.2003"},{"date" => "1999-04-09T21:18:22","version" => "0.2010"},{"date" => "1999-06-21T09:10:10","version" => "0.2004"},{"date" => "1999-06-21T09:26:45","version" => "0.2011"},{"date" => "1999-06-26T16:21:38","version" => "0.2012"},{"date" => "2001-01-23T08:17:41","version" => "0.2013"},{"date" => "2001-01-23T15:57:05","version" => "0.2014"},{"date" => "2001-03-26T13:10:50","version" => "0.2015"},{"date" => "2001-10-01T02:45:21","version" => "0.2016"},{"date" => "2003-06-09T08:55:18","version" => "0.2017"},{"date" => "2004-07-27T07:47:32","version" => "0.2018"},{"date" => "2007-05-22T20:56:36","version" => "0.2018"},{"date" => "2007-06-17T20:00:21","version" => "0.2018"},{"date" => "2012-01-27T16:55:27","version" => "0.2021_01"}]},"Plack" => {"advisories" => [{"affected_versions" => ["<1.0034"],"cves" => [],"description" => "Fixed a possible directory traversal with Plack::App::File on Win32.\n","distribution" => "Plack","fixed_versions" => [">=1.0034"],"id" => "CPANSA-Plack-2015-0202","references" => [],"reported" => "2015-02-02"},{"affected_versions" => ["<1.0031"],"cves" => [],"description" => "Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files\n","distribution" => "Plack","fixed_versions" => [">=1.0031"],"id" => "CPANSA-Plack-2014-0801","references" => ["https://github.com/plack/Plack/pull/446"],"reported" => "2014-08-01"},{"affected_versions" => ["<1.0016"],"cves" => [],"description" => "Fixed directory traversal bug in Plack::App::File on win32 environments\n","distribution" => "Plack","fixed_versions" => [">=1.0016"],"id" => "CPANSA-Plack-2013-0131","references" => [],"reported" => "2013-01-31"}],"main_module" => "Plack","versions" => [{"date" => "2009-10-13T07:21:14","version" => "0.9000"},{"date" => "2009-10-13T07:59:20","version" => "0.9001"},{"date" => "2009-10-14T18:28:32","version" => "0.9002"},{"date" => "2009-10-19T02:19:08","version" => "0.9003"},{"date" => "2009-10-21T05:59:54","version" => "0.9004"},{"date" => "2009-10-22T03:55:53","version" => "0.9005"},{"date" => "2009-10-23T08:22:57","version" => "0.9006"},{"date" => "2009-10-25T00:49:12","version" => "0.9007"},{"date" => "2009-10-27T21:20:52","version" => "0.9008"},{"date" => "2009-11-08T04:51:25","version" => "0.9009"},{"date" => "2009-11-12T07:23:02","version" => "0.9010"},{"date" => "2009-11-12T11:57:16","version" => "0.9011"},{"date" => "2009-11-17T21:48:12","version" => "0.9012"},{"date" => "2009-11-19T02:29:16","version" => "0.9013"},{"date" => "2009-11-21T05:54:55","version" => "0.9014"},{"date" => "2009-11-26T08:39:53","version" => "0.9015"},{"date" => "2009-11-29T07:41:55","version" => "0.9016"},{"date" => "2009-11-29T08:40:10","version" => "0.9017"},{"date" => "2009-12-03T08:52:20","version" => "0.9018"},{"date" => "2009-12-06T06:01:48","version" => "0.9019"},{"date" => "2009-12-07T10:39:46","version" => "0.9020"},{"date" => "2009-12-08T22:32:02","version" => "0.9021"},{"date" => "2009-12-13T19:03:10","version" => "0.9022"},{"date" => "2009-12-17T21:22:18","version" => "0.9023"},{"date" => "2009-12-19T20:28:45","version" => "0.9024"},{"date" => "2009-12-26T01:16:08","version" => "0.9025"},{"date" => "2010-01-01T01:38:39","version" => "0.9026"},{"date" => "2010-01-04T00:36:24","version" => "0.9027"},{"date" => "2010-01-06T02:44:35","version" => "0.9028"},{"date" => "2010-01-08T03:13:27","version" => "0.9029"},{"date" => "2010-01-09T21:17:38","version" => "0.9030"},{"date" => "2010-01-11T19:34:54","version" => "0.9031"},{"date" => "2010-01-29T22:44:12","version" => "0.99_01"},{"date" => "2010-01-31T06:15:25","version" => "0.99_02"},{"date" => "2010-02-04T00:15:09","version" => "0.99_03"},{"date" => "2010-02-06T07:17:08","version" => "0.99_04"},{"date" => "2010-02-10T20:55:18","version" => "0.99_05"},{"date" => "2010-02-23T03:10:40","version" => "0.9910"},{"date" => "2010-02-23T09:58:27","version" => "0.9911"},{"date" => "2010-02-25T09:32:19","version" => "0.9912"},{"date" => "2010-02-26T03:16:42","version" => "0.9913"},{"date" => "2010-03-04T00:07:15","version" => "0.9914"},{"date" => "2010-03-08T09:35:55","version" => "0.9915"},{"date" => "2010-03-12T03:56:59","version" => "0.9916"},{"date" => "2010-03-17T22:41:16","version" => "0.9917"},{"date" => "2010-03-18T05:42:29","version" => "0.9918"},{"date" => "2010-03-18T05:56:03","version" => "0.9919"},{"date" => "2010-03-19T07:05:16","version" => "0.9920"},{"date" => "2010-03-25T22:10:09","version" => "0.99_21"},{"date" => "2010-03-26T02:51:33","version" => "0.99_22"},{"date" => "2010-03-27T08:06:00","version" => "0.99_23"},{"date" => "2010-03-27T20:36:26","version" => "0.99_24"},{"date" => "2010-03-28T02:06:23","version" => "0.9925"},{"date" => "2010-03-28T21:49:52","version" => "0.9926"},{"date" => "2010-03-29T19:51:35","version" => "0.9927"},{"date" => "2010-03-30T00:07:33","version" => "0.9928"},{"date" => "2010-03-31T07:37:38","version" => "0.9929"},{"date" => "2010-04-14T03:22:29","version" => "0.9930"},{"date" => "2010-04-17T06:54:58","version" => "0.9931"},{"date" => "2010-04-19T06:29:10","version" => "0.9932"},{"date" => "2010-04-27T21:35:45","version" => "0.9933"},{"date" => "2010-05-04T22:51:24","version" => "0.9934"},{"date" => "2010-05-05T22:21:08","version" => "0.9935"},{"date" => "2010-05-14T23:01:23","version" => "0.9936"},{"date" => "2010-05-15T06:14:20","version" => "0.9937"},{"date" => "2010-05-24T00:16:59","version" => "0.9938"},{"date" => "2010-07-03T01:04:03","version" => "0.9938"},{"date" => "2010-07-03T06:43:20","version" => "0.9940"},{"date" => "2010-07-09T01:22:49","version" => "0.9941"},{"date" => "2010-07-24T06:46:17","version" => "0.9942"},{"date" => "2010-07-30T20:26:59","version" => "0.9943"},{"date" => "2010-08-09T06:40:55","version" => "0.9944"},{"date" => "2010-08-19T23:32:19","version" => "0.9945"},{"date" => "2010-08-29T05:49:19","version" => "0.9946"},{"date" => "2010-09-09T09:27:05","version" => "0.9947"},{"date" => "2010-09-09T23:04:59","version" => "0.9948"},{"date" => "2010-09-14T19:01:11","version" => "0.9949"},{"date" => "2010-09-30T21:14:53","version" => "0.9950"},{"date" => "2010-10-25T21:19:36","version" => "0.9951"},{"date" => "2010-12-02T22:06:47","version" => "0.9952"},{"date" => "2010-12-03T22:52:23","version" => "0.9953"},{"date" => "2010-12-10T01:48:11","version" => "0.9954"},{"date" => "2010-12-10T02:03:59","version" => "0.9955"},{"date" => "2010-12-10T03:39:26","version" => "0.9956"},{"date" => "2010-12-16T19:33:28","version" => "0.9957"},{"date" => "2010-12-20T23:23:17","version" => "0.9958"},{"date" => "2010-12-21T19:58:23","version" => "0.9959"},{"date" => "2010-12-25T19:18:11","version" => "0.9960"},{"date" => "2011-01-08T05:54:56","version" => "0.9961"},{"date" => "2011-01-09T05:21:23","version" => "0.9962"},{"date" => "2011-01-11T00:51:33","version" => "0.9963"},{"date" => "2011-01-25T00:50:49","version" => "0.9964"},{"date" => "2011-01-25T07:13:52","version" => "0.9965"},{"date" => "2011-01-25T20:03:38","version" => "0.9966"},{"date" => "2011-01-25T22:27:44","version" => "0.9967"},{"date" => "2011-02-10T03:09:10","version" => "0.9968"},{"date" => "2011-02-19T05:56:47","version" => "0.9969"},{"date" => "2011-02-22T16:44:11","version" => "0.9970"},{"date" => "2011-02-23T22:07:39","version" => "0.9971"},{"date" => "2011-02-24T19:57:46","version" => "0.9972"},{"date" => "2011-02-26T17:48:50","version" => "0.9973"},{"date" => "2011-03-04T04:56:59","version" => "0.9974"},{"date" => "2011-03-24T18:38:08","version" => "0.99_75"},{"date" => "2011-04-09T01:29:10","version" => "0.9976"},{"date" => "2011-05-01T19:24:37","version" => "0.9977"},{"date" => "2011-05-04T18:31:01","version" => "0.9978"},{"date" => "2011-05-17T16:59:59","version" => "0.9979"},{"date" => "2011-06-07T03:29:28","version" => "0.9980"},{"date" => "2011-07-19T00:35:19","version" => "0.9981"},{"date" => "2011-07-19T20:14:06","version" => "0.9982"},{"date" => "2011-09-27T17:23:29","version" => "0.9983"},{"date" => "2011-10-03T16:57:23","version" => "0.9984"},{"date" => "2011-10-31T20:17:46","version" => "0.9985"},{"date" => "2012-03-12T18:29:44","version" => "0.9986"},{"date" => "2012-05-10T05:13:38","version" => "0.9987"},{"date" => "2012-05-11T10:27:33","version" => "0.9988"},{"date" => "2012-06-21T20:49:15","version" => "0.9989"},{"date" => "2012-07-18T18:17:16","version" => "0.9990"},{"date" => "2012-07-20T00:30:44","version" => "0.9991"},{"date" => "2012-07-20T02:12:14","version" => "1.0000"},{"date" => "2012-07-26T23:28:35","version" => "1.0001"},{"date" => "2012-08-14T00:09:45","version" => "1.0002"},{"date" => "2012-08-29T20:49:18","version" => "1.0003"},{"date" => "2012-09-20T02:21:25","version" => "1.0004"},{"date" => "2012-10-09T20:37:58","version" => "1.0005"},{"date" => "2012-10-18T23:10:01","version" => "1.0006"},{"date" => "2012-10-21T06:23:22","version" => "1.0007"},{"date" => "2012-10-23T01:54:12","version" => "1.0008"},{"date" => "2012-10-23T07:59:59","version" => "1.0009"},{"date" => "2012-11-02T20:33:36","version" => "1.0010"},{"date" => "2012-11-11T19:09:23","version" => "1.0011"},{"date" => "2012-11-14T20:02:29","version" => "1.0012"},{"date" => "2012-11-15T03:49:43","version" => "1.0013"},{"date" => "2012-12-03T18:30:20","version" => "1.0014"},{"date" => "2013-01-10T23:23:32","version" => "1.0015"},{"date" => "2013-01-31T21:28:36","version" => "1.0016"},{"date" => "2013-02-08T03:43:51","version" => "1.0017"},{"date" => "2013-03-08T18:47:51","version" => "1.0018"},{"date" => "2013-04-02T01:39:27","version" => "1.0019"},{"date" => "2013-04-02T02:39:03","version" => "1.0020"},{"date" => "2013-04-02T18:21:32","version" => "1.0021"},{"date" => "2013-04-02T19:38:30","version" => "1.0022"},{"date" => "2013-04-08T18:14:06","version" => "1.0023"},{"date" => "2013-05-01T17:07:27","version" => "1.0024"},{"date" => "2013-06-12T20:10:31","version" => "1.0025"},{"date" => "2013-06-13T06:01:17","version" => "1.0026"},{"date" => "2013-06-14T04:31:09","version" => "1.0027"},{"date" => "2013-06-15T08:44:43","version" => "1.0028"},{"date" => "2013-08-22T21:06:25","version" => "1.0029"},{"date" => "2013-11-23T07:55:52","version" => "1.0030"},{"date" => "2014-08-01T20:20:15","version" => "1.0031"},{"date" => "2014-10-04T18:14:01","version" => "1.0032"},{"date" => "2014-10-23T20:32:28","version" => "1.0033"},{"date" => "2015-02-02T20:44:19","version" => "1.0034"},{"date" => "2015-04-16T08:09:20","version" => "1.0035"},{"date" => "2015-06-03T19:03:39","version" => "1.0036"},{"date" => "2015-06-19T17:02:08","version" => "1.0037"},{"date" => "2015-11-25T20:37:51","version" => "1.0038"},{"date" => "2015-12-06T11:29:40","version" => "1.0039"},{"date" => "2016-04-01T16:58:21","version" => "1.0040"},{"date" => "2016-09-25T21:25:47","version" => "1.0041"},{"date" => "2016-09-29T05:38:42","version" => "1.0042"},{"date" => "2017-02-22T03:02:05","version" => "1.0043"},{"date" => "2017-04-27T17:48:20","version" => "1.0044"},{"date" => "2017-12-31T20:42:50","version" => "1.0045"},{"date" => "2018-02-10T07:52:31","version" => "1.0046"},{"date" => "2018-02-10T09:25:30","version" => "1.0047"},{"date" => "2020-11-30T00:21:36","version" => "1.0048"},{"date" => "2022-09-01T17:44:48","version" => "1.0049"},{"date" => "2022-09-05T15:48:11","version" => "1.0050"},{"date" => "2024-01-05T23:11:02","version" => "1.0051"},{"date" => "2024-09-30T20:39:33","version" => "1.0052"},{"date" => "2024-12-12T21:11:55","version" => "1.0053"}]},"Plack-Debugger" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=0.03"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Plack-Debugger","fixed_versions" => [],"id" => "CPANSA-Plack-Debugger-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Plack::Debugger","versions" => [{"date" => "2014-11-10T19:22:12","version" => "0.01"},{"date" => "2014-11-15T15:51:48","version" => "0.02"},{"date" => "2014-12-28T23:11:51","version" => "0.03"}]},"Plack-Middleware-Bootstrap" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Plack-Middleware-Bootstrap","fixed_versions" => [],"id" => "CPANSA-Plack-Middleware-Bootstrap-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "Plack::Middleware::Bootstrap","versions" => [{"date" => "2014-12-15T08:26:06","version" => "0.01"},{"date" => "2014-12-15T08:49:36","version" => "0.02"},{"date" => "2014-12-15T08:59:55","version" => "0.03"},{"date" => "2014-12-16T01:57:09","version" => "0.04"},{"date" => "2014-12-17T00:20:15","version" => "0.05"},{"date" => "2015-01-13T01:19:47","version" => "0.06"},{"date" => "2015-10-06T07:12:15","version" => "0.07"},{"date" => "2016-06-09T08:34:17","version" => "0.08"}]},"Plack-Middleware-Session" => {"advisories" => [{"affected_versions" => ["<=0.21"],"cves" => [],"description" => "Plack::Middleware::Session::Cookie 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server, when the middleware is enabled without a secret.\n","distribution" => "Plack-Middleware-Session","fixed_versions" => [">0.21"],"id" => "CPANSA-Plack-Middleware-Session-2014-01","references" => ["https://gist.github.com/miyagawa/2b8764af908a0dacd43d","https://metacpan.org/changes/distribution/Plack-Middleware-Session"],"reported" => "2014-08-11","severity" => "critical"},{"affected_versions" => ["<0.35"],"cves" => ["CVE-2025-40923"],"description" => "Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Plack-Middleware-Session","fixed_versions" => [">=0.35"],"id" => "CPANSA-Plack-Middleware-Session-2025-40923","references" => ["https://github.com/plack/Plack-Middleware-Session/commit/1fbfbb355e34e7f4b3906f66cf958cedadd2b9be.patch","https://github.com/plack/Plack-Middleware-Session/pull/52","https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.34/source/lib/Plack/Session/State.pm#L22","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-07-16","severity" => undef}],"main_module" => "Plack::Middleware::Session","versions" => [{"date" => "2009-12-15T18:59:13","version" => "0.01"},{"date" => "2009-12-19T19:27:38","version" => "0.02"},{"date" => "2010-01-07T22:12:43","version" => "0.03"},{"date" => "2010-01-30T21:46:53","version" => "0.09_01"},{"date" => "2010-01-31T07:17:07","version" => "0.09_02"},{"date" => "2010-02-03T04:46:20","version" => "0.09_03"},{"date" => "2010-02-23T03:16:31","version" => "0.10"},{"date" => "2010-02-27T10:47:17","version" => "0.11"},{"date" => "2010-07-07T22:55:18","version" => "0.12"},{"date" => "2010-12-22T17:00:14","version" => "0.13"},{"date" => "2011-03-29T20:50:06","version" => "0.14"},{"date" => "2012-09-04T21:16:35","version" => "0.15"},{"date" => "2013-02-10T19:43:11","version" => "0.16"},{"date" => "2013-02-11T23:45:49","version" => "0.17"},{"date" => "2013-02-12T10:57:14","version" => "0.17"},{"date" => "2013-06-24T23:09:39","version" => "0.20"},{"date" => "2013-10-12T18:42:26","version" => "0.21"},{"date" => "2014-08-11T17:18:03","version" => "0.22"},{"date" => "2014-08-11T17:23:40","version" => "0.23"},{"date" => "2014-09-05T11:48:57","version" => "0.24"},{"date" => "2014-09-29T03:07:54","version" => "0.25"},{"date" => "2015-02-03T08:17:55","version" => "0.26"},{"date" => "2015-02-14T00:52:35","version" => "0.27"},{"date" => "2015-02-16T16:30:31","version" => "0.28"},{"date" => "2015-02-17T23:57:32","version" => "0.29"},{"date" => "2015-03-02T18:25:56","version" => "0.30"},{"date" => "2019-02-26T19:01:59","version" => "0.31"},{"date" => "2019-02-26T21:36:43","version" => "0.32"},{"date" => "2019-03-09T23:19:27","version" => "0.33"},{"date" => "2024-09-23T16:54:44","version" => "0.34"},{"date" => "2025-07-07T22:51:18","version" => "0.35"},{"date" => "2025-07-23T19:02:02","version" => "0.36"}]},"Plack-Middleware-Session-Simple" => {"advisories" => [{"affected_versions" => ["<0.05"],"cves" => ["CVE-2025-40926"],"description" => "Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.  Plack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923.","distribution" => "Plack-Middleware-Session-Simple","fixed_versions" => [">=0.05"],"id" => "CPANSA-Plack-Middleware-Session-Simple-2025-40926","references" => ["https://github.com/kazeburo/Plack-Middleware-Session-Simple/commit/760bb358b8f53e52cf415888a4ac858fd99bb24e.patch","https://github.com/kazeburo/Plack-Middleware-Session-Simple/pull/4","https://metacpan.org/release/KAZEBURO/Plack-Middleware-Session-Simple-0.04/source/lib/Plack/Middleware/Session/Simple.pm#L43","https://security.metacpan.org/docs/guides/random-data-for-security.html","https://www.cve.org/CVERecord?id=CVE-2025-40923"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "Plack::Middleware::Session::Simple","versions" => [{"date" => "2013-10-25T05:18:35","version" => "0.01"},{"date" => "2013-10-27T14:44:57","version" => "0.02"},{"date" => "2014-10-20T14:22:04","version" => "0.03"},{"date" => "2018-03-03T04:50:44","version" => "0.04"},{"date" => "2026-03-08T14:44:02","version" => "0.05"}]},"Plack-Middleware-StaticShared" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "Vulnerability of directory traversal.\n","distribution" => "Plack-Middleware-StaticShared","fixed_versions" => [">=0.04"],"id" => "CPANSA-Plack-Middleware-StaticShared-2012-01","references" => ["https://metacpan.org/dist/Plack-Middleware-StaticShared/changes"],"reported" => "2012-04-26","severity" => undef}],"main_module" => "Plack::Middleware::StaticShared","versions" => [{"date" => "2010-12-03T11:42:11","version" => "0.01"},{"date" => "2011-08-03T00:32:41","version" => "0.02"},{"date" => "2011-08-10T14:36:03","version" => "0.03"},{"date" => "2012-04-26T03:37:11","version" => "0.04"},{"date" => "2013-01-24T10:40:54","version" => "0.05"},{"date" => "2016-06-09T03:53:36","version" => "0.06"}]},"Plack-Middleware-Statsd" => {"advisories" => [{"affected_versions" => ["<0.8.0"],"cves" => [],"description" => "Stats for request methods are only counted for ASCII words, anything else is counted as 'other'. Stats for content types are only counted for well-formed types.","distribution" => "Plack-Middleware-Statsd","fixed_versions" => [">=0.8.0"],"id" => "CPANSA-Plack-Middleware-Statsd-2025-001","references" => ["https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-m5mc-hhfv-6rjf","https://github.com/briandfoy/cpan-security-advisory/issues/198","https://metacpan.org/dist/Plack-Middleware-Statsd/changes"],"reported" => "2025-05-13","severity" => undef}],"main_module" => "Plack::Middleware::Statsd","versions" => [{"date" => "2018-01-31T18:15:11","version" => "v0.1.0"},{"date" => "2018-02-01T14:21:59","version" => "v0.1.1"},{"date" => "2018-02-01T17:21:50","version" => "v0.2.0"},{"date" => "2018-02-05T14:17:24","version" => "v0.2.1"},{"date" => "2018-02-06T11:11:05","version" => "v0.3.0"},{"date" => "2018-02-10T23:24:24","version" => "v0.3.1"},{"date" => "2018-02-10T23:37:02","version" => "v0.3.2"},{"date" => "2018-02-13T15:25:33","version" => "v0.3.3"},{"date" => "2018-03-01T15:40:24","version" => "v0.3.4"},{"date" => "2018-05-31T20:20:12","version" => "v0.3.5"},{"date" => "2018-10-16T21:39:35","version" => "v0.3.6"},{"date" => "2018-10-19T15:07:45","version" => "v0.3.7"},{"date" => "2018-11-30T01:31:20","version" => "v0.3.8"},{"date" => "2018-11-30T16:00:44","version" => "v0.3.9"},{"date" => "2019-12-18T23:46:32","version" => "v0.3.10"},{"date" => "2020-03-21T00:25:26","version" => "v0.4.0"},{"date" => "2020-03-21T17:16:50","version" => "v0.4.1"},{"date" => "2020-03-21T18:28:58","version" => "v0.4.2"},{"date" => "2020-03-23T09:00:09","version" => "v0.4.3"},{"date" => "2020-04-30T13:05:15","version" => "v0.4.4"},{"date" => "2020-05-11T17:29:43","version" => "v0.4.5"},{"date" => "2021-04-21T15:52:11","version" => "v0.4.6"},{"date" => "2021-04-27T15:48:15","version" => "v0.4.7"},{"date" => "2021-06-15T16:04:11","version" => "v0.5.0"},{"date" => "2021-07-03T13:09:16","version" => "v0.5.1"},{"date" => "2022-07-26T15:50:57","version" => "v0.6.0"},{"date" => "2022-09-02T15:06:07","version" => "v0.6.1"},{"date" => "2022-12-11T16:07:55","version" => "v0.6.2"},{"date" => "2023-06-15T18:46:16","version" => "v0.6.3"},{"date" => "2024-07-13T11:52:52","version" => "v0.7.0"},{"date" => "2024-07-20T11:53:49","version" => "v0.7.1"},{"date" => "2025-05-13T12:08:27","version" => "v0.8.0"},{"date" => "2025-08-07T12:10:59","version" => "v0.8.1"},{"date" => "2025-08-16T11:12:13","version" => "v0.8.2"}]},"Plack-Middleware-XSRFBlock" => {"advisories" => [{"affected_versions" => ["<0.0.19"],"cves" => ["CVE-2023-52431"],"description" => "When not using signed cookies, it was possible to bypass XSRFBlock by POSTing an empty form value and an empty cookie\n","distribution" => "Plack-Middleware-XSRFBlock","fixed_versions" => [">=0.0.19"],"id" => "CPANSA-Plack-Middleware-XSRFBlock-20230714-01","references" => ["https://metacpan.org/dist/Plack-Middleware-XSRFBlock/changes","https://metacpan.org/release/DAKKAR/Plack-Middleware-XSRFBlock-0.0.19/source/Changes","https://nvd.nist.gov/vuln/detail/CVE-2023-52431"],"reported" => "2023-07-14","severity" => undef}],"main_module" => "Plack::Middleware::XSRFBlock","versions" => [{"date" => "2013-06-20T11:01:27","version" => "0.0.0_01"},{"date" => "2013-06-21T14:07:31","version" => "0.0.0_02"},{"date" => "2013-06-21T14:48:20","version" => "0.0.0_03"},{"date" => "2013-06-21T15:04:00","version" => "0.0.0_04"},{"date" => "2013-06-23T23:30:14","version" => "0.0.0_05"},{"date" => "2013-10-21T15:36:45","version" => "0.0.1"},{"date" => "2014-03-28T11:34:07","version" => "0.0.2"},{"date" => "2014-06-24T15:02:09","version" => "0.0.3"},{"date" => "2014-07-09T12:44:23","version" => "0.0.4"},{"date" => "2014-07-22T15:29:19","version" => "0.0.5"},{"date" => "2014-08-05T20:48:41","version" => "0.0.6"},{"date" => "2014-08-28T16:51:49","version" => "0.0.7"},{"date" => "2014-09-18T08:03:26","version" => "0.0.8"},{"date" => "2014-10-13T10:16:45","version" => "0.0.9"},{"date" => "2015-07-18T22:04:22","version" => "0.0.10"},{"date" => "2015-09-07T16:45:50","version" => "0.0.11"},{"date" => "2017-07-13T10:36:46","version" => "0.0.12"},{"date" => "2018-07-23T11:02:29","version" => "0.0.13"},{"date" => "2018-07-23T16:19:18","version" => "0.0.14"},{"date" => "2018-07-24T12:45:15","version" => "0.0.15"},{"date" => "2018-07-25T13:24:47","version" => "0.0.16"},{"date" => "2022-10-17T09:58:14","version" => "0.0.17"},{"date" => "2023-07-13T09:16:48","version" => "0.0.18"},{"date" => "2023-07-14T09:17:25","version" => "0.0.19"}]},"Pod-Perldoc" => {"advisories" => [{"affected_versions" => ["<3.26"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "Pod-Perldoc","fixed_versions" => [">=3.26"],"id" => "CPANSA-Pod-Perldoc-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"}],"main_module" => "Pod::Perldoc","versions" => [{"date" => "2002-11-11T10:33:54","version" => "3.04"},{"date" => "2002-11-12T05:04:50","version" => "3.05"},{"date" => "2002-11-22T10:04:59","version" => "3.06"},{"date" => "2002-12-02T05:24:12","version" => "3.07"},{"date" => "2003-01-19T03:50:24","version" => "3.08"},{"date" => "2003-07-24T14:38:18","version" => "3.09"},{"date" => "2003-09-11T07:02:58","version" => "3.10"},{"date" => "2003-10-12T23:01:05","version" => "3.11"},{"date" => "2003-10-22T01:02:23","version" => "3.12"},{"date" => "2004-04-10T02:26:31","version" => "3.13"},{"date" => "2004-11-30T22:34:04","version" => "3.14"},{"date" => "2007-08-23T12:55:53","version" => "3.14_01"},{"date" => "2007-08-23T18:18:55","version" => "3.14_02"},{"date" => "2007-09-04T13:39:37","version" => "3.14_03"},{"date" => "2008-04-16T14:37:04","version" => "3.14_04"},{"date" => "2008-04-22T18:26:25","version" => "3.14_05"},{"date" => "2008-05-03T00:43:47","version" => "3.14_06"},{"date" => "2008-05-08T14:33:08","version" => "3.14_07"},{"date" => "2008-11-01T15:01:44","version" => "3.15"},{"date" => "2009-09-30T17:29:52","version" => "3.15_01"},{"date" => "2011-11-13T23:32:29","version" => "3.15_08"},{"date" => "2011-11-14T19:38:57","version" => "3.15_09"},{"date" => "2011-11-20T01:58:40","version" => "3.15_10"},{"date" => "2011-11-29T19:10:49","version" => "3.15_11"},{"date" => "2011-12-09T13:03:26","version" => "3.15_12"},{"date" => "2011-12-14T10:17:10","version" => "3.15_13"},{"date" => "2011-12-18T16:08:00","version" => "3.15_14"},{"date" => "2012-01-06T16:47:58","version" => "3.15_15"},{"date" => "2012-03-17T05:02:18","version" => "3.16"},{"date" => "2012-03-18T03:01:03","version" => "3.17"},{"date" => "2013-01-28T04:11:09","version" => "3.18"},{"date" => "2013-01-28T04:33:05","version" => "3.19"},{"date" => "2013-01-29T02:56:49","version" => "3.19_01"},{"date" => "2013-04-27T05:51:04","version" => "3.20"},{"date" => "2013-11-19T17:18:23","version" => "3.21_01"},{"date" => "2014-01-06T02:28:01","version" => "3.21"},{"date" => "2014-01-31T05:43:36","version" => "3.22_01"},{"date" => "2014-02-05T05:17:44","version" => "3.22_02"},{"date" => "2014-02-23T19:09:39","version" => "3.23"},{"date" => "2014-08-16T16:52:05","version" => "3.23_01"},{"date" => "2014-08-19T03:49:18","version" => "3.24"},{"date" => "2014-09-10T03:32:34","version" => "3.24_01"},{"date" => "2015-01-21T03:18:32","version" => "3.24_02"},{"date" => "2015-02-12T03:13:45","version" => "3.25"},{"date" => "2016-01-12T14:43:09","version" => "3.25_02"},{"date" => "2016-07-28T04:44:07","version" => "3.26"},{"date" => "2016-07-30T16:09:06","version" => "3.26_01"},{"date" => "2016-08-02T16:35:03","version" => "3.26_02"},{"date" => "2016-08-03T20:48:54","version" => "3.27"},{"date" => "2016-10-16T02:46:57","version" => "3.27_01"},{"date" => "2017-03-01T22:00:04","version" => "3.27_02"},{"date" => "2017-03-16T01:14:07","version" => "3.28"},{"date" => "2023-12-06T07:21:16","version" => "3.28_01"},{"date" => "2025-02-16T02:15:19","version" => "3.29"},{"date" => "2010-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011005","version" => "3.15_02"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "3.15_03"},{"date" => "2011-06-16T00:00:00","dual_lived" => 1,"perl_release" => "5.014001","version" => "3.15_04"},{"date" => "2011-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015","version" => "3.15_05"},{"date" => "2011-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015001","version" => "3.15_06"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "3.15_07"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "3.25_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "3.25_03"},{"date" => "2017-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027005","version" => "3.2801"}]},"Prima-codecs-win32" => {"advisories" => [{"affected_versions" => [">=1.00,<=1.01"],"cves" => ["CVE-2017-12652"],"description" => "libpng before 1.6.32 does not properly check the length of chunks against the user limit.\n","distribution" => "Prima-codecs-win32","fixed_versions" => [],"id" => "CPANSA-Prima-codecs-win32-2017-12652-libpng","references" => ["https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","http://www.securityfocus.com/bid/109269","https://support.f5.com/csp/article/K88124225","https://support.f5.com/csp/article/K88124225?utm_source=f5support&amp;utm_medium=RSS","https://security.netapp.com/advisory/ntap-20220506-0003/"],"reported" => "2019-07-10","severity" => "critical"}],"main_module" => "Prima::codecs::win32","versions" => [{"date" => "2008-04-19T17:18:34","version" => "1.00"},{"date" => "2008-04-28T19:10:04","version" => "1.01"}]},"Prima-codecs-win64" => {"advisories" => [{"affected_versions" => [">=1.01,<=1.02"],"cves" => ["CVE-2017-12652"],"description" => "libpng before 1.6.32 does not properly check the length of chunks against the user limit.\n","distribution" => "Prima-codecs-win64","fixed_versions" => [],"id" => "CPANSA-Prima-codecs-win64-2017-12652-libpng","references" => ["https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","http://www.securityfocus.com/bid/109269","https://support.f5.com/csp/article/K88124225","https://support.f5.com/csp/article/K88124225?utm_source=f5support&amp;utm_medium=RSS","https://security.netapp.com/advisory/ntap-20220506-0003/"],"reported" => "2019-07-10","severity" => "critical"}],"main_module" => "Prima::codecs::win64","versions" => [{"date" => "2011-03-26T20:49:34","version" => "1.01"},{"date" => "2012-02-07T19:35:40","version" => "1.02"}]},"Proc-Daemon" => {"advisories" => [{"affected_versions" => ["<0.14"],"cves" => ["CVE-2013-7135"],"description" => "The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.\n","distribution" => "Proc-Daemon","fixed_versions" => [],"id" => "CPANSA-Proc-Daemon-2013-7135","references" => ["http://www.openwall.com/lists/oss-security/2014/01/07/7","http://www.openwall.com/lists/oss-security/2013/12/16/5","http://www.openwall.com/lists/oss-security/2013/12/18/2","https://rt.cpan.org/Public/Bug/Display.html?id=91450","http://www.mandriva.com/security/advisories?name=MDVSA-2014:021"],"reported" => "2014-01-28","severity" => undef}],"main_module" => "Proc::Daemon","versions" => [{"date" => "1998-01-27T18:42:37","version" => "0.01"},{"date" => "1999-04-17T19:55:07","version" => "0.02"},{"date" => "2003-06-19T22:58:30","version" => "0.03"},{"date" => "2010-10-23T23:11:32","version" => "0.04"},{"date" => "2010-10-28T20:25:50","version" => "0.05"},{"date" => "2011-01-17T22:14:07","version" => "0.06"},{"date" => "2011-02-17T19:34:32","version" => "0.07"},{"date" => "2011-03-13T17:38:15","version" => "0.08"},{"date" => "2011-03-15T07:05:00","version" => "0.09"},{"date" => "2011-04-01T19:26:32","version" => "0.10"},{"date" => "2011-05-23T14:48:37","version" => "0.11"},{"date" => "2011-05-24T17:12:19","version" => "0.12"},{"date" => "2011-06-01T11:39:51","version" => "0.13"},{"date" => "2011-06-03T09:06:45","version" => "0.14"},{"date" => "2015-01-22T00:22:38","version" => "0.15"},{"date" => "2015-01-23T00:10:30","version" => "0.16"},{"date" => "2015-01-23T23:23:49","version" => "0.17"},{"date" => "2015-01-27T01:03:25","version" => "0.18"},{"date" => "2015-03-22T09:37:55","version" => "0.19"},{"date" => "2015-06-24T04:34:03","version" => "0.20"},{"date" => "2015-08-07T01:52:52","version" => "0.21"},{"date" => "2015-10-29T00:30:34","version" => "0.22"},{"date" => "2016-01-01T18:51:05","version" => "0.23"}]},"Proc-ProcessTable" => {"advisories" => [{"affected_versions" => [">=0.45,<0.47"],"cves" => ["CVE-2011-4363"],"description" => "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.\n","distribution" => "Proc-ProcessTable","fixed_versions" => [">=0.47"],"id" => "CPANSA-Proc-ProcessTable-2011-4363","references" => ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500","http://www.osvdb.org/77428","http://www.openwall.com/lists/oss-security/2011/11/30/2","http://www.securityfocus.com/bid/50868","https://rt.cpan.org/Public/Bug/Display.html?id=72862","http://www.openwall.com/lists/oss-security/2011/11/30/3","http://secunia.com/advisories/47015","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"],"reported" => "2012-10-07","severity" => undef}],"main_module" => "Proc::ProcessTable","versions" => [{"date" => "1998-07-23T12:59:39","version" => "0.01"},{"date" => "1998-07-24T12:50:40","version" => "0.02"},{"date" => "1998-07-26T13:18:26","version" => "0.03"},{"date" => "1998-08-15T21:22:20","version" => "0.04"},{"date" => "1998-12-09T23:53:30","version" => "0.05"},{"date" => "1998-12-10T04:51:19","version" => "0.06"},{"date" => "1999-02-05T03:21:51","version" => "0.08"},{"date" => "1999-02-20T04:27:53","version" => "0.09"},{"date" => "1999-02-20T16:36:14","version" => "0.10"},{"date" => "1999-03-07T00:16:52","version" => "0.11"},{"date" => "1999-03-21T16:07:46","version" => "0.12"},{"date" => "1999-05-14T02:10:41","version" => "0.13"},{"date" => "1999-05-16T01:22:45","version" => "0.14"},{"date" => "1999-06-02T02:39:22","version" => "0.15"},{"date" => "1999-08-10T03:45:58","version" => "0.16"},{"date" => "1999-08-19T15:45:19","version" => "0.17"},{"date" => "1999-08-19T17:44:22","version" => "0.18"},{"date" => "1999-09-09T02:45:48","version" => "0.20"},{"date" => "1999-09-10T16:51:02","version" => "0.21"},{"date" => "1999-10-05T12:34:33","version" => "0.22"},{"date" => "1999-11-01T13:55:15","version" => "0.23"},{"date" => "2000-01-20T20:57:35","version" => "0.24"},{"date" => "2000-02-03T16:28:46","version" => "0.25"},{"date" => "2000-02-11T21:56:23","version" => "0.26"},{"date" => "2000-06-29T12:38:46","version" => "0.27"},{"date" => "2000-08-14T09:25:19","version" => "0.28"},{"date" => "2001-01-09T12:47:49","version" => "0.29"},{"date" => "2001-03-08T02:57:16","version" => "0.30"},{"date" => "2001-06-01T12:39:15","version" => "0.31"},{"date" => "2001-08-20T02:41:52","version" => "0.32"},{"date" => "2001-10-16T13:32:04","version" => "0.33"},{"date" => "2002-02-25T03:17:15","version" => "0.34"},{"date" => "2002-07-03T04:31:57","version" => "0.35"},{"date" => "2002-11-08T02:31:59","version" => "0.36"},{"date" => "2002-11-08T14:59:11","version" => "0.37"},{"date" => "2002-12-07T03:33:51","version" => "0.38"},{"date" => "2003-10-03T17:45:51","version" => "0.39"},{"date" => "2005-07-11T01:33:32","version" => "0.40"},{"date" => "2006-07-01T04:27:59","version" => "0.41"},{"date" => "2008-01-26T05:34:53","version" => "0.42"},{"date" => "2008-07-18T04:05:51","version" => "0.43"},{"date" => "2008-07-25T14:29:08","version" => "0.44"},{"date" => "2008-09-08T15:39:40","version" => "0.45"},{"date" => "2012-10-19T13:58:48","version" => "0.46"},{"date" => "2013-02-16T16:06:35","version" => "0.47"},{"date" => "2013-05-26T22:20:21","version" => "0.48"},{"date" => "2013-12-05T23:31:39","version" => "0.49"},{"date" => "2013-12-15T15:47:54","version" => "0.50"},{"date" => "2014-05-17T21:03:43","version" => "0.50_01"},{"date" => "2014-10-17T22:56:58","version" => "0.51"},{"date" => "2015-08-23T10:12:37","version" => "0.52"},{"date" => "2015-08-24T19:36:41","version" => "0.53"},{"date" => "2018-02-01T21:02:36","version" => "0.54"},{"date" => "2018-02-01T21:57:51","version" => "0.55"},{"date" => "2019-02-07T22:38:02","version" => "0.56"},{"date" => "2019-06-14T21:16:11","version" => "0.56_01"},{"date" => "2019-06-15T11:28:52","version" => "0.56_02"},{"date" => "2019-06-15T18:56:51","version" => "0.57"},{"date" => "2019-06-15T19:20:02","version" => "0.58"},{"date" => "2019-06-20T19:35:05","version" => "0.59"},{"date" => "2021-08-14T16:19:38","version" => "0.60"},{"date" => "2021-08-17T22:50:12","version" => "0.61"},{"date" => "2021-08-18T06:57:20","version" => "0.611"},{"date" => "2021-09-08T10:39:21","version" => "0.612"},{"date" => "2021-09-13T14:03:14","version" => "0.62"},{"date" => "2021-09-26T21:58:24","version" => "0.631"},{"date" => "2021-09-26T22:35:32","version" => "0.632"},{"date" => "2021-09-26T23:01:20","version" => "0.633"},{"date" => "2021-09-26T23:04:23","version" => "0.634"},{"date" => "2023-05-08T06:51:59","version" => "0.635"},{"date" => "2023-06-21T06:25:43","version" => "0.636"},{"date" => "2025-07-28T20:23:29","version" => "0.637"}]},"RPC-XML" => {"advisories" => [{"affected_versions" => ["<0.45"],"cves" => [],"description" => "A a potential security hole in the parsing of external entities.\n","distribution" => "RPC-XML","fixed_versions" => [">=0.45"],"id" => "CPANSA-RPC-XML-2002-01","references" => ["https://metacpan.org/dist/RPC-XML/changes"],"reported" => "2002-10-29"}],"main_module" => "RPC::XML","versions" => [{"date" => "2001-06-13T06:30:46","version" => "0.25"},{"date" => "2001-06-27T06:18:37","version" => "0.26"},{"date" => "2001-07-08T23:38:52","version" => "0.27"},{"date" => "2001-10-08T05:10:22","version" => "0.28"},{"date" => "2001-12-03T07:08:58","version" => "0.29"},{"date" => "2002-01-03T09:49:30","version" => "0.30"},{"date" => "2002-01-28T00:48:45","version" => "0.35"},{"date" => "2002-01-29T20:03:48","version" => "0.36"},{"date" => "2002-03-23T06:39:00","version" => "0.37"},{"date" => "2002-05-04T07:56:19","version" => "0.40"},{"date" => "2002-05-22T10:04:14","version" => "0.41"},{"date" => "2002-08-01T08:41:21","version" => "0.42"},{"date" => "2002-08-19T05:56:10","version" => "0.43"},{"date" => "2002-08-31T06:58:58","version" => "0.44"},{"date" => "2002-10-30T05:15:04","version" => "0.45"},{"date" => "2002-12-30T07:51:25","version" => "0.46"},{"date" => "2003-01-27T11:37:20","version" => "0.50"},{"date" => "2003-01-30T09:36:24","version" => "0.51"},{"date" => "2003-02-10T09:48:58","version" => "0.52"},{"date" => "2003-02-25T09:25:51","version" => "0.53"},{"date" => "2004-04-14T12:55:46","version" => "0.54"},{"date" => "2004-11-30T09:27:12","version" => "0.55"},{"date" => "2004-12-09T09:29:34","version" => "0.56"},{"date" => "2004-12-24T11:07:31","version" => "0.57"},{"date" => "2005-05-12T10:47:19","version" => "0.58"},{"date" => "2006-06-30T07:56:12","version" => "0.59"},{"date" => "2008-04-09T17:59:42","version" => "0.60"},{"date" => "2008-09-15T10:19:12","version" => "0.61"},{"date" => "2008-09-19T09:16:21","version" => "0.62"},{"date" => "2008-09-19T09:28:08","version" => "0.63"},{"date" => "2008-09-29T11:24:26","version" => "0.64"},{"date" => "2009-06-17T13:19:54","version" => "0.65"},{"date" => "2009-07-09T14:42:56","version" => "0.66"},{"date" => "2009-07-10T08:34:44","version" => "0.67"},{"date" => "2009-09-03T17:37:20","version" => "0.69"},{"date" => "2009-12-07T06:33:13","version" => "0.70"},{"date" => "2009-12-08T04:11:10","version" => "0.71"},{"date" => "2009-12-14T05:48:11","version" => "0.72"},{"date" => "2010-03-17T05:55:29","version" => "0.73"},{"date" => "2011-01-23T21:08:04","version" => "0.74"},{"date" => "2011-08-14T00:40:40","version" => "0.75"},{"date" => "2011-08-21T19:48:16","version" => "0.76"},{"date" => "2012-09-03T18:58:22","version" => "0.77"},{"date" => "2014-02-07T04:15:00","version" => "0.78"},{"date" => "2015-05-01T16:02:19","version" => "0.79"},{"date" => "2016-05-08T20:17:31","version" => "0.80"},{"date" => "2021-01-06T02:49:51","version" => "0.81"},{"date" => "2021-01-06T18:05:35","version" => "0.82"}]},"RT-Authen-ExternalAuth" => {"advisories" => [{"affected_versions" => ["<0.27"],"cves" => ["CVE-2017-5361"],"description" => "Timing sidechannel vulnerability in password checking.\n","distribution" => "RT-Authen-ExternalAuth","fixed_versions" => [">=0.27"],"id" => "CPANSA-RT-Authen-ExternalAuth-2017-01","references" => ["https://metacpan.org/changes/distribution/RT-Authen-ExternalAuth"],"reported" => "2017-06-15"}],"main_module" => "RT::Authen::ExternalAuth","versions" => [{"date" => "2008-03-13T16:16:36","version" => "0.01"},{"date" => "2008-03-17T13:34:40","version" => "0.02"},{"date" => "2008-03-31T14:55:18","version" => "0.03"},{"date" => "2008-04-03T14:20:36","version" => "0.04"},{"date" => "2008-04-09T08:57:51","version" => "0.05"},{"date" => "2008-10-17T13:22:11","version" => "0.06_01"},{"date" => "2008-10-17T16:41:34","version" => "0.06_02"},{"date" => "2008-10-31T12:08:54","version" => "0.06_02"},{"date" => "2008-11-01T18:23:27","version" => "0.06_02"},{"date" => "2008-11-06T21:16:42","version" => "0.06_02"},{"date" => "2008-12-22T22:08:06","version" => "0.07_02"},{"date" => "2009-01-20T21:09:48","version" => "0.07_02"},{"date" => "2009-01-24T13:52:42","version" => "0.07_02"},{"date" => "2011-02-19T00:43:35","version" => "0.08_01"},{"date" => "2011-04-15T19:46:43","version" => "0.08_02"},{"date" => "2011-05-06T21:08:52","version" => "0.09"},{"date" => "2012-01-23T17:51:41","version" => "0.09_01"},{"date" => "2012-01-26T18:48:51","version" => "0.09_02"},{"date" => "2012-01-27T23:07:12","version" => "0.09_03"},{"date" => "2012-02-17T16:34:10","version" => "0.10"},{"date" => "2012-02-23T16:31:54","version" => "0.10_01"},{"date" => "2012-07-25T08:57:21","version" => "0.11"},{"date" => "2012-07-25T18:36:36","version" => "0.11"},{"date" => "2012-10-26T19:59:54","version" => "0.12"},{"date" => "2013-01-31T19:22:43","version" => "0.13"},{"date" => "2013-05-22T21:28:15","version" => "0.14"},{"date" => "2013-05-23T00:20:43","version" => "0.15"},{"date" => "2013-06-27T19:24:37","version" => "0.16"},{"date" => "2013-07-10T19:43:08","version" => "0.17"},{"date" => "2014-03-07T22:19:49","version" => "0.18"},{"date" => "2014-04-04T17:21:04","version" => "0.19"},{"date" => "2014-04-09T19:34:29","version" => "0.20"},{"date" => "2014-07-02T02:20:30","version" => "0.21"},{"date" => "2014-08-14T04:04:28","version" => "0.22_01"},{"date" => "2014-08-14T17:28:53","version" => "0.23"},{"date" => "2014-09-30T22:04:16","version" => "0.23_01"},{"date" => "2014-10-09T16:24:49","version" => "0.24"},{"date" => "2014-10-16T20:59:29","version" => "0.25"},{"date" => "2016-08-02T16:14:34","version" => "0.26"},{"date" => "2017-06-15T18:44:24","version" => "0.27"}]},"RT-Extension-MobileUI" => {"advisories" => [{"affected_versions" => ["<1.02"],"cves" => ["CVE-2012-2769"],"description" => "Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page.\n","distribution" => "RT-Extension-MobileUI","fixed_versions" => [">=1.02"],"id" => "CPANSA-RT-Extension-MobileUI-2012-01","references" => ["https://metacpan.org/changes/distribution/RT-Extension-MobileUI"],"reported" => "2012-05-18"}],"main_module" => "RT::Extension::MobileUI","versions" => [{"date" => "2010-08-05T20:58:09","version" => "0.9"},{"date" => "2010-08-06T15:38:53","version" => "0.91"},{"date" => "2010-08-06T15:58:11","version" => "0.92"},{"date" => "2010-08-06T17:55:08","version" => "0.93"},{"date" => "2010-08-09T13:36:43","version" => "0.94"},{"date" => "2010-08-09T13:44:33","version" => "0.95"},{"date" => "2010-08-26T21:28:07","version" => "0.96"},{"date" => "2010-09-06T18:11:56","version" => "0.96"},{"date" => "2010-10-28T15:50:29","version" => "0.98"},{"date" => "2010-10-29T14:08:08","version" => "0.99"},{"date" => "2010-11-19T18:11:43","version" => "1.00"},{"date" => "2010-12-08T16:36:01","version" => "1.01"},{"date" => "2012-07-25T08:57:33","version" => "1.02"},{"date" => "2012-07-25T18:36:52","version" => "1.02"},{"date" => "2012-08-27T16:42:55","version" => "1.03"},{"date" => "2013-06-12T19:09:14","version" => "1.04"},{"date" => "2013-08-13T18:06:54","version" => "1.05"},{"date" => "2014-04-23T20:25:25","version" => "1.06"},{"date" => "2014-04-23T20:26:56","version" => "1.07"}]},"RTMP-Client" => {"advisories" => [{"affected_versions" => ["<0.04"],"cves" => [],"description" => "TBD\n","distribution" => "RTMP-Client","fixed_versions" => [">=0.04"],"id" => "CPANSA-RTMP-Client-2011-01","references" => ["https://metacpan.org/changes/distribution/RTMP-Client"],"reported" => "2011-12-01"}],"main_module" => "RTMP::Client","versions" => [{"date" => "2011-07-26T08:17:20","version" => "0.01"},{"date" => "2011-07-27T02:09:05","version" => "0.02"},{"date" => "2011-07-27T02:17:06","version" => "0.03"},{"date" => "2011-12-01T08:59:19","version" => "0.04"}]},"Redis-Fast" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.14"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => [">=0.15,<=0.16"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => [">=0.17,<=0.26"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => [">=0.27,<=0.31"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-Fast","fixed_versions" => [],"id" => "CPANSA-Redis-Fast-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"}],"main_module" => "Redis::Fast","versions" => [{"date" => "2013-10-10T16:48:55","version" => "0.01"},{"date" => "2013-10-13T13:31:18","version" => "0.02"},{"date" => "2013-10-16T12:17:21","version" => "0.03"},{"date" => "2013-12-10T02:59:49","version" => "0.04"},{"date" => "2013-12-20T02:25:52","version" => "0.05"},{"date" => "2014-02-01T02:03:01","version" => "0.06"},{"date" => "2014-05-17T07:23:45","version" => "0.07"},{"date" => "2014-05-31T03:52:00","version" => "0.08"},{"date" => "2014-07-08T15:52:19","version" => "0.09"},{"date" => "2014-07-16T01:00:34","version" => "0.10"},{"date" => "2014-07-16T02:35:51","version" => "0.11"},{"date" => "2014-09-08T16:22:31","version" => "0.12"},{"date" => "2014-10-16T11:25:20","version" => "0.13"},{"date" => "2014-12-07T13:36:56","version" => "0.14"},{"date" => "2015-03-10T14:15:01","version" => "0.15"},{"date" => "2015-03-12T02:37:40","version" => "0.16"},{"date" => "2016-01-23T06:47:00","version" => "0.17"},{"date" => "2016-01-26T13:13:22","version" => "0.18"},{"date" => "2016-12-20T11:37:58","version" => "0.19"},{"date" => "2017-02-25T22:54:41","version" => "0.20"},{"date" => "2018-01-28T01:08:06","version" => "0.21"},{"date" => "2018-08-12T06:30:24","version" => "0.22"},{"date" => "2019-05-29T11:24:31","version" => "0.23"},{"date" => "2019-08-19T22:59:06","version" => "0.24"},{"date" => "2019-08-20T02:35:05","version" => "0.25"},{"date" => "2020-05-02T04:21:12","version" => "0.26"},{"date" => "2020-08-08T22:48:49","version" => "0.27"},{"date" => "2020-11-01T23:10:16","version" => "0.28"},{"date" => "2021-01-17T10:40:10","version" => "0.29"},{"date" => "2021-05-07T13:10:39","version" => "0.30"},{"date" => "2021-07-04T06:57:25","version" => "0.31"},{"date" => "2021-10-16T07:19:44","version" => "0.32"},{"date" => "2021-10-30T11:33:21","version" => "0.33"},{"date" => "2022-06-07T22:23:52","version" => "0.34"},{"date" => "2022-11-19T06:52:56","version" => "0.35"},{"date" => "2023-07-05T20:28:55","version" => "0.36"},{"date" => "2024-03-08T16:30:57","version" => "0.37"}]},"Redis-hiredis" => {"advisories" => [{"affected_versions" => ["==0.9.2,>=0.9.2.1,<0.9.2.8"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => ["==0.10.1"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => ["==0.10.2"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"},{"affected_versions" => ["==0.11.0"],"cves" => ["CVE-2021-32765"],"description" => "Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.\n","distribution" => "Redis-hiredis","fixed_versions" => [],"id" => "CPANSA-Redis-hiredis-2021-32765-hiredis","references" => ["https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap","https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2","https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e","https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html","https://security.netapp.com/advisory/ntap-20211104-0003/"],"reported" => "2021-10-04","severity" => "high"}],"main_module" => "Redis::hiredis","versions" => [{"date" => "2010-08-29T15:04:34","version" => "v0.0.1"},{"date" => "2010-08-31T21:10:48","version" => "v0.0.2"},{"date" => "2010-11-03T03:16:19","version" => "v0.0.3"},{"date" => "2010-12-23T22:44:49","version" => "0.9.2"},{"date" => "2010-12-24T15:19:10","version" => "0.9.2.1"},{"date" => "2011-01-03T14:51:09","version" => "0.9.2.2"},{"date" => "2011-01-09T01:19:16","version" => "0.9.2.3"},{"date" => "2011-02-19T17:57:38","version" => "0.9.2.4"},{"date" => "2011-02-20T02:07:52","version" => "0.9.2.5"},{"date" => "2011-03-01T01:47:19","version" => "0.9.2.6"},{"date" => "2012-04-07T15:01:24","version" => "0.10.1"},{"date" => "2012-06-28T14:54:48","version" => "0.10.2"},{"date" => "2013-04-02T14:14:24","version" => "v0.11.0"}]},"Redland" => {"advisories" => [{"affected_versions" => ["==0.9.13,==0.9.13.2"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==0.9.14.1"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==1.0.5.2,==1.0.5.3"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef},{"affected_versions" => ["==1.0.13.1"],"cves" => ["CVE-2012-0037"],"description" => "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.\n","distribution" => "Redland","fixed_versions" => [],"id" => "CPANSA-Redland-2012-0037-libraptor","references" => ["http://www.debian.org/security/2012/dsa-2438","http://www.libreoffice.org/advisories/CVE-2012-0037/","http://secunia.com/advisories/48493","http://rhn.redhat.com/errata/RHSA-2012-0411.html","http://rhn.redhat.com/errata/RHSA-2012-0410.html","http://www.osvdb.org/80307","http://secunia.com/advisories/48529","http://www.mandriva.com/security/advisories?name=MDVSA-2012:063","http://www.openwall.com/lists/oss-security/2012/03/27/4","http://www.mandriva.com/security/advisories?name=MDVSA-2012:062","http://secunia.com/advisories/48526","http://librdf.org/raptor/RELEASE.html#rel2_0_7","http://secunia.com/advisories/48479","http://www.mandriva.com/security/advisories?name=MDVSA-2012:061","http://secunia.com/advisories/48542","http://vsecurity.com/resources/advisory/20120324-1/","http://www.securityfocus.com/bid/52681","http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/","http://secunia.com/advisories/48494","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html","http://secunia.com/advisories/48649","http://www.securitytracker.com/id?1026837","http://security.gentoo.org/glsa/glsa-201209-05.xml","http://secunia.com/advisories/50692","https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0","http://secunia.com/advisories/60799","http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","http://www.openoffice.org/security/cves/CVE-2012-0037.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/74235","https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0\@%3Ccommits.openoffice.apache.org%3E"],"reported" => "2012-06-17","severity" => undef}],"main_module" => "RDF::Redland::World","versions" => [{"date" => "2003-09-04T14:24:10","version" => "v0.9.13"},{"date" => "2003-09-07T19:13:18","version" => "v0.9.13.2"},{"date" => "2003-09-08T18:13:06","version" => "v0.9.14.1"},{"date" => "2006-11-28T06:09:59","version" => "v1.0.5.2"},{"date" => "2006-11-29T06:05:03","version" => "v1.0.5.3"},{"date" => "2006-11-30T19:01:24","version" => "v1.0.5.4"},{"date" => "2011-03-29T11:33:50","version" => "v1.0.13.1"}]},"Resource-Pack-jQuery" => {"advisories" => [{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Resource-Pack-jQuery","fixed_versions" => [],"id" => "CPANSA-Resource-Pack-jQuery-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Resource::Pack::jQuery","versions" => [{"date" => "2010-04-19T20:02:13","version" => "0.01"}]},"SOAP-Lite" => {"advisories" => [{"affected_versions" => ["<1.15"],"cves" => ["CVE-2015-8978"],"description" => "An example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.\n","distribution" => "SOAP-Lite","fixed_versions" => [">=1.15"],"id" => "CPANSA-SOAP-Lite-2015-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite","https://www.securityfocus.com/bid/94487","https://github.com/redhotpenguin/perl-soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124"],"reported" => "2015-07-21"},{"affected_versions" => ["<0.55"],"cves" => ["CVE-2002-1742"],"description" => "Allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger.\n","distribution" => "SOAP-Lite","fixed_versions" => [">=0.55"],"id" => "CPANSA-SOAP-Lite-2002-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite"],"reported" => "2002-04-08","severity" => "high"},{"affected_versions" => ["<0.38"],"cves" => [],"description" => "Security problem on server side (no more details).\n","distribution" => "SOAP-Lite","fixed_versions" => [">=0.38"],"id" => "CPANSA-SOAP-Lite-2000-01","references" => ["https://metacpan.org/changes/distribution/SOAP-Lite"],"reported" => "2000-10-05"}],"main_module" => "SOAP::Lite","versions" => [{"date" => "2000-09-25T01:49:14","version" => "0.36"},{"date" => "2000-10-06T01:58:32","version" => "0.38"},{"date" => "2000-10-09T04:27:51","version" => "0.39"},{"date" => "2000-10-16T05:12:09","version" => "0.40"},{"date" => "2000-10-31T15:10:52","version" => "0.41"},{"date" => "2000-11-15T15:00:57","version" => "0.42"},{"date" => "2000-11-28T20:43:40","version" => "0.43"},{"date" => "2000-12-13T07:37:47","version" => "0.44"},{"date" => "2001-01-17T17:28:31","version" => "0.45"},{"date" => "2001-02-01T02:23:51","version" => "0.46"},{"date" => "2001-02-22T07:28:20","version" => "0.47"},{"date" => "2001-04-18T19:09:15","version" => "0.50"},{"date" => "2001-07-18T22:39:30","version" => "0.51"},{"date" => "2001-11-21T19:35:24","version" => "0.52"},{"date" => "2002-04-16T05:20:54","version" => "0.55"},{"date" => "2003-10-28T19:27:00","version" => "0.60"},{"date" => "2004-02-26T16:36:26","version" => "0.60"},{"date" => "2005-02-22T01:57:43","version" => "0.65_3"},{"date" => "2005-04-03T09:20:17","version" => "0.65_4"},{"date" => "2005-05-06T17:24:23","version" => "0.65_5"},{"date" => "2005-06-03T19:23:20","version" => "0.65_6"},{"date" => "2005-12-25T08:42:50","version" => "0.66"},{"date" => "2006-01-04T23:14:27","version" => "0.66.1"},{"date" => "2006-01-27T21:43:49","version" => "0.67"},{"date" => "2006-07-06T18:18:56","version" => "0.68"},{"date" => "2006-08-16T14:53:50","version" => "0.69"},{"date" => "2007-10-18T20:54:02","version" => "0.70_01"},{"date" => "2007-11-08T21:30:41","version" => "0.70_02"},{"date" => "2007-11-18T19:00:11","version" => "0.70_03"},{"date" => "2008-01-02T17:06:17","version" => "0.70_04"},{"date" => "2008-02-13T12:28:07","version" => "0.70_05"},{"date" => "2008-02-16T10:37:04","version" => "0.70_06"},{"date" => "2008-02-25T21:44:41","version" => "0.70_07"},{"date" => "2008-02-25T21:50:22","version" => "0.70_08"},{"date" => "2008-02-28T21:58:13","version" => "0.71"},{"date" => "2008-03-29T14:13:41","version" => "0.71.01"},{"date" => "2008-04-14T17:25:25","version" => "0.71.02"},{"date" => "2008-04-17T20:40:23","version" => "v0.71.03"},{"date" => "2008-04-22T06:03:55","version" => "0.71.04"},{"date" => "2008-05-05T21:50:36","version" => "0.710.05"},{"date" => "2008-06-05T18:47:08","version" => "0.710.06"},{"date" => "2008-06-13T20:27:05","version" => "0.710.07"},{"date" => "2008-07-13T20:41:11","version" => "0.710.08"},{"date" => "2009-09-29T21:20:02","version" => "0.710.09"},{"date" => "2009-09-30T18:40:30","version" => "0.710.10"},{"date" => "2010-03-18T20:24:42","version" => "0.711"},{"date" => "2010-06-03T15:41:39","version" => "0.712"},{"date" => "2011-08-16T17:53:28","version" => "0.713"},{"date" => "2011-08-18T19:51:02","version" => "0.714"},{"date" => "2012-07-15T09:37:20","version" => "0.715"},{"date" => "2013-05-11T06:44:04","version" => "0.716"},{"date" => "2013-07-17T06:17:00","version" => "1.0"},{"date" => "2013-07-29T08:26:07","version" => "1.01"},{"date" => "2013-07-30T02:20:34","version" => "1.02"},{"date" => "2013-08-04T17:49:18","version" => "1.03"},{"date" => "2013-08-10T03:46:49","version" => "1.04"},{"date" => "2013-08-19T05:31:17","version" => "1.05"},{"date" => "2013-08-22T04:20:29","version" => "1.06"},{"date" => "2013-11-08T03:09:10","version" => "1.07"},{"date" => "2013-11-08T17:41:10","version" => "1.08"},{"date" => "2014-01-14T21:41:07","version" => "1.09"},{"date" => "2014-01-23T18:53:42","version" => "1.10"},{"date" => "2014-02-22T05:18:14","version" => "1.11"},{"date" => "2014-11-27T07:08:11","version" => "1.12"},{"date" => "2014-12-30T15:58:06","version" => "1.13"},{"date" => "2015-03-25T05:04:34","version" => "1.14"},{"date" => "2015-07-21T18:12:21","version" => "1.15"},{"date" => "2015-07-23T07:34:59","version" => "1.16"},{"date" => "2015-07-31T05:59:50","version" => "1.17"},{"date" => "2015-08-26T04:31:24","version" => "1.18"},{"date" => "2015-08-26T15:38:01","version" => "1.19"},{"date" => "2016-06-09T21:34:36","version" => "1.20"},{"date" => "2017-08-16T05:18:24","version" => "1.22"},{"date" => "2017-12-19T02:30:48","version" => "1.23"},{"date" => "2017-12-19T18:36:52","version" => "1.24"},{"date" => "2017-12-29T18:39:43","version" => "1.25"},{"date" => "2017-12-30T22:19:12","version" => "1.26"},{"date" => "2018-05-14T20:36:08","version" => "1.27"}]},"SVG-Sparkline" => {"advisories" => [{"affected_versions" => ["<1.12"],"cves" => [],"description" => "Invalid data input validation makes it possible to pass arbitrary strings to module loading eval.\n","distribution" => "SVG-Sparkline","fixed_versions" => [">=1.12"],"id" => "CPANSA-SVG-Sparkline-2017-01","references" => ["https://metacpan.org/changes/distribution/SVG-Sparkline","https://github.com/gwadej/svg-sparkline/commit/ca83d6eb56aa86f3ca735866ffa9aa97acc2e708"],"reported" => "2017-05-15"}],"main_module" => "SVG::Sparkline","versions" => [{"date" => "2009-04-02T02:42:59","version" => "0.1.0"},{"date" => "2009-04-03T01:30:19","version" => "0.1.1"},{"date" => "2009-04-05T21:43:08","version" => "0.2.0"},{"date" => "2009-04-18T04:46:33","version" => "0.2.5"},{"date" => "2009-04-21T00:31:44","version" => "0.2.6"},{"date" => "2009-04-27T03:42:24","version" => "0.2.7"},{"date" => "2009-05-06T23:20:05","version" => "0.3"},{"date" => "2009-05-07T22:11:10","version" => "0.31"},{"date" => "2009-10-19T04:12:52","version" => "0.32"},{"date" => "2009-10-21T00:27:30","version" => "0.33"},{"date" => "2010-05-01T04:50:06","version" => "0.34"},{"date" => "2010-10-30T22:01:18","version" => "0.35"},{"date" => "2012-09-04T00:09:32","version" => "0.36"},{"date" => "2013-10-24T14:01:00","version" => 1},{"date" => "2014-09-04T02:01:54","version" => "1.1"},{"date" => "2015-03-03T19:38:44","version" => "1.11"},{"date" => "2017-05-15T01:32:51","version" => "1.12"}]},"SVN-Look" => {"advisories" => [{"affected_versions" => ["<0.40"],"cves" => [],"description" => "Two-arg open with a possibility of running arbitrary commands.\n","distribution" => "SVN-Look","fixed_versions" => [">=0.40"],"id" => "CPANSA-SVN-Look-2014-01","references" => ["https://metacpan.org/changes/distribution/SVN-Look","https://github.com/gnustavo/SVN-Look/commit/b413ac1c397dfc6b2d164fede693f7ff9a94c83c","https://bugs.launchpad.net/ubuntu/+source/libsvn-look-perl/+bug/1323300"],"reported" => "2014-05-31"}],"main_module" => "SVN::Look","versions" => [{"date" => "2008-09-26T03:22:44","version" => "0.08.360"},{"date" => "2008-09-27T22:10:54","version" => "0.09.366"},{"date" => "2008-09-28T03:07:02","version" => "0.10.369"},{"date" => "2008-10-05T03:16:35","version" => "0.11.388"},{"date" => "2008-10-10T02:25:16","version" => "0.12.409"},{"date" => "2008-10-24T00:51:56","version" => "0.12.442"},{"date" => "2008-11-03T10:43:38","version" => "0.12.455"},{"date" => "2008-11-06T03:11:52","version" => "0.13.463"},{"date" => "2009-02-28T02:50:53","version" => "0.14.5"},{"date" => "2009-03-01T12:17:06","version" => "0.14.7"},{"date" => "2009-03-06T01:52:43","version" => "0.14.9"},{"date" => "2009-03-08T02:25:41","version" => "0.14.10"},{"date" => "2009-03-20T01:24:06","version" => "0.14.12"},{"date" => "2009-10-25T01:23:51","version" => "0.15"},{"date" => "2010-02-16T20:16:51","version" => "0.16"},{"date" => "2010-02-24T23:20:51","version" => "0.17"},{"date" => "2010-04-28T11:38:27","version" => "0.18"},{"date" => "2010-12-12T10:35:04","version" => "0.19"},{"date" => "2010-12-12T19:59:46","version" => "0.20"},{"date" => "2011-07-20T20:11:31","version" => "0.21"},{"date" => "2011-07-22T22:31:55","version" => "0.22"},{"date" => "2011-07-27T20:22:58","version" => "0.23"},{"date" => "2011-07-30T21:52:08","version" => "0.24"},{"date" => "2011-08-21T23:31:44","version" => "0.25"},{"date" => "2011-08-27T20:12:39","version" => "0.26"},{"date" => "2011-09-18T02:42:31","version" => "0.27"},{"date" => "2011-10-10T23:18:59","version" => "0.28"},{"date" => "2011-10-13T01:06:12","version" => "0.29"},{"date" => "2011-11-02T21:00:23","version" => "0.30"},{"date" => "2012-02-26T00:04:15","version" => "0.31"},{"date" => "2012-02-26T21:55:01","version" => "0.32"},{"date" => "2012-02-27T23:49:07","version" => "0.33"},{"date" => "2012-03-05T14:37:05","version" => "0.34"},{"date" => "2012-04-22T00:14:50","version" => "0.35"},{"date" => "2012-06-18T17:07:07","version" => "0.36"},{"date" => "2012-06-18T17:34:58","version" => "0.37"},{"date" => "2012-06-19T17:00:40","version" => "0.38"},{"date" => "2013-10-20T23:32:26","version" => "0.39"},{"date" => "2014-06-12T18:05:32","version" => "0.40"},{"date" => "2014-06-14T02:51:53","version" => "0.41"},{"date" => "2020-10-09T01:36:59","version" => "0.42"},{"date" => "2022-05-21T14:32:05","version" => "0.43"}]},"Safe" => {"advisories" => [{"affected_versions" => ["<=2.26"],"cves" => ["CVE-2010-1447"],"description" => "The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.\n","distribution" => "Safe","fixed_versions" => [">=2.27"],"id" => "CPANSA-Safe-2010-1447","references" => ["https://bugs.launchpad.net/bugs/cve/2010-1447","http://www.vupen.com/english/advisories/2010/1167","http://secunia.com/advisories/39845","http://www.postgresql.org/about/news.1203","http://security-tracker.debian.org/tracker/CVE-2010-1447","https://bugzilla.redhat.com/show_bug.cgi?id=588269","http://www.securitytracker.com/id?1023988","http://osvdb.org/64756","http://www.securityfocus.com/bid/40305","http://secunia.com/advisories/40052","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://www.openwall.com/lists/oss-security/2010/05/20/5","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","http://www.redhat.com/support/errata/RHSA-2010-0457.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:115","http://secunia.com/advisories/40049","http://www.debian.org/security/2011/dsa-2267","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530"],"reported" => "2010-05-19","severity" => undef},{"affected_versions" => ["<2.25"],"cves" => ["CVE-2010-1168"],"description" => "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\"\n","distribution" => "Safe","fixed_versions" => [],"id" => "CPANSA-Safe-2010-1168","references" => ["http://www.openwall.com/lists/oss-security/2010/05/20/5","http://www.redhat.com/support/errata/RHSA-2010-0457.html","http://www.redhat.com/support/errata/RHSA-2010-0458.html","http://secunia.com/advisories/40049","http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes","http://www.mandriva.com/security/advisories?name=MDVSA-2010:115","http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html","http://www.mandriva.com/security/advisories?name=MDVSA-2010:116","https://bugzilla.redhat.com/show_bug.cgi?id=576508","http://secunia.com/advisories/40052","http://securitytracker.com/id?1024062","http://secunia.com/advisories/42402","http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in","http://www.vupen.com/english/advisories/2010/3075","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"],"reported" => "2010-06-21","severity" => undef},{"affected_versions" => ["<=2.07"],"cves" => ["CVE-2002-1323"],"description" => "Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined \@_ variable, which is not reset between successive calls.\n","distribution" => "Safe","fixed_versions" => [">=2.08"],"id" => "CPANSA-Safe-2002-1323","references" => ["http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5","http://www.securityfocus.com/bid/6111","http://www.debian.org/security/2002/dsa-208","http://www.iss.net/security_center/static/10574.php","http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744","http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html","http://www.redhat.com/support/errata/RHSA-2003-256.html","http://www.redhat.com/support/errata/RHSA-2003-257.html","ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A","ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt","ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt","http://www.osvdb.org/2183","http://www.osvdb.org/3814","http://marc.info/?l=bugtraq&m=104040175522502&w=2","http://marc.info/?l=bugtraq&m=104033126305252&w=2","http://marc.info/?l=bugtraq&m=104005919814869&w=2","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1160"],"reported" => "2002-12-11","severity" => undef}],"main_module" => "Safe","versions" => [{"date" => "1995-08-24T12:36:38","version" => 0},{"date" => "1995-09-01T21:17:14","version" => 0},{"date" => "1996-02-10T20:04:44","version" => "2.01"},{"date" => "2002-10-05T18:38:39","version" => "2.08"},{"date" => "2002-10-06T12:17:23","version" => "2.09"},{"date" => "2004-07-02T13:08:36","version" => "2.11"},{"date" => "2008-01-28T17:33:00","version" => "2.13"},{"date" => "2008-01-30T16:30:34","version" => "2.14"},{"date" => "2008-02-06T12:34:21","version" => "2.15"},{"date" => "2008-03-13T10:54:21","version" => "2.16"},{"date" => "2009-06-28T14:20:14","version" => "2.17"},{"date" => "2009-08-25T07:44:28","version" => "2.19"},{"date" => "2009-11-30T23:33:41","version" => "2.20"},{"date" => "2010-01-14T21:51:28","version" => "2.21"},{"date" => "2010-02-11T21:59:56","version" => "2.22"},{"date" => "2010-02-22T22:45:10","version" => "2.23"},{"date" => "2010-03-06T21:42:25","version" => "2.24"},{"date" => "2010-03-07T21:51:36","version" => "2.25"},{"date" => "2010-03-09T10:56:56","version" => "2.26"},{"date" => "2010-04-29T20:37:15","version" => "2.27"},{"date" => "2010-09-13T13:50:58","version" => "2.28"},{"date" => "2010-10-31T13:20:32","version" => "2.29"},{"date" => "2011-12-07T08:22:34","version" => "2.30"},{"date" => "2012-03-31T15:27:57","version" => "2.32"},{"date" => "2012-04-03T10:12:30","version" => "2.33"},{"date" => "2013-02-21T07:31:30","version" => "2.35"},{"date" => "1996-02-29T00:00:00","dual_lived" => 1,"perl_release" => "5.002","version" => "1.00"},{"date" => "1996-10-10T00:00:00","dual_lived" => 1,"perl_release" => "5.00307","version" => "2.06"},{"date" => "2003-11-15T00:00:00","dual_lived" => 1,"perl_release" => "5.006002","version" => "2.10"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "2.07"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "2.12"},{"date" => "2009-08-22T00:00:00","dual_lived" => 1,"perl_release" => "5.010001","version" => "2.18"},{"date" => "2012-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015008","version" => "2.31"},{"date" => "2012-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.016","version" => "2.31_01"},{"date" => "2012-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017001","version" => "2.33_01"},{"date" => "2013-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017008","version" => "2.34"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.36"},{"date" => "2013-07-22T00:00:00","dual_lived" => 1,"perl_release" => "5.019002","version" => "2.37"},{"date" => "2014-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021003","version" => "2.38"},{"date" => "2015-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021008","version" => "2.39"},{"date" => "2017-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025012","version" => "2.40"},{"date" => "2019-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031005","version" => "2.41"},{"date" => "2021-01-23T00:00:00","dual_lived" => 1,"perl_release" => "5.032001","version" => "2.41_01"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "2.42"},{"date" => "2020-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033002","version" => "2.43"},{"date" => "2022-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037004","version" => "2.44"},{"date" => "2023-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.039002","version" => "2.45"},{"date" => "2024-02-23T00:00:00","dual_lived" => 1,"perl_release" => "5.039008","version" => "2.46"},{"date" => "2024-08-29T00:00:00","dual_lived" => 1,"perl_release" => "5.041003","version" => "2.47"}]},"Search-OpenSearch-Server" => {"advisories" => [{"affected_versions" => ["<0.17"],"cves" => [],"description" => "Arbitrary Perl methods could be called via HTTP like RPC.\n","distribution" => "Search-OpenSearch-Server","fixed_versions" => [">=0.17"],"id" => "CPANSA-Search-OpenSearch-Server-2012-01","references" => ["https://metacpan.org/changes/distribution/Search-OpenSearch-Server","https://github.com/karpet/search-opensearch-server/commit/69d53fde9d70fe12e1f592de482601c43c45a278"],"reported" => "2012-08-31"}],"main_module" => "Search::OpenSearch::Server","versions" => [{"date" => "2010-05-28T03:07:46","version" => "0.01"},{"date" => "2010-05-29T01:11:09","version" => "0.02"},{"date" => "2010-06-23T01:22:53","version" => "0.03"},{"date" => "2010-06-26T21:08:31","version" => "0.04"},{"date" => "2011-01-08T04:05:22","version" => "0.05"},{"date" => "2011-09-26T18:12:08","version" => "0.06"},{"date" => "2011-09-26T18:16:12","version" => "0.07"},{"date" => "2011-09-30T03:15:51","version" => "0.08"},{"date" => "2011-10-23T01:42:30","version" => "0.09"},{"date" => "2012-05-01T02:22:52","version" => "0.10"},{"date" => "2012-07-15T03:32:57","version" => "0.11"},{"date" => "2012-07-27T02:42:45","version" => "0.12"},{"date" => "2012-08-07T01:48:25","version" => "0.13"},{"date" => "2012-08-10T03:10:13","version" => "0.14"},{"date" => "2012-08-21T02:34:37","version" => "0.15"},{"date" => "2012-08-21T17:47:00","version" => "0.16"},{"date" => "2012-09-04T01:54:00","version" => "0.17"},{"date" => "2012-09-12T03:42:03","version" => "0.18"},{"date" => "2012-09-13T14:06:58","version" => "0.19"},{"date" => "2012-09-20T02:21:37","version" => "0.20"},{"date" => "2012-10-15T04:32:38","version" => "0.21"},{"date" => "2012-11-08T03:20:16","version" => "0.22"},{"date" => "2012-11-21T19:01:22","version" => "0.23"},{"date" => "2012-11-26T19:37:12","version" => "0.24"},{"date" => "2012-12-18T19:11:36","version" => "0.25"},{"date" => "2013-01-04T19:08:19","version" => "0.26"},{"date" => "2013-06-14T02:28:09","version" => "0.27"},{"date" => "2014-03-02T22:22:17","version" => "0.28"},{"date" => "2014-04-23T18:20:52","version" => "0.299_01"},{"date" => "2014-04-24T02:56:24","version" => "0.299_02"},{"date" => "2014-06-05T07:29:19","version" => "0.299_03"},{"date" => "2014-06-08T04:57:40","version" => "0.300"},{"date" => "2015-08-14T20:04:12","version" => "0.301"}]},"Sereal-Decoder" => {"advisories" => [{"affected_versions" => [">=4.009_002,<5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.012"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.012,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002_001"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.012"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.012,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002_001"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Decoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Decoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"}],"main_module" => "Sereal::Decoder","versions" => [{"date" => "2012-09-10T09:44:39","version" => "0.06"},{"date" => "2012-09-11T11:16:49","version" => "0.07"},{"date" => "2012-09-13T15:19:16","version" => "0.08"},{"date" => "2012-09-14T08:13:35","version" => "0.09"},{"date" => "2012-09-17T11:45:59","version" => "0.10"},{"date" => "2012-09-18T11:24:00","version" => "0.11"},{"date" => "2012-10-02T12:58:59","version" => "0.13"},{"date" => "2012-10-17T15:20:23","version" => "0.15"},{"date" => "2012-11-23T06:50:18","version" => "0.19"},{"date" => "2013-01-02T09:01:45","version" => "0.21"},{"date" => "2013-01-08T06:40:29","version" => "0.23"},{"date" => "2013-01-10T07:54:57","version" => "0.24"},{"date" => "2013-01-22T17:04:30","version" => "0.25"},{"date" => "2013-02-09T12:09:15","version" => "0.27"},{"date" => "2013-02-09T15:37:44","version" => "0.28"},{"date" => "2013-02-09T17:24:46","version" => "0.29"},{"date" => "2013-02-13T05:46:48","version" => "0.30"},{"date" => "2013-02-17T14:28:38","version" => "0.31"},{"date" => "2013-03-23T14:41:14","version" => "0.32"},{"date" => "2013-03-23T16:48:31","version" => "0.33"},{"date" => "2013-03-23T18:00:17","version" => "0.34"},{"date" => "2013-04-01T09:59:34","version" => "0.35"},{"date" => "2013-05-07T11:13:38","version" => "0.36"},{"date" => "2013-09-02T05:49:42","version" => "0.37"},{"date" => "2013-10-01T05:50:10","version" => "2.00_01"},{"date" => "2013-10-28T18:31:59","version" => "2.00_02"},{"date" => "2013-12-29T09:43:11","version" => "2.00_03"},{"date" => "2013-12-31T08:30:39","version" => "2.01"},{"date" => "2014-01-06T14:02:01","version" => "2.02"},{"date" => "2014-01-07T19:08:14","version" => "2.03"},{"date" => "2014-03-05T17:32:45","version" => "2.04"},{"date" => "2014-03-09T10:48:14","version" => "2.06"},{"date" => "2014-03-26T17:11:19","version" => "2.07_01"},{"date" => "2014-04-06T15:50:32","version" => "2.070_101"},{"date" => "2014-04-06T16:56:29","version" => "2.070_102"},{"date" => "2014-04-08T22:36:48","version" => "2.070_103"},{"date" => "2014-04-10T20:44:01","version" => "2.08"},{"date" => "2014-04-13T19:24:30","version" => "2.09"},{"date" => "2014-04-13T19:33:58","version" => "2.10"},{"date" => "2014-04-13T21:13:15","version" => "2.11"},{"date" => "2014-05-11T21:48:57","version" => "2.12"},{"date" => "2014-05-29T10:52:41","version" => "3.000_001"},{"date" => "2014-06-01T21:49:26","version" => "3.000_002"},{"date" => "2014-06-01T22:17:01","version" => "3.000_003"},{"date" => "2014-06-03T20:11:57","version" => "3.000_004"},{"date" => "2014-06-04T20:54:19","version" => "3.001"},{"date" => "2014-06-12T19:19:47","version" => "3.001_001"},{"date" => "2014-06-27T14:55:30","version" => "3.001_002"},{"date" => "2014-07-15T11:53:29","version" => "3.001_003"},{"date" => "2014-07-27T17:59:04","version" => "3.001_004"},{"date" => "2014-07-28T10:29:01","version" => "3.001_005"},{"date" => "2014-08-03T20:41:48","version" => "3.001_006"},{"date" => "2014-08-04T19:15:53","version" => "3.001_007"},{"date" => "2014-08-05T16:35:50","version" => "3.001_008"},{"date" => "2014-08-05T20:00:37","version" => "3.001_009"},{"date" => "2014-08-12T18:10:42","version" => "3.001_010"},{"date" => "2014-08-12T18:36:29","version" => "3.001_011"},{"date" => "2014-08-15T12:08:35","version" => "3.001_012"},{"date" => "2014-08-20T09:23:57","version" => "3.002"},{"date" => "2014-09-26T11:40:22","version" => "3.002_001"},{"date" => "2014-10-18T12:06:18","version" => "3.002_002"},{"date" => "2014-10-19T22:06:20","version" => "3.003"},{"date" => "2014-11-23T15:58:21","version" => "3.003_001"},{"date" => "2014-12-21T17:53:23","version" => "3.003_002"},{"date" => "2014-12-26T04:50:12","version" => "3.003_003"},{"date" => "2014-12-26T15:06:03","version" => "3.003_004"},{"date" => "2014-12-27T15:20:21","version" => "3.004"},{"date" => "2015-01-05T14:37:58","version" => "3.005"},{"date" => "2015-01-27T21:39:30","version" => "3.005_001"},{"date" => "2015-11-09T09:32:04","version" => "3.005_002"},{"date" => "2015-11-12T13:57:53","version" => "3.005_003"},{"date" => "2015-11-13T14:55:50","version" => "3.005_004"},{"date" => "2015-11-13T19:57:24","version" => "3.005_005"},{"date" => "2015-11-14T10:41:41","version" => "3.006"},{"date" => "2015-11-16T10:11:19","version" => "3.006_001"},{"date" => "2015-11-16T11:39:40","version" => "3.006_002"},{"date" => "2015-11-18T16:25:19","version" => "3.006_003"},{"date" => "2015-11-18T18:49:44","version" => "3.006_004"},{"date" => "2015-11-20T08:33:23","version" => "3.006_005"},{"date" => "2015-11-21T15:42:08","version" => "3.006_006"},{"date" => "2015-11-25T13:37:19","version" => "3.006_007"},{"date" => "2015-11-26T21:00:53","version" => "3.007"},{"date" => "2015-11-27T20:48:32","version" => "3.008"},{"date" => "2015-11-30T11:07:39","version" => "3.009"},{"date" => "2015-12-06T22:53:40","version" => "3.011"},{"date" => "2015-12-06T23:48:32","version" => "3.012"},{"date" => "2015-12-07T00:07:29","version" => "3.014"},{"date" => "2016-08-30T09:45:18","version" => "3.014_002"},{"date" => "2016-09-01T18:23:21","version" => "3.015"},{"date" => "2017-02-06T10:52:56","version" => "4.001_001"},{"date" => "2017-04-22T11:08:36","version" => "4.001_002"},{"date" => "2017-04-23T09:56:11","version" => "4.001_003"},{"date" => "2017-11-11T09:33:51","version" => "4.002"},{"date" => "2017-11-12T16:10:52","version" => "4.003"},{"date" => "2017-11-12T19:09:55","version" => "4.004"},{"date" => "2018-01-23T20:57:49","version" => "4.005"},{"date" => "2019-04-08T20:03:23","version" => "4.006"},{"date" => "2019-04-09T17:26:43","version" => "4.007"},{"date" => "2020-01-29T17:33:56","version" => "4.007_001"},{"date" => "2020-01-30T06:22:37","version" => "4.008"},{"date" => "2020-01-31T15:51:57","version" => "4.009"},{"date" => "2020-02-02T03:23:18","version" => "4.009_001"},{"date" => "2020-02-02T09:19:30","version" => "4.009_002"},{"date" => "2020-02-02T17:40:26","version" => "4.009_003"},{"date" => "2020-02-04T02:57:02","version" => "4.010"},{"date" => "2020-02-04T05:06:24","version" => "4.011"},{"date" => "2020-06-10T21:07:04","version" => "4.012"},{"date" => "2020-06-11T16:51:45","version" => "4.014"},{"date" => "2020-07-08T07:09:15","version" => "4.015"},{"date" => "2020-07-09T14:12:25","version" => "4.016"},{"date" => "2020-07-09T18:30:34","version" => "4.017"},{"date" => "2020-07-29T09:01:02","version" => "4.017_001"},{"date" => "2020-08-03T10:39:28","version" => "4.018"},{"date" => "2022-02-07T11:58:57","version" => "4.019"},{"date" => "2022-02-17T11:27:44","version" => "4.020"},{"date" => "2022-02-18T04:47:33","version" => "4.021"},{"date" => "2022-02-19T11:23:46","version" => "4.022"},{"date" => "2022-02-20T04:16:56","version" => "4.023"},{"date" => "2022-07-28T11:26:37","version" => "4.024"},{"date" => "2022-07-28T12:22:47","version" => "4.025"},{"date" => "2022-09-01T13:13:13","version" => "5.000_001"},{"date" => "2022-09-02T18:56:25","version" => "5.000_002"},{"date" => "2022-09-03T13:56:39","version" => "5.001"},{"date" => "2023-01-31T14:34:21","version" => "5.001_001"},{"date" => "2023-02-01T08:09:30","version" => "5.001_002"},{"date" => "2023-02-01T10:53:49","version" => "5.001_003"},{"date" => "2023-02-01T11:38:26","version" => "5.002"},{"date" => "2023-02-06T16:44:17","version" => "5.002_001"},{"date" => "2023-02-07T10:26:08","version" => "5.002_002"},{"date" => "2023-02-08T02:39:42","version" => "5.003"},{"date" => "2023-04-19T13:20:25","version" => "5.004"}]},"Sereal-Encoder" => {"advisories" => [{"affected_versions" => [">=4.009_002,<5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=5.002_001"],"cves" => ["CVE-2018-12913"],"description" => "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2018-12913-miniz","references" => ["https://github.com/richgel999/miniz/issues/90"],"reported" => "2018-06-27","severity" => "high"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.014"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.014,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.001_001,<4.009_002"],"cves" => ["CVE-2021-24031"],"description" => "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24031-zstd","references" => ["https://www.facebook.com/security/advisories/cve-2021-24031","https://github.com/facebook/zstd/issues/1630","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.009_002,<4.014"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.014,<4.019"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"},{"affected_versions" => [">=4.019,<5.002"],"cves" => ["CVE-2021-24032"],"description" => "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.\n","distribution" => "Sereal-Encoder","fixed_versions" => [],"id" => "CPANSA-Sereal-Encoder-2021-24032-zstd","references" => ["https://github.com/facebook/zstd/issues/2491","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://www.facebook.com/security/advisories/cve-2021-24032"],"reported" => "2021-03-04","severity" => "medium"}],"main_module" => "Sereal::Encoder","versions" => [{"date" => "2012-09-10T09:43:11","version" => "0.06"},{"date" => "2012-09-11T11:17:07","version" => "0.07"},{"date" => "2012-09-13T15:19:40","version" => "0.08"},{"date" => "2012-09-14T08:13:49","version" => "0.09"},{"date" => "2012-09-17T11:44:12","version" => "0.10"},{"date" => "2012-09-18T11:24:11","version" => "0.11"},{"date" => "2012-09-19T06:01:22","version" => "0.12"},{"date" => "2012-10-10T09:14:22","version" => "0.14"},{"date" => "2012-10-17T15:20:00","version" => "0.15"},{"date" => "2012-10-25T09:33:51","version" => "0.16"},{"date" => "2012-10-29T10:58:18","version" => "0.17"},{"date" => "2012-11-14T06:42:06","version" => "0.18"},{"date" => "2012-11-23T14:37:56","version" => "0.20"},{"date" => "2013-01-08T06:40:40","version" => "0.23"},{"date" => "2013-01-22T17:03:02","version" => "0.25"},{"date" => "2013-02-03T11:46:46","version" => "0.26"},{"date" => "2013-02-09T12:09:26","version" => "0.27"},{"date" => "2013-02-09T15:37:48","version" => "0.28"},{"date" => "2013-02-09T17:24:34","version" => "0.29"},{"date" => "2013-02-13T05:46:59","version" => "0.30"},{"date" => "2013-02-17T14:30:05","version" => "0.31"},{"date" => "2013-03-23T14:39:47","version" => "0.32"},{"date" => "2013-03-23T16:47:04","version" => "0.33"},{"date" => "2013-03-23T18:00:05","version" => "0.34"},{"date" => "2013-04-01T09:59:22","version" => "0.35"},{"date" => "2013-05-07T11:13:49","version" => "0.36"},{"date" => "2013-09-02T05:49:19","version" => "0.37"},{"date" => "2013-10-01T05:51:37","version" => "2.00_01"},{"date" => "2013-10-28T18:38:35","version" => "2.00_02"},{"date" => "2013-12-29T09:44:38","version" => "2.00_03"},{"date" => "2013-12-31T08:30:50","version" => "2.01"},{"date" => "2014-01-06T14:01:57","version" => "2.02"},{"date" => "2014-01-07T19:08:26","version" => "2.03"},{"date" => "2014-03-05T17:32:56","version" => "2.04"},{"date" => "2014-03-09T10:48:25","version" => "2.06"},{"date" => "2014-03-26T17:11:30","version" => "2.07_01"},{"date" => "2014-04-06T15:50:20","version" => "2.070_101"},{"date" => "2014-04-06T16:56:18","version" => "2.070_102"},{"date" => "2014-04-08T22:36:36","version" => "2.070_103"},{"date" => "2014-04-10T20:43:50","version" => "2.08"},{"date" => "2014-04-13T19:24:19","version" => "2.09"},{"date" => "2014-04-13T19:33:47","version" => "2.10"},{"date" => "2014-04-13T21:13:04","version" => "2.11"},{"date" => "2014-05-11T21:49:09","version" => "2.12"},{"date" => "2014-05-29T10:52:53","version" => "3.000_001"},{"date" => "2014-06-01T21:49:38","version" => "3.000_002"},{"date" => "2014-06-01T22:17:13","version" => "3.000_003"},{"date" => "2014-06-03T20:12:08","version" => "3.000_004"},{"date" => "2014-06-04T20:54:31","version" => "3.001"},{"date" => "2014-06-12T19:19:59","version" => "3.001_001"},{"date" => "2014-06-27T14:55:41","version" => "3.001_002"},{"date" => "2014-07-15T11:53:41","version" => "3.001_003"},{"date" => "2014-07-27T17:59:16","version" => "3.001_004"},{"date" => "2014-07-28T10:29:12","version" => "3.001_005"},{"date" => "2014-08-03T20:42:00","version" => "3.001_006"},{"date" => "2014-08-04T19:16:04","version" => "3.001_007"},{"date" => "2014-08-05T16:35:53","version" => "3.001_008"},{"date" => "2014-08-05T19:58:59","version" => "3.001_009"},{"date" => "2014-08-12T18:10:53","version" => "3.001_010"},{"date" => "2014-08-12T18:36:41","version" => "3.001_011"},{"date" => "2014-08-15T12:08:46","version" => "3.001_012"},{"date" => "2014-08-20T09:24:08","version" => "3.002"},{"date" => "2014-09-26T11:40:33","version" => "3.002_001"},{"date" => "2014-10-18T12:06:29","version" => "3.002_002"},{"date" => "2014-10-19T22:06:31","version" => "3.003"},{"date" => "2014-11-23T15:58:32","version" => "3.003_001"},{"date" => "2014-12-21T17:53:35","version" => "3.003_002"},{"date" => "2014-12-26T04:50:23","version" => "3.003_003"},{"date" => "2014-12-26T15:06:15","version" => "3.003_004"},{"date" => "2014-12-27T15:20:32","version" => "3.004"},{"date" => "2015-01-05T14:38:10","version" => "3.005"},{"date" => "2015-01-27T21:37:51","version" => "3.005_001"},{"date" => "2015-11-09T09:32:15","version" => "3.005_002"},{"date" => "2015-11-12T13:58:04","version" => "3.005_003"},{"date" => "2015-11-13T14:56:01","version" => "3.005_004"},{"date" => "2015-11-13T19:57:36","version" => "3.005_005"},{"date" => "2015-11-14T10:41:52","version" => "3.006"},{"date" => "2015-11-16T10:11:31","version" => "3.006_001"},{"date" => "2015-11-16T11:39:51","version" => "3.006_002"},{"date" => "2015-11-18T16:25:31","version" => "3.006_003"},{"date" => "2015-11-18T18:49:56","version" => "3.006_004"},{"date" => "2015-11-20T08:33:34","version" => "3.006_005"},{"date" => "2015-11-21T15:42:19","version" => "3.006_006"},{"date" => "2015-11-25T13:35:40","version" => "3.006_007"},{"date" => "2015-11-26T21:01:05","version" => "3.007"},{"date" => "2015-11-27T20:48:43","version" => "3.008"},{"date" => "2015-11-30T11:07:50","version" => "3.009"},{"date" => "2015-12-06T22:53:53","version" => "3.011"},{"date" => "2015-12-06T23:48:43","version" => "3.012"},{"date" => "2015-12-07T00:07:40","version" => "3.014"},{"date" => "2016-08-30T09:43:28","version" => "3.014_002"},{"date" => "2016-09-01T18:23:33","version" => "3.015"},{"date" => "2017-02-06T10:51:16","version" => "4.001_001"},{"date" => "2017-04-22T11:08:48","version" => "4.001_002"},{"date" => "2017-04-23T09:56:23","version" => "4.001_003"},{"date" => "2017-11-11T09:34:03","version" => "4.002"},{"date" => "2017-11-12T16:11:04","version" => "4.003"},{"date" => "2017-11-12T19:10:06","version" => "4.004"},{"date" => "2018-01-23T20:58:01","version" => "4.005"},{"date" => "2019-04-08T20:03:34","version" => "4.006"},{"date" => "2019-04-09T17:26:54","version" => "4.007"},{"date" => "2020-01-29T17:34:08","version" => "4.007_001"},{"date" => "2020-01-30T06:22:49","version" => "4.008"},{"date" => "2020-01-31T15:52:09","version" => "4.009"},{"date" => "2020-02-02T03:23:30","version" => "4.009_001"},{"date" => "2020-02-02T09:19:41","version" => "4.009_002"},{"date" => "2020-02-02T17:38:48","version" => "4.009_003"},{"date" => "2020-02-04T02:57:13","version" => "4.010"},{"date" => "2020-02-04T05:06:35","version" => "4.011"},{"date" => "2020-06-10T21:07:15","version" => "4.012"},{"date" => "2020-06-11T16:51:56","version" => "4.014"},{"date" => "2020-07-08T07:09:27","version" => "4.015"},{"date" => "2020-07-09T14:12:37","version" => "4.016"},{"date" => "2020-07-09T18:30:45","version" => "4.017"},{"date" => "2020-07-29T09:01:13","version" => "4.017_001"},{"date" => "2020-08-03T10:39:39","version" => "4.018"},{"date" => "2022-02-07T11:59:08","version" => "4.019"},{"date" => "2022-02-17T11:27:55","version" => "4.020"},{"date" => "2022-02-18T04:47:44","version" => "4.021"},{"date" => "2022-02-19T11:23:57","version" => "4.022"},{"date" => "2022-02-20T04:17:07","version" => "4.023"},{"date" => "2022-07-28T11:26:48","version" => "4.024"},{"date" => "2022-07-28T12:21:09","version" => "4.025"},{"date" => "2022-09-01T13:13:25","version" => "5.000_001"},{"date" => "2022-09-02T18:56:37","version" => "5.000_002"},{"date" => "2022-09-03T13:56:50","version" => "5.001"},{"date" => "2023-01-31T14:34:32","version" => "5.001_001"},{"date" => "2023-02-01T08:09:41","version" => "5.001_002"},{"date" => "2023-02-01T10:54:00","version" => "5.001_003"},{"date" => "2023-02-01T11:38:37","version" => "5.002"},{"date" => "2023-02-06T16:44:28","version" => "5.002_001"},{"date" => "2023-02-07T10:26:19","version" => "5.002_002"},{"date" => "2023-02-08T02:39:53","version" => "5.003"},{"date" => "2023-04-19T13:20:36","version" => "5.004"}]},"Sidef" => {"advisories" => [{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.06,<=22.07"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Sidef","fixed_versions" => [],"id" => "CPANSA-Sidef-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Sidef","versions" => [{"date" => "2015-06-19T22:56:13","version" => "0.06"},{"date" => "2015-07-07T22:15:05","version" => "0.07"},{"date" => "2015-07-16T17:29:42","version" => "0.08"},{"date" => "2015-07-23T06:30:35","version" => "0.09"},{"date" => "2015-07-24T05:59:07","version" => "0.0900001"},{"date" => "2015-09-07T00:03:50","version" => "0.0900002"},{"date" => "2015-09-16T22:58:56","version" => "0.10"},{"date" => "2015-10-31T07:15:42","version" => "2.10"},{"date" => "2015-11-24T18:52:00","version" => "2.11"},{"date" => "2015-12-10T23:46:41","version" => "2.12"},{"date" => "2015-12-24T09:03:59","version" => "2.13"},{"date" => "2016-01-02T10:53:48","version" => "2.20"},{"date" => "2016-01-14T13:51:33","version" => "2.21"},{"date" => "2016-02-08T03:21:05","version" => "2.22"},{"date" => "2016-03-06T14:33:37","version" => "2.23"},{"date" => "2016-03-24T16:49:45","version" => "2.24"},{"date" => "2016-05-27T20:32:46","version" => "2.25"},{"date" => "2016-06-01T15:48:21","version" => "2.26"},{"date" => "2016-07-29T13:02:29","version" => "2.30"},{"date" => "2016-08-18T22:40:23","version" => "2.300001"},{"date" => "2016-09-08T22:23:21","version" => "2.31"},{"date" => "2016-10-07T19:01:28","version" => "2.32"},{"date" => "2016-11-13T15:40:06","version" => "2.33"},{"date" => "2016-11-17T17:46:34","version" => "2.330001"},{"date" => "2016-12-24T19:58:48","version" => "2.34"},{"date" => "2017-01-30T20:53:41","version" => "2.35"},{"date" => "2017-03-02T08:58:20","version" => "2.36"},{"date" => "2017-04-04T19:53:33","version" => "2.37"},{"date" => "2017-04-22T19:35:52","version" => "3.00"},{"date" => "2017-05-09T22:49:43","version" => "3.01"},{"date" => "2017-06-05T21:56:28","version" => "3.02"},{"date" => "2017-08-27T20:59:15","version" => "3.03"},{"date" => "2017-10-06T01:08:28","version" => "3.04"},{"date" => "2017-11-03T23:04:20","version" => "3.05"},{"date" => "2017-12-08T13:13:05","version" => "3.10"},{"date" => "2018-02-17T11:31:53","version" => "3.15"},{"date" => "2018-05-05T20:49:50","version" => "3.16"},{"date" => "2018-05-30T21:54:08","version" => "3.17"},{"date" => "2018-07-04T20:15:48","version" => "3.18"},{"date" => "2018-07-31T09:11:13","version" => "3.19"},{"date" => "2018-10-13T22:10:15","version" => "3.50"},{"date" => "2019-01-07T00:48:34","version" => "3.60"},{"date" => "2019-03-24T18:15:23","version" => "3.70"},{"date" => "2019-05-18T23:57:28","version" => "3.80"},{"date" => "2019-08-18T09:18:32","version" => "3.85"},{"date" => "2019-12-25T18:38:15","version" => "3.90"},{"date" => "2020-03-22T22:05:56","version" => "3.95"},{"date" => "2020-07-20T16:23:44","version" => "3.96"},{"date" => "2021-01-17T23:11:25","version" => "3.97"},{"date" => "2021-01-18T22:53:11","version" => "v3.97.1"},{"date" => "2021-03-26T16:00:09","version" => "3.98"},{"date" => "2021-09-02T11:47:37","version" => "3.99"},{"date" => "2022-03-27T09:40:38","version" => "22.03"},{"date" => "2022-05-13T08:16:40","version" => "22.05"},{"date" => "2022-07-16T16:52:14","version" => "22.07"},{"date" => "2022-12-01T21:12:53","version" => "22.12"},{"date" => "2023-03-06T12:08:52","version" => "23.03"},{"date" => "2023-05-11T10:10:43","version" => "23.05"},{"date" => "2023-08-29T10:34:43","version" => "23.08"},{"date" => "2023-10-17T05:11:25","version" => "23.10"},{"date" => "2023-11-07T05:18:27","version" => "23.11"},{"date" => "2024-01-06T17:09:42","version" => "24.01"},{"date" => "2024-05-12T07:43:14","version" => "24.05"},{"date" => "2024-11-28T19:18:13","version" => "24.11"},{"date" => "2025-12-21T00:33:44","version" => "25.12"},{"date" => "2026-01-13T18:42:36","version" => "26.01"}]},"Smolder" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-58041"],"description" => "Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions.  Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Smolder::DB::Developer uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Smolder","fixed_versions" => [],"id" => "CPANSA-Smolder-2024-58041","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L221","https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L5","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2026-02-24","severity" => undef}],"main_module" => "Smolder","versions" => [{"date" => "2009-03-30T07:16:46","version" => "1.30"},{"date" => "2009-03-30T08:54:42","version" => "1.31"},{"date" => "2009-03-30T14:21:48","version" => "1.32"},{"date" => "2009-03-30T21:47:26","version" => "1.33"},{"date" => "2009-04-02T13:59:15","version" => "1.34"},{"date" => "2009-04-04T12:02:59","version" => "1.35"},{"date" => "2009-04-08T21:49:00","version" => "1.36"},{"date" => "2009-04-22T01:45:55","version" => "1.37"},{"date" => "2009-04-24T19:18:08","version" => "1.38"},{"date" => "2009-05-08T16:54:22","version" => "1.39"},{"date" => "2009-06-23T03:41:41","version" => "1.40"},{"date" => "2009-12-14T01:28:30","version" => "1.50"},{"date" => "2009-12-16T00:54:47","version" => "1.51"},{"date" => "2013-07-08T12:13:08","version" => "1.52"}]},"SockJS" => {"advisories" => [{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.10"],"cves" => ["CVE-2020-7693"],"description" => "Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7693-sockjs","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-7693"],"reported" => "2020-07-09","severity" => undef},{"affected_versions" => [">=0.03,<=0.10"],"cves" => ["CVE-2020-7693"],"description" => "Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.\n","distribution" => "SockJS","fixed_versions" => [],"id" => "CPANSA-SockJS-2020-7693-sockjs","references" => ["https://nvd.nist.gov/vuln/detail/CVE-2020-7693"],"reported" => "2020-07-09","severity" => undef}],"main_module" => "SockJS","versions" => [{"date" => "2013-04-06T13:37:32","version" => "0.01"},{"date" => "2018-08-26T06:26:34","version" => "0.03"},{"date" => "2018-08-26T12:25:45","version" => "0.04"},{"date" => "2018-08-26T17:55:40","version" => "0.05"},{"date" => "2018-08-26T18:26:38","version" => "0.06"},{"date" => "2018-09-29T11:17:26","version" => "0.07"},{"date" => "2018-12-02T09:25:55","version" => "0.08"},{"date" => "2018-12-02T11:11:31","version" => "0.09"},{"date" => "2018-12-07T12:02:52","version" => "0.10"}]},"Socket" => {"advisories" => [{"affected_versions" => ["<2.026"],"cves" => [],"description" => "The function croak is variadic which expects as a first parameter printf-style format.  Passing arbitrary and string from the caller as a printf format leads to the security problem CWE-134: Use of Externally-Controlled Format String.\n","distribution" => "Socket","fixed_versions" => [">=2.027"],"id" => "CPANSA-Socket-2017-01","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=122830"],"reported" => "2017-08-17","severity" => undef}],"main_module" => "Socket","versions" => [{"date" => "1995-11-09T22:44:00","version" => "1.3"},{"date" => "1996-06-09T12:32:00","version" => "1.5"},{"date" => "2011-10-25T22:29:20","version" => "1.94_03"},{"date" => "2011-10-26T17:37:31","version" => "1.94_04"},{"date" => "2011-10-27T17:28:25","version" => "1.94_05"},{"date" => "2011-10-30T01:34:45","version" => "1.94_06"},{"date" => "2011-11-22T15:09:56","version" => "1.94_07"},{"date" => "2011-12-01T14:07:01","version" => "1.95"},{"date" => "2011-12-02T23:40:37","version" => "1.95_001"},{"date" => "2011-12-05T19:33:32","version" => "1.95_002"},{"date" => "2011-12-06T23:28:06","version" => "1.95_003"},{"date" => "2011-12-07T16:24:12","version" => "1.95_004"},{"date" => "2011-12-11T00:25:11","version" => "1.96"},{"date" => "2011-12-16T19:47:41","version" => "1.97"},{"date" => "2012-02-07T15:33:00","version" => "1.97_001"},{"date" => "2012-02-12T11:40:21","version" => "1.97_002"},{"date" => "2012-02-16T00:52:35","version" => "1.98"},{"date" => "2012-02-17T00:24:56","version" => "1.98_001"},{"date" => "2012-02-21T23:39:36","version" => "1.99"},{"date" => "2012-03-10T00:09:16","version" => "2.000"},{"date" => "2012-03-27T13:59:43","version" => "2.001"},{"date" => "2012-05-18T16:23:54","version" => "2.001_001"},{"date" => "2012-05-22T15:38:46","version" => "2.001_002"},{"date" => "2012-05-31T15:02:53","version" => "2.001_003"},{"date" => "2012-06-06T10:22:21","version" => "2.002"},{"date" => "2012-08-15T13:14:45","version" => "2.003"},{"date" => "2012-08-15T21:22:04","version" => "2.004"},{"date" => "2012-08-16T21:27:21","version" => "2.005"},{"date" => "2012-08-19T21:49:58","version" => "2.006"},{"date" => "2012-12-16T18:27:03","version" => "2.007"},{"date" => "2012-12-27T15:41:41","version" => "2.008"},{"date" => "2013-01-18T16:13:59","version" => "2.009"},{"date" => "2013-06-24T19:25:09","version" => "2.010"},{"date" => "2013-07-28T18:46:32","version" => "2.011"},{"date" => "2013-09-03T12:23:51","version" => "2.012"},{"date" => "2013-10-28T00:53:02","version" => "2.013"},{"date" => "2014-05-31T23:16:34","version" => "2.014"},{"date" => "2014-08-15T22:38:05","version" => "2.015"},{"date" => "2014-10-08T20:58:19","version" => "2.016"},{"date" => "2015-02-10T12:28:48","version" => "2.017"},{"date" => "2015-02-12T13:45:11","version" => "2.018"},{"date" => "2015-04-27T20:25:03","version" => "2.018_001"},{"date" => "2015-04-29T16:08:52","version" => "2.019"},{"date" => "2015-06-24T13:49:15","version" => "2.020"},{"date" => "2015-11-18T17:15:18","version" => "2.021"},{"date" => "2016-04-16T22:49:32","version" => "2.021_01"},{"date" => "2016-06-06T10:07:12","version" => "2.021_02"},{"date" => "2016-08-01T15:05:16","version" => "2.022"},{"date" => "2016-08-02T13:53:11","version" => "2.023"},{"date" => "2016-08-11T12:52:58","version" => "2.024"},{"date" => "2016-08-26T17:50:04","version" => "2.024_01"},{"date" => "2016-08-26T22:33:20","version" => "2.024_02"},{"date" => "2016-10-04T14:06:42","version" => "2.024_03"},{"date" => "2018-01-09T15:15:51","version" => "2.025"},{"date" => "2018-01-11T23:18:50","version" => "2.026"},{"date" => "2018-01-12T17:00:49","version" => "2.027"},{"date" => "2018-09-05T10:32:16","version" => "2.027_04"},{"date" => "2019-02-20T00:03:23","version" => "2.028"},{"date" => "2019-02-20T19:58:07","version" => "2.029"},{"date" => "2019-02-21T19:41:16","version" => "2.029"},{"date" => "2019-04-14T09:28:49","version" => "2.027_05"},{"date" => "2019-06-15T14:08:34","version" => "2.029_05"},{"date" => "2020-07-06T13:57:06","version" => "2.030"},{"date" => "2021-01-05T15:50:53","version" => "2.031"},{"date" => "2021-06-02T23:32:40","version" => "2.032"},{"date" => "2022-04-29T14:34:23","version" => "2.033"},{"date" => "2022-06-27T09:29:08","version" => "2.034"},{"date" => "2022-07-01T14:22:10","version" => "2.035"},{"date" => "2022-08-19T16:40:53","version" => "2.036"},{"date" => "2023-06-06T11:57:25","version" => "2.037"},{"date" => "2024-04-15T20:15:41","version" => "2.038"},{"date" => "2025-06-25T17:07:24","version" => "2.039"},{"date" => "2025-07-16T11:30:51","version" => "2.040"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "1997-05-15T00:00:00","dual_lived" => 1,"perl_release" => "5.004","version" => "1.6"},{"date" => "1999-04-29T00:00:00","dual_lived" => 1,"perl_release" => "5.00405","version" => "1.7"},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006","version" => "1.72"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.75"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "1.76"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "1.77"},{"date" => "2006-01-31T00:00:00","dual_lived" => 1,"perl_release" => "5.008008","version" => "1.78"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "1.81"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "1.79"},{"date" => "2007-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.010000","version" => "1.80"},{"date" => "2009-08-22T00:00:00","dual_lived" => 1,"perl_release" => "5.010001","version" => "1.82"},{"date" => "2009-10-02T00:00:00","dual_lived" => 1,"perl_release" => "5.011000","version" => "1.84"},{"date" => "2009-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011001","version" => "1.85"},{"date" => "2010-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011005","version" => "1.86"},{"date" => "2010-04-12T00:00:00","dual_lived" => 1,"perl_release" => "5.012000","version" => "1.87"},{"date" => "2011-01-21T00:00:00","dual_lived" => 1,"perl_release" => "5.012003","version" => "1.87_01"},{"date" => "2010-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013001","version" => "1.88"},{"date" => "2010-06-22T00:00:00","dual_lived" => 1,"perl_release" => "5.013002","version" => "1.89"},{"date" => "2010-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013006","version" => "1.90"},{"date" => "2010-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013007","version" => "1.91"},{"date" => "2010-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013008","version" => "1.92"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "1.93"},{"date" => "2011-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013010","version" => "1.94"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "1.94_01"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "1.94_02"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "2.006_001"},{"date" => "2015-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023003","version" => "2.020_01"},{"date" => "2015-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023004","version" => "2.020_02"},{"date" => "2016-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023009","version" => "2.020_03"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "2.020_04"}]},"Spoon" => {"advisories" => [{"affected_versions" => [">0.24"],"cves" => ["CVE-2012-6143"],"description" => "Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.\n","distribution" => "Spoon","fixed_versions" => [],"id" => "CPANSA-Spoon-Cookie-2012-6143","references" => ["https://rt.cpan.org/Public/Bug/Display.html?id=85217","http://www.securityfocus.com/bid/59834","http://seclists.org/oss-sec/2013/q2/318","https://exchange.xforce.ibmcloud.com/vulnerabilities/84197"],"reported" => "2014-06-04","severity" => undef}],"main_module" => "Spoon","versions" => [{"date" => "2004-03-21T10:04:10","version" => "0.10"},{"date" => "2004-03-23T07:50:48","version" => "0.11"},{"date" => "2004-03-30T16:23:32","version" => "0.12"},{"date" => "2004-05-07T16:21:27","version" => "0.13"},{"date" => "2004-06-02T10:15:14","version" => "0.14"},{"date" => "2004-06-21T17:39:05","version" => "0.15"},{"date" => "2004-06-22T17:43:16","version" => "0.16"},{"date" => "2004-07-20T20:01:22","version" => "0.17"},{"date" => "2004-08-12T05:59:51","version" => "0.18"},{"date" => "2004-12-16T00:12:10","version" => "0.19"},{"date" => "2004-12-18T09:04:38","version" => "0.20"},{"date" => "2005-01-11T16:27:02","version" => "0.21"},{"date" => "2005-04-04T14:49:45","version" => "0.22"},{"date" => "2005-04-07T03:44:14","version" => "0.23"},{"date" => "2006-12-09T23:29:37","version" => "0.24"}]},"Spreadsheet-ParseExcel" => {"advisories" => [{"affected_versions" => ["<0.66"],"cves" => ["CVE-2023-7101"],"description" => "Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type \x{201c}eval\x{201d}. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.\n","distribution" => "Spreadsheet-ParseExcel","fixed_versions" => [">=0.66"],"id" => "CPANSA-Spreadsheet-ParseExcel-2023-7101","references" => ["http://www.openwall.com/lists/oss-security/2023/12/29/4","https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171","https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md","https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc","https://https://metacpan.org/dist/Spreadsheet-ParseExcel","https://https://www.cve.org/CVERecord?id=CVE-2023-7101","https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html"],"reported" => "2023-12-24","severity" => undef}],"main_module" => "Spreadsheet::ParseExcel","versions" => [{"date" => "2000-10-06T00:33:12","version" => "0.06"},{"date" => "2000-11-18T03:01:33","version" => "0.07"},{"date" => "2000-11-24T23:59:57","version" => "0.08"},{"date" => "2000-12-15T02:58:39","version" => "0.09"},{"date" => "2001-01-16T00:27:35","version" => "0.10"},{"date" => "2001-01-31T15:09:13","version" => "0.11"},{"date" => "2001-02-05T11:37:49","version" => "0.12"},{"date" => "2001-02-22T22:35:17","version" => "0.13"},{"date" => "2001-03-06T02:14:24","version" => "0.15"},{"date" => "2001-03-07T21:50:33","version" => "0.16"},{"date" => "2001-03-12T23:08:09","version" => "0.17"},{"date" => "2001-03-17T07:39:42","version" => "0.18"},{"date" => "2001-03-26T11:41:43","version" => "0.19"},{"date" => "2001-03-30T11:22:58","version" => "0.20"},{"date" => "2001-04-11T00:12:29","version" => "0.201"},{"date" => "2001-04-11T00:17:15","version" => "v0.20.1"},{"date" => "2001-04-28T02:18:17","version" => "0.21"},{"date" => "2001-04-29T05:37:04","version" => "v0.21.1"},{"date" => "2001-05-01T07:23:55","version" => "v0.21.2"},{"date" => "2001-05-05T09:46:39","version" => "0.22"},{"date" => "2001-05-15T22:20:34","version" => "v0.22.1"},{"date" => "2001-05-24T22:12:58","version" => "v0.22.2"},{"date" => "2001-06-05T22:21:24","version" => "v0.22.3"},{"date" => "2001-06-21T21:38:06","version" => "0.23"},{"date" => "2001-06-26T03:05:48","version" => "0.2301"},{"date" => "2001-07-05T10:44:34","version" => "0.24"},{"date" => "2001-07-13T10:51:35","version" => "0.2402"},{"date" => "2001-07-24T21:45:07","version" => "0.2403"},{"date" => "2001-12-06T22:01:45","version" => "0.2404"},{"date" => "2002-01-28T22:38:34","version" => "0.2405"},{"date" => "2002-04-07T22:20:17","version" => "0.2406"},{"date" => "2002-04-24T13:05:42","version" => "0.2407"},{"date" => "2002-05-09T15:05:41","version" => "0.25"},{"date" => "2002-06-05T20:57:29","version" => "0.26"},{"date" => "2002-07-13T22:41:34","version" => "0.2601"},{"date" => "2002-07-16T02:07:27","version" => "0.2602"},{"date" => "2004-05-30T01:51:09","version" => "0.2603"},{"date" => "2006-09-11T09:15:23","version" => "0.27_01"},{"date" => "2006-09-12T20:55:36","version" => "0.27_02"},{"date" => "2006-11-02T16:44:10","version" => "0.27_03"},{"date" => "2007-01-03T15:48:01","version" => "0.27"},{"date" => "2007-01-07T17:20:30","version" => "0.28"},{"date" => "2007-03-29T23:21:14","version" => "0.29"},{"date" => "2007-03-31T15:33:28","version" => "0.30"},{"date" => "2007-05-03T02:21:13","version" => "0.31"},{"date" => "2007-05-05T03:56:46","version" => "0.32"},{"date" => "2008-09-07T07:47:07","version" => "0.33"},{"date" => "2008-10-24T00:05:35","version" => "0.40"},{"date" => "2008-10-24T00:18:27","version" => "0.33"},{"date" => "2009-01-01T20:42:10","version" => "0.42"},{"date" => "2009-01-08T02:06:27","version" => "0.43"},{"date" => "2009-01-09T03:37:10","version" => "0.44"},{"date" => "2009-01-14T02:19:46","version" => "0.45"},{"date" => "2009-01-20T00:34:23","version" => "0.46"},{"date" => "2009-01-22T00:39:18","version" => "0.47"},{"date" => "2009-01-23T07:07:04","version" => "0.48"},{"date" => "2009-01-24T01:19:12","version" => "0.49"},{"date" => "2009-08-18T23:30:07","version" => "0.50"},{"date" => "2009-08-19T22:08:26","version" => "0.51"},{"date" => "2009-08-21T18:09:01","version" => "0.52"},{"date" => "2009-08-24T23:06:49","version" => "0.53"},{"date" => "2009-08-25T20:24:31","version" => "0.54"},{"date" => "2009-09-30T06:26:08","version" => "0.55"},{"date" => "2009-12-10T00:23:50","version" => "0.56"},{"date" => "2010-01-24T19:18:56","version" => "0.57"},{"date" => "2010-09-17T18:09:07","version" => "0.58"},{"date" => "2011-04-06T19:13:26","version" => "0.59"},{"date" => "2014-02-26T19:58:52","version" => "0.60"},{"date" => "2014-03-04T18:56:46","version" => "0.61"},{"date" => "2014-03-05T17:16:00","version" => "0.62"},{"date" => "2014-03-07T20:47:21","version" => "0.63"},{"date" => "2014-03-11T17:22:13","version" => "0.64"},{"date" => "2014-03-18T20:47:23","version" => "0.65"},{"date" => "2023-12-29T01:14:58","version" => "0.66"}]},"Spreadsheet-ParseXLSX" => {"advisories" => [{"affected_versions" => ["<0.28"],"cves" => ["CVE-2024-22368"],"description" => "The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.\n","distribution" => "Spreadsheet-ParseXLSX","fixed_versions" => [">=0.28"],"id" => "CPANSA-Spreadsheet-ParseXLSX-2024-22368","references" => ["https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md","https://github.com/briandfoy/cpan-security-advisory/issues/131","https://nvd.nist.gov/vuln/detail/CVE-2024-22368","https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md","https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes","https://github.com/advisories/GHSA-x2hg-844v-frvh"],"reported" => "2024-01-03"},{"affected_versions" => ["<0.30"],"cves" => ["CVE-2024-23525"],"description" => "In default configuration of Spreadsheet::ParseXLSX, whenever we call Spreadsheet::ParseXLSX->new()->parse('user_input_file.xlsx'), we'd be vulnerable for XXE vulnerability if the XLSX file that we are parsing is from user input.\n","distribution" => "Spreadsheet-ParseXLSX","fixed_versions" => [">=0.30"],"id" => "CPANSA-Spreadsheet-ParseXLSX-2024-23525","references" => ["https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes","https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a","https://github.com/briandfoy/cpan-security-advisory/issues/134","https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10","https://github.com/advisories/GHSA-cxjh-j6f8-vrmf","https://nvd.nist.gov/vuln/detail/CVE-2024-23525"],"reported" => "2024-01-17"}],"main_module" => "Spreadsheet::ParseXLSX","versions" => [{"date" => "2013-07-17T02:45:07","version" => "0.01"},{"date" => "2013-07-17T15:14:43","version" => "0.02"},{"date" => "2013-07-26T07:34:38","version" => "0.03"},{"date" => "2013-07-31T18:28:38","version" => "0.04"},{"date" => "2013-07-31T22:15:56","version" => "0.05"},{"date" => "2013-08-29T20:02:30","version" => "0.06"},{"date" => "2013-09-05T18:34:35","version" => "0.07"},{"date" => "2013-09-10T18:21:15","version" => "0.08"},{"date" => "2013-10-09T14:52:49","version" => "0.09"},{"date" => "2013-11-06T18:36:10","version" => "0.10"},{"date" => "2013-11-14T00:30:46","version" => "0.11"},{"date" => "2013-12-09T20:27:26","version" => "0.12"},{"date" => "2014-01-29T21:32:54","version" => "0.13"},{"date" => "2014-04-03T16:56:25","version" => "0.14"},{"date" => "2014-07-05T01:39:06","version" => "0.15"},{"date" => "2014-07-05T18:55:08","version" => "0.16"},{"date" => "2015-03-26T03:38:16","version" => "0.17"},{"date" => "2015-09-19T06:08:07","version" => "0.18"},{"date" => "2015-12-04T07:38:39","version" => "0.19"},{"date" => "2015-12-05T18:45:32","version" => "0.20"},{"date" => "2016-05-23T07:09:47","version" => "0.21"},{"date" => "2016-05-25T05:39:15","version" => "0.22"},{"date" => "2016-05-29T03:01:59","version" => "0.23"},{"date" => "2016-06-25T18:03:32","version" => "0.24"},{"date" => "2016-07-15T02:36:28","version" => "0.25"},{"date" => "2016-08-16T06:35:10","version" => "0.26"},{"date" => "2016-08-16T07:12:41","version" => "0.27"},{"date" => "2024-01-02T13:45:35","version" => "0.28"},{"date" => "2024-01-02T17:49:11","version" => "0.29"},{"date" => "2024-01-17T11:34:43","version" => "0.30"},{"date" => "2024-01-18T11:30:17","version" => "0.31"},{"date" => "2024-03-08T11:04:50","version" => "0.32"},{"date" => "2024-03-08T12:50:37","version" => "0.33"},{"date" => "2024-03-13T10:28:28","version" => "0.34"},{"date" => "2024-03-19T16:22:17","version" => "0.35"},{"date" => "2025-01-24T09:33:40","version" => "0.36"}]},"Squatting" => {"advisories" => [{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.40,<=0.83"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Squatting","fixed_versions" => [],"id" => "CPANSA-Squatting-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Squatting","versions" => [{"date" => "2008-05-13T22:22:58","version" => "0.20"},{"date" => "2008-05-14T06:05:11","version" => "0.21"},{"date" => "2008-06-02T19:48:13","version" => "0.30"},{"date" => "2008-06-06T10:48:50","version" => "0.31"},{"date" => "2008-07-06T17:46:05","version" => "0.40"},{"date" => "2008-07-09T04:13:14","version" => "0.41"},{"date" => "2008-07-25T14:38:30","version" => "0.42"},{"date" => "2008-07-31T02:12:58","version" => "0.50"},{"date" => "2008-08-07T23:35:32","version" => "0.51"},{"date" => "2008-08-09T00:05:02","version" => "0.52"},{"date" => "2009-04-21T18:46:53","version" => "0.60"},{"date" => "2009-08-27T12:18:15","version" => "0.70"},{"date" => "2011-04-27T11:37:19","version" => "0.80"},{"date" => "2011-04-27T21:17:13","version" => "0.81"},{"date" => "2013-08-12T04:12:05","version" => "0.82"},{"date" => "2014-02-20T03:16:20","version" => "0.83"}]},"Starch" => {"advisories" => [{"affected_versions" => ["<=0.14"],"cves" => ["CVE-2025-40925"],"description" => "Starch versions 0.14 and earlier generate session ids insecurely.  The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.  Predicable session ids could allow an attacker to gain access to systems.","distribution" => "Starch","fixed_versions" => [],"id" => "CPANSA-Starch-2025-40925","references" => ["https://github.com/bluefeet/Starch/commit/5573449e64e0660f7ee209d1eab5881d4ccbee3b.patch","https://github.com/bluefeet/Starch/pull/5","https://metacpan.org/dist/Starch/source/lib/Starch/Manager.pm"],"reported" => "2025-09-20","severity" => undef}],"main_module" => "Starch","versions" => [{"date" => "2015-07-31T23:11:38","version" => "0.06"},{"date" => "2018-05-17T14:47:29","version" => "0.07"},{"date" => "2018-09-04T01:40:23","version" => "0.08"},{"date" => "2018-09-04T17:20:53","version" => "0.09"},{"date" => "2019-02-14T19:42:01","version" => "0.10"},{"date" => "2019-02-20T15:55:30","version" => "0.11"},{"date" => "2019-03-01T06:11:34","version" => "0.12"},{"date" => "2019-03-23T21:36:38","version" => "0.13"},{"date" => "2019-05-13T02:14:22","version" => "0.14"}]},"Stardust" => {"advisories" => [{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=0.08"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Stardust","fixed_versions" => [],"id" => "CPANSA-Stardust-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Stardust","versions" => [{"date" => "2009-08-28T03:34:38","version" => "0.01"},{"date" => "2009-09-02T08:17:45","version" => "0.02"},{"date" => "2009-09-08T13:01:44","version" => "0.03"},{"date" => "2009-09-08T20:19:12","version" => "0.04"},{"date" => "2009-09-11T02:44:30","version" => "0.05"},{"date" => "2009-09-11T07:03:42","version" => "0.06"},{"date" => "2009-09-11T08:22:34","version" => "0.07"},{"date" => "2011-08-04T18:24:59","version" => "0.08"}]},"Storable" => {"advisories" => [{"affected_versions" => ["<3.05"],"cves" => [],"description" => "Malcrafted storable files or buffers.\n","distribution" => "Storable","fixed_versions" => [">=3.05"],"id" => "CPANSA-Storable-2017-01","references" => ["https://metacpan.org/changes/distribution/Storable","https://cxsecurity.com/issue/WLB-2007120031"],"reported" => "2017-01-29"}],"main_module" => "Storable","versions" => [{"date" => "1995-10-02T10:50:02","version" => "0.1"},{"date" => "1997-01-13T11:42:25","version" => "0.2"},{"date" => "1997-01-13T17:18:01","version" => "0.2"},{"date" => "1997-01-14T15:12:36","version" => "0.3"},{"date" => "1997-01-15T18:25:57","version" => "0.4"},{"date" => "1997-01-22T14:47:23","version" => "0.4"},{"date" => "1997-02-27T15:02:37","version" => "0.4"},{"date" => "1997-02-27T15:38:18","version" => "0.4"},{"date" => "1997-03-25T10:32:00","version" => "0.4"},{"date" => "1997-05-16T09:24:59","version" => "0.4"},{"date" => "1997-06-03T09:38:38","version" => "0.4"},{"date" => "1997-06-10T16:47:47","version" => "0.5"},{"date" => "1997-11-05T10:05:11","version" => "0.5"},{"date" => "1998-01-13T16:59:38","version" => "0.5"},{"date" => "1998-01-20T08:32:03","version" => "0.5"},{"date" => "1998-03-06T20:52:28","version" => "0.5"},{"date" => "1998-03-25T14:10:24","version" => "0.5"},{"date" => "1998-04-08T11:20:48","version" => "0.5"},{"date" => "1998-04-09T16:17:05","version" => "0.5"},{"date" => "1998-04-24T15:29:23","version" => "0.5"},{"date" => "1998-04-30T13:13:58","version" => "0.5"},{"date" => "1998-05-12T07:15:48","version" => "0.5"},{"date" => "1998-06-04T16:19:02","version" => "0.6"},{"date" => "1998-06-12T09:54:35","version" => "0.6"},{"date" => "1998-06-22T09:00:32","version" => "0.6"},{"date" => "1998-07-03T13:53:55","version" => "0.6"},{"date" => "1998-07-21T12:10:39","version" => "0.6"},{"date" => "1999-01-31T18:01:47","version" => "0.6"},{"date" => "1999-07-12T13:05:25","version" => "0.6"},{"date" => "1999-09-02T12:47:03","version" => "0.6"},{"date" => "1999-09-14T20:27:23","version" => "v0.6.5"},{"date" => "1999-10-19T19:33:43","version" => "v0.6.6"},{"date" => "1999-10-20T17:10:19","version" => "v0.6.7"},{"date" => "2000-03-02T22:29:53","version" => "v0.6.9"},{"date" => "2000-03-29T18:00:09","version" => "v0.6.10"},{"date" => "2000-04-02T22:12:47","version" => "v0.6.11"},{"date" => "2000-08-03T22:12:31","version" => "v0.7.0"},{"date" => "2000-08-13T20:17:55","version" => "v0.7.1"},{"date" => "2000-08-14T07:27:17","version" => "v0.7.2"},{"date" => "2000-08-23T23:12:01","version" => "v0.7.4"},{"date" => "2000-09-01T19:44:37","version" => "v1.0.0"},{"date" => "2000-09-17T16:56:12","version" => "v1.0.1"},{"date" => "2000-09-28T21:50:42","version" => "v1.0.2"},{"date" => "2000-09-29T19:55:57","version" => "v1.0.3"},{"date" => "2000-10-23T18:12:41","version" => "v1.0.4"},{"date" => "2000-10-26T17:18:33","version" => "v1.0.5"},{"date" => "2000-11-05T17:30:34","version" => "v1.0.6"},{"date" => "2001-01-03T09:48:40","version" => "v1.0.7"},{"date" => "2001-02-17T12:43:23","version" => "v1.0.10"},{"date" => "2001-03-15T00:30:04","version" => "v1.0.11"},{"date" => "2001-07-01T11:30:39","version" => "v1.0.12"},{"date" => "2001-08-28T21:59:16","version" => "v1.0.13"},{"date" => "2001-12-01T13:48:14","version" => "v1.0.14"},{"date" => "2002-05-18T16:48:08","version" => "2.00"},{"date" => "2002-05-28T20:34:47","version" => "2.02"},{"date" => "2002-06-01T04:35:47","version" => "2.03"},{"date" => "2002-06-08T02:11:56","version" => "2.04"},{"date" => "2002-10-03T03:37:51","version" => "2.05"},{"date" => "2002-11-25T12:34:01","version" => "2.06"},{"date" => "2003-05-05T05:21:16","version" => "2.07"},{"date" => "2003-09-05T20:01:37","version" => "2.08"},{"date" => "2004-01-06T01:47:55","version" => "2.09"},{"date" => "2004-03-01T04:28:16","version" => "2.10"},{"date" => "2004-03-17T15:11:57","version" => "2.11"},{"date" => "2004-03-24T03:24:16","version" => "2.12"},{"date" => "2004-06-28T16:41:47","version" => "2.13"},{"date" => "2005-04-25T02:15:51","version" => "2.14"},{"date" => "2005-05-23T17:21:53","version" => "2.15"},{"date" => "2007-03-31T00:51:12","version" => "2.16"},{"date" => "2007-11-16T20:48:24","version" => "2.17"},{"date" => "2007-11-23T18:18:24","version" => "2.18"},{"date" => "2009-05-18T04:18:09","version" => "2.20"},{"date" => "2009-08-06T05:30:04","version" => "2.21"},{"date" => "2010-11-12T17:12:42","version" => "2.23"},{"date" => "2010-11-12T17:29:29","version" => "2.24"},{"date" => "2010-12-11T06:08:33","version" => "2.25"},{"date" => "2011-07-03T04:04:14","version" => "2.29"},{"date" => "2011-07-12T03:59:06","version" => "2.30"},{"date" => "2012-06-07T01:16:46","version" => "2.35"},{"date" => "2012-09-11T01:30:44","version" => "2.38"},{"date" => "2012-09-11T01:38:57","version" => "2.39"},{"date" => "2013-07-13T16:49:48","version" => "2.45"},{"date" => "2014-07-02T11:09:04","version" => "2.51"},{"date" => "2017-01-29T11:41:00","version" => "3.05"},{"date" => "2017-01-30T14:25:11","version" => "3.05_01"},{"date" => "2017-01-30T18:55:50","version" => "3.05_02"},{"date" => "2017-01-31T01:58:36","version" => "3.05_03"},{"date" => "2017-02-02T11:22:12","version" => "3.05_04"},{"date" => "2017-03-05T10:48:10","version" => "3.05_06"},{"date" => "2017-03-05T12:52:10","version" => "3.05_07"},{"date" => "2017-03-11T07:51:19","version" => "3.05_09"},{"date" => "2017-03-14T09:03:54","version" => "3.05_10"},{"date" => "2017-03-29T20:00:48","version" => "3.05_11"},{"date" => "2017-04-19T07:20:42","version" => "3.05_12"},{"date" => "2017-10-15T12:06:30","version" => "3.05_14"},{"date" => "2017-10-21T09:30:17","version" => "3.05_15"},{"date" => "2017-10-21T16:17:28","version" => "3.05_16"},{"date" => "2018-04-19T08:29:33","version" => "3.06"},{"date" => "2018-04-20T16:11:03","version" => "3.05_17"},{"date" => "2018-04-21T10:08:56","version" => "3.08"},{"date" => "2018-04-21T16:50:30","version" => "3.09"},{"date" => "2018-04-27T17:46:19","version" => "3.11"},{"date" => "2018-09-05T15:12:26","version" => "3.11_01"},{"date" => "2019-03-06T12:42:01","version" => "3.12_03"},{"date" => "2019-03-12T09:31:55","version" => "3.12_04"},{"date" => "2019-04-16T07:32:16","version" => "3.14_04"},{"date" => "2019-04-23T13:29:25","version" => "3.15"},{"date" => "2019-05-05T12:46:33","version" => "3.15_04"},{"date" => "2021-08-25T09:06:32","version" => "3.24_50"},{"date" => "2021-08-30T08:39:08","version" => "3.25"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "1.015"},{"date" => "2008-12-14T00:00:00","dual_lived" => 1,"perl_release" => "5.008009","version" => "2.19"},{"date" => "2006-01-28T00:00:00","dual_lived" => 1,"perl_release" => "5.009003","version" => "2.15_02"},{"date" => "2009-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.011001","version" => "2.22"},{"date" => "2011-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013009","version" => "2.26"},{"date" => "2011-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.013011","version" => "2.27"},{"date" => "2011-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015","version" => "2.28"},{"date" => "2011-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015001","version" => "2.31"},{"date" => "2011-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015003","version" => "2.32"},{"date" => "2011-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015005","version" => "2.33"},{"date" => "2011-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.015006","version" => "2.34"},{"date" => "2012-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017001","version" => "2.36"},{"date" => "2012-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017002","version" => "2.37"},{"date" => "2012-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.017007","version" => "2.40"},{"date" => "2013-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.017011","version" => "2.41"},{"date" => "2013-05-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019","version" => "2.42"},{"date" => "2013-06-21T00:00:00","dual_lived" => 1,"perl_release" => "5.019001","version" => "2.43"},{"date" => "2013-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019003","version" => "2.46"},{"date" => "2013-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019004","version" => "2.47"},{"date" => "2013-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019007","version" => "2.48"},{"date" => "2014-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.019011","version" => "2.49"},{"date" => "2015-02-14T00:00:00","dual_lived" => 1,"perl_release" => "5.020002","version" => "2.49_01"},{"date" => "2014-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.021007","version" => "2.52"},{"date" => "2015-02-21T00:00:00","dual_lived" => 1,"perl_release" => "5.021009","version" => "2.53"},{"date" => "2015-12-13T00:00:00","dual_lived" => 1,"perl_release" => "5.022001","version" => "2.53_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "2.53_02"},{"date" => "2015-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023001","version" => "2.54"},{"date" => "2016-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023008","version" => "2.55"},{"date" => "2016-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.023009","version" => "2.56"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.024001","version" => "2.56_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "2.57"},{"date" => "2016-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025006","version" => "2.58"},{"date" => "2016-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025007","version" => "2.59"},{"date" => "2017-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025009","version" => "2.61"},{"date" => "2017-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.02501","version" => "2.62"},{"date" => "2017-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027001","version" => "2.63"},{"date" => "2017-08-21T00:00:00","dual_lived" => 1,"perl_release" => "5.027003","version" => "2.64"},{"date" => "2017-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.027006","version" => "2.65"},{"date" => "2019-04-19T00:00:00","dual_lived" => 1,"perl_release" => "5.028002","version" => "3.08_01"},{"date" => "2018-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029002","version" => "3.12"},{"date" => "2018-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.029003","version" => "3.13"},{"date" => "2018-12-18T00:00:00","dual_lived" => 1,"perl_release" => "5.029006","version" => "3.14"},{"date" => "2019-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031001","version" => "3.16"},{"date" => "2019-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031003","version" => "3.17"},{"date" => "2019-12-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031007","version" => "3.18"},{"date" => "2020-02-20T00:00:00","dual_lived" => 1,"perl_release" => "5.031009","version" => "3.19"},{"date" => "2020-04-28T00:00:00","dual_lived" => 1,"perl_release" => "5.031011","version" => "3.20"},{"date" => "2020-06-20T00:00:00","dual_lived" => 1,"perl_release" => "5.032000","version" => "3.21"},{"date" => "2020-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033001","version" => "3.22"},{"date" => "2020-10-20T00:00:00","dual_lived" => 1,"perl_release" => "5.033003","version" => "3.23"},{"date" => "2021-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035003","version" => "3.24"},{"date" => "2022-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.035011","version" => "3.26"},{"date" => "2022-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037002","version" => "3.27"},{"date" => "2022-11-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037006","version" => "3.28"},{"date" => "2023-01-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037008","version" => "3.29"},{"date" => "2023-03-20T00:00:00","dual_lived" => 1,"perl_release" => "5.037010","version" => "3.31"},{"date" => "2023-07-02T00:00:00","dual_lived" => 1,"perl_release" => "5.038","version" => "3.32"},{"date" => "2024-07-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041002","version" => "3.33"},{"date" => "2024-08-29T00:00:00","dual_lived" => 1,"perl_release" => "5.041003","version" => "3.34"},{"date" => "2024-09-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041004","version" => "3.35"},{"date" => "2025-03-21T00:00:00","dual_lived" => 1,"perl_release" => "5.041010","version" => "3.36"},{"date" => "2025-04-20T00:00:00","dual_lived" => 1,"perl_release" => "5.041011","version" => "3.37"}]},"String-Compare-ConstantTime" => {"advisories" => [{"affected_versions" => ["<=0.321"],"cves" => ["CVE-2024-13939"],"description" => "String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.  As stated in the documentation: \"If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents).\"  This is similar to\x{a0}CVE-2020-36829","distribution" => "String-Compare-ConstantTime","fixed_versions" => [],"id" => "CPANSA-String-Compare-ConstantTime-2024-13939","references" => ["https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL"],"reported" => "2025-03-28","severity" => undef}],"main_module" => "String::Compare::ConstantTime","versions" => [{"date" => "2012-07-13T00:08:31","version" => "0.20"},{"date" => "2012-10-10T01:38:04","version" => "0.300"},{"date" => "2014-09-24T03:21:54","version" => "0.310"},{"date" => "2015-10-24T21:53:39","version" => "0.311"},{"date" => "2017-02-14T16:57:07","version" => "0.312"},{"date" => "2018-04-23T16:13:42","version" => "0.320"},{"date" => "2019-06-17T13:33:11","version" => "0.321"}]},"Sub-HandlesVia" => {"advisories" => [{"affected_versions" => ["<0.050002"],"cves" => ["CVE-2025-30673"],"description" => "Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.  If an attacker can place a malicious file in current working directory, it may be\x{a0}loaded instead of the intended file, potentially leading to arbitrary\x{a0}code execution.  Sub::HandlesVia uses Mite to produce the affected code section due to\x{a0}CVE-2025-30672","distribution" => "Sub-HandlesVia","fixed_versions" => [">=0.050002"],"id" => "CPANSA-Sub-HandlesVia-2025-30673","references" => ["https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html","https://metacpan.org/dist/Sub-HandlesVia/changes#L12","https://metacpan.org/release/TOBYINK/Sub-HandlesVia-0.050001/source/lib/Sub/HandlesVia/Mite.pm#L114"],"reported" => "2025-04-01","severity" => undef}],"main_module" => "Sub::HandlesVia","versions" => [{"date" => "2020-01-21T12:20:29","version" => "0.001"},{"date" => "2020-01-21T12:44:10","version" => "0.002"},{"date" => "2020-01-21T21:31:54","version" => "0.003"},{"date" => "2020-01-22T20:46:52","version" => "0.004"},{"date" => "2020-01-23T12:15:51","version" => "0.005"},{"date" => "2020-01-23T12:57:19","version" => "0.006"},{"date" => "2020-01-25T18:32:49","version" => "0.007"},{"date" => "2020-01-26T21:21:53","version" => "0.008_000"},{"date" => "2020-01-26T23:51:45","version" => "0.008_001"},{"date" => "2020-01-27T01:42:52","version" => "0.008_002"},{"date" => "2020-01-27T08:53:01","version" => "0.008_003"},{"date" => "2020-01-27T10:55:08","version" => "0.009"},{"date" => "2020-01-27T14:35:32","version" => "0.010"},{"date" => "2020-01-27T20:50:11","version" => "0.011"},{"date" => "2020-02-02T19:19:39","version" => "0.012"},{"date" => "2020-02-04T23:25:52","version" => "0.013"},{"date" => "2020-08-25T12:50:04","version" => "0.014"},{"date" => "2020-09-12T14:08:39","version" => "0.015"},{"date" => "2020-09-20T16:31:29","version" => "0.016"},{"date" => "2022-06-11T11:23:50","version" => "0.017"},{"date" => "2022-06-11T14:29:41","version" => "0.018"},{"date" => "2022-06-11T16:47:08","version" => "0.019"},{"date" => "2022-06-11T20:23:02","version" => "0.020"},{"date" => "2022-06-12T17:24:14","version" => "0.021"},{"date" => "2022-06-14T16:04:34","version" => "0.022"},{"date" => "2022-06-15T01:20:36","version" => "0.023"},{"date" => "2022-06-15T14:42:36","version" => "0.024"},{"date" => "2022-06-16T10:36:27","version" => "0.025"},{"date" => "2022-06-29T23:39:10","version" => "0.026"},{"date" => "2022-06-30T00:10:02","version" => "0.027"},{"date" => "2022-07-01T23:17:41","version" => "0.028"},{"date" => "2022-07-09T18:26:58","version" => "0.029"},{"date" => "2022-07-09T18:32:11","version" => "0.030"},{"date" => "2022-07-09T19:48:20","version" => "0.031"},{"date" => "2022-07-12T19:15:21","version" => "0.032"},{"date" => "2022-08-05T15:26:32","version" => "0.033"},{"date" => "2022-08-07T14:36:37","version" => "0.034"},{"date" => "2022-08-12T14:45:11","version" => "0.035"},{"date" => "2022-08-26T14:46:58","version" => "0.036"},{"date" => "2022-09-26T08:48:59","version" => "0.037"},{"date" => "2022-10-21T14:29:19","version" => "0.038"},{"date" => "2022-10-26T10:30:49","version" => "0.039"},{"date" => "2022-10-27T12:45:21","version" => "0.040"},{"date" => "2022-10-29T15:58:04","version" => "0.041"},{"date" => "2022-10-30T12:28:45","version" => "0.042"},{"date" => "2022-10-31T11:04:11","version" => "0.043"},{"date" => "2022-10-31T18:24:28","version" => "0.044"},{"date" => "2022-11-08T18:45:23","version" => "0.045"},{"date" => "2022-12-16T16:02:25","version" => "0.046"},{"date" => "2023-04-05T21:51:07","version" => "0.050000"},{"date" => "2025-03-23T18:30:54","version" => "0.050001"},{"date" => "2025-03-31T11:34:28","version" => "0.050002"},{"date" => "2025-07-14T21:33:31","version" => "0.050003"},{"date" => "2025-11-10T17:13:26","version" => "0.050004"},{"date" => "2025-11-10T17:24:14","version" => "0.050005"},{"date" => "2025-11-11T22:25:44","version" => "0.050006"},{"date" => "2025-11-15T20:17:13","version" => "0.050007"},{"date" => "2025-11-21T09:14:26","version" => "0.052000"},{"date" => "2026-01-28T23:06:43","version" => "0.053000"},{"date" => "2026-01-29T09:02:27","version" => "0.053001"},{"date" => "2026-01-30T17:28:28","version" => "0.053002"},{"date" => "2026-01-31T23:44:23","version" => "0.053003"},{"date" => "2026-02-01T23:30:36","version" => "0.053004"},{"date" => "2026-02-04T17:17:58","version" => "0.053005"}]},"Sys-Syslog" => {"advisories" => [{"affected_versions" => ["<0.35"],"cves" => ["CVE-2016-1238"],"description" => "Optional modules loaded from loading optional modules from \".\"\n","distribution" => "Sys-Syslog","fixed_versions" => [">=0.35"],"id" => "CPANSA-Sys-Syslog-2016-1238","references" => ["https://metacpan.org/dist/Sys-Syslog/changes","https://rt.cpan.org/Public/Bug/Display.html?id=116543"],"reported" => "2016-07-27","severity" => "high"}],"main_module" => "Sys::Syslog","versions" => [{"date" => "2005-12-06T22:19:29","version" => "0.09"},{"date" => "2005-12-08T01:10:57","version" => "0.10"},{"date" => "2005-12-27T23:49:31","version" => "0.11"},{"date" => "2006-01-07T04:07:20","version" => "0.12"},{"date" => "2006-01-11T01:03:02","version" => "0.13"},{"date" => "2006-05-25T22:42:27","version" => "0.14"},{"date" => "2006-06-10T23:57:12","version" => "0.15"},{"date" => "2006-06-20T21:26:29","version" => "0.16"},{"date" => "2006-07-23T01:51:16","version" => "0.17"},{"date" => "2006-08-28T22:18:29","version" => "0.18"},{"date" => "2007-09-05T09:39:56","version" => "0.19"},{"date" => "2007-09-05T10:23:25","version" => "0.20"},{"date" => "2007-09-13T23:01:59","version" => "0.21"},{"date" => "2007-11-08T00:58:57","version" => "0.22"},{"date" => "2007-11-12T22:42:29","version" => "0.23"},{"date" => "2007-12-31T17:18:56","version" => "0.24"},{"date" => "2008-06-05T23:16:19","version" => "0.25"},{"date" => "2008-06-15T23:49:12","version" => "0.25"},{"date" => "2008-09-21T17:05:08","version" => "0.27"},{"date" => "2009-03-14T03:24:36","version" => "1.00"},{"date" => "2011-04-16T17:01:20","version" => "0.28"},{"date" => "2011-04-18T14:10:00","version" => "0.29"},{"date" => "2012-08-15T01:27:23","version" => "0.30"},{"date" => "2012-08-18T18:07:17","version" => "0.31"},{"date" => "2012-09-14T12:36:22","version" => "0.32"},{"date" => "2013-05-24T00:13:07","version" => "0.33"},{"date" => "2016-05-05T23:20:00","version" => "0.34"},{"date" => "2016-09-01T16:56:39","version" => "0.35"},{"date" => "2019-10-21T22:41:02","version" => "0.36"},{"date" => "1994-10-17T00:00:00","dual_lived" => 1,"perl_release" => "5.000","version" => undef},{"date" => "2000-03-22T00:00:00","dual_lived" => 1,"perl_release" => "5.006","version" => "0.01"},{"date" => "2002-03-05T00:00:00","dual_lived" => 1,"perl_release" => "5.007003","version" => "0.02"},{"date" => "2002-07-19T00:00:00","dual_lived" => 1,"perl_release" => "5.008","version" => "0.03"},{"date" => "2003-09-25T00:00:00","dual_lived" => 1,"perl_release" => "5.008001","version" => "0.04"},{"date" => "2004-04-21T00:00:00","dual_lived" => 1,"perl_release" => "5.008004","version" => "0.05"},{"date" => "2005-05-30T00:00:00","dual_lived" => 1,"perl_release" => "5.008007","version" => "0.06"},{"date" => "2007-07-07T00:00:00","dual_lived" => 1,"perl_release" => "5.009005","version" => "0.18_01"},{"date" => "2017-01-14T00:00:00","dual_lived" => 1,"perl_release" => "5.022003","version" => "0.33_01"},{"date" => "2016-08-20T00:00:00","dual_lived" => 1,"perl_release" => "5.025004","version" => "0.34_01"}]},"Tcl" => {"advisories" => [{"affected_versions" => [">=0.89,<=1.27"],"cves" => ["CVE-2007-4772"],"description" => "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.\n","distribution" => "Tcl","fixed_versions" => [],"id" => "CPANSA-Tcl-2007-4772-tcl","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894","http://www.postgresql.org/about/news.905","http://www.securityfocus.com/bid/27163","http://securitytracker.com/id?1019157","http://secunia.com/advisories/28359","http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894","http://www.mandriva.com/security/advisories?name=MDVSA-2008:004","https://issues.rpath.com/browse/RPL-1768","http://www.debian.org/security/2008/dsa-1460","http://www.debian.org/security/2008/dsa-1463","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html","http://www.redhat.com/support/errata/RHSA-2008-0038.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1","http://secunia.com/advisories/28376","http://secunia.com/advisories/28438","http://secunia.com/advisories/28437","http://secunia.com/advisories/28454","http://secunia.com/advisories/28464","http://secunia.com/advisories/28477","http://secunia.com/advisories/28479","http://secunia.com/advisories/28455","http://security.gentoo.org/glsa/glsa-200801-15.xml","http://secunia.com/advisories/28679","http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html","http://secunia.com/advisories/28698","http://www.redhat.com/support/errata/RHSA-2008-0040.html","http://www.redhat.com/support/errata/RHSA-2008-0134.html","http://secunia.com/advisories/29070","http://www.mandriva.com/security/advisories?name=MDVSA-2008:059","http://secunia.com/advisories/29248","http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1","http://secunia.com/advisories/29638","http://www.vmware.com/security/advisories/VMSA-2008-0009.html","http://secunia.com/advisories/30535","http://www.vupen.com/english/advisories/2008/1071/references","http://www.vupen.com/english/advisories/2008/0109","http://www.vupen.com/english/advisories/2008/1744","http://www.vupen.com/english/advisories/2008/0061","http://rhn.redhat.com/errata/RHSA-2013-0122.html","http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/39497","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569","https://usn.ubuntu.com/568-1/","http://www.securityfocus.com/archive/1/493080/100/0/threaded","http://www.securityfocus.com/archive/1/486407/100/0/threaded","http://www.securityfocus.com/archive/1/485864/100/0/threaded"],"reported" => "2008-01-09","severity" => undef},{"affected_versions" => [">=0.89,<=1.27"],"cves" => ["CVE-2007-6067"],"description" => "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states.\n","distribution" => "Tcl","fixed_versions" => [],"id" => "CPANSA-Tcl-2007-6067-tcl","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894","http://www.postgresql.org/about/news.905","http://www.securityfocus.com/bid/27163","http://securitytracker.com/id?1019157","http://secunia.com/advisories/28359","http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894","http://www.mandriva.com/security/advisories?name=MDVSA-2008:004","https://issues.rpath.com/browse/RPL-1768","http://www.debian.org/security/2008/dsa-1460","http://www.debian.org/security/2008/dsa-1463","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html","http://www.redhat.com/support/errata/RHSA-2008-0038.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1","http://secunia.com/advisories/28376","http://secunia.com/advisories/28438","http://secunia.com/advisories/28437","http://secunia.com/advisories/28454","http://secunia.com/advisories/28464","http://secunia.com/advisories/28477","http://secunia.com/advisories/28479","http://secunia.com/advisories/28455","http://security.gentoo.org/glsa/glsa-200801-15.xml","http://secunia.com/advisories/28679","http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html","http://secunia.com/advisories/28698","http://www.redhat.com/support/errata/RHSA-2008-0040.html","http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1","http://secunia.com/advisories/29638","http://www.vupen.com/english/advisories/2008/1071/references","http://www.vupen.com/english/advisories/2008/0109","http://www.vupen.com/english/advisories/2008/0061","http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154","http://rhn.redhat.com/errata/RHSA-2013-0122.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/39498","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235","https://usn.ubuntu.com/568-1/","http://www.securityfocus.com/archive/1/486407/100/0/threaded","http://www.securityfocus.com/archive/1/485864/100/0/threaded"],"reported" => "2008-01-09","severity" => undef}],"main_module" => "Tcl","versions" => [{"date" => "1995-08-20T09:21:54","version" => 0},{"date" => "1997-09-18T16:57:00","version" => 0},{"date" => "2001-03-11T23:23:17","version" => 0},{"date" => "2003-05-18T23:45:54","version" => "0.4"},{"date" => "2003-05-25T20:00:11","version" => "0.5"},{"date" => "2003-06-08T08:07:42","version" => "0.6"},{"date" => "2003-07-02T17:33:44","version" => "0.7"},{"date" => "2003-07-03T16:40:09","version" => "0.71"},{"date" => "2003-08-19T20:32:16","version" => "0.72"},{"date" => "2004-03-28T11:29:19","version" => "0.75"},{"date" => "2004-04-17T07:03:50","version" => "0.76"},{"date" => "2004-04-17T09:34:42","version" => "0.77"},{"date" => "2004-05-02T20:16:01","version" => "0.80"},{"date" => "2004-05-09T19:45:16","version" => "0.81"},{"date" => "2004-09-12T22:11:09","version" => "0.84"},{"date" => "2004-12-31T07:20:14","version" => "0.85"},{"date" => "2005-02-02T17:03:47","version" => "0.87"},{"date" => "2005-08-22T20:31:27","version" => "0.88"},{"date" => "2006-05-23T09:36:56","version" => "0.89"},{"date" => "2006-11-11T09:22:01","version" => "0.90"},{"date" => "2006-11-13T17:53:37","version" => "0.91"},{"date" => "2007-06-07T19:50:54","version" => "0.95"},{"date" => "2008-09-06T21:03:59","version" => "0.97"},{"date" => "2009-11-24T01:24:12","version" => "0.98"},{"date" => "2010-11-02T22:20:55","version" => "0.99"},{"date" => "2010-11-23T20:42:35","version" => "1.00"},{"date" => "2011-02-10T09:28:49","version" => "1.01"},{"date" => "2011-02-11T06:06:07","version" => "1.02"},{"date" => "2013-04-12T06:43:49","version" => "1.02_50"},{"date" => "2016-02-21T18:58:43","version" => "1.03"},{"date" => "2016-03-20T15:25:13","version" => "1.04"},{"date" => "2016-06-28T17:10:13","version" => "1.05"},{"date" => "2018-06-23T13:50:33","version" => "1.06"},{"date" => "2018-06-26T20:55:40","version" => "1.07"},{"date" => "2018-06-27T11:47:10","version" => "1.08"},{"date" => "2018-06-27T13:50:27","version" => "1.09"},{"date" => "2018-06-28T08:02:58","version" => "1.10"},{"date" => "2018-07-13T08:35:58","version" => "1.11"},{"date" => "2018-07-14T08:03:20","version" => "1.12"},{"date" => "2018-07-15T11:36:17","version" => "1.15"},{"date" => "2018-07-15T12:22:05","version" => "1.13"},{"date" => "2018-07-15T16:43:59","version" => "1.16"},{"date" => "2018-07-17T11:29:52","version" => "1.17"},{"date" => "2018-07-18T15:54:30","version" => "1.18"},{"date" => "2018-07-19T16:25:01","version" => "1.19"},{"date" => "2018-07-19T19:14:28","version" => "1.20"},{"date" => "2018-07-20T09:58:37","version" => "1.21"},{"date" => "2018-07-20T18:15:43","version" => "1.22"},{"date" => "2018-07-21T17:34:34","version" => "1.23"},{"date" => "2018-07-23T19:28:49","version" => "1.24"},{"date" => "2018-07-25T16:37:19","version" => "1.25"},{"date" => "2018-08-22T08:49:39","version" => "1.27"},{"date" => "2024-01-02T12:27:15","version" => "1.28"},{"date" => "2024-01-02T14:18:57","version" => "1.29"},{"date" => "2024-01-02T16:00:50","version" => "1.30"},{"date" => "2024-01-03T12:37:05","version" => "1.31"},{"date" => "2024-01-06T15:12:10","version" => "1.32"},{"date" => "2025-01-06T19:58:52","version" => "1.50"},{"date" => "2025-01-07T18:25:32","version" => "1.51_01"},{"date" => "2025-01-26T17:49:05","version" => "1.51"},{"date" => "2025-03-16T09:15:07","version" => "1.51_02"},{"date" => "2025-03-16T09:25:42","version" => "1.52"},{"date" => "2025-03-16T14:25:32","version" => "1.53"}]},"Term-ReadLine-Gnu" => {"advisories" => [{"affected_versions" => ["<1.27"],"comment" => "The presense of affected versions of Term-ReadLine-Gnu suggests that a vulnerable version of the readline linrary is installed on the host system.\n","cves" => ["CVE-2014-2524"],"description" => "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.\n","distribution" => "Term-ReadLine-Gnu","external_vulnerability" => {"distributed_version" => "<=6.3","name" => "readline"},"fixed_versions" => [">=1.27"],"id" => "CPANSA-Term-ReadLine-Gnu-2014-2524","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1077023","http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html","http://seclists.org/oss-sec/2014/q1/579","http://seclists.org/oss-sec/2014/q1/587","https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html","http://www.mandriva.com/security/advisories?name=MDVSA-2014:154","http://advisories.mageia.org/MGASA-2014-0319.html","http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html","http://www.mandriva.com/security/advisories?name=MDVSA-2015:132"],"reported" => "2014-08-20","severity" => undef}],"main_module" => "Term::ReadLine::Gnu","versions" => [{"date" => "1997-02-07T02:03:51","version" => "0.06"},{"date" => "1997-03-26T07:17:23","version" => "0.07"},{"date" => "1997-08-25T15:02:01","version" => "0.09"},{"date" => "1998-03-31T15:49:08","version" => "0.10"},{"date" => "1998-04-17T05:23:29","version" => "1.00"},{"date" => "1998-05-13T15:45:47","version" => "1.01"},{"date" => "1998-09-30T16:10:02","version" => "1.03"},{"date" => "1999-02-22T17:28:32","version" => "1.04"},{"date" => "1999-04-10T16:08:54","version" => "1.05"},{"date" => "1999-05-05T14:55:21","version" => "1.06"},{"date" => "1999-07-19T15:13:19","version" => "1.07"},{"date" => "1999-12-30T13:37:18","version" => "1.08"},{"date" => "2000-04-03T18:05:33","version" => "1.09"},{"date" => "2001-04-22T14:23:37","version" => "1.10"},{"date" => "2001-10-28T04:38:19","version" => "1.11"},{"date" => "2002-03-31T05:54:31","version" => "1.12"},{"date" => "2002-07-28T05:07:18","version" => "1.13"},{"date" => "2003-03-17T03:59:29","version" => "1.14"},{"date" => "2004-10-17T20:00:06","version" => "1.15"},{"date" => "2006-04-02T01:36:28","version" => "1.16"},{"date" => "2008-02-07T15:00:09","version" => "1.17"},{"date" => "2008-02-07T15:52:11","version" => "1.17"},{"date" => "2009-02-27T14:14:29","version" => "1.18"},{"date" => "2009-03-20T17:00:37","version" => "1.19"},{"date" => "2010-05-02T14:26:20","version" => "1.20"},{"date" => "2014-03-01T17:19:57","version" => "1.21"},{"date" => "2014-03-05T14:48:24","version" => "1.22"},{"date" => "2014-03-19T15:53:44","version" => "1.23"},{"date" => "2014-03-23T11:58:51","version" => "1.24"},{"date" => "2014-12-20T13:25:24","version" => "1.25"},{"date" => "2015-01-31T12:30:45","version" => "1.26"},{"date" => "2015-09-06T06:03:05","version" => "1.27"},{"date" => "2015-09-21T13:14:52","version" => "1.28"},{"date" => "2016-02-29T14:06:51","version" => "1.29"},{"date" => "2016-03-01T15:55:22","version" => "1.30"},{"date" => "2016-03-06T00:45:52","version" => "1.31"},{"date" => "2016-06-07T15:25:50","version" => "1.32"},{"date" => "2016-06-09T17:11:29","version" => "1.33"},{"date" => "2016-06-12T14:53:40","version" => "1.34"},{"date" => "2016-11-03T14:36:40","version" => "1.35"},{"date" => "2019-01-14T05:39:06","version" => "1.36"},{"date" => "2020-12-27T03:26:23","version" => "1.37"},{"date" => "2021-02-22T09:48:52","version" => "1.38"},{"date" => "2021-02-22T14:36:24","version" => "1.39"},{"date" => "2021-02-23T07:24:27","version" => "1.40"},{"date" => "2021-05-01T14:45:09","version" => "1.41"},{"date" => "2021-05-07T03:30:02","version" => "1.42"},{"date" => "2022-10-01T08:45:18","version" => "1.43"},{"date" => "2022-11-06T14:03:08","version" => "1.44"},{"date" => "2022-11-27T13:23:27","version" => "1.45"},{"date" => "2023-07-01T09:18:33","version" => "1.46"},{"date" => "2025-07-06T02:25:46","version" => "1.47"}]},"Tk" => {"advisories" => [{"affected_versions" => ["<804.029"],"cves" => ["CVE-2006-4484"],"description" => "Buffer overflow in the LWZReadByte_ function in the GD extension in allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.\n","distribution" => "Tk","fixed_versions" => [">=804.029"],"id" => "CPANSA-Tk-2008-01","references" => ["https://metacpan.org/changes/distribution/Tk"],"reported" => "2008-10-01"},{"affected_versions" => [">804.024,<=804.027"],"cves" => ["CVE-2017-12652"],"description" => "libpng before 1.6.32 does not properly check the length of chunks against the user limit.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2017-12652-libpng","references" => ["https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","http://www.securityfocus.com/bid/109269","https://support.f5.com/csp/article/K88124225","https://support.f5.com/csp/article/K88124225?utm_source=f5support&amp;utm_medium=RSS","https://security.netapp.com/advisory/ntap-20220506-0003/"],"reported" => "2019-07-10","severity" => "critical"},{"affected_versions" => [">804.027_500,<=804.036"],"cves" => ["CVE-2017-12652"],"description" => "libpng before 1.6.32 does not properly check the length of chunks against the user limit.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2017-12652-libpng","references" => ["https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","http://www.securityfocus.com/bid/109269","https://support.f5.com/csp/article/K88124225","https://support.f5.com/csp/article/K88124225?utm_source=f5support&amp;utm_medium=RSS","https://security.netapp.com/advisory/ntap-20220506-0003/"],"reported" => "2019-07-10","severity" => "critical"},{"affected_versions" => [">0"],"cves" => ["CVE-2007-4772"],"description" => "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2007-4772-tcl","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894","http://www.postgresql.org/about/news.905","http://www.securityfocus.com/bid/27163","http://securitytracker.com/id?1019157","http://secunia.com/advisories/28359","http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894","http://www.mandriva.com/security/advisories?name=MDVSA-2008:004","https://issues.rpath.com/browse/RPL-1768","http://www.debian.org/security/2008/dsa-1460","http://www.debian.org/security/2008/dsa-1463","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html","http://www.redhat.com/support/errata/RHSA-2008-0038.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1","http://secunia.com/advisories/28376","http://secunia.com/advisories/28438","http://secunia.com/advisories/28437","http://secunia.com/advisories/28454","http://secunia.com/advisories/28464","http://secunia.com/advisories/28477","http://secunia.com/advisories/28479","http://secunia.com/advisories/28455","http://security.gentoo.org/glsa/glsa-200801-15.xml","http://secunia.com/advisories/28679","http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html","http://secunia.com/advisories/28698","http://www.redhat.com/support/errata/RHSA-2008-0040.html","http://www.redhat.com/support/errata/RHSA-2008-0134.html","http://secunia.com/advisories/29070","http://www.mandriva.com/security/advisories?name=MDVSA-2008:059","http://secunia.com/advisories/29248","http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1","http://secunia.com/advisories/29638","http://www.vmware.com/security/advisories/VMSA-2008-0009.html","http://secunia.com/advisories/30535","http://www.vupen.com/english/advisories/2008/1071/references","http://www.vupen.com/english/advisories/2008/0109","http://www.vupen.com/english/advisories/2008/1744","http://www.vupen.com/english/advisories/2008/0061","http://rhn.redhat.com/errata/RHSA-2013-0122.html","http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html","http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html","http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/39497","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569","https://usn.ubuntu.com/568-1/","http://www.securityfocus.com/archive/1/493080/100/0/threaded","http://www.securityfocus.com/archive/1/486407/100/0/threaded","http://www.securityfocus.com/archive/1/485864/100/0/threaded"],"reported" => "2008-01-09","severity" => undef},{"affected_versions" => [">0"],"cves" => ["CVE-2007-6067"],"description" => "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states.\n","distribution" => "Tk","fixed_versions" => [],"id" => "CPANSA-Tk-2007-6067-tcl","references" => ["http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894","http://www.postgresql.org/about/news.905","http://www.securityfocus.com/bid/27163","http://securitytracker.com/id?1019157","http://secunia.com/advisories/28359","http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894","http://www.mandriva.com/security/advisories?name=MDVSA-2008:004","https://issues.rpath.com/browse/RPL-1768","http://www.debian.org/security/2008/dsa-1460","http://www.debian.org/security/2008/dsa-1463","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html","http://www.redhat.com/support/errata/RHSA-2008-0038.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1","http://secunia.com/advisories/28376","http://secunia.com/advisories/28438","http://secunia.com/advisories/28437","http://secunia.com/advisories/28454","http://secunia.com/advisories/28464","http://secunia.com/advisories/28477","http://secunia.com/advisories/28479","http://secunia.com/advisories/28455","http://security.gentoo.org/glsa/glsa-200801-15.xml","http://secunia.com/advisories/28679","http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html","http://secunia.com/advisories/28698","http://www.redhat.com/support/errata/RHSA-2008-0040.html","http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1","http://secunia.com/advisories/29638","http://www.vupen.com/english/advisories/2008/1071/references","http://www.vupen.com/english/advisories/2008/0109","http://www.vupen.com/english/advisories/2008/0061","http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154","http://rhn.redhat.com/errata/RHSA-2013-0122.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/39498","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235","https://usn.ubuntu.com/568-1/","http://www.securityfocus.com/archive/1/486407/100/0/threaded","http://www.securityfocus.com/archive/1/485864/100/0/threaded"],"reported" => "2008-01-09","severity" => undef}],"main_module" => "Tk","versions" => [{"date" => "1995-08-22T23:03:30","version" => 0},{"date" => "1995-12-19T01:56:04","version" => 0},{"date" => "1996-08-29T00:19:01","version" => 0},{"date" => "1996-09-07T01:08:44","version" => "400.200"},{"date" => "1997-01-08T23:27:30","version" => "400.201"},{"date" => "1997-01-25T12:33:02","version" => "400.202"},{"date" => "1997-05-04T20:05:58","version" => "402.000"},{"date" => "1997-06-14T19:17:26","version" => "402.001"},{"date" => "1997-07-18T17:01:40","version" => "402.002"},{"date" => "1997-10-04T15:32:53","version" => "402.003"},{"date" => "1998-01-25T17:07:27","version" => "402.004"},{"date" => "1998-02-07T21:22:00","version" => "402.003"},{"date" => "1998-02-22T19:34:11","version" => "800.000"},{"date" => "1998-03-02T00:12:00","version" => "800.0_01"},{"date" => "1998-03-09T22:37:37","version" => "800.0_02"},{"date" => "1998-03-17T13:43:00","version" => "402.003"},{"date" => "1998-04-01T04:36:00","version" => "402.003"},{"date" => "1998-04-02T18:32:00","version" => "402.003"},{"date" => "1998-04-05T08:37:23","version" => "800.003"},{"date" => "1998-04-19T17:23:45","version" => "800.004"},{"date" => "1998-05-17T18:07:11","version" => "800.005"},{"date" => "1998-06-14T20:30:35","version" => "800.006"},{"date" => "1998-06-26T16:30:23","version" => "800.007"},{"date" => "1998-07-17T16:47:42","version" => "800.008"},{"date" => "1998-08-08T19:31:23","version" => "800.010"},{"date" => "1998-09-01T17:20:02","version" => "800.011"},{"date" => "1998-11-15T14:28:04","version" => "800.012"},{"date" => "1999-03-16T22:13:10","version" => "800.013"},{"date" => "1999-04-05T20:15:39","version" => "800.014"},{"date" => "1999-07-28T22:10:03","version" => "800.015"},{"date" => "2000-01-08T12:48:56","version" => "800.017"},{"date" => "2000-01-08T12:58:16","version" => "800.0_16"},{"date" => "2000-01-22T19:44:55","version" => "800.018"},{"date" => "2000-03-13T16:39:08","version" => "800.019"},{"date" => "2000-03-27T17:01:22","version" => "800.020"},{"date" => "2000-04-21T13:38:21","version" => "800.021"},{"date" => "2000-05-13T09:48:51","version" => "800.022"},{"date" => "2001-05-15T15:07:21","version" => "800.023"},{"date" => "2001-07-14T21:06:00","version" => "800.012"},{"date" => "2002-03-05T16:38:25","version" => "800.024"},{"date" => "2002-03-17T20:30:42","version" => "800.024"},{"date" => "2002-10-13T17:20:55","version" => "804.0_24"},{"date" => "2003-05-02T01:10:54","version" => "v804.024."},{"date" => "2003-09-08T08:13:16","version" => "800.025"},{"date" => "2003-09-28T18:01:55","version" => "804.025"},{"date" => "2003-10-10T18:24:24","version" => "804.025"},{"date" => "2003-10-20T20:44:44","version" => "804.025"},{"date" => "2003-10-27T08:23:07","version" => "804.025"},{"date" => "2003-11-02T22:28:10","version" => "804.025"},{"date" => "2003-11-16T22:15:42","version" => "804.025"},{"date" => "2003-12-02T21:26:56","version" => "804.025"},{"date" => "2003-12-08T08:01:15","version" => "804.025_"},{"date" => "2003-12-11T08:03:20","version" => "804.025"},{"date" => "2003-12-14T20:22:05","version" => "804.025"},{"date" => "2003-12-19T17:42:32","version" => "804.025"},{"date" => "2003-12-21T21:09:10","version" => "804.025_"},{"date" => "2003-12-23T23:19:20","version" => "804.025"},{"date" => "2004-01-12T21:59:01","version" => "804.025"},{"date" => "2004-02-28T17:33:01","version" => "804.025_"},{"date" => "2004-03-07T20:33:56","version" => "804.025_"},{"date" => "2004-03-19T08:10:49","version" => "804.026"},{"date" => "2004-04-11T19:04:25","version" => "804.026"},{"date" => "2007-02-11T08:49:16","version" => "804.027_500"},{"date" => "2007-09-21T22:57:57","version" => "804.027_501"},{"date" => "2007-12-04T21:03:29","version" => "804.027_502"},{"date" => "2007-12-18T22:01:39","version" => "804.028"},{"date" => "2008-10-01T21:48:52","version" => "804.0285"},{"date" => "2008-11-04T22:27:51","version" => "804.028501"},{"date" => "2010-01-30T17:54:07","version" => "804.028502"},{"date" => "2010-05-13T00:00:04","version" => "804.028503"},{"date" => "2010-05-27T19:25:41","version" => "804.029"},{"date" => "2011-06-13T17:53:20","version" => "804.0295"},{"date" => "2011-10-14T19:22:48","version" => "804.029501"},{"date" => "2011-10-17T21:12:41","version" => "804.029502"},{"date" => "2011-10-20T21:08:12","version" => "804.03"},{"date" => "2013-05-17T22:16:24","version" => "804.030500"},{"date" => "2013-05-18T05:01:41","version" => "804.030501"},{"date" => "2013-05-21T07:30:50","version" => "804.030502"},{"date" => "2013-05-25T12:57:05","version" => "804.031"},{"date" => "2013-11-17T11:24:41","version" => "804.031500"},{"date" => "2013-11-18T20:19:08","version" => "804.031501"},{"date" => "2013-12-01T15:07:28","version" => "804.031502"},{"date" => "2013-12-07T13:00:14","version" => "804.031503"},{"date" => "2014-01-26T17:01:07","version" => "804.032"},{"date" => "2014-11-06T21:01:44","version" => "804.032500"},{"date" => "2015-01-31T10:28:08","version" => "804.032501"},{"date" => "2015-02-21T15:54:08","version" => "804.033"},{"date" => "2017-08-20T09:29:42","version" => "804.033500"},{"date" => "2017-08-26T15:26:56","version" => "804.034"},{"date" => "2020-02-23T16:12:23","version" => "804.034500"},{"date" => "2020-03-19T21:02:47","version" => "804.034501"},{"date" => "2020-03-28T19:28:42","version" => "804.035"},{"date" => "2021-02-07T19:55:40","version" => "804.035501"},{"date" => "2021-02-14T12:53:44","version" => "804.036"}]},"UI-Dialog" => {"advisories" => [{"affected_versions" => ["<1.11"],"cves" => [],"description" => "Allows remote attackers to execute arbitrary commands.\n","distribution" => "UI-Dialog","fixed_versions" => [">=1.11"],"id" => "CPANSA-UI-Dialog-2015-01","references" => ["https://metacpan.org/changes/distribution/UI-Dialog"],"reported" => "2015-10-10"},{"affected_versions" => ["<1.03"],"cves" => [],"description" => "CDialog and Whiptail backends usage of the temp files.\n","distribution" => "UI-Dialog","fixed_versions" => [">=1.03"],"id" => "CPANSA-UI-Dialog-2004-01","references" => ["https://metacpan.org/changes/distribution/UI-Dialog"],"reported" => "2004-02-18"},{"affected_versions" => ["<=1.09"],"cves" => ["CVE-2008-7315"],"description" => "UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.\n","distribution" => "UI-Dialog","fixed_versions" => [">1.09"],"id" => "CPANSA-UI-Dialog-2008-7315","references" => ["https://security-tracker.debian.org/tracker/CVE-2008-7315/","https://rt.cpan.org/Public/Bug/Display.html?id=107364","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448","http://www.securityfocus.com/bid/77031/info","http://www.openwall.com/lists/oss-security/2015/10/08/6"],"reported" => "2017-10-10","severity" => "critical"}],"main_module" => "UI::Dialog","versions" => [{"date" => "2004-01-04T10:51:34","version" => "1.00"},{"date" => "2004-01-13T00:08:39","version" => "1.01"},{"date" => "2004-02-15T11:03:37","version" => "1.02"},{"date" => "2004-02-18T16:52:59","version" => "1.03"},{"date" => "2004-02-22T18:34:25","version" => "1.04"},{"date" => "2004-03-18T02:12:03","version" => "1.05"},{"date" => "2004-03-18T16:01:50","version" => "1.06"},{"date" => "2004-07-21T19:59:51","version" => "1.07"},{"date" => "2004-10-05T00:46:22","version" => "1.08"},{"date" => "2013-08-10T09:39:07","version" => "1.09"},{"date" => "2013-08-10T17:09:57","version" => "1.09"},{"date" => "2013-08-19T17:22:00","version" => "1.09"},{"date" => "2016-01-19T19:05:07","version" => "1.11"},{"date" => "2016-01-22T06:42:45","version" => "1.12"},{"date" => "2016-01-30T21:24:56","version" => "1.13"},{"date" => "2016-02-03T02:10:12","version" => "1.14"},{"date" => "2016-02-09T00:11:17","version" => "1.15"},{"date" => "2016-02-10T02:57:43","version" => "1.16"},{"date" => "2016-02-12T05:25:14","version" => "1.17"},{"date" => "2016-02-13T02:56:26","version" => "1.18"},{"date" => "2016-02-21T23:33:48","version" => "1.19"},{"date" => "2016-03-07T02:15:26","version" => "1.20"},{"date" => "2016-04-02T22:17:32","version" => "1.21"}]},"UR" => {"advisories" => [{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.42_01,<=0.47"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "UR","fixed_versions" => [],"id" => "CPANSA-UR-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "UR","versions" => [{"date" => "2009-06-07T02:56:12","version" => "0.5"},{"date" => "2009-06-07T14:35:30","version" => "0.6"},{"date" => "2009-06-10T13:02:02","version" => "0.7"},{"date" => "2009-06-17T19:58:14","version" => "0.8"},{"date" => "2009-06-19T21:24:12","version" => "0.9"},{"date" => "2009-07-23T02:44:02","version" => "0.010000"},{"date" => "2009-08-08T02:06:36","version" => "v0.11"},{"date" => "2009-09-10T15:29:51","version" => "v0.12"},{"date" => "2010-07-24T01:13:14","version" => "v0.12"},{"date" => "2010-08-03T20:14:01","version" => "v0.12"},{"date" => "2010-09-28T19:29:58","version" => "v0.16"},{"date" => "2010-11-10T17:12:23","version" => "v0.17"},{"date" => "2010-12-10T15:09:46","version" => "v0.17"},{"date" => "2010-12-24T15:27:18","version" => "v0.17"},{"date" => "2011-01-09T22:52:34","version" => "v0.20.0"},{"date" => "2011-01-11T04:01:49","version" => "0.20"},{"date" => "2011-01-12T02:21:39","version" => "v0.20.0"},{"date" => "2011-01-13T01:06:47","version" => "v0.20.0"},{"date" => "2011-01-13T02:53:43","version" => "v0.21.0"},{"date" => "2011-01-13T03:02:18","version" => "v0.22.0"},{"date" => "2011-01-13T03:17:32","version" => "v0.23.0"},{"date" => "2011-01-15T18:02:04","version" => "v0.24.0"},{"date" => "2011-01-15T18:58:48","version" => "0.25"},{"date" => "2011-01-16T18:14:53","version" => "0.26"},{"date" => "2011-01-23T03:21:45","version" => "0.27"},{"date" => "2011-01-23T21:45:44","version" => "0.28"},{"date" => "2011-03-07T16:47:26","version" => "0.29"},{"date" => "2011-03-07T17:30:00","version" => "0.30"},{"date" => "2011-06-29T18:14:31","version" => "0.32"},{"date" => "2011-06-29T19:29:49","version" => "0.32"},{"date" => "2011-06-30T23:11:11","version" => "0.33"},{"date" => "2011-07-26T17:06:49","version" => "0.34"},{"date" => "2011-10-28T20:35:09","version" => "0.35"},{"date" => "2012-01-05T22:13:28","version" => "0.36"},{"date" => "2012-02-03T20:20:16","version" => "0.37"},{"date" => "2012-03-28T20:41:57","version" => "0.38"},{"date" => "2012-03-29T15:18:49","version" => "0.38"},{"date" => "2013-01-31T02:50:56","version" => "0.39"},{"date" => "2013-01-31T19:53:27","version" => "0.391"},{"date" => "2013-01-31T21:45:49","version" => "0.392"},{"date" => "2013-02-25T17:16:34","version" => "0.40"},{"date" => "2013-03-01T21:36:01","version" => "0.41_01"},{"date" => "2013-03-04T17:41:12","version" => "0.41_02"},{"date" => "2013-03-05T14:57:47","version" => "0.41_03"},{"date" => "2013-03-11T16:47:16","version" => "0.41_04"},{"date" => "2013-03-13T16:00:04","version" => "0.41_05"},{"date" => "2013-03-18T18:11:56","version" => "0.41"},{"date" => "2014-06-26T22:26:14","version" => "0.42_01"},{"date" => "2014-06-27T16:57:25","version" => "0.42_02"},{"date" => "2014-06-30T18:50:27","version" => "0.42_03"},{"date" => "2014-07-03T14:36:23","version" => "0.43"},{"date" => "2015-07-06T14:36:22","version" => "0.44"},{"date" => "2016-09-19T21:06:59","version" => "0.44_01"},{"date" => "2016-09-22T20:09:37","version" => "0.45"},{"date" => "2017-03-24T19:46:02","version" => "0.46"},{"date" => "2018-07-30T00:43:07","version" => "0.46"},{"date" => "2018-08-06T14:29:10","version" => "0.47"}]},"Ukigumo-Agent" => {"advisories" => [{"affected_versions" => [">=0.0.7,<=0.1.8"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Agent","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Agent-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "Ukigumo::Agent","versions" => [{"date" => "2013-03-14T03:40:56","version" => "v0.0.1"},{"date" => "2013-03-14T03:50:26","version" => "v0.0.2"},{"date" => "2013-03-14T03:59:34","version" => "v0.0.3"},{"date" => "2013-03-14T05:53:39","version" => "v0.0.5"},{"date" => "2013-03-14T08:46:38","version" => "v0.0.6"},{"date" => "2013-03-27T03:35:38","version" => "0.0.7"},{"date" => "2013-03-28T02:48:36","version" => "0.0.8"},{"date" => "2013-03-30T13:26:16","version" => "0.0.9"},{"date" => "2013-04-01T01:30:42","version" => "0.0.10"},{"date" => "2013-06-16T02:24:50","version" => "v0.0.11"},{"date" => "2014-03-13T10:54:45","version" => "v0.0.12"},{"date" => "2014-03-17T03:51:33","version" => "v0.0.13"},{"date" => "2014-03-17T04:05:38","version" => "v0.0.14"},{"date" => "2014-03-17T15:33:36","version" => "v0.0.15"},{"date" => "2014-03-19T08:49:23","version" => "v0.0.16"},{"date" => "2014-03-27T23:35:17","version" => "v0.1.0"},{"date" => "2014-03-27T23:36:44","version" => "v0.1.1"},{"date" => "2014-04-05T05:50:05","version" => "v0.1.2"},{"date" => "2014-04-06T14:49:08","version" => "v0.1.3"},{"date" => "2014-04-08T06:56:15","version" => "v0.1.4"},{"date" => "2014-05-01T04:34:16","version" => "v0.1.5"},{"date" => "2014-05-02T03:52:32","version" => "v0.1.6"},{"date" => "2014-06-20T02:38:53","version" => "v0.1.7"},{"date" => "2015-10-22T08:21:09","version" => "v0.1.8"}]},"Ukigumo-Server" => {"advisories" => [{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-7746"],"description" => "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7746-chartjs","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376","https://github.com/chartjs/Chart.js/pull/7920","https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374"],"reported" => "2020-10-29","severity" => "high"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=2.1.3,<=2.1.5"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.01,<=2.1.2"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Ukigumo-Server","fixed_versions" => [],"id" => "CPANSA-Ukigumo-Server-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Ukigumo::Server","versions" => [{"date" => "2013-10-03T02:13:43","version" => "0.01"},{"date" => "2013-10-03T16:59:57","version" => "v1.0.0"},{"date" => "2013-11-02T00:26:13","version" => "v1.0.1"},{"date" => "2013-11-02T09:29:47","version" => "v1.0.2"},{"date" => "2014-02-20T10:34:17","version" => "v1.1.0"},{"date" => "2014-03-13T10:42:41","version" => "v2.0.0"},{"date" => "2014-03-13T15:34:35","version" => "v2.0.1"},{"date" => "2014-03-14T14:37:37","version" => "v2.0.2"},{"date" => "2014-03-17T15:24:12","version" => "v2.0.3"},{"date" => "2014-04-05T05:47:09","version" => "v2.1.0"},{"date" => "2014-04-06T14:51:57","version" => "v2.1.1"},{"date" => "2014-04-08T07:09:05","version" => "v2.1.2"},{"date" => "2014-04-30T06:46:48","version" => "v2.1.3"},{"date" => "2015-01-23T12:07:31","version" => "v2.1.4"},{"date" => "2018-07-26T05:25:21","version" => "v2.1.5"}]},"UnQLite" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2026-3257"],"description" => "UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library.  UnQLite for Perl embeds the UnQLite library.  Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.","distribution" => "UnQLite","fixed_versions" => [],"id" => "CPANSA-UnQLite-2026-3257","references" => ["https://metacpan.org/release/TOKUHIROM/UnQLite-0.07/source/Changes","https://unqlite.symisc.net/","https://www.cve.org/CVERecord?id=CVE-2025-3791"],"reported" => "2026-03-05","severity" => undef}],"main_module" => "UnQLite","versions" => [{"date" => "2013-07-03T19:04:57","version" => "0.01"},{"date" => "2013-07-05T06:44:50","version" => "0.02"},{"date" => "2013-07-18T03:14:55","version" => "0.03"},{"date" => "2014-08-30T09:37:46","version" => "0.04"},{"date" => "2014-12-23T22:57:03","version" => "0.05"},{"date" => "2026-02-25T01:20:29","version" => "0.06"},{"date" => "2026-02-28T01:51:39","version" => "0.07"}]},"Valiant" => {"advisories" => [{"affected_versions" => ["<0.002011"],"cves" => [],"description" => "closed potential security issue with deeply nested paramters in the DBIC glue code.  This was a hack that could let someone create a child record if you were allowing find_by_unique rather than find by primary key.\n","distribution" => "Valiant","fixed_versions" => [">=0.002011"],"id" => "CPANSA-Valiant-2024-001","references" => ["https://github.com/briandfoy/cpan-security-advisory/issues/175","https://github.com/jjn1056/Valiant/commit/242348776cc01e736397767f11f86cc4055817c4"],"reported" => undef,"severity" => undef}],"main_module" => "Valiant","versions" => [{"date" => "2021-02-25T17:30:04","version" => "0.001001"},{"date" => "2021-02-25T17:57:04","version" => "0.001002"},{"date" => "2021-03-04T15:56:07","version" => "0.001003"},{"date" => "2021-04-07T14:42:08","version" => "0.001004"},{"date" => "2021-04-18T12:44:18","version" => "0.001005"},{"date" => "2021-04-20T01:13:20","version" => "0.001006"},{"date" => "2021-09-07T01:06:25","version" => "0.001007"},{"date" => "2021-09-14T14:58:28","version" => "0.001008"},{"date" => "2021-10-01T17:54:48","version" => "0.001009"},{"date" => "2021-10-26T17:09:00","version" => "0.001010"},{"date" => "2021-11-03T21:55:14","version" => "0.001011"},{"date" => "2022-02-27T23:39:59","version" => "0.001012"},{"date" => "2022-03-03T14:37:57","version" => "0.001013"},{"date" => "2022-03-04T15:43:13","version" => "0.001014"},{"date" => "2022-08-03T23:46:42","version" => "0.001015"},{"date" => "2022-09-11T19:09:30","version" => "0.001016"},{"date" => "2022-12-06T23:57:19","version" => "0.001017"},{"date" => "2023-04-06T18:14:16","version" => "0.001018"},{"date" => "2023-04-08T22:55:02","version" => "0.001019"},{"date" => "2023-04-09T19:34:57","version" => "0.001020"},{"date" => "2023-04-10T21:53:58","version" => "0.001021"},{"date" => "2023-04-18T13:17:26","version" => "0.001022"},{"date" => "2023-07-13T01:06:07","version" => "0.001023"},{"date" => "2023-07-14T12:59:23","version" => "0.001024"},{"date" => "2023-08-02T23:49:48","version" => "0.001025"},{"date" => "2023-08-03T22:50:38","version" => "0.001026"},{"date" => "2023-08-11T22:44:06","version" => "0.002001"},{"date" => "2023-08-27T14:18:29","version" => "0.002002"},{"date" => "2023-10-04T17:28:16","version" => "0.002003"},{"date" => "2024-07-29T19:33:48","version" => "0.002004"},{"date" => "2024-10-02T00:46:07","version" => "0.002005"},{"date" => "2024-11-11T21:41:15","version" => "0.002006"},{"date" => "2024-11-26T18:52:22","version" => "0.002007"},{"date" => "2024-11-29T16:12:40","version" => "0.002008"},{"date" => "2024-12-05T17:37:52","version" => "0.002009"},{"date" => "2024-12-07T15:43:12","version" => "0.002010"},{"date" => "2024-12-07T19:59:50","version" => "0.002011"},{"date" => "2024-12-12T22:53:06","version" => "0.002012"},{"date" => "2025-01-02T02:25:00","version" => "0.002013"},{"date" => "2025-01-02T15:12:36","version" => "0.002014"},{"date" => "2025-01-02T16:14:29","version" => "0.002015"},{"date" => "2025-03-02T16:09:42","version" => "0.002016"},{"date" => "2025-03-10T16:29:26","version" => "0.002017"},{"date" => "2025-06-21T13:56:39","version" => "0.002018"},{"date" => "2025-07-10T15:04:52","version" => "0.002019"}]},"WWW-Mechanize" => {"advisories" => [{"affected_versions" => ["<1.05_03"],"cves" => [],"description" => "find_link() uses eval().\n","distribution" => "WWW-Mechanize","fixed_versions" => [">=1.05_03"],"id" => "CPANSA-WWW-Mechanize-2004-01","references" => ["https://metacpan.org/dist/WWW-Mechanize/changes"],"reported" => "2004-10-31","severity" => undef}],"main_module" => "WWW::Mechanize","versions" => [{"date" => "2002-09-10T21:50:10","version" => "0.30"},{"date" => "2002-09-13T20:19:21","version" => "0.31"},{"date" => "2002-10-24T04:25:30","version" => "0.32"},{"date" => "2003-01-16T16:05:31","version" => "0.33"},{"date" => "2003-01-22T23:57:57","version" => "0.35"},{"date" => "2003-02-04T17:40:03","version" => "0.36"},{"date" => "2003-03-04T21:13:29","version" => "0.37"},{"date" => "2003-03-25T05:52:17","version" => "0.38"},{"date" => "2003-04-02T05:31:16","version" => "0.39"},{"date" => "2003-04-20T02:56:53","version" => "0.40"},{"date" => "2003-05-23T04:29:22","version" => "0.41"},{"date" => "2003-05-27T03:44:25","version" => "0.42"},{"date" => "2003-05-29T14:30:01","version" => "0.43"},{"date" => "2003-06-05T17:16:31","version" => "0.44"},{"date" => "2003-06-17T04:25:04","version" => "0.45"},{"date" => "2003-06-20T16:17:58","version" => "0.46"},{"date" => "2003-06-22T03:54:22","version" => "0.47"},{"date" => "2003-06-22T18:56:42","version" => "0.48"},{"date" => "2003-06-23T19:49:13","version" => "0.49"},{"date" => "2003-06-24T14:54:50","version" => "0.50"},{"date" => "2003-06-30T02:43:06","version" => "0.51"},{"date" => "2003-07-08T23:52:55","version" => "0.52"},{"date" => "2003-07-17T17:26:47","version" => "0.53"},{"date" => "2003-07-20T05:50:27","version" => "0.54"},{"date" => "2003-07-22T17:15:43","version" => "0.55"},{"date" => "2003-07-24T17:25:57","version" => "0.56"},{"date" => "2003-08-01T04:36:32","version" => "0.57"},{"date" => "2003-08-15T04:41:26","version" => "0.58"},{"date" => "2003-09-04T05:33:00","version" => "0.59"},{"date" => "2003-09-23T04:32:57","version" => "0.60"},{"date" => "2003-10-06T23:41:02","version" => "0.61"},{"date" => "2003-10-08T01:55:58","version" => "0.62"},{"date" => "2003-10-13T20:24:52","version" => "0.63"},{"date" => "2003-10-24T04:57:15","version" => "0.64"},{"date" => "2003-11-10T06:19:18","version" => "0.65"},{"date" => "2003-11-13T21:09:41","version" => "0.66"},{"date" => "2003-11-26T05:21:34","version" => "0.69_01"},{"date" => "2003-12-01T05:52:38","version" => "0.70"},{"date" => "2003-12-22T05:53:11","version" => "0.71_01"},{"date" => "2003-12-22T21:01:12","version" => "0.71_02"},{"date" => "2004-01-13T04:45:37","version" => "0.72"},{"date" => "2004-02-29T05:58:51","version" => "0.73_01"},{"date" => "2004-03-03T05:57:51","version" => "0.73_02"},{"date" => "2004-03-21T06:08:45","version" => "0.73_03"},{"date" => "2004-03-23T05:41:11","version" => "0.74"},{"date" => "2004-03-28T04:54:18","version" => "0.75_01"},{"date" => "2004-04-05T05:01:50","version" => "0.75_02"},{"date" => "2004-04-08T03:05:29","version" => "0.76"},{"date" => "2004-04-10T05:55:21","version" => "1.00"},{"date" => "2004-04-14T04:14:17","version" => "1.02"},{"date" => "2004-05-27T20:23:15","version" => "1.03_01"},{"date" => "2004-08-17T04:10:41","version" => "1.03_02"},{"date" => "2004-09-16T04:32:03","version" => "1.04"},{"date" => "2004-10-01T02:18:55","version" => "1.05_01"},{"date" => "2004-10-02T22:08:55","version" => "1.05_02"},{"date" => "2004-11-01T03:25:19","version" => "1.05_03"},{"date" => "2004-11-06T05:39:06","version" => "1.05_04"},{"date" => "2004-12-08T21:25:06","version" => "1.06"},{"date" => "2004-12-24T07:08:27","version" => "1.08"},{"date" => "2005-02-02T05:58:14","version" => "1.10"},{"date" => "2005-02-14T06:21:29","version" => "1.11_01"},{"date" => "2005-02-22T04:05:23","version" => "1.11_02"},{"date" => "2005-02-25T05:50:52","version" => "1.12"},{"date" => "2005-04-12T19:32:06","version" => "1.13_01"},{"date" => "2005-08-30T22:32:23","version" => "1.14"},{"date" => "2005-10-28T22:38:43","version" => "1.16"},{"date" => "2006-01-12T22:26:07","version" => "1.17_01"},{"date" => "2006-02-02T06:32:25","version" => "1.18"},{"date" => "2006-08-08T05:13:01","version" => "1.19_02"},{"date" => "2006-08-19T06:44:58","version" => "1.20"},{"date" => "2006-09-18T22:22:26","version" => "1.21_01"},{"date" => "2006-10-04T18:17:54","version" => "1.21_02"},{"date" => "2006-10-07T06:26:26","version" => "1.21_03"},{"date" => "2006-10-08T02:39:57","version" => "1.21_04"},{"date" => "2007-03-02T06:09:51","version" => "1.22"},{"date" => "2007-05-11T21:01:11","version" => "1.24"},{"date" => "2007-05-16T05:27:55","version" => "1.26"},{"date" => "2007-05-22T19:16:39","version" => "1.29_01"},{"date" => "2007-05-25T02:37:45","version" => "1.30"},{"date" => "2007-09-18T04:39:11","version" => "1.31_01"},{"date" => "2007-10-25T16:59:57","version" => "1.31_02"},{"date" => "2007-10-30T17:09:44","version" => "1.32"},{"date" => "2007-12-10T06:39:14","version" => "1.34"},{"date" => "2008-09-28T04:52:28","version" => "1.49_01"},{"date" => "2008-10-27T04:12:02","version" => "1.50"},{"date" => "2008-11-06T21:12:28","version" => "1.51_01"},{"date" => "2008-11-18T07:34:58","version" => "1.51_02"},{"date" => "2008-11-20T17:07:18","version" => "1.51_03"},{"date" => "2008-11-25T15:56:37","version" => "1.52"},{"date" => "2009-01-12T06:51:13","version" => "1.54"},{"date" => "2009-07-06T17:20:24","version" => "1.55_01"},{"date" => "2009-07-10T22:13:25","version" => "1.56"},{"date" => "2009-07-14T03:40:28","version" => "1.58"},{"date" => "2009-08-17T06:04:34","version" => "1.60"},{"date" => "2010-04-11T04:14:18","version" => "1.62"},{"date" => "2010-07-01T15:49:38","version" => "1.64"},{"date" => "2010-09-10T22:10:32","version" => "1.66"},{"date" => "2011-04-07T05:12:31","version" => "1.67_01"},{"date" => "2011-04-21T15:11:30","version" => "1.68"},{"date" => "2011-08-01T21:49:08","version" => "1.69_01"},{"date" => "2011-08-26T17:52:15","version" => "1.70"},{"date" => "2011-11-25T18:39:23","version" => "1.71"},{"date" => "2012-02-02T23:40:39","version" => "1.72"},{"date" => "2012-03-24T16:20:29","version" => "1.72_01"},{"date" => "2012-04-27T00:35:00","version" => "1.72_02"},{"date" => "2013-08-24T04:33:44","version" => "1.73"},{"date" => "2015-01-24T05:52:57","version" => "1.74"},{"date" => "2015-06-03T03:27:34","version" => "1.75"},{"date" => "2016-07-29T16:21:58","version" => "1.76"},{"date" => "2016-08-05T16:58:03","version" => "1.77"},{"date" => "2016-08-08T13:30:07","version" => "1.78"},{"date" => "2016-09-17T04:05:20","version" => "1.79"},{"date" => "2016-09-25T02:46:39","version" => "1.80"},{"date" => "2016-10-06T12:55:47","version" => "1.81"},{"date" => "2016-10-07T13:50:48","version" => "1.82"},{"date" => "2016-10-14T20:59:34","version" => "1.83"},{"date" => "2017-03-07T18:46:19","version" => "1.84"},{"date" => "2017-06-28T22:11:34","version" => "1.85"},{"date" => "2017-07-04T15:51:05","version" => "1.86"},{"date" => "2018-02-07T22:07:28","version" => "1.87"},{"date" => "2018-03-23T15:41:01","version" => "1.88"},{"date" => "2018-10-18T19:56:43","version" => "1.89"},{"date" => "2018-11-12T18:53:49","version" => "1.90"},{"date" => "2019-01-10T19:04:12","version" => "1.91"},{"date" => "2019-08-24T01:02:55","version" => "1.92"},{"date" => "2019-10-04T21:10:14","version" => "1.93"},{"date" => "2019-10-10T13:15:13","version" => "1.94"},{"date" => "2019-10-28T13:17:10","version" => "1.95"},{"date" => "2020-02-21T02:27:01","version" => "1.96"},{"date" => "2020-05-14T00:48:07","version" => "1.97"},{"date" => "2020-05-25T17:08:10","version" => "1.98"},{"date" => "2020-06-08T15:44:13","version" => "1.99"},{"date" => "2020-06-09T19:17:21","version" => "2.00"},{"date" => "2020-09-18T17:52:29","version" => "2.01"},{"date" => "2020-10-13T13:53:04","version" => "2.02"},{"date" => "2020-11-10T14:49:20","version" => "2.03"},{"date" => "2021-08-06T12:35:04","version" => "2.04"},{"date" => "2021-09-21T14:23:14","version" => "2.05"},{"date" => "2021-10-25T21:00:18","version" => "2.06"},{"date" => "2022-04-29T15:40:57","version" => "2.07"},{"date" => "2022-05-30T17:33:59","version" => "2.08"},{"date" => "2022-06-14T14:22:59","version" => "2.09"},{"date" => "2022-07-04T21:09:58","version" => "2.10"},{"date" => "2022-07-17T17:27:26","version" => "2.11"},{"date" => "2022-07-20T06:47:33","version" => "2.12"},{"date" => "2022-07-29T09:50:42","version" => "2.13"},{"date" => "2022-08-15T19:26:39","version" => "2.14"},{"date" => "2022-08-21T08:24:07","version" => "2.15"},{"date" => "2023-02-11T12:11:44","version" => "2.16"},{"date" => "2023-04-27T15:49:35","version" => "2.17"},{"date" => "2024-01-30T14:34:27","version" => "2.18"},{"date" => "2024-09-16T15:28:35","version" => "2.19"},{"date" => "2025-10-22T19:06:27","version" => "2.20"}]},"WWW-OAuth" => {"advisories" => [{"affected_versions" => ["<=1.000"],"cves" => ["CVE-2025-40905"],"description" => "WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.","distribution" => "WWW-OAuth","fixed_versions" => [">=1.001"],"id" => "CPANSA-WWW-OAuth-2025-40905","references" => ["https://metacpan.org/release/DBOOK/WWW-OAuth-1.000/source/lib/WWW/OAuth.pm#L86","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html","http://www.openwall.com/lists/oss-security/2026/02/13/1"],"reported" => "2026-02-13","severity" => undef}],"main_module" => "WWW::OAuth","versions" => [{"date" => "2016-01-31T07:53:39","version" => "0.001"},{"date" => "2016-02-01T04:23:38","version" => "0.002"},{"date" => "2016-05-19T04:37:32","version" => "0.003"},{"date" => "2016-11-23T22:30:34","version" => "0.004"},{"date" => "2016-12-09T03:50:40","version" => "0.005"},{"date" => "2016-12-10T04:46:51","version" => "0.006"},{"date" => "2018-09-17T23:08:53","version" => "1.000"},{"date" => "2025-01-06T09:16:26","version" => "1.001"},{"date" => "2025-01-15T01:57:07","version" => "1.002"},{"date" => "2025-04-25T09:28:55","version" => "1.003"}]},"WWW-ORCID" => {"advisories" => [{"affected_versions" => [">=0.02"],"cves" => ["CVE-2021-3822"],"description" => "jsoneditor is vulnerable to Inefficient Regular Expression Complexity\n","distribution" => "WWW-ORCID","fixed_versions" => [],"id" => "CPANSA-WWW-ORCID-2021-3822-jsoneditor","references" => ["https://github.com/josdejong/jsoneditor/commit/092e386cf49f2a1450625617da8e0137ed067c3e","https://huntr.dev/bounties/1e3ed803-b7ed-42f1-a4ea-c4c75da9de73"],"reported" => "2021-09-27","severity" => "high"}],"main_module" => "WWW::ORCID","versions" => [{"date" => "2013-05-23T15:40:49","version" => "0.01"},{"date" => "2013-05-23T18:36:32","version" => "0.0101"},{"date" => "2015-04-22T12:01:16","version" => "0.0102"},{"date" => "2015-09-01T12:23:38","version" => "0.02"},{"date" => "2017-08-07T13:35:26","version" => "0.02_01"},{"date" => "2017-08-08T08:31:22","version" => "0.0201"},{"date" => "2017-08-08T08:46:24","version" => "0.0201_01"},{"date" => "2017-08-08T09:23:10","version" => "0.03_01"},{"date" => "2017-08-10T07:31:58","version" => "0.03_02"},{"date" => "2017-08-11T14:09:25","version" => "0.03_03"},{"date" => "2017-08-18T13:59:11","version" => "0.04"},{"date" => "2017-08-18T15:12:32","version" => "0.0401"},{"date" => "2019-06-21T12:29:19","version" => "0.0402"}]},"WWW-UsePerl-Server" => {"advisories" => [{"affected_versions" => ["==0.36"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "WWW-UsePerl-Server","fixed_versions" => [],"id" => "CPANSA-WWW-UsePerl-Server-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"}],"main_module" => "WWW::UsePerl::Server","versions" => [{"date" => "2012-05-05T19:00:47","version" => "0.36"}]},"Web-API" => {"advisories" => [{"affected_versions" => ["<=2.8"],"cves" => ["CVE-2024-57868"],"description" => "Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically Web::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "Web-API","fixed_versions" => [">2.8"],"id" => "CPANSA-Web-API-2024-57868","references" => ["https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L20","https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L348","https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "Web::API","versions" => [{"date" => "2013-01-07T00:40:46","version" => "0.4"},{"date" => "2013-01-07T01:20:59","version" => "0.5"},{"date" => "2013-01-12T20:34:30","version" => "0.6"},{"date" => "2013-02-28T02:17:58","version" => "0.7"},{"date" => "2013-03-05T20:49:09","version" => "0.8"},{"date" => "2013-05-06T06:15:17","version" => "0.9"},{"date" => "2013-09-13T19:52:23","version" => "1.0"},{"date" => "2013-09-16T21:17:08","version" => "1.1"},{"date" => "2013-09-24T16:34:33","version" => "1.2"},{"date" => "2013-09-25T21:59:25","version" => "1.3"},{"date" => "2013-10-28T04:52:47","version" => "1.4"},{"date" => "2013-10-30T11:32:40","version" => "1.5"},{"date" => "2013-12-18T00:33:16","version" => "1.6"},{"date" => "2014-03-06T11:15:31","version" => "1.7"},{"date" => "2014-03-27T11:28:58","version" => "1.8"},{"date" => "2014-07-02T15:27:23","version" => "1.9"},{"date" => "2014-11-26T16:03:35","version" => "2.0"},{"date" => "2014-11-27T02:30:18","version" => "2.1"},{"date" => "2014-12-19T01:19:05","version" => "2.2"},{"date" => "2017-05-09T12:30:47","version" => "2.2.1"},{"date" => "2017-05-10T13:33:17","version" => "2.3.0"},{"date" => "2017-06-12T15:35:44","version" => "2.2.2"},{"date" => "2017-10-21T05:34:45","version" => "2.2.3"},{"date" => "2018-12-25T10:23:53","version" => "2.3"},{"date" => "2018-12-25T10:58:10","version" => "2.3.1"},{"date" => "2019-01-07T12:26:54","version" => "2.4.0"},{"date" => "2019-01-15T04:02:07","version" => "2.4.1"},{"date" => "2019-11-18T02:38:25","version" => "2.5"},{"date" => "2019-11-26T05:00:01","version" => "2.6"},{"date" => "2020-05-02T07:58:13","version" => "2.7"},{"date" => "2024-04-09T16:02:08","version" => "2.8"}]},"WebService-Xero" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2024-52322"],"description" => "WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  Specifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.","distribution" => "WebService-Xero","fixed_versions" => [],"id" => "CPANSA-WebService-Xero-2024-52322","references" => ["https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13","https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93","https://perldoc.perl.org/functions/rand","https://security.metacpan.org/docs/guides/random-data-for-security.html"],"reported" => "2025-04-05","severity" => undef}],"main_module" => "WebService::Xero","versions" => [{"date" => "2016-11-29T16:57:37","version" => "0.10"},{"date" => "2016-11-30T16:52:01","version" => "0.11"}]},"Wight-Chart" => {"advisories" => [{"affected_versions" => ["==0.003"],"cves" => ["CVE-2020-7746"],"description" => "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.\n","distribution" => "Wight-Chart","fixed_versions" => [],"id" => "CPANSA-Wight-Chart-2020-7746-chartjs","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376","https://github.com/chartjs/Chart.js/pull/7920","https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374"],"reported" => "2020-10-29","severity" => "high"}],"main_module" => "Wight::Chart","versions" => [{"date" => "2013-08-27T12:23:48","version" => "0.003"}]},"Win32-File-Summary" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2018-12015"],"description" => "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2018-01","references" => ["https://security-tracker.debian.org/tracker/CVE-2018-12015","https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5"],"reported" => "2018-06-12","severity" => "medium"},{"affected_versions" => [">0"],"cves" => ["CVE-2007-4829"],"description" => "Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has \"..\" sequences.\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2007-4829","references" => ["http://rt.cpan.org/Public/Bug/Display.html?id=29517","https://bugzilla.redhat.com/show_bug.cgi?id=295021","http://rt.cpan.org/Public/Bug/Display.html?id=30380","https://issues.rpath.com/browse/RPL-1716","http://www.securityfocus.com/bid/26355","http://secunia.com/advisories/27539","http://osvdb.org/40410","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://www.ubuntu.com/usn/usn-700-2","http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml","http://secunia.com/advisories/33116","http://www.vupen.com/english/advisories/2007/3755","https://exchange.xforce.ibmcloud.com/vulnerabilities/38285","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658"],"reported" => "2007-11-02","severity" => undef},{"affected_versions" => [">0"],"cves" => ["CVE-2016-1238"],"description" => "'(1) cpan/Win32-File-Summary/bin/ptar, (2) cpan/Win32-File-Summary/bin/ptardiff, (3) cpan/Win32-File-Summary/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.'\n","distribution" => "Win32-File-Summary","embedded_vulnerability" => {"distributed_version" => "0.072","name" => "Archive::Tar"},"fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-1238","references" => ["http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securitytracker.com/id/1036440","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","https://rt.perl.org/Public/Bug/Display.html?id=127834","http://www.securityfocus.com/bid/92136","http://www.debian.org/security/2016/dsa-3628","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://security.gentoo.org/glsa/201701-75","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c\@%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=1.00,<=1.10"],"cves" => ["CVE-2016-4570"],"description" => "The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.\n","distribution" => "Win32-File-Summary","fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-4570-mxml","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1334648","http://www.openwall.com/lists/oss-security/2016/05/11/14","http://www.openwall.com/lists/oss-security/2016/05/09/16","http://www.securityfocus.com/bid/90315","https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"],"reported" => "2017-02-03","severity" => "medium"},{"affected_versions" => [">=1.00,<=1.10"],"cves" => ["CVE-2016-4571"],"description" => "The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.\n","distribution" => "Win32-File-Summary","fixed_versions" => [],"id" => "CPANSA-Win32-File-Summary-2016-4571-mxml","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1334648","http://www.openwall.com/lists/oss-security/2016/05/11/14","http://www.openwall.com/lists/oss-security/2016/05/09/16","http://www.securityfocus.com/bid/90315","https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"],"reported" => "2017-02-03","severity" => "medium"}],"main_module" => "Win32::File::Summary","versions" => [{"date" => "2005-04-24T18:36:18","version" => "0.01"},{"date" => "2005-04-25T15:18:03","version" => "0.01"},{"date" => "2005-04-30T12:09:11","version" => "0.01"},{"date" => "2005-05-17T09:52:46","version" => "0.01"},{"date" => "2005-08-06T18:10:08","version" => "0.01"},{"date" => "2005-08-24T04:39:30","version" => "0.01"},{"date" => "2006-06-11T14:15:36","version" => "0.01"}]},"Win32-Printer" => {"advisories" => [{"affected_versions" => [">=0.7.0,<=0.7.1"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.8.0,<=0.8.3"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => ["==0.8.4"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.9.0,<=0.9.1"],"cves" => ["CVE-2015-0852"],"description" => "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2015-0852-freeimage","references" => ["https://github.com/kmx/alien-freeimage/issues/5","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html","http://www.openwall.com/lists/oss-security/2015/08/28/1","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165","http://www.debian.org/security/2015/dsa-3392","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html","http://www.securitytracker.com/id/1034077","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html","https://security.gentoo.org/glsa/201701-68","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"reported" => "2015-09-29","severity" => undef},{"affected_versions" => [">=0.7.0,<0.9.0"],"cves" => ["CVE-2016-9601"],"description" => "ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2016-9601-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601","https://bugs.ghostscript.com/show_bug.cgi?id=697457","http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092","https://www.debian.org/security/2017/dsa-3817","https://security.gentoo.org/glsa/201706-24","http://www.securityfocus.com/bid/97095"],"reported" => "2018-04-24","severity" => "medium"},{"affected_versions" => [">=0.9.0,<=0.9.1"],"cves" => ["CVE-2016-9601"],"description" => "ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.\n","distribution" => "Win32-Printer","fixed_versions" => [],"id" => "CPANSA-Win32-Printer-2016-9601-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601","https://bugs.ghostscript.com/show_bug.cgi?id=697457","http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092","https://www.debian.org/security/2017/dsa-3817","https://security.gentoo.org/glsa/201706-24","http://www.securityfocus.com/bid/97095"],"reported" => "2018-04-24","severity" => "medium"}],"main_module" => "Win32::Printer","versions" => [{"date" => "2003-08-05T07:57:55","version" => "v0.6.1"},{"date" => "2003-08-05T08:26:35","version" => "v0.6.1"},{"date" => "2003-08-14T12:07:09","version" => "v0.6.2"},{"date" => "2003-08-31T16:02:18","version" => "v0.6.3"},{"date" => "2003-09-01T14:26:20","version" => "v0.6.3.1"},{"date" => "2003-09-22T14:05:39","version" => "v0.6.4"},{"date" => "2003-10-12T17:37:04","version" => "v0.6.5"},{"date" => "2003-10-28T13:16:47","version" => "v0.6.6"},{"date" => "2003-11-03T08:07:09","version" => "v0.6.6.1"},{"date" => "2004-01-08T01:49:39","version" => "v0.7.0"},{"date" => "2004-03-11T12:29:29","version" => "v0.7.1"},{"date" => "2004-04-22T13:37:23","version" => "v0.8.0"},{"date" => "2004-06-22T07:26:31","version" => "v0.8.1"},{"date" => "2004-08-09T09:53:52","version" => "v0.8.2"},{"date" => "2004-08-11T12:35:45","version" => "v0.8.3"},{"date" => "2004-11-04T07:45:40","version" => "v0.8.4"},{"date" => "2005-02-07T11:06:58","version" => "v0.9.0"},{"date" => "2008-04-28T07:49:03","version" => "v0.9.1"}]},"XAO-Web" => {"advisories" => [{"affected_versions" => ["<1.84"],"cves" => ["CVE-2020-36827"],"description" => "Embedded HTML in JSON data was not escaped.\n","distribution" => "XAO-Web","fixed_versions" => [">=1.84"],"id" => "CPANSA-XAO-Web-2020-01","references" => ["https://github.com/amaltsev/XAO-Web/commit/20dd1d3bc5b811503f5722a16037b60197fe7ef4","https://metacpan.org/release/AMALTSEV/XAO-Web-1.84/changes"],"reported" => "2020-09-18","severity" => undef}],"main_module" => "XAO::Web","versions" => [{"date" => "2002-01-03T03:05:25","version" => "1.0"},{"date" => "2002-01-04T02:47:11","version" => "1.01"},{"date" => "2002-01-04T03:44:00","version" => "1.02"},{"date" => "2002-03-19T04:56:54","version" => "1.03"},{"date" => "2002-11-09T02:33:07","version" => "1.04"},{"date" => "2003-11-13T02:15:48","version" => "1.05"},{"date" => "2003-11-13T07:09:31","version" => "1.05"},{"date" => "2005-01-14T01:48:49","version" => "1.06"},{"date" => "2005-02-01T03:24:39","version" => "1.07"},{"date" => "2017-04-19T20:26:55","version" => "1.45"},{"date" => "2017-04-20T00:32:26","version" => "1.46"},{"date" => "2017-05-01T19:57:48","version" => "1.47"},{"date" => "2018-07-07T00:42:57","version" => "1.68"},{"date" => "2018-07-07T03:29:38","version" => "1.69"},{"date" => "2018-07-07T16:38:26","version" => "1.70"},{"date" => "2018-07-30T13:35:32","version" => "1.71"},{"date" => "2018-10-20T00:50:11","version" => "1.72"},{"date" => "2018-10-25T19:16:09","version" => "1.73"},{"date" => "2018-10-30T01:27:58","version" => "1.74"},{"date" => "2019-01-10T02:17:29","version" => "1.75"},{"date" => "2019-03-02T17:38:20","version" => "1.76"},{"date" => "2019-04-26T23:13:56","version" => "1.77"},{"date" => "2019-11-20T20:52:59","version" => "1.78"},{"date" => "2019-12-24T02:26:57","version" => "1.79"},{"date" => "2020-01-10T01:19:32","version" => "1.80"},{"date" => "2020-07-21T02:08:41","version" => "1.81"},{"date" => "2020-08-26T22:28:48","version" => "1.82"},{"date" => "2020-08-26T23:19:26","version" => "1.83"},{"date" => "2020-09-18T03:22:46","version" => "1.84"},{"date" => "2020-09-22T23:47:44","version" => "1.85"},{"date" => "2020-09-23T00:51:16","version" => "1.86"},{"date" => "2021-06-08T22:38:04","version" => "1.87"},{"date" => "2022-04-09T02:06:50","version" => "1.88"},{"date" => "2022-07-02T00:05:43","version" => "1.89"},{"date" => "2022-12-08T04:50:55","version" => "1.90"},{"date" => "2023-05-22T21:52:57","version" => "1.91"},{"date" => "2025-04-03T00:49:02","version" => "1.92"},{"date" => "2025-04-03T02:01:24","version" => "1.93"}]},"XML-Atom" => {"advisories" => [{"affected_versions" => ["<0.39"],"cves" => ["CVE-2012-1102"],"description" => "It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.\n","distribution" => "XML-Atom","fixed_versions" => [],"id" => "CPANSA-XML-Atom-2012-1102","references" => ["https://seclists.org/oss-sec/2012/q1/549","https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes"],"reported" => "2021-07-09","severity" => "high"}],"main_module" => "XML::Atom","versions" => [{"date" => "2003-09-08T04:47:09","version" => "0.01"},{"date" => "2003-09-28T23:11:32","version" => "0.02"},{"date" => "2003-12-05T09:20:27","version" => "0.03"},{"date" => "2003-12-15T08:03:04","version" => "0.04"},{"date" => "2003-12-15T17:10:29","version" => "0.041"},{"date" => "2004-01-06T05:04:22","version" => "0.05"},{"date" => "2004-04-24T23:47:03","version" => "0.06"},{"date" => "2004-05-16T01:13:46","version" => "0.07"},{"date" => "2004-06-02T06:05:57","version" => "0.08"},{"date" => "2004-07-30T05:49:54","version" => "0.09"},{"date" => "2005-01-01T00:20:55","version" => "0.10"},{"date" => "2005-02-24T03:19:08","version" => "0.11"},{"date" => "2005-06-07T05:13:21","version" => "0.12"},{"date" => "2005-07-19T21:00:39","version" => "0.12_01"},{"date" => "2005-08-16T21:46:06","version" => "0.12_02"},{"date" => "2005-08-18T07:18:26","version" => "0.13"},{"date" => "2005-09-14T05:38:53","version" => "0.13_01"},{"date" => "2005-10-21T04:55:40","version" => "0.14"},{"date" => "2005-11-01T05:55:40","version" => "0.15"},{"date" => "2005-11-22T21:17:26","version" => "0.16"},{"date" => "2006-02-22T23:24:00","version" => "0.17"},{"date" => "2006-03-16T06:14:49","version" => "0.18"},{"date" => "2006-03-19T05:03:12","version" => "0.19"},{"date" => "2006-04-30T16:49:38","version" => "0.19_01"},{"date" => "2006-07-07T06:39:52","version" => "0.19_03"},{"date" => "2006-07-12T03:44:58","version" => "0.20"},{"date" => "2006-07-12T17:44:49","version" => "0.21"},{"date" => "2006-07-19T10:42:43","version" => "0.21_01"},{"date" => "2006-07-20T08:07:49","version" => "0.21_02"},{"date" => "2006-07-21T10:15:06","version" => "0.21_03"},{"date" => "2006-07-24T20:00:37","version" => "0.22"},{"date" => "2006-08-27T05:53:47","version" => "0.22_01"},{"date" => "2006-08-27T06:42:17","version" => "0.23"},{"date" => "2006-11-25T23:03:57","version" => "0.24"},{"date" => "2006-11-30T23:14:23","version" => "0.25"},{"date" => "2007-04-27T20:57:39","version" => "0.25_01"},{"date" => "2007-06-20T19:23:36","version" => "0.25_02"},{"date" => "2007-09-16T04:24:44","version" => "0.26"},{"date" => "2007-09-16T04:41:58","version" => "0.27"},{"date" => "2007-10-04T20:30:48","version" => "0.27_01"},{"date" => "2007-11-06T21:08:06","version" => "0.28"},{"date" => "2008-10-26T00:27:44","version" => "0.29"},{"date" => "2008-11-12T22:45:37","version" => "0.30"},{"date" => "2008-11-13T21:19:34","version" => "0.31"},{"date" => "2008-11-23T22:07:41","version" => "0.32"},{"date" => "2009-01-07T02:00:59","version" => "0.33"},{"date" => "2009-04-29T17:46:03","version" => "0.34"},{"date" => "2009-05-01T23:42:30","version" => "0.35"},{"date" => "2009-12-21T22:02:23","version" => "0.36"},{"date" => "2009-12-29T02:32:53","version" => "0.37"},{"date" => "2011-05-23T02:57:51","version" => "0.38"},{"date" => "2011-06-21T04:07:51","version" => "0.39"},{"date" => "2011-09-18T19:43:27","version" => "0.40"},{"date" => "2011-09-27T01:44:56","version" => "0.41"},{"date" => "2017-05-12T05:34:02","version" => "0.42"},{"date" => "2021-04-28T20:40:29","version" => "0.43"}]},"XML-DT" => {"advisories" => [{"affected_versions" => ["<0.64"],"cves" => ["CVE-2014-5260"],"description" => "The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.\n","distribution" => "XML-DT","fixed_versions" => [],"id" => "CPANSA-XML-DT-2014-5260","references" => ["http://openwall.com/lists/oss-security/2014/08/15/8","https://metacpan.org/diff/file?target=AMBS/XML-DT-0.64/&source=AMBS/XML-DT-0.63/","https://metacpan.org/source/AMBS/XML-DT-0.66/Changes","https://bugs.debian.org/756566"],"reported" => "2014-08-16","severity" => undef}],"main_module" => "XML::DT","versions" => [{"date" => "1999-07-30T13:04:11","version" => "0.11"},{"date" => "2000-04-07T09:24:55","version" => "0.14"},{"date" => "2000-09-19T17:03:40","version" => "0.15"},{"date" => "2000-10-16T16:21:54","version" => "0.16"},{"date" => "2000-11-30T12:37:27","version" => "0.19"},{"date" => "2002-03-07T17:54:06","version" => "0.20"},{"date" => "2002-05-28T12:35:07","version" => "0.21"},{"date" => "2002-12-20T17:31:58","version" => "0.22"},{"date" => "2002-12-27T09:10:47","version" => "0.23"},{"date" => "2003-02-20T16:16:43","version" => "0.24"},{"date" => "2003-06-17T10:15:16","version" => "v0.24.1"},{"date" => "2003-10-09T08:12:32","version" => "0.25"},{"date" => "2003-10-13T07:47:22","version" => "0.25"},{"date" => "2003-11-14T10:55:50","version" => "0.27"},{"date" => "2003-12-16T14:25:13","version" => "0.28"},{"date" => "2004-01-07T11:38:24","version" => "0.29"},{"date" => "2004-01-22T11:25:21","version" => "0.30"},{"date" => "2004-08-09T17:43:41","version" => "0.31"},{"date" => "2004-09-20T19:15:56","version" => "0.32"},{"date" => "2004-10-03T19:21:18","version" => "0.33"},{"date" => "2004-10-30T14:43:29","version" => "0.34"},{"date" => "2004-11-15T16:39:19","version" => "0.35"},{"date" => "2004-11-19T17:29:05","version" => "0.36"},{"date" => "2004-11-21T16:27:45","version" => "0.37"},{"date" => "2004-12-24T16:34:24","version" => "0.38"},{"date" => "2005-03-22T12:05:18","version" => "0.39"},{"date" => "2005-04-06T08:14:46","version" => "0.40"},{"date" => "2005-07-20T20:28:06","version" => "0.41"},{"date" => "2005-09-18T16:06:11","version" => "0.42"},{"date" => "2006-05-15T09:08:21","version" => "0.43"},{"date" => "2006-05-15T09:33:07","version" => "0.44"},{"date" => "2006-05-16T14:14:36","version" => "0.45"},{"date" => "2006-11-03T09:39:12","version" => "0.46"},{"date" => "2006-11-23T18:14:09","version" => "0.47"},{"date" => "2008-02-20T22:00:02","version" => "0.48"},{"date" => "2008-02-20T22:16:45","version" => "0.49"},{"date" => "2008-02-21T22:02:53","version" => "0.50"},{"date" => "2008-02-22T17:19:12","version" => "0.51"},{"date" => "2008-10-22T09:12:08","version" => "0.52"},{"date" => "2009-01-18T20:10:36","version" => "0.53"},{"date" => "2010-11-19T16:27:23","version" => "0.54"},{"date" => "2011-02-12T22:08:27","version" => "0.55"},{"date" => "2011-02-12T22:09:55","version" => "0.56"},{"date" => "2012-04-07T20:30:58","version" => "0.57"},{"date" => "2012-04-09T10:19:15","version" => "0.58"},{"date" => "2012-06-05T13:37:08","version" => "0.59"},{"date" => "2012-06-25T16:57:54","version" => "0.60"},{"date" => "2012-06-25T17:04:58","version" => "0.61"},{"date" => "2012-06-25T19:02:40","version" => "0.62"},{"date" => "2013-03-25T22:27:48","version" => "0.63"},{"date" => "2014-07-31T19:46:44","version" => "0.64"},{"date" => "2014-08-01T13:00:43","version" => "0.65"},{"date" => "2014-08-15T20:17:39","version" => "0.66"},{"date" => "2015-03-15T18:28:49","version" => "0.67"},{"date" => "2015-09-29T08:06:14","version" => "0.68"},{"date" => "2019-04-22T17:01:30","version" => "0.69"}]},"XML-LibXML" => {"advisories" => [{"affected_versions" => ["<2.0120"],"cves" => ["CVE-2015-3451"],"description" => "The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.\n","distribution" => "XML-LibXML","fixed_versions" => [">=2.0120"],"id" => "CPANSA-XML-LibXML-2015-01","references" => ["https://metacpan.org/changes/distribution/XML-LibXML"],"reported" => "2015-04-23"},{"affected_versions" => ["<2.0129"],"cves" => ["CVE-2017-10672"],"description" => "Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.\n","distribution" => "XML-LibXML","fixed_versions" => [">=2.0129"],"id" => "CPANSA-XML-LibXML-2017-01","references" => ["https://www.debian.org/security/2017/dsa-4042","https://rt.cpan.org/Public/Bug/Display.html?id=122246","https://lists.debian.org/debian-lts-announce/2017/11/msg00017.html"],"reported" => "2015-04-23"}],"main_module" => "XML::LibXML","versions" => [{"date" => "2001-05-18T11:31:21","version" => "0.91"},{"date" => "2001-06-03T07:47:14","version" => "0.92"},{"date" => "2001-06-09T16:52:26","version" => "0.93"},{"date" => "2001-06-10T08:54:23","version" => "0.94"},{"date" => "2001-06-21T10:07:56","version" => "0.96"},{"date" => "2001-06-29T20:39:47","version" => "0.97"},{"date" => "2001-07-20T16:08:25","version" => "0.99"},{"date" => "2001-08-07T10:13:29","version" => "1.00"},{"date" => "2001-11-14T11:39:59","version" => "1.30"},{"date" => "2001-11-25T17:25:52","version" => "1.31"},{"date" => "2002-03-13T14:24:12","version" => "1.40"},{"date" => "2002-05-11T21:07:22","version" => "1.49"},{"date" => "2002-05-20T11:33:20","version" => "1.50"},{"date" => "2002-05-31T16:53:50","version" => "1.51"},{"date" => "2002-06-12T10:16:35","version" => "1.52"},{"date" => "2002-09-14T21:02:38","version" => "1.53"},{"date" => "2002-10-26T15:21:51","version" => "1.54_0"},{"date" => "2002-11-08T10:03:05","version" => "1.54_1"},{"date" => "2002-11-08T18:15:20","version" => "1.54_2"},{"date" => "2002-11-15T20:14:58","version" => "1.54_3"},{"date" => "2003-05-22T23:44:39","version" => "1.54_4"},{"date" => "2003-05-30T18:46:39","version" => "1.54"},{"date" => "2003-08-19T21:15:43","version" => "1.55"},{"date" => "2003-08-25T13:39:01","version" => "1.56"},{"date" => "2004-02-29T16:56:42","version" => "1.57"},{"date" => "2004-03-31T19:49:55","version" => "1.58"},{"date" => "2004-04-04T11:42:03","version" => "1.58_1"},{"date" => "2006-08-02T10:59:49","version" => "1.59"},{"date" => "2006-08-26T18:11:05","version" => "1.60"},{"date" => "2006-09-24T15:43:20","version" => "1.61"},{"date" => "2006-09-25T07:21:39","version" => "1.61"},{"date" => "2006-09-25T07:42:26","version" => "1.61"},{"date" => "2006-09-25T11:38:04","version" => "1.61"},{"date" => "2006-11-18T09:57:51","version" => "1.62"},{"date" => "2006-11-25T09:10:37","version" => "1.62"},{"date" => "2007-04-16T11:46:21","version" => "1.63"},{"date" => "2007-09-09T21:51:03","version" => "1.64"},{"date" => "2007-09-25T16:37:46","version" => "1.65"},{"date" => "2008-01-29T21:10:45","version" => "1.66"},{"date" => "2008-11-04T14:26:16","version" => "1.67"},{"date" => "2008-11-05T13:32:59","version" => "1.68"},{"date" => "2008-11-11T21:00:56","version" => "1.69"},{"date" => "2009-01-23T22:30:52","version" => "1.69_1"},{"date" => "2009-02-06T19:12:24","version" => "1.69_2"},{"date" => "2009-10-07T12:31:25","version" => "1.70"},{"date" => "2011-06-14T17:01:30","version" => "1.71"},{"date" => "2011-06-16T16:40:11","version" => "1.72"},{"date" => "2011-06-18T08:35:40","version" => "1.73"},{"date" => "2011-06-23T12:27:53","version" => "1.74"},{"date" => "2011-06-24T16:02:54","version" => "1.75"},{"date" => "2011-06-30T18:20:41","version" => "1.76"},{"date" => "2011-07-01T19:31:51","version" => "1.77"},{"date" => "2011-07-06T17:27:49","version" => "1.78"},{"date" => "2011-07-08T17:06:33","version" => "1.79"},{"date" => "2011-07-12T20:39:51","version" => "1.80"},{"date" => "2011-07-16T15:36:21","version" => "1.81"},{"date" => "2011-07-20T20:49:05","version" => "1.82"},{"date" => "2011-07-23T11:34:22","version" => "1.83"},{"date" => "2011-07-23T20:17:26","version" => "1.84"},{"date" => "2011-08-24T14:08:28","version" => "1.85"},{"date" => "2011-08-25T08:46:56","version" => "1.86"},{"date" => "2011-08-27T11:07:44","version" => "1.87"},{"date" => "2011-09-21T10:01:23","version" => "1.88"},{"date" => "2011-12-24T07:47:30","version" => "1.89"},{"date" => "2012-01-08T19:01:33","version" => "1.90"},{"date" => "2012-02-21T12:02:10","version" => "1.91"},{"date" => "2012-02-21T17:03:56","version" => "1.92"},{"date" => "2012-02-27T09:18:12","version" => "1.93"},{"date" => "2012-03-03T20:10:26","version" => "1.94"},{"date" => "2012-03-06T08:42:27","version" => "1.95"},{"date" => "2012-03-16T19:05:40","version" => "1.96"},{"date" => "2012-04-30T17:35:11","version" => "1.97"},{"date" => "2012-05-13T18:06:03","version" => "1.98"},{"date" => "2012-05-31T07:25:35","version" => "1.99"},{"date" => "2012-06-19T20:07:27","version" => "2.0000"},{"date" => "2012-06-20T16:53:03","version" => "2.0001"},{"date" => "2012-07-08T15:12:36","version" => "2.0002"},{"date" => "2012-07-27T15:22:53","version" => "2.0003"},{"date" => "2012-08-07T20:06:48","version" => "2.0004"},{"date" => "2012-10-13T11:23:03","version" => "2.0005"},{"date" => "2012-10-13T20:34:57","version" => "2.0006"},{"date" => "2012-10-17T17:05:13","version" => "2.0007"},{"date" => "2012-10-22T10:13:20","version" => "2.0008"},{"date" => "2012-11-01T14:29:13","version" => "2.0009"},{"date" => "2012-11-01T18:16:34","version" => "2.0010"},{"date" => "2012-11-07T22:29:47","version" => "2.0011"},{"date" => "2012-11-09T04:42:04","version" => "2.0012"},{"date" => "2012-12-04T15:46:46","version" => "2.0013"},{"date" => "2012-12-05T09:13:26","version" => "2.0014"},{"date" => "2013-04-12T23:35:55","version" => "2.0015"},{"date" => "2013-04-13T19:39:51","version" => "2.0016"},{"date" => "2013-05-09T08:07:47","version" => "2.0017"},{"date" => "2013-05-13T10:44:19","version" => "2.0018"},{"date" => "2013-07-01T08:08:50","version" => "2.0019"},{"date" => "2013-08-14T05:27:26","version" => "2.0100"},{"date" => "2013-08-15T05:34:30","version" => "2.0101"},{"date" => "2013-08-19T12:18:31","version" => "2.0102"},{"date" => "2013-08-22T05:35:19","version" => "2.0103"},{"date" => "2013-08-30T09:38:04","version" => "2.0104"},{"date" => "2013-09-07T17:24:00","version" => "2.0105"},{"date" => "2013-09-17T16:14:51","version" => "2.0106"},{"date" => "2013-10-31T07:16:02","version" => "2.0107"},{"date" => "2013-12-17T09:10:53","version" => "2.0108"},{"date" => "2014-01-31T08:01:23","version" => "2.0109"},{"date" => "2014-02-01T14:14:02","version" => "2.0110"},{"date" => "2014-03-05T15:31:25","version" => "2.0111"},{"date" => "2014-03-13T18:19:10","version" => "2.0112"},{"date" => "2014-03-14T12:15:54","version" => "2.0113"},{"date" => "2014-04-03T13:01:06","version" => "2.0114"},{"date" => "2014-04-03T13:15:41","version" => "2.0115"},{"date" => "2014-04-12T08:10:37","version" => "2.0116"},{"date" => "2014-10-26T16:31:29","version" => "2.0117"},{"date" => "2015-02-05T10:57:03","version" => "2.0118"},{"date" => "2015-04-23T07:14:45","version" => "2.0119"},{"date" => "2015-05-01T09:50:18","version" => "2.0120"},{"date" => "2015-05-03T12:08:06","version" => "2.0121"},{"date" => "2015-09-01T09:02:29","version" => "2.0122"},{"date" => "2015-12-06T13:19:22","version" => "2.0123"},{"date" => "2016-02-27T11:21:08","version" => "2.0124"},{"date" => "2016-05-30T09:24:51","version" => "2.0125"},{"date" => "2016-06-24T16:21:00","version" => "2.0126"},{"date" => "2016-07-22T17:40:51","version" => "2.0127"},{"date" => "2016-07-24T09:15:48","version" => "2.0128"},{"date" => "2017-03-14T13:37:23","version" => "2.0129"},{"date" => "2017-10-18T08:45:49","version" => "2.0130"},{"date" => "2017-10-24T08:57:20","version" => "2.0131"},{"date" => "2017-10-28T17:58:34","version" => "2.0132"},{"date" => "2019-02-02T11:11:30","version" => "2.0133"},{"date" => "2019-02-10T15:02:55","version" => "2.0134"},{"date" => "2019-03-23T08:54:34","version" => "2.0200"},{"date" => "2019-05-25T17:46:46","version" => "2.0201"},{"date" => "2020-01-13T09:16:50","version" => "2.0202"},{"date" => "2020-03-11T06:48:19","version" => "2.0203"},{"date" => "2020-03-17T16:33:17","version" => "2.0204"},{"date" => "2020-05-08T11:36:06","version" => "2.0205"},{"date" => "2020-09-15T08:06:58","version" => "2.0206"},{"date" => "2021-04-17T08:16:22","version" => "2.0207"},{"date" => "2022-09-30T03:29:15","version" => "2.0208"},{"date" => "2023-07-15T06:04:39","version" => "2.0209"},{"date" => "2024-01-24T15:19:39","version" => "2.0210"}]},"XML-Sig" => {"advisories" => [{"affected_versions" => [">=0.27,<=0.67"],"cves" => ["CVE-2025-40934"],"description" => "XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.  An attacker can remove the signature from the XML document to make it pass the verification check.  XML-Sig is a Perl module to validate signatures on XML files.\x{a0} An unsigned XML file should return an error message.\x{a0} The affected versions return true when attempting to validate an XML file that contains no signatures.","distribution" => "XML-Sig","fixed_versions" => [">=0.68"],"id" => "CPANSA-XML-Sig-2025-40934","references" => ["https://github.com/perl-net-saml2/perl-XML-Sig/issues/63","https://github.com/perl-net-saml2/perl-XML-Sig/pull/64"],"reported" => "2025-11-26","severity" => undef}],"main_module" => "XML::Sig","versions" => [{"date" => "2009-10-28T23:54:04","version" => "0.1"},{"date" => "2009-10-29T05:20:59","version" => "0.2"},{"date" => "2009-11-20T04:35:13","version" => "0.2.1"},{"date" => "2009-11-20T05:09:41","version" => "0.21"},{"date" => "2009-12-08T18:00:44","version" => "0.22"},{"date" => "2020-06-27T03:58:29","version" => "0.27"},{"date" => "2020-06-27T14:35:14","version" => "0.28"},{"date" => "2020-11-29T23:46:03","version" => "0.29"},{"date" => "2020-11-30T03:29:19","version" => "0.30"},{"date" => "2020-12-02T22:36:05","version" => "0.31"},{"date" => "2020-12-03T01:18:15","version" => "0.32"},{"date" => "2020-12-07T00:59:38","version" => "0.33"},{"date" => "2020-12-07T02:29:37","version" => "0.34"},{"date" => "2021-01-08T01:28:22","version" => "0.35"},{"date" => "2021-01-08T11:50:22","version" => "0.36"},{"date" => "2021-01-10T02:50:59","version" => "0.37"},{"date" => "2021-01-10T15:27:25","version" => "0.38"},{"date" => "2021-01-13T00:29:13","version" => "0.39"},{"date" => "2021-03-13T02:24:22","version" => "0.40"},{"date" => "2021-03-13T13:33:53","version" => "0.41"},{"date" => "2021-03-15T00:03:02","version" => "0.42"},{"date" => "2021-03-15T01:18:04","version" => "0.43"},{"date" => "2021-03-20T14:15:36","version" => "0.44"},{"date" => "2021-03-20T21:28:09","version" => "0.45"},{"date" => "2021-03-27T16:02:51","version" => "0.46"},{"date" => "2021-03-28T14:31:07","version" => "0.47"},{"date" => "2021-04-10T00:47:31","version" => "0.48"},{"date" => "2021-04-10T13:01:06","version" => "0.49"},{"date" => "2021-04-18T22:43:29","version" => "0.50"},{"date" => "2021-07-03T22:46:09","version" => "0.51"},{"date" => "2021-11-27T19:48:18","version" => "0.52"},{"date" => "2021-11-28T15:08:21","version" => "0.53"},{"date" => "2021-12-05T17:16:00","version" => "0.54"},{"date" => "2021-12-07T22:14:01","version" => "0.55"},{"date" => "2022-03-16T00:06:40","version" => "0.56"},{"date" => "2022-04-15T22:57:47","version" => "0.57"},{"date" => "2022-07-19T00:46:35","version" => "0.58"},{"date" => "2022-11-25T02:26:53","version" => "0.59"},{"date" => "2023-03-13T00:29:05","version" => "0.60"},{"date" => "2023-03-13T00:44:20","version" => "0.61"},{"date" => "2023-03-18T23:22:43","version" => "0.62"},{"date" => "2023-03-19T12:59:49","version" => "0.63"},{"date" => "2023-06-26T22:04:31","version" => "0.64"},{"date" => "2023-11-21T22:39:12","version" => "0.65"},{"date" => "2025-05-09T00:13:19","version" => "0.66"},{"date" => "2025-11-07T22:27:16","version" => "0.67"},{"date" => "2025-11-26T22:29:54","version" => "0.68"},{"date" => "2026-01-11T00:19:14","version" => "0.69"}]},"XML-Simple" => {"advisories" => [{"affected_versions" => ["<2.25"],"cves" => [],"description" => "The No. 4 item on the OWASP top 10 is external XML entities. When using XML::Parser, XML::Simple is currently vulnerable by default.\n","distribution" => "XML-Simple","fixed_versions" => [">=2.25"],"id" => "CPANSA-XML-Simple-2018-01","references" => ["https://metacpan.org/dist/XML-Simple/changes","https://github.com/grantm/xml-simple/pull/8"],"reported" => "2018-02-18","severity" => undef}],"main_module" => "XML::Simple","versions" => [{"date" => "1999-11-29T02:30:19","version" => "1.00"},{"date" => "1999-12-01T11:02:42","version" => "1.01"},{"date" => "2000-03-05T20:58:37","version" => "1.03"},{"date" => "2000-04-03T04:12:07","version" => "1.04"},{"date" => "2000-08-30T23:40:57","version" => "1.05"},{"date" => "2001-11-19T22:04:26","version" => "1.06"},{"date" => "2002-02-05T22:46:39","version" => "1.07"},{"date" => "2002-02-09T22:43:03","version" => "1.08"},{"date" => "2002-02-14T22:13:24","version" => "1.08_01"},{"date" => "2002-12-08T08:23:26","version" => "2.00"},{"date" => "2002-12-11T09:56:59","version" => "2.01"},{"date" => "2002-12-15T08:21:09","version" => "2.02"},{"date" => "2003-01-20T07:54:05","version" => "2.03"},{"date" => "2003-04-10T10:25:56","version" => "2.04"},{"date" => "2003-04-16T10:22:00","version" => "2.05"},{"date" => "2003-05-18T08:50:04","version" => "2.06"},{"date" => "2003-05-20T08:53:19","version" => "2.07"},{"date" => "2003-06-13T10:31:53","version" => "2.08"},{"date" => "2003-09-09T09:43:24","version" => "2.09"},{"date" => "2004-02-29T10:18:06","version" => "2.10"},{"date" => "2004-03-02T08:29:33","version" => "2.11"},{"date" => "2004-04-05T09:29:23","version" => "2.12"},{"date" => "2004-11-17T09:06:18","version" => "2.13"},{"date" => "2005-01-29T05:16:40","version" => "2.14"},{"date" => "2006-10-03T01:33:47","version" => "2.15"},{"date" => "2006-10-30T08:33:07","version" => "2.16"},{"date" => "2007-08-02T10:47:38","version" => "2.17"},{"date" => "2007-08-15T10:39:25","version" => "2.18"},{"date" => "2012-06-17T11:28:59","version" => "2.19_01"},{"date" => "2012-06-19T08:34:33","version" => "2.19_02"},{"date" => "2012-06-20T10:01:37","version" => "2.20"},{"date" => "2015-12-04T03:35:12","version" => "2.21"},{"date" => "2015-12-04T22:08:47","version" => "2.22"},{"date" => "2017-04-17T03:49:52","version" => "2.23"},{"date" => "2017-04-17T04:12:48","version" => "2.24"},{"date" => "2018-03-18T03:19:24","version" => "2.25"}]},"XML-Twig" => {"advisories" => [{"affected_versions" => ["<1.39"],"cves" => ["CVE-2016-9180"],"description" => "perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.\n","distribution" => "XML-Twig","fixed_versions" => [">=1.39"],"id" => "CPANSA-XML-Twig-2016-9180","references" => ["http://www.securityfocus.com/bid/94219","http://www.openwall.com/lists/oss-security/2016/11/04/2","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00020.html","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00033.html","https://rt.cpan.org/Public/Bug/Display.html?id=118097"],"reported" => "2016-12-22","severity" => "critical"}],"main_module" => "XML::Twig","versions" => [{"date" => "1999-10-05T22:25:47","version" => "1.6"},{"date" => "1999-12-07T16:53:28","version" => "1.7"},{"date" => "1999-12-17T17:03:18","version" => "1.8"},{"date" => "2000-02-18T00:39:24","version" => "1.9"},{"date" => "2000-03-24T23:22:37","version" => "1.10"},{"date" => "2000-06-05T19:27:48","version" => "2.00"},{"date" => "2000-08-18T12:10:46","version" => "2.01"},{"date" => "2001-01-16T09:14:14","version" => "2.02"},{"date" => "2002-01-09T16:33:44","version" => "3.00"},{"date" => "2002-01-09T17:01:53","version" => "3.01"},{"date" => "2002-01-16T14:11:04","version" => "3.02"},{"date" => "2002-03-26T14:40:14","version" => "3.03"},{"date" => "2002-04-02T04:57:42","version" => "3.04"},{"date" => "2002-07-09T16:02:36","version" => "3.05"},{"date" => "2002-09-17T17:07:34","version" => "3.06"},{"date" => "2002-09-17T20:03:49","version" => "3.07"},{"date" => "2002-09-17T21:57:09","version" => "3.08"},{"date" => "2002-11-11T07:42:10","version" => "3.09"},{"date" => "2003-06-09T19:35:52","version" => "3.10"},{"date" => "2003-09-24T13:23:47","version" => "3.11"},{"date" => "2004-01-29T15:20:30","version" => "3.12"},{"date" => "2004-02-02T07:13:15","version" => "3.13"},{"date" => "2004-03-17T15:39:18","version" => "3.14"},{"date" => "2004-04-05T08:30:51","version" => "3.15"},{"date" => "2005-02-11T17:51:59","version" => "3.16"},{"date" => "2005-03-16T14:06:47","version" => "3.17"},{"date" => "2005-08-08T12:22:25","version" => "3.18"},{"date" => "2005-08-10T16:22:28","version" => "3.19"},{"date" => "2005-08-11T13:51:56","version" => "3.20"},{"date" => "2005-08-12T12:59:54","version" => "3.21"},{"date" => "2005-10-14T16:27:05","version" => "3.22"},{"date" => "2006-01-23T14:26:19","version" => "3.23"},{"date" => "2006-05-09T08:56:08","version" => "3.24"},{"date" => "2006-05-10T11:07:37","version" => "3.25"},{"date" => "2006-07-01T11:18:04","version" => "3.26"},{"date" => "2007-01-05T17:23:58","version" => "3.28"},{"date" => "2007-01-22T09:42:28","version" => "3.29"},{"date" => "2007-11-06T14:49:35","version" => "3.30"},{"date" => "2007-11-07T19:29:27","version" => "3.31"},{"date" => "2007-11-13T20:40:13","version" => "3.32"},{"date" => "2010-01-15T17:14:59","version" => "3.33"},{"date" => "2010-01-18T19:31:16","version" => "3.34"},{"date" => "2010-05-16T05:25:45","version" => "3.35"},{"date" => "2010-10-07T09:55:43","version" => "3.36"},{"date" => "2010-10-10T05:53:41","version" => "3.37"},{"date" => "2011-02-27T06:57:30","version" => "3.38"},{"date" => "2011-09-22T01:30:24","version" => "3.39"},{"date" => "2012-05-10T10:44:35","version" => "3.40"},{"date" => "2012-08-08T20:31:00","version" => "3.41"},{"date" => "2012-11-08T12:28:17","version" => "3.42"},{"date" => "2013-05-13T08:47:04","version" => "3.44"},{"date" => "2014-03-01T08:34:52","version" => "3.45"},{"date" => "2014-03-05T11:25:33","version" => "3.46"},{"date" => "2014-03-29T10:30:09","version" => "3.47"},{"date" => "2014-03-30T09:01:59","version" => "3.48"},{"date" => "2015-04-12T09:17:47","version" => "3.49"},{"date" => "2016-11-22T15:01:43","version" => "3.50"},{"date" => "2016-11-23T12:34:37","version" => "3.51"},{"date" => "2016-11-23T17:21:16","version" => "3.52"},{"date" => "2024-12-13T15:34:19","version" => "3.53"},{"date" => "2025-06-11T09:49:17","version" => "3.54"}]},"YAML" => {"advisories" => [{"affected_versions" => ["<1.28"],"cves" => [],"description" => "Loading globs is easily exploitable.\n","distribution" => "YAML","fixed_versions" => [">=1.28"],"id" => "CPANSA-YAML-2019-01","references" => ["https://github.com/ingydotnet/yaml-pm/issues/212"],"reported" => "2019-04-27","severity" => undef},{"affected_versions" => ["<1.25"],"cves" => [],"description" => "YAML loader can run DESTROY method of object created with perl/* tag.\n","distribution" => "YAML","fixed_versions" => [">=1.25"],"id" => "CPANSA-YAML-2017-01","references" => ["https://github.com/ingydotnet/yaml-pm/issues/176"],"reported" => "2017-05-10","severity" => undef}],"main_module" => "YAML","versions" => [{"date" => "2001-12-19T10:33:57","version" => "0.25"},{"date" => "2002-01-10T06:33:41","version" => "0.26"},{"date" => "2002-01-15T22:34:34","version" => "0.30"},{"date" => "2002-06-25T06:25:48","version" => "0.35"},{"date" => "2004-01-20T09:22:57","version" => "0.49_01"},{"date" => "2005-01-31T06:49:59","version" => "0.36"},{"date" => "2005-03-31T02:57:10","version" => "0.37"},{"date" => "2005-03-31T10:16:09","version" => "0.38"},{"date" => "2005-04-12T22:41:53","version" => "0.39"},{"date" => "2005-04-25T19:42:26","version" => "0.39"},{"date" => "2005-12-25T19:27:42","version" => "0.49_70"},{"date" => "2006-01-10T05:55:16","version" => "0.50"},{"date" => "2006-01-14T19:47:39","version" => "0.50"},{"date" => "2006-01-18T23:03:28","version" => "0.52"},{"date" => "2006-01-19T19:13:35","version" => "0.53"},{"date" => "2006-01-30T02:22:33","version" => "0.54"},{"date" => "2006-01-30T03:11:55","version" => "0.55"},{"date" => "2006-01-30T18:41:21","version" => "0.56"},{"date" => "2006-02-02T07:36:12","version" => "0.56"},{"date" => "2006-02-14T21:21:22","version" => "0.58"},{"date" => "2006-07-01T05:16:14","version" => "0.60"},{"date" => "2006-07-02T20:36:06","version" => "0.61"},{"date" => "2006-07-03T22:52:48","version" => "0.62"},{"date" => "2007-06-20T23:18:21","version" => "0.63"},{"date" => "2007-06-21T23:29:30","version" => "0.64"},{"date" => "2007-06-22T00:58:23","version" => "0.65"},{"date" => "2007-09-27T09:16:07","version" => "0.66"},{"date" => "2008-12-01T10:57:39","version" => "0.67"},{"date" => "2008-12-04T09:07:34","version" => "0.68"},{"date" => "2009-08-10T05:19:57","version" => "0.69_01"},{"date" => "2009-08-10T12:44:33","version" => "0.69_02"},{"date" => "2009-08-10T17:23:08","version" => "0.70"},{"date" => "2010-01-03T01:52:05","version" => "0.71"},{"date" => "2010-09-01T02:04:50","version" => "0.72"},{"date" => "2011-04-19T10:57:00","version" => "0.73"},{"date" => "2011-09-25T20:06:34","version" => "0.74"},{"date" => "2011-09-26T22:47:06","version" => "0.75"},{"date" => "2011-09-28T10:06:35","version" => "0.76"},{"date" => "2011-09-29T16:29:20","version" => "0.77"},{"date" => "2012-01-02T07:55:05","version" => "0.78"},{"date" => "2012-02-09T01:26:43","version" => "0.79"},{"date" => "2012-02-10T20:57:18","version" => "0.80"},{"date" => "2012-04-19T18:04:48","version" => "0.81"},{"date" => "2012-07-12T18:51:27","version" => "0.82"},{"date" => "2012-07-13T15:45:29","version" => "0.83"},{"date" => "2012-07-13T18:19:24","version" => "0.84"},{"date" => "2013-11-24T15:44:47","version" => "0.85"},{"date" => "2013-11-26T16:43:45","version" => "0.86"},{"date" => "2013-12-01T05:53:16","version" => "0.87"},{"date" => "2013-12-03T05:30:33","version" => "0.88"},{"date" => "2014-02-08T22:12:24","version" => "0.89"},{"date" => "2014-02-10T16:45:22","version" => "0.90"},{"date" => "2014-05-27T21:16:01","version" => "0.91"},{"date" => "2014-05-29T03:07:13","version" => "0.92"},{"date" => "2014-06-14T05:33:25","version" => "0.93"},{"date" => "2014-06-14T17:34:58","version" => "0.94"},{"date" => "2014-06-20T19:10:04","version" => "0.95"},{"date" => "2014-07-14T05:59:12","version" => "0.96"},{"date" => "2014-07-17T06:38:34","version" => "0.97"},{"date" => "2014-07-30T19:33:24","version" => "0.98"},{"date" => "2014-08-07T00:57:08","version" => "0.99"},{"date" => "2014-08-07T07:36:47","version" => "1.00"},{"date" => "2014-08-07T21:49:48","version" => "1.01"},{"date" => "2014-08-16T04:11:27","version" => "1.02"},{"date" => "2014-08-16T10:33:26","version" => "1.03"},{"date" => "2014-08-16T15:30:43","version" => "1.04"},{"date" => "2014-08-16T20:04:31","version" => "1.05"},{"date" => "2014-08-16T23:51:52","version" => "1.06"},{"date" => "2014-08-18T15:40:59","version" => "1.07"},{"date" => "2014-08-18T17:23:04","version" => "1.08"},{"date" => "2014-08-19T23:42:23","version" => "1.09"},{"date" => "2014-08-29T05:54:45","version" => "1.10"},{"date" => "2014-08-30T03:10:03","version" => "1.11"},{"date" => "2014-09-22T15:25:30","version" => "1.12"},{"date" => "2014-10-11T16:07:22","version" => "1.13"},{"date" => "2015-01-17T23:33:39","version" => "1.14"},{"date" => "2015-04-18T15:04:42","version" => "1.15"},{"date" => "2016-07-03T17:53:34","version" => "1.16"},{"date" => "2016-07-05T20:04:45","version" => "1.16_001"},{"date" => "2016-07-05T20:10:01","version" => "1.16_002"},{"date" => "2016-07-05T20:21:25","version" => "1.17"},{"date" => "2016-07-08T14:53:24","version" => "1.18"},{"date" => "2016-11-11T22:44:07","version" => "1.18_001"},{"date" => "2016-11-18T18:46:59","version" => "1.19"},{"date" => "2016-11-27T20:27:37","version" => "1.19_001"},{"date" => "2016-12-02T21:21:40","version" => "1.20"},{"date" => "2016-12-02T22:00:08","version" => "1.20_001"},{"date" => "2016-12-07T21:17:58","version" => "1.20_002"},{"date" => "2016-12-23T20:20:06","version" => "1.21"},{"date" => "2017-02-14T22:24:38","version" => "1.22"},{"date" => "2017-02-19T21:08:48","version" => "1.23"},{"date" => "2017-05-12T15:06:03","version" => "1.23_001"},{"date" => "2017-05-14T13:15:34","version" => "1.23_002"},{"date" => "2017-10-29T22:09:18","version" => "1.23_003"},{"date" => "2017-10-30T19:33:07","version" => "1.24"},{"date" => "2018-05-06T19:10:48","version" => "1.24_001"},{"date" => "2018-05-10T16:22:16","version" => "1.24_002"},{"date" => "2018-05-11T17:59:33","version" => "1.25"},{"date" => "2018-05-12T11:43:38","version" => "1.25_001"},{"date" => "2018-05-17T13:00:07","version" => "1.25_002"},{"date" => "2018-05-18T19:58:16","version" => "1.26"},{"date" => "2018-10-18T19:46:23","version" => "1.26_001"},{"date" => "2018-11-03T13:02:53","version" => "1.27"},{"date" => "2019-04-27T13:41:56","version" => "1.27_001"},{"date" => "2019-04-28T09:46:43","version" => "1.28"},{"date" => "2019-05-05T11:31:39","version" => "1.28_001"},{"date" => "2019-05-11T08:28:01","version" => "1.29"},{"date" => "2020-01-27T22:10:33","version" => "1.30"},{"date" => "2023-12-27T15:11:23","version" => "1.31"}]},"YAML-LibYAML" => {"advisories" => [{"affected_versions" => ["<0.69"],"cves" => [],"description" => "Need SafeLoad and SafeDump analog to python\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.69"],"id" => "CPANSA-YAML-LibYAML-2016-01","references" => ["https://github.com/ingydotnet/yaml-libyaml-pm/issues/45"],"reported" => "2016-03-10","severity" => undef},{"affected_versions" => ["<0.53"],"cves" => ["CVE-2014-9130"],"description" => "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.54"],"id" => "CPANSA-YAML-LibYAML-2014-9130","references" => ["http://www.openwall.com/lists/oss-security/2014/11/29/3","http://www.openwall.com/lists/oss-security/2014/11/28/8","https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2","http://www.securityfocus.com/bid/71349","http://secunia.com/advisories/59947","https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure","http://secunia.com/advisories/60944","http://www.openwall.com/lists/oss-security/2014/11/28/1","http://linux.oracle.com/errata/ELSA-2015-0100.html","http://secunia.com/advisories/62723","http://secunia.com/advisories/62705","http://secunia.com/advisories/62774","http://www.ubuntu.com/usn/USN-2461-2","http://www.ubuntu.com/usn/USN-2461-3","http://www.ubuntu.com/usn/USN-2461-1","http://rhn.redhat.com/errata/RHSA-2015-0100.html","http://www.debian.org/security/2014/dsa-3103","http://rhn.redhat.com/errata/RHSA-2015-0112.html","http://www.debian.org/security/2014/dsa-3102","http://www.debian.org/security/2014/dsa-3115","http://rhn.redhat.com/errata/RHSA-2015-0260.html","http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html","http://www.mandriva.com/security/advisories?name=MDVSA-2015:060","http://www.mandriva.com/security/advisories?name=MDVSA-2014:242","http://advisories.mageia.org/MGASA-2014-0508.html","http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html","http://secunia.com/advisories/62176","http://secunia.com/advisories/62174","http://secunia.com/advisories/62164","https://exchange.xforce.ibmcloud.com/vulnerabilities/99047","https://puppet.com/security/cve/cve-2014-9130"],"reported" => "2014-12-08","severity" => undef},{"affected_versions" => [">0.38,<0.57"],"cves" => ["CVE-2012-1152"],"description" => "Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.\n","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.57"],"id" => "CPANSA-YAML-LibYAML-2012-1152","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=801738","https://rt.cpan.org/Public/Bug/Display.html?id=46507","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077023.html","http://www.openwall.com/lists/oss-security/2012/03/10/4","http://www.openwall.com/lists/oss-security/2012/03/09/6","http://www.debian.org/security/2012/dsa-2432","http://www.securityfocus.com/bid/52381","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077782.html","https://rt.cpan.org/Public/Bug/Display.html?id=75365","http://secunia.com/advisories/48317","http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077004.html","http://lists.opensuse.org/opensuse-updates/2012-08/msg00029.html","http://secunia.com/advisories/50277","http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/73856"],"reported" => "2012-09-09","severity" => undef},{"affected_versions" => ["<0.903.0"],"cves" => ["CVE-2025-40908"],"description" => "YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified","distribution" => "YAML-LibYAML","fixed_versions" => [">=0.903.0"],"id" => "CPANSA-YAML-LibYAML-2025-001","references" => ["https://www.cve.org/CVERecord?id=CVE-2025-40908","https://github.com/ingydotnet/yaml-libyaml-pm/issues/120","https://github.com/ingydotnet/yaml-libyaml-pm/pull/121","https://github.com/ingydotnet/yaml-libyaml-pm/pull/122"],"reported" => "2025-06-01","severity" => "critical"}],"main_module" => "YAML::LibYAML","versions" => [{"date" => "2007-05-11T21:37:19","version" => "0.01"},{"date" => "2007-05-15T06:37:59","version" => "0.02"},{"date" => "2007-05-19T22:23:53","version" => "0.03"},{"date" => "2007-05-21T05:19:05","version" => "0.04"},{"date" => "2007-05-21T07:45:35","version" => "0.05"},{"date" => "2007-05-23T06:56:11","version" => "0.06"},{"date" => "2007-05-23T07:10:14","version" => "0.07"},{"date" => "2007-05-26T04:58:43","version" => "0.08"},{"date" => "2007-05-28T07:47:31","version" => "0.09"},{"date" => "2007-05-28T10:30:28","version" => "0.10"},{"date" => "2007-05-30T00:30:09","version" => "0.11"},{"date" => "2007-05-30T08:13:24","version" => "0.12"},{"date" => "2007-05-30T09:38:37","version" => "0.14"},{"date" => "2007-05-31T07:48:16","version" => "0.15"},{"date" => "2007-05-31T21:05:50","version" => "0.16"},{"date" => "2007-06-07T02:55:10","version" => "0.17"},{"date" => "2007-06-18T01:35:48","version" => "0.18"},{"date" => "2007-06-18T08:06:43","version" => "0.19"},{"date" => "2007-06-18T23:34:20","version" => "0.20"},{"date" => "2007-06-21T23:27:47","version" => "0.21"},{"date" => "2007-06-22T07:42:47","version" => "0.22"},{"date" => "2007-06-23T01:17:58","version" => "0.23"},{"date" => "2007-06-24T18:37:51","version" => "0.24"},{"date" => "2007-06-25T01:40:09","version" => "0.25"},{"date" => "2007-06-26T21:00:04","version" => "0.26"},{"date" => "2008-06-07T05:37:26","version" => "0.27"},{"date" => "2008-11-12T07:09:30","version" => "0.29"},{"date" => "2009-01-11T11:00:54","version" => "0.30"},{"date" => "2009-01-12T09:26:53","version" => "0.31"},{"date" => "2009-01-12T09:34:50","version" => "0.32"},{"date" => "2010-04-15T01:01:10","version" => "0.33"},{"date" => "2010-09-23T22:43:36","version" => "0.34"},{"date" => "2011-04-03T16:41:03","version" => "0.35"},{"date" => "2011-09-29T18:10:52","version" => "0.37"},{"date" => "2012-01-04T06:58:09","version" => "0.38"},{"date" => "2013-02-12T02:09:38","version" => "0.39"},{"date" => "2013-03-12T18:07:29","version" => "0.40"},{"date" => "2013-03-13T17:36:09","version" => "0.41"},{"date" => "2014-07-11T22:30:03","version" => "0.42"},{"date" => "2014-07-12T17:05:47","version" => "0.43"},{"date" => "2014-07-13T22:24:47","version" => "0.44"},{"date" => "2014-08-04T08:23:39","version" => "0.45"},{"date" => "2014-08-05T17:33:54","version" => "0.46"},{"date" => "2014-08-09T07:30:51","version" => "0.47"},{"date" => "2014-08-16T04:07:46","version" => "0.48"},{"date" => "2014-08-16T14:31:04","version" => "0.49"},{"date" => "2014-08-16T19:58:18","version" => "0.50"},{"date" => "2014-08-16T21:29:48","version" => "0.51"},{"date" => "2014-08-23T04:04:49","version" => "0.52"},{"date" => "2014-11-28T17:22:06","version" => "0.53"},{"date" => "2014-11-29T19:48:26","version" => "0.54"},{"date" => "2014-12-23T01:27:43","version" => "0.55"},{"date" => "2015-01-16T03:23:05","version" => "0.56"},{"date" => "2015-01-16T04:06:00","version" => "0.57"},{"date" => "2015-01-21T05:02:46","version" => "0.58"},{"date" => "2015-01-26T23:05:30","version" => "0.59"},{"date" => "2016-02-09T19:36:50","version" => "0.60"},{"date" => "2016-02-20T18:05:06","version" => "0.61"},{"date" => "2016-02-22T15:47:18","version" => "0.62"},{"date" => "2016-07-03T17:33:17","version" => "0.62_001"},{"date" => "2016-07-03T17:40:25","version" => "0.62_002"},{"date" => "2016-07-08T14:41:45","version" => "0.63"},{"date" => "2016-09-08T09:56:51","version" => "0.71"},{"date" => "2016-09-13T14:44:45","version" => "0.73"},{"date" => "2017-01-03T04:10:44","version" => "0.63_001"},{"date" => "2017-04-03T18:56:26","version" => "0.63_002"},{"date" => "2017-04-07T18:32:36","version" => "0.64"},{"date" => "2017-05-18T21:10:50","version" => "0.65"},{"date" => "2017-08-13T11:49:59","version" => "0.65_001"},{"date" => "2017-08-17T18:07:26","version" => "0.66"},{"date" => "2017-11-10T21:07:40","version" => "0.66_001"},{"date" => "2017-11-14T20:03:09","version" => "0.66_002"},{"date" => "2017-11-15T18:00:42","version" => "0.67"},{"date" => "2017-12-16T21:50:01","version" => "0.67_001"},{"date" => "2017-12-18T19:01:27","version" => "0.68"},{"date" => "2017-12-20T18:38:40","version" => "0.68_001"},{"date" => "2017-12-22T11:40:39","version" => "0.68_002"},{"date" => "2017-12-26T17:37:54","version" => "0.69"},{"date" => "2018-06-07T20:16:52","version" => "0.69_001"},{"date" => "2018-06-09T19:53:37","version" => "0.70"},{"date" => "2018-06-27T17:14:44","version" => "0.70_001"},{"date" => "2018-07-08T15:04:37","version" => "0.72"},{"date" => "2018-08-31T15:38:28","version" => "0.72_01"},{"date" => "2018-09-01T01:07:45","version" => "0.74"},{"date" => "2018-10-14T14:09:48","version" => "0.74_001"},{"date" => "2018-11-03T13:17:49","version" => "0.75"},{"date" => "2018-12-16T17:28:49","version" => "0.75_001"},{"date" => "2018-12-30T19:11:20","version" => "0.76"},{"date" => "2019-03-13T18:47:41","version" => "0.76_001"},{"date" => "2019-04-15T20:56:14","version" => "0.77"},{"date" => "2019-05-15T18:20:47","version" => "0.77_001"},{"date" => "2019-05-18T16:36:19","version" => "0.78"},{"date" => "2019-05-30T16:01:02","version" => "0.78_001"},{"date" => "2019-06-10T11:10:47","version" => "0.78_002"},{"date" => "2019-06-11T19:36:40","version" => "0.79"},{"date" => "2019-08-21T16:49:31","version" => "0.79_001"},{"date" => "2019-08-22T11:18:19","version" => "0.80"},{"date" => "2020-01-27T22:06:22","version" => "0.81"},{"date" => "2020-05-02T18:40:13","version" => "0.82"},{"date" => "2021-05-02T00:16:51","version" => "0.82_001"},{"date" => "2021-05-08T21:52:55","version" => "0.83"},{"date" => "2022-09-03T19:20:07","version" => "0.84"},{"date" => "2022-09-09T15:31:45","version" => "0.84_001"},{"date" => "2022-09-09T18:12:56","version" => "0.84_002"},{"date" => "2022-09-09T19:01:06","version" => "0.84_003"},{"date" => "2022-09-12T12:21:48","version" => "0.85"},{"date" => "2023-01-26T02:35:03","version" => "0.86"},{"date" => "2023-05-04T10:47:26","version" => "0.86_001"},{"date" => "2023-05-04T19:38:30","version" => "0.87"},{"date" => "2023-05-12T12:28:46","version" => "0.88"},{"date" => "2024-01-24T21:55:26","version" => "0.88_001"},{"date" => "2024-01-27T00:45:43","version" => "0.89"},{"date" => "2024-05-26T13:07:57","version" => "0.89_001"},{"date" => "2024-09-06T21:47:43","version" => "0.90"},{"date" => "2024-09-06T22:09:50","version" => "v0.901.0"},{"date" => "2024-09-09T20:42:09","version" => "v0.901.1"},{"date" => "2024-09-20T19:48:00","version" => "v0.902.0"},{"date" => "2025-01-12T21:19:33","version" => "v0.902.1"},{"date" => "2025-01-26T01:28:39","version" => "v0.902.2"},{"date" => "2025-01-26T15:02:24","version" => "v0.902.3"},{"date" => "2025-02-02T22:21:19","version" => "v0.902.4"},{"date" => "2025-02-02T23:15:49","version" => "v0.903.0"},{"date" => "2025-05-01T14:17:45","version" => "v0.903.1"},{"date" => "2025-05-03T08:45:21","version" => "v0.903.2"},{"date" => "2025-05-03T16:35:27","version" => "v0.903.3"},{"date" => "2025-05-03T19:49:05","version" => "v0.903.4"},{"date" => "2025-05-08T12:21:43","version" => "v0.904.0"}]},"YAML-Syck" => {"advisories" => [{"affected_versions" => ["<1.36"],"cves" => ["CVE-2025-11683"],"description" => "YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure  Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read  The issue is seen with complex YAML files with a hash of all keys and empty values.\x{a0}There is no indication that the issue leads to accessing memory outside that allocated to the module.","distribution" => "YAML-Syck","fixed_versions" => [">=1.36"],"id" => "CPANSA-YAML-Syck-2025-11683","references" => ["https://github.com/cpan-authors/YAML-Syck/pull/65","https://metacpan.org/dist/YAML-Syck/changes"],"reported" => "2025-10-16","severity" => undef},{"affected_versions" => [">0"],"cves" => ["CVE-2026-4177"],"description" => "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.  The heap overflow occurs when class names exceed the initial 512-byte allocation.  The base64 decoder could read past the buffer end on trailing newlines.  strtok mutated n->type_id in place, corrupting shared node data.  A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.","distribution" => "YAML-Syck","fixed_versions" => [],"id" => "CPANSA-YAML-Syck-2026-4177","references" => ["https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch","https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21","http://www.openwall.com/lists/oss-security/2026/03/16/6"],"reported" => "2026-03-16","severity" => undef}],"main_module" => "YAML::Syck","versions" => [{"date" => "2005-12-25T17:59:15","version" => "0.01"},{"date" => "2005-12-26T12:10:56","version" => "0.02"},{"date" => "2005-12-27T15:53:07","version" => "0.03"},{"date" => "2005-12-28T12:16:03","version" => "0.04"},{"date" => "2006-01-08T15:54:21","version" => "0.05"},{"date" => "2006-01-08T16:03:43","version" => "0.06"},{"date" => "2006-01-08T16:25:54","version" => "0.07"},{"date" => "2006-01-08T16:38:52","version" => "0.08"},{"date" => "2006-01-08T16:42:46","version" => "0.09"},{"date" => "2006-01-08T17:13:31","version" => "0.10"},{"date" => "2006-01-08T17:22:15","version" => "0.11"},{"date" => "2006-01-09T04:57:24","version" => "0.12"},{"date" => "2006-01-09T05:44:42","version" => "0.13"},{"date" => "2006-01-09T16:03:57","version" => "0.14"},{"date" => "2006-01-10T10:57:02","version" => "0.15"},{"date" => "2006-01-10T11:57:08","version" => "0.16"},{"date" => "2006-01-10T12:28:26","version" => "0.17"},{"date" => "2006-01-10T12:49:52","version" => "0.18"},{"date" => "2006-01-10T15:52:23","version" => "0.19"},{"date" => "2006-01-11T11:18:16","version" => "0.20"},{"date" => "2006-01-11T12:36:14","version" => "0.21"},{"date" => "2006-01-11T18:44:14","version" => "0.22"},{"date" => "2006-01-14T11:44:53","version" => "0.23"},{"date" => "2006-01-14T12:21:56","version" => "0.24"},{"date" => "2006-01-15T07:45:04","version" => "0.25"},{"date" => "2006-01-15T18:03:09","version" => "0.26"},{"date" => "2006-01-15T19:16:11","version" => "0.27"},{"date" => "2006-01-16T09:58:39","version" => "0.28"},{"date" => "2006-02-05T03:50:47","version" => "0.29"},{"date" => "2006-02-06T12:54:49","version" => "0.30"},{"date" => "2006-02-10T19:25:13","version" => "0.31"},{"date" => "2006-02-11T11:00:16","version" => "0.32"},{"date" => "2006-02-15T11:53:00","version" => "0.33"},{"date" => "2006-03-06T23:28:23","version" => "0.34"},{"date" => "2006-03-09T13:11:32","version" => "0.35"},{"date" => "2006-03-10T10:27:01","version" => "0.36"},{"date" => "2006-03-14T01:19:25","version" => "0.37"},{"date" => "2006-03-14T12:44:44","version" => "0.38"},{"date" => "2006-03-31T07:32:11","version" => "0.40"},{"date" => "2006-04-01T05:50:05","version" => "0.41"},{"date" => "2006-04-25T13:07:17","version" => "0.42"},{"date" => "2006-04-29T15:26:40","version" => "0.43"},{"date" => "2006-05-03T18:04:03","version" => "0.43"},{"date" => "2006-05-27T03:30:37","version" => "0.45"},{"date" => "2006-06-24T22:55:59","version" => "0.46_01"},{"date" => "2006-07-01T05:26:06","version" => "0.60"},{"date" => "2006-07-01T14:03:38","version" => "0.61"},{"date" => "2006-07-12T06:56:58","version" => "0.62"},{"date" => "2006-07-20T19:19:13","version" => "0.63"},{"date" => "2006-07-23T00:30:37","version" => "0.64"},{"date" => "2006-07-29T16:47:56","version" => "0.65"},{"date" => "2006-07-29T23:27:40","version" => "0.66"},{"date" => "2006-07-30T01:00:36","version" => "0.67"},{"date" => "2006-10-02T12:49:23","version" => "0.70"},{"date" => "2006-10-03T15:25:46","version" => "0.70"},{"date" => "2006-11-26T00:07:30","version" => "0.72"},{"date" => "2007-01-25T19:36:14","version" => "0.80"},{"date" => "2007-01-25T23:07:09","version" => "0.81"},{"date" => "2007-01-25T23:22:51","version" => "0.82"},{"date" => "2007-04-01T16:57:59","version" => "0.84"},{"date" => "2007-04-20T14:49:50","version" => "0.85"},{"date" => "2007-06-16T13:17:35","version" => "0.86"},{"date" => "2007-06-16T16:51:23","version" => "0.86"},{"date" => "2007-06-16T20:33:56","version" => "0.86"},{"date" => "2007-06-21T19:55:23","version" => "0.86"},{"date" => "2007-06-23T02:21:39","version" => "0.86"},{"date" => "2007-07-10T01:11:34","version" => "0.86"},{"date" => "2007-08-03T17:35:53","version" => "0.86"},{"date" => "2007-08-07T17:25:31","version" => "0.86"},{"date" => "2007-09-02T16:30:10","version" => "0.86"},{"date" => "2007-10-13T13:58:17","version" => "0.86"},{"date" => "2007-10-22T18:08:48","version" => "0.86"},{"date" => "2007-12-09T21:14:09","version" => "0.86"},{"date" => "2008-01-18T17:50:22","version" => "0.86"},{"date" => "2008-02-16T12:20:10","version" => "0.86"},{"date" => "2008-02-16T13:04:46","version" => "0.86"},{"date" => "2008-02-16T16:13:51","version" => "0.86"},{"date" => "2008-06-09T02:50:39","version" => "0.86"},{"date" => "2009-04-25T03:38:49","version" => "0.86"},{"date" => "2009-04-25T03:41:41","version" => "0.86"},{"date" => "2010-05-20T10:41:25","version" => "1.07_01"},{"date" => "2010-05-23T17:10:30","version" => "1.08"},{"date" => "2010-05-23T17:48:37","version" => "1.08_01"},{"date" => "2010-05-29T22:54:14","version" => "1.09"},{"date" => "2010-06-06T21:44:15","version" => "1.10"},{"date" => "2010-07-16T11:41:50","version" => "1.10_01"},{"date" => "2010-07-19T17:41:06","version" => "1.10_01"},{"date" => "2010-07-19T22:34:01","version" => "1.10_01"},{"date" => "2010-07-19T23:55:46","version" => "1.10_01"},{"date" => "2010-07-28T06:23:27","version" => "1.10_01"},{"date" => "2010-07-29T21:34:27","version" => "1.10_06"},{"date" => "2010-07-29T22:07:40","version" => "1.10_07"},{"date" => "2010-08-03T15:06:07","version" => "1.11"},{"date" => "2010-08-04T17:28:29","version" => "1.12"},{"date" => "2010-08-26T18:14:47","version" => "1.13"},{"date" => "2010-08-26T20:39:52","version" => "1.14"},{"date" => "2010-09-23T12:20:14","version" => "1.15"},{"date" => "2010-11-21T14:40:01","version" => "1.16"},{"date" => "2010-11-21T16:43:16","version" => "1.17"},{"date" => "2011-11-03T07:09:03","version" => "1.17_01"},{"date" => "2011-11-05T19:16:14","version" => "1.17_01"},{"date" => "2011-11-08T06:51:54","version" => "1.17_01"},{"date" => "2012-02-11T09:48:37","version" => "1.20_01"},{"date" => "2012-02-15T04:54:29","version" => "1.20"},{"date" => "2012-08-22T21:49:37","version" => "1.21_01"},{"date" => "2012-09-21T03:45:26","version" => "1.21"},{"date" => "2012-11-28T00:21:05","version" => "1.22_01"},{"date" => "2012-12-04T23:06:27","version" => "1.22"},{"date" => "2013-02-21T20:13:43","version" => "1.23_01"},{"date" => "2013-02-26T19:19:43","version" => "1.23"},{"date" => "2013-03-02T07:57:56","version" => "1.24_01"},{"date" => "2013-03-02T08:54:34","version" => "1.24_02"},{"date" => "2013-03-07T16:44:31","version" => "1.24"},{"date" => "2013-03-11T04:31:15","version" => "1.25"},{"date" => "2013-05-21T03:09:18","version" => "1.26"},{"date" => "2013-05-21T04:14:10","version" => "1.27"},{"date" => "2014-06-11T19:33:47","version" => "1.28_01"},{"date" => "2014-12-11T07:31:36","version" => "1.28"},{"date" => "2014-12-14T08:32:24","version" => "1.29_01"},{"date" => "2014-12-15T15:58:26","version" => "1.29"},{"date" => "2017-04-18T00:21:57","version" => "1.30_01"},{"date" => "2017-04-20T05:05:41","version" => "1.30"},{"date" => "2018-10-25T19:22:24","version" => "1.31"},{"date" => "2020-01-27T22:19:52","version" => "1.32"},{"date" => "2020-10-26T19:35:28","version" => "1.33"},{"date" => "2020-10-26T20:20:42","version" => "1.34"},{"date" => "2025-10-09T22:46:16","version" => "1.35"},{"date" => "2025-10-10T04:58:28","version" => "1.36"},{"date" => "2026-03-16T17:06:51","version" => "1.37_01"}]},"YATT-Lite" => {"advisories" => [{"affected_versions" => [">=0,<=0.101_102"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.0.6,<=0.101_102"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "YATT-Lite","fixed_versions" => [],"id" => "CPANSA-YATT-Lite-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "YATT::Lite","versions" => [{"date" => "2013-05-15T03:12:13","version" => "0.0_4"},{"date" => "2013-05-16T06:28:33","version" => "0.0_5"},{"date" => "2013-05-17T07:24:55","version" => "0.0_6"},{"date" => "2013-05-18T02:10:28","version" => "v0.0.6"},{"date" => "2013-06-18T09:57:42","version" => "0.0_7"},{"date" => "2013-06-20T06:09:54","version" => "v0.0.7"},{"date" => "2013-08-25T12:22:03","version" => "0.0_8"},{"date" => "2014-05-13T03:27:34","version" => "v0.0.8"},{"date" => "2014-05-14T13:17:13","version" => "0.0_9"},{"date" => "2014-05-26T13:31:04","version" => "v0.0.9"},{"date" => "2015-04-09T03:34:39","version" => "v0.0.9_001"},{"date" => "2015-04-09T06:01:16","version" => "v0.0.9_002"},{"date" => "2015-04-28T03:29:18","version" => "0.100"},{"date" => "2015-09-03T05:45:15","version" => "0.100_001"},{"date" => "2015-10-31T05:31:03","version" => "0.100_002"},{"date" => "2015-11-05T07:30:33","version" => "0.100_003"},{"date" => "2016-05-24T00:35:40","version" => "0.101"},{"date" => "2017-06-17T00:04:00","version" => "0.101_001"},{"date" => "2020-10-15T11:00:17","version" => "0.101_100"},{"date" => "2020-10-17T07:22:36","version" => "0.101_101"},{"date" => "2020-10-17T10:33:49","version" => "0.101_102"},{"date" => "2023-12-05T06:59:47","version" => "0.101_103"},{"date" => "2024-08-16T05:04:15","version" => "0.110"},{"date" => "2024-11-29T09:35:12","version" => "0.120"},{"date" => "2024-12-10T07:10:28","version" => "0.121"},{"date" => "2025-03-20T02:36:40","version" => "0.122"},{"date" => "2025-03-29T07:49:37","version" => "0.123"},{"date" => "2025-05-17T08:02:02","version" => "0.130"},{"date" => "2025-05-18T12:55:44","version" => "0.131"}]},"Yancy" => {"advisories" => [{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.010,<=1.088"],"cves" => ["X-CVE-2018-vue-001"],"description" => "Regular Expression Denial of Service.\n","distribution" => "Yancy","fixed_versions" => [],"id" => "CPANSA-Yancy-X-CVE-2018-vue-001-vue","references" => ["https://security.snyk.io/vuln/npm:vue:20180222"],"reported" => "2018-02-21","severity" => undef}],"main_module" => "Yancy","versions" => [{"date" => "2017-12-03T00:52:00","version" => "0.001"},{"date" => "2017-12-03T02:48:33","version" => "0.002"},{"date" => "2017-12-05T19:18:06","version" => "0.003"},{"date" => "2017-12-05T20:50:34","version" => "0.004"},{"date" => "2017-12-12T21:48:00","version" => "0.005"},{"date" => "2017-12-15T17:07:32","version" => "0.006"},{"date" => "2017-12-17T00:34:29","version" => "0.007"},{"date" => "2017-12-18T00:39:37","version" => "0.008"},{"date" => "2018-01-07T22:33:53","version" => "0.009"},{"date" => "2018-01-12T22:59:55","version" => "0.010"},{"date" => "2018-01-13T18:49:01","version" => "0.011"},{"date" => "2018-01-29T18:51:02","version" => "0.012"},{"date" => "2018-02-08T05:23:07","version" => "0.013"},{"date" => "2018-02-09T20:51:30","version" => "0.014"},{"date" => "2018-02-12T18:53:07","version" => "0.015"},{"date" => "2018-02-17T04:34:18","version" => "0.016"},{"date" => "2018-02-18T04:27:50","version" => "0.017"},{"date" => "2018-02-22T00:11:09","version" => "0.018"},{"date" => "2018-02-24T05:26:49","version" => "0.019"},{"date" => "2018-02-25T20:44:25","version" => "0.020"},{"date" => "2018-03-02T18:40:59","version" => "0.021"},{"date" => "2018-03-06T21:58:19","version" => "0.022"},{"date" => "2018-03-11T01:00:16","version" => "0.023"},{"date" => "2018-03-15T05:22:49","version" => "1.000"},{"date" => "2018-03-15T19:57:00","version" => "1.001"},{"date" => "2018-03-18T21:57:03","version" => "1.002"},{"date" => "2018-03-28T21:27:52","version" => "1.003"},{"date" => "2018-03-30T18:25:45","version" => "1.004"},{"date" => "2018-05-19T02:53:00","version" => "1.005"},{"date" => "2018-08-12T06:09:06","version" => "1.006"},{"date" => "2018-08-12T20:27:15","version" => "1.007"},{"date" => "2018-09-11T01:20:18","version" => "1.008"},{"date" => "2018-10-22T01:51:24","version" => "1.009"},{"date" => "2018-10-25T00:25:17","version" => "1.010"},{"date" => "2018-10-27T05:32:05","version" => "1.011"},{"date" => "2018-10-30T03:33:36","version" => "1.012"},{"date" => "2018-11-09T17:33:11","version" => "1.013"},{"date" => "2018-11-09T22:02:05","version" => "1.014"},{"date" => "2018-11-25T04:56:36","version" => "1.015"},{"date" => "2018-12-07T04:54:02","version" => "1.016"},{"date" => "2018-12-09T23:45:29","version" => "1.017"},{"date" => "2018-12-18T04:40:44","version" => "1.018"},{"date" => "2018-12-31T00:38:59","version" => "1.019"},{"date" => "2019-01-02T01:03:29","version" => "1.020"},{"date" => "2019-01-09T05:55:47","version" => "1.021"},{"date" => "2019-01-13T19:30:57","version" => "1.022"},{"date" => "2019-02-15T02:25:28","version" => "1.023"},{"date" => "2019-04-26T14:56:12","version" => "1.024"},{"date" => "2019-05-06T04:11:41","version" => "1.025"},{"date" => "2019-05-17T06:27:23","version" => "1.026"},{"date" => "2019-06-02T06:06:08","version" => "1.027"},{"date" => "2019-06-04T17:15:26","version" => "1.028"},{"date" => "2019-06-06T05:25:24","version" => "1.029"},{"date" => "2019-06-07T02:08:14","version" => "1.030"},{"date" => "2019-06-07T02:27:03","version" => "1.031"},{"date" => "2019-06-14T03:39:20","version" => "1.032"},{"date" => "2019-06-20T02:48:25","version" => "1.033"},{"date" => "2019-06-24T00:57:16","version" => "1.034"},{"date" => "2019-07-01T03:16:03","version" => "1.035"},{"date" => "2019-07-06T23:50:11","version" => "1.036"},{"date" => "2019-07-27T00:50:49","version" => "1.037"},{"date" => "2019-07-30T04:27:18","version" => "1.038"},{"date" => "2019-08-10T23:39:44","version" => "1.039"},{"date" => "2019-09-14T04:17:35","version" => "1.040"},{"date" => "2019-10-12T23:55:02","version" => "1.041"},{"date" => "2019-11-24T08:24:08","version" => "1.042"},{"date" => "2019-12-05T23:08:45","version" => "1.043"},{"date" => "2019-12-06T03:51:58","version" => "1.044"},{"date" => "2019-12-17T04:40:46","version" => "1.045"},{"date" => "2020-03-29T18:00:56","version" => "1.046"},{"date" => "2020-04-01T03:02:07","version" => "1.047"},{"date" => "2020-04-06T02:30:40","version" => "1.048"},{"date" => "2020-04-07T04:31:26","version" => "1.049"},{"date" => "2020-04-08T04:28:36","version" => "1.050"},{"date" => "2020-04-11T05:13:41","version" => "1.051"},{"date" => "2020-04-14T04:57:48","version" => "1.052"},{"date" => "2020-04-15T04:01:57","version" => "1.053"},{"date" => "2020-04-19T21:32:12","version" => "1.054"},{"date" => "2020-04-25T02:06:45","version" => "1.055"},{"date" => "2020-04-26T19:33:14","version" => "1.056"},{"date" => "2020-05-31T02:45:58","version" => "1.057"},{"date" => "2020-06-03T20:37:49","version" => "1.058"},{"date" => "2020-06-06T23:00:04","version" => "1.059"},{"date" => "2020-06-07T21:49:37","version" => "1.060"},{"date" => "2020-06-10T15:54:16","version" => "1.061"},{"date" => "2020-06-17T01:02:58","version" => "1.062"},{"date" => "2020-06-25T02:56:34","version" => "1.063"},{"date" => "2020-06-26T05:04:42","version" => "1.064"},{"date" => "2020-07-30T03:14:01","version" => "1.065"},{"date" => "2020-08-08T00:49:06","version" => "1.066"},{"date" => "2020-11-16T04:55:02","version" => "1.067"},{"date" => "2020-12-19T22:43:03","version" => "1.068"},{"date" => "2021-03-04T15:49:34","version" => "1.069"},{"date" => "2021-05-09T01:57:45","version" => "1.070"},{"date" => "2021-05-24T17:07:54","version" => "1.071"},{"date" => "2021-05-26T04:38:25","version" => "1.072"},{"date" => "2021-06-07T16:41:34","version" => "1.073"},{"date" => "2021-06-18T17:57:53","version" => "1.074"},{"date" => "2021-08-07T20:15:50","version" => "1.075"},{"date" => "2021-08-11T18:10:15","version" => "1.076"},{"date" => "2021-09-06T02:25:08","version" => "1.077"},{"date" => "2021-10-17T17:04:53","version" => "1.078"},{"date" => "2021-10-24T20:02:37","version" => "1.079"},{"date" => "2021-10-25T00:42:07","version" => "1.080"},{"date" => "2021-10-26T14:34:15","version" => "1.081"},{"date" => "2021-10-29T22:45:47","version" => "1.082"},{"date" => "2021-10-31T20:56:53","version" => "1.083"},{"date" => "2021-11-03T17:00:00","version" => "1.084"},{"date" => "2021-12-04T04:58:21","version" => "1.085"},{"date" => "2021-12-12T01:08:52","version" => "1.086"},{"date" => "2021-12-14T22:11:27","version" => "1.087"},{"date" => "2021-12-19T02:26:57","version" => "1.088"}]},"Yote" => {"advisories" => [{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.03,<=0.073"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.0974,<=0.1010"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.1011,<=0.1019"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.1020,<=0.207"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.208,<=0.312"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => ["==1.02"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yote","fixed_versions" => [],"id" => "CPANSA-Yote-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Yote","versions" => [{"date" => "2012-01-22T10:43:15","version" => "0.03"},{"date" => "2012-01-29T07:46:40","version" => "0.05"},{"date" => "2012-02-01T08:18:26","version" => "0.06"},{"date" => "2012-02-11T16:40:05","version" => "0.070"},{"date" => "2012-02-12T16:46:56","version" => "0.071"},{"date" => "2012-02-12T20:11:04","version" => "0.073"},{"date" => "2012-02-16T08:01:45","version" => "0.075"},{"date" => "2012-02-25T06:16:49","version" => "0.076"},{"date" => "2012-03-07T15:53:55","version" => "0.077"},{"date" => "2012-03-13T15:45:53","version" => "0.078"},{"date" => "2012-03-14T01:40:01","version" => "0.079"},{"date" => "2012-03-17T04:58:12","version" => "0.080"},{"date" => "2012-03-21T01:00:10","version" => "0.081"},{"date" => "2012-03-23T15:29:25","version" => "0.082"},{"date" => "2012-03-29T16:10:50","version" => "0.083"},{"date" => "2012-04-03T03:36:11","version" => "0.084"},{"date" => "2012-04-07T01:57:35","version" => "0.085"},{"date" => "2012-04-17T14:58:33","version" => "0.086"},{"date" => "2012-04-23T00:34:04","version" => "0.087"},{"date" => "2012-05-09T15:44:27","version" => "0.088"},{"date" => "2012-06-17T16:41:27","version" => "0.89"},{"date" => "2012-07-07T18:21:53","version" => "0.090"},{"date" => "2012-12-07T23:08:36","version" => "0.092"},{"date" => "2012-12-12T00:15:28","version" => "0.093"},{"date" => "2012-12-15T03:00:06","version" => "0.094"},{"date" => "2012-12-21T15:03:35","version" => "0.095"},{"date" => "2012-12-21T15:10:23","version" => "0.094"},{"date" => "2012-12-21T16:41:46","version" => "0.097"},{"date" => "2013-02-26T16:07:02","version" => "0.097"},{"date" => "2013-02-26T22:00:08","version" => "0.097"},{"date" => "2013-04-11T09:00:27","version" => "0.097"},{"date" => "2013-04-13T18:08:08","version" => "0.097"},{"date" => "2013-04-24T05:02:26","version" => "0.0975"},{"date" => "2013-04-24T20:50:26","version" => "0.0975"},{"date" => "2013-04-24T21:06:41","version" => "0.0976"},{"date" => "2013-04-24T23:55:23","version" => "0.0977"},{"date" => "2013-04-27T00:36:29","version" => "0.0978"},{"date" => "2013-04-27T01:37:31","version" => "0.0979"},{"date" => "2013-04-27T20:40:51","version" => "0.0980"},{"date" => "2013-05-02T02:22:35","version" => "0.0981"},{"date" => "2013-05-02T22:58:43","version" => "0.0982"},{"date" => "2013-05-06T15:52:27","version" => "0.0983"},{"date" => "2013-05-06T18:20:49","version" => "0.0984"},{"date" => "2013-05-11T01:05:36","version" => "0.0985"},{"date" => "2013-05-13T19:58:35","version" => "0.0986"},{"date" => "2013-05-13T23:31:05","version" => "0.0987"},{"date" => "2013-05-14T23:16:07","version" => "0.0988"},{"date" => "2013-05-19T19:40:20","version" => "0.0989"},{"date" => "2013-05-20T20:35:57","version" => "0.0990"},{"date" => "2013-05-21T01:32:16","version" => "0.0991"},{"date" => "2013-05-26T05:36:04","version" => "0.0992"},{"date" => "2013-06-04T05:13:09","version" => "0.0993"},{"date" => "2013-06-09T19:10:13","version" => "0.0994"},{"date" => "2013-06-09T21:09:39","version" => "0.0995"},{"date" => "2013-06-13T17:22:45","version" => "0.0996"},{"date" => "2013-06-19T23:18:28","version" => "0.1000"},{"date" => "2013-06-20T01:15:43","version" => "0.1001"},{"date" => "2013-07-08T18:51:52","version" => "0.1002"},{"date" => "2013-07-11T04:25:50","version" => "0.1003"},{"date" => "2013-07-25T05:35:23","version" => "0.1004"},{"date" => "2013-07-25T06:10:27","version" => "0.1005"},{"date" => "2013-09-10T03:54:55","version" => "0.1007"},{"date" => "2013-09-18T07:11:47","version" => "0.1008"},{"date" => "2013-10-13T04:31:17","version" => "0.1010"},{"date" => "2013-11-20T01:45:12","version" => "0.1011"},{"date" => "2013-11-28T06:46:16","version" => "0.1012"},{"date" => "2013-11-28T07:09:28","version" => "0.1013"},{"date" => "2013-12-26T03:28:50","version" => "0.1014"},{"date" => "2013-12-26T08:20:18","version" => "0.1015"},{"date" => "2013-12-28T19:05:21","version" => "0.1016"},{"date" => "2014-01-03T05:59:02","version" => "0.1017"},{"date" => "2014-01-03T06:25:40","version" => "0.1018"},{"date" => "2014-01-07T06:55:43","version" => "0.1019"},{"date" => "2014-02-07T05:56:36","version" => "0.1020"},{"date" => "2014-02-08T04:50:07","version" => "0.1021"},{"date" => "2014-02-20T17:39:10","version" => "0.1022"},{"date" => "2014-03-19T17:10:59","version" => "0.2"},{"date" => "2014-04-05T15:46:56","version" => "0.201"},{"date" => "2014-04-09T05:41:25","version" => "0.202"},{"date" => "2014-04-09T06:26:12","version" => "0.203"},{"date" => "2014-04-16T05:15:00","version" => "0.204"},{"date" => "2014-04-16T06:14:50","version" => "0.205"},{"date" => "2014-04-17T16:14:50","version" => "0.206"},{"date" => "2014-04-19T05:22:53","version" => "0.207"},{"date" => "2014-04-26T00:43:56","version" => "0.208"},{"date" => "2014-04-26T20:08:07","version" => "0.209"},{"date" => "2014-04-28T06:20:54","version" => "0.210"},{"date" => "2014-05-01T07:40:34","version" => "0.211"},{"date" => "2014-05-01T21:51:37","version" => "0.212"},{"date" => "2014-05-02T05:53:29","version" => "0.213"},{"date" => "2014-06-01T08:43:50","version" => "0.214"},{"date" => "2014-07-14T21:20:42","version" => "0.215"},{"date" => "2014-07-28T02:56:15","version" => "0.217"},{"date" => "2014-08-02T03:52:23","version" => "0.218"},{"date" => "2014-08-15T07:05:20","version" => "0.219"},{"date" => "2014-08-16T00:26:35","version" => "0.220"},{"date" => "2014-08-16T21:00:03","version" => "0.221"},{"date" => "2014-08-16T21:07:56","version" => "0.222"},{"date" => "2014-08-17T05:44:33","version" => "0.223"},{"date" => "2014-08-20T06:51:52","version" => "0.224"},{"date" => "2014-08-23T02:39:34","version" => "0.225"},{"date" => "2014-09-04T04:16:58","version" => "0.226"},{"date" => "2014-09-14T04:58:03","version" => "0.228"},{"date" => "2014-09-28T21:11:57","version" => "0.230"},{"date" => "2014-12-09T18:14:17","version" => "0.231"},{"date" => "2015-03-29T20:00:25","version" => "0.300"},{"date" => "2015-04-06T04:00:18","version" => "0.302"},{"date" => "2015-04-06T17:37:33","version" => "0.303"},{"date" => "2015-04-07T05:21:56","version" => "0.304"},{"date" => "2015-04-07T16:52:31","version" => "0.306"},{"date" => "2015-04-07T18:12:24","version" => "0.307"},{"date" => "2015-05-26T21:43:52","version" => "0.308"},{"date" => "2015-05-26T21:48:26","version" => "0.309"},{"date" => "2015-05-26T22:35:35","version" => "0.310"},{"date" => "2015-08-19T01:10:26","version" => "0.311"},{"date" => "2015-09-04T16:15:30","version" => "0.312"},{"date" => "2015-10-11T03:06:17","version" => "1.0"},{"date" => "2015-11-03T00:30:41","version" => "1.1"},{"date" => "2015-12-09T07:17:54","version" => "1.2"},{"date" => "2016-03-09T19:59:10","version" => "1.3"},{"date" => "2016-03-09T20:02:02","version" => "1.02"},{"date" => "2016-03-09T23:15:18","version" => "1.31"},{"date" => "2016-05-01T19:53:03","version" => "1.32"},{"date" => "2016-05-03T02:00:18","version" => "1.33"},{"date" => "2016-05-05T15:33:14","version" => "1.34"},{"date" => "2016-05-06T19:58:06","version" => "1.35"},{"date" => "2016-05-06T20:45:29","version" => "1.36"},{"date" => "2016-05-07T17:30:07","version" => "1.37"},{"date" => "2016-05-10T23:16:25","version" => "1.38"},{"date" => "2016-05-11T23:57:21","version" => "1.39"},{"date" => "2016-05-31T18:50:56","version" => "1.40"},{"date" => "2016-09-01T16:14:07","version" => "1.41"},{"date" => "2016-11-21T18:59:45","version" => "1.43"},{"date" => "2016-12-01T07:11:37","version" => "1.44"},{"date" => "2016-12-21T19:44:12","version" => "1.45"},{"date" => "2017-04-08T21:01:47","version" => "2.0"},{"date" => "2017-08-16T23:30:57","version" => "2.01"},{"date" => "2017-09-20T19:01:58","version" => "2.02"},{"date" => "2018-03-25T03:31:35","version" => "3.0"}]},"Yukki" => {"advisories" => [{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.110830,<=0.140290"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.990_001,<=0.991_006"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41182"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41182-jqueryui","references" => ["https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc","https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41183"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41183-jqueryui","references" => ["https://bugs.jqueryui.com/ticket/15284","https://github.com/jquery/jquery-ui/pull/1953","https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-001","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-41184"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41184-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280","https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-core-2022-001","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.112770"],"cves" => ["CVE-2021-41182"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41182-jqueryui","references" => ["https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc","https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.112770"],"cves" => ["CVE-2021-41183"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41183-jqueryui","references" => ["https://bugs.jqueryui.com/ticket/15284","https://github.com/jquery/jquery-ui/pull/1953","https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-001","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.112770"],"cves" => ["CVE-2021-41184"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41184-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280","https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-core-2022-001","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.0.121700,<=0.140290"],"cves" => ["CVE-2021-41182"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41182-jqueryui","references" => ["https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc","https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.0.121700,<=0.140290"],"cves" => ["CVE-2021-41183"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41183-jqueryui","references" => ["https://bugs.jqueryui.com/ticket/15284","https://github.com/jquery/jquery-ui/pull/1953","https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-contrib-2022-004","https://www.drupal.org/sa-core-2022-001","https://www.drupal.org/sa-core-2022-002","https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.0.121700,<=0.140290"],"cves" => ["CVE-2021-41184"],"description" => "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-41184-jqueryui","references" => ["https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280","https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327","https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/","https://security.netapp.com/advisory/ntap-20211118-0004/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/","https://www.drupal.org/sa-core-2022-001","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.tenable.com/security/tns-2022-09"],"reported" => "2021-10-26","severity" => "medium"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2021-23562"],"description" => "This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2021-23562-plupload","references" => ["https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664","https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665","https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663","https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909"],"reported" => "2021-12-03","severity" => "high"},{"affected_versions" => [">=0.99_01,<=0.991_006"],"cves" => ["CVE-2016-4566"],"description" => "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2016-4566-plupload","references" => ["http://www.plupload.com/punbb/viewtopic.php?pid=28690","https://wordpress.org/news/2016/05/wordpress-4-5-2/","http://www.openwall.com/lists/oss-security/2016/05/07/2","https://codex.wordpress.org/Version_4.5.2","https://core.trac.wordpress.org/changeset/37382/","https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e","https://wpvulndb.com/vulnerabilities/8489","http://www.securitytracker.com/id/1035818"],"reported" => "2016-05-22","severity" => "medium"},{"affected_versions" => ["<=0.140290"],"cves" => ["CVE-2016-4566"],"description" => "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2016-4566-plupload","references" => ["http://www.plupload.com/punbb/viewtopic.php?pid=28690","https://wordpress.org/news/2016/05/wordpress-4-5-2/","http://www.openwall.com/lists/oss-security/2016/05/07/2","https://codex.wordpress.org/Version_4.5.2","https://core.trac.wordpress.org/changeset/37382/","https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e","https://wpvulndb.com/vulnerabilities/8489","http://www.securitytracker.com/id/1035818"],"reported" => "2016-05-22","severity" => "medium"},{"affected_versions" => [">=0.110830,<=0.111160"],"cves" => ["CVE-2016-4566"],"description" => "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2016-4566-plupload","references" => ["http://www.plupload.com/punbb/viewtopic.php?pid=28690","https://wordpress.org/news/2016/05/wordpress-4-5-2/","http://www.openwall.com/lists/oss-security/2016/05/07/2","https://codex.wordpress.org/Version_4.5.2","https://core.trac.wordpress.org/changeset/37382/","https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e","https://wpvulndb.com/vulnerabilities/8489","http://www.securitytracker.com/id/1035818"],"reported" => "2016-05-22","severity" => "medium"},{"affected_versions" => [">=0.111280,<=0.112770"],"cves" => ["CVE-2016-4566"],"description" => "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2016-4566-plupload","references" => ["http://www.plupload.com/punbb/viewtopic.php?pid=28690","https://wordpress.org/news/2016/05/wordpress-4-5-2/","http://www.openwall.com/lists/oss-security/2016/05/07/2","https://codex.wordpress.org/Version_4.5.2","https://core.trac.wordpress.org/changeset/37382/","https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e","https://wpvulndb.com/vulnerabilities/8489","http://www.securitytracker.com/id/1035818"],"reported" => "2016-05-22","severity" => "medium"},{"affected_versions" => [">=0.121700,<=0.140290"],"cves" => ["CVE-2016-4566"],"description" => "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.\n","distribution" => "Yukki","fixed_versions" => [],"id" => "CPANSA-Yukki-2016-4566-plupload","references" => ["http://www.plupload.com/punbb/viewtopic.php?pid=28690","https://wordpress.org/news/2016/05/wordpress-4-5-2/","http://www.openwall.com/lists/oss-security/2016/05/07/2","https://codex.wordpress.org/Version_4.5.2","https://core.trac.wordpress.org/changeset/37382/","https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e","https://wpvulndb.com/vulnerabilities/8489","http://www.securitytracker.com/id/1035818"],"reported" => "2016-05-22","severity" => "medium"}],"main_module" => "Yukki","versions" => [{"date" => "2011-03-24T04:47:01","version" => "0.110830"},{"date" => "2011-03-25T05:35:01","version" => "0.110840"},{"date" => "2011-03-26T04:25:48","version" => "0.110850"},{"date" => "2011-03-29T03:08:58","version" => "0.110880"},{"date" => "2011-03-31T22:33:47","version" => "0.110900"},{"date" => "2011-04-16T02:29:38","version" => "0.111060"},{"date" => "2011-04-26T03:12:19","version" => "0.111160"},{"date" => "2011-05-08T01:46:50","version" => "0.111280"},{"date" => "2011-06-15T01:52:19","version" => "0.111660"},{"date" => "2011-06-21T03:20:58","version" => "0.111720"},{"date" => "2011-07-02T20:55:01","version" => "0.111830"},{"date" => "2011-10-04T19:30:44","version" => "0.112770"},{"date" => "2012-06-18T04:45:34","version" => "0.121700"},{"date" => "2012-06-27T02:33:18","version" => "0.121790"},{"date" => "2013-08-04T02:04:00","version" => "0.132160"},{"date" => "2014-01-29T14:29:25","version" => "0.140290"},{"date" => "2017-07-19T16:04:21","version" => "0.99_01"},{"date" => "2017-07-20T18:43:41","version" => "0.990_001"},{"date" => "2017-07-21T00:30:50","version" => "0.990_002"},{"date" => "2017-07-23T04:49:37","version" => "0.991_001"},{"date" => "2017-08-04T04:09:29","version" => "0.991_002"},{"date" => "2017-08-11T00:22:44","version" => "0.991_003"},{"date" => "2017-08-13T02:54:57","version" => "0.991_004"},{"date" => "2017-08-18T18:47:13","version" => "0.991_005"},{"date" => "2017-11-09T02:48:59","version" => "0.991_006"},{"date" => "2026-01-31T18:55:04","version" => "0.991_007"}]},"Zabbix-Reporter" => {"advisories" => [{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=0.06,<=0.07"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Zabbix-Reporter","fixed_versions" => [],"id" => "CPANSA-Zabbix-Reporter-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Zabbix::Reporter","versions" => [{"date" => "2013-03-27T23:01:45","version" => "0.01"},{"date" => "2013-03-29T20:06:46","version" => "0.02"},{"date" => "2013-05-05T11:26:24","version" => "0.03"},{"date" => "2013-05-13T20:38:47","version" => "0.04"},{"date" => "2013-05-21T19:59:56","version" => "0.05"},{"date" => "2013-06-16T12:55:56","version" => "0.06"},{"date" => "2013-09-08T21:14:34","version" => "0.07"}]},"Zonemaster-Backend" => {"advisories" => [{"affected_versions" => ["<7.0.0"],"cves" => [],"description" => "When running the API behind a reverse proxy on the same machine (like it is using the configuration example provided by the GUI) the remote ip might always be localhost even if the query was done from elsewher\n","distribution" => "Zonemaster-Backend","fixed_versions" => [">=7.0.0"],"id" => "CPANSA-Zonemaster-Backend-2021-001","references" => ["https://github.com/zonemaster/zonemaster-backend/issues/838","https://metacpan.org/dist/Zonemaster-Backend/changes"],"reported" => "2021-08-05","severity" => undef},{"affected_versions" => ["<1.0.1"],"cves" => [],"description" => "Potential SQL injection.\n","distribution" => "Zonemaster-Backend","fixed_versions" => [">=1.0.1"],"id" => "CPANSA-Zonemaster-Backend-2015-001","references" => ["https://github.com/zonemaster/zonemaster-backend/issues/25","https://metacpan.org/dist/Zonemaster-Backend/changes"],"reported" => "2015-01-28","severity" => undef}],"main_module" => "Zonemaster::Backend","versions" => [{"date" => "2017-11-02T13:57:24","version" => "2.0.0"},{"date" => "2018-01-12T17:25:15","version" => "2.0.1"},{"date" => "2018-02-23T13:09:41","version" => "2.0.2"},{"date" => "2018-06-25T08:43:15","version" => "2.1.0"},{"date" => "2019-05-24T07:07:47","version" => "4.0.0"},{"date" => "2019-05-31T16:42:26","version" => "4.0.1"},{"date" => "2020-05-01T14:49:55","version" => "5.0.0"},{"date" => "2020-05-15T12:59:00","version" => "5.0.1"},{"date" => "2020-05-22T07:31:56","version" => "5.0.2"},{"date" => "2020-11-09T09:49:51","version" => "6.0.0"},{"date" => "2020-11-10T10:02:13","version" => "6.0.1"},{"date" => "2020-11-18T09:08:50","version" => "6.0.2"},{"date" => "2021-02-09T11:02:57","version" => "6.1.0"},{"date" => "2021-05-31T20:39:03","version" => "6.2.0"},{"date" => "2021-09-18T14:05:03","version" => "7.0.0"},{"date" => "2021-12-06T00:20:51","version" => "8.0.0"},{"date" => "2021-12-20T10:08:13","version" => "8.1.0"},{"date" => "2022-06-10T11:39:25","version" => "9.0.0"},{"date" => "2022-07-08T08:40:31","version" => "9.0.1"},{"date" => "2022-12-19T09:29:40","version" => "10.0.0"},{"date" => "2023-01-31T16:06:19","version" => "10.0.1"},{"date" => "2023-03-01T17:37:05","version" => "10.0.2"},{"date" => "2023-06-21T16:14:40","version" => "11.0.0"},{"date" => "2023-08-08T02:40:32","version" => "11.0.1"},{"date" => "2023-09-08T09:18:30","version" => "11.0.2"},{"date" => "2024-03-18T15:59:50","version" => "11.1.0"},{"date" => "2024-03-28T10:49:24","version" => "11.1.1"},{"date" => "2024-07-01T15:45:21","version" => "11.2.0"},{"date" => "2024-12-09T13:52:41","version" => "11.3.0"},{"date" => "2025-03-04T21:47:49","version" => "11.4.0"},{"date" => "2025-06-26T17:21:54","version" => "11.5.0"},{"date" => "2025-12-19T11:15:27","version" => "12.0.0"}]},"Zonemaster-GUI" => {"advisories" => [{"affected_versions" => [">=1.0.7,<=1.0.11"],"cves" => ["CVE-2020-7676"],"description" => "angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"<option>\" elements in \"<select>\" ones changes parsing behavior, leading to possibly unsanitizing code.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-7676-angular","references" => ["https://github.com/angular/angular.js/pull/17028","https://snyk.io/vuln/SNYK-JS-ANGULAR-570058","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1\@%3Cozone-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1\@%3Cozone-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a\@%3Cozone-issues.hadoop.apache.org%3E"],"reported" => "2020-06-08","severity" => "medium"},{"affected_versions" => [">=1.0.7,<1.0.11"],"cves" => ["CVE-2018-14040"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2018-14040-bootstrap","references" => ["https://github.com/twbs/bootstrap/pull/26630","https://github.com/twbs/bootstrap/issues/26625","https://github.com/twbs/bootstrap/issues/26423","https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/","https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e\@%3Cdev.superset.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714\@%3Cissues.hbase.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26\@%3Ccommits.pulsar.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-14"],"reported" => "2018-07-13","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-11022"],"description" => "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-11022-jquery","references" => ["https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133\@%3Ccommits.airflow.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2020-10","https://www.tenable.com/security/tns-2020-11","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-11023"],"description" => "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-11023-jquery","references" => ["https://jquery.com/upgrade-guide/3.5/","https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","https://security.netapp.com/advisory/ntap-20200511-0006/","https://www.drupal.org/sa-core-2020-002","https://www.debian.org/security/2020/dsa-4693","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html","https://security.gentoo.org/glsa/202007-03","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html","https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248\@%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93\@%3Cgitbox.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/","https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9\@%3Ccommits.hive.apache.org%3E","https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1\@%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c\@%3Cgitbox.hive.apache.org%3E","https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb\@%3Cissues.hive.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/","https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679\@%3Ccommits.nifi.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d\@%3Cissues.flink.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html","https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16\@%3Cdev.felix.apache.org%3E","https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c\@%3Ccommits.felix.apache.org%3E","https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494\@%3Cdev.felix.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-02","https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html","http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae\@%3Cissues.flink.apache.org%3E","https://www.tenable.com/security/tns-2021-10","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36\@%3Cissues.flink.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"reported" => "2020-04-29","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2019-11358"],"description" => "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2019-11358-jquery","references" => ["https://www.drupal.org/sa-core-2019-006","https://snyk.io/vuln/SNYK-JS-JQUERY-174006","https://github.com/jquery/jquery/pull/4333","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://backdropcms.org/security/backdrop-sa-core-2019-009","https://www.debian.org/security/2019/dsa-4434","https://seclists.org/bugtraq/2019/Apr/32","http://www.securityfocus.com/bid/108023","https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f\@%3Ccommits.airflow.apache.org%3E","https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844\@%3Ccommits.airflow.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","http://www.openwall.com/lists/oss-security/2019/06/03/2","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://access.redhat.com/errata/RHSA-2019:1456","https://www.debian.org/security/2019/dsa-4460","https://seclists.org/bugtraq/2019/Jun/12","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","https://access.redhat.com/errata/RHBA-2019:1570","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:2587","https://security.netapp.com/advisory/ntap-20190919-0001/","https://access.redhat.com/errata/RHSA-2019:3023","https://access.redhat.com/errata/RHSA-2019:3024","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.synology.com/security/advisory/Synology_SA_19_19","https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3\@%3Ccommits.nifi.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://www.oracle.com/security-alerts/cpujan2020.html","https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b\@%3Ccommits.nifi.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","https://www.tenable.com/security/tns-2020-02","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766\@%3Cdev.syncope.apache.org%3E","https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa\@%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734\@%3Cdev.storm.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"reported" => "2019-04-20","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2015-9251"],"description" => "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2015-9251-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20150627","https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2","https://github.com/jquery/jquery/pull/2588","https://github.com/jquery/jquery/issues/2432","https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc","https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf","https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105658","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://seclists.org/bugtraq/2019/May/18","http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","http://seclists.org/fulldisclosure/2019/May/13","http://seclists.org/fulldisclosure/2019/May/11","http://seclists.org/fulldisclosure/2019/May/10","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731\@%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2\@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6\@%3Ccommits.roller.apache.org%3E","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","https://www.tenable.com/security/tns-2019-08","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2020.html","https://access.redhat.com/errata/RHSA-2020:0481","https://access.redhat.com/errata/RHSA-2020:0729","http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","https://security.netapp.com/advisory/ntap-20210108-0004/"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2011-4969"],"description" => "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2011-4969-jquery","references" => ["https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9","http://bugs.jquery.com/ticket/9521","http://www.ubuntu.com/usn/USN-1722-1","http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/","http://www.osvdb.org/80056","http://www.openwall.com/lists/oss-security/2013/01/31/3","http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730","http://www.securityfocus.com/bid/58458","http://www.securitytracker.com/id/1036620","https://security.netapp.com/advisory/ntap-20190416-0007/","https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8\@%3Ccommits.pulsar.apache.org%3E"],"reported" => "2013-03-08","severity" => undef},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2012-6708"],"description" => "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2012-6708-jquery","references" => ["https://snyk.io/vuln/npm:jquery:20120206","https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d","https://bugs.jquery.com/ticket/11290","http://www.securityfocus.com/bid/102792","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442\@%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f\@%3Cdev.drill.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc\@%3Cissues.drill.apache.org%3E","http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"],"reported" => "2018-01-18","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2020-7656"],"description" => "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2020-7656-jquery","references" => ["https://snyk.io/vuln/SNYK-JS-JQUERY-569619","https://security.netapp.com/advisory/ntap-20200528-0001/"],"reported" => "2020-05-19","severity" => "medium"},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2019-5428"],"description" => "Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2019-5428-jquery","references" => ["https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006"],"reported" => undef,"severity" => undef},{"affected_versions" => [">=1.0.8,<=1.0.11"],"cves" => ["CVE-2014-6071"],"description" => "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.\n","distribution" => "Zonemaster-GUI","fixed_versions" => [],"id" => "CPANSA-Zonemaster-GUI-2014-6071-jquery","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=1136683","http://seclists.org/fulldisclosure/2014/Sep/10","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"reported" => "2018-01-16","severity" => "medium"}],"main_module" => "Zonemaster::GUI","versions" => [{"date" => "2016-10-17T13:50:05","version" => "v1.0.7"},{"date" => "2016-10-17T14:35:43","version" => "v1.0.7"},{"date" => "2017-11-02T14:09:33","version" => "1.0.8"},{"date" => "2018-01-12T17:25:49","version" => "1.0.9"},{"date" => "2018-01-26T11:37:00","version" => "1.0.10"},{"date" => "2018-02-23T13:11:09","version" => "1.0.11"}]},"cppAdaptive1" => {"advisories" => [{"affected_versions" => ["==0.01"],"cves" => ["CVE-2019-7317"],"description" => "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.\n","distribution" => "cppAdaptive1","fixed_versions" => [],"id" => "CPANSA-cppAdaptive1-2019-7317-libpng","references" => ["https://github.com/glennrp/libpng/issues/275","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","https://seclists.org/bugtraq/2019/Apr/30","http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","https://www.debian.org/security/2019/dsa-4435","https://seclists.org/bugtraq/2019/Apr/36","https://usn.ubuntu.com/3962-1/","https://usn.ubuntu.com/3991-1/","https://seclists.org/bugtraq/2019/May/56","https://seclists.org/bugtraq/2019/May/59","https://www.debian.org/security/2019/dsa-4448","https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","https://access.redhat.com/errata/RHSA-2019:1265","https://access.redhat.com/errata/RHSA-2019:1269","https://access.redhat.com/errata/RHSA-2019:1267","https://www.debian.org/security/2019/dsa-4451","https://seclists.org/bugtraq/2019/May/67","https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","https://usn.ubuntu.com/3997-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","https://access.redhat.com/errata/RHSA-2019:1310","https://access.redhat.com/errata/RHSA-2019:1309","https://access.redhat.com/errata/RHSA-2019:1308","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","http://www.securityfocus.com/bid/108098","https://security.netapp.com/advisory/ntap-20190719-0005/","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/","https://security.gentoo.org/glsa/201908-02","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"reported" => "2019-02-04","severity" => "medium"},{"affected_versions" => ["==0.01"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "cppAdaptive1","fixed_versions" => [],"id" => "CPANSA-cppAdaptive1-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "cppAdaptive1","versions" => [{"date" => "2017-08-15T00:25:43","version" => "0.01"}]},"cppAdaptive2" => {"advisories" => [{"affected_versions" => [">=0.01,<=3.0.3"],"cves" => ["CVE-2019-7317"],"description" => "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.\n","distribution" => "cppAdaptive2","fixed_versions" => [],"id" => "CPANSA-cppAdaptive2-2019-7317-libpng","references" => ["https://github.com/glennrp/libpng/issues/275","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","https://seclists.org/bugtraq/2019/Apr/30","http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","https://www.debian.org/security/2019/dsa-4435","https://seclists.org/bugtraq/2019/Apr/36","https://usn.ubuntu.com/3962-1/","https://usn.ubuntu.com/3991-1/","https://seclists.org/bugtraq/2019/May/56","https://seclists.org/bugtraq/2019/May/59","https://www.debian.org/security/2019/dsa-4448","https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","https://access.redhat.com/errata/RHSA-2019:1265","https://access.redhat.com/errata/RHSA-2019:1269","https://access.redhat.com/errata/RHSA-2019:1267","https://www.debian.org/security/2019/dsa-4451","https://seclists.org/bugtraq/2019/May/67","https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","https://usn.ubuntu.com/3997-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","https://access.redhat.com/errata/RHSA-2019:1310","https://access.redhat.com/errata/RHSA-2019:1309","https://access.redhat.com/errata/RHSA-2019:1308","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","http://www.securityfocus.com/bid/108098","https://security.netapp.com/advisory/ntap-20190719-0005/","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/","https://security.gentoo.org/glsa/201908-02","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"reported" => "2019-02-04","severity" => "medium"},{"affected_versions" => [">=0.01,<=3.0.3"],"cves" => ["CVE-2018-25032"],"description" => "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n","distribution" => "cppAdaptive2","fixed_versions" => [],"id" => "CPANSA-cppAdaptive2-2018-25032-zlib","references" => ["https://rt.cpan.org/Ticket/Display.html?id=143579","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://github.com/madler/zlib/issues/605","https://www.debian.org/security/2022/dsa-5111","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://security.netapp.com/advisory/ntap-20220526-0009/","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"],"reported" => "2022-03-25","severity" => "high"}],"main_module" => "cppAdaptive2","versions" => [{"date" => "2018-05-30T06:24:48","version" => "0.01"},{"date" => "2018-06-04T20:54:37","version" => "v0.2.0"},{"date" => "2018-06-05T05:02:05","version" => "v1.0.0"},{"date" => "2018-06-05T15:49:02","version" => "v2.0.0"},{"date" => "2018-06-05T18:41:34","version" => "v2.0.1"},{"date" => "2018-06-06T17:15:24","version" => "v2.0.2"},{"date" => "2018-06-10T16:13:47","version" => "v3.0.0"},{"date" => "2018-06-10T18:17:00","version" => "v3.0.1"},{"date" => "2018-06-10T20:01:07","version" => "v3.0.2"},{"date" => "2018-06-11T04:59:40","version" => "v3.0.3"}]},"eperl" => {"advisories" => [{"affected_versions" => ["<=2.2.14"],"cves" => ["CVE-2001-0733"],"description" => "The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.\n","distribution" => "eperl","fixed_versions" => [],"id" => "CPANSA-ePerl-2001-0733","references" => ["http://www.securityfocus.com/archive/1/192711","http://www.securityfocus.com/bid/2912","https://exchange.xforce.ibmcloud.com/vulnerabilities/6743"],"reported" => "2001-10-18","severity" => undef}],"main_module" => "Parse::ePerl","versions" => [{"date" => "1996-09-08T09:22:26","version" => "1.4"},{"date" => "1997-01-20T06:55:18","version" => "v2.0.3"},{"date" => "1997-03-25T09:19:29","version" => "2.1"},{"date" => "1997-04-03T12:24:29","version" => "2.1"},{"date" => "1997-04-05T08:04:08","version" => "2.1"},{"date" => "1997-04-18T16:36:34","version" => "2.1"},{"date" => "1997-04-27T15:20:23","version" => "v2.1.0"},{"date" => "1997-05-04T20:06:49","version" => "v2.1.1"},{"date" => "1997-05-29T10:26:35","version" => "2.2"},{"date" => "1997-05-30T06:24:00","version" => "v2.1.2"},{"date" => "1997-05-30T16:53:19","version" => "2.2"},{"date" => "1997-06-06T07:37:49","version" => "2.2"},{"date" => "1997-06-28T15:59:18","version" => "2.2"},{"date" => "1997-07-19T08:23:43","version" => "v2.2.0"},{"date" => "1997-08-14T15:16:02","version" => "v2.2.2"},{"date" => "1997-08-21T15:44:18","version" => "v2.2.3"},{"date" => "1997-09-01T14:16:42","version" => "v2.2.4"},{"date" => "1997-09-03T10:33:40","version" => "v2.2.5"},{"date" => "1997-10-28T13:28:21","version" => "v2.2.6"},{"date" => "1997-11-17T16:37:11","version" => "v2.2.8"},{"date" => "1998-01-02T11:42:11","version" => "v2.2.12"},{"date" => "1998-07-10T09:22:54","version" => "v2.2.13"}]},"libapreq2" => {"advisories" => [{"affected_versions" => ["<2.07"],"cves" => ["CVE-2006-0042"],"description" => "Unspecified vulnerability in apreq_parse_headers and apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.\n","distribution" => "libapreq2","fixed_versions" => [">=2.07"],"id" => "CPANSA-libapreq2-2006-01","references" => ["https://metacpan.org/changes/distribution/libapreq2"],"reported" => "2007-04-17"}],"main_module" => "Apache2::Cookie","versions" => [{"date" => "2003-11-11T01:28:48","version" => "2.01_03"},{"date" => "2003-11-16T04:16:12","version" => "2.02_02"},{"date" => "2004-06-12T14:52:49","version" => "2.03_04"},{"date" => "2004-08-30T16:13:45","version" => "2.04_03"},{"date" => "2005-05-04T23:38:05","version" => "2.05"},{"date" => "2005-07-20T17:10:48","version" => "2.06"},{"date" => "2006-02-12T18:10:47","version" => "2.07"},{"date" => "2006-08-09T04:54:07","version" => "2.08"},{"date" => "2009-03-13T22:47:11","version" => "2.12"},{"date" => "2010-12-02T18:41:57","version" => "2.13"},{"date" => "2021-02-23T13:26:47","version" => "2.15"},{"date" => "2021-03-22T17:59:11","version" => "2.16"}]},"libwww-perl" => {"advisories" => [{"affected_versions" => ["<6.28"],"cves" => [],"description" => "LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command\n","distribution" => "libwww-perl","fixed_versions" => [">=6.27"],"id" => "CPANSA-libwww-perl-2017-01","references" => ["https://github.com/libwww-perl/libwww-perl/pull/270"],"reported" => "2017-11-06","reviewed_by" => [{"date" => "2022-06-23","email" => "rrwo\@cpan.org","name" => "Robert Rothenberg"}]},{"affected_versions" => ["<6.00"],"cves" => ["CVE-2011-0633"],"description" => "The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.\n","distribution" => "libwww-perl","fixed_versions" => [">=6.00"],"id" => "CPANSA-libwww-perl-2011-01","references" => ["http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html","http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html"],"reported" => "2011-01-20"},{"affected_versions" => ["<5.835"],"cves" => ["CVE-2010-2253"],"description" => "lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.\n","distribution" => "libwww-perl","fixed_versions" => [">=5.835"],"id" => "CPANSA-libwww-perl-2010-01","references" => ["http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html","http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html"],"reported" => "2010-07-06"},{"affected_versions" => ["<5.51"],"cves" => [],"description" => "If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for \"http_proxy\" permits \"HTTP_PROXY\" to be found, but this can be trivially set by the web client using the \"Proxy:\" header.\n","distribution" => "libwww-perl","fixed_versions" => [">=5.51"],"id" => "CPANSA-libwww-perl-2001-01","reported" => "2001-03-14"},{"affected_versions" => ["<0.04"],"cves" => [],"description" => "There is a security hole with the implementation of getBasicCredentials().\n","distribution" => "libwww-perl","fixed_versions" => [">=0.04"],"id" => "CPANSA-libwww-perl-1995-01","references" => ["https://metacpan.org/dist/libwww-perl/changes"],"reported" => "1995-09-06"}],"main_module" => "LWP","versions" => [{"date" => "1995-09-16T13:51:35","version" => 5},{"date" => "1995-11-06T14:29:13","version" => 5},{"date" => "1996-05-09T22:43:16","version" => 5},{"date" => "1996-05-26T14:01:51","version" => "5.00"},{"date" => "1996-08-02T16:38:58","version" => "5.01"},{"date" => "1996-09-11T16:19:57","version" => "5.02"},{"date" => "1996-09-30T22:58:37","version" => "5.03"},{"date" => "1996-10-22T10:39:33","version" => "5.04"},{"date" => "1996-12-04T23:36:17","version" => "5.05"},{"date" => "1997-01-27T23:53:38","version" => "5.06"},{"date" => "1997-02-11T14:20:18","version" => "5.07"},{"date" => "1997-04-05T13:10:16","version" => "5.08"},{"date" => "1997-06-10T11:07:01","version" => "5.09"},{"date" => "1997-06-20T10:51:10","version" => "5.10"},{"date" => "1997-08-06T08:41:11","version" => "5.11"},{"date" => "1997-09-05T09:38:58","version" => "5.12"},{"date" => "1997-09-20T12:50:59","version" => "5.13"},{"date" => "1997-10-12T20:55:32","version" => "5.14"},{"date" => "1997-11-06T20:23:06","version" => "5.15"},{"date" => "1997-12-12T17:44:29","version" => "5.18"},{"date" => "1997-12-16T22:25:00","version" => "5.18_03"},{"date" => "1997-12-17T10:08:54","version" => "5.18_04"},{"date" => "1998-01-20T18:16:51","version" => "5.18_05"},{"date" => "1998-01-26T23:55:39","version" => "5.19"},{"date" => "1998-02-12T23:43:23","version" => "5.20"},{"date" => "1998-03-12T18:39:08","version" => "5.21"},{"date" => "1998-03-24T19:42:54","version" => "5.22"},{"date" => "1998-03-31T22:25:14","version" => "5.30"},{"date" => "1998-04-10T15:07:10","version" => "5.31"},{"date" => "1998-04-17T05:23:45","version" => "5.32"},{"date" => "1998-05-07T15:10:00","version" => "5.33"},{"date" => "1998-07-07T16:06:51","version" => "5.34"},{"date" => "1998-07-09T23:05:12","version" => "5.35"},{"date" => "1998-08-04T15:15:44","version" => "5.36"},{"date" => "1998-10-12T17:42:28","version" => "5.40_01"},{"date" => "1998-11-19T22:17:29","version" => "5.41"},{"date" => "1999-03-20T07:52:48","version" => "5.42"},{"date" => "1999-05-09T19:26:17","version" => "5.43"},{"date" => "1999-06-25T20:34:40","version" => "5.44"},{"date" => "1999-09-20T13:36:22","version" => "5.45"},{"date" => "1999-10-28T12:30:45","version" => "5.46"},{"date" => "1999-11-16T14:59:58","version" => "5.47"},{"date" => "2000-04-09T19:45:32","version" => "5.48"},{"date" => "2001-01-01T06:35:20","version" => "5.49"},{"date" => "2001-01-12T20:58:43","version" => "5.50"},{"date" => "2001-03-14T21:33:03","version" => "5.51"},{"date" => "2001-03-29T21:39:12","version" => "5.52"},{"date" => "2001-04-10T23:15:00","version" => "5.53"},{"date" => "2001-04-19T06:13:35","version" => "5.53_90"},{"date" => "2001-04-21T05:02:13","version" => "5.53_91"},{"date" => "2001-04-25T17:37:11","version" => "5.53_92"},{"date" => "2001-04-29T06:28:31","version" => "5.53_93"},{"date" => "2001-05-05T13:57:20","version" => "5.53_94"},{"date" => "2001-08-07T00:46:18","version" => "5.53_95"},{"date" => "2001-08-28T05:59:46","version" => "5.53_96"},{"date" => "2001-09-20T00:33:20","version" => "5.53_97"},{"date" => "2001-10-26T23:30:57","version" => "5.60"},{"date" => "2001-11-17T02:56:46","version" => "5.61"},{"date" => "2001-11-21T19:00:47","version" => "5.62"},{"date" => "2001-12-14T21:01:09","version" => "5.63"},{"date" => "2002-02-09T18:54:35","version" => "5.64"},{"date" => "2002-05-31T20:59:15","version" => "5.65"},{"date" => "2002-12-20T19:28:34","version" => "5.66"},{"date" => "2003-01-01T16:53:11","version" => "5.67"},{"date" => "2003-01-03T05:04:44","version" => "5.68"},{"date" => "2003-01-24T16:55:35","version" => "5.69"},{"date" => "2003-10-13T20:56:35","version" => "5.70"},{"date" => "2003-10-14T19:12:56","version" => "5.71"},{"date" => "2003-10-15T19:53:47","version" => "5.72"},{"date" => "2003-10-19T20:04:40","version" => "5.73"},{"date" => "2003-10-23T19:26:57","version" => "5.74"},{"date" => "2003-10-26T22:10:48","version" => "5.75"},{"date" => "2003-11-21T19:33:09","version" => "5.76"},{"date" => "2004-04-06T13:41:45","version" => "5.77"},{"date" => "2004-04-07T11:13:36","version" => "5.78"},{"date" => "2004-04-13T08:09:08","version" => "5.79"},{"date" => "2004-06-16T10:43:42","version" => "5.800"},{"date" => "2004-11-12T18:32:17","version" => "5.801"},{"date" => "2004-11-30T13:06:01","version" => "5.802"},{"date" => "2004-12-11T15:48:30","version" => "5.803"},{"date" => "2005-12-06T09:36:12","version" => "5.804"},{"date" => "2005-12-08T12:29:02","version" => "5.805"},{"date" => "2007-07-19T21:31:44","version" => "5.806"},{"date" => "2007-07-31T13:14:54","version" => "5.807"},{"date" => "2007-08-05T13:29:17","version" => "5.808"},{"date" => "2008-04-08T11:47:19","version" => "5.810"},{"date" => "2008-04-14T08:28:19","version" => "5.811"},{"date" => "2008-04-16T10:32:51","version" => "5.812"},{"date" => "2008-06-17T20:37:17","version" => "5.813"},{"date" => "2008-07-25T09:09:53","version" => "5.814"},{"date" => "2008-09-24T18:10:11","version" => "5.815"},{"date" => "2008-09-29T09:27:09","version" => "5.816"},{"date" => "2008-10-10T21:31:27","version" => "5.817"},{"date" => "2008-10-16T10:32:24","version" => "5.818"},{"date" => "2008-10-20T11:43:37","version" => "5.819"},{"date" => "2008-11-05T18:07:29","version" => "5.820"},{"date" => "2008-11-25T00:16:49","version" => "5.821"},{"date" => "2008-12-05T19:18:40","version" => "5.822"},{"date" => "2009-01-12T16:50:02","version" => "5.823"},{"date" => "2009-02-13T14:12:29","version" => "5.824"},{"date" => "2009-02-16T10:00:35","version" => "5.825"},{"date" => "2009-04-24T20:42:45","version" => "5.826"},{"date" => "2009-06-15T19:36:37","version" => "5.827"},{"date" => "2009-06-25T19:44:55","version" => "5.828"},{"date" => "2009-07-08T20:03:11","version" => "5.829"},{"date" => "2009-07-26T19:39:49","version" => "5.830"},{"date" => "2009-08-13T20:53:34","version" => "5.831"},{"date" => "2009-09-21T18:24:41","version" => "5.832"},{"date" => "2009-10-06T21:23:39","version" => "5.833"},{"date" => "2009-11-21T13:09:14","version" => "5.834"},{"date" => "2010-05-05T21:13:47","version" => "5.835"},{"date" => "2010-05-13T07:34:58","version" => "5.836"},{"date" => "2010-09-20T21:24:38","version" => "5.837"},{"date" => "2010-11-04T15:16:35","version" => "5.837"},{"date" => "2011-03-08T19:25:05","version" => "6.00"},{"date" => "2011-03-09T23:30:57","version" => "6.01"},{"date" => "2011-03-27T11:35:01","version" => "6.02"},{"date" => "2011-10-15T13:38:28","version" => "6.03"},{"date" => "2012-02-18T22:13:13","version" => "6.04"},{"date" => "2013-03-11T21:47:56","version" => "6.05"},{"date" => "2014-04-16T18:38:49","version" => "6.06"},{"date" => "2014-07-02T05:10:47","version" => "6.07"},{"date" => "2014-07-25T03:19:43","version" => "6.08"},{"date" => "2015-02-10T02:58:40","version" => "6.09"},{"date" => "2015-02-12T17:40:48","version" => "6.10"},{"date" => "2015-02-13T21:38:49","version" => "6.11"},{"date" => "2015-02-14T00:16:15","version" => "6.12"},{"date" => "2015-02-14T18:45:12","version" => "6.13"},{"date" => "2015-11-25T20:23:47","version" => "6.14_001"},{"date" => "2015-12-05T06:01:09","version" => "6.15"},{"date" => "2016-01-05T00:29:20","version" => "6.15_001"},{"date" => "2016-01-14T01:52:18","version" => "6.15_002"},{"date" => "2016-01-14T02:01:20","version" => "6.15_003"},{"date" => "2016-02-13T06:18:45","version" => "6.15_004"},{"date" => "2017-01-18T14:22:22","version" => "6.16"},{"date" => "2017-01-31T19:39:10","version" => "6.17"},{"date" => "2017-02-03T20:31:54","version" => "6.18"},{"date" => "2017-02-14T19:56:20","version" => "6.19"},{"date" => "2017-02-21T15:19:06","version" => "6.20"},{"date" => "2017-02-21T20:38:03","version" => "6.21"},{"date" => "2017-03-01T15:27:43","version" => "6.22"},{"date" => "2017-03-07T03:49:52","version" => "6.23"},{"date" => "2017-03-14T16:36:38","version" => "6.24"},{"date" => "2017-04-03T17:20:06","version" => "6.25"},{"date" => "2017-04-12T15:36:20","version" => "6.26"},{"date" => "2017-09-21T22:32:37","version" => "6.27"},{"date" => "2017-11-06T15:43:47","version" => "6.28"},{"date" => "2017-11-06T20:34:56","version" => "6.29"},{"date" => "2017-12-08T01:57:23","version" => "6.30"},{"date" => "2017-12-11T01:57:47","version" => "6.31"},{"date" => "2018-02-20T19:41:40","version" => "6.32"},{"date" => "2018-02-27T04:04:55","version" => "6.33"},{"date" => "2018-06-05T18:50:45","version" => "6.34"},{"date" => "2018-07-16T04:51:16","version" => "6.35"},{"date" => "2018-10-10T02:21:49","version" => "6.36"},{"date" => "2019-03-06T20:51:05","version" => "6.37"},{"date" => "2019-03-25T19:00:53","version" => "6.38"},{"date" => "2019-05-06T14:19:25","version" => "6.39"},{"date" => "2019-10-24T13:08:25","version" => "6.40"},{"date" => "2019-10-28T14:45:05","version" => "6.41"},{"date" => "2019-11-20T17:41:59","version" => "6.42"},{"date" => "2019-11-26T13:56:02","version" => "6.43"},{"date" => "2020-04-14T19:39:37","version" => "6.44"},{"date" => "2020-06-08T14:52:52","version" => "6.45"},{"date" => "2020-06-23T21:20:14","version" => "6.46"},{"date" => "2020-08-18T15:28:34","version" => "6.47"},{"date" => "2020-09-20T15:26:52","version" => "6.48"},{"date" => "2020-09-24T00:29:49","version" => "6.49"},{"date" => "2020-12-16T18:36:35","version" => "6.50"},{"date" => "2020-12-29T22:09:46","version" => "6.51"},{"date" => "2021-01-07T21:58:27","version" => "6.52"},{"date" => "2021-03-07T16:55:35","version" => "6.53"},{"date" => "2021-05-06T17:55:38","version" => "6.54"},{"date" => "2021-06-17T13:58:40","version" => "6.55"},{"date" => "2021-08-17T13:58:19","version" => "6.56"},{"date" => "2021-09-20T20:29:02","version" => "6.57"},{"date" => "2021-10-25T20:44:12","version" => "6.58"},{"date" => "2021-12-02T21:20:00","version" => "6.59"},{"date" => "2021-12-17T22:33:53","version" => "6.60"},{"date" => "2022-01-21T21:44:31","version" => "6.61"},{"date" => "2022-04-05T01:05:20","version" => "6.62"},{"date" => "2022-04-25T15:25:43","version" => "6.63"},{"date" => "2022-04-26T13:17:45","version" => "6.64"},{"date" => "2022-05-09T18:42:27","version" => "6.65"},{"date" => "2022-05-18T16:57:21","version" => "6.66"},{"date" => "2022-06-14T20:24:12","version" => "6.67"},{"date" => "2023-02-27T19:20:03","version" => "6.68"},{"date" => "2023-04-29T13:15:34","version" => "6.69"},{"date" => "2023-04-30T13:26:14","version" => "6.70"},{"date" => "2023-06-20T19:46:00","version" => "6.71"},{"date" => "2023-07-17T22:02:15","version" => "6.72"},{"date" => "2024-01-13T20:26:02","version" => "6.73"},{"date" => "2024-01-22T17:49:13","version" => "6.74"},{"date" => "2024-01-24T14:30:24","version" => "6.75"},{"date" => "2024-01-25T18:33:12","version" => "6.76"},{"date" => "2024-03-11T00:58:25","version" => "6.77"},{"date" => "2025-02-20T00:44:17","version" => "6.78"},{"date" => "2025-06-27T22:44:59","version" => "6.79"},{"date" => "2025-09-11T22:58:55","version" => "6.80"},{"date" => "2025-10-22T17:05:45","version" => "6.81"}]},"mod_perl" => {"advisories" => [{"affected_versions" => ["<1.31"],"cves" => ["CVE-2009-0796"],"description" => "XSS in Apache::Status.\n","distribution" => "mod_perl","fixed_versions" => [">=1.31"],"id" => "CPANSA-mod_perl-2009-01","references" => ["https://metacpan.org/changes/distribution/mod_perl"],"reported" => "2009-05-11"},{"affected_versions" => ["<1.30"],"cves" => ["CVE-2007-1349"],"description" => "Unescaped variable interpolation in Apache::PerlRun regular expression could cause regex engine tampering.\n","distribution" => "mod_perl","fixed_versions" => [">=1.30"],"id" => "CPANSA-mod_perl-2007-01","references" => ["https://metacpan.org/changes/distribution/mod_perl"],"reported" => "2007-03-29"},{"affected_versions" => [">=2.0,<=2.0.10"],"cves" => ["CVE-2011-2767"],"description" => "mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.\n","distribution" => "mod_perl","fixed_versions" => [],"id" => "CPANSA-mod_perl-2011-2767","references" => ["https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E","https://bugs.debian.org/644169","https://lists.debian.org/debian-lts-announce/2018/09/msg00018.html","https://access.redhat.com/errata/RHSA-2018:2737","https://access.redhat.com/errata/RHSA-2018:2826","https://access.redhat.com/errata/RHSA-2018:2825","http://www.securityfocus.com/bid/105195","https://usn.ubuntu.com/3825-1/","https://usn.ubuntu.com/3825-2/","https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d\@%3Cmodperl-cvs.perl.apache.org%3E","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.html"],"reported" => "2018-08-26","severity" => "critical"}],"main_module" => "mod_perl2","versions" => [{"date" => "1996-05-21T02:07:05","version" => "0.60"},{"date" => "1996-05-21T20:51:37","version" => "0.60"},{"date" => "1996-06-18T19:41:55","version" => "0.60"},{"date" => "1996-06-25T15:49:56","version" => "0.60"},{"date" => "1996-07-14T23:39:07","version" => "0.70"},{"date" => "1996-07-26T20:39:23","version" => "0.76"},{"date" => "1996-09-08T22:13:32","version" => "0.81"},{"date" => "1996-10-04T15:50:31","version" => "0.83_02"},{"date" => "1996-10-09T07:10:24","version" => "0.83_03"},{"date" => "1996-10-14T03:46:54","version" => "0.83_04"},{"date" => "1996-10-15T13:34:22","version" => "0.83_05"},{"date" => "1996-10-17T03:48:27","version" => "0.83_06"},{"date" => "1996-10-18T22:18:01","version" => "0.83_07"},{"date" => "1996-10-21T01:37:29","version" => "0.83_09"},{"date" => "1996-10-25T14:09:06","version" => "0.83_10"},{"date" => "1996-10-28T00:01:00","version" => "0.84"},{"date" => "1996-11-13T05:39:14","version" => "0.85"},{"date" => "1996-11-14T07:21:01","version" => "0.85_01"},{"date" => "1996-11-27T17:19:02","version" => "0.85_02"},{"date" => "1996-12-05T03:37:12","version" => "0.85_03"},{"date" => "1996-12-10T23:17:33","version" => "0.85_04"},{"date" => "1996-12-17T13:31:40","version" => "0.85_06"},{"date" => "1996-12-19T14:32:44","version" => "0.86"},{"date" => "1996-12-24T04:19:35","version" => "0.87"},{"date" => "1996-12-24T20:41:28","version" => "0.88"},{"date" => "1996-12-31T04:43:25","version" => "0.89"},{"date" => "1996-12-31T07:52:56","version" => "0.90"},{"date" => "1997-01-20T10:04:20","version" => "0.90_01"},{"date" => "1997-01-23T00:58:22","version" => "0.91"},{"date" => "1997-01-23T15:56:19","version" => "0.92"},{"date" => "1997-01-28T02:37:30","version" => "0.93"},{"date" => "1997-03-05T03:19:32","version" => "0.93_01"},{"date" => "1997-03-10T12:07:39","version" => "0.94"},{"date" => "1997-03-23T18:53:46","version" => "0.95"},{"date" => "1997-03-23T18:54:02","version" => "0.95_02"},{"date" => "1997-04-01T04:44:44","version" => "0.95_03"},{"date" => "1997-04-02T01:35:22","version" => "0.95_04"},{"date" => "1997-04-02T03:20:37","version" => "0.95_05"},{"date" => "1997-04-02T04:42:28","version" => "0.95_06"},{"date" => "1997-04-04T05:33:39","version" => "0.96"},{"date" => "1997-04-16T03:54:02","version" => "0.97"},{"date" => "1997-04-23T03:29:01","version" => "0.97_01"},{"date" => "1997-04-30T03:56:50","version" => "0.97_02"},{"date" => "1997-05-02T19:58:12","version" => "0.98"},{"date" => "1997-05-19T22:59:20","version" => "0.98_03"},{"date" => "1997-05-23T00:24:28","version" => "0.98_05"},{"date" => "1997-05-30T02:07:03","version" => "0.98_08"},{"date" => "1997-06-02T00:05:45","version" => "0.98_09"},{"date" => "1997-06-03T03:15:48","version" => "0.98_10"},{"date" => "1997-06-04T01:54:46","version" => "0.98_11"},{"date" => "1997-06-06T01:14:09","version" => "0.98_12"},{"date" => "1997-06-12T00:36:43","version" => "0.99"},{"date" => "1997-06-30T03:04:22","version" => "1.00"},{"date" => "1997-07-08T06:20:15","version" => "1.00"},{"date" => "1997-07-30T20:57:59","version" => "1.00"},{"date" => "1997-08-25T22:00:29","version" => "0.85_05"},{"date" => "1997-09-16T01:09:06","version" => "1.00_02"},{"date" => "1997-09-21T21:40:32","version" => "1.00_03"},{"date" => "1997-10-17T00:04:35","version" => "1.01"},{"date" => "1997-10-17T15:40:45","version" => "1.02"},{"date" => "1997-10-24T04:02:30","version" => "1.03"},{"date" => "1997-10-31T03:59:22","version" => "1.04"},{"date" => "1997-11-07T04:32:07","version" => "1.05"},{"date" => "1997-11-26T02:09:01","version" => "1.07"},{"date" => "1997-12-02T21:34:03","version" => "1.07_01"},{"date" => "1997-12-22T09:29:56","version" => "1.07_02"},{"date" => "1998-01-08T10:21:31","version" => "1.07_03"},{"date" => "1998-01-28T02:10:28","version" => "1.07_03"},{"date" => "1998-01-29T00:47:52","version" => "1.07_03"},{"date" => "1998-02-10T11:04:03","version" => "1.07_04"},{"date" => "1998-02-12T15:08:20","version" => "1.07_04"},{"date" => "1998-02-20T03:43:49","version" => "1.08"},{"date" => "1998-03-07T01:06:09","version" => "1.08"},{"date" => "1998-03-19T07:39:18","version" => "1.09"},{"date" => "1998-03-21T04:14:02","version" => "1.10"},{"date" => "1998-03-27T16:52:20","version" => "1.10"},{"date" => "1998-04-21T14:43:05","version" => "1.11"},{"date" => "1998-04-24T18:58:30","version" => "1.11"},{"date" => "1998-06-09T16:51:19","version" => "1.11"},{"date" => "1998-06-14T19:21:25","version" => "1.12"},{"date" => "1998-07-14T01:13:07","version" => "1.13"},{"date" => "1998-07-19T00:19:20","version" => "1.14"},{"date" => "1998-07-24T13:52:53","version" => "1.15"},{"date" => "1998-07-24T15:59:13","version" => "1.15"},{"date" => "1998-09-20T00:02:57","version" => "1.15_01"},{"date" => "1998-10-02T23:10:02","version" => "1.16"},{"date" => "1998-10-28T18:16:45","version" => "1.16"},{"date" => "1998-11-24T23:54:59","version" => "1.16_01"},{"date" => "1998-12-01T00:01:25","version" => "1.16_02"},{"date" => "1999-01-28T06:27:45","version" => "1.18"},{"date" => "1999-06-11T17:22:35","version" => "1.20"},{"date" => "1999-07-02T23:43:56","version" => "1.21"},{"date" => "2000-03-06T01:32:31","version" => "1.21_01"},{"date" => "2000-03-07T07:56:53","version" => "1.21_02"},{"date" => "2000-03-15T10:25:52","version" => "1.21_03"},{"date" => "2000-03-23T06:51:53","version" => "1.22"},{"date" => "2000-04-21T06:51:47","version" => "1.23"},{"date" => "2000-05-17T05:44:34","version" => "1.24"},{"date" => "2000-10-10T16:44:39","version" => "1.24_01"},{"date" => "2001-01-30T04:33:45","version" => "1.25"},{"date" => "2001-07-06T21:27:16","version" => "1.25_01"},{"date" => "2001-07-12T02:23:32","version" => "1.26"},{"date" => "2002-04-07T04:58:26","version" => "1.99_01"},{"date" => "2002-06-02T03:05:50","version" => "1.27"},{"date" => "2002-06-02T03:27:13","version" => "1.99_02"},{"date" => "2002-06-15T23:59:37","version" => "1.99_03"},{"date" => "2002-06-21T22:45:41","version" => "1.99_04"},{"date" => "2002-08-20T16:54:13","version" => "1.99_05"},{"date" => "2002-09-27T15:19:03","version" => "1.99_06"},{"date" => "2002-09-27T19:41:50","version" => "1.99_07"},{"date" => "2003-01-11T04:22:19","version" => "1.99_08"},{"date" => "2003-04-28T02:36:59","version" => "1.99_09"},{"date" => "2003-07-03T03:32:20","version" => "1.28"},{"date" => "2003-09-29T17:11:24","version" => "1.99_10"},{"date" => "2003-10-08T04:54:22","version" => "1.29"},{"date" => "2003-11-10T21:04:15","version" => "1.99_11"},{"date" => "2003-12-22T19:56:22","version" => "1.99_12"},{"date" => "2004-03-09T00:29:43","version" => "1.99_13"},{"date" => "2004-05-21T18:02:49","version" => "1.99_14"},{"date" => "2004-08-20T18:35:12","version" => "1.99_15"},{"date" => "2004-08-23T05:59:47","version" => "1.99_16"},{"date" => "2004-10-22T21:38:19","version" => "1.99_17"},{"date" => "2004-12-12T23:22:37","version" => "v2.0.0"},{"date" => "2004-12-23T23:38:49","version" => "v2.0.0"},{"date" => "2005-01-06T01:27:43","version" => "v2.0.0"},{"date" => "2005-01-22T08:55:19","version" => "v2.0.0"},{"date" => "2005-04-14T13:19:23","version" => "v2.0.0"},{"date" => "2005-05-04T02:48:58","version" => "v2.0.0"},{"date" => "2005-05-20T05:12:45","version" => "v2.0.0"},{"date" => "2005-06-17T21:05:23","version" => "v2.0.1"},{"date" => "2005-10-21T01:27:23","version" => "v2.0.2"},{"date" => "2006-11-29T08:29:30","version" => "v2.0.3"},{"date" => "2007-03-30T06:19:02","version" => "1.30"},{"date" => "2008-04-17T06:32:36","version" => "v2.0.4"},{"date" => "2009-05-13T02:29:50","version" => "1.31"},{"date" => "2011-02-07T23:31:36","version" => "v2.0.5"},{"date" => "2012-04-25T15:31:27","version" => "v2.0.6"},{"date" => "2012-06-06T02:40:24","version" => "v2.0.7"},{"date" => "2013-04-18T02:15:56","version" => "2.0.8"},{"date" => "2015-06-18T21:16:34","version" => "2.0.9"},{"date" => "2016-10-27T21:16:36","version" => "2.0.10"},{"date" => "2019-10-05T11:36:44","version" => "2.0.11"},{"date" => "2022-01-30T13:36:21","version" => "2.0.12"},{"date" => "2023-10-21T10:32:29","version" => "2.0.13"}]},"perl" => {"advisories" => [{"affected_versions" => ["<1.13"],"cves" => ["CVE-2011-2728"],"description" => "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.\n","distribution" => "perl","fixed_versions" => [">=1.13"],"id" => "CPANSA-File-Glob-2011-2728","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html","http://www.securityfocus.com/bid/49858","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77","http://secunia.com/advisories/46172","https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1","https://bugzilla.redhat.com/show_bug.cgi?id=742987"],"reported" => "2012-12-21","severity" => undef},{"affected_versions" => ["<5.24.1"],"cves" => ["CVE-2016-1238"],"description" => "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\n","distribution" => "perl","fixed_versions" => [">=5.24.1"],"id" => "CPANSA-ExtUtils-ParseXS-2016-1238","references" => ["https://perldoc.perl.org/5.24.1/perldelta","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab","http://www.debian.org/security/2016/dsa-3628","http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html","http://www.securityfocus.com/bid/92136","http://www.securitytracker.com/id/1036440","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/","https://rt.perl.org/Public/Bug/Display.html?id=127834","https://security.gentoo.org/glsa/201701-75","https://security.gentoo.org/glsa/201812-07"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=5.22.0,<5.24.0"],"cves" => ["CVE-2016-6185"],"description" => "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2016-6185","references" => ["https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/","https://github.com/Perl/perl5/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/","http://www.openwall.com/lists/oss-security/2016/07/07/1","http://www.openwall.com/lists/oss-security/2016/07/08/5","https://rt.cpan.org/Public/Bug/Display.html?id=115808","http://www.debian.org/security/2016/dsa-3628","http://www.securitytracker.com/id/1036260","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.securityfocus.com/bid/91685","https://security.gentoo.org/glsa/201701-75","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/","https://github.com/Perl/perl5/blob/blead/pod/perl5260delta.pod"],"reported" => "2016-08-02","severity" => "high"},{"affected_versions" => [">=5.005,<5.24.0"],"cves" => ["CVE-2015-8608"],"description" => "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2015-8608","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=126755","https://github.com/Perl/perl5/issues/15067","https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2017-02-07","severity" => "critical"},{"affected_versions" => ["<5.14.2"],"cves" => ["CVE-2011-2728"],"description" => "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.\n","distribution" => "perl","fixed_versions" => [">=5.14.2"],"id" => "CPANSA-perl-2011-2728","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html","http://www.securityfocus.com/bid/49858","http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod","http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77","http://secunia.com/advisories/46172","https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1","https://bugzilla.redhat.com/show_bug.cgi?id=742987"],"reported" => "2012-12-21","severity" => undef},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-12723"],"description" => "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-12723","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://github.com/Perl/perl5/issues/16947","https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a","https://github.com/Perl/perl5/issues/17743","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-10878"],"description" => "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-10878","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c","https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => ["<5.28.3",">=5.30.0,<5.30.3"],"cves" => ["CVE-2020-10543"],"description" => "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.\n","distribution" => "perl","fixed_versions" => [">=5.30.3"],"id" => "CPANSA-perl-2020-10543","references" => ["https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3","https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed","https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod","https://security.netapp.com/advisory/ntap-20200611-0001/","https://security.gentoo.org/glsa/202006-03","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://perldoc.perl.org/perl5283delta","https://perldoc.perl.org/perl5303delta","https://perldoc.perl.org/perl5320delta"],"reported" => "2020-06-05","severity" => "high"},{"affected_versions" => [">=5.22.0,<5.24.4",">=5.26.0,<5.28.2"],"cves" => ["CVE-2018-6798"],"description" => "An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.\n","distribution" => "perl","fixed_versions" => [">=5.28.0"],"id" => "CPANSA-perl-2018-6798","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=132063","http://www.securitytracker.com/id/1040681","https://access.redhat.com/errata/RHSA-2018:1192","https://usn.ubuntu.com/3625-1/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta","https://github.com/Perl/perl5/issues/16143"],"reported" => "2018-04-17","severity" => "high"},{"affected_versions" => [">=5.18.0,<5.24.4",">=5.26.0,<5.26.2"],"cves" => ["CVE-2018-6797"],"description" => "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.\n","distribution" => "perl","fixed_versions" => [">=5.28.0"],"id" => "CPANSA-perl-2018-6797","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=132227","http://www.securitytracker.com/id/1040681","https://access.redhat.com/errata/RHSA-2018:1192","https://usn.ubuntu.com/3625-1/","http://www.securitytracker.com/id/1042004","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta"],"reported" => "2018-04-17","severity" => "critical"},{"affected_versions" => ["<5.24.4",">=5.26.0,<5.26.2"],"cves" => ["CVE-2018-6913"],"description" => "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.\n","distribution" => "perl","fixed_versions" => [">=5.26.2"],"id" => "CPANSA-perl-2018-6913","references" => ["https://www.debian.org/security/2018/dsa-4172","https://rt.perl.org/Public/Bug/Display.html?id=131844","https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html","http://www.securitytracker.com/id/1040681","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/","http://www.securityfocus.com/bid/103953","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5244delta","https://perldoc.perl.org/perl5262delta","https://github.com/Perl/perl5/issues/16098"],"reported" => "2018-04-17","severity" => "critical"},{"affected_versions" => ["<5.26.3"],"cves" => ["CVE-2018-18314"],"description" => "Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.26.3"],"id" => "CPANSA-perl-2018-18314","references" => ["https://www.debian.org/security/2018/dsa-4347","https://rt.perl.org/Ticket/Display.html?id=131649","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f","https://bugzilla.redhat.com/show_bug.cgi?id=1646751","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106145","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["<5.26.3"],"cves" => ["CVE-2018-18313"],"description" => "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.\n","distribution" => "perl","fixed_versions" => [">=5.26.3"],"id" => "CPANSA-perl-2018-18313","references" => ["https://www.debian.org/security/2018/dsa-4347","https://usn.ubuntu.com/3834-2/","https://rt.perl.org/Ticket/Display.html?id=133192","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62","https://bugzilla.redhat.com/show_bug.cgi?id=1646738","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://support.apple.com/kb/HT209600","https://seclists.org/bugtraq/2019/Mar/42","http://seclists.org/fulldisclosure/2019/Mar/49","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["==5.28.0","<5.26.3"],"cves" => ["CVE-2018-18312"],"description" => "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.28.1"],"id" => "CPANSA-perl-2018-18312","references" => ["https://www.debian.org/security/2018/dsa-4347","https://rt.perl.org/Public/Bug/Display.html?id=133423","https://metacpan.org/changes/release/SHAY/perl-5.28.1","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://bugzilla.redhat.com/show_bug.cgi?id=1646734","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106179","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://security.netapp.com/advisory/ntap-20190221-0003/","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5281delta","https://perldoc.perl.org/perl5263delta"],"reported" => "2018-12-05","severity" => "critical"},{"affected_versions" => ["<5.26.3","==5.28.0"],"cves" => ["CVE-2018-18311"],"description" => "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n","distribution" => "perl","fixed_versions" => [">=5.28.1"],"id" => "CPANSA-perl-2018-18311","references" => ["https://www.debian.org/security/2018/dsa-4347","https://usn.ubuntu.com/3834-2/","https://rt.perl.org/Ticket/Display.html?id=133204","https://metacpan.org/changes/release/SHAY/perl-5.28.1","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://lists.fedoraproject.org/archives/list/package-announce\@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html","https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be","https://bugzilla.redhat.com/show_bug.cgi?id=1646730","http://www.securitytracker.com/id/1042181","https://usn.ubuntu.com/3834-1/","http://www.securityfocus.com/bid/106145","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0001","https://access.redhat.com/errata/RHSA-2019:0109","https://security.netapp.com/advisory/ntap-20190221-0003/","https://support.apple.com/kb/HT209600","https://seclists.org/bugtraq/2019/Mar/42","http://seclists.org/fulldisclosure/2019/Mar/49","https://kc.mcafee.com/corporate/index?page=content&id=SB10278","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:1790","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:1942","https://access.redhat.com/errata/RHSA-2019:2400","https://security.gentoo.org/glsa/201909-01","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5281delta","https://perldoc.perl.org/perl5263delta"],"reported" => "2018-12-07","severity" => "critical"},{"affected_versions" => ["==5.26.0",">=5.20.0,<5.24.3"],"cves" => ["CVE-2017-12883"],"description" => "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\\\N{U+...}' escape.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12883","references" => ["https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1","https://bugzilla.redhat.com/show_bug.cgi?id=1492093","http://www.securityfocus.com/bid/100852","http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch","https://rt.perl.org/Public/Bug/Display.html?id=131598","http://www.debian.org/security/2017/dsa-3982","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://github.com/Perl/perl5/issues/16025","https://perldoc.perl.org/perl5243delta","https://perldoc.perl.org/perl5280delta","https://perldoc.perl.org/perl5261delta"],"reported" => "2017-09-19","severity" => "critical"},{"affected_versions" => [">=5.18.0,<5.24.3","==5.26.0"],"cves" => ["CVE-2017-12837"],"description" => "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\\\\N{}' escape and the case-insensitive modifier.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12837","references" => ["https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5","https://bugzilla.redhat.com/show_bug.cgi?id=1492091","http://www.securityfocus.com/bid/100860","https://rt.perl.org/Public/Bug/Display.html?id=131582","http://www.debian.org/security/2017/dsa-3982","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://github.com/Perl/perl5/issues/16021","https://perldoc.perl.org/perl5243delta","https://perldoc.perl.org/perl5261delta","https://perldoc.perl.org/perl5280delta"],"reported" => "2017-09-19","severity" => "high"},{"affected_versions" => ["<5.24.0"],"cves" => ["CVE-2015-8853"],"description" => "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\"\n","distribution" => "perl","fixed_versions" => [">=5.24.0"],"id" => "CPANSA-perl-2015-8853","references" => ["http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html","http://www.openwall.com/lists/oss-security/2016/04/20/7","https://bugzilla.redhat.com/show_bug.cgi?id=1329106","https://rt.perl.org/Public/Bug/Display.html?id=123562","http://www.openwall.com/lists/oss-security/2016/04/20/5","http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.securityfocus.com/bid/86707","https://security.gentoo.org/glsa/201701-75","https://usn.ubuntu.com/3625-2/","https://usn.ubuntu.com/3625-1/"],"reported" => "2016-05-25","severity" => "high"},{"affected_versions" => ["<5.18.0"],"cves" => ["CVE-2013-1667"],"description" => "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2013-1667","references" => ["http://www.securityfocus.com/bid/58311","http://perl5.git.perl.org/perl.git/commitdiff/d59e31f","http://perl5.git.perl.org/perl.git/commitdiff/9d83adc","http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html","http://www.debian.org/security/2013/dsa-2641","http://secunia.com/advisories/52499","http://secunia.com/advisories/52472","https://bugzilla.redhat.com/show_bug.cgi?id=912276","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296","http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5","http://osvdb.org/90892","http://www.ubuntu.com/usn/USN-1770-1","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html","http://marc.info/?l=bugtraq&m=137891988921058&w=2","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","https://exchange.xforce.ibmcloud.com/vulnerabilities/82598","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"],"reported" => "2013-03-14","severity" => undef},{"affected_versions" => [">=5.10.0,<5.12.0"],"cves" => ["CVE-2011-0761"],"description" => "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.\n","distribution" => "perl","fixed_versions" => [">=5.12.0"],"id" => "CPANSA-perl-2011-0761","references" => ["http://www.securityfocus.com/bid/47766","http://securitytracker.com/id?1025507","http://www.toucan-system.com/advisories/tssa-2011-03.txt","http://securityreason.com/securityalert/8248","https://exchange.xforce.ibmcloud.com/vulnerabilities/67355","http://www.securityfocus.com/archive/1/517916/100/0/threaded"],"reported" => "2011-05-13","severity" => undef},{"affected_versions" => ["<=5.14.0"],"cves" => ["CVE-2010-4777"],"description" => "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.\n","distribution" => "perl","fixed_versions" => [">5.14.0"],"id" => "CPANSA-perl-2010-4777","references" => ["http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html","https://bugzilla.redhat.com/show_bug.cgi?id=694166","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836","https://rt.perl.org/Public/Bug/Display.html?id=76538","https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html","http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html","http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"],"reported" => "2014-02-10","severity" => undef},{"affected_versions" => ["<5.10.0"],"cves" => ["CVE-2010-1158"],"description" => "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.\n","distribution" => "perl","fixed_versions" => [">=5.10.0"],"id" => "CPANSA-perl-2010-1158","references" => ["http://bugs.gentoo.org/show_bug.cgi?id=313565","http://www.openwall.com/lists/oss-security/2010/04/14/3","http://perldoc.perl.org/perl5100delta.html","http://www.openwall.com/lists/oss-security/2010/04/08/9","https://bugzilla.redhat.com/show_bug.cgi?id=580605","http://secunia.com/advisories/55314"],"reported" => "2010-04-20","severity" => undef},{"affected_versions" => ["<=5.10.1"],"cves" => ["CVE-2009-3626"],"description" => "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.\n","distribution" => "perl","fixed_versions" => [">5.10.1"],"id" => "CPANSA-perl-2009-3626","references" => ["http://securitytracker.com/id?1023077","http://www.vupen.com/english/advisories/2009/3023","http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4","http://www.securityfocus.com/bid/36812","https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225","http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/","http://www.osvdb.org/59283","http://www.openwall.com/lists/oss-security/2009/10/23/8","http://secunia.com/advisories/37144","http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973","https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"],"reported" => "2009-10-29","severity" => undef},{"affected_versions" => ["<=5.8.8"],"cves" => ["CVE-2008-1927"],"description" => "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.  NOTE: this issue might only be present on certain operating systems.\n","distribution" => "perl","fixed_versions" => [">5.8.8"],"id" => "CPANSA-perl-2008-1927","references" => ["http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792","http://www.debian.org/security/2008/dsa-1556","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html","https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html","http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml","http://www.securityfocus.com/bid/28928","http://secunia.com/advisories/29948","http://secunia.com/advisories/30025","http://secunia.com/advisories/30326","http://www.securitytracker.com/id?1020253","http://www.redhat.com/support/errata/RHSA-2008-0522.html","http://secunia.com/advisories/30624","http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm","http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://secunia.com/advisories/31467","http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","http://secunia.com/advisories/31604","http://secunia.com/advisories/31208","http://secunia.com/advisories/31328","http://www.vmware.com/security/advisories/VMSA-2008-0013.html","http://www.redhat.com/support/errata/RHSA-2008-0532.html","http://secunia.com/advisories/31687","http://osvdb.org/44588","http://www.mandriva.com/security/advisories?name=MDVSA-2008:100","http://www.ubuntu.com/usn/usn-700-1","http://secunia.com/advisories/33314","http://wiki.rpath.com/Advisories:rPSA-2009-0011","http://www.ubuntu.com/usn/usn-700-2","http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html","http://secunia.com/advisories/33937","http://support.apple.com/kb/HT3438","http://www.vupen.com/english/advisories/2009/0422","http://www.vupen.com/english/advisories/2008/2361","http://www.vupen.com/english/advisories/2008/2424","http://www.vupen.com/english/advisories/2008/2265/references","https://exchange.xforce.ibmcloud.com/vulnerabilities/41996","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579","http://www.securityfocus.com/archive/1/500210/100/0/threaded"],"reported" => "2008-04-24","severity" => undef},{"affected_versions" => ["<5.10.0"],"cves" => ["CVE-2005-3962"],"description" => "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.\n","distribution" => "perl","fixed_versions" => [">=5.10.1"],"id" => "CPANSA-perl-2005-3962","references" => ["http://www.dyadsecurity.com/perl-0002.html","http://www.kb.cert.org/vuls/id/948385","http://www.securityfocus.com/bid/15629","http://secunia.com/advisories/17802","http://secunia.com/advisories/17844","http://secunia.com/advisories/17762","http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html","http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml","http://www.trustix.org/errata/2005/0070","http://secunia.com/advisories/17941","http://secunia.com/advisories/17952","http://www.redhat.com/support/errata/RHSA-2005-880.html","http://www.novell.com/linux/security/advisories/2005_71_perl.html","http://secunia.com/advisories/18183","http://secunia.com/advisories/18187","http://www.redhat.com/support/errata/RHSA-2005-881.html","http://secunia.com/advisories/18075","http://www.openbsd.org/errata37.html#perl","http://secunia.com/advisories/18295","ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch","http://www.osvdb.org/21345","http://www.osvdb.org/22255","ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U","http://secunia.com/advisories/18517","http://secunia.com/advisories/17993","https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1","http://secunia.com/advisories/19041","http://www.debian.org/security/2006/dsa-943","http://secunia.com/advisories/18413","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm","http://www.novell.com/linux/security/advisories/2005_29_sr.html","http://secunia.com/advisories/20894","http://docs.info.apple.com/article.html?artnum=304829","http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html","http://www.us-cert.gov/cas/techalerts/TA06-333A.html","http://secunia.com/advisories/23155","http://www.mandriva.com/security/advisories?name=MDKSA-2005:225","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://secunia.com/advisories/31208","http://www.vupen.com/english/advisories/2006/2613","http://www.vupen.com/english/advisories/2006/0771","http://www.vupen.com/english/advisories/2006/4750","ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch","http://www.vupen.com/english/advisories/2005/2688","http://marc.info/?l=full-disclosure&m=113342788118630&w=2","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598","https://usn.ubuntu.com/222-1/","http://www.securityfocus.com/archive/1/438726/100/0/threaded","http://www.securityfocus.com/archive/1/418333/100/0/threaded"],"reported" => "2005-12-01","severity" => undef},{"affected_versions" => ["==5.8.0"],"cves" => ["CVE-2005-0156"],"description" => "Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.\n","distribution" => "perl","fixed_versions" => [">=5.8.1"],"id" => "CPANSA-perl-2005-0156","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://www.trustix.org/errata/2005/0003/","http://www.securityfocus.com/bid/12426","http://secunia.com/advisories/14120","http://fedoranews.org/updates/FEDORA--.shtml","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://www.mandriva.com/security/advisories?name=MDKSA-2005:031","http://secunia.com/advisories/55314","http://marc.info/?l=bugtraq&m=110737149402683&w=2","http://marc.info/?l=full-disclosure&m=110779721503111&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/19208","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803","http://www.digitalmunition.com/DMA[2005-0131b].txt"],"reported" => "2005-02-07","severity" => undef},{"affected_versions" => ["==5.8.0"],"cves" => ["CVE-2005-0155"],"description" => "The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.\n","distribution" => "perl","fixed_versions" => [">=5.8.1"],"id" => "CPANSA-perl-2005-0155","references" => ["http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml","http://www.redhat.com/support/errata/RHSA-2005-103.html","http://www.redhat.com/support/errata/RHSA-2005-105.html","http://www.trustix.org/errata/2005/0003/","http://www.securityfocus.com/bid/12426","http://secunia.com/advisories/14120","http://fedoranews.org/updates/FEDORA--.shtml","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056","http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm","http://secunia.com/advisories/21646","http://www.mandriva.com/security/advisories?name=MDKSA-2005:031","http://marc.info/?l=bugtraq&m=110737149402683&w=2","http://marc.info/?l=full-disclosure&m=110779723332339&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/19207","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404","http://www.digitalmunition.com/DMA[2005-0131a].txt"],"reported" => "2005-05-02","severity" => undef},{"affected_versions" => ["<=5.8.8"],"cves" => ["CVE-2007-5116"],"description" => "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.\n","distribution" => "perl","fixed_versions" => [">5.8.8"],"id" => "CPANSA-perl-2007-5116","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=323571","http://www.mandriva.com/security/advisories?name=MDKSA-2007:207","http://www.redhat.com/support/errata/RHSA-2007-0966.html","http://www.redhat.com/support/errata/RHSA-2007-1011.html","http://www.securityfocus.com/bid/26350","http://secunia.com/advisories/27531","http://secunia.com/advisories/27546","https://bugzilla.redhat.com/show_bug.cgi?id=378131","https://issues.rpath.com/browse/RPL-1813","http://www.debian.org/security/2007/dsa-1400","http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml","http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html","http://www.novell.com/linux/security/advisories/2007_24_sr.html","http://www.ubuntu.com/usn/usn-552-1","http://securitytracker.com/id?1018899","http://secunia.com/advisories/27479","http://secunia.com/advisories/27515","http://secunia.com/advisories/27548","http://secunia.com/advisories/27613","http://secunia.com/advisories/27570","http://secunia.com/advisories/27936","http://docs.info.apple.com/article.html?artnum=307179","ftp://aix.software.ibm.com/aix/efixes/security/README","http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220","http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244","http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","http://www.us-cert.gov/cas/techalerts/TA07-352A.html","http://secunia.com/advisories/28167","http://lists.vmware.com/pipermail/security-announce/2008/000002.html","http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm","http://secunia.com/advisories/28368","http://secunia.com/advisories/28387","http://secunia.com/advisories/27756","http://www.vmware.com/security/advisories/VMSA-2008-0001.html","http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1","http://secunia.com/advisories/28993","http://secunia.com/advisories/29074","http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1","http://secunia.com/advisories/31208","http://www.ipcop.org/index.php?name=News&file=article&sid=41","http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1","http://www.vupen.com/english/advisories/2007/4238","http://www.vupen.com/english/advisories/2008/0064","http://www.vupen.com/english/advisories/2008/0641","http://www.vupen.com/english/advisories/2007/3724","http://www.vupen.com/english/advisories/2007/4255","http://marc.info/?l=bugtraq&m=120352263023774&w=2","https://exchange.xforce.ibmcloud.com/vulnerabilities/38270","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669","http://www.securityfocus.com/archive/1/486859/100/0/threaded","http://www.securityfocus.com/archive/1/485936/100/0/threaded","http://www.securityfocus.com/archive/1/483584/100/0/threaded","http://www.securityfocus.com/archive/1/483563/100/0/threaded"],"reported" => "2007-11-07","severity" => undef},{"affected_versions" => ["<5.16.0"],"cves" => ["CVE-2012-5195"],"description" => "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.\n","distribution" => "perl","fixed_versions" => [">=5.16.0"],"id" => "CPANSA-perl-2012-5195","references" => ["http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44","http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html","http://www.securityfocus.com/bid/56287","http://www.openwall.com/lists/oss-security/2012/10/27/1","http://secunia.com/advisories/51457","http://www.openwall.com/lists/oss-security/2012/10/26/2","http://www.ubuntu.com/usn/USN-1643-1","http://www.debian.org/security/2012/dsa-2586","http://rhn.redhat.com/errata/RHSA-2013-0685.html","http://secunia.com/advisories/55314","http://www.mandriva.com/security/advisories?name=MDVSA-2013:113","https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673"],"reported" => "2012-12-18","severity" => undef},{"affected_versions" => ["<5.22.1"],"cves" => ["CVE-2016-2381"],"description" => "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.\n","distribution" => "perl","fixed_versions" => [">=5.22.1"],"id" => "CPANSA-perl-2016-2381","references" => ["http://www.gossamer-threads.com/lists/perl/porters/326387","http://www.debian.org/security/2016/dsa-3501","http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.securityfocus.com/bid/83802","http://www.ubuntu.com/usn/USN-2916-1","http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html","https://security.gentoo.org/glsa/201701-75","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2016-04-08","severity" => "high"},{"affected_versions" => ["==5.8.1"],"cves" => ["CVE-2003-0900"],"description" => "Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.\n","distribution" => "perl","fixed_versions" => [">5.8.1"],"id" => "CPANSA-perl-2003-0900","references" => ["https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711"],"reported" => "2003-12-31","severity" => undef},{"affected_versions" => ["<5.20.0"],"cves" => ["CVE-2013-7422"],"description" => "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.\n","distribution" => "perl","fixed_versions" => [">=5.20"],"id" => "CPANSA-perl-2013-7422","references" => ["http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html","https://support.apple.com/kb/HT205031","http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06","http://www.securityfocus.com/bid/75704","http://www.ubuntu.com/usn/USN-2916-1","https://security.gentoo.org/glsa/201507-11"],"reported" => "2015-08-16","severity" => undef},{"affected_versions" => ["<5.22.2"],"cves" => ["CVE-2015-8608"],"description" => "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.\n","distribution" => "perl","fixed_versions" => [">=5.22.2"],"id" => "CPANSA-perl-2015-8608","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=126755","https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"reported" => "2017-02-07","severity" => "critical"},{"affected_versions" => ["<5.14.0"],"cves" => ["CVE-2011-1487"],"description" => "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.\n","distribution" => "perl","fixed_versions" => [">=5.14.0"],"id" => "CPANSA-perl-2011-1487","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=692844","http://openwall.com/lists/oss-security/2011/04/01/3","http://openwall.com/lists/oss-security/2011/04/04/35","https://bugzilla.redhat.com/show_bug.cgi?id=692898","http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336","http://secunia.com/advisories/43921","http://www.securityfocus.com/bid/47124","http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99","http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html","http://secunia.com/advisories/44168","http://www.debian.org/security/2011/dsa-2265","http://www.mandriva.com/security/advisories?name=MDVSA-2011:091","http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"],"reported" => "2011-04-11","severity" => undef},{"affected_versions" => ["<5.4.4"],"cves" => ["CVE-1999-1386"],"description" => "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.\n","distribution" => "perl","fixed_versions" => [">5.4.4"],"id" => "CPANSA-perl-1999-1386","references" => ["http://www.redhat.com/support/errata/rh50-errata-general.html#perl","http://www.iss.net/security_center/static/7243.php","http://marc.info/?l=bugtraq&m=88932165406213&w=2"],"reported" => "1999-12-31","severity" => undef},{"affected_versions" => [">=5.24.0,<5.24.3","==5.26.0"],"cves" => ["CVE-2017-12814"],"description" => "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.\n","distribution" => "perl","fixed_versions" => [">=5.26.1"],"id" => "CPANSA-perl-2017-12814","references" => ["https://rt.perl.org/Public/Bug/Display.html?id=131665","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1","https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1","http://www.securityfocus.com/bid/101051","https://security.netapp.com/advisory/ntap-20180426-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://perldoc.perl.org/perl5243delta","https://github.com/Perl/perl5/issues/16051","https://perldoc.perl.org/perl5261delta","https://perldoc.perl.org/perl5280delta"],"reported" => "2017-09-28","severity" => "critical"},{"affected_versions" => ["==5.34.0"],"cves" => ["CVE-2022-48522"],"description" => "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.\n","distribution" => "perl","fixed_versions" => [">=5.34.1"],"id" => "CPANSA-perl-2022-48522","references" => ["https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48522","https://security.netapp.com/advisory/ntap-20230915-0008/","https://ubuntu.com/security/CVE-2022-48522"],"reported" => "2023-08-22","severity" => undef},{"affected_versions" => [">=5.30.0,<5.34.3",">=5.36.0,<5.36.3","==5.38.0"],"cves" => ["CVE-2023-47038"],"description" => "A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one attacker controlled byte buffer overflow in a heap allocated buffer\n","distribution" => "perl","fixed_versions" => ["==5.34.3","==5.36.3","==5.38.1"],"id" => "CPANSA-perl-2023-47038","references" => ["https://perldoc.perl.org/perl5342delta","https://perldoc.perl.org/perl5363delta","https://perldoc.perl.org/perl5381delta","https://perldoc.perl.org/perl5382delta","https://perldoc.perl.org/perl5400delta"],"reported" => "2023-10-30","severity" => undef},{"affected_versions" => ["<5.34.2",">=5.36.0,<5.36.3","==5.38.0"],"cves" => ["CVE-2023-47039"],"description" => "Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory.\n\nAn attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.\n","distribution" => "perl","fixed_versions" => [">=5.38.1"],"id" => "CPANSA-perl-2023-47039","references" => ["https://github.com/ycdxsb/WindowsPrivilegeEscalation","https://perldoc.perl.org/perl5342delta","https://perldoc.perl.org/perl5363delta","https://perldoc.perl.org/perl5381delta","https://perldoc.perl.org/perl5382delta","https://perldoc.perl.org/perl5400delta"],"reported" => "2023-10-30","severity" => undef},{"affected_versions" => ["<5.34.3",">=5.36.0,<5.36.3",">=5.38.0,<5.38.2"],"cves" => ["CVE-2023-47100"],"description" => "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.\n","distribution" => "perl","fixed_versions" => [">=5.38.2"],"id" => "CPANSA-perl-2023-47100","references" => ["https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3","https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010","https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"],"reported" => undef,"severity" => undef},{"affected_versions" => [">0,<5.38.4",">=5.40.0,<5.40.2"],"cves" => ["CVE-2024-56406"],"description" => "A heap buffer overflow vulnerability was discovered in Perl.   When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.  \x{a0} \x{a0}\$ perl -e '\$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;'  \x{a0} \x{a0}Segmentation fault (core dumped)  It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.","distribution" => "perl","fixed_versions" => [">=5.40.1",">=5.38.4,<5.40.0"],"id" => "CPANSA-perl-2024-56406","references" => ["https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch","https://metacpan.org/release/SHAY/perl-5.38.4/changes","https://metacpan.org/release/SHAY/perl-5.40.2/changes","http://www.openwall.com/lists/oss-security/2025/04/13/3","http://www.openwall.com/lists/oss-security/2025/04/13/4"],"reported" => "2025-04-13","severity" => undef},{"affected_versions" => [">=5.16.3,<5.38.5",">=5.40.0,<5.40.3",">=5.41.0,<5.41.13"],"cves" => ["CVE-2025-40909"],"description" => "Perl threads have a working directory race condition where file operations may target unintended paths.  If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\x{a0}that handle for the new thread, which is visible from any third (or\x{a0}more) thread already running.   This may lead to unintended operations\x{a0}such as loading code or accessing files from unexpected locations,\x{a0}which a local attacker may be able to exploit.  The bug was introduced in commit\x{a0}11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6","distribution" => "perl","fixed_versions" => [">=5.41.13",">=5.38.5,<5.40.0",">=5.40.3"],"id" => "CPANSA-perl-2025-40909","references" => ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226","https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e","https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch","https://github.com/Perl/perl5/issues/10387","https://github.com/Perl/perl5/issues/23010","https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads","https://www.openwall.com/lists/oss-security/2025/05/22/2","http://www.openwall.com/lists/oss-security/2025/05/23/1","http://www.openwall.com/lists/oss-security/2025/05/30/4"],"reported" => "2025-05-30","severity" => undef},{"affected_versions" => [">=4.0,<5.4.0"],"cves" => ["CVE-1999-0034"],"description" => "Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-1999-0034","references" => ["https://exchange.xforce.ibmcloud.com/vulnerabilities/448","https://www.cpan.org/src/5.0/CA-97.17.sperl"],"reported" => "1997-05-29","severity" => undef},{"affected_versions" => [">=4.0,<5.6.0"],"cves" => ["CVE-1999-0462"],"description" => "suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-1999-0462","references" => ["http://www.securityfocus.com/bid/339"],"reported" => "1999-03-17","severity" => undef},{"affected_versions" => ["<5.6.1"],"cves" => ["CVE-2000-0703"],"description" => "suidperl (aka sperl) does not properly cleanse the escape sequence \"~!\" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the \"interactive\" environmental variable and calling suidperl with a filename that contains the escape sequence.\n","distribution" => "perl","fixed_versions" => [],"id" => "CPANSA-sperl-2000-0703","references" => ["http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html","http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt","http://www.securityfocus.com/bid/1547","http://www.novell.com/linux/security/advisories/suse_security_announce_59.html","http://www.redhat.com/support/errata/RHSA-2000-048.html","http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html","http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html","https://www.cpan.org/src/5.0/sperl-2000-08-05/sperl-2000-08-05.txt"],"reported" => "2000-10-20","severity" => undef}],"main_module" => "perl","versions" => [{"date" => "1996-02-03T07:48:14","version" => "5.002"},{"date" => "1996-08-08T23:13:50","version" => "5.003_02"},{"date" => "1996-08-10T19:07:27","version" => "5.003_02"},{"date" => "1996-08-28T16:43:47","version" => "5.003_03"},{"date" => "1996-09-02T23:25:30","version" => "5.003_04"},{"date" => "1996-09-12T20:10:42","version" => "5.003_05"},{"date" => "1996-10-08T21:59:27","version" => "5.003_06"},{"date" => "1996-10-11T03:39:44","version" => "5.003_07"},{"date" => "1996-11-19T07:27:23","version" => "5.003_08"},{"date" => "1996-11-26T09:46:17","version" => "5.003_09"},{"date" => "1996-11-30T01:22:23","version" => "5.003_10"},{"date" => "1996-12-06T09:08:18","version" => "5.003_11"},{"date" => "1996-12-19T04:59:47","version" => "5.003_12"},{"date" => "1996-12-20T02:59:16","version" => "5.003_13"},{"date" => "1996-12-23T22:09:26","version" => "5.003_15"},{"date" => "1996-12-24T23:22:02","version" => "5.003_16"},{"date" => "1996-12-27T20:20:05","version" => "5.003_17"},{"date" => "1996-12-31T21:35:40","version" => "5.003_18"},{"date" => "1997-01-04T06:02:28","version" => "5.003_19"},{"date" => "1997-01-08T02:15:49","version" => "5.003_20"},{"date" => "1997-01-15T23:12:15","version" => "5.003_21"},{"date" => "1997-01-16T20:04:16","version" => "5.003_22"},{"date" => "1997-01-25T10:04:29","version" => "5.003_23"},{"date" => "1997-01-29T06:05:11","version" => "5.003_24"},{"date" => "1997-02-04T05:41:02","version" => "5.003_25"},{"date" => "1997-02-10T19:37:44","version" => "5.003_26"},{"date" => "1997-02-18T01:13:23","version" => "5.003_27"},{"date" => "1997-02-21T17:17:57","version" => "5.003_28"},{"date" => "1997-02-25T03:29:59","version" => "5.003_90"},{"date" => "1997-03-01T08:08:54","version" => "5.003_91"},{"date" => "1997-03-06T18:24:17","version" => "5.003_92"},{"date" => "1997-03-10T12:06:55","version" => "5.003_93"},{"date" => "1997-03-22T05:43:00","version" => "5.003_94"},{"date" => "1997-03-25T19:52:24","version" => "5.003_95"},{"date" => "1997-04-01T00:50:13","version" => "5.003_96"},{"date" => "1997-04-03T00:50:37","version" => "5.003_97"},{"date" => "1997-04-24T00:56:53","version" => "5.003_97"},{"date" => "1997-04-25T03:44:34","version" => "5.003_97"},{"date" => "1997-04-28T20:33:01","version" => "5.003_97"},{"date" => "1997-04-30T15:40:09","version" => "5.003_98"},{"date" => "1997-05-01T18:40:08","version" => "5.003_99"},{"date" => "1997-05-09T05:37:58","version" => "5.003_99"},{"date" => "1997-05-15T22:54:01","version" => "5.004"},{"date" => "1997-06-13T15:08:00","version" => "5.004_01"},{"date" => "1997-08-07T20:07:25","version" => "5.004_02"},{"date" => "1997-09-05T17:46:00","version" => "5.004_03"},{"date" => "1997-09-05T18:13:00","version" => "5.004"},{"date" => "1997-09-19T18:22:20","version" => "5.004"},{"date" => "1997-09-23T06:21:18","version" => "5.004"},{"date" => "1997-10-02T16:49:00","version" => "5.004_51"},{"date" => "1997-10-09T23:16:38","version" => "5.004"},{"date" => "1997-10-14T19:19:40","version" => "5.004"},{"date" => "1997-10-15T16:17:00","version" => "5.004_52"},{"date" => "1997-10-15T16:28:24","version" => "5.004_04"},{"date" => "1997-10-16T16:24:00","version" => "5.004_53"},{"date" => "1997-11-14T17:04:00","version" => "5.004_54"},{"date" => "1997-11-25T17:17:00","version" => "5.004_55"},{"date" => "1997-12-18T16:20:00","version" => "5.004_56"},{"date" => "1998-02-03T15:06:00","version" => "5.004_57"},{"date" => "1998-02-06T17:25:00","version" => "5.004_58"},{"date" => "1998-02-13T16:42:00","version" => "5.004_59"},{"date" => "1998-02-20T17:42:00","version" => "5.004_60"},{"date" => "1998-02-27T17:55:00","version" => "5.004_61"},{"date" => "1998-03-04T19:46:42","version" => "5.004"},{"date" => "1998-03-06T15:27:00","version" => "5.004_62"},{"date" => "1998-03-17T15:29:00","version" => "5.004_63"},{"date" => "1998-04-03T15:44:00","version" => "5.004_64"},{"date" => "1998-05-01T23:37:24","version" => "5.004_04"},{"date" => "1998-05-15T15:57:00","version" => "5.004_65"},{"date" => "1998-05-15T23:46:53","version" => "5.004_04"},{"date" => "1998-05-19T23:51:10","version" => "5.004_04"},{"date" => "1998-05-29T15:23:00","version" => "5.004_66"},{"date" => "1998-06-15T11:47:27","version" => "5.004_67"},{"date" => "1998-06-23T11:50:59","version" => "5.004_68"},{"date" => "1998-06-29T09:42:04","version" => "5.004_69"},{"date" => "1998-07-06T08:22:24","version" => "5.004_70"},{"date" => "1998-07-09T13:47:36","version" => "5.004_71"},{"date" => "1998-07-12T13:32:41","version" => "5.004_72"},{"date" => "1998-07-13T09:17:14","version" => "5.004_73"},{"date" => "1998-07-14T10:31:15","version" => "5.004_74"},{"date" => "1998-07-15T11:29:51","version" => "5.005"},{"date" => "1998-07-21T05:16:24","version" => "5.004_05"},{"date" => "1998-07-21T11:36:27","version" => "5.005"},{"date" => "1998-07-23T00:55:19","version" => "5.005"},{"date" => "1998-07-26T06:20:30","version" => "5.005_50"},{"date" => "1998-07-27T00:16:22","version" => "5.005_01"},{"date" => "1998-08-02T10:32:29","version" => "5.005_02"},{"date" => "1998-08-05T10:49:59","version" => "5.005_02"},{"date" => "1998-08-08T05:46:05","version" => "5.005_02"},{"date" => "1998-08-10T08:33:23","version" => "5.005_51"},{"date" => "1998-09-25T11:59:38","version" => "5.005_52"},{"date" => "1998-10-09T17:05:49","version" => "5.004_05"},{"date" => "1998-10-31T12:32:20","version" => "5.005_53"},{"date" => "1998-11-22T23:06:16","version" => "5.004_05"},{"date" => "1998-11-30T03:26:39","version" => "5.005_03"},{"date" => "1998-11-30T04:29:11","version" => "5.005_54"},{"date" => "1998-12-03T17:22:19","version" => "5.004_05"},{"date" => "1999-01-03T20:44:49","version" => "5.005_03"},{"date" => "1999-01-17T18:28:14","version" => "5.005_03"},{"date" => "1999-01-26T04:39:36","version" => "5.005_03"},{"date" => "1999-01-29T05:03:44","version" => "5.005_03"},{"date" => "1999-02-16T07:11:42","version" => "5.005_55"},{"date" => "1999-03-01T05:38:00","version" => "5.005_56"},{"date" => "1999-03-05T02:22:53","version" => "5.005_03"},{"date" => "1999-03-29T00:50:43","version" => "5.005_03"},{"date" => "1999-04-27T00:23:40","version" => "5.004_05"},{"date" => "1999-04-29T20:04:24","version" => "5.004_05"},{"date" => "1999-05-25T10:36:40","version" => "5.005_57"},{"date" => "1999-07-27T11:00:38","version" => "5.005_58"},{"date" => "1999-08-02T08:52:25","version" => "5.005_59"},{"date" => "1999-08-02T21:13:44","version" => "5.005_60"},{"date" => "1999-08-22T20:40:16","version" => "5.005_61"},{"date" => "1999-10-15T10:36:17","version" => "5.005_62"},{"date" => "1999-12-09T11:38:49","version" => "5.005_63"},{"date" => "2000-02-02T13:06:00","version" => "v5.5.640"},{"date" => "2000-02-08T08:37:47","version" => "v5.5.650"},{"date" => "2000-02-22T11:41:34","version" => "v5.5.660"},{"date" => "2000-03-01T07:34:59","version" => "v5.5.670"},{"date" => "2000-03-23T06:06:13","version" => "v5.6.0"},{"date" => "2000-09-02T18:07:32","version" => "v5.7.0"},{"date" => "2000-12-18T10:12:29","version" => "v5.6.1"},{"date" => "2001-01-31T16:18:51","version" => "v5.6.1"},{"date" => "2001-03-19T09:36:57","version" => "v5.6.1"},{"date" => "2001-04-09T04:47:17","version" => "v5.6.1"},{"date" => "2001-04-10T02:54:00","version" => "v5.7.1"},{"date" => "2001-07-13T14:50:55","version" => "v5.7.2"},{"date" => "2002-03-05T05:00:31","version" => "v5.7.3"},{"date" => "2002-06-01T19:09:00","version" => "v5.8.0"},{"date" => "2002-06-21T14:56:35","version" => "v5.8.0"},{"date" => "2002-07-14T00:26:18","version" => "v5.8.0"},{"date" => "2002-07-18T23:32:56","version" => "v5.8.0"},{"date" => "2003-07-10T06:52:39","version" => "v5.8.1"},{"date" => "2003-07-11T12:23:20","version" => "v5.8.1"},{"date" => "2003-07-30T20:28:59","version" => "v5.8.1"},{"date" => "2003-08-01T15:49:36","version" => "v5.8.1"},{"date" => "2003-09-22T09:14:19","version" => "v5.8.1"},{"date" => "2003-09-25T11:49:06","version" => "v5.8.1"},{"date" => "2003-10-27T02:59:51","version" => "5.009"},{"date" => "2003-10-27T23:40:16","version" => "5.008001"},{"date" => "2003-11-03T09:03:41","version" => "5.008001"},{"date" => "2003-11-05T23:34:05","version" => "5.008001"},{"date" => "2003-11-08T15:53:25","version" => "v5.6.2"},{"date" => "2003-11-15T12:53:43","version" => "v5.6.2"},{"date" => "2003-12-05T16:42:45","version" => "5.005_03"},{"date" => "2004-01-07T14:40:01","version" => "5.008001"},{"date" => "2004-01-14T19:03:21","version" => "5.008003"},{"date" => "2004-01-20T21:48:04","version" => "5.005_03"},{"date" => "2004-01-27T21:18:43","version" => "5.005_03"},{"date" => "2004-02-04T22:55:06","version" => "5.005_04"},{"date" => "2004-02-18T14:20:15","version" => "5.005"},{"date" => "2004-02-23T14:02:10","version" => "5.005"},{"date" => "2004-03-16T19:35:25","version" => "5.009001"},{"date" => "2004-04-05T21:27:48","version" => "5.008003"},{"date" => "2004-04-15T22:59:51","version" => "5.008003"},{"date" => "2004-04-21T23:03:10","version" => "5.008003"},{"date" => "2004-07-06T21:41:21","version" => "5.008005"},{"date" => "2004-07-08T21:55:05","version" => "5.008005"},{"date" => "2004-07-19T21:56:20","version" => "5.008005"},{"date" => "2004-11-11T19:56:33","version" => "5.008006"},{"date" => "2004-11-27T23:56:17","version" => "5.008006"},{"date" => "2005-04-01T09:53:24","version" => "5.009002"},{"date" => "2005-05-18T16:35:37","version" => "5.008007"},{"date" => "2005-05-30T22:19:23","version" => "5.008007"},{"date" => "2006-01-20T10:09:18","version" => "5.008008"},{"date" => "2006-01-28T11:11:38","version" => "5.009003"},{"date" => "2006-02-01T00:00:59","version" => "5.008008"},{"date" => "2006-08-15T13:48:30","version" => "5.009004"},{"date" => "2007-07-07T16:13:57","version" => "5.009005"},{"date" => "2007-11-17T15:31:20","version" => "5.009005"},{"date" => "2007-11-25T18:22:18","version" => "5.010000"},{"date" => "2007-12-18T17:41:41","version" => "5.010000"},{"date" => "2008-11-10T23:14:59","version" => "5.008009"},{"date" => "2008-12-06T22:50:35","version" => "5.008009"},{"date" => "2008-12-14T23:08:28","version" => "5.008009"},{"date" => "2009-08-06T16:11:03","version" => "5.010001"},{"date" => "2009-08-18T23:45:03","version" => "5.010001"},{"date" => "2009-08-23T14:21:38","version" => "5.010001"},{"date" => "2009-10-02T20:51:46","version" => "5.011000"},{"date" => "2009-10-20T17:51:38","version" => "5.011001"},{"date" => "2009-11-20T07:20:52","version" => "5.011002"},{"date" => "2009-12-21T04:49:14","version" => "5.011003"},{"date" => "2010-01-20T16:48:28","version" => "5.011004"},{"date" => "2010-02-21T00:45:26","version" => "5.011005"},{"date" => "2010-03-21T20:41:11","version" => "5.012000"},{"date" => "2010-03-29T18:29:49","version" => "5.012000"},{"date" => "2010-04-01T02:38:12","version" => "5.012000"},{"date" => "2010-04-03T02:40:48","version" => "5.012000"},{"date" => "2010-04-07T05:39:46","version" => "5.012000"},{"date" => "2010-04-10T03:46:04","version" => "5.012000"},{"date" => "2010-04-12T22:38:37","version" => "5.012000"},{"date" => "2010-04-20T20:06:02","version" => "5.013000"},{"date" => "2010-05-10T02:43:48","version" => "5.012001"},{"date" => "2010-05-13T22:31:41","version" => "5.012001"},{"date" => "2010-05-16T22:40:16","version" => "5.012001"},{"date" => "2010-05-20T14:03:45","version" => "5.013001"},{"date" => "2010-06-22T21:39:26","version" => "5.013002"},{"date" => "2010-07-20T10:23:23","version" => "5.013003"},{"date" => "2010-08-20T15:39:07","version" => "5.013004"},{"date" => "2010-08-31T16:48:01","version" => "5.012002"},{"date" => "2010-09-07T01:41:31","version" => "5.012002"},{"date" => "2010-09-19T21:22:47","version" => "5.013005"},{"date" => "2010-10-21T01:41:01","version" => "5.013006"},{"date" => "2010-11-21T01:14:06","version" => "5.013007"},{"date" => "2010-12-19T23:06:25","version" => "5.013008"},{"date" => "2011-01-10T02:12:53","version" => "5.012003"},{"date" => "2011-01-15T04:05:30","version" => "5.012003"},{"date" => "2011-01-18T02:13:17","version" => "5.012003"},{"date" => "2011-01-21T01:42:07","version" => "5.013009"},{"date" => "2011-01-22T03:35:35","version" => "5.012003"},{"date" => "2011-02-20T19:18:02","version" => "5.013010"},{"date" => "2011-03-20T19:49:16","version" => "5.013011"},{"date" => "2011-04-20T11:53:32","version" => "5.014000"},{"date" => "2011-05-04T16:42:27","version" => "5.014000"},{"date" => "2011-05-11T15:49:42","version" => "5.014000"},{"date" => "2011-05-14T20:34:05","version" => "5.014000"},{"date" => "2011-06-08T13:19:36","version" => "5.012004"},{"date" => "2011-06-09T23:48:04","version" => "5.014001"},{"date" => "2011-06-15T17:00:36","version" => "5.012004"},{"date" => "2011-06-17T02:42:01","version" => "5.014001"},{"date" => "2011-06-20T10:41:26","version" => "5.012004"},{"date" => "2011-06-20T23:26:37","version" => "5.015000"},{"date" => "2011-07-20T21:15:08","version" => "5.015001"},{"date" => "2011-08-21T00:05:23","version" => "5.015002"},{"date" => "2011-09-19T11:23:55","version" => "5.014002"},{"date" => "2011-09-21T03:05:05","version" => "5.015003"},{"date" => "2011-09-26T14:56:49","version" => "5.014002"},{"date" => "2011-10-20T21:17:45","version" => "5.015004"},{"date" => "2011-11-20T20:41:00","version" => "5.015005"},{"date" => "2011-12-20T17:55:58","version" => "5.015006"},{"date" => "2012-01-20T20:08:28","version" => "5.015007"},{"date" => "2012-02-20T22:38:13","version" => "5.015008"},{"date" => "2012-03-20T19:16:38","version" => "5.015009"},{"date" => "2012-05-11T03:41:02","version" => "5.016000"},{"date" => "2012-05-15T02:51:48","version" => "5.016000"},{"date" => "2012-05-16T03:22:59","version" => "5.016000"},{"date" => "2012-05-20T22:51:12","version" => "5.016000"},{"date" => "2012-05-26T16:24:02","version" => "5.017000"},{"date" => "2012-06-20T17:35:18","version" => "5.017001"},{"date" => "2012-07-20T14:27:59","version" => "5.017002"},{"date" => "2012-08-03T18:59:23","version" => "5.016001"},{"date" => "2012-08-08T22:30:11","version" => "5.016001"},{"date" => "2012-08-20T14:12:02","version" => "5.017003"},{"date" => "2012-09-20T00:39:08","version" => "5.017004"},{"date" => "2012-09-26T22:15:57","version" => "5.014003"},{"date" => "2012-10-10T19:46:29","version" => "5.014003"},{"date" => "2012-10-12T20:25:20","version" => "5.014003"},{"date" => "2012-10-20T16:31:11","version" => "5.017005"},{"date" => "2012-10-27T01:23:09","version" => "5.016002"},{"date" => "2012-11-01T13:44:07","version" => "5.016002"},{"date" => "2012-11-03T17:27:59","version" => "5.012005"},{"date" => "2012-11-08T21:12:17","version" => "5.012005"},{"date" => "2012-11-10T14:02:17","version" => "5.012005"},{"date" => "2012-11-21T00:08:12","version" => "5.017006"},{"date" => "2012-12-18T21:50:28","version" => "5.017007"},{"date" => "2013-01-20T18:48:45","version" => "5.017008"},{"date" => "2013-02-20T22:21:02","version" => "5.017009"},{"date" => "2013-03-05T17:03:49","version" => "5.014004"},{"date" => "2013-03-07T16:03:14","version" => "5.016003"},{"date" => "2013-03-07T19:52:52","version" => "5.014004"},{"date" => "2013-03-10T23:47:40","version" => "5.014004"},{"date" => "2013-03-11T21:08:33","version" => "5.016003"},{"date" => "2013-03-21T23:11:03","version" => "5.017010"},{"date" => "2013-04-21T00:52:16","version" => "5.017011"},{"date" => "2013-05-11T12:29:53","version" => "5.018000"},{"date" => "2013-05-12T23:14:51","version" => "5.018000"},{"date" => "2013-05-14T01:32:05","version" => "5.018000"},{"date" => "2013-05-16T02:53:44","version" => "5.018000"},{"date" => "2013-05-18T13:33:49","version" => "5.018000"},{"date" => "2013-05-20T13:12:38","version" => "5.019000"},{"date" => "2013-06-21T01:24:18","version" => "5.019001"},{"date" => "2013-07-22T05:59:35","version" => "5.019002"},{"date" => "2013-08-02T03:09:02","version" => "5.018001"},{"date" => "2013-08-04T12:34:33","version" => "5.018001"},{"date" => "2013-08-09T02:28:00","version" => "5.018001"},{"date" => "2013-08-12T14:31:08","version" => "5.018001"},{"date" => "2013-08-20T16:09:42","version" => "5.019003"},{"date" => "2013-09-20T15:58:20","version" => "5.019004"},{"date" => "2013-10-20T13:25:55","version" => "5.019005"},{"date" => "2013-11-20T20:37:20","version" => "5.019006"},{"date" => "2013-12-02T22:36:49","version" => "5.018002"},{"date" => "2013-12-07T13:55:43","version" => "5.018002"},{"date" => "2013-12-19T21:27:42","version" => "5.018002"},{"date" => "2013-12-20T20:55:37","version" => "5.019007"},{"date" => "2013-12-22T03:30:43","version" => "5.018002"},{"date" => "2014-01-07T01:52:57","version" => "5.018002"},{"date" => "2014-01-20T21:59:04","version" => "5.019008"},{"date" => "2014-02-20T04:24:45","version" => "5.019009"},{"date" => "2014-03-20T20:40:26","version" => "5.019010"},{"date" => "2014-04-20T15:47:12","version" => "5.019011"},{"date" => "2014-05-17T00:16:49","version" => "5.020000"},{"date" => "2014-05-27T01:35:13","version" => "5.020000"},{"date" => "2014-05-27T14:32:18","version" => "5.021000"},{"date" => "2014-06-20T15:31:10","version" => "5.021001"},{"date" => "2014-07-20T13:48:02","version" => "5.021002"},{"date" => "2014-08-21T02:26:13","version" => "5.021003"},{"date" => "2014-08-25T18:10:32","version" => "5.020001"},{"date" => "2014-09-07T17:01:11","version" => "5.020001"},{"date" => "2014-09-14T13:11:14","version" => "5.020001"},{"date" => "2014-09-17T20:29:53","version" => "5.018003"},{"date" => "2014-09-20T13:33:14","version" => "5.021004"},{"date" => "2014-09-27T12:54:08","version" => "5.018003"},{"date" => "2014-10-01T13:22:50","version" => "5.018003"},{"date" => "2014-10-02T00:48:31","version" => "5.018004"},{"date" => "2014-10-20T16:54:20","version" => "5.021005"},{"date" => "2014-11-20T23:39:06","version" => "5.021006"},{"date" => "2014-12-20T17:34:57","version" => "5.021007"},{"date" => "2015-01-20T20:20:05","version" => "5.021008"},{"date" => "2015-02-01T03:07:56","version" => "5.020002"},{"date" => "2015-02-14T18:26:43","version" => "5.020002"},{"date" => "2015-02-21T05:27:09","version" => "5.021009"},{"date" => "2015-03-20T18:30:20","version" => "5.021010"},{"date" => "2015-04-20T21:28:37","version" => "5.021011"},{"date" => "2015-05-19T14:12:19","version" => "5.022000"},{"date" => "2015-05-21T23:03:22","version" => "5.022000"},{"date" => "2015-06-01T17:51:59","version" => "5.022000"},{"date" => "2015-06-20T20:22:32","version" => "5.023000"},{"date" => "2015-07-20T19:26:31","version" => "5.023001"},{"date" => "2015-08-20T15:36:45","version" => "5.023002"},{"date" => "2015-08-22T22:12:34","version" => "5.020003"},{"date" => "2015-08-29T22:02:43","version" => "5.020003"},{"date" => "2015-09-12T19:09:14","version" => "5.020003"},{"date" => "2015-09-21T02:47:16","version" => "5.023003"},{"date" => "2015-10-20T22:17:48","version" => "5.023004"},{"date" => "2015-10-31T18:42:58","version" => "5.022001"},{"date" => "2015-11-15T15:15:03","version" => "5.022001"},{"date" => "2015-11-20T17:09:38","version" => "5.023005"},{"date" => "2015-12-02T22:07:35","version" => "5.022001"},{"date" => "2015-12-08T21:34:05","version" => "5.022001"},{"date" => "2015-12-13T19:48:31","version" => "5.022001"},{"date" => "2015-12-21T22:40:27","version" => "5.023006"},{"date" => "2016-01-20T21:52:22","version" => "5.023007"},{"date" => "2016-02-20T21:56:31","version" => "5.023008"},{"date" => "2016-03-20T16:45:40","version" => "5.023009"},{"date" => "2016-04-10T17:29:04","version" => "5.022002"},{"date" => "2016-04-14T03:27:48","version" => "5.024000"},{"date" => "2016-04-23T20:56:14","version" => "5.024000"},{"date" => "2016-04-27T01:02:55","version" => "5.024000"},{"date" => "2016-04-29T21:39:25","version" => "5.022002"},{"date" => "2016-05-02T14:41:03","version" => "5.024000"},{"date" => "2016-05-04T22:27:57","version" => "5.024000"},{"date" => "2016-05-09T11:35:29","version" => "5.024000"},{"date" => "2016-05-09T12:02:53","version" => "5.025000"},{"date" => "2016-05-20T21:33:43","version" => "5.025001"},{"date" => "2016-06-20T21:02:44","version" => "5.025002"},{"date" => "2016-07-17T22:27:32","version" => "5.022003"},{"date" => "2016-07-17T22:29:08","version" => "5.024001"},{"date" => "2016-07-20T16:22:41","version" => "5.025003"},{"date" => "2016-07-25T12:58:33","version" => "5.022003"},{"date" => "2016-07-25T13:01:21","version" => "5.024001"},{"date" => "2016-08-11T23:47:40","version" => "5.022003"},{"date" => "2016-08-11T23:50:29","version" => "5.024001"},{"date" => "2016-08-20T20:25:19","version" => "5.025004"},{"date" => "2016-09-20T17:45:06","version" => "5.025005"},{"date" => "2016-10-12T21:39:57","version" => "5.022003"},{"date" => "2016-10-12T21:40:57","version" => "5.024001"},{"date" => "2016-10-20T15:44:55","version" => "5.025006"},{"date" => "2016-11-20T21:20:07","version" => "5.025007"},{"date" => "2016-12-20T19:14:33","version" => "5.025008"},{"date" => "2017-01-02T18:54:51","version" => "5.022003"},{"date" => "2017-01-02T18:57:38","version" => "5.024001"},{"date" => "2017-01-14T20:04:05","version" => "5.022003"},{"date" => "2017-01-14T20:04:30","version" => "5.024001"},{"date" => "2017-01-20T15:25:43","version" => "5.025009"},{"date" => "2017-02-20T21:21:01","version" => "5.025010"},{"date" => "2017-03-20T20:56:49","version" => "5.025011"},{"date" => "2017-04-20T19:32:05","version" => "5.025012"},{"date" => "2017-05-11T17:07:17","version" => "5.026000"},{"date" => "2017-05-23T23:19:34","version" => "5.026000"},{"date" => "2017-05-30T19:42:51","version" => "5.026000"},{"date" => "2017-05-31T21:11:57","version" => "5.027000"},{"date" => "2017-06-20T06:39:54","version" => "5.027001"},{"date" => "2017-07-01T21:50:24","version" => "5.022004"},{"date" => "2017-07-01T21:50:55","version" => "5.024002"},{"date" => "2017-07-15T17:26:52","version" => "5.022004"},{"date" => "2017-07-15T17:29:00","version" => "5.024002"},{"date" => "2017-07-20T19:28:36","version" => "5.027002"},{"date" => "2017-08-21T20:43:51","version" => "5.027003"},{"date" => "2017-09-10T15:37:08","version" => "5.024003"},{"date" => "2017-09-10T15:38:22","version" => "5.026001"},{"date" => "2017-09-20T21:44:22","version" => "5.027004"},{"date" => "2017-09-22T21:29:50","version" => "5.024003"},{"date" => "2017-09-22T21:30:56","version" => "5.026001"},{"date" => "2017-10-20T22:08:15","version" => "5.027005"},{"date" => "2017-11-20T22:39:31","version" => "5.027006"},{"date" => "2017-12-20T22:58:25","version" => "5.027007"},{"date" => "2018-01-20T03:17:50","version" => "5.027008"},{"date" => "2018-02-20T20:46:45","version" => "5.027009"},{"date" => "2018-03-20T21:08:53","version" => "5.027010"},{"date" => "2018-03-24T19:33:50","version" => "5.024004"},{"date" => "2018-03-24T19:37:40","version" => "5.026002"},{"date" => "2018-04-14T11:25:22","version" => "5.024004"},{"date" => "2018-04-14T11:27:18","version" => "5.026002"},{"date" => "2018-04-20T15:10:52","version" => "5.027011"},{"date" => "2018-05-21T13:12:00","version" => "5.028000"},{"date" => "2018-06-06T12:34:00","version" => "5.028000"},{"date" => "2018-06-18T22:47:34","version" => "5.028000"},{"date" => "2018-06-19T20:45:05","version" => "5.028000"},{"date" => "2018-06-23T02:05:28","version" => "5.028000"},{"date" => "2018-06-26T21:25:53","version" => "5.029000"},{"date" => "2018-07-20T15:13:07","version" => "5.029001"},{"date" => "2018-08-20T21:04:27","version" => "5.029002"},{"date" => "2018-09-21T02:58:51","version" => "5.029003"},{"date" => "2018-10-20T14:20:56","version" => "5.029004"},{"date" => "2018-11-20T22:03:07","version" => "5.029005"},{"date" => "2018-11-29T19:03:17","version" => "5.026003"},{"date" => "2018-11-29T19:03:28","version" => "5.028001"},{"date" => "2018-11-30T22:02:29","version" => "5.026003"},{"date" => "2018-11-30T22:03:06","version" => "5.028001"},{"date" => "2018-12-18T12:26:18","version" => "5.029006"},{"date" => "2019-01-20T02:16:52","version" => "5.029007"},{"date" => "2019-02-21T05:30:00","version" => "5.029008"},{"date" => "2019-03-21T11:49:45","version" => "5.029009"},{"date" => "2019-04-05T19:46:23","version" => "5.028002"},{"date" => "2019-04-19T15:07:44","version" => "5.028002"},{"date" => "2019-04-20T18:11:45","version" => "5.029010"},{"date" => "2019-05-11T22:58:31","version" => "5.030000"},{"date" => "2019-05-17T20:44:42","version" => "5.030000"},{"date" => "2019-05-22T09:35:50","version" => "5.030000"},{"date" => "2019-05-24T19:28:47","version" => "5.031000"},{"date" => "2019-06-20T20:19:01","version" => "5.031001"},{"date" => "2019-07-20T17:01:20","version" => "5.031002"},{"date" => "2019-08-20T14:02:01","version" => "5.031003"},{"date" => "2019-09-20T21:27:31","version" => "5.031004"},{"date" => "2019-10-20T14:29:11","version" => "5.031005"},{"date" => "2019-10-27T16:29:27","version" => "5.030001"},{"date" => "2019-11-10T14:14:00","version" => "5.030001"},{"date" => "2019-11-20T22:14:49","version" => "5.031006"},{"date" => "2019-12-21T03:38:57","version" => "5.031007"},{"date" => "2020-01-20T17:17:53","version" => "5.031008"},{"date" => "2020-02-20T23:03:22","version" => "5.031009"},{"date" => "2020-02-29T19:25:07","version" => "5.030002"},{"date" => "2020-03-14T17:04:56","version" => "5.030002"},{"date" => "2020-03-20T20:08:58","version" => "5.031010"},{"date" => "2020-04-28T19:49:59","version" => "5.031011"},{"date" => "2020-05-30T18:47:47","version" => "5.032000"},{"date" => "2020-06-01T19:17:48","version" => "5.028003"},{"date" => "2020-06-01T19:19:30","version" => "5.028003"},{"date" => "2020-06-01T19:19:54","version" => "5.030003"},{"date" => "2020-06-01T19:21:31","version" => "5.030003"},{"date" => "2020-06-07T21:13:05","version" => "5.032000"},{"date" => "2020-06-20T20:38:54","version" => "5.032000"},{"date" => "2020-07-17T19:38:54","version" => "5.033000"},{"date" => "2020-08-20T20:36:01","version" => "5.033001"},{"date" => "2020-09-20T16:29:59","version" => "5.033002"},{"date" => "2020-10-20T21:30:28","version" => "5.033003"},{"date" => "2020-11-20T13:32:10","version" => "5.033004"},{"date" => "2020-12-20T14:00:43","version" => "5.033005"},{"date" => "2021-01-09T16:48:26","version" => "5.032001"},{"date" => "2021-01-21T01:34:41","version" => "5.033006"},{"date" => "2021-01-23T14:56:24","version" => "5.032001"},{"date" => "2021-02-20T09:58:24","version" => "5.033007"},{"date" => "2021-03-21T00:55:24","version" => "5.033008"},{"date" => "2021-04-20T23:37:29","version" => "5.033009"},{"date" => "2021-05-04T23:24:07","version" => "5.034000"},{"date" => "2021-05-15T14:56:00","version" => "5.034000"},{"date" => "2021-05-20T20:07:59","version" => "5.034000"},{"date" => "2021-05-21T02:06:41","version" => "5.035000"},{"date" => "2021-06-20T12:39:44","version" => "5.035001"},{"date" => "2021-07-23T12:53:17","version" => "5.035002"},{"date" => "2021-08-21T03:17:40","version" => "5.035003"},{"date" => "2021-09-20T19:46:41","version" => "5.035004"},{"date" => "2021-10-21T19:32:21","version" => "5.035005"},{"date" => "2021-11-21T00:22:09","version" => "5.035006"},{"date" => "2021-12-20T23:35:42","version" => "5.035007"},{"date" => "2022-01-20T22:39:08","version" => "5.035008"},{"date" => "2022-02-20T12:32:59","version" => "5.035009"},{"date" => "2022-02-27T14:18:13","version" => "5.034001"},{"date" => "2022-03-06T17:23:15","version" => "5.034001"},{"date" => "2022-03-13T08:40:18","version" => "5.034001"},{"date" => "2022-03-20T18:33:42","version" => "5.035010"},{"date" => "2022-04-20T20:33:20","version" => "5.035011"},{"date" => "2022-05-21T00:12:21","version" => "5.036000"},{"date" => "2022-05-22T19:36:07","version" => "5.036000"},{"date" => "2022-05-28T00:26:10","version" => "5.036000"},{"date" => "2022-05-28T02:33:40","version" => "5.037000"},{"date" => "2022-06-20T18:57:04","version" => "5.037001"},{"date" => "2022-07-21T01:37:24","version" => "5.037002"},{"date" => "2022-08-20T18:57:47","version" => "5.037003"},{"date" => "2022-09-21T00:25:19","version" => "5.037004"},{"date" => "2022-10-20T17:33:58","version" => "5.037005"},{"date" => "2022-11-20T11:56:16","version" => "5.037006"},{"date" => "2022-12-20T17:14:30","version" => "5.037007"},{"date" => "2023-01-20T15:20:59","version" => "5.037008"},{"date" => "2023-02-20T20:45:20","version" => "5.037009"},{"date" => "2023-03-21T08:16:37","version" => "5.037010"},{"date" => "2023-04-10T20:07:53","version" => "5.036001"},{"date" => "2023-04-11T19:50:09","version" => "5.036001"},{"date" => "2023-04-16T15:35:15","version" => "5.036001"},{"date" => "2023-04-20T19:05:36","version" => "5.037011"},{"date" => "2023-04-23T15:22:26","version" => "5.036001"},{"date" => "2023-06-16T02:09:05","version" => "5.038000"},{"date" => "2023-06-23T21:17:27","version" => "5.038000"},{"date" => "2023-07-02T23:00:28","version" => "5.038000"},{"date" => "2023-07-20T19:09:13","version" => "5.039001"},{"date" => "2023-08-20T22:46:17","version" => "5.039002"},{"date" => "2023-09-20T16:12:58","version" => "5.039003"},{"date" => "2023-10-25T19:15:57","version" => "5.039004"},{"date" => "2023-11-20T02:49:43","version" => "5.039005"},{"date" => "2023-11-25T15:19:49","version" => "5.034002"},{"date" => "2023-11-25T15:20:11","version" => "5.036002"},{"date" => "2023-11-25T15:21:49","version" => "5.038001"},{"date" => "2023-11-25T15:58:49","version" => "5.034002"},{"date" => "2023-11-25T15:59:01","version" => "5.036002"},{"date" => "2023-11-25T15:59:13","version" => "5.038001"},{"date" => "2023-11-29T13:10:30","version" => "5.034003"},{"date" => "2023-11-29T16:08:59","version" => "5.036003"},{"date" => "2023-11-29T16:10:36","version" => "5.038002"},{"date" => "2023-12-30T21:59:20","version" => "5.039006"},{"date" => "2024-01-20T12:44:12","version" => "5.039007"},{"date" => "2024-02-23T14:25:56","version" => "5.039008"},{"date" => "2024-03-20T16:26:28","version" => "5.039009"},{"date" => "2024-04-27T19:22:49","version" => "5.039010"},{"date" => "2024-05-24T20:45:21","version" => "5.040000"},{"date" => "2024-06-04T21:47:57","version" => "5.040000"},{"date" => "2024-06-09T20:45:37","version" => "5.040000"},{"date" => "2024-07-02T14:28:09","version" => "5.041001"},{"date" => "2024-07-20T20:54:48","version" => "5.041002"},{"date" => "2024-08-29T13:23:40","version" => "5.041003"},{"date" => "2024-09-20T11:18:14","version" => "5.041004"},{"date" => "2024-10-20T20:49:26","version" => "5.041005"},{"date" => "2024-11-20T08:29:25","version" => "5.041006"},{"date" => "2024-12-20T14:31:24","version" => "5.041007"},{"date" => "2025-01-05T20:28:54","version" => "5.038003"},{"date" => "2025-01-05T20:32:07","version" => "5.040001"},{"date" => "2025-01-18T19:43:21","version" => "5.038003"},{"date" => "2025-01-18T19:48:20","version" => "5.040001"},{"date" => "2025-01-20T21:30:07","version" => "5.041008"},{"date" => "2025-02-24T08:19:26","version" => "5.041009"},{"date" => "2025-03-21T12:49:33","version" => "5.041010"},{"date" => "2025-04-13T13:05:54","version" => "5.038004"},{"date" => "2025-04-13T13:06:16","version" => "5.038004"},{"date" => "2025-04-13T13:06:38","version" => "5.040002"},{"date" => "2025-04-13T13:07:01","version" => "5.040002"},{"date" => "2025-04-21T01:51:01","version" => "5.041011"},{"date" => "2025-04-21T22:49:29","version" => "5.041012"},{"date" => "2025-05-28T22:19:58","version" => "5.041013"},{"date" => "2025-06-25T05:03:48","version" => "5.042000"},{"date" => "2025-06-28T06:28:22","version" => "5.042000"},{"date" => "2025-07-01T20:32:04","version" => "5.042000"},{"date" => "2025-07-03T15:23:01","version" => "5.042000"},{"date" => "2025-07-20T21:38:33","version" => "5.043001"},{"date" => "2025-07-21T20:15:44","version" => "5.038005"},{"date" => "2025-07-21T20:16:11","version" => "5.040003"},{"date" => "2025-08-03T10:10:35","version" => "5.038005"},{"date" => "2025-08-03T10:12:20","version" => "5.040003"},{"date" => "2025-08-20T19:40:22","version" => "5.043002"},{"date" => "2025-09-23T06:27:34","version" => "5.043003"},{"date" => "2025-10-23T15:35:36","version" => "5.043004"},{"date" => "2025-11-20T05:48:21","version" => "5.043005"},{"date" => "2025-12-20T17:47:41","version" => "5.043006"},{"date" => "2026-01-19T18:04:21","version" => "5.043007"},{"date" => "2026-02-20T22:33:36","version" => "5.043008"},{"date" => "2026-02-22T12:07:04","version" => "5.042001"},{"date" => "2026-03-08T18:47:44","version" => "5.042001"}]},"perl-ldap" => {"advisories" => [{"affected_versions" => [">0"],"cves" => ["CVE-2020-16093"],"description" => "In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.\n","distribution" => "perl-ldap","fixed_versions" => [],"id" => "CPANSA-Net-LDAPS-2020-16093","references" => ["https://lemonldap-ng.org/download","https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250","https://rt.cpan.org/Ticket/Display.html?id=131045"],"reported" => "2022-07-18","severity" => undef}],"main_module" => "Net::LDAP","versions" => [{"date" => "1998-10-31T01:14:57","version" => "1.08"},{"date" => "1998-10-31T01:19:38","version" => "0.08"},{"date" => "1998-12-23T01:16:35","version" => "0.09"},{"date" => "1999-03-18T02:58:45","version" => "0.10"},{"date" => "1999-04-18T22:10:20","version" => "0.11"},{"date" => "1999-06-28T02:40:38","version" => "0.12"},{"date" => "1999-08-15T23:27:41","version" => "0.13"},{"date" => "2000-02-14T10:34:19","version" => "0.14"},{"date" => "2000-03-22T10:46:21","version" => "0.15"},{"date" => "2000-04-27T17:02:43","version" => "0.16"},{"date" => "2000-05-12T10:16:37","version" => "0.17"},{"date" => "2000-05-22T14:53:07","version" => "0.18"},{"date" => "2000-06-08T08:30:48","version" => "0.19"},{"date" => "2000-08-03T17:07:52","version" => "0.20"},{"date" => "2000-09-12T09:32:12","version" => "0.21"},{"date" => "2000-09-14T19:08:19","version" => "0.22"},{"date" => "2001-04-19T23:25:47","version" => "0.23"},{"date" => "2001-07-17T13:01:04","version" => "0.24"},{"date" => "2001-08-25T08:15:47","version" => "0.2401"},{"date" => "2001-10-29T17:35:12","version" => "0.25"},{"date" => "2002-05-28T07:49:00","version" => "0.251"},{"date" => "2002-07-18T13:13:03","version" => "0.26"},{"date" => "2003-01-27T14:48:49","version" => "0.27"},{"date" => "2003-01-27T18:26:51","version" => "0.2701"},{"date" => "2003-05-19T22:40:30","version" => "0.28"},{"date" => "2003-06-24T10:21:09","version" => "0.29"},{"date" => "2003-10-17T21:42:36","version" => "0.30"},{"date" => "2004-01-01T10:47:23","version" => "0.31"},{"date" => "2004-07-01T15:59:03","version" => "0.32"},{"date" => "2004-07-14T21:00:39","version" => "0.3201"},{"date" => "2004-07-19T18:24:58","version" => "0.3202"},{"date" => "2005-04-25T23:02:59","version" => "0.33"},{"date" => "2007-02-10T23:53:48","version" => "0.34"},{"date" => "2008-03-30T18:58:37","version" => "0.35"},{"date" => "2008-04-21T15:21:03","version" => "0.36"},{"date" => "2008-08-28T13:02:29","version" => "0.37"},{"date" => "2008-09-21T14:28:08","version" => "0.38"},{"date" => "2008-10-27T20:10:12","version" => "0.39"},{"date" => "2010-03-12T03:03:48","version" => "0.40"},{"date" => "2010-03-24T20:01:45","version" => "0.4001"},{"date" => "2011-09-03T12:44:01","version" => "0.41"},{"date" => "2011-09-03T12:48:31","version" => "0.42"},{"date" => "2011-09-03T17:55:11","version" => "0.43"},{"date" => "2012-01-29T09:55:22","version" => "0.44"},{"date" => "2012-09-05T09:46:44","version" => "0.45"},{"date" => "2012-09-05T16:17:53","version" => "0.46"},{"date" => "2012-09-16T10:06:08","version" => "0.47"},{"date" => "2012-09-20T08:58:48","version" => "0.48"},{"date" => "2012-10-06T08:15:30","version" => "0.49"},{"date" => "2012-11-17T17:10:16","version" => "0.50_01"},{"date" => "2012-11-24T12:11:37","version" => "0.50"},{"date" => "2012-12-01T13:39:38","version" => "0.51"},{"date" => "2013-01-01T13:03:26","version" => "0.52"},{"date" => "2013-01-26T17:43:28","version" => "0.53"},{"date" => "2013-03-29T11:25:51","version" => "0.54"},{"date" => "2013-04-23T09:38:16","version" => "0.55"},{"date" => "2013-06-08T11:31:48","version" => "0.56"},{"date" => "2013-07-21T17:04:36","version" => "0.57"},{"date" => "2013-12-23T16:50:28","version" => "0.58"},{"date" => "2014-03-04T17:17:26","version" => "0.59"},{"date" => "2014-03-08T13:14:49","version" => "0.60"},{"date" => "2014-03-29T16:44:29","version" => "0.61"},{"date" => "2014-04-06T09:39:40","version" => "0.62"},{"date" => "2014-06-01T10:58:37","version" => "0.63"},{"date" => "2014-06-19T15:59:40","version" => "0.64"},{"date" => "2015-04-06T18:02:34","version" => "0.65"},{"date" => "2019-04-16T09:42:54","version" => "0.66"},{"date" => "2020-12-26T14:37:52","version" => "0.67"},{"date" => "2021-01-03T17:37:50","version" => "0.68"}]},"urxvt-bgdsl" => {"advisories" => [{"affected_versions" => [">=9.25,<=9.26"],"cves" => ["CVE-2022-4170"],"description" => "The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.\n","distribution" => "urxvt-bgdsl","fixed_versions" => [">=9.29"],"id" => "CPANSA-urxvt-bgdsl-2022-4170","references" => ["https://bugzilla.redhat.com/show_bug.cgi?id=2151597","https://www.openwall.com/lists/oss-security/2022/12/05/1"],"reported" => "2022-12-09","severity" => undef}],"main_module" => "","versions" => []}},"meta" => {"commit" => "0d05b0bcff541d0e5a25d50cd664f22548fea57f","date" => "Wed Mar 18 13:36:02 2026","epoch" => 1773840962,"generator" => "util/generate","repo" => "https://github.com/briandfoy/cpan-security-advisory.git"},"module2dist" => {"APR" => "mod_perl","APR::Base64" => "mod_perl","APR::Brigade" => "mod_perl","APR::Bucket" => "mod_perl","APR::BucketAlloc" => "mod_perl","APR::BucketType" => "mod_perl","APR::Const" => "mod_perl","APR::Date" => "mod_perl","APR::Error" => "mod_perl","APR::Finfo" => "mod_perl","APR::FunctionTable" => "mod_perl","APR::IpSubnet" => "mod_perl","APR::OS" => "mod_perl","APR::PerlIO" => "mod_perl","APR::Pool" => "mod_perl","APR::Request" => "libapreq2","APR::Request::Apache2" => "libapreq2","APR::Request::CGI" => "libapreq2","APR::Request::Cookie" => "libapreq2","APR::Request::Error" => "libapreq2","APR::Request::Param" => "libapreq2","APR::SockAddr" => "mod_perl","APR::Socket" => "mod_perl","APR::Status" => "mod_perl","APR::String" => "mod_perl","APR::Table" => "mod_perl","APR::ThreadMutex" => "mod_perl","APR::ThreadRWLock" => "mod_perl","APR::URI" => "mod_perl","APR::UUID" => "mod_perl","APR::Util" => "mod_perl","APR::XSLoader" => "mod_perl","Agni" => "PApp","Agni::Callback" => "PApp","Alien::FreeImage" => "Alien-FreeImage","Alien::GCrypt" => "Alien-GCrypt","Alien::OTR" => "Alien-OTR","Alien::PCRE2" => "Alien-PCRE2","Alien::SVN" => "Alien-SVN","Amiga::ARexx" => "perl","Amiga::ARexx::Msg" => "perl","Amiga::Exec" => "perl","Amon2::Auth::Site::LINE" => "Amon2-Auth-Site-LINE","AnyDBM_File" => "perl","Apache" => "mod_perl","Apache2::Access" => "mod_perl","Apache2::AuthAny" => "Apache2-AuthAny","Apache2::AuthAny::AuthUtil" => "Apache2-AuthAny","Apache2::AuthAny::AuthenHandler" => "Apache2-AuthAny","Apache2::AuthAny::AuthzHandler" => "Apache2-AuthAny","Apache2::AuthAny::Cookie" => "Apache2-AuthAny","Apache2::AuthAny::DB" => "Apache2-AuthAny","Apache2::AuthAny::FixupHandler" => "Apache2-AuthAny","Apache2::AuthAny::MapToStorageHandler" => "Apache2-AuthAny","Apache2::AuthAny::RequestConfig" => "Apache2-AuthAny","Apache2::Build" => "mod_perl","Apache2::CmdParms" => "mod_perl","Apache2::Command" => "mod_perl","Apache2::Connection" => "mod_perl","Apache2::ConnectionUtil" => "mod_perl","Apache2::ConstantsTable" => "mod_perl","Apache2::Cookie" => "libapreq2","Apache2::Directive" => "mod_perl","Apache2::Filter" => "mod_perl","Apache2::FilterRec" => "mod_perl","Apache2::FunctionTable" => "mod_perl","Apache2::HookRun" => "mod_perl","Apache2::Log" => "mod_perl","Apache2::MPM" => "mod_perl","Apache2::Module" => "mod_perl","Apache2::ParseSource" => "mod_perl","Apache2::ParseSource::Scan" => "mod_perl","Apache2::PerlSections" => "mod_perl","Apache2::PerlSections::Dump" => "mod_perl","Apache2::Process" => "mod_perl","Apache2::Provider" => "mod_perl","Apache2::Request" => "libapreq2","Apache2::RequestIO" => "mod_perl","Apache2::RequestRec" => "mod_perl","Apache2::RequestUtil" => "mod_perl","Apache2::Resource" => "mod_perl","Apache2::Response" => "mod_perl","Apache2::ServerRec" => "mod_perl","Apache2::ServerUtil" => "mod_perl","Apache2::SourceTables" => "mod_perl","Apache2::Status" => "mod_perl","Apache2::Status::_version" => "mod_perl","Apache2::StructureTable" => "mod_perl","Apache2::SubProcess" => "mod_perl","Apache2::SubRequest" => "mod_perl","Apache2::URI" => "mod_perl","Apache2::Upload" => "libapreq2","Apache2::Util" => "mod_perl","Apache2::XSLoader" => "mod_perl","Apache2::compat" => "mod_perl","Apache2::porting" => "mod_perl","Apache::ASP" => "Apache-ASP","Apache::ASP::ApacheCommon" => "Apache-ASP","Apache::ASP::Application" => "Apache-ASP","Apache::ASP::CGI" => "Apache-ASP","Apache::ASP::CGI::Table" => "Apache-ASP","Apache::ASP::CGI::Test" => "Apache-ASP","Apache::ASP::Collection" => "Apache-ASP","Apache::ASP::CollectionItem" => "Apache-ASP","Apache::ASP::Date" => "Apache-ASP","Apache::ASP::GlobalASA" => "Apache-ASP","Apache::ASP::Lang::PerlScript" => "Apache-ASP","Apache::ASP::Load" => "Apache-ASP","Apache::ASP::Request" => "Apache-ASP","Apache::ASP::Response" => "Apache-ASP","Apache::ASP::STDERR" => "Apache-ASP","Apache::ASP::Server" => "Apache-ASP","Apache::ASP::Session" => "Apache-ASP","Apache::ASP::State" => "Apache-ASP","Apache::App" => "App-Context","Apache::AuthCAS" => "Apache-AuthCAS","Apache::Connection" => "mod_perl","Apache::Constants" => "mod_perl","Apache::Constants::Exports" => "mod_perl","Apache::Debug" => "mod_perl","Apache::EP" => "HTML-EP","Apache::ExtUtils" => "mod_perl","Apache::FakeRequest" => "mod_perl","Apache::File" => "mod_perl","Apache::Framework::App" => "App-Context","Apache::Include" => "mod_perl","Apache::Leak" => "mod_perl","Apache::Log" => "mod_perl","Apache::MP3" => "Apache-MP3","Apache::MP3::L10N" => "Apache-MP3","Apache::MP3::L10N::Aliases" => "Apache-MP3","Apache::MP3::L10N::RightToLeft" => "Apache-MP3","Apache::MP3::L10N::ar" => "Apache-MP3","Apache::MP3::L10N::ca" => "Apache-MP3","Apache::MP3::L10N::cs" => "Apache-MP3","Apache::MP3::L10N::de" => "Apache-MP3","Apache::MP3::L10N::en" => "Apache-MP3","Apache::MP3::L10N::es" => "Apache-MP3","Apache::MP3::L10N::fa" => "Apache-MP3","Apache::MP3::L10N::fi" => "Apache-MP3","Apache::MP3::L10N::fr" => "Apache-MP3","Apache::MP3::L10N::ga" => "Apache-MP3","Apache::MP3::L10N::he" => "Apache-MP3","Apache::MP3::L10N::hr" => "Apache-MP3","Apache::MP3::L10N::is" => "Apache-MP3","Apache::MP3::L10N::it" => "Apache-MP3","Apache::MP3::L10N::ja" => "Apache-MP3","Apache::MP3::L10N::ko" => "Apache-MP3","Apache::MP3::L10N::ms" => "Apache-MP3","Apache::MP3::L10N::nb" => "Apache-MP3","Apache::MP3::L10N::nb_no" => "Apache-MP3","Apache::MP3::L10N::nl" => "Apache-MP3","Apache::MP3::L10N::nl_be" => "Apache-MP3","Apache::MP3::L10N::nl_nl" => "Apache-MP3","Apache::MP3::L10N::nn" => "Apache-MP3","Apache::MP3::L10N::nn_no" => "Apache-MP3","Apache::MP3::L10N::no" => "Apache-MP3","Apache::MP3::L10N::no_no" => "Apache-MP3","Apache::MP3::L10N::pl" => "Apache-MP3","Apache::MP3::L10N::ru" => "Apache-MP3","Apache::MP3::L10N::sh" => "Apache-MP3","Apache::MP3::L10N::sk" => "Apache-MP3","Apache::MP3::L10N::sl" => "Apache-MP3","Apache::MP3::L10N::sr" => "Apache-MP3","Apache::MP3::L10N::tr" => "Apache-MP3","Apache::MP3::L10N::uk" => "Apache-MP3","Apache::MP3::L10N::x_marklar" => "Apache-MP3","Apache::MP3::L10N::zh_cn" => "Apache-MP3","Apache::MP3::L10N::zh_tw" => "Apache-MP3","Apache::MP3::Playlist" => "Apache-MP3","Apache::MP3::Resample" => "Apache-MP3","Apache::MP3::Sorted" => "Apache-MP3","Apache::MVC" => "Maypole","Apache::ModuleConfig" => "mod_perl","Apache::Opcode" => "mod_perl","Apache::Options" => "mod_perl","Apache::PerlRun" => "mod_perl","Apache::PerlRunXS" => "mod_perl","Apache::PerlSections" => "mod_perl","Apache::RPC::Server" => "RPC-XML","Apache::RPC::Status" => "RPC-XML","Apache::ReadConfig" => "mod_perl","Apache::RedirectLogFix" => "mod_perl","Apache::Registry" => "mod_perl","Apache::RegistryBB" => "mod_perl","Apache::RegistryLoader" => "mod_perl","Apache::RegistryNG" => "mod_perl","Apache::Resource" => "mod_perl","Apache::SIG" => "mod_perl","Apache::SOAP" => "SOAP-Lite","Apache::Server" => "mod_perl","Apache::Session" => "Apache-Session","Apache::Session::Browseable" => "Apache-Session-Browseable","Apache::Session::Browseable::Cassandra" => "Apache-Session-Browseable","Apache::Session::Browseable::DBI" => "Apache-Session-Browseable","Apache::Session::Browseable::File" => "Apache-Session-Browseable","Apache::Session::Browseable::Informix" => "Apache-Session-Browseable","Apache::Session::Browseable::LDAP" => "Apache-Session-Browseable","Apache::Session::Browseable::MySQL" => "Apache-Session-Browseable","Apache::Session::Browseable::MySQLJSON" => "Apache-Session-Browseable","Apache::Session::Browseable::Oracle" => "Apache-Session-Browseable","Apache::Session::Browseable::Patroni" => "Apache-Session-Browseable","Apache::Session::Browseable::PgHstore" => "Apache-Session-Browseable","Apache::Session::Browseable::PgJSON" => "Apache-Session-Browseable","Apache::Session::Browseable::Postgres" => "Apache-Session-Browseable","Apache::Session::Browseable::Redis" => "Apache-Session-Browseable","Apache::Session::Browseable::SQLite" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Cassandra" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::DBI" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::File" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Informix" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::LDAP" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::MySQL" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Oracle" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Patroni" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Postgres" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Redis" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::SQLite" => "Apache-Session-Browseable","Apache::Session::Browseable::Store::Sybase" => "Apache-Session-Browseable","Apache::Session::Browseable::Sybase" => "Apache-Session-Browseable","Apache::Session::DBI" => "Apache-Session","Apache::Session::DBIStore" => "Apache-Session","Apache::Session::DB_File" => "Apache-Session","Apache::Session::Daemon" => "Apache-Session","Apache::Session::DaemonLocker" => "Apache-Session","Apache::Session::Embperl" => "Apache-Session","Apache::Session::File" => "Apache-Session","Apache::Session::FileStore" => "Apache-Session","Apache::Session::Flex" => "Apache-Session","Apache::Session::Generate::MD5" => "Apache-Session","Apache::Session::Generate::ModUniqueId" => "Apache-Session","Apache::Session::Generate::ModUsertrack" => "Apache-Session","Apache::Session::Generate::SHA256" => "Apache-Session-Browseable","Apache::Session::IPC" => "Apache-Session","Apache::Session::Informix" => "Apache-Session","Apache::Session::LDAP" => "Apache-Session-LDAP","Apache::Session::Lock::File" => "Apache-Session","Apache::Session::Lock::MySQL" => "Apache-Session","Apache::Session::Lock::Null" => "Apache-Session","Apache::Session::Lock::Semaphore" => "Apache-Session","Apache::Session::Lock::Sybase" => "Apache-Session","Apache::Session::MemoryStore" => "Apache-Session","Apache::Session::MySQL" => "Apache-Session","Apache::Session::MySQL::NoLock" => "Apache-Session","Apache::Session::NullLocker" => "Apache-Session","Apache::Session::Oracle" => "Apache-Session","Apache::Session::PosixFileLocker" => "Apache-Session","Apache::Session::Postgres" => "Apache-Session","Apache::Session::Serialize::Base64" => "Apache-Session","Apache::Session::Serialize::Hstore" => "Apache-Session-Browseable","Apache::Session::Serialize::JSON" => "Apache-Session-Browseable","Apache::Session::Serialize::Storable" => "Apache-Session","Apache::Session::Serialize::Sybase" => "Apache-Session","Apache::Session::Serialize::UUEncode" => "Apache-Session","Apache::Session::SingleThread" => "Apache-Session","Apache::Session::Store::DBI" => "Apache-Session","Apache::Session::Store::DB_File" => "Apache-Session","Apache::Session::Store::File" => "Apache-Session","Apache::Session::Store::Informix" => "Apache-Session","Apache::Session::Store::LDAP" => "Apache-Session-LDAP","Apache::Session::Store::MySQL" => "Apache-Session","Apache::Session::Store::Oracle" => "Apache-Session","Apache::Session::Store::Postgres" => "Apache-Session","Apache::Session::Store::Sybase" => "Apache-Session","Apache::Session::Sybase" => "Apache-Session","Apache::Session::SysVSemaphoreLocker" => "Apache-Session","Apache::Session::Tree" => "Apache-Session","Apache::Session::TreeStore" => "Apache-Session","Apache::Session::Win32" => "Apache-Session","Apache::SessionX" => "Apache-SessionX","Apache::SessionX::Generate::MD5" => "Apache-SessionX","Apache::SessionX::Manager" => "Apache-SessionX","Apache::SessionX::Store::File" => "Apache-SessionX","Apache::StatINC" => "mod_perl","Apache::Status" => "mod_perl","Apache::Symbol" => "mod_perl","Apache::Symdump" => "mod_perl","Apache::Table" => "mod_perl","Apache::TiedSession" => "Apache-Session","Apache::URI" => "mod_perl","Apache::Util" => "mod_perl","Apache::Wyrd" => "Apache-Wyrd","Apache::Wyrd::Attribute" => "Apache-Wyrd","Apache::Wyrd::Bot" => "Apache-Wyrd","Apache::Wyrd::BrowserSwitch" => "Apache-Wyrd","Apache::Wyrd::CGICond" => "Apache-Wyrd","Apache::Wyrd::CGISetter" => "Apache-Wyrd","Apache::Wyrd::Chart" => "Apache-Wyrd","Apache::Wyrd::Cookie" => "Apache-Wyrd","Apache::Wyrd::DBL" => "Apache-Wyrd","Apache::Wyrd::Datum" => "Apache-Wyrd","Apache::Wyrd::Datum::Blob" => "Apache-Wyrd","Apache::Wyrd::Datum::Char" => "Apache-Wyrd","Apache::Wyrd::Datum::Enum" => "Apache-Wyrd","Apache::Wyrd::Datum::Integer" => "Apache-Wyrd","Apache::Wyrd::Datum::Null" => "Apache-Wyrd","Apache::Wyrd::Datum::Set" => "Apache-Wyrd","Apache::Wyrd::Datum::Text" => "Apache-Wyrd","Apache::Wyrd::Datum::Varchar" => "Apache-Wyrd","Apache::Wyrd::Debug" => "Apache-Wyrd","Apache::Wyrd::Defaults" => "Apache-Wyrd","Apache::Wyrd::ErrField" => "Apache-Wyrd","Apache::Wyrd::ErrTag" => "Apache-Wyrd","Apache::Wyrd::FileSize" => "Apache-Wyrd","Apache::Wyrd::Form" => "Apache-Wyrd","Apache::Wyrd::Form::Preload" => "Apache-Wyrd","Apache::Wyrd::Form::Template" => "Apache-Wyrd","Apache::Wyrd::Form::View" => "Apache-Wyrd","Apache::Wyrd::Handler" => "Apache-Wyrd","Apache::Wyrd::Input" => "Apache-Wyrd","Apache::Wyrd::Input::Complex" => "Apache-Wyrd","Apache::Wyrd::Input::Condenser" => "Apache-Wyrd","Apache::Wyrd::Input::Opt" => "Apache-Wyrd","Apache::Wyrd::Input::Set" => "Apache-Wyrd","Apache::Wyrd::Input::URLInput" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Columnize" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Dater" => "Apache-Wyrd","Apache::Wyrd::Interfaces::GetUser" => "Apache-Wyrd","Apache::Wyrd::Interfaces::IndexUser" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Indexable" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Mother" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Setter" => "Apache-Wyrd","Apache::Wyrd::Interfaces::SmartInput" => "Apache-Wyrd","Apache::Wyrd::Interfaces::Stealth" => "Apache-Wyrd","Apache::Wyrd::Lattice" => "Apache-Wyrd","Apache::Wyrd::Lib" => "Apache-Wyrd","Apache::Wyrd::LogDump" => "Apache-Wyrd","Apache::Wyrd::Lookup" => "Apache-Wyrd","Apache::Wyrd::Loop" => "Apache-Wyrd","Apache::Wyrd::MySQLForm" => "Apache-Wyrd","Apache::Wyrd::Number" => "Apache-Wyrd","Apache::Wyrd::Query" => "Apache-Wyrd","Apache::Wyrd::Redirect" => "Apache-Wyrd","Apache::Wyrd::Request" => "Apache-Wyrd","Apache::Wyrd::SQLForm" => "Apache-Wyrd","Apache::Wyrd::Services::Auth" => "Apache-Wyrd","Apache::Wyrd::Services::CodeRing" => "Apache-Wyrd","Apache::Wyrd::Services::FileCache" => "Apache-Wyrd","Apache::Wyrd::Services::Index" => "Apache-Wyrd","Apache::Wyrd::Services::Key" => "Apache-Wyrd","Apache::Wyrd::Services::LoginServer" => "Apache-Wyrd","Apache::Wyrd::Services::MetaTable" => "Apache-Wyrd","Apache::Wyrd::Services::MySQLIndex" => "Apache-Wyrd","Apache::Wyrd::Services::PreAuth" => "Apache-Wyrd","Apache::Wyrd::Services::SAK" => "Apache-Wyrd","Apache::Wyrd::Services::SearchParser" => "Apache-Wyrd","Apache::Wyrd::Services::TicketPad" => "Apache-Wyrd","Apache::Wyrd::Services::Tree" => "Apache-Wyrd","Apache::Wyrd::ShowParams" => "Apache-Wyrd","Apache::Wyrd::Site::GDButton" => "Apache-Wyrd","Apache::Wyrd::Site::Index" => "Apache-Wyrd","Apache::Wyrd::Site::IndexBot" => "Apache-Wyrd","Apache::Wyrd::Site::Login" => "Apache-Wyrd","Apache::Wyrd::Site::MySQLIndex" => "Apache-Wyrd","Apache::Wyrd::Site::MySQLIndexBot" => "Apache-Wyrd","Apache::Wyrd::Site::NavPull" => "Apache-Wyrd","Apache::Wyrd::Site::Page" => "Apache-Wyrd","Apache::Wyrd::Site::Pull" => "Apache-Wyrd","Apache::Wyrd::Site::SearchResults" => "Apache-Wyrd","Apache::Wyrd::Site::TagPull" => "Apache-Wyrd","Apache::Wyrd::Site::Widget" => "Apache-Wyrd","Apache::Wyrd::Site::WidgetControl" => "Apache-Wyrd","Apache::Wyrd::Site::WidgetIndex" => "Apache-Wyrd","Apache::Wyrd::Template" => "Apache-Wyrd","Apache::Wyrd::User" => "Apache-Wyrd","Apache::Wyrd::Var" => "Apache-Wyrd","Apache::Wyrd::Version" => "Apache-Wyrd","Apache::Wyrd::View" => "Apache-Wyrd","Apache::XAO" => "XAO-Web","Apache::XMLRPC::Lite" => "SOAP-Lite","Apache::ePerl" => "eperl","Apache::fork" => "mod_perl","Apache::httpd_conf" => "mod_perl","Apache::src" => "mod_perl","Apache::testold" => "mod_perl","App" => "App-Context","App::Authentication" => "App-Context","App::Authentication::Htpasswd" => "App-Context","App::Authorization" => "App-Context","App::CallDispatcher" => "App-Context","App::CallDispatcher::HTTPSimple" => "App-Context","App::Conf" => "App-Context","App::Conf::File" => "App-Context","App::Context" => "App-Context","App::Context::ClusterController" => "App-Context","App::Context::ClusterNode" => "App-Context","App::Context::Cmd" => "App-Context","App::Context::HTTP" => "App-Context","App::Context::ModPerl" => "App-Context","App::Context::NetServer" => "App-Context","App::Context::POE" => "App-Context","App::Context::POE::ClusterController" => "App-Context","App::Context::POE::ClusterNode" => "App-Context","App::Context::POE::Server" => "App-Context","App::Context::Server" => "App-Context","App::Cpan" => "CPAN","App::Documentation" => "App-Context","App::Exceptions" => "App-Context","App::Genpass" => "App-Genpass","App::Github::Email" => "App-Github-Email","App::LogChannel" => "App-Context","App::MessageDispatcher" => "App-Context","App::Netdisco" => "App-Netdisco","App::Netdisco::AnyEvent::Nbtstat" => "App-Netdisco","App::Netdisco::Backend::Job" => "App-Netdisco","App::Netdisco::Backend::Role::Manager" => "App-Netdisco","App::Netdisco::Backend::Role::Poller" => "App-Netdisco","App::Netdisco::Backend::Role::Scheduler" => "App-Netdisco","App::Netdisco::Builder" => "App-Netdisco","App::Netdisco::Configuration" => "App-Netdisco","App::Netdisco::DB" => "App-Netdisco","App::Netdisco::DB::ExplicitLocking" => "App-Netdisco","App::Netdisco::DB::Result" => "App-Netdisco","App::Netdisco::DB::Result::AccessControlList" => "App-Netdisco","App::Netdisco::DB::Result::Admin" => "App-Netdisco","App::Netdisco::DB::Result::Community" => "App-Netdisco","App::Netdisco::DB::Result::Device" => "App-Netdisco","App::Netdisco::DB::Result::DeviceBrowser" => "App-Netdisco","App::Netdisco::DB::Result::DeviceIp" => "App-Netdisco","App::Netdisco::DB::Result::DeviceModule" => "App-Netdisco","App::Netdisco::DB::Result::DevicePort" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortLog" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortPower" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortProperties" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortSsid" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortVlan" => "App-Netdisco","App::Netdisco::DB::Result::DevicePortWireless" => "App-Netdisco","App::Netdisco::DB::Result::DevicePower" => "App-Netdisco","App::Netdisco::DB::Result::DeviceSkip" => "App-Netdisco","App::Netdisco::DB::Result::DeviceVlan" => "App-Netdisco","App::Netdisco::DB::Result::Enterprise" => "App-Netdisco","App::Netdisco::DB::Result::Log" => "App-Netdisco","App::Netdisco::DB::Result::Manufacturer" => "App-Netdisco","App::Netdisco::DB::Result::NetmapPositions" => "App-Netdisco","App::Netdisco::DB::Result::Node" => "App-Netdisco","App::Netdisco::DB::Result::NodeIp" => "App-Netdisco","App::Netdisco::DB::Result::NodeMonitor" => "App-Netdisco","App::Netdisco::DB::Result::NodeNbt" => "App-Netdisco","App::Netdisco::DB::Result::NodeWireless" => "App-Netdisco","App::Netdisco::DB::Result::Oui" => "App-Netdisco","App::Netdisco::DB::Result::PortCtlRole" => "App-Netdisco","App::Netdisco::DB::Result::Process" => "App-Netdisco","App::Netdisco::DB::Result::Product" => "App-Netdisco","App::Netdisco::DB::Result::SNMPFilter" => "App-Netdisco","App::Netdisco::DB::Result::SNMPObject" => "App-Netdisco","App::Netdisco::DB::Result::Session" => "App-Netdisco","App::Netdisco::DB::Result::Statistics" => "App-Netdisco","App::Netdisco::DB::Result::Subnet" => "App-Netdisco","App::Netdisco::DB::Result::Topology" => "App-Netdisco","App::Netdisco::DB::Result::User" => "App-Netdisco","App::Netdisco::DB::Result::UserLog" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ACLEntriesWithDNS" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ActiveNode" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ActiveNodeWithAge" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::ApRadioChannelPower" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::CidrIps" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DeviceDnsMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DeviceLinks" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePlatforms" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePoeStatus" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DevicePortSpeed" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::DuplexMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::FilteredSNMPObject" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::GenericReport" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::LastNode" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeIp4" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeIp6" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeMonitor" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodeWithAge" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::NodesDiscovered" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::OrphanedDevices" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PollerPerformance" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortMacs" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortUtilization" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::PortVLANMismatch" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::SlowDevices" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::SubnetUtilization" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::TastyJobs" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UnDirEdgesAgg" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UndiscoveredNeighbors" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::UserRole" => "App-Netdisco","App::Netdisco::DB::Result::Virtual::WalkJobs" => "App-Netdisco","App::Netdisco::DB::ResultSet" => "App-Netdisco","App::Netdisco::DB::ResultSet::Admin" => "App-Netdisco","App::Netdisco::DB::ResultSet::Device" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceBrowser" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceModule" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePort" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePortLog" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePortSsid" => "App-Netdisco","App::Netdisco::DB::ResultSet::DevicePower" => "App-Netdisco","App::Netdisco::DB::ResultSet::DeviceSkip" => "App-Netdisco","App::Netdisco::DB::ResultSet::Node" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeIp" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeNbt" => "App-Netdisco","App::Netdisco::DB::ResultSet::NodeWireless" => "App-Netdisco","App::Netdisco::DB::ResultSet::PortCtlRole" => "App-Netdisco","App::Netdisco::DB::ResultSet::Subnet" => "App-Netdisco","App::Netdisco::DB::SchemaVersioned" => "App-Netdisco","App::Netdisco::DB::SetOperations" => "App-Netdisco","App::Netdisco::Environment" => "App-Netdisco","App::Netdisco::GenericDB" => "App-Netdisco","App::Netdisco::GenericDB::Result::Virtual::GenericReport" => "App-Netdisco","App::Netdisco::JobQueue" => "App-Netdisco","App::Netdisco::JobQueue::PostgreSQL" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ACE" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ASA" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ASAContext" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Aruba" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ArubaCX" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::ArubaCont" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::BigIP" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::CPVSX" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Clavister" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::EOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FTD" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FortiOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::FreeBSD" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::GAIAEmbedded" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXE" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXEMac" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::IOSXR" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::Linux" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::NXOS" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::OS10" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::PaloAlto" => "App-Netdisco","App::Netdisco::SSHCollector::Platform::VOSS" => "App-Netdisco","App::Netdisco::Transport::Python" => "App-Netdisco","App::Netdisco::Transport::SNMP" => "App-Netdisco","App::Netdisco::Transport::SSH" => "App-Netdisco","App::Netdisco::Util::CustomFields" => "App-Netdisco","App::Netdisco::Util::DNS" => "App-Netdisco","App::Netdisco::Util::Device" => "App-Netdisco","App::Netdisco::Util::DeviceAuth" => "App-Netdisco","App::Netdisco::Util::ExpandParams" => "App-Netdisco","App::Netdisco::Util::FastResolver" => "App-Netdisco","App::Netdisco::Util::Graph" => "App-Netdisco","App::Netdisco::Util::MCE" => "App-Netdisco","App::Netdisco::Util::Nbtstat" => "App-Netdisco","App::Netdisco::Util::Node" => "App-Netdisco","App::Netdisco::Util::NodeMonitor" => "App-Netdisco","App::Netdisco::Util::Noop" => "App-Netdisco","App::Netdisco::Util::Permission" => "App-Netdisco","App::Netdisco::Util::Port" => "App-Netdisco","App::Netdisco::Util::PortAccessEntity" => "App-Netdisco","App::Netdisco::Util::PortMAC" => "App-Netdisco","App::Netdisco::Util::Python" => "App-Netdisco","App::Netdisco::Util::SNMP" => "App-Netdisco","App::Netdisco::Util::Snapshot" => "App-Netdisco","App::Netdisco::Util::Statistics" => "App-Netdisco","App::Netdisco::Util::Web" => "App-Netdisco","App::Netdisco::Util::Worker" => "App-Netdisco","App::Netdisco::Web" => "App-Netdisco","App::Netdisco::Web::API::Objects" => "App-Netdisco","App::Netdisco::Web::API::Queue" => "App-Netdisco","App::Netdisco::Web::AdminTask" => "App-Netdisco","App::Netdisco::Web::Auth::Provider::DBIC" => "App-Netdisco","App::Netdisco::Web::AuthN" => "App-Netdisco","App::Netdisco::Web::CustomFields" => "App-Netdisco","App::Netdisco::Web::Device" => "App-Netdisco","App::Netdisco::Web::GenericReport" => "App-Netdisco","App::Netdisco::Web::Password" => "App-Netdisco","App::Netdisco::Web::Plugin" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::DuplicateDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::JobQueue" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::NodeMonitor" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::OrphanedDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PollerPerformance" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PortCtlRole" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::PseudoDevice" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::RolePermissionsEditor" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::SlowDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::TimedOutDevices" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::Topology" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::UndiscoveredNeighbors" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::UserLog" => "App-Netdisco","App::Netdisco::Web::Plugin::AdminTask::Users" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Addresses" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Details" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Modules" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Neighbors" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Ports" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::SNMP" => "App-Netdisco","App::Netdisco::Web::Plugin::Device::Vlans" => "App-Netdisco","App::Netdisco::Web::Plugin::Inventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApChannelDist" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApClients" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ApRadioChannelPower" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceAddrNoDNS" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceByLocation" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DeviceDnsMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DevicePoeStatus" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::DuplexMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::HalfDuplex" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::InventoryByModelByOS" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::IpInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::ModuleInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::Netbios" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodeMultiIPs" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodeVendor" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::NodesDiscovered" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortAdminDown" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortBlocking" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortLog" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortMultiNodes" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortSsid" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortUtilization" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::PortVLANMismatch" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::SsidInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::SubnetUtilization" => "App-Netdisco","App::Netdisco::Web::Plugin::Report::VlanInventory" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Device" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Node" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::Port" => "App-Netdisco","App::Netdisco::Web::Plugin::Search::VLAN" => "App-Netdisco","App::Netdisco::Web::PortControl" => "App-Netdisco","App::Netdisco::Web::Report" => "App-Netdisco","App::Netdisco::Web::Search" => "App-Netdisco","App::Netdisco::Web::Static" => "App-Netdisco","App::Netdisco::Web::Statistics" => "App-Netdisco","App::Netdisco::Web::TypeAhead" => "App-Netdisco","App::Netdisco::Worker::Loader" => "App-Netdisco","App::Netdisco::Worker::Plugin" => "App-Netdisco","App::Netdisco::Worker::Plugin::AddPseudoDevice" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Nodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpnip::Subnets" => "App-Netdisco","App::Netdisco::Worker::Plugin::Arpwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::Contact" => "App-Netdisco","App::Netdisco::Worker::Plugin::Delete" => "App-Netdisco","App::Netdisco::Worker::Plugin::Delete::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::CanonicalIP" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Entities" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Neighbors" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Neighbors::DOCSIS" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::NextHopNeighbors" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::PortPower" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::PortProperties" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Properties" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Properties::Tags" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::VLANs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Discover::Wireless" => "App-Netdisco","App::Netdisco::Worker::Plugin::DiscoverAll" => "App-Netdisco","App::Netdisco::Worker::Plugin::DumpConfig" => "App-Netdisco","App::Netdisco::Worker::Plugin::DumpInfoCache" => "App-Netdisco","App::Netdisco::Worker::Plugin::Expire" => "App-Netdisco","App::Netdisco::Worker::Plugin::ExpireNodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::GetAPIKey" => "App-Netdisco","App::Netdisco::Worker::Plugin::Graph" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook::Exec" => "App-Netdisco","App::Netdisco::Worker::Plugin::Hook::HTTP" => "App-Netdisco","App::Netdisco::Worker::Plugin::Internal::BackendFQDN" => "App-Netdisco","App::Netdisco::Worker::Plugin::Internal::SNMPFastDiscover" => "App-Netdisco","App::Netdisco::Worker::Plugin::Linter" => "App-Netdisco","App::Netdisco::Worker::Plugin::LoadMIBs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Location" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::Hooks" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::InterfacesStatus" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::Nodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::PortAccessEntity" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macsuck::WirelessNodes" => "App-Netdisco","App::Netdisco::Worker::Plugin::Macwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::MakeRancidConf" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtstat" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtstat::Core" => "App-Netdisco","App::Netdisco::Worker::Plugin::Nbtwalk" => "App-Netdisco","App::Netdisco::Worker::Plugin::NodeMonitor" => "App-Netdisco","App::Netdisco::Worker::Plugin::PingSweep" => "App-Netdisco","App::Netdisco::Worker::Plugin::PortControl" => "App-Netdisco","App::Netdisco::Worker::Plugin::PortName" => "App-Netdisco","App::Netdisco::Worker::Plugin::Power" => "App-Netdisco","App::Netdisco::Worker::Plugin::PrimeSkiplist" => "App-Netdisco","App::Netdisco::Worker::Plugin::Psql" => "App-Netdisco","App::Netdisco::Worker::Plugin::PythonShim" => "App-Netdisco","App::Netdisco::Worker::Plugin::Renumber" => "App-Netdisco","App::Netdisco::Worker::Plugin::Scheduler" => "App-Netdisco","App::Netdisco::Worker::Plugin::Show" => "App-Netdisco","App::Netdisco::Worker::Plugin::Snapshot" => "App-Netdisco","App::Netdisco::Worker::Plugin::Stats" => "App-Netdisco","App::Netdisco::Worker::Plugin::TastyJobs" => "App-Netdisco","App::Netdisco::Worker::Plugin::Vlan" => "App-Netdisco","App::Netdisco::Worker::Plugin::Vlan::Core" => "App-Netdisco","App::Netdisco::Worker::Runner" => "App-Netdisco","App::Netdisco::Worker::Status" => "App-Netdisco","App::Packer::Backend::PAR" => "PAR","App::Packer::PAR" => "PAR-Packer","App::Packer::Temp" => "PAR","App::Pinto" => "Pinto","App::Pinto::Command" => "Pinto","App::Pinto::Command::add" => "Pinto","App::Pinto::Command::clean" => "Pinto","App::Pinto::Command::copy" => "Pinto","App::Pinto::Command::default" => "Pinto","App::Pinto::Command::delete" => "Pinto","App::Pinto::Command::diff" => "Pinto","App::Pinto::Command::help" => "Pinto","App::Pinto::Command::init" => "Pinto","App::Pinto::Command::install" => "Pinto","App::Pinto::Command::kill" => "Pinto","App::Pinto::Command::list" => "Pinto","App::Pinto::Command::lock" => "Pinto","App::Pinto::Command::log" => "Pinto","App::Pinto::Command::look" => "Pinto","App::Pinto::Command::manual" => "Pinto","App::Pinto::Command::merge" => "Pinto","App::Pinto::Command::migrate" => "Pinto","App::Pinto::Command::new" => "Pinto","App::Pinto::Command::nop" => "Pinto","App::Pinto::Command::pin" => "Pinto","App::Pinto::Command::props" => "Pinto","App::Pinto::Command::pull" => "Pinto","App::Pinto::Command::register" => "Pinto","App::Pinto::Command::rename" => "Pinto","App::Pinto::Command::reset" => "Pinto","App::Pinto::Command::revert" => "Pinto","App::Pinto::Command::roots" => "Pinto","App::Pinto::Command::stacks" => "Pinto","App::Pinto::Command::statistics" => "Pinto","App::Pinto::Command::thanks" => "Pinto","App::Pinto::Command::unlock" => "Pinto","App::Pinto::Command::unpin" => "Pinto","App::Pinto::Command::unregister" => "Pinto","App::Pinto::Command::update" => "Pinto","App::Pinto::Command::verify" => "Pinto","App::Reference" => "App-Context","App::Request" => "App-Context","App::Request::CGI" => "App-Context","App::ResourceLocker" => "App-Context","App::ResourceLocker::IPCLocker" => "App-Context","App::ResourceLocker::IPCSemaphore" => "App-Context","App::Response" => "App-Context","App::Security" => "App-Context","App::Serializer" => "App-Context","App::Serializer::Html" => "App-Context","App::Serializer::Ini" => "App-Context","App::Serializer::Json" => "App-Context","App::Serializer::OneLine" => "App-Context","App::Serializer::Perl" => "App-Context","App::Serializer::Properties" => "App-Context","App::Serializer::Scalar" => "App-Context","App::Serializer::Storable" => "App-Context","App::Serializer::TextArray" => "App-Context","App::Serializer::XMLDumper" => "App-Context","App::Serializer::XMLSimple" => "App-Context","App::Serializer::Xml" => "App-Context","App::Serializer::Yaml" => "App-Context","App::Service" => "App-Context","App::Session" => "App-Context","App::Session::Cookie" => "App-Context","App::Session::HTMLHidden" => "App-Context","App::SessionObject" => "App-Context","App::SharedDatastore" => "App-Context","App::UserAgent" => "App-Context","App::ValueDomain" => "App-Context","App::cpanminus" => "App-cpanminus","App::japerl" => "App-japerl","App::perlall" => "App-perlall","App::revealup" => "App-revealup","App::revealup::base" => "App-revealup","App::revealup::builder" => "App-revealup","App::revealup::cli" => "App-revealup","App::revealup::cli::export" => "App-revealup","App::revealup::cli::export::html" => "App-revealup","App::revealup::cli::export::theme" => "App-revealup","App::revealup::cli::serve" => "App-revealup","App::revealup::cli::server" => "App-revealup","App::revealup::cli::theme" => "App-revealup","App::revealup::util" => "App-revealup","Archive::Tar" => "Archive-Tar","Archive::Tar::Constant" => "Archive-Tar","Archive::Tar::File" => "Archive-Tar","Archive::Tar::Std" => "Archive-Tar","Archive::Tar::Std::_io" => "Archive-Tar","Archive::Tar::Win32" => "Archive-Tar","Archive::Tar::_io" => "Archive-Tar","Archive::Unzip::Burst" => "Archive-Unzip-Burst","Archive::Zip" => "Archive-Zip","Archive::Zip::Archive" => "Archive-Zip","Archive::Zip::BufferedFileHandle" => "Archive-Zip","Archive::Zip::DirectoryMember" => "Archive-Zip","Archive::Zip::FileMember" => "Archive-Zip","Archive::Zip::Member" => "Archive-Zip","Archive::Zip::MemberRead" => "Archive-Zip","Archive::Zip::MockFileHandle" => "Archive-Zip","Archive::Zip::NewFileMember" => "Archive-Zip","Archive::Zip::StringMember" => "Archive-Zip","Archive::Zip::Tree" => "Archive-Zip","Archive::Zip::ZipFileMember" => "Archive-Zip","Authen::DigestMD5" => "Authen-DigestMD5","Authen::DigestMD5::Packet" => "Authen-DigestMD5","Authen::DigestMD5::Request" => "Authen-DigestMD5","Authen::DigestMD5::Response" => "Authen-DigestMD5","Authen::SASL" => "Authen-SASL","Authen::SASL::CRAM_MD5" => "Authen-SASL","Authen::SASL::EXTERNAL" => "Authen-SASL","Authen::SASL::Perl" => "Authen-SASL","Authen::SASL::Perl::ANONYMOUS" => "Authen-SASL","Authen::SASL::Perl::CRAM_MD5" => "Authen-SASL","Authen::SASL::Perl::DIGEST_MD5" => "Authen-SASL","Authen::SASL::Perl::EXTERNAL" => "Authen-SASL","Authen::SASL::Perl::GSSAPI" => "Authen-SASL","Authen::SASL::Perl::LOGIN" => "Authen-SASL","Authen::SASL::Perl::Layer" => "Authen-SASL","Authen::SASL::Perl::OAUTHBEARER" => "Authen-SASL","Authen::SASL::Perl::PLAIN" => "Authen-SASL","Authen::SASL::Perl::XOAUTH2" => "Authen-SASL","Axis" => "perl","B" => "perl","B::Concise" => "perl","B::Deparse" => "perl","B::Lint::Plugin::Test" => "perl","B::OBJECT" => "perl","B::Op_private" => "perl","B::Section" => "perl","B::Showlex" => "perl","B::Terse" => "perl","B::Xref" => "perl","BSON::XS" => "BSON-XS","Batch::Batchrun" => "Batch-Batchrun","Batch::Batchrun::BuildFile" => "Batch-Batchrun","Batch::Batchrun::Dbfunctions" => "Batch-Batchrun","Batch::Batchrun::Extract" => "Batch-Batchrun","Batch::Batchrun::Initialize" => "Batch-Batchrun","Batch::Batchrun::Load" => "Batch-Batchrun","Batch::Batchrun::Mail" => "Batch-Batchrun","Batch::Batchrun::ProcessSteps" => "Batch-Batchrun","Batch::Batchrun::Pwlookup" => "Batch-Batchrun","Batch::Batchrun::Retain" => "Batch-Batchrun","Batch::Batchrun::TableFunctions" => "Batch-Batchrun","BeerDB" => "Maypole","BeerDB::Base" => "Maypole","BeerDB::Beer" => "Maypole","BeerDB::Brewery" => "Maypole","BeerDB::Drinker" => "Maypole","Benchmark" => "perl","Bio::DB::GFF::Aggregator::match_gap" => "GBrowse","Bio::DB::GFF::Aggregator::reftranscript" => "GBrowse","Bio::DB::GFF::Aggregator::waba_alignment" => "GBrowse","Bio::DB::GFF::Aggregator::wormbase_gene" => "GBrowse","Bio::DB::SeqFeature::Store::Alias" => "GBrowse","Bio::DB::SeqFeature::Store::Alias::Iterator" => "GBrowse","Bio::DB::SeqFeature::Store::Alias::Segment" => "GBrowse","Bio::DB::SeqFeature::Store::BedLoader" => "GBrowse","Bio::DB::Tagger" => "GBrowse","Bio::DB::Tagger::Iterator" => "GBrowse","Bio::DB::Tagger::Tag" => "GBrowse","Bio::DB::Tagger::mysql" => "GBrowse","Bio::Graphics::Browser2" => "GBrowse","Bio::Graphics::Browser2::Action" => "GBrowse","Bio::Graphics::Browser2::AdminTracks" => "GBrowse","Bio::Graphics::Browser2::AuthorizedFeatureFile" => "GBrowse","Bio::Graphics::Browser2::CAlign" => "GBrowse","Bio::Graphics::Browser2::CachedTrack" => "GBrowse","Bio::Graphics::Browser2::DataBase" => "GBrowse","Bio::Graphics::Browser2::DataLoader" => "GBrowse","Bio::Graphics::Browser2::DataLoader::archive" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bam" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bed" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bigbed" => "GBrowse","Bio::Graphics::Browser2::DataLoader::bigwig" => "GBrowse","Bio::Graphics::Browser2::DataLoader::featurefile" => "GBrowse","Bio::Graphics::Browser2::DataLoader::generic" => "GBrowse","Bio::Graphics::Browser2::DataLoader::gff" => "GBrowse","Bio::Graphics::Browser2::DataLoader::gff3" => "GBrowse","Bio::Graphics::Browser2::DataLoader::sam" => "GBrowse","Bio::Graphics::Browser2::DataLoader::useq" => "GBrowse","Bio::Graphics::Browser2::DataLoader::wig2bigwig" => "GBrowse","Bio::Graphics::Browser2::DataLoader::wiggle" => "GBrowse","Bio::Graphics::Browser2::DataSource" => "GBrowse","Bio::Graphics::Browser2::ExternalData" => "GBrowse","Bio::Graphics::Browser2::GFFhelper" => "GBrowse","Bio::Graphics::Browser2::I18n" => "GBrowse","Bio::Graphics::Browser2::Markup" => "GBrowse","Bio::Graphics::Browser2::MetaDB" => "GBrowse","Bio::Graphics::Browser2::MetaSegment" => "GBrowse","Bio::Graphics::Browser2::MetaSegment::Iterator" => "GBrowse","Bio::Graphics::Browser2::OptionPick" => "GBrowse","Bio::Graphics::Browser2::PadAlignment" => "GBrowse","Bio::Graphics::Browser2::Plugin" => "GBrowse","Bio::Graphics::Browser2::Plugin::AuthPlugin" => "GBrowse","Bio::Graphics::Browser2::PluginSet" => "GBrowse","Bio::Graphics::Browser2::Realign" => "GBrowse","Bio::Graphics::Browser2::Region" => "GBrowse","Bio::Graphics::Browser2::RegionSearch" => "GBrowse","Bio::Graphics::Browser2::RemoteSet" => "GBrowse","Bio::Graphics::Browser2::Render" => "GBrowse","Bio::Graphics::Browser2::Render::HTML" => "GBrowse","Bio::Graphics::Browser2::Render::HTML::TrackListing" => "GBrowse","Bio::Graphics::Browser2::Render::HTML::TrackListing::Categories" => "GBrowse","Bio::Graphics::Browser2::Render::Login" => "GBrowse","Bio::Graphics::Browser2::Render::Slave" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::AWS_Balancer" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::StagingServer" => "GBrowse","Bio::Graphics::Browser2::Render::Slave::Status" => "GBrowse","Bio::Graphics::Browser2::Render::SnapshotManager" => "GBrowse","Bio::Graphics::Browser2::Render::TrackConfig" => "GBrowse","Bio::Graphics::Browser2::RenderPanels" => "GBrowse","Bio::Graphics::Browser2::SendMail" => "GBrowse","Bio::Graphics::Browser2::Session" => "GBrowse","Bio::Graphics::Browser2::Shellwords" => "GBrowse","Bio::Graphics::Browser2::SubtrackTable" => "GBrowse","Bio::Graphics::Browser2::TrackDumper" => "GBrowse","Bio::Graphics::Browser2::TrackDumper::RichSeqMaker" => "GBrowse","Bio::Graphics::Browser2::UserConf" => "GBrowse","Bio::Graphics::Browser2::UserDB" => "GBrowse","Bio::Graphics::Browser2::UserTracks" => "GBrowse","Bio::Graphics::Browser2::UserTracks::Database" => "GBrowse","Bio::Graphics::Browser2::UserTracks::Filesystem" => "GBrowse","Bio::Graphics::Browser2::Util" => "GBrowse","Bio::Graphics::GBrowseFeature" => "GBrowse","Bio::Graphics::Karyotype" => "GBrowse","Bio::Graphics::Wiggle::Loader::Nosample" => "GBrowse","Boost::Graph" => "Boost-Graph","Boost::Graph::Directed" => "Boost-Graph","Boost::Graph::Undirected" => "Boost-Graph","Bundle::Apache" => "mod_perl","Bundle::Apache2" => "mod_perl","Bundle::Apache::ASP" => "Apache-ASP","Bundle::Apache::ASP::Extra" => "Apache-ASP","Bundle::DBD::Pg" => "DBD-Pg","Bundle::DBD::mysql" => "DBD-mysql","Bundle::DBI" => "DBI","Bundle::HTML::EP" => "HTML-EP","Bundle::Image::Info::Everything" => "Image-Info","Bundle::Image::Info::PNG" => "Image-Info","Bundle::Image::Info::SVG" => "Image-Info","Bundle::Image::Info::XBM" => "Image-Info","Bundle::Image::Info::XPM" => "Image-Info","Bundle::LWP" => "libwww-perl","Bundle::Net::LDAP" => "perl-ldap","Bundle::PlRPC" => "PlRPC","CBC" => "Crypt-CBC","CBOR::XS" => "CBOR-XS","CGI" => "CGI","CGI::Application" => "CGI-Application","CGI::Application::Dispatch" => "CGI-Application-Dispatch","CGI::Application::Dispatch::PSGI" => "CGI-Application-Dispatch","CGI::Application::Dispatch::Regexp" => "CGI-Application-Dispatch","CGI::Application::Mailform" => "CGI-Application","CGI::Application::Plugin::AutoRunmode" => "CGI-Application-Plugin-AutoRunmode","CGI::Application::Plugin::AutoRunmode::FileDelegate" => "CGI-Application-Plugin-AutoRunmode","CGI::Application::Plugin::CAPTCHA" => "CGI-Application-Plugin-CAPTCHA","CGI::Application::Plugin::RunmodeDeclare" => "CGI-Application-Plugin-RunmodeDeclare","CGI::Carp" => "CGI","CGI::Cookie" => "CGI","CGI::File::Temp" => "CGI","CGI::HTML::Functions" => "CGI","CGI::Maypole" => "Maypole","CGI::MultipartBuffer" => "CGI","CGI::Pretty" => "CGI","CGI::Push" => "CGI","CGI::Session" => "CGI-Session","CGI::Session::BluePrint" => "CGI-Session","CGI::Session::CookBook" => "CGI-Session","CGI::Session::DB_File" => "CGI-Session","CGI::Session::Driver" => "CGI-Session","CGI::Session::Driver::DBI" => "CGI-Session","CGI::Session::Driver::db_file" => "CGI-Session","CGI::Session::Driver::file" => "CGI-Session","CGI::Session::Driver::mysql" => "CGI-Session","CGI::Session::Driver::postgresql" => "CGI-Session","CGI::Session::Driver::sqlite" => "CGI-Session","CGI::Session::ErrorHandler" => "CGI-Session","CGI::Session::Example" => "CGI-Session","CGI::Session::File" => "CGI-Session","CGI::Session::ID::SHA1" => "CGI-Session","CGI::Session::ID::incr" => "CGI-Session","CGI::Session::ID::md5" => "CGI-Session","CGI::Session::ID::static" => "CGI-Session","CGI::Session::MySQL" => "CGI-Session","CGI::Session::PostgreSQL" => "CGI-Session","CGI::Session::Query" => "CGI-Session","CGI::Session::Serialize::default" => "CGI-Session","CGI::Session::Serialize::freezethaw" => "CGI-Session","CGI::Session::Serialize::json" => "CGI-Session","CGI::Session::Serialize::storable" => "CGI-Session","CGI::Session::Test::Default" => "CGI-Session","CGI::Session::Test::SimpleObjectClass" => "CGI-Session","CGI::Session::Tutorial" => "CGI-Session","CGI::Simple" => "CGI-Simple","CGI::Simple::Cookie" => "CGI-Simple","CGI::Simple::Standard" => "CGI-Simple","CGI::Simple::Util" => "CGI-Simple","CGI::Toggle" => "GBrowse","CGI::Untaint::Maypole" => "Maypole","CGI::Util" => "CGI","CGI::apacheSSI" => "CGI-apacheSSI","CGI::apacheSSI::Gmt" => "CGI-apacheSSI","CGI::apacheSSI::LMOD" => "CGI-apacheSSI","CGI::apacheSSI::Local" => "CGI-apacheSSI","CGI::mod_perl" => "mod_perl","CPAN" => "CPAN","CPAN::Admin" => "CPAN","CPAN::Author" => "CPAN","CPAN::Bundle" => "CPAN","CPAN::CacheMgr" => "CPAN","CPAN::Checksums" => "CPAN-Checksums","CPAN::Complete" => "CPAN","CPAN::Debug" => "CPAN","CPAN::DeferredCode" => "CPAN","CPAN::Distribution" => "CPAN","CPAN::Distroprefs" => "CPAN","CPAN::Distroprefs::Iterator" => "CPAN","CPAN::Distroprefs::Pref" => "CPAN","CPAN::Distroprefs::Result" => "CPAN","CPAN::Distroprefs::Result::Error" => "CPAN","CPAN::Distroprefs::Result::Fatal" => "CPAN","CPAN::Distroprefs::Result::Success" => "CPAN","CPAN::Distroprefs::Result::Warning" => "CPAN","CPAN::Distrostatus" => "CPAN","CPAN::Eval" => "CPAN","CPAN::Exception::RecursiveDependency" => "CPAN","CPAN::Exception::RecursiveDependency::na" => "CPAN","CPAN::Exception::blocked_urllist" => "CPAN","CPAN::Exception::yaml_not_installed" => "CPAN","CPAN::Exception::yaml_process_error" => "CPAN","CPAN::FTP" => "CPAN","CPAN::FTP::netrc" => "CPAN","CPAN::FirstTime" => "CPAN","CPAN::HTTP::Client" => "CPAN","CPAN::HTTP::Credentials" => "CPAN","CPAN::HandleConfig" => "CPAN","CPAN::Index" => "CPAN","CPAN::InfoObj" => "CPAN","CPAN::Kwalify" => "CPAN","CPAN::LWP::UserAgent" => "CPAN","CPAN::Mirrored::By" => "CPAN","CPAN::Mirrors" => "CPAN","CPAN::Module" => "CPAN","CPAN::Nox" => "CPAN","CPAN::Plugin" => "CPAN","CPAN::Plugin::Specfile" => "CPAN","CPAN::Prompt" => "CPAN","CPAN::Queue" => "CPAN","CPAN::Queue::Item" => "CPAN","CPAN::Shell" => "CPAN","CPAN::Tarzip" => "CPAN","CPAN::URL" => "CPAN","CPAN::Version" => "CPAN","Capture::Tiny" => "Capture-Tiny","Catalyst" => "Catalyst-Runtime","Catalyst::Action" => "Catalyst-Runtime","Catalyst::Action::Deserialize" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::Callback" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::JSON" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::JSON::XS" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::View" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::XML::Simple" => "Catalyst-Action-REST","Catalyst::Action::Deserialize::YAML" => "Catalyst-Action-REST","Catalyst::Action::DeserializeMultiPart" => "Catalyst-Action-REST","Catalyst::Action::REST" => "Catalyst-Action-REST","Catalyst::Action::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Action::Serialize" => "Catalyst-Action-REST","Catalyst::Action::Serialize::Callback" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSON" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSON::XS" => "Catalyst-Action-REST","Catalyst::Action::Serialize::JSONP" => "Catalyst-Action-REST","Catalyst::Action::Serialize::View" => "Catalyst-Action-REST","Catalyst::Action::Serialize::XML::Simple" => "Catalyst-Action-REST","Catalyst::Action::Serialize::YAML" => "Catalyst-Action-REST","Catalyst::Action::Serialize::YAML::HTML" => "Catalyst-Action-REST","Catalyst::Action::SerializeBase" => "Catalyst-Action-REST","Catalyst::ActionChain" => "Catalyst-Runtime","Catalyst::ActionContainer" => "Catalyst-Runtime","Catalyst::ActionRole::ConsumesContent" => "Catalyst-Runtime","Catalyst::ActionRole::HTTPMethods" => "Catalyst-Runtime","Catalyst::ActionRole::QueryMatching" => "Catalyst-Runtime","Catalyst::ActionRole::Scheme" => "Catalyst-Runtime","Catalyst::Authentication::Credential::HTTP" => "Catalyst-Authentication-Credential-HTTP","Catalyst::Authentication::Credential::HTTP::Nonce" => "Catalyst-Authentication-Credential-HTTP","Catalyst::Authentication::Store::LDAP" => "Catalyst-Authentication-Store-LDAP","Catalyst::Authentication::Store::LDAP::Backend" => "Catalyst-Authentication-Store-LDAP","Catalyst::Authentication::Store::LDAP::User" => "Catalyst-Authentication-Store-LDAP","Catalyst::Base" => "Catalyst-Runtime","Catalyst::ClassData" => "Catalyst-Runtime","Catalyst::Component" => "Catalyst-Runtime","Catalyst::Component::ApplicationAttribute" => "Catalyst-Runtime","Catalyst::Component::ContextClosure" => "Catalyst-Runtime","Catalyst::Controller" => "Catalyst-Runtime","Catalyst::Controller::Combine" => "Catalyst-Controller-Combine","Catalyst::Controller::REST" => "Catalyst-Action-REST","Catalyst::DispatchType" => "Catalyst-Runtime","Catalyst::DispatchType::Chained" => "Catalyst-Runtime","Catalyst::DispatchType::Default" => "Catalyst-Runtime","Catalyst::DispatchType::Index" => "Catalyst-Runtime","Catalyst::DispatchType::Path" => "Catalyst-Runtime","Catalyst::Dispatcher" => "Catalyst-Runtime","Catalyst::Engine" => "Catalyst-Runtime","Catalyst::Engine::CGI" => "Catalyst-Runtime","Catalyst::Engine::FastCGI" => "Catalyst-Runtime","Catalyst::Engine::HTTP" => "Catalyst-Runtime","Catalyst::Engine::HTTP::Restarter" => "Catalyst-Runtime","Catalyst::Engine::HTTP::Restarter::Watcher" => "Catalyst-Runtime","Catalyst::EngineLoader" => "Catalyst-Runtime","Catalyst::Exception" => "Catalyst-Runtime","Catalyst::Exception::Base" => "Catalyst-Runtime","Catalyst::Exception::Basic" => "Catalyst-Runtime","Catalyst::Exception::Detach" => "Catalyst-Runtime","Catalyst::Exception::Go" => "Catalyst-Runtime","Catalyst::Exception::Interface" => "Catalyst-Runtime","Catalyst::Helper::Controller::Combine" => "Catalyst-Controller-Combine","Catalyst::Log" => "Catalyst-Runtime","Catalyst::Middleware::Stash" => "Catalyst-Runtime","Catalyst::Model" => "Catalyst-Runtime","Catalyst::Plugin::Session" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::State" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Store" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Store::Dummy" => "Catalyst-Plugin-Session","Catalyst::Plugin::Session::Test::Store" => "Catalyst-Plugin-Session","Catalyst::Plugin::Static" => "Catalyst-Plugin-Static","Catalyst::Plugin::Static::Simple" => "Catalyst-Plugin-Static-Simple","Catalyst::Plugin::Unicode::Encoding" => "Catalyst-Runtime","Catalyst::Request" => "Catalyst-Runtime","Catalyst::Request::PartData" => "Catalyst-Runtime","Catalyst::Request::REST" => "Catalyst-Action-REST","Catalyst::Request::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Request::Upload" => "Catalyst-Runtime","Catalyst::Response" => "Catalyst-Runtime","Catalyst::Response::Writer" => "Catalyst-Runtime","Catalyst::Runtime" => "Catalyst-Runtime","Catalyst::Script::CGI" => "Catalyst-Runtime","Catalyst::Script::Create" => "Catalyst-Runtime","Catalyst::Script::FastCGI" => "Catalyst-Runtime","Catalyst::Script::Server" => "Catalyst-Runtime","Catalyst::Script::Test" => "Catalyst-Runtime","Catalyst::ScriptRole" => "Catalyst-Runtime","Catalyst::ScriptRunner" => "Catalyst-Runtime","Catalyst::Stats" => "Catalyst-Runtime","Catalyst::Test" => "Catalyst-Runtime","Catalyst::TraitFor::Request::REST" => "Catalyst-Action-REST","Catalyst::TraitFor::Request::REST::ForBrowsers" => "Catalyst-Action-REST","Catalyst::Utils" => "Catalyst-Runtime","Catalyst::View" => "Catalyst-Runtime","CatalystX::Controller::OpenSearch" => "Search-OpenSearch-Server","Chat::Controllers" => "Squatting","Chat::Views" => "Squatting","Class::Struct" => "perl","Class::Struct::Tie_ISA" => "perl","Clipboard" => "Clipboard","Clipboard::MacPasteboard" => "Clipboard","Clipboard::Pb" => "Clipboard","Clipboard::WaylandClipboard" => "Clipboard","Clipboard::Win32" => "Clipboard","Clipboard::Xclip" => "Clipboard","Clipboard::Xsel" => "Clipboard","Cmd::Dwarf" => "Cmd-Dwarf","Command" => "UR","Command::Common" => "UR","Command::DynamicSubCommands" => "UR","Command::Shell" => "UR","Command::SubCommandFactory" => "UR","Command::Test" => "UR","Command::Test::Echo" => "UR","Command::Test::Tree1" => "UR","Command::Test::Tree1::Echo1" => "UR","Command::Test::Tree1::Echo2" => "UR","Command::Tree" => "UR","Command::V1" => "UR","Command::V2" => "UR","Compress::LZ4" => "Compress-LZ4","Compress::Raw::Bunzip2" => "Compress-Raw-Bzip2","Compress::Raw::Bzip2" => "Compress-Raw-Bzip2","Compress::Raw::Zlib" => "Compress-Raw-Zlib","Compress::Zlib" => "IO-Compress","Concierge::Sessions" => "Concierge-Sessions","Concierge::Sessions::Base" => "Concierge-Sessions","Concierge::Sessions::File" => "Concierge-Sessions","Concierge::Sessions::SQLite" => "Concierge-Sessions","Concierge::Sessions::Session" => "Concierge-Sessions","Config::Extensions" => "perl","Config::IniFiles" => "Config-IniFiles","Config::Model" => "Config-Model","Config::Model::Annotation" => "Config-Model","Config::Model::AnyId" => "Config-Model","Config::Model::AnyThing" => "Config-Model","Config::Model::Backend::Any" => "Config-Model","Config::Model::Backend::CdsFile" => "Config-Model","Config::Model::Backend::Fstab" => "Config-Model","Config::Model::Backend::IniFile" => "Config-Model","Config::Model::Backend::Json" => "Config-Model","Config::Model::Backend::PerlFile" => "Config-Model","Config::Model::Backend::PlainFile" => "Config-Model","Config::Model::Backend::ShellVar" => "Config-Model","Config::Model::BackendMgr" => "Config-Model","Config::Model::BackendTrackOrder" => "Config-Model","Config::Model::CheckList" => "Config-Model","Config::Model::DeprecatedHandle" => "Config-Model","Config::Model::Describe" => "Config-Model","Config::Model::DumpAsData" => "Config-Model","Config::Model::Dumper" => "Config-Model","Config::Model::Exception" => "Config-Model","Config::Model::Exception::AncestorClass" => "Config-Model","Config::Model::Exception::Any" => "Config-Model","Config::Model::Exception::ConfigFile" => "Config-Model","Config::Model::Exception::ConfigFile::Missing" => "Config-Model","Config::Model::Exception::Fatal" => "Config-Model","Config::Model::Exception::Formula" => "Config-Model","Config::Model::Exception::Internal" => "Config-Model","Config::Model::Exception::Load" => "Config-Model","Config::Model::Exception::LoadData" => "Config-Model","Config::Model::Exception::Model" => "Config-Model","Config::Model::Exception::ModelDeclaration" => "Config-Model","Config::Model::Exception::ObsoleteElement" => "Config-Model","Config::Model::Exception::Syntax" => "Config-Model","Config::Model::Exception::UnavailableElement" => "Config-Model","Config::Model::Exception::UnknownElement" => "Config-Model","Config::Model::Exception::UnknownId" => "Config-Model","Config::Model::Exception::User" => "Config-Model","Config::Model::Exception::WarpError" => "Config-Model","Config::Model::Exception::WrongType" => "Config-Model","Config::Model::Exception::WrongValue" => "Config-Model","Config::Model::FuseUI" => "Config-Model","Config::Model::HashId" => "Config-Model","Config::Model::IdElementReference" => "Config-Model","Config::Model::Instance" => "Config-Model","Config::Model::Iterator" => "Config-Model","Config::Model::ListId" => "Config-Model","Config::Model::Lister" => "Config-Model","Config::Model::Loader" => "Config-Model","Config::Model::Node" => "Config-Model","Config::Model::ObjTreeScanner" => "Config-Model","Config::Model::Report" => "Config-Model","Config::Model::Role::ComputeFunction" => "Config-Model","Config::Model::Role::Constants" => "Config-Model","Config::Model::Role::FileHandler" => "Config-Model","Config::Model::Role::Grab" => "Config-Model","Config::Model::Role::HelpAsText" => "Config-Model","Config::Model::Role::NodeLoader" => "Config-Model","Config::Model::Role::Utils" => "Config-Model","Config::Model::Role::WarpMaster" => "Config-Model","Config::Model::SearchElement" => "Config-Model","Config::Model::SimpleUI" => "Config-Model","Config::Model::TermUI" => "Config-Model","Config::Model::TreeSearcher" => "Config-Model","Config::Model::TypeConstraints" => "Config-Model","Config::Model::Utils::GenClassPod" => "Config-Model","Config::Model::Value" => "Config-Model","Config::Model::Value::LayeredInclude" => "Config-Model","Config::Model::Value::Update" => "Config-Model","Config::Model::Value::UpdateFromFile" => "Config-Model","Config::Model::ValueComputer" => "Config-Model","Config::Model::WarpedNode" => "Config-Model","Config::Model::Warper" => "Config-Model","Convert::ASN1" => "Convert-ASN1","Convert::UUlib" => "Convert-UUlib","CouchWiki" => "Squatting","CouchWiki::Controllers" => "Squatting","CouchWiki::Models" => "Squatting","CouchWiki::Views" => "Squatting","Counter::Controllers" => "Squatting","Cpanel::JSON::XS" => "Cpanel-JSON-XS","Cpanel::JSON::XS::Type" => "Cpanel-JSON-XS","Crypt::AuthEnc" => "CryptX","Crypt::AuthEnc::CCM" => "CryptX","Crypt::AuthEnc::ChaCha20Poly1305" => "CryptX","Crypt::AuthEnc::EAX" => "CryptX","Crypt::AuthEnc::GCM" => "CryptX","Crypt::AuthEnc::OCB" => "CryptX","Crypt::CBC" => "Crypt-CBC","Crypt::CBC::PBKDF" => "Crypt-CBC","Crypt::CBC::PBKDF::none" => "Crypt-CBC","Crypt::CBC::PBKDF::opensslv1" => "Crypt-CBC","Crypt::CBC::PBKDF::opensslv2" => "Crypt-CBC","Crypt::CBC::PBKDF::pbkdf2" => "Crypt-CBC","Crypt::CBC::PBKDF::randomiv" => "Crypt-CBC","Crypt::Checksum" => "CryptX","Crypt::Checksum::Adler32" => "CryptX","Crypt::Checksum::CRC32" => "CryptX","Crypt::Cipher" => "CryptX","Crypt::Cipher::AES" => "CryptX","Crypt::Cipher::Anubis" => "CryptX","Crypt::Cipher::Blowfish" => "CryptX","Crypt::Cipher::CAST5" => "CryptX","Crypt::Cipher::Camellia" => "CryptX","Crypt::Cipher::DES" => "CryptX","Crypt::Cipher::DES_EDE" => "CryptX","Crypt::Cipher::IDEA" => "CryptX","Crypt::Cipher::KASUMI" => "CryptX","Crypt::Cipher::Khazad" => "CryptX","Crypt::Cipher::MULTI2" => "CryptX","Crypt::Cipher::Noekeon" => "CryptX","Crypt::Cipher::RC2" => "CryptX","Crypt::Cipher::RC5" => "CryptX","Crypt::Cipher::RC6" => "CryptX","Crypt::Cipher::SAFERP" => "CryptX","Crypt::Cipher::SAFER_K128" => "CryptX","Crypt::Cipher::SAFER_K64" => "CryptX","Crypt::Cipher::SAFER_SK128" => "CryptX","Crypt::Cipher::SAFER_SK64" => "CryptX","Crypt::Cipher::SEED" => "CryptX","Crypt::Cipher::Serpent" => "CryptX","Crypt::Cipher::Skipjack" => "CryptX","Crypt::Cipher::Twofish" => "CryptX","Crypt::Cipher::XTEA" => "CryptX","Crypt::DSA" => "Crypt-DSA","Crypt::DSA::Key" => "Crypt-DSA","Crypt::DSA::Key::PEM" => "Crypt-DSA","Crypt::DSA::Key::SSH2" => "Crypt-DSA","Crypt::DSA::KeyChain" => "Crypt-DSA","Crypt::DSA::Signature" => "Crypt-DSA","Crypt::DSA::Util" => "Crypt-DSA","Crypt::Digest" => "CryptX","Crypt::Digest::BLAKE2b_160" => "CryptX","Crypt::Digest::BLAKE2b_256" => "CryptX","Crypt::Digest::BLAKE2b_384" => "CryptX","Crypt::Digest::BLAKE2b_512" => "CryptX","Crypt::Digest::BLAKE2s_128" => "CryptX","Crypt::Digest::BLAKE2s_160" => "CryptX","Crypt::Digest::BLAKE2s_224" => "CryptX","Crypt::Digest::BLAKE2s_256" => "CryptX","Crypt::Digest::CHAES" => "CryptX","Crypt::Digest::Keccak224" => "CryptX","Crypt::Digest::Keccak256" => "CryptX","Crypt::Digest::Keccak384" => "CryptX","Crypt::Digest::Keccak512" => "CryptX","Crypt::Digest::MD2" => "CryptX","Crypt::Digest::MD4" => "CryptX","Crypt::Digest::MD5" => "CryptX","Crypt::Digest::RIPEMD128" => "CryptX","Crypt::Digest::RIPEMD160" => "CryptX","Crypt::Digest::RIPEMD256" => "CryptX","Crypt::Digest::RIPEMD320" => "CryptX","Crypt::Digest::SHA1" => "CryptX","Crypt::Digest::SHA224" => "CryptX","Crypt::Digest::SHA256" => "CryptX","Crypt::Digest::SHA384" => "CryptX","Crypt::Digest::SHA3_224" => "CryptX","Crypt::Digest::SHA3_256" => "CryptX","Crypt::Digest::SHA3_384" => "CryptX","Crypt::Digest::SHA3_512" => "CryptX","Crypt::Digest::SHA512" => "CryptX","Crypt::Digest::SHA512_224" => "CryptX","Crypt::Digest::SHA512_256" => "CryptX","Crypt::Digest::SHAKE" => "CryptX","Crypt::Digest::Tiger192" => "CryptX","Crypt::Digest::Whirlpool" => "CryptX","Crypt::JWT" => "Crypt-JWT","Crypt::KeyDerivation" => "CryptX","Crypt::KeyWrap" => "Crypt-JWT","Crypt::Mac" => "CryptX","Crypt::Mac::BLAKE2b" => "CryptX","Crypt::Mac::BLAKE2s" => "CryptX","Crypt::Mac::F9" => "CryptX","Crypt::Mac::HMAC" => "CryptX","Crypt::Mac::OMAC" => "CryptX","Crypt::Mac::PMAC" => "CryptX","Crypt::Mac::Pelican" => "CryptX","Crypt::Mac::Poly1305" => "CryptX","Crypt::Mac::XCBC" => "CryptX","Crypt::Misc" => "CryptX","Crypt::Mode" => "CryptX","Crypt::Mode::CBC" => "CryptX","Crypt::Mode::CFB" => "CryptX","Crypt::Mode::CTR" => "CryptX","Crypt::Mode::ECB" => "CryptX","Crypt::Mode::OFB" => "CryptX","Crypt::NaCl::Sodium" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::aead" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::auth" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::box" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::generichash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::hash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::onetimeauth" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::pwhash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::scalarmult" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::secretbox" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::shorthash" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::sign" => "Crypt-NaCl-Sodium","Crypt::NaCl::Sodium::stream" => "Crypt-NaCl-Sodium","Crypt::OpenSSL::DSA" => "Crypt-OpenSSL-DSA","Crypt::OpenSSL::RSA" => "Crypt-OpenSSL-RSA","Crypt::PK" => "CryptX","Crypt::PK::DH" => "CryptX","Crypt::PK::DSA" => "CryptX","Crypt::PK::ECC" => "CryptX","Crypt::PK::Ed25519" => "CryptX","Crypt::PK::RSA" => "CryptX","Crypt::PK::X25519" => "CryptX","Crypt::PRNG" => "CryptX","Crypt::PRNG::ChaCha20" => "CryptX","Crypt::PRNG::Fortuna" => "CryptX","Crypt::PRNG::RC4" => "CryptX","Crypt::PRNG::Sober128" => "CryptX","Crypt::PRNG::Yarrow" => "CryptX","Crypt::Passwd::XS" => "Crypt-Passwd-XS","Crypt::Perl" => "Crypt-Perl","Crypt::Perl::ASN1" => "Crypt-Perl","Crypt::Perl::ASN1::BitString" => "Crypt-Perl","Crypt::Perl::ASN1::Encodee" => "Crypt-Perl","Crypt::Perl::ASN1::Signatures" => "Crypt-Perl","Crypt::Perl::BigInt" => "Crypt-Perl","Crypt::Perl::ECDSA" => "Crypt-Perl","Crypt::Perl::ECDSA::Deterministic" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::Curve" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::CurvesDB" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::DB" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::FieldElement" => "Crypt-Perl","Crypt::Perl::ECDSA::EC::Point" => "Crypt-Perl","Crypt::Perl::ECDSA::ECParameters" => "Crypt-Perl","Crypt::Perl::ECDSA::EncodedPoint" => "Crypt-Perl","Crypt::Perl::ECDSA::Generate" => "Crypt-Perl","Crypt::Perl::ECDSA::KeyBase" => "Crypt-Perl","Crypt::Perl::ECDSA::Math" => "Crypt-Perl","Crypt::Perl::ECDSA::NIST" => "Crypt-Perl","Crypt::Perl::ECDSA::Parse" => "Crypt-Perl","Crypt::Perl::ECDSA::PrivateKey" => "Crypt-Perl","Crypt::Perl::ECDSA::PublicKey" => "Crypt-Perl","Crypt::Perl::ECDSA::Utils" => "Crypt-Perl","Crypt::Perl::Ed25519" => "Crypt-Perl","Crypt::Perl::Ed25519::KeyBase" => "Crypt-Perl","Crypt::Perl::Ed25519::Math" => "Crypt-Perl","Crypt::Perl::Ed25519::Parse" => "Crypt-Perl","Crypt::Perl::Ed25519::PrivateKey" => "Crypt-Perl","Crypt::Perl::Ed25519::PublicKey" => "Crypt-Perl","Crypt::Perl::JWK" => "Crypt-Perl","Crypt::Perl::KeyBase" => "Crypt-Perl","Crypt::Perl::Math" => "Crypt-Perl","Crypt::Perl::PK" => "Crypt-Perl","Crypt::Perl::PKCS10" => "Crypt-Perl","Crypt::Perl::PKCS10::ASN1" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute::challengePassword" => "Crypt-Perl","Crypt::Perl::PKCS10::Attribute::extensionRequest" => "Crypt-Perl","Crypt::Perl::PKCS10::Attributes" => "Crypt-Perl","Crypt::Perl::PKCS8" => "Crypt-Perl","Crypt::Perl::RNG" => "Crypt-Perl","Crypt::Perl::RSA" => "Crypt-Perl","Crypt::Perl::RSA::Generate" => "Crypt-Perl","Crypt::Perl::RSA::KeyBase" => "Crypt-Perl","Crypt::Perl::RSA::PKCS1_v1_5" => "Crypt-Perl","Crypt::Perl::RSA::Parse" => "Crypt-Perl","Crypt::Perl::RSA::PrivateKey" => "Crypt-Perl","Crypt::Perl::RSA::PublicKey" => "Crypt-Perl","Crypt::Perl::RSA::Template" => "Crypt-Perl","Crypt::Perl::ToDER" => "Crypt-Perl","Crypt::Perl::X" => "Crypt-Perl","Crypt::Perl::X509::Extension" => "Crypt-Perl","Crypt::Perl::X509::Extension::acmeValidation_v1" => "Crypt-Perl","Crypt::Perl::X509::Extension::authorityInfoAccess" => "Crypt-Perl","Crypt::Perl::X509::Extension::authorityKeyIdentifier" => "Crypt-Perl","Crypt::Perl::X509::Extension::basicConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::cRLDistributionPoints" => "Crypt-Perl","Crypt::Perl::X509::Extension::certificatePolicies" => "Crypt-Perl","Crypt::Perl::X509::Extension::ct_precert_poison" => "Crypt-Perl","Crypt::Perl::X509::Extension::ct_precert_scts" => "Crypt-Perl","Crypt::Perl::X509::Extension::extKeyUsage" => "Crypt-Perl","Crypt::Perl::X509::Extension::freshestCRL" => "Crypt-Perl","Crypt::Perl::X509::Extension::inhibitAnyPolicy" => "Crypt-Perl","Crypt::Perl::X509::Extension::issuerAltName" => "Crypt-Perl","Crypt::Perl::X509::Extension::keyUsage" => "Crypt-Perl","Crypt::Perl::X509::Extension::nameConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::noCheck" => "Crypt-Perl","Crypt::Perl::X509::Extension::policyConstraints" => "Crypt-Perl","Crypt::Perl::X509::Extension::policyMappings" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectAltName" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectDirectoryAttributes" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectInfoAccess" => "Crypt-Perl","Crypt::Perl::X509::Extension::subjectKeyIdentifier" => "Crypt-Perl","Crypt::Perl::X509::Extension::tlsFeature" => "Crypt-Perl","Crypt::Perl::X509::Extensions" => "Crypt-Perl","Crypt::Perl::X509::GeneralName" => "Crypt-Perl","Crypt::Perl::X509::GeneralNames" => "Crypt-Perl","Crypt::Perl::X509::InfoAccessBase" => "Crypt-Perl","Crypt::Perl::X509::Name" => "Crypt-Perl","Crypt::Perl::X509::RelativeDistinguishedName" => "Crypt-Perl","Crypt::Perl::X509::SCT" => "Crypt-Perl","Crypt::Perl::X509v3" => "Crypt-Perl","Crypt::Perl::X::ASN1::Decode" => "Crypt-Perl","Crypt::Perl::X::ASN1::Encode" => "Crypt-Perl","Crypt::Perl::X::ASN1::Find" => "Crypt-Perl","Crypt::Perl::X::ASN1::Prepare" => "Crypt-Perl","Crypt::Perl::X::Base" => "Crypt-Perl","Crypt::Perl::X::ECDSA::CharacteristicTwoUnsupported" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForNISTName" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForName" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForOID" => "Crypt-Perl","Crypt::Perl::X::ECDSA::NoCurveForParameters" => "Crypt-Perl","Crypt::Perl::X::Generic" => "Crypt-Perl","Crypt::Perl::X::InvalidJWK" => "Crypt-Perl","Crypt::Perl::X::TooLongToSign" => "Crypt-Perl","Crypt::Perl::X::UnknownHash" => "Crypt-Perl","Crypt::Perl::X::UnknownJWKkty" => "Crypt-Perl","Crypt::Primes" => "Crypt-Primes","Crypt::Random" => "Crypt-Random","Crypt::Random::Generator" => "Crypt-Random","Crypt::Random::Provider::File" => "Crypt-Random","Crypt::Random::Provider::Win32API" => "Crypt-Random","Crypt::Random::Provider::devrandom" => "Crypt-Random","Crypt::Random::Provider::devurandom" => "Crypt-Random","Crypt::Random::Provider::egd" => "Crypt-Random","Crypt::Random::Provider::rand" => "Crypt-Random","Crypt::Random::Source" => "Crypt-Random-Source","Crypt::Random::Source::Base" => "Crypt-Random-Source","Crypt::Random::Source::Base::File" => "Crypt-Random-Source","Crypt::Random::Source::Base::Handle" => "Crypt-Random-Source","Crypt::Random::Source::Base::Proc" => "Crypt-Random-Source","Crypt::Random::Source::Base::RandomDevice" => "Crypt-Random-Source","Crypt::Random::Source::Factory" => "Crypt-Random-Source","Crypt::Random::Source::Strong" => "Crypt-Random-Source","Crypt::Random::Source::Strong::devrandom" => "Crypt-Random-Source","Crypt::Random::Source::Weak" => "Crypt-Random-Source","Crypt::Random::Source::Weak::devurandom" => "Crypt-Random-Source","Crypt::RandomEncryption" => "Crypt-RandomEncryption","Crypt::Salt" => "Crypt-Salt","Crypt::Sodium::XS" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Base" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Base64" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Core" => "Crypt-Sodium-XS","Crypt::Sodium::XS::MemVault" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::Base" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::aead" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::auth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::box" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::curve25519" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::generichash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::hash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::hkdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::ipcrypt" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::kdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::kx" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::onetimeauth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::pwhash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::scalarmult" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::secretbox" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::secretstream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::shorthash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::sign" => "Crypt-Sodium-XS","Crypt::Sodium::XS::OO::stream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::ProtMem" => "Crypt-Sodium-XS","Crypt::Sodium::XS::Util" => "Crypt-Sodium-XS","Crypt::Sodium::XS::aead" => "Crypt-Sodium-XS","Crypt::Sodium::XS::auth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::box" => "Crypt-Sodium-XS","Crypt::Sodium::XS::curve25519" => "Crypt-Sodium-XS","Crypt::Sodium::XS::generichash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::hash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::hkdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::ipcrypt" => "Crypt-Sodium-XS","Crypt::Sodium::XS::kdf" => "Crypt-Sodium-XS","Crypt::Sodium::XS::kx" => "Crypt-Sodium-XS","Crypt::Sodium::XS::onetimeauth" => "Crypt-Sodium-XS","Crypt::Sodium::XS::pwhash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::scalarmult" => "Crypt-Sodium-XS","Crypt::Sodium::XS::secretbox" => "Crypt-Sodium-XS","Crypt::Sodium::XS::secretstream" => "Crypt-Sodium-XS","Crypt::Sodium::XS::shorthash" => "Crypt-Sodium-XS","Crypt::Sodium::XS::sign" => "Crypt-Sodium-XS","Crypt::Sodium::XS::stream" => "Crypt-Sodium-XS","Crypt::Stream::ChaCha" => "CryptX","Crypt::Stream::RC4" => "CryptX","Crypt::Stream::Rabbit" => "CryptX","Crypt::Stream::Salsa20" => "CryptX","Crypt::Stream::Sober128" => "CryptX","Crypt::Stream::Sosemanuk" => "CryptX","Crypt::SysRandom::XS" => "Crypt-SysRandom-XS","Crypt::URandom" => "Crypt-URandom","CryptX" => "CryptX","Cwd" => "PathTools","DBD::DBM" => "DBI","DBD::DBM::Statement" => "DBI","DBD::DBM::Table" => "DBI","DBD::DBM::db" => "DBI","DBD::DBM::dr" => "DBI","DBD::DBM::st" => "DBI","DBD::ExampleP" => "DBI","DBD::ExampleP::db" => "DBI","DBD::ExampleP::dr" => "DBI","DBD::ExampleP::st" => "DBI","DBD::File" => "DBI","DBD::File::DataSource::File" => "DBI","DBD::File::DataSource::Stream" => "DBI","DBD::File::Statement" => "DBI","DBD::File::Table" => "DBI","DBD::File::TableSource::FileSystem" => "DBI","DBD::File::db" => "DBI","DBD::File::dr" => "DBI","DBD::File::st" => "DBI","DBD::Gofer" => "DBI","DBD::Gofer::Policy::Base" => "DBI","DBD::Gofer::Policy::classic" => "DBI","DBD::Gofer::Policy::pedantic" => "DBI","DBD::Gofer::Policy::rush" => "DBI","DBD::Gofer::Transport::Base" => "DBI","DBD::Gofer::Transport::corostream" => "DBI","DBD::Gofer::Transport::null" => "DBI","DBD::Gofer::Transport::pipeone" => "DBI","DBD::Gofer::Transport::stream" => "DBI","DBD::Gofer::db" => "DBI","DBD::Gofer::dr" => "DBI","DBD::Gofer::st" => "DBI","DBD::MariaDB" => "DBD-MariaDB","DBD::Mem" => "DBI","DBD::Mem::DataSource" => "DBI","DBD::Mem::Statement" => "DBI","DBD::Mem::Table" => "DBI","DBD::Mem::db" => "DBI","DBD::Mem::dr" => "DBI","DBD::Mem::st" => "DBI","DBD::NullP" => "DBI","DBD::NullP::db" => "DBI","DBD::NullP::dr" => "DBI","DBD::NullP::st" => "DBI","DBD::Pg" => "DBD-Pg","DBD::Proxy" => "DBI","DBD::Proxy::RPC::PlClient" => "DBI","DBD::Proxy::db" => "DBI","DBD::Proxy::dr" => "DBI","DBD::Proxy::st" => "DBI","DBD::SQLite" => "DBD-SQLite","DBD::SQLite::Constants" => "DBD-SQLite","DBD::SQLite::GetInfo" => "DBD-SQLite","DBD::SQLite::VirtualTable" => "DBD-SQLite","DBD::SQLite::VirtualTable::Cursor" => "DBD-SQLite","DBD::SQLite::VirtualTable::FileContent" => "DBD-SQLite","DBD::SQLite::VirtualTable::FileContent::Cursor" => "DBD-SQLite","DBD::SQLite::VirtualTable::PerlData" => "DBD-SQLite","DBD::SQLite::VirtualTable::PerlData::Cursor" => "DBD-SQLite","DBD::Sponge" => "DBI","DBD::Sponge::db" => "DBI","DBD::Sponge::dr" => "DBI","DBD::Sponge::st" => "DBI","DBD::mysql" => "DBD-mysql","DBD::mysql::GetInfo" => "DBD-mysql","DBD::mysql::db" => "DBD-mysql","DBD::mysql::dr" => "DBD-mysql","DBD::mysql::st" => "DBD-mysql","DBD::mysqlPP" => "DBD-mysqlPP","DBD::mysqlPP::db" => "DBD-mysqlPP","DBD::mysqlPP::dr" => "DBD-mysqlPP","DBD::mysqlPP::st" => "DBD-mysqlPP","DBDI" => "DBI","DBI" => "DBI","DBI::Const::GetInfo::ANSI" => "DBI","DBI::Const::GetInfo::ODBC" => "DBI","DBI::Const::GetInfoReturn" => "DBI","DBI::Const::GetInfoType" => "DBI","DBI::DBD" => "DBI","DBI::DBD::Metadata" => "DBI","DBI::DBD::SqlEngine" => "DBI","DBI::DBD::SqlEngine::DataSource" => "DBI","DBI::DBD::SqlEngine::Statement" => "DBI","DBI::DBD::SqlEngine::Table" => "DBI","DBI::DBD::SqlEngine::TableSource" => "DBI","DBI::DBD::SqlEngine::TieMeta" => "DBI","DBI::DBD::SqlEngine::TieTables" => "DBI","DBI::DBD::SqlEngine::db" => "DBI","DBI::DBD::SqlEngine::dr" => "DBI","DBI::DBD::SqlEngine::st" => "DBI","DBI::FAQ" => "DBI","DBI::Gofer::Execute" => "DBI","DBI::Gofer::Request" => "DBI","DBI::Gofer::Response" => "DBI","DBI::Gofer::Serializer::Base" => "DBI","DBI::Gofer::Serializer::DataDumper" => "DBI","DBI::Gofer::Serializer::Storable" => "DBI","DBI::Gofer::Transport::Base" => "DBI","DBI::Gofer::Transport::pipeone" => "DBI","DBI::Gofer::Transport::stream" => "DBI","DBI::Library" => "MySQL-Admin","DBI::Library::Database" => "MySQL-Admin","DBI::Library::Database::db" => "MySQL-Admin","DBI::Library::Database::st" => "MySQL-Admin","DBI::Library::db" => "MySQL-Admin","DBI::Library::st" => "MySQL-Admin","DBI::Profile" => "DBI","DBI::ProfileData" => "DBI","DBI::ProfileDumper" => "DBI","DBI::ProfileDumper::Apache" => "DBI","DBI::ProfileSubs" => "DBI","DBI::ProxyServer" => "DBI","DBI::ProxyServer::db" => "DBI","DBI::ProxyServer::dr" => "DBI","DBI::ProxyServer::st" => "DBI","DBI::SQL::Nano" => "DBI","DBI::SQL::Nano::Statement_" => "DBI","DBI::SQL::Nano::Table_" => "DBI","DBI::Util::CacheMemory" => "DBI","DBI::Util::_accessor" => "DBI","DBI::common" => "DBI","DBIx::Class::EncodedColumn" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt::Eksblowfish::Bcrypt" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Crypt::OpenPGP" => "DBIx-Class-EncodedColumn","DBIx::Class::EncodedColumn::Digest" => "DBIx-Class-EncodedColumn","DBIx::Class::Valiant" => "Valiant","DBIx::Class::Valiant::Result" => "Valiant","DBIx::Class::Valiant::Result::HTML::FormFields" => "Valiant","DBIx::Class::Valiant::ResultSet" => "Valiant","DBIx::Class::Valiant::Util::Exception" => "Valiant","DBIx::Class::Valiant::Util::Exception::BadParameterFK" => "Valiant","DBIx::Class::Valiant::Util::Exception::BadParameters" => "Valiant","DBIx::Class::Valiant::Util::Exception::TooManyRows" => "Valiant","DBIx::Class::Valiant::Validates" => "Valiant","DBIx::Class::Valiant::Validator::Result" => "Valiant","DBIx::Class::Valiant::Validator::ResultSet" => "Valiant","DBIx::Class::Valiant::Validator::SetSize" => "Valiant","DBIx::Custom" => "DBIx-Custom","DBIx::Custom::Mapper" => "DBIx-Custom","DBIx::Custom::Model" => "DBIx-Custom","DBIx::Custom::NotExists" => "DBIx-Custom","DBIx::Custom::Order" => "DBIx-Custom","DBIx::Custom::Query" => "DBIx-Custom","DBIx::Custom::Result" => "DBIx-Custom","DBIx::Custom::Util" => "DBIx-Custom","DBIx::Custom::Where" => "DBIx-Custom","DBIx::Otogiri" => "Otogiri","DBIx::Otogiri::Iterator" => "Otogiri","DBM_Filter" => "perl","DBM_Filter::compress" => "perl","DBM_Filter::encode" => "perl","DBM_Filter::int32" => "perl","DBM_Filter::null" => "perl","DBM_Filter::utf8" => "perl","Dancer" => "Dancer","Dancer2" => "Dancer2","Dancer2::CLI" => "Dancer2","Dancer2::CLI::Command::gen" => "Dancer2","Dancer2::CLI::Command::version" => "Dancer2","Dancer2::CLI::Gen" => "Dancer2","Dancer2::CLI::Version" => "Dancer2","Dancer2::ConfigReader" => "Dancer2","Dancer2::ConfigReader::Config::Any" => "Dancer2","Dancer2::ConfigUtils" => "Dancer2","Dancer2::Core" => "Dancer2","Dancer2::Core::App" => "Dancer2","Dancer2::Core::Cookie" => "Dancer2","Dancer2::Core::DSL" => "Dancer2","Dancer2::Core::Dispatcher" => "Dancer2","Dancer2::Core::Error" => "Dancer2","Dancer2::Core::Factory" => "Dancer2","Dancer2::Core::HTTP" => "Dancer2","Dancer2::Core::Hook" => "Dancer2","Dancer2::Core::MIME" => "Dancer2","Dancer2::Core::Request" => "Dancer2","Dancer2::Core::Request::Upload" => "Dancer2","Dancer2::Core::Response" => "Dancer2","Dancer2::Core::Response::Delayed" => "Dancer2","Dancer2::Core::Role::ConfigReader" => "Dancer2","Dancer2::Core::Role::DSL" => "Dancer2","Dancer2::Core::Role::Engine" => "Dancer2","Dancer2::Core::Role::Handler" => "Dancer2","Dancer2::Core::Role::HasConfig" => "Dancer2","Dancer2::Core::Role::HasEnvironment" => "Dancer2","Dancer2::Core::Role::HasLocation" => "Dancer2","Dancer2::Core::Role::Hookable" => "Dancer2","Dancer2::Core::Role::Logger" => "Dancer2","Dancer2::Core::Role::Serializer" => "Dancer2","Dancer2::Core::Role::SessionFactory" => "Dancer2","Dancer2::Core::Role::SessionFactory::File" => "Dancer2","Dancer2::Core::Role::StandardResponses" => "Dancer2","Dancer2::Core::Role::Template" => "Dancer2","Dancer2::Core::Route" => "Dancer2","Dancer2::Core::Runner" => "Dancer2","Dancer2::Core::Session" => "Dancer2","Dancer2::Core::Time" => "Dancer2","Dancer2::Core::Types" => "Dancer2","Dancer2::FileUtils" => "Dancer2","Dancer2::Handler::AutoPage" => "Dancer2","Dancer2::Handler::File" => "Dancer2","Dancer2::Logger::Capture" => "Dancer2","Dancer2::Logger::Capture::Trap" => "Dancer2","Dancer2::Logger::Console" => "Dancer2","Dancer2::Logger::Diag" => "Dancer2","Dancer2::Logger::File" => "Dancer2","Dancer2::Logger::Note" => "Dancer2","Dancer2::Logger::Null" => "Dancer2","Dancer2::Plugin" => "Dancer2","Dancer2::Serializer::Dumper" => "Dancer2","Dancer2::Serializer::JSON" => "Dancer2","Dancer2::Serializer::Mutable" => "Dancer2","Dancer2::Serializer::YAML" => "Dancer2","Dancer2::Session::Simple" => "Dancer2","Dancer2::Session::YAML" => "Dancer2","Dancer2::Template::Implementation::ForkedTiny" => "Dancer2","Dancer2::Template::TemplateToolkit" => "Dancer2","Dancer2::Template::Tiny" => "Dancer2","Dancer2::Test" => "Dancer2","Dancer::App" => "Dancer","Dancer::Config" => "Dancer","Dancer::Config::Object" => "Dancer","Dancer::Continuation" => "Dancer","Dancer::Continuation::Halted" => "Dancer","Dancer::Continuation::Route" => "Dancer","Dancer::Continuation::Route::ErrorSent" => "Dancer","Dancer::Continuation::Route::FileSent" => "Dancer","Dancer::Continuation::Route::Forwarded" => "Dancer","Dancer::Continuation::Route::Passed" => "Dancer","Dancer::Continuation::Route::Templated" => "Dancer","Dancer::Cookie" => "Dancer","Dancer::Cookies" => "Dancer","Dancer::Deprecation" => "Dancer","Dancer::Engine" => "Dancer","Dancer::Error" => "Dancer","Dancer::Exception" => "Dancer","Dancer::Exception::Base" => "Dancer","Dancer::Exceptions" => "Dancer","Dancer::Factory::Hook" => "Dancer","Dancer::FileUtils" => "Dancer","Dancer::GetOpt" => "Dancer","Dancer::HTTP" => "Dancer","Dancer::Handler" => "Dancer","Dancer::Handler::Debug" => "Dancer","Dancer::Handler::PSGI" => "Dancer","Dancer::Handler::Standalone" => "Dancer","Dancer::Hook" => "Dancer","Dancer::Hook::Properties" => "Dancer","Dancer::Logger" => "Dancer","Dancer::Logger::Abstract" => "Dancer","Dancer::Logger::Capture" => "Dancer","Dancer::Logger::Capture::Trap" => "Dancer","Dancer::Logger::Console" => "Dancer","Dancer::Logger::Diag" => "Dancer","Dancer::Logger::File" => "Dancer","Dancer::Logger::Note" => "Dancer","Dancer::Logger::Null" => "Dancer","Dancer::MIME" => "Dancer","Dancer::ModuleLoader" => "Dancer","Dancer::Object" => "Dancer","Dancer::Object::Singleton" => "Dancer","Dancer::Plugin" => "Dancer","Dancer::Plugin::Ajax" => "Dancer","Dancer::Renderer" => "Dancer","Dancer::Request" => "Dancer","Dancer::Request::Upload" => "Dancer","Dancer::Response" => "Dancer","Dancer::Route" => "Dancer","Dancer::Route::Cache" => "Dancer","Dancer::Route::Registry" => "Dancer","Dancer::Serializer" => "Dancer","Dancer::Serializer::Abstract" => "Dancer","Dancer::Serializer::Dumper" => "Dancer","Dancer::Serializer::JSON" => "Dancer","Dancer::Serializer::JSONP" => "Dancer","Dancer::Serializer::Mutable" => "Dancer","Dancer::Serializer::XML" => "Dancer","Dancer::Serializer::YAML" => "Dancer","Dancer::Session" => "Dancer","Dancer::Session::Abstract" => "Dancer","Dancer::Session::Simple" => "Dancer","Dancer::Session::YAML" => "Dancer","Dancer::SharedData" => "Dancer","Dancer::Template" => "Dancer","Dancer::Template::Abstract" => "Dancer","Dancer::Template::NetdiscoTemplateToolkit" => "App-Netdisco","Dancer::Template::Simple" => "Dancer","Dancer::Template::TemplateToolkit" => "Dancer","Dancer::Test" => "Dancer","Dancer::Timer" => "Dancer","Data::BytesLocker" => "Crypt-NaCl-Sodium","Data::Dumper" => "Data-Dumper","Data::Entropy" => "Data-Entropy","Data::Entropy::Algorithms" => "Data-Entropy","Data::Entropy::RawSource::CryptCounter" => "Data-Entropy","Data::Entropy::RawSource::Local" => "Data-Entropy","Data::Entropy::RawSource::RandomOrg" => "Data-Entropy","Data::Entropy::RawSource::RandomnumbersInfo" => "Data-Entropy","Data::Entropy::Source" => "Data-Entropy","Data::FormValidator" => "Data-FormValidator","Data::FormValidator::Constraints" => "Data-FormValidator","Data::FormValidator::Constraints::Dates" => "Data-FormValidator","Data::FormValidator::Constraints::RegexpCommon" => "Data-FormValidator","Data::FormValidator::Constraints::Upload" => "Data-FormValidator","Data::FormValidator::ConstraintsFactory" => "Data-FormValidator","Data::FormValidator::Filters" => "Data-FormValidator","Data::FormValidator::Results" => "Data-FormValidator","Data::UUID" => "Data-UUID","Data::Validate::IP" => "Data-Validate-IP","DemoASP" => "Apache-ASP","Devel::PPPort" => "Devel-PPPort","Devel::PatchPerl::Plugin::Asan" => "App-perlall","Devel::PatchPerl::Plugin::Compiler" => "App-perlall","Devel::PatchPerl::Plugin::General" => "App-perlall","Devel::Peek" => "perl","Devel::StackTrace" => "Devel-StackTrace","Devel::StackTrace::Frame" => "Devel-StackTrace","Devel::callsfrom" => "UR","Dezi" => "Dezi","Dezi::Config" => "Dezi","Dezi::Server" => "Dezi","Dezi::Server::About" => "Dezi","Digest" => "Digest","Digest::MD5" => "Digest-MD5","Digest::SHA" => "Digest-SHA","Digest::base" => "Digest","Digest::file" => "Digest","DirHandle" => "perl","Dpkg" => "Dpkg","Dpkg::Arch" => "Dpkg","Dpkg::Archive::Ar" => "Dpkg","Dpkg::Build::Env" => "Dpkg","Dpkg::Build::Info" => "Dpkg","Dpkg::Build::Types" => "Dpkg","Dpkg::BuildAPI" => "Dpkg","Dpkg::BuildDriver" => "Dpkg","Dpkg::BuildDriver::DebianRules" => "Dpkg","Dpkg::BuildEnv" => "Dpkg","Dpkg::BuildFlags" => "Dpkg","Dpkg::BuildInfo" => "Dpkg","Dpkg::BuildOptions" => "Dpkg","Dpkg::BuildProfiles" => "Dpkg","Dpkg::BuildTree" => "Dpkg","Dpkg::BuildTypes" => "Dpkg","Dpkg::Changelog" => "Dpkg","Dpkg::Changelog::Debian" => "Dpkg","Dpkg::Changelog::Entry" => "Dpkg","Dpkg::Changelog::Entry::Debian" => "Dpkg","Dpkg::Changelog::Parse" => "Dpkg","Dpkg::Checksums" => "Dpkg","Dpkg::Compression" => "Dpkg","Dpkg::Compression::FileHandle" => "Dpkg","Dpkg::Compression::Process" => "Dpkg","Dpkg::Conf" => "Dpkg","Dpkg::Control" => "Dpkg","Dpkg::Control::Changelog" => "Dpkg","Dpkg::Control::Fields" => "Dpkg","Dpkg::Control::FieldsCore" => "Dpkg","Dpkg::Control::Hash" => "Dpkg","Dpkg::Control::HashCore" => "Dpkg","Dpkg::Control::HashCore::Tie" => "Dpkg","Dpkg::Control::Info" => "Dpkg","Dpkg::Control::Tests" => "Dpkg","Dpkg::Control::Tests::Entry" => "Dpkg","Dpkg::Control::Types" => "Dpkg","Dpkg::Deps" => "Dpkg","Dpkg::Deps::AND" => "Dpkg","Dpkg::Deps::KnownFacts" => "Dpkg","Dpkg::Deps::Multiple" => "Dpkg","Dpkg::Deps::OR" => "Dpkg","Dpkg::Deps::Simple" => "Dpkg","Dpkg::Deps::Union" => "Dpkg","Dpkg::Dist::Files" => "Dpkg","Dpkg::Email::Address" => "Dpkg","Dpkg::Email::AddressList" => "Dpkg","Dpkg::ErrorHandling" => "Dpkg","Dpkg::Exit" => "Dpkg","Dpkg::File" => "Dpkg","Dpkg::Getopt" => "Dpkg","Dpkg::Gettext" => "Dpkg","Dpkg::IPC" => "Dpkg","Dpkg::Index" => "Dpkg","Dpkg::Interface::Storable" => "Dpkg","Dpkg::Lock" => "Dpkg","Dpkg::OpenPGP" => "Dpkg","Dpkg::OpenPGP::Backend" => "Dpkg","Dpkg::OpenPGP::Backend::GnuPG" => "Dpkg","Dpkg::OpenPGP::Backend::SOP" => "Dpkg","Dpkg::OpenPGP::Backend::Sequoia" => "Dpkg","Dpkg::OpenPGP::ErrorCodes" => "Dpkg","Dpkg::OpenPGP::KeyHandle" => "Dpkg","Dpkg::Package" => "Dpkg","Dpkg::Path" => "Dpkg","Dpkg::Shlibs" => "Dpkg","Dpkg::Shlibs::Cppfilt" => "Dpkg","Dpkg::Shlibs::Objdump" => "Dpkg","Dpkg::Shlibs::Objdump::Object" => "Dpkg","Dpkg::Shlibs::Symbol" => "Dpkg","Dpkg::Shlibs::SymbolFile" => "Dpkg","Dpkg::Source::Archive" => "Dpkg","Dpkg::Source::BinaryFiles" => "Dpkg","Dpkg::Source::Format" => "Dpkg","Dpkg::Source::Functions" => "Dpkg","Dpkg::Source::Package" => "Dpkg","Dpkg::Source::Package::V1" => "Dpkg","Dpkg::Source::Package::V2" => "Dpkg","Dpkg::Source::Package::V3::Bzr" => "Dpkg","Dpkg::Source::Package::V3::Custom" => "Dpkg","Dpkg::Source::Package::V3::Git" => "Dpkg","Dpkg::Source::Package::V3::Native" => "Dpkg","Dpkg::Source::Package::V3::Quilt" => "Dpkg","Dpkg::Source::Patch" => "Dpkg","Dpkg::Source::Quilt" => "Dpkg","Dpkg::Substvars" => "Dpkg","Dpkg::SysInfo" => "Dpkg","Dpkg::Vars" => "Dpkg","Dpkg::Vendor" => "Dpkg","Dpkg::Vendor::Debian" => "Dpkg","Dpkg::Vendor::Default" => "Dpkg","Dpkg::Vendor::Devuan" => "Dpkg","Dpkg::Vendor::PureOS" => "Dpkg","Dpkg::Vendor::Ubuntu" => "Dpkg","Dpkg::Version" => "Dpkg","Dwarf" => "Cmd-Dwarf","EV::Hiredis" => "EV-Hiredis","Elive" => "Elive","Elive::Connection" => "Elive","Elive::Connection::SDK" => "Elive","Elive::DAO" => "Elive","Elive::DAO::Array" => "Elive","Elive::DAO::Singleton" => "Elive","Elive::DAO::_Base" => "Elive","Elive::Entity" => "Elive","Elive::Entity::Group" => "Elive","Elive::Entity::Group::Members" => "Elive","Elive::Entity::InvitedGuest" => "Elive","Elive::Entity::Meeting" => "Elive","Elive::Entity::MeetingParameters" => "Elive","Elive::Entity::Participant" => "Elive","Elive::Entity::ParticipantList" => "Elive","Elive::Entity::Participants" => "Elive","Elive::Entity::Preload" => "Elive","Elive::Entity::Preloads" => "Elive","Elive::Entity::Recording" => "Elive","Elive::Entity::Report" => "Elive","Elive::Entity::Role" => "Elive","Elive::Entity::ServerDetails" => "Elive","Elive::Entity::ServerParameters" => "Elive","Elive::Entity::Session" => "Elive","Elive::Entity::User" => "Elive","Elive::Util" => "Elive","Elive::Util::Type" => "Elive","Elive::View::Session" => "Elive","Email::Address" => "Email-Address","Email::MIME" => "Email-MIME","Email::MIME::Creator" => "Email-MIME","Email::MIME::Encode" => "Email-MIME","Email::MIME::Header" => "Email-MIME","Email::MIME::Header::AddressList" => "Email-MIME","Email::MIME::Modifier" => "Email-MIME","EnableModule" => "perl","Encode" => "Encode","Encode::Alias" => "Encode","Encode::Byte" => "Encode","Encode::CJKConstants" => "Encode","Encode::CN" => "Encode","Encode::CN::HZ" => "Encode","Encode::Config" => "Encode","Encode::EBCDIC" => "Encode","Encode::Encoder" => "Encode","Encode::Encoding" => "Encode","Encode::GSM0338" => "Encode","Encode::Guess" => "Encode","Encode::Internal" => "Encode","Encode::JP" => "Encode","Encode::JP::H2Z" => "Encode","Encode::JP::JIS7" => "Encode","Encode::KR" => "Encode","Encode::KR::2022_KR" => "Encode","Encode::MIME::Header" => "Encode","Encode::MIME::Header::ISO_2022_JP" => "Encode","Encode::MIME::Name" => "Encode","Encode::Symbol" => "Encode","Encode::TW" => "Encode","Encode::UTF_EBCDIC" => "Encode","Encode::Unicode" => "Encode","Encode::Unicode::UTF7" => "Encode","Encode::XS" => "Encode","Encode::utf8" => "Encode","English" => "perl","Example::Controllers" => "Squatting","Example::Views" => "Squatting","ExtUtils::Command" => "ExtUtils-MakeMaker","ExtUtils::Command::MM" => "ExtUtils-MakeMaker","ExtUtils::Embed" => "perl","ExtUtils::Liblist" => "ExtUtils-MakeMaker","ExtUtils::Liblist::Kid" => "ExtUtils-MakeMaker","ExtUtils::MM" => "ExtUtils-MakeMaker","ExtUtils::MM_AIX" => "ExtUtils-MakeMaker","ExtUtils::MM_Any" => "ExtUtils-MakeMaker","ExtUtils::MM_BeOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Cygwin" => "ExtUtils-MakeMaker","ExtUtils::MM_DOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Darwin" => "ExtUtils-MakeMaker","ExtUtils::MM_MacOS" => "ExtUtils-MakeMaker","ExtUtils::MM_NW5" => "ExtUtils-MakeMaker","ExtUtils::MM_OS2" => "ExtUtils-MakeMaker","ExtUtils::MM_OS390" => "ExtUtils-MakeMaker","ExtUtils::MM_QNX" => "ExtUtils-MakeMaker","ExtUtils::MM_UWIN" => "ExtUtils-MakeMaker","ExtUtils::MM_Unix" => "ExtUtils-MakeMaker","ExtUtils::MM_VMS" => "ExtUtils-MakeMaker","ExtUtils::MM_VOS" => "ExtUtils-MakeMaker","ExtUtils::MM_Win32" => "ExtUtils-MakeMaker","ExtUtils::MM_Win95" => "ExtUtils-MakeMaker","ExtUtils::MY" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::Config" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::Locale" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::_version" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::charstar" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version::regex" => "ExtUtils-MakeMaker","ExtUtils::MakeMaker::version::vpp" => "ExtUtils-MakeMaker","ExtUtils::Miniperl" => "perl","ExtUtils::Mkbootstrap" => "ExtUtils-MakeMaker","ExtUtils::Mksymlists" => "ExtUtils-MakeMaker","ExtUtils::ParseXS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Constants" => "ExtUtils-ParseXS","ExtUtils::ParseXS::CountLines" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Eval" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ALIAS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ALIAS_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ATTRS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::BOOT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CASE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CLEANUP" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::CODE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_ARGS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_POD" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_code" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::C_part_postamble" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::EXPORT_XSUB_SYMBOLS" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::FALLBACK" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INCLUDE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INCLUDE_COMMAND" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INIT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INPUT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INPUT_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INTERFACE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::INTERFACE_MACRO" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::IO_Param" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::MODULE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::NOT_IMPLEMENTED_YET" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OUTPUT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OUTPUT_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::OVERLOAD" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::POSTCALL" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PPCODE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PREINIT" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PROTOTYPE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::PROTOTYPES" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Param" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Params" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::REQUIRE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::ReturnType" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::SCOPE" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::Sig" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::TYPEMAP" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::VERSIONCHECK" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::XS_file" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::autocall" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::boot_xsub" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::cleanup_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::code_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::codeblock" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::cpp_scope" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::enable" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::global_cpp_line" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::init_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::input_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::keyline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::keylines" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::multiline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::multiline_merged" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::oneline" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::output_part" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::pre_boot" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::preamble" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xbody" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xsub" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Node::xsub_decl" => "ExtUtils-ParseXS","ExtUtils::ParseXS::Utilities" => "ExtUtils-ParseXS","ExtUtils::Typemaps" => "ExtUtils-ParseXS","ExtUtils::Typemaps::Cmd" => "ExtUtils-ParseXS","ExtUtils::Typemaps::InputMap" => "ExtUtils-ParseXS","ExtUtils::Typemaps::OutputMap" => "ExtUtils-ParseXS","ExtUtils::Typemaps::Type" => "ExtUtils-ParseXS","ExtUtils::XSSymSet" => "perl","ExtUtils::testlib" => "ExtUtils-MakeMaker","FCGI" => "FCGI","FCGI::Stream" => "FCGI","Fake::Encode" => "Fake-Encode","Fake::Our" => "Fake-Our","FakeHomol" => "GBrowse","Fcntl" => "perl","Fh" => "CGI","File::Basename" => "perl","File::Compare" => "perl","File::Copy" => "perl","File::DataClass" => "File-DataClass","File::DataClass::Cache" => "File-DataClass","File::DataClass::Constants" => "File-DataClass","File::DataClass::Exception" => "File-DataClass","File::DataClass::Functions" => "File-DataClass","File::DataClass::IO" => "File-DataClass","File::DataClass::List" => "File-DataClass","File::DataClass::Result" => "File-DataClass","File::DataClass::ResultSet" => "File-DataClass","File::DataClass::ResultSource" => "File-DataClass","File::DataClass::Schema" => "File-DataClass","File::DataClass::Storage" => "File-DataClass","File::DataClass::Storage::Any" => "File-DataClass","File::DataClass::Storage::JSON" => "File-DataClass","File::DataClass::Types" => "File-DataClass","File::DosGlob" => "perl","File::Find" => "perl","File::Find::Rule" => "File-Find-Rule","File::Find::Rule::Test::ATeam" => "File-Find-Rule","File::Glob" => "perl","File::GlobMapper" => "IO-Compress","File::KeePass" => "File-KeePass","File::Path" => "File-Path","File::RandomAccess" => "Image-ExifTool","File::Slurp" => "File-Slurp","File::Spec" => "PathTools","File::Spec::AmigaOS" => "PathTools","File::Spec::Cygwin" => "PathTools","File::Spec::Epoc" => "PathTools","File::Spec::Functions" => "PathTools","File::Spec::Mac" => "PathTools","File::Spec::OS2" => "PathTools","File::Spec::Unix" => "PathTools","File::Spec::VMS" => "PathTools","File::Spec::Win32" => "PathTools","File::Temp" => "File-Temp","File::stat" => "perl","FileCache" => "perl","FileHandle" => "perl","FileSlurp_12" => "File-Slurp","Filesys::SmbClientParser" => "Filesys-SmbClientParser","FindExt" => "perl","GD" => "GD","GD::Group" => "GD","GD::Image" => "GD","GD::Polygon" => "GD","GD::Polyline" => "GD","GD::Simple" => "GD","GDBM_File" => "perl","GPIB" => "GPIB","GPIB::hp33120a" => "GPIB","GPIB::hp3585a" => "GPIB","GPIB::hp59306a" => "GPIB","GPIB::hpe3631a" => "GPIB","GPIB::hpserial" => "GPIB","GPIB::llp" => "GPIB","GPIB::ni" => "GPIB","GPIB::rmt" => "GPIB","Galileo" => "Galileo","Galileo::Admin" => "Galileo","Galileo::Command::dump" => "Galileo","Galileo::Command::setup" => "Galileo","Galileo::DB::Deploy" => "Galileo","Galileo::DB::Schema" => "Galileo","Galileo::DB::Schema::Result::Menu" => "Galileo","Galileo::DB::Schema::Result::Page" => "Galileo","Galileo::DB::Schema::Result::User" => "Galileo","Galileo::File" => "Galileo","Galileo::Menu" => "Galileo","Galileo::Page" => "Galileo","Galileo::Plugin::Deploy" => "Galileo","Galileo::Plugin::Modal" => "Galileo","Galileo::User" => "Galileo","Getopt::Std" => "perl","Git::Raw" => "Git-Raw","Git::Raw::AnnotatedCommit" => "Git-Raw","Git::Raw::Blame" => "Git-Raw","Git::Raw::Blame::Hunk" => "Git-Raw","Git::Raw::Blob" => "Git-Raw","Git::Raw::Branch" => "Git-Raw","Git::Raw::Cert" => "Git-Raw","Git::Raw::Cert::HostKey" => "Git-Raw","Git::Raw::Cert::X509" => "Git-Raw","Git::Raw::Commit" => "Git-Raw","Git::Raw::Config" => "Git-Raw","Git::Raw::Cred" => "Git-Raw","Git::Raw::Diff" => "Git-Raw","Git::Raw::Diff::Delta" => "Git-Raw","Git::Raw::Diff::File" => "Git-Raw","Git::Raw::Diff::Hunk" => "Git-Raw","Git::Raw::Diff::Stats" => "Git-Raw","Git::Raw::Error" => "Git-Raw","Git::Raw::Error::Category" => "Git-Raw","Git::Raw::Filter" => "Git-Raw","Git::Raw::Filter::List" => "Git-Raw","Git::Raw::Filter::Source" => "Git-Raw","Git::Raw::Graph" => "Git-Raw","Git::Raw::Index" => "Git-Raw","Git::Raw::Index::Conflict" => "Git-Raw","Git::Raw::Index::Entry" => "Git-Raw","Git::Raw::Indexer" => "Git-Raw","Git::Raw::Mempack" => "Git-Raw","Git::Raw::Merge::File::Result" => "Git-Raw","Git::Raw::Note" => "Git-Raw","Git::Raw::Object" => "Git-Raw","Git::Raw::Odb" => "Git-Raw","Git::Raw::Odb::Backend" => "Git-Raw","Git::Raw::Odb::Backend::Loose" => "Git-Raw","Git::Raw::Odb::Backend::OnePack" => "Git-Raw","Git::Raw::Odb::Backend::Pack" => "Git-Raw","Git::Raw::Odb::Object" => "Git-Raw","Git::Raw::Packbuilder" => "Git-Raw","Git::Raw::Patch" => "Git-Raw","Git::Raw::PathSpec" => "Git-Raw","Git::Raw::PathSpec::MatchList" => "Git-Raw","Git::Raw::Rebase" => "Git-Raw","Git::Raw::Rebase::Operation" => "Git-Raw","Git::Raw::RefSpec" => "Git-Raw","Git::Raw::Reference" => "Git-Raw","Git::Raw::Reflog" => "Git-Raw","Git::Raw::Reflog::Entry" => "Git-Raw","Git::Raw::Remote" => "Git-Raw","Git::Raw::Repository" => "Git-Raw","Git::Raw::Signature" => "Git-Raw","Git::Raw::Stash" => "Git-Raw","Git::Raw::Stash::Progress" => "Git-Raw","Git::Raw::Submodule" => "Git-Raw","Git::Raw::Tag" => "Git-Raw","Git::Raw::TransferProgress" => "Git-Raw","Git::Raw::Tree" => "Git-Raw","Git::Raw::Tree::Builder" => "Git-Raw","Git::Raw::Tree::Entry" => "Git-Raw","Git::Raw::Walker" => "Git-Raw","Git::Raw::Worktree" => "Git-Raw","Git::XS" => "Git-XS","GitLab::API::v4" => "GitLab-API-v4","GitLab::API::v4::Config" => "GitLab-API-v4","GitLab::API::v4::Constants" => "GitLab-API-v4","GitLab::API::v4::Mock" => "GitLab-API-v4","GitLab::API::v4::Mock::Engine" => "GitLab-API-v4","GitLab::API::v4::Mock::RESTClient" => "GitLab-API-v4","GitLab::API::v4::Paginator" => "GitLab-API-v4","GitLab::API::v4::RESTClient" => "GitLab-API-v4","GitLab::API::v4::WWWClient" => "GitLab-API-v4","GitUtils" => "perl","Graphics::ColorNames" => "Graphics-ColorNames","Graphics::ColorNames::X" => "Graphics-ColorNames","Guess::Controllers" => "Squatting","HTML::EP" => "HTML-EP","HTML::EP::CGIEncryptForm" => "HTML-EP","HTML::EP::EditTable" => "HTML-EP","HTML::EP::Examples::Admin" => "HTML-EP","HTML::EP::Examples::Glimpse" => "HTML-EP","HTML::EP::Examples::POP3Client" => "HTML-EP","HTML::EP::Install" => "HTML-EP","HTML::EP::Locale" => "HTML-EP","HTML::EP::Parser" => "HTML-EP","HTML::EP::Session" => "HTML-EP","HTML::EP::Session::Cookie" => "HTML-EP","HTML::EP::Session::DBI" => "HTML-EP","HTML::EP::Session::DBIq" => "HTML-EP","HTML::EP::Session::Dumper" => "HTML-EP","HTML::EP::Shop" => "HTML-EP","HTML::EP::Tokens" => "HTML-EP","HTML::Editor" => "MySQL-Admin","HTML::Editor::Markdown" => "MySQL-Admin","HTML::Entities" => "HTML-Parser","HTML::Filter" => "HTML-Parser","HTML::HeadParser" => "HTML-Parser","HTML::LinkExtor" => "HTML-Parser","HTML::Menu::Pages" => "MySQL-Admin","HTML::Parser" => "HTML-Parser","HTML::Perlinfo" => "HTML-Perlinfo","HTML::Perlinfo::Apache" => "HTML-Perlinfo","HTML::Perlinfo::Base" => "HTML-Perlinfo","HTML::Perlinfo::Common" => "HTML-Perlinfo","HTML::Perlinfo::General" => "HTML-Perlinfo","HTML::Perlinfo::Loaded" => "HTML-Perlinfo","HTML::Perlinfo::Modules" => "HTML-Perlinfo","HTML::Perlinfo::_version" => "HTML-Perlinfo","HTML::PullParser" => "HTML-Parser","HTML::Scrubber" => "HTML-Scrubber","HTML::StripScripts" => "HTML-StripScripts","HTML::Template::Pro" => "HTML-Template-Pro","HTML::Template::Pro::WrapAssociate" => "HTML-Template-Pro","HTML::TokeParser" => "HTML-Parser","HTTP::Body" => "HTTP-Body","HTTP::Body::MultiPart" => "HTTP-Body","HTTP::Body::OctetStream" => "HTTP-Body","HTTP::Body::UrlEncoded" => "HTTP-Body","HTTP::Body::XForms" => "HTTP-Body","HTTP::Body::XFormsMultipart" => "HTTP-Body","HTTP::Daemon" => "HTTP-Daemon","HTTP::Daemon::ClientConn" => "HTTP-Daemon","HTTP::Message::PSGI" => "Plack","HTTP::Server::PSGI" => "Plack","HTTP::Session2" => "HTTP-Session2","HTTP::Session2::Base" => "HTTP-Session2","HTTP::Session2::ClientStore" => "HTTP-Session2","HTTP::Session2::ClientStore2" => "HTTP-Session2","HTTP::Session2::Expired" => "HTTP-Session2","HTTP::Session2::Random" => "HTTP-Session2","HTTP::Session2::ServerStore" => "HTTP-Session2","HTTP::Tiny" => "HTTP-Tiny","HTTP::Tiny::NoProxy" => "Dancer","HTTPAuth" => "Squatting","HTTPAuth::Controllers" => "Squatting","HTTPAuth::Views" => "Squatting","Haiku" => "perl","HarfBuzz::Shaper" => "HarfBuzz-Shaper","Hash::Util" => "perl","Hash::Util::FieldHash" => "perl","HeaderParser" => "perl","I18N::LangTags" => "perl","I18N::LangTags::Detect" => "perl","I18N::LangTags::List" => "perl","I18N::Langinfo" => "perl","IO::Compress" => "IO-Compress","IO::Compress::Adapter::Bzip2" => "IO-Compress","IO::Compress::Adapter::Deflate" => "IO-Compress","IO::Compress::Adapter::Identity" => "IO-Compress","IO::Compress::Base" => "IO-Compress","IO::Compress::Base::Common" => "IO-Compress","IO::Compress::Brotli" => "IO-Compress-Brotli","IO::Compress::Bzip2" => "IO-Compress","IO::Compress::Deflate" => "IO-Compress","IO::Compress::Gzip" => "IO-Compress","IO::Compress::Gzip::Constants" => "IO-Compress","IO::Compress::RawDeflate" => "IO-Compress","IO::Compress::Zip" => "IO-Compress","IO::Compress::Zip::Constants" => "IO-Compress","IO::Compress::Zlib::Constants" => "IO-Compress","IO::Compress::Zlib::Extra" => "IO-Compress","IO::Socket::SSL" => "IO-Socket-SSL","IO::Socket::SSL::Intercept" => "IO-Socket-SSL","IO::Socket::SSL::OCSP_Cache" => "IO-Socket-SSL","IO::Socket::SSL::OCSP_Resolver" => "IO-Socket-SSL","IO::Socket::SSL::PublicSuffix" => "IO-Socket-SSL","IO::Socket::SSL::SSL_Context" => "IO-Socket-SSL","IO::Socket::SSL::SSL_HANDLE" => "IO-Socket-SSL","IO::Socket::SSL::Session_Cache" => "IO-Socket-SSL","IO::Socket::SSL::Trace" => "IO-Socket-SSL","IO::Socket::SSL::Utils" => "IO-Socket-SSL","IO::Uncompress::Adapter::Bunzip2" => "IO-Compress","IO::Uncompress::Adapter::Identity" => "IO-Compress","IO::Uncompress::Adapter::Inflate" => "IO-Compress","IO::Uncompress::AnyInflate" => "IO-Compress","IO::Uncompress::AnyUncompress" => "IO-Compress","IO::Uncompress::Base" => "IO-Compress","IO::Uncompress::Brotli" => "IO-Compress-Brotli","IO::Uncompress::Bunzip2" => "IO-Compress","IO::Uncompress::Gunzip" => "IO-Compress","IO::Uncompress::Inflate" => "IO-Compress","IO::Uncompress::RawInflate" => "IO-Compress","IO::Uncompress::Unzip" => "IO-Compress","IPC::Cmd" => "IPC-Cmd","IPC::Cmd::System" => "IPC-Cmd","IPC::Open2" => "perl","IPC::Open3" => "perl","IPC::Run" => "IPC-Run","IPC::Run::Debug" => "IPC-Run","IPC::Run::IO" => "IPC-Run","IPC::Run::Timer" => "IPC-Run","IPC::Run::Win32Helper" => "IPC-Run","IPC::Run::Win32IO" => "IPC-Run","IPC::Run::Win32Process" => "IPC-Run","IPC::Run::Win32Pump" => "IPC-Run","IPTables::Parse" => "IPTables-Parse","Image::ExifTool" => "Image-ExifTool","Image::ExifTool::7Z" => "Image-ExifTool","Image::ExifTool::AAC" => "Image-ExifTool","Image::ExifTool::AES" => "Image-ExifTool","Image::ExifTool::AFCP" => "Image-ExifTool","Image::ExifTool::AIFF" => "Image-ExifTool","Image::ExifTool::APE" => "Image-ExifTool","Image::ExifTool::APP12" => "Image-ExifTool","Image::ExifTool::ASF" => "Image-ExifTool","Image::ExifTool::Apple" => "Image-ExifTool","Image::ExifTool::Audible" => "Image-ExifTool","Image::ExifTool::BMP" => "Image-ExifTool","Image::ExifTool::BPG" => "Image-ExifTool","Image::ExifTool::BZZ" => "Image-ExifTool","Image::ExifTool::BigTIFF" => "Image-ExifTool","Image::ExifTool::BuildTagLookup" => "Image-ExifTool","Image::ExifTool::CBOR" => "Image-ExifTool","Image::ExifTool::Canon" => "Image-ExifTool","Image::ExifTool::CanonCustom" => "Image-ExifTool","Image::ExifTool::CanonRaw" => "Image-ExifTool","Image::ExifTool::CanonVRD" => "Image-ExifTool","Image::ExifTool::CaptureOne" => "Image-ExifTool","Image::ExifTool::Casio" => "Image-ExifTool","Image::ExifTool::Charset" => "Image-ExifTool","Image::ExifTool::DICOM" => "Image-ExifTool","Image::ExifTool::DJI" => "Image-ExifTool","Image::ExifTool::DNG" => "Image-ExifTool","Image::ExifTool::DPX" => "Image-ExifTool","Image::ExifTool::DSF" => "Image-ExifTool","Image::ExifTool::DV" => "Image-ExifTool","Image::ExifTool::DarwinCore" => "Image-ExifTool","Image::ExifTool::DjVu" => "Image-ExifTool","Image::ExifTool::EXE" => "Image-ExifTool","Image::ExifTool::Exif" => "Image-ExifTool","Image::ExifTool::FITS" => "Image-ExifTool","Image::ExifTool::FLAC" => "Image-ExifTool","Image::ExifTool::FLIF" => "Image-ExifTool","Image::ExifTool::FLIR" => "Image-ExifTool","Image::ExifTool::Fixup" => "Image-ExifTool","Image::ExifTool::Flash" => "Image-ExifTool","Image::ExifTool::FlashPix" => "Image-ExifTool","Image::ExifTool::Font" => "Image-ExifTool","Image::ExifTool::FotoStation" => "Image-ExifTool","Image::ExifTool::FujiFilm" => "Image-ExifTool","Image::ExifTool::GE" => "Image-ExifTool","Image::ExifTool::GIF" => "Image-ExifTool","Image::ExifTool::GIMP" => "Image-ExifTool","Image::ExifTool::GM" => "Image-ExifTool","Image::ExifTool::GPS" => "Image-ExifTool","Image::ExifTool::GeoTiff" => "Image-ExifTool","Image::ExifTool::Geolocation" => "Image-ExifTool","Image::ExifTool::Geotag" => "Image-ExifTool","Image::ExifTool::GoPro" => "Image-ExifTool","Image::ExifTool::Google" => "Image-ExifTool","Image::ExifTool::H264" => "Image-ExifTool","Image::ExifTool::HP" => "Image-ExifTool","Image::ExifTool::HTML" => "Image-ExifTool","Image::ExifTool::HtmlDump" => "Image-ExifTool","Image::ExifTool::ICC_Profile" => "Image-ExifTool","Image::ExifTool::ICO" => "Image-ExifTool","Image::ExifTool::ID3" => "Image-ExifTool","Image::ExifTool::IPTC" => "Image-ExifTool","Image::ExifTool::ISO" => "Image-ExifTool","Image::ExifTool::ITC" => "Image-ExifTool","Image::ExifTool::Import" => "Image-ExifTool","Image::ExifTool::InDesign" => "Image-ExifTool","Image::ExifTool::InfiRay" => "Image-ExifTool","Image::ExifTool::JPEG" => "Image-ExifTool","Image::ExifTool::JPEGDigest" => "Image-ExifTool","Image::ExifTool::JSON" => "Image-ExifTool","Image::ExifTool::JVC" => "Image-ExifTool","Image::ExifTool::Jpeg2000" => "Image-ExifTool","Image::ExifTool::Kandao" => "Image-ExifTool","Image::ExifTool::Kodak" => "Image-ExifTool","Image::ExifTool::KyoceraRaw" => "Image-ExifTool","Image::ExifTool::LIF" => "Image-ExifTool","Image::ExifTool::LNK" => "Image-ExifTool","Image::ExifTool::Lang::cs" => "Image-ExifTool","Image::ExifTool::Lang::de" => "Image-ExifTool","Image::ExifTool::Lang::en_ca" => "Image-ExifTool","Image::ExifTool::Lang::en_gb" => "Image-ExifTool","Image::ExifTool::Lang::es" => "Image-ExifTool","Image::ExifTool::Lang::fi" => "Image-ExifTool","Image::ExifTool::Lang::fr" => "Image-ExifTool","Image::ExifTool::Lang::it" => "Image-ExifTool","Image::ExifTool::Lang::ja" => "Image-ExifTool","Image::ExifTool::Lang::ko" => "Image-ExifTool","Image::ExifTool::Lang::nl" => "Image-ExifTool","Image::ExifTool::Lang::pl" => "Image-ExifTool","Image::ExifTool::Lang::ru" => "Image-ExifTool","Image::ExifTool::Lang::sk" => "Image-ExifTool","Image::ExifTool::Lang::sv" => "Image-ExifTool","Image::ExifTool::Lang::tr" => "Image-ExifTool","Image::ExifTool::Lang::zh_cn" => "Image-ExifTool","Image::ExifTool::Lang::zh_tw" => "Image-ExifTool","Image::ExifTool::Leaf" => "Image-ExifTool","Image::ExifTool::LigoGPS" => "Image-ExifTool","Image::ExifTool::Lytro" => "Image-ExifTool","Image::ExifTool::M2TS" => "Image-ExifTool","Image::ExifTool::MIE" => "Image-ExifTool","Image::ExifTool::MIFF" => "Image-ExifTool","Image::ExifTool::MISB" => "Image-ExifTool","Image::ExifTool::MNG" => "Image-ExifTool","Image::ExifTool::MOI" => "Image-ExifTool","Image::ExifTool::MPC" => "Image-ExifTool","Image::ExifTool::MPEG" => "Image-ExifTool","Image::ExifTool::MPF" => "Image-ExifTool","Image::ExifTool::MRC" => "Image-ExifTool","Image::ExifTool::MWG" => "Image-ExifTool","Image::ExifTool::MXF" => "Image-ExifTool","Image::ExifTool::MacOS" => "Image-ExifTool","Image::ExifTool::MakerNotes" => "Image-ExifTool","Image::ExifTool::Matroska" => "Image-ExifTool","Image::ExifTool::Microsoft" => "Image-ExifTool","Image::ExifTool::Minolta" => "Image-ExifTool","Image::ExifTool::MinoltaRaw" => "Image-ExifTool","Image::ExifTool::Motorola" => "Image-ExifTool","Image::ExifTool::Nikon" => "Image-ExifTool","Image::ExifTool::NikonCapture" => "Image-ExifTool","Image::ExifTool::NikonCustom" => "Image-ExifTool","Image::ExifTool::NikonSettings" => "Image-ExifTool","Image::ExifTool::Nintendo" => "Image-ExifTool","Image::ExifTool::OOXML" => "Image-ExifTool","Image::ExifTool::Ogg" => "Image-ExifTool","Image::ExifTool::Olympus" => "Image-ExifTool","Image::ExifTool::OpenEXR" => "Image-ExifTool","Image::ExifTool::Opus" => "Image-ExifTool","Image::ExifTool::Other" => "Image-ExifTool","Image::ExifTool::PCAP" => "Image-ExifTool","Image::ExifTool::PCX" => "Image-ExifTool","Image::ExifTool::PDF" => "Image-ExifTool","Image::ExifTool::PGF" => "Image-ExifTool","Image::ExifTool::PICT" => "Image-ExifTool","Image::ExifTool::PLIST" => "Image-ExifTool","Image::ExifTool::PLUS" => "Image-ExifTool","Image::ExifTool::PNG" => "Image-ExifTool","Image::ExifTool::PPM" => "Image-ExifTool","Image::ExifTool::PSP" => "Image-ExifTool","Image::ExifTool::Palm" => "Image-ExifTool","Image::ExifTool::Panasonic" => "Image-ExifTool","Image::ExifTool::PanasonicRaw" => "Image-ExifTool","Image::ExifTool::Parrot" => "Image-ExifTool","Image::ExifTool::Pentax" => "Image-ExifTool","Image::ExifTool::PhaseOne" => "Image-ExifTool","Image::ExifTool::PhotoCD" => "Image-ExifTool","Image::ExifTool::PhotoMechanic" => "Image-ExifTool","Image::ExifTool::Photoshop" => "Image-ExifTool","Image::ExifTool::Plot" => "Image-ExifTool","Image::ExifTool::PostScript" => "Image-ExifTool","Image::ExifTool::PrintIM" => "Image-ExifTool","Image::ExifTool::Protobuf" => "Image-ExifTool","Image::ExifTool::Qualcomm" => "Image-ExifTool","Image::ExifTool::QuickTime" => "Image-ExifTool","Image::ExifTool::RIFF" => "Image-ExifTool","Image::ExifTool::RSRC" => "Image-ExifTool","Image::ExifTool::RTF" => "Image-ExifTool","Image::ExifTool::Radiance" => "Image-ExifTool","Image::ExifTool::Rawzor" => "Image-ExifTool","Image::ExifTool::Real" => "Image-ExifTool","Image::ExifTool::Reconyx" => "Image-ExifTool","Image::ExifTool::Red" => "Image-ExifTool","Image::ExifTool::Ricoh" => "Image-ExifTool","Image::ExifTool::Samsung" => "Image-ExifTool","Image::ExifTool::Sanyo" => "Image-ExifTool","Image::ExifTool::Scalado" => "Image-ExifTool","Image::ExifTool::Shortcuts" => "Image-ExifTool","Image::ExifTool::Sigma" => "Image-ExifTool","Image::ExifTool::SigmaRaw" => "Image-ExifTool","Image::ExifTool::Sony" => "Image-ExifTool","Image::ExifTool::SonyIDC" => "Image-ExifTool","Image::ExifTool::Stim" => "Image-ExifTool","Image::ExifTool::TNEF" => "Image-ExifTool","Image::ExifTool::TagInfoXML" => "Image-ExifTool","Image::ExifTool::TagLookup" => "Image-ExifTool","Image::ExifTool::Text" => "Image-ExifTool","Image::ExifTool::Theora" => "Image-ExifTool","Image::ExifTool::Torrent" => "Image-ExifTool","Image::ExifTool::Trailer" => "Image-ExifTool","Image::ExifTool::Unknown" => "Image-ExifTool","Image::ExifTool::VCard" => "Image-ExifTool","Image::ExifTool::Validate" => "Image-ExifTool","Image::ExifTool::Vorbis" => "Image-ExifTool","Image::ExifTool::WPG" => "Image-ExifTool","Image::ExifTool::WTV" => "Image-ExifTool","Image::ExifTool::WavPack" => "Image-ExifTool","Image::ExifTool::XISF" => "Image-ExifTool","Image::ExifTool::XMP" => "Image-ExifTool","Image::ExifTool::ZIP" => "Image-ExifTool","Image::ExifTool::ZISRAW" => "Image-ExifTool","Image::ExifTool::iWork" => "Image-ExifTool","Image::Info" => "Image-Info","Image::Info::AVIF" => "Image-Info","Image::Info::BMP" => "Image-Info","Image::Info::GIF" => "Image-Info","Image::Info::ICO" => "Image-Info","Image::Info::JPEG" => "Image-Info","Image::Info::PNG" => "Image-Info","Image::Info::PPM" => "Image-Info","Image::Info::Result" => "Image-Info","Image::Info::SVG" => "Image-Info","Image::Info::SVG::XMLLibXMLReader" => "Image-Info","Image::Info::SVG::XMLSimple" => "Image-Info","Image::Info::TIFF" => "Image-Info","Image::Info::WBMP" => "Image-Info","Image::Info::WEBP" => "Image-Info","Image::Info::XBM" => "Image-Info","Image::Info::XPM" => "Image-Info","Image::PNG::Simple" => "Image-PNG-Simple","Image::TIFF" => "Image-Info","Image::TIFF::Rational" => "Image-Info","Imager" => "Imager","Imager::Color" => "Imager","Imager::Color::Float" => "Imager","Imager::Color::Table" => "Imager","Imager::CountColor" => "Imager","Imager::Expr" => "Imager","Imager::Expr::Assem" => "Imager","Imager::Expr::Infix" => "Imager","Imager::Expr::Postfix" => "Imager","Imager::ExtUtils" => "Imager","Imager::FORMATS" => "Imager","Imager::File::CUR" => "Imager","Imager::File::ICO" => "Imager","Imager::File::SGI" => "Imager","Imager::Fill" => "Imager","Imager::Filter::DynTest" => "Imager","Imager::Filter::Flines" => "Imager","Imager::Filter::Mandelbrot" => "Imager","Imager::Font" => "Imager","Imager::Font::BBox" => "Imager","Imager::Font::FreeType2" => "Imager","Imager::Font::Image" => "Imager","Imager::Font::Test" => "Imager","Imager::Font::Truetype" => "Imager","Imager::Font::Type1" => "Imager","Imager::Font::Wrap" => "Imager","Imager::Fountain" => "Imager","Imager::IO" => "Imager","Imager::Matrix2d" => "Imager","Imager::Preprocess" => "Imager","Imager::Probe" => "Imager","Imager::Regops" => "Imager","Imager::Test" => "Imager","Imager::Test::OverUtf8" => "Imager","Imager::Transform" => "Imager","Imager::TrimColorList" => "Imager","Inline::Pugs" => "Perl6-Pugs","JNI" => "perl","JPL::AutoLoader" => "perl","JPL::Class" => "perl","JPL::Compile" => "perl","JS::jQuery" => "JS-jQuery","JSON::SIMD" => "JSON-SIMD","JSON::Syck" => "YAML-Syck","JSON::XS" => "JSON-XS","JavaScript::Duktape" => "JavaScript-Duktape","JavaScript::Duktape::Bool" => "JavaScript-Duktape","JavaScript::Duktape::Buffer" => "JavaScript-Duktape","JavaScript::Duktape::Data" => "JavaScript-Duktape","JavaScript::Duktape::Function" => "JavaScript-Duktape","JavaScript::Duktape::NULL" => "JavaScript-Duktape","JavaScript::Duktape::Object" => "JavaScript-Duktape","JavaScript::Duktape::Util" => "JavaScript-Duktape","JavaScript::Duktape::Vm" => "JavaScript-Duktape","JavaScript::Duktape::XS" => "JavaScript-Duktape-XS","Jifty" => "Jifty","Jifty::API" => "Jifty","Jifty::Action" => "Jifty","Jifty::Action::AboutMe" => "Jifty","Jifty::Action::Autocomplete" => "Jifty","Jifty::Action::Record" => "Jifty","Jifty::Action::Record::Bulk" => "Jifty","Jifty::Action::Record::Create" => "Jifty","Jifty::Action::Record::Delete" => "Jifty","Jifty::Action::Record::Execute" => "Jifty","Jifty::Action::Record::Search" => "Jifty","Jifty::Action::Record::Update" => "Jifty","Jifty::Action::Redirect" => "Jifty","Jifty::Bootstrap" => "Jifty","Jifty::CAS" => "Jifty","Jifty::CAS::Blob" => "Jifty","Jifty::CAS::Store" => "Jifty","Jifty::CAS::Store::LocalFile" => "Jifty","Jifty::CAS::Store::Memcached" => "Jifty","Jifty::CAS::Store::Memory" => "Jifty","Jifty::CAS::Store::Nested" => "Jifty","Jifty::ClassLoader" => "Jifty","Jifty::Client" => "Jifty","Jifty::Collection" => "Jifty","Jifty::Config" => "Jifty","Jifty::Continuation" => "Jifty","Jifty::CurrentUser" => "Jifty","Jifty::DBI" => "Jifty-DBI","Jifty::DBI::Collection" => "Jifty-DBI","Jifty::DBI::Collection::Union" => "Jifty-DBI","Jifty::DBI::Collection::Unique" => "Jifty-DBI","Jifty::DBI::Column" => "Jifty-DBI","Jifty::DBI::Filter" => "Jifty-DBI","Jifty::DBI::Filter::Boolean" => "Jifty-DBI","Jifty::DBI::Filter::Date" => "Jifty-DBI","Jifty::DBI::Filter::DateTime" => "Jifty-DBI","Jifty::DBI::Filter::Duration" => "Jifty-DBI","Jifty::DBI::Filter::SaltHash" => "Jifty-DBI","Jifty::DBI::Filter::Storable" => "Jifty-DBI","Jifty::DBI::Filter::Time" => "Jifty-DBI","Jifty::DBI::Filter::Truncate" => "Jifty-DBI","Jifty::DBI::Filter::URI" => "Jifty-DBI","Jifty::DBI::Filter::YAML" => "Jifty-DBI","Jifty::DBI::Filter::base64" => "Jifty-DBI","Jifty::DBI::Filter::utf8" => "Jifty-DBI","Jifty::DBI::Handle" => "Jifty-DBI","Jifty::DBI::Handle::Informix" => "Jifty-DBI","Jifty::DBI::Handle::ODBC" => "Jifty-DBI","Jifty::DBI::Handle::Oracle" => "Jifty-DBI","Jifty::DBI::Handle::Pg" => "Jifty-DBI","Jifty::DBI::Handle::SQLite" => "Jifty-DBI","Jifty::DBI::Handle::Sybase" => "Jifty-DBI","Jifty::DBI::Handle::mysql" => "Jifty-DBI","Jifty::DBI::Handle::mysqlPP" => "Jifty-DBI","Jifty::DBI::HasFilters" => "Jifty-DBI","Jifty::DBI::Record" => "Jifty-DBI","Jifty::DBI::Record::Cachable" => "Jifty-DBI","Jifty::DBI::Record::Memcached" => "Jifty-DBI","Jifty::DBI::Record::Plugin" => "Jifty-DBI","Jifty::DBI::Schema" => "Jifty-DBI","Jifty::DBI::SchemaGenerator" => "Jifty-DBI","Jifty::DateTime" => "Jifty","Jifty::Dispatcher" => "Jifty","Jifty::Everything" => "Jifty","Jifty::Filter::DateTime" => "Jifty","Jifty::Filter::JSON" => "Jifty","Jifty::Handle" => "Jifty","Jifty::Handler" => "Jifty","Jifty::I18N" => "Jifty","Jifty::I18N::en" => "Jifty","Jifty::JSON" => "Jifty","Jifty::LetMe" => "Jifty","Jifty::Logger" => "Jifty","Jifty::Model::Metadata" => "Jifty","Jifty::Model::Session" => "Jifty","Jifty::Model::SessionCollection" => "Jifty","Jifty::Module::Pluggable" => "Jifty","Jifty::Notification" => "Jifty","Jifty::Object" => "Jifty","Jifty::Param" => "Jifty","Jifty::Param::Schema" => "Jifty","Jifty::Plugin" => "Jifty","Jifty::Plugin::ActorMetadata" => "Jifty","Jifty::Plugin::ActorMetadata::Mixin::Model::ActorMetadata" => "Jifty","Jifty::Plugin::AdminUI" => "Jifty","Jifty::Plugin::AdminUI::Dispatcher" => "Jifty","Jifty::Plugin::AdminUI::View" => "Jifty","Jifty::Plugin::Authentication::Password" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ConfirmEmail" => "Jifty","Jifty::Plugin::Authentication::Password::Action::GeneratePasswordToken" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Login" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Logout" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ResendConfirmation" => "Jifty","Jifty::Plugin::Authentication::Password::Action::ResetLostPassword" => "Jifty","Jifty::Plugin::Authentication::Password::Action::SendAccountConfirmation" => "Jifty","Jifty::Plugin::Authentication::Password::Action::SendPasswordReminder" => "Jifty","Jifty::Plugin::Authentication::Password::Action::Signup" => "Jifty","Jifty::Plugin::Authentication::Password::Dispatcher" => "Jifty","Jifty::Plugin::Authentication::Password::Mixin::Model::User" => "Jifty","Jifty::Plugin::Authentication::Password::Notification::ConfirmEmail" => "Jifty","Jifty::Plugin::Authentication::Password::Notification::ConfirmLostPassword" => "Jifty","Jifty::Plugin::Authentication::Password::View" => "Jifty","Jifty::Plugin::CSSQuery" => "Jifty","Jifty::Plugin::ClassLoader" => "Jifty","Jifty::Plugin::Compat" => "Jifty","Jifty::Plugin::Compat::Apache" => "Jifty","Jifty::Plugin::Compat::CGI" => "Jifty","Jifty::Plugin::CompressedCSSandJS" => "Jifty","Jifty::Plugin::CompressedCSSandJS::Dispatcher" => "Jifty","Jifty::Plugin::Config" => "Jifty","Jifty::Plugin::Config::Action::AddConfig" => "Jifty","Jifty::Plugin::Config::Action::Config" => "Jifty","Jifty::Plugin::Config::Action::Restart" => "Jifty","Jifty::Plugin::Config::Dispatcher" => "Jifty","Jifty::Plugin::Config::View" => "Jifty","Jifty::Plugin::Deflater" => "Jifty","Jifty::Plugin::ErrorTemplates" => "Jifty","Jifty::Plugin::ErrorTemplates::View" => "Jifty","Jifty::Plugin::Halo" => "Jifty","Jifty::Plugin::Halo::Mason" => "Jifty","Jifty::Plugin::I18N" => "Jifty","Jifty::Plugin::I18N::Action::SetLang" => "Jifty","Jifty::Plugin::IEFixes" => "Jifty","Jifty::Plugin::LetMe" => "Jifty","Jifty::Plugin::LetMe::Dispatcher" => "Jifty","Jifty::Plugin::OnlineDocs" => "Jifty","Jifty::Plugin::OnlineDocs::Dispatcher" => "Jifty","Jifty::Plugin::Prototypism" => "Jifty","Jifty::Plugin::PubSub" => "Jifty","Jifty::Plugin::PubSub::Bus" => "Jifty","Jifty::Plugin::PubSub::Connection" => "Jifty","Jifty::Plugin::PubSub::Subscriptions" => "Jifty","Jifty::Plugin::REST" => "Jifty","Jifty::Plugin::REST::Dispatcher" => "Jifty","Jifty::Plugin::RPC" => "Jifty","Jifty::Plugin::RequestInspector" => "Jifty","Jifty::Plugin::RequestInspector::Model::Request" => "Jifty","Jifty::Plugin::RequestInspector::View" => "Jifty","Jifty::Plugin::SQLQueries" => "Jifty","Jifty::Plugin::SQLQueries::View" => "Jifty","Jifty::Plugin::SetupWizard" => "Jifty","Jifty::Plugin::SetupWizard::Action::TestDatabaseConnectivity" => "Jifty","Jifty::Plugin::SetupWizard::View" => "Jifty","Jifty::Plugin::SinglePage" => "Jifty","Jifty::Plugin::SinglePage::Dispatcher" => "Jifty","Jifty::Plugin::SkeletonApp" => "Jifty","Jifty::Plugin::SkeletonApp::Dispatcher" => "Jifty","Jifty::Plugin::SkeletonApp::View" => "Jifty","Jifty::Plugin::TestServerWarnings" => "Jifty","Jifty::Plugin::TestServerWarnings::Appender" => "Jifty","Jifty::Plugin::TestServerWarnings::View" => "Jifty","Jifty::Plugin::User" => "Jifty","Jifty::Plugin::User::Mixin::Model::User" => "Jifty","Jifty::Plugin::ViewDeclarePage" => "Jifty","Jifty::Plugin::ViewDeclarePage::Page" => "Jifty","Jifty::Record" => "Jifty","Jifty::Request" => "Jifty","Jifty::Request::Action" => "Jifty","Jifty::Request::Fragment" => "Jifty","Jifty::Request::Mapper" => "Jifty","Jifty::Request::StateVariable" => "Jifty","Jifty::Response" => "Jifty","Jifty::Result" => "Jifty","Jifty::RightsFrom" => "Jifty","Jifty::Schema" => "Jifty","Jifty::Script" => "Jifty","Jifty::Script::Action" => "Jifty","Jifty::Script::Adopt" => "Jifty","Jifty::Script::App" => "Jifty","Jifty::Script::Env" => "Jifty","Jifty::Script::FastCGI" => "Jifty","Jifty::Script::Help" => "Jifty","Jifty::Script::ModPerl2" => "Jifty","Jifty::Script::Model" => "Jifty","Jifty::Script::Plugin" => "Jifty","Jifty::Script::Po" => "Jifty","Jifty::Script::Schema" => "Jifty","Jifty::Script::Script" => "Jifty","Jifty::Script::Server" => "Jifty","Jifty::Script::WriteCCJS" => "Jifty","Jifty::Server" => "Jifty","Jifty::Server::Fork" => "Jifty","Jifty::Server::Fork::NetServer" => "Jifty","Jifty::Server::Prefork" => "Jifty","Jifty::Server::Prefork::NetServer" => "Jifty","Jifty::Test" => "Jifty","Jifty::Test::Dist" => "Jifty","Jifty::Test::Email" => "Jifty","Jifty::Test::WWW::Declare" => "Jifty","Jifty::Test::WWW::Mechanize" => "Jifty","Jifty::Test::WWW::Selenium" => "Jifty","Jifty::Test::WWW::WebDriver" => "Jifty","Jifty::TestServer" => "Jifty","Jifty::TestServer::Apache" => "Jifty","Jifty::TestServer::Inline" => "Jifty","Jifty::Upgrade" => "Jifty","Jifty::Upgrade::Internal" => "Jifty","Jifty::Util" => "Jifty","Jifty::View" => "Jifty","Jifty::View::Declare" => "Jifty","Jifty::View::Declare::BaseClass" => "Jifty","Jifty::View::Declare::CRUD" => "Jifty","Jifty::View::Declare::CoreTemplates" => "Jifty","Jifty::View::Declare::Handler" => "Jifty","Jifty::View::Declare::Helpers" => "Jifty","Jifty::View::Declare::Page" => "Jifty","Jifty::View::Mason::Halo" => "Jifty","Jifty::View::Mason::Handler" => "Jifty","Jifty::View::Mason::Request" => "Jifty","Jifty::View::Static::Handler" => "Jifty","Jifty::Web" => "Jifty","Jifty::Web::FileUpload" => "Jifty","Jifty::Web::Form" => "Jifty","Jifty::Web::Form::Clickable" => "Jifty","Jifty::Web::Form::Element" => "Jifty","Jifty::Web::Form::Field" => "Jifty","Jifty::Web::Form::Field::Button" => "Jifty","Jifty::Web::Form::Field::Checkbox" => "Jifty","Jifty::Web::Form::Field::Checkboxes" => "Jifty","Jifty::Web::Form::Field::Collection" => "Jifty","Jifty::Web::Form::Field::Combobox" => "Jifty","Jifty::Web::Form::Field::Date" => "Jifty","Jifty::Web::Form::Field::DateTime" => "Jifty","Jifty::Web::Form::Field::Hidden" => "Jifty","Jifty::Web::Form::Field::InlineButton" => "Jifty","Jifty::Web::Form::Field::OrderedList" => "Jifty","Jifty::Web::Form::Field::Password" => "Jifty","Jifty::Web::Form::Field::Radio" => "Jifty","Jifty::Web::Form::Field::ResetButton" => "Jifty","Jifty::Web::Form::Field::Select" => "Jifty","Jifty::Web::Form::Field::Text" => "Jifty","Jifty::Web::Form::Field::Textarea" => "Jifty","Jifty::Web::Form::Field::Time" => "Jifty","Jifty::Web::Form::Field::Unrendered" => "Jifty","Jifty::Web::Form::Field::Upload" => "Jifty","Jifty::Web::Form::Field::Uploads" => "Jifty","Jifty::Web::Form::Link" => "Jifty","Jifty::Web::Menu" => "Jifty","Jifty::Web::PageRegion" => "Jifty","Jifty::Web::Session" => "Jifty","Jifty::Web::Session::ApacheSession" => "Jifty","Jifty::Web::Session::ClientSide" => "Jifty","Jifty::Web::Session::JDBI" => "Jifty","Jifty::Web::Session::None" => "Jifty","Jifty::YAML" => "Jifty","Kelp" => "Kelp","Kelp::Base" => "Kelp","Kelp::Context" => "Kelp","Kelp::Exception" => "Kelp","Kelp::Generator" => "Kelp","Kelp::Less" => "Kelp","Kelp::Middleware" => "Kelp","Kelp::Module" => "Kelp","Kelp::Module::Config" => "Kelp","Kelp::Module::Config::Less" => "Kelp","Kelp::Module::Config::Null" => "Kelp","Kelp::Module::Config::Sandbox" => "Kelp","Kelp::Module::Encoder" => "Kelp","Kelp::Module::JSON" => "Kelp","Kelp::Module::Logger" => "Kelp","Kelp::Module::Logger::Simple" => "Kelp","Kelp::Module::Null" => "Kelp","Kelp::Module::Routes" => "Kelp","Kelp::Module::Template" => "Kelp","Kelp::Module::Template::Null" => "Kelp","Kelp::Request" => "Kelp","Kelp::Response" => "Kelp","Kelp::Routes" => "Kelp","Kelp::Routes::Controller" => "Kelp","Kelp::Routes::Location" => "Kelp","Kelp::Routes::Pattern" => "Kelp","Kelp::Template" => "Kelp","Kelp::Test" => "Kelp","Kelp::Test::CookieJar" => "Kelp","Kelp::Util" => "Kelp","Kossy" => "Kossy","Kossy::Assets" => "Kossy","Kossy::BodyParser" => "Kossy","Kossy::BodyParser::JSON" => "Kossy","Kossy::BodyParser::MultiPart" => "Kossy","Kossy::BodyParser::OctetStream" => "Kossy","Kossy::BodyParser::UrlEncoded" => "Kossy","Kossy::Connection" => "Kossy","Kossy::Exception" => "Kossy","Kossy::Request" => "Kossy","Kossy::Response" => "Kossy","Kwid::AST" => "Perl6-Pugs","Kwid::Base" => "Perl6-Pugs","Kwid::HTML" => "Perl6-Pugs","Kwid::Loader" => "Perl6-Pugs","Kwid::Parser" => "Perl6-Pugs","LRUCache" => "GBrowse","LWP" => "libwww-perl","LWP::Authen::Basic" => "libwww-perl","LWP::Authen::Digest" => "libwww-perl","LWP::Authen::Ntlm" => "libwww-perl","LWP::ConnCache" => "libwww-perl","LWP::Debug" => "libwww-perl","LWP::Debug::TraceHTTP" => "libwww-perl","LWP::DebugFile" => "libwww-perl","LWP::MemberMixin" => "libwww-perl","LWP::Protocol" => "libwww-perl","LWP::Protocol::Net::Curl" => "LWP-Protocol-Net-Curl","LWP::Protocol::cpan" => "libwww-perl","LWP::Protocol::data" => "libwww-perl","LWP::Protocol::file" => "libwww-perl","LWP::Protocol::ftp" => "libwww-perl","LWP::Protocol::gopher" => "libwww-perl","LWP::Protocol::http" => "libwww-perl","LWP::Protocol::https" => "LWP-Protocol-https","LWP::Protocol::https::Socket" => "LWP-Protocol-https","LWP::Protocol::ldap" => "perl-ldap","LWP::Protocol::ldapi" => "perl-ldap","LWP::Protocol::ldaps" => "perl-ldap","LWP::Protocol::loopback" => "libwww-perl","LWP::Protocol::mailto" => "libwww-perl","LWP::Protocol::nntp" => "libwww-perl","LWP::Protocol::nogo" => "libwww-perl","LWP::RobotUA" => "libwww-perl","LWP::Simple" => "libwww-perl","LWP::UserAgent" => "libwww-perl","LWP::UserAgent::AtomClient" => "XML-Atom","Legacy::DB::SyntenyBlock" => "GBrowse","Legacy::DB::SyntenyIO" => "GBrowse","Legacy::Graphics::Browser" => "GBrowse","Legacy::Graphics::Browser::I18n" => "GBrowse","Legacy::Graphics::Browser::PageSettings" => "GBrowse","Legacy::Graphics::Browser::Synteny" => "GBrowse","Legacy::Graphics::Browser::Util" => "GBrowse","Legacy::Graphics::BrowserConfig" => "GBrowse","Lemonldap::NG::Common" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Generate::SHA256" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Lock" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::SOAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Serialize::JSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Apache::Session::Store" => "Lemonldap-NG-Common","Lemonldap::NG::Common::AuditLogger::UserLoggerCompat" => "Lemonldap-NG-Common","Lemonldap::NG::Common::AuditLogger::UserLoggerJSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Cli" => "Lemonldap-NG-Common","Lemonldap::NG::Common::CliSessions" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Combination::Parser" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::AccessLib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::CDBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::File" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::JSONFile" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::LDAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Local" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::MongoDB" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Overlay" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::Patroni" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::RDBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::SOAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::YAMLFile" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Backends::_DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Compact" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::DefaultValues" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::RESTServer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::ReConstants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::SAML::Metadata" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Serializer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Conf::Wrapper" => "Lemonldap-NG-Common","Lemonldap::NG::Common::CrowdSec" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Crypto" => "Lemonldap-NG-Common","Lemonldap::NG::Common::EmailAddress" => "Lemonldap-NG-Common","Lemonldap::NG::Common::EmailTransport" => "Lemonldap-NG-Common","Lemonldap::NG::Common::FormEncode" => "Lemonldap-NG-Common","Lemonldap::NG::Common::IPv6" => "Lemonldap-NG-Common","Lemonldap::NG::Common::JWT" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Languages" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Lib::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Apache2" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Dispatch" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Log4perl" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Loki" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::MessageBroker" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Null" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Sentry" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Std" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::Syslog" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Logger::_Duplicate" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::MQTT" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::NoBroker" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Pg" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Redis" => "Lemonldap-NG-Common","Lemonldap::NG::Common::MessageBroker::Web" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Module" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::DBI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::File" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::JSON" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::LDAP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Notifications::XML" => "Lemonldap-NG-Common","Lemonldap::NG::Common::OpenIDConnect::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::OpenIDConnect::Metadata" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Cli::Lib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Constants" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Request" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::Router" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::SOAPServer" => "Lemonldap-NG-Common","Lemonldap::NG::Common::PSGI::SOAPService" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Regexp" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Safelib" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session::Purge" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Session::REST" => "Lemonldap-NG-Common","Lemonldap::NG::Common::TOTP" => "Lemonldap-NG-Common","Lemonldap::NG::Common::UserAgent" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Util" => "Lemonldap-NG-Common","Lemonldap::NG::Common::Util::Crypto" => "Lemonldap-NG-Common","Lemonldap::NG::DBI::Failed" => "Lemonldap-NG-Common","Lemonldap::NG::Handler" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::FCGIClient" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Menu" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::Request" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::ApacheMP2::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::PSGI" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::Status" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::StatusConstants" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Lib::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Init" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::MsgActions" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Reload" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::Run" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Main::SharedVariables" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Router" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::PSGI::Try" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::AuthBasic" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::CDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOps" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOpsCDA" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::DevOpsST" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Fail" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Main" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Nginx" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::OAuth2" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::SecureToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::ServiceToken" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::Traefik" => "Lemonldap-NG-Handler","Lemonldap::NG::Handler::Server::ZimbraPreAuth" => "Lemonldap-NG-Handler","Lemonldap::NG::Manager" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::2ndFA" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::2F" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Common" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::History" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Menu::App" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Menu::Cat" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Misc" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::CasApp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::OidcRp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Api::Providers::SamlSp" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Attributes" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::Attributes" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::CTrees" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::OpenApi" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::PortalConstants" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Build::Tree" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli::Lib" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Cli::Request" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Diff" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Parser" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Tests" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Conf::Zero" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Notifications" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Plugin" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Sessions" => "Lemonldap-NG-Manager","Lemonldap::NG::Manager::Viewer" => "Lemonldap-NG-Manager","Lemonldap::NG::Portal" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Engines::Default" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Ext2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Mail2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Okta" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Password" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Generic" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Password" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::TOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Register::Yubikey" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::TOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::UTOTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::2F::Yubikey" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Apache" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Facebook" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::GPG" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::GitHub" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Kerberos" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::LinkedIn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::PAM" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Proxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::SSL" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::Twitter" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::WebID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::_Ajax" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Auth::_WebForm" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CDC" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::ReCaptcha" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::ReCaptcha3" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Captcha::SecurityImage" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::CertificateResetByMail::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::Get" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::JitsiMeetTokens" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Issuer::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::2fDevices" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Captcha" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Code2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Combination::UserLogger" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CrowdSec" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CrowdSecFilter" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::CustomModule" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Key" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::LazyLoadedConfiguration" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Net::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Notifications::JSON" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Notifications::XML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OIDCTokenExchange" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Okta" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OneTimeToken" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenID::SREG" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenID::Server" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OtherSessions" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::OverConf" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::RESTProxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Radius" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SMTP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::SOAPProxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::U2F" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::WebAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::Wrapper" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Lib::_tokenRule" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Auth" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Constants" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Display" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Init" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Issuer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Menu" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Plugin" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Plugins" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Process" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Request" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::Run" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::SecondFactor" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Main::UserDB" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::MenuTab" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Password::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AdaptativeAuthenticationLevel" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AdminLogout" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AuthOidcPkce" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::AutoSignin" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::BasePasswordPolicy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::BruteForceProtection" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CDA" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CertificateResetByMail" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckDevOps" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckEntropy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckHIBP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckState" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CheckUser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::ContextSwitching" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CrowdSec" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::CrowdSecAgent" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::DecryptValue" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::FindUser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::ForceAuthn" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::GlobalLogout" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::GrantSession" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::History" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Impersonation" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::InitializePasswordReset" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::LocationDetect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::MailPasswordReset" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::NewLocationWarning" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Notifications" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OIDCInternalTokenExchange" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OIDCNativeSso" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::OidcOfflineTokens" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::PublicNotifications" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::PublicPages" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::RESTServer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Refresh" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Register" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::RememberAuthChoice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SOAPServer" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SamlFederation" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::SingleSession" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Status" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::StayConnected" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::TrustedBrowser" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::Upgrade" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Plugins::WebCron" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Base" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::Register::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::AD" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::CAS" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Choice" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Combination" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Custom" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::DBI" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Demo" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Facebook" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::LDAP" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Null" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::OpenID" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::OpenIDConnect" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Proxy" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::REST" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Remote" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::SAML" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::Slave" => "Lemonldap-NG-Portal","Lemonldap::NG::Portal::UserDB::WebID" => "Lemonldap-NG-Portal","Lemonldap::NG::SSOaaS::Apache::Client" => "Lemonldap-NG-Handler","Linux::Statm::Tiny" => "Linux-Statm-Tiny","Linux::Statm::Tiny::Mite" => "Linux-Statm-Tiny","Locale::Maketext" => "Locale-Maketext","Locale::Maketext::Guts" => "Locale-Maketext","Locale::Maketext::GutsLoader" => "Locale-Maketext","Log::Any" => "Log-Any","Log::Any::Adapter" => "Log-Any","Log::Any::Adapter::Base" => "Log-Any","Log::Any::Adapter::Capture" => "Log-Any","Log::Any::Adapter::Core" => "Log-Any","Log::Any::Adapter::File" => "Log-Any","Log::Any::Adapter::Multiplex" => "Log-Any","Log::Any::Adapter::Null" => "Log-Any","Log::Any::Adapter::Stderr" => "Log-Any","Log::Any::Adapter::Stdout" => "Log-Any","Log::Any::Adapter::Syslog" => "Log-Any","Log::Any::Adapter::Test" => "Log-Any","Log::Any::Adapter::Util" => "Log-Any","Log::Any::Manager" => "Log-Any","Log::Any::Proxy" => "Log-Any","Log::Any::Proxy::Null" => "Log-Any","Log::Any::Proxy::Test" => "Log-Any","Log::Any::Proxy::WithStackTrace" => "Log-Any","Log::Any::Test" => "Log-Any","MARC::File::XML" => "MARC-File-XML","MDK::Common" => "MDK-Common","MDK::Common::DataStructure" => "MDK-Common","MDK::Common::File" => "MDK-Common","MDK::Common::Func" => "MDK-Common","MDK::Common::Math" => "MDK-Common","MDK::Common::String" => "MDK-Common","MDK::Common::System" => "MDK-Common","MDK::Common::Various" => "MDK-Common","MHonArc::Char" => "MHonArc","MHonArc::Char::JP" => "MHonArc","MHonArc::Char::KR" => "MHonArc","MHonArc::CharEnt" => "MHonArc","MHonArc::CharEnt::AppleArabic" => "MHonArc","MHonArc::CharEnt::AppleCenteuro" => "MHonArc","MHonArc::CharEnt::AppleCroatian" => "MHonArc","MHonArc::CharEnt::AppleCyrillic" => "MHonArc","MHonArc::CharEnt::AppleGreek" => "MHonArc","MHonArc::CharEnt::AppleHebrew" => "MHonArc","MHonArc::CharEnt::AppleIceland" => "MHonArc","MHonArc::CharEnt::AppleRoman" => "MHonArc","MHonArc::CharEnt::AppleRomanian" => "MHonArc","MHonArc::CharEnt::AppleThai" => "MHonArc","MHonArc::CharEnt::AppleTurkish" => "MHonArc","MHonArc::CharEnt::BIG5_ETEN" => "MHonArc","MHonArc::CharEnt::BIG5_HKSCS" => "MHonArc","MHonArc::CharEnt::CP1250" => "MHonArc","MHonArc::CharEnt::CP1251" => "MHonArc","MHonArc::CharEnt::CP1252" => "MHonArc","MHonArc::CharEnt::CP1253" => "MHonArc","MHonArc::CharEnt::CP1254" => "MHonArc","MHonArc::CharEnt::CP1255" => "MHonArc","MHonArc::CharEnt::CP1256" => "MHonArc","MHonArc::CharEnt::CP1257" => "MHonArc","MHonArc::CharEnt::CP1258" => "MHonArc","MHonArc::CharEnt::CP866" => "MHonArc","MHonArc::CharEnt::CP932" => "MHonArc","MHonArc::CharEnt::CP936" => "MHonArc","MHonArc::CharEnt::CP949" => "MHonArc","MHonArc::CharEnt::CP950" => "MHonArc","MHonArc::CharEnt::EUC_JP" => "MHonArc","MHonArc::CharEnt::GB2312" => "MHonArc","MHonArc::CharEnt::GOST19768_87" => "MHonArc","MHonArc::CharEnt::HP_ROMAN8" => "MHonArc","MHonArc::CharEnt::ISO8859_1" => "MHonArc","MHonArc::CharEnt::ISO8859_10" => "MHonArc","MHonArc::CharEnt::ISO8859_11" => "MHonArc","MHonArc::CharEnt::ISO8859_13" => "MHonArc","MHonArc::CharEnt::ISO8859_14" => "MHonArc","MHonArc::CharEnt::ISO8859_15" => "MHonArc","MHonArc::CharEnt::ISO8859_16" => "MHonArc","MHonArc::CharEnt::ISO8859_2" => "MHonArc","MHonArc::CharEnt::ISO8859_3" => "MHonArc","MHonArc::CharEnt::ISO8859_4" => "MHonArc","MHonArc::CharEnt::ISO8859_5" => "MHonArc","MHonArc::CharEnt::ISO8859_6" => "MHonArc","MHonArc::CharEnt::ISO8859_7" => "MHonArc","MHonArc::CharEnt::ISO8859_8" => "MHonArc","MHonArc::CharEnt::ISO8859_9" => "MHonArc","MHonArc::CharEnt::KOI8_A" => "MHonArc","MHonArc::CharEnt::KOI8_B" => "MHonArc","MHonArc::CharEnt::KOI8_E" => "MHonArc","MHonArc::CharEnt::KOI8_F" => "MHonArc","MHonArc::CharEnt::KOI8_R" => "MHonArc","MHonArc::CharEnt::KOI8_U" => "MHonArc","MHonArc::CharEnt::KOI_0" => "MHonArc","MHonArc::CharEnt::KOI_7" => "MHonArc","MHonArc::CharEnt::VISCII" => "MHonArc","MHonArc::CharMaps" => "MHonArc","MHonArc::Encode" => "MHonArc","MHonArc::RFC822" => "MHonArc","MHonArc::UTF8" => "MHonArc","MHonArc::UTF8::AppleArabic" => "MHonArc","MHonArc::UTF8::AppleCenteuro" => "MHonArc","MHonArc::UTF8::AppleCroatian" => "MHonArc","MHonArc::UTF8::AppleCyrillic" => "MHonArc","MHonArc::UTF8::AppleGreek" => "MHonArc","MHonArc::UTF8::AppleHebrew" => "MHonArc","MHonArc::UTF8::AppleIceland" => "MHonArc","MHonArc::UTF8::AppleRoman" => "MHonArc","MHonArc::UTF8::AppleRomanian" => "MHonArc","MHonArc::UTF8::AppleThai" => "MHonArc","MHonArc::UTF8::AppleTurkish" => "MHonArc","MHonArc::UTF8::BIG5_ETEN" => "MHonArc","MHonArc::UTF8::BIG5_HKSCS" => "MHonArc","MHonArc::UTF8::CP1250" => "MHonArc","MHonArc::UTF8::CP1251" => "MHonArc","MHonArc::UTF8::CP1252" => "MHonArc","MHonArc::UTF8::CP1253" => "MHonArc","MHonArc::UTF8::CP1254" => "MHonArc","MHonArc::UTF8::CP1255" => "MHonArc","MHonArc::UTF8::CP1256" => "MHonArc","MHonArc::UTF8::CP1257" => "MHonArc","MHonArc::UTF8::CP1258" => "MHonArc","MHonArc::UTF8::CP866" => "MHonArc","MHonArc::UTF8::CP932" => "MHonArc","MHonArc::UTF8::CP936" => "MHonArc","MHonArc::UTF8::CP949" => "MHonArc","MHonArc::UTF8::CP950" => "MHonArc","MHonArc::UTF8::EUC_JP" => "MHonArc","MHonArc::UTF8::Encode" => "MHonArc","MHonArc::UTF8::GB2312" => "MHonArc","MHonArc::UTF8::GOST19768_87" => "MHonArc","MHonArc::UTF8::HP_ROMAN8" => "MHonArc","MHonArc::UTF8::ISO8859_1" => "MHonArc","MHonArc::UTF8::ISO8859_10" => "MHonArc","MHonArc::UTF8::ISO8859_11" => "MHonArc","MHonArc::UTF8::ISO8859_13" => "MHonArc","MHonArc::UTF8::ISO8859_14" => "MHonArc","MHonArc::UTF8::ISO8859_15" => "MHonArc","MHonArc::UTF8::ISO8859_16" => "MHonArc","MHonArc::UTF8::ISO8859_2" => "MHonArc","MHonArc::UTF8::ISO8859_3" => "MHonArc","MHonArc::UTF8::ISO8859_4" => "MHonArc","MHonArc::UTF8::ISO8859_5" => "MHonArc","MHonArc::UTF8::ISO8859_6" => "MHonArc","MHonArc::UTF8::ISO8859_7" => "MHonArc","MHonArc::UTF8::ISO8859_8" => "MHonArc","MHonArc::UTF8::ISO8859_9" => "MHonArc","MHonArc::UTF8::KOI8_A" => "MHonArc","MHonArc::UTF8::KOI8_B" => "MHonArc","MHonArc::UTF8::KOI8_E" => "MHonArc","MHonArc::UTF8::KOI8_F" => "MHonArc","MHonArc::UTF8::KOI8_R" => "MHonArc","MHonArc::UTF8::KOI8_U" => "MHonArc","MHonArc::UTF8::KOI_0" => "MHonArc","MHonArc::UTF8::KOI_7" => "MHonArc","MHonArc::UTF8::MapUTF8" => "MHonArc","MHonArc::UTF8::MhaEncode" => "MHonArc","MHonArc::UTF8::VISCII" => "MHonArc","MIME::Body" => "MIME-tools","MIME::Body::File" => "MIME-tools","MIME::Body::InCore" => "MIME-tools","MIME::Body::Scalar" => "MIME-tools","MIME::Decoder" => "MIME-tools","MIME::Decoder::Base64" => "MIME-tools","MIME::Decoder::BinHex" => "MIME-tools","MIME::Decoder::Binary" => "MIME-tools","MIME::Decoder::Gzip64" => "MIME-tools","MIME::Decoder::NBit" => "MIME-tools","MIME::Decoder::QuotedPrint" => "MIME-tools","MIME::Decoder::UU" => "MIME-tools","MIME::Entity" => "MIME-tools","MIME::Field::ConTraEnc" => "MIME-tools","MIME::Field::ContDisp" => "MIME-tools","MIME::Field::ContType" => "MIME-tools","MIME::Field::ParamVal" => "MIME-tools","MIME::Head" => "MIME-tools","MIME::Parser" => "MIME-tools","MIME::Parser::FileInto" => "MIME-tools","MIME::Parser::FileUnder" => "MIME-tools","MIME::Parser::Filer" => "MIME-tools","MIME::Parser::InnerFile" => "MIME-tools","MIME::Parser::Reader" => "MIME-tools","MIME::Parser::Results" => "MIME-tools","MIME::ToolUtils" => "MIME-tools","MIME::Tools" => "MIME-tools","MIME::WordDecoder" => "MIME-tools","MIME::WordDecoder::ISO_8859" => "MIME-tools","MIME::WordDecoder::US_ASCII" => "MIME-tools","MIME::WordDecoder::UTF_8" => "MIME-tools","MIME::Words" => "MIME-tools","MM" => "ExtUtils-MakeMaker","MY" => "ExtUtils-MakeMaker","Mail::Address" => "MailTools","Mail::Audit" => "Mail-Audit","Mail::Audit::KillDups" => "Mail-Audit","Mail::Audit::MAPS" => "Mail-Audit","Mail::Audit::MailInternet" => "Mail-Audit","Mail::Audit::MimeEntity" => "Mail-Audit","Mail::Audit::Util::Tempdir" => "Mail-Audit","Mail::Audit::Vacation" => "Mail-Audit","Mail::Cap" => "MailTools","Mail::Field" => "MailTools","Mail::Field::AddrList" => "MailTools","Mail::Field::Date" => "MailTools","Mail::Field::Generic" => "MailTools","Mail::Filter" => "MailTools","Mail::Header" => "MailTools","Mail::Internet" => "MailTools","Mail::Mailer" => "MailTools","Mail::Mailer::qmail" => "MailTools","Mail::Mailer::rfc822" => "MailTools","Mail::Mailer::sendmail" => "MailTools","Mail::Mailer::smtp" => "MailTools","Mail::Mailer::smtp::pipe" => "MailTools","Mail::Mailer::smtps" => "MailTools","Mail::Mailer::smtps::pipe" => "MailTools","Mail::Mailer::testfile" => "MailTools","Mail::Mailer::testfile::pipe" => "MailTools","Mail::Send" => "MailTools","Mail::Util" => "MailTools","MailTools" => "MailTools","Maintainers" => "perl","MarpaX::ESLIF" => "MarpaX-ESLIF","MarpaX::ESLIF::Base" => "MarpaX-ESLIF","MarpaX::ESLIF::Event::Type" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Rule::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::Grammar::Symbol::Properties" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Decoder" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Decoder::RecognizerInterface" => "MarpaX-ESLIF","MarpaX::ESLIF::JSON::Encoder" => "MarpaX-ESLIF","MarpaX::ESLIF::Logger::Level" => "MarpaX-ESLIF","MarpaX::ESLIF::Recognizer" => "MarpaX-ESLIF","MarpaX::ESLIF::RegexCallout" => "MarpaX-ESLIF","MarpaX::ESLIF::Rule::PropertyBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::String" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::EventBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::PropertyBitSet" => "MarpaX-ESLIF","MarpaX::ESLIF::Symbol::Type" => "MarpaX-ESLIF","MarpaX::ESLIF::Value" => "MarpaX-ESLIF","MarpaX::ESLIF::Value::Type" => "MarpaX-ESLIF","Math::BigInt::LTM" => "CryptX","Maypole" => "Maypole","Maypole::Application" => "Maypole","Maypole::CLI" => "Maypole","Maypole::Config" => "Maypole","Maypole::Constants" => "Maypole","Maypole::Headers" => "Maypole","Maypole::Model::Base" => "Maypole","Maypole::Model::CDBI" => "Maypole","Maypole::Model::CDBI::AsForm" => "Maypole","Maypole::Model::CDBI::Base" => "Maypole","Maypole::Model::CDBI::DFV" => "Maypole","Maypole::Model::CDBI::FromCGI" => "Maypole","Maypole::Model::CDBI::Plain" => "Maypole","Maypole::Session" => "Maypole","Maypole::View::Base" => "Maypole","Maypole::View::TT" => "Maypole","MicroWiki::Controllers" => "Squatting","MicroWiki::Views" => "Squatting","Mite" => "Mite","Mite::App" => "Mite","Mite::App::Command" => "Mite","Mite::App::Command::clean" => "Mite","Mite::App::Command::compile" => "Mite","Mite::App::Command::exec" => "Mite","Mite::App::Command::init" => "Mite","Mite::App::Command::preview" => "Mite","Mite::Attribute" => "Mite","Mite::Attribute::SHV::CodeGen" => "Mite","Mite::Class" => "Mite","Mite::Compiled" => "Mite","Mite::Config" => "Mite","Mite::MakeMaker" => "Mite","Mite::Miteception" => "Mite","Mite::ModuleBuild" => "Mite","Mite::Package" => "Mite","Mite::Project" => "Mite","Mite::Role" => "Mite","Mite::Role::Tiny" => "Mite","Mite::Shim" => "Mite","Mite::Signature" => "Mite","Mite::Signature::Compiler" => "Mite","Mite::Source" => "Mite","Mite::Trait::HasAttributes" => "Mite","Mite::Trait::HasConstructor" => "Mite","Mite::Trait::HasDestructor" => "Mite","Mite::Trait::HasMOP" => "Mite","Mite::Trait::HasMethods" => "Mite","Mite::Trait::HasRequiredMethods" => "Mite","Mite::Trait::HasRoles" => "Mite","Mite::Trait::HasSuperclasses" => "Mite","Mite::Types" => "Mite","ModPerl::BuildMM" => "mod_perl","ModPerl::BuildOptions" => "mod_perl","ModPerl::CScan" => "mod_perl","ModPerl::Code" => "mod_perl","ModPerl::Config" => "mod_perl","ModPerl::FunctionMap" => "mod_perl","ModPerl::FunctionTable" => "mod_perl","ModPerl::Global" => "mod_perl","ModPerl::InterpPool" => "mod_perl","ModPerl::Interpreter" => "mod_perl","ModPerl::MM" => "mod_perl","ModPerl::Manifest" => "mod_perl","ModPerl::MapBase" => "mod_perl","ModPerl::MapUtil" => "mod_perl","ModPerl::MethodLookup" => "mod_perl","ModPerl::ParseSource" => "mod_perl","ModPerl::PerlRun" => "mod_perl","ModPerl::PerlRunPrefork" => "mod_perl","ModPerl::Registry" => "mod_perl","ModPerl::RegistryBB" => "mod_perl","ModPerl::RegistryCooker" => "mod_perl","ModPerl::RegistryLoader" => "mod_perl","ModPerl::RegistryPrefork" => "mod_perl","ModPerl::StructureMap" => "mod_perl","ModPerl::TestConfig" => "mod_perl","ModPerl::TestReport" => "mod_perl","ModPerl::TestRun" => "mod_perl","ModPerl::TiPool" => "mod_perl","ModPerl::TiPoolConfig" => "mod_perl","ModPerl::TypeMap" => "mod_perl","ModPerl::Util" => "mod_perl","ModPerl::WrapXS" => "mod_perl","Module::Load::Conditional" => "Module-Load-Conditional","Module::Metadata" => "Module-Metadata","Module::Provision" => "Module-Provision","Module::Provision::Base" => "Module-Provision","Module::Provision::Config" => "Module-Provision","Module::Provision::MetaData" => "Module-Provision","Module::Provision::TraitFor::AddingFiles" => "Module-Provision","Module::Provision::TraitFor::Badges" => "Module-Provision","Module::Provision::TraitFor::CPANDistributions" => "Module-Provision","Module::Provision::TraitFor::CreatingDistributions" => "Module-Provision","Module::Provision::TraitFor::EnvControl" => "Module-Provision","Module::Provision::TraitFor::PrereqDifferences" => "Module-Provision","Module::Provision::TraitFor::Rendering" => "Module-Provision","Module::Provision::TraitFor::UpdatingContent" => "Module-Provision","Module::Provision::TraitFor::VCS" => "Module-Provision","Module::ScanDeps" => "Module-ScanDeps","Module::Signature" => "Module-Signature","Mojo" => "Mojolicious","Mojo::Asset" => "Mojolicious","Mojo::Asset::File" => "Mojolicious","Mojo::Asset::Memory" => "Mojolicious","Mojo::Base" => "Mojolicious","Mojo::BaseUtil" => "Mojolicious","Mojo::ByteStream" => "Mojolicious","Mojo::Cache" => "Mojolicious","Mojo::Collection" => "Mojolicious","Mojo::Collection::Role::Extra" => "Mojo-DOM-Role-Analyzer","Mojo::Content" => "Mojolicious","Mojo::Content::MultiPart" => "Mojolicious","Mojo::Content::Single" => "Mojolicious","Mojo::Cookie" => "Mojolicious","Mojo::Cookie::Request" => "Mojolicious","Mojo::Cookie::Response" => "Mojolicious","Mojo::DOM" => "Mojolicious","Mojo::DOM::CSS" => "Mojolicious","Mojo::DOM::HTML" => "Mojolicious","Mojo::DOM::Role::Analyzer" => "Mojo-DOM-Role-Analyzer","Mojo::Date" => "Mojolicious","Mojo::DynamicMethods" => "Mojolicious","Mojo::EventEmitter" => "Mojolicious","Mojo::Exception" => "Mojolicious","Mojo::Exception::_Guard" => "Mojolicious","Mojo::File" => "Mojolicious","Mojo::Headers" => "Mojolicious","Mojo::HelloWorld" => "Mojolicious","Mojo::Home" => "Mojolicious","Mojo::IOLoop" => "Mojolicious","Mojo::IOLoop::Client" => "Mojolicious","Mojo::IOLoop::Server" => "Mojolicious","Mojo::IOLoop::Stream" => "Mojolicious","Mojo::IOLoop::Subprocess" => "Mojolicious","Mojo::IOLoop::TLS" => "Mojolicious","Mojo::JSON" => "Mojolicious","Mojo::JSON::Pointer" => "Mojolicious","Mojo::Loader" => "Mojolicious","Mojo::Log" => "Mojolicious","Mojo::Message" => "Mojolicious","Mojo::Message::Request" => "Mojolicious","Mojo::Message::Response" => "Mojolicious","Mojo::Parameters" => "Mojolicious","Mojo::Path" => "Mojolicious","Mojo::Promise" => "Mojolicious","Mojo::Reactor" => "Mojolicious","Mojo::Reactor::EV" => "Mojolicious","Mojo::Reactor::Poll" => "Mojolicious","Mojo::SSE" => "Mojolicious","Mojo::Server" => "Mojolicious","Mojo::Server::CGI" => "Mojolicious","Mojo::Server::Daemon" => "Mojolicious","Mojo::Server::Hypnotoad" => "Mojolicious","Mojo::Server::Morbo" => "Mojolicious","Mojo::Server::Morbo::Backend" => "Mojolicious","Mojo::Server::Morbo::Backend::Poll" => "Mojolicious","Mojo::Server::PSGI" => "Mojolicious","Mojo::Server::PSGI::_IO" => "Mojolicious","Mojo::Server::Prefork" => "Mojolicious","Mojo::Template" => "Mojolicious","Mojo::Transaction" => "Mojolicious","Mojo::Transaction::HTTP" => "Mojolicious","Mojo::Transaction::WebSocket" => "Mojolicious","Mojo::URL" => "Mojolicious","Mojo::Upload" => "Mojolicious","Mojo::UserAgent" => "Mojolicious","Mojo::UserAgent::CookieJar" => "Mojolicious","Mojo::UserAgent::Proxy" => "Mojolicious","Mojo::UserAgent::Server" => "Mojolicious","Mojo::UserAgent::Transactor" => "Mojolicious","Mojo::Util" => "Mojolicious","Mojo::WebSocket" => "Mojolicious","MojoMojo" => "MojoMojo","MojoMojo::Controller::Admin" => "MojoMojo","MojoMojo::Controller::Attachment" => "MojoMojo","MojoMojo::Controller::Comment" => "MojoMojo","MojoMojo::Controller::Export" => "MojoMojo","MojoMojo::Controller::Gallery" => "MojoMojo","MojoMojo::Controller::Image" => "MojoMojo","MojoMojo::Controller::JSON" => "MojoMojo","MojoMojo::Controller::Journal" => "MojoMojo","MojoMojo::Controller::Jsrpc" => "MojoMojo","MojoMojo::Controller::Page" => "MojoMojo","MojoMojo::Controller::PageAdmin" => "MojoMojo","MojoMojo::Controller::Root" => "MojoMojo","MojoMojo::Controller::Tag" => "MojoMojo","MojoMojo::Controller::User" => "MojoMojo","MojoMojo::Declaw" => "MojoMojo","MojoMojo::Extension" => "MojoMojo","MojoMojo::Extensions::Counter" => "MojoMojo","MojoMojo::Formatter" => "MojoMojo","MojoMojo::Formatter::Amazon" => "MojoMojo","MojoMojo::Formatter::CPANHyperlink" => "MojoMojo","MojoMojo::Formatter::Comment" => "MojoMojo","MojoMojo::Formatter::Defang" => "MojoMojo","MojoMojo::Formatter::Dir" => "MojoMojo","MojoMojo::Formatter::DocBook" => "MojoMojo","MojoMojo::Formatter::DocBook::Colorize" => "MojoMojo","MojoMojo::Formatter::Emote" => "MojoMojo","MojoMojo::Formatter::File" => "MojoMojo","MojoMojo::Formatter::File::DocBook" => "MojoMojo","MojoMojo::Formatter::File::Image" => "MojoMojo","MojoMojo::Formatter::File::Pod" => "MojoMojo","MojoMojo::Formatter::File::Test" => "MojoMojo","MojoMojo::Formatter::File::Text" => "MojoMojo","MojoMojo::Formatter::Gist" => "MojoMojo","MojoMojo::Formatter::GoogleCalendar" => "MojoMojo","MojoMojo::Formatter::GoogleSearch" => "MojoMojo","MojoMojo::Formatter::IDLink" => "MojoMojo","MojoMojo::Formatter::IRCLog" => "MojoMojo","MojoMojo::Formatter::Include" => "MojoMojo","MojoMojo::Formatter::Main" => "MojoMojo","MojoMojo::Formatter::Markdown" => "MojoMojo","MojoMojo::Formatter::Pod" => "MojoMojo","MojoMojo::Formatter::Pod::Simple::HTML" => "MojoMojo","MojoMojo::Formatter::RSS" => "MojoMojo","MojoMojo::Formatter::Redirect" => "MojoMojo","MojoMojo::Formatter::SyntaxHighlight" => "MojoMojo","MojoMojo::Formatter::TOC" => "MojoMojo","MojoMojo::Formatter::Text" => "MojoMojo","MojoMojo::Formatter::Textile" => "MojoMojo","MojoMojo::Formatter::Wiki" => "MojoMojo","MojoMojo::Formatter::WikipediaLink" => "MojoMojo","MojoMojo::Formatter::YouTube" => "MojoMojo","MojoMojo::I18N" => "MojoMojo","MojoMojo::Model::DBIC" => "MojoMojo","MojoMojo::Model::Search" => "MojoMojo","MojoMojo::Model::Themes" => "MojoMojo","MojoMojo::Schema" => "MojoMojo","MojoMojo::Schema::Base::Result" => "MojoMojo","MojoMojo::Schema::Base::ResultSet" => "MojoMojo","MojoMojo::Schema::Result::Attachment" => "MojoMojo","MojoMojo::Schema::Result::Comment" => "MojoMojo","MojoMojo::Schema::Result::Content" => "MojoMojo","MojoMojo::Schema::Result::Entry" => "MojoMojo","MojoMojo::Schema::Result::Journal" => "MojoMojo","MojoMojo::Schema::Result::Link" => "MojoMojo","MojoMojo::Schema::Result::Page" => "MojoMojo","MojoMojo::Schema::Result::PageVersion" => "MojoMojo","MojoMojo::Schema::Result::PathPermissions" => "MojoMojo","MojoMojo::Schema::Result::Person" => "MojoMojo","MojoMojo::Schema::Result::Photo" => "MojoMojo","MojoMojo::Schema::Result::Preference" => "MojoMojo","MojoMojo::Schema::Result::Role" => "MojoMojo","MojoMojo::Schema::Result::RoleMember" => "MojoMojo","MojoMojo::Schema::Result::RolePrivilege" => "MojoMojo","MojoMojo::Schema::Result::Tag" => "MojoMojo","MojoMojo::Schema::Result::WantedPage" => "MojoMojo","MojoMojo::Schema::ResultSet::Attachment" => "MojoMojo","MojoMojo::Schema::ResultSet::Content" => "MojoMojo","MojoMojo::Schema::ResultSet::Page" => "MojoMojo","MojoMojo::Schema::ResultSet::Person" => "MojoMojo","MojoMojo::Schema::ResultSet::Role" => "MojoMojo","MojoMojo::Schema::ResultSet::Tag" => "MojoMojo","MojoMojo::View::Email" => "MojoMojo","MojoMojo::View::JSON" => "MojoMojo","MojoMojo::View::TT" => "MojoMojo","MojoMojo::WordDiff" => "MojoMojo","Mojolicious" => "Mojolicious","Mojolicious::Command" => "Mojolicious","Mojolicious::Command::Author::cpanify" => "Mojolicious","Mojolicious::Command::Author::generate" => "Mojolicious","Mojolicious::Command::Author::generate::app" => "Mojolicious","Mojolicious::Command::Author::generate::dockerfile" => "Mojolicious","Mojolicious::Command::Author::generate::lite_app" => "Mojolicious","Mojolicious::Command::Author::generate::makefile" => "Mojolicious","Mojolicious::Command::Author::generate::plugin" => "Mojolicious","Mojolicious::Command::Author::inflate" => "Mojolicious","Mojolicious::Command::cgi" => "Mojolicious","Mojolicious::Command::cpanify" => "Mojolicious","Mojolicious::Command::daemon" => "Mojolicious","Mojolicious::Command::eval" => "Mojolicious","Mojolicious::Command::generate" => "Mojolicious","Mojolicious::Command::generate::app" => "Mojolicious","Mojolicious::Command::generate::lite_app" => "Mojolicious","Mojolicious::Command::generate::makefile" => "Mojolicious","Mojolicious::Command::generate::plugin" => "Mojolicious","Mojolicious::Command::get" => "Mojolicious","Mojolicious::Command::inflate" => "Mojolicious","Mojolicious::Command::prefork" => "Mojolicious","Mojolicious::Command::psgi" => "Mojolicious","Mojolicious::Command::routes" => "Mojolicious","Mojolicious::Command::test" => "Mojolicious","Mojolicious::Command::version" => "Mojolicious","Mojolicious::Commands" => "Mojolicious","Mojolicious::Controller" => "Mojolicious","Mojolicious::Lite" => "Mojolicious","Mojolicious::Plugin" => "Mojolicious","Mojolicious::Plugin::CSRF" => "Mojolicious-Plugin-CSRF","Mojolicious::Plugin::CSRF::Base" => "Mojolicious-Plugin-CSRF","Mojolicious::Plugin::CaptchaPNG" => "Mojolicious-Plugin-CaptchaPNG","Mojolicious::Plugin::Config" => "Mojolicious","Mojolicious::Plugin::Config::Sandbox" => "Mojolicious","Mojolicious::Plugin::DefaultHelpers" => "Mojolicious","Mojolicious::Plugin::EPLRenderer" => "Mojolicious","Mojolicious::Plugin::EPRenderer" => "Mojolicious","Mojolicious::Plugin::HeaderCondition" => "Mojolicious","Mojolicious::Plugin::JSONConfig" => "Mojolicious","Mojolicious::Plugin::Mount" => "Mojolicious","Mojolicious::Plugin::NotYAMLConfig" => "Mojolicious","Mojolicious::Plugin::OAuth2" => "Mojolicious-Plugin-OAuth2","Mojolicious::Plugin::OAuth2::Mock" => "Mojolicious-Plugin-OAuth2","Mojolicious::Plugin::PODRenderer" => "Mojolicious","Mojolicious::Plugin::TagHelpers" => "Mojolicious","Mojolicious::Plugin::Yancy" => "Yancy","Mojolicious::Plugins" => "Mojolicious","Mojolicious::Renderer" => "Mojolicious","Mojolicious::Routes" => "Mojolicious","Mojolicious::Routes::Match" => "Mojolicious","Mojolicious::Routes::Pattern" => "Mojolicious","Mojolicious::Routes::Route" => "Mojolicious","Mojolicious::Sessions" => "Mojolicious","Mojolicious::Static" => "Mojolicious","Mojolicious::Types" => "Mojolicious","Mojolicious::Validator" => "Mojolicious","Mojolicious::Validator::Validation" => "Mojolicious","Moped::Msg" => "perl","Moxy" => "Moxy","Moxy::Attribute::CarrierHook" => "Moxy","Moxy::Component::Context" => "Moxy","Moxy::Plugin" => "Moxy","Moxy::Plugin::AuthorizationCutter" => "Moxy","Moxy::Plugin::Bookmark" => "Moxy","Moxy::Plugin::ControlPanel" => "Moxy","Moxy::Plugin::CookieCutter" => "Moxy","Moxy::Plugin::DisableTableTag" => "Moxy","Moxy::Plugin::DisplayWidth" => "Moxy","Moxy::Plugin::FlashUseImgTag" => "Moxy","Moxy::Plugin::GPS" => "Moxy","Moxy::Plugin::GPS::AirHPhone" => "Moxy","Moxy::Plugin::GPS::DoCoMo" => "Moxy","Moxy::Plugin::GPS::EZweb" => "Moxy","Moxy::Plugin::GPS::ThirdForce" => "Moxy","Moxy::Plugin::HTTPHeader" => "Moxy","Moxy::Plugin::Hosts" => "Moxy","Moxy::Plugin::LocationBar" => "Moxy","Moxy::Plugin::OpenSocial" => "Moxy","Moxy::Plugin::Pictogram" => "Moxy","Moxy::Plugin::QRCode" => "Moxy","Moxy::Plugin::RefererCutter" => "Moxy","Moxy::Plugin::RelativeLocation" => "Moxy","Moxy::Plugin::ResponseTime" => "Moxy","Moxy::Plugin::Scrubber" => "Moxy","Moxy::Plugin::ShowHTMLSource" => "Moxy","Moxy::Plugin::ShowHTTPHeaders" => "Moxy","Moxy::Plugin::Status::401" => "Moxy","Moxy::Plugin::Status::404" => "Moxy","Moxy::Plugin::Status::500" => "Moxy","Moxy::Plugin::StripScripts" => "Moxy","Moxy::Plugin::UserAgentSwitcher" => "Moxy","Moxy::Plugin::UserID" => "Moxy","Moxy::Plugin::XMLisHTML" => "Moxy","Moxy::Request" => "Moxy","Moxy::Session::State::BasicAuth" => "Moxy","Moxy::Util" => "Moxy","Mozilla::CA" => "Mozilla-CA","My::Chat" => "SOAP-Lite","My::Examples" => "SOAP-Lite","My::Parameters" => "SOAP-Lite","My::PersistentIterator" => "SOAP-Lite","My::PingPong" => "SOAP-Lite","My::SessionIterator" => "SOAP-Lite","My::TAP::Parser::Iterator::Process::LSF" => "UR","My::TAP::Parser::IteratorFactory::LSF" => "UR","My::TAP::Parser::Multiplexer" => "UR","My::TAP::Parser::Scheduler" => "UR","My::TAP::Parser::Timer" => "UR","MyFeatureFileLoader" => "GBrowse","MySQL::Admin" => "MySQL-Admin","MySQL::Admin::Actions" => "MySQL-Admin","MySQL::Admin::Config" => "MySQL-Admin","MySQL::Admin::Documentation" => "MySQL-Admin","MySQL::Admin::GUI" => "MySQL-Admin","MySQL::Admin::Session" => "MySQL-Admin","MySQL::Admin::Settings" => "MySQL-Admin","MySQL::Admin::Translate" => "MySQL-Admin","MySession" => "App-Netdisco","MyStripScripts" => "HTML-StripScripts","MyTestModule" => "perl","Mysql" => "DBD-mysql","Mysql::Statement" => "DBD-mysql","Mysql::db" => "DBD-mysql","Mysql::dr" => "DBD-mysql","Mysql::st" => "DBD-mysql","NDBM_File" => "perl","Net::CIDR" => "Net-CIDR","Net::CIDR::Lite" => "Net-CIDR-Lite","Net::CIDR::Lite::Span" => "Net-CIDR-Lite","Net::CIDR::Set" => "Net-CIDR-Set","Net::CIDR::Set::IPv4" => "Net-CIDR-Set","Net::CIDR::Set::IPv6" => "Net-CIDR-Set","Net::DNS" => "Net-DNS","Net::DNS::Domain" => "Net-DNS","Net::DNS::DomainName" => "Net-DNS","Net::DNS::DomainName1035" => "Net-DNS","Net::DNS::DomainName2535" => "Net-DNS","Net::DNS::Header" => "Net-DNS","Net::DNS::Mailbox" => "Net-DNS","Net::DNS::Mailbox1035" => "Net-DNS","Net::DNS::Mailbox2535" => "Net-DNS","Net::DNS::Nameserver" => "Net-DNS","Net::DNS::Packet" => "Net-DNS","Net::DNS::Parameters" => "Net-DNS","Net::DNS::Question" => "Net-DNS","Net::DNS::RR" => "Net-DNS","Net::DNS::RR::A" => "Net-DNS","Net::DNS::RR::AAAA" => "Net-DNS","Net::DNS::RR::AFSDB" => "Net-DNS","Net::DNS::RR::AMTRELAY" => "Net-DNS","Net::DNS::RR::APL" => "Net-DNS","Net::DNS::RR::APL::Item" => "Net-DNS","Net::DNS::RR::CAA" => "Net-DNS","Net::DNS::RR::CDNSKEY" => "Net-DNS","Net::DNS::RR::CDS" => "Net-DNS","Net::DNS::RR::CERT" => "Net-DNS","Net::DNS::RR::CNAME" => "Net-DNS","Net::DNS::RR::CSYNC" => "Net-DNS","Net::DNS::RR::DELEG" => "Net-DNS","Net::DNS::RR::DELEGI" => "Net-DNS","Net::DNS::RR::DHCID" => "Net-DNS","Net::DNS::RR::DLV" => "Net-DNS","Net::DNS::RR::DNAME" => "Net-DNS","Net::DNS::RR::DNSKEY" => "Net-DNS","Net::DNS::RR::DS" => "Net-DNS","Net::DNS::RR::DSYNC" => "Net-DNS","Net::DNS::RR::EUI48" => "Net-DNS","Net::DNS::RR::EUI64" => "Net-DNS","Net::DNS::RR::GPOS" => "Net-DNS","Net::DNS::RR::HINFO" => "Net-DNS","Net::DNS::RR::HIP" => "Net-DNS","Net::DNS::RR::HTTPS" => "Net-DNS","Net::DNS::RR::IPSECKEY" => "Net-DNS","Net::DNS::RR::ISDN" => "Net-DNS","Net::DNS::RR::KEY" => "Net-DNS","Net::DNS::RR::KX" => "Net-DNS","Net::DNS::RR::L32" => "Net-DNS","Net::DNS::RR::L64" => "Net-DNS","Net::DNS::RR::LOC" => "Net-DNS","Net::DNS::RR::LP" => "Net-DNS","Net::DNS::RR::MB" => "Net-DNS","Net::DNS::RR::MG" => "Net-DNS","Net::DNS::RR::MINFO" => "Net-DNS","Net::DNS::RR::MR" => "Net-DNS","Net::DNS::RR::MX" => "Net-DNS","Net::DNS::RR::NAPTR" => "Net-DNS","Net::DNS::RR::NID" => "Net-DNS","Net::DNS::RR::NS" => "Net-DNS","Net::DNS::RR::NSEC" => "Net-DNS","Net::DNS::RR::NSEC3" => "Net-DNS","Net::DNS::RR::NSEC3PARAM" => "Net-DNS","Net::DNS::RR::NULL" => "Net-DNS","Net::DNS::RR::OPENPGPKEY" => "Net-DNS","Net::DNS::RR::OPT" => "Net-DNS","Net::DNS::RR::OPT::CHAIN" => "Net-DNS","Net::DNS::RR::OPT::CLIENT_SUBNET" => "Net-DNS","Net::DNS::RR::OPT::COOKIE" => "Net-DNS","Net::DNS::RR::OPT::DAU" => "Net-DNS","Net::DNS::RR::OPT::DHU" => "Net-DNS","Net::DNS::RR::OPT::EXPIRE" => "Net-DNS","Net::DNS::RR::OPT::EXTENDED_ERROR" => "Net-DNS","Net::DNS::RR::OPT::KEY_TAG" => "Net-DNS","Net::DNS::RR::OPT::N3U" => "Net-DNS","Net::DNS::RR::OPT::NSID" => "Net-DNS","Net::DNS::RR::OPT::PADDING" => "Net-DNS","Net::DNS::RR::OPT::REPORT_CHANNEL" => "Net-DNS","Net::DNS::RR::OPT::TCP_KEEPALIVE" => "Net-DNS","Net::DNS::RR::OPT::ZONEVERSION" => "Net-DNS","Net::DNS::RR::PTR" => "Net-DNS","Net::DNS::RR::PX" => "Net-DNS","Net::DNS::RR::RESINFO" => "Net-DNS","Net::DNS::RR::RP" => "Net-DNS","Net::DNS::RR::RRSIG" => "Net-DNS","Net::DNS::RR::RT" => "Net-DNS","Net::DNS::RR::SIG" => "Net-DNS","Net::DNS::RR::SMIMEA" => "Net-DNS","Net::DNS::RR::SOA" => "Net-DNS","Net::DNS::RR::SPF" => "Net-DNS","Net::DNS::RR::SRV" => "Net-DNS","Net::DNS::RR::SSHFP" => "Net-DNS","Net::DNS::RR::SVCB" => "Net-DNS","Net::DNS::RR::TKEY" => "Net-DNS","Net::DNS::RR::TLSA" => "Net-DNS","Net::DNS::RR::TSIG" => "Net-DNS","Net::DNS::RR::TXT" => "Net-DNS","Net::DNS::RR::URI" => "Net-DNS","Net::DNS::RR::X25" => "Net-DNS","Net::DNS::RR::ZONEMD" => "Net-DNS","Net::DNS::Resolver" => "Net-DNS","Net::DNS::Resolver::Base" => "Net-DNS","Net::DNS::Resolver::MSWin32" => "Net-DNS","Net::DNS::Resolver::Recurse" => "Net-DNS","Net::DNS::Resolver::UNIX" => "Net-DNS","Net::DNS::Resolver::android" => "Net-DNS","Net::DNS::Resolver::cygwin" => "Net-DNS","Net::DNS::Resolver::os2" => "Net-DNS","Net::DNS::Resolver::os390" => "Net-DNS","Net::DNS::Text" => "Net-DNS","Net::DNS::Update" => "Net-DNS","Net::DNS::ZoneFile" => "Net-DNS","Net::DNS::ZoneFile::Generator" => "Net-DNS","Net::DNS::ZoneFile::Text" => "Net-DNS","Net::Dropbear" => "Net-Dropbear","Net::Dropbear::SSH" => "Net-Dropbear","Net::Dropbear::SSHd" => "Net-Dropbear","Net::Dropbear::XS" => "Net-Dropbear","Net::Dropbear::XS::AuthState" => "Net-Dropbear","Net::Dropbear::XS::SessionAccept" => "Net-Dropbear","Net::Dropbox::API" => "Net-Dropbox-API","Net::EasyTCP" => "EasyTCP","Net::IP::LPM" => "Net-IP-LPM","Net::IPAddress::Util" => "Net-IPAddress-Util","Net::IPAddress::Util::Collection" => "Net-IPAddress-Util","Net::IPAddress::Util::Collection::Tie" => "Net-IPAddress-Util","Net::IPAddress::Util::Range" => "Net-IPAddress-Util","Net::IPv4Addr" => "Net-IPv4Addr","Net::LDAP" => "perl-ldap","Net::LDAP::ASN" => "perl-ldap","Net::LDAP::Bind" => "perl-ldap","Net::LDAP::Constant" => "perl-ldap","Net::LDAP::Control" => "perl-ldap","Net::LDAP::Control::Assertion" => "perl-ldap","Net::LDAP::Control::DontUseCopy" => "perl-ldap","Net::LDAP::Control::EntryChange" => "perl-ldap","Net::LDAP::Control::ManageDsaIT" => "perl-ldap","Net::LDAP::Control::MatchedValues" => "perl-ldap","Net::LDAP::Control::NoOp" => "perl-ldap","Net::LDAP::Control::Paged" => "perl-ldap","Net::LDAP::Control::PasswordPolicy" => "perl-ldap","Net::LDAP::Control::PersistentSearch" => "perl-ldap","Net::LDAP::Control::PostRead" => "perl-ldap","Net::LDAP::Control::PreRead" => "perl-ldap","Net::LDAP::Control::ProxyAuth" => "perl-ldap","Net::LDAP::Control::Relax" => "perl-ldap","Net::LDAP::Control::Sort" => "perl-ldap","Net::LDAP::Control::SortResult" => "perl-ldap","Net::LDAP::Control::Subentries" => "perl-ldap","Net::LDAP::Control::SyncDone" => "perl-ldap","Net::LDAP::Control::SyncRequest" => "perl-ldap","Net::LDAP::Control::SyncState" => "perl-ldap","Net::LDAP::Control::TreeDelete" => "perl-ldap","Net::LDAP::Control::VLV" => "perl-ldap","Net::LDAP::Control::VLVResponse" => "perl-ldap","Net::LDAP::DSML" => "perl-ldap","Net::LDAP::DSML::output" => "perl-ldap","Net::LDAP::DSML::pp" => "perl-ldap","Net::LDAP::Entry" => "perl-ldap","Net::LDAP::Extension" => "perl-ldap","Net::LDAP::Extension::Cancel" => "perl-ldap","Net::LDAP::Extension::Refresh" => "perl-ldap","Net::LDAP::Extension::SetPassword" => "perl-ldap","Net::LDAP::Extension::WhoAmI" => "perl-ldap","Net::LDAP::Extra" => "perl-ldap","Net::LDAP::Extra::AD" => "perl-ldap","Net::LDAP::Extra::eDirectory" => "perl-ldap","Net::LDAP::Filter" => "perl-ldap","Net::LDAP::FilterList" => "perl-ldap","Net::LDAP::FilterMatch" => "perl-ldap","Net::LDAP::Intermediate" => "perl-ldap","Net::LDAP::Intermediate::SyncInfo" => "perl-ldap","Net::LDAP::LDIF" => "perl-ldap","Net::LDAP::Message" => "perl-ldap","Net::LDAP::Message::Dummy" => "perl-ldap","Net::LDAP::Reference" => "perl-ldap","Net::LDAP::RootDSE" => "perl-ldap","Net::LDAP::Schema" => "perl-ldap","Net::LDAP::Search" => "perl-ldap","Net::LDAP::Util" => "perl-ldap","Net::LDAPI" => "perl-ldap","Net::LDAPS" => "perl-ldap","Net::NSCA::Client" => "Net-NSCA-Client","Net::NSCA::Client::Connection" => "Net-NSCA-Client","Net::NSCA::Client::Connection::TLS" => "Net-NSCA-Client","Net::NSCA::Client::DataPacket" => "Net-NSCA-Client","Net::NSCA::Client::InitialPacket" => "Net-NSCA-Client","Net::NSCA::Client::Library" => "Net-NSCA-Client","Net::NSCA::Client::ServerConfig" => "Net-NSCA-Client","Net::NSCA::Client::Utils" => "Net-NSCA-Client","Net::Netmask" => "Net-Netmask","Net::OAuth" => "Net-OAuth","Net::OAuth::AccessToken" => "Net-OAuth","Net::OAuth::AccessTokenRequest" => "Net-OAuth","Net::OAuth::AccessTokenResponse" => "Net-OAuth","Net::OAuth::Client" => "Net-OAuth","Net::OAuth::ConsumerRequest" => "Net-OAuth","Net::OAuth::Message" => "Net-OAuth","Net::OAuth::ProtectedResourceRequest" => "Net-OAuth","Net::OAuth::Request" => "Net-OAuth","Net::OAuth::RequestTokenRequest" => "Net-OAuth","Net::OAuth::RequestTokenResponse" => "Net-OAuth","Net::OAuth::Response" => "Net-OAuth","Net::OAuth::SignatureMethod::HMAC_SHA1" => "Net-OAuth","Net::OAuth::SignatureMethod::HMAC_SHA256" => "Net-OAuth","Net::OAuth::SignatureMethod::PLAINTEXT" => "Net-OAuth","Net::OAuth::SignatureMethod::RSA_SHA1" => "Net-OAuth","Net::OAuth::UserAuthRequest" => "Net-OAuth","Net::OAuth::UserAuthResponse" => "Net-OAuth","Net::OAuth::V1_0A::AccessTokenRequest" => "Net-OAuth","Net::OAuth::V1_0A::RequestTokenRequest" => "Net-OAuth","Net::OAuth::V1_0A::RequestTokenResponse" => "Net-OAuth","Net::OAuth::V1_0A::UserAuthResponse" => "Net-OAuth","Net::OAuth::XauthAccessTokenRequest" => "Net-OAuth","Net::OAuth::YahooAccessTokenRefreshRequest" => "Net-OAuth","Net::OpenID::Association" => "Net-OpenID-Consumer","Net::OpenID::ClaimedIdentity" => "Net-OpenID-Consumer","Net::OpenID::Consumer" => "Net-OpenID-Consumer","Net::OpenID::VerifiedIdentity" => "Net-OpenID-Consumer","Net::Ping::External" => "Net-Ping-External","Net::SNMP" => "Net-SNMP","Net::SNMP::Dispatcher" => "Net-SNMP","Net::SNMP::Message" => "Net-SNMP","Net::SNMP::MessageProcessing" => "Net-SNMP","Net::SNMP::PDU" => "Net-SNMP","Net::SNMP::Security" => "Net-SNMP","Net::SNMP::Security::Community" => "Net-SNMP","Net::SNMP::Security::USM" => "Net-SNMP","Net::SNMP::Transport" => "Net-SNMP","Net::SNMP::Transport::IPv4" => "Net-SNMP","Net::SNMP::Transport::IPv4::TCP" => "Net-SNMP","Net::SNMP::Transport::IPv4::UDP" => "Net-SNMP","Net::SNMP::Transport::IPv6" => "Net-SNMP","Net::SNMP::Transport::IPv6::TCP" => "Net-SNMP","Net::SNMP::Transport::IPv6::UDP" => "Net-SNMP","Net::SNMP::Transport::TCP" => "Net-SNMP","Net::SNMP::Transport::TCP6" => "Net-SNMP","Net::SNMP::Transport::UDP" => "Net-SNMP","Net::SNMP::Transport::UDP6" => "Net-SNMP","Net::SSLeay" => "Net-SSLeay","Net::SSLeay::Handle" => "Net-SSLeay","Net::Server" => "Net-Server","Net::Server::Coro" => "Net-Server-Coro","Net::Server::Daemonize" => "Net-Server","Net::Server::Fork" => "Net-Server","Net::Server::HTTP" => "Net-Server","Net::Server::INET" => "Net-Server","Net::Server::INET::Handle" => "Net-Server","Net::Server::IP" => "Net-Server","Net::Server::Log::Log::Log4perl" => "Net-Server","Net::Server::Log::Sys::Syslog" => "Net-Server","Net::Server::MultiType" => "Net-Server","Net::Server::Multiplex" => "Net-Server","Net::Server::Multiplex::MUX" => "Net-Server","Net::Server::PSGI" => "Net-Server","Net::Server::PreFork" => "Net-Server","Net::Server::PreForkSimple" => "Net-Server","Net::Server::Proto" => "Net-Server","Net::Server::Proto::Coro" => "Net-Server-Coro","Net::Server::Proto::Coro::FH" => "Net-Server-Coro","Net::Server::Proto::SSL" => "Net-Server","Net::Server::Proto::SSLEAY" => "Net-Server","Net::Server::Proto::TCP" => "Net-Server","Net::Server::Proto::UDP" => "Net-Server","Net::Server::Proto::UNIX" => "Net-Server","Net::Server::Proto::UNIXDGRAM" => "Net-Server","Net::Server::SIG" => "Net-Server","Net::Server::Single" => "Net-Server","Net::Server::Thread" => "Net-Server","Net::Server::TiedHandle" => "Net-Server","Net::Xero" => "Net-Xero","Net::hostent" => "perl","Net::netent" => "perl","Net::protoent" => "perl","Net::servent" => "perl","Nginx" => "Nginx-Perl","Nginx::Perl" => "Nginx-Perl","Nginx::Test" => "Nginx-Perl","Nginx::Test::Child" => "Nginx-Perl","NginxPerlTest" => "Nginx-Perl","O" => "perl","ODBM_File" => "perl","OS2::DLL" => "perl","OS2::DLL::dll" => "perl","OS2::ExtAttr" => "perl","OS2::PrfDB" => "perl","OS2::PrfDB::Hini" => "perl","OS2::PrfDB::Sub" => "perl","OS2::Process" => "perl","OS2::REXX" => "perl","OS2::REXX::_ARRAY" => "perl","OS2::REXX::_HASH" => "perl","OS2::REXX::_SCALAR" => "perl","OS2::localMorphPM" => "perl","Opcode" => "perl","OptreeCheck" => "perl","Otogiri" => "Otogiri","OverloadedClass" => "CGI-Session","OverloadedObjectClass" => "CGI-Session","PAR" => "PAR","PAR::Filter" => "PAR-Packer","PAR::Filter::Bleach" => "PAR-Packer","PAR::Filter::Bytecode" => "PAR-Packer","PAR::Filter::Obfuscate" => "PAR-Packer","PAR::Filter::PatchContent" => "PAR-Packer","PAR::Filter::PodStrip" => "PAR-Packer","PAR::Heavy" => "PAR","PAR::Packer" => "PAR-Packer","PAR::SetupProgname" => "PAR","PAR::SetupTemp" => "PAR","PAR::StrippedPARL::Base" => "PAR-Packer","PApp" => "PApp","PApp::Admin" => "PApp","PApp::Application" => "PApp","PApp::Application::Agni" => "PApp","PApp::CGI" => "PApp","PApp::CGI::Connection" => "PApp","PApp::CGI::Request" => "PApp","PApp::Callback" => "PApp","PApp::Callback::Function" => "PApp","PApp::Config" => "PApp","PApp::DataRef" => "PApp","PApp::DataRef::Base" => "PApp","PApp::DataRef::DB_row" => "PApp","PApp::DataRef::Hash::Proxy" => "PApp","PApp::DataRef::Scalar" => "PApp","PApp::DataRef::Scalar::Proxy" => "PApp","PApp::ECMAScript" => "PApp","PApp::ECMAScript::Layer" => "PApp","PApp::EditForm" => "PApp","PApp::Env" => "PApp","PApp::Event" => "PApp","PApp::Exception" => "PApp","PApp::FormBuffer" => "PApp","PApp::HTML" => "PApp","PApp::I18n" => "PApp","PApp::I18n::PO_Reader" => "PApp","PApp::I18n::PO_Writer" => "PApp","PApp::Lock" => "PApp","PApp::Log" => "PApp","PApp::MimeType" => "PApp","PApp::PCode" => "PApp","PApp::Prefs" => "PApp","PApp::Preprocessor" => "PApp","PApp::Recode" => "PApp","PApp::SCGI" => "PApp","PApp::SCGI::PApp" => "PApp","PApp::SCGI::Worker" => "PApp","PApp::Session" => "PApp","PApp::Storable" => "PApp","PApp::User" => "PApp","PApp::UserObs" => "PApp","PApp::Util" => "PApp","PApp::XBox" => "PApp","PApp::XML" => "PApp","PApp::XML::Pod2xml" => "PApp","PApp::XML::Template" => "PApp","PApp::XPCSE" => "PApp","PApp::XSLT" => "PApp","PApp::XSLT::LibXSLT" => "PApp","PApp::XSLT::Sablotron" => "PApp","PGObject::Util::DBAdmin" => "PGObject-Util-DBAdmin","PODServer" => "Squatting","PODServer::Controllers" => "Squatting","PODServer::Views" => "Squatting","POE::Component::IRC" => "POE-Component-IRC","POE::Component::IRC::Common" => "POE-Component-IRC","POE::Component::IRC::Constants" => "POE-Component-IRC","POE::Component::IRC::Plugin" => "POE-Component-IRC","POE::Component::IRC::Plugin::AutoJoin" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotAddressed" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotCommand" => "POE-Component-IRC","POE::Component::IRC::Plugin::BotTraffic" => "POE-Component-IRC","POE::Component::IRC::Plugin::CTCP" => "POE-Component-IRC","POE::Component::IRC::Plugin::Connector" => "POE-Component-IRC","POE::Component::IRC::Plugin::Console" => "POE-Component-IRC","POE::Component::IRC::Plugin::CycleEmpty" => "POE-Component-IRC","POE::Component::IRC::Plugin::DCC" => "POE-Component-IRC","POE::Component::IRC::Plugin::FollowTail" => "POE-Component-IRC","POE::Component::IRC::Plugin::ISupport" => "POE-Component-IRC","POE::Component::IRC::Plugin::Logger" => "POE-Component-IRC","POE::Component::IRC::Plugin::NickReclaim" => "POE-Component-IRC","POE::Component::IRC::Plugin::NickServID" => "POE-Component-IRC","POE::Component::IRC::Plugin::PlugMan" => "POE-Component-IRC","POE::Component::IRC::Plugin::Proxy" => "POE-Component-IRC","POE::Component::IRC::Plugin::Whois" => "POE-Component-IRC","POE::Component::IRC::Qnet" => "POE-Component-IRC","POE::Component::IRC::Qnet::State" => "POE-Component-IRC","POE::Component::IRC::State" => "POE-Component-IRC","POE::Filter::IRC" => "POE-Component-IRC","POE::Filter::IRC::Compat" => "POE-Component-IRC","POSIX" => "perl","POSIX::2008" => "POSIX-2008","POSIX::SigAction" => "perl","POSIX::SigRt" => "perl","POSIX::SigSet" => "perl","PalImg" => "Perlbal","PaletteModify" => "Perlbal","Parallel::ForkManager" => "Parallel-ForkManager","Parallel::ForkManager::Child" => "Parallel-ForkManager","Parse::ePerl" => "eperl","Perl6::MakeMaker" => "Perl6-Pugs","Perl6::Pugs" => "Perl6-Pugs","Perl6::Pugs::Config" => "Perl6-Pugs","Perl6::Pugs::Config::MiniYAML" => "Perl6-Pugs","Perl::Tidy" => "Perl-Tidy","Perl::Tidy::Debugger" => "Perl-Tidy","Perl::Tidy::DevNull" => "Perl-Tidy","Perl::Tidy::Diagnostics" => "Perl-Tidy","Perl::Tidy::FileWriter" => "Perl-Tidy","Perl::Tidy::Formatter" => "Perl-Tidy","Perl::Tidy::HtmlWriter" => "Perl-Tidy","Perl::Tidy::IOScalar" => "Perl-Tidy","Perl::Tidy::IOScalarArray" => "Perl-Tidy","Perl::Tidy::IndentationItem" => "Perl-Tidy","Perl::Tidy::LineBuffer" => "Perl-Tidy","Perl::Tidy::LineSink" => "Perl-Tidy","Perl::Tidy::LineSource" => "Perl-Tidy","Perl::Tidy::Logger" => "Perl-Tidy","Perl::Tidy::Tokenizer" => "Perl-Tidy","Perl::Tidy::VerticalAligner" => "Perl-Tidy","Perl::Tidy::VerticalAligner::Alignment" => "Perl-Tidy","Perl::Tidy::VerticalAligner::Line" => "Perl-Tidy","Perl::Version" => "Perl-Version","PerlIO" => "perl","PerlIO::encoding" => "perl","PerlIO::mmap" => "perl","PerlIO::scalar" => "perl","PerlIO::via" => "perl","PerlTmp" => "Batch-Batchrun","Perlbal" => "Perlbal","Perlbal::AIO" => "Perlbal","Perlbal::BackendHTTP" => "Perlbal","Perlbal::Cache" => "Perlbal","Perlbal::ChunkedUploadState" => "Perlbal","Perlbal::ClientHTTP" => "Perlbal","Perlbal::ClientHTTPBase" => "Perlbal","Perlbal::ClientManage" => "Perlbal","Perlbal::ClientProxy" => "Perlbal","Perlbal::CommandContext" => "Perlbal","Perlbal::Fields" => "Perlbal","Perlbal::HTTPHeaders" => "Perlbal","Perlbal::ManageCommand" => "Perlbal","Perlbal::Plugin::AccessControl" => "Perlbal","Perlbal::Plugin::AutoRemoveLeadingDir" => "Perlbal","Perlbal::Plugin::Cgilike" => "Perlbal","Perlbal::Plugin::Cgilike::Request" => "Perlbal","Perlbal::Plugin::EchoService" => "Perlbal","Perlbal::Plugin::EchoService::Client" => "Perlbal","Perlbal::Plugin::FlvStreaming" => "Perlbal","Perlbal::Plugin::Highpri" => "Perlbal","Perlbal::Plugin::Include" => "Perlbal","Perlbal::Plugin::LazyCDN" => "Perlbal","Perlbal::Plugin::MaxContentLength" => "Perlbal","Perlbal::Plugin::NotModified" => "Perlbal","Perlbal::Plugin::Palimg" => "Perlbal","Perlbal::Plugin::Queues" => "Perlbal","Perlbal::Plugin::Redirect" => "Perlbal","Perlbal::Plugin::Stats" => "Perlbal","Perlbal::Plugin::Stats::Storage" => "Perlbal","Perlbal::Plugin::Throttle" => "Perlbal","Perlbal::Plugin::Throttle::Store" => "Perlbal","Perlbal::Plugin::Throttle::Store::Memcached" => "Perlbal","Perlbal::Plugin::Throttle::Store::Memory" => "Perlbal","Perlbal::Plugin::Vhosts" => "Perlbal","Perlbal::Plugin::Vpaths" => "Perlbal","Perlbal::Plugin::XFFExtras" => "Perlbal","Perlbal::Pool" => "Perlbal","Perlbal::ReproxyManager" => "Perlbal","Perlbal::Service" => "Perlbal","Perlbal::Socket" => "Perlbal","Perlbal::SocketSSL" => "Perlbal","Perlbal::SocketSSL2" => "Perlbal","Perlbal::TCPListener" => "Perlbal","Perlbal::Test" => "Perlbal","Perlbal::Test::WebClient" => "Perlbal","Perlbal::Test::WebServer" => "Perlbal","Perlbal::UploadListener" => "Perlbal","Perlbal::Util" => "Perlbal","Perldoc::Server" => "Perldoc-Server","Perldoc::Server::Controller::Ajax" => "Perldoc-Server","Perldoc::Server::Controller::Ajax::PerlSyntax" => "Perldoc-Server","Perldoc::Server::Controller::Functions" => "Perldoc-Server","Perldoc::Server::Controller::Index" => "Perldoc-Server","Perldoc::Server::Controller::Index::Modules" => "Perldoc-Server","Perldoc::Server::Controller::Root" => "Perldoc-Server","Perldoc::Server::Controller::Search" => "Perldoc-Server","Perldoc::Server::Controller::Source" => "Perldoc-Server","Perldoc::Server::Controller::View" => "Perldoc-Server","Perldoc::Server::Convert::html" => "Perldoc-Server","Perldoc::Server::Model::Index" => "Perldoc-Server","Perldoc::Server::Model::PerlFunc" => "Perldoc-Server","Perldoc::Server::Model::Pod" => "Perldoc-Server","Perldoc::Server::Model::Section" => "Perldoc-Server","Perldoc::Server::View::Function" => "Perldoc-Server","Perldoc::Server::View::OpenThoughtTT" => "Perldoc-Server","Perldoc::Server::View::Pod2HTML" => "Perldoc-Server","Perldoc::Server::View::Pod2Source" => "Perldoc-Server","Perldoc::Server::View::TT" => "Perldoc-Server","PhonyClipboard" => "Clipboard","Pinto" => "Pinto","Pinto::Action" => "Pinto","Pinto::Action::Add" => "Pinto","Pinto::Action::Clean" => "Pinto","Pinto::Action::Copy" => "Pinto","Pinto::Action::Default" => "Pinto","Pinto::Action::Delete" => "Pinto","Pinto::Action::Diff" => "Pinto","Pinto::Action::Install" => "Pinto","Pinto::Action::Kill" => "Pinto","Pinto::Action::List" => "Pinto","Pinto::Action::Lock" => "Pinto","Pinto::Action::Log" => "Pinto","Pinto::Action::Look" => "Pinto","Pinto::Action::Merge" => "Pinto","Pinto::Action::New" => "Pinto","Pinto::Action::Nop" => "Pinto","Pinto::Action::Pin" => "Pinto","Pinto::Action::Props" => "Pinto","Pinto::Action::Pull" => "Pinto","Pinto::Action::Register" => "Pinto","Pinto::Action::Rename" => "Pinto","Pinto::Action::Reset" => "Pinto","Pinto::Action::Revert" => "Pinto","Pinto::Action::Roots" => "Pinto","Pinto::Action::Stacks" => "Pinto","Pinto::Action::Statistics" => "Pinto","Pinto::Action::Unlock" => "Pinto","Pinto::Action::Unpin" => "Pinto","Pinto::Action::Unregister" => "Pinto","Pinto::Action::Update" => "Pinto","Pinto::Action::Verify" => "Pinto","Pinto::ArchiveUnpacker" => "Pinto","Pinto::Chrome" => "Pinto","Pinto::Chrome::Net" => "Pinto","Pinto::Chrome::Term" => "Pinto","Pinto::CommitMessage" => "Pinto","Pinto::Config" => "Pinto","Pinto::Constants" => "Pinto","Pinto::Database" => "Pinto","Pinto::Difference" => "Pinto","Pinto::DifferenceEntry" => "Pinto","Pinto::DistributionSpec" => "Pinto","Pinto::Editor" => "Pinto","Pinto::Editor::Clip" => "Pinto","Pinto::Editor::Edit" => "Pinto","Pinto::Exception" => "Pinto","Pinto::Globals" => "Pinto","Pinto::IndexCache" => "Pinto","Pinto::IndexReader" => "Pinto","Pinto::IndexWriter" => "Pinto","Pinto::Initializer" => "Pinto","Pinto::Locator" => "Pinto","Pinto::Locator::Mirror" => "Pinto","Pinto::Locator::Multiplex" => "Pinto","Pinto::Locator::Stratopan" => "Pinto","Pinto::Locker" => "Pinto","Pinto::Manual" => "Pinto","Pinto::Manual::Installing" => "Pinto","Pinto::Manual::Introduction" => "Pinto","Pinto::Manual::QuickStart" => "Pinto","Pinto::Manual::Thanks" => "Pinto","Pinto::Manual::Tutorial" => "Pinto","Pinto::Migrator" => "Pinto","Pinto::ModlistWriter" => "Pinto","Pinto::PackageExtractor" => "Pinto","Pinto::PackageSpec" => "Pinto","Pinto::PrerequisiteWalker" => "Pinto","Pinto::Remote" => "Pinto","Pinto::Remote::Action" => "Pinto","Pinto::Remote::Action::Add" => "Pinto","Pinto::Remote::Action::Install" => "Pinto","Pinto::Remote::Result" => "Pinto","Pinto::Repository" => "Pinto","Pinto::Result" => "Pinto","Pinto::RevisionWalker" => "Pinto","Pinto::Role::Committable" => "Pinto","Pinto::Role::FileFetcher" => "Pinto","Pinto::Role::Installer" => "Pinto","Pinto::Role::PauseConfig" => "Pinto","Pinto::Role::Plated" => "Pinto","Pinto::Role::Puller" => "Pinto","Pinto::Role::Schema::Result" => "Pinto","Pinto::Role::Transactional" => "Pinto","Pinto::Role::UserAgent" => "Pinto","Pinto::Schema" => "Pinto","Pinto::Schema::Result::Ancestry" => "Pinto","Pinto::Schema::Result::Distribution" => "Pinto","Pinto::Schema::Result::Package" => "Pinto","Pinto::Schema::Result::Prerequisite" => "Pinto","Pinto::Schema::Result::Registration" => "Pinto","Pinto::Schema::Result::RegistrationChange" => "Pinto","Pinto::Schema::Result::Revision" => "Pinto","Pinto::Schema::Result::Stack" => "Pinto","Pinto::Schema::ResultSet::Distribution" => "Pinto","Pinto::Schema::ResultSet::Package" => "Pinto","Pinto::Schema::ResultSet::Registration" => "Pinto","Pinto::Server" => "Pinto","Pinto::Server::Responder" => "Pinto","Pinto::Server::Responder::Action" => "Pinto","Pinto::Server::Responder::File" => "Pinto","Pinto::Server::Router" => "Pinto","Pinto::Shell" => "Pinto","Pinto::SpecFactory" => "Pinto","Pinto::Statistics" => "Pinto","Pinto::Store" => "Pinto","Pinto::Target" => "Pinto","Pinto::Target::Distribution" => "Pinto","Pinto::Target::Package" => "Pinto","Pinto::Types" => "Pinto","Pinto::Util" => "Pinto","Plack" => "Plack","Plack::App::CGIBin" => "Plack","Plack::App::Cascade" => "Plack","Plack::App::Debugger" => "Plack-Debugger","Plack::App::Directory" => "Plack","Plack::App::File" => "Plack","Plack::App::PSGIBin" => "Plack","Plack::App::URLMap" => "Plack","Plack::App::WrapCGI" => "Plack","Plack::App::XAO" => "XAO-Web","Plack::Builder" => "Plack","Plack::Component" => "Plack","Plack::Debugger" => "Plack-Debugger","Plack::Debugger::Panel" => "Plack-Debugger","Plack::Debugger::Panel::AJAX" => "Plack-Debugger","Plack::Debugger::Panel::Environment" => "Plack-Debugger","Plack::Debugger::Panel::Memory" => "Plack-Debugger","Plack::Debugger::Panel::ModuleVersions" => "Plack-Debugger","Plack::Debugger::Panel::Parameters" => "Plack-Debugger","Plack::Debugger::Panel::PerlConfig" => "Plack-Debugger","Plack::Debugger::Panel::PlackRequest" => "Plack-Debugger","Plack::Debugger::Panel::PlackResponse" => "Plack-Debugger","Plack::Debugger::Panel::Timer" => "Plack-Debugger","Plack::Debugger::Panel::Warnings" => "Plack-Debugger","Plack::Debugger::Storage" => "Plack-Debugger","Plack::HTTPParser" => "Plack","Plack::HTTPParser::PP" => "Plack","Plack::Handler" => "Plack","Plack::Handler::Apache1" => "Plack","Plack::Handler::Apache2" => "Plack","Plack::Handler::Apache2::Registry" => "Plack","Plack::Handler::CGI" => "Plack","Plack::Handler::CGI::Writer" => "Plack","Plack::Handler::FCGI" => "Plack","Plack::Handler::HTTP::Server::PSGI" => "Plack","Plack::Handler::Standalone" => "Plack","Plack::LWPish" => "Plack","Plack::Loader" => "Plack","Plack::Loader::Delayed" => "Plack","Plack::Loader::Restarter" => "Plack","Plack::Loader::Shotgun" => "Plack","Plack::MIME" => "Plack","Plack::Middleware" => "Plack","Plack::Middleware::AccessLog" => "Plack","Plack::Middleware::AccessLog::Timed" => "Plack","Plack::Middleware::Auth::Basic" => "Plack","Plack::Middleware::Auth::LemonldapNG" => "Lemonldap-NG-Handler","Plack::Middleware::Bootstrap" => "Plack-Middleware-Bootstrap","Plack::Middleware::BufferedStreaming" => "Plack","Plack::Middleware::Chunked" => "Plack","Plack::Middleware::Conditional" => "Plack","Plack::Middleware::ConditionalGET" => "Plack","Plack::Middleware::ContentLength" => "Plack","Plack::Middleware::ContentMD5" => "Plack","Plack::Middleware::Debugger::Collector" => "Plack-Debugger","Plack::Middleware::Debugger::Injector" => "Plack-Debugger","Plack::Middleware::ErrorDocument" => "Plack","Plack::Middleware::HTTPExceptions" => "Plack","Plack::Middleware::Head" => "Plack","Plack::Middleware::IIS6ScriptNameFix" => "Plack","Plack::Middleware::IIS7KeepAliveFix" => "Plack","Plack::Middleware::JSONP" => "Plack","Plack::Middleware::LighttpdScriptNameFix" => "Plack","Plack::Middleware::Lint" => "Plack","Plack::Middleware::Log4perl" => "Plack","Plack::Middleware::LogDispatch" => "Plack","Plack::Middleware::NullLogger" => "Plack","Plack::Middleware::RearrangeHeaders" => "Plack","Plack::Middleware::Recursive" => "Plack","Plack::Middleware::Refresh" => "Plack","Plack::Middleware::Runtime" => "Plack","Plack::Middleware::Session" => "Plack-Middleware-Session","Plack::Middleware::Session::Cookie" => "Plack-Middleware-Session","Plack::Middleware::Session::Simple" => "Plack-Middleware-Session-Simple","Plack::Middleware::Session::Simple::Session" => "Plack-Middleware-Session-Simple","Plack::Middleware::SimpleContentFilter" => "Plack","Plack::Middleware::SimpleLogger" => "Plack","Plack::Middleware::StackTrace" => "Plack","Plack::Middleware::Static" => "Plack","Plack::Middleware::StaticShared" => "Plack-Middleware-StaticShared","Plack::Middleware::Statsd" => "Plack-Middleware-Statsd","Plack::Middleware::Writer" => "Plack","Plack::Middleware::XFramework" => "Plack","Plack::Middleware::XSRFBlock" => "Plack-Middleware-XSRFBlock","Plack::Middleware::XSendfile" => "Plack","Plack::Recursive::ForwardRequest" => "Plack","Plack::Request" => "Plack","Plack::Request::Upload" => "Plack","Plack::Response" => "Plack","Plack::Runner" => "Plack","Plack::Server" => "Plack","Plack::Server::Apache1" => "Plack","Plack::Server::Apache2" => "Plack","Plack::Server::CGI" => "Plack","Plack::Server::FCGI" => "Plack","Plack::Server::ServerSimple" => "Plack","Plack::Server::Standalone" => "Plack","Plack::Server::Standalone::Prefork" => "Plack","Plack::Session" => "Plack-Middleware-Session","Plack::Session::Cleanup" => "Plack-Middleware-Session","Plack::Session::State" => "Plack-Middleware-Session","Plack::Session::State::Cookie" => "Plack-Middleware-Session","Plack::Session::Store" => "Plack-Middleware-Session","Plack::Session::Store::Cache" => "Plack-Middleware-Session","Plack::Session::Store::DBI" => "Plack-Middleware-Session","Plack::Session::Store::File" => "Plack-Middleware-Session","Plack::Session::Store::Null" => "Plack-Middleware-Session","Plack::TempBuffer" => "Plack","Plack::TempBuffer::Auto" => "Plack","Plack::TempBuffer::File" => "Plack","Plack::TempBuffer::PerlIO" => "Plack","Plack::Test" => "Plack","Plack::Test::Debugger" => "Plack-Debugger","Plack::Test::Debugger::ResultGenerator" => "Plack-Debugger","Plack::Test::MockHTTP" => "Plack","Plack::Test::MockHTTP::WithCleanupHandlers" => "Plack-Debugger","Plack::Test::Server" => "Plack","Plack::Test::Suite" => "Plack","Plack::Util" => "Plack","Plack::Util::Accessor" => "Plack","Plack::Util::IOWithPath" => "Plack","Plack::Util::Prototype" => "Plack","Pod::Html" => "perl","Pod::Html::Util" => "perl","Pod::Perldoc" => "Pod-Perldoc","Pod::Perldoc::BaseTo" => "Pod-Perldoc","Pod::Perldoc::GetOptsOO" => "Pod-Perldoc","Pod::Perldoc::ToANSI" => "Pod-Perldoc","Pod::Perldoc::ToChecker" => "Pod-Perldoc","Pod::Perldoc::ToMan" => "Pod-Perldoc","Pod::Perldoc::ToNroff" => "Pod-Perldoc","Pod::Perldoc::ToPod" => "Pod-Perldoc","Pod::Perldoc::ToRtf" => "Pod-Perldoc","Pod::Perldoc::ToTerm" => "Pod-Perldoc","Pod::Perldoc::ToText" => "Pod-Perldoc","Pod::Perldoc::ToTk" => "Pod-Perldoc","Pod::Perldoc::ToXml" => "Pod-Perldoc","Pod::Simple::XHTML::LocalPodLinks" => "perl","Porting::updateAUTHORS" => "perl","Proc::Daemon" => "Proc-Daemon","Proc::Killall" => "Proc-ProcessTable","Proc::Killfam" => "Proc-ProcessTable","Proc::ProcessTable" => "Proc-ProcessTable","Proc::ProcessTable::Process" => "Proc-ProcessTable","Pugs::MakeMaker" => "Perl6-Pugs","PugsConfig" => "Perl6-Pugs","RDF::Redland" => "Redland","RDF::Redland::BlankNode" => "Redland","RDF::Redland::CORE" => "Redland","RDF::Redland::COREc" => "Redland","RDF::Redland::Iterator" => "Redland","RDF::Redland::LiteralNode" => "Redland","RDF::Redland::Model" => "Redland","RDF::Redland::Node" => "Redland","RDF::Redland::Parser" => "Redland","RDF::Redland::Query" => "Redland","RDF::Redland::QueryResults" => "Redland","RDF::Redland::RSS" => "Redland","RDF::Redland::RSS::Node" => "Redland","RDF::Redland::Serializer" => "Redland","RDF::Redland::Statement" => "Redland","RDF::Redland::Storage" => "Redland","RDF::Redland::Stream" => "Redland","RDF::Redland::URI" => "Redland","RDF::Redland::URINode" => "Redland","RDF::Redland::World" => "Redland","RDF::Redland::XMLLiteralNode" => "Redland","RPC::PlClient" => "PlRPC","RPC::PlClient::Comm" => "PlRPC","RPC::PlClient::Object" => "PlRPC","RPC::PlServer" => "PlRPC","RPC::PlServer::Comm" => "PlRPC","RPC::PlServer::Test" => "PlRPC","RPC::XML" => "RPC-XML","RPC::XML::Client" => "RPC-XML","RPC::XML::Function" => "RPC-XML","RPC::XML::Method" => "RPC-XML","RPC::XML::Parser" => "RPC-XML","RPC::XML::Parser::XMLLibXML" => "RPC-XML","RPC::XML::Parser::XMLParser" => "RPC-XML","RPC::XML::ParserFactory" => "RPC-XML","RPC::XML::Procedure" => "RPC-XML","RPC::XML::Server" => "RPC-XML","RPC::XML::array" => "RPC-XML","RPC::XML::base64" => "RPC-XML","RPC::XML::boolean" => "RPC-XML","RPC::XML::datatype" => "RPC-XML","RPC::XML::datetime_iso8601" => "RPC-XML","RPC::XML::double" => "RPC-XML","RPC::XML::fault" => "RPC-XML","RPC::XML::i4" => "RPC-XML","RPC::XML::i8" => "RPC-XML","RPC::XML::int" => "RPC-XML","RPC::XML::nil" => "RPC-XML","RPC::XML::request" => "RPC-XML","RPC::XML::response" => "RPC-XML","RPC::XML::simple_type" => "RPC-XML","RPC::XML::string" => "RPC-XML","RPC::XML::struct" => "RPC-XML","RT::Authen::ExternalAuth" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::DBI" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::DBI::Cookie" => "RT-Authen-ExternalAuth","RT::Authen::ExternalAuth::LDAP" => "RT-Authen-ExternalAuth","RT::Extension::MobileUI" => "RT-Extension-MobileUI","RTMP::Client" => "RTMP-Client","Redis::Fast" => "Redis-Fast","Redis::Fast::Hash" => "Redis-Fast","Redis::Fast::List" => "Redis-Fast","Redis::Fast::Sentinel" => "Redis-Fast","Redis::hiredis" => "Redis-hiredis","Resource::Pack::jQuery" => "Resource-Pack-jQuery","SDBM_File" => "perl","SOAP::Apache" => "SOAP-Lite","SOAP::Cloneable" => "SOAP-Lite","SOAP::Constants" => "SOAP-Lite","SOAP::Custom::XML::Data" => "SOAP-Lite","SOAP::Custom::XML::Deserializer" => "SOAP-Lite","SOAP::Data" => "SOAP-Lite","SOAP::Deserializer" => "SOAP-Lite","SOAP::Fault" => "SOAP-Lite","SOAP::Header" => "SOAP-Lite","SOAP::Lite" => "SOAP-Lite","SOAP::Lite::COM" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchema1999" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchema2001" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchemaSOAP1_1" => "SOAP-Lite","SOAP::Lite::Deserializer::XMLSchemaSOAP1_2" => "SOAP-Lite","SOAP::Lite::Packager" => "SOAP-Lite","SOAP::Lite::Packager::DIME" => "SOAP-Lite","SOAP::Lite::Packager::MIME" => "SOAP-Lite","SOAP::Lite::Utils" => "SOAP-Lite","SOAP::MIMEParser" => "SOAP-Lite","SOAP::Packager" => "SOAP-Lite","SOAP::Packager::DIME" => "SOAP-Lite","SOAP::Packager::MIME" => "SOAP-Lite","SOAP::SOM" => "SOAP-Lite","SOAP::Schema" => "SOAP-Lite","SOAP::Schema::Deserializer" => "SOAP-Lite","SOAP::Schema::WSDL" => "SOAP-Lite","SOAP::Server" => "SOAP-Lite","SOAP::Server::Object" => "SOAP-Lite","SOAP::Server::Parameters" => "SOAP-Lite","SOAP::Test" => "SOAP-Lite","SOAP::Test::Server" => "SOAP-Lite","SOAP::Trace" => "SOAP-Lite","SOAP::Transport" => "SOAP-Lite","SOAP::Transport::HTTP" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon::ForkAfterProcessing" => "SOAP-Lite","SOAP::Transport::HTTP::Daemon::ForkOnAccept" => "SOAP-Lite","SOAP::Transport::HTTP::FCGI" => "SOAP-Lite","SOAP::Transport::IO" => "SOAP-Lite","SOAP::Transport::IO::Server" => "SOAP-Lite","SOAP::Transport::LOCAL" => "SOAP-Lite","SOAP::Transport::LOCAL::Client" => "SOAP-Lite","SOAP::Transport::LOOPBACK" => "SOAP-Lite","SOAP::Transport::LOOPBACK::Client" => "SOAP-Lite","SOAP::Transport::MAILTO" => "SOAP-Lite","SOAP::Transport::MAILTO::Client" => "SOAP-Lite","SOAP::Transport::POP3" => "SOAP-Lite","SOAP::Transport::POP3::Server" => "SOAP-Lite","SOAP::Transport::TCP" => "SOAP-Lite","SOAP::Transport::TCP::Client" => "SOAP-Lite","SOAP::Transport::TCP::Server" => "SOAP-Lite","SOAP::Utils" => "SOAP-Lite","SOAP::XMLSchema1999::Deserializer" => "SOAP-Lite","SOAP::XMLSchema1999::Serializer" => "SOAP-Lite","SOAP::XMLSchema2001::Deserializer" => "SOAP-Lite","SOAP::XMLSchema2001::Serializer" => "SOAP-Lite","SOAP::XMLSchema::Serializer" => "SOAP-Lite","SOAP::XMLSchemaApacheSOAP::Deserializer" => "SOAP-Lite","SOAP::XMLSchemaSOAP1_1::Deserializer" => "SOAP-Lite","SOAP::XMLSchemaSOAP1_2::Deserializer" => "SOAP-Lite","SSL_Context" => "IO-Socket-SSL","SSL_HANDLE" => "IO-Socket-SSL","SSL_SSL" => "IO-Socket-SSL","SVG::Sparkline" => "SVG-Sparkline","SVG::Sparkline::Area" => "SVG-Sparkline","SVG::Sparkline::Bar" => "SVG-Sparkline","SVG::Sparkline::Line" => "SVG-Sparkline","SVG::Sparkline::RangeArea" => "SVG-Sparkline","SVG::Sparkline::RangeBar" => "SVG-Sparkline","SVG::Sparkline::Utils" => "SVG-Sparkline","SVG::Sparkline::Whisker" => "SVG-Sparkline","SVN::Base" => "Alien-SVN","SVN::Client" => "Alien-SVN","SVN::Core" => "Alien-SVN","SVN::Delta" => "Alien-SVN","SVN::Fs" => "Alien-SVN","SVN::Look" => "SVN-Look","SVN::Ra" => "Alien-SVN","SVN::Repos" => "Alien-SVN","SVN::Wc" => "Alien-SVN","Safe" => "Safe","Search::OpenSearch::Result" => "Search-OpenSearch-Server","Search::OpenSearch::Server" => "Search-OpenSearch-Server","Search::OpenSearch::Server::Catalyst" => "Search-OpenSearch-Server","Search::OpenSearch::Server::Plack" => "Search-OpenSearch-Server","SelectSaver" => "perl","Sereal::Decoder" => "Sereal-Decoder","Sereal::Decoder::Constants" => "Sereal-Decoder","Sereal::Encoder" => "Sereal-Encoder","Sereal::Encoder::Constants" => "Sereal-Encoder","Sereal::Performance" => "Sereal-Decoder","Sidef" => "Sidef","Sidef::Deparse::Perl" => "Sidef","Sidef::Deparse::Sidef" => "Sidef","Sidef::Math::Math" => "Sidef","Sidef::Module::Func" => "Sidef","Sidef::Module::OO" => "Sidef","Sidef::Object::Convert" => "Sidef","Sidef::Object::Enumerator" => "Sidef","Sidef::Object::Lazy" => "Sidef","Sidef::Object::LazyMethod" => "Sidef","Sidef::Object::Object" => "Sidef","Sidef::Optimizer" => "Sidef","Sidef::Parser" => "Sidef","Sidef::Perl::Perl" => "Sidef","Sidef::Sys::Sig" => "Sidef","Sidef::Sys::Sys" => "Sidef","Sidef::Time::Date" => "Sidef","Sidef::Time::Gmtime" => "Sidef","Sidef::Time::Localtime" => "Sidef","Sidef::Time::Time" => "Sidef","Sidef::Types::Array::Array" => "Sidef","Sidef::Types::Array::Matrix" => "Sidef","Sidef::Types::Array::Pair" => "Sidef","Sidef::Types::Array::Vector" => "Sidef","Sidef::Types::Block::Block" => "Sidef","Sidef::Types::Block::Fork" => "Sidef","Sidef::Types::Block::Try" => "Sidef","Sidef::Types::Bool::Bool" => "Sidef","Sidef::Types::Glob::Backtick" => "Sidef","Sidef::Types::Glob::Dir" => "Sidef","Sidef::Types::Glob::DirHandle" => "Sidef","Sidef::Types::Glob::File" => "Sidef","Sidef::Types::Glob::FileHandle" => "Sidef","Sidef::Types::Glob::Pipe" => "Sidef","Sidef::Types::Glob::Socket" => "Sidef","Sidef::Types::Glob::SocketHandle" => "Sidef","Sidef::Types::Glob::Stat" => "Sidef","Sidef::Types::Hash::Hash" => "Sidef","Sidef::Types::Null::Null" => "Sidef","Sidef::Types::Number::Complex" => "Sidef","Sidef::Types::Number::Fraction" => "Sidef","Sidef::Types::Number::Gauss" => "Sidef","Sidef::Types::Number::Mod" => "Sidef","Sidef::Types::Number::Number" => "Sidef","Sidef::Types::Number::Polynomial" => "Sidef","Sidef::Types::Number::PolynomialMod" => "Sidef","Sidef::Types::Number::Quadratic" => "Sidef","Sidef::Types::Number::Quaternion" => "Sidef","Sidef::Types::Perl::Perl" => "Sidef","Sidef::Types::Range::Range" => "Sidef","Sidef::Types::Range::RangeNumber" => "Sidef","Sidef::Types::Range::RangeString" => "Sidef","Sidef::Types::Regex::Match" => "Sidef","Sidef::Types::Regex::Regex" => "Sidef","Sidef::Types::Set::Bag" => "Sidef","Sidef::Types::Set::Set" => "Sidef","Sidef::Types::String::String" => "Sidef","Sidef::Variable::GetOpt" => "Sidef","Sidef::Variable::NamedParam" => "Sidef","SimpleObjectClass" => "CGI-Session","Smolder" => "Smolder","Smolder::AuthHandler" => "Smolder","Smolder::AuthInfo" => "Smolder","Smolder::Build" => "Smolder","Smolder::Conf" => "Smolder","Smolder::Constraints" => "Smolder","Smolder::Control" => "Smolder","Smolder::Control::Admin" => "Smolder","Smolder::Control::Admin::Developers" => "Smolder","Smolder::Control::Admin::Projects" => "Smolder","Smolder::Control::Developer" => "Smolder","Smolder::Control::Developer::Prefs" => "Smolder","Smolder::Control::Graphs" => "Smolder","Smolder::Control::Projects" => "Smolder","Smolder::Control::Public" => "Smolder","Smolder::Control::Public::Auth" => "Smolder","Smolder::DB" => "Smolder","Smolder::DB::Developer" => "Smolder","Smolder::DB::Preference" => "Smolder","Smolder::DB::Project" => "Smolder","Smolder::DB::ProjectDeveloper" => "Smolder","Smolder::DB::SmokeReport" => "Smolder","Smolder::DB::TestFile" => "Smolder","Smolder::DB::TestFileComment" => "Smolder","Smolder::DB::TestFileResult" => "Smolder","Smolder::Debug" => "Smolder","Smolder::Dispatch" => "Smolder","Smolder::Email" => "Smolder","Smolder::Manual" => "Smolder","Smolder::Mech" => "Smolder","Smolder::Redirect" => "Smolder","Smolder::Server" => "Smolder","Smolder::Server::Control" => "Smolder","Smolder::Server::PreFork" => "Smolder","Smolder::TAPHTMLMatrix" => "Smolder","Smolder::TestData" => "Smolder","Smolder::TestScript" => "Smolder","Smolder::Upgrade" => "Smolder","Smolder::Upgrade::V0_1" => "Smolder","Smolder::Upgrade::V0_3" => "Smolder","Smolder::Upgrade::V1_1" => "Smolder","Smolder::Upgrade::V1_21" => "Smolder","Smolder::Upgrade::V1_24" => "Smolder","Smolder::Upgrade::V1_30" => "Smolder","Smolder::Upgrade::V1_37" => "Smolder","Smolder::Upgrade::V1_50" => "Smolder","Smolder::Util" => "Smolder","SockJS" => "SockJS","SockJS::Connection" => "SockJS","SockJS::Exception" => "SockJS","SockJS::Handle" => "SockJS","SockJS::Middleware::Cache" => "SockJS","SockJS::Middleware::Cors" => "SockJS","SockJS::Middleware::Http10" => "SockJS","SockJS::Middleware::JSessionID" => "SockJS","SockJS::Session" => "SockJS","SockJS::Transport" => "SockJS","SockJS::Transport::Base" => "SockJS","SockJS::Transport::EventSource" => "SockJS","SockJS::Transport::HtmlFile" => "SockJS","SockJS::Transport::JSONPPolling" => "SockJS","SockJS::Transport::JSONPSend" => "SockJS","SockJS::Transport::WebSocket" => "SockJS","SockJS::Transport::XHRPolling" => "SockJS","SockJS::Transport::XHRSend" => "SockJS","SockJS::Transport::XHRStreaming" => "SockJS","Socket" => "Socket","Spoon" => "Spoon","Spoon::Base" => "Spoon","Spoon::CGI" => "Spoon","Spoon::Command" => "Spoon","Spoon::Config" => "Spoon","Spoon::ContentObject" => "Spoon","Spoon::Cookie" => "Spoon","Spoon::DataObject" => "Spoon","Spoon::Formatter" => "Spoon","Spoon::Formatter::Block" => "Spoon","Spoon::Formatter::Container" => "Spoon","Spoon::Formatter::Phrase" => "Spoon","Spoon::Formatter::Wafl" => "Spoon","Spoon::Headers" => "Spoon","Spoon::Hook" => "Spoon","Spoon::Hooked" => "Spoon","Spoon::Hooks" => "Spoon","Spoon::Hub" => "Spoon","Spoon::IndexList" => "Spoon","Spoon::Installer" => "Spoon","Spoon::Lookup" => "Spoon","Spoon::MetadataObject" => "Spoon","Spoon::Plugin" => "Spoon","Spoon::Registry" => "Spoon","Spoon::Template" => "Spoon","Spoon::Template::TT2" => "Spoon","Spoon::Trace" => "Spoon","Spoon::Utils" => "Spoon","Spreadsheet::ParseExcel" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Cell" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Dump" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtDefault" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtJapan" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtJapan2" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::FmtUnicode" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Font" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Format" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser::Workbook" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::SaveParser::Worksheet" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Utility" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Workbook" => "Spreadsheet-ParseExcel","Spreadsheet::ParseExcel::Worksheet" => "Spreadsheet-ParseExcel","Spreadsheet::ParseXLSX" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Cell" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor::Agile" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Decryptor::Standard" => "Spreadsheet-ParseXLSX","Spreadsheet::ParseXLSX::Worksheet" => "Spreadsheet-ParseXLSX","Squatting" => "Squatting","Squatting::Controller" => "Squatting","Squatting::H" => "Squatting","Squatting::Log" => "Squatting","Squatting::Mapper" => "Squatting","Squatting::On::CGI" => "Squatting","Squatting::On::Catalyst" => "Squatting","Squatting::On::Continuity" => "Squatting","Squatting::On::Jifty" => "Squatting","Squatting::On::MP13" => "Squatting","Squatting::On::MP20" => "Squatting","Squatting::Q" => "Squatting","Squatting::View" => "Squatting","Squatting::With::AccessTrace" => "Squatting","Squatting::With::Coro::Debug" => "Squatting","Squatting::With::Log" => "Squatting","Squatting::With::MockRequest" => "Squatting","Squatting::With::Mount" => "Squatting","Squatting::With::PerHostConfig" => "Squatting","Starch" => "Starch","Starch::Factory" => "Starch","Starch::Manager" => "Starch","Starch::Plugin::AlwaysLoad" => "Starch","Starch::Plugin::Bundle" => "Starch","Starch::Plugin::CookieArgs" => "Starch","Starch::Plugin::CookieArgs::Manager" => "Starch","Starch::Plugin::CookieArgs::State" => "Starch","Starch::Plugin::DisableStore" => "Starch","Starch::Plugin::ForManager" => "Starch","Starch::Plugin::ForState" => "Starch","Starch::Plugin::ForStore" => "Starch","Starch::Plugin::LogStoreExceptions" => "Starch","Starch::Plugin::RenewExpiration" => "Starch","Starch::Plugin::RenewExpiration::Manager" => "Starch","Starch::Plugin::RenewExpiration::State" => "Starch","Starch::Plugin::ThrottleStore" => "Starch","Starch::Plugin::Trace" => "Starch","Starch::Plugin::Trace::Manager" => "Starch","Starch::Plugin::Trace::State" => "Starch","Starch::Plugin::Trace::Store" => "Starch","Starch::Role::Log" => "Starch","Starch::State" => "Starch","Starch::Store" => "Starch","Starch::Store::Layered" => "Starch","Starch::Store::Memory" => "Starch","Starch::Util" => "Starch","Stardust" => "Stardust","Stardust::Controllers" => "Stardust","Stardust::Demo" => "Stardust","Stardust::Demo::Controllers" => "Stardust","Stardust::Demo::Views" => "Stardust","Storable" => "Storable","String::Compare::ConstantTime" => "String-Compare-ConstantTime","Sub::HandlesVia" => "Sub-HandlesVia","Sub::HandlesVia::CodeGenerator" => "Sub-HandlesVia","Sub::HandlesVia::Declare" => "Sub-HandlesVia","Sub::HandlesVia::Handler" => "Sub-HandlesVia","Sub::HandlesVia::Handler::CodeRef" => "Sub-HandlesVia","Sub::HandlesVia::Handler::Traditional" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Array" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Blessed" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Bool" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Code" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Counter" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Enum" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Hash" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Number" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::Scalar" => "Sub-HandlesVia","Sub::HandlesVia::HandlerLibrary::String" => "Sub-HandlesVia","Sub::HandlesVia::Mite" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mite" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moo" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose::PackageTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Moose::RoleTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse::PackageTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Mouse::RoleTrait" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::ObjectPad" => "Sub-HandlesVia","Sub::HandlesVia::Toolkit::Plain" => "Sub-HandlesVia","Symbol" => "perl","Sys::Hostname" => "perl","Sys::Syslog" => "Sys-Syslog","Sys::Syslog::Win32" => "Sys-Syslog","Tcl" => "Tcl","Tcl::Cmdbase" => "Tcl","Tcl::Code" => "Tcl","Tcl::List" => "Tcl","Tcl::Var" => "Tcl","Template::Declare::Exception" => "Jifty","Template::Quick" => "MySQL-Admin","Term::ReadLine::Gnu" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::AU" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::Var" => "Term-ReadLine-Gnu","Term::ReadLine::Gnu::XS" => "Term-ReadLine-Gnu","Test::Dpkg" => "Dpkg","Test::Mojo" => "Mojolicious","Test::Simply" => "Fake-Our","Test::Starch" => "Starch","TestChunks" => "Perl6-Pugs","Testing" => "perl","Text::SmartyPants" => "MojoMojo","Text::Wikispaces2Markdown" => "MojoMojo","Thread" => "perl","Thread::Signal" => "perl","Thread::Specific" => "perl","Tie::Array" => "perl","Tie::ExtraHash" => "perl","Tie::Handle" => "perl","Tie::Hash" => "perl","Tie::Hash::NamedCapture" => "perl","Tie::Memoize" => "perl","Tie::Scalar" => "perl","Tie::StdArray" => "perl","Tie::StdHandle" => "perl","Tie::StdHash" => "perl","Tie::StdScalar" => "perl","Tie::SubstrHash" => "perl","Tie::Watch" => "Tk","Time::gmtime" => "perl","Time::localtime" => "perl","Time::tm" => "perl","Tk" => "Tk","Tk::Adjuster" => "Tk","Tk::Adjuster::Item" => "Tk","Tk::After" => "Tk","Tk::Animation" => "Tk","Tk::Balloon" => "Tk","Tk::Bitmap" => "Tk","Tk::BrowseEntry" => "Tk","Tk::Button" => "Tk","Tk::Canvas" => "Tk","Tk::Checkbutton" => "Tk","Tk::Clipboard" => "Tk","Tk::CmdLine" => "Tk","Tk::ColorDialog" => "Tk","Tk::ColorEditor" => "Tk","Tk::ColorSelect" => "Tk","Tk::Compound" => "Tk","Tk::Configure" => "Tk","Tk::Derived" => "Tk","Tk::Dialog" => "Tk","Tk::DialogBox" => "Tk","Tk::DirTree" => "Tk","Tk::DirTreeDialog" => "Tk","Tk::Dirlist" => "Tk","Tk::DragDrop" => "Tk","Tk::DragDrop::Common" => "Tk","Tk::DragDrop::Local" => "Tk","Tk::DragDrop::Rect" => "Tk","Tk::DragDrop::SunConst" => "Tk","Tk::DragDrop::SunDrop" => "Tk","Tk::DragDrop::SunSite" => "Tk","Tk::DragDrop::Win32Drop" => "Tk","Tk::DragDrop::Win32Site" => "Tk","Tk::DragDrop::XDNDDrop" => "Tk","Tk::DragDrop::XDNDSite" => "Tk","Tk::DropSite" => "Tk","Tk::DummyEncode" => "Tk","Tk::DummyEncode::iso8859_1" => "Tk","Tk::English" => "Tk","Tk::Entry" => "Tk","Tk::ErrorDialog" => "Tk","Tk::Event" => "Tk","Tk::Event::IO" => "Tk","Tk::FBox" => "Tk","Tk::FileSelect" => "Tk","Tk::FloatEntry" => "Tk","Tk::Font" => "Tk","Tk::Frame" => "Tk","Tk::HList" => "Tk","Tk::IO" => "Tk","Tk::IconList" => "Tk","Tk::Image" => "Tk","Tk::InputO" => "Tk","Tk::ItemStyle" => "Tk","Tk::JPEG" => "Tk","Tk::LabEntry" => "Tk","Tk::LabFrame" => "Tk","Tk::LabRadiobutton" => "Tk","Tk::Label" => "Tk","Tk::LabeledEntryLabeledRadiobutton" => "Tk","Tk::Labelframe" => "Tk","Tk::Listbox" => "Tk","Tk::MMtry" => "Tk","Tk::MMutil" => "Tk","Tk::MainWindow" => "Tk","Tk::MakeDepend" => "Tk","Tk::Menu" => "Tk","Tk::Menu::Button" => "Tk","Tk::Menu::Cascade" => "Tk","Tk::Menu::Checkbutton" => "Tk","Tk::Menu::Item" => "Tk","Tk::Menu::Radiobutton" => "Tk","Tk::Menu::Separator" => "Tk","Tk::Menubar" => "Tk","Tk::Menubutton" => "Tk","Tk::Message" => "Tk","Tk::MsgBox" => "Tk","Tk::Mwm" => "Tk","Tk::NBFrame" => "Tk","Tk::NoteBook" => "Tk","Tk::Optionmenu" => "Tk","Tk::PNG" => "Tk","Tk::Pane" => "Tk","Tk::Panedwindow" => "Tk","Tk::Photo" => "Tk","Tk::Pixmap" => "Tk","Tk::Pretty" => "Tk","Tk::ProgressBar" => "Tk","Tk::ROText" => "Tk","Tk::Radiobutton" => "Tk","Tk::Region" => "Tk","Tk::Reindex" => "Tk","Tk::ReindexedROText" => "Tk","Tk::ReindexedText" => "Tk","Tk::Scale" => "Tk","Tk::Scrollbar" => "Tk","Tk::Spinbox" => "Tk","Tk::Stats" => "Tk","Tk::Stdio" => "PAR","Tk::Stdio::Handle" => "PAR","Tk::Submethods" => "Tk","Tk::TList" => "Tk","Tk::Table" => "Tk","Tk::Text" => "Tk","Tk::Text::Tag" => "Tk","Tk::TextEdit" => "Tk","Tk::TextList" => "Tk","Tk::TextUndo" => "Tk","Tk::Tiler" => "Tk","Tk::TixGrid" => "Tk","Tk::Toplevel" => "Tk","Tk::Trace" => "Tk","Tk::Tree" => "Tk","Tk::Widget" => "Tk","Tk::WinPhoto" => "Tk","Tk::Wm" => "Tk","Tk::X" => "Tk","Tk::X11Font" => "Tk","Tk::Xlib" => "Tk","Tk::Xrm" => "Tk","Tk::install" => "Tk","Tk::widgets" => "Tk","U64" => "IO-Compress","UDDI::Constants" => "SOAP-Lite","UI::Dialog" => "UI-Dialog","UI::Dialog::Backend" => "UI-Dialog","UI::Dialog::Backend::ASCII" => "UI-Dialog","UI::Dialog::Backend::CDialog" => "UI-Dialog","UI::Dialog::Backend::GDialog" => "UI-Dialog","UI::Dialog::Backend::KDialog" => "UI-Dialog","UI::Dialog::Backend::Nautilus" => "UI-Dialog","UI::Dialog::Backend::NotifySend" => "UI-Dialog","UI::Dialog::Backend::Whiptail" => "UI-Dialog","UI::Dialog::Backend::XDialog" => "UI-Dialog","UI::Dialog::Backend::XOSD" => "UI-Dialog","UI::Dialog::Backend::Zenity" => "UI-Dialog","UI::Dialog::Console" => "UI-Dialog","UI::Dialog::GNOME" => "UI-Dialog","UI::Dialog::Gauged" => "UI-Dialog","UI::Dialog::KDE" => "UI-Dialog","UI::Dialog::Screen::Druid" => "UI-Dialog","UI::Dialog::Screen::Menu" => "UI-Dialog","UNIVERSAL" => "perl","UR" => "UR","UR::All" => "UR","UR::AttributeHandlers" => "UR","UR::BoolExpr" => "UR","UR::BoolExpr::BxParser" => "UR","UR::BoolExpr::BxParser::Yapp::Driver" => "UR","UR::BoolExpr::Parser::ParseYappDriver" => "UR","UR::BoolExpr::Template" => "UR","UR::BoolExpr::Template::And" => "UR","UR::BoolExpr::Template::Composite" => "UR","UR::BoolExpr::Template::Or" => "UR","UR::BoolExpr::Template::PropertyComparison" => "UR","UR::BoolExpr::Template::PropertyComparison::Between" => "UR","UR::BoolExpr::Template::PropertyComparison::Equals" => "UR","UR::BoolExpr::Template::PropertyComparison::False" => "UR","UR::BoolExpr::Template::PropertyComparison::GreaterOrEqual" => "UR","UR::BoolExpr::Template::PropertyComparison::GreaterThan" => "UR","UR::BoolExpr::Template::PropertyComparison::In" => "UR","UR::BoolExpr::Template::PropertyComparison::Isa" => "UR","UR::BoolExpr::Template::PropertyComparison::LessOrEqual" => "UR","UR::BoolExpr::Template::PropertyComparison::LessThan" => "UR","UR::BoolExpr::Template::PropertyComparison::Like" => "UR","UR::BoolExpr::Template::PropertyComparison::Matches" => "UR","UR::BoolExpr::Template::PropertyComparison::NotBetween" => "UR","UR::BoolExpr::Template::PropertyComparison::NotEquals" => "UR","UR::BoolExpr::Template::PropertyComparison::NotIn" => "UR","UR::BoolExpr::Template::PropertyComparison::NotLike" => "UR","UR::BoolExpr::Template::PropertyComparison::True" => "UR","UR::BoolExpr::Util" => "UR","UR::BoolExpr::Util::clonedThing" => "UR","UR::Change" => "UR","UR::Context" => "UR","UR::Context::AutoUnloadPool" => "UR","UR::Context::DefaultRoot" => "UR","UR::Context::LoadingIterator" => "UR","UR::Context::ObjectFabricator" => "UR","UR::Context::Process" => "UR","UR::Context::Root" => "UR","UR::Context::Transaction" => "UR","UR::DBI" => "UR","UR::DBI::Report" => "UR","UR::DBI::db" => "UR","UR::DBI::st" => "UR","UR::DataSource" => "UR","UR::DataSource::CSV" => "UR","UR::DataSource::Code" => "UR","UR::DataSource::Default" => "UR","UR::DataSource::File" => "UR","UR::DataSource::FileMux" => "UR","UR::DataSource::Filesystem" => "UR","UR::DataSource::Meta" => "UR","UR::DataSource::MySQL" => "UR","UR::DataSource::Oracle" => "UR","UR::DataSource::Pg" => "UR","UR::DataSource::Pg::Operator::False" => "UR","UR::DataSource::Pg::Operator::True" => "UR","UR::DataSource::QueryPlan" => "UR","UR::DataSource::RDBMS" => "UR","UR::DataSource::RDBMS::BitmapIndex" => "UR","UR::DataSource::RDBMS::Entity" => "UR","UR::DataSource::RDBMS::FkConstraint" => "UR","UR::DataSource::RDBMS::FkConstraintColumn" => "UR","UR::DataSource::RDBMS::Operator::Between" => "UR","UR::DataSource::RDBMS::Operator::Equals" => "UR","UR::DataSource::RDBMS::Operator::False" => "UR","UR::DataSource::RDBMS::Operator::GreaterOrEqual" => "UR","UR::DataSource::RDBMS::Operator::GreaterThan" => "UR","UR::DataSource::RDBMS::Operator::In" => "UR","UR::DataSource::RDBMS::Operator::LessOrEqual" => "UR","UR::DataSource::RDBMS::Operator::LessThan" => "UR","UR::DataSource::RDBMS::Operator::Like" => "UR","UR::DataSource::RDBMS::Operator::NotBetween" => "UR","UR::DataSource::RDBMS::Operator::NotEquals" => "UR","UR::DataSource::RDBMS::Operator::NotIn" => "UR","UR::DataSource::RDBMS::Operator::NotLike" => "UR","UR::DataSource::RDBMS::Operator::True" => "UR","UR::DataSource::RDBMS::PkConstraintColumn" => "UR","UR::DataSource::RDBMS::Table" => "UR","UR::DataSource::RDBMS::Table::View::Default::Text" => "UR","UR::DataSource::RDBMS::TableColumn" => "UR","UR::DataSource::RDBMS::TableColumn::View::Default::Text" => "UR","UR::DataSource::RDBMS::UniqueConstraintColumn" => "UR","UR::DataSource::RDBMSRetriableOperations" => "UR","UR::DataSource::SQLite" => "UR","UR::DataSource::ValueDomain" => "UR","UR::Debug" => "UR","UR::DeletedRef" => "UR","UR::Doc::Pod2Html" => "UR","UR::Doc::Section" => "UR","UR::Doc::Writer" => "UR","UR::Doc::Writer::Html" => "UR","UR::Doc::Writer::Pod" => "UR","UR::Env::UR_COMMAND_DUMP_DEBUG_MESSAGES" => "UR","UR::Env::UR_COMMAND_DUMP_STATUS_MESSAGES" => "UR","UR::Env::UR_CONTEXT_BASE" => "UR","UR::Env::UR_CONTEXT_CACHE_SIZE_HIGHWATER" => "UR","UR::Env::UR_CONTEXT_CACHE_SIZE_LOWWATER" => "UR","UR::Env::UR_CONTEXT_LIBS" => "UR","UR::Env::UR_CONTEXT_MONITOR_QUERY" => "UR","UR::Env::UR_CONTEXT_ROOT" => "UR","UR::Env::UR_DBI_DUMP_STACK_ON_CONNECT" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_CALLSTACK" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_IF" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_MATCH" => "UR","UR::Env::UR_DBI_EXPLAIN_SQL_SLOW" => "UR","UR::Env::UR_DBI_MONITOR_DML" => "UR","UR::Env::UR_DBI_MONITOR_EVERY_FETCH" => "UR","UR::Env::UR_DBI_MONITOR_SQL" => "UR","UR::Env::UR_DBI_NO_COMMIT" => "UR","UR::Env::UR_DBI_SUMMARIZE_SQL" => "UR","UR::Env::UR_DEBUG_OBJECT_PRUNING" => "UR","UR::Env::UR_DEBUG_OBJECT_RELEASE" => "UR","UR::Env::UR_DUMP_DEBUG_MESSAGES" => "UR","UR::Env::UR_DUMP_STATUS_MESSAGES" => "UR","UR::Env::UR_IGNORE" => "UR","UR::Env::UR_MOOSE" => "UR","UR::Env::UR_NO_REQUIRE_USER_VERIFY" => "UR","UR::Env::UR_NR_CPU" => "UR","UR::Env::UR_RUN_LONG_TESTS" => "UR","UR::Env::UR_STACK_DUMP_ON_DIE" => "UR","UR::Env::UR_STACK_DUMP_ON_WARN" => "UR","UR::Env::UR_TEST_QUIET" => "UR","UR::Env::UR_USED_MODS" => "UR","UR::Env::UR_USE_ANY" => "UR","UR::Env::UR_USE_DUMMY_AUTOGENERATED_IDS" => "UR","UR::Exit" => "UR","UR::Iterator" => "UR","UR::ModuleBase" => "UR","UR::ModuleBase::Message" => "UR","UR::ModuleBuild" => "UR","UR::ModuleConfig" => "UR","UR::ModuleLoader" => "UR","UR::Moose" => "UR","UR::Namespace" => "UR","UR::Namespace::Command" => "UR","UR::Namespace::Command::Base" => "UR","UR::Namespace::Command::Define" => "UR","UR::Namespace::Command::Define::Class" => "UR","UR::Namespace::Command::Define::Datasource" => "UR","UR::Namespace::Command::Define::Datasource::File" => "UR","UR::Namespace::Command::Define::Datasource::Mysql" => "UR","UR::Namespace::Command::Define::Datasource::Oracle" => "UR","UR::Namespace::Command::Define::Datasource::Pg" => "UR","UR::Namespace::Command::Define::Datasource::Rdbms" => "UR","UR::Namespace::Command::Define::Datasource::RdbmsWithAuth" => "UR","UR::Namespace::Command::Define::Datasource::Sqlite" => "UR","UR::Namespace::Command::Define::Db" => "UR","UR::Namespace::Command::Define::Namespace" => "UR","UR::Namespace::Command::Describe" => "UR","UR::Namespace::Command::Init" => "UR","UR::Namespace::Command::List" => "UR","UR::Namespace::Command::List::Classes" => "UR","UR::Namespace::Command::List::Modules" => "UR","UR::Namespace::Command::List::Objects" => "UR","UR::Namespace::Command::Old" => "UR","UR::Namespace::Command::Old::DiffRewrite" => "UR","UR::Namespace::Command::Old::DiffUpdate" => "UR","UR::Namespace::Command::Old::ExportDbicClasses" => "UR","UR::Namespace::Command::Old::Info" => "UR","UR::Namespace::Command::Old::Redescribe" => "UR","UR::Namespace::Command::RunsOnModulesInTree" => "UR","UR::Namespace::Command::Show" => "UR","UR::Namespace::Command::Show::Properties" => "UR","UR::Namespace::Command::Show::Schema" => "UR","UR::Namespace::Command::Show::Subclasses" => "UR","UR::Namespace::Command::Sys" => "UR","UR::Namespace::Command::Sys::ClassBrowser" => "UR","UR::Namespace::Command::Sys::ClassBrowser::TreeItem" => "UR","UR::Namespace::Command::Test" => "UR","UR::Namespace::Command::Test::Callcount" => "UR","UR::Namespace::Command::Test::Callcount::List" => "UR","UR::Namespace::Command::Test::Compile" => "UR","UR::Namespace::Command::Test::Eval" => "UR","UR::Namespace::Command::Test::Run" => "UR","UR::Namespace::Command::Test::TrackObjectRelease" => "UR","UR::Namespace::Command::Test::Use" => "UR","UR::Namespace::Command::Test::Window" => "UR","UR::Namespace::Command::Test::Window::Tk" => "UR","UR::Namespace::Command::Update" => "UR","UR::Namespace::Command::Update::ClassDiagram" => "UR","UR::Namespace::Command::Update::ClassesFromDb" => "UR","UR::Namespace::Command::Update::Doc" => "UR","UR::Namespace::Command::Update::Pod" => "UR","UR::Namespace::Command::Update::RenameClass" => "UR","UR::Namespace::Command::Update::RewriteClassHeader" => "UR","UR::Namespace::Command::Update::SchemaDiagram" => "UR","UR::Namespace::Command::Update::TabCompletionSpec" => "UR","UR::Object" => "UR","UR::Object::Accessorized" => "UR","UR::Object::Command::FetchAndDo" => "UR","UR::Object::Command::List" => "UR","UR::Object::Command::List::Csv" => "UR","UR::Object::Command::List::Html" => "UR","UR::Object::Command::List::Newtext" => "UR","UR::Object::Command::List::Pretty" => "UR","UR::Object::Command::List::Style" => "UR","UR::Object::Command::List::Text" => "UR","UR::Object::Command::List::Tsv" => "UR","UR::Object::Command::List::Xml" => "UR","UR::Object::Ghost" => "UR","UR::Object::Index" => "UR","UR::Object::Iterator" => "UR","UR::Object::Join" => "UR","UR::Object::Property" => "UR","UR::Object::Property::View::Default::Text" => "UR","UR::Object::Property::View::DescriptionLineItem::Text" => "UR","UR::Object::Property::View::ReferenceDescription::Text" => "UR","UR::Object::Set" => "UR","UR::Object::Set::View::Default::Html" => "UR","UR::Object::Set::View::Default::Json" => "UR","UR::Object::Set::View::Default::Text" => "UR","UR::Object::Set::View::Default::Xml" => "UR","UR::Object::Tag" => "UR","UR::Object::Type" => "UR","UR::Object::Type::AccessorWriter" => "UR","UR::Object::Type::AccessorWriter::Product" => "UR","UR::Object::Type::AccessorWriter::Sum" => "UR","UR::Object::Type::Initializer" => "UR","UR::Object::Type::ModuleWriter" => "UR","UR::Object::Type::View::AvailableViews::Json" => "UR","UR::Object::Type::View::AvailableViews::Xml" => "UR","UR::Object::Type::View::Default::Text" => "UR","UR::Object::Type::View::Default::Umlet" => "UR","UR::Object::Type::View::Default::Xml" => "UR","UR::Object::Umlet" => "UR","UR::Object::Umlet::Class" => "UR","UR::Object::Umlet::Diagram" => "UR","UR::Object::Umlet::Other" => "UR","UR::Object::Umlet::PictureElement" => "UR","UR::Object::Umlet::Relation" => "UR","UR::Object::Value" => "UR","UR::Object::View" => "UR","UR::Object::View::Aspect" => "UR","UR::Object::View::Default::Gtk" => "UR","UR::Object::View::Default::Gtk2" => "UR","UR::Object::View::Default::Html" => "UR","UR::Object::View::Default::Json" => "UR","UR::Object::View::Default::Text" => "UR","UR::Object::View::Default::Xml" => "UR","UR::Object::View::Default::Xsl" => "UR","UR::Object::View::Lister::Text" => "UR","UR::Object::View::Static::Html" => "UR","UR::Object::View::Toolkit" => "UR","UR::Object::View::Toolkit::Text" => "UR","UR::Object::View::Toolkit::Umlet" => "UR","UR::Observer" => "UR","UR::Role" => "UR","UR::Role::Instance" => "UR","UR::Role::MethodModifier" => "UR","UR::Role::MethodModifier::After" => "UR","UR::Role::MethodModifier::Around" => "UR","UR::Role::MethodModifier::Before" => "UR","UR::Role::Param" => "UR","UR::Role::Prototype" => "UR","UR::Role::PrototypeWithParams" => "UR","UR::Service::JsonRpcServer" => "UR","UR::Service::RPC::Executer" => "UR","UR::Service::RPC::Message" => "UR","UR::Service::RPC::Server" => "UR","UR::Service::RPC::TcpConnectionListener" => "UR","UR::Service::UrlRouter" => "UR","UR::Service::WebServer" => "UR","UR::Service::WebServer::Server" => "UR","UR::Service::XMLCommandExecutor" => "UR","UR::Singleton" => "UR","UR::Time" => "UR","UR::Util" => "UR","UR::Util::ArrayRefIterator" => "UR","UR::Value" => "UR","UR::Value::ARRAY" => "UR","UR::Value::Blob" => "UR","UR::Value::Boolean" => "UR","UR::Value::Boolean::View::Default::Text" => "UR","UR::Value::CODE" => "UR","UR::Value::CSV" => "UR","UR::Value::DateTime" => "UR","UR::Value::Decimal" => "UR","UR::Value::DirectoryPath" => "UR","UR::Value::FOF" => "UR","UR::Value::FilePath" => "UR","UR::Value::FilesystemPath" => "UR","UR::Value::Float" => "UR","UR::Value::GLOB" => "UR","UR::Value::HASH" => "UR","UR::Value::Integer" => "UR","UR::Value::Iterator" => "UR","UR::Value::JSON" => "UR","UR::Value::Number" => "UR","UR::Value::PerlReference" => "UR","UR::Value::REF" => "UR","UR::Value::SCALAR" => "UR","UR::Value::Set" => "UR","UR::Value::SloppyPrimitive" => "UR","UR::Value::String" => "UR","UR::Value::Text" => "UR","UR::Value::Timestamp" => "UR","UR::Value::Type" => "UR","UR::Value::URL" => "UR","UR::Value::View::Default::Html" => "UR","UR::Value::View::Default::Json" => "UR","UR::Value::View::Default::Text" => "UR","UR::Value::View::Default::Xml" => "UR","UR::Vocabulary" => "UR","URI::jabber" => "SOAP-Lite","UTF_8" => "Squatting","UTF_8::Controllers" => "Squatting","UTF_8::Views" => "Squatting","Ukigumo::Agent" => "Ukigumo-Agent","Ukigumo::Agent::Cleaner" => "Ukigumo-Agent","Ukigumo::Agent::Dispatcher" => "Ukigumo-Agent","Ukigumo::Agent::Logger" => "Ukigumo-Agent","Ukigumo::Agent::Manager" => "Ukigumo-Agent","Ukigumo::Agent::View" => "Ukigumo-Agent","Ukigumo::Server" => "Ukigumo-Server","Ukigumo::Server::API" => "Ukigumo-Server","Ukigumo::Server::API::Dispatcher" => "Ukigumo-Server","Ukigumo::Server::Command::Branch" => "Ukigumo-Server","Ukigumo::Server::Command::Docs" => "Ukigumo-Server","Ukigumo::Server::Command::Report" => "Ukigumo-Server","Ukigumo::Server::DB" => "Ukigumo-Server","Ukigumo::Server::DB::Schema" => "Ukigumo-Server","Ukigumo::Server::L10N" => "Ukigumo-Server","Ukigumo::Server::Launcher" => "Ukigumo-Server","Ukigumo::Server::Schema" => "Ukigumo-Server","Ukigumo::Server::Util" => "Ukigumo-Server","Ukigumo::Server::Web" => "Ukigumo-Server","Ukigumo::Server::Web::Dispatcher" => "Ukigumo-Server","Ukigumo::Server::Web::ViewFunctions" => "Ukigumo-Server","UnQLite" => "UnQLite","UnQLite::Cursor" => "UnQLite","UniCodePoints" => "Squatting","UniCodePoints::Controllers" => "Squatting","UniCodePoints::Views" => "Squatting","Unicode::UCD" => "perl","UnicodeCD" => "perl","User::grent" => "perl","User::pwent" => "perl","VMS::DCLsym" => "perl","VMS::Filespec" => "perl","VMS::Stdio" => "perl","Valiant" => "Valiant","Valiant::Error" => "Valiant","Valiant::Errors" => "Valiant","Valiant::Filter" => "Valiant","Valiant::Filter::Collapse" => "Valiant","Valiant::Filter::Collection" => "Valiant","Valiant::Filter::Each" => "Valiant","Valiant::Filter::Flatten" => "Valiant","Valiant::Filter::HtmlEscape" => "Valiant","Valiant::Filter::Lower" => "Valiant","Valiant::Filter::Numberize" => "Valiant","Valiant::Filter::Template" => "Valiant","Valiant::Filter::Title" => "Valiant","Valiant::Filter::ToArray" => "Valiant","Valiant::Filter::Trim" => "Valiant","Valiant::Filter::UcFirst" => "Valiant","Valiant::Filter::Upper" => "Valiant","Valiant::Filter::With" => "Valiant","Valiant::Filterable" => "Valiant","Valiant::Filters" => "Valiant","Valiant::HTML::BaseComponent" => "Valiant","Valiant::HTML::Component" => "Valiant","Valiant::HTML::Components" => "Valiant","Valiant::HTML::ContentComponent" => "Valiant","Valiant::HTML::Form" => "Valiant","Valiant::HTML::FormBuilder" => "Valiant","Valiant::HTML::FormBuilder::Checkbox" => "Valiant","Valiant::HTML::FormBuilder::DefaultModel" => "Valiant","Valiant::HTML::FormBuilder::Model" => "Valiant","Valiant::HTML::FormBuilder::Model::TextField" => "Valiant","Valiant::HTML::FormBuilder::Proxy" => "Valiant","Valiant::HTML::FormBuilder::RadioButton" => "Valiant","Valiant::HTML::FormBuilder::Renderer::TextField" => "Valiant","Valiant::HTML::FormTags" => "Valiant","Valiant::HTML::PagerBuilder" => "Valiant","Valiant::HTML::SafeString" => "Valiant","Valiant::HTML::Tag" => "Valiant","Valiant::HTML::TagBuilder" => "Valiant","Valiant::HTML::Util::Collection" => "Valiant","Valiant::HTML::Util::Collection::HashItem" => "Valiant","Valiant::HTML::Util::Collection::Item" => "Valiant","Valiant::HTML::Util::Form" => "Valiant","Valiant::HTML::Util::Form::FormObject" => "Valiant","Valiant::HTML::Util::FormTags" => "Valiant","Valiant::HTML::Util::Pager" => "Valiant","Valiant::HTML::Util::TagBuilder" => "Valiant","Valiant::HTML::Util::TagBuilder::_tags" => "Valiant","Valiant::HTML::Util::View" => "Valiant","Valiant::I18N" => "Valiant","Valiant::I18N::Tag" => "Valiant","Valiant::JSON::JSONBuilder" => "Valiant","Valiant::JSON::Util" => "Valiant","Valiant::Name" => "Valiant","Valiant::Naming" => "Valiant","Valiant::NestedError" => "Valiant","Valiant::Proxy" => "Valiant","Valiant::Proxy::Array" => "Valiant","Valiant::Proxy::Hash" => "Valiant","Valiant::Proxy::Object" => "Valiant","Valiant::Translation" => "Valiant","Valiant::Util" => "Valiant","Valiant::Util::Ancestors" => "Valiant","Valiant::Util::Exception" => "Valiant","Valiant::Util::Exception::General" => "Valiant","Valiant::Util::Exception::InvalidFilterArgs" => "Valiant","Valiant::Util::Exception::InvalidValidatorArgs" => "Valiant","Valiant::Util::Exception::MissingCountKey" => "Valiant","Valiant::Util::Exception::MissingMethod" => "Valiant","Valiant::Util::Exception::NameNotFilter" => "Valiant","Valiant::Util::Exception::NameNotValidator" => "Valiant","Valiant::Util::Exception::Strict" => "Valiant","Valiant::Util::Exception::UnexpectedUseModuleError" => "Valiant","Valiant::Validates" => "Valiant","Valiant::Validations" => "Valiant","Valiant::Validator" => "Valiant","Valiant::Validator::Absence" => "Valiant","Valiant::Validator::Array" => "Valiant","Valiant::Validator::Boolean" => "Valiant","Valiant::Validator::Check" => "Valiant","Valiant::Validator::Collection" => "Valiant","Valiant::Validator::Confirmation" => "Valiant","Valiant::Validator::Date" => "Valiant","Valiant::Validator::Each" => "Valiant","Valiant::Validator::Exclusion" => "Valiant","Valiant::Validator::Format" => "Valiant","Valiant::Validator::Hash" => "Valiant","Valiant::Validator::Inclusion" => "Valiant","Valiant::Validator::Length" => "Valiant","Valiant::Validator::Numericality" => "Valiant","Valiant::Validator::Object" => "Valiant","Valiant::Validator::OnlyOf" => "Valiant","Valiant::Validator::Presence" => "Valiant","Valiant::Validator::Scalar" => "Valiant","Valiant::Validator::Unique" => "Valiant","Valiant::Validator::With" => "Valiant","WWW::Mechanize" => "WWW-Mechanize","WWW::Mechanize::Image" => "WWW-Mechanize","WWW::Mechanize::Link" => "WWW-Mechanize","WWW::OAuth" => "WWW-OAuth","WWW::OAuth::Request" => "WWW-OAuth","WWW::OAuth::Request::Basic" => "WWW-OAuth","WWW::OAuth::Request::HTTP_Request" => "WWW-OAuth","WWW::OAuth::Request::Mojo" => "WWW-OAuth","WWW::OAuth::Util" => "WWW-OAuth","WWW::ORCID" => "WWW-ORCID","WWW::ORCID::API" => "WWW-ORCID","WWW::ORCID::API::Common" => "WWW-ORCID","WWW::ORCID::API::Pub" => "WWW-ORCID","WWW::ORCID::API::v2_0" => "WWW-ORCID","WWW::ORCID::API::v2_0_public" => "WWW-ORCID","WWW::ORCID::Base" => "WWW-ORCID","WWW::ORCID::MemberAPI" => "WWW-ORCID","WWW::ORCID::Transport" => "WWW-ORCID","WWW::ORCID::Transport::HTTP::Tiny" => "WWW-ORCID","WWW::ORCID::Transport::LWP" => "WWW-ORCID","WWW::UsePerl::Server" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Controller::Root" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Model::DB" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Comment" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Journal" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::Story" => "WWW-UsePerl-Server","WWW::UsePerl::Server::Schema::Result::User" => "WWW-UsePerl-Server","WWW::UsePerl::Server::View::TT" => "WWW-UsePerl-Server","Web::API" => "Web-API","WebService::Xero" => "WebService-Xero","WebService::Xero::Agent" => "WebService-Xero","WebService::Xero::Agent::PrivateApplication" => "WebService-Xero","WebService::Xero::Agent::PublicApplication" => "WebService-Xero","WebService::Xero::Contact" => "WebService-Xero","WebService::Xero::Invoice" => "WebService-Xero","WebService::Xero::Item" => "WebService-Xero","WebService::Xero::Organisation" => "WebService-Xero","WidgetDemo" => "Tk","Wight::Chart" => "Wight-Chart","Wight::Chart::ChartJS" => "Wight-Chart","Wight::Chart::Google" => "Wight-Chart","Win32::File::Summary" => "Win32-File-Summary","Win32::Printer" => "Win32-Printer","Win32::Printer::Direct" => "Win32-Printer","Win32::Printer::Enum" => "Win32-Printer","Win32CORE" => "perl","X509_Certificate" => "IO-Socket-SSL","XAO::DO::CGI" => "XAO-Web","XAO::DO::Context" => "XAO-Web","XAO::DO::Web::Action" => "XAO-Web","XAO::DO::Web::Benchmark" => "XAO-Web","XAO::DO::Web::CgiParam" => "XAO-Web","XAO::DO::Web::Clipboard" => "XAO-Web","XAO::DO::Web::Condition" => "XAO-Web","XAO::DO::Web::Config" => "XAO-Web","XAO::DO::Web::Cookie" => "XAO-Web","XAO::DO::Web::Date" => "XAO-Web","XAO::DO::Web::Debug" => "XAO-Web","XAO::DO::Web::Default" => "XAO-Web","XAO::DO::Web::FS" => "XAO-Web","XAO::DO::Web::FilloutForm" => "XAO-Web","XAO::DO::Web::Footer" => "XAO-Web","XAO::DO::Web::Header" => "XAO-Web","XAO::DO::Web::IdentifyAgent" => "XAO-Web","XAO::DO::Web::IdentifyUser" => "XAO-Web","XAO::DO::Web::Mailer" => "XAO-Web","XAO::DO::Web::Math" => "XAO-Web","XAO::DO::Web::MenuBuilder" => "XAO-Web","XAO::DO::Web::MultiPageNav" => "XAO-Web","XAO::DO::Web::Page" => "XAO-Web","XAO::DO::Web::Redirect" => "XAO-Web","XAO::DO::Web::Search" => "XAO-Web","XAO::DO::Web::SetArg" => "XAO-Web","XAO::DO::Web::Styler" => "XAO-Web","XAO::DO::Web::TextTable" => "XAO-Web","XAO::DO::Web::URL" => "XAO-Web","XAO::DO::Web::Utility" => "XAO-Web","XAO::PageSupport" => "XAO-Web","XAO::PluginUtils" => "XAO-Web","XAO::PreLoad" => "XAO-Web","XAO::Templates" => "XAO-Web","XAO::Web" => "XAO-Web","XAO::testcases::Web::base" => "XAO-Web","XML::Atom" => "XML-Atom","XML::Atom::Base" => "XML-Atom","XML::Atom::Category" => "XML-Atom","XML::Atom::Client" => "XML-Atom","XML::Atom::Content" => "XML-Atom","XML::Atom::Entry" => "XML-Atom","XML::Atom::ErrorHandler" => "XML-Atom","XML::Atom::Feed" => "XML-Atom","XML::Atom::Link" => "XML-Atom","XML::Atom::Namespace" => "XML-Atom","XML::Atom::Person" => "XML-Atom","XML::Atom::Server" => "XML-Atom","XML::Atom::Thing" => "XML-Atom","XML::Atom::Util" => "XML-Atom","XML::DT" => "XML-DT","XML::LibXML" => "XML-LibXML","XML::LibXML::Attr" => "XML-LibXML","XML::LibXML::AttributeHash" => "XML-LibXML","XML::LibXML::Boolean" => "XML-LibXML","XML::LibXML::CDATASection" => "XML-LibXML","XML::LibXML::Comment" => "XML-LibXML","XML::LibXML::Common" => "XML-LibXML","XML::LibXML::Devel" => "XML-LibXML","XML::LibXML::Document" => "XML-LibXML","XML::LibXML::DocumentFragment" => "XML-LibXML","XML::LibXML::Dtd" => "XML-LibXML","XML::LibXML::Element" => "XML-LibXML","XML::LibXML::ErrNo" => "XML-LibXML","XML::LibXML::Error" => "XML-LibXML","XML::LibXML::InputCallback" => "XML-LibXML","XML::LibXML::Literal" => "XML-LibXML","XML::LibXML::NamedNodeMap" => "XML-LibXML","XML::LibXML::Namespace" => "XML-LibXML","XML::LibXML::Node" => "XML-LibXML","XML::LibXML::NodeList" => "XML-LibXML","XML::LibXML::Number" => "XML-LibXML","XML::LibXML::PI" => "XML-LibXML","XML::LibXML::Pattern" => "XML-LibXML","XML::LibXML::Reader" => "XML-LibXML","XML::LibXML::RegExp" => "XML-LibXML","XML::LibXML::RelaxNG" => "XML-LibXML","XML::LibXML::SAX" => "XML-LibXML","XML::LibXML::SAX::AttributeNode" => "XML-LibXML","XML::LibXML::SAX::Builder" => "XML-LibXML","XML::LibXML::SAX::Generator" => "XML-LibXML","XML::LibXML::SAX::Parser" => "XML-LibXML","XML::LibXML::Schema" => "XML-LibXML","XML::LibXML::Text" => "XML-LibXML","XML::LibXML::XPathContext" => "XML-LibXML","XML::LibXML::XPathExpression" => "XML-LibXML","XML::LibXML::_SAXParser" => "XML-LibXML","XML::Sig" => "XML-Sig","XML::Simple" => "XML-Simple","XML::Twig" => "XML-Twig","XML::Twig::Elt" => "XML-Twig","XML::Twig::Entity" => "XML-Twig","XML::Twig::Entity_list" => "XML-Twig","XML::Twig::Notation" => "XML-Twig","XML::Twig::Notation_list" => "XML-Twig","XML::Twig::XPath" => "XML-Twig","XML::Twig::XPath::Attribute" => "XML-Twig","XML::Twig::XPath::Elt" => "XML-Twig","XML::Twig::XPath::Namespace" => "XML-Twig","XS::APItest" => "perl","XS::Typemap" => "perl","YAML" => "YAML","YAML::Any" => "YAML","YAML::Dumper" => "YAML","YAML::Dumper::Base" => "YAML","YAML::Dumper::Syck" => "YAML-Syck","YAML::Error" => "YAML","YAML::LibYAML" => "YAML-LibYAML","YAML::Loader" => "YAML","YAML::Loader::Base" => "YAML","YAML::Loader::Syck" => "YAML-Syck","YAML::Marshall" => "YAML","YAML::Mo" => "YAML","YAML::Node" => "YAML","YAML::Syck" => "YAML-Syck","YAML::Tag" => "YAML","YAML::Type::blessed" => "YAML","YAML::Type::code" => "YAML","YAML::Type::glob" => "YAML","YAML::Type::ref" => "YAML","YAML::Type::regexp" => "YAML","YAML::Type::undef" => "YAML","YAML::Types" => "YAML","YAML::Warning" => "YAML","YAML::XS" => "YAML-LibYAML","YAML::XS::LibYAML" => "YAML-LibYAML","YATT::Lite" => "YATT-Lite","YATT::Lite::Breakpoint" => "YATT-Lite","YATT::Lite::CGen" => "YATT-Lite","YATT::Lite::CGen::ArgMacro" => "YATT-Lite","YATT::Lite::CGen::Perl" => "YATT-Lite","YATT::Lite::Connection" => "YATT-Lite","YATT::Lite::Constants" => "YATT-Lite","YATT::Lite::Core" => "YATT-Lite","YATT::Lite::Entities" => "YATT-Lite","YATT::Lite::Error" => "YATT-Lite","YATT::Lite::Factory" => "YATT-Lite","YATT::Lite::Inc" => "YATT-Lite","YATT::Lite::Inspector" => "YATT-Lite","YATT::Lite::LRXML" => "YATT-Lite","YATT::Lite::LRXML::AltTree" => "YATT-Lite","YATT::Lite::LRXML::FormatEntpath" => "YATT-Lite","YATT::Lite::LRXML::ParseBody" => "YATT-Lite","YATT::Lite::LRXML::ParseEntpath" => "YATT-Lite","YATT::Lite::LanguageServer" => "YATT-Lite","YATT::Lite::LanguageServer::Generic" => "YATT-Lite","YATT::Lite::LanguageServer::Protocol" => "YATT-Lite","YATT::Lite::LanguageServer::Spec2Types" => "YATT-Lite","YATT::Lite::LanguageServer::SpecParser" => "YATT-Lite","YATT::Lite::MFields" => "YATT-Lite","YATT::Lite::MFields::Decl" => "YATT-Lite","YATT::Lite::Macro" => "YATT-Lite","YATT::Lite::NSBuilder" => "YATT-Lite","YATT::Lite::Object" => "YATT-Lite","YATT::Lite::PSGIEnv" => "YATT-Lite","YATT::Lite::Partial" => "YATT-Lite","YATT::Lite::Partial::AppPath" => "YATT-Lite","YATT::Lite::Partial::ErrorReporter" => "YATT-Lite","YATT::Lite::Partial::Gettext" => "YATT-Lite","YATT::Lite::Partial::MarkAfterNew" => "YATT-Lite","YATT::Lite::RegexpNames" => "YATT-Lite","YATT::Lite::Test::TestFCGI" => "YATT-Lite","YATT::Lite::Test::TestUtil" => "YATT-Lite","YATT::Lite::Test::XHFTest" => "YATT-Lite","YATT::Lite::Test::XHFTest2" => "YATT-Lite","YATT::Lite::Test::XHFTest::Item" => "YATT-Lite","YATT::Lite::Types" => "YATT-Lite","YATT::Lite::Types::TypeDesc" => "YATT-Lite","YATT::Lite::Util" => "YATT-Lite","YATT::Lite::Util::AllowRedundantSprintf" => "YATT-Lite","YATT::Lite::Util::AsBase" => "YATT-Lite","YATT::Lite::Util::CGICompat" => "YATT-Lite","YATT::Lite::Util::CmdLine" => "YATT-Lite","YATT::Lite::Util::CycleDetector" => "YATT-Lite","YATT::Lite::Util::Enum" => "YATT-Lite","YATT::Lite::Util::File" => "YATT-Lite","YATT::Lite::Util::FindMethods" => "YATT-Lite","YATT::Lite::VFS" => "YATT-Lite","YATT::Lite::VarMaker" => "YATT-Lite","YATT::Lite::VarTypes" => "YATT-Lite","YATT::Lite::VarTypes::t_delegate" => "YATT-Lite","YATT::Lite::VarTypes::t_html" => "YATT-Lite","YATT::Lite::Walker" => "YATT-Lite","YATT::Lite::WebMVC0::Connection" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema::DBIC" => "YATT-Lite","YATT::Lite::WebMVC0::DBSchema::DBIC::DBIC_SCHEMA" => "YATT-Lite","YATT::Lite::WebMVC0::DirApp" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::LangSwitch" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session2" => "YATT-Lite","YATT::Lite::WebMVC0::Partial::Session3" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp::CGI" => "YATT-Lite","YATT::Lite::WebMVC0::SiteApp::FCGI" => "YATT-Lite","YATT::Lite::WebMVC0::SubRoutes" => "YATT-Lite","YATT::Lite::XHF" => "YATT-Lite","YATT::Lite::XHF::Dumper" => "YATT-Lite","YATT::Lite::XHF::StoreDir" => "YATT-Lite","Yancy" => "Yancy","Yancy::Backend" => "Yancy","Yancy::Backend::Dbic" => "Yancy","Yancy::Backend::Memory" => "Yancy","Yancy::Backend::MojoDB" => "Yancy","Yancy::Backend::Mysql" => "Yancy","Yancy::Backend::Pg" => "Yancy","Yancy::Backend::Role::DBI" => "Yancy","Yancy::Backend::Role::MojoAsync" => "Yancy","Yancy::Backend::Role::Relational" => "Yancy","Yancy::Backend::Role::Sync" => "Yancy","Yancy::Backend::Sqlite" => "Yancy","Yancy::Command::backend" => "Yancy","Yancy::Command::backend::copy" => "Yancy","Yancy::Controller::Yancy" => "Yancy","Yancy::Controller::Yancy::API" => "Yancy","Yancy::Controller::Yancy::MultiTenant" => "Yancy","Yancy::I18N" => "Yancy","Yancy::I18N::en" => "Yancy","Yancy::Model" => "Yancy","Yancy::Model::Item" => "Yancy","Yancy::Model::Schema" => "Yancy","Yancy::Plugin::Auth" => "Yancy","Yancy::Plugin::Auth::Basic" => "Yancy","Yancy::Plugin::Auth::Github" => "Yancy","Yancy::Plugin::Auth::OAuth2" => "Yancy","Yancy::Plugin::Auth::Password" => "Yancy","Yancy::Plugin::Auth::Role::RequireUser" => "Yancy","Yancy::Plugin::Auth::Token" => "Yancy","Yancy::Plugin::Editor" => "Yancy","Yancy::Plugin::File" => "Yancy","Yancy::Plugin::Form" => "Yancy","Yancy::Plugin::Form::Bootstrap4" => "Yancy","Yancy::Plugin::Roles" => "Yancy","Yancy::Util" => "Yancy","Yote" => "Yote","Yote::Array" => "Yote","Yote::ArrayGatekeeper" => "Yote","Yote::BigHash" => "Yote","Yote::Hash" => "Yote","Yote::Obj" => "Yote","Yote::ObjStore" => "Yote","Yote::YoteDB" => "Yote","Yukki" => "Yukki","Yukki::Error" => "Yukki","Yukki::Error::Fixup" => "Yukki","Yukki::Model" => "Yukki","Yukki::Model::File" => "Yukki","Yukki::Model::FilePreview" => "Yukki","Yukki::Model::Repository" => "Yukki","Yukki::Model::User" => "Yukki","Yukki::Role::App" => "Yukki","Yukki::Settings" => "Yukki","Yukki::Settings::Anonymous" => "Yukki","Yukki::Settings::Repository" => "Yukki","Yukki::Types" => "Yukki","Yukki::Web" => "Yukki","Yukki::Web::Context" => "Yukki","Yukki::Web::Controller" => "Yukki","Yukki::Web::Controller::Attachment" => "Yukki","Yukki::Web::Controller::Login" => "Yukki","Yukki::Web::Controller::Page" => "Yukki","Yukki::Web::Controller::Redirect" => "Yukki","Yukki::Web::Plugin" => "Yukki","Yukki::Web::Plugin::Attachment" => "Yukki","Yukki::Web::Plugin::Role::FormatHelper" => "Yukki","Yukki::Web::Plugin::Role::Formatter" => "Yukki","Yukki::Web::Plugin::Spreadsheet" => "Yukki","Yukki::Web::Plugin::SyntaxHighlight" => "Yukki","Yukki::Web::Plugin::Viewer" => "Yukki","Yukki::Web::Plugin::YukkiText" => "Yukki","Yukki::Web::Request" => "Yukki","Yukki::Web::Response" => "Yukki","Yukki::Web::Router" => "Yukki","Yukki::Web::Router::Route" => "Yukki","Yukki::Web::Router::Route::Match" => "Yukki","Yukki::Web::Settings" => "Yukki","Yukki::Web::View" => "Yukki","Yukki::Web::View::Attachment" => "Yukki","Yukki::Web::View::Login" => "Yukki","Yukki::Web::View::Page" => "Yukki","Zabbix::Reporter" => "Zabbix-Reporter","Zabbix::Reporter::Cmd" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command::actions" => "Zabbix-Reporter","Zabbix::Reporter::Cmd::Command::list" => "Zabbix-Reporter","Zabbix::Reporter::Web" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::Demo" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::History" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::List" => "Zabbix-Reporter","Zabbix::Reporter::Web::Plugin::Selftest" => "Zabbix-Reporter","Zlib::OldDeflate" => "IO-Compress","Zlib::OldInflate" => "IO-Compress","Zonemaster::Backend" => "Zonemaster-Backend","Zonemaster::Backend::Config" => "Zonemaster-Backend","Zonemaster::Backend::Config::DCPlugin" => "Zonemaster-Backend","Zonemaster::Backend::DB" => "Zonemaster-Backend","Zonemaster::Backend::DB::MySQL" => "Zonemaster-Backend","Zonemaster::Backend::DB::PostgreSQL" => "Zonemaster-Backend","Zonemaster::Backend::DB::SQLite" => "Zonemaster-Backend","Zonemaster::Backend::Error" => "Zonemaster-Backend","Zonemaster::Backend::Error::Conflict" => "Zonemaster-Backend","Zonemaster::Backend::Error::Internal" => "Zonemaster-Backend","Zonemaster::Backend::Error::JsonError" => "Zonemaster-Backend","Zonemaster::Backend::Error::PermissionDenied" => "Zonemaster-Backend","Zonemaster::Backend::Error::ResourceNotFound" => "Zonemaster-Backend","Zonemaster::Backend::Log" => "Zonemaster-Backend","Zonemaster::Backend::Metrics" => "Zonemaster-Backend","Zonemaster::Backend::RPCAPI" => "Zonemaster-Backend","Zonemaster::Backend::TestAgent" => "Zonemaster-Backend","Zonemaster::Backend::Translator" => "Zonemaster-Backend","Zonemaster::Backend::Validator" => "Zonemaster-Backend","above" => "UR","arybase" => "perl","attributes" => "perl","attrs" => "perl","back_tick_a_command" => "PAR","blib" => "perl","builtin" => "perl","bytes" => "perl","charnames" => "perl","class_name" => "UR","cppAdaptive1" => "cppAdaptive1","cppAdaptive2" => "cppAdaptive2","cppAdaptive2::Inline" => "cppAdaptive2","deprecate" => "perl","diagnostics" => "perl","encoding" => "Encode","feature" => "perl","filetest" => "perl","for" => "perl","in" => "perl","integer" => "perl","java::lang::String" => "perl","less" => "perl","locale" => "perl","mod_perl" => "mod_perl","mod_perl2" => "mod_perl","mro" => "perl","of" => "perl","ojo" => "Mojolicious","open" => "perl","ops" => "perl","overload" => "perl","overload::numbers" => "perl","overloading" => "perl","pipe_a_command" => "PAR","pp" => "PAR-Packer","prior_to_test" => "PAR","pugs" => "Perl6-Pugs","re" => "perl","remove_file_and_try_executable_again" => "PAR","sigtrap" => "perl","site" => "Apache-ASP","sort" => "perl","source::encoding" => "perl","strict" => "perl","subs" => "perl","t::BHK" => "perl","t::Markers" => "perl","test_in_further_subdir" => "PAR","testcases::base" => "XAO-Web","testcases::requires" => "XAO-Web","utf8" => "perl","vars" => "perl","vmsish" => "perl","warnings" => "perl","warnings::register" => "perl","yaml_mapping" => "YAML","yaml_scalar" => "YAML","yaml_sequence" => "YAML"}}
 }
 
 __PACKAGE__;
diff --git a/Kernel/cpan-lib/cpanfile b/Kernel/cpan-lib/cpanfile
index da58e434b..e0f36ef55 100644
--- a/Kernel/cpan-lib/cpanfile
+++ b/Kernel/cpan-lib/cpanfile
@@ -28,7 +28,7 @@ requires 'Class::ReturnValue', '== 0.55';
 requires 'CPAN::Audit', '== 20260308.002';
 
 # database of adbisories used by CPAN::Audit
-requires 'CPANSA::DB', '== 20260311.002';
+requires 'CPANSA::DB', '== 20260318.001';
 
 # needed by CPAN::Audit
 requires 'CPAN::DistnameInfo', '== 0.12';
diff --git a/scripts/test/Console/Command/Dev/Code/CPANAudit.t b/scripts/test/Console/Command/Dev/Code/CPANAudit.t
index 66cb40f4a..0c7dedd14 100644
--- a/scripts/test/Console/Command/Dev/Code/CPANAudit.t
+++ b/scripts/test/Console/Command/Dev/Code/CPANAudit.t
@@ -63,7 +63,7 @@ for my $Key (qw( args command cpan_audit total_advisories )) {
 is(
     $ThawedAuditReport->{meta}->{cpan_audit},
     {
-        db      => '20260311.002',
+        db      => '20260318.001',
         version => '20250829.001',
     },
     'got expected version of the advisory list'